src/security-manager-tests/test_cases_register_paths.cpp

   1 /*
   2  * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *    Licensed under the Apache License, Version 2.0 (the "License");
   5  *    you may not use this file except in compliance with the License.
   6  *    You may obtain a copy of the License at
   7  *
   8  *        http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *    Unless required by applicable law or agreed to in writing, software
  11  *    distributed under the License is distributed on an "AS IS" BASIS,
  12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *    See the License for the specific language governing permissions and
  14  *    limitations under the License.
  15  */
  16 #include <cstdint>
  17 #include <string>
  18
  19 #include <app_install_helper.h>
  20 #include <dpl/test/test_runner.h>
  21 #include <scoped_installer.h>
  22 #include <sm_api.h>
  23 #include <sm_commons.h>
  24 #include <temp_test_user.h>
  25 #include <tests_common.h>
  26 #include <tzplatform.h>
  27
  28 using namespace SecurityManagerTest;
  29
  30 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_REGISTER_PATH)
  31
  32 RUNNER_TEST(security_manager_54_path_req_no_pkg)
  33 {
  34     TemporaryTestUser user("sm_test_54_user_name", GUM_USERTYPE_NORMAL, false);
  35     user.create();
  36
  37     AppInstallHelper app("sm_test_54", user.getUid());
  38     app.createPrivateDir();
  39
  40     PathsRequest req;
  41     req.setPkgId("non-existing-pkg-id");
  42     req.setUid(user.getUid());
  43     req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
  44
  45     Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
  46 }
  47
  48 RUNNER_TEST(security_manager_55_path_req_empty_pkg)
  49 {
  50     TemporaryTestUser user("sm_test_55_user_name", GUM_USERTYPE_NORMAL, false);
  51     user.create();
  52     AppInstallHelper app("sm_test_55", user.getUid());
  53     app.createPrivateDir();
  54
  55     PathsRequest req;
  56     req.setPkgId("");
  57     req.setUid(user.getUid());
  58     req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
  59
  60     Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
  61 }
  62
  63 RUNNER_TEST(security_manager_56_path_req_wrong_type)
  64 {
  65     PathsRequest req;
  66     req.setInstallType(SM_APP_INSTALL_END,
  67                        (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
  68     req.setInstallType((app_install_type)(SM_APP_INSTALL_NONE-1),
  69                        (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
  70 }
  71
  72 RUNNER_TEST(security_manager_57_path_req_wrong_uid)
  73 {
  74     TemporaryTestUser user("sm_test_57_user_name", GUM_USERTYPE_NORMAL, false);
  75     user.create();
  76
  77     AppInstallHelper app("sm_test_57", user.getUid());
  78     ScopedInstaller appInstall(app);
  79
  80     app.createPrivateDir();
  81     PathsRequest preq;
  82     preq.setPkgId(app.getPkgId());
  83     preq.setUid(-1);
  84     preq.setInstallType(SM_APP_INSTALL_LOCAL);
  85     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
  86
  87     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
  88 }
  89
  90 RUNNER_TEST(security_manager_58_path_req_empty_paths)
  91 {
  92     TemporaryTestUser user("sm_test_58_user_name", GUM_USERTYPE_NORMAL, false);
  93     user.create();
  94     AppInstallHelper app("sm_test_58", user.getUid());
  95
  96     PathsRequest req;
  97     req.setPkgId(app.getPkgId());
  98     req.setUid(user.getUid());
  99     Api::registerPaths(req);
 100 }
 101
 102 RUNNER_TEST(security_manager_59_path_req_as_root_positive)
 103 {
 104     TemporaryTestUser user("sm_test_59_user_name", GUM_USERTYPE_NORMAL, false);
 105     user.create();
 106
 107     AppInstallHelper app("sm_test_59", user.getUid());
 108     ScopedInstaller appInstall(app);
 109
 110     app.createPrivateDir();
 111     PathsRequest preq;
 112     preq.setPkgId(app.getPkgId());
 113     preq.setUid(user.getUid());
 114     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 115
 116     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
 117 }
 118
 119 RUNNER_CHILD_TEST(security_manager_60_path_req_as_user_positive)
 120 {
 121     TemporaryTestUser user("sm_test_60_user_name", GUM_USERTYPE_NORMAL, false);
 122     user.create();
 123
 124     AppInstallHelper app("sm_test_60", user.getUid());
 125     ScopedInstaller appInstall(app);
 126
 127     RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
 128                             "drop_root_privileges failed");
