2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
6 * @file security_server_tests_cookie_api.cpp
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
9 * @brief Test cases for security server cookie api
14 Tested API functions in this file:
16 Protected by "security-server::api-cookie-get" label:
17 int security_server_get_cookie_size(void);
18 int security_server_request_cookie(char *cookie, size_t bufferSize);
21 Protected by "security-server::api-cookie-check" label:
22 int security_server_check_privilege(const char *cookie, gid_t privilege);
23 int security_server_check_privilege_by_cookie(const char *cookie,
25 const char *access_rights);
26 int security_server_get_cookie_pid(const char *cookie);
27 char *security_server_get_smacklabel_cookie(const char *cookie);
28 int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
29 int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
32 #include <dpl/test/test_runner.h>
33 #include <dpl/test/test_runner_multiprocess.h>
34 #include <tests_common.h>
35 #include <sys/smack.h>
37 #include <sys/types.h>
40 #include <access_provider.h>
41 #include <security-server.h>
42 #include <smack_access.h>
44 typedef std::unique_ptr<char, void(*)(void *)> UniquePtrCstring;
45 const int KNOWN_COOKIE_SIZE = 20;
46 typedef std::vector<char> Cookie;
48 Cookie getCookieFromSS() {
49 Cookie cookie(security_server_get_cookie_size());
51 RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS ==
52 security_server_request_cookie(cookie.data(), cookie.size()),
53 "Error in security_server_request_cookie.");
58 RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
61 * **************************************************************************
62 * Test cases fot check various functions input params cases
63 * **************************************************************************
66 //---------------------------------------------------------------------------
67 //passing NULL as a buffer pointer
68 RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
70 int ret = security_server_request_cookie(NULL, KNOWN_COOKIE_SIZE);
71 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
72 "Error in security_server_request_cookie() argument checking: " << ret);
75 //passing too small value as a buffer size
76 RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
78 Cookie cookie(KNOWN_COOKIE_SIZE);
80 int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
81 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
82 "Error in security_server_request_cookie() argument checking: " << ret);
85 //---------------------------------------------------------------------------
86 //passing NULL as a cookie pointer
87 RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
89 int ret = security_server_check_privilege(NULL, 0);
90 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
91 "Error in security_server_check_privilege() argument checking: " << ret);
94 //---------------------------------------------------------------------------
95 //passing NULL as a cookie pointer
96 RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
98 int ret = security_server_check_privilege_by_cookie(NULL, "wiadro", "rwx");
99 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
100 "Error in security_server_check_privilege_by_cookie() argument checking: "
104 //passing NULL as an object pointer
105 RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
107 Cookie cookie = getCookieFromSS();
109 int ret = security_server_check_privilege_by_cookie(cookie.data(), NULL, "rwx");
110 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
111 "Error in security_server_check_privilege_by_cookie() argument checking: "
115 //passing NULL as an access pointer
116 RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
118 Cookie cookie = getCookieFromSS();
120 int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", NULL);
121 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
122 "Error in security_server_check_privilege_by_cookie() argument checking: "
126 //---------------------------------------------------------------------------
127 //passing NULL as a cookie pointer
128 RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
130 int ret = security_server_get_cookie_pid(NULL);
131 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
132 "Error in security_server_get_cookie_pid() argument checking: " << ret);
135 //---------------------------------------------------------------------------
136 //passing NULL as a cookie pointer
137 RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
140 label = security_server_get_smacklabel_cookie(NULL);
141 RUNNER_ASSERT_MSG_BT(label == NULL,
142 "Error in security_server_get_smacklabel_cookie() argument checking");
145 //---------------------------------------------------------------------------
146 //passing NULL as a cookie pointer
147 RUNNER_CHILD_TEST(tc_arguments_06_01_security_server_get_uid_by_cookie)
150 int ret = security_server_get_uid_by_cookie(NULL, &uid);
151 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
