3 * Copyright (c) 2019-2020 Samsung Electronics Co., Ltd
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to deal
7 * in the Software without restriction, including without limitation the rights
8 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the Software is furnished
10 * to do so, subject to the following conditions:
12 * The above copyright notice and this permission notice shall be included in all
13 * copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 #include "internal/policy_containers.hpp"
23 #include "internal/serializer.hpp"
24 #include "internal/serialized_convert.hpp"
25 #include "internal/storage_backend_serialized.hpp"
26 #include <boost/utility/string_ref.hpp>
31 using ldp_serialized::makeDecision;
32 using ldp_serialized::makeMessageType;
33 using ldp_serialized::makeBusAccessType;
35 static void print_error(const char *fmt...) {
44 std::map<ldp_xml_parser::MessageType, const char *> messageTypeMap = {
45 { ldp_xml_parser::MessageType::ANY, "ANY" },
46 { ldp_xml_parser::MessageType::METHOD_RETURN, "METHOD_RETURN" },
47 { ldp_xml_parser::MessageType::ERROR, "ERROR" },
48 { ldp_xml_parser::MessageType::SIGNAL, "SIGNAL" },
49 { ldp_xml_parser::MessageType::METHOD_CALL, "METHOD_CALL" }
52 std::map<ldp_xml_parser::Decision, const char *> decisionTypeMap = {
53 { ldp_xml_parser::Decision::ANY, "ANY" },
54 { ldp_xml_parser::Decision::CHECK, "CHECK" },
55 { ldp_xml_parser::Decision::DENY, "DENY" },
56 { ldp_xml_parser::Decision::ALLOW, "ALLOW" }
59 std::map<ldp_xml_parser::BusAccessType, const char *> busTypeMap = {
60 { ldp_xml_parser::BusAccessType::USER, "USER" },
61 { ldp_xml_parser::BusAccessType::GROUP, "GROUP" },
62 { ldp_xml_parser::BusAccessType::ALL_USERS, "ALL_USERS" },
63 { ldp_xml_parser::BusAccessType::ALL_GROUPS, "ALL_GROUPS" },
67 static const char *to_str(const bool value) {
68 return value ? "true" : "false";
71 static const char *to_str(const char *value) {
75 static const char *to_str(const std::string & value) {
79 static const char *to_str(const ldp_xml_parser::MessageType value) {
80 return messageTypeMap[value];
83 static const char *to_str(const ldp_xml_parser::Decision value) {
84 return decisionTypeMap[value];
87 static const char *to_str(const ldp_xml_parser::BusAccessType value) {
88 return busTypeMap[value];
91 template <typename T, typename S>
92 static bool compare(const T current, const S expected) {
93 if (current != expected) {
94 // print_error("Current: \"%s\" expected: \"%s\"", to_str(current), to_str(expected));
100 template <typename T>
101 static void print_property(const char *name, const T value) {
102 std::cout << name << ": " << to_str(value) << std::endl;
106 using TH = TestsHelper;
109 const std::string name;
110 const std::string privilege;
111 const ldp_xml_parser::Decision decision;
112 const std::string prefix_privilege;
113 const ldp_xml_parser::Decision prefix_decision;
115 void printContent() const {
116 TH::print_property("name", name);
117 TH::print_property("privilege", privilege);
118 TH::print_property("decision", decision);
119 TH::print_property("prefix_privilege", prefix_privilege);
120 TH::print_property("prefix_decision", prefix_decision);
125 const std::string name;
126 const std::string interface;
127 const std::string member;
128 const std::string path;
129 const ldp_xml_parser::MessageType type;
130 const bool is_name_prefix;
131 const ldp_xml_parser::Decision decision;
133 void printContent() const {
134 TH::print_property("name", name);
135 TH::print_property("interface", interface);
136 TH::print_property("member", member);
137 TH::print_property("path", path);
138 TH::print_property("type", type);
139 TH::print_property("is_name_prefix", is_name_prefix);
140 TH::print_property("decision", decision);
144 struct ItemAccessTest {
147 const ldp_xml_parser::Decision decision;
148 const std::string privilege;
149 const ldp_xml_parser::BusAccessType type;
151 void printContent() const {
152 TH::print_property("uid", uid);
153 TH::print_property("gid", gid);
154 TH::print_property("decision", decision);
155 TH::print_property("privilege", privilege);
156 TH::print_property("type", type);
160 std::vector<NodeTest> context_default_tests = {
161 { "org", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ANY },
162 { "org.tizen", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ANY },
