projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merging tizen into ckm. Stage 1.
[platform/core/test/security-tests.git] / src / security-server-tests / cookie_api.cpp
1 /*
2  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
3  */
4
5 /*
6  * @file    security_server_tests_cookie_api.cpp
7  * @author  Pawel Polawski (p.polawski@partner.samsung.com)
8  * @version 1.0
9  * @brief   Test cases for security server cookie api
10  *
11  */
12
13 /*
14 Tested API functions in this file:
15
16     int security_server_get_cookie_size(void);
17     int security_server_request_cookie(char *cookie, size_t bufferSize);
18
19     int security_server_check_privilege(const char *cookie, gid_t privilege);
20     int security_server_check_privilege_by_cookie(const char *cookie,
21                                                   const char *object,
22                                                   const char *access_rights);
23     int security_server_get_cookie_pid(const char *cookie);
24     char *security_server_get_smacklabel_cookie(const char *cookie);
25     int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
26     int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
27 */
28
29 #include <dpl/test/test_runner.h>
30 #include <dpl/test/test_runner_multiprocess.h>
31 #include <tests_common.h>
32 #include <sys/smack.h>
33 #include <cstddef>
34 #include <sys/types.h>
35 #include <unistd.h>
36 #include <access_provider.h>
37 #include <security-server.h>
38 #include <smack_access.h>
39 #include <security_server_tests_common.h>
40 #include <memory.h>
41
42 const char *ROOT_USER = "root";
43 const char *PROC_AUDIO_GROUP_NAME = "audio";
44
45 const int KNOWN_COOKIE_SIZE = 20;
46
47 RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
48
49 /*
50  * **************************************************************************
51  * Test cases fot check various functions input params cases
52  * **************************************************************************
53  */
54
55 //---------------------------------------------------------------------------
56 //passing nullptr as a buffer pointer
57 RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
58 {
59     int ret = security_server_request_cookie(nullptr, KNOWN_COOKIE_SIZE);
60     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
61                       "Error in security_server_request_cookie() argument checking: " << ret);
62 }
63
64 //passing too small value as a buffer size
65 RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
66 {
67     Cookie cookie(KNOWN_COOKIE_SIZE);
68
69     int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
70     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
71                       "Error in security_server_request_cookie() argument checking: " << ret);
72 }
73
74 //---------------------------------------------------------------------------
75 //passing nullptr as a cookie pointer
76 RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
77 {
78     int ret = security_server_check_privilege(nullptr, 0);
79     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
80                       "Error in security_server_check_privilege() argument checking: " << ret);
81 }
82
83 //---------------------------------------------------------------------------
84 //passing nullptr as a cookie pointer
85 RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
86 {
87     RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
88     int ret = security_server_check_privilege_by_cookie(nullptr, "wiadro", "rwx");
89     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
90                       "Error in security_server_check_privilege_by_cookie() argument checking: "
91                       << ret);
92 }
93
94 //passing nullptr as an object pointer
95 RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
96 {
97     RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
98     Cookie cookie = getCookieFromSS();
99
100     int ret = security_server_check_privilege_by_cookie(cookie.data(), nullptr, "rwx");
101     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
102                       "Error in security_server_check_privilege_by_cookie() argument checking: "
103                       << ret);
104 }
105
106 //passing nullptr as an access pointer
107 RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
108 {
109     RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
110     Cookie cookie = getCookieFromSS();
111
112     int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", nullptr);
113     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
114                       "Error in security_server_check_privilege_by_cookie() argument checking: "
115                       << ret);
116 }
117
118 //---------------------------------------------------------------------------
119 //passing nullptr as a cookie pointer
120 RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
121 {
122     int ret = security_server_get_cookie_pid(nullptr);
123     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
124                       "Error in security_server_get_cookie_pid() argument checking: " << ret);
125 }
126
127 //getting pid of non existing cookie
128 RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
129 {
130     const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
131     RUNNER_ASSERT(security_server_get_cookie_pid(wrong_cookie) ==
132                   SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
133 }
134
135 //---------------------------------------------------------------------------
136 //passing nullptr as a cookie pointer
137 RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
