2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_server.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Mariusz Domanski (m.domanski@samsung.com)
9 * @brief Test cases for security server
15 #include <sys/types.h>
16 #include <sys/param.h>
21 #include <sys/socket.h>
23 #include <sys/smack.h>
25 #include "security-server.h"
26 #include <dpl/test/test_runner.h>
27 #include <dpl/test/test_runner_child.h>
29 #include <privilege-control.h>
31 #include "security_server_tests_common.h"
32 #include "tests_common.h"
35 #define TEST03_SUBJECT "subject_0f09f7cc"
36 #define TEST04_SUBJECT "subject_57dfbfc5"
37 #define TEST05_SUBJECT "subject_1d6eda7d"
38 #define TEST06_SUBJECT "subject_1d414140"
39 #define TEST07_SUBJECT "subject_cd738844"
40 #define TEST08_SUBJECT "subject_fd84ba7f"
41 const char *TEST09_SUBJECT = "subject_sstest09";
42 const char *TEST10_SUBJECT = "subject_sstest10";
43 const char *TEST11_SUBJECT = "subject_sstest11";
44 const char *TEST12_SUBJECT = "subject_sstest12";
46 #define SECURITY_SERVER_SOCK_PATH "/tmp/.security_server.sock"
47 #define COOKIE_SIZE 20
48 #define OBJ_NAME_SIZE 30
49 #define OLABEL_SIZE 1024
50 #define ARIGHTS_SIZE 32
52 /* from security-server-common.h */
53 #define SECURITY_SERVER_MAX_OBJ_NAME 30
55 #define API_PASSWD_SET "security-server::api-password-set"
56 #define API_PASSWD_CHECK "security-server::api-password-check"
57 #define API_DATA_SHARE "security-server::api-data-share"
58 #define API_MIDDLEWARE "security-server::api-middleware"
59 #define API_PRIVILEGE_BY_NAME "security-server::api-app-privilege-by-name"
61 #define API_FREE_ACCESS "*"
62 #define API_RULE_REQUIRED "w"
68 unsigned char version;
70 unsigned short msg_len;
75 basic_header basic_hdr;
76 unsigned char return_code;
79 int server_sockfd, client_sockfd, ret, recved_gid, client_len, i;
80 unsigned char cookie[COOKIE_SIZE], wrong_cookie[COOKIE_SIZE];
81 char obj_name[OBJ_NAME_SIZE];
82 struct sockaddr_un clientaddr;
85 * Dropping root privileges
86 * returns 0 on success, 1 on error
88 int drop_root_privileges()
91 /* process is running as root, drop privileges */
92 if (setgid(APP_GID) != 0)
94 if (setuid(APP_UID) != 0)
104 /* Create a Unix domain socket and bind */
105 int create_new_socket()
107 int localsockfd = 0, flags;
108 struct sockaddr_un serveraddr;
111 if (unlink(SECURITY_SERVER_TEST_SOCK_PATH) == -1 && errno != ENOENT) {
112 SLOGE("%s : %s\n", "unlink()", strerror(errno));
116 /* Create Unix domain socket */
117 if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
119 SLOGE("%s : %s\n", "socket()", strerror(errno));
123 /* Make socket as non blocking */
124 if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
125 fcntl(localsockfd, F_SETFL, flags | O_NONBLOCK) < 0)
127 SLOGE("%s : %s\n", "fcntl()", strerror(errno));
131 bzero (&serveraddr, sizeof(serveraddr));
132 serveraddr.sun_family = AF_UNIX;
133 strncpy(serveraddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH,
134 strlen(SECURITY_SERVER_TEST_SOCK_PATH) + 1);
136 /* Bind the socket */
137 if ((bind(localsockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0)
139 SLOGE("%s : %s\n", "bind()", strerror(errno));
143 /* Change permission to accept all processes that has different uID/gID */
144 sock_mode = (S_IRWXU | S_IRWXG | S_IRWXO);
145 /* Flawfinder hits this chmod function as level 5 CRITICAL as race condition flaw *
146 * Flawfinder recommends to user fchmod insted of chmod
147 * But, fchmod doesn't work on socket file so there is no other choice at this point */
148 if (chmod(SECURITY_SERVER_TEST_SOCK_PATH, sock_mode) < 0) /* Flawfinder: ignore */
150 SLOGE("%s : %s\n", "chmod()", strerror(errno));
162 int check_socket_poll(int sockfd, int event, int timeout)
164 struct pollfd poll_fd[1];
167 poll_fd[0].fd = sockfd;
168 poll_fd[0].events = event;
169 retval = poll(poll_fd, 1, timeout);
172 SLOGE("%s : %s\n", "poll()", strerror(errno));
179 SLOGE("%s", "poll() timeout");
185 int send_gid_request(int sock_fd, const char *object)
188 int retval, send_len = 0;
189 unsigned char *buf = NULL;
191 hdr.version = 0x01; /* SECURITY_SERVER_MSG_VERSION; */
192 hdr.msg_id = 0x07; /* SECURITY_SERVER_MSG_TYPE_GID_REQUEST; */
193 hdr.msg_len = strlen(object);
195 send_len = sizeof(hdr) + strlen(object);
197 buf = (unsigned char*) malloc(send_len);
200 SLOGE("%s\n", "out of memory");
204 memcpy(buf, &hdr, sizeof(hdr));
205 memcpy(buf + sizeof(hdr), object, strlen(object));
208 retval = check_socket_poll(sock_fd, POLLOUT, 1000);
