2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
6 * @file security_server_tests_cookie_api.cpp
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
9 * @brief Test cases for security server cookie api
14 Tested API functions in this file:
16 Protected by "security-server::api-cookie-get" label:
17 int security_server_get_cookie_size(void);
18 int security_server_request_cookie(char *cookie, size_t bufferSize);
21 Protected by "security-server::api-cookie-check" label:
22 int security_server_check_privilege(const char *cookie, gid_t privilege);
23 int security_server_check_privilege_by_cookie(const char *cookie,
25 const char *access_rights);
26 int security_server_get_cookie_pid(const char *cookie);
27 char *security_server_get_smacklabel_cookie(const char *cookie);
28 int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
29 int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
32 #include <dpl/test/test_runner.h>
33 #include <dpl/test/test_runner_multiprocess.h>
34 #include <tests_common.h>
35 #include <sys/smack.h>
37 #include <sys/types.h>
39 #include <access_provider.h>
40 #include <security-server.h>
41 #include <smack_access.h>
42 #include <security_server_tests_common.h>
44 const char *ROOT_USER = "root";
45 const char *PROC_AUDIO_GROUP_NAME = "audio";
47 typedef std::unique_ptr<char, void(*)(void *)> UniquePtrCstring;
48 const int KNOWN_COOKIE_SIZE = 20;
50 RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
53 * **************************************************************************
54 * Test cases fot check various functions input params cases
55 * **************************************************************************
58 //---------------------------------------------------------------------------
59 //passing NULL as a buffer pointer
60 RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
62 int ret = security_server_request_cookie(NULL, KNOWN_COOKIE_SIZE);
63 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
64 "Error in security_server_request_cookie() argument checking: " << ret);
67 //passing too small value as a buffer size
68 RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
70 Cookie cookie(KNOWN_COOKIE_SIZE);
72 int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
73 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
74 "Error in security_server_request_cookie() argument checking: " << ret);
77 //---------------------------------------------------------------------------
78 //passing NULL as a cookie pointer
79 RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
81 int ret = security_server_check_privilege(NULL, 0);
82 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
83 "Error in security_server_check_privilege() argument checking: " << ret);
86 //---------------------------------------------------------------------------
87 //passing NULL as a cookie pointer
88 RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
90 RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
91 int ret = security_server_check_privilege_by_cookie(NULL, "wiadro", "rwx");
92 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
93 "Error in security_server_check_privilege_by_cookie() argument checking: "
97 //passing NULL as an object pointer
98 RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
100 RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
101 Cookie cookie = getCookieFromSS();
103 int ret = security_server_check_privilege_by_cookie(cookie.data(), NULL, "rwx");
104 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
105 "Error in security_server_check_privilege_by_cookie() argument checking: "
109 //passing NULL as an access pointer
110 RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
112 RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
113 Cookie cookie = getCookieFromSS();
115 int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", NULL);
116 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
117 "Error in security_server_check_privilege_by_cookie() argument checking: "
121 //---------------------------------------------------------------------------
122 //passing NULL as a cookie pointer
123 RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
125 int ret = security_server_get_cookie_pid(NULL);
126 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
127 "Error in security_server_get_cookie_pid() argument checking: " << ret);
130 //getting pid of non existing cookie
131 RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
133 const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
134 RUNNER_ASSERT_BT(security_server_get_cookie_pid(wrong_cookie) ==
135 SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
138 //---------------------------------------------------------------------------
139 //passing NULL as a cookie pointer
140 RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
143 label = security_server_get_smacklabel_cookie(NULL);
144 RUNNER_ASSERT_MSG_BT(label == NULL,
145 "Error in security_server_get_smacklabel_cookie() argument checking");
151 * **************************************************************************
152 * Unit tests for each function from API
153 * **************************************************************************
156 //---------------------------------------------------------------------------
157 //root has access to API
158 RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
160 int ret = security_server_get_cookie_size();
161 RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
162 "Error in security_server_get_cookie_size(): " << ret);
165 //---------------------------------------------------------------------------
166 // Get cookie size when smack is not loaded
167 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
171 ret = drop_root_privileges();
172 RUNNER_ASSERT_MSG_BT(ret == 0,
173 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
174 ret = security_server_get_cookie_size();
175 RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
178 //---------------------------------------------------------------------------
179 // Test setting up a cookie in normal case when smack is not loaded
180 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
183 int cookieSize = security_server_get_cookie_size();
184 Cookie cookie(cookieSize);
186 ret = drop_root_privileges();
187 RUNNER_ASSERT_MSG_BT(ret == 0,
188 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
190 ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
191 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
194 //---------------------------------------------------------------------------
195 // Test setting up a cookie when smack is not loaded but with too small
