new-dialogue #8
1
.gitignore
vendored
1
.gitignore
vendored
@ -6,6 +6,7 @@ test/.pt.db
|
||||
*compile_commands.json
|
||||
test/perf*
|
||||
test/callgraph*
|
||||
test/openers
|
||||
src/gui/ui/*
|
||||
src/gui/*.o
|
||||
src/gui/icfs_dialogue
|
||||
|
||||
81
test/opener/Makefile
Normal file
81
test/opener/Makefile
Normal file
@ -0,0 +1,81 @@
|
||||
SHELL=/bin/bash
|
||||
|
||||
# configurable options
|
||||
|
||||
ifndef ($(SOURCES_DIR))
|
||||
SOURCES_DIR := .
|
||||
endif
|
||||
|
||||
ifndef ($(TESTS_DIR))
|
||||
TESTS_DIR := .
|
||||
endif
|
||||
|
||||
ifndef ($(BUILD_DIR))
|
||||
BUILD_DIR := .
|
||||
endif
|
||||
|
||||
CC := gcc
|
||||
CXX := g++
|
||||
|
||||
NAME := opener
|
||||
|
||||
# dependencies
|
||||
|
||||
PACKAGE_NAMES :=
|
||||
|
||||
ifeq ($(TEST), 1)
|
||||
# PACKAGE_NAMES += check # TODO: use check?
|
||||
endif
|
||||
|
||||
|
||||
# set up cflags and libs
|
||||
|
||||
CFLAGS :=
|
||||
LDFLAGS :=
|
||||
|
||||
ifneq ($(PACKAGE_NAMES),)
|
||||
CFLAGS += $(shell pkg-config --cflags $(PACKAGE_NAMES))
|
||||
LDFLAGS += $(shell pkg-config --libs $(PACKAGE_NAMES))
|
||||
endif
|
||||
|
||||
ifeq ($(DEBUG),1)
|
||||
CFLAGS += -O0 -pedantic -g -Wall -Wextra -Wcast-align \
|
||||
-Wcast-qual -Wdisabled-optimization -Wformat=2 \
|
||||
-Winit-self -Wlogical-op -Wmissing-declarations \
|
||||
-Wmissing-include-dirs -Wredundant-decls -Wshadow \
|
||||
-Wsign-conversion -Wstrict-overflow=5 \
|
||||
-Wswitch-default -Wundef -Wno-unused
|
||||
LDFLAGS +=
|
||||
else
|
||||
CFLAGS += -O3
|
||||
LDFLAGS +=
|
||||
endif
|
||||
|
||||
|
||||
# set up targets
|
||||
|
||||
TARGETS := $(BUILD_DIR)/$(NAME)
|
||||
|
||||
ifeq ($(TEST), 1)
|
||||
TARGETS += $(NAME)_test
|
||||
endif
|
||||
|
||||
|
||||
# build!
|
||||
|
||||
default: $(TARGETS)
|
||||
|
||||
.PHONY: clean $(NAME)_test
|
||||
|
||||
$(NAME)_test: $(BUILD_DIR)/$(NAME)
|
||||
echo "No tests defined."
|
||||
#$(BUILD_DIR)/$(NAME)
|
||||
|
||||
$(BUILD_DIR)/$(NAME): $(BUILD_DIR)/$(NAME).o
|
||||
$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/$(NAME)
|
||||
|
||||
$(BUILD_DIR)/$(NAME).o: $(SOURCES_DIR)/$(NAME).c
|
||||
$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $(BUILD_DIR)/$(NAME).o
|
||||
|
||||
clean:
|
||||
rm $(BUILD_DIR)/*.o $(BUILD_DIR)/$(NAME)
|
||||
20
test/opener/opener.c
Normal file
20
test/opener/opener.c
Normal file
@ -0,0 +1,20 @@
|
||||
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
int main(int argc, char *argv[]) {
|
||||
if (argc != 2) {
|
||||
fprintf(stderr, "Usage: ./opener [FILENAME]");
|
||||
return 1;
|
||||
}
|
||||
|
||||
int fd = open(argv[1], O_RDWR | O_CREAT);
|
||||
if (fd == -1) {
|
||||
perror("Cannot open file");
|
||||
return 1;
|
||||
}
|
||||
close(fd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -9,6 +9,17 @@ touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth
|
||||
chmod 777 ./protected/perm777 ./protected/perm000
|
||||
echo "Free code, free world." >./protected/motto
|
||||
|
||||
rm -rf ./openers
|
||||
mkdir openers
|
||||
make -C ./opener || (
|
||||
echo "Could not make the opener program."
|
||||
exit 1
|
||||
)
|
||||
for i in {1..10}; do
|
||||
cp ./opener/opener "./openers/opener$i"
|
||||
ln --symbolic "$(realpath "./openers/opener$i")" "./openers/symlinked_opener$i"
|
||||
done
|
||||
|
||||
# set up the fake-zenity
|
||||
|
||||
PATH="$(realpath ./mock/):$PATH"
|
||||
@ -28,6 +39,7 @@ if [[ $1 == "--setuid" ]]; then
|
||||
else
|
||||
echo "Database protection will not be tested due to the lack of setuid capabilites."
