2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_server.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Mariusz Domanski (m.domanski@samsung.com)
9 * @brief Test cases for security server
15 #include <sys/types.h>
16 #include <sys/param.h>
21 #include <sys/socket.h>
23 #include <sys/smack.h>
25 #include "security-server.h"
26 #include <dpl/test/test_runner.h>
27 #include <dpl/test/test_runner_child.h>
29 #include <privilege-control.h>
31 #include "security_server_tests_common.h"
32 #include "tests_common.h"
35 #define TEST03_SUBJECT "subject_0f09f7cc"
36 #define TEST04_SUBJECT "subject_57dfbfc5"
37 #define TEST05_SUBJECT "subject_1d6eda7d"
38 #define TEST06_SUBJECT "subject_1d414140"
39 #define TEST07_SUBJECT "subject_cd738844"
40 #define TEST08_SUBJECT "subject_fd84ba7f"
41 const char *TEST09_SUBJECT = "subject_sstest09";
42 const char *TEST10_SUBJECT = "subject_sstest10";
43 const char *TEST11_SUBJECT = "subject_sstest11";
44 const char *TEST12_SUBJECT = "subject_sstest12";
46 #define SECURITY_SERVER_SOCK_PATH "/tmp/.security_server.sock"
47 #define COOKIE_SIZE 20
48 #define OBJ_NAME_SIZE 30
49 #define OLABEL_SIZE 1024
50 #define ARIGHTS_SIZE 32
52 /* from security-server-common.h */
53 #define SECURITY_SERVER_MAX_OBJ_NAME 30
55 #define API_PASSWD_SET "security-server::api-password-set"
56 #define API_PASSWD_CHECK "security-server::api-password-check"
57 #define API_DATA_SHARE "security-server::api-data-share"
58 #define API_MIDDLEWARE "security-server::api-middleware"
59 #define API_PRIVILEGE_BY_NAME "security-server::api-app-privilege-by-name"
61 #define API_FREE_ACCESS "*"
62 #define API_RULE_REQUIRED "w"
68 unsigned char version;
70 unsigned short msg_len;
75 basic_header basic_hdr;
76 unsigned char return_code;
79 int server_sockfd, client_sockfd, ret, recved_gid, client_len, i;
80 unsigned char cookie[COOKIE_SIZE], wrong_cookie[COOKIE_SIZE];
81 char obj_name[OBJ_NAME_SIZE];
82 struct sockaddr_un clientaddr;
84 /* Create a Unix domain socket and bind */
85 int create_new_socket()
87 int localsockfd = 0, flags;
88 struct sockaddr_un serveraddr;
91 if (unlink(SECURITY_SERVER_TEST_SOCK_PATH) == -1 && errno != ENOENT) {
92 SLOGE("%s : %s\n", "unlink()", strerror(errno));
96 /* Create Unix domain socket */
97 if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
99 SLOGE("%s : %s\n", "socket()", strerror(errno));
103 /* Make socket as non blocking */
104 if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
105 fcntl(localsockfd, F_SETFL, flags | O_NONBLOCK) < 0)
107 SLOGE("%s : %s\n", "fcntl()", strerror(errno));
111 bzero (&serveraddr, sizeof(serveraddr));
112 serveraddr.sun_family = AF_UNIX;
113 strncpy(serveraddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH,
114 strlen(SECURITY_SERVER_TEST_SOCK_PATH) + 1);
116 /* Bind the socket */
117 if ((bind(localsockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0)
119 SLOGE("%s : %s\n", "bind()", strerror(errno));
123 /* Change permission to accept all processes that has different uID/gID */
124 sock_mode = (S_IRWXU | S_IRWXG | S_IRWXO);
125 /* Flawfinder hits this chmod function as level 5 CRITICAL as race condition flaw *
126 * Flawfinder recommends to user fchmod insted of chmod
127 * But, fchmod doesn't work on socket file so there is no other choice at this point */
128 if (chmod(SECURITY_SERVER_TEST_SOCK_PATH, sock_mode) < 0) /* Flawfinder: ignore */
130 SLOGE("%s : %s\n", "chmod()", strerror(errno));
142 int check_socket_poll(int sockfd, int event, int timeout)
144 struct pollfd poll_fd[1];
147 poll_fd[0].fd = sockfd;
148 poll_fd[0].events = event;
149 retval = poll(poll_fd, 1, timeout);
152 SLOGE("%s : %s\n", "poll()", strerror(errno));
159 SLOGE("%s", "poll() timeout");
165 int send_gid_request(int sock_fd, const char *object)
168 int retval, send_len = 0;
169 unsigned char *buf = NULL;
171 hdr.version = 0x01; /* SECURITY_SERVER_MSG_VERSION; */
172 hdr.msg_id = 0x07; /* SECURITY_SERVER_MSG_TYPE_GID_REQUEST; */
173 hdr.msg_len = strlen(object);
175 send_len = sizeof(hdr) + strlen(object);
177 buf = (unsigned char*) malloc(send_len);
180 SLOGE("%s\n", "out of memory");
184 memcpy(buf, &hdr, sizeof(hdr));
185 memcpy(buf + sizeof(hdr), object, strlen(object));
188 retval = check_socket_poll(sock_fd, POLLOUT, 1000);
191 SLOGE("%s\n", "poll() error");
198 SLOGE("%s\n", "poll() timeout");
204 retval = write(sock_fd, buf, send_len);
205 if (retval < send_len)
208 SLOGE("Error on write(): %d. errno=%d, sockfd=%d\n", retval, errno, sock_fd);
