src/test-libdbuspolicy1-ownership-deny-gdi.cpp

   1 #include "internal/include/fb_generated.h"
   2 #include "internal/naive_policy_checker.hpp"
   3 #include "internal/policy.hpp"
   4 #include "internal/serializer.hpp"
   5 #include "internal/storage_backend_serialized.hpp"
   6 #include "internal/storage_backend_xml.hpp"
   7 #include "internal/tslog.hpp"
   8 #include <map>
   9
  10 using namespace ldp_xml_parser;
  11 using namespace ldp_serialized;
  12
  13 struct OwnershipTest {
  14         Decision expected_result;
  15         uid_t user;
  16         gid_t group;
  17         const char* label;
  18         const char* service;
  19 };
  20
  21 std::map<Decision, const char*> DECISIONS {
  22         { Decision::ANY,   "ANY"   },
  23         { Decision::ALLOW, "ALLOW" },
  24         { Decision::DENY,  "DENY"  },
  25         { Decision::CHECK, "CHECK" }
  26 };
  27
  28 const int ROOT = 0;
  29 const int GUEST = 9999;
  30 const int GUEST1 = 9991;
  31 const int GUEST2 = 9992;
  32 const int GUEST12 = 9993;
  33
  34 /**
  35  * This test set tests ability to parse xml db
  36  * and check ownership privilege in many use cases
  37  * including prefix feature
  38  */
  39 struct OwnershipTest ownership_tests[]={
  40         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.ldpo.a"          },
  41         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.ldpoga"          },
  42         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.ldpogd"          },
  43         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.ldposa"          },
  44         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.ldpo.any_suffix" },
  45         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.ldpnotexistent"  },
  46         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.ldponotexistent" },
  47         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a"               },
  48         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.z"             },
  49         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.zz"            },
  50         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.aa"              },
  51         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.aaa"             },
  52         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a1"              },
  53         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a1.b"            },
  54         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a1.b1"           },
  55         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a1.c"            },
  56         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.b"               },
  57         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.b.c"             },
  58         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.b.z"             },
  59         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.c"               },
  60         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.c.c"             },
  61         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.c.z"             },
  62         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b"             },
  63         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.z"           },
  64         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.zz"          },
  65         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.bsth"          },
  66         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.bsthelse"      },
  67         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c"           },
  68         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c.z.z"       },
  69         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c.d"         },
  70         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c.d.z"       },
  71         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c.d.e"       },
  72         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c.d.esth"    },
  73         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c.d.ee"      },
  74         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c.d.e.z"     },
  75         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c.d.e.z.z"   },
  76         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c.d.e.f"     },
  77         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1"          },
  78         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1.z.z"      },
  79         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1.d"        },
  80         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1.d.z"      },
  81         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1.d.e"      },
  82         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1.d.esth"   },
  83         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1.d.ee"     },
  84         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1.d.e.z"    },
  85         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1.d.e.z.z"  },
  86         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1.d.e.f"    },
  87         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c1.d.e.f.g"  },
  88         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c2"          },
  89         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c2.d"        },
  90         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c2.d.z"      },
  91         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c2.dd"       },
  92         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c2.d.e"      },
  93         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c2.d.e.f"    },
  94         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c2.d.e.f.z"  },
  95         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c2.d.e.fsth" },
  96         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3"          },
  97         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3.z.z"      },
