2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_server.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Mariusz Domanski (m.domanski@samsung.com)
9 * @brief Test cases for security server
15 #include <sys/types.h>
16 #include <sys/param.h>
21 #include <sys/socket.h>
23 #include <sys/smack.h>
25 #include "security-server.h"
26 #include <dpl/test/test_runner.h>
27 #include <dpl/test/test_runner_child.h>
29 #include <privilege-control.h>
31 #include "security_server_tests_common.h"
32 #include "tests_common.h"
35 #define TEST03_SUBJECT "subject_0f09f7cc"
36 #define TEST04_SUBJECT "subject_57dfbfc5"
37 #define TEST05_SUBJECT "subject_1d6eda7d"
38 #define TEST06_SUBJECT "subject_1d414140"
39 #define TEST07_SUBJECT "subject_cd738844"
40 #define TEST08_SUBJECT "subject_fd84ba7f"
41 const char *TEST09_SUBJECT = "subject_sstest09";
42 const char *TEST10_SUBJECT = "subject_sstest10";
43 const char *TEST11_SUBJECT = "subject_sstest11";
44 const char *TEST12_SUBJECT = "subject_sstest12";
46 #define SECURITY_SERVER_SOCK_PATH "/tmp/.security_server.sock"
47 #define COOKIE_SIZE 20
48 #define OBJ_NAME_SIZE 30
49 #define OLABEL_SIZE 1024
50 #define ARIGHTS_SIZE 32
52 /* from security-server-common.h */
53 #define SECURITY_SERVER_MAX_OBJ_NAME 30
55 #define API_PASSWD_SET "security-server::api-password-set"
56 #define API_PASSWD_CHECK "security-server::api-password-check"
57 #define API_DATA_SHARE "security-server::api-data-share"
58 #define API_MIDDLEWARE "security-server::api-middleware"
59 #define API_PRIVILEGE_BY_NAME "security-server::api-app-privilege-by-name"
61 #define API_FREE_ACCESS "*"
62 #define API_RULE_REQUIRED "w"
68 unsigned char version;
70 unsigned short msg_len;
75 basic_header basic_hdr;
76 unsigned char return_code;
79 int server_sockfd, client_sockfd, ret, recved_gid, client_len, i;
80 unsigned char cookie[COOKIE_SIZE], wrong_cookie[COOKIE_SIZE];
81 char obj_name[OBJ_NAME_SIZE];
82 struct sockaddr_un clientaddr;
85 * Dropping root privileges
86 * returns 0 on success, 1 on error
88 int drop_root_privileges()
91 /* process is running as root, drop privileges */
92 if (setgid(APP_GID) != 0)
94 if (setuid(APP_UID) != 0)
104 /* Create a Unix domain socket and bind */
105 int create_new_socket()
107 int localsockfd = 0, flags;
108 struct sockaddr_un serveraddr;
111 if (unlink(SECURITY_SERVER_TEST_SOCK_PATH) == -1 && errno != ENOENT) {
112 SLOGE("%s : %s\n", "unlink()", strerror(errno));
116 /* Create Unix domain socket */
117 if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
119 SLOGE("%s : %s\n", "socket()", strerror(errno));
123 /* Make socket as non blocking */
124 if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
125 fcntl(localsockfd, F_SETFL, flags | O_NONBLOCK) < 0)
127 SLOGE("%s : %s\n", "fcntl()", strerror(errno));
131 bzero (&serveraddr, sizeof(serveraddr));
132 serveraddr.sun_family = AF_UNIX;
133 strncpy(serveraddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH,
134 strlen(SECURITY_SERVER_TEST_SOCK_PATH) + 1);
136 /* Bind the socket */
137 if ((bind(localsockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0)
139 SLOGE("%s : %s\n", "bind()", strerror(errno));
143 /* Change permission to accept all processes that has different uID/gID */
144 sock_mode = (S_IRWXU | S_IRWXG | S_IRWXO);
145 /* Flawfinder hits this chmod function as level 5 CRITICAL as race condition flaw *
146 * Flawfinder recommends to user fchmod insted of chmod
147 * But, fchmod doesn't work on socket file so there is no other choice at this point */
148 if (chmod(SECURITY_SERVER_TEST_SOCK_PATH, sock_mode) < 0) /* Flawfinder: ignore */
150 SLOGE("%s : %s\n", "chmod()", strerror(errno));
162 int check_socket_poll(int sockfd, int event, int timeout)
164 struct pollfd poll_fd[1];
167 poll_fd[0].fd = sockfd;
168 poll_fd[0].events = event;
169 retval = poll(poll_fd, 1, timeout);
172 SLOGE("%s : %s\n", "poll()", strerror(errno));
179 SLOGE("%s", "poll() timeout");
185 int send_gid_request(int sock_fd, const char *object)
188 int retval, send_len = 0;
189 unsigned char *buf = NULL;
191 hdr.version = 0x01; /* SECURITY_SERVER_MSG_VERSION; */
192 hdr.msg_id = 0x07; /* SECURITY_SERVER_MSG_TYPE_GID_REQUEST; */
193 hdr.msg_len = strlen(object);
195 send_len = sizeof(hdr) + strlen(object);
197 buf = (unsigned char*) malloc(send_len);
200 SLOGE("%s\n", "out of memory");
204 memcpy(buf, &hdr, sizeof(hdr));
205 memcpy(buf + sizeof(hdr), object, strlen(object));
208 retval = check_socket_poll(sock_fd, POLLOUT, 1000);
211 SLOGE("%s\n", "poll() error");
