projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Simple interface for set up rules.
[platform/core/test/security-tests.git] / tests / security-server-tests / cookie_api.cpp
1 /*
2  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
3  */
4
5 /*
6  * @file    security_server_tests_cookie_api.cpp
7  * @author  Pawel Polawski (p.polawski@partner.samsung.com)
8  * @version 1.0
9  * @brief   Test cases for security server cookie api
10  *
11  */
12
13 /*
14 Tested API functions in this file:
15
16 Protected by "security-server::api-cookie-get" label:
17     int security_server_get_cookie_size(void);
18     int security_server_request_cookie(char *cookie, size_t bufferSize);
19
20
21 Protected by "security-server::api-cookie-check" label:
22     int security_server_check_privilege(const char *cookie, gid_t privilege);
23     int security_server_check_privilege_by_cookie(const char *cookie,
24                                                   const char *object,
25                                                   const char *access_rights);
26     int security_server_get_cookie_pid(const char *cookie);
27     char *security_server_get_smacklabel_cookie(const char *cookie);
28     int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
29     int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
30 */
31
32 #include <dpl/test/test_runner.h>
33 #include <dpl/test/test_runner_multiprocess.h>
34 #include <tests_common.h>
35 #include <sys/smack.h>
36 #include <cstddef>
37 #include <sys/types.h>
38 #include <unistd.h>
39
40 #include <access_provider.h>
41 #include <security-server.h>
42 #include <smack_access.h>
43 #include <tracker.h>
44
45 typedef std::unique_ptr<char, void(*)(void *)> UniquePtrCstring;
46 const int KNOWN_COOKIE_SIZE = 20;
47 typedef std::vector<char> Cookie;
48
49 Cookie getCookieFromSS(const Tracker &tracker = Tracker()) {
50     Cookie cookie(security_server_get_cookie_size());
51
52     RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS ==
53             security_server_request_cookie(cookie.data(), cookie.size()),
54         tracker.str() << " Error in security_server_request_cookie.");
55
56     return cookie;
57 }
58
59 RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
60
61 /*
62  * **************************************************************************
63  * Test cases fot check various functions input params cases
64  * **************************************************************************
65  */
66
67 //---------------------------------------------------------------------------
68 //passing NULL as a buffer pointer
69 RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
70 {
71     int ret = security_server_request_cookie(NULL, KNOWN_COOKIE_SIZE);
72     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
73                       "Error in security_server_request_cookie() argument checking: " << ret);
74 }
75
76 //passing too small value as a buffer size
77 RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
78 {
79     Cookie cookie(KNOWN_COOKIE_SIZE);
80
81     int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
82     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
83                       "Error in security_server_request_cookie() argument checking: " << ret);
84 }
85
86 //---------------------------------------------------------------------------
87 //passing NULL as a cookie pointer
88 RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
89 {
90     int ret = security_server_check_privilege(NULL, 0);
91     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
92                       "Error in security_server_check_privilege() argument checking: " << ret);
93 }
94
95 //---------------------------------------------------------------------------
96 //passing NULL as a cookie pointer
97 RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
98 {
99     int ret = security_server_check_privilege_by_cookie(NULL, "wiadro", "rwx");
100     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
101                       "Error in security_server_check_privilege_by_cookie() argument checking: "
102                       << ret);
103 }
104
105 //passing NULL as an object pointer
106 RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
107 {
108     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
109
110     int ret = security_server_check_privilege_by_cookie(cookie.data(), NULL, "rwx");
111     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
112                       "Error in security_server_check_privilege_by_cookie() argument checking: "
113                       << ret);
114 }
115
116 //passing NULL as an access pointer
117 RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
118 {
119     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
120
121     int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", NULL);
122     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
123                       "Error in security_server_check_privilege_by_cookie() argument checking: "
124                       << ret);
125 }
126
127 //---------------------------------------------------------------------------
128 //passing NULL as a cookie pointer
129 RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
130 {
131     int ret = security_server_get_cookie_pid(NULL);
132     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
133                       "Error in security_server_get_cookie_pid() argument checking: " << ret);
134 }
135
136 //---------------------------------------------------------------------------
137 //passing NULL as a cookie pointer
138 RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
139 {
140     char *label = NULL;
141     label = security_server_get_smacklabel_cookie(NULL);
142     RUNNER_ASSERT_MSG(label == NULL,
143                       "Error in security_server_get_smacklabel_cookie() argument checking");
144 }
145
146 //---------------------------------------------------------------------------
147 //passing NULL as a cookie pointer
148 RUNNER_CHILD_TEST(tc_arguments_06_01_security_server_get_uid_by_cookie)
149 {
150     uid_t uid;
151     int ret = security_server_get_uid_by_cookie(NULL, &uid);
152     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
