#include <sys/types.h>
#include <sys/stat.h>
#include <sys/xattr.h>
+#include <linux/xattr.h>
#include <libprivilege-control_test_common.h>
#include <tests_common.h>
static const char* SM_ALLOWED_PERMISSION1 = "security_manager_test_rules2_r";
static const char* SM_ALLOWED_PERMISSION2 = "security_manager_test_rules2_no_r";
+static const char *const XATTR_NAME_TIZENEXEC = XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
static const rules_t SM_ALLOWED_RULES = {
{ USER_APP_ID, "test_sm_book_8", "r" },
static const char* SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
+static bool isLinkToExec(const char *fpath, const struct stat *sb)
+{
+
+ struct stat buf;
+ char *target;
+ int ret;
+
+ // check if it's a link
+ if ( !S_ISLNK(sb->st_mode))
+ return false;
+
+ target = realpath(fpath, NULL);
+ RUNNER_ASSERT_MSG_BT(target != 0, "Could not obtain real path from link.");
+
+ ret = stat(target, &buf);
+ RUNNER_ASSERT_MSG_BT(ret == 0, "Could not obtain real path's stat from link.");
+
+ if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG))
+ return false;
+
+
+ return true;
+}
+
static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
const char* correctLabel, bool transmute_test, bool exec_test)
{
RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
+ /* LINK TO EXEC */
+ if (isLinkToExec(fpath, sb) && exec_test) {
+ char buf[SMACK_LABEL_LEN+1];
+ result = lgetxattr(fpath, XATTR_NAME_TIZENEXEC, buf, sizeof(buf));
+ RUNNER_ASSERT_MSG_BT(result != -1, "Could not get label for the path "
+ << fpath << "("<<strerror(errno)<<")");
+ buf[result]='\0';
+ result = strcmp(correctLabel, buf);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect TIZEN_EXEC_LABEL attribute"
+ " on link to executable " << fpath);
+ }
+
+
+
/* TRANSMUTE */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");