src/security-manager-tests/test_cases_register_paths.cpp

   1 /*
   2  * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *    Licensed under the Apache License, Version 2.0 (the "License");
   5  *    you may not use this file except in compliance with the License.
   6  *    You may obtain a copy of the License at
   7  *
   8  *        http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *    Unless required by applicable law or agreed to in writing, software
  11  *    distributed under the License is distributed on an "AS IS" BASIS,
  12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *    See the License for the specific language governing permissions and
  14  *    limitations under the License.
  15  */
  16 #include <cstdint>
  17 #include <string>
  18
  19 #include <app_install_helper.h>
  20 #include <dpl/test/test_runner.h>
  21 #include <label_generator.h>
  22 #include <scoped_installer.h>
  23 #include <sm_api.h>
  24 #include <sm_commons.h>
  25 #include <temp_test_user.h>
  26 #include <tests_common.h>
  27 #include <tzplatform.h>
  28
  29 using namespace SecurityManagerTest;
  30
  31 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_REGISTER_PATH)
  32
  33 RUNNER_TEST(security_manager_54_path_req_no_pkg)
  34 {
  35     TemporaryTestUser user("sm_test_54_user_name", GUM_USERTYPE_NORMAL, false);
  36     user.create();
  37
  38     AppInstallHelper app("sm_test_54", user.getUid());
  39     app.createPrivateDir();
  40
  41     PathsRequest req;
  42     req.setPkgId("non-existing-pkg-id");
  43     req.setUid(user.getUid());
  44     req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
  45
  46     Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
  47 }
  48
  49 RUNNER_TEST(security_manager_55_path_req_empty_pkg)
  50 {
  51     TemporaryTestUser user("sm_test_55_user_name", GUM_USERTYPE_NORMAL, false);
  52     user.create();
  53     AppInstallHelper app("sm_test_55", user.getUid());
  54     app.createPrivateDir();
  55
  56     PathsRequest req;
  57     req.setPkgId("");
  58     req.setUid(user.getUid());
  59     req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
  60
  61     Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
  62 }
  63
  64 RUNNER_TEST(security_manager_56_path_req_wrong_type)
  65 {
  66     PathsRequest req;
  67     req.setInstallType(SM_APP_INSTALL_END,
  68                        (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
  69     req.setInstallType((app_install_type)(SM_APP_INSTALL_NONE-1),
  70                        (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
  71 }
  72
  73 RUNNER_TEST(security_manager_57_path_req_wrong_uid)
  74 {
  75     TemporaryTestUser user("sm_test_57_user_name", GUM_USERTYPE_NORMAL, false);
  76     user.create();
  77
  78     AppInstallHelper app("sm_test_57", user.getUid());
  79     ScopedInstaller appInstall(app);
  80
  81     app.createPrivateDir();
  82     PathsRequest preq;
  83     preq.setPkgId(app.getPkgId());
  84     preq.setUid(-1);
  85     preq.setInstallType(SM_APP_INSTALL_LOCAL);
  86     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
  87
  88     // Not sure why this shouldn't be invalid param
  89     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_UNKNOWN);
  90 }
  91
  92 RUNNER_TEST(security_manager_58_path_req_empty_paths)
  93 {
  94     TemporaryTestUser user("sm_test_58_user_name", GUM_USERTYPE_NORMAL, false);
  95     user.create();
  96     AppInstallHelper app("sm_test_58", user.getUid());
  97
  98     PathsRequest req;
  99     req.setPkgId(app.getPkgId());
 100     req.setUid(user.getUid());
 101     Api::registerPaths(req);
 102 }
 103
 104 RUNNER_TEST(security_manager_59_path_req_as_root_positive)
 105 {
 106     TemporaryTestUser user("sm_test_59_user_name", GUM_USERTYPE_NORMAL, false);
 107     user.create();
 108
 109     AppInstallHelper app("sm_test_59", user.getUid());
 110     ScopedInstaller appInstall(app);
 111
 112     app.createPrivateDir();
 113     PathsRequest preq;
 114     preq.setPkgId(app.getPkgId());
 115     preq.setUid(user.getUid());
 116     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 117
 118     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
 119 }
 120
 121 RUNNER_TEST(security_manager_59a_path_req_as_root_positive_realpath_check)
 122 {
 123     TemporaryTestUser user("sm_test_59a_user_name", GUM_USERTYPE_NORMAL);
 124     user.create();
 125
 126     AppInstallHelper app("sm_test_59a", user.getUid());
 127     ScopedInstaller appInstall(app);
 128
 129     app.createPrivateDir();
 130     PathsRequest preq;
 131     preq.setPkgId(app.getPkgId());
 132     preq.setUid(user.getUid());
 133     std::string privPath = "/opt/.././" + app.getPrivateDir();
 134     size_t pos = privPath.find_last_of("/");
 135     std::string lastElem = privPath.substr(pos + 1);
 136
 137     preq.addPath(privPath + "/../" + lastElem, SECURITY_MANAGER_PATH_RW);
 138
 139     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
 140 }
 141
 142 RUNNER_CHILD_TEST(security_manager_60_path_req_as_user_positive)
 143 {
 144     TemporaryTestUser user("sm_test_60_user_name", GUM_USERTYPE_NORMAL, false);