197 RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
200 int cookieSize = security_server_get_cookie_size();
201 Cookie cookie(cookieSize);
203 ret = drop_root_privileges();
204 RUNNER_ASSERT_MSG_BT(ret == 0,
205 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
207 ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
208 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
211 //---------------------------------------------------------------------------
212 // Get cookie size when smack is loaded
213 RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
215 SecurityServer::AccessProvider provider("selflabel_01_05");
216 provider.applyAndSwithToUser(APP_UID, APP_GID);
218 int ret = security_server_get_cookie_size();
219 RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
220 "Error in security_server_get_cookie_size(): " << ret);
223 //---------------------------------------------------------------------------
224 //root has access to API
225 RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
227 int cookieSize = security_server_get_cookie_size();
228 RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
229 "Error in security_server_get_cookie_size(): " << cookieSize);
231 Cookie cookie(cookieSize);
232 int ret = security_server_request_cookie(cookie.data(), cookie.size());
233 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
234 "Error in security_server_request_cookie(): " << ret);
237 //---------------------------------------------------------------------------
238 // Test setting up a cookie in normal case when smack is loaded
239 RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
241 int cookieSize = security_server_get_cookie_size();
242 RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
243 "Error in security_server_get_cookie_size(): " << cookieSize);
245 SecurityServer::AccessProvider provider("selflabel_02_01");
246 provider.applyAndSwithToUser(APP_UID, APP_GID);
248 Cookie cookie(cookieSize);
249 int ret = security_server_request_cookie(cookie.data(), cookie.size());
250 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
251 "Error in security_server_request_cookie(): " << ret);
254 //---------------------------------------------------------------------------
255 // Test setting up a cookie when smack is loaded but with too small buffer
257 RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
259 int cookieSize = security_server_get_cookie_size();
260 RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
261 "Error in security_server_get_cookie_size(): " << cookieSize);
264 SecurityServer::AccessProvider provider("selflabel_02_02");
265 provider.applyAndSwithToUser(APP_UID, APP_GID);
267 Cookie cookie(cookieSize);
268 int ret = security_server_request_cookie(cookie.data(), cookie.size());
269 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
270 "Error in security_server_request_cookie(): " << ret);
273 //---------------------------------------------------------------------------
274 //root has access to API
275 RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
277 Cookie cookie = getCookieFromSS();
279 int ret = security_server_check_privilege(cookie.data(), 0);
280 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
281 "Error in security_server_check_privilege(): " << ret);
284 //privileges drop and no smack rule
285 RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
287 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
288 Cookie cookie = getCookieFromSS();
290 SecurityServer::AccessProvider provider("selflabel_03_02");
291 provider.applyAndSwithToUser(APP_UID, APP_GID);
293 int ret = security_server_check_privilege(cookie.data(), 0);
294 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
295 "security_server_check_privilege() should return access denied: " << ret);
298 //privileges drop and added smack rule
299 RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
301 Cookie cookie = getCookieFromSS();
303 SecurityServer::AccessProvider provider("selflabel_03_03");
304 provider.allowFunction("security_server_check_privilege");
305 provider.applyAndSwithToUser(APP_UID, APP_GID);
307 int ret = security_server_check_privilege(cookie.data(), 0);
308 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
309 "Error in security_server_check_privilege(): " << ret);
313 RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg)
315 remove_process_group(PROC_AUDIO_GROUP_NAME);
317 Cookie cookie = getCookieFromSS();
318 int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
319 RUNNER_ASSERT_MSG_BT(audio_gid > -1,
320 "security_server_get_gid() failed. result = " << audio_gid);
322 int ret = security_server_check_privilege(cookie.data(), audio_gid);
324 // security_server_check_privilege fails, because the process does not belong to "audio" group
325 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
329 RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege)
331 add_process_group(PROC_AUDIO_GROUP_NAME);
333 Cookie cookie = getCookieFromSS();
334 int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
335 RUNNER_ASSERT_MSG_BT(audio_gid > -1,
336 "security_server_get_gid() failed. result = " << audio_gid);
338 int ret = security_server_check_privilege(cookie.data(), audio_gid);
339 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
342 // test invalid cookie name
343 RUNNER_TEST(tc_unit_03_06_security_server_check_privilege)
345 // create invalid cookie
346 int size = security_server_get_cookie_size();
347 RUNNER_ASSERT_MSG_BT(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
351 int ret = security_server_check_privilege(cookie.data(), 0);
352 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
355 //---------------------------------------------------------------------------
356 //root has access to API
357 RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
359 Cookie cookie = getCookieFromSS();
361 int ret = security_server_get_cookie_pid(cookie.data());
362 RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
365 RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
368 //privileges drop and no smack rule
369 RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
371 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
372 Cookie cookie = getCookieFromSS();
374 SecurityServer::AccessProvider provider("selflabel_05_02");
375 provider.applyAndSwithToUser(APP_UID, APP_GID);
377 int ret = security_server_get_cookie_pid(cookie.data());
378 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
379 "security_server_get_cookie_pid() should return access denied: " << ret);
382 //privileges drop and added smack rule
383 RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
