--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file test_cases_perm_add_additional_rules.cpp
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control test_cases_perm_add_additional_rules tests
+ */
+
+#include <string>
+#include <vector>
+#include <functional>
+#include <memory>
+#include <sys/smack.h>
+
+#include <privilege-control.h>
+#include <dpl/test/test_runner.h>
+#include <tests_common.h>
+#include <libprivilege-control_test_common.h>
+#include "common/duplicates.h"
+#include "common/db.h"
+
+const char* additional_rules_empty[] = {
+ NULL };
+
+const char* additional_rules_rollback[] = {
+ "app1 ~PUBLIC_PATH~ rw",
+ "~PUBLIC_PATH~ app2 rw",
+ "app3 ~GROUP_PATH~ rw",
+ "~GROUP_PATH~ app4 rw",
+ "app5 ~SETTINGS_PATH~ rw",
+ "~SETTINGS_PATH~ app6 rw",
+ "app7 ~NPRUNTIME_PATH~ rw",
+ "~NPRUNTIME_PATH~ app8 rw",
+ NULL };
+
+
+const char* additional_rules_test_case_bad_01[] = {
+ "AAA BBB",
+ NULL };
+
+const char* additional_rules_test_case_bad_02[] = {
+ "AAA BBB 1234567890123456789012345678901234567890123456789012345678901234567890",
+ NULL };
+
+const char* additional_rules_test_case_bad_03[] = {
+ "~PUBLIC_PATH~ ~PUBLIC_PATH~ rw",
+ NULL };
+
+const char* additional_rules_test_case_bad_04[] = {
+ "~ALL_APPS~ ~ALL_APPS~ wax",
+ NULL };
+
+const char* additional_rules_test_case_bad_05[] = {
+ "~ALL_APPS~ ~costam r",
+ NULL };
+
+const char* additional_rules_test_case_bad_06[] = {
+ "~AAA ~BBB tlw",
+ NULL };
+
+const char* additional_rules_test_case_good_01[] = {
+ "AAA BBB CCC",
+ NULL };
+
+const char* additional_rules_test_case_good_02[] = {
+ "qazapp1 ~PUBLIC_PATH~ r",
+ "~PUBLIC_PATH~ wsxapp2 w",
+ "qazapp3 ~GROUP_PATH~ x",
+ "~GROUP_PATH~ wsxapp4 t",
+ "qazapp5 ~SETTINGS_PATH~ a",
+ "~SETTINGS_PATH~ wsxapp6 l",
+ "qazapp7 ~NPRUNTIME_PATH~ rwxatl",
+ "~NPRUNTIME_PATH~ wsxapp8 ------",
+ "qazapp9 ~ALL_APPS~ rwx",
+ "~ALL_APPS~ wsxapp10 rwx",
+ "qazapp11 ~ALL_APPS_WITH_SAME_PERMISSION~ rwxt",
+ "~ALL_APPS_WITH_SAME_PERMISSION~ wsxapp12 rwxt",
+ NULL };
+
+const char* additional_rules_test_case_good_03[] = {
+ "~ALL_APPS~ costam wata",
+ NULL };
+
+void test_one_additional_rules_set(const char** rules)
+{
+ int result = -1;
+ additional_rules parsed_rules;
+
+// Parse rules and check if they are valid
+ bool correct_rules = additional_rules_parse(rules, parsed_rules);
+
+// Apply known set of additional rules and close db transaction to apply them to smack
+ DB_BEGIN
+ result = perm_add_additional_rules(additional_rules_rollback);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "Failed on applying rollback additional rules with result = " << result);
+ DB_END
+
+// Try setting test set
+ DB_BEGIN
+ result = perm_add_additional_rules(rules);
+ DB_END
+
+ if (correct_rules) {
+// If rules are correct test set should be applied succesfully
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_add_additional_rules failed. result = " << result);
+
+ //testing database
+ TestLibPrivilegeControlDatabase db_test;
+ db_test.test_db_after__perm_add_additional_rules(parsed_rules);
+ } else {
+// If rules are not valid test set should not be applied and db should rollback to known set
+ RUNNER_ASSERT_MSG_BT(result != PC_OPERATION_SUCCESS,
+ "perm_add_additional_rules succeeded, but shouldn't.");
+
+ //testing rollback
+ additional_rules parsed_rollback_rules;
+ additional_rules_parse(additional_rules_rollback, parsed_rollback_rules);
+ TestLibPrivilegeControlDatabase db_test;
+ db_test.test_db_after__perm_add_additional_rules(parsed_rollback_rules);
+ }
+}
+
+RUNNER_TEST(privilege_control26_perm_add_additional_rules_database)
+{
+ UNUSED RestoreAdditionalRulesGuard guard;
+ test_one_additional_rules_set(additional_rules_empty);
+ test_one_additional_rules_set(additional_rules_rollback);
+
+ test_one_additional_rules_set(additional_rules_test_case_bad_01);
+ test_one_additional_rules_set(additional_rules_test_case_bad_02);
