projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Some tests that call smack_revoke_subject should run with smack
[platform/core/test/security-tests.git] / tests / security-server-tests / cookie_api.cpp
1 /*
2  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
3  */
4
5 /*
6  * @file    security_server_tests_cookie_api.cpp
7  * @author  Pawel Polawski (p.polawski@partner.samsung.com)
8  * @version 1.0
9  * @brief   Test cases for security server cookie api
10  *
11  */
12
13 /*
14 Tested API functions in this file:
15
16 Protected by "security-server::api-cookie-get" label:
17     int security_server_get_cookie_size(void);
18     int security_server_request_cookie(char *cookie, size_t bufferSize);
19
20
21 Protected by "security-server::api-cookie-check" label:
22     int security_server_check_privilege(const char *cookie, gid_t privilege);
23     int security_server_check_privilege_by_cookie(const char *cookie,
24                                                   const char *object,
25                                                   const char *access_rights);
26     int security_server_get_cookie_pid(const char *cookie);
27     char *security_server_get_smacklabel_cookie(const char *cookie);
28     int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
29     int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
30 */
31
32 #include <dpl/test/test_runner.h>
33 #include <dpl/test/test_runner_multiprocess.h>
34 #include <tests_common.h>
35 #include <sys/smack.h>
36 #include <cstddef>
37 #include <sys/types.h>
38 #include <unistd.h>
39 #include <access_provider.h>
40 #include <security-server.h>
41 #include <smack_access.h>
42 #include <security_server_tests_common.h>
43
44 const char *ROOT_USER = "root";
45 const char *PROC_AUDIO_GROUP_NAME = "audio";
46
47 typedef std::unique_ptr<char, void(*)(void *)> UniquePtrCstring;
48 const int KNOWN_COOKIE_SIZE = 20;
49
50 RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
51
52 /*
53  * **************************************************************************
54  * Test cases fot check various functions input params cases
55  * **************************************************************************
56  */
57
58 //---------------------------------------------------------------------------
59 //passing NULL as a buffer pointer
60 RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
61 {
62     int ret = security_server_request_cookie(NULL, KNOWN_COOKIE_SIZE);
63     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
64                       "Error in security_server_request_cookie() argument checking: " << ret);
65 }
66
67 //passing too small value as a buffer size
68 RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
69 {
70     Cookie cookie(KNOWN_COOKIE_SIZE);
71
72     int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
73     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
74                       "Error in security_server_request_cookie() argument checking: " << ret);
75 }
76
77 //---------------------------------------------------------------------------
78 //passing NULL as a cookie pointer
79 RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
80 {
81     int ret = security_server_check_privilege(NULL, 0);
82     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
83                       "Error in security_server_check_privilege() argument checking: " << ret);
84 }
85
86 //---------------------------------------------------------------------------
87 //passing NULL as a cookie pointer
88 RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
89 {
90     int ret = security_server_check_privilege_by_cookie(NULL, "wiadro", "rwx");
91     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
92                       "Error in security_server_check_privilege_by_cookie() argument checking: "
93                       << ret);
94 }
95
96 //passing NULL as an object pointer
97 RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
98 {
99     Cookie cookie = getCookieFromSS();
100
101     int ret = security_server_check_privilege_by_cookie(cookie.data(), NULL, "rwx");
102     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
103                       "Error in security_server_check_privilege_by_cookie() argument checking: "
104                       << ret);
105 }
106
107 //passing NULL as an access pointer
108 RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
109 {
110     Cookie cookie = getCookieFromSS();
111
112     int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", NULL);
113     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
114                       "Error in security_server_check_privilege_by_cookie() argument checking: "
115                       << ret);
116 }
117
118 //---------------------------------------------------------------------------
119 //passing NULL as a cookie pointer
120 RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
121 {
122     int ret = security_server_get_cookie_pid(NULL);
123     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
124                       "Error in security_server_get_cookie_pid() argument checking: " << ret);
125 }
126
127 //getting pid of non existing cookie
128 RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
129 {
130     const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
131     RUNNER_ASSERT_BT(security_server_get_cookie_pid(wrong_cookie) ==
132                   SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
133 }
134
135 //---------------------------------------------------------------------------
136 //passing NULL as a cookie pointer
