1 #include "internal/include/fb_generated.h"
2 #include "internal/include/flatbuffers/flatbuffers.h"
3 #include "internal/policy_containers.hpp"
4 #include "internal/serializer.hpp"
9 namespace ldp_xml_parser {
11 static void print_error(const char *fmt...) {
20 std::map<FB::MessageType, const char *> messageTypeMap = {
21 { FB::MessageType_ANY, "ANY" },
22 { FB::MessageType_MIN, "MIN" },
23 { FB::MessageType_MAX, "MAX" },
24 { FB::MessageType_METHOD_RETURN, "METHOD_RETURN" },
25 { FB::MessageType_ERROR, "ERROR" },
26 { FB::MessageType_SIGNAL, "SIGNAL" },
27 { FB::MessageType_METHOD_CALL, "METHOD_CALL" }
30 std::map<FB::Decision, const char *> decisionTypeMap = {
31 { FB::Decision_ANY, "ANY" },
32 { FB::Decision_MIN, "MIN" },
33 { FB::Decision_MAX, "MAX" },
34 { FB::Decision_CHECK, "CHECK" },
35 { FB::Decision_DENY, "DENY" },
36 { FB::Decision_ALLOW, "ALLOW" }
39 std::map<FB::BusAccessType, const char *> busTypeMap = {
40 { FB::BusAccessType_MIN, "MIN" },
41 { FB::BusAccessType_MAX, "MAX" },
42 { FB::BusAccessType_USER, "USER" },
43 { FB::BusAccessType_GROUP, "GROUP" },
44 { FB::BusAccessType_ALL_USERS, "ALL_USERS" },
45 { FB::BusAccessType_ALL_GROUPS, "ALL_GROUPS" },
49 static const char *to_str(const bool value) {
50 return value ? "true" : "false";
53 static const char *to_str(const char *value) {
57 static const char *to_str(const std::string & value) {
61 static const char *to_str(const FB::MessageType value) {
62 return messageTypeMap[value];
65 static const char *to_str(const FB::Decision value) {
66 return decisionTypeMap[value];
69 static const char *to_str(const FB::BusAccessType value) {
70 return busTypeMap[value];
74 static bool compare(const T current, const T expected) {
75 if (current != expected) {
76 // print_error("Current: \"%s\" expected: \"%s\"", to_str(current), to_str(expected));
83 static void print_property(const char *name, const T value) {
84 std::cout << name << ": " << to_str(value) << std::endl;
88 using TH = TestsHelper;
91 const std::string name;
92 const std::string privilege;
93 const FB::Decision decision;
94 const std::string prefix_privilege;
95 const FB::Decision prefix_decision;
97 void printContent() const {
98 TH::print_property("name", name);
99 TH::print_property("privilege", privilege);
100 TH::print_property("decision", decision);
101 TH::print_property("prefix_privilege", prefix_privilege);
102 TH::print_property("prefix_decision", prefix_decision);
105 bool isMatch(const FB::PolicyOwnNode *node, const std::string &token) const {
106 return (TH::compare(node->token()->str(), token) &&
107 TH::compare(node->decision_item()->privilege()->str(), privilege) &&
108 TH::compare(node->decision_item()->decision(), decision) &&
109 TH::compare(node->prefix_decision_item()->privilege()->str(), prefix_privilege) &&
110 TH::compare(node->prefix_decision_item()->decision(), prefix_decision));
115 const std::string name;
116 const std::string interface;
117 const std::string member;
118 const std::string path;
119 const FB::MessageType type;
120 const bool is_name_prefix;
121 const FB::Decision decision;
123 void printContent() const {
124 TH::print_property("name", name);
125 TH::print_property("interface", interface);
126 TH::print_property("member", member);
127 TH::print_property("path", path);
128 TH::print_property("type", type);
129 TH::print_property("is_name_prefix", is_name_prefix);
130 TH::print_property("decision", decision);
133 template <typename T>
134 bool isMatch(const T *item) const {
135 return TH::compare(item->name()->str(), name) &&
