1 #include "internal/include/fb_generated.h"
2 #include "internal/naive_policy_checker.hpp"
3 #include "internal/policy.hpp"
4 #include "internal/serializer.hpp"
5 #include "internal/storage_backend_serialized.hpp"
6 #include "internal/storage_backend_serialized.hpp"
7 #include "internal/tslog.hpp"
10 using namespace ldp_xml_parser;
12 std::map<Decision, const char*> DECISIONS {
13 { Decision::ANY, "ANY" },
14 { Decision::ALLOW, "ALLOW" },
15 { Decision::DENY, "DENY" },
16 { Decision::CHECK, "CHECK" }
20 Decision expected_result;
24 const char *destination;
26 const char *interface;
28 ldp_xml_parser::MessageType type;
33 #define TC(expected_result, names) \
34 {(expected_result), ROOT, ROOT, "User::Shell", (names), "/", "a.b", "d", ldp_xml_parser::MessageType::METHOD_CALL}
37 * This test set tests ability to parse xml db
38 * and check sending privilege in use cases
39 * checking send_destination_prefix
42 /* straight-forward tests - base allow */
43 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap"),
44 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.f.f.f.f.f"),
45 TC(Decision::DENY, "org.tizen.test.dest_prefix.apf"),
46 TC(Decision::DENY, "org.tizen.test.dest_prefix.apf.f.f.f.f"),
47 /* multiple names owned */
48 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.ap.f"),
49 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.f org.tizen.test.dest_prefix.ao"),
50 TC(Decision::DENY, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.ap.f"),
51 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.f org.tizen.test.dest_prefix.do"),
52 /* target holes in default allow */
53 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.1.d"),
54 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.1.dp"),
55 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f"),
56 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f org.tizen.test.dest_prefix.ao"),
57 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f org.tizen.test.dest_prefix.ap"),
58 TC(Decision::DENY, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f"),
59 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f"),
60 /* target holes in holes in default allow */
61 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.1.d.ap"),
62 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.1.d.ap.f.f.f.f"),
63 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.1.dp.ap"),
64 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.1.dp.ap.f.f.f.f"),
65 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.1.dp.a"),
66 /* check redefinitions in default allow */
67 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp"),
68 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.f.f.f.f"),
69 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.dp"),
70 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.f.f.f.f"),
71 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap"),
72 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.f.f.f.f"),
73 TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.d"),
74 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.a"),
75 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.f.a"),
76 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.2.apxdp.f.f.f.ap"),
77 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.2.apxdp.f.f.f.ap.f.f.f"),
78 /* totally cancelling previous definitions in default allow */
79 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap"),
80 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.f.f.f.f"),
81 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap"),
82 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.f.f.f"),
83 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp"),
84 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.f.f.f.f"),
85 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.ap"),
86 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.ap.f.f.f.f"),
87 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.a"),
88 /* straight-forward tests - base deny */
89 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp"),
90 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.f.f.f.f.f"),
91 TC(Decision::DENY, "org.tizen.test.dest_prefix.dpf"),
92 TC(Decision::DENY, "org.tizen.test.dest_prefix.dpf.f.f.f.f"),
93 /* multiple names owned */
94 TC(Decision::DENY, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.dp.f"),
95 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.f org.tizen.test.dest_prefix.do"),
96 TC(Decision::DENY, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.dp.f"),
97 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.f org.tizen.test.dest_prefix.ao"),
98 /* target holes in default deny */
99 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.1.a"),
100 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.1.ap"),
101 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f"),
102 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f org.tizen.test.dest_prefix.do"),
103 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f org.tizen.test.dest_prefix.dp"),
104 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f"),
105 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f"),
106 /* target holes in holes in default demy */
107 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.1.a.dp"),
108 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.1.a.dp.f.f.f.f"),
109 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.1.ap.dp"),
110 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.1.ap.dp.f.f.f.f"),
111 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.1.ap.d"),
112 /* check redefinitions in default deny */
113 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap"),
114 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.f"),
115 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.ap"),
116 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.f.f.f.f"),
117 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp"),
118 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.f.f.f.f"),
119 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.a"),
120 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.d"),
121 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.f.d"),
122 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.dp"),
123 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.dp.f.f.f"),
124 /* totally cancelling previous definitions in default deny */
125 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp"),
126 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.f.f.f.f"),
127 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp"),
128 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.f.f.f"),
129 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap"),
130 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.f.f.f.f"),
131 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.dp"),
132 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.dp.f.f.f.f"),
133 TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.d"),
134 /* checking order in multiple names case */
135 TC(Decision::DENY, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.do"),
136 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ao.ao org.tizen.test.dest_prefix.do"),
137 TC(Decision::DENY, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.ao"),
138 TC(Decision::ALLOW, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.ao.ao"),
141 void test_print(const struct Test* t, Decision result) {
142 printf("uid = %lu, gid = %lu, label = %s, destination = %s, expected = %s, result = %s",
143 (unsigned long)t->user, (unsigned long)t->group, t->label, t->destination, DECISIONS[t->expected_result], DECISIONS[result]);
146 template <typename DB>
147 bool send_prefix_test(const DB &db)
152 for (const auto &test : tests) {
154 MatchItemSend m_item(test.interface, test.member, test.path, test.type,
155 names.addSpaceSeparatedNames(test.destination));
157 auto ret = db.getDecisionItemContextMandatory(m_item);
159 if (ret.getDecision() == Decision::ANY)
160 ret = db.getDecisionItemUser(test.user, m_item);
162 if (ret.getDecision() == Decision::ANY)
163 ret = db.getDecisionItemGroup(test.group, m_item);
165 if (ret.getDecision() == Decision::ANY)
166 ret = db.getDecisionItemContextDefault(m_item);
168 auto decision = ret.getDecision();
170 if (test.expected_result != decision) {
171 printf("[ERROR][%d] test failed: %s %s ", i, DECISIONS[test.expected_result], DECISIONS[decision]);
172 test_print(&test, decision);
180 bool run_policy_db() {
181 policy_checker_system().initDb("tests/default_deny/system.conf");
182 auto &db = policy_checker_system().getPolicyDb();
183 printf("POLICY_DB:\n");
184 return send_prefix_test(db);
188 ldp_serializer::Serializer serializer;
190 uint8_t *buff = serializer.serialize("tests/default_deny/system.conf", size);
192 ldp_serialized::StorageBackendSerialized storage;
193 storage.initFromData(buff);
195 printf("FLATBUFFERS:\n");
196 return send_prefix_test(storage);
204 return run_policy_db() && run_fb() && run_xml();