src/security-manager-tests/test_cases_public_sharing.cpp

   1 /*
   2  * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *    Licensed under the Apache License, Version 2.0 (the "License");
   5  *    you may not use this file except in compliance with the License.
   6  *    You may obtain a copy of the License at
   7  *
   8  *        http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *    Unless required by applicable law or agreed to in writing, software
  11  *    distributed under the License is distributed on an "AS IS" BASIS,
  12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *    See the License for the specific language governing permissions and
  14  *    limitations under the License.
  15  */
  16 #include <cstdint>
  17 #include <map>
  18 #include <string>
  19 #include <sys/smack.h>
  20 #include <sys/types.h>
  21 #include <unistd.h>
  22
  23 #include <dpl/test/test_runner.h>
  24 #include <sm_api.h>
  25 #include <sm_commons.h>
  26 #include <sm_request.h>
  27 #include <tests_common.h>
  28
  29 using namespace SecurityManagerTest;
  30
  31 namespace {
  32 const int sm_app_shared_test_id = 27;
  33 const char *const sm_app_shared_id = "sm_test_27_app_id_full";
  34 const char *const sm_app_shared_another_in_package_id = "sm_test_27_app_2_id_full";
  35 const char *const sm_pkg_shared_id = "sm_test_27_pkg_id_full";
  36
  37 static const std::map<std::string, struct app_attributes> MANY_APPS_PKGS = {
  38     {"security_manager_10_app_1", {"security_manager_10_pkg_1", "2.1"}},
  39     {"security_manager_10_app_2", {"security_manager_10_pkg_2", "3.0"}},
  40     {"security_manager_10_app_3", {"security_manager_10_pkg_3", "2.1.1"}},
  41     {"security_manager_10_app_4", {"security_manager_10_pkg_4", "3.1"}},
  42     {"security_manager_10_app_5", {"security_manager_10_pkg_5", "2.2"}}
  43 };
  44
  45 void changeSecurityContext(const std::string& label, uid_t uid, gid_t gid)
  46 {
  47     RUNNER_ASSERT_ERRNO_MSG(0 == smack_set_label_for_self(label.c_str()),
  48         "Error in smack_set_label_for_self(" << label << ")");
  49
  50     RUNNER_ASSERT_ERRNO_MSG(0 == setgid(gid), "Error in setgid.");
  51     RUNNER_ASSERT_ERRNO_MSG(0 == setuid(uid), "Error in setuid.");
  52 }
  53
  54 void test_success_worker(const std::string &appName, int test_num)
  55 {
  56     std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
  57
  58     changeSecurityContext(generateProcessLabel(appName), APP_UID, APP_GID);
  59
  60     RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1,
  61         "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH );
  62 }
  63
  64 void test_fail_worker(const std::string &appName, int test_num)
  65 {
  66     std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
  67
  68     changeSecurityContext(generateProcessLabel(appName), APP_UID, APP_GID);
  69
  70     RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1,
  71         "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName
  72         << " surprisingly succeeded, while expecting fail");
  73 }
  74 }
  75
  76 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PUBLIC_SHARING)
  77
  78 RUNNER_TEST(security_manager_27a_API2X_app_install)
  79 {
  80     std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
  81     std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
  82     std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
  83     std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
  84     prepare_app_env(sm_app_shared_test_id, true);
  85
  86     // install other apps
  87     for(const auto &app : MANY_APPS_PKGS) {
  88         InstallRequest requestInst;
  89         requestInst.setAppId(app.first.c_str());
  90         requestInst.setPkgId(app.second.package.c_str());
  91         requestInst.setAppTizenVersion(app.second.Tizen_ver.c_str());
  92
  93         Api::install(requestInst);
  94     };
  95
  96     // install
  97     {
  98         InstallRequest requestInst;
  99         requestInst.setAppId(sm_app_shared_id);
 100         requestInst.setPkgId(sm_pkg_shared_id);
 101         requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
 102         requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
 103         requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
 104         requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
 105         requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
 106         requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 107         requestInst.setAppTizenVersion("2.4");
 108         Api::install(requestInst);
 109     }
 110
 111     // another app in package
 112     {
 113         InstallRequest requestInst;
 114         requestInst.setAppId(sm_app_shared_another_in_package_id);
 115         requestInst.setPkgId(sm_pkg_shared_id);
 116         requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
 117         requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
 118         requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 119         requestInst.setAppTizenVersion("2.4");
 120         Api::install(requestInst);
 121     }
 122
 123     /* Check records in the security-manager database */
 124     check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
 125                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
 126     /* Check records in the security-manager database */