211 SLOGE("%s\n", "poll() error");
218 SLOGE("%s\n", "poll() timeout");
224 retval = write(sock_fd, buf, send_len);
225 if (retval < send_len)
228 SLOGE("Error on write(): %d. errno=%d, sockfd=%d\n", retval, errno, sock_fd);
239 int connect_to_server(int *fd)
241 struct sockaddr_un clientaddr;
242 int client_len = 0, localsockfd, ret, flags;
245 /* Create a socket */
246 localsockfd = socket(AF_UNIX, SOCK_STREAM, 0);
249 SLOGE("%s : %s\n", "socket()", strerror(errno));
253 /* Make socket as non blocking */
254 if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
255 fcntl(localsockfd, F_SETFL, flags | O_NONBLOCK) < 0)
258 SLOGE("%s : %s\n", "fcntl()", strerror(errno));
262 bzero(&clientaddr, sizeof(clientaddr));
263 clientaddr.sun_family = AF_UNIX;
264 strncpy(clientaddr.sun_path, SECURITY_SERVER_SOCK_PATH, strlen(SECURITY_SERVER_SOCK_PATH));
265 clientaddr.sun_path[strlen(SECURITY_SERVER_SOCK_PATH)] = 0;
266 client_len = sizeof(clientaddr);
268 ret = connect(localsockfd, (struct sockaddr*)&clientaddr, client_len);
271 if (errno == EINPROGRESS)
273 SLOGD("%s\n", "Connection is in progress");
274 check_socket_poll(localsockfd, POLLOUT, 1000);
277 SLOGE("%s\n", "poll() error");
281 ret = connect(localsockfd, (struct sockaddr*)&clientaddr, client_len);
284 SLOGE("%s\n", "connection failed");
291 SLOGE("%s\n", "Connection failed");
302 int fake_get_gid(const char *object)
304 int sockfd = -1, retval;
306 retval = connect_to_server(&sockfd);
309 /* Error on socket */
310 SLOGE("Connection failed: %d\n", retval);
314 /* make request packet and send to server*/
315 retval = send_gid_request(sockfd, object);
318 /* Error on socket */
319 SLOGE("Send request failed: %d\n", retval);
322 SLOGD("%s", "Just closing the socket and exit\n");
331 static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
332 int tflag, struct FTW *ftwbuf)
334 if (tflag == FTW_F) {
337 if (tflag == FTW_DP && ftwbuf->level != 0) {
344 int clear_password(char ** /*error*/)
347 unsigned int attempt, max_attempt, expire_sec;
348 const char *path = "/opt/data/security-server/";
349 const char *subject_allow = "subject_allow";
350 struct smack_accesses *handle = NULL;
352 attempt = max_attempt = expire_sec = 0;
355 if (access(path, F_OK) == 0) {
356 if (nftw(path, &nftw_rmdir_contents, 20, FTW_DEPTH) == -1) {
362 ret = smack_accesses_new(&handle);
363 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
365 /* our subject 'subject_allow' has access to security-server::api-password-check */
366 ret = smack_accesses_add(handle, subject_allow, API_PASSWD_CHECK, API_RULE_REQUIRED);
367 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
369 ret = smack_accesses_apply(handle);
370 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
372 ret = smack_set_label_for_self(subject_allow);
373 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
375 smack_accesses_free(handle);
377 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
379 RUNNER_ASSERT(expire_sec == 0);
380 RUNNER_ASSERT(max_attempt == 0);
381 RUNNER_ASSERT(attempt == 0);
382 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
384 /* we revoke all rules for subject 'subject_allow' */
385 ret = smack_revoke_subject(subject_allow);
386 RUNNER_ASSERT_MSG(ret == 0, "Revoking subject didn't work.");
395 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_SERVER);
397 RUNNER_TEST(tc_getting_default_cookie)
399 printhex(cookie, COOKIE_SIZE);
400 RUNNER_ASSERT(security_server_request_cookie((char*)cookie, 20) == SECURITY_SERVER_API_SUCCESS);
403 RUNNER_TEST(tc_security_server_get_gid_normal_case_trying_to_get_gid_of_tel_gprs)
405 RUNNER_ASSERT(security_server_get_gid("tel_gprs") >= 0);
408 RUNNER_TEST(tc_security_server_get_gid_empty_object_name)
410 RUNNER_ASSERT(security_server_get_gid("") == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
413 RUNNER_TEST(tc_security_server_get_gid_wrong_object_name_teltel)
415 RUNNER_ASSERT(security_server_get_gid("teltel") == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT);
418 RUNNER_TEST(tc_ask_for_privilege_with_default_cookie_normal_case_to_check_audio_privilege)
420 printhex(cookie, COOKIE_SIZE);
421 RUNNER_ASSERT(security_server_request_cookie((char*)cookie, COOKIE_SIZE) == SECURITY_SERVER_API_SUCCESS);
422 ret = security_server_get_gid("audio");
423 ret = security_server_check_privilege((char*) cookie, ret);
424 RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
427 RUNNER_TEST(tc_ask_for_privilege_with_default_cookie_case_with_wrong_cookie)
