From a03a51c44c78d25e9fab2ffb9bb0a46f22969f4e Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Date: Tue, 31 Dec 2013 18:09:14 +0200
Subject: tests: initial SMACK tests

* init.cfg (require_smack_): New function.
* local.mk: Referenced new tests.
* tests/id/smack.sh: SMACK tests (new file).
* tests/mkdir/smack-no-root.sh: SMACK tests (new file).
* tests/mkdir/smack-root.sh: SMACK tests (new file).
---
 init.cfg                     |  9 +++++++++
 tests/id/smack.sh            | 37 +++++++++++++++++++++++++++++++++++++
 tests/local.mk               |  4 ++++
 tests/mkdir/smack-no-root.sh | 39 +++++++++++++++++++++++++++++++++++++++
 tests/mkdir/smack-root.sh    | 36 ++++++++++++++++++++++++++++++++++++
 5 files changed, 125 insertions(+)
 create mode 100755 tests/id/smack.sh
 create mode 100755 tests/mkdir/smack-no-root.sh
 create mode 100755 tests/mkdir/smack-root.sh

diff --git a/init.cfg b/init.cfg
index 6a9b004ff..bf1887f8d 100644
--- a/init.cfg
+++ b/init.cfg
@@ -119,6 +119,15 @@ require_selinux_enforcing_()
     || skip_ "This test is useful only with SELinux in Enforcing mode."
 }
 
+require_smack_()
+{
+  grep 'smackfs$' /proc/filesystems > /dev/null \
+    || skip_ "this system lacks SMACK support"
+
+  test "$(ls -Zd .)" != '? .' \
+    || skip_ "this file system lacks SMACK support"
+}
+
 require_openat_support_()
 {
   # Skip this test if your system has neither the openat-style functions
diff --git a/tests/id/smack.sh b/tests/id/smack.sh
new file mode 100755
index 000000000..227db3e80
--- /dev/null
+++ b/tests/id/smack.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+# SMACK test for the id-command.
+# Derived from tests/id/context.sh and tests/id/no-context.sh.
+# Copyright (C) 2014 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ id
+
+require_smack_
+
+# Check the string "context=" presence without specified user.
+id > out || fail=1
+grep 'context=' out || { cat out; fail=1; }
+
+# Check context=" is absent without specified user in conforming mode.
+POSIXLY_CORRECT=1 id > out || fail=1
+grep 'context=' out && fail=1
+
+# Check the string "context=" absence with specified user.
+# But if the current user is nameless, skip this part.
+id -nu > /dev/null && id $(id -nu) > out
+grep 'context=' out && fail=1
+
+Exit $fail
diff --git a/tests/local.mk b/tests/local.mk
index d58b603bc..6d4414488 100644
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -125,6 +125,7 @@ all_root_tests =				\
   tests/misc/selinux.sh				\
   tests/misc/truncate-owned-by-other.sh		\
   tests/mkdir/writable-under-readonly.sh	\
+  tests/mkdir/smack-root.sh			\
   tests/mv/sticky-to-xpart.sh			\
   tests/rm/fail-2eperm.sh			\
   tests/rm/no-give-up.sh			\
@@ -517,6 +518,7 @@ all_tests =					\
   tests/id/uid.sh				\
   tests/id/setgid.sh				\
   tests/id/zero.sh				\
+  tests/id/smack.sh				\
   tests/install/basic-1.sh			\
   tests/install/create-leading.sh		\
   tests/install/d-slashdot.sh			\
@@ -576,6 +578,8 @@ all_tests =					\
   tests/mkdir/restorecon.sh			\
   tests/mkdir/special-1.sh			\
   tests/mkdir/t-slash.sh			\
+  tests/mkdir/smack-no-root.sh			\
+  tests/mkdir/smack-root.sh			\
   tests/mv/acl.sh				\
   tests/mv/atomic.sh				\
   tests/mv/atomic2.sh				\
diff --git a/tests/mkdir/smack-no-root.sh b/tests/mkdir/smack-no-root.sh
new file mode 100755
index 000000000..527940b32
--- /dev/null
+++ b/tests/mkdir/smack-no-root.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+# SMACK test for the mkdir,mknod, mkfifo commands.
+# Derived from tests/mkdir/selinux.sh.
+# Ensure that an unsettable SMACK label doesn't cause a segfault.
+
+# Copyright (C) 2014 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ mkdir mkfifo mknod
+
+require_smack_
+
+c=arbitrary-smack-label
+msg="failed to set default file creation context to '$c':"
+
+for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do
+  $cmd --context="$c" 2> out && fail=1
+  set $cmd
+  echo "$1: $msg" > exp || fail=1
+
+  sed -e 's/ Operation not permitted$//' out > k || fail=1
+  mv k out || fail=1
+  compare exp out || fail=1
+done
+
+Exit $fail
diff --git a/tests/mkdir/smack-root.sh b/tests/mkdir/smack-root.sh
new file mode 100755
index 000000000..8d7ec9b7f
--- /dev/null
+++ b/tests/mkdir/smack-root.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+# SMACK test for the mkdir,mknod, mkfifo commands.
+# Derived from tests/mkdir/selinux.sh.
+# Ensure that SMACK label gets set.
+
+# Copyright (C) 2014 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ mkdir mkfifo mknod
+
+require_smack_
+require_root_
+
+c=arbitrary-smack-label
+
+for cmd in 'mkdir dir' 'mknod b p' 'mkfifo f'; do
+  $cmd --context="$c" || { fail=1; continue; }
+  set $cmd
+  ls -dZ $2 > out || fail=1
+  test "$(cut -f1 -d' ' out)" = "$c" || { cat out; fail=1; }
+done
+
+Exit $fail
-- 
cgit v1.2.3-54-g00ecf