2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 #include <sys/types.h>
24 #include <access_provider.h>
25 #include <dpl/test/test_runner.h>
27 #include <passwd_access.h>
29 #include <sm_commons.h>
30 #include <sm_request.h>
31 #include <synchronization_pipe.h>
32 #include <tests_common.h>
33 #include <tzplatform.h>
36 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_CREDENTIAL_API)
38 using namespace SecurityManagerTest;
40 class ProcessCredentials {
42 ProcessCredentials(const std::string &smackLabel) : m_label(smackLabel) {}
44 const std::string &label(void) const {
48 uid_t uid(void) const {
49 return TzPlatformConfig::getGlobalUserId();
52 gid_t gid(void) const {
53 return PasswdAccess::gid("users");
60 pid_t runInChild(const std::function<void(void)> &process) {
62 RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
71 void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
72 const struct ProcessCredentials &peerCredentials) {
73 SecurityServer::AccessProvider ap(peerCredentials.label());
74 ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
77 int sock = UDSHelpers::createServer(&sockaddr);
78 SockUniquePtr sockPtr(&sock);
80 int clientSock = UDSHelpers::acceptClient(sock);
82 UDSHelpers::waitForDisconnect(clientSock);
85 typedef std::function<void(int sock, pid_t pid)> SocketAssertionFn;
87 void clientTestTemplate(SocketAssertionFn assertion, const std::string &scope, const std::string &smackLabel) {
88 const auto sockaddr = UDSHelpers::makeAbstractAddress("test_sm_" + scope + ".socket");
89 const ProcessCredentials peerCredentials(smackLabel);
91 SynchronizationPipe pipe;
93 pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
94 std::cref(peerCredentials)));
98 int sock = UDSHelpers::createClient(&sockaddr);
99 SockUniquePtr sockPtr(&sock);
101 assertion(sock, pid);
104 RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket)
106 const char *const sm_app_id = "sm_test_51a_app";
107 const char *const sm_pkg_id = "sm_test_51a_pkg";
109 InstallRequest requestInst;
110 requestInst.setAppId(sm_app_id);
111 requestInst.setPkgId(sm_pkg_id);
113 Api::install(requestInst);
115 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
117 clientTestTemplate([&] (int sock, pid_t) {
118 std::string rcvPkgId, rcvAppId;
119 Api::getPkgIdBySocket(sock, &rcvPkgId, &rcvAppId);
120 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
121 << "; expected = " << sm_pkg_id);
122 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
123 << "; expected = " << sm_app_id);
124 }, "tcsm27a", smackLabel);
126 InstallRequest requestUninst;
127 requestUninst.setAppId(sm_app_id);
129 Api::uninstall(requestUninst);
132 RUNNER_CHILD_TEST(security_manager_51b_get_id_by_socket)
134 const char *const sm_app_id = "sm_test_51b_app";
135 const char *const sm_pkg_id = "sm_test_51b_pkg";
137 InstallRequest requestInst;
138 requestInst.setAppId(sm_app_id);
139 requestInst.setPkgId(sm_pkg_id);
141 Api::install(requestInst);
143 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
145 clientTestTemplate([&] (int sock, pid_t) {
146 std::string rcvPkgId, rcvAppId;
147 Api::getPkgIdBySocket(sock + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
148 }, "tcsm27b", smackLabel);
150 InstallRequest requestUninst;
151 requestUninst.setAppId(sm_app_id);
153 Api::uninstall(requestUninst);
156 RUNNER_CHILD_TEST(security_manager_51c_get_id_by_socket)
158 const char *const sm_app_id = "sm_test_51c_app";
159 const char *const sm_pkg_id = "sm_test_51c_pkg";
161 InstallRequest requestInst;
162 requestInst.setAppId(sm_app_id);
163 requestInst.setPkgId(sm_pkg_id);
165 Api::install(requestInst);
167 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
169 clientTestTemplate([&] (int sock, pid_t) {
170 std::string rcvPkgId;
171 Api::getPkgIdBySocket(sock, &rcvPkgId, nullptr);
172 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
173 << "; expected = " << sm_pkg_id);
174 }, "tcsm27c", smackLabel);
176 InstallRequest requestUninst;
177 requestUninst.setAppId(sm_app_id);
179 Api::uninstall(requestUninst);
182 RUNNER_CHILD_TEST(security_manager_51d_get_id_by_socket)
184 const char *const sm_app_id = "sm_test_51d_app";
185 const char *const sm_pkg_id = "sm_test_51d_pkg";
187 InstallRequest requestInst;
188 requestInst.setAppId(sm_app_id);
189 requestInst.setPkgId(sm_pkg_id);
191 Api::install(requestInst);
193 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
195 clientTestTemplate([&] (int sock, pid_t) {
