#! /bin/sh
#
#

TESTDIR="/tmp/transmute-test"
TESTFILE="$TESTDIR"/file
TESTSUBDIR="$TESTDIR"/subdir
TESTSUB2DIR="$TESTSUBDIR"/subdir
TESTSUB3DIR="$TESTSUB2DIR"/subdir
USERID=`/usr/bin/id -u`
LOAD=/sys/fs/smackfs/load2

if [ "$USERID" != "0" ]
then
	echo User ID $USERID is not root.
	exit 1
fi

notroot="cschaufler"
# NOTROOT=`tail -1 /etc/passwd | sed -e 's/:.*//'`
# echo Using '"'$NOTROOT'"' as a test user.

RUNAS=`cat /proc/self/attr/current`

rm -rf $TESTDIR
mkdir $TESTDIR
grep `cat /proc/self/attr/current` $LOAD
echo Dir: `attr -q -S -g SMACK64 $TESTDIR 2> /dev/null` `ls -id $TESTDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`

#
# Simple set/list/get tests
#
TLABEL=`attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
if [ "x""$TLABEL" != "x" ]
then
	echo Initial transmute label is unexpectedly '"'"$TLABEL"'"'.
	exit 1
fi

attr -q -S -s SMACK64TRANSMUTE -V WILL $TESTDIR 2> /dev/null
TLABEL=`attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
if [ "x""$TLABEL" != "x" ]
then
	echo Setting transmute label should not have gotten '"'"$TLABEL"'"'.
	exit 1
fi

TLIST=`attr -q -S -l $TESTDIR | grep TRANSMUTE`
if [ "x""$TLIST" != "x" ]
then
	echo Setting transmute label listed incorrectly as '"'"$TLIST"'"'.
	exit 1
fi

attr -q -S -s SMACK64TRANSMUTE -V TRUE $TESTDIR 2> /dev/null
TLABEL=`attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
if [ "x""$TLABEL" != "xTRUE" ]
then
	echo Setting transmute label should not have gotten '"'"$TLABEL"'"'.
	exit 1
fi

TLIST=`attr -q -S -l $TESTDIR | grep TRANSMUTE`
if [ "x""$TLIST" != "xSMACK64TRANSMUTE" ]
then
	echo Setting transmute label listed incorrectly as '"'"$TLIST"'"'.
	exit 1
fi

attr -q -S -r SMACK64TRANSMUTE $TESTDIR 2> /dev/null
TLABEL=`attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
if [ "x""$TLABEL" != "x" ]
then
	echo Removing transmute label left '"'"$TLABEL"'"' behind.
	exit 1
fi

rm -rf $TESTDIR

#
# Rule setting tests
#
#          1         2         3         4         5         6
# 1234567890123456789012345678901234567890123456789012345678901234567890
# subject-label.......... object-label........... rwxat
#

#                 1         2         3
#        123456789012345678901234567890
SUBJECT="Snap                   "
SUBNAME="Snap"

#                1         2         3
#       123456789012345678901234567890
OBJECT="Crackle                "
OBNAME="Crackle"

OLDRULE=`grep '^'"$SUBNAME"' '"$OBNAME" $LOAD`

echo -n "$SUBJECT"' '"$OBJECT"' ''rwxa' > $LOAD
RULE=`grep '^'"$SUBNAME"' '"$OBNAME" $LOAD`
if [ "x""$RULE" != "x""$SUBNAME"' '"$OBNAME"' rwxa' ]
then
	echo Setting rule without '"'t'"' unexpectedly '"'"$RULE"'"'.
	exit 1
fi

echo -n "$SUBJECT"' '"$OBJECT"' ''rwxat' > $LOAD
RULE=`grep '^'"$SUBNAME"' '"$OBNAME" $LOAD`
if [ "x""$RULE" != "x""$SUBNAME"' '"$OBNAME"' rwxat' ]
then
	echo Setting rule with '"'t'"' unexpectedly '"'"$RULE"'"'.
	exit 1
fi

#
# Verify correct label behavior with neither a transmute
# directory nor a transmute rule.
#

rm -rf $TESTDIR
mkdir $TESTDIR
grep `cat /proc/self/attr/current` $LOAD
echo Dir: `attr -q -S -g SMACK64 $TESTDIR 2> /dev/null` `ls -id $TESTDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
chmod 777 $TESTDIR
attr -q -S -s SMACK64 -V $OBNAME $TESTDIR
echo -n "$SUBJECT"' '"$OBJECT"' ''rwxa' > $LOAD

echo "$SUBNAME" > /proc/self/attr/current
su - $NOTROOT -c "date > $TESTFILE"
echo "$RUNAS" > /proc/self/attr/current
GOT=`attr -q -S -g SMACK64 $TESTFILE`

if [ 'x'"$SUBNAME" != 'x'"$GOT" ]
then
	echo Expected '"'$SUBNAME'"' but got '"'$GOT'"'.
	exit 1
fi