+ test_one_additional_rules_set(additional_rules_test_case_bad_03);
+ test_one_additional_rules_set(additional_rules_test_case_bad_04);
+ test_one_additional_rules_set(additional_rules_test_case_bad_05);
+ test_one_additional_rules_set(additional_rules_test_case_bad_06);
+
+ test_one_additional_rules_set(additional_rules_test_case_good_01);
+ test_one_additional_rules_set(additional_rules_test_case_good_02);
+ test_one_additional_rules_set(additional_rules_test_case_good_03);
+}
+
+/**************************************************************************************************/
+
+struct smack_rule
+{
+ std::string subject;
+ std::string object;
+ std::string access;
+};
+
+typedef std::vector<smack_rule> smack_rules_vector;
+
+void test_one_smack_rule(const smack_rule& rule)
+{
+ int result;
+ bool pass;
+ const std::vector<std::string> access = {"r", "w", "x" ,"a", "t", "l"};
+ for (auto a = access.begin(); a != access.end(); ++a) {
+ result = smack_have_access(rule.subject.c_str(), rule.object.c_str(), a->c_str());
+
+ if (rule.access.find(*a) != std::string::npos)
+ pass = (result == 1);
+ else
+ pass = (result <= 0);
+
+ RUNNER_ASSERT_MSG_BT(pass, "rule = {" << rule.subject << "; " << rule.object << "; " <<
+ rule.access << "}" << std::endl <<
+ "access = " << *a << std::endl <<
+ "result = " << result << std::endl);
+ }
+}
+
+void test_smack_rules_vector(const smack_rules_vector& rules)
+{
+ for (auto rule = rules.begin(); rule != rules.end(); ++rule)
+ test_one_smack_rule(*rule);
+}
+
+const std::string APP27_A = "APP27_A";
+const std::string APP27_B = "APP27_B";
+const std::string APP27_C = "APP27_C";
+const std::string APP27_D = "APP27_D";
+const std::string APP27_E = "APP27_E";
+const std::string APP27_F = "APP27_F";
+
+const std::string APP27_A_PUB = "/etc/smack/test_privilege_control_DIR/A_PUBLIC";
+const std::string APP27_D_PUB = "/etc/smack/test_privilege_control_DIR/D_PUBLIC";
+const std::string APP27_E_PUB = "/etc/smack/test_privilege_control_DIR/E_PUBLIC";
+
+const std::string APP27_A_PUB_ID = smack_label_for_path(APP27_A, APP27_A_PUB);
+const std::string APP27_D_PUB_ID = smack_label_for_path(APP27_D, APP27_D_PUB);
+const std::string APP27_E_PUB_ID = smack_label_for_path(APP27_E, APP27_E_PUB);
+
+const std::string APP27_B_SET = "/etc/smack/test_privilege_control_DIR/B_SETTINGS";
+const std::string APP27_C_SET = "/etc/smack/test_privilege_control_DIR/C_SETTINGS";
+const std::string APP27_E_SET = "/etc/smack/test_privilege_control_DIR/E_SETTINGS";
+
+const std::string APP27_B_SET_ID = smack_label_for_path(APP27_B, APP27_B_SET);
+const std::string APP27_C_SET_ID = smack_label_for_path(APP27_C, APP27_C_SET);
+const std::string APP27_E_SET_ID = smack_label_for_path(APP27_E, APP27_E_SET);
+
+const std::string APP27_A_GRP = "/etc/smack/test_privilege_control_DIR/A_GROUP";
+const std::string APP27_B_GRP = "/etc/smack/test_privilege_control_DIR/B_GROUP";
+const std::string APP27_F_GRP = "/etc/smack/test_privilege_control_DIR/F_GROUP";
+
+const std::string APP27_A_GRP_ID = "A";
+const std::string APP27_B_GRP_ID = "B";
+const std::string APP27_F_GRP_ID = "F";
+
+const smack_rules_vector initial_state = {
+ { APP27_A, APP27_A_PUB_ID, "rwxatl" },
+ { APP27_B, APP27_A_PUB_ID, "rx" },
+ { APP27_C, APP27_A_PUB_ID, "rx" },
+ { APP27_D, APP27_A_PUB_ID, "rx" },
+ { APP27_E, APP27_A_PUB_ID, "rx" },
+ { APP27_F, APP27_A_PUB_ID, "" },
+
+ { APP27_A, APP27_D_PUB_ID, "rx" },
+ { APP27_B, APP27_D_PUB_ID, "rx" },
+ { APP27_C, APP27_D_PUB_ID, "rx" },
+ { APP27_D, APP27_D_PUB_ID, "rwxatl" },
+ { APP27_E, APP27_D_PUB_ID, "rx" },
+ { APP27_F, APP27_D_PUB_ID, "" },
+
+ { APP27_A, APP27_E_PUB_ID, "" },
+ { APP27_B, APP27_E_PUB_ID, "" },
+ { APP27_C, APP27_E_PUB_ID, "" },
+ { APP27_D, APP27_E_PUB_ID, "" },
+ { APP27_E, APP27_E_PUB_ID, "" },
+ { APP27_F, APP27_E_PUB_ID, "" },
+
+ { APP27_A, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_B, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_A_GRP_ID, "" },
