2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <sys/types.h>
23 #include <access_provider.h>
24 #include <cynara_helpers_creds.h>
25 #include <dpl/test/test_runner.h>
27 #include <passwd_access.h>
29 #include <sm_commons.h>
30 #include <sm_request.h>
31 #include <synchronization_pipe.h>
32 #include <tests_common.h>
33 #include <tzplatform.h>
36 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_CREDENTIAL_API)
38 using namespace SecurityManagerTest;
40 class ProcessCredentials {
42 ProcessCredentials(const std::string &smackLabel) : m_label(smackLabel) {}
44 const std::string &label(void) const {
48 uid_t uid(void) const {
49 return TzPlatformConfig::getGlobalUserId();
52 gid_t gid(void) const {
53 return PasswdAccess::gid("users");
60 void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
61 const struct ProcessCredentials &peerCredentials) {
62 SecurityServer::AccessProvider ap(peerCredentials.label());
63 ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
66 int sock = UDSHelpers::createServer(&sockaddr);
67 SockUniquePtr sockPtr(&sock);
69 int clientSock = UDSHelpers::acceptClient(sock);
71 UDSHelpers::waitForDisconnect(clientSock);
74 typedef std::function<void(int sock, pid_t pid)> SocketAssertionFn;
76 void clientTestTemplate(SocketAssertionFn assertion, const std::string &scope, const std::string &smackLabel) {
77 const auto sockaddr = UDSHelpers::makeAbstractAddress("test_sm_" + scope + ".socket");
78 const ProcessCredentials peerCredentials(smackLabel);
80 SynchronizationPipe pipe;
82 pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
83 std::cref(peerCredentials)));
87 int sock = UDSHelpers::createClient(&sockaddr);
88 SockUniquePtr sockPtr(&sock);
93 void test_51a_get_id_by_socket(bool isHybrid) {
94 const char *const sm_app_id = "sm_test_51a_app";
95 const char *const sm_pkg_id = "sm_test_51a_pkg";
97 InstallRequest requestInst;
98 requestInst.setAppId(sm_app_id);
99 requestInst.setPkgId(sm_pkg_id);
101 requestInst.setHybrid();
103 Api::install(requestInst);
105 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid);
107 clientTestTemplate([&] (int sock, pid_t) {
108 std::string rcvPkgId, rcvAppId;
109 Api::getPkgIdBySocket(sock, &rcvPkgId, &rcvAppId);
110 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
111 << "; expected = " << sm_pkg_id);
113 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
114 << "; expected = " << sm_app_id);
116 RUNNER_ASSERT_MSG(rcvAppId.empty(), "magically acquired appId from nonhybrid app");
117 }, "tcsm27a", smackLabel);
119 InstallRequest requestUninst;
120 requestUninst.setAppId(sm_app_id);
122 Api::uninstall(requestUninst);
125 RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket_hybrid)
127 test_51a_get_id_by_socket(true);
130 RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket_nonhybrid)
132 test_51a_get_id_by_socket(false);
135 RUNNER_CHILD_TEST(security_manager_51b_get_id_by_socket_bad_fd)
137 const char *const sm_app_id = "sm_test_51b_app";
138 const char *const sm_pkg_id = "sm_test_51b_pkg";
140 InstallRequest requestInst;
141 requestInst.setAppId(sm_app_id);
142 requestInst.setPkgId(sm_pkg_id);
144 Api::install(requestInst);
146 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
148 clientTestTemplate([&] (int sock, pid_t) {
149 std::string rcvPkgId, rcvAppId;
150 Api::getPkgIdBySocket(sock + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
151 }, "tcsm27b", smackLabel);
153 InstallRequest requestUninst;
154 requestUninst.setAppId(sm_app_id);
156 Api::uninstall(requestUninst);
159 RUNNER_CHILD_TEST(security_manager_51c_get_id_by_socket_only_pkg)
161 const char *const sm_app_id = "sm_test_51c_app";
162 const char *const sm_pkg_id = "sm_test_51c_pkg";
164 InstallRequest requestInst;
165 requestInst.setAppId(sm_app_id);
166 requestInst.setPkgId(sm_pkg_id);
168 Api::install(requestInst);
170 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
172 clientTestTemplate([&] (int sock, pid_t) {
173 std::string rcvPkgId;
174 Api::getPkgIdBySocket(sock, &rcvPkgId, nullptr);
175 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
176 << "; expected = " << sm_pkg_id);
177 }, "tcsm27c", smackLabel);
179 InstallRequest requestUninst;
180 requestUninst.setAppId(sm_app_id);
182 Api::uninstall(requestUninst);
185 RUNNER_CHILD_TEST(security_manager_51d_get_id_by_socket_only_appid)
187 const char *const sm_app_id = "sm_test_51d_app";
188 const char *const sm_pkg_id = "sm_test_51d_pkg";
190 InstallRequest requestInst;
191 requestInst.setAppId(sm_app_id);
192 requestInst.setPkgId(sm_pkg_id);
