1 #include "internal/include/fb_generated.h"
2 #include "internal/naive_policy_checker.hpp"
3 #include "internal/policy.hpp"
4 #include "internal/serializer.hpp"
5 #include "internal/storage_backend_serialized.hpp"
6 #include "internal/storage_backend_xml.hpp"
7 #include "internal/tslog.hpp"
10 using namespace ldp_xml_parser;
12 std::map<Decision, const char*> DECISIONS {
13 {Decision::ANY, "ANY" },
14 {Decision::ALLOW, "ALLOW" },
15 {Decision::DENY, "DENY" },
16 {Decision::CHECK, "CHECK" }
19 enum MessageDirection {
25 Decision expected_result;
31 const char* interface;
34 MessageDirection recv_send;
38 * This test set tests ability to parse xml db
39 * and check method call allowance in many use cases
42 struct MethodTest method_tests[]={
43 {Decision::ALLOW, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
44 {Decision::ALLOW, 0, 0, "test", "org.test.test3", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
46 {Decision::ALLOW, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
47 {Decision::ALLOW, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
49 {Decision::DENY, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
50 {Decision::ALLOW, 0, 0, "test", "org.test.test3", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
52 {Decision::DENY, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
53 {Decision::DENY, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
55 {Decision::ALLOW, 0, 0, "test", "test.te34.fg4 a.b.c.d.e org.test.test2", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
56 {Decision::DENY, 0, 0, "test", "test.te34.fg4 a.b.c.d.e", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
57 {Decision::ALLOW, 0, 0, "test", "org.test.test3", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
59 {Decision::ALLOW, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
60 {Decision::DENY, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
62 {Decision::DENY, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest2", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
63 {Decision::ALLOW, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest2", "NotKnown", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
66 void methodTest_print(const struct MethodTest* t, Decision result) {
67 printf("uid = %lu, gid = %lu, label = %s, name = %s, path = %s, interface = %s, member = %s, expected = %s, result = %s (type=%d)",
68 (unsigned long)t->user, (unsigned long)t->group, t->label, t->name, t->path, t->interface, t->member, DECISIONS[t->expected_result], DECISIONS[result], (int)t->recv_send);
71 template <typename DB, typename T>
72 Decision get_decision(DB &db, const MethodTest &test) {
76 T m_item = T(test.interface, test.member, test.path, test.type,
77 names.addSpaceSeparatedNames(test.name));
79 ret = db.getDecisionItemContextMandatory(m_item);
80 if (ret.getDecision() == Decision::ANY) {
81 ret = db.getDecisionItemUser(test.user, m_item);
83 if (ret.getDecision() == Decision::ANY) {
84 ret = db.getDecisionItemGroup(test.group, m_item);
86 if (ret.getDecision() == Decision::ANY) {
87 ret = db.getDecisionItemContextDefault(m_item);
89 return ret.getDecision();
92 template <typename DB>
93 bool method_test(DB &db) {
98 for (const auto& test : method_tests) {
99 if (test.recv_send == MessageDirection::SEND) {
100 decision = get_decision<DB, MatchItemSend>(db, test);
102 decision = get_decision<DB, MatchItemReceive>(db, test);
105 bool res = decision == test.expected_result;
107 printf("[ERROR][%d] method test failed: %s %s ", i++, DECISIONS[test.expected_result],
108 DECISIONS[decision]);
109 methodTest_print(&test, decision);
117 bool run_policy_db() {
118 policy_checker_system().initDb("tests/default_allow/system.conf");
119 auto &db = policy_checker_system().getPolicyDb();
120 printf("POLICY_DB:\n");
121 return method_test(db);
125 ldp_serializer::Serializer serializer;
128 const uint8_t *buff = serializer.serialize("tests/default_allow/system.conf", size);
130 ldp_serialized::StorageBackendSerialized storage;
131 storage.initFromData(buff);
132 printf("FLATBUFFERS:\n");
133 bool ret = method_test(storage);
138 // This will be filled in the future
143 return run_policy_db() && run_fb() && run_xml();