219 int connect_to_server(int *fd)
221 struct sockaddr_un clientaddr;
222 int client_len = 0, localsockfd, ret, flags;
225 /* Create a socket */
226 localsockfd = socket(AF_UNIX, SOCK_STREAM, 0);
229 SLOGE("%s : %s\n", "socket()", strerror(errno));
233 /* Make socket as non blocking */
234 if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
235 fcntl(localsockfd, F_SETFL, flags | O_NONBLOCK) < 0)
238 SLOGE("%s : %s\n", "fcntl()", strerror(errno));
242 bzero(&clientaddr, sizeof(clientaddr));
243 clientaddr.sun_family = AF_UNIX;
244 strncpy(clientaddr.sun_path, SECURITY_SERVER_SOCK_PATH, strlen(SECURITY_SERVER_SOCK_PATH));
245 clientaddr.sun_path[strlen(SECURITY_SERVER_SOCK_PATH)] = 0;
246 client_len = sizeof(clientaddr);
248 ret = connect(localsockfd, (struct sockaddr*)&clientaddr, client_len);
251 if (errno == EINPROGRESS)
253 SLOGD("%s\n", "Connection is in progress");
254 check_socket_poll(localsockfd, POLLOUT, 1000);
257 SLOGE("%s\n", "poll() error");
261 ret = connect(localsockfd, (struct sockaddr*)&clientaddr, client_len);
264 SLOGE("%s\n", "connection failed");
271 SLOGE("%s\n", "Connection failed");
282 int fake_get_gid(const char *object)
284 int sockfd = -1, retval;
286 retval = connect_to_server(&sockfd);
289 /* Error on socket */
290 SLOGE("Connection failed: %d\n", retval);
294 /* make request packet and send to server*/
295 retval = send_gid_request(sockfd, object);
298 /* Error on socket */
299 SLOGE("Send request failed: %d\n", retval);
302 SLOGD("%s", "Just closing the socket and exit\n");
311 static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
312 int tflag, struct FTW *ftwbuf)
314 if (tflag == FTW_F) {
317 if (tflag == FTW_DP && ftwbuf->level != 0) {
324 int clear_password(char ** /*error*/)
327 unsigned int attempt, max_attempt, expire_sec;
328 const char *path = "/opt/data/security-server/";
329 const char *subject_allow = "subject_allow";
330 struct smack_accesses *handle = NULL;
332 attempt = max_attempt = expire_sec = 0;
335 if (access(path, F_OK) == 0) {
336 if (nftw(path, &nftw_rmdir_contents, 20, FTW_DEPTH) == -1) {
342 ret = smack_accesses_new(&handle);
343 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
345 /* our subject 'subject_allow' has access to security-server::api-password-check */
346 ret = smack_accesses_add(handle, subject_allow, API_PASSWD_CHECK, API_RULE_REQUIRED);
347 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
349 ret = smack_accesses_apply(handle);
350 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
352 ret = smack_set_label_for_self(subject_allow);
353 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
355 smack_accesses_free(handle);
357 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
359 RUNNER_ASSERT(expire_sec == 0);
360 RUNNER_ASSERT(max_attempt == 0);
361 RUNNER_ASSERT(attempt == 0);
362 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
364 /* we revoke all rules for subject 'subject_allow' */
365 ret = smack_revoke_subject(subject_allow);
366 RUNNER_ASSERT_MSG(ret == 0, "Revoking subject didn't work.");
375 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_SERVER);
377 RUNNER_TEST(tc_getting_default_cookie)
379 printhex(cookie, COOKIE_SIZE);
380 RUNNER_ASSERT(security_server_request_cookie((char*)cookie, 20) == SECURITY_SERVER_API_SUCCESS);
383 RUNNER_TEST(tc_security_server_get_gid_normal_case_trying_to_get_gid_of_tel_gprs)
385 RUNNER_ASSERT(security_server_get_gid("tel_gprs") >= 0);
388 RUNNER_TEST(tc_security_server_get_gid_empty_object_name)
390 RUNNER_ASSERT(security_server_get_gid("") == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
393 RUNNER_TEST(tc_security_server_get_gid_wrong_object_name_teltel)
395 RUNNER_ASSERT(security_server_get_gid("teltel") == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT);
398 RUNNER_TEST(tc_ask_for_privilege_with_default_cookie_normal_case_to_check_audio_privilege)
400 printhex(cookie, COOKIE_SIZE);
401 RUNNER_ASSERT(security_server_request_cookie((char*)cookie, COOKIE_SIZE) == SECURITY_SERVER_API_SUCCESS);
402 ret = security_server_get_gid("audio");
403 ret = security_server_check_privilege((char*) cookie, ret);
404 RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
407 RUNNER_TEST(tc_ask_for_privilege_with_default_cookie_case_with_wrong_cookie)
409 ret = security_server_get_gid("audio");
411 for (i = 0; i < COOKIE_SIZE; i++)
412 wrong_cookie[i] = rand() % 255;