 129     app.createPrivateDir();
 130     PathsRequest preq;
 131     preq.setPkgId(app.getPkgId());
 132     preq.setUid(user.getUid());
 133     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 134
 135     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
 136 }
 137
 138 RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
 139 {
 140     TemporaryTestUser user1("sm_test_61_1_user_name", GUM_USERTYPE_NORMAL, false);
 141     user1.create();
 142     TemporaryTestUser user2("sm_test_61_2_user_name", GUM_USERTYPE_NORMAL, false);
 143     user2.create();
 144
 145     AppInstallHelper app("sm_test_61", user2.getUid());
 146     ScopedInstaller appInstall(app);
 147
 148     app.createPrivateDir();
 149
 150     pid_t pid = fork();
 151     RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
 152     if (pid == 0) { // child
 153         RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user1.getUid(), user1.getGid()) == 0,
 154                                 "drop_root_privileges failed");
 155
 156         PathsRequest preq;
 157         preq.setPkgId(app.getPkgId());
 158         preq.setUid(user2.getUid());
 159         preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 160
 161         Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
 162     } else {
 163         waitPid(pid);
 164     }
 165 }
 166
 167 static void checkOutsidePath(const std::string& pkgId, uid_t uid, const std::string& path)
 168 {
 169     PathsRequest preq;
 170     preq.setPkgId(pkgId);
 171     preq.setUid(uid);
 172     preq.addPath(path, SECURITY_MANAGER_PATH_RW);
 173
 174     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
 175 }
 176
 177 RUNNER_TEST(security_manager_62_path_req_path_outside)
 178 {
 179     TemporaryTestUser user1("sm_test_62_1_user_name", GUM_USERTYPE_NORMAL, false);
 180     user1.create();
 181     TemporaryTestUser user2("sm_test_62_2_user_name", GUM_USERTYPE_NORMAL, false);
 182     user2.create();
 183
 184     AppInstallHelper app("sm_test_62", user1.getUid());
 185     AppInstallHelper differentUserApp("sm_test_62", user2.getUid());
 186     AppInstallHelper unknownApp("sm_test_62_unknown", user1.getUid());
 187
 188     ScopedInstaller appInstall(app);
 189
 190     checkOutsidePath(app.getPkgId(), app.getUID(), unknownApp.getPrivateDir());
 191     checkOutsidePath(app.getPkgId(), app.getUID(), differentUserApp.getPrivateDir());
 192     checkOutsidePath(app.getPkgId(), app.getUID(), std::string("/home/") + user1.getUserName());
 193 }
 194
 195 RUNNER_CHILD_TEST(security_manager_63a_path_req_as_user)
 196 {
 197     TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
 198     user.create();
 199
 200     AppInstallHelper app("sm_test_63", user.getUid());
 201     ScopedInstaller appInstall(app);
 202
 203     app.createPrivateDir();
 204
 205     int result = drop_root_privileges(user.getUid(), user.getGid());
 206     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
 207
 208     PathsRequest preq;
 209     preq.setPkgId(app.getPkgId());
 210     preq.setUid(app.getUID());
 211     preq.setInstallType(SM_APP_INSTALL_GLOBAL);
 212     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 213
 214     Api::registerPaths(preq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
 215 }
 216
 217 RUNNER_CHILD_TEST(security_manager_63b_path_req_preloaded_as_user)
 218 {
 219     TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
 220     user.create();
 221
 222     AppInstallHelper app("sm_test_63", user.getUid());
 223     ScopedInstaller appInstall(app);
 224
 225     app.createPrivateDir();
 226
 227     int result = drop_root_privileges(user.getUid(), user.getGid());
 228     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
 229
 230     PathsRequest preq;
 231     preq.setPkgId(app.getPkgId());
 232     preq.setUid(app.getUID());
 233     preq.setInstallType(SM_APP_INSTALL_PRELOADED);
 234     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 235
 236     Api::registerPaths(preq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
 237 }
 238
 239 RUNNER_TEST(security_manager_64a_path_req_as_local_as_root)
 240 {
 241     TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
 242     user.create();
 243
 244     AppInstallHelper app("sm_test_64", user.getUid());
 245     ScopedInstaller appInstall(app);
 246
 247     app.createPrivateDir();
 248
 249     PathsRequest preq;
 250     preq.setPkgId(app.getPkgId());
 251     preq.setUid(app.getUID());
 252     preq.setInstallType(SM_APP_INSTALL_LOCAL);
 253     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 254