196 std::string rcvAppId;
197 Api::getPkgIdBySocket(sock, nullptr, &rcvAppId);
198 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
199 << "; expected = " << sm_app_id);
200 }, "tcsm27d", smackLabel);
202 InstallRequest requestUninst;
203 requestUninst.setAppId(sm_app_id);
205 Api::uninstall(requestUninst);
208 RUNNER_CHILD_TEST(security_manager_51e_get_id_by_socket)
210 const char *const sm_app_id = "sm_test_51e_app";
211 const char *const sm_pkg_id = "sm_test_51e_pkg";
213 InstallRequest requestInst;
214 requestInst.setAppId(sm_app_id);
215 requestInst.setPkgId(sm_pkg_id);
217 Api::install(requestInst);
219 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
221 clientTestTemplate([&] (int sock, pid_t) {
222 Api::getPkgIdBySocket(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
223 }, "tcsm27e", smackLabel);
225 InstallRequest requestUninst;
226 requestUninst.setAppId(sm_app_id);
228 Api::uninstall(requestUninst);
231 RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid)
233 const char *const sm_app_id = "sm_test_52a_app";
234 const char *const sm_pkg_id = "sm_test_52a_pkg";
236 InstallRequest requestInst;
237 requestInst.setAppId(sm_app_id);
238 requestInst.setPkgId(sm_pkg_id);
240 Api::install(requestInst);
242 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
244 clientTestTemplate([&] (int, pid_t pid) {
245 std::string rcvPkgId, rcvAppId;
246 Api::getPkgIdByPid(pid, &rcvPkgId, &rcvAppId);
247 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
248 << "; expected = " << sm_pkg_id);
249 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
250 << "; expected = " << sm_app_id);
251 }, "tcsm28a", smackLabel);
253 InstallRequest requestUninst;
254 requestUninst.setAppId(sm_app_id);
256 Api::uninstall(requestUninst);
259 RUNNER_CHILD_TEST(security_manager_52b_get_id_by_pid)
261 const char *const sm_app_id = "sm_test_52b_app";
262 const char *const sm_pkg_id = "sm_test_52b_pkg";
264 InstallRequest requestInst;
265 requestInst.setAppId(sm_app_id);
266 requestInst.setPkgId(sm_pkg_id);
268 Api::install(requestInst);
270 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
272 clientTestTemplate([&] (int, pid_t pid) {
273 std::string rcvPkgId, rcvAppId;
274 Api::getPkgIdByPid(pid + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
275 }, "tcsm28b", smackLabel);
277 InstallRequest requestUninst;
278 requestUninst.setAppId(sm_app_id);
280 Api::uninstall(requestUninst);
283 RUNNER_CHILD_TEST(security_manager_52c_get_id_by_pid)
285 const char *const sm_app_id = "sm_test_52c_app";
286 const char *const sm_pkg_id = "sm_test_52c_pkg";
288 InstallRequest requestInst;
289 requestInst.setAppId(sm_app_id);
290 requestInst.setPkgId(sm_pkg_id);
292 Api::install(requestInst);
294 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
296 clientTestTemplate([&] (int, pid_t pid) {
297 std::string rcvPkgId;
298 Api::getPkgIdByPid(pid, &rcvPkgId, nullptr);
299 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
300 << "; expected = " << sm_pkg_id);
301 }, "tcsm28c", smackLabel);
303 InstallRequest requestUninst;
304 requestUninst.setAppId(sm_app_id);
306 Api::uninstall(requestUninst);
309 RUNNER_CHILD_TEST(security_manager_52d_get_id_by_pid)
311 const char *const sm_app_id = "sm_test_52d_app";
312 const char *const sm_pkg_id = "sm_test_52d_pkg";
314 InstallRequest requestInst;
315 requestInst.setAppId(sm_app_id);
316 requestInst.setPkgId(sm_pkg_id);
318 Api::install(requestInst);
320 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
322 clientTestTemplate([&] (int, pid_t pid) {
323 std::string rcvAppId;
324 Api::getPkgIdByPid(pid, nullptr, &rcvAppId);
325 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
326 << "; expected = " << sm_app_id);
327 }, "tcsm28d", smackLabel);
329 InstallRequest requestUninst;
330 requestUninst.setAppId(sm_app_id);
332 Api::uninstall(requestUninst);
335 RUNNER_CHILD_TEST(security_manager_52e_get_id_by_pid)
337 const char *const sm_app_id = "sm_test_52e_app";
338 const char *const sm_pkg_id = "sm_test_52e_pkg";
340 InstallRequest requestInst;
341 requestInst.setAppId(sm_app_id);
342 requestInst.setPkgId(sm_pkg_id);
344 Api::install(requestInst);
346 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
348 clientTestTemplate([&] (int sock, pid_t) {
349 Api::getPkgIdByPid(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
350 }, "tcsm28e", smackLabel);
352 InstallRequest requestUninst;
353 requestUninst.setAppId(sm_app_id);
355 Api::uninstall(requestUninst);