138 {
139     char *label = nullptr;
140     label = security_server_get_smacklabel_cookie(nullptr);
141     RUNNER_ASSERT_MSG(label == nullptr,
142                       "Error in security_server_get_smacklabel_cookie() argument checking");
143 }
144
145
146
147 /*
148  * **************************************************************************
149  * Unit tests for each function from API
150  * **************************************************************************
151  */
152
153 //---------------------------------------------------------------------------
154 //root has access to API
155 RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
156 {
157     int ret = security_server_get_cookie_size();
158     RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
159                       "Error in security_server_get_cookie_size(): " << ret);
160 }
161
162 //---------------------------------------------------------------------------
163 // Get cookie size when smack is not loaded
164 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
165 {
166     int ret;
167
168     ret = drop_root_privileges();
169     RUNNER_ASSERT_MSG(ret == 0,
170             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
171     ret = security_server_get_cookie_size();
172     RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
173 }
174
175 //---------------------------------------------------------------------------
176 // Test setting up a cookie in normal case when smack is not loaded
177 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
178 {
179     int ret;
180     int cookieSize = security_server_get_cookie_size();
181     Cookie cookie(cookieSize);
182
183     ret = drop_root_privileges();
184     RUNNER_ASSERT_MSG(ret == 0,
185             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
186
187     ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
188     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
189 }
190
191 //---------------------------------------------------------------------------
192 // Test setting up a cookie when smack is not loaded but with too small
193 // buffer size
194 RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
195 {
196     int ret;
197     int cookieSize = security_server_get_cookie_size();
198     Cookie cookie(cookieSize);
199
200     ret = drop_root_privileges();
201     RUNNER_ASSERT_MSG(ret == 0,
202             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
203
204     ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
205     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
206 }
207
208 //---------------------------------------------------------------------------
209 // Get cookie size when smack is loaded
210 RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
211 {
212     SecurityServer::AccessProvider provider("selflabel_01_05");
213     provider.applyAndSwithToUser(APP_UID, APP_GID);
214
215     int ret = security_server_get_cookie_size();
216     RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
217                       "Error in security_server_get_cookie_size(): " << ret);
218 }
219
220 //---------------------------------------------------------------------------
221 //root has access to API
222 RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
223 {
224     int cookieSize = security_server_get_cookie_size();
225     RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
226                     "Error in security_server_get_cookie_size(): " << cookieSize);
227
228     Cookie cookie(cookieSize);
229     int ret = security_server_request_cookie(cookie.data(), cookie.size());
230     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
231                     "Error in security_server_request_cookie(): " << ret);
232 }
233
234 //---------------------------------------------------------------------------
235 // Test setting up a cookie in normal case when smack is loaded
236 RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
237 {
238     int cookieSize = security_server_get_cookie_size();
239     RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
240                       "Error in security_server_get_cookie_size(): " << cookieSize);
241
242     SecurityServer::AccessProvider provider("selflabel_02_01");
243     provider.allowSS();
244     provider.applyAndSwithToUser(APP_UID, APP_GID);
245
246     Cookie cookie(cookieSize);
247     int ret = security_server_request_cookie(cookie.data(), cookie.size());
248     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
249                       "Error in security_server_request_cookie(): " << ret);
250 }
251
252 //---------------------------------------------------------------------------
253 // Test setting up a cookie when smack is loaded but with too small buffer
254 // size
255 RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
256 {
257     int cookieSize = security_server_get_cookie_size();
258     RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
259                       "Error in security_server_get_cookie_size(): " << cookieSize);
260     cookieSize >>= 1;
261
262     SecurityServer::AccessProvider provider("selflabel_02_02");
263     provider.applyAndSwithToUser(APP_UID, APP_GID);
264
265     Cookie cookie(cookieSize);
266     int ret = security_server_request_cookie(cookie.data(), cookie.size());
267     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
268                       "Error in security_server_request_cookie(): " << ret);
269 }
270
271 //---------------------------------------------------------------------------
272 //root has access to API
273 RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
