2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_client_smack.cpp
6 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
8 * @brief Test cases for security-server-client-smack.
11 #include <sys/types.h>
12 #include <sys/socket.h>
13 #include <sys/smack.h>
17 #include <dpl/log/log.h>
18 #include <dpl/test/test_runner.h>
19 #include <dpl/test/test_runner_child.h>
20 #include "security_server_mockup.h"
22 #include <security-server.h>
26 const char *subject_label = "mylabel"; \
27 RUNNER_ASSERT_MSG(-1 != system("touch /opt/home/root/pid_cycle"),\
28 "Cannot prepare environment for test."); \
29 RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), \
30 "Cannot prepare environment for test."); \
31 RUNNER_ASSERT_MSG(-1 != setgid(1), \
32 "Cannot prepare environment for test."); \
33 RUNNER_ASSERT_MSG(-1 != setuid(1), \
34 "Cannot prepare environment for test"); \
37 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_CLIENT_SMACK)
40 * test: Check cookie size returned by security_server_get_cookie_size.
41 * description: Cookie used by security-server is 20 bytes long.
42 * Any other size of cookies should be treated as error.
43 * expected: Function security_server_get_cookie_size returns 20.
45 RUNNER_CHILD_TEST(tc01_security_server_get_cookie_size)
49 int ret = security_server_get_cookie_size();
50 RUNNER_ASSERT_MSG(20 == ret, "ret = " << ret);
54 * test: security_server_request_cookie
55 * description: Function security_server_request_cookie will return
56 * 20 bytes long cookie.
57 * expected: function will set up cookie in the array and return
58 * SECURITY_SERVER_API_SUCCESS.
60 RUNNER_CHILD_TEST(tc02_security_server_request_cookie_normal_case)
65 int ret = security_server_request_cookie(cookie, 20);
66 LogDebug("ret = " << ret);
67 RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS == ret);
71 * test: security_server_request_cookie
72 * description: Function security_server_request_cookie will return
73 * 20 bytes long cookie.
74 * expected: function will set up cookie in the array and return
75 * SECURITY_SERVER_API_SUCCESS.
77 RUNNER_CHILD_TEST(tc03_security_server_request_cookie_too_small_buffer_size)
82 int ret = security_server_request_cookie(cookie, 10);
83 LogDebug("ret = " << ret);
84 RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL == ret);
88 * test: tc04_security_server_get_gid
89 * description: Checking for security_server_get_gid
90 * with nonexisting gid and existing one
91 * expected: security_server_get_gid should return
92 * SECURITY_SERVER_ERROR_NO_SUCH_OBJECT with first call
93 * and group id with second call
95 RUNNER_CHILD_TEST(tc04_security_server_get_gid)
99 int ret = security_server_get_gid("abc123xyz_pysiaczek");
100 LogDebug("ret = " << ret);
101 RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT == ret, "Ret: " << ret);
102 ret = security_server_get_gid("root");
103 LogDebug("ret = " << ret);
104 RUNNER_ASSERT_MSG(0 == ret, "Ret: " << ret);
108 * test: tc05_check_privilege_by_cookie
109 * description: Function security_server_check_privilege_by_cookie should
110 * return status of access rights of cookie owner. In this case cookie owner
111 * is the same process that ask for the rights.
112 * expected: Function call with access rights set to "r" should return SUCCESS,
113 * with "rw" should return ACCESS DENIED.
115 RUNNER_CHILD_TEST(tc05_check_privilege_by_cookie)
118 const char *object_label = "tc05objectlabel";
119 const char *access_rights = "r";
120 const char *access_rights_ext = "rw";
121 const char *subject_label = "tc05subjectlabel";
123 smack_accesses *handle;
125 RUNNER_ASSERT(0 == smack_accesses_new(&handle));
127 RUNNER_ASSERT(0 == smack_accesses_add(handle,
132 RUNNER_ASSERT(0 == smack_accesses_apply(handle));
134 smack_accesses_free(handle);
136 RUNNER_ASSERT(0 == smack_set_label_for_self(subject_label));
138 RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
139 security_server_request_cookie(cookie,20));
141 RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
142 security_server_check_privilege_by_cookie(
147 RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
148 security_server_check_privilege_by_cookie(
156 * test: security_server_check_privilege_by_sockfd
157 * description: This test will create dummy server that will accept connection
158 * and die. The client will try to check access rights using connection descriptor.
159 * expected: Function call with access rights set to "r" should return SUCCESS,
160 * with "rw" should return ACCESS DENIED.