193 requestInst.setHybrid();
195 Api::install(requestInst);
197 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true);
199 clientTestTemplate([&] (int sock, pid_t) {
200 std::string rcvAppId;
201 Api::getPkgIdBySocket(sock, nullptr, &rcvAppId);
202 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
203 << "; expected = " << sm_app_id);
204 }, "tcsm27d", smackLabel);
206 InstallRequest requestUninst;
207 requestUninst.setAppId(sm_app_id);
209 Api::uninstall(requestUninst);
212 RUNNER_CHILD_TEST(security_manager_51e_get_id_by_socket_nulls)
214 const char *const sm_app_id = "sm_test_51e_app";
215 const char *const sm_pkg_id = "sm_test_51e_pkg";
217 InstallRequest requestInst;
218 requestInst.setAppId(sm_app_id);
219 requestInst.setPkgId(sm_pkg_id);
221 Api::install(requestInst);
223 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
225 clientTestTemplate([&] (int sock, pid_t) {
226 Api::getPkgIdBySocket(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
227 }, "tcsm27e", smackLabel);
229 InstallRequest requestUninst;
230 requestUninst.setAppId(sm_app_id);
232 Api::uninstall(requestUninst);
235 void test_52a_get_id_by_pid(bool isHybrid) {
236 const char *const sm_app_id = "sm_test_52a_app";
237 const char *const sm_pkg_id = "sm_test_52a_pkg";
239 InstallRequest requestInst;
240 requestInst.setAppId(sm_app_id);
241 requestInst.setPkgId(sm_pkg_id);
243 requestInst.setHybrid();
244 Api::install(requestInst);
246 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid);
248 clientTestTemplate([&] (int, pid_t pid) {
249 std::string rcvPkgId, rcvAppId;
250 Api::getPkgIdByPid(pid, &rcvPkgId, &rcvAppId);
251 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
252 << "; expected = " << sm_pkg_id);
254 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
255 << "; expected = " << sm_app_id);
257 RUNNER_ASSERT_MSG(rcvAppId.empty(), "magically acquired appId from nonhybrid app");
258 }, "tcsm28a", smackLabel);
260 InstallRequest requestUninst;
261 requestUninst.setAppId(sm_app_id);
263 Api::uninstall(requestUninst);
266 RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid_hybrid)
268 test_52a_get_id_by_pid(true);
271 RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid_nonhybrid)
273 test_52a_get_id_by_pid(false);
276 RUNNER_CHILD_TEST(security_manager_52b_get_id_by_pid_bad_fd)
278 const char *const sm_app_id = "sm_test_52b_app";
279 const char *const sm_pkg_id = "sm_test_52b_pkg";
281 InstallRequest requestInst;
282 requestInst.setAppId(sm_app_id);
283 requestInst.setPkgId(sm_pkg_id);
285 Api::install(requestInst);
287 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
289 clientTestTemplate([&] (int, pid_t pid) {
290 std::string rcvPkgId, rcvAppId;
291 Api::getPkgIdByPid(pid + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
292 }, "tcsm28b", smackLabel);
294 InstallRequest requestUninst;
295 requestUninst.setAppId(sm_app_id);
297 Api::uninstall(requestUninst);
300 RUNNER_CHILD_TEST(security_manager_52c_get_id_by_pid_only_pkg)
302 const char *const sm_app_id = "sm_test_52c_app";
303 const char *const sm_pkg_id = "sm_test_52c_pkg";
305 InstallRequest requestInst;
306 requestInst.setAppId(sm_app_id);
307 requestInst.setPkgId(sm_pkg_id);
309 Api::install(requestInst);
311 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
313 clientTestTemplate([&] (int, pid_t pid) {
314 std::string rcvPkgId;
315 Api::getPkgIdByPid(pid, &rcvPkgId, nullptr);
316 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
317 << "; expected = " << sm_pkg_id);
318 }, "tcsm28c", smackLabel);
320 InstallRequest requestUninst;
321 requestUninst.setAppId(sm_app_id);
323 Api::uninstall(requestUninst);
326 RUNNER_CHILD_TEST(security_manager_52d_get_id_by_pid_only_appid)
328 const char *const sm_app_id = "sm_test_52d_app";
329 const char *const sm_pkg_id = "sm_test_52d_pkg";
331 InstallRequest requestInst;
332 requestInst.setAppId(sm_app_id);
333 requestInst.setPkgId(sm_pkg_id);
334 requestInst.setHybrid();
336 Api::install(requestInst);
338 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true);
340 clientTestTemplate([&] (int, pid_t pid) {
341 std::string rcvAppId;
342 Api::getPkgIdByPid(pid, nullptr, &rcvAppId);
343 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
344 << "; expected = " << sm_app_id);
345 }, "tcsm28d", smackLabel);
347 InstallRequest requestUninst;
348 requestUninst.setAppId(sm_app_id);
350 Api::uninstall(requestUninst);
353 RUNNER_CHILD_TEST(security_manager_52e_get_id_by_pid_nulls)
355 const char *const sm_app_id = "sm_test_52e_app";
356 const char *const sm_pkg_id = "sm_test_52e_pkg";
