1 #include "internal/include/fb_generated.h"
2 #include "internal/naive_policy_checker.hpp"
3 #include "internal/policy.hpp"
4 #include "internal/serializer.hpp"
5 #include "internal/storage_backend_serialized.hpp"
6 #include "internal/storage_backend_xml.hpp"
7 #include "internal/tslog.hpp"
10 using namespace ldp_xml_parser;
11 using namespace ldp_serialized;
13 struct OwnershipTest {
14 Decision expected_result;
21 std::map<Decision, const char*> DECISIONS {
22 { Decision::ANY, "ANY" },
23 { Decision::ALLOW, "ALLOW" },
24 { Decision::DENY, "DENY" },
25 { Decision::CHECK, "CHECK" }
29 const int GUEST = 9999;
30 const int GUEST1 = 9991;
31 const int GUEST2 = 9992;
32 const int GUEST12 = 9993;
35 * This test set tests ability to parse xml db
36 * and check ownership privilege in many use cases
37 * including prefix feature
39 struct OwnershipTest ownership_tests[]={
40 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.ldpo.a" },
41 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.ldpoga" },
42 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.ldpogd" },
43 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.ldposa" },
44 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.ldpo.any_suffix" },
45 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.ldpnotexistent" },
46 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.ldponotexistent" },
47 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a" },
48 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.z" },
49 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.zz" },
50 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.aa" },
51 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.aaa" },
52 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a1" },
53 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a1.b" },
54 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a1.b1" },
55 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a1.c" },
56 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.b" },
57 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.b.c" },
58 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.b.z" },
59 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.c" },
60 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.c.c" },
61 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.c.z" },
62 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b" },
63 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.z" },
64 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.zz" },
65 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.bsth" },
66 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.bsthelse" },
67 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c" },
68 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.z.z" },
69 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d" },
70 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.z" },
71 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.e" },
72 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.esth" },
73 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.ee" },
74 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.e.z" },
75 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.e.z.z" },
76 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.e.f" },
77 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1" },
78 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.z.z" },
79 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d" },
80 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.z" },
81 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.e" },
82 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.esth" },
83 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.ee" },
84 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.e.z" },
85 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.e.z.z" },
86 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.e.f" },
87 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.e.f.g" },
88 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2" },
89 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d" },
90 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d.z" },
91 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.dd" },
92 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d.e" },
93 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d.e.f" },
94 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d.e.f.z" },
95 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d.e.fsth" },
96 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3" },
97 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.z.z" },
98 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d" },
99 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.z" },
100 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.e" },
101 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.esth" },
102 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.ee" },
103 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.e.z" },
104 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.e.z.z" },
105 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.e.f" },
106 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.e.f.g" },
107 {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.c" },
108 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.c.z" },
109 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.d" },
110 {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.d.z" },
111 {Decision::CHECK, ROOT, ROOT, "User::Shell", "org.tizen.pok" },
112 {Decision::CHECK, ROOT, ROOT, "User::Shell", "org.tizen.pnope" },
113 {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok" },
114 {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pnope" },
115 {Decision::ALLOW, GUEST, GUEST, "User::Shell", "org.tizen.pok1" },
116 {Decision::ALLOW, GUEST, GUEST, "User::Shell", "org.tizen.pok1.z" },
117 {Decision::DENY, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a" },
118 {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b1" },
119 {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b1.z" },
120 {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b2" },
121 {Decision::DENY, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b2.z" },
122 {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b3" },
123 {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b3.z" },
124 {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b4" },
125 {Decision::DENY, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b4.z" },
126 {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a1" },
127 {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a1.z" },
128 {Decision::CHECK, GUEST1, GUEST1, "User::Shell", "org.tizen.pok2" },
129 {Decision::CHECK, GUEST2, GUEST2, "User::Shell", "org.tizen.pok2" },
130 {Decision::CHECK, GUEST12, GUEST12, "User::Shell", "org.tizen.pok2" },
131 {Decision::DENY, GUEST1, GUEST1, "User::Shell", "org.tizen.pok2.a" },
132 {Decision::DENY, GUEST2, GUEST2, "User::Shell", "org.tizen.pok2.a" },
133 {Decision::DENY, GUEST12, GUEST12, "User::Shell", "org.tizen.pok2.a" },
134 {Decision::CHECK, GUEST1, GUEST1, "User::Shell", "org.tizen.pok2.a.b" },
135 {Decision::CHECK, GUEST2, GUEST2, "User::Shell", "org.tizen.pok2.a.b" },
136 {Decision::CHECK, GUEST12, GUEST12, "User::Shell", "org.tizen.pok2.a.b" }
139 void ownershipTest_print(const struct OwnershipTest* t, Decision result) {
140 printf("uid = %lu, gid = %lu, label = %s, service = %s, expected = %s, result = %s",
141 (unsigned long)t->user, (unsigned long)t->group, t->label, t->service, DECISIONS[t->expected_result], DECISIONS[result]);
144 template <typename DB>
145 bool ownership_test(const DB &db) {
149 for (auto const &test : ownership_tests) {
150 auto m_item = MatchItemOwn(test.service);
152 auto ret = db.getDecisionItemContextMandatory(m_item);
154 if (ret.getDecision() == Decision::ANY)
155 ret = db.getDecisionItemUser(test.user, m_item);
157 if (ret.getDecision() == Decision::ANY)
158 ret = db.getDecisionItemGroup(test.group, m_item);
160 if (ret.getDecision() == Decision::ANY)
161 ret = db.getDecisionItemContextDefault(m_item);
163 auto decision = ret.getDecision();
164 if (decision != test.expected_result) {
165 printf("[ERROR][%d] ownership test failed: %s %s ", i, DECISIONS[test.expected_result], DECISIONS[decision]);
166 ownershipTest_print(&test, decision);
174 bool run_policy_db() {
175 policy_checker_system().initDb("tests/default_deny/system.conf");
176 auto &db = policy_checker_system().getPolicyDb();
177 printf("POLICY_DB:\n");
178 return ownership_test(db);
182 Serializer serializer;
184 uint8_t *buff = serializer.serialize("tests/default_deny/system.conf", size);
186 StorageBackendSerialized storage;
187 storage.initFromData(buff);
189 printf("FRAMEBUFFERS:\n");
190 return ownership_test(storage);
198 return run_policy_db() && run_fb() && run_xml();