153                       "Error in security_server_get_uid_by_cookie() argument checking: "
154                       << ret);
155 }
156
157 //passing NULL as an uid pointer
158 RUNNER_CHILD_TEST(tc_arguments_06_02_security_server_get_uid_by_cookie)
159 {
160     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
161
162     int ret = security_server_get_uid_by_cookie(cookie.data(), NULL);
163     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
164                       "Error in security_server_get_uid_by_cookie() argument checking: "
165                       << ret);
166 }
167
168 //---------------------------------------------------------------------------
169 //passing NULL as an cookie pointer
170 RUNNER_CHILD_TEST(tc_arguments_07_01_security_server_get_gid_by_cookie)
171 {
172     gid_t gid;
173     int ret = security_server_get_gid_by_cookie(NULL, &gid);
174     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
175                       "Error in security_server_get_gid_by_cookie() argument checking: "
176                       << ret);
177 }
178
179 //passing NULL as an gid pointer
180 RUNNER_CHILD_TEST(tc_arguments_07_02_security_server_get_gid_by_cookie)
181 {
182     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
183
184     int ret = security_server_get_gid_by_cookie(cookie.data(), NULL);
185     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
186                       "Error in security_server_get_gid_by_cookie() argument checking: "
187                       << ret);
188 }
189
190
191
192 /*
193  * **************************************************************************
194  * Unit tests for each function from API
195  * **************************************************************************
196  */
197
198 //---------------------------------------------------------------------------
199 //root has access to API
200 RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
201 {
202     int ret = security_server_get_cookie_size();
203     RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
204                       "Error in security_server_get_cookie_size(): " << ret);
205 }
206
207 //---------------------------------------------------------------------------
208 // security_server_get_cookie_size() is no longer ptotected by SMACK
209 RUNNER_CHILD_TEST(tc_unit_01_02_security_server_get_cookie_size)
210 {
211     SecurityServer::AccessProvider provider("selflabel_01_02");
212     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
213
214     int ret = security_server_get_cookie_size();
215     RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
216                       "Error in security_server_get_cookie_size(): " << ret);
217 }
218
219 //---------------------------------------------------------------------------
220 //root has access to API
221 RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
222 {
223     int cookieSize = security_server_get_cookie_size();
224     RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
225                       "Error in security_server_get_cookie_size(): " << cookieSize);
226
227     Cookie cookie(cookieSize);
228     int ret = security_server_request_cookie(cookie.data(), cookie.size());
229     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
230                       "Error in security_server_request_cookie(): " << ret);
231 }
232
233 //---------------------------------------------------------------------------
234 //root has access to API
235 RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
236 {
237     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
238
239     int ret = security_server_check_privilege(cookie.data(), 0);
240     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
241                       "Error in security_server_check_privilege(): " << ret);
242 }
243
244 //privileges drop and no smack rule
245 RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_security_server_check_privilege)
246 {
247     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
248
249     SecurityServer::AccessProvider provider("selflabel_03_02");
250     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
251
252     int ret = security_server_check_privilege(cookie.data(), 0);
253     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
254                       "Error in security_server_check_privilege(): " << ret);
255 }
256
257 //privileges drop and added smack rule
258 RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_security_server_check_privilege)
259 {
260     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
261
262     SecurityServer::AccessProvider provider("selflabel_03_03");
263     provider.allowFunction("security_server_check_privilege", TRACE_FROM_HERE);
264     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
265
266     int ret = security_server_check_privilege(cookie.data(), 0);
267     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
268                       "Error in security_server_check_privilege(): " << ret);
269 }
270
271 //---------------------------------------------------------------------------
272 //root has access to API
273 RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
274 {
275     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
276
277     int ret = security_server_get_cookie_pid(cookie.data());
278     RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
279
280     int pid = getpid();
281     RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
282 }
283
284 //privileges drop and no smack rule
285 RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_security_server_get_cookie_pid)
286 {
287     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
288
289     SecurityServer::AccessProvider provider("selflabel_05_02");
290     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
291
292     int ret = security_server_get_cookie_pid(cookie.data());
293     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
294                       "Error in security_server_get_cookie_pid(): " << ret);
295 }
296
297 //privileges drop and added smack rule
298 RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_security_server_get_cookie_pid)
299 {
