Home | History | Annotate | Download | only in smack 
      1 #!/bin/sh
      2 #
      3 # Copyright (c) 2009 Casey Schaufler under the terms of the
      4 # GNU General Public License version 2, as published by the
      5 # Free Software Foundation
      6 #
      7 # Test setting access rules
      8 #
      9 # Environment:
     10 #	CAP_MAC_ADMIN
     11 #
     12 # "%-23s %-23s %4s"
     13 #
     14 #               1         2         3         4         5         6
     15 #      123456789012345678901234567890123456789012345678901234567890123456789
     16 
     17 export TCID=smack_file_access
     18 export TST_TOTAL=1
     19 
     20 . test.sh
     21 
     22 . smack_common.sh
     23 
     24 cleanup()
     25 {
     26 	tst_rmdir
     27 }
     28 
     29 rule_a="TheOne                  TheOther                r---"
     30 rule_b="TheOne                  TheOther                rw--"
     31 
     32 CAT=/bin/cat
     33 testfile="testfile"
     34 
     35 tst_tmpdir
     36 TST_CLEANUP=cleanup
     37 
     38 smack_notroot /bin/sh -c "echo InitialData 2>/tmp/smack_fail.log > $testfile"
     39 if [ ! -f "$testfile" ]; then
     40 	tst_brkm TFAIL "Test file \"$testfile\" can not be created."
     41 fi
     42 
     43 setfattr --name=security.SMACK64 --value=TheOther "$testfile"
     44 setto=$(getfattr --only-values -n security.SMACK64 -e text $testfile)
     45 
     46 if [ "TheOther" != "$setto" ]; then
     47 	tst_brkm TFAIL "Test file \"$testfile\" labeled \"$setto\" incorrectly."
     48 fi
     49 
     50 old_rule=$(grep "^TheOne" "$smackfsdir/load" 2>/dev/null | grep ' TheOther ')
     51 
     52 echo -n "$rule_a" > "$smackfsdir/load"
     53 new_rule=$(grep "^TheOne" "$smackfsdir/load" 2>/dev/null | grep ' TheOther ')
     54 if [ "$new_rule" = "" ]; then
     55 	tst_brkm TFAIL "Rule did not get set."
     56 fi
     57 mode=$(echo $new_rule | sed -e 's/.* //')
     58 if [ "$mode" != "r" ]; then
     59 	tst_brkm TFAIL "Rule \"$new_rule\" is not set correctly."
     60 fi
     61 
     62 echo TheOne 2>/dev/null > /proc/self/attr/current
     63 got_read=$(smack_notroot $CAT "$testfile")
     64 
     65 if [ "$got_read" != "InitialData" ]; then
     66 	tst_brkm TFAIL "Read failed for \"$testfile\" labeled \"TheOther\"."
     67 fi
     68 
     69 echo NotTheOne 2>/dev/null > /proc/self/attr/current
     70 got_read=$(smack_notroot $CAT "$testfile" 2> /dev/null)
     71 
     72 if [ "$got_read" = "InitialData" ]; then
     73 	tst_brkm TFAIL "Read should have failed for \"$testfile\" labeled" \
     74 		       "\"TheOther\"."
     75 fi
     76 
     77 echo -n "$rule_b" 2>/dev/null > "$smackfsdir/load"
     78 new_rule=$(grep "^TheOne" $smackfsdir/load 2>/dev/null | grep ' TheOther ')
     79 if [ "$new_rule" = "" ]; then
     80 	tst_brkm TFAIL "Rule did not get set."
     81 fi
     82 mode=$(echo $new_rule | sed -e 's/.* //')
     83 if [ "$mode" != "rw" ]; then
     84 	tst_brkm TFAIL "Rule \"$new_rule\" is not set correctly."
     85 fi
     86 
     87 if [ "$old_rule" != "$new_rule" ]; then
     88 	tst_resm TINFO "Notice: Test access rule changed from \"$old_rule\"" \
     89 		       "to \"$new_rule\"."
     90 fi
     91 
     92 tst_resm TPASS "Test \"$TCID\" success."
     93 tst_exit
     94