429 ret = security_server_get_gid("audio");
431 for (i = 0; i < COOKIE_SIZE; i++)
432 wrong_cookie[i] = rand() % 255;
433 ret = security_server_check_privilege((const char*) wrong_cookie, ret);
434 RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED);
438 RUNNER_TEST(tc_fake_security_server_get_gid)
440 /* Close socket just after sending request msg.
441 * This is done with fake security_server_get_gid()*/
443 ret = fake_get_gid("audio");
444 RUNNER_IGNORED_MSG("Watch whether security server has crashed or not.");
447 RUNNER_TEST(tc_get_pid_of_a_given_cookie_default_cookie_case)
449 RUNNER_ASSERT(security_server_get_cookie_pid((const char*) cookie) == getpid());
452 RUNNER_TEST(tc_get_pid_of_non_existing_cookie)
454 RUNNER_ASSERT(security_server_get_cookie_pid((const char*) wrong_cookie) == SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
457 RUNNER_TEST(tc_get_pid_of_null_cookie)
459 RUNNER_ASSERT(security_server_get_cookie_pid(NULL) == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
462 RUNNER_CHILD_TEST_SMACK(tc01a_security_server_app_give_access)
464 const char *subject = "abc345v34sfa";
465 const char *object = "efg678x2lkjz";
466 const char *server_api = "security-server::api-data-share";
467 smack_accesses *tmp = NULL;
469 RUNNER_ASSERT(0 == smack_accesses_new(&tmp));
471 AccessesUniquePtr smack(tmp, smack_accesses_free);
473 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), subject, object, "-----"));
474 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), object, server_api, "rw"));
475 RUNNER_ASSERT(0 == smack_accesses_apply(smack.get()));
477 smack_set_label_for_self(object);
479 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
481 security_server_app_give_access(subject, getpid());
483 RUNNER_ASSERT(1 == smack_have_access(subject, object, "rwxat"));
487 * Currently we are NOT revoking any permissions given by
488 * security_server_app_give_access function
490 /*RUNNER_TEST(tc01b_security_server_app_give_access)
492 const char *subject = "abc345v34sfa";
493 const char *object = "efg678x2lkjz";
495 // After part A thread from security-server will be notified about
496 // process end and revoke permissions. We need to give him some
500 RUNNER_ASSERT(0 == smack_have_access(subject, object, "r----"));
501 RUNNER_ASSERT(0 == smack_have_access(subject, object, "-w---"));
502 RUNNER_ASSERT(0 == smack_have_access(subject, object, "--x--"));
503 RUNNER_ASSERT(0 == smack_have_access(subject, object, "---a-"));
504 RUNNER_ASSERT(0 == smack_have_access(subject, object, "----t"));
507 RUNNER_CHILD_TEST_SMACK(tc01c_security_server_app_give_access_no_access)
509 const char *subject = "xxx45v34sfa";
510 const char *object = "yyy78x2lkjz";
511 smack_accesses *tmp = NULL;
513 RUNNER_ASSERT(0 == smack_accesses_new(&tmp));
515 AccessesUniquePtr smack(tmp, smack_accesses_free);
517 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), subject, object, "-----"));
518 RUNNER_ASSERT(0 == smack_accesses_apply(smack.get()));
520 smack_set_label_for_self(object);
522 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
524 RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == security_server_app_give_access(subject, getpid()));
526 RUNNER_ASSERT(0 == smack_have_access(subject, object, "r"));
529 RUNNER_TEST_SMACK(tc02_check_privilege_by_pid)
536 //we checking existing rule, it should return positive
537 ret = security_server_check_privilege_by_pid(pid, "_", "rx");
538 RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
540 //we checking rule with label that not exist
541 ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
542 RUNNER_ASSERT(ret != SECURITY_SERVER_API_SUCCESS);
545 RUNNER_CHILD_TEST_SMACK(tc03_check_API_passwd_allow)
548 unsigned int attempt, max_attempt, expire_sec;
549 const char *subject_allow = TEST03_SUBJECT;
550 struct smack_accesses *handle = NULL;
551 char *str = (char*) malloc(256);
553 attempt = max_attempt = expire_sec = 0;
555 ret = clear_password(&str);
556 RUNNER_ASSERT_MSG(ret == 0, "ret: " << str);
558 ret = smack_accesses_new(&handle);
559 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
561 /* our subject 'subject_allow' has access to security-server::api-password-check */
562 ret = smack_accesses_add(handle, subject_allow, API_PASSWD_CHECK, API_RULE_REQUIRED);
563 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
565 ret = smack_accesses_apply(handle);
566 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
