tests/security-manager-tests/security_manager_tests.cpp

   1 #include <dpl/test/test_runner.h>
   2 #include <fcntl.h>
   3 #include <stdio.h>
   4 #include <memory.h>
   5 #include <summary_collector.h>
   6
   7 #include <libprivilege-control_test_common.h>
   8 #include <tests_common.h>
   9
  10 #include <security-manager.h>
  11
  12 DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
  13
  14 static const char* SM_APP_ID = "sm_test_app_id";
  15 static const char* SM_PKG_ID = "sm_test_pkg_id";
  16
  17 static uid_t SM_ALLOWED_UID1 = 6666;
  18 static uid_t SM_ALLOWED_UID2 = 7777;
  19
  20 static const char* SM_ALLOWED_PERMISSION1 = "security_manager_test_rules2_r";
  21 static const char* SM_ALLOWED_PERMISSION2 = "security_manager_test_rules2_no_r";
  22
  23 static const rules_t SM_ALLOWED_RULES = {
  24     { USER_APP_ID, "test_sm_book_8", "r" },
  25     { USER_APP_ID, "test_sm_book_9", "w" },
  26     { USER_APP_ID, "test_sm_book_10", "x" },
  27     { USER_APP_ID, "test_sm_book_11", "rw" },
  28     { USER_APP_ID, "test_sm_book_12", "rx" },
  29     { USER_APP_ID, "test_sm_book_13", "wx" },
  30     { USER_APP_ID, "test_sm_book_14", "rwx" },
  31     { USER_APP_ID, "test_sm_book_15", "rwxat" },
  32     { "test_sm_subject_8", USER_APP_ID, "r" },
  33     { "test_sm_subject_9", USER_APP_ID, "w" },
  34     { "test_sm_subject_10", USER_APP_ID, "x" },
  35     { "test_sm_subject_11", USER_APP_ID, "rw" },
  36     { "test_sm_subject_12", USER_APP_ID, "rx" },
  37     { "test_sm_subject_13", USER_APP_ID, "wx" },
  38     { "test_sm_subject_14", USER_APP_ID, "rwx" },
  39     { "test_sm_subject_15", USER_APP_ID, "rwxat" }
  40 };
  41 static const rules_t SM_DENIED_RULES = {
  42     { USER_APP_ID, "test_sm_book_1", "r" },
  43     { USER_APP_ID, "test_sm_book_2", "w" },
  44     { USER_APP_ID, "test_sm_book_3", "x" },
  45     { USER_APP_ID, "test_sm_book_4", "rw" },
  46     { USER_APP_ID, "test_sm_book_5", "rx" },
  47     { USER_APP_ID, "test_sm_book_6", "wx" },
  48     { USER_APP_ID, "test_sm_book_7", "rwx" },
  49     { "test_sm_subject_1", USER_APP_ID, "r" },
  50     { "test_sm_subject_2", USER_APP_ID, "w" },
  51     { "test_sm_subject_3", USER_APP_ID, "x" },
  52     { "test_sm_subject_4", USER_APP_ID, "rw" },
  53     { "test_sm_subject_5", USER_APP_ID, "rx" },
  54     { "test_sm_subject_6", USER_APP_ID, "wx" },
  55     { "test_sm_subject_7", USER_APP_ID, "rwx" }
  56 };
  57
  58 static const char* SM_DENIED_PERMISSION1 = "security_manager_test_rules1";
  59 static const char* SM_DENIED_PERMISSION2 = "security_manager_test_rules2";
  60
  61 static const char* SM_ALLOWED_PATH = TEST_APP_DIR;
  62 static const char* SM_DENIED_PATH = TEST_NON_APP_DIR;
  63
  64 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
  65
  66 static app_inst_req* do_app_inst_req_new()
  67 {
  68     int result;
  69     app_inst_req *req = NULL;
  70
  71     result = security_manager_app_inst_req_new(&req);
  72     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
  73             "creation of new request failed. Result: " << result);
  74     RUNNER_ASSERT_MSG_BT(req != NULL, "creation of new request did not allocate memory");
  75     return req;
  76 }
  77
  78 static void prepare_app_path()
  79 {
  80     int result;
  81
  82     result = nftw(SM_ALLOWED_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
  83     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_ALLOWED_PATH);
  84
  85     result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
  86     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
  87 }
  88
  89 static void check_app_path_after_install()
  90 {
  91     int result;
  92
  93     result = nftw(SM_ALLOWED_PATH, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
  94     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_ALLOWED_PATH);
  95
  96     result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
  97     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
  98 }
  99
 100 static void check_app_permission_after_install()
 101 {
 102     bool result;
 103
 104     result = check_all_accesses(smack_check(), SM_ALLOWED_RULES);
 105     RUNNER_ASSERT_MSG_BT(result, "Permissions not added.");
 106     result = check_no_accesses(smack_check(), SM_DENIED_RULES);
 107     RUNNER_ASSERT_MSG_BT(result, "Permissions added.");
 108
 109     check_perm_app_has_permission(USER_APP_ID, SM_ALLOWED_PERMISSION1, true);
 110     check_perm_app_has_permission(USER_APP_ID, SM_ALLOWED_PERMISSION2, true);
 111     check_perm_app_has_permission(USER_APP_ID, SM_DENIED_PERMISSION1, false);
 112     check_perm_app_has_permission(USER_APP_ID, SM_DENIED_PERMISSION2, false);
 113 }
 114
 115 static void prepare_app_env()
 116 {
 117     prepare_app_path();
 118 }
 119
 120 static void check_app_env_after_install()
 121 {
 122     check_app_path_after_install();
 123     check_app_permission_after_install();
 124 }
 125
 126 RUNNER_TEST(security_manager_01_app_install_unsinstall)
 127 {
 128     int result;
 129     AppInstReqUniquePtr request;
 130
 131     prepare_app_env();
 132
 133     request.reset(do_app_inst_req_new());
 134
 135     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID);
 136     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 137             "setting app id failed. Result: " << result);
 138
 139     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID);
 140     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 141             "setting pkg id failed. Result: " << result);
 142
 143     result = security_manager_app_inst_req_add_allowed_user(request.get(), SM_ALLOWED_UID1);
 144     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 145             "setting allowed user failed. Result: " << result);
 146     result = security_manager_app_inst_req_add_allowed_user(request.get(), SM_ALLOWED_UID2);
 147     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 148             "setting allowed user failed. Result: " << result);
 149
 150     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PERMISSION1);
 151     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 152             "setting allowed permission failed. Result: " << result);
 153     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PERMISSION2);
 154     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 155             "setting allowed permission failed. Result: " << result);
 156
 157     result = security_manager_app_inst_req_add_path(request.get(), SM_ALLOWED_PATH,
 158                                                     SECURITY_MANAGER_PATH_PRIVATE);
 159     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 160             "setting allowed path failed. Result: " << result);
 161
 162     result = security_manager_app_install(request.get());
 163     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 164             "installing app failed. Result: " << result);
 165
 166     check_app_env_after_install();
 167
 168     request.reset(do_app_inst_req_new());
 169
 170     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID);
 171     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 172             "setting app id failed. Result: " << result);
 173
 174     result = security_manager_app_uninstall(request.get());
 175     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 176             "uninstalling app failed. Result: " << result);
 177
 178 }
 179
 180 int main(int argc, char *argv[])
 181 {
 182     SummaryCollector::Register();
 183     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
 184 }