1 #!/bin/sh 2 # 3 # Copyright (c) 2009 Casey Schaufler under the terms of the 4 # GNU General Public License version 2, as published by the 5 # Free Software Foundation 6 # 7 # Test setting access rules 8 # 9 # Environment: 10 # CAP_MAC_ADMIN 11 # 12 # "%-23s %-23s %4s" 13 # 14 # 1 2 3 4 5 6 15 # 123456789012345678901234567890123456789012345678901234567890123456789 16 17 export TCID=smack_file_access 18 export TST_TOTAL=1 19 20 . test.sh 21 22 . smack_common.sh 23 24 cleanup() 25 { 26 tst_rmdir 27 } 28 29 rule_a="TheOne TheOther r---" 30 rule_b="TheOne TheOther rw--" 31 32 CAT=/bin/cat 33 testfile="testfile" 34 35 tst_tmpdir 36 TST_CLEANUP=cleanup 37 38 smack_notroot /bin/sh -c "echo InitialData 2>/tmp/smack_fail.log > $testfile" 39 if [ ! -f "$testfile" ]; then 40 tst_brkm TFAIL "Test file \"$testfile\" can not be created." 41 fi 42 43 setfattr --name=security.SMACK64 --value=TheOther "$testfile" 44 setto=$(getfattr --only-values -n security.SMACK64 -e text $testfile) 45 46 if [ "TheOther" != "$setto" ]; then 47 tst_brkm TFAIL "Test file \"$testfile\" labeled \"$setto\" incorrectly." 48 fi 49 50 old_rule=$(grep "^TheOne" "$smackfsdir/load" 2>/dev/null | grep ' TheOther ') 51 52 echo -n "$rule_a" > "$smackfsdir/load" 53 new_rule=$(grep "^TheOne" "$smackfsdir/load" 2>/dev/null | grep ' TheOther ') 54 if [ "$new_rule" = "" ]; then 55 tst_brkm TFAIL "Rule did not get set." 56 fi 57 mode=$(echo $new_rule | sed -e 's/.* //') 58 if [ "$mode" != "r" ]; then 59 tst_brkm TFAIL "Rule \"$new_rule\" is not set correctly." 60 fi 61 62 echo TheOne 2>/dev/null > /proc/self/attr/current 63 got_read=$(smack_notroot $CAT "$testfile") 64 65 if [ "$got_read" != "InitialData" ]; then 66 tst_brkm TFAIL "Read failed for \"$testfile\" labeled \"TheOther\"." 67 fi 68 69 echo NotTheOne 2>/dev/null > /proc/self/attr/current 70 got_read=$(smack_notroot $CAT "$testfile" 2> /dev/null) 71 72 if [ "$got_read" = "InitialData" ]; then 73 tst_brkm TFAIL "Read should have failed for \"$testfile\" labeled" \ 74 "\"TheOther\"." 75 fi 76 77 echo -n "$rule_b" 2>/dev/null > "$smackfsdir/load" 78 new_rule=$(grep "^TheOne" $smackfsdir/load 2>/dev/null | grep ' TheOther ') 79 if [ "$new_rule" = "" ]; then 80 tst_brkm TFAIL "Rule did not get set." 81 fi 82 mode=$(echo $new_rule | sed -e 's/.* //') 83 if [ "$mode" != "rw" ]; then 84 tst_brkm TFAIL "Rule \"$new_rule\" is not set correctly." 85 fi 86 87 if [ "$old_rule" != "$new_rule" ]; then 88 tst_resm TINFO "Notice: Test access rule changed from \"$old_rule\"" \ 89 "to \"$new_rule\"." 90 fi 91 92 tst_resm TPASS "Test \"$TCID\" success." 93 tst_exit 94