568 /* our subject 'subject_allow' has access to security-server::api-passwd-set */
569 ret = smack_accesses_add(handle, subject_allow, API_PASSWD_SET, API_RULE_REQUIRED);
570 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
572 ret = smack_accesses_apply(handle);
573 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
575 smack_accesses_free(handle);
577 ret = smack_set_label_for_self(subject_allow);
578 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
580 // drop root privileges
581 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
583 ret = security_server_set_pwd_validity(10);
584 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
586 ret = security_server_set_pwd_max_challenge(5);
587 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
589 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
590 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
593 ret = security_server_set_pwd(NULL, "12345", 0, 0);
594 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
597 ret = security_server_reset_pwd("12345",0, 0);
598 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
601 ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
602 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
605 ret = security_server_set_pwd_history(10);
606 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
609 RUNNER_CHILD_TEST(tc04_check_API_passwd_denied)
611 RUNNER_IGNORED_MSG("SS API label checking not enabled yet.");
614 unsigned int attempt, max_attempt, expire_sec;
615 const char *subject_denied = TEST04_SUBJECT;
616 char *str = (char*) malloc(256);
618 attempt = max_attempt = expire_sec = 0;
620 ret = smack_set_label_for_self(subject_denied);
621 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
623 // drop root privileges
624 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
627 * now SS should return error
628 * at the moment SS doesn't check return code from
629 * authorize_SS_API_caller_socket() so it should give access
630 * you can check in logs if it's working properly
631 * has access result = 1
632 * no access result = 0
633 * D/SECURITY_SERVER( 2510): security-server-main.c: authorize_SS_API_caller_socket(205) >
634 * [SECURE_LOG] SS_SMACK: caller_pid=5278, subject=subject_allow,
635 * object=security-server::api-password-check, access=w, result=1,
636 * caller_path=/usr/bin/security-server-tests-server
637 * E/SECURITY_SERVER( 2510): security-server-main.c: authorize_SS_API_caller_socket(207) >
638 * [SECURE_LOG] SS_SMACK: caller_pid=5278, subject=subject_allow,
639 * object=security-server::api-password-check, access=w, result=0,
640 * caller_path=/usr/bin/security-server-tests-server
643 ret = security_server_set_pwd_validity(10);
644 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
646 ret = security_server_set_pwd_max_challenge(5);
647 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
649 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
650 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
653 ret = security_server_set_pwd("12345", "12346", 0, 0);
654 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
657 ret = security_server_reset_pwd("12346",0, 0);
658 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
661 ret = security_server_chk_pwd("12346", &attempt, &max_attempt, &expire_sec);
662 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
665 ret = security_server_set_pwd_history(10);
666 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
668 ret = clear_password(&str);
669 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
673 RUNNER_CHILD_TEST_SMACK(tc05_check_API_middleware_allow)
676 const char *subject_allow = TEST05_SUBJECT;
677 size_t cookie_size = security_server_get_cookie_size();
679 char *ss_label = NULL;
680 struct smack_accesses *handle = NULL;
682 /* allow subject 'subjet_allow' to security-server::api-middleware */
683 ret = smack_accesses_new(&handle);
684 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
686 ret = smack_accesses_add(handle, subject_allow, API_MIDDLEWARE, API_RULE_REQUIRED);
687 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
689 ret = smack_accesses_apply(handle);
690 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
691 smack_accesses_free(handle);
693 ret = smack_set_label_for_self(subject_allow);
694 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
696 // drop root privileges
697 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
699 ret = security_server_request_cookie(cookie, cookie_size);
