projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Removed use of pid_cycle file and ENVIRONMENT macros
[platform/core/test/security-tests.git] / tests / security-server-tests / cookie_api.cpp
1 /*
2  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
3  */
4
5 /*
6  * @file    security_server_tests_cookie_api.cpp
7  * @author  Pawel Polawski (p.polawski@partner.samsung.com)
8  * @version 1.0
9  * @brief   Test cases for security server cookie api
10  *
11  */
12
13 /*
14 Tested API functions in this file:
15
16 Protected by "security-server::api-cookie-get" label:
17     int security_server_get_cookie_size(void);
18     int security_server_request_cookie(char *cookie, size_t bufferSize);
19
20
21 Protected by "security-server::api-cookie-check" label:
22     int security_server_check_privilege(const char *cookie, gid_t privilege);
23     int security_server_check_privilege_by_cookie(const char *cookie,
24                                                   const char *object,
25                                                   const char *access_rights);
26     int security_server_get_cookie_pid(const char *cookie);
27     char *security_server_get_smacklabel_cookie(const char *cookie);
28     int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
29     int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
30 */
31
32 #include <dpl/test/test_runner.h>
33 #include <dpl/test/test_runner_multiprocess.h>
34 #include <tests_common.h>
35 #include <sys/smack.h>
36 #include <cstddef>
37 #include <sys/types.h>
38 #include <unistd.h>
39 #include <access_provider.h>
40 #include <security-server.h>
41 #include <smack_access.h>
42
43 const char *ROOT_USER = "root";
44 const char *PROC_AUDIO_GROUP_NAME = "audio";
45
46 typedef std::unique_ptr<char, void(*)(void *)> UniquePtrCstring;
47 const int KNOWN_COOKIE_SIZE = 20;
48 typedef std::vector<char> Cookie;
49
50 Cookie getCookieFromSS() {
51     Cookie cookie(security_server_get_cookie_size());
52
53     RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS ==
54             security_server_request_cookie(cookie.data(), cookie.size()),
55         "Error in security_server_request_cookie.");
56
57     return cookie;
58 }
59
60 RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
61
62 /*
63  * **************************************************************************
64  * Test cases fot check various functions input params cases
65  * **************************************************************************
66  */
67
68 //---------------------------------------------------------------------------
69 //passing NULL as a buffer pointer
70 RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
71 {
72     int ret = security_server_request_cookie(NULL, KNOWN_COOKIE_SIZE);
73     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
74                       "Error in security_server_request_cookie() argument checking: " << ret);
75 }
76
77 //passing too small value as a buffer size
78 RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
79 {
80     Cookie cookie(KNOWN_COOKIE_SIZE);
81
82     int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
83     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
84                       "Error in security_server_request_cookie() argument checking: " << ret);
85 }
86
87 //---------------------------------------------------------------------------
88 //passing NULL as a cookie pointer
89 RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
90 {
91     int ret = security_server_check_privilege(NULL, 0);
92     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
93                       "Error in security_server_check_privilege() argument checking: " << ret);
94 }
95
96 //---------------------------------------------------------------------------
97 //passing NULL as a cookie pointer
98 RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
99 {
100     int ret = security_server_check_privilege_by_cookie(NULL, "wiadro", "rwx");
101     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
102                       "Error in security_server_check_privilege_by_cookie() argument checking: "
103                       << ret);
104 }
105
106 //passing NULL as an object pointer
107 RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
108 {
109     Cookie cookie = getCookieFromSS();
110
111     int ret = security_server_check_privilege_by_cookie(cookie.data(), NULL, "rwx");
112     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
113                       "Error in security_server_check_privilege_by_cookie() argument checking: "
114                       << ret);
115 }
116
117 //passing NULL as an access pointer
118 RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
119 {
120     Cookie cookie = getCookieFromSS();
121
122     int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", NULL);
123     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
124                       "Error in security_server_check_privilege_by_cookie() argument checking: "
125                       << ret);
126 }
127
128 //---------------------------------------------------------------------------
129 //passing NULL as a cookie pointer
130 RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
131 {
132     int ret = security_server_get_cookie_pid(NULL);
133     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
134                       "Error in security_server_get_cookie_pid() argument checking: " << ret);
135 }
136
137 //getting pid of non existing cookie
138 RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
139 {
140     const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
141     RUNNER_ASSERT_BT(security_server_get_cookie_pid(wrong_cookie) ==