+ { APP27_D, APP27_A_GRP_ID, "" },
+ { APP27_E, APP27_A_GRP_ID, "" },
+ { APP27_F, APP27_A_GRP_ID, "" },
+
+ { APP27_A, APP27_B_GRP_ID, "" },
+ { APP27_B, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_D, APP27_B_GRP_ID, "" },
+ { APP27_E, APP27_B_GRP_ID, "" },
+ { APP27_F, APP27_B_GRP_ID, "" },
+
+ { APP27_A, APP27_F_GRP_ID, "" },
+ { APP27_B, APP27_F_GRP_ID, "" },
+ { APP27_C, APP27_F_GRP_ID, "" },
+ { APP27_D, APP27_F_GRP_ID, "" },
+ { APP27_E, APP27_F_GRP_ID, "" },
+ { APP27_F, APP27_F_GRP_ID, "" },
+
+ { APP27_A, APP27_B_SET_ID, "" },
+ { APP27_B, APP27_B_SET_ID, "rwxatl" },
+ { APP27_C, APP27_B_SET_ID, "" },
+ { APP27_D, APP27_B_SET_ID, "" },
+ { APP27_E, APP27_B_SET_ID, "" },
+ { APP27_F, APP27_B_SET_ID, "" },
+
+ { APP27_A, APP27_C_SET_ID, "" },
+ { APP27_B, APP27_C_SET_ID, "" },
+ { APP27_C, APP27_C_SET_ID, "" },
+ { APP27_D, APP27_C_SET_ID, "" },
+ { APP27_E, APP27_C_SET_ID, "" },
+ { APP27_F, APP27_C_SET_ID, "" },
+
+ { APP27_A, APP27_E_SET_ID, "" },
+ { APP27_B, APP27_E_SET_ID, "" },
+ { APP27_C, APP27_E_SET_ID, "" },
+ { APP27_D, APP27_E_SET_ID, "" },
+ { APP27_E, APP27_E_SET_ID, "rwxatl" },
+ { APP27_F, APP27_E_SET_ID, "" }
+};
+
+const smack_rules_vector rules_1_state = {
+ { APP27_A, APP27_A_PUB_ID, "rwxatl" },
+ { APP27_B, APP27_A_PUB_ID, "rx" },
+ { APP27_C, APP27_A_PUB_ID, "rx" },
+ { APP27_D, APP27_A_PUB_ID, "rxl" },
+ { APP27_E, APP27_A_PUB_ID, "rwxatl" },
+ { APP27_F, APP27_A_PUB_ID, "rwxatl" },
+
+ { APP27_A, APP27_D_PUB_ID, "rx" },
+ { APP27_B, APP27_D_PUB_ID, "rx" },
+ { APP27_C, APP27_D_PUB_ID, "rx" },
+ { APP27_D, APP27_D_PUB_ID, "rwxatl" },
+ { APP27_E, APP27_D_PUB_ID, "rwxatl" },
+ { APP27_F, APP27_D_PUB_ID, "rwxatl" },
+
+ { APP27_A, APP27_E_PUB_ID, "" },
+ { APP27_B, APP27_E_PUB_ID, "" },
+ { APP27_C, APP27_E_PUB_ID, "" },
+ { APP27_D, APP27_E_PUB_ID, "" },
+ { APP27_E, APP27_E_PUB_ID, "" },
+ { APP27_F, APP27_E_PUB_ID, "" },
+
+ { APP27_A, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_B, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_A_GRP_ID, "" },
+ { APP27_D, APP27_A_GRP_ID, "ra" },
+ { APP27_E, APP27_A_GRP_ID, "" },
+ { APP27_F, APP27_A_GRP_ID, "" },
+
+ { APP27_A, APP27_B_GRP_ID, "" },
+ { APP27_B, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_D, APP27_B_GRP_ID, "ra" },
+ { APP27_E, APP27_B_GRP_ID, "" },
+ { APP27_F, APP27_B_GRP_ID, "" },
+
+ { APP27_A, APP27_F_GRP_ID, "" },
+ { APP27_B, APP27_F_GRP_ID, "" },
+ { APP27_C, APP27_F_GRP_ID, "" },
+ { APP27_D, APP27_F_GRP_ID, "" },
+ { APP27_E, APP27_F_GRP_ID, "" },
+ { APP27_F, APP27_F_GRP_ID, "" },
+
+ { APP27_A, APP27_B_SET_ID, "ra" },
+ { APP27_B, APP27_B_SET_ID, "rwxatl" },
+ { APP27_C, APP27_B_SET_ID, "" },
+ { APP27_D, APP27_B_SET_ID, "" },
+ { APP27_E, APP27_B_SET_ID, "xl" },
+ { APP27_F, APP27_B_SET_ID, "" },
+
+ { APP27_A, APP27_C_SET_ID, "" },
+ { APP27_B, APP27_C_SET_ID, "" },
+ { APP27_C, APP27_C_SET_ID, "" },
+ { APP27_D, APP27_C_SET_ID, "" },
+ { APP27_E, APP27_C_SET_ID, "" },
+ { APP27_F, APP27_C_SET_ID, "" },
+
+ { APP27_A, APP27_E_SET_ID, "ra" },
+ { APP27_B, APP27_E_SET_ID, "" },
+ { APP27_C, APP27_E_SET_ID, "" },
+ { APP27_D, APP27_E_SET_ID, "" },
+ { APP27_E, APP27_E_SET_ID, "rwxatl" },
+ { APP27_F, APP27_E_SET_ID, "" }
+};
+
+const smack_rules_vector add_app_state = {
+ { APP27_A, APP27_A_PUB_ID, "rwxatl" },
+ { APP27_B, APP27_A_PUB_ID, "rx" },
+ { APP27_C, APP27_A_PUB_ID, "rx" },
+ { APP27_D, APP27_A_PUB_ID, "rxl" },
+ { APP27_E, APP27_A_PUB_ID, "rwxatl" },
+ { APP27_F, APP27_A_PUB_ID, "rwxatl" },
+
+ { APP27_A, APP27_D_PUB_ID, "rx" },
+ { APP27_B, APP27_D_PUB_ID, "rx" },
+ { APP27_C, APP27_D_PUB_ID, "rx" },
+ { APP27_D, APP27_D_PUB_ID, "rwxatl" },
+ { APP27_E, APP27_D_PUB_ID, "rwxatl" },
+ { APP27_F, APP27_D_PUB_ID, "rwxatl" },
+
+ { APP27_A, APP27_E_PUB_ID, "" },
+ { APP27_B, APP27_E_PUB_ID, "" },
+ { APP27_C, APP27_E_PUB_ID, "" },