218 SLOGE("%s\n", "poll() timeout");
224 retval = write(sock_fd, buf, send_len);
225 if (retval < send_len)
228 SLOGE("Error on write(): %d. errno=%d, sockfd=%d\n", retval, errno, sock_fd);
239 int connect_to_server(int *fd)
241 struct sockaddr_un clientaddr;
242 int client_len = 0, localsockfd, ret, flags;
245 /* Create a socket */
246 localsockfd = socket(AF_UNIX, SOCK_STREAM, 0);
249 SLOGE("%s : %s\n", "socket()", strerror(errno));
253 /* Make socket as non blocking */
254 if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
255 fcntl(localsockfd, F_SETFL, flags | O_NONBLOCK) < 0)
258 SLOGE("%s : %s\n", "fcntl()", strerror(errno));
262 bzero(&clientaddr, sizeof(clientaddr));
263 clientaddr.sun_family = AF_UNIX;
264 strncpy(clientaddr.sun_path, SECURITY_SERVER_SOCK_PATH, strlen(SECURITY_SERVER_SOCK_PATH));
265 clientaddr.sun_path[strlen(SECURITY_SERVER_SOCK_PATH)] = 0;
266 client_len = sizeof(clientaddr);
268 ret = connect(localsockfd, (struct sockaddr*)&clientaddr, client_len);
271 if (errno == EINPROGRESS)
273 SLOGD("%s\n", "Connection is in progress");
274 check_socket_poll(localsockfd, POLLOUT, 1000);
277 SLOGE("%s\n", "poll() error");
281 ret = connect(localsockfd, (struct sockaddr*)&clientaddr, client_len);
284 SLOGE("%s\n", "connection failed");
291 SLOGE("%s\n", "Connection failed");
302 int fake_get_gid(const char *object)
304 int sockfd = -1, retval;
306 retval = connect_to_server(&sockfd);
309 /* Error on socket */
310 SLOGE("Connection failed: %d\n", retval);
314 /* make request packet and send to server*/
315 retval = send_gid_request(sockfd, object);
318 /* Error on socket */
319 SLOGE("Send request failed: %d\n", retval);
322 SLOGD("%s", "Just closing the socket and exit\n");
331 static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
332 int tflag, struct FTW *ftwbuf)
334 if (tflag == FTW_F) {
337 if (tflag == FTW_DP && ftwbuf->level != 0) {
344 int clear_password(char ** /*error*/)
347 unsigned int attempt, max_attempt, expire_sec;
348 const char *path = "/opt/data/security-server/";
349 const char *subject_allow = "subject_allow";
350 struct smack_accesses *handle = NULL;
352 attempt = max_attempt = expire_sec = 0;
355 if (access(path, F_OK) == 0) {
356 if (nftw(path, &nftw_rmdir_contents, 20, FTW_DEPTH) == -1) {
362 ret = smack_accesses_new(&handle);
363 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
365 /* our subject 'subject_allow' has access to security-server::api-password-check */
366 ret = smack_accesses_add(handle, subject_allow, API_PASSWD_CHECK, API_RULE_REQUIRED);
367 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
369 ret = smack_accesses_apply(handle);
370 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
372 ret = smack_set_label_for_self(subject_allow);
373 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
375 smack_accesses_free(handle);
377 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
379 RUNNER_ASSERT(expire_sec == 0);
380 RUNNER_ASSERT(max_attempt == 0);
381 RUNNER_ASSERT(attempt == 0);
382 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
384 /* we revoke all rules for subject 'subject_allow' */
385 ret = smack_revoke_subject(subject_allow);
386 RUNNER_ASSERT_MSG(ret == 0, "Revoking subject didn't work.");
395 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_SERVER);
397 RUNNER_TEST(tc_getting_default_cookie)
399 printhex(cookie, COOKIE_SIZE);
400 RUNNER_ASSERT(security_server_request_cookie((char*)cookie, 20) == SECURITY_SERVER_API_SUCCESS);
403 RUNNER_TEST(tc_security_server_get_gid_normal_case_trying_to_get_gid_of_tel_gprs)
405 RUNNER_ASSERT(security_server_get_gid("tel_gprs") >= 0);
408 RUNNER_TEST(tc_security_server_get_gid_empty_object_name)
410 RUNNER_ASSERT(security_server_get_gid("") == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
413 RUNNER_TEST(tc_security_server_get_gid_wrong_object_name_teltel)
415 RUNNER_ASSERT(security_server_get_gid("teltel") == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT);
418 RUNNER_TEST(tc_security_server_get_object_name_normal_case_trying_6001)
420 ret = security_server_get_object_name(DB_ALARM_GID, obj_name, sizeof(obj_name));
421 SLOGD("Result: %s\n", obj_name);
422 RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
425 RUNNER_TEST(tc_security_server_get_object_name_too_small_buffer_size)
427 ret = security_server_get_object_name(DB_ALARM_GID, obj_name, 5);
428 RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL);
431 RUNNER_TEST(tc_security_server_get_object_name_invalid_gid)
