projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'tizen' into nether
[platform/core/test/security-tests.git] / src / security-manager-tests / test_cases_register_paths.cpp
1 /*
2  * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16 #include <cstdint>
17 #include <string>
18
19 #include <app_install_helper.h>
20 #include <dpl/test/test_runner.h>
21 #include <label_generator.h>
22 #include <scoped_installer.h>
23 #include <sm_api.h>
24 #include <sm_commons.h>
25 #include <temp_test_user.h>
26 #include <tests_common.h>
27 #include <tzplatform.h>
28
29 using namespace SecurityManagerTest;
30
31 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_REGISTER_PATH)
32
33 RUNNER_TEST(security_manager_54_path_req_no_pkg)
34 {
35     TemporaryTestUser user("sm_test_54_user_name", GUM_USERTYPE_NORMAL, false);
36     user.create();
37
38     AppInstallHelper app("sm_test_54", user.getUid());
39     app.createPrivateDir();
40
41     PathsRequest req;
42     req.setPkgId("non-existing-pkg-id");
43     req.setUid(user.getUid());
44     req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
45
46     Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
47 }
48
49 RUNNER_TEST(security_manager_55_path_req_empty_pkg)
50 {
51     TemporaryTestUser user("sm_test_55_user_name", GUM_USERTYPE_NORMAL, false);
52     user.create();
53     AppInstallHelper app("sm_test_55", user.getUid());
54     app.createPrivateDir();
55
56     PathsRequest req;
57     req.setPkgId("");
58     req.setUid(user.getUid());
59     req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
60
61     Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
62 }
63
64 RUNNER_TEST(security_manager_56_path_req_wrong_type)
65 {
66     PathsRequest req;
67     req.setInstallType(SM_APP_INSTALL_END,
68                        (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
69     req.setInstallType((app_install_type)(SM_APP_INSTALL_NONE-1),
70                        (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
71 }
72
73 RUNNER_TEST(security_manager_57_path_req_wrong_uid)
74 {
75     TemporaryTestUser user("sm_test_57_user_name", GUM_USERTYPE_NORMAL, false);
76     user.create();
77
78     AppInstallHelper app("sm_test_57", user.getUid());
79     ScopedInstaller appInstall(app);
80
81     app.createPrivateDir();
82     PathsRequest preq;
83     preq.setPkgId(app.getPkgId());
84     preq.setUid(-1);
85     preq.setInstallType(SM_APP_INSTALL_LOCAL);
86     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
87
88     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
89 }
90
91 RUNNER_TEST(security_manager_58_path_req_empty_paths)
92 {
93     TemporaryTestUser user("sm_test_58_user_name", GUM_USERTYPE_NORMAL, false);
94     user.create();
95     AppInstallHelper app("sm_test_58", user.getUid());
96
97     PathsRequest req;
98     req.setPkgId(app.getPkgId());
99     req.setUid(user.getUid());
100     Api::registerPaths(req);
101 }
102
103 RUNNER_TEST(security_manager_59_path_req_as_root_positive)
104 {
105     TemporaryTestUser user("sm_test_59_user_name", GUM_USERTYPE_NORMAL, false);
106     user.create();
107
108     AppInstallHelper app("sm_test_59", user.getUid());
109     ScopedInstaller appInstall(app);
110
111     app.createPrivateDir();
112     PathsRequest preq;
113     preq.setPkgId(app.getPkgId());
114     preq.setUid(user.getUid());
115     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
116
117     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
118 }
119
120 RUNNER_CHILD_TEST(security_manager_60_path_req_as_user_positive)
121 {
122     TemporaryTestUser user("sm_test_60_user_name", GUM_USERTYPE_NORMAL, false);
123     user.create();
124
125     AppInstallHelper app("sm_test_60", user.getUid());
126     ScopedInstaller appInstall(app);
127
128     RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
129                             "drop_root_privileges failed");
130     app.createPrivateDir();
131     PathsRequest preq;
132     preq.setPkgId(app.getPkgId());
133     preq.setUid(user.getUid());
134     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
135
136     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
137 }
138
139 RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
140 {