+ { APP27_D, APP27_E_PUB_ID, "" },
+ { APP27_E, APP27_E_PUB_ID, "" },
+ { APP27_F, APP27_E_PUB_ID, "" },
+
+ { APP27_A, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_B, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_A_GRP_ID, "" },
+ { APP27_D, APP27_A_GRP_ID, "ra" },
+ { APP27_E, APP27_A_GRP_ID, "" },
+ { APP27_F, APP27_A_GRP_ID, "" },
+
+ { APP27_A, APP27_B_GRP_ID, "" },
+ { APP27_B, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_D, APP27_B_GRP_ID, "ra" },
+ { APP27_E, APP27_B_GRP_ID, "" },
+ { APP27_F, APP27_B_GRP_ID, "" },
+
+ { APP27_A, APP27_F_GRP_ID, "rwxatl" },
+ { APP27_B, APP27_F_GRP_ID, "" },
+ { APP27_C, APP27_F_GRP_ID, "" },
+ { APP27_D, APP27_F_GRP_ID, "ra" },
+ { APP27_E, APP27_F_GRP_ID, "" },
+ { APP27_F, APP27_F_GRP_ID, "rwxatl" },
+
+ { APP27_A, APP27_B_SET_ID, "ra" },
+ { APP27_B, APP27_B_SET_ID, "rwxatl" },
+ { APP27_C, APP27_B_SET_ID, "" },
+ { APP27_D, APP27_B_SET_ID, "" },
+ { APP27_E, APP27_B_SET_ID, "xl" },
+ { APP27_F, APP27_B_SET_ID, "" },
+
+ { APP27_A, APP27_C_SET_ID, "" },
+ { APP27_B, APP27_C_SET_ID, "" },
+ { APP27_C, APP27_C_SET_ID, "" },
+ { APP27_D, APP27_C_SET_ID, "" },
+ { APP27_E, APP27_C_SET_ID, "" },
+ { APP27_F, APP27_C_SET_ID, "" },
+
+ { APP27_A, APP27_E_SET_ID, "ra" },
+ { APP27_B, APP27_E_SET_ID, "" },
+ { APP27_C, APP27_E_SET_ID, "" },
+ { APP27_D, APP27_E_SET_ID, "" },
+ { APP27_E, APP27_E_SET_ID, "rwxatl" },
+ { APP27_F, APP27_E_SET_ID, "" }
+};
+
+const smack_rules_vector add_dir_state = {
+ { APP27_A, APP27_A_PUB_ID, "rwxatl" },
+ { APP27_B, APP27_A_PUB_ID, "rx" },
+ { APP27_C, APP27_A_PUB_ID, "rx" },
+ { APP27_D, APP27_A_PUB_ID, "rxl" },
+ { APP27_E, APP27_A_PUB_ID, "rwxatl" },
+ { APP27_F, APP27_A_PUB_ID, "rwxatl" },
+
+ { APP27_A, APP27_D_PUB_ID, "rx" },
+ { APP27_B, APP27_D_PUB_ID, "rx" },
+ { APP27_C, APP27_D_PUB_ID, "rx" },
+ { APP27_D, APP27_D_PUB_ID, "rwxatl" },
+ { APP27_E, APP27_D_PUB_ID, "rwxatl" },
+ { APP27_F, APP27_D_PUB_ID, "rwxatl" },
+
+ { APP27_A, APP27_E_PUB_ID, "rx" },
+ { APP27_B, APP27_E_PUB_ID, "rx" },
+ { APP27_C, APP27_E_PUB_ID, "rx" },
+ { APP27_D, APP27_E_PUB_ID, "rxl" },
+ { APP27_E, APP27_E_PUB_ID, "rwxatl" },
+ { APP27_F, APP27_E_PUB_ID, "rwxatl" },
+
+ { APP27_A, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_B, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_A_GRP_ID, "" },
+ { APP27_D, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_E, APP27_A_GRP_ID, "" },
+ { APP27_F, APP27_A_GRP_ID, "" },
+
+ { APP27_A, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_B, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_D, APP27_B_GRP_ID, "ra" },
+ { APP27_E, APP27_B_GRP_ID, "" },
+ { APP27_F, APP27_B_GRP_ID, "" },
+
+ { APP27_A, APP27_F_GRP_ID, "" },
+ { APP27_B, APP27_F_GRP_ID, "" },
+ { APP27_C, APP27_F_GRP_ID, "rwxatl" },
+ { APP27_D, APP27_F_GRP_ID, "ra" },
+ { APP27_E, APP27_F_GRP_ID, "" },
+ { APP27_F, APP27_F_GRP_ID, "" },
+
+ { APP27_A, APP27_B_SET_ID, "ra" },
+ { APP27_B, APP27_B_SET_ID, "rwxatl" },
+ { APP27_C, APP27_B_SET_ID, "" },
+ { APP27_D, APP27_B_SET_ID, "" },
+ { APP27_E, APP27_B_SET_ID, "xl" },
+ { APP27_F, APP27_B_SET_ID, "" },
+
+ { APP27_A, APP27_C_SET_ID, "ra" },
+ { APP27_B, APP27_C_SET_ID, "" },
+ { APP27_C, APP27_C_SET_ID, "rwxatl" },
+ { APP27_D, APP27_C_SET_ID, "" },
+ { APP27_E, APP27_C_SET_ID, "xl" },
+ { APP27_F, APP27_C_SET_ID, "" },
+
+ { APP27_A, APP27_E_SET_ID, "ra" },
+ { APP27_B, APP27_E_SET_ID, "" },
+ { APP27_C, APP27_E_SET_ID, "" },
+ { APP27_D, APP27_E_SET_ID, "" },
+ { APP27_E, APP27_E_SET_ID, "rwxatl" },
+ { APP27_F, APP27_E_SET_ID, "" }
+};
+
+const smack_rules_vector rules_2_state = {
+ { APP27_A, APP27_A_PUB_ID, "rwxatl" },
+ { APP27_B, APP27_A_PUB_ID, "rx" },
+ { APP27_C, APP27_A_PUB_ID, "rxlt" },
+ { APP27_D, APP27_A_PUB_ID, "rxa" },
+ { APP27_E, APP27_A_PUB_ID, "rwxl" },
+ { APP27_F, APP27_A_PUB_ID, "" },
+
+ { APP27_A, APP27_D_PUB_ID, "rx" },
+ { APP27_B, APP27_D_PUB_ID, "rx" },