142                   SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
143 }
144
145 //---------------------------------------------------------------------------
146 //passing NULL as a cookie pointer
147 RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
148 {
149     char *label = NULL;
150     label = security_server_get_smacklabel_cookie(NULL);
151     RUNNER_ASSERT_MSG_BT(label == NULL,
152                       "Error in security_server_get_smacklabel_cookie() argument checking");
153 }
154
155
156
157 /*
158  * **************************************************************************
159  * Unit tests for each function from API
160  * **************************************************************************
161  */
162
163 //---------------------------------------------------------------------------
164 //root has access to API
165 RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
166 {
167     int ret = security_server_get_cookie_size();
168     RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
169                       "Error in security_server_get_cookie_size(): " << ret);
170 }
171
172 //---------------------------------------------------------------------------
173 // Get cookie size when smack is not loaded
174 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
175 {
176     int ret;
177
178     ret = drop_root_privileges();
179     RUNNER_ASSERT_MSG_BT(ret == 0,
180             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
181     ret = security_server_get_cookie_size();
182     RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
183 }
184
185 //---------------------------------------------------------------------------
186 // Test setting up a cookie in normal case when smack is not loaded
187 RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
188 {
189     int ret;
190     int cookieSize = security_server_get_cookie_size();
191     Cookie cookie(cookieSize);
192
193     ret = drop_root_privileges();
194     RUNNER_ASSERT_MSG_BT(ret == 0,
195             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
196
197     ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
198     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
199 }
200
201 //---------------------------------------------------------------------------
202 // Test setting up a cookie when smack is not loaded but with too small
203 // buffer size
204 RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
205 {
206     int ret;
207     int cookieSize = security_server_get_cookie_size();
208     Cookie cookie(cookieSize);
209
210     ret = drop_root_privileges();
211     RUNNER_ASSERT_MSG_BT(ret == 0,
212             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
213
214     ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
215     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
216 }
217
218 //---------------------------------------------------------------------------
219 // Get cookie size when smack is loaded
220 RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
221 {
222     SecurityServer::AccessProvider provider("selflabel_01_05");
223     provider.applyAndSwithToUser(APP_UID, APP_GID);
224
225     int ret = security_server_get_cookie_size();
226     RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
227                       "Error in security_server_get_cookie_size(): " << ret);
228 }
229
230 //---------------------------------------------------------------------------
231 //root has access to API
232 RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
233 {
234     int cookieSize = security_server_get_cookie_size();
235     RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
236                     "Error in security_server_get_cookie_size(): " << cookieSize);
237
238     Cookie cookie(cookieSize);
239     int ret = security_server_request_cookie(cookie.data(), cookie.size());
240     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
241                     "Error in security_server_request_cookie(): " << ret);
242 }
243
244 //---------------------------------------------------------------------------
245 // Test setting up a cookie in normal case when smack is loaded
246 RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
247 {
248     int cookieSize = security_server_get_cookie_size();
249     RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
250                       "Error in security_server_get_cookie_size(): " << cookieSize);
251
252     SecurityServer::AccessProvider provider("selflabel_02_01");
253     provider.applyAndSwithToUser(APP_UID, APP_GID);
254
255     Cookie cookie(cookieSize);
256     int ret = security_server_request_cookie(cookie.data(), cookie.size());
257     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
258                       "Error in security_server_request_cookie(): " << ret);
259 }
260
261 //---------------------------------------------------------------------------
262 // Test setting up a cookie when smack is loaded but with too small buffer
263 // size
264 RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
265 {
266     int cookieSize = security_server_get_cookie_size();
267     RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
268                       "Error in security_server_get_cookie_size(): " << cookieSize);
269     cookieSize >>= 1;
270
271     SecurityServer::AccessProvider provider("selflabel_02_02");
272     provider.applyAndSwithToUser(APP_UID, APP_GID);
273
274     Cookie cookie(cookieSize);
275     int ret = security_server_request_cookie(cookie.data(), cookie.size());
276     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
277                       "Error in security_server_request_cookie(): " << ret);