141     TemporaryTestUser user1("sm_test_61_1_user_name", GUM_USERTYPE_NORMAL, false);
142     user1.create();
143     TemporaryTestUser user2("sm_test_61_2_user_name", GUM_USERTYPE_NORMAL, false);
144     user2.create();
145
146     AppInstallHelper app("sm_test_61", user2.getUid());
147     ScopedInstaller appInstall(app);
148
149     app.createPrivateDir();
150
151     pid_t pid = fork();
152     RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
153     if (pid == 0) { // child
154         RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user1.getUid(), user1.getGid()) == 0,
155                                 "drop_root_privileges failed");
156
157         PathsRequest preq;
158         preq.setPkgId(app.getPkgId());
159         preq.setUid(user2.getUid());
160         preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
161
162         Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
163     } else {
164         waitPid(pid);
165     }
166 }
167
168 static void checkOutsidePath(const std::string& pkgId, uid_t uid, const std::string& path)
169 {
170     PathsRequest preq;
171     preq.setPkgId(pkgId);
172     preq.setUid(uid);
173     preq.addPath(path, SECURITY_MANAGER_PATH_RW);
174
175     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
176 }
177
178 RUNNER_TEST(security_manager_62_path_req_path_outside)
179 {
180     TemporaryTestUser user1("sm_test_62_1_user_name", GUM_USERTYPE_NORMAL, false);
181     user1.create();
182     TemporaryTestUser user2("sm_test_62_2_user_name", GUM_USERTYPE_NORMAL, false);
183     user2.create();
184
185     AppInstallHelper app("sm_test_62", user1.getUid());
186     AppInstallHelper differentUserApp("sm_test_62", user2.getUid());
187     AppInstallHelper unknownApp("sm_test_62_unknown", user1.getUid());
188
189     ScopedInstaller appInstall(app);
190
191     checkOutsidePath(app.getPkgId(), app.getUID(), unknownApp.getPrivateDir());
192     checkOutsidePath(app.getPkgId(), app.getUID(), differentUserApp.getPrivateDir());
193     checkOutsidePath(app.getPkgId(), app.getUID(), std::string("/home/") + user1.getUserName());
194 }
195
196 RUNNER_CHILD_TEST(security_manager_63a_path_req_as_user)
197 {
198     TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
199     user.create();
200
201     AppInstallHelper app("sm_test_63", user.getUid());
202     ScopedInstaller appInstall(app);
203
204     app.createPrivateDir();
205
206     int result = drop_root_privileges(user.getUid(), user.getGid());
207     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
208
209     PathsRequest preq;
210     preq.setPkgId(app.getPkgId());
211     preq.setUid(app.getUID());
212     preq.setInstallType(SM_APP_INSTALL_GLOBAL);
213     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
214
215     Api::registerPaths(preq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
216 }
217
218 RUNNER_CHILD_TEST(security_manager_63b_path_req_preloaded_as_user)
219 {
220     TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
221     user.create();
222
223     AppInstallHelper app("sm_test_63", user.getUid());
224     ScopedInstaller appInstall(app);
225
226     app.createPrivateDir();
227
228     int result = drop_root_privileges(user.getUid(), user.getGid());
229     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
230
231     PathsRequest preq;
232     preq.setPkgId(app.getPkgId());
233     preq.setUid(app.getUID());
234     preq.setInstallType(SM_APP_INSTALL_PRELOADED);
235     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
236
237     Api::registerPaths(preq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
238 }
239
240 RUNNER_TEST(security_manager_64a_path_req_as_local_as_root)
241 {
242     TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
243     user.create();
244
245     AppInstallHelper app("sm_test_64", user.getUid());
246     ScopedInstaller appInstall(app);
247
248     app.createPrivateDir();
249
250     PathsRequest preq;
251     preq.setPkgId(app.getPkgId());
252     preq.setUid(app.getUID());
253     preq.setInstallType(SM_APP_INSTALL_LOCAL);
254     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
255
256     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
257 }
258
259 RUNNER_CHILD_TEST(security_manager_64b_path_req_as_local_as_global_user)
260 {