385 Cookie cookie = getCookieFromSS();
387 SecurityServer::AccessProvider provider("selflabel_05_03");
388 provider.allowFunction("security_server_get_cookie_pid");
389 provider.applyAndSwithToUser(APP_UID, APP_GID);
391 int ret = security_server_get_cookie_pid(cookie.data());
392 RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
395 RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
398 //---------------------------------------------------------------------------
399 //root has access to API
400 RUNNER_CHILD_TEST_SMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_smack)
402 setLabelForSelf(__LINE__, "selflabel_06_01");
404 Cookie cookie = getCookieFromSS();
406 UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
407 RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_01") == 0,
408 "No match in smack label received from cookie, received label: "
412 //---------------------------------------------------------------------------
413 //root has access to API
414 RUNNER_CHILD_TEST_NOSMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_nosmack)
416 Cookie cookie = getCookieFromSS();
418 char *receivedLabel = security_server_get_smacklabel_cookie(cookie.data());
419 RUNNER_ASSERT_MSG_BT(receivedLabel != NULL,
420 "security_server_get_smacklabel_cookie returned NULL");
421 std::string label(receivedLabel);
423 RUNNER_ASSERT_MSG_BT(label.empty(),
424 "security_server_get_smacklabel_cookie returned: "
428 //privileges drop and no smack rule
429 RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
431 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
432 Cookie cookie = getCookieFromSS();
434 SecurityServer::AccessProvider provider("selflabel_06_02");
435 provider.applyAndSwithToUser(APP_UID, APP_GID);
437 UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
438 RUNNER_ASSERT_MSG_BT(label.get() == NULL,
439 "NULL should be received due to access denied, received label: "
443 //privileges drop and added smack rule
444 RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
446 SecurityServer::AccessProvider provider("selflabel_06_03");
447 provider.allowFunction("security_server_get_smacklabel_cookie");
448 provider.applyAndSwithToUser(APP_UID, APP_GID);
450 Cookie cookie = getCookieFromSS();
452 UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
453 RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_03") == 0,
454 "No match in smack label received from cookie, received label: "
458 //---------------------------------------------------------------------------
459 // apply smack labels and drop privileges
460 RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
462 add_process_group(PROC_AUDIO_GROUP_NAME);
464 SecurityServer::AccessProvider provider("subject_1d6eda7d");
465 provider.allowFunction("security_server_get_gid");
466 provider.allowFunction("security_server_request_cookie");
467 provider.allowFunction("security_server_check_privilege");
468 provider.allowFunction("security_server_get_cookie_pid");
469 provider.allowFunction("security_server_get_smacklabel_cookie");
470 provider.allowFunction("security_server_check_privilege_by_pid");
471 provider.applyAndSwithToUser(APP_UID, APP_GID);
473 Cookie cookie = getCookieFromSS();
475 int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
476 RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
477 << "\" gid. Result: " << ret);
479 ret = security_server_check_privilege(cookie.data(), ret);
480 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
482 int root_gid = security_server_get_gid(ROOT_USER);
483 RUNNER_ASSERT_MSG_BT(root_gid > -1, "root_gid: " << root_gid);
485 ret = security_server_get_cookie_pid(cookie.data());
486 RUNNER_ASSERT_MSG_BT(ret == getpid(), "ret: " << ret);
488 UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
489 RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "ss_label: " << ss_label.get());
491 RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
493 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
494 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
497 // disable access and drop privileges
498 RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny)
500 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
501 SecurityServer::AccessProvider provider("subject_1d414140");
502 provider.applyAndSwithToUser(APP_UID, APP_GID);
504 Cookie cookie = getCookieFromSS();
506 int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
507 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
508 "security_server_check_privilege should return access denied, "
511 ret = security_server_get_gid(ROOT_USER);
512 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
513 "security_server_get_gid should return access denied, "
516 ret = security_server_get_cookie_pid(cookie.data());
517 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
518 "security_server_get_cookie_pid should return access denied, "
521 UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
522 RUNNER_ASSERT_MSG_BT(ss_label.get() == NULL,
523 "access should be denied so label should be NULL: " << ss_label.get());
525 RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
527 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
528 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
529 "security_server_check_privilege_by_pid should return access denied, "
533 // NOSMACK version of the test above
534 RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
536 add_process_group(PROC_AUDIO_GROUP_NAME);
538 // drop root privileges
539 int ret = drop_root_privileges();
540 RUNNER_ASSERT_MSG_BT(ret == 0,
541 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
543 Cookie cookie = getCookieFromSS();
545 ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
546 RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
547 << "\" gid. Result: " << ret);
549 ret = security_server_check_privilege(cookie.data(), ret);
550 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
551 "check_privilege failed. Result: " << ret);
553 ret = security_server_get_gid(ROOT_USER);
554 RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
556 ret = security_server_get_cookie_pid(cookie.data());
557 RUNNER_ASSERT_MSG_BT(ret == getpid(),
558 "get_cookie_pid returned different pid than it should. Result: " << ret);
560 UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
561 RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "get_smacklabel_cookie failed.");
563 RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
565 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
566 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
567 "check_privilege_by_pid failed. Result: " << ret);