1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <errno.h>
#include "securebits-util.h"
#include "strv.h"
#include "tests.h"
#include "unit-file.h"
static const char * const string_bits[] = {
"keep-caps",
"keep-caps-locked",
"no-setuid-fixup",
"no-setuid-fixup-locked",
"noroot",
"noroot-locked",
NULL
};
TEST(secure_bits_basic) {
_cleanup_free_ char *joined = NULL, *str = NULL;
int r;
/* Check if converting each bit from string and back to string yields
* the same value */
STRV_FOREACH(bit, string_bits) {
_cleanup_free_ char *s = NULL;
r = secure_bits_from_string(*bit);
assert_se(r > 0);
assert_se(secure_bits_is_valid(r));
assert_se(secure_bits_to_string_alloc(r, &s) >= 0);
printf("%s = 0x%x = %s\n", *bit, (unsigned)r, s);
assert_se(streq(*bit, s));
}
/* Ditto, but with all bits at once */
joined = strv_join((char**)string_bits, " ");
assert_se(joined);
r = secure_bits_from_string(joined);
assert_se(r > 0);
assert_se(secure_bits_is_valid(r));
assert_se(secure_bits_to_string_alloc(r, &str) >= 0);
printf("%s = 0x%x = %s\n", joined, (unsigned)r, str);
assert_se(streq(joined, str));
str = mfree(str);
/* Empty string */
assert_se(secure_bits_from_string("") == 0);
assert_se(secure_bits_from_string(" ") == 0);
/* Only invalid entries */
assert_se(secure_bits_from_string("foo bar baz") == 0);
/* Empty secure bits */
assert_se(secure_bits_to_string_alloc(0, &str) >= 0);
assert_se(isempty(str));
str = mfree(str);
/* Bits to string with check */
assert_se(secure_bits_to_string_alloc_with_check(INT_MAX, &str) == -EINVAL);
assert_se(str == NULL);
assert_se(secure_bits_to_string_alloc_with_check(
(1 << SECURE_KEEP_CAPS) | (1 << SECURE_KEEP_CAPS_LOCKED),
&str) >= 0);
assert_se(streq(str, "keep-caps keep-caps-locked"));
}
TEST(secure_bits_mix) {
static struct sbit_table {
const char *input;
const char *expected;
} sbit_table[] = {
{ "keep-caps keep-caps keep-caps", "keep-caps" },
{ "keep-caps noroot keep-caps", "keep-caps noroot" },
{ "noroot foo bar baz noroot", "noroot" },
{ "noroot \"foo\" \"bar keep-caps", "noroot" },
{ "\"noroot foo\" bar keep-caps", "keep-caps" },
{}
};
for (const struct sbit_table *s = sbit_table; s->input; s++) {
_cleanup_free_ char *str = NULL;
int r;
r = secure_bits_from_string(s->input);
assert_se(r > 0);
assert_se(secure_bits_is_valid(r));
assert_se(secure_bits_to_string_alloc(r, &str) >= 0);
printf("%s = 0x%x = %s\n", s->input, (unsigned)r, str);
assert_se(streq(s->expected, str));
}
}
DEFINE_TEST_MAIN(LOG_DEBUG);
|
