projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Adjust AccessProvider api to current security-server.
[platform/core/test/security-tests.git] / tests / security-server-tests / cookie_api.cpp
1 /*
2  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
3  */
4
5 /*
6  * @file    security_server_tests_cookie_api.cpp
7  * @author  Pawel Polawski (p.polawski@partner.samsung.com)
8  * @version 1.0
9  * @brief   Test cases for security server cookie api
10  *
11  */
12
13 /*
14 Tested API functions in this file:
15
16     int security_server_get_cookie_size(void);
17     int security_server_request_cookie(char *cookie, size_t bufferSize);
18
19     int security_server_check_privilege(const char *cookie, gid_t privilege);
20     int security_server_check_privilege_by_cookie(const char *cookie,
21                                                   const char *object,
22                                                   const char *access_rights);
23     int security_server_get_cookie_pid(const char *cookie);
24     char *security_server_get_smacklabel_cookie(const char *cookie);
25     int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
26     int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
27 */
28
29 #include <dpl/test/test_runner.h>
30 #include <dpl/test/test_runner_multiprocess.h>
31 #include <tests_common.h>
32 #include <sys/smack.h>
33 #include <cstddef>
34 #include <sys/types.h>
35 #include <unistd.h>
36 #include <access_provider.h>
37 #include <security-server.h>
38 #include <smack_access.h>
39 #include <security_server_tests_common.h>
40 #include <memory.h>
41
42 const char *ROOT_USER = "root";
43 const char *PROC_AUDIO_GROUP_NAME = "audio";
44
45 const int KNOWN_COOKIE_SIZE = 20;
46
47 RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
48
49 /*
50  * **************************************************************************
51  * Test cases fot check various functions input params cases
52  * **************************************************************************
53  */
54
55 //---------------------------------------------------------------------------
56 //passing NULL as a buffer pointer
57 RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
58 {
59     int ret = security_server_request_cookie(NULL, KNOWN_COOKIE_SIZE);
60     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
61                       "Error in security_server_request_cookie() argument checking: " << ret);
62 }
63
64 //passing too small value as a buffer size
65 RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
66 {
67     Cookie cookie(KNOWN_COOKIE_SIZE);
68
69     int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
70     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
71                       "Error in security_server_request_cookie() argument checking: " << ret);
72 }
73
74 //---------------------------------------------------------------------------
75 //passing NULL as a cookie pointer
76 RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
77 {
78     int ret = security_server_check_privilege(NULL, 0);
79     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
80                       "Error in security_server_check_privilege() argument checking: " << ret);
81 }
82
83 //---------------------------------------------------------------------------
84 //passing NULL as a cookie pointer
85 RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
86 {
87     RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
88     int ret = security_server_check_privilege_by_cookie(NULL, "wiadro", "rwx");
89     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
90                       "Error in security_server_check_privilege_by_cookie() argument checking: "
91                       << ret);
92 }
93
94 //passing NULL as an object pointer
95 RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
96 {
97     RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
98     Cookie cookie = getCookieFromSS();
99
100     int ret = security_server_check_privilege_by_cookie(cookie.data(), NULL, "rwx");
101     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
102                       "Error in security_server_check_privilege_by_cookie() argument checking: "
103                       << ret);
104 }
105
106 //passing NULL as an access pointer
107 RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
108 {
109     RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
110     Cookie cookie = getCookieFromSS();
111
112     int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", NULL);
113     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
114                       "Error in security_server_check_privilege_by_cookie() argument checking: "
115                       << ret);
116 }
117
118 //---------------------------------------------------------------------------
119 //passing NULL as a cookie pointer
120 RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
121 {
122     int ret = security_server_get_cookie_pid(NULL);
123     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
124                       "Error in security_server_get_cookie_pid() argument checking: " << ret);
125 }
126
127 //getting pid of non existing cookie
128 RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
129 {
130     const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
131     RUNNER_ASSERT_BT(security_server_get_cookie_pid(wrong_cookie) ==
132                   SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
133 }
134
135 //---------------------------------------------------------------------------
136 //passing NULL as a cookie pointer
137 RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
138 {
139     char *label = NULL;