136 TH::compare(item->interface()->str(), interface) &&
137 TH::compare(item->member()->str(), member) &&
138 TH::compare(item->path()->str(), path) &&
139 TH::compare(item->type(), type) &&
140 TH::compare(item->is_name_prefix(), is_name_prefix) &&
141 TH::compare(item->decision()->decision(), decision);
145 struct ItemAccessTest {
148 const FB::Decision decision;
149 const std::string privilege;
150 const FB::BusAccessType type;
152 void printContent() const {
153 TH::print_property("uid", uid);
154 TH::print_property("gid", gid);
155 TH::print_property("decision", decision);
156 TH::print_property("privilege", privilege);
157 TH::print_property("type", type);
160 bool isMatch(const FB::ItemAccess *item) const {
161 return TH::compare(item->uid(), uid) &&
162 TH::compare(item->gid(), gid) &&
163 TH::compare(item->decision()->decision(), decision) &&
164 TH::compare(item->decision()->privilege()->str(), privilege) &&
165 TH::compare(item->type(), type);
170 std::vector<NodeTest> context_default_tests = {
171 { "org", "", FB::Decision_ANY, "", FB::Decision_ANY },
172 { "org.tizen", "", FB::Decision_ANY, "", FB::Decision_ANY },
173 { "org.tizen.pok2", "", FB::Decision_ANY, "privilege1", FB::Decision_CHECK },
174 { "org.tizen.pok2.a", "", FB::Decision_ANY, "", FB::Decision_DENY },
175 { "org.tizen.pok2.a.b", "", FB::Decision_ANY, "privilege2", FB::Decision_CHECK },
176 { "org.tizen.pnope", "http://tizen.org/privilege/packagemanager.nope", FB::Decision_CHECK, "", FB::Decision_ANY },
177 { "org.tizen.pok1.a1", "http://tizen.org/privilege/packagemanager.nope", FB::Decision_CHECK, "http://tizen.org/privilege/packagemanager.admin", FB::Decision_CHECK },
178 { "org.tizen.pok1.a", "", FB::Decision_ANY, "", FB::Decision_DENY },
179 { "org.tizen.pok1.a.b4", "http://tizen.org/privilege/packagemanager.nope", FB::Decision_CHECK, "", FB::Decision_ANY },
180 { "org.tizen.pok1.a.b3", "", FB::Decision_ANY, "http://tizen.org/privilege/packagemanager.nope", FB::Decision_CHECK },
181 { "org.tizen.pok1.a.b2", "http://tizen.org/privilege/packagemanager.admin", FB::Decision_CHECK, "", FB::Decision_ANY },
182 { "org.tizen.pok1.a.b1", "", FB::Decision_ANY, "http://tizen.org/privilege/packagemanager.admin", FB::Decision_CHECK },
183 { "org.tizen.pok", "http://tizen.org/privilege/packagemanager.admin", FB::Decision_CHECK, "", FB::Decision_ANY },
186 std::vector<NodeTest> context_mandatory_tests = {};
188 std::vector<NodeTest> user_root_tests = {
189 { "org", "", FB::Decision_ANY, "", FB::Decision_ANY },
190 { "org.tizen", "", FB::Decision_ANY, "", FB::Decision_ANY },
191 { "org.tizen.a1", "", FB::Decision_ANY, "", FB::Decision_ALLOW },
192 { "org.tizen.a1.b", "", FB::Decision_DENY, "", FB::Decision_ANY },
193 { "org.tizen.b", "", FB::Decision_ANY, "", FB::Decision_ANY },
194 { "org.tizen.b.z", "", FB::Decision_ALLOW, "", FB::Decision_ANY },
195 { "org.tizen.b.c", "", FB::Decision_ANY, "", FB::Decision_ALLOW },
196 { "org.tizen.a", "", FB::Decision_ANY, "", FB::Decision_ALLOW },
197 { "org.tizen.a.d", "", FB::Decision_ANY, "", FB::Decision_ALLOW },
198 { "org.tizen.a.c", "", FB::Decision_DENY, "", FB::Decision_ALLOW },
199 { "org.tizen.a.b", "", FB::Decision_ANY, "", FB::Decision_DENY },
200 { "org.tizen.a.b.c2", "", FB::Decision_ANY, "", FB::Decision_ALLOW },
201 { "org.tizen.a.b.c1", "", FB::Decision_ANY, "", FB::Decision_DENY },
202 { "org.tizen.a.b.c1.d", "", FB::Decision_ANY, "", FB::Decision_ANY },
203 { "org.tizen.a.b.c1.d.e", "", FB::Decision_ANY, "", FB::Decision_ANY },