152 "Error in security_server_get_uid_by_cookie() argument checking: "
156 //passing NULL as an uid pointer
157 RUNNER_CHILD_TEST(tc_arguments_06_02_security_server_get_uid_by_cookie)
159 Cookie cookie = getCookieFromSS();
161 int ret = security_server_get_uid_by_cookie(cookie.data(), NULL);
162 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
163 "Error in security_server_get_uid_by_cookie() argument checking: "
167 //---------------------------------------------------------------------------
168 //passing NULL as an cookie pointer
169 RUNNER_CHILD_TEST(tc_arguments_07_01_security_server_get_gid_by_cookie)
172 int ret = security_server_get_gid_by_cookie(NULL, &gid);
173 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
174 "Error in security_server_get_gid_by_cookie() argument checking: "
178 //passing NULL as an gid pointer
179 RUNNER_CHILD_TEST(tc_arguments_07_02_security_server_get_gid_by_cookie)
181 Cookie cookie = getCookieFromSS();
183 int ret = security_server_get_gid_by_cookie(cookie.data(), NULL);
184 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
185 "Error in security_server_get_gid_by_cookie() argument checking: "
192 * **************************************************************************
193 * Unit tests for each function from API
194 * **************************************************************************
197 //---------------------------------------------------------------------------
198 //root has access to API
199 RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
201 int ret = security_server_get_cookie_size();
202 RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
203 "Error in security_server_get_cookie_size(): " << ret);
206 //---------------------------------------------------------------------------
207 // security_server_get_cookie_size() is no longer ptotected by SMACK
208 RUNNER_CHILD_TEST(tc_unit_01_02_security_server_get_cookie_size)
210 SecurityServer::AccessProvider provider("selflabel_01_02");
211 provider.applyAndSwithToUser(APP_UID, APP_GID);
213 int ret = security_server_get_cookie_size();
214 RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
215 "Error in security_server_get_cookie_size(): " << ret);
218 //---------------------------------------------------------------------------
219 //root has access to API
220 RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
222 int cookieSize = security_server_get_cookie_size();
223 RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
224 "Error in security_server_get_cookie_size(): " << cookieSize);
226 Cookie cookie(cookieSize);
227 int ret = security_server_request_cookie(cookie.data(), cookie.size());
228 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
229 "Error in security_server_request_cookie(): " << ret);
232 //---------------------------------------------------------------------------
233 //root has access to API
234 RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
236 Cookie cookie = getCookieFromSS();
238 int ret = security_server_check_privilege(cookie.data(), 0);
239 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
240 "Error in security_server_check_privilege(): " << ret);
243 //privileges drop and no smack rule
244 RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_security_server_check_privilege)
246 Cookie cookie = getCookieFromSS();
248 SecurityServer::AccessProvider provider("selflabel_03_02");
249 provider.applyAndSwithToUser(APP_UID, APP_GID);
251 int ret = security_server_check_privilege(cookie.data(), 0);
252 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
253 "Error in security_server_check_privilege(): " << ret);
256 //privileges drop and added smack rule
257 RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_security_server_check_privilege)
259 Cookie cookie = getCookieFromSS();
261 SecurityServer::AccessProvider provider("selflabel_03_03");
262 provider.allowFunction("security_server_check_privilege");
263 provider.applyAndSwithToUser(APP_UID, APP_GID);
265 int ret = security_server_check_privilege(cookie.data(), 0);
266 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
267 "Error in security_server_check_privilege(): " << ret);
270 //---------------------------------------------------------------------------
271 //root has access to API
272 RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
274 Cookie cookie = getCookieFromSS();
276 int ret = security_server_get_cookie_pid(cookie.data());
277 RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
280 RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
283 //privileges drop and no smack rule
284 RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_security_server_get_cookie_pid)
286 Cookie cookie = getCookieFromSS();
288 SecurityServer::AccessProvider provider("selflabel_05_02");
289 provider.applyAndSwithToUser(APP_UID, APP_GID);
291 int ret = security_server_get_cookie_pid(cookie.data());
292 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
293 "Error in security_server_get_cookie_pid(): " << ret);
296 //privileges drop and added smack rule