#
# Verify correct label behavior with a transmute
# directory but not a transmute rule.
#

rm -rf $TESTDIR
mkdir $TESTDIR
grep `cat /proc/self/attr/current` $LOAD
echo Dir: `attr -q -S -g SMACK64 $TESTDIR 2> /dev/null` `ls -id $TESTDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
chmod 777 $TESTDIR
attr -q -S -s SMACK64 -V $OBNAME $TESTDIR
attr -q -S -s SMACK64TRANSMUTE -V TRUE $TESTDIR
echo -n "$SUBJECT"' '"$OBJECT"' ''rwxa' > $LOAD

echo "$SUBNAME" > /proc/self/attr/current
su - $NOTROOT -c "date > $TESTFILE"
echo "$RUNAS" > /proc/self/attr/current
GOT=`attr -q -S -g SMACK64 $TESTFILE`

if [ 'x'"$SUBNAME" != 'x'"$GOT" ]
then
	echo Expected '"'$SUBNAME'"' but got '"'$GOT'"'.
	exit 1
fi

#
# Verify correct label behavior without  a transmute
# directory but with a transmute rule.
#

rm -rf $TESTDIR
mkdir $TESTDIR
grep `cat /proc/self/attr/current` $LOAD
echo Dir: `attr -q -S -g SMACK64 $TESTDIR 2> /dev/null` `ls -id $TESTDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
chmod 777 $TESTDIR
attr -q -S -s SMACK64 -V $OBNAME $TESTDIR
echo -n "$SUBJECT"' '"$OBJECT"' ''rwxat' > $LOAD

echo "$SUBNAME" > /proc/self/attr/current
su - $NOTROOT -c "date > $TESTFILE"
echo "$RUNAS" > /proc/self/attr/current
GOT=`attr -q -S -g SMACK64 $TESTFILE`

if [ 'x'"$SUBNAME" != 'x'"$GOT" ]
then
	echo Expected '"'$SUBNAME'"' but got '"'$GOT'"'.
	exit 1
fi

#
# Verify correct label behavior with a transmute
# directory and a transmute rule.
#

rm -rf $TESTDIR
mkdir $TESTDIR
grep `cat /proc/self/attr/current` $LOAD
echo Dir: `attr -q -S -g SMACK64 $TESTDIR 2> /dev/null` `ls -id $TESTDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
chmod 777 $TESTDIR
attr -q -S -s SMACK64 -V $OBNAME $TESTDIR
attr -q -S -s SMACK64TRANSMUTE -V TRUE $TESTDIR
grep `cat /proc/self/attr/current` $LOAD
echo Dir: `attr -q -S -g SMACK64 $TESTDIR 2> /dev/null` `ls -id $TESTDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
echo -n "$SUBJECT"' '"$OBJECT"' ''rwxat' > $LOAD

echo "$SUBNAME" > /proc/self/attr/current
su - $NOTROOT -c "date > $TESTFILE"
echo "$RUNAS" > /proc/self/attr/current
GOT=`attr -q -S -g SMACK64 $TESTFILE`

if [ 'x'"$OBNAME" != 'x'"$GOT" ]
then
	echo Expected '"'$OBNAME'"' but got '"'$GOT'"'.
	attr -l -S $TESTDIR
	attr -S -g SMACK64 $TESTFILE
	grep '^'"$SUBNAME"' '"$OBNAME" $LOAD
	exit 1
else
	echo Expected '"'$OBNAME'"' and got '"'$GOT'"' successfully.
fi

#
# Verify correct label behavior with a transmute
# directory and subdirectories
#

echo "$SUBNAME" > /proc/self/attr/current
rm -rf $TESTSUBDIR
su - $NOTROOT -c "mkdir $TESTSUBDIR"
grep `cat /proc/self/attr/current` $LOAD
echo Dir: `attr -q -S -g SMACK64 $TESTDIR 2> /dev/null` `ls -id $TESTDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
echo Dir: `attr -q -S -g SMACK64 $TESTSUBDIR 2> /dev/null` `ls -id $TESTSUBDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTSUBDIR 2> /dev/null`
echo "$RUNAS" > /proc/self/attr/current
GOT=`attr -q -S -g SMACK64 $TESTSUBDIR`
if [ 'x'"$OBNAME" != 'x'"$GOT" ]
then
	echo Expected '"'$OBNAME'"' but got '"'$GOT'"'.
else
	echo Expected '"'$OBNAME'"' and got '"'$GOT'"' successfully.
fi