137 RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
138 {
139     char *label = NULL;
140     label = security_server_get_smacklabel_cookie(NULL);
141     RUNNER_ASSERT_MSG_BT(label == NULL,
142                       "Error in security_server_get_smacklabel_cookie() argument checking");
143 }
144
145
146
147 /*
148  * **************************************************************************
149  * Unit tests for each function from API
150  * **************************************************************************
151  */
152
153 //---------------------------------------------------------------------------
154 //root has access to API
155 RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
156 {
157     int ret = security_server_get_cookie_size();
158     RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
159                       "Error in security_server_get_cookie_size(): " << ret);
160 }
161
162 //---------------------------------------------------------------------------
163 // Get cookie size when smack is not loaded
164 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
165 {
166     int ret;
167
168     ret = drop_root_privileges();
169     RUNNER_ASSERT_MSG_BT(ret == 0,
170             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
171     ret = security_server_get_cookie_size();
172     RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
173 }
174
175 //---------------------------------------------------------------------------
176 // Test setting up a cookie in normal case when smack is not loaded
177 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
178 {
179     int ret;
180     int cookieSize = security_server_get_cookie_size();
181     Cookie cookie(cookieSize);
182
183     ret = drop_root_privileges();
184     RUNNER_ASSERT_MSG_BT(ret == 0,
185             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
186
187     ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
188     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
189 }
190
191 //---------------------------------------------------------------------------
192 // Test setting up a cookie when smack is not loaded but with too small
193 // buffer size
194 RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
195 {
196     int ret;
197     int cookieSize = security_server_get_cookie_size();
198     Cookie cookie(cookieSize);
199
200     ret = drop_root_privileges();
201     RUNNER_ASSERT_MSG_BT(ret == 0,
202             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
203
204     ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
205     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
206 }
207
208 //---------------------------------------------------------------------------
209 // Get cookie size when smack is loaded
210 RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
211 {
212     SecurityServer::AccessProvider provider("selflabel_01_05");
213     provider.applyAndSwithToUser(APP_UID, APP_GID);
214
215     int ret = security_server_get_cookie_size();
216     RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
217                       "Error in security_server_get_cookie_size(): " << ret);
218 }
219
220 //---------------------------------------------------------------------------
221 //root has access to API
222 RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
223 {
224     int cookieSize = security_server_get_cookie_size();
225     RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
226                     "Error in security_server_get_cookie_size(): " << cookieSize);
227
228     Cookie cookie(cookieSize);
229     int ret = security_server_request_cookie(cookie.data(), cookie.size());
230     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
231                     "Error in security_server_request_cookie(): " << ret);
232 }
233
234 //---------------------------------------------------------------------------
235 // Test setting up a cookie in normal case when smack is loaded
236 RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
237 {
238     int cookieSize = security_server_get_cookie_size();
239     RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
240                       "Error in security_server_get_cookie_size(): " << cookieSize);
241
242     SecurityServer::AccessProvider provider("selflabel_02_01");
243     provider.applyAndSwithToUser(APP_UID, APP_GID);
244
245     Cookie cookie(cookieSize);
246     int ret = security_server_request_cookie(cookie.data(), cookie.size());
247     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
248                       "Error in security_server_request_cookie(): " << ret);
249 }
250
251 //---------------------------------------------------------------------------
252 // Test setting up a cookie when smack is loaded but with too small buffer
253 // size
254 RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
255 {
256     int cookieSize = security_server_get_cookie_size();
257     RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
258                       "Error in security_server_get_cookie_size(): " << cookieSize);
259     cookieSize >>= 1;
260
261     SecurityServer::AccessProvider provider("selflabel_02_02");
262     provider.applyAndSwithToUser(APP_UID, APP_GID);
263
264     Cookie cookie(cookieSize);
265     int ret = security_server_request_cookie(cookie.data(), cookie.size());
266     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
267                       "Error in security_server_request_cookie(): " << ret);
268 }
269
270 //---------------------------------------------------------------------------
271 //root has access to API
