2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
6 * @file security_server_tests_cookie_api.cpp
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
9 * @brief Test cases for security server cookie api
14 Tested API functions in this file:
16 int security_server_get_cookie_size(void);
17 int security_server_request_cookie(char *cookie, size_t bufferSize);
19 int security_server_check_privilege(const char *cookie, gid_t privilege);
20 int security_server_check_privilege_by_cookie(const char *cookie,
22 const char *access_rights);
23 int security_server_get_cookie_pid(const char *cookie);
24 char *security_server_get_smacklabel_cookie(const char *cookie);
25 int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
26 int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
29 #include <dpl/test/test_runner.h>
30 #include <dpl/test/test_runner_multiprocess.h>
31 #include <tests_common.h>
32 #include <sys/smack.h>
34 #include <sys/types.h>
36 #include <access_provider.h>
37 #include <security-server.h>
38 #include <smack_access.h>
39 #include <security_server_tests_common.h>
42 const char *ROOT_USER = "root";
43 const char *PROC_AUDIO_GROUP_NAME = "audio";
45 const int KNOWN_COOKIE_SIZE = 20;
47 RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
50 * **************************************************************************
51 * Test cases fot check various functions input params cases
52 * **************************************************************************
55 //---------------------------------------------------------------------------
56 //passing NULL as a buffer pointer
57 RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
59 int ret = security_server_request_cookie(NULL, KNOWN_COOKIE_SIZE);
60 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
61 "Error in security_server_request_cookie() argument checking: " << ret);
64 //passing too small value as a buffer size
65 RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
67 Cookie cookie(KNOWN_COOKIE_SIZE);
69 int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
70 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
71 "Error in security_server_request_cookie() argument checking: " << ret);
74 //---------------------------------------------------------------------------
75 //passing NULL as a cookie pointer
76 RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
78 int ret = security_server_check_privilege(NULL, 0);
79 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
80 "Error in security_server_check_privilege() argument checking: " << ret);
83 //---------------------------------------------------------------------------
84 //passing NULL as a cookie pointer
85 RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
87 RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
88 int ret = security_server_check_privilege_by_cookie(NULL, "wiadro", "rwx");
89 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
90 "Error in security_server_check_privilege_by_cookie() argument checking: "
94 //passing NULL as an object pointer
95 RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
97 RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
98 Cookie cookie = getCookieFromSS();
100 int ret = security_server_check_privilege_by_cookie(cookie.data(), NULL, "rwx");
101 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
102 "Error in security_server_check_privilege_by_cookie() argument checking: "
106 //passing NULL as an access pointer
107 RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
109 RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
110 Cookie cookie = getCookieFromSS();
112 int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", NULL);
113 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
114 "Error in security_server_check_privilege_by_cookie() argument checking: "
118 //---------------------------------------------------------------------------
119 //passing NULL as a cookie pointer
120 RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
122 int ret = security_server_get_cookie_pid(NULL);
123 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
124 "Error in security_server_get_cookie_pid() argument checking: " << ret);
127 //getting pid of non existing cookie
128 RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
130 const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
131 RUNNER_ASSERT_BT(security_server_get_cookie_pid(wrong_cookie) ==
132 SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
135 //---------------------------------------------------------------------------
136 //passing NULL as a cookie pointer
137 RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
140 label = security_server_get_smacklabel_cookie(NULL);
141 RUNNER_ASSERT_MSG_BT(label == NULL,
142 "Error in security_server_get_smacklabel_cookie() argument checking");
148 * **************************************************************************
149 * Unit tests for each function from API
150 * **************************************************************************
153 //---------------------------------------------------------------------------
154 //root has access to API
155 RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
157 int ret = security_server_get_cookie_size();
158 RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
159 "Error in security_server_get_cookie_size(): " << ret);
162 //---------------------------------------------------------------------------
163 // Get cookie size when smack is not loaded
164 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
168 ret = drop_root_privileges();
169 RUNNER_ASSERT_MSG_BT(ret == 0,
170 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
171 ret = security_server_get_cookie_size();
172 RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
175 //---------------------------------------------------------------------------
176 // Test setting up a cookie in normal case when smack is not loaded
177 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
180 int cookieSize = security_server_get_cookie_size();
181 Cookie cookie(cookieSize);
183 ret = drop_root_privileges();
184 RUNNER_ASSERT_MSG_BT(ret == 0,
185 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
187 ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
188 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
191 //---------------------------------------------------------------------------