163 { "org.tizen.pok2", "", ldp_xml_parser::Decision::ANY, "privilege1", ldp_xml_parser::Decision::CHECK },
164 { "org.tizen.pok2.a", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::DENY },
165 { "org.tizen.pok2.a.b", "", ldp_xml_parser::Decision::ANY, "privilege2", ldp_xml_parser::Decision::CHECK },
166 { "org.tizen.pnope", "http://tizen.org/privilege/packagemanager.nope", ldp_xml_parser::Decision::CHECK, "", ldp_xml_parser::Decision::ANY },
167 { "org.tizen.pok1.a1", "http://tizen.org/privilege/packagemanager.nope", ldp_xml_parser::Decision::CHECK, "http://tizen.org/privilege/packagemanager.admin", ldp_xml_parser::Decision::CHECK },
168 { "org.tizen.pok1.a", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::DENY },
169 { "org.tizen.pok1.a.b4", "http://tizen.org/privilege/packagemanager.nope", ldp_xml_parser::Decision::CHECK, "", ldp_xml_parser::Decision::ANY },
170 { "org.tizen.pok1.a.b3", "", ldp_xml_parser::Decision::ANY, "http://tizen.org/privilege/packagemanager.nope", ldp_xml_parser::Decision::CHECK },
171 { "org.tizen.pok1.a.b2", "http://tizen.org/privilege/packagemanager.admin", ldp_xml_parser::Decision::CHECK, "", ldp_xml_parser::Decision::ANY },
172 { "org.tizen.pok1.a.b1", "", ldp_xml_parser::Decision::ANY, "http://tizen.org/privilege/packagemanager.admin", ldp_xml_parser::Decision::CHECK },
173 { "org.tizen.pok", "http://tizen.org/privilege/packagemanager.admin", ldp_xml_parser::Decision::CHECK, "", ldp_xml_parser::Decision::ANY },
176 std::vector<NodeTest> context_mandatory_tests = {};
178 std::vector<NodeTest> user_root_tests = {
179 { "org", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ANY },
180 { "org.tizen", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ANY },
181 { "org.tizen.a1", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ALLOW },
182 { "org.tizen.a1.b", "", ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::Decision::ANY },
183 { "org.tizen.b", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ANY },
184 { "org.tizen.b.z", "", ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::Decision::ANY },
185 { "org.tizen.b.c", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ALLOW },
186 { "org.tizen.a", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ALLOW },
187 { "org.tizen.a.d", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ALLOW },
188 { "org.tizen.a.c", "", ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::Decision::ALLOW },
189 { "org.tizen.a.b", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::DENY },
190 { "org.tizen.a.b.c2", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ALLOW },
191 { "org.tizen.a.b.c1", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::DENY },
192 { "org.tizen.a.b.c1.d", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ANY },
193 { "org.tizen.a.b.c1.d.e", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ANY },
194 { "org.tizen.a.b.c1.d.e.f", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ANY },
195 { "org.tizen.a.b.c1.d.e.f.g", "", ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::Decision::ANY },
196 { "org.tizen.a.b.c3", "", ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::Decision::ALLOW },
197 { "org.tizen.a.b.c3.d", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::DENY },
198 { "org.tizen.a.b.c3.d.esth", "", ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::Decision::ANY },
199 { "org.tizen.a.b.c3.d.e", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ALLOW },
200 { "org.tizen.a.b.c3.d.e.f", "", ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::Decision::ANY },
201 { "org.tizen.a.b.c3.d.e.f.g", "", ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::Decision::ANY },
202 { "org.tizen.a.b.c", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ALLOW },
203 { "org.tizen.a.b.c.d", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::DENY },
204 { "org.tizen.a.b.c.d.esth", "", ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::Decision::ANY },
205 { "org.tizen.a.b.c.d.e", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ALLOW },
206 { "org.tizen.a.b.c.d.e.f", "", ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::Decision::ANY },
207 { "org.tizen.a.bsth", "", ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::Decision::ANY },
