2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file access_provider.cpp
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Common functions and macros used in security-tests package.
22 #include <sys/types.h>
24 #include <sys/smack.h>
28 #include <tests_common.h>
30 #include <access_provider.h>
32 namespace SecurityServer {
34 AccessProvider::AccessProvider(const std::string &mySubject)
35 : m_mySubject(mySubject)
38 void AccessProvider::allowFunction(const std::string &functionName, const Tracker &tracker) {
39 static const std::map<std::string, std::string> translation = {
40 {"security_server_get_gid", "security-server::api-get-gid"},
41 {"security_server_request_cookie", "none"},
42 {"security_server_get_cookie_size", "none"},
43 {"security_server_check_privilege", "security-server::api-cookie-check"},
44 {"security_server_check_privilege_by_cookie", "security-server::api-cookie-check"},
45 {"security_server_check_privilege_by_sockfd", "security-server::api-privilege-by-pid"},
46 {"security_server_get_cookie_pid", "security-server::api-cookie-check"},
47 {"security_server_is_pwd_valid", "security-server::api-password-check"},
48 {"security_server_set_pwd", "security-server::api_password-set"},
49 {"security_server_set_pwd_validity", "security-server::api-password-set"},
50 {"security_server_set_pwd_max_challenge", "security-server::api-password-set"},
51 {"security_server_reset_pwd", "security-server::api-password-set"},
52 {"security_server_chk_pwd", "security-server::api-password-check"},
53 {"security_server_set_pwd_history", "security-server::api-password-set"},
54 {"security_server_get_smacklabel_cookie", "security-server::api-cookie-check"},
55 {"security_server_get_smacklabel_sockfd", "none"},
56 {"security_server_app_give_access", "security-server::api-data-share"},
57 {"security_server_check_privilege_by_pid", "security-server::api-privilege-by-pid"},
58 {"security_server_app_enable_permissions", "security-server::api-app-permissions"},
59 {"security_server_app_disable_permissions", "security-server::api-app-permissions"},
60 {"security_server_get_uid_by_cookie", "security-server::api-cookie-check"},
61 {"security_server_app_has_privilege", "security-server::api-app-privilege-by-name"},
62 {"security_server_app_caller_has_privilege", "security-server::api-app-privilege-by-name"},
63 {"security_server_get_gid_by_cookie", "security-server::api-cookie-check"},
64 {"security_server_open_for", "security-server::api-open-for"}
67 auto it = translation.find(functionName);
68 RUNNER_ASSERT_MSG_BT(it != translation.end(),
69 tracker.str() << "Error no function " << functionName << " in security server.");
71 m_smackAccess.add(m_mySubject, it->second, "w", tracker);
74 void AccessProvider::allowAPI(const std::string &api, const std::string &rule, const Tracker &tracker) {
75 m_smackAccess.add(m_mySubject, api, rule, tracker);
78 void AccessProvider::apply(const Tracker &tracker) {
79 m_smackAccess.apply(tracker);
82 void AccessProvider::applyAndSwithToUser(int uid, int gid, const Tracker &tracker) {
83 RUNNER_ASSERT_MSG_BT(0 == smack_revoke_subject(m_mySubject.c_str()),
84 tracker.str() << "Error in smack_revoke_subject(" << m_mySubject << ")");
86 RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(m_mySubject.c_str()),
87 tracker.str() << "Error in smack_set_label_for_self.");
88 RUNNER_ASSERT_MSG_BT(0 == setgid(gid),
89 tracker.str() << "Error in setgid.");
90 RUNNER_ASSERT_MSG_BT(0 == setuid(uid),
91 tracker.str() << "Error in setuid.");
94 } // namespace SecurityServer