433 ret = security_server_get_object_name(9876, obj_name, sizeof(obj_name));
434 RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT);
437 RUNNER_TEST(tc_ask_for_privilege_with_default_cookie_normal_case_to_check_audio_privilege)
439 printhex(cookie, COOKIE_SIZE);
440 RUNNER_ASSERT(security_server_request_cookie((char*)cookie, COOKIE_SIZE) == SECURITY_SERVER_API_SUCCESS);
441 ret = security_server_get_gid("audio");
442 ret = security_server_check_privilege((char*) cookie, ret);
443 RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
446 RUNNER_TEST(tc_ask_for_privilege_with_default_cookie_case_with_wrong_cookie)
448 ret = security_server_get_gid("audio");
450 for (i = 0; i < COOKIE_SIZE; i++)
451 wrong_cookie[i] = rand() % 255;
452 ret = security_server_check_privilege((const char*) wrong_cookie, ret);
453 RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED);
457 RUNNER_TEST(tc_fake_security_server_get_gid)
459 /* Close socket just after sending request msg.
460 * This is done with fake security_server_get_gid()*/
462 ret = fake_get_gid("audio");
463 RUNNER_IGNORED_MSG("Watch whether security server has crashed or not.");
466 RUNNER_TEST(tc_get_pid_of_a_given_cookie_default_cookie_case)
468 RUNNER_ASSERT(security_server_get_cookie_pid((const char*) cookie) == getpid());
471 RUNNER_TEST(tc_get_pid_of_non_existing_cookie)
473 RUNNER_ASSERT(security_server_get_cookie_pid((const char*) wrong_cookie) == SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
476 RUNNER_TEST(tc_get_pid_of_null_cookie)
478 RUNNER_ASSERT(security_server_get_cookie_pid(NULL) == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
481 RUNNER_CHILD_TEST_SMACK(tc01a_security_server_app_give_access)
483 const char *subject = "abc345v34sfa";
484 const char *object = "efg678x2lkjz";
485 const char *server_api = "security-server::api-data-share";
486 smack_accesses *tmp = NULL;
488 RUNNER_ASSERT(0 == smack_accesses_new(&tmp));
490 AccessesUniquePtr smack(tmp, smack_accesses_free);
492 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), subject, object, "-----"));
493 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), object, server_api, "rw"));
494 RUNNER_ASSERT(0 == smack_accesses_apply(smack.get()));
496 smack_set_label_for_self(object);
498 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
500 security_server_app_give_access(subject, getpid());
502 RUNNER_ASSERT(1 == smack_have_access(subject, object, "rwxat"));
506 * Currently we are NOT revoking any permissions given by
507 * security_server_app_give_access function
509 /*RUNNER_TEST(tc01b_security_server_app_give_access)
511 const char *subject = "abc345v34sfa";
512 const char *object = "efg678x2lkjz";
514 // After part A thread from security-server will be notified about
515 // process end and revoke permissions. We need to give him some
519 RUNNER_ASSERT(0 == smack_have_access(subject, object, "r----"));
520 RUNNER_ASSERT(0 == smack_have_access(subject, object, "-w---"));
521 RUNNER_ASSERT(0 == smack_have_access(subject, object, "--x--"));
522 RUNNER_ASSERT(0 == smack_have_access(subject, object, "---a-"));
523 RUNNER_ASSERT(0 == smack_have_access(subject, object, "----t"));
526 RUNNER_CHILD_TEST_SMACK(tc01c_security_server_app_give_access_no_access)
528 const char *subject = "xxx45v34sfa";
529 const char *object = "yyy78x2lkjz";
530 smack_accesses *tmp = NULL;
532 RUNNER_ASSERT(0 == smack_accesses_new(&tmp));
534 AccessesUniquePtr smack(tmp, smack_accesses_free);
536 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), subject, object, "-----"));
537 RUNNER_ASSERT(0 == smack_accesses_apply(smack.get()));
539 smack_set_label_for_self(object);
541 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
543 RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == security_server_app_give_access(subject, getpid()));
545 RUNNER_ASSERT(0 == smack_have_access(subject, object, "r"));
548 RUNNER_TEST_SMACK(tc02_check_privilege_by_pid)
555 //we checking existing rule, it should return positive
556 ret = security_server_check_privilege_by_pid(pid, "_", "rx");
557 RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
559 //we checking rule with label that not exist
560 ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
561 RUNNER_ASSERT(ret != SECURITY_SERVER_API_SUCCESS);
564 RUNNER_CHILD_TEST_SMACK(tc03_check_API_passwd_allow)
567 unsigned int attempt, max_attempt, expire_sec;
568 const char *subject_allow = TEST03_SUBJECT;
569 struct smack_accesses *handle = NULL;
570 char *str = (char*) malloc(256);