208 { "org.tizen.ldposd", "", ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::Decision::ANY },
209 { "org.tizen.ldposa", "", ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::Decision::ANY },
210 { "org.tizen.test", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ANY },
211 { "org.tizen.test.dest_prefix", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ALLOW },
212 { "org.tizen.ldpoga", "", ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::Decision::ANY },
213 { "org.tizen.ldpo", "", ldp_xml_parser::Decision::ANY, "", ldp_xml_parser::Decision::ALLOW },
214 { "org.tizen.ldpogd", "", ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::Decision::ANY },
217 std::vector<ItemSRTest> item_send_context_default_tests {
218 { "", "", "", "", ldp_xml_parser::MessageType::METHOD_CALL, false, ldp_xml_parser::Decision::DENY },
219 { "org.freedesktop.DBus", "org.freedesktop.DBus", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::ALLOW },
220 { "org.freedesktop.DBus", "org.freedesktop.DBus.Introspectable", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::ALLOW },
221 { "org.freedesktop.DBus", "org.freedesktop.DBus", "UpdateActivationEnvironment", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::DENY },
222 { "org.freedesktop.DBus", "org.freedesktop.DBus.Debug.Stats", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::DENY },
223 { "org.freedesktop.DBus", "org.freedesktop.systemd1.Activator", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::DENY },
226 std::vector<ItemSRTest> item_receive_context_default_test {
227 { "", "", "", "", ldp_xml_parser::MessageType::METHOD_CALL, false, ldp_xml_parser::Decision::ALLOW },
228 { "", "", "", "", ldp_xml_parser::MessageType::METHOD_RETURN, false, ldp_xml_parser::Decision::ALLOW },
229 { "", "", "", "", ldp_xml_parser::MessageType::ERROR, false, ldp_xml_parser::Decision::ALLOW },
230 { "", "", "", "", ldp_xml_parser::MessageType::SIGNAL, false, ldp_xml_parser::Decision::ALLOW },
233 std::vector<ItemSRTest> item_send_root_tests {
234 { "org.tizen.test.dest_prefix.ap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
235 { "org.tizen.test.dest_prefix.ao", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::ALLOW },
236 { "org.tizen.test.dest_prefix.ap.1.d", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::DENY },
237 { "org.tizen.test.dest_prefix.ap.1.dp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
238 { "org.tizen.test.dest_prefix.ap.1.d.ap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
239 { "org.tizen.test.dest_prefix.ap.1.dp.ap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
240 { "org.tizen.test.dest_prefix.ap.1.dp.a", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::ALLOW },
242 { "org.tizen.test.dest_prefix.ap.2.apxdp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
243 { "org.tizen.test.dest_prefix.ap.2.apxdp.dp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
244 { "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
245 { "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.d", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::DENY },
247 { "org.tizen.test.dest_prefix.ap.3.dpxap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
248 { "org.tizen.test.dest_prefix.ap.3.dpxap.ap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
249 { "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
250 { "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.ap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
251 { "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.a", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::ALLOW },
252 { "org.tizen.test.dest_prefix.ap.3.dpxap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
254 { "org.tizen.test.dest_prefix.dp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
256 { "org.tizen.test.dest_prefix.do", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::DENY },
257 { "org.tizen.test.dest_prefix.ao.ao", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::ALLOW },
259 { "org.tizen.test.dest_prefix.dp.1.a", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::ALLOW },
260 { "org.tizen.test.dest_prefix.dp.1.ap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
262 { "org.tizen.test.dest_prefix.dp.1.a.dp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