700 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
702 ret = security_server_get_gid("audio");
703 ret = security_server_check_privilege(cookie, ret);
704 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
706 ret = security_server_get_gid("root");
707 RUNNER_ASSERT_MSG(ret > -1, "ret: " << ret);
709 ret = security_server_get_cookie_pid(cookie);
710 RUNNER_ASSERT_MSG(ret == getpid(), "ret: " << ret);
712 ss_label = security_server_get_smacklabel_cookie(cookie);
713 RUNNER_ASSERT_MSG(ss_label != NULL, "ret: " << ss_label);
715 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
716 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
719 RUNNER_CHILD_TEST(tc06_check_API_middleware_denied)
721 RUNNER_IGNORED_MSG("SS API label checking not enabled yet.");
724 const char *subject_denied = TEST06_SUBJECT;
725 size_t cookie_size = security_server_get_cookie_size();
727 char *ss_label = NULL;
729 ret = smack_set_label_for_self(subject_denied);
730 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
732 // drop root privileges
733 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
735 ret = security_server_request_cookie(cookie, cookie_size);
736 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
738 ret = security_server_check_privilege(cookie, DB_ALARM_GID);
739 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
741 ret = security_server_get_gid("root");
742 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
744 ret = security_server_get_cookie_pid(cookie);
745 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
747 ss_label = security_server_get_smacklabel_cookie(cookie);
748 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
750 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
751 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
754 RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow)
757 const char *subject_allow = TEST07_SUBJECT;
758 struct smack_accesses *handle = NULL;
760 /* allow subject 'subjet_allow' to security-server::api-data-share */
761 ret = smack_accesses_new(&handle);
762 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
764 ret = smack_accesses_add(handle, subject_allow, API_DATA_SHARE, API_RULE_REQUIRED);
765 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
767 ret = smack_accesses_apply(handle);
768 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
769 smack_accesses_free(handle);
771 ret = smack_set_label_for_self(subject_allow);
772 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
774 // drop root privileges
775 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
777 ret = security_server_app_give_access(subject_allow, getpid());
778 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
781 RUNNER_CHILD_TEST_SMACK(tc08_check_API_data_share_denied)
784 const char *subject_denied = TEST08_SUBJECT;
786 ret = smack_set_label_for_self(subject_denied);
787 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
789 // drop root privileges
790 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
792 ret = security_server_app_give_access(subject_denied, getpid());
793 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
796 RUNNER_CHILD_TEST(tc09_check_API_app_enable_permissions)
799 const char *perm_list[] = {"org.tizen.privilege.contact.read",
800 "org.tizen.privilege.contact.write",
804 // need to install WGT once again, in case it was removed before
806 ret = perm_app_uninstall(WGT_APP_ID);
807 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall WGT_APP_ID, ret: " << ret);
808 ret = perm_app_install(WGT_APP_ID);
809 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install WGT_APP_ID, ret: " << ret);
813 ret = security_server_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, perm_list, persistent);
814 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
816 /* allow subject TEST09_SUBJECT to socket label security-server::api-privilege-by-name */
817 struct smack_accesses *handle = NULL;
818 ret = smack_accesses_new(&handle);
819 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
821 SmackUniquePtr smackAccPtr(handle, smack_accesses_free);
822 handle = NULL; // it is better to reset standard pointer after that
824 ret = smack_accesses_add(smackAccPtr.get(), TEST09_SUBJECT, API_PRIVILEGE_BY_NAME, API_RULE_REQUIRED);
825 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
827 ret = smack_accesses_apply(smackAccPtr.get());
828 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
830 ret = smack_set_label_for_self(TEST09_SUBJECT);