572 attempt = max_attempt = expire_sec = 0;
574 ret = clear_password(&str);
575 RUNNER_ASSERT_MSG(ret == 0, "ret: " << str);
577 ret = smack_accesses_new(&handle);
578 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
580 /* our subject 'subject_allow' has access to security-server::api-password-check */
581 ret = smack_accesses_add(handle, subject_allow, API_PASSWD_CHECK, API_RULE_REQUIRED);
582 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
584 ret = smack_accesses_apply(handle);
585 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
587 /* our subject 'subject_allow' has access to security-server::api-passwd-set */
588 ret = smack_accesses_add(handle, subject_allow, API_PASSWD_SET, API_RULE_REQUIRED);
589 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
591 ret = smack_accesses_apply(handle);
592 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
594 smack_accesses_free(handle);
596 ret = smack_set_label_for_self(subject_allow);
597 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
599 // drop root privileges
600 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
602 ret = security_server_set_pwd_validity(10);
603 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
605 ret = security_server_set_pwd_max_challenge(5);
606 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
608 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
609 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
612 ret = security_server_set_pwd(NULL, "12345", 0, 0);
613 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
616 ret = security_server_reset_pwd("12345",0, 0);
617 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
620 ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
621 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
624 ret = security_server_set_pwd_history(10);
625 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
628 RUNNER_CHILD_TEST(tc04_check_API_passwd_denied)
630 RUNNER_IGNORED_MSG("SS API label checking not enabled yet.");
633 unsigned int attempt, max_attempt, expire_sec;
634 const char *subject_denied = TEST04_SUBJECT;
635 char *str = (char*) malloc(256);
637 attempt = max_attempt = expire_sec = 0;
639 ret = smack_set_label_for_self(subject_denied);
640 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
642 // drop root privileges
643 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
646 * now SS should return error
647 * at the moment SS doesn't check return code from
648 * authorize_SS_API_caller_socket() so it should give access
649 * you can check in logs if it's working properly
650 * has access result = 1
651 * no access result = 0
652 * D/SECURITY_SERVER( 2510): security-server-main.c: authorize_SS_API_caller_socket(205) >
653 * [SECURE_LOG] SS_SMACK: caller_pid=5278, subject=subject_allow,
654 * object=security-server::api-password-check, access=w, result=1,
655 * caller_path=/usr/bin/security-server-tests-server
656 * E/SECURITY_SERVER( 2510): security-server-main.c: authorize_SS_API_caller_socket(207) >
657 * [SECURE_LOG] SS_SMACK: caller_pid=5278, subject=subject_allow,
658 * object=security-server::api-password-check, access=w, result=0,
659 * caller_path=/usr/bin/security-server-tests-server
662 ret = security_server_set_pwd_validity(10);
663 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
665 ret = security_server_set_pwd_max_challenge(5);
666 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
668 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
669 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
672 ret = security_server_set_pwd("12345", "12346", 0, 0);
673 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
676 ret = security_server_reset_pwd("12346",0, 0);
677 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
680 ret = security_server_chk_pwd("12346", &attempt, &max_attempt, &expire_sec);
681 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
684 ret = security_server_set_pwd_history(10);
685 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
687 ret = clear_password(&str);
688 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
692 RUNNER_CHILD_TEST_SMACK(tc05_check_API_middleware_allow)
695 const char *subject_allow = TEST05_SUBJECT;
696 size_t cookie_size = security_server_get_cookie_size();
698 char *ss_label = NULL;
699 char object[SECURITY_SERVER_MAX_OBJ_NAME];
700 struct smack_accesses *handle = NULL;
702 /* allow subject 'subjet_allow' to security-server::api-middleware */
703 ret = smack_accesses_new(&handle);
704 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