272 RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
273 {
274     Cookie cookie = getCookieFromSS();
275
276     int ret = security_server_check_privilege(cookie.data(), 0);
277     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
278                       "Error in security_server_check_privilege(): " << ret);
279 }
280
281 //privileges drop and no smack rule
282 RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
283 {
284     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
285     Cookie cookie = getCookieFromSS();
286
287     SecurityServer::AccessProvider provider("selflabel_03_02");
288     provider.applyAndSwithToUser(APP_UID, APP_GID);
289
290     int ret = security_server_check_privilege(cookie.data(), 0);
291     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
292                       "security_server_check_privilege() should return access denied: " << ret);
293 }
294
295 //privileges drop and added smack rule
296 RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
297 {
298     Cookie cookie = getCookieFromSS();
299
300     SecurityServer::AccessProvider provider("selflabel_03_03");
301     provider.allowFunction("security_server_check_privilege");
302     provider.applyAndSwithToUser(APP_UID, APP_GID);
303
304     int ret = security_server_check_privilege(cookie.data(), 0);
305     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
306                       "Error in security_server_check_privilege(): " << ret);
307 }
308
309 // invalid gid
310 RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg)
311 {
312     remove_process_group(PROC_AUDIO_GROUP_NAME);
313
314     Cookie cookie = getCookieFromSS();
315     int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
316     RUNNER_ASSERT_MSG_BT(audio_gid > -1,
317                          "security_server_get_gid() failed. result = " << audio_gid);
318
319     int ret = security_server_check_privilege(cookie.data(), audio_gid);
320
321     // security_server_check_privilege fails, because the process does not belong to "audio" group
322     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
323 }
324
325 // add gid
326 RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege)
327 {
328     add_process_group(PROC_AUDIO_GROUP_NAME);
329
330     Cookie cookie = getCookieFromSS();
331     int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
332     RUNNER_ASSERT_MSG_BT(audio_gid > -1,
333                          "security_server_get_gid() failed. result = " << audio_gid);
334
335     int ret = security_server_check_privilege(cookie.data(), audio_gid);
336     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
337 }
338
339 // test invalid cookie name
340 RUNNER_TEST(tc_unit_03_06_security_server_check_privilege)
341 {
342     // create invalid cookie
343     int size = security_server_get_cookie_size();
344     RUNNER_ASSERT_MSG_BT(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
345
346     Cookie cookie(size);
347     cookie[0] = 'a';
348     int ret = security_server_check_privilege(cookie.data(), 0);
349     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
350 }
351
352 //---------------------------------------------------------------------------
353 //root has access to API
354 RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
355 {
356     Cookie cookie = getCookieFromSS();
357
358     int ret = security_server_get_cookie_pid(cookie.data());
359     RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
360
361     int pid = getpid();
362     RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
363 }
364
365 //privileges drop and no smack rule
366 RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
367 {
368     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
369     Cookie cookie = getCookieFromSS();
370
371     SecurityServer::AccessProvider provider("selflabel_05_02");
372     provider.applyAndSwithToUser(APP_UID, APP_GID);
373
374     int ret = security_server_get_cookie_pid(cookie.data());
375     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
376                       "security_server_get_cookie_pid() should return access denied: " << ret);
377 }
378
379 //privileges drop and added smack rule
380 RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
381 {
382     Cookie cookie = getCookieFromSS();
383
384     SecurityServer::AccessProvider provider("selflabel_05_03");
385     provider.allowFunction("security_server_get_cookie_pid");
386     provider.applyAndSwithToUser(APP_UID, APP_GID);
387
388     int ret = security_server_get_cookie_pid(cookie.data());
389     RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
390
391     int pid = getpid();
392     RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
393 }
394
395 //---------------------------------------------------------------------------
396 //root has access to API
397 RUNNER_CHILD_TEST(tc_unit_06_01_security_server_get_smacklabel_cookie)
398 {
399     setLabelForSelf(__LINE__, "selflabel_06_01");
400
401     Cookie cookie = getCookieFromSS();
402
403     UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
404     RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_01") == 0,
405                       "No match in smack label received from cookie, received label: "
406                       << label.get());
407 }
408
409 //privileges drop and no smack rule
410 RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
411 {
412     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
413     Cookie cookie = getCookieFromSS();
414
415     SecurityServer::AccessProvider provider("selflabel_06_02");
416     provider.applyAndSwithToUser(APP_UID, APP_GID);