831 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
833 // drop root privileges
834 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
836 // Check if permissions are given
837 check_app_has_privilege(WGT_APP_ID, APP_TYPE_WGT, perm_list, true);
840 RUNNER_CHILD_TEST(tc10_check_API_app_disable_permissions)
843 const char *perm_list[] = {"org.tizen.privilege.contact.read",
844 "org.tizen.privilege.contact.write",
847 // need to install WGT once again, in case it was removed before
849 ret = perm_app_uninstall(WGT_APP_ID);
850 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall WGT_APP_ID, ret: " << ret);
851 ret = perm_app_install(WGT_APP_ID);
852 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install WGT_APP_ID, ret: " << ret);
855 // disable permission
856 ret = security_server_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, perm_list);
857 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
859 /* allow subject TEST10_SUBJECT to socket label security-server::api-privilege-by-name */
860 struct smack_accesses *handle = NULL;
861 ret = smack_accesses_new(&handle);
862 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
864 SmackUniquePtr smackAccPtr(handle, smack_accesses_free);
865 handle = NULL; // it is better to reset standard pointer after that
867 ret = smack_accesses_add(smackAccPtr.get(), TEST10_SUBJECT, API_PRIVILEGE_BY_NAME, API_RULE_REQUIRED);
868 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
870 ret = smack_accesses_apply(smackAccPtr.get());
871 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
873 ret = smack_set_label_for_self(TEST10_SUBJECT);
874 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
876 // drop root privileges
877 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
879 // Check if permissions are disabled
880 check_app_has_privilege(WGT_APP_ID, APP_TYPE_WGT, perm_list, false);
883 RUNNER_TEST(tc11_security_server_app_has_privilege)
886 const char *perm_list_pers[] = {"org.tizen.privilege.contact.read",
887 "org.tizen.privilege.contact.write",
889 const char *perm_list_temp[] = {"org.tizen.privilege.calendar.read",
890 "org.tizen.privilege.calendar.write",
892 const char *perm_list_disabled[] = {"org.tizen.privilege.alarm",
895 ret = perm_app_uninstall(TEST11_SUBJECT);
896 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall TEST11_SUBJECT, ret: " << ret);
897 ret = perm_app_install(TEST11_SUBJECT);
898 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install TEST11_SUBJECT, ret: " << ret);
902 ret = security_server_app_enable_permissions(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_pers, 1);
903 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
904 ret = security_server_app_enable_permissions(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_temp, 0);
905 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
907 // Check if permissions are given using API with app_label parameter
908 check_app_has_privilege(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_pers, true);
909 check_app_has_privilege(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_temp, true);
910 check_app_has_privilege(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_disabled, false);
913 RUNNER_CHILD_TEST(tc12_security_server_app_caller_has_privilege)
916 const char *perm_list_pers[] = {"org.tizen.privilege.contact.read",
917 "org.tizen.privilege.contact.write",
919 const char *perm_list_temp[] = {"org.tizen.privilege.calendar.read",
920 "org.tizen.privilege.calendar.write",
922 const char *perm_list_disabled[] = {"org.tizen.privilege.alarm",
926 ret = perm_app_uninstall(TEST11_SUBJECT);
927 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall TEST11_SUBJECT, ret: " << ret);
928 ret = perm_app_install(TEST11_SUBJECT);
929 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install TEST11_SUBJECT, ret: " << ret);
933 ret = security_server_app_enable_permissions(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_pers, 1);
934 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
935 ret = security_server_app_enable_permissions(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_temp, 0);
936 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
938 // allow subject TEST11_SUBJECT to sockets (label privilege-by-name)
939 struct smack_accesses *handle = NULL;
940 ret = smack_accesses_new(&handle);
941 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
943 SmackUniquePtr smackAccPtr(handle, smack_accesses_free);