+ { APP27_C, APP27_D_PUB_ID, "rxlt" },
+ { APP27_D, APP27_D_PUB_ID, "rwxatl" },
+ { APP27_E, APP27_D_PUB_ID, "rwxl" },
+ { APP27_F, APP27_D_PUB_ID, "" },
+
+ { APP27_A, APP27_E_PUB_ID, "" },
+ { APP27_B, APP27_E_PUB_ID, "" },
+ { APP27_C, APP27_E_PUB_ID, "" },
+ { APP27_D, APP27_E_PUB_ID, "" },
+ { APP27_E, APP27_E_PUB_ID, "" },
+ { APP27_F, APP27_E_PUB_ID, "" },
+
+ { APP27_A, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_B, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_A_GRP_ID, "" },
+ { APP27_D, APP27_A_GRP_ID, "" },
+ { APP27_E, APP27_A_GRP_ID, "" },
+ { APP27_F, APP27_A_GRP_ID, "" },
+
+ { APP27_A, APP27_B_GRP_ID, "" },
+ { APP27_B, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_D, APP27_B_GRP_ID, "" },
+ { APP27_E, APP27_B_GRP_ID, "" },
+ { APP27_F, APP27_B_GRP_ID, "" },
+
+ { APP27_A, APP27_F_GRP_ID, "" },
+ { APP27_B, APP27_F_GRP_ID, "" },
+ { APP27_C, APP27_F_GRP_ID, "" },
+ { APP27_D, APP27_F_GRP_ID, "" },
+ { APP27_E, APP27_F_GRP_ID, "" },
+ { APP27_F, APP27_F_GRP_ID, "" },
+
+ { APP27_A, APP27_B_SET_ID, "" },
+ { APP27_B, APP27_B_SET_ID, "rwxatl" },
+ { APP27_C, APP27_B_SET_ID, "" },
+ { APP27_D, APP27_B_SET_ID, "" },
+ { APP27_E, APP27_B_SET_ID, "" },
+ { APP27_F, APP27_B_SET_ID, "" },
+
+ { APP27_A, APP27_C_SET_ID, "" },
+ { APP27_B, APP27_C_SET_ID, "" },
+ { APP27_C, APP27_C_SET_ID, "" },
+ { APP27_D, APP27_C_SET_ID, "" },
+ { APP27_E, APP27_C_SET_ID, "" },
+ { APP27_F, APP27_C_SET_ID, "" },
+
+ { APP27_A, APP27_E_SET_ID, "" },
+ { APP27_B, APP27_E_SET_ID, "" },
+ { APP27_C, APP27_E_SET_ID, "" },
+ { APP27_D, APP27_E_SET_ID, "" },
+ { APP27_E, APP27_E_SET_ID, "rwxatl" },
+ { APP27_F, APP27_E_SET_ID, "" }
+};
+
+const smack_rules_vector rules_3_state = {
+ { APP27_A, APP27_A_PUB_ID, "rwxatl" },
+ { APP27_B, APP27_A_PUB_ID, "rx" },
+ { APP27_C, APP27_A_PUB_ID, "rx" },
+ { APP27_D, APP27_A_PUB_ID, "rx" },
+ { APP27_E, APP27_A_PUB_ID, "rx" },
+ { APP27_F, APP27_A_PUB_ID, "" },
+
+ { APP27_A, APP27_D_PUB_ID, "rx" },
+ { APP27_B, APP27_D_PUB_ID, "rx" },
+ { APP27_C, APP27_D_PUB_ID, "rx" },
+ { APP27_D, APP27_D_PUB_ID, "rwxatl" },
+ { APP27_E, APP27_D_PUB_ID, "rx" },
+ { APP27_F, APP27_D_PUB_ID, "" },
+
+ { APP27_A, APP27_E_PUB_ID, "" },
+ { APP27_B, APP27_E_PUB_ID, "" },
+ { APP27_C, APP27_E_PUB_ID, "" },
+ { APP27_D, APP27_E_PUB_ID, "" },
+ { APP27_E, APP27_E_PUB_ID, "" },
+ { APP27_F, APP27_E_PUB_ID, "" },
+
+ { APP27_A, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_B, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_A_GRP_ID, "xlt" },
+ { APP27_D, APP27_A_GRP_ID, "" },
+ { APP27_E, APP27_A_GRP_ID, "rwl" },
+ { APP27_F, APP27_A_GRP_ID, "" },
+
+ { APP27_A, APP27_B_GRP_ID, "" },
+ { APP27_B, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_D, APP27_B_GRP_ID, "" },
+ { APP27_E, APP27_B_GRP_ID, "rwl" },
+ { APP27_F, APP27_B_GRP_ID, "" },
+
+ { APP27_A, APP27_F_GRP_ID, "" },
+ { APP27_B, APP27_F_GRP_ID, "" },
+ { APP27_C, APP27_F_GRP_ID, "" },
+ { APP27_D, APP27_F_GRP_ID, "" },
+ { APP27_E, APP27_F_GRP_ID, "" },
+ { APP27_F, APP27_F_GRP_ID, "" },
+
+ { APP27_A, APP27_B_SET_ID, "" },
+ { APP27_B, APP27_B_SET_ID, "rwxatl" },
+ { APP27_C, APP27_B_SET_ID, "" },
+ { APP27_D, APP27_B_SET_ID, "" },
+ { APP27_E, APP27_B_SET_ID, "" },
+ { APP27_F, APP27_B_SET_ID, "" },
+
+ { APP27_A, APP27_C_SET_ID, "" },
+ { APP27_B, APP27_C_SET_ID, "" },
+ { APP27_C, APP27_C_SET_ID, "" },
+ { APP27_D, APP27_C_SET_ID, "" },
+ { APP27_E, APP27_C_SET_ID, "" },
+ { APP27_F, APP27_C_SET_ID, "" },
+
+ { APP27_A, APP27_E_SET_ID, "" },
+ { APP27_B, APP27_E_SET_ID, "" },
+ { APP27_C, APP27_E_SET_ID, "" },
+ { APP27_D, APP27_E_SET_ID, "" },
+ { APP27_E, APP27_E_SET_ID, "rwxatl" },
+ { APP27_F, APP27_E_SET_ID, "" }
+};
+
+const smack_rules_vector rules_4_state = {
+ { APP27_A, APP27_A_PUB_ID, "rwxatl" },
+ { APP27_B, APP27_A_PUB_ID, "rx" },
+ { APP27_C, APP27_A_PUB_ID, "rx" },
+ { APP27_D, APP27_A_PUB_ID, "rx" },
+ { APP27_E, APP27_A_PUB_ID, "rx" },