echo "$SUBNAME" > /proc/self/attr/current
rm -rf $TESTSUB2DIR
su - $NOTROOT -c "mkdir $TESTSUB2DIR"
grep `cat /proc/self/attr/current` $LOAD
echo Dir: `attr -q -S -g SMACK64 $TESTDIR 2> /dev/null` `ls -id $TESTDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
echo Dir: `attr -q -S -g SMACK64 $TESTSUBDIR 2> /dev/null` `ls -id $TESTSUBDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTSUBDIR 2> /dev/null`
echo Dir: `attr -q -S -g SMACK64 $TESTSUB2DIR 2> /dev/null` `ls -id $TESTSUB2DIR` `attr -q -S -g SMACK64TRANSMUTE $TESTSUB2DIR 2> /dev/null`
echo "$RUNAS" > /proc/self/attr/current
GOT=`attr -q -S -g SMACK64 $TESTSUB2DIR`
if [ 'x'"$OBNAME" != 'x'"$GOT" ]
then
	echo Expected '"'$OBNAME'"' but got '"'$GOT'"'.
else
	echo Expected '"'$OBNAME'"' and got '"'$GOT'"' successfully.
fi

echo "$SUBNAME" > /proc/self/attr/current
rm -rf $TESTSUB3DIR
su - $NOTROOT -c "mkdir $TESTSUB3DIR"
grep `cat /proc/self/attr/current` $LOAD
echo Dir: `attr -q -S -g SMACK64 $TESTDIR 2> /dev/null` `ls -id $TESTDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTDIR 2> /dev/null`
echo Dir: `attr -q -S -g SMACK64 $TESTSUBDIR 2> /dev/null` `ls -id $TESTSUBDIR` `attr -q -S -g SMACK64TRANSMUTE $TESTSUBDIR 2> /dev/null`
echo Dir: `attr -q -S -g SMACK64 $TESTSUB2DIR 2> /dev/null` `ls -id $TESTSUB2DIR` `attr -q -S -g SMACK64TRANSMUTE $TESTSUB2DIR 2> /dev/null`
echo Dir: `attr -q -S -g SMACK64 $TESTSUB3DIR 2> /dev/null` `ls -id $TESTSUB3DIR` `attr -q -S -g SMACK64TRANSMUTE $TESTSUB3DIR 2> /dev/null`
echo "$RUNAS" > /proc/self/attr/current
GOT=`attr -q -S -g SMACK64 $TESTSUB3DIR`
if [ 'x'"$OBNAME" != 'x'"$GOT" ]
then
	echo Expected '"'$OBNAME'"' but got '"'$GOT'"'.
else
	echo Expected '"'$OBNAME'"' and got '"'$GOT'"' successfully.
fi

#
# test SMACK64TRANSMUTE removal
#
echo test SMACK64TRANSMUTE removal

attr -S -g SMACK64TRANSMUTE $TESTSUB3DIR
rm -rf $TESTSUB3DIR
attr -S -r SMACK64TRANSMUTE $TESTSUB2DIR
su - $NOTROOT -c "mkdir $TESTSUB3DIR"
attr -S -g SMACK64TRANSMUTE $TESTSUB2DIR
attr -S -g SMACK64TRANSMUTE $TESTSUB3DIR

rm -rf $TESTDIR
#
# Restore old label rule.
#
if [ "x""$OLDRULE" != "x" ]
then
	RAWOLDMODE=`echo $OLDRULE | sed -e 's/.* //'`

	I=`echo $RAWOLDMODE | grep 'r'`
	if [ "x""$I" = "x" ]
	then
		OLDMODE="-"
	else
		OLDMODE="r"
	fi
	I=`echo $RAWOLDMODE | grep 'w'`
	if [ "x""$I" = "x" ]
	then
		OLDMODE="$OLDMODE""-"
	else
		OLDMODE="$OLDMODE""w"
	fi
	I=`echo $RAWOLDMODE | grep 'x'`
	if [ "x""$I" = "x" ]
	then
		OLDMODE="$OLDMODE""-"
	else
		OLDMODE="$OLDMODE""x"
	fi
	I=`echo $RAWOLDMODE | grep 'a'`
	if [ "x""$I" = "x" ]
	then
		OLDMODE="$OLDMODE""-"
	else
		OLDMODE="$OLDMODE""a"
	fi
	I=`echo $RAWOLDMODE | grep 't'`
	if [ "x""$I" = "x" ]
	then
		OLDMODE="$OLDMODE""-"
	else
		OLDMODE="$OLDMODE""t"
	fi

	echo -n "$SUBJECT"' '"$OBJECT"' '"$OLDMODE" > $LOAD
	# echo Rule reset to '"'"$SUBNAME"' '"$OBNAME"' '"$OLDMODE"'"'
else
	echo -n "$SUBJECT"' '"$OBJECT"' ''-----' > $LOAD
	# echo Rule reset to '"'"$SUBNAME"' '"$OBNAME"' '"-----"'"'
fi

echo "$RUNAS" > /proc/self/attr/current
rm -rf $TESTDIR

exit 0