706 ret = smack_accesses_add(handle, subject_allow, API_MIDDLEWARE, API_RULE_REQUIRED);
707 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
709 ret = smack_accesses_apply(handle);
710 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
711 smack_accesses_free(handle);
713 ret = smack_set_label_for_self(subject_allow);
714 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
716 // drop root privileges
717 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
719 ret = security_server_request_cookie(cookie, cookie_size);
720 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
722 ret = security_server_get_gid("audio");
723 ret = security_server_check_privilege(cookie, ret);
724 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
726 ret = security_server_get_object_name(APP_GID, object, sizeof(object));
727 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
729 ret = security_server_get_gid("root");
730 RUNNER_ASSERT_MSG(ret > -1, "ret: " << ret);
732 ret = security_server_get_cookie_pid(cookie);
733 RUNNER_ASSERT_MSG(ret == getpid(), "ret: " << ret);
735 ss_label = security_server_get_smacklabel_cookie(cookie);
736 RUNNER_ASSERT_MSG(ss_label != NULL, "ret: " << ss_label);
738 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
739 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
742 RUNNER_CHILD_TEST(tc06_check_API_middleware_denied)
744 RUNNER_IGNORED_MSG("SS API label checking not enabled yet.");
747 const char *subject_denied = TEST06_SUBJECT;
748 size_t cookie_size = security_server_get_cookie_size();
750 char *ss_label = NULL;
751 char object[SECURITY_SERVER_MAX_OBJ_NAME];
753 ret = smack_set_label_for_self(subject_denied);
754 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
756 // drop root privileges
757 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
759 ret = security_server_request_cookie(cookie, cookie_size);
760 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
762 ret = security_server_check_privilege(cookie, DB_ALARM_GID);
763 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
765 ret = security_server_get_object_name(DB_ALARM_GID, object, sizeof(object));
766 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
768 ret = security_server_get_gid("root");
769 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
771 ret = security_server_get_cookie_pid(cookie);
772 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
774 ss_label = security_server_get_smacklabel_cookie(cookie);
775 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
777 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
778 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
781 RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow)
784 const char *subject_allow = TEST07_SUBJECT;
785 struct smack_accesses *handle = NULL;
787 /* allow subject 'subjet_allow' to security-server::api-data-share */
788 ret = smack_accesses_new(&handle);
789 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
791 ret = smack_accesses_add(handle, subject_allow, API_DATA_SHARE, API_RULE_REQUIRED);
792 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
794 ret = smack_accesses_apply(handle);
795 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
796 smack_accesses_free(handle);
798 ret = smack_set_label_for_self(subject_allow);
799 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
801 // drop root privileges
802 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
804 ret = security_server_app_give_access(subject_allow, getpid());
805 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
808 RUNNER_CHILD_TEST_SMACK(tc08_check_API_data_share_denied)
811 const char *subject_denied = TEST08_SUBJECT;
813 ret = smack_set_label_for_self(subject_denied);
814 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
816 // drop root privileges
817 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
819 ret = security_server_app_give_access(subject_denied, getpid());
820 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
823 RUNNER_CHILD_TEST(tc09_check_API_app_enable_permissions)
826 const char *perm_list[] = {"org.tizen.privilege.contact.read",
827 "org.tizen.privilege.contact.write",
831 // need to install WGT once again, in case it was removed before
833 ret = perm_app_uninstall(WGT_APP_ID);
834 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall WGT_APP_ID, ret: " << ret);
835 ret = perm_app_install(WGT_APP_ID);
836 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install WGT_APP_ID, ret: " << ret);