|
||||
echo "To test it, run this script with '--setuid'."
|
||||
#valgrind --leak-check=full -s ../build/icfs -o default_permissions -o debug ./protected ./.pt.db 2>&1 | grep "==\|zenity\|Permission\|column\|callback" &
|
||||
valgrind --leak-check=full -s ../build/icfs -o default_permissions ./protected ./.pt.db &
|
||||
sleep 5
|
||||
fi
|
||||
@ -39,85 +51,105 @@ fi
|
||||
|
||||
# create files
|
||||
|
||||
zenity --set-fake-response no
|
||||
icfs_dialogue --set-fake-response no
|
||||
truncate -s 0 ./protected/should-exist-anyway 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
|
||||
|
||||
zenity --set-fake-response yes_tmp
|
||||
icfs_dialogue --set-fake-response yes
|
||||
truncate -s 0 ./protected/should-exist 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
|
||||
|
||||
# write to files
|
||||
|
||||
zenity --set-fake-response no
|
||||
icfs_dialogue --set-fake-response no
|
||||
sed -e 'a\'"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." "./protected/truth" 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
|
||||
zenity --set-fake-response yes_tmp
|
||||
icfs_dialogue --set-fake-response yes
|
||||
sed -e 'a\'"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." "./protected/truth" 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK
|
||||
|
||||
# Read files
|
||||
|
||||
zenity --set-fake-response no
|
||||
icfs_dialogue --set-fake-response no
|
||||
cat ./protected/motto >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: cat can read protected/this-only despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
|
||||
zenity --set-fake-response yes_tmp
|
||||
icfs_dialogue --set-fake-response yes
|
||||
cat ./protected/motto >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: echo cannot create protected/this-only despite access being permitted!" # "Free code, free world."
|
||||
|
||||
# remove files
|
||||
|
||||
zenity --set-fake-response no
|
||||
icfs_dialogue --set-fake-response no
|
||||
rm ./protected/do-not-remove >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: rm can unlink protected/do-not-remove despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
|
||||
zenity --set-fake-response yes_tmp
|
||||
icfs_dialogue --set-fake-response yes
|
||||
rm ./protected/should-be-removed >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!" # OK
|
||||
|
||||
# rename files
|
||||
|
||||
zenity --set-fake-response no
|
||||
icfs_dialogue --set-fake-response no
|
||||
mv ./protected/do-not-rename ./protected/terrible-name 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
zenity --set-fake-response yes_tmp
|
||||
icfs_dialogue --set-fake-response yes
|
||||
mv ./protected/should-be-renamed ./protected/great-name 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK
|
||||
|
||||
# change permissions
|
||||
|
||||
zenity --set-fake-response no
|
||||
icfs_dialogue --set-fake-response no
|
||||
chmod 000 ./protected/perm777 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: chmod can change permissions of protected/perm777 despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
zenity --set-fake-response yes_tmp
|
||||
icfs_dialogue --set-fake-response yes
|
||||
chmod 000 ./protected/perm000 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK
|
||||
|
||||
# test permanent permissions
|
||||
|
||||
zenity --set-fake-response yes
|
||||
cat ./protected/motto >/dev/null 2>/dev/null &&
|
||||
icfs_dialogue --set-fake-response yes_perm
|
||||
openers/opener1 ./protected/motto >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
|
||||
echo "[ICFS-TEST]: openers/opener1 cannot read protected/motto despite access being permitted!" # OK
|
||||
|
||||
zenity --set-fake-response no # this should be ignored
|
||||
cat ./protected/motto >/dev/null 2>/dev/null &&
|
||||
icfs_dialogue --set-fake-response no # this should be ignored
|
||||
openers/opener1 ./protected/motto >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
|
||||
echo "[ICFS-TEST]: openers/opener1 cannot read protected/motto despite access being permitted!" # OK
|
||||
|
||||
icfs_dialogue --set-fake-response no # this should be ignored
|
||||
openers/symlinked_opener1 ./protected/motto >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: openers/symlinked_opener1 cannot read protected/motto despite access being permitted!" # OK
|
||||
|
||||
icfs_dialogue --set-fake-response no_perm
|
||||
openers/opener2 ./protected/motto >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: openers/opener2 can read protected/motto despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
|
||||
icfs_dialogue --set-fake-response yes # this should be ignored
|
||||
openers/opener2 ./protected/motto >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: openers/opener2 can read protected/motto despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
|
||||
icfs_dialogue --set-fake-response yes # this should be ignored
|
||||
openers/symlinked_opener2 ./protected/motto >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: openers/symlinked_opener2 can read protected/motto despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
|
||||
# test database access
|
||||
if [[ -r "./.pt.db" || -w "./.pt.db" ]]; then
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user