2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
21 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
23 * @brief libprivilege-control test runner
35 #include <sys/socket.h>
39 #include <dpl/test/test_runner.h>
40 #include <dpl/test/test_runner_multiprocess.h>
41 #include <sys/smack.h>
42 #include <privilege-control.h>
43 #include <tests_common.h>
44 #include <libprivilege-control_test_common.h>
45 #include "common/db.h"
48 #define APP_USER_NAME "app"
49 #define APP_HOME_DIR "/opt/home/app"
52 #define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
55 /////////////////////////////////////////
56 //////NOSMACK ENVIRONMENT TESTS//////////
57 /////////////////////////////////////////
59 RUNNER_TEST_GROUP_INIT(libprivilegecontrol_nosmack)
61 RUNNER_TEST_NOSMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO_nosmack)
63 test_perm_app_setup_path_PUBLIC_RO(false);
67 * NOSMACK version of privilege_control04 test.
69 * Tries to add permisions from test_privilege_control_rules template and checks if
70 * smack_have_access returns -1 on check between every rule.
72 RUNNER_TEST_NOSMACK(privilege_control04_add_permissions_nosmack)
78 result = perm_app_uninstall(APP_ID);
79 RUNNER_ASSERT_MSG(result == 0,
80 "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
82 result = perm_app_install(APP_ID);
83 RUNNER_ASSERT_MSG(result == 0,
84 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
87 result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
88 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
89 "Error adding app permissions. Result: " << result);
93 //Check if smack_have_access always fails on every rule
94 result = test_have_nosmack_accesses(rules_efl);
95 RUNNER_ASSERT_MSG(result == -1,
96 "Despite SMACK being off some accesses were added. Result: " << result);
98 TestLibPrivilegeControlDatabase db_test;
99 db_test.test_db_after__perm_app_install(USER_APP_ID);
100 db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
104 result = perm_app_disable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
105 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
106 "Error disabling permissions: " << perm_strerror(result));
110 void test_set_app_privilege_nosmack(
111 const char* app_id, app_type_t app_type,
112 const char** privileges, const char* type,
113 const char* app_path, const char* dac_file,
114 const rules_t &rules)
116 check_app_installed(app_path);
122 result = perm_app_uninstall(app_id);
123 RUNNER_ASSERT_MSG(result == 0,
124 "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
126 result = perm_app_install(app_id);
127 RUNNER_ASSERT_MSG(result == 0,
128 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
130 result = perm_app_enable_permissions(app_id, app_type, privileges, 1);
131 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
132 " Error enabling app permissions. Result: " << result);
136 result = test_have_nosmack_accesses(rules);
137 RUNNER_ASSERT_MSG(result == -1,
138 " Permissions shouldn't be added. Result: " << result);
140 std::set<unsigned> groups_before;
141 read_user_gids(groups_before, APP_UID);
143 result = perm_app_set_privilege(app_id, type, app_path);
144 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
145 " Error in perm_app_set_privilege. Error: " << result);
147 //Even though app privileges are set, no smack label should be extracted.
149 result = smack_new_label_from_self(&label);
150 RUNNER_ASSERT_MSG(result == -1,
151 " new_label_from_self should return error (SMACK is off). Result: " << result);
152 RUNNER_ASSERT_MSG(label == NULL,
153 " new_label_from_self shouldn't allocate memory for label.");
155 check_groups(groups_before, dac_file);
159 * NOSMACK version of privilege_control05_set_app_privilege test.
161 * Another very similar test to it's SMACK version, this time smack_new_label_from_self is
162 * expected to return different result.
164 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_nosmack)
168 check_app_installed(APP_SET_PRIV_PATH);
171 smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
172 smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
175 perm_app_uninstall(APP_ID);
178 std::set<unsigned> groups_before;
179 read_user_gids(groups_before, APP_UID);
182 result = perm_app_set_privilege(APP_ID, NULL, APP_SET_PRIV_PATH);
183 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
184 "Error in perm_app_set_privilege. Error: " << result);
186 //Even though app privileges are set, no smack label should be extracted.
188 result = smack_new_label_from_self(&label);
189 RUNNER_ASSERT_MSG(result == -1,
190 "new_label_from_self should return error (SMACK is off). Result: " << result);
191 RUNNER_ASSERT_MSG(label == NULL, "new_label_from_self shouldn't allocate memory for label.");
193 //Check if DAC privileges really set
194 RUNNER_ASSERT_MSG(getuid() == APP_UID, "Wrong UID");
195 RUNNER_ASSERT_MSG(getgid() == APP_GID, "Wrong GID");
197 result = strcmp(getenv("HOME"), APP_HOME_DIR);
198 RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR. Result: " << result);
200 result = strcmp(getenv("USER"), APP_USER_NAME);
201 RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME. Result: " << result);
203 check_groups(groups_before, NULL);
207 * NOSMACK version of privilege_control05_set_app_privilege_wgt test.
209 * Same as the above, plus uses test_have_nosmack_accesses instead of test_have_all_accesses.
211 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_nosmack)
213 test_set_app_privilege_nosmack(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
214 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
218 * NOSMACK version of privilege_control05_set_app_privilege_osp test.