140     label = security_server_get_smacklabel_cookie(NULL);
141     RUNNER_ASSERT_MSG_BT(label == NULL,
142                       "Error in security_server_get_smacklabel_cookie() argument checking");
143 }
144
145
146
147 /*
148  * **************************************************************************
149  * Unit tests for each function from API
150  * **************************************************************************
151  */
152
153 //---------------------------------------------------------------------------
154 //root has access to API
155 RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
156 {
157     int ret = security_server_get_cookie_size();
158     RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
159                       "Error in security_server_get_cookie_size(): " << ret);
160 }
161
162 //---------------------------------------------------------------------------
163 // Get cookie size when smack is not loaded
164 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
165 {
166     int ret;
167
168     ret = drop_root_privileges();
169     RUNNER_ASSERT_MSG_BT(ret == 0,
170             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
171     ret = security_server_get_cookie_size();
172     RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
173 }
174
175 //---------------------------------------------------------------------------
176 // Test setting up a cookie in normal case when smack is not loaded
177 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
178 {
179     int ret;
180     int cookieSize = security_server_get_cookie_size();
181     Cookie cookie(cookieSize);
182
183     ret = drop_root_privileges();
184     RUNNER_ASSERT_MSG_BT(ret == 0,
185             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
186
187     ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
188     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
189 }
190
191 //---------------------------------------------------------------------------
192 // Test setting up a cookie when smack is not loaded but with too small
193 // buffer size
194 RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
195 {
196     int ret;
197     int cookieSize = security_server_get_cookie_size();
198     Cookie cookie(cookieSize);
199
200     ret = drop_root_privileges();
201     RUNNER_ASSERT_MSG_BT(ret == 0,
202             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
203
204     ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
205     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
206 }
207
208 //---------------------------------------------------------------------------
209 // Get cookie size when smack is loaded
210 RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
211 {
212     SecurityServer::AccessProvider provider("selflabel_01_05");
213     provider.applyAndSwithToUser(APP_UID, APP_GID);
214
215     int ret = security_server_get_cookie_size();
216     RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
217                       "Error in security_server_get_cookie_size(): " << ret);
218 }
219
220 //---------------------------------------------------------------------------
221 //root has access to API
222 RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
223 {
224     int cookieSize = security_server_get_cookie_size();
225     RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
226                     "Error in security_server_get_cookie_size(): " << cookieSize);
227
228     Cookie cookie(cookieSize);
229     int ret = security_server_request_cookie(cookie.data(), cookie.size());
230     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
231                     "Error in security_server_request_cookie(): " << ret);
232 }
233
234 //---------------------------------------------------------------------------
235 // Test setting up a cookie in normal case when smack is loaded
236 RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
237 {
238     int cookieSize = security_server_get_cookie_size();
239     RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
240                       "Error in security_server_get_cookie_size(): " << cookieSize);
241
242     SecurityServer::AccessProvider provider("selflabel_02_01");
243     provider.allowSS();
244     provider.applyAndSwithToUser(APP_UID, APP_GID);
245
246     Cookie cookie(cookieSize);
247     int ret = security_server_request_cookie(cookie.data(), cookie.size());
248     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
249                       "Error in security_server_request_cookie(): " << ret);
250 }
251
252 //---------------------------------------------------------------------------
253 // Test setting up a cookie when smack is loaded but with too small buffer
254 // size
255 RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
256 {
257     int cookieSize = security_server_get_cookie_size();
258     RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
259                       "Error in security_server_get_cookie_size(): " << cookieSize);
260     cookieSize >>= 1;
261
262     SecurityServer::AccessProvider provider("selflabel_02_02");
263     provider.applyAndSwithToUser(APP_UID, APP_GID);
264
265     Cookie cookie(cookieSize);
266     int ret = security_server_request_cookie(cookie.data(), cookie.size());
267     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
268                       "Error in security_server_request_cookie(): " << ret);
269 }
270
271 //---------------------------------------------------------------------------
272 //root has access to API
273 RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
274 {
275     Cookie cookie = getCookieFromSS();
276
277     int ret = security_server_check_privilege(cookie.data(), 0);