261     TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
262     user.create();
263
264     AppInstallHelper app("sm_test_64", user.getUid());
265     ScopedInstaller appInstall(app);
266
267     app.createPrivateDir();
268
269     RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(TzPlatformConfig::getGlobalUserId(),
270                                                  TzPlatformConfig::getGlobalGroupId()) == 0,
271                             "drop_root_privileges failed");
272
273     PathsRequest preq;
274     preq.setPkgId(app.getPkgId());
275     preq.setUid(app.getUID());
276     preq.setInstallType(SM_APP_INSTALL_LOCAL);
277     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
278
279     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
280 }
281
282 RUNNER_TEST(security_manager_66_path_req_check_labels)
283 {
284     AppInstallHelper app("sm_test_66");
285
286     ScopedInstaller appInstall(app);
287
288     app.createPrivateDir();
289     app.createPrivateRODir();
290     app.createPublicDir();
291     app.createSharedRODir();
292
293     PathsRequest preq;
294     preq.setPkgId(app.getPkgId());
295     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
296     preq.addPath(app.getPrivateRODir(), SECURITY_MANAGER_PATH_RO);
297     preq.addPath(app.getPublicDir(), SECURITY_MANAGER_PATH_PUBLIC_RO);
298     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
299     Api::registerPaths(preq);
300
301     check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
302     check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
303     check_path(app.getPublicDir(), getPublicPathLabel());
304     check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
305 }
306
307 RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
308 {
309     TemporaryTestUser user("sm_test_67_user_name", GUM_USERTYPE_NORMAL, false);
310     user.create();
311
312     AppInstallHelper app("sm_test_67", user.getUid());
313     app.setVersion("3.0");
314     ScopedInstaller appInstall(app);
315
316     app.createSharedRODir();
317
318     PathsRequest preq;
319     preq.setPkgId(app.getPkgId());
320     preq.setUid(app.getUID());
321     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
322
323     Api::registerPaths(preq);
324     check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
325 }
326
327 RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
328 {
329     TemporaryTestUser user("sm_test_68_user_name", GUM_USERTYPE_NORMAL, false);
330     user.create();
331
332     AppInstallHelper app("sm_test_68", user.getUid());
333     app.setVersion("2.4");
334     ScopedInstaller appInstall(app);
335
336     app.createSharedRODir();
337
338     PathsRequest preq;
339     preq.setPkgId(app.getPkgId());
340     preq.setUid(app.getUID());
341     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
342
343     Api::registerPaths(preq);
344     check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
345 }
346
347 RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)
348 {
349     TemporaryTestUser user("sm_test_69_user_name", GUM_USERTYPE_NORMAL, false);
350     user.create();
351
352     AppInstallHelper app("sm_test_69", user.getUid());
353     ScopedInstaller appInstall(app);
354
355     app.createTrustedDir();
356
357     PathsRequest preq;
358     preq.setPkgId(app.getPkgId());
359     preq.setUid(app.getUID());
360     preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
361
362     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
363 }
364
365 RUNNER_TEST(security_manager_70_path_req_trusted_rw_positive)
366 {
367     TemporaryTestUser user("sm_test_70_user_name", GUM_USERTYPE_NORMAL, false);
368     user.create();
369
370     AppInstallHelper app("sm_test_70", user.getUid());
371     app.setAuthor("sm_test_70_author");
372     ScopedInstaller appInstall(app);
373
374     app.createTrustedDir();
375
376     PathsRequest preq;
377     preq.setPkgId(app.getPkgId());
378     preq.setUid(app.getUID());
379     preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
380
381     Api::registerPaths(preq);
382
383     // TODO: check labels, e.g. install second label with same author and compare them
384     //check_path(app.getTrustedDir(), generatePathTrustedLabel(authorDb));
385 }
Domain: Security / Uncategorized;