944 handle = NULL; // it is better to reset standard pointer after that
946 ret = smack_accesses_add(smackAccPtr.get(), TEST11_SUBJECT, API_PRIVILEGE_BY_NAME, API_RULE_REQUIRED);
947 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
949 ret = smack_accesses_apply(smackAccPtr.get());
950 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
952 ret = smack_set_label_for_self(TEST11_SUBJECT);
953 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
955 // drop root privileges
956 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
958 // Check if permissions are given using "caller" API
959 check_app_caller_has_privilege(APP_TYPE_WGT, perm_list_pers, true);
960 check_app_caller_has_privilege(APP_TYPE_WGT, perm_list_temp, true);
961 check_app_caller_has_privilege(APP_TYPE_WGT, perm_list_disabled, false);
964 RUNNER_CHILD_TEST(tc13_check_API_app_has_privilege_denied)
967 const char *perm_list[] = {"org.tizen.privilege.contact.read",
968 "org.tizen.privilege.contact.write",
971 // set smack label without previously assigned permissions to api socket
972 ret = smack_set_label_for_self(TEST12_SUBJECT);
973 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
975 // drop root privileges
976 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
978 // call common function to perform the check
979 check_app_caller_has_privilege_denied(APP_TYPE_WGT, perm_list);
981 // call also second common function
982 check_app_has_privilege_denied(TEST12_SUBJECT, APP_TYPE_WGT, perm_list);
985 //////////////////////////////////////////
986 /////////NOSMACK ENV TESTS////////////////
987 //////////////////////////////////////////
990 * NOSMACK version of tc01a and tc01c tests.
992 * SMACK is turned off - that means for us, that we don't need any accesses added to our process
993 * in SMACK before dropping root privileges. This test drops root privileges, calls
994 * security_server_app_give_access and then checks if smack_have_access returns error (because
997 * security_server_app_give_access shouldn't return anything else than success when SMACK is off,
998 * hence there is only one test that replaces tests tc01a and tc01c.
1000 RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_app_give_access_nosmack)
1002 const char* subject = "abc345v34sfa";
1003 const char* object = "efg678x2lkjz";
1006 result = drop_root_privileges();
1007 RUNNER_ASSERT_MSG(result == 0,
1008 "Failed to drop root privileges. Result: " << result << "uid = " << getuid());
1010 result = security_server_app_give_access(subject, getpid());
1011 RUNNER_ASSERT_MSG(result == SECURITY_SERVER_API_SUCCESS,
1012 "Error in security_server_app_give_access. Result: " << result);
1014 result = smack_have_access(subject, object, "rwxat");
1015 RUNNER_ASSERT_MSG(result == -1,
1016 "smack_have_access should return error when SMACK is off. Result: " << result);
1020 * NOSMACK version of tc02 test.
1022 * check_privilege_by_pid should always return success when SMACK is off, no matter if label is
1025 RUNNER_TEST_NOSMACK(tc02_check_privilege_by_pid_nosmack)
1032 //we checking existing rule, it should return positive
1033 ret = security_server_check_privilege_by_pid(pid, "_", "rx");
1034 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1035 "check_privilege_by_pid for existing label failed. Result: " << ret);
1037 //we checking rule with label that not exist
1038 ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
1039 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1040 "check_privilege_by_pid for nonexisting label failed. Result: " << ret);
1044 * NOSMACK version of clear_password function.
1046 * Compared to SMACK version of this function, this one skips adding rules and setting label.
1048 int clear_password_nosmack()
1051 unsigned int attempt, max_attempt, expire_sec;
1052 const char* path = "/opt/data/security-server/";
1054 attempt = max_attempt = expire_sec = 0;
1056 if (getuid() == 0) {
1057 if (access(path, F_OK) == 0) {
1058 if (nftw(path, &nftw_rmdir_contents, 20, FTW_DEPTH) == -1) {
1064 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1066 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec << ", should be 0.");
1067 RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt << ", should be 0.");
1068 RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt << ", should be 0.");
1069 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1070 "is_pwd_faild should return no password error. Result: " << ret);
1080 * NOSMACK version of tc03 test.
