projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prevent running perm_add_additional_rules_smack_access_*
[platform/core/test/security-tests.git] / tests / security-server-tests / open_for.cpp
1 /*
2  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
3  */
4 /*
5  * @file    security_server_tests_open-for.cpp
6  * @author  Zbigniew Jasinski (z.jasinski@samsung.com)
7  * @version 1.0
8  * @brief   Test cases for security server open-for API
9  */
10
11 #include <sys/types.h>
12 #include <sys/stat.h>
13 #include <fcntl.h>
14 #include <unistd.h>
15 #include <string>
16 #include <vector>
17
18 #include <tests_common.h>
19 #include <dpl/test/test_runner.h>
20 #include <dpl/log/log.h>
21
22 #pragma GCC diagnostic warning "-Wdeprecated-declarations"
23 #include <access_provider.h>
24 #include <security-server.h>
25
26 const std::string SENDER                = "open-for-sender";
27 const std::string AUTHORIZED_RECEIVER   = "open-for-client";
28 const std::string UNAUTHORIZED_RECEIVER = "open-for-bad-client";
29
30 const std::string file          = "file";
31 const std::string dir           = "/var/run/security-server/";
32 const std::string path          = dir + file;
33 const std::string write_buf1    = "ala ma kota";
34 const std::string write_buf2    = "kot ma ale";
35
36 void clearSecureDir(void) {
37     if (unlink(path.c_str()))
38         RUNNER_ASSERT_MSG_BT((ENOENT == errno), "unlink error: " << strerror(errno));
39 }
40
41 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_OPEN_FOR_API);
42
43 RUNNER_CHILD_TEST_SMACK(tc01_shared_file_open_new_file)
44 {
45     ScopedClose fd;
46
47     // clear secure dir
48     clearSecureDir();
49
50     SecurityServer::AccessProvider provider(SENDER);
51     provider.allowFunction("security_server_open_for");
52     provider.applyAndSwithToUser(APP_UID, APP_GID);
53
54     int ret = security_server_shared_file_open(file.c_str(), AUTHORIZED_RECEIVER.c_str(),
55         fd.Ptr());
56     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
57
58     ret = write(fd.Get(), write_buf1.c_str(), write_buf1.size());
59     RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in write: " << ret);
60 }
61
62 RUNNER_CHILD_TEST_SMACK(tc02_shared_file_open_existing_file)
63 {
64     // clear secure dir
65     clearSecureDir();
66
67     // prepare file for tests before dropping privs
68     ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
69     RUNNER_ASSERT_MSG_BT(-1 != fd.Get(), "open error: " << strerror(errno));
70     fd.Reset();
71
72     SecurityServer::AccessProvider provider(SENDER);
73     provider.allowFunction("security_server_open_for");
74     provider.applyAndSwithToUser(APP_UID, APP_GID);
75
76     int ret = security_server_shared_file_open(file.c_str(), AUTHORIZED_RECEIVER.c_str(), fd.Ptr());
77     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_FILE_EXIST, "ret: " << ret);
78 }
79
80 RUNNER_CHILD_TEST_SMACK(tc03_shared_file_reopen_auth_existing_file_for_read)
81 {
82     clearSecureDir();
83
84     ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
85     int ret = write(fd.Get(), write_buf1.c_str(), write_buf1.size());
86     RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in write: " << ret);
87     RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
88         SMACK_LABEL_ACCESS), "smack_setlabel error");
89     fd.Reset();
90
91     SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
92     provider.allowFunction("security_server_open_for");
93     provider.applyAndSwithToUser(APP_UID, APP_GID);
94
95     ret = security_server_shared_file_reopen(file.c_str(), fd.Ptr());
96     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
97
98     std::vector<char> read_buf1(write_buf1.size());
99     ret = read(fd.Get(), read_buf1.data(), write_buf1.size());
100     RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in read: " << strerror(errno));
101     RUNNER_ASSERT_MSG_BT(std::string(read_buf1.data(), ret) == write_buf1, "string mismatch");
102 }
103
104 RUNNER_CHILD_TEST_SMACK(tc04_shared_file_reopen_auth_existing_file_for_write)
105 {
106     clearSecureDir();
107
108     ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
109     RUNNER_ASSERT_MSG_BT(-1 != fd.Get(), "open error: " << strerror(errno));
110     int ret = write(fd.Get(), write_buf1.c_str(), write_buf1.size());
111     RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in write: " << ret);