+ { APP27_F, APP27_A_PUB_ID, "" },
+
+ { APP27_A, APP27_D_PUB_ID, "rx" },
+ { APP27_B, APP27_D_PUB_ID, "rx" },
+ { APP27_C, APP27_D_PUB_ID, "rx" },
+ { APP27_D, APP27_D_PUB_ID, "rwxatl" },
+ { APP27_E, APP27_D_PUB_ID, "rx" },
+ { APP27_F, APP27_D_PUB_ID, "" },
+
+ { APP27_A, APP27_E_PUB_ID, "" },
+ { APP27_B, APP27_E_PUB_ID, "" },
+ { APP27_C, APP27_E_PUB_ID, "" },
+ { APP27_D, APP27_E_PUB_ID, "" },
+ { APP27_E, APP27_E_PUB_ID, "" },
+ { APP27_F, APP27_E_PUB_ID, "" },
+
+ { APP27_A, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_B, APP27_A_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_A_GRP_ID, "" },
+ { APP27_D, APP27_A_GRP_ID, "" },
+ { APP27_E, APP27_A_GRP_ID, "" },
+ { APP27_F, APP27_A_GRP_ID, "" },
+
+ { APP27_A, APP27_B_GRP_ID, "" },
+ { APP27_B, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_C, APP27_B_GRP_ID, "rwxatl" },
+ { APP27_D, APP27_B_GRP_ID, "" },
+ { APP27_E, APP27_B_GRP_ID, "" },
+ { APP27_F, APP27_B_GRP_ID, "" },
+
+ { APP27_A, APP27_F_GRP_ID, "" },
+ { APP27_B, APP27_F_GRP_ID, "" },
+ { APP27_C, APP27_F_GRP_ID, "" },
+ { APP27_D, APP27_F_GRP_ID, "" },
+ { APP27_E, APP27_F_GRP_ID, "" },
+ { APP27_F, APP27_F_GRP_ID, "" },
+
+ { APP27_A, APP27_B_SET_ID, "" },
+ { APP27_B, APP27_B_SET_ID, "rwxatl" },
+ { APP27_C, APP27_B_SET_ID, "xlt" },
+ { APP27_D, APP27_B_SET_ID, "" },
+ { APP27_E, APP27_B_SET_ID, "rwl" },
+ { APP27_F, APP27_B_SET_ID, "" },
+
+ { APP27_A, APP27_C_SET_ID, "" },
+ { APP27_B, APP27_C_SET_ID, "" },
+ { APP27_C, APP27_C_SET_ID, "" },
+ { APP27_D, APP27_C_SET_ID, "" },
+ { APP27_E, APP27_C_SET_ID, "" },
+ { APP27_F, APP27_C_SET_ID, "" },
+
+ { APP27_A, APP27_E_SET_ID, "" },
+ { APP27_B, APP27_E_SET_ID, "ra" },
+ { APP27_C, APP27_E_SET_ID, "xlt" },
+ { APP27_D, APP27_E_SET_ID, "" },
+ { APP27_E, APP27_E_SET_ID, "rwxatl" },
+ { APP27_F, APP27_E_SET_ID, "" }
+};
+
+const std::vector<std::string> directories_27 = { APP27_A_PUB, APP27_D_PUB, APP27_E_PUB,
+ APP27_B_SET, APP27_C_SET, APP27_E_SET,
+ APP27_A_GRP, APP27_B_GRP, APP27_F_GRP};
+
+void additional_rules_prepare_directories(void)
+{
+ for (auto dir = directories_27.begin(); dir != directories_27.end(); ++dir) {
+ int result = mkdir(dir->c_str(), 0);
+ RUNNER_ASSERT_MSG_BT(result == 0 || (result == -1 && errno == EEXIST), "directory = " <<
+ dir->c_str() << "; result = " << result << "; errno = " << errno <<
+ "; error = " << strerror(errno));
+ }
+}
+
+void additional_rules_set_initial_state(void)
+{
+ int result;
+
+ DB_BEGIN
+ result = perm_app_install(APP27_A.c_str());
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_A.c_str(), APP27_A_PUB.c_str(), PERM_APP_PATH_PUBLIC);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_A.c_str(), APP27_A_GRP.c_str(), PERM_APP_PATH_GROUP, "A");
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+
+ result = perm_app_install(APP27_B.c_str());
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_B.c_str(), APP27_A_GRP.c_str(), PERM_APP_PATH_GROUP, "A");
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_B.c_str(), APP27_B_GRP.c_str(), PERM_APP_PATH_GROUP, "B");
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_B.c_str(), APP27_B_SET.c_str(), PERM_APP_PATH_SETTINGS);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+
+ result = perm_app_install(APP27_C.c_str());
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_C.c_str(), APP27_B_GRP.c_str(), PERM_APP_PATH_GROUP, "B");
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+
+ result = perm_app_install(APP27_D.c_str());
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_D.c_str(), APP27_D_PUB.c_str(), PERM_APP_PATH_PUBLIC);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+
+ result = perm_app_install(APP27_E.c_str());
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_E.c_str(), APP27_E_SET.c_str(), PERM_APP_PATH_SETTINGS);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+
+ DB_END
+}
+
+void additional_rules_set_add_app_state(void)