204 { "org.tizen.a.b.c1.d.e.f", "", FB::Decision_ANY, "", FB::Decision_ANY },
205 { "org.tizen.a.b.c1.d.e.f.g", "", FB::Decision_ALLOW, "", FB::Decision_ANY },
206 { "org.tizen.a.b.c3", "", FB::Decision_DENY, "", FB::Decision_ALLOW },
207 { "org.tizen.a.b.c3.d", "", FB::Decision_ANY, "", FB::Decision_DENY },
208 { "org.tizen.a.b.c3.d.esth", "", FB::Decision_ALLOW, "", FB::Decision_ANY },
209 { "org.tizen.a.b.c3.d.e", "", FB::Decision_ANY, "", FB::Decision_ALLOW },
210 { "org.tizen.a.b.c3.d.e.f", "", FB::Decision_DENY, "", FB::Decision_ANY },
211 { "org.tizen.a.b.c3.d.e.f.g", "", FB::Decision_ALLOW, "", FB::Decision_ANY },
212 { "org.tizen.a.b.c", "", FB::Decision_ANY, "", FB::Decision_ALLOW },
213 { "org.tizen.a.b.c.d", "", FB::Decision_ANY, "", FB::Decision_DENY },
214 { "org.tizen.a.b.c.d.esth", "", FB::Decision_ALLOW, "", FB::Decision_ANY },
215 { "org.tizen.a.b.c.d.e", "", FB::Decision_ANY, "", FB::Decision_ALLOW },
216 { "org.tizen.a.b.c.d.e.f", "", FB::Decision_DENY, "", FB::Decision_ANY },
217 { "org.tizen.a.bsth", "", FB::Decision_DENY, "", FB::Decision_ANY },
218 { "org.tizen.ldposd", "", FB::Decision_ALLOW, "", FB::Decision_ANY },
219 { "org.tizen.ldposa", "", FB::Decision_ALLOW, "", FB::Decision_ANY },
220 { "org.tizen.test", "", FB::Decision_ANY, "", FB::Decision_ANY },
221 { "org.tizen.test.dest_prefix", "", FB::Decision_ANY, "", FB::Decision_ALLOW },
222 { "org.tizen.ldpoga", "", FB::Decision_ALLOW, "", FB::Decision_ANY },
223 { "org.tizen.ldpo", "", FB::Decision_ANY, "", FB::Decision_ALLOW },
224 { "org.tizen.ldpogd", "", FB::Decision_ALLOW, "", FB::Decision_ANY },
227 std::vector<ItemSRTest> item_send_context_default_tests {
228 { "", "", "", "", FB::MessageType_METHOD_CALL, false, FB::Decision_DENY },
229 { "org.freedesktop.DBus", "org.freedesktop.DBus", "", "", FB::MessageType_ANY, false, FB::Decision_ALLOW },
230 { "org.freedesktop.DBus", "org.freedesktop.DBus.Introspectable", "", "", FB::MessageType_ANY, false, FB::Decision_ALLOW },
231 { "org.freedesktop.DBus", "org.freedesktop.DBus", "UpdateActivationEnvironment", "", FB::MessageType_ANY, false, FB::Decision_DENY },
232 { "org.freedesktop.DBus", "org.freedesktop.DBus.Debug.Stats", "", "", FB::MessageType_ANY, false, FB::Decision_DENY },
233 { "org.freedesktop.DBus", "org.freedesktop.systemd1.Activator", "", "", FB::MessageType_ANY, false, FB::Decision_DENY },
236 std::vector<ItemSRTest> item_receive_context_default_test {
237 { "", "", "", "", FB::MessageType_METHOD_CALL, false, FB::Decision_ALLOW },
238 { "", "", "", "", FB::MessageType_METHOD_RETURN, false, FB::Decision_ALLOW },
239 { "", "", "", "", FB::MessageType_ERROR, false, FB::Decision_ALLOW },
240 { "", "", "", "", FB::MessageType_SIGNAL, false, FB::Decision_ALLOW },
243 std::vector<ItemSRTest> item_send_root_tests {
244 { "org.tizen.test.dest_prefix.ap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
245 { "org.tizen.test.dest_prefix.ao", "", "", "", FB::MessageType_ANY, false, FB::Decision_ALLOW },
246 { "org.tizen.test.dest_prefix.ap.1.d", "", "", "", FB::MessageType_ANY, false, FB::Decision_DENY },
247 { "org.tizen.test.dest_prefix.ap.1.dp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
248 { "org.tizen.test.dest_prefix.ap.1.d.ap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
249 { "org.tizen.test.dest_prefix.ap.1.dp.ap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
250 { "org.tizen.test.dest_prefix.ap.1.dp.a", "", "", "", FB::MessageType_ANY, false, FB::Decision_ALLOW },
252 { "org.tizen.test.dest_prefix.ap.2.apxdp", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