840 ret = security_server_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, perm_list, persistent);
841 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
843 /* allow subject TEST09_SUBJECT to socket label security-server::api-privilege-by-name */
844 struct smack_accesses *handle = NULL;
845 ret = smack_accesses_new(&handle);
846 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
848 SmackUniquePtr smackAccPtr(handle, smack_accesses_free);
849 handle = NULL; // it is better to reset standard pointer after that
851 ret = smack_accesses_add(smackAccPtr.get(), TEST09_SUBJECT, API_PRIVILEGE_BY_NAME, API_RULE_REQUIRED);
852 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
854 ret = smack_accesses_apply(smackAccPtr.get());
855 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
857 ret = smack_set_label_for_self(TEST09_SUBJECT);
858 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
860 // drop root privileges
861 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
863 // Check if permissions are given
864 check_app_has_privilege(WGT_APP_ID, APP_TYPE_WGT, perm_list, true);
867 RUNNER_CHILD_TEST(tc10_check_API_app_disable_permissions)
870 const char *perm_list[] = {"org.tizen.privilege.contact.read",
871 "org.tizen.privilege.contact.write",
874 // need to install WGT once again, in case it was removed before
876 ret = perm_app_uninstall(WGT_APP_ID);
877 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall WGT_APP_ID, ret: " << ret);
878 ret = perm_app_install(WGT_APP_ID);
879 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install WGT_APP_ID, ret: " << ret);
882 // disable permission
883 ret = security_server_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, perm_list);
884 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
886 /* allow subject TEST10_SUBJECT to socket label security-server::api-privilege-by-name */
887 struct smack_accesses *handle = NULL;
888 ret = smack_accesses_new(&handle);
889 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
891 SmackUniquePtr smackAccPtr(handle, smack_accesses_free);
892 handle = NULL; // it is better to reset standard pointer after that
894 ret = smack_accesses_add(smackAccPtr.get(), TEST10_SUBJECT, API_PRIVILEGE_BY_NAME, API_RULE_REQUIRED);
895 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
897 ret = smack_accesses_apply(smackAccPtr.get());
898 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
900 ret = smack_set_label_for_self(TEST10_SUBJECT);
901 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
903 // drop root privileges
904 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
906 // Check if permissions are disabled
907 check_app_has_privilege(WGT_APP_ID, APP_TYPE_WGT, perm_list, false);
910 RUNNER_CHILD_TEST(tc11_check_API_app_has_privilege_allow)
913 const char *perm_list_pers[] = {"org.tizen.privilege.contact.read",
914 "org.tizen.privilege.contact.write",
916 const char *perm_list_temp[] = {"org.tizen.privilege.calendar.read",
917 "org.tizen.privilege.calendar.write",
919 const char *perm_list_disabled[] = {"org.tizen.privilege.alarm",
922 // simulate app installation - add TEST11_SUBJECT to databse
923 ret = perm_app_uninstall(TEST11_SUBJECT);
924 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall TEST11_SUBJECT, ret: " << ret);
927 ret = perm_app_uninstall(TEST11_SUBJECT);
928 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall TEST11_SUBJECT, ret: " << ret);
929 ret = perm_app_install(TEST11_SUBJECT);
930 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install TEST11_SUBJECT, ret: " << ret);
934 ret = security_server_app_enable_permissions(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_pers, 1);
935 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
936 ret = security_server_app_enable_permissions(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_temp, 0);
937 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
939 // allow subject TEST11_SUBJECT to sockets (label privilege-by-name)
940 struct smack_accesses *handle = NULL;
941 ret = smack_accesses_new(&handle);
942 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
944 SmackUniquePtr smackAccPtr(handle, smack_accesses_free);
945 handle = NULL; // it is better to reset standard pointer after that
947 ret = smack_accesses_add(smackAccPtr.get(), TEST11_SUBJECT, API_PRIVILEGE_BY_NAME, API_RULE_REQUIRED);
948 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
950 ret = smack_accesses_apply(smackAccPtr.get());
951 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