263 { "org.tizen.test.dest_prefix.dp.1.ap.dp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
264 { "org.tizen.test.dest_prefix.dp.1.ap.d", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::DENY },
266 { "org.tizen.test.dest_prefix.dp.2.dpxap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
267 { "org.tizen.test.dest_prefix.dp.2.dpxap.ap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
268 { "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
269 { "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.a", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::ALLOW },
271 { "org.tizen.test.dest_prefix.dp.2.dpxap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
272 { "org.tizen.test.dest_prefix.dp.2.dpxap.ap.d", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::DENY },
273 { "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.f.d", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::DENY },
274 { "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.dp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
276 { "org.tizen.test.dest_prefix.dp.3.apxdp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
277 { "org.tizen.test.dest_prefix.dp.3.apxdp.dp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
278 { "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::ALLOW },
279 { "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.dp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
280 { "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.d", "", "", "", ldp_xml_parser::MessageType::ANY, false, ldp_xml_parser::Decision::DENY },
281 { "org.tizen.test.dest_prefix.dp.3.apxdp", "", "", "", ldp_xml_parser::MessageType::ANY, true, ldp_xml_parser::Decision::DENY },
285 std::vector<ItemAccessTest> item_access_context_default_test {
286 { 0, 0, ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::BusAccessType::ALL_USERS },
287 { 1, 0, ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::BusAccessType::USER },
288 { 2, 0, ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::BusAccessType::USER },
289 { 0, 20, ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::BusAccessType::GROUP },
290 { 0, 30, ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::BusAccessType::GROUP },
291 { 3, 0, ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::BusAccessType::USER },
292 { 7, 0, ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::BusAccessType::USER },
293 { 8, 0, ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::BusAccessType::USER },
294 { 9991, 0, ldp_xml_parser::Decision::CHECK, "privilege1", ldp_xml_parser::BusAccessType::USER },
295 { 9992, 0, ldp_xml_parser::Decision::CHECK, "privilege2", ldp_xml_parser::BusAccessType::USER },
296 { 9993, 0, ldp_xml_parser::Decision::CHECK, "privilege1", ldp_xml_parser::BusAccessType::USER },
297 { 888, 0, ldp_xml_parser::Decision::CHECK, "privilege1", ldp_xml_parser::BusAccessType::USER },
301 std::vector<ItemAccessTest> item_access_context_mandatory_test {
302 { 6, 0, ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::BusAccessType::USER },
303 { 7, 0, ldp_xml_parser::Decision::DENY, "", ldp_xml_parser::BusAccessType::USER },
304 { 8, 0, ldp_xml_parser::Decision::ALLOW, "", ldp_xml_parser::BusAccessType::USER },
305 { 0, 9992, ldp_xml_parser::Decision::CHECK, "privilege1", ldp_xml_parser::BusAccessType::GROUP },
306 { 9993, 0, ldp_xml_parser::Decision::CHECK, "privilege2", ldp_xml_parser::BusAccessType::USER },
309 class SerializerTests {
310 ldp_serializer::Serializer serializer;
311 ldp_serialized::StorageBackendSerialized _db;
313 const auto &db() const { return _db.getBackend(); }
315 template <typename PolicyOwnNode>
316 bool isMatch(const NodeTest &test, const PolicyOwnNode &node, const std::string &token) const {
318 TH::compare(token, db().stringGetCStr(db().ownNodeGetToken(node))) &&
319 TH::compare(test.privilege, db().stringGetCStr(db().decisionItemGetPrivilege(db().ownNodeGetDecisionItem(node)))) &&
320 TH::compare(test.decision, makeDecision(db().decisionItemGetDecision(db().ownNodeGetDecisionItem(node)))) &&
321 TH::compare(test.prefix_privilege, db().stringGetCStr(db().decisionItemGetPrivilege(db().ownNodeGetPrefixDecisionItem(node)))) &&
322 TH::compare(test.prefix_decision, makeDecision(db().decisionItemGetDecision(db().ownNodeGetPrefixDecisionItem(node))));