413 ret = security_server_check_privilege((const char*) wrong_cookie, ret);
414 RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED);
418 RUNNER_TEST(tc_fake_security_server_get_gid)
420 /* Close socket just after sending request msg.
421 * This is done with fake security_server_get_gid()*/
423 ret = fake_get_gid("audio");
424 RUNNER_IGNORED_MSG("Watch whether security server has crashed or not.");
427 RUNNER_TEST(tc_get_pid_of_a_given_cookie_default_cookie_case)
429 RUNNER_ASSERT(security_server_get_cookie_pid((const char*) cookie) == getpid());
432 RUNNER_TEST(tc_get_pid_of_non_existing_cookie)
434 RUNNER_ASSERT(security_server_get_cookie_pid((const char*) wrong_cookie) == SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
437 RUNNER_TEST(tc_get_pid_of_null_cookie)
439 RUNNER_ASSERT(security_server_get_cookie_pid(NULL) == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
442 RUNNER_CHILD_TEST_SMACK(tc01a_security_server_app_give_access)
444 const char *subject = "abc345v34sfa";
445 const char *object = "efg678x2lkjz";
446 const char *server_api = "security-server::api-data-share";
447 smack_accesses *tmp = NULL;
449 RUNNER_ASSERT(0 == smack_accesses_new(&tmp));
451 AccessesUniquePtr smack(tmp, smack_accesses_free);
453 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), subject, object, "-----"));
454 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), object, server_api, "rw"));
455 RUNNER_ASSERT(0 == smack_accesses_apply(smack.get()));
457 smack_set_label_for_self(object);
459 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
461 security_server_app_give_access(subject, getpid());
463 RUNNER_ASSERT(1 == smack_have_access(subject, object, "rwxat"));
467 * Currently we are NOT revoking any permissions given by
468 * security_server_app_give_access function
470 /*RUNNER_TEST(tc01b_security_server_app_give_access)
472 const char *subject = "abc345v34sfa";
473 const char *object = "efg678x2lkjz";
475 // After part A thread from security-server will be notified about
476 // process end and revoke permissions. We need to give him some
480 RUNNER_ASSERT(0 == smack_have_access(subject, object, "r----"));
481 RUNNER_ASSERT(0 == smack_have_access(subject, object, "-w---"));
482 RUNNER_ASSERT(0 == smack_have_access(subject, object, "--x--"));
483 RUNNER_ASSERT(0 == smack_have_access(subject, object, "---a-"));
484 RUNNER_ASSERT(0 == smack_have_access(subject, object, "----t"));
487 RUNNER_CHILD_TEST_SMACK(tc01c_security_server_app_give_access_no_access)
489 const char *subject = "xxx45v34sfa";
490 const char *object = "yyy78x2lkjz";
491 smack_accesses *tmp = NULL;
493 RUNNER_ASSERT(0 == smack_accesses_new(&tmp));
495 AccessesUniquePtr smack(tmp, smack_accesses_free);
497 RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), subject, object, "-----"));
498 RUNNER_ASSERT(0 == smack_accesses_apply(smack.get()));
500 smack_set_label_for_self(object);
502 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
504 RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == security_server_app_give_access(subject, getpid()));
506 RUNNER_ASSERT(0 == smack_have_access(subject, object, "r"));
509 RUNNER_TEST_SMACK(tc02_check_privilege_by_pid)
516 //we checking existing rule, it should return positive
517 ret = security_server_check_privilege_by_pid(pid, "_", "rx");
518 RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
520 //we checking rule with label that not exist
521 ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
522 RUNNER_ASSERT(ret != SECURITY_SERVER_API_SUCCESS);
525 RUNNER_CHILD_TEST_SMACK(tc03_check_API_passwd_allow)
528 unsigned int attempt, max_attempt, expire_sec;
529 const char *subject_allow = TEST03_SUBJECT;
530 struct smack_accesses *handle = NULL;
531 char *str = (char*) malloc(256);
533 attempt = max_attempt = expire_sec = 0;
535 ret = clear_password(&str);
536 RUNNER_ASSERT_MSG(ret == 0, "ret: " << str);
538 ret = smack_accesses_new(&handle);
539 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
541 /* our subject 'subject_allow' has access to security-server::api-password-check */
542 ret = smack_accesses_add(handle, subject_allow, API_PASSWD_CHECK, API_RULE_REQUIRED);
543 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
545 ret = smack_accesses_apply(handle);
546 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
548 /* our subject 'subject_allow' has access to security-server::api-passwd-set */
549 ret = smack_accesses_add(handle, subject_allow, API_PASSWD_SET, API_RULE_REQUIRED);