278 }
279
280 //---------------------------------------------------------------------------
281 //root has access to API
282 RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
283 {
284     Cookie cookie = getCookieFromSS();
285
286     int ret = security_server_check_privilege(cookie.data(), 0);
287     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
288                       "Error in security_server_check_privilege(): " << ret);
289 }
290
291 //privileges drop and no smack rule
292 RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
293 {
294     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
295     Cookie cookie = getCookieFromSS();
296
297     SecurityServer::AccessProvider provider("selflabel_03_02");
298     provider.applyAndSwithToUser(APP_UID, APP_GID);
299
300     int ret = security_server_check_privilege(cookie.data(), 0);
301     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
302                       "security_server_check_privilege() should return access denied: " << ret);
303 }
304
305 //privileges drop and added smack rule
306 RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
307 {
308     Cookie cookie = getCookieFromSS();
309
310     SecurityServer::AccessProvider provider("selflabel_03_03");
311     provider.allowFunction("security_server_check_privilege");
312     provider.applyAndSwithToUser(APP_UID, APP_GID);
313
314     int ret = security_server_check_privilege(cookie.data(), 0);
315     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
316                       "Error in security_server_check_privilege(): " << ret);
317 }
318
319 // invalid gid
320 RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg)
321 {
322     remove_process_group(PROC_AUDIO_GROUP_NAME);
323
324     Cookie cookie = getCookieFromSS();
325     int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
326     RUNNER_ASSERT_MSG_BT(audio_gid > -1,
327                          "security_server_get_gid() failed. result = " << audio_gid);
328
329     int ret = security_server_check_privilege(cookie.data(), audio_gid);
330
331     // security_server_check_privilege fails, because the process does not belong to "audio" group
332     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
333 }
334
335 // add gid
336 RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege)
337 {
338     add_process_group(PROC_AUDIO_GROUP_NAME);
339
340     Cookie cookie = getCookieFromSS();
341     int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
342     RUNNER_ASSERT_MSG_BT(audio_gid > -1,
343                          "security_server_get_gid() failed. result = " << audio_gid);
344
345     int ret = security_server_check_privilege(cookie.data(), audio_gid);
346     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
347 }
348
349 // test invalid cookie name
350 RUNNER_TEST(tc_unit_03_06_security_server_check_privilege)
351 {
352     // create invalid cookie
353     int size = security_server_get_cookie_size();
354     RUNNER_ASSERT_MSG_BT(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
355
356     Cookie cookie(size);
357     cookie[0] = 'a';
358     int ret = security_server_check_privilege(cookie.data(), 0);
359     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
360 }
361
362 //---------------------------------------------------------------------------
363 //root has access to API
364 RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
365 {
366     Cookie cookie = getCookieFromSS();
367
368     int ret = security_server_get_cookie_pid(cookie.data());
369     RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
370
371     int pid = getpid();
372     RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
373 }
374
375 //privileges drop and no smack rule
376 RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
377 {
378     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
379     Cookie cookie = getCookieFromSS();
380
381     SecurityServer::AccessProvider provider("selflabel_05_02");
382     provider.applyAndSwithToUser(APP_UID, APP_GID);
383
384     int ret = security_server_get_cookie_pid(cookie.data());
385     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
386                       "security_server_get_cookie_pid() should return access denied: " << ret);
387 }
388
389 //privileges drop and added smack rule
390 RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
391 {
392     Cookie cookie = getCookieFromSS();
393
394     SecurityServer::AccessProvider provider("selflabel_05_03");
395     provider.allowFunction("security_server_get_cookie_pid");
396     provider.applyAndSwithToUser(APP_UID, APP_GID);
397
398     int ret = security_server_get_cookie_pid(cookie.data());
399     RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
400
401     int pid = getpid();
402     RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
403 }
404
405 //---------------------------------------------------------------------------
406 //root has access to API
407 RUNNER_CHILD_TEST(tc_unit_06_01_security_server_get_smacklabel_cookie)
408 {
409     setLabelForSelf(__LINE__, "selflabel_06_01");
410
411     Cookie cookie = getCookieFromSS();
412
413     UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
414     RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_01") == 0,
415                       "No match in smack label received from cookie, received label: "
416                       << label.get());
417 }
418
419 //privileges drop and no smack rule
420 RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
421 {
422     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
423     Cookie cookie = getCookieFromSS();
424
425     SecurityServer::AccessProvider provider("selflabel_06_02");
