summaryrefslogtreecommitdiffstats
path: root/src/test/test-secure-bits.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/test/test-secure-bits.c')
-rw-r--r--src/test/test-secure-bits.c97
1 files changed, 97 insertions, 0 deletions
diff --git a/src/test/test-secure-bits.c b/src/test/test-secure-bits.c
new file mode 100644
index 0000000..27e6a20
--- /dev/null
+++ b/src/test/test-secure-bits.c
@@ -0,0 +1,97 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <errno.h>
+
+#include "securebits-util.h"
+#include "strv.h"
+#include "tests.h"
+#include "unit-file.h"
+
+static const char * const string_bits[] = {
+ "keep-caps",
+ "keep-caps-locked",
+ "no-setuid-fixup",
+ "no-setuid-fixup-locked",
+ "noroot",
+ "noroot-locked",
+ NULL
+};
+
+TEST(secure_bits_basic) {
+ _cleanup_free_ char *joined = NULL, *str = NULL;
+ int r;
+
+ /* Check if converting each bit from string and back to string yields
+ * the same value */
+ STRV_FOREACH(bit, string_bits) {
+ _cleanup_free_ char *s = NULL;
+
+ r = secure_bits_from_string(*bit);
+ assert_se(r > 0);
+ assert_se(secure_bits_is_valid(r));
+ assert_se(secure_bits_to_string_alloc(r, &s) >= 0);
+ printf("%s = 0x%x = %s\n", *bit, (unsigned)r, s);
+ assert_se(streq(*bit, s));
+ }
+
+ /* Ditto, but with all bits at once */
+ joined = strv_join((char**)string_bits, " ");
+ assert_se(joined);
+ r = secure_bits_from_string(joined);
+ assert_se(r > 0);
+ assert_se(secure_bits_is_valid(r));
+ assert_se(secure_bits_to_string_alloc(r, &str) >= 0);
+ printf("%s = 0x%x = %s\n", joined, (unsigned)r, str);
+ assert_se(streq(joined, str));
+
+ str = mfree(str);
+
+ /* Empty string */
+ assert_se(secure_bits_from_string("") == 0);
+ assert_se(secure_bits_from_string(" ") == 0);
+
+ /* Only invalid entries */
+ assert_se(secure_bits_from_string("foo bar baz") == 0);
+
+ /* Empty secure bits */
+ assert_se(secure_bits_to_string_alloc(0, &str) >= 0);
+ assert_se(isempty(str));
+
+ str = mfree(str);
+
+ /* Bits to string with check */
+ assert_se(secure_bits_to_string_alloc_with_check(INT_MAX, &str) == -EINVAL);
+ assert_se(str == NULL);
+ assert_se(secure_bits_to_string_alloc_with_check(
+ (1 << SECURE_KEEP_CAPS) | (1 << SECURE_KEEP_CAPS_LOCKED),
+ &str) >= 0);
+ assert_se(streq(str, "keep-caps keep-caps-locked"));
+}
+
+TEST(secure_bits_mix) {
+ static struct sbit_table {
+ const char *input;
+ const char *expected;
+ } sbit_table[] = {
+ { "keep-caps keep-caps keep-caps", "keep-caps" },
+ { "keep-caps noroot keep-caps", "keep-caps noroot" },
+ { "noroot foo bar baz noroot", "noroot" },
+ { "noroot \"foo\" \"bar keep-caps", "noroot" },
+ { "\"noroot foo\" bar keep-caps", "keep-caps" },
+ {}
+ };
+
+ for (const struct sbit_table *s = sbit_table; s->input; s++) {
+ _cleanup_free_ char *str = NULL;
+ int r;
+
+ r = secure_bits_from_string(s->input);
+ assert_se(r > 0);
+ assert_se(secure_bits_is_valid(r));
+ assert_se(secure_bits_to_string_alloc(r, &str) >= 0);
+ printf("%s = 0x%x = %s\n", s->input, (unsigned)r, str);
+ assert_se(streq(s->expected, str));
+ }
+}
+
+DEFINE_TEST_MAIN(LOG_DEBUG);