550 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
552 ret = smack_accesses_apply(handle);
553 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
555 smack_accesses_free(handle);
557 ret = smack_set_label_for_self(subject_allow);
558 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
560 // drop root privileges
561 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
563 ret = security_server_set_pwd_validity(10);
564 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
566 ret = security_server_set_pwd_max_challenge(5);
567 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
569 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
570 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
573 ret = security_server_set_pwd(NULL, "12345", 0, 0);
574 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
577 ret = security_server_reset_pwd("12345",0, 0);
578 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
581 ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
582 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
585 ret = security_server_set_pwd_history(10);
586 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
589 RUNNER_CHILD_TEST(tc04_check_API_passwd_denied)
591 RUNNER_IGNORED_MSG("SS API label checking not enabled yet.");
594 unsigned int attempt, max_attempt, expire_sec;
595 const char *subject_denied = TEST04_SUBJECT;
596 char *str = (char*) malloc(256);
598 attempt = max_attempt = expire_sec = 0;
600 ret = smack_set_label_for_self(subject_denied);
601 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
603 // drop root privileges
604 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
607 * now SS should return error
608 * at the moment SS doesn't check return code from
609 * authorize_SS_API_caller_socket() so it should give access
610 * you can check in logs if it's working properly
611 * has access result = 1
612 * no access result = 0
613 * D/SECURITY_SERVER( 2510): security-server-main.c: authorize_SS_API_caller_socket(205) >
614 * [SECURE_LOG] SS_SMACK: caller_pid=5278, subject=subject_allow,
615 * object=security-server::api-password-check, access=w, result=1,
616 * caller_path=/usr/bin/security-server-tests-server
617 * E/SECURITY_SERVER( 2510): security-server-main.c: authorize_SS_API_caller_socket(207) >
618 * [SECURE_LOG] SS_SMACK: caller_pid=5278, subject=subject_allow,
619 * object=security-server::api-password-check, access=w, result=0,
620 * caller_path=/usr/bin/security-server-tests-server
623 ret = security_server_set_pwd_validity(10);
624 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
626 ret = security_server_set_pwd_max_challenge(5);
627 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
629 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
630 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
633 ret = security_server_set_pwd("12345", "12346", 0, 0);
634 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
637 ret = security_server_reset_pwd("12346",0, 0);
638 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
641 ret = security_server_chk_pwd("12346", &attempt, &max_attempt, &expire_sec);
642 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
645 ret = security_server_set_pwd_history(10);
646 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
648 ret = clear_password(&str);
649 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
653 RUNNER_CHILD_TEST_SMACK(tc05_check_API_middleware_allow)
656 const char *subject_allow = TEST05_SUBJECT;
657 size_t cookie_size = security_server_get_cookie_size();
659 char *ss_label = NULL;
660 struct smack_accesses *handle = NULL;
662 /* allow subject 'subjet_allow' to security-server::api-middleware */
663 ret = smack_accesses_new(&handle);
664 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
666 ret = smack_accesses_add(handle, subject_allow, API_MIDDLEWARE, API_RULE_REQUIRED);
667 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
669 ret = smack_accesses_apply(handle);
670 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
671 smack_accesses_free(handle);
673 ret = smack_set_label_for_self(subject_allow);
674 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
676 // drop root privileges
677 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
679 ret = security_server_request_cookie(cookie, cookie_size);
680 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
682 ret = security_server_get_gid("audio");