 255     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
 256 }
 257
 258 RUNNER_CHILD_TEST(security_manager_64b_path_req_as_local_as_global_user)
 259 {
 260     TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
 261     user.create();
 262
 263     AppInstallHelper app("sm_test_64", user.getUid());
 264     ScopedInstaller appInstall(app);
 265
 266     app.createPrivateDir();
 267
 268     RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(TzPlatformConfig::getGlobalUserId(),
 269                                                  TzPlatformConfig::getGlobalGroupId()) == 0,
 270                             "drop_root_privileges failed");
 271
 272     PathsRequest preq;
 273     preq.setPkgId(app.getPkgId());
 274     preq.setUid(app.getUID());
 275     preq.setInstallType(SM_APP_INSTALL_LOCAL);
 276     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 277
 278     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
 279 }
 280
 281 RUNNER_TEST(security_manager_66_path_req_check_labels)
 282 {
 283     AppInstallHelper app("sm_test_66");
 284
 285     ScopedInstaller appInstall(app);
 286
 287     app.createPrivateDir();
 288     app.createPrivateRODir();
 289     app.createPublicDir();
 290     app.createSharedRODir();
 291
 292     PathsRequest preq;
 293     preq.setPkgId(app.getPkgId());
 294     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 295     preq.addPath(app.getPrivateRODir(), SECURITY_MANAGER_PATH_RO);
 296     preq.addPath(app.getPublicDir(), SECURITY_MANAGER_PATH_PUBLIC_RO);
 297     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 298     Api::registerPaths(preq);
 299
 300     check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
 301     check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
 302     check_path(app.getPublicDir(), getPublicPathLabel());
 303     check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
 304 }
 305
 306 RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
 307 {
 308     TemporaryTestUser user("sm_test_67_user_name", GUM_USERTYPE_NORMAL, false);
 309     user.create();
 310
 311     AppInstallHelper app("sm_test_67", user.getUid());
 312     app.setVersion("3.0");
 313     ScopedInstaller appInstall(app);
 314
 315     app.createSharedRODir();
 316
 317     PathsRequest preq;
 318     preq.setPkgId(app.getPkgId());
 319     preq.setUid(app.getUID());
 320     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 321
 322     Api::registerPaths(preq);
 323     check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
 324 }
 325
 326 RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
 327 {
 328     TemporaryTestUser user("sm_test_68_user_name", GUM_USERTYPE_NORMAL, false);
 329     user.create();
 330
 331     AppInstallHelper app("sm_test_68", user.getUid());
 332     app.setVersion("2.4");
 333     ScopedInstaller appInstall(app);
 334
 335     app.createSharedRODir();
 336
 337     PathsRequest preq;
 338     preq.setPkgId(app.getPkgId());
 339     preq.setUid(app.getUID());
 340     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 341
 342     Api::registerPaths(preq);
 343     check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
 344 }
 345
 346 RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)
 347 {
 348     TemporaryTestUser user("sm_test_69_user_name", GUM_USERTYPE_NORMAL, false);
 349     user.create();
 350
 351     AppInstallHelper app("sm_test_69", user.getUid());
 352     ScopedInstaller appInstall(app);
 353
 354     app.createTrustedDir();
 355
 356     PathsRequest preq;
 357     preq.setPkgId(app.getPkgId());
 358     preq.setUid(app.getUID());
 359     preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
 360
 361     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
 362 }
 363
 364 RUNNER_TEST(security_manager_70_path_req_trusted_rw_positive)
 365 {
 366     TemporaryTestUser user("sm_test_70_user_name", GUM_USERTYPE_NORMAL, false);
 367     user.create();
 368
 369     AppInstallHelper app("sm_test_70", user.getUid());
 370     app.setAuthor("sm_test_70_author");
 371     ScopedInstaller appInstall(app);
 372
 373     app.createTrustedDir();
 374
 375     PathsRequest preq;
 376     preq.setPkgId(app.getPkgId());
 377     preq.setUid(app.getUID());
 378     preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
 379
 380     Api::registerPaths(preq);
 381
 382     // TODO: check labels, e.g. install second label with same author and compare them
 383     //check_path(app.getTrustedDir(), generatePathTrustedLabel(authorDb));
 384 }