  98         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3.d"        },
  99         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3.d.z"      },
 100         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3.d.e"      },
 101         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3.d.esth"   },
 102         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3.d.ee"     },
 103         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3.d.e.z"    },
 104         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3.d.e.z.z"  },
 105         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3.d.e.f"    },
 106         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.b.c3.d.e.f.g"  },
 107         {Decision::DENY,  ROOT,    ROOT,    "User::Shell", "org.tizen.a.c"             },
 108         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.c.z"           },
 109         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.d"             },
 110         {Decision::ALLOW, ROOT,    ROOT,    "User::Shell", "org.tizen.a.d.z"           },
 111         {Decision::CHECK, ROOT,    ROOT,    "User::Shell", "org.tizen.pok"             },
 112         {Decision::CHECK, ROOT,    ROOT,    "User::Shell", "org.tizen.pnope"           },
 113         {Decision::CHECK, GUEST,   GUEST,   "User::Shell", "org.tizen.pok"             },
 114         {Decision::CHECK, GUEST,   GUEST,   "User::Shell", "org.tizen.pnope"           },
 115         {Decision::ALLOW, GUEST,   GUEST,   "User::Shell", "org.tizen.pok1"            },
 116         {Decision::ALLOW, GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.z"          },
 117         {Decision::DENY,  GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a"          },
 118         {Decision::CHECK, GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a.b1"       },
 119         {Decision::CHECK, GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a.b1.z"     },
 120         {Decision::CHECK, GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a.b2"       },
 121         {Decision::DENY,  GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a.b2.z"     },
 122         {Decision::CHECK, GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a.b3"       },
 123         {Decision::CHECK, GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a.b3.z"     },
 124         {Decision::CHECK, GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a.b4"       },
 125         {Decision::DENY,  GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a.b4.z"     },
 126         {Decision::CHECK, GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a1"         },
 127         {Decision::CHECK, GUEST,   GUEST,   "User::Shell", "org.tizen.pok1.a1.z"       },
 128         {Decision::CHECK, GUEST1,  GUEST1,  "User::Shell", "org.tizen.pok2"            },
 129         {Decision::CHECK, GUEST2,  GUEST2,  "User::Shell", "org.tizen.pok2"            },
 130         {Decision::CHECK, GUEST12, GUEST12, "User::Shell", "org.tizen.pok2"            },
 131         {Decision::DENY,  GUEST1,  GUEST1,  "User::Shell", "org.tizen.pok2.a"          },
 132         {Decision::DENY,  GUEST2,  GUEST2,  "User::Shell", "org.tizen.pok2.a"          },
 133         {Decision::DENY,  GUEST12, GUEST12, "User::Shell", "org.tizen.pok2.a"          },
 134         {Decision::CHECK, GUEST1,  GUEST1,  "User::Shell", "org.tizen.pok2.a.b"        },
 135         {Decision::CHECK, GUEST2,  GUEST2,  "User::Shell", "org.tizen.pok2.a.b"        },
 136         {Decision::CHECK, GUEST12, GUEST12, "User::Shell", "org.tizen.pok2.a.b"        }
 137 };
 138
 139 void ownershipTest_print(const struct OwnershipTest* t, Decision result) {
 140         printf("uid = %lu, gid = %lu, label = %s, service = %s, expected = %s, result = %s",
 141                    (unsigned long)t->user, (unsigned long)t->group, t->label, t->service, DECISIONS[t->expected_result], DECISIONS[result]);
 142 }
 143
 144 template <typename DB>
 145 bool ownership_test(const DB &db) {
 146         unsigned  i = 0;
 147         bool flag = true;
 148
 149         for (auto const &test : ownership_tests) {
 150                 auto m_item = MatchItemOwn(test.service);
 151
 152                 auto ret = db.getDecisionItemContextMandatory(m_item);
 153
 154                 if (ret.getDecision() == Decision::ANY)
 155                         ret = db.getDecisionItemUser(test.user, m_item);
 156
 157                 if (ret.getDecision() == Decision::ANY)
 158                         ret = db.getDecisionItemGroup(test.group, m_item);
 159
 160                 if (ret.getDecision() == Decision::ANY)
 161                         ret = db.getDecisionItemContextDefault(m_item);
 162
 163                 auto decision = ret.getDecision();
 164                 if (decision != test.expected_result) {
 165                         printf("[ERROR][%d] ownership test failed: %s %s ", i, DECISIONS[test.expected_result], DECISIONS[decision]);
 166                         ownershipTest_print(&test, decision);
 167                         printf("\n");
 168                         flag = false;
 169                 }
 170         }
 171         return flag;
 172 }
 173
 174 bool run_policy_db() {
 175         policy_checker_system().initDb("tests/default_deny/system.conf");
 176         auto &db = policy_checker_system().getPolicyDb();
 177         printf("POLICY_DB:\n");
 178         return ownership_test(db);
 179 }
 180
 181 bool run_fb() {
 182         Serializer serializer;
 183         size_t size;
 184         uint8_t *buff = serializer.serialize("tests/default_deny/system.conf", size);
 185
 186         StorageBackendSerialized storage;
 187         storage.initFromData(buff);
 188
 189         printf("FRAMEBUFFERS:\n");
 190         return ownership_test(storage);
 191 }
 192
 193 bool run_xml() {
 194         return true;
 195 }
 196
 197 bool run_tests() {
 198         return run_policy_db() && run_fb() && run_xml();
 199 }
 200
 201 int main() {
 202         tslog::init();
 203         if (!run_tests())
 204                 return -1;
 205 return 0;
 206 }