325 template <typename T>
326 bool isMatch(const ItemSRTest &test, const T &item) const {
328 TH::compare(test.name, db().stringGetCStr(db().itemSrGetName(item))) &&
329 TH::compare(test.interface, db().stringGetCStr(db().itemSrGetInterface(item))) &&
330 TH::compare(test.member, db().stringGetCStr(db().itemSrGetMember(item))) &&
331 TH::compare(test.path, db().stringGetCStr(db().itemSrGetPath(item))) &&
332 TH::compare(test.type, makeMessageType(db().itemSrGetMessageType(item))) &&
333 TH::compare(test.is_name_prefix, db().itemSrGetIsNamePrefix(item)) &&
334 TH::compare(test.decision, makeDecision(db().decisionItemGetDecision(db().itemGetDecisionItem(item))));
337 template <typename ItemAccess>
338 bool isMatch(const ItemAccessTest &test, const ItemAccess &item) const {
340 TH::compare(test.uid, db().itemAccessGetUid(item)) &&
341 TH::compare(test.gid, db().itemAccessGetGid(item)) &&
342 TH::compare(test.decision, makeDecision(db().decisionItemGetDecision(db().itemGetDecisionItem(item)))) &&
343 TH::compare(test.privilege, db().stringGetCStr(db().decisionItemGetPrivilege(db().itemGetDecisionItem(item)))) &&
344 TH::compare(test.type, makeBusAccessType(db().itemAccessGetType(item)));
347 void serialize_xml(const std::string &file_name) {
349 ldp_xml::StorageBackendXML xmlStorage;
351 if (!xmlStorage.init(file_name.c_str())) {
352 print_error("xmlStorage init error");
356 auto buff = serializer.serialize(xmlStorage, size);
358 _db.initFromData(buff, size, false);
361 template <typename PolicyOwnNode>
362 bool check_tree(const std::string &token, const PolicyOwnNode &nnode, const NodeTest &test) {
363 size_t dot = token.find('.');
364 auto children = db().ownNodeGetChildren(nnode);
365 if (dot == std::string::npos) {
366 auto node = db().containerLookupByKey(children, token.c_str());
368 print_error("node %s not found for:", TH::to_str(token));
373 if (!isMatch(test, node.second, token)) {
374 print_error("No matching child found for test:");
381 std::string part = token.substr(0, dot);
382 std::string rest = token.substr(dot + 1);
384 auto new_node = db().containerLookupByKey(children, part.c_str());
385 if (!new_node.first) {
386 print_error("node %s not found", TH::to_str(part));
389 return check_tree(rest, new_node.second, test);
393 template <typename PolicyOwnNode>
394 bool check_tree(const PolicyOwnNode &tree, const std::vector<NodeTest> &tree_tests) {
395 for (const auto &test : tree_tests) {
396 if (!check_tree(test.name, tree, test))
402 bool check_own_set() {
403 return check_tree(db().policyGetTree(db().setGetContextDefault(db().fileGetOwnSet(db().getFile()))), context_default_tests) &&
404 check_tree(db().policyGetTree(db().setGetContextMandatory(db().fileGetOwnSet(db().getFile()))), context_mandatory_tests) &&
405 check_tree(db().policyGetTree(db().setUserGroupGetPolicy(db().containerLookupByKey(db().setGetUser(db().fileGetOwnSet(db().getFile())), 0).second)), user_root_tests);
408 template <typename T, typename U>
409 bool checkPolicy(const T *policy, const std::vector<U> &tests) {
410 for (const auto &test : tests) {
412 auto items = db().policyGetItems(policy);
413 auto end = db().containerGetIteratorEnd(items);
414 for (auto it = db().containerGetIterator(items); it != end; it++) {
415 if (isMatch(test, *it)) {
421 print_error("No matching item found for test:");
429 bool check_send_set() {
430 return checkPolicy(db().setGetContextDefault(db().fileGetSendSet(db().getFile())), item_send_context_default_tests) &&
431 checkPolicy(db().setUserGroupGetPolicy(db().containerLookupByKey(db().setGetUser(db().fileGetSendSet(db().getFile())), 0).second), item_send_root_tests);
434 bool check_receive_set() {
435 return checkPolicy(db().setGetContextDefault(db().fileGetReceiveSet(db().getFile())), item_receive_context_default_test);
438 bool check_access_set() {
439 return checkPolicy(db().setGetContextDefault(db().fileGetAccessSet(db().getFile())), item_access_context_default_test) &&
440 checkPolicy(db().setGetContextMandatory(db().fileGetAccessSet(db().getFile())), item_access_context_mandatory_test);
445 bool run_all_tests(const std::string &config) {
446 serialize_xml(config);
448 return check_own_set() &&
450 check_receive_set() &&
456 auto st = SerializerTests();
457 if (st.run_all_tests("tests/default_deny/system.conf"))