192 // Test setting up a cookie when smack is not loaded but with too small
194 RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
197 int cookieSize = security_server_get_cookie_size();
198 Cookie cookie(cookieSize);
200 ret = drop_root_privileges();
201 RUNNER_ASSERT_MSG_BT(ret == 0,
202 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
204 ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
205 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
208 //---------------------------------------------------------------------------
209 // Get cookie size when smack is loaded
210 RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
212 SecurityServer::AccessProvider provider("selflabel_01_05");
213 provider.applyAndSwithToUser(APP_UID, APP_GID);
215 int ret = security_server_get_cookie_size();
216 RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
217 "Error in security_server_get_cookie_size(): " << ret);
220 //---------------------------------------------------------------------------
221 //root has access to API
222 RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
224 int cookieSize = security_server_get_cookie_size();
225 RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
226 "Error in security_server_get_cookie_size(): " << cookieSize);
228 Cookie cookie(cookieSize);
229 int ret = security_server_request_cookie(cookie.data(), cookie.size());
230 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
231 "Error in security_server_request_cookie(): " << ret);
234 //---------------------------------------------------------------------------
235 // Test setting up a cookie in normal case when smack is loaded
236 RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
238 int cookieSize = security_server_get_cookie_size();
239 RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
240 "Error in security_server_get_cookie_size(): " << cookieSize);
242 SecurityServer::AccessProvider provider("selflabel_02_01");
244 provider.applyAndSwithToUser(APP_UID, APP_GID);
246 Cookie cookie(cookieSize);
247 int ret = security_server_request_cookie(cookie.data(), cookie.size());
248 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
249 "Error in security_server_request_cookie(): " << ret);
252 //---------------------------------------------------------------------------
253 // Test setting up a cookie when smack is loaded but with too small buffer
255 RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
257 int cookieSize = security_server_get_cookie_size();
258 RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
259 "Error in security_server_get_cookie_size(): " << cookieSize);
262 SecurityServer::AccessProvider provider("selflabel_02_02");
263 provider.applyAndSwithToUser(APP_UID, APP_GID);
265 Cookie cookie(cookieSize);
266 int ret = security_server_request_cookie(cookie.data(), cookie.size());
267 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
268 "Error in security_server_request_cookie(): " << ret);
271 //---------------------------------------------------------------------------
272 //root has access to API
273 RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
275 Cookie cookie = getCookieFromSS();
277 int ret = security_server_check_privilege(cookie.data(), 0);
278 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
279 "Error in security_server_check_privilege(): " << ret);
282 //privileges drop and no smack rule
283 RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
285 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
286 Cookie cookie = getCookieFromSS();
288 SecurityServer::AccessProvider provider("selflabel_03_02");
289 provider.applyAndSwithToUser(APP_UID, APP_GID);
291 int ret = security_server_check_privilege(cookie.data(), 0);
292 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
293 "security_server_check_privilege() should return access denied: " << ret);
296 //privileges drop and added smack rule
297 RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
299 Cookie cookie = getCookieFromSS();
301 SecurityServer::AccessProvider provider("selflabel_03_03");
303 provider.applyAndSwithToUser(APP_UID, APP_GID);
305 int ret = security_server_check_privilege(cookie.data(), 0);
306 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
307 "Error in security_server_check_privilege(): " << ret);
311 RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg)
313 remove_process_group(PROC_AUDIO_GROUP_NAME);
315 Cookie cookie = getCookieFromSS();
316 int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
317 RUNNER_ASSERT_MSG_BT(audio_gid > -1,
318 "security_server_get_gid() failed. result = " << audio_gid);
320 int ret = security_server_check_privilege(cookie.data(), audio_gid);
322 // security_server_check_privilege fails, because the process does not belong to "audio" group
323 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
327 RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege)
329 add_process_group(PROC_AUDIO_GROUP_NAME);
331 Cookie cookie = getCookieFromSS();
332 int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
333 RUNNER_ASSERT_MSG_BT(audio_gid > -1,
334 "security_server_get_gid() failed. result = " << audio_gid);
336 int ret = security_server_check_privilege(cookie.data(), audio_gid);
337 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
340 // test invalid cookie name
341 RUNNER_TEST(tc_unit_03_06_security_server_check_privilege)
343 // create invalid cookie
344 int size = security_server_get_cookie_size();
345 RUNNER_ASSERT_MSG_BT(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
349 int ret = security_server_check_privilege(cookie.data(), 0);
350 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
353 //---------------------------------------------------------------------------
354 //root has access to API
355 RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
357 Cookie cookie = getCookieFromSS();
359 int ret = security_server_get_cookie_pid(cookie.data());
360 RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
363 RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
366 //privileges drop and no smack rule
367 RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
369 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
370 Cookie cookie = getCookieFromSS();
372 SecurityServer::AccessProvider provider("selflabel_05_02");
373 provider.applyAndSwithToUser(APP_UID, APP_GID);
