2 * Copyright (c) 2015-2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file test_cases_helpers.cpp
18 * @author Aleksander Zdyb <a.zdyb@samsung.com>
20 * @brief Tests for cynara-helper-credentials-socket and cynara-helper-credentials-dbus
26 #include <sys/types.h>
31 #include <dbus/dbus.h>
33 #include <tests_common.h>
34 #include <access_provider.h>
35 #include <dpl/test/test_runner.h>
37 #include <synchronization_pipe.h>
38 #include <tests_common.h>
40 #include <passwd_access.h>
42 #include <cynara_test_helpers.h>
43 #include <cynara_test_helpers_dbus.h>
45 class ProcessCredentials {
47 ProcessCredentials() {}
49 const std::string &label(void) const {
53 uid_t uid(void) const {
54 return PasswdAccess::uid(APP_USER);
57 gid_t gid(void) const {
58 return PasswdAccess::gid("users");
62 std::string m_label = "cynara_helpers";
65 pid_t runInChild(const std::function<void(void)> &process) {
67 RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
77 void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
78 const struct ProcessCredentials &peerCredentials) {
79 SecurityServer::AccessProvider ap(peerCredentials.label());
80 ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
83 int sock = UDSHelpers::createServer(&sockaddr);
84 SockUniquePtr sockPtr(&sock);
86 int clientSock = UDSHelpers::acceptClient(sock);
88 UDSHelpers::waitForDisconnect(clientSock);
91 typedef std::function<void(int sock, pid_t pid,
92 const ProcessCredentials &peerCredentials)> SocketAssertionFn;
94 void socketTestTemplate(SocketAssertionFn assertion, const std::string &scope) {
95 const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_" + scope + ".socket");
96 const ProcessCredentials peerCredentials;
98 SynchronizationPipe pipe;
100 pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
101 std::cref(peerCredentials)));
103 pipe.claimParentEp();
105 int sock = UDSHelpers::createClient(&sockaddr);
106 SockUniquePtr sockPtr(&sock);
108 assertion(sock, pid, peerCredentials);
111 RUNNER_TEST_GROUP_INIT(cynara_creds_socket)
113 RUNNER_CHILD_TEST_SMACK(tccs01_socket_credentials_client_smack)
115 socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
116 CStringPtr label(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
117 RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(),
118 "Labels don't match ret = " << label.get()
119 << "; expected = " << peerCredentials.label());
123 RUNNER_CHILD_TEST_SMACK(tccs02_socket_credentials_client_pid)
125 socketTestTemplate([] (int sock, pid_t pid, const ProcessCredentials &) {
126 CStringPtr clientPidStr(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_PID));
127 pid_t clientPid = std::stoi(clientPidStr.get());
128 RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid
129 << "; expected = " << pid);
133 RUNNER_CHILD_TEST_SMACK(tccs03_socket_credentials_user_uid)
135 socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
136 CStringPtr uidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_UID));
137 uid_t uid = std::stoul(uidStr.get());
138 RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid
139 << "; expected = "<< peerCredentials.uid());
143 RUNNER_CHILD_TEST_SMACK(tccs04_socket_credentials_user_gid)
145 socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
146 CStringPtr gidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_GID));
147 gid_t gid = std::stoul(gidStr.get());
148 RUNNER_ASSERT_MSG(peerCredentials.gid() == gid, "GIDs don't match ret = " << gid
149 << "; expected = "<< peerCredentials.gid());
153 RUNNER_CHILD_TEST_SMACK(tccs05_cynara_creds_socket_pid)
155 const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_tccs05.socket");
156 const ProcessCredentials peerCredentials;
158 SynchronizationPipe pipe;
159 pid_t expectedPid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
160 std::cref(peerCredentials)));
162 pipe.claimParentEp();
164 int sock = UDSHelpers::createClient(&sockaddr);
165 SockUniquePtr sockPtr(&sock);
167 pid_t helperPid = CynaraHelperCredentials::socketGetPid(sock);
168 RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid
169 << "; expected = " << expectedPid);
172 // TODO: Create utility namespace for DBus, maybe?