953 ret = smack_set_label_for_self(TEST11_SUBJECT);
954 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
956 // drop root privileges
957 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
959 // Check if permissions are given using "caller" API
960 check_app_caller_has_privilege(APP_TYPE_WGT, perm_list_pers, true);
961 check_app_caller_has_privilege(APP_TYPE_WGT, perm_list_temp, true);
962 check_app_caller_has_privilege(APP_TYPE_WGT, perm_list_disabled, false);
964 // Check if permissions are given using API with app_label parameter
965 check_app_has_privilege(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_pers, true);
966 check_app_has_privilege(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_temp, true);
967 check_app_has_privilege(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_disabled, false);
970 RUNNER_CHILD_TEST(tc12_check_API_app_has_privilege_denied)
973 const char *perm_list[] = {"org.tizen.privilege.contact.read",
974 "org.tizen.privilege.contact.write",
977 // set smack label without previously assigned permissions to api socket
978 ret = smack_set_label_for_self(TEST12_SUBJECT);
979 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
981 // drop root privileges
982 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
984 // call common function to perform the check
985 check_app_caller_has_privilege_denied(APP_TYPE_WGT, perm_list);
987 // call also second common function
988 check_app_has_privilege_denied(TEST12_SUBJECT, APP_TYPE_WGT, perm_list);
991 //////////////////////////////////////////
992 /////////NOSMACK ENV TESTS////////////////
993 //////////////////////////////////////////
996 * NOSMACK version of tc01a and tc01c tests.
998 * SMACK is turned off - that means for us, that we don't need any accesses added to our process
999 * in SMACK before dropping root privileges. This test drops root privileges, calls
1000 * security_server_app_give_access and then checks if smack_have_access returns error (because
1003 * security_server_app_give_access shouldn't return anything else than success when SMACK is off,
1004 * hence there is only one test that replaces tests tc01a and tc01c.
1006 RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_app_give_access_nosmack)
1008 const char* subject = "abc345v34sfa";
1009 const char* object = "efg678x2lkjz";
1012 result = drop_root_privileges();
1013 RUNNER_ASSERT_MSG(result == 0,
1014 "Failed to drop root privileges. Result: " << result << "uid = " << getuid());
1016 result = security_server_app_give_access(subject, getpid());
1017 RUNNER_ASSERT_MSG(result == SECURITY_SERVER_API_SUCCESS,
1018 "Error in security_server_app_give_access. Result: " << result);
1020 result = smack_have_access(subject, object, "rwxat");
1021 RUNNER_ASSERT_MSG(result == -1,
1022 "smack_have_access should return error when SMACK is off. Result: " << result);
1026 * NOSMACK version of tc02 test.
1028 * check_privilege_by_pid should always return success when SMACK is off, no matter if label is
1031 RUNNER_TEST_NOSMACK(tc02_check_privilege_by_pid_nosmack)
1038 //we checking existing rule, it should return positive
1039 ret = security_server_check_privilege_by_pid(pid, "_", "rx");
1040 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1041 "check_privilege_by_pid for existing label failed. Result: " << ret);
1043 //we checking rule with label that not exist
1044 ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
1045 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1046 "check_privilege_by_pid for nonexisting label failed. Result: " << ret);
1050 * NOSMACK version of clear_password function.
1052 * Compared to SMACK version of this function, this one skips adding rules and setting label.
1054 int clear_password_nosmack()
1057 unsigned int attempt, max_attempt, expire_sec;
1058 const char* path = "/opt/data/security-server/";
1060 attempt = max_attempt = expire_sec = 0;
1062 if (getuid() == 0) {
1063 if (access(path, F_OK) == 0) {
1064 if (nftw(path, &nftw_rmdir_contents, 20, FTW_DEPTH) == -1) {
1070 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1072 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec << ", should be 0.");
1073 RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt << ", should be 0.");
1074 RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt << ", should be 0.");
1075 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1076 "is_pwd_faild should return no password error. Result: " << ret);
1086 * NOSMACK version of tc03 test.