683 ret = security_server_check_privilege(cookie, ret);
684 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
686 ret = security_server_get_gid("root");
687 RUNNER_ASSERT_MSG(ret > -1, "ret: " << ret);
689 ret = security_server_get_cookie_pid(cookie);
690 RUNNER_ASSERT_MSG(ret == getpid(), "ret: " << ret);
692 ss_label = security_server_get_smacklabel_cookie(cookie);
693 RUNNER_ASSERT_MSG(ss_label != NULL, "ret: " << ss_label);
695 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
696 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
699 RUNNER_CHILD_TEST(tc06_check_API_middleware_denied)
701 RUNNER_IGNORED_MSG("SS API label checking not enabled yet.");
704 const char *subject_denied = TEST06_SUBJECT;
705 size_t cookie_size = security_server_get_cookie_size();
707 char *ss_label = NULL;
709 ret = smack_set_label_for_self(subject_denied);
710 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
712 // drop root privileges
713 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
715 ret = security_server_request_cookie(cookie, cookie_size);
716 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
718 ret = security_server_check_privilege(cookie, DB_ALARM_GID);
719 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
721 ret = security_server_get_gid("root");
722 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
724 ret = security_server_get_cookie_pid(cookie);
725 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
727 ss_label = security_server_get_smacklabel_cookie(cookie);
728 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
730 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
731 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
734 RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow)
737 const char *subject_allow = TEST07_SUBJECT;
738 struct smack_accesses *handle = NULL;
740 /* allow subject 'subjet_allow' to security-server::api-data-share */
741 ret = smack_accesses_new(&handle);
742 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
744 ret = smack_accesses_add(handle, subject_allow, API_DATA_SHARE, API_RULE_REQUIRED);
745 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
747 ret = smack_accesses_apply(handle);
748 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
749 smack_accesses_free(handle);
751 ret = smack_set_label_for_self(subject_allow);
752 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
754 // drop root privileges
755 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
757 ret = security_server_app_give_access(subject_allow, getpid());
758 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
761 RUNNER_CHILD_TEST_SMACK(tc08_check_API_data_share_denied)
764 const char *subject_denied = TEST08_SUBJECT;
766 ret = smack_set_label_for_self(subject_denied);
767 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
769 // drop root privileges
770 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
772 ret = security_server_app_give_access(subject_denied, getpid());
773 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
776 RUNNER_CHILD_TEST(tc09_check_API_app_enable_permissions)
779 const char *perm_list[] = {"org.tizen.privilege.contact.read",
780 "org.tizen.privilege.contact.write",
784 // need to install WGT once again, in case it was removed before
786 ret = perm_app_uninstall(WGT_APP_ID);
787 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall WGT_APP_ID, ret: " << ret);
788 ret = perm_app_install(WGT_APP_ID);
789 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install WGT_APP_ID, ret: " << ret);
793 ret = security_server_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, perm_list, persistent);
794 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
796 /* allow subject TEST09_SUBJECT to socket label security-server::api-privilege-by-name */
797 struct smack_accesses *handle = NULL;
798 ret = smack_accesses_new(&handle);
799 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
801 SmackUniquePtr smackAccPtr(handle, smack_accesses_free);
802 handle = NULL; // it is better to reset standard pointer after that
804 ret = smack_accesses_add(smackAccPtr.get(), TEST09_SUBJECT, API_PRIVILEGE_BY_NAME, API_RULE_REQUIRED);
805 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
807 ret = smack_accesses_apply(smackAccPtr.get());
808 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
810 ret = smack_set_label_for_self(TEST09_SUBJECT);
811 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
