]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-secure-bits.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
5 #include "securebits-util.h"
10 static const char * const string_bits
[] = {
14 "no-setuid-fixup-locked",
20 TEST(secure_bits_basic
) {
21 _cleanup_free_
char *joined
= NULL
, *str
= NULL
;
24 /* Check if converting each bit from string and back to string yields
26 STRV_FOREACH(bit
, string_bits
) {
27 _cleanup_free_
char *s
= NULL
;
29 r
= secure_bits_from_string(*bit
);
31 assert_se(secure_bits_is_valid(r
));
32 assert_se(secure_bits_to_string_alloc(r
, &s
) >= 0);
33 printf("%s = 0x%x = %s\n", *bit
, (unsigned)r
, s
);
34 assert_se(streq(*bit
, s
));
37 /* Ditto, but with all bits at once */
38 joined
= strv_join((char**)string_bits
, " ");
40 r
= secure_bits_from_string(joined
);
42 assert_se(secure_bits_is_valid(r
));
43 assert_se(secure_bits_to_string_alloc(r
, &str
) >= 0);
44 printf("%s = 0x%x = %s\n", joined
, (unsigned)r
, str
);
45 assert_se(streq(joined
, str
));
50 assert_se(secure_bits_from_string("") == 0);
51 assert_se(secure_bits_from_string(" ") == 0);
53 /* Only invalid entries */
54 assert_se(secure_bits_from_string("foo bar baz") == 0);
56 /* Empty secure bits */
57 assert_se(secure_bits_to_string_alloc(0, &str
) >= 0);
58 assert_se(isempty(str
));
62 /* Bits to string with check */
63 assert_se(secure_bits_to_string_alloc_with_check(INT_MAX
, &str
) == -EINVAL
);
64 assert_se(str
== NULL
);
65 assert_se(secure_bits_to_string_alloc_with_check(
66 (1 << SECURE_KEEP_CAPS
) | (1 << SECURE_KEEP_CAPS_LOCKED
),
68 assert_se(streq(str
, "keep-caps keep-caps-locked"));
71 TEST(secure_bits_mix
) {
72 static struct sbit_table
{
76 { "keep-caps keep-caps keep-caps", "keep-caps" },
77 { "keep-caps noroot keep-caps", "keep-caps noroot" },
78 { "noroot foo bar baz noroot", "noroot" },
79 { "noroot \"foo\" \"bar keep-caps", "noroot" },
80 { "\"noroot foo\" bar keep-caps", "keep-caps" },
84 for (const struct sbit_table
*s
= sbit_table
; s
->input
; s
++) {
85 _cleanup_free_
char *str
= NULL
;
88 r
= secure_bits_from_string(s
->input
);
90 assert_se(secure_bits_is_valid(r
));
91 assert_se(secure_bits_to_string_alloc(r
, &str
) >= 0);
92 printf("%s = 0x%x = %s\n", s
->input
, (unsigned)r
, str
);
93 assert_se(streq(s
->expected
, str
));
97 DEFINE_TEST_MAIN(LOG_DEBUG
);