253 { "org.tizen.test.dest_prefix.ap.2.apxdp.dp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
254 { "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
255 { "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.d", "", "", "", FB::MessageType_ANY, false, FB::Decision_DENY },
257 { "org.tizen.test.dest_prefix.ap.3.dpxap", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
258 { "org.tizen.test.dest_prefix.ap.3.dpxap.ap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
259 { "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
260 { "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.ap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
261 { "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.a", "", "", "", FB::MessageType_ANY, false, FB::Decision_ALLOW },
262 { "org.tizen.test.dest_prefix.ap.3.dpxap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
264 { "org.tizen.test.dest_prefix.dp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
266 { "org.tizen.test.dest_prefix.do", "", "", "", FB::MessageType_ANY, false, FB::Decision_DENY },
267 { "org.tizen.test.dest_prefix.ao.ao", "", "", "", FB::MessageType_ANY, false, FB::Decision_ALLOW },
269 { "org.tizen.test.dest_prefix.dp.1.a", "", "", "", FB::MessageType_ANY, false, FB::Decision_ALLOW },
270 { "org.tizen.test.dest_prefix.dp.1.ap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
272 { "org.tizen.test.dest_prefix.dp.1.a.dp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
273 { "org.tizen.test.dest_prefix.dp.1.ap.dp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
274 { "org.tizen.test.dest_prefix.dp.1.ap.d", "", "", "", FB::MessageType_ANY, false, FB::Decision_DENY },
276 { "org.tizen.test.dest_prefix.dp.2.dpxap", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
277 { "org.tizen.test.dest_prefix.dp.2.dpxap.ap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
278 { "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
279 { "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.a", "", "", "", FB::MessageType_ANY, false, FB::Decision_ALLOW },
281 { "org.tizen.test.dest_prefix.dp.2.dpxap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
282 { "org.tizen.test.dest_prefix.dp.2.dpxap.ap.d", "", "", "", FB::MessageType_ANY, false, FB::Decision_DENY },
283 { "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.f.d", "", "", "", FB::MessageType_ANY, false, FB::Decision_DENY },
284 { "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.dp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
286 { "org.tizen.test.dest_prefix.dp.3.apxdp", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
287 { "org.tizen.test.dest_prefix.dp.3.apxdp.dp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
288 { "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap", "", "", "", FB::MessageType_ANY, true, FB::Decision_ALLOW },
289 { "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.dp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
290 { "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.d", "", "", "", FB::MessageType_ANY, false, FB::Decision_DENY },
291 { "org.tizen.test.dest_prefix.dp.3.apxdp", "", "", "", FB::MessageType_ANY, true, FB::Decision_DENY },
295 std::vector<ItemAccessTest> item_access_context_default_test {
296 { 0, 0, FB::Decision_ALLOW, "", FB::BusAccessType_ALL_USERS },
297 { 1, 0, FB::Decision_DENY, "", FB::BusAccessType_USER },
298 { 2, 0, FB::Decision_DENY, "", FB::BusAccessType_USER },