300     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
301
302     SecurityServer::AccessProvider provider("selflabel_05_03");
303     provider.allowFunction("security_server_get_cookie_pid", TRACE_FROM_HERE);
304     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
305
306     int ret = security_server_get_cookie_pid(cookie.data());
307     RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
308
309     int pid = getpid();
310     RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
311 }
312
313 //---------------------------------------------------------------------------
314 //root has access to API
315 RUNNER_CHILD_TEST(tc_unit_06_01_security_server_get_smacklabel_cookie)
316 {
317     setLabelForSelf(__LINE__, "selflabel_06_01");
318
319     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
320
321     UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
322     RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_01") == 0,
323                       "No match in smack label received from cookie, received label: "
324                       << label.get());
325 }
326
327 //privileges drop and no smack rule
328 RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_security_server_get_smacklabel_cookie)
329 {
330     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
331
332     SecurityServer::AccessProvider provider("selflabel_06_02");
333     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
334
335     UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
336     RUNNER_ASSERT_MSG(label.get() == NULL,
337                       "NULL should be received due to access denied, received label: "
338                       << label.get());
339 }
340
341 //privileges drop and added smack rule
342 RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_security_server_get_smacklabel_cookie)
343 {
344     SecurityServer::AccessProvider provider("selflabel_06_03");
345     provider.allowFunction("security_server_get_smacklabel_cookie", TRACE_FROM_HERE);
346     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
347
348     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
349
350     UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
351     RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_03") == 0,
352                       "No match in smack label received from cookie, received label: "
353                       << label.get());
354 }
355
356 //---------------------------------------------------------------------------
357 //root has access to API
358 RUNNER_CHILD_TEST(tc_unit_07_01_security_server_get_uid_by_cookie)
359 {
360     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
361
362     uid_t uid;
363     int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
364     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
365                       "Error in security_server_get_uid_by_cookie(): " << ret);
366     ret = getuid();
367     RUNNER_ASSERT_MSG(ret == (int)uid, "No match in UID received from cookie");
368 }
369
370 //privileges drop and no smack rule
371 RUNNER_CHILD_TEST_SMACK(tc_unit_07_02_security_server_get_uid_by_cookie)
372 {
373     SecurityServer::AccessProvider provider("selflabel_07_02");
374     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
375
376     Cookie cookie(KNOWN_COOKIE_SIZE);
377     uid_t uid;
378
379     int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
380     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
381                       "Error in security_server_get_uid_by_cookie(): " << ret);
382 }
383
384 //privileges drop and added smack rule
385 RUNNER_CHILD_TEST_SMACK(tc_unit_07_03_security_server_get_uid_by_cookie)
386 {
387     SecurityServer::AccessProvider provider("selflabel_07_02");
388     provider.allowFunction("security_server_get_uid_by_cookie", TRACE_FROM_HERE);
389     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
390
391     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
392     uid_t uid;
393
394     int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
395     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
396                       "Error in security_server_get_uid_by_cookie(): " << ret);
397     ret = getuid();
398     RUNNER_ASSERT_MSG(ret == (int)uid, "No match in UID received from cookie");
399 }
400
401 //---------------------------------------------------------------------------
402 //root has access to API
403 RUNNER_CHILD_TEST(tc_unit_08_01_security_server_get_gid_by_cookie)
404 {
405     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
406
407     gid_t gid;
408
409     int ret = security_server_get_gid_by_cookie(cookie.data(), &gid);
410     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
411                       "Error in security_server_get_gid_by_cookie(): " << ret);
412     ret = getgid();
413     RUNNER_ASSERT_MSG(ret == (int)gid, "No match in GID received from cookie");
414 }
415
416 //privileges drop and no smack rule
417 RUNNER_CHILD_TEST_SMACK(tc_unit_08_02_security_server_get_gid_by_cookie)
418 {
419     SecurityServer::AccessProvider provider("selflabel_08_02");
420     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
421
422     Cookie cookie(KNOWN_COOKIE_SIZE);
423     gid_t gid;
424
425     int ret = security_server_get_gid_by_cookie(cookie.data(), &gid);
426     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
427                       "Error in security_server_get_gid_by_cookie(): " << ret);
428 }
429
430 //privileges drop and added smack rule
431 RUNNER_CHILD_TEST_SMACK(tc_unit_08_03_security_server_get_gid_by_cookie)
432 {
433     SecurityServer::AccessProvider provider("selflabel_08_03");
434     provider.allowFunction("security_server_get_gid_by_cookie", TRACE_FROM_HERE);
435     provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
436
437     Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
438     gid_t gid;
439
440     int ret = security_server_get_gid_by_cookie(cookie.data(), &gid);
441     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
442                       "Error in security_server_get_gid_by_cookie(): " << ret);
443     ret = getgid();
444     RUNNER_ASSERT_MSG(ret == (int)gid, "No match in GID received from cookie");
445 }
446
Domain: Security / Uncategorized;