1f08c3bdfSopenharmony_ci#!/bin/sh
2f08c3bdfSopenharmony_ci#
3f08c3bdfSopenharmony_ci# Copyright (c) 2009 Casey Schaufler under the terms of the
4f08c3bdfSopenharmony_ci# GNU General Public License version 2, as published by the
5f08c3bdfSopenharmony_ci# Free Software Foundation
6f08c3bdfSopenharmony_ci#
7f08c3bdfSopenharmony_ci# Test setting access rules
8f08c3bdfSopenharmony_ci#
9f08c3bdfSopenharmony_ci# Environment:
10f08c3bdfSopenharmony_ci#	CAP_MAC_ADMIN
11f08c3bdfSopenharmony_ci#
12f08c3bdfSopenharmony_ci# "%-23s %-23s %4s"
13f08c3bdfSopenharmony_ci#
14f08c3bdfSopenharmony_ci#               1         2         3         4         5         6
15f08c3bdfSopenharmony_ci#      123456789012345678901234567890123456789012345678901234567890123456789
16f08c3bdfSopenharmony_ci
17f08c3bdfSopenharmony_ciexport TCID=smack_file_access
18f08c3bdfSopenharmony_ciexport TST_TOTAL=1
19f08c3bdfSopenharmony_ci
20f08c3bdfSopenharmony_ci. test.sh
21f08c3bdfSopenharmony_ci
22f08c3bdfSopenharmony_ci. smack_common.sh
23f08c3bdfSopenharmony_ci
24f08c3bdfSopenharmony_cicleanup()
25f08c3bdfSopenharmony_ci{
26f08c3bdfSopenharmony_ci	tst_rmdir
27f08c3bdfSopenharmony_ci}
28f08c3bdfSopenharmony_ci
29f08c3bdfSopenharmony_cirule_a="TheOne                  TheOther                r---"
30f08c3bdfSopenharmony_cirule_b="TheOne                  TheOther                rw--"
31f08c3bdfSopenharmony_ci
32f08c3bdfSopenharmony_ciCAT=/bin/cat
33f08c3bdfSopenharmony_citestfile="testfile"
34f08c3bdfSopenharmony_ci
35f08c3bdfSopenharmony_citst_tmpdir
36f08c3bdfSopenharmony_ciTST_CLEANUP=cleanup
37f08c3bdfSopenharmony_ci
38f08c3bdfSopenharmony_cismack_notroot /bin/sh -c "echo InitialData 2>/tmp/smack_fail.log > $testfile"
39f08c3bdfSopenharmony_ciif [ ! -f "$testfile" ]; then
40f08c3bdfSopenharmony_ci	tst_brkm TFAIL "Test file \"$testfile\" can not be created."
41f08c3bdfSopenharmony_cifi
42f08c3bdfSopenharmony_ci
43f08c3bdfSopenharmony_cisetfattr --name=security.SMACK64 --value=TheOther "$testfile"
44f08c3bdfSopenharmony_cisetto=$(getfattr --only-values -n security.SMACK64 -e text $testfile)
45f08c3bdfSopenharmony_ci
46f08c3bdfSopenharmony_ciif [ "TheOther" != "$setto" ]; then
47f08c3bdfSopenharmony_ci	tst_brkm TFAIL "Test file \"$testfile\" labeled \"$setto\" incorrectly."
48f08c3bdfSopenharmony_cifi
49f08c3bdfSopenharmony_ci
50f08c3bdfSopenharmony_ciold_rule=$(grep "^TheOne" "$smackfsdir/load" 2>/dev/null | grep ' TheOther ')
51f08c3bdfSopenharmony_ci
52f08c3bdfSopenharmony_ciecho -n "$rule_a" > "$smackfsdir/load"
53f08c3bdfSopenharmony_cinew_rule=$(grep "^TheOne" "$smackfsdir/load" 2>/dev/null | grep ' TheOther ')
54f08c3bdfSopenharmony_ciif [ "$new_rule" = "" ]; then
55f08c3bdfSopenharmony_ci	tst_brkm TFAIL "Rule did not get set."
56f08c3bdfSopenharmony_cifi
57f08c3bdfSopenharmony_cimode=$(echo $new_rule | sed -e 's/.* //')
58f08c3bdfSopenharmony_ciif [ "$mode" != "r" ]; then
59f08c3bdfSopenharmony_ci	tst_brkm TFAIL "Rule \"$new_rule\" is not set correctly."
60f08c3bdfSopenharmony_cifi
61f08c3bdfSopenharmony_ci
62f08c3bdfSopenharmony_ciecho TheOne 2>/dev/null > /proc/self/attr/current
63f08c3bdfSopenharmony_cigot_read=$(smack_notroot $CAT "$testfile")
64f08c3bdfSopenharmony_ci
65f08c3bdfSopenharmony_ciif [ "$got_read" != "InitialData" ]; then
66f08c3bdfSopenharmony_ci	tst_brkm TFAIL "Read failed for \"$testfile\" labeled \"TheOther\"."
67f08c3bdfSopenharmony_cifi
68f08c3bdfSopenharmony_ci
69f08c3bdfSopenharmony_ciecho NotTheOne 2>/dev/null > /proc/self/attr/current
70f08c3bdfSopenharmony_cigot_read=$(smack_notroot $CAT "$testfile" 2> /dev/null)
71f08c3bdfSopenharmony_ci
72f08c3bdfSopenharmony_ciif [ "$got_read" = "InitialData" ]; then
73f08c3bdfSopenharmony_ci	tst_brkm TFAIL "Read should have failed for \"$testfile\" labeled" \
74f08c3bdfSopenharmony_ci		       "\"TheOther\"."
75f08c3bdfSopenharmony_cifi
76f08c3bdfSopenharmony_ci
77f08c3bdfSopenharmony_ciecho -n "$rule_b" 2>/dev/null > "$smackfsdir/load"
78f08c3bdfSopenharmony_cinew_rule=$(grep "^TheOne" $smackfsdir/load 2>/dev/null | grep ' TheOther ')
79f08c3bdfSopenharmony_ciif [ "$new_rule" = "" ]; then
80f08c3bdfSopenharmony_ci	tst_brkm TFAIL "Rule did not get set."
81f08c3bdfSopenharmony_cifi
82f08c3bdfSopenharmony_cimode=$(echo $new_rule | sed -e 's/.* //')
83f08c3bdfSopenharmony_ciif [ "$mode" != "rw" ]; then
84f08c3bdfSopenharmony_ci	tst_brkm TFAIL "Rule \"$new_rule\" is not set correctly."
85f08c3bdfSopenharmony_cifi
86f08c3bdfSopenharmony_ci
87f08c3bdfSopenharmony_ciif [ "$old_rule" != "$new_rule" ]; then
88f08c3bdfSopenharmony_ci	tst_resm TINFO "Notice: Test access rule changed from \"$old_rule\"" \
89f08c3bdfSopenharmony_ci		       "to \"$new_rule\"."
90f08c3bdfSopenharmony_cifi
91f08c3bdfSopenharmony_ci
92f08c3bdfSopenharmony_citst_resm TPASS "Test \"$TCID\" success."
93f08c3bdfSopenharmony_citst_exit
94