813 // drop root privileges
814 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
816 // Check if permissions are given
817 check_app_has_privilege(WGT_APP_ID, APP_TYPE_WGT, perm_list, true);
820 RUNNER_CHILD_TEST(tc10_check_API_app_disable_permissions)
823 const char *perm_list[] = {"org.tizen.privilege.contact.read",
824 "org.tizen.privilege.contact.write",
827 // need to install WGT once again, in case it was removed before
829 ret = perm_app_uninstall(WGT_APP_ID);
830 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall WGT_APP_ID, ret: " << ret);
831 ret = perm_app_install(WGT_APP_ID);
832 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install WGT_APP_ID, ret: " << ret);
835 // disable permission
836 ret = security_server_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, perm_list);
837 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
839 /* allow subject TEST10_SUBJECT to socket label security-server::api-privilege-by-name */
840 struct smack_accesses *handle = NULL;
841 ret = smack_accesses_new(&handle);
842 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
844 SmackUniquePtr smackAccPtr(handle, smack_accesses_free);
845 handle = NULL; // it is better to reset standard pointer after that
847 ret = smack_accesses_add(smackAccPtr.get(), TEST10_SUBJECT, API_PRIVILEGE_BY_NAME, API_RULE_REQUIRED);
848 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
850 ret = smack_accesses_apply(smackAccPtr.get());
851 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
853 ret = smack_set_label_for_self(TEST10_SUBJECT);
854 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
856 // drop root privileges
857 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
859 // Check if permissions are disabled
860 check_app_has_privilege(WGT_APP_ID, APP_TYPE_WGT, perm_list, false);
863 RUNNER_TEST(tc11_security_server_app_has_privilege)
866 const char *perm_list_pers[] = {"org.tizen.privilege.contact.read",
867 "org.tizen.privilege.contact.write",
869 const char *perm_list_temp[] = {"org.tizen.privilege.calendar.read",
870 "org.tizen.privilege.calendar.write",
872 const char *perm_list_disabled[] = {"org.tizen.privilege.alarm",
875 ret = perm_app_uninstall(TEST11_SUBJECT);
876 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall TEST11_SUBJECT, ret: " << ret);
877 ret = perm_app_install(TEST11_SUBJECT);
878 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install TEST11_SUBJECT, ret: " << ret);
882 ret = security_server_app_enable_permissions(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_pers, 1);
883 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
884 ret = security_server_app_enable_permissions(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_temp, 0);
885 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
887 // Check if permissions are given using API with app_label parameter
888 check_app_has_privilege(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_pers, true);
889 check_app_has_privilege(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_temp, true);
890 check_app_has_privilege(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_disabled, false);
893 RUNNER_CHILD_TEST(tc12_security_server_app_caller_has_privilege)
896 const char *perm_list_pers[] = {"org.tizen.privilege.contact.read",
897 "org.tizen.privilege.contact.write",
899 const char *perm_list_temp[] = {"org.tizen.privilege.calendar.read",
900 "org.tizen.privilege.calendar.write",
902 const char *perm_list_disabled[] = {"org.tizen.privilege.alarm",
906 ret = perm_app_uninstall(TEST11_SUBJECT);
907 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot uninstall TEST11_SUBJECT, ret: " << ret);
908 ret = perm_app_install(TEST11_SUBJECT);
909 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Cannot install TEST11_SUBJECT, ret: " << ret);
913 ret = security_server_app_enable_permissions(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_pers, 1);
914 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
915 ret = security_server_app_enable_permissions(TEST11_SUBJECT, APP_TYPE_WGT, perm_list_temp, 0);
916 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
918 // allow subject TEST11_SUBJECT to sockets (label privilege-by-name)
919 struct smack_accesses *handle = NULL;
920 ret = smack_accesses_new(&handle);
921 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
923 SmackUniquePtr smackAccPtr(handle, smack_accesses_free);