 145     user.create();
 146
 147     AppInstallHelper app("sm_test_60", user.getUid());
 148     ScopedInstaller appInstall(app);
 149
 150     RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
 151                             "drop_root_privileges failed");
 152     app.createPrivateDir();
 153     PathsRequest preq;
 154     preq.setPkgId(app.getPkgId());
 155     preq.setUid(user.getUid());
 156     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 157
 158     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
 159 }
 160
 161 RUNNER_CHILD_TEST(security_manager_60a_path_req_as_user_positive_realpath_check)
 162 {
 163     TemporaryTestUser user("sm_test_60a_user_name", GUM_USERTYPE_NORMAL);
 164     user.create();
 165
 166     AppInstallHelper app("sm_test_60a", user.getUid());
 167     ScopedInstaller appInstall(app);
 168
 169     RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
 170                             "drop_root_privileges failed");
 171
 172     app.createPrivateDir();
 173     PathsRequest preq;
 174     preq.setPkgId(app.getPkgId());
 175     preq.setUid(user.getUid());
 176     std::string privPath = "/opt/.././" + app.getPrivateDir();
 177     size_t pos = privPath.find_last_of("/");
 178     std::string lastElem = privPath.substr(pos + 1);
 179
 180     preq.addPath(privPath + "/../" + lastElem, SECURITY_MANAGER_PATH_RW);
 181
 182     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
 183 }
 184
 185 RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
 186 {
 187     TemporaryTestUser user1("sm_test_61_1_user_name", GUM_USERTYPE_NORMAL, false);
 188     user1.create();
 189     TemporaryTestUser user2("sm_test_61_2_user_name", GUM_USERTYPE_NORMAL, false);
 190     user2.create();
 191
 192     AppInstallHelper app("sm_test_61", user2.getUid());
 193     ScopedInstaller appInstall(app);
 194
 195     app.createPrivateDir();
 196
 197     pid_t pid = fork();
 198     RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
 199     if (pid == 0) { // child
 200         RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user1.getUid(), user1.getGid()) == 0,
 201                                 "drop_root_privileges failed");
 202
 203         PathsRequest preq;
 204         preq.setPkgId(app.getPkgId());
 205         preq.setUid(user2.getUid());
 206         preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 207
 208         Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
 209     } else {
 210         waitPid(pid);
 211     }
 212 }
 213
 214 static void checkOutsidePath(const std::string& pkgId, uid_t uid, const std::string& path)
 215 {
 216     PathsRequest preq;
 217     preq.setPkgId(pkgId);
 218     preq.setUid(uid);
 219     preq.addPath(path, SECURITY_MANAGER_PATH_RW);
 220
 221     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
 222 }
 223
 224 RUNNER_TEST(security_manager_62_path_req_path_outside)
 225 {
 226     TemporaryTestUser user1("sm_test_62_1_user_name", GUM_USERTYPE_NORMAL, false);
 227     user1.create();
 228     TemporaryTestUser user2("sm_test_62_2_user_name", GUM_USERTYPE_NORMAL, false);
 229     user2.create();
 230
 231     AppInstallHelper app("sm_test_62", user1.getUid());
 232     AppInstallHelper differentUserApp("sm_test_62", user2.getUid());
 233     AppInstallHelper unknownApp("sm_test_62_unknown", user1.getUid());
 234
 235     ScopedInstaller appInstall(app);
 236
 237     checkOutsidePath(app.getPkgId(), app.getUID(), unknownApp.getPrivateDir());
 238     checkOutsidePath(app.getPkgId(), app.getUID(), differentUserApp.getPrivateDir());
 239     checkOutsidePath(app.getPkgId(), app.getUID(), std::string("/home/") + user1.getUserName());
 240 }
 241
 242 RUNNER_CHILD_TEST(security_manager_63a_path_req_as_user)
 243 {
 244     TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
 245     user.create();
 246
 247     AppInstallHelper app("sm_test_63", user.getUid());
 248     ScopedInstaller appInstall(app);
 249
 250     app.createPrivateDir();
 251
 252     int result = drop_root_privileges(user.getUid(), user.getGid());
 253     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
 254
 255     PathsRequest preq;
 256     preq.setPkgId(app.getPkgId());
 257     preq.setUid(app.getUID());
 258     preq.setInstallType(SM_APP_INSTALL_GLOBAL);
 259     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 260
 261     Api::registerPaths(preq, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
 262 }
 263
 264 RUNNER_CHILD_TEST(security_manager_63b_path_req_preloaded_as_user)
 265 {
 266     TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
 267     user.create();
 268
 269     AppInstallHelper app("sm_test_63", user.getUid());
 270     ScopedInstaller appInstall(app);
 271
 272     app.createPrivateDir();
 273
 274     int result = drop_root_privileges(user.getUid(), user.getGid());
 275     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
 276
 277     PathsRequest preq;
 278     preq.setPkgId(app.getPkgId());
 279     preq.setUid(app.getUID());
 280     preq.setInstallType(SM_APP_INSTALL_PRELOADED);
 281     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 282