426     provider.applyAndSwithToUser(APP_UID, APP_GID);
427
428     UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
429     RUNNER_ASSERT_MSG_BT(label.get() == NULL,
430                       "NULL should be received due to access denied, received label: "
431                       << label.get());
432 }
433
434 //privileges drop and added smack rule
435 RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
436 {
437     SecurityServer::AccessProvider provider("selflabel_06_03");
438     provider.allowFunction("security_server_get_smacklabel_cookie");
439     provider.applyAndSwithToUser(APP_UID, APP_GID);
440
441     Cookie cookie = getCookieFromSS();
442
443     UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
444     RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_03") == 0,
445                       "No match in smack label received from cookie, received label: "
446                       << label.get());
447 }
448
449 //---------------------------------------------------------------------------
450 // apply smack labels and drop privileges
451 RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
452 {
453     add_process_group(PROC_AUDIO_GROUP_NAME);
454
455     SecurityServer::AccessProvider provider("subject_1d6eda7d");
456     provider.allowFunction("security_server_get_gid");
457     provider.allowFunction("security_server_request_cookie");
458     provider.allowFunction("security_server_check_privilege");
459     provider.allowFunction("security_server_get_cookie_pid");
460     provider.allowFunction("security_server_get_smacklabel_cookie");
461     provider.allowFunction("security_server_check_privilege_by_pid");
462     provider.applyAndSwithToUser(APP_UID, APP_GID);
463
464     Cookie cookie = getCookieFromSS();
465
466     int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
467     RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
468                          << "\" gid. Result: " << ret);
469
470     ret = security_server_check_privilege(cookie.data(), ret);
471     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
472
473     int root_gid = security_server_get_gid(ROOT_USER);
474     RUNNER_ASSERT_MSG_BT(root_gid > -1, "root_gid: " << root_gid);
475
476     ret = security_server_get_cookie_pid(cookie.data());
477     RUNNER_ASSERT_MSG_BT(ret == getpid(), "ret: " << ret);
478
479     UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
480     RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "ss_label: " << ss_label.get());
481
482     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
483     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
484 }
485
486 // disable access and drop privileges
487 RUNNER_CHILD_TEST(tc_unit_09_02_app_user_cookie_API_access_deny)
488 {
489     RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
490     SecurityServer::AccessProvider provider("subject_1d414140");
491     provider.applyAndSwithToUser(APP_UID, APP_GID);
492
493     Cookie cookie = getCookieFromSS();
494
495     int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
496     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
497             "security_server_check_privilege should return access denied, "
498             "ret: " << ret);
499
500     ret = security_server_get_gid(ROOT_USER);
501     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
502             "security_server_get_gid should return access denied, "
503             "ret: " << ret);
504
505     ret = security_server_get_cookie_pid(cookie.data());
506     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
507             "security_server_get_cookie_pid should return access denied, "
508             "ret: " << ret);
509
510     UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
511     RUNNER_ASSERT_MSG_BT(ss_label.get() == NULL,
512             "access should be denied so label should be NULL: " << ss_label.get());
513
514     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
515     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
516             "security_server_check_privilege_by_pid should return access denied, "
517             "ret: " << ret);
518 }
519
520 // NOSMACK version of the test above
521 RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
522 {
523     add_process_group(PROC_AUDIO_GROUP_NAME);
524
525     // drop root privileges
526     int ret = drop_root_privileges();
527     RUNNER_ASSERT_MSG_BT(ret == 0,
528             "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
529
530     Cookie cookie = getCookieFromSS();
531
532     ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
533     RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
534                          << "\" gid. Result: " << ret);
535
536     ret = security_server_check_privilege(cookie.data(), ret);
537     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
538                          "check_privilege failed. Result: " << ret);
539
540     ret = security_server_get_gid(ROOT_USER);
541     RUNNER_ASSERT_MSG_BT(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
542
543     ret = security_server_get_cookie_pid(cookie.data());
544     RUNNER_ASSERT_MSG_BT(ret == getpid(),
545             "get_cookie_pid returned different pid than it should. Result: " << ret);
546
547     UniquePtrCstring ss_label(security_server_get_smacklabel_cookie(cookie.data()), free);
548     RUNNER_ASSERT_MSG_BT(ss_label.get() != NULL, "get_smacklabel_cookie failed.");
549
550     ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
551     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
552                          "check_privilege_by_pid failed. Result: " << ret);
553 }
Domain: Security / Uncategorized;