112     fd.Reset();
113     RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
114         SMACK_LABEL_ACCESS), "smack_setlabel error");
115
116     SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
117     provider.allowFunction("security_server_open_for");
118     provider.applyAndSwithToUser(APP_UID, APP_GID);
119
120     ret = security_server_shared_file_reopen(file.c_str(), fd.Ptr());
121     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
122
123     RUNNER_ASSERT_MSG_BT(-1 != ftruncate(fd.Get(), 0), "error in ftruncate: " << strerror(errno));
124     std::vector<char> read_buf2(write_buf2.size());
125     ret = write(fd.Get(), write_buf2.c_str(), write_buf2.size());
126
127     RUNNER_ASSERT_MSG_BT(-1 != lseek(fd.Get(), 0L, 0), "error in lseek: " << strerror(errno));
128     ret = read(fd.Get(), read_buf2.data(), write_buf2.size());
129     RUNNER_ASSERT_MSG_BT(std::string(read_buf2.data(), ret) == write_buf2, "string mismatch");
130 }
131
132 RUNNER_CHILD_TEST_SMACK(tc05_shared_file_reopen_unauth_existing_file_for_read)
133 {
134     clearSecureDir();
135
136     ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
137     RUNNER_ASSERT_MSG_BT(-1 != fd.Get(), "open error: " << strerror(errno));
138     fd.Reset();
139     RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
140         SMACK_LABEL_ACCESS), "smack_setlabel error");
141
142     SecurityServer::AccessProvider provider(UNAUTHORIZED_RECEIVER);
143     provider.allowFunction("security_server_open_for");
144     provider.applyAndSwithToUser(APP_UID, APP_GID);
145
146     int ret = security_server_shared_file_reopen(file.c_str(), fd.Ptr());
147     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED, "ret: " << ret);
148 }
149
150 RUNNER_CHILD_TEST_SMACK(tc06_shared_file_delete_unauth_existing_file)
151 {
152     clearSecureDir();
153
154     ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
155     RUNNER_ASSERT_MSG_BT(-1 != fd.Get(), "open error: " << strerror(errno));
156     fd.Reset();
157     RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
158         SMACK_LABEL_ACCESS), "smack_setlabel error");
159
160     SecurityServer::AccessProvider provider(UNAUTHORIZED_RECEIVER);
161     provider.allowFunction("security_server_open_for");
162     provider.applyAndSwithToUser(APP_UID, APP_GID);
163
164     int ret = security_server_shared_file_delete(file.c_str());
165     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED, "ret: " << ret);
166 }
167
168 RUNNER_CHILD_TEST_SMACK(tc07_shared_file_delete_auth_existing_file)
169 {
170     clearSecureDir();
171
172     ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
173     RUNNER_ASSERT_MSG_BT(-1 != fd.Get(), "open error: " << strerror(errno));
174     fd.Reset();
175     RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
176         SMACK_LABEL_ACCESS), "smack_setlabel error");
177
178     SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
179     provider.allowFunction("security_server_open_for");
180     provider.applyAndSwithToUser(APP_UID, APP_GID);
181
182     int ret = security_server_shared_file_delete(file.c_str());
183     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
184 }
185
186 RUNNER_CHILD_TEST_SMACK(tc08_shared_file_delete_missing_file)
187 {
188     SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
189     provider.allowFunction("security_server_open_for");
190     provider.applyAndSwithToUser(APP_UID, APP_GID);
191
192     int ret = security_server_shared_file_delete(file.c_str());
193     RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_FILE_NOT_EXIST, "ret: " << ret);
194 }
195
196 RUNNER_CHILD_TEST_SMACK(tc09_shared_file_open_bad_file_name)
197 {
198     SecurityServer::AccessProvider provider(SENDER);
199     provider.allowFunction("security_server_open_for");
200     provider.applyAndSwithToUser(APP_UID, APP_GID);
201
202     std::vector<std::string> badFile = { "/plik","-plik",".plik","..plik","..",".","../plik",
203                                          "../../plik" };
204
205     for (auto iter = badFile.begin(); iter != badFile.end(); ++iter) {
206         ScopedClose fd;
207         int ret = security_server_shared_file_open((*iter).c_str(), AUTHORIZED_RECEIVER.c_str(),
208             fd.Ptr());
209         RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
210     }
211 }
Domain: Security / Uncategorized;