299 { 0, 20, FB::Decision_ALLOW, "", FB::BusAccessType_GROUP },
300 { 0, 30, FB::Decision_DENY, "", FB::BusAccessType_GROUP },
301 { 3, 0, FB::Decision_ALLOW, "", FB::BusAccessType_USER },
302 { 7, 0, FB::Decision_ALLOW, "", FB::BusAccessType_USER },
303 { 8, 0, FB::Decision_DENY, "", FB::BusAccessType_USER },
304 { 9991, 0, FB::Decision_CHECK, "privilege1", FB::BusAccessType_USER },
305 { 9992, 0, FB::Decision_CHECK, "privilege2", FB::BusAccessType_USER },
306 { 9993, 0, FB::Decision_CHECK, "privilege1", FB::BusAccessType_USER },
307 { 888, 0, FB::Decision_CHECK, "privilege1", FB::BusAccessType_USER },
311 std::vector<ItemAccessTest> item_access_context_mandatory_test {
312 { 6, 0, FB::Decision_DENY, "", FB::BusAccessType_USER },
313 { 7, 0, FB::Decision_DENY, "", FB::BusAccessType_USER },
314 { 8, 0, FB::Decision_ALLOW, "", FB::BusAccessType_USER },
315 { 0, 9992, FB::Decision_CHECK, "privilege1", FB::BusAccessType_GROUP },
316 { 9993, 0, FB::Decision_CHECK, "privilege2", FB::BusAccessType_USER },
319 class SerializerTests {
320 Serializer serializer;
321 const FB::File *file;
323 void serialize_xml(const std::string &file_name) {
326 buff = serializer.serialize(file_name, size);
328 file = FB::GetFile(buff);
331 bool check_tree(const std::string &token, const FB::PolicyOwnNode *nnode, const NodeTest &test) {
332 size_t dot = token.find('.');
333 if (dot == std::string::npos) {
334 auto node = nnode->children()->LookupByKey(token.c_str());
335 if (node == nullptr) {
336 print_error("node %s not found for:", TH::to_str(token));
341 if (!test.isMatch(node, token)) {
342 print_error("No matching child found for test:");
349 std::string part = token.substr(0, dot);
350 std::string rest = token.substr(dot + 1);
352 auto new_node = nnode->children()->LookupByKey(part.c_str());
353 if (new_node == nullptr) {
354 print_error("node %s not found", TH::to_str(part));
357 return check_tree(rest, new_node, test);
361 bool check_tree(const FB::PolicyOwnNode *tree, const std::vector<NodeTest> &tree_tests) {
362 for (const auto &test : tree_tests) {
363 if (!check_tree(test.name, tree, test))
369 bool check_own_set() {
370 return check_tree(file->m_own_set()->context_default()->tree(), context_default_tests) &&
371 check_tree(file->m_own_set()->context_mandatory()->tree(), context_mandatory_tests) &&
372 check_tree(file->m_own_set()->user()->LookupByKey(0)->policy()->tree(), user_root_tests);
375 template <typename T, typename U>
376 bool checkPolicy(const T *policy, const std::vector<U> &tests) {
377 for (const auto &test : tests) {
379 for (const auto &item : *policy->items()) {
380 if (test.isMatch(item)) {
386 print_error("No matching item found for test:");
394 bool check_send_set() {
395 return checkPolicy(file->m_send_set()->context_default(), item_send_context_default_tests) &&
396 checkPolicy(file->m_send_set()->user()->LookupByKey(0)->policy(), item_send_root_tests);
399 bool check_receive_set() {
400 return checkPolicy(file->m_receive_set()->context_default(), item_receive_context_default_test);
403 bool check_access_set() {
404 return checkPolicy(file->m_access_set()->context_default(), item_access_context_default_test) &&
405 checkPolicy(file->m_access_set()->context_mandatory(), item_access_context_mandatory_test);
409 SerializerTests() : file(nullptr) {}
410 bool run_all_tests(const std::string &config) {
411 serialize_xml(config);
413 return check_own_set() &&
415 check_receive_set() &&
422 auto st = ldp_xml_parser::SerializerTests();
423 if (st.run_all_tests("tests/default_deny/system.conf"))