1 #include "internal/include/fb_generated.h"
2 #include "internal/naive_policy_checker.hpp"
3 #include "internal/policy.hpp"
4 #include "internal/serializer.hpp"
5 #include "internal/storage_backend_serialized.hpp"
6 #include "internal/storage_backend_xml.hpp"
7 #include "internal/tslog.hpp"
10 using namespace ldp_xml_parser;
11 using namespace ldp_serialized;
13 std::map<Decision, const char*> DECISIONS {
14 {Decision::ANY, "ANY" },
15 {Decision::ALLOW, "ALLOW" },
16 {Decision::DENY, "DENY" },
17 {Decision::CHECK, "CHECK" }
20 enum MessageDirection {
26 Decision expected_result;
32 const char* interface;
35 MessageDirection recv_send;
39 * This test set tests ability to parse xml db
40 * and check method call allowance in many use cases
43 struct MethodTest method_tests[]={
44 {Decision::ALLOW, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
45 {Decision::ALLOW, 0, 0, "test", "org.test.test3", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
47 {Decision::ALLOW, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
48 {Decision::ALLOW, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
50 {Decision::DENY, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
51 {Decision::ALLOW, 0, 0, "test", "org.test.test3", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
53 {Decision::DENY, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
54 {Decision::DENY, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
56 {Decision::ALLOW, 0, 0, "test", "test.te34.fg4 a.b.c.d.e org.test.test2", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
57 {Decision::DENY, 0, 0, "test", "test.te34.fg4 a.b.c.d.e", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
58 {Decision::ALLOW, 0, 0, "test", "org.test.test3", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
60 {Decision::ALLOW, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
61 {Decision::DENY, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
63 {Decision::DENY, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest2", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
64 {Decision::ALLOW, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest2", "NotKnown", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
67 void methodTest_print(const struct MethodTest* t, Decision result) {
68 printf("uid = %lu, gid = %lu, label = %s, name = %s, path = %s, interface = %s, member = %s, expected = %s, result = %s (type=%d)",
69 (unsigned long)t->user, (unsigned long)t->group, t->label, t->name, t->path, t->interface, t->member, DECISIONS[t->expected_result], DECISIONS[result], (int)t->recv_send);
72 template <typename DB, typename T>
73 Decision get_decision(DB &db, const MethodTest &test) {
77 T m_item = T(test.interface, test.member, test.path, test.type,
78 names.addSpaceSeparatedNames(test.name));
80 ret = db.getDecisionItemContextMandatory(m_item);
81 if (ret.getDecision() == Decision::ANY) {
82 ret = db.getDecisionItemUser(test.user, m_item);
84 if (ret.getDecision() == Decision::ANY) {
85 ret = db.getDecisionItemGroup(test.group, m_item);
87 if (ret.getDecision() == Decision::ANY) {
88 ret = db.getDecisionItemContextDefault(m_item);
90 return ret.getDecision();
93 template <typename DB>
94 bool method_test(DB &db) {
99 for (const auto& test : method_tests) {
100 if (test.recv_send == MessageDirection::SEND) {
101 decision = get_decision<DB, MatchItemSend>(db, test);
103 decision = get_decision<DB, MatchItemReceive>(db, test);
106 bool res = decision == test.expected_result;
108 printf("[ERROR][%d] method test failed: %s %s ", i++, DECISIONS[test.expected_result],
109 DECISIONS[decision]);
110 methodTest_print(&test, decision);
118 bool run_policy_db() {
119 policy_checker_system().initDb("tests/default_allow/system.conf");
120 auto &db = policy_checker_system().getPolicyDb();
121 printf("POLICY_DB:\n");
122 return method_test(db);
126 Serializer serializer;
129 const uint8_t *buff = serializer.serialize("tests/default_allow/system.conf", size);
131 StorageBackendSerialized storage;
132 storage.initFromData(buff);
133 printf("FLATBUFFERS:\n");
134 bool ret = method_test(storage);
139 // This will be filled in the future
144 return run_policy_db() && run_fb() && run_xml();