Google Git
Sign in
kernel / pub / scm / linux / kernel / git / dhowells / keyutils / 163801244a2c4e1fbbfe454fc0fce5d5e3fccb7c / . / tests / keyctl / grant / valid / runtest.sh
blob: 8d0c51513678c5600b40472655c8e989c02310cc [file] [log] [blame]
#!/bin/bash
. ../../../prepare.inc.sh
. ../../../toolbox.inc.sh
# ---- do the actual testing ----
if [ $have_grant = 0 ]
then
toolbox_skip_test $TEST "SKIPPING DUE TO LACK OF GRANT PERMIT"
exit 0
fi
result=PASS
echo "++++ BEGINNING TEST" >$OUTPUTFILE
# create a keyring and attach it to the session keyring
marker "ADD KEYRING"
create_keyring --new=keyringid wibble @s
# Create a key and remove most permissions from the key; just leave setsec for
# the owner.
marker "ADD KEY"
create_key --new=keyid user lizard gizzard $keyringid
marker "REMOVE PERMITS"
grant_key_permit $keyid own S
grant_key_permit $keyid pos 0
grant_key_permit $keyid grp 0
grant_key_permit $keyid all 0
# Test the View permit
marker "TEST VIEW"
describe_key --fail $keyid
expect_error EACCES
grant_key_permit $keyid all v
describe_key $keyid
grant_key_permit $keyid all 0
describe_key --fail $keyid
expect_error EACCES
# Test the Read permit
marker "TEST READ"
read_key --fail $keyid
expect_error EACCES
grant_key_permit $keyid all r
read_key $keyid
grant_key_permit $keyid all 0
read_key --fail $keyid
expect_error EACCES
# Test the Write permit
marker "TEST WRITE"
update_key --fail $keyid "lizard"
expect_error EACCES
grant_key_permit $keyid all w
update_key $keyid "lizard"
grant_key_permit $keyid all 0
update_key --fail $keyid "lizard"
expect_error EACCES
# Test the Search permit (we're allowed to read a key we can search out)
marker "TEST SEARCH"
read_key --fail $keyid
expect_error EACCES
grant_key_permit $keyid pos s
read_key $keyid
grant_key_permit $keyid pos 0
read_key --fail $keyid
expect_error EACCES
# Test the Link permit
marker "TEST LINK"
link_key --fail $keyid @s
expect_error EACCES
grant_key_permit $keyid all l
link_key $keyid @s
grant_key_permit $keyid all 0
link_key --fail $keyid @s
expect_error EACCES
unlink_key $keyid @s
# Test the Clear permit
marker "TEST CLEAR"
clear_keyring --fail $keyid
expect_error EACCES
grant_key_permit $keyid all c
clear_keyring --fail $keyid
expect_error ENOTDIR
grant_key_permit $keyid all 0
clear_keyring --fail $keyid
expect_error EACCES
# Test the Join permit
marker "TEST JOIN"
grant_key_permit $keyid all j
grant_key_permit $keyid all 0
# Test the Invalidate permit
marker "TEST INVAL"
invalidate_key --fail $keyid
expect_error EACCES
grant_key_permit $keyid all I
invalidate_key $keyid
grant_key_permit --fail $keyid all 0
expect_error ENOKEY
invalidate_key --fail $keyid
expect_error ENOKEY
# Create a key and remove most permissions from the key; just leave setsec for
# the owner.
marker "ADD KEY 2"
create_key --new=keyid user lizard gizzard $keyringid
marker "REMOVE PERMITS 2"
grant_key_permit $keyid own S
grant_key_permit $keyid pos 0
grant_key_permit $keyid grp 0
grant_key_permit $keyid all 0
# Test the Revoke permit
marker "TEST REVOKE"
revoke_key --fail $keyid
expect_error EACCES
grant_key_permit $keyid all R
revoke_key $keyid
grant_key_permit --fail $keyid all 0
expect_error EKEYREVOKED
revoke_key --fail $keyid
expect_error EKEYREVOKED
# Create a key and remove most permissions from the key; just leave setsec and
# view for the owner.
marker "ADD KEY 3"
create_key --new=keyid user lizard gizzard $keyringid
marker "REMOVE PERMITS 3"
grant_key_permit $keyid own Sv
grant_key_permit $keyid pos 0
grant_key_permit $keyid grp 0
grant_key_permit $keyid all 0
# Test the Set Security permit
marker "TEST SET SECURITY"
describe_key $keyid
grant_key_permit $keyid own v
describe_key $keyid
grant_key_permit --fail $keyid own Sv
expect_error EACCES
# remove the keyring we added
marker "UNLINK KEYRING"
unlink_key $keyringid @s
echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
# --- then report the results in the database ---
toolbox_report_result $TEST $result