358 InstallRequest requestInst;
359 requestInst.setAppId(sm_app_id);
360 requestInst.setPkgId(sm_pkg_id);
362 Api::install(requestInst);
364 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
366 clientTestTemplate([&] (int sock, pid_t) {
367 Api::getPkgIdByPid(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
368 }, "tcsm28e", smackLabel);
370 InstallRequest requestUninst;
371 requestUninst.setAppId(sm_app_id);
373 Api::uninstall(requestUninst);
376 void test_53a_get_id_by_cynara_client(bool isHybrid) {
377 const char *const sm_app_id = "sm_test_53a_app";
378 const char *const sm_pkg_id = "sm_test_53a_pkg";
380 InstallRequest requestInst;
381 requestInst.setAppId(sm_app_id);
382 requestInst.setPkgId(sm_pkg_id);
384 requestInst.setHybrid();
386 Api::install(requestInst);
388 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid);
390 clientTestTemplate([&] (int sock, pid_t) {
391 std::string rcvPkgId, rcvAppId;
392 CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
393 RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
394 Api::getPkgIdByCynaraClient(cynaraClient.get(), &rcvPkgId, &rcvAppId);
395 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
396 << "; expected = " << sm_pkg_id);
398 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
399 << "; expected = " << sm_app_id);
400 }, "tcsmc53a", smackLabel);
402 InstallRequest requestUninst;
403 requestUninst.setAppId(sm_app_id);
405 Api::uninstall(requestUninst);
408 RUNNER_CHILD_TEST(security_manager_53a_get_id_by_cynara_client_hybrid)
410 test_53a_get_id_by_cynara_client(true);
413 RUNNER_CHILD_TEST(security_manager_53a_get_id_by_cynara_client_nonhybrid)
415 test_53a_get_id_by_cynara_client(false);
418 RUNNER_CHILD_TEST(security_manager_53b_get_id_by_cynara_client_wrong_client)
421 std::string rcvPkgId, rcvAppId;
422 Api::getPkgIdByCynaraClient("NotAnApp", &rcvPkgId, &rcvAppId,
423 SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
426 RUNNER_CHILD_TEST(security_manager_53c_get_id_by_cynara_client_only_pkgid)
428 const char *const sm_app_id = "sm_test_53c_app";
429 const char *const sm_pkg_id = "sm_test_53c_pkg";
431 InstallRequest requestInst;
432 requestInst.setAppId(sm_app_id);
433 requestInst.setPkgId(sm_pkg_id);
435 Api::install(requestInst);
437 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
439 clientTestTemplate([&] (int sock, pid_t) {
440 std::string rcvPkgId;
441 CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
442 RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
443 Api::getPkgIdByCynaraClient(cynaraClient.get(), &rcvPkgId, nullptr);
444 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
445 << "; expected = " << sm_pkg_id);
446 }, "tcsm28c", smackLabel);
448 InstallRequest requestUninst;
449 requestUninst.setAppId(sm_app_id);
451 Api::uninstall(requestUninst);
454 RUNNER_CHILD_TEST(security_manager_53d_get_id_by_cynara_client_only_appid)
456 const char *const sm_app_id = "sm_test_53d_app";
457 const char *const sm_pkg_id = "sm_test_53d_pkg";
459 InstallRequest requestInst;
460 requestInst.setAppId(sm_app_id);
461 requestInst.setPkgId(sm_pkg_id);
462 requestInst.setHybrid();
464 Api::install(requestInst);
466 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true);
468 clientTestTemplate([&] (int sock, pid_t) {
469 std::string rcvAppId;
470 CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
471 RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
472 Api::getPkgIdByCynaraClient(cynaraClient.get(), nullptr, &rcvAppId);
473 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
474 << "; expected = " << sm_app_id);
475 }, "tcsm28d", smackLabel);
477 InstallRequest requestUninst;
478 requestUninst.setAppId(sm_app_id);
480 Api::uninstall(requestUninst);
483 RUNNER_CHILD_TEST(security_manager_53e_get_id_by_cynara_client_nulls)
485 const char *const sm_app_id = "sm_test_53e_app";
486 const char *const sm_pkg_id = "sm_test_53e_pkg";
488 InstallRequest requestInst;
489 requestInst.setAppId(sm_app_id);
490 requestInst.setPkgId(sm_pkg_id);
492 Api::install(requestInst);
494 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
496 clientTestTemplate([&] (int sock, pid_t) {
497 std::string rcvAppId;
498 CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
499 RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
500 Api::getPkgIdByCynaraClient(cynaraClient.get(), nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
501 }, "tcsm28e", smackLabel);
503 InstallRequest requestUninst;
504 requestUninst.setAppId(sm_app_id);
506 Api::uninstall(requestUninst);