278     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
279                       "Error in security_server_check_privilege(): " << ret);
280 }
281
282 //privileges drop and no smack rule
283 RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
284 {
285     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
286     Cookie cookie = getCookieFromSS();
287
288     SecurityServer::AccessProvider provider("selflabel_03_02");
289     provider.applyAndSwithToUser(APP_UID, APP_GID);
290
291     int ret = security_server_check_privilege(cookie.data(), 0);
292     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
293                       "security_server_check_privilege() should return access denied: " << ret);
294 }
295
296 //privileges drop and added smack rule
297 RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
298 {
299     Cookie cookie = getCookieFromSS();
300
301     SecurityServer::AccessProvider provider("selflabel_03_03");
302     provider.allowSS();
303     provider.applyAndSwithToUser(APP_UID, APP_GID);
304
305     int ret = security_server_check_privilege(cookie.data(), 0);
306     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
307                       "Error in security_server_check_privilege(): " << ret);
308 }
309
310 // invalid gid
311 RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg)
312 {
313     remove_process_group(PROC_AUDIO_GROUP_NAME);
314
315     Cookie cookie = getCookieFromSS();
316     int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
317     RUNNER_ASSERT_MSG_BT(audio_gid > -1,
318                          "security_server_get_gid() failed. result = " << audio_gid);
319
320     int ret = security_server_check_privilege(cookie.data(), audio_gid);
321
322     // security_server_check_privilege fails, because the process does not belong to "audio" group
323     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
324 }
325
326 // add gid
327 RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege)
328 {
329     add_process_group(PROC_AUDIO_GROUP_NAME);
330
331     Cookie cookie = getCookieFromSS();
332     int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
333     RUNNER_ASSERT_MSG_BT(audio_gid > -1,
334                          "security_server_get_gid() failed. result = " << audio_gid);
335
336     int ret = security_server_check_privilege(cookie.data(), audio_gid);
337     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
338 }
339
340 // test invalid cookie name
341 RUNNER_TEST(tc_unit_03_06_security_server_check_privilege)
342 {
343     // create invalid cookie
344     int size = security_server_get_cookie_size();
345     RUNNER_ASSERT_MSG_BT(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
346
347     Cookie cookie(size);
348     cookie[0] = 'a';
349     int ret = security_server_check_privilege(cookie.data(), 0);
350     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
351 }
352
353 //---------------------------------------------------------------------------
354 //root has access to API
355 RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
356 {
357     Cookie cookie = getCookieFromSS();
358
359     int ret = security_server_get_cookie_pid(cookie.data());
360     RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
361
362     int pid = getpid();
363     RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
364 }
365
366 //privileges drop and no smack rule
367 RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
368 {
369     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
370     Cookie cookie = getCookieFromSS();
371
372     SecurityServer::AccessProvider provider("selflabel_05_02");
373     provider.applyAndSwithToUser(APP_UID, APP_GID);
374
375     int ret = security_server_get_cookie_pid(cookie.data());
376     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
377                       "security_server_get_cookie_pid() should return access denied: " << ret);
378 }
379
380 //privileges drop and added smack rule
381 RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
382 {
383     Cookie cookie = getCookieFromSS();
384
385     SecurityServer::AccessProvider provider("selflabel_05_03");
386     provider.allowSS();
387     provider.applyAndSwithToUser(APP_UID, APP_GID);
388
389     int ret = security_server_get_cookie_pid(cookie.data());
390     RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
391
392     int pid = getpid();
393     RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
394 }
395
396 //---------------------------------------------------------------------------
397 //root has access to API
398 RUNNER_CHILD_TEST_SMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_smack)
399 {
400     setLabelForSelf(__LINE__, "selflabel_06_01");
401
402     Cookie cookie = getCookieFromSS();
403
404     CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
405     RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_01") == 0,
406                       "No match in smack label received from cookie, received label: "
407                       << label.get());
408 }
409
410 //---------------------------------------------------------------------------
411 //root has access to API
412 RUNNER_CHILD_TEST_NOSMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_nosmack)
413 {
414     Cookie cookie = getCookieFromSS();
415
416     char *receivedLabel = security_server_get_smacklabel_cookie(cookie.data());
417     RUNNER_ASSERT_MSG_BT(receivedLabel != NULL,
418                          "security_server_get_smacklabel_cookie returned NULL");
419     std::string label(receivedLabel);
420     free(receivedLabel);
421     RUNNER_ASSERT_MSG_BT(label.empty(),
422                          "security_server_get_smacklabel_cookie returned: "
423                          << label);