297 RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_security_server_get_cookie_pid)
299 Cookie cookie = getCookieFromSS();
301 SecurityServer::AccessProvider provider("selflabel_05_03");
302 provider.allowFunction("security_server_get_cookie_pid");
303 provider.applyAndSwithToUser(APP_UID, APP_GID);
305 int ret = security_server_get_cookie_pid(cookie.data());
306 RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
309 RUNNER_ASSERT_MSG_BT(pid == ret, "No match in PID received from cookie");
312 //---------------------------------------------------------------------------
313 //root has access to API
314 RUNNER_CHILD_TEST(tc_unit_06_01_security_server_get_smacklabel_cookie)
316 setLabelForSelf(__LINE__, "selflabel_06_01");
318 Cookie cookie = getCookieFromSS();
320 UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
321 RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_01") == 0,
322 "No match in smack label received from cookie, received label: "
326 //privileges drop and no smack rule
327 RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_security_server_get_smacklabel_cookie)
329 Cookie cookie = getCookieFromSS();
331 SecurityServer::AccessProvider provider("selflabel_06_02");
332 provider.applyAndSwithToUser(APP_UID, APP_GID);
334 UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
335 RUNNER_ASSERT_MSG_BT(label.get() == NULL,
336 "NULL should be received due to access denied, received label: "
340 //privileges drop and added smack rule
341 RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_security_server_get_smacklabel_cookie)
343 SecurityServer::AccessProvider provider("selflabel_06_03");
344 provider.allowFunction("security_server_get_smacklabel_cookie");
345 provider.applyAndSwithToUser(APP_UID, APP_GID);
347 Cookie cookie = getCookieFromSS();
349 UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
350 RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_03") == 0,
351 "No match in smack label received from cookie, received label: "
355 //---------------------------------------------------------------------------
356 //root has access to API
357 RUNNER_CHILD_TEST(tc_unit_07_01_security_server_get_uid_by_cookie)
359 Cookie cookie = getCookieFromSS();
362 int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
363 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
364 "Error in security_server_get_uid_by_cookie(): " << ret);
366 RUNNER_ASSERT_MSG_BT(ret == (int)uid, "No match in UID received from cookie");
369 //privileges drop and no smack rule
370 RUNNER_CHILD_TEST_SMACK(tc_unit_07_02_security_server_get_uid_by_cookie)
372 SecurityServer::AccessProvider provider("selflabel_07_02");
373 provider.applyAndSwithToUser(APP_UID, APP_GID);
375 Cookie cookie(KNOWN_COOKIE_SIZE);
378 int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
379 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
380 "Error in security_server_get_uid_by_cookie(): " << ret);
383 //privileges drop and added smack rule
384 RUNNER_CHILD_TEST_SMACK(tc_unit_07_03_security_server_get_uid_by_cookie)
386 SecurityServer::AccessProvider provider("selflabel_07_02");
387 provider.allowFunction("security_server_get_uid_by_cookie");
388 provider.applyAndSwithToUser(APP_UID, APP_GID);
390 Cookie cookie = getCookieFromSS();
393 int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
394 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
395 "Error in security_server_get_uid_by_cookie(): " << ret);
397 RUNNER_ASSERT_MSG_BT(ret == (int)uid, "No match in UID received from cookie");
400 //---------------------------------------------------------------------------
401 //root has access to API
402 RUNNER_CHILD_TEST(tc_unit_08_01_security_server_get_gid_by_cookie)
404 Cookie cookie = getCookieFromSS();
408 int ret = security_server_get_gid_by_cookie(cookie.data(), &gid);
409 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
410 "Error in security_server_get_gid_by_cookie(): " << ret);
412 RUNNER_ASSERT_MSG_BT(ret == (int)gid, "No match in GID received from cookie");
415 //privileges drop and no smack rule
416 RUNNER_CHILD_TEST_SMACK(tc_unit_08_02_security_server_get_gid_by_cookie)
418 SecurityServer::AccessProvider provider("selflabel_08_02");
419 provider.applyAndSwithToUser(APP_UID, APP_GID);
421 Cookie cookie(KNOWN_COOKIE_SIZE);
424 int ret = security_server_get_gid_by_cookie(cookie.data(), &gid);
425 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
426 "Error in security_server_get_gid_by_cookie(): " << ret);
429 //privileges drop and added smack rule
430 RUNNER_CHILD_TEST_SMACK(tc_unit_08_03_security_server_get_gid_by_cookie)
432 SecurityServer::AccessProvider provider("selflabel_08_03");
433 provider.allowFunction("security_server_get_gid_by_cookie");
434 provider.applyAndSwithToUser(APP_UID, APP_GID);
436 Cookie cookie = getCookieFromSS();
439 int ret = security_server_get_gid_by_cookie(cookie.data(), &gid);
440 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
441 "Error in security_server_get_gid_by_cookie(): " << ret);
443 RUNNER_ASSERT_MSG_BT(ret == (int)gid, "No match in GID received from cookie");