+{
+ int result;
+
+ DB_BEGIN
+ result = perm_app_setup_path(APP27_A.c_str(), APP27_F_GRP.c_str(), PERM_APP_PATH_GROUP, "F");
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+
+ result = perm_app_install(APP27_F.c_str());
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_F.c_str(), APP27_F_GRP.c_str(), PERM_APP_PATH_GROUP, "F");
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ DB_END
+}
+
+void additional_rules_set_add_dir_state(void)
+{
+ int result;
+
+ DB_BEGIN
+ result = perm_app_setup_path(APP27_E.c_str(), APP27_E_PUB.c_str(), PERM_APP_PATH_PUBLIC);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+
+ result = perm_app_setup_path(APP27_A.c_str(), APP27_B_GRP.c_str(), PERM_APP_PATH_GROUP, "B");
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_C.c_str(), APP27_F_GRP.c_str(), PERM_APP_PATH_GROUP, "F");
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ result = perm_app_setup_path(APP27_D.c_str(), APP27_A_GRP.c_str(), PERM_APP_PATH_GROUP, "A");
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+
+ result = perm_app_setup_path(APP27_C.c_str(), APP27_C_SET.c_str(), PERM_APP_PATH_SETTINGS);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+ DB_END
+}
+
+void free_null_term_tab(char** tab)
+{
+ int i = 0;
+ while(tab[i])
+ free(tab[i++]);
+}
+
+void set_rules_1_state(void)
+{
+ int result, i = 0;
+ const int count = 9;
+ char* rules[count] = {};
+ std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);
+
+ result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), APP27_A_PUB_ID.c_str(), "rwx");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), APP27_D_PUB_ID.c_str(), "rwxa");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_D.c_str(), "~PUBLIC_PATH~", "rxl");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~PUBLIC_PATH~", "rwxat");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_F.c_str(), "~PUBLIC_PATH~", "rwxatl");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_D.c_str(), "~GROUP_PATH~", "ra");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_A.c_str(), "~SETTINGS_PATH~", "ra");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~SETTINGS_PATH~", "xl");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ rules[i] = NULL;
+
+ DB_BEGIN
+ result = perm_add_additional_rules((const char**)rules);
+ DB_END
+
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+}
+
+void set_rules_2_state(void)
+{
+ int result, i = 0;
+ const int count = 5;
+ char* rules[count] = {};
+ std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);
+
+ result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), "~PUBLIC_PATH~", "r");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), "~PUBLIC_PATH~", "lt");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_D.c_str(), "~PUBLIC_PATH~", "xa");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~PUBLIC_PATH~", "w");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ rules[i] = NULL;
+
+ DB_BEGIN
+ result = perm_add_additional_rules((const char**) rules);
+ DB_END
+
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+}
+
+void set_rules_3_state(void)
+{
+ int result, i = 0;
+ const int count = 4;
+ char* rules[count] = {};
+ std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);
+
+ result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), "~GROUP_PATH~", "ra");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), "~GROUP_PATH~", "xlt");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~GROUP_PATH~", "rw");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ rules[i] = NULL;
+
+ DB_BEGIN
+ result = perm_add_additional_rules((const char**) rules);
+ DB_END
+
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+}
+
+void set_rules_4_state(void)
+{
+ int result, i = 0;
+ const int count = 4;
+ char* rules[count] = {};
+ std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);
+