417
418     UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
419     RUNNER_ASSERT_MSG_BT(label.get() == NULL,
420                       "NULL should be received due to access denied, received label: "
421                       << label.get());
422 }
423
424 //privileges drop and added smack rule
425 RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
426 {
427     SecurityServer::AccessProvider provider("selflabel_06_03");
428     provider.allowFunction("security_server_get_smacklabel_cookie");
429     provider.applyAndSwithToUser(APP_UID, APP_GID);
430
431     Cookie cookie = getCookieFromSS();
432
433     UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
434     RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_03") == 0,
435                       "No match in smack label received from cookie, received label: "
436                       << label.get());
437 }
438
439 //---------------------------------------------------------------------------
440 // apply smack labels and drop privileges
441 RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
442 {
443     add_process_group(PROC_AUDIO_GROUP_NAME);
444
445     SecurityServer::AccessProvider provider("subject_1d6eda7d");
446     provider.allowFunction("security_server_get_gid");
447     provider.allowFunction("security_server_request_cookie");
448     provider.allowFunction("security_server_check_privilege");
449     provider.allowFunction("security_server_get_cookie_pid");
450     provider.allowFunction("security_server_get_smacklabel_cookie");
451     provider.allowFunction("security_server_check_privilege_by_pid");
452     provider.applyAndSwithToUser(APP_UID, APP_GID);
453
454     Cookie cookie = getCookieFromSS();
455
456     int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
457     RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
458                          << "\" gid. Result: " << ret);
459
460     ret = security_server_check_privilege(cookie.data(), ret);
461     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
462
463     int root_gid = security_server_get_gid(ROOT_USER);
464     RUNNER_ASSERT_MSG_BT(root_gid > -1, "root_gid: " << root_gid);
465
466     ret = security_server_get_cookie_pid(cookie.data());
467     RUNNER_ASSERT_MSG_BT(ret == getpid(), "ret: " << ret);
468
469     UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
470     RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "ss_label: " << ss_label.get());
471
472     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
473     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
474 }
475
476 // disable access and drop privileges
477 RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny)
478 {
479     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
480     SecurityServer::AccessProvider provider("subject_1d414140");
481     provider.applyAndSwithToUser(APP_UID, APP_GID);
482
483     Cookie cookie = getCookieFromSS();
484
485     int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
486     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
487             "security_server_check_privilege should return access denied, "
488             "ret: " << ret);
489
490     ret = security_server_get_gid(ROOT_USER);
491     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
492             "security_server_get_gid should return access denied, "
493             "ret: " << ret);
494
495     ret = security_server_get_cookie_pid(cookie.data());
496     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
497             "security_server_get_cookie_pid should return access denied, "
498             "ret: " << ret);
499
500     UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
501     RUNNER_ASSERT_MSG_BT(ss_label.get() == NULL,
502             "access should be denied so label should be NULL: " << ss_label.get());
503
504     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
505     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
506             "security_server_check_privilege_by_pid should return access denied, "
507             "ret: " << ret);
508 }
509
510 // NOSMACK version of the test above
511 RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
512 {
513     add_process_group(PROC_AUDIO_GROUP_NAME);
514
515     // drop root privileges
516     int ret = drop_root_privileges();
517     RUNNER_ASSERT_MSG_BT(ret == 0,
518             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
519
520     Cookie cookie = getCookieFromSS();
521
522     ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
523     RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
524                          << "\" gid. Result: " << ret);
525
526     ret = security_server_check_privilege(cookie.data(), ret);
527     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
528                          "check_privilege failed. Result: " << ret);
529
530     ret = security_server_get_gid(ROOT_USER);
531     RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
532
533     ret = security_server_get_cookie_pid(cookie.data());
534     RUNNER_ASSERT_MSG_BT(ret == getpid(),
535             "get_cookie_pid returned different pid than it should. Result: " << ret);
536
537     UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
538     RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "get_smacklabel_cookie failed.");
539
540     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
541     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
542                          "check_privilege_by_pid failed. Result: " << ret);
543 }
Domain: Security / Uncategorized;