 127     check_app_after_install(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
 128                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
 129
 130     /* TODO: add parameters to this function */
 131     check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
 132
 133     RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
 134 }
 135
 136 RUNNER_CHILD_TEST(security_manager_27b_owner_1_have_access)
 137 {
 138     test_success_worker(sm_app_shared_id, sm_app_shared_test_id);
 139 }
 140
 141 RUNNER_CHILD_TEST(security_manager_27c_owner_2_have_access)
 142 {
 143     test_success_worker(sm_app_shared_another_in_package_id, sm_app_shared_test_id);
 144 }
 145
 146 RUNNER_CHILD_TEST(security_manager_27d_API2X_apps_have_access_app_1)
 147 {
 148     test_success_worker("security_manager_10_app_1", sm_app_shared_test_id);
 149 }
 150
 151 RUNNER_CHILD_TEST(security_manager_27e_API2X_apps_dont_have_access_app_2)
 152 {
 153     test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id);
 154 }
 155
 156 RUNNER_CHILD_TEST(security_manager_27f_API2X_apps_have_access_app_3)
 157 {
 158     test_success_worker("security_manager_10_app_3", sm_app_shared_test_id);
 159 }
 160
 161 RUNNER_CHILD_TEST(security_manager_27g_API2X_apps_dont_have_access_app_4)
 162 {
 163     test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id);
 164 }
 165
 166 RUNNER_CHILD_TEST(security_manager_27h_API2X_apps_have_access_app_5)
 167 {
 168     test_success_worker("security_manager_10_app_5", sm_app_shared_test_id);
 169 }
 170
 171
 172 RUNNER_TEST(security_manager_27i_API2X_app_uninstall)
 173 {
 174     {
 175         InstallRequest requestUninst;
 176         requestUninst.setAppId(sm_app_shared_id);
 177         Api::uninstall(requestUninst);
 178     }
 179     {
 180         InstallRequest requestUninst;
 181         requestUninst.setAppId(sm_app_shared_another_in_package_id);
 182         Api::uninstall(requestUninst);
 183     }
 184
 185     /* Check records in the security-manager database,
 186      * all previously allowed privileges should be removed */
 187     check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
 188                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
 189     check_app_after_uninstall(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
 190                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
 191 }
 192
 193 RUNNER_TEST(security_manager_27j_API30_app_install)
 194 {
 195     std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
 196     std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
 197     std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
 198     std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
 199     prepare_app_env(sm_app_shared_test_id, true);
 200
 201     // install
 202     InstallRequest requestInst;
 203     requestInst.setAppId(sm_app_shared_id);
 204     requestInst.setPkgId(sm_pkg_shared_id);
 205     requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
 206     requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
 207     requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
 208     requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
 209     requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
 210     requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 211     requestInst.setAppTizenVersion("3.0");
 212
 213     Api::install(requestInst);
 214
 215     /* Check records in the security-manager database */
 216     check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
 217                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
 218
 219     /* TODO: add parameters to this function */
 220     check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
 221
 222     RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
 223 }
 224
 225 RUNNER_CHILD_TEST(security_manager_27k_API30_apps_dont_have_access_app_1)
 226 {
 227     test_fail_worker("security_manager_10_app_1", sm_app_shared_test_id);
 228 }
 229
 230 RUNNER_CHILD_TEST(security_manager_27l_API30_apps_dont_have_access_app_2)
 231 {
 232     test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id);
 233 }
 234
 235 RUNNER_CHILD_TEST(security_manager_27m_API30_apps_dont_have_access_app_3)
 236 {
 237     test_fail_worker("security_manager_10_app_3", sm_app_shared_test_id);
 238 }
 239
 240 RUNNER_CHILD_TEST(security_manager_27n_API30_apps_dont_have_access_app_4)
 241 {
 242     test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id);
 243 }
 244
 245 RUNNER_CHILD_TEST(security_manager_27o_API30_apps_dont_have_access_app_5)
 246 {
 247     test_fail_worker("security_manager_10_app_5", sm_app_shared_test_id);
 248 }
 249
 250 RUNNER_TEST(security_manager_27p_API30_app_uninstall)
 251 {
 252     InstallRequest requestUninst;
 253     requestUninst.setAppId(sm_app_shared_id);
 254
 255     Api::uninstall(requestUninst);
 256
 257     /* Check records in the security-manager database,
 258      * all previously allowed privileges should be removed */
 259     check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
 260                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
 261
 262     // install other apps
 263     for(const auto &app : MANY_APPS_PKGS) {
 264         InstallRequest requestUninst;
 265         requestUninst.setAppId(app.first);
 266
 267         Api::uninstall(requestUninst);
 268     };
 269 }