1#!/bin/sh
2#
3# Copyright (c) 2009 Casey Schaufler under the terms of the
4# GNU General Public License version 2, as published by the
5# Free Software Foundation
6#
7# Test setting access rules
8#
9# Environment:
10#	CAP_MAC_ADMIN
11#
12# "%-23s %-23s %4s"
13#
14#               1         2         3         4         5         6
15#      123456789012345678901234567890123456789012345678901234567890123456789
16
17export TCID=smack_file_access
18export TST_TOTAL=1
19
20. test.sh
21
22. smack_common.sh
23
24cleanup()
25{
26	tst_rmdir
27}
28
29rule_a="TheOne                  TheOther                r---"
30rule_b="TheOne                  TheOther                rw--"
31
32CAT=/bin/cat
33testfile="testfile"
34
35tst_tmpdir
36TST_CLEANUP=cleanup
37
38smack_notroot /bin/sh -c "echo InitialData 2>/tmp/smack_fail.log > $testfile"
39if [ ! -f "$testfile" ]; then
40	tst_brkm TFAIL "Test file \"$testfile\" can not be created."
41fi
42
43setfattr --name=security.SMACK64 --value=TheOther "$testfile"
44setto=$(getfattr --only-values -n security.SMACK64 -e text $testfile)
45
46if [ "TheOther" != "$setto" ]; then
47	tst_brkm TFAIL "Test file \"$testfile\" labeled \"$setto\" incorrectly."
48fi
49
50old_rule=$(grep "^TheOne" "$smackfsdir/load" 2>/dev/null | grep ' TheOther ')
51
52echo -n "$rule_a" > "$smackfsdir/load"
53new_rule=$(grep "^TheOne" "$smackfsdir/load" 2>/dev/null | grep ' TheOther ')
54if [ "$new_rule" = "" ]; then
55	tst_brkm TFAIL "Rule did not get set."
56fi
57mode=$(echo $new_rule | sed -e 's/.* //')
58if [ "$mode" != "r" ]; then
59	tst_brkm TFAIL "Rule \"$new_rule\" is not set correctly."
60fi
61
62echo TheOne 2>/dev/null > /proc/self/attr/current
63got_read=$(smack_notroot $CAT "$testfile")
64
65if [ "$got_read" != "InitialData" ]; then
66	tst_brkm TFAIL "Read failed for \"$testfile\" labeled \"TheOther\"."
67fi
68
69echo NotTheOne 2>/dev/null > /proc/self/attr/current
70got_read=$(smack_notroot $CAT "$testfile" 2> /dev/null)
71
72if [ "$got_read" = "InitialData" ]; then
73	tst_brkm TFAIL "Read should have failed for \"$testfile\" labeled" \
74		       "\"TheOther\"."
75fi
76
77echo -n "$rule_b" 2>/dev/null > "$smackfsdir/load"
78new_rule=$(grep "^TheOne" $smackfsdir/load 2>/dev/null | grep ' TheOther ')
79if [ "$new_rule" = "" ]; then
80	tst_brkm TFAIL "Rule did not get set."
81fi
82mode=$(echo $new_rule | sed -e 's/.* //')
83if [ "$mode" != "rw" ]; then
84	tst_brkm TFAIL "Rule \"$new_rule\" is not set correctly."
85fi
86
87if [ "$old_rule" != "$new_rule" ]; then
88	tst_resm TINFO "Notice: Test access rule changed from \"$old_rule\"" \
89		       "to \"$new_rule\"."
90fi
91
92tst_resm TPASS "Test \"$TCID\" success."
93tst_exit
94