2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_open-for.cpp
6 * @author Zbigniew Jasinski (z.jasinski@samsung.com)
8 * @brief Test cases for security server open-for API
11 #include <sys/types.h>
18 #include <tests_common.h>
19 #include <dpl/test/test_runner.h>
20 #include <dpl/log/log.h>
22 #pragma GCC diagnostic warning "-Wdeprecated-declarations"
23 #include <access_provider.h>
24 #include <security-server.h>
26 const std::string SENDER = "open-for-sender";
27 const std::string AUTHORIZED_RECEIVER = "open-for-client";
28 const std::string UNAUTHORIZED_RECEIVER = "open-for-bad-client";
30 const std::string file = "file";
31 const std::string dir = "/var/run/security-server/";
32 const std::string path = dir + file;
33 const std::string write_buf1 = "ala ma kota";
34 const std::string write_buf2 = "kot ma ale";
36 void clearSecureDir(void) {
37 if (unlink(path.c_str()))
38 RUNNER_ASSERT_MSG_BT((ENOENT == errno), "unlink error: " << strerror(errno));
41 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_OPEN_FOR_API);
43 RUNNER_CHILD_TEST_SMACK(tc01_shared_file_open_new_file)
50 SecurityServer::AccessProvider provider(SENDER);
51 provider.allowFunction("security_server_open_for");
52 provider.applyAndSwithToUser(APP_UID, APP_GID);
54 int ret = security_server_shared_file_open(file.c_str(), AUTHORIZED_RECEIVER.c_str(),
56 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
58 ret = write(fd.Get(), write_buf1.c_str(), write_buf1.size());
59 RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in write: " << ret);
62 RUNNER_CHILD_TEST_SMACK(tc02_shared_file_open_existing_file)
67 // prepare file for tests before dropping privs
68 ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
69 RUNNER_ASSERT_MSG_BT(-1 != fd.Get(), "open error: " << strerror(errno));
72 SecurityServer::AccessProvider provider(SENDER);
73 provider.allowFunction("security_server_open_for");
74 provider.applyAndSwithToUser(APP_UID, APP_GID);
76 int ret = security_server_shared_file_open(file.c_str(), AUTHORIZED_RECEIVER.c_str(), fd.Ptr());
77 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_FILE_EXIST, "ret: " << ret);
80 RUNNER_CHILD_TEST_SMACK(tc03_shared_file_reopen_auth_existing_file_for_read)
84 ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
85 int ret = write(fd.Get(), write_buf1.c_str(), write_buf1.size());
86 RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in write: " << ret);
87 RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
88 SMACK_LABEL_ACCESS), "smack_setlabel error");
91 SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
92 provider.allowFunction("security_server_open_for");
93 provider.applyAndSwithToUser(APP_UID, APP_GID);
95 ret = security_server_shared_file_reopen(file.c_str(), fd.Ptr());
96 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
98 std::vector<char> read_buf1(write_buf1.size());
99 ret = read(fd.Get(), read_buf1.data(), write_buf1.size());
100 RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in read: " << strerror(errno));
101 RUNNER_ASSERT_MSG_BT(std::string(read_buf1.data(), ret) == write_buf1, "string mismatch");
104 RUNNER_CHILD_TEST_SMACK(tc04_shared_file_reopen_auth_existing_file_for_write)
108 ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
109 RUNNER_ASSERT_MSG_BT(-1 != fd.Get(), "open error: " << strerror(errno));
110 int ret = write(fd.Get(), write_buf1.c_str(), write_buf1.size());
111 RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in write: " << ret);
113 RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
114 SMACK_LABEL_ACCESS), "smack_setlabel error");
116 SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
117 provider.allowFunction("security_server_open_for");
118 provider.applyAndSwithToUser(APP_UID, APP_GID);
120 ret = security_server_shared_file_reopen(file.c_str(), fd.Ptr());
121 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
123 RUNNER_ASSERT_MSG_BT(-1 != ftruncate(fd.Get(), 0), "error in ftruncate: " << strerror(errno));
124 std::vector<char> read_buf2(write_buf2.size());
125 ret = write(fd.Get(), write_buf2.c_str(), write_buf2.size());
127 RUNNER_ASSERT_MSG_BT(-1 != lseek(fd.Get(), 0L, 0), "error in lseek: " << strerror(errno));
128 ret = read(fd.Get(), read_buf2.data(), write_buf2.size());
129 RUNNER_ASSERT_MSG_BT(std::string(read_buf2.data(), ret) == write_buf2, "string mismatch");
132 RUNNER_CHILD_TEST_SMACK(tc05_shared_file_reopen_unauth_existing_file_for_read)
136 ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
137 RUNNER_ASSERT_MSG_BT(-1 != fd.Get(), "open error: " << strerror(errno));
139 RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
140 SMACK_LABEL_ACCESS), "smack_setlabel error");
142 SecurityServer::AccessProvider provider(UNAUTHORIZED_RECEIVER);
143 provider.allowFunction("security_server_open_for");
144 provider.applyAndSwithToUser(APP_UID, APP_GID);
146 int ret = security_server_shared_file_reopen(file.c_str(), fd.Ptr());
147 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED, "ret: " << ret);
150 RUNNER_CHILD_TEST_SMACK(tc06_shared_file_delete_unauth_existing_file)
154 ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
155 RUNNER_ASSERT_MSG_BT(-1 != fd.Get(), "open error: " << strerror(errno));
157 RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
158 SMACK_LABEL_ACCESS), "smack_setlabel error");
160 SecurityServer::AccessProvider provider(UNAUTHORIZED_RECEIVER);
161 provider.allowFunction("security_server_open_for");
162 provider.applyAndSwithToUser(APP_UID, APP_GID);
164 int ret = security_server_shared_file_delete(file.c_str());
165 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED, "ret: " << ret);
168 RUNNER_CHILD_TEST_SMACK(tc07_shared_file_delete_auth_existing_file)
172 ScopedClose fd(open(path.c_str(), O_RDWR | O_CREAT));
173 RUNNER_ASSERT_MSG_BT(-1 != fd.Get(), "open error: " << strerror(errno));
175 RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
176 SMACK_LABEL_ACCESS), "smack_setlabel error");
178 SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
179 provider.allowFunction("security_server_open_for");
180 provider.applyAndSwithToUser(APP_UID, APP_GID);
182 int ret = security_server_shared_file_delete(file.c_str());
183 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
186 RUNNER_CHILD_TEST_SMACK(tc08_shared_file_delete_missing_file)
188 SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
189 provider.allowFunction("security_server_open_for");
190 provider.applyAndSwithToUser(APP_UID, APP_GID);
192 int ret = security_server_shared_file_delete(file.c_str());
193 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_FILE_NOT_EXIST, "ret: " << ret);
196 RUNNER_CHILD_TEST_SMACK(tc09_shared_file_open_bad_file_name)
198 SecurityServer::AccessProvider provider(SENDER);
199 provider.allowFunction("security_server_open_for");
200 provider.applyAndSwithToUser(APP_UID, APP_GID);
202 std::vector<std::string> badFile = { "/plik","-plik",".plik","..plik","..",".","../plik",
205 for (auto iter = badFile.begin(); iter != badFile.end(); ++iter) {
207 int ret = security_server_shared_file_open((*iter).c_str(), AUTHORIZED_RECEIVER.c_str(),
209 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);