 283     Api::registerPaths(preq, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
 284 }
 285
 286 RUNNER_TEST(security_manager_64a_path_req_as_local_as_root)
 287 {
 288     TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
 289     user.create();
 290
 291     AppInstallHelper app("sm_test_64", user.getUid());
 292     ScopedInstaller appInstall(app);
 293
 294     app.createPrivateDir();
 295
 296     PathsRequest preq;
 297     preq.setPkgId(app.getPkgId());
 298     preq.setUid(app.getUID());
 299     preq.setInstallType(SM_APP_INSTALL_LOCAL);
 300     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 301
 302     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
 303 }
 304
 305 RUNNER_CHILD_TEST(security_manager_64b_path_req_as_local_as_global_user)
 306 {
 307     TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
 308     user.create();
 309
 310     AppInstallHelper app("sm_test_64", user.getUid());
 311     ScopedInstaller appInstall(app);
 312
 313     app.createPrivateDir();
 314
 315     RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(TzPlatformConfig::getGlobalUserId(),
 316                                                  TzPlatformConfig::getGlobalGroupId()) == 0,
 317                             "drop_root_privileges failed");
 318
 319     PathsRequest preq;
 320     preq.setPkgId(app.getPkgId());
 321     preq.setUid(app.getUID());
 322     preq.setInstallType(SM_APP_INSTALL_LOCAL);
 323     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 324
 325     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
 326 }
 327
 328 RUNNER_TEST(security_manager_66_path_req_check_labels)
 329 {
 330     AppInstallHelper app("sm_test_66");
 331
 332     ScopedInstaller appInstall(app);
 333
 334     app.createPrivateDir();
 335     app.createPrivateRODir();
 336     app.createPublicDir();
 337     app.createSharedRODir();
 338
 339     PathsRequest preq;
 340     preq.setPkgId(app.getPkgId());
 341     preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
 342     preq.addPath(app.getPrivateRODir(), SECURITY_MANAGER_PATH_RO);
 343     preq.addPath(app.getPublicDir(), SECURITY_MANAGER_PATH_PUBLIC_RO);
 344     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 345     Api::registerPaths(preq);
 346
 347     check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
 348     check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
 349     check_path(app.getPublicDir(), getPublicPathLabel());
 350     check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
 351 }
 352
 353 RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
 354 {
 355     TemporaryTestUser user("sm_test_67_user_name", GUM_USERTYPE_NORMAL, false);
 356     user.create();
 357
 358     AppInstallHelper app("sm_test_67", user.getUid());
 359     app.setVersion("3.0");
 360     ScopedInstaller appInstall(app);
 361
 362     app.createSharedRODir();
 363
 364     PathsRequest preq;
 365     preq.setPkgId(app.getPkgId());
 366     preq.setUid(app.getUID());
 367     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 368
 369     Api::registerPaths(preq);
 370     check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
 371 }
 372
 373 RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
 374 {
 375     TemporaryTestUser user("sm_test_68_user_name", GUM_USERTYPE_NORMAL, false);
 376     user.create();
 377
 378     AppInstallHelper app("sm_test_68", user.getUid());
 379     app.setVersion("2.4");
 380     ScopedInstaller appInstall(app);
 381
 382     app.createSharedRODir();
 383
 384     PathsRequest preq;
 385     preq.setPkgId(app.getPkgId());
 386     preq.setUid(app.getUID());
 387     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 388
 389     Api::registerPaths(preq);
 390     check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
 391 }
 392
 393 RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)
 394 {
 395     TemporaryTestUser user("sm_test_69_user_name", GUM_USERTYPE_NORMAL, false);
 396     user.create();
 397
 398     AppInstallHelper app("sm_test_69", user.getUid());
 399     ScopedInstaller appInstall(app);
 400
 401     app.createTrustedDir();
 402
 403     PathsRequest preq;
 404     preq.setPkgId(app.getPkgId());
 405     preq.setUid(app.getUID());
 406     preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
 407
 408     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
 409 }
 410
 411 RUNNER_TEST(security_manager_70_path_req_trusted_rw_positive)
 412 {
 413     TemporaryTestUser user("sm_test_70_user_name", GUM_USERTYPE_NORMAL, false);
 414     user.create();
 415
 416     AppInstallHelper app("sm_test_70", user.getUid());
 417     app.setAuthor("sm_test_70_author");
 418     ScopedInstaller appInstall(app);
 419
 420     app.createTrustedDir();
 421
 422     PathsRequest preq;
 423     preq.setPkgId(app.getPkgId());
 424     preq.setUid(app.getUID());
 425     preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
 426
 427     Api::registerPaths(preq);
 428
 429     // TODO: check labels, e.g. install second label with same author and compare them
 430     //check_path(app.getTrustedDir(), generatePathTrustedLabel(authorDb));
 431 }