274 {
275     Cookie cookie = getCookieFromSS();
276
277     int ret = security_server_check_privilege(cookie.data(), 0);
278     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
279                       "Error in security_server_check_privilege(): " << ret);
280 }
281
282 //privileges drop and no smack rule
283 RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
284 {
285     Cookie cookie = getCookieFromSS();
286
287     SecurityServer::AccessProvider provider("selflabel_03_02");
288     provider.applyAndSwithToUser(APP_UID, APP_GID);
289
290     int ret = security_server_check_privilege(cookie.data(), 0);
291     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
292                       "security_server_check_privilege() should return access denied: " << ret);
293 }
294
295 //privileges drop and added smack rule
296 RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
297 {
298     Cookie cookie = getCookieFromSS();
299
300     SecurityServer::AccessProvider provider("selflabel_03_03");
301     provider.allowSS();
302     provider.applyAndSwithToUser(APP_UID, APP_GID);
303
304     int ret = security_server_check_privilege(cookie.data(), 0);
305     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
306                       "Error in security_server_check_privilege(): " << ret);
307 }
308
309 // invalid gid
310 RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg)
311 {
312     remove_process_group(PROC_AUDIO_GROUP_NAME);
313
314     Cookie cookie = getCookieFromSS();
315     int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
316     RUNNER_ASSERT_MSG(audio_gid > -1,
317                          "security_server_get_gid() failed. result = " << audio_gid);
318
319     int ret = security_server_check_privilege(cookie.data(), audio_gid);
320
321     // security_server_check_privilege fails, because the process does not belong to "audio" group
322     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
323 }
324
325 // add gid
326 RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege)
327 {
328     add_process_group(PROC_AUDIO_GROUP_NAME);
329
330     Cookie cookie = getCookieFromSS();
331     int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
332     RUNNER_ASSERT_MSG(audio_gid > -1,
333                          "security_server_get_gid() failed. result = " << audio_gid);
334
335     int ret = security_server_check_privilege(cookie.data(), audio_gid);
336     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
337 }
338
339 // test invalid cookie name
340 RUNNER_TEST(tc_unit_03_06_security_server_check_privilege)
341 {
342     // create invalid cookie
343     int size = security_server_get_cookie_size();
344     RUNNER_ASSERT_MSG(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
345
346     Cookie cookie(size);
347     cookie[0] = 'a';
348     int ret = security_server_check_privilege(cookie.data(), 0);
349     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
350 }
351
352 //---------------------------------------------------------------------------
353 //root has access to API
354 RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
355 {
356     Cookie cookie = getCookieFromSS();
357
358     int ret = security_server_get_cookie_pid(cookie.data());
359     RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
360
361     int pid = getpid();
362     RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
363 }
364
365 //privileges drop and no smack rule
366 RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
367 {
368     Cookie cookie = getCookieFromSS();
369
370     SecurityServer::AccessProvider provider("selflabel_05_02");
371     provider.applyAndSwithToUser(APP_UID, APP_GID);
372
373     int ret = security_server_get_cookie_pid(cookie.data());
374     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
375                       "security_server_get_cookie_pid() should return access denied: " << ret);
376 }
377
378 //privileges drop and added smack rule
379 RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
380 {
381     Cookie cookie = getCookieFromSS();
382
383     SecurityServer::AccessProvider provider("selflabel_05_03");
384     provider.allowSS();
385     provider.applyAndSwithToUser(APP_UID, APP_GID);
386
387     int ret = security_server_get_cookie_pid(cookie.data());
388     RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
389
390     int pid = getpid();
391     RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
392 }
393
394 //---------------------------------------------------------------------------
395 //root has access to API
396 RUNNER_CHILD_TEST_SMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_smack)
397 {
398     setLabelForSelf(__LINE__, "selflabel_06_01");
399
400     Cookie cookie = getCookieFromSS();
401
402     CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
403     RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_01") == 0,
404                       "No match in smack label received from cookie, received label: "
405                       << label.get());
406 }
407
408 //---------------------------------------------------------------------------
409 //root has access to API
410 RUNNER_CHILD_TEST_NOSMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_nosmack)
411 {
412     Cookie cookie = getCookieFromSS();
413
414     char *receivedLabel = security_server_get_smacklabel_cookie(cookie.data());
415     RUNNER_ASSERT_MSG(receivedLabel != nullptr,
416                          "security_server_get_smacklabel_cookie returned nullptr");
417     std::string label(receivedLabel);
418     free(receivedLabel);
419     RUNNER_ASSERT_MSG(label.empty(),
420                          "security_server_get_smacklabel_cookie returned: "