+ result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), "~SETTINGS_PATH~", "ra");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), "~SETTINGS_PATH~", "xlt");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~SETTINGS_PATH~", "rw");
+ RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
+ rules[i] = NULL;
+
+ DB_BEGIN
+ result = perm_add_additional_rules((const char**) rules);
+ DB_END
+
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+}
+
+void cleanup_additional_rules_apps(void)
+{
+ int result;
+ const std::vector<std::string> apps = { APP27_A, APP27_B, APP27_C, APP27_D, APP27_E, APP27_F };
+
+ DB_BEGIN
+ for (auto a = apps.begin(); a != apps.end(); ++a) {
+ result = perm_app_uninstall(a->c_str());
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "app = " << a->c_str() <<
+ "; result = " << result);
+ }
+ DB_END
+}
+
+void cleanup_additional_rules_rules(void)
+{
+ int result;
+ const char* empty[] = { NULL };
+ DB_BEGIN
+ result = perm_add_additional_rules(empty);
+ DB_END
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
+}
+
+void cleanup_additional_rules_directories(void)
+{
+ for (auto dir = directories_27.begin(); dir != directories_27.end(); ++dir) {
+ int result = rmdir(dir->c_str());
+ RUNNER_ASSERT_MSG_BT(result == 0 || (result == -1 && errno == ENOENT),
+ "directory = " << dir->c_str() << "; result = " << result <<
+ "; errno = " << errno << "; error = " << strerror(errno));
+ }
+}
+
+void cleanup_additional_rules_all(void)
+{
+ cleanup_additional_rules_apps();
+ cleanup_additional_rules_rules();
+ additional_rules_prepare_directories();
+}
+
+RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_1_rollback)
+{
+ UNUSED RestoreAdditionalRulesGuard guard;
+ cleanup_additional_rules_all();
+
+ //initial state
+ additional_rules_set_initial_state();
+ test_smack_rules_vector(initial_state);
+
+ //set state with some public additional rules
+ set_rules_1_state();
+ test_smack_rules_vector(rules_1_state);
+
+ //rollback to initial state
+ cleanup_additional_rules_rules();
+ test_smack_rules_vector(initial_state);
+
+ //cleanup
+ cleanup_additional_rules_all();
+}
+
+RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_2_add_app)
+{
+ UNUSED RestoreAdditionalRulesGuard guard;
+ cleanup_additional_rules_all();
+
+ //initial state
+ additional_rules_set_initial_state();
+ test_smack_rules_vector(initial_state);
+
+ //set state with some public additional rules
+ set_rules_1_state();
+ test_smack_rules_vector(rules_1_state);
+
+ //add app F
+ additional_rules_set_add_app_state();
+ test_smack_rules_vector(add_app_state);
+
+ //cleanup
+ cleanup_additional_rules_all();
+}
+
+RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_3_add_dir)
+{
+ UNUSED RestoreAdditionalRulesGuard guard;
+ cleanup_additional_rules_all();
+
+ //initial state
+ additional_rules_set_initial_state();
+ test_smack_rules_vector(initial_state);
+
+ //set state with some public additional rules
+ set_rules_1_state();
+ test_smack_rules_vector(rules_1_state);
+
+ //add public dir E
+ additional_rules_set_add_dir_state();
+ test_smack_rules_vector(add_dir_state);
+
+ //cleanup
+ cleanup_additional_rules_all();
+}
+
+RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_4_update_rules)
+{
+ UNUSED RestoreAdditionalRulesGuard guard;
+ cleanup_additional_rules_all();
+
+ //initial state
+ additional_rules_set_initial_state();
+ test_smack_rules_vector(initial_state);
+
+ //set state with some additional rules
+ set_rules_1_state();
+ test_smack_rules_vector(rules_1_state);
+
+ //set state with some public additional rules
+ set_rules_2_state();
+ test_smack_rules_vector(rules_2_state);
+
+ //set state with some group additional rules
+ set_rules_3_state();
+ test_smack_rules_vector(rules_3_state);
+
+ //set state with some settings additional rules
+ set_rules_4_state();
+ test_smack_rules_vector(rules_4_state);
+
+ //cleanup
+ cleanup_additional_rules_all();
+}