tests/common/access_provider.cpp

   1 /*
   2  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *    Licensed under the Apache License, Version 2.0 (the "License");
   5  *    you may not use this file except in compliance with the License.
   6  *    You may obtain a copy of the License at
   7  *
   8  *        http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *    Unless required by applicable law or agreed to in writing, software
  11  *    distributed under the License is distributed on an "AS IS" BASIS,
  12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *    See the License for the specific language governing permissions and
  14  *    limitations under the License.
  15  */
  16 /*
  17  * @file        access_provider.cpp
  18  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
  19  * @version     1.0
  20  * @brief       Common functions and macros used in security-tests package.
  21  */
  22 #include <sys/types.h>
  23 #include <unistd.h>
  24 #include <sys/smack.h>
  25
  26 #include <map>
  27
  28 #include <tests_common.h>
  29
  30 #include <access_provider.h>
  31
  32 namespace SecurityServer {
  33
  34 AccessProvider::AccessProvider(const std::string &mySubject)
  35   : m_mySubject(mySubject)
  36 {}
  37
  38 void AccessProvider::allowFunction(const std::string &functionName, const Tracker &tracker) {
  39     static const std::map<std::string, std::string> translation = {
  40         {"security_server_get_gid", "security-server::api-get-gid"},
  41         {"security_server_request_cookie", "none"},
  42         {"security_server_get_cookie_size", "none"},
  43         {"security_server_check_privilege", "security-server::api-cookie-check"},
  44         {"security_server_check_privilege_by_cookie", "security-server::api-cookie-check"},
  45         {"security_server_check_privilege_by_sockfd", "security-server::api-privilege-by-pid"},
  46         {"security_server_get_cookie_pid", "security-server::api-cookie-check"},
  47         {"security_server_is_pwd_valid", "security-server::api-password-check"},
  48         {"security_server_set_pwd", "security-server::api_password-set"},
  49         {"security_server_set_pwd_validity", "security-server::api-password-set"},
  50         {"security_server_set_pwd_max_challenge", "security-server::api-password-set"},
  51         {"security_server_reset_pwd", "security-server::api-password-set"},
  52         {"security_server_chk_pwd", "security-server::api-password-check"},
  53         {"security_server_set_pwd_history", "security-server::api-password-set"},
  54         {"security_server_get_smacklabel_cookie", "security-server::api-cookie-check"},
  55         {"security_server_get_smacklabel_sockfd", "none"},
  56         {"security_server_app_give_access", "security-server::api-data-share"},
  57         {"security_server_check_privilege_by_pid", "security-server::api-privilege-by-pid"},
  58         {"security_server_app_enable_permissions", "security-server::api-app-permissions"},
  59         {"security_server_app_disable_permissions", "security-server::api-app-permissions"},
  60         {"security_server_get_uid_by_cookie", "security-server::api-cookie-check"},
  61         {"security_server_app_has_privilege", "security-server::api-app-privilege-by-name"},
  62         {"security_server_app_caller_has_privilege", "security-server::api-app-privilege-by-name"},
  63         {"security_server_get_gid_by_cookie", "security-server::api-cookie-check"},
  64         {"security_server_open_for", "security-server::api-open-for"}
  65     };
  66
  67     auto it = translation.find(functionName);
  68     RUNNER_ASSERT_MSG_BT(it != translation.end(),
  69         tracker.str() << "Error no function " << functionName << " in security server.");
  70
  71     m_smackAccess.add(m_mySubject, it->second, "w", tracker);
  72 }
  73
  74 void AccessProvider::allowAPI(const std::string &api, const std::string &rule, const Tracker &tracker) {
  75     m_smackAccess.add(m_mySubject, api, rule, tracker);
  76 }
  77
  78 void AccessProvider::apply(const Tracker &tracker) {
  79     m_smackAccess.apply(tracker);
  80 }
  81
  82 void AccessProvider::applyAndSwithToUser(int uid, int gid, const Tracker &tracker) {
  83     RUNNER_ASSERT_MSG_BT(0 == smack_revoke_subject(m_mySubject.c_str()),
  84         tracker.str() << "Error in smack_revoke_subject(" << m_mySubject << ")");
  85     apply(tracker);
  86     RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(m_mySubject.c_str()),
  87         tracker.str() << "Error in smack_set_label_for_self.");
  88     RUNNER_ASSERT_MSG_BT(0 == setgid(gid),
  89         tracker.str() << "Error in setgid.");
  90     RUNNER_ASSERT_MSG_BT(0 == setuid(uid),
  91         tracker.str() << "Error in setuid.");
  92 }
  93
  94 } // namespace SecurityServer
  95