173 DBusConnectionPtr createDBusConnection(const std::string &name) {
176 dbus_error_init(&err);
177 DBusConnection *conn = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
178 RUNNER_ASSERT_MSG(dbus_error_is_set(&err) != 1, "Error in dbus_bus_get: " << err.message);
179 dbus_connection_set_exit_on_disconnect(conn, FALSE);
181 DBusConnectionPtr ret(conn, [] (DBusConnection *conn) {
182 dbus_connection_close(conn);
183 dbus_connection_unref(conn);
186 if (name.empty() == false) {
187 dbus_bus_request_name(conn, name.c_str(), DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
188 RUNNER_ASSERT_MSG(dbus_error_is_set(&err) != TRUE,
189 "Error in dbus_bus_request_name: " << err.message);
195 void dbusServer(SynchronizationPipe &pipe, const std::string &requestedName,
196 const ProcessCredentials &peerCredentials) {
197 // for DBus connection, System must have access to our peer creds as well.
198 SecurityServer::AccessProvider systemAp("System");
199 systemAp.addObjectRule(peerCredentials.label(), "rwx");
202 SecurityServer::AccessProvider ap(peerCredentials.label());
203 ap.addObjectRule("System", "w");
204 ap.addObjectRule("System::Run", "x");
205 ap.addObjectRule("System::Shared", "x"); // for GDB
206 ap.addObjectRule("User", "r"); // for /usr/lib/debug access
207 ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
210 auto conn = createDBusConnection(requestedName);
215 typedef std::function<void(DBusConnectionPtr conn, pid_t pid,
216 const std::string &requestedName,
217 const ProcessCredentials &peerCredentials)> DBusAssertionFn;
219 void dbusTestTemplate(DBusAssertionFn assertion, const std::string &/*scope*/) {
220 std::string requestedName = "tests.dbus.cynara";
221 const ProcessCredentials peerCredentials;
223 SynchronizationPipe pipe;
224 pid_t pid = runInChild(std::bind(dbusServer, std::ref(pipe), std::cref(requestedName),
225 std::cref(peerCredentials)));
227 pipe.claimParentEp();
230 auto conn = createDBusConnection("");
231 assertion(std::move(conn), pid, requestedName, peerCredentials);
235 RUNNER_TEST_GROUP_INIT(cynara_creds_dbus)
237 RUNNER_TEST_SMACK(tccd01_dbus_credentials_client_pid) {
238 dbusTestTemplate([] (DBusConnectionPtr conn, pid_t pid, const std::string &requestedName,
239 const ProcessCredentials &) {
240 CStringPtr clientPidStr(CynaraHelperCredentials::dbusGetClient(std::move(conn),
241 requestedName.c_str(), CLIENT_METHOD_PID, CYNARA_API_SUCCESS));
242 pid_t clientPid = std::stoi(clientPidStr.get());
243 RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid
244 << "; expected = " << pid);
248 RUNNER_TEST_SMACK(tccd02_dbus_credentials_client_smack) {
249 dbusTestTemplate([] (DBusConnectionPtr conn, pid_t, const std::string &requestedName,
250 const ProcessCredentials &peerCredentials) {
251 CStringPtr label(CynaraHelperCredentials::dbusGetClient(std::move(conn),
252 requestedName.c_str(), CLIENT_METHOD_SMACK, CYNARA_API_SUCCESS));
253 RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(),
254 "Labels don't match ret = " << label.get()
255 << "; expected = " << peerCredentials.label());
259 RUNNER_TEST_SMACK(tccd03_dbus_credentials_user_uid) {
260 dbusTestTemplate([] (DBusConnectionPtr conn, pid_t, const std::string &requestedName,
261 const ProcessCredentials &peerCredentials) {
262 CStringPtr uidStr(CynaraHelperCredentials::dbusGetUser(std::move(conn),
263 requestedName.c_str(), USER_METHOD_UID, CYNARA_API_SUCCESS));
264 uid_t uid = std::stoul(uidStr.get());
265 RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid
266 << "; expected = "<< peerCredentials.uid());
270 RUNNER_TEST_SMACK(tccd04_dbus_credentials_pid) {
271 dbusTestTemplate([] (DBusConnectionPtr conn, pid_t expectedPid,
272 const std::string &requestedName, const ProcessCredentials &) {
273 auto helperPid = CynaraHelperCredentials::dbusGetPid(std::move(conn),
274 requestedName.c_str(), CYNARA_API_SUCCESS);
275 RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid
276 << "; expected = " << expectedPid);