924 handle = NULL; // it is better to reset standard pointer after that
926 ret = smack_accesses_add(smackAccPtr.get(), TEST11_SUBJECT, API_PRIVILEGE_BY_NAME, API_RULE_REQUIRED);
927 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
929 ret = smack_accesses_apply(smackAccPtr.get());
930 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
932 ret = smack_set_label_for_self(TEST11_SUBJECT);
933 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
935 // drop root privileges
936 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
938 // Check if permissions are given using "caller" API
939 check_app_caller_has_privilege(APP_TYPE_WGT, perm_list_pers, true);
940 check_app_caller_has_privilege(APP_TYPE_WGT, perm_list_temp, true);
941 check_app_caller_has_privilege(APP_TYPE_WGT, perm_list_disabled, false);
944 RUNNER_CHILD_TEST(tc13_check_API_app_has_privilege_denied)
947 const char *perm_list[] = {"org.tizen.privilege.contact.read",
948 "org.tizen.privilege.contact.write",
951 // set smack label without previously assigned permissions to api socket
952 ret = smack_set_label_for_self(TEST12_SUBJECT);
953 RUNNER_ASSERT_MSG(ret == 0, "ret: " << ret);
955 // drop root privileges
956 RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
958 // call common function to perform the check
959 check_app_caller_has_privilege_denied(APP_TYPE_WGT, perm_list);
961 // call also second common function
962 check_app_has_privilege_denied(TEST12_SUBJECT, APP_TYPE_WGT, perm_list);
965 //////////////////////////////////////////
966 /////////NOSMACK ENV TESTS////////////////
967 //////////////////////////////////////////
970 * NOSMACK version of tc01a and tc01c tests.
972 * SMACK is turned off - that means for us, that we don't need any accesses added to our process
973 * in SMACK before dropping root privileges. This test drops root privileges, calls
974 * security_server_app_give_access and then checks if smack_have_access returns error (because
977 * security_server_app_give_access shouldn't return anything else than success when SMACK is off,
978 * hence there is only one test that replaces tests tc01a and tc01c.
980 RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_app_give_access_nosmack)
982 const char* subject = "abc345v34sfa";
983 const char* object = "efg678x2lkjz";
986 result = drop_root_privileges();
987 RUNNER_ASSERT_MSG(result == 0,
988 "Failed to drop root privileges. Result: " << result << "uid = " << getuid());
990 result = security_server_app_give_access(subject, getpid());
991 RUNNER_ASSERT_MSG(result == SECURITY_SERVER_API_SUCCESS,
992 "Error in security_server_app_give_access. Result: " << result);
994 result = smack_have_access(subject, object, "rwxat");
995 RUNNER_ASSERT_MSG(result == -1,
996 "smack_have_access should return error when SMACK is off. Result: " << result);
1000 * NOSMACK version of tc02 test.
1002 * check_privilege_by_pid should always return success when SMACK is off, no matter if label is
1005 RUNNER_TEST_NOSMACK(tc02_check_privilege_by_pid_nosmack)
1012 //we checking existing rule, it should return positive
1013 ret = security_server_check_privilege_by_pid(pid, "_", "rx");
1014 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1015 "check_privilege_by_pid for existing label failed. Result: " << ret);
1017 //we checking rule with label that not exist
1018 ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
1019 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1020 "check_privilege_by_pid for nonexisting label failed. Result: " << ret);
1024 * NOSMACK version of clear_password function.
1026 * Compared to SMACK version of this function, this one skips adding rules and setting label.
1028 int clear_password_nosmack()
1031 unsigned int attempt, max_attempt, expire_sec;
1032 const char* path = "/opt/data/security-server/";
1034 attempt = max_attempt = expire_sec = 0;
1036 if (getuid() == 0) {
1037 if (access(path, F_OK) == 0) {
1038 if (nftw(path, &nftw_rmdir_contents, 20, FTW_DEPTH) == -1) {
1044 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1046 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec << ", should be 0.");
1047 RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt << ", should be 0.");
1048 RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt << ", should be 0.");
1049 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1050 "is_pwd_faild should return no password error. Result: " << ret);
1060 * NOSMACK version of tc03 test.