375 int ret = security_server_get_cookie_pid(cookie.data());
376 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
377 "security_server_get_cookie_pid() should return access denied: " << ret);
380 //privileges drop and added smack rule
381 RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
383 Cookie cookie = getCookieFromSS();
385 SecurityServer::AccessProvider provider("selflabel_05_03");
387 provider.applyAndSwithToUser(APP_UID, APP_GID);
389 int ret = security_server_get_cookie_pid(cookie.data());
390 RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
393 RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
396 //---------------------------------------------------------------------------
397 //root has access to API
398 RUNNER_CHILD_TEST_SMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_smack)
400 setLabelForSelf(__LINE__, "selflabel_06_01");
402 Cookie cookie = getCookieFromSS();
404 CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
405 RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_01") == 0,
406 "No match in smack label received from cookie, received label: "
410 //---------------------------------------------------------------------------
411 //root has access to API
412 RUNNER_CHILD_TEST_NOSMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_nosmack)
414 Cookie cookie = getCookieFromSS();
416 char *receivedLabel = security_server_get_smacklabel_cookie(cookie.data());
417 RUNNER_ASSERT_MSG_BT(receivedLabel != NULL,
418 "security_server_get_smacklabel_cookie returned NULL");
419 std::string label(receivedLabel);
421 RUNNER_ASSERT_MSG_BT(label.empty(),
422 "security_server_get_smacklabel_cookie returned: "
426 //privileges drop and no smack rule
427 RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
429 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
430 Cookie cookie = getCookieFromSS();
432 SecurityServer::AccessProvider provider("selflabel_06_02");
433 provider.applyAndSwithToUser(APP_UID, APP_GID);
435 CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
436 RUNNER_ASSERT_MSG_BT(label.get() == NULL,
437 "NULL should be received due to access denied, received label: "
441 //privileges drop and added smack rule
442 RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
444 SecurityServer::AccessProvider provider("selflabel_06_03");
446 provider.applyAndSwithToUser(APP_UID, APP_GID);
448 Cookie cookie = getCookieFromSS();
450 CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
451 RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_03") == 0,
452 "No match in smack label received from cookie, received label: "
456 //---------------------------------------------------------------------------
457 // apply smack labels and drop privileges
458 RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
460 add_process_group(PROC_AUDIO_GROUP_NAME);
462 SecurityServer::AccessProvider provider("subject_1d6eda7d");
464 provider.applyAndSwithToUser(APP_UID, APP_GID);
466 Cookie cookie = getCookieFromSS();
468 int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
469 RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
470 << "\" gid. Result: " << ret);
472 ret = security_server_check_privilege(cookie.data(), ret);
473 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
475 int root_gid = security_server_get_gid(ROOT_USER);
476 RUNNER_ASSERT_MSG_BT(root_gid > -1, "root_gid: " << root_gid);
478 ret = security_server_get_cookie_pid(cookie.data());
479 RUNNER_ASSERT_MSG_BT(ret == getpid(), "ret: " << ret);
481 CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
482 RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "ss_label: " << ss_label.get());
484 RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
486 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
487 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
490 // disable access and drop privileges
491 RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny)
493 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
494 SecurityServer::AccessProvider provider("subject_1d414140");
495 provider.applyAndSwithToUser(APP_UID, APP_GID);
497 Cookie cookie = getCookieFromSS();
499 int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
500 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
501 "security_server_check_privilege should return access denied, "
504 ret = security_server_get_gid(ROOT_USER);
505 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
506 "security_server_get_gid should return access denied, "
509 ret = security_server_get_cookie_pid(cookie.data());
510 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
511 "security_server_get_cookie_pid should return access denied, "
514 CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
515 RUNNER_ASSERT_MSG_BT(ss_label.get() == NULL,
516 "access should be denied so label should be NULL: " << ss_label.get());
518 RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
520 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
521 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
522 "security_server_check_privilege_by_pid should return access denied, "
526 // NOSMACK version of the test above
527 RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
529 add_process_group(PROC_AUDIO_GROUP_NAME);
531 // drop root privileges
532 int ret = drop_root_privileges();
533 RUNNER_ASSERT_MSG_BT(ret == 0,
534 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
536 Cookie cookie = getCookieFromSS();
538 ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
539 RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
540 << "\" gid. Result: " << ret);
542 ret = security_server_check_privilege(cookie.data(), ret);
543 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
544 "check_privilege failed. Result: " << ret);
546 ret = security_server_get_gid(ROOT_USER);
547 RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
549 ret = security_server_get_cookie_pid(cookie.data());
550 RUNNER_ASSERT_MSG_BT(ret == getpid(),
551 "get_cookie_pid returned different pid than it should. Result: " << ret);
553 CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
554 RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "get_smacklabel_cookie failed.");
556 RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
558 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
559 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
560 "check_privilege_by_pid failed. Result: " << ret);