424 }
425
426 //privileges drop and no smack rule
427 RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
428 {
429     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
430     Cookie cookie = getCookieFromSS();
431
432     SecurityServer::AccessProvider provider("selflabel_06_02");
433     provider.applyAndSwithToUser(APP_UID, APP_GID);
434
435     CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
436     RUNNER_ASSERT_MSG_BT(label.get() == NULL,
437                       "NULL should be received due to access denied, received label: "
438                       << label.get());
439 }
440
441 //privileges drop and added smack rule
442 RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
443 {
444     SecurityServer::AccessProvider provider("selflabel_06_03");
445     provider.allowSS();
446     provider.applyAndSwithToUser(APP_UID, APP_GID);
447
448     Cookie cookie = getCookieFromSS();
449
450     CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
451     RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_03") == 0,
452                       "No match in smack label received from cookie, received label: "
453                       << label.get());
454 }
455
456 //---------------------------------------------------------------------------
457 // apply smack labels and drop privileges
458 RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
459 {
460     add_process_group(PROC_AUDIO_GROUP_NAME);
461
462     SecurityServer::AccessProvider provider("subject_1d6eda7d");
463     provider.allowSS();
464     provider.applyAndSwithToUser(APP_UID, APP_GID);
465
466     Cookie cookie = getCookieFromSS();
467
468     int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
469     RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
470                          << "\" gid. Result: " << ret);
471
472     ret = security_server_check_privilege(cookie.data(), ret);
473     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
474
475     int root_gid = security_server_get_gid(ROOT_USER);
476     RUNNER_ASSERT_MSG_BT(root_gid > -1, "root_gid: " << root_gid);
477
478     ret = security_server_get_cookie_pid(cookie.data());
479     RUNNER_ASSERT_MSG_BT(ret == getpid(), "ret: " << ret);
480
481     CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
482     RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "ss_label: " << ss_label.get());
483
484     RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
485
486     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
487     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
488 }
489
490 // disable access and drop privileges
491 RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny)
492 {
493     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
494     SecurityServer::AccessProvider provider("subject_1d414140");
495     provider.applyAndSwithToUser(APP_UID, APP_GID);
496
497     Cookie cookie = getCookieFromSS();
498
499     int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
500     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
501             "security_server_check_privilege should return access denied, "
502             "ret: " << ret);
503
504     ret = security_server_get_gid(ROOT_USER);
505     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
506             "security_server_get_gid should return access denied, "
507             "ret: " << ret);
508
509     ret = security_server_get_cookie_pid(cookie.data());
510     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
511             "security_server_get_cookie_pid should return access denied, "
512             "ret: " << ret);
513
514     CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
515     RUNNER_ASSERT_MSG_BT(ss_label.get() == NULL,
516             "access should be denied so label should be NULL: " << ss_label.get());
517
518     RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
519
520     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
521     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
522             "security_server_check_privilege_by_pid should return access denied, "
523             "ret: " << ret);
524 }
525
526 // NOSMACK version of the test above
527 RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
528 {
529     add_process_group(PROC_AUDIO_GROUP_NAME);
530
531     // drop root privileges
532     int ret = drop_root_privileges();
533     RUNNER_ASSERT_MSG_BT(ret == 0,
534             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
535
536     Cookie cookie = getCookieFromSS();
537
538     ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
539     RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
540                          << "\" gid. Result: " << ret);
541
542     ret = security_server_check_privilege(cookie.data(), ret);
543     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
544                          "check_privilege failed. Result: " << ret);
545
546     ret = security_server_get_gid(ROOT_USER);
547     RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
548
549     ret = security_server_get_cookie_pid(cookie.data());
550     RUNNER_ASSERT_MSG_BT(ret == getpid(),
551             "get_cookie_pid returned different pid than it should. Result: " << ret);
552
553     CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
554     RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "get_smacklabel_cookie failed.");
555
556     RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
557
558     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
559     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
560                          "check_privilege_by_pid failed. Result: " << ret);
561 }
Domain: Security / Uncategorized;