1062 * Just as tc01a/tc01c NOSMACK replacement, we don't need to do anything with SMACK because most
1063 * important functions will return errors (that is smack_accesses_apply/smack_have_access etc.).
1064 * First clear password, then drop privileges and proceed to regular testing.
1067 RUNNER_CHILD_TEST_NOSMACK(tc03_check_API_passwd_allow_nosmack)
1070 unsigned int attempt, max_attempt, expire_sec;
1072 attempt = max_attempt = expire_sec = 0;
1074 clear_password_nosmack();
1076 // drop root privileges
1077 ret = drop_root_privileges();
1078 RUNNER_ASSERT_MSG(ret == 0,
1079 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
1081 ret = security_server_set_pwd_validity(10);
1082 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1083 "set_pwd_validity should return no password error. Result: " << ret);
1085 ret = security_server_set_pwd_max_challenge(5);
1086 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1087 "set_pwd_max_challenge should return no password error. Result: " << ret);
1089 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1090 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
1091 "is_pwd_valid should return no password error. Result: " << ret);
1094 ret = security_server_set_pwd(NULL, "12345", 0, 0);
1095 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1096 "set_pwd failed. Result: " << ret);
1099 ret = security_server_reset_pwd("12345",0, 0);
1100 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1101 "reset_pwd failed. Result: " << ret);
1104 ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
1105 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1106 "chk_pwd failed. Result: " << ret);
1109 ret = security_server_set_pwd_history(10);
1110 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1111 "set_pwd_history failed. Result: " << ret);
1115 * NOSMACK version of tc05 test.
1117 * This test assumes similar information as previous NOSMACK tests. SMACK off = no need to
1118 * set accesses and apply them in SMACK before dropping privileges.
1121 RUNNER_CHILD_TEST_NOSMACK(tc05_check_API_middleware_allow_nosmack)
1124 size_t cookie_size = security_server_get_cookie_size();
1126 char* ss_label = NULL;
1128 // drop root privileges
1129 ret = drop_root_privileges();
1130 RUNNER_ASSERT_MSG(ret == 0,
1131 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
1133 ret = security_server_request_cookie(cookie, cookie_size);
1134 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1135 "request_cookie failed. Result: " << ret);
1137 ret = security_server_get_gid("audio");
1138 RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"audio\" gid. Result: " << ret);
1140 ret = security_server_check_privilege(cookie, ret);
1141 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1142 "check_privilege failed. Result: " << ret);
1144 ret = security_server_get_gid("root");
1145 RUNNER_ASSERT_MSG(ret > -1,
1146 "Failed to get \"root\" gid. Result: " << ret);
1148 ret = security_server_get_cookie_pid(cookie);
1149 RUNNER_ASSERT_MSG(ret == getpid(),
1150 "get_cookie_pid returned different pid than it should. Result: " << ret);
1152 ss_label = security_server_get_smacklabel_cookie(cookie);
1153 RUNNER_ASSERT_MSG(ss_label != NULL, "get_smacklabel_cookie failed.");
1155 ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
1156 if(ret != SECURITY_SERVER_API_SUCCESS) {
1158 RUNNER_ASSERT_MSG(false, "check_privilege_by_pid failed. Result: " << ret);
1163 * NOSMACK version of tc07 test.
1165 * Similarily to previous tests - no need to set self label because SMACK is off. Just as
1166 * tc01a/tc01c replacement, security_server_app_give_access should return only success. Hence the
1167 * NOSMACK version of tc08 test is skipped.
1169 RUNNER_CHILD_TEST_NOSMACK(tc07_check_API_data_share_allow_nosmack)
1172 const char* subject_allow = TEST07_SUBJECT;
1174 // drop root privileges
1175 ret = drop_root_privileges();
1176 RUNNER_ASSERT_MSG(ret == 0,
1177 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
1179 ret = security_server_app_give_access(subject_allow, getpid());
1180 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
1181 "app_give_access failed. Result: " << ret);
1184 int main(int argc, char *argv[])
1191 printf("Error: %s must be executed by root\n", argv[0]);
1196 DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
1198 if (server_sockfd > 0)
1199 close(server_sockfd);
1200 if (client_sockfd > 0)
1201 close(client_sockfd);