1088 * Just as tc01a/tc01c NOSMACK replacement, we don't need to do anything with SMACK because most
1089 * important functions will return errors (that is smack_accesses_apply/smack_have_access etc.).
1090 * First clear password, then drop privileges and proceed to regular testing.
1093 RUNNER_CHILD_TEST_NOSMACK(tc03_check_API_passwd_allow_nosmack)
1096 unsigned int attempt, max_attempt, expire_sec;
1098 attempt = max_attempt = expire_sec = 0;
1100 clear_password_nosmack();
1102 // drop root privileges
1103 ret = drop_root_privileges();
1104 RUNNER_ASSERT_MSG(ret == 0,
1105 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
1107 ret = security_server_set_pwd_validity(10);
1108 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1109 "set_pwd_validity should return no password error. Result: " << ret);
1111 ret = security_server_set_pwd_max_challenge(5);
1112 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1113 "set_pwd_max_challenge should return no password error. Result: " << ret);
1115 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1116 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1117 "is_pwd_valid should return no password error. Result: " << ret);
1120 ret = security_server_set_pwd(NULL, "12345", 0, 0);
1121 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1122 "set_pwd failed. Result: " << ret);
1125 ret = security_server_reset_pwd("12345",0, 0);
1126 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1127 "reset_pwd failed. Result: " << ret);
1130 ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
1131 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1132 "chk_pwd failed. Result: " << ret);
1135 ret = security_server_set_pwd_history(10);
1136 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1137 "set_pwd_history failed. Result: " << ret);
1141 * NOSMACK version of tc05 test.
1143 * This test assumes similar information as previous NOSMACK tests. SMACK off = no need to
1144 * set accesses and apply them in SMACK before dropping privileges.
1147 RUNNER_CHILD_TEST_NOSMACK(tc05_check_API_middleware_allow_nosmack)
1150 size_t cookie_size = security_server_get_cookie_size();
1152 char* ss_label = NULL;
1153 char object[SECURITY_SERVER_MAX_OBJ_NAME];
1155 // drop root privileges
1156 ret = drop_root_privileges();
1157 RUNNER_ASSERT_MSG(ret == 0,
1158 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
1160 ret = security_server_request_cookie(cookie, cookie_size);
1161 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1162 "request_cookie failed. Result: " << ret);
1164 ret = security_server_get_gid("audio");
1165 RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"audio\" gid. Result: " << ret);
1167 ret = security_server_check_privilege(cookie, ret);
1168 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1169 "check_privilege failed. Result: " << ret);
1171 ret = security_server_get_object_name(APP_GID, object, sizeof(object));
1172 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1173 "get_object_name failed. Result: " << ret);
1175 ret = security_server_get_gid("root");
1176 RUNNER_ASSERT_MSG(ret > -1,
1177 "Failed to get \"root\" gid. Result: " << ret);
1179 ret = security_server_get_cookie_pid(cookie);
1180 RUNNER_ASSERT_MSG(ret == getpid(),
1181 "get_cookie_pid returned different pid than it should. Result: " << ret);
1183 ss_label = security_server_get_smacklabel_cookie(cookie);
1184 RUNNER_ASSERT_MSG(ss_label != NULL, "get_smacklabel_cookie failed.");
1186 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
1187 if(ret != SECURITY_SERVER_API_SUCCESS) {
1189 RUNNER_ASSERT_MSG(false, "check_privilege_by_pid failed. Result: " << ret);
1194 * NOSMACK version of tc07 test.
1196 * Similarily to previous tests - no need to set self label because SMACK is off. Just as
1197 * tc01a/tc01c replacement, security_server_app_give_access should return only success. Hence the
1198 * NOSMACK version of tc08 test is skipped.
1200 RUNNER_CHILD_TEST_NOSMACK(tc07_check_API_data_share_allow_nosmack)
1203 const char* subject_allow = TEST07_SUBJECT;
1205 // drop root privileges
1206 ret = drop_root_privileges();
1207 RUNNER_ASSERT_MSG(ret == 0,
1208 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
1210 ret = security_server_app_give_access(subject_allow, getpid());
1211 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1212 "app_give_access failed. Result: " << ret);
1215 int main(int argc, char *argv[])
1222 printf("Error: %s must be executed by root\n", argv[0]);
1227 DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
1229 if (server_sockfd > 0)
1230 close(server_sockfd);
1231 if (client_sockfd > 0)
1232 close(client_sockfd);