summaryrefslogtreecommitdiffstats
path: root/src/test/test-secure-bits.c
blob: 27e6a20e09d40652a0b622bad72a4038c657e592 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <errno.h>

#include "securebits-util.h"
#include "strv.h"
#include "tests.h"
#include "unit-file.h"

static const char * const string_bits[] = {
        "keep-caps",
        "keep-caps-locked",
        "no-setuid-fixup",
        "no-setuid-fixup-locked",
        "noroot",
        "noroot-locked",
        NULL
};

TEST(secure_bits_basic) {
        _cleanup_free_ char *joined = NULL, *str = NULL;
        int r;

        /* Check if converting each bit from string and back to string yields
         * the same value */
        STRV_FOREACH(bit, string_bits) {
                _cleanup_free_ char *s = NULL;

                r = secure_bits_from_string(*bit);
                assert_se(r > 0);
                assert_se(secure_bits_is_valid(r));
                assert_se(secure_bits_to_string_alloc(r, &s) >= 0);
                printf("%s = 0x%x = %s\n", *bit, (unsigned)r, s);
                assert_se(streq(*bit, s));
        }

        /* Ditto, but with all bits at once */
        joined = strv_join((char**)string_bits, " ");
        assert_se(joined);
        r = secure_bits_from_string(joined);
        assert_se(r > 0);
        assert_se(secure_bits_is_valid(r));
        assert_se(secure_bits_to_string_alloc(r, &str) >= 0);
        printf("%s = 0x%x = %s\n", joined, (unsigned)r, str);
        assert_se(streq(joined, str));

        str = mfree(str);

        /* Empty string */
        assert_se(secure_bits_from_string("") == 0);
        assert_se(secure_bits_from_string("     ") == 0);

        /* Only invalid entries */
        assert_se(secure_bits_from_string("foo bar baz") == 0);

        /* Empty secure bits */
        assert_se(secure_bits_to_string_alloc(0, &str) >= 0);
        assert_se(isempty(str));

        str = mfree(str);

        /* Bits to string with check */
        assert_se(secure_bits_to_string_alloc_with_check(INT_MAX, &str) == -EINVAL);
        assert_se(str == NULL);
        assert_se(secure_bits_to_string_alloc_with_check(
                                (1 << SECURE_KEEP_CAPS) | (1 << SECURE_KEEP_CAPS_LOCKED),
                                &str) >= 0);
        assert_se(streq(str, "keep-caps keep-caps-locked"));
}

TEST(secure_bits_mix) {
        static struct sbit_table {
                const char *input;
                const char *expected;
        } sbit_table[] = {
                { "keep-caps keep-caps keep-caps",  "keep-caps" },
                { "keep-caps noroot keep-caps",     "keep-caps noroot" },
                { "noroot foo bar baz noroot",      "noroot" },
                { "noroot \"foo\" \"bar keep-caps", "noroot" },
                { "\"noroot foo\" bar keep-caps",   "keep-caps" },
                {}
        };

        for (const struct sbit_table *s = sbit_table; s->input; s++) {
                _cleanup_free_ char *str = NULL;
                int r;

                r = secure_bits_from_string(s->input);
                assert_se(r > 0);
                assert_se(secure_bits_is_valid(r));
                assert_se(secure_bits_to_string_alloc(r, &str) >= 0);
                printf("%s = 0x%x = %s\n", s->input, (unsigned)r, str);
                assert_se(streq(s->expected, str));
        }
}

DEFINE_TEST_MAIN(LOG_DEBUG);