222 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_nosmack)
224 test_set_app_privilege_nosmack(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
225 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
228 RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_efl_nosmack)
230 test_set_app_privilege_nosmack(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
232 LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
236 * Revoke permissions from the list. Should be executed as privileged user.
238 RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack)
240 test_revoke_permissions(__LINE__, WGT_APP_ID);
244 * Revoke permissions from the list. Should be executed as privileged user.
246 RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_nosmack)
248 test_revoke_permissions(__LINE__, OSP_APP_ID);
252 * NOSMACK version of privilege_control11_app_enable_permissions test.
254 * Since the original test did the same thing around five times, there is no need to redo the
255 * same test for perm_app_enable_permissions. perm_app_enable_permissions will be called once,
256 * test_have_nosmack_accesses will check if smack_have_access still returns error and then
257 * we will check if SMACK file was correctly created.
259 RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack)
265 result = perm_app_uninstall(WGT_APP_ID);
266 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
267 "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
269 result = perm_app_install(WGT_APP_ID);
270 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
271 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
273 result = perm_app_revoke_permissions(WGT_APP_ID);
274 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
275 "Error revoking app permissions. Result: " << result);
277 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
278 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
279 "Error enabling app permissions. Result: " << result);
283 //Check if accesses aren't added
284 result = test_have_nosmack_accesses(rules2);
285 RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
287 TestLibPrivilegeControlDatabase db_test;
288 db_test.test_db_after__perm_app_install(USER_APP_ID);
289 db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_WGT, PRIVS2, true);
294 result = perm_app_revoke_permissions(WGT_APP_ID);
295 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
296 "Error revoking app permissions. Result: " << result);
300 db_test.test_db_after__perm_app_install(USER_APP_ID);
303 RUNNER_CHILD_TEST_NOSMACK(privilege_control11_app_enable_permissions_efl_nosmack)
305 test_app_enable_permissions_efl(false);
309 * Check perm_app_install function
311 RUNNER_CHILD_TEST_NOSMACK(privilege_control12_app_disable_permissions_efl_nosmack)
313 test_app_disable_permissions_efl(false);
317 * Remove previously granted SMACK permissions based on permissions list.
319 RUNNER_TEST_NOSMACK(privilege_control12_app_disable_permissions_nosmack)
321 test_app_disable_permissions(false);
325 * NOSMACK version of privilege_control13 test.
327 * Uses perm_app_reset_permissions and checks with test_have_nosmack_accesses if nothing has
330 RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack)
336 result = perm_app_uninstall(WGT_APP_ID);
337 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
338 "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
340 result = perm_app_install(WGT_APP_ID);
341 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
342 "perm_app_install returned " << result << ". Errno: " << strerror(errno));
344 // Disable permissions
345 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
346 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
347 "Error disabling app permissions. Result: " << result);
349 // Prepare permissions to reset
350 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
351 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
352 " Error adding app permissions. Result: " << result);
355 result = perm_app_reset_permissions(WGT_APP_ID);
356 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
357 "Error reseting app permissions. Result: " << result);
361 result = test_have_nosmack_accesses(rules2);
362 RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be changed. Result: " << result);
366 // Disable permissions
367 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
368 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
369 "Error disabling app permissions. Result: " << result);
375 * NOSMACK version of privilege_control15_app_id_from_socket.
377 * SMACK version of this test case utilized smack_new_label_from_self and smack_set_label_for_self.
378 * Those functions rely on /proc/self/attr/current file, which is unreadable and has no contents on
379 * NOSMACK environment. Functions mentioned above were tested during libsmack tests, so they are
380 * assumed to react correctly and are not tested in this test case.
382 * This test works similarly to libsmack test smack09_new_label_from_socket. At first server and
383 * client are created then sockets are set up and perm_app_id_from_socket is used. On NOSMACK env
384 * correct behavior for perm_app_id_from_socket would be returning NULL label.
386 RUNNER_MULTIPROCESS_TEST_NOSMACK(privilege_control15_app_id_from_socket_nosmack)
389 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
391 //Clean up before creating socket
394 //Create our server and client with fork
396 RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
398 if (!pid) { //child (server)
399 int sock, result, fd;
402 sock = socket(AF_UNIX, SOCK_STREAM, 0);
403 RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
405 //Bind socket to address
406 result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
407 RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
409 //Prepare for listening
410 result = listen(sock, 1);
411 RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
415 fd = accept(sock, NULL, NULL);
417 RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "accept failed");
419 //Wait a little bit for client to use perm_app_id_from_socket
424 } else { //parent (client)
425 // Give server some time to setup listening socket
428 char* smack_label = NULL;
431 sock = socket(AF_UNIX, SOCK_STREAM, 0);
432 RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
434 //Try connecting to address
435 result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
436 RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
438 //Use perm_app_id_from_socket. Should fail and return NULL smack_label.
439 smack_label = perm_app_id_from_socket(sock);
440 RUNNER_ASSERT_MSG(!smack_label, "perm_app_id_from_socket should fail.");
443 RUNNER_ASSERT_MSG(smack_label == NULL, "perm_app_id_from_socket should fail.");