421                          << label);
422 }
423
424 //privileges drop and no smack rule
425 RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
426 {
427     Cookie cookie = getCookieFromSS();
428
429     SecurityServer::AccessProvider provider("selflabel_06_02");
430     provider.applyAndSwithToUser(APP_UID, APP_GID);
431
432     CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
433     RUNNER_ASSERT_MSG(label.get() == nullptr,
434                       "nullptr should be received due to access denied, received label: "
435                       << label.get());
436 }
437
438 //privileges drop and added smack rule
439 RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
440 {
441     SecurityServer::AccessProvider provider("selflabel_06_03");
442     provider.allowSS();
443     provider.applyAndSwithToUser(APP_UID, APP_GID);
444
445     Cookie cookie = getCookieFromSS();
446
447     CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
448     RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_03") == 0,
449                       "No match in smack label received from cookie, received label: "
450                       << label.get());
451 }
452
453 //---------------------------------------------------------------------------
454 // apply smack labels and drop privileges
455 RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
456 {
457     add_process_group(PROC_AUDIO_GROUP_NAME);
458
459     SecurityServer::AccessProvider provider("subject_1d6eda7d");
460     provider.allowSS();
461     provider.applyAndSwithToUser(APP_UID, APP_GID);
462
463     Cookie cookie = getCookieFromSS();
464
465     int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
466     RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
467                          << "\" gid. Result: " << ret);
468
469     ret = security_server_check_privilege(cookie.data(), ret);
470     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
471
472     int root_gid = security_server_get_gid(ROOT_USER);
473     RUNNER_ASSERT_MSG(root_gid > -1, "root_gid: " << root_gid);
474
475     ret = security_server_get_cookie_pid(cookie.data());
476     RUNNER_ASSERT_MSG(ret == getpid(), "ret: " << ret);
477
478     CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
479     RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "ss_label: " << ss_label.get());
480
481     RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
482
483     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
484     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
485 }
486
487 // disable access and drop privileges
488 RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny)
489 {
490     SecurityServer::AccessProvider provider("subject_1d414140");
491
492     Cookie cookie = getCookieFromSS();
493
494     provider.applyAndSwithToUser(APP_UID, APP_GID);
495
496     int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
497     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
498             "security_server_check_privilege should return access denied, "
499             "ret: " << ret);
500
501     ret = security_server_get_gid(ROOT_USER);
502     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
503             "security_server_get_gid should return access denied, "
504             "ret: " << ret);
505
506     ret = security_server_get_cookie_pid(cookie.data());
507     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
508             "security_server_get_cookie_pid should return access denied, "
509             "ret: " << ret);
510
511     CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
512     RUNNER_ASSERT_MSG(ss_label.get() == nullptr,
513             "access should be denied so label should be nullptr: " << ss_label.get());
514
515     RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
516
517     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
518     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
519             "security_server_check_privilege_by_pid should return access denied, "
520             "ret: " << ret);
521 }
522
523 // NOSMACK version of the test above
524 RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
525 {
526     add_process_group(PROC_AUDIO_GROUP_NAME);
527
528     // drop root privileges
529     int ret = drop_root_privileges();
530     RUNNER_ASSERT_MSG(ret == 0,
531             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
532
533     Cookie cookie = getCookieFromSS();
534
535     ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
536     RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
537                          << "\" gid. Result: " << ret);
538
539     ret = security_server_check_privilege(cookie.data(), ret);
540     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
541                          "check_privilege failed. Result: " << ret);
542
543     ret = security_server_get_gid(ROOT_USER);
544     RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
545
546     ret = security_server_get_cookie_pid(cookie.data());
547     RUNNER_ASSERT_MSG(ret == getpid(),
548             "get_cookie_pid returned different pid than it should. Result: " << ret);
549
550     CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
551     RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "get_smacklabel_cookie failed.");
552
553     RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
554
555     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
556     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
557                          "check_privilege_by_pid failed. Result: " << ret);
558 }
Domain: Security / Uncategorized;