162 RUNNER_TEST(tc06_check_privilege_by_sockfd)
165 const char *object_label = "tc06objectlabel";
166 const char *access_rights = "r";
167 const char *access_rights_ext = "rw";
168 const char *subject_label = "tc06subjectlabel";
173 smack_accesses *handle;
174 RUNNER_ASSERT(0 == smack_accesses_new(&handle));
175 RUNNER_ASSERT(0 == smack_accesses_add(handle,
179 RUNNER_ASSERT(0 == smack_accesses_apply(handle));
180 smack_accesses_free(handle);
184 RUNNER_ASSERT(-1 != pid);
188 if (0 != smack_set_label_for_self(subject_label)) {
189 LogDebug("child, failed");
193 LogDebug("child, create_new_socket");
194 int sockfd = create_new_socket();
197 label = security_server_get_smacklabel_sockfd(sockfd);
198 RUNNER_ASSERT_MSG(label != NULL, "security_server_get_smacklabel_sockfd failed");
199 RUNNER_ASSERT_MSG(strcmp(label,"")==0, "label is \""<< label<<"\"");
202 LogDebug("child, listen");
203 if (listen(sockfd, 5) < 0) {
204 LogDebug("child, exit");
208 label = security_server_get_smacklabel_sockfd(sockfd);
209 RUNNER_ASSERT_MSG(label != NULL, "security_server_get_smacklabel_sockfd failed");
210 RUNNER_ASSERT_MSG(strcmp(label,"")==0, "label is \""<< label<<"\"");
214 LogDebug("child, accept");
215 struct sockaddr_un client_addr;
216 socklen_t client_len = sizeof(client_addr);
218 while(0 <= (csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len))) {
219 LogDebug("child, loop");
224 label = security_server_get_smacklabel_sockfd(sockfd);
225 RUNNER_ASSERT_MSG(label != NULL, "security_server_get_smacklabel_sockfd failed");
226 RUNNER_ASSERT_MSG(strcmp(label,subject_label)==0, "label is \""<< label<<"\"" << "subject_label is \""<< subject_label<<"\"" );
233 LogDebug("Parent, sleep 2");
235 int sockfd = connect_to_testserver();
237 label = security_server_get_smacklabel_sockfd(sockfd);
238 RUNNER_ASSERT_MSG(label != NULL, "security_server_get_smacklabel_sockfd failed");
239 RUNNER_ASSERT_MSG(strcmp(label,subject_label)==0, "label is \""<< label<<"\"" << "subject_label is \""<< subject_label<<"\"" );
242 LogDebug("Parent: sockfd: " << sockfd);
244 result1 = security_server_check_privilege_by_sockfd(
248 result2 = security_server_check_privilege_by_sockfd(
253 LogDebug("Parent: Close desc");
255 LogDebug("Parent: killing child");
260 waitpid(pid, &status, 0);
262 RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS == result1);
263 RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2);
267 * test: security_server_check_privilege_by_sockfd
268 * description: This test will create dummy server that will accept connection
269 * and die. The client will try to check access rights using connection descriptor.
270 * Unfortunatelly in this cases smack_set_label_for_self will not change label
271 * connected with unix socket. Thats why this test will fail.
272 * expected: Function call with access rights set to "r" should return SUCCESS,
273 * with "rw" should return ACCESS DENIED.
275 RUNNER_TEST(tc07_check_privilege_by_sockfd)
278 const char *object_label = "tc07objectlabel";
279 const char *access_rights = "r";
280 const char *access_rights_ext = "rw";
281 const char *subject_label = "tc07subjectlabel";
286 smack_accesses *handle;
287 RUNNER_ASSERT(0 == smack_accesses_new(&handle));
288 RUNNER_ASSERT(0 == smack_accesses_add(handle,
292 RUNNER_ASSERT(0 == smack_accesses_apply(handle));
293 smack_accesses_free(handle);
296 RUNNER_ASSERT(-1 != pid);
300 LogDebug("child, create_new_socket");
301 int sockfd = create_new_socket();
303 if (0 != smack_set_label_for_self(subject_label)) {
304 LogDebug("child, failed");
308 LogDebug("child, listen");
309 if (listen(sockfd, 5) < 0) {
310 LogDebug("child, exit");
313 LogDebug("child, accept");
315 struct sockaddr_un client_addr;
316 socklen_t client_len = sizeof(client_addr);
318 while(0 <= (csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len))) {
319 LogDebug("child, loop");
326 LogDebug("Parent, sleep 2");
328 int sockfd = connect_to_testserver();
329 LogDebug("Parent: sockfd: " << sockfd);
331 result1 = security_server_check_privilege_by_sockfd(
335 result2 = security_server_check_privilege_by_sockfd(
340 LogDebug("Parent: Close desc");
342 LogDebug("Parent: killing child");
347 waitpid(pid, &status, 0);
349 RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result1);
350 RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2);
353 int main(int argc, char *argv[])
356 DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);