1082 * Just as tc01a/tc01c NOSMACK replacement, we don't need to do anything with SMACK because most
1083 * important functions will return errors (that is smack_accesses_apply/smack_have_access etc.).
1084 * First clear password, then drop privileges and proceed to regular testing.
1087 RUNNER_CHILD_TEST_NOSMACK(tc03_check_API_passwd_allow_nosmack)
1090 unsigned int attempt, max_attempt, expire_sec;
1092 attempt = max_attempt = expire_sec = 0;
1094 clear_password_nosmack();
1096 // drop root privileges
1097 ret = drop_root_privileges();
1098 RUNNER_ASSERT_MSG(ret == 0,
1099 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
1101 ret = security_server_set_pwd_validity(10);
1102 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1103 "set_pwd_validity should return no password error. Result: " << ret);
1105 ret = security_server_set_pwd_max_challenge(5);
1106 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1107 "set_pwd_max_challenge should return no password error. Result: " << ret);
1109 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1110 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1111 "is_pwd_valid should return no password error. Result: " << ret);
1114 ret = security_server_set_pwd(NULL, "12345", 0, 0);
1115 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1116 "set_pwd failed. Result: " << ret);
1119 ret = security_server_reset_pwd("12345",0, 0);
1120 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1121 "reset_pwd failed. Result: " << ret);
1124 ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
1125 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1126 "chk_pwd failed. Result: " << ret);
1129 ret = security_server_set_pwd_history(10);
1130 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1131 "set_pwd_history failed. Result: " << ret);
1135 * NOSMACK version of tc05 test.
1137 * This test assumes similar information as previous NOSMACK tests. SMACK off = no need to
1138 * set accesses and apply them in SMACK before dropping privileges.
1141 RUNNER_CHILD_TEST_NOSMACK(tc05_check_API_middleware_allow_nosmack)
1144 size_t cookie_size = security_server_get_cookie_size();
1146 char* ss_label = NULL;
1148 // drop root privileges
1149 ret = drop_root_privileges();
1150 RUNNER_ASSERT_MSG(ret == 0,
1151 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
1153 ret = security_server_request_cookie(cookie, cookie_size);
1154 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1155 "request_cookie failed. Result: " << ret);
1157 ret = security_server_get_gid("audio");
1158 RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"audio\" gid. Result: " << ret);
1160 ret = security_server_check_privilege(cookie, ret);
1161 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1162 "check_privilege failed. Result: " << ret);
1164 ret = security_server_get_gid("root");
1165 RUNNER_ASSERT_MSG(ret > -1,
1166 "Failed to get \"root\" gid. Result: " << ret);
1168 ret = security_server_get_cookie_pid(cookie);
1169 RUNNER_ASSERT_MSG(ret == getpid(),
1170 "get_cookie_pid returned different pid than it should. Result: " << ret);
1172 ss_label = security_server_get_smacklabel_cookie(cookie);
1173 RUNNER_ASSERT_MSG(ss_label != NULL, "get_smacklabel_cookie failed.");
1175 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
1176 if(ret != SECURITY_SERVER_API_SUCCESS) {
1178 RUNNER_ASSERT_MSG(false, "check_privilege_by_pid failed. Result: " << ret);
1183 * NOSMACK version of tc07 test.
1185 * Similarily to previous tests - no need to set self label because SMACK is off. Just as
1186 * tc01a/tc01c replacement, security_server_app_give_access should return only success. Hence the
1187 * NOSMACK version of tc08 test is skipped.
1189 RUNNER_CHILD_TEST_NOSMACK(tc07_check_API_data_share_allow_nosmack)
1192 const char* subject_allow = TEST07_SUBJECT;
1194 // drop root privileges
1195 ret = drop_root_privileges();
1196 RUNNER_ASSERT_MSG(ret == 0,
1197 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
1199 ret = security_server_app_give_access(subject_allow, getpid());
1200 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1201 "app_give_access failed. Result: " << ret);
1204 int main(int argc, char *argv[])
1211 printf("Error: %s must be executed by root\n", argv[0]);
1216 DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
1218 if (server_sockfd > 0)
1219 close(server_sockfd);
1220 if (client_sockfd > 0)
1221 close(client_sockfd);