2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_server.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Mariusz Domanski (m.domanski@samsung.com)
9 * @brief Test cases for security server
15 #include <sys/types.h>
16 #include <sys/param.h>
21 #include <sys/socket.h>
23 #include <sys/smack.h>
25 #include "security-server.h"
26 #include "security_server_clean_env.h"
27 #include <dpl/test/test_runner.h>
28 #include <dpl/test/test_runner_child.h>
30 #include <privilege-control.h>
32 #include "security_server_tests_common.h"
33 #include "tests_common.h"
34 #include <smack_access.h>
35 #include <access_provider.h>
36 #include <summary_collector.h>
38 const char *TEST03_SUBJECT = "subject_0f09f7cc";
39 const char *TEST04_SUBJECT = "subject_57dfbfc5";
40 const char *TEST07_SUBJECT = "subject_cd738844";
41 const char *TEST08_SUBJECT = "subject_fd84ba7f";
43 const char *API_PASSWD_SET = "security-server::api-password-set";
44 const char *API_PASSWD_CHECK = "security-server::api-password-check";
45 const char *API_PASSWD_RESET = "security-server::api-password-reset";
46 const char *API_RULE_REQUIRED = "w";
48 int clear_password(char ** /*error*/)
51 unsigned int attempt, max_attempt, expire_sec;
52 const char *subject_allow = "subject_allow";
53 struct smack_accesses *handle = NULL;
56 reset_security_server();
58 ret = smack_accesses_new(&handle);
59 RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
61 /* our subject 'subject_allow' has access to security-server::api-password-check */
62 ret = smack_accesses_add(handle, subject_allow, API_PASSWD_CHECK, API_RULE_REQUIRED);
63 RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
65 ret = smack_accesses_apply(handle);
66 RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
68 ret = smack_set_label_for_self(subject_allow);
69 RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
71 smack_accesses_free(handle);
73 attempt = max_attempt = expire_sec = UINT_MAX;
74 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
76 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
77 RUNNER_ASSERT_BT(expire_sec == 0);
78 RUNNER_ASSERT_BT(max_attempt == 0);
79 RUNNER_ASSERT_BT(attempt == 0);
81 /* we revoke all rules for subject 'subject_allow' */
82 ret = smack_revoke_subject(subject_allow);
83 RUNNER_ASSERT_MSG_BT(ret == 0, "Revoking subject didn't work.");
92 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_SERVER);
94 RUNNER_TEST(tc_security_server_get_gid_normal_case_trying_to_get_gid_of_tel_gprs)
96 RUNNER_ASSERT_BT(security_server_get_gid("tel_gprs") >= 0);
99 RUNNER_TEST(tc_security_server_get_gid_empty_object_name)
101 RUNNER_ASSERT_BT(security_server_get_gid("") == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
104 RUNNER_TEST(tc_security_server_get_gid_wrong_object_name_teltel)
106 RUNNER_ASSERT_BT(security_server_get_gid("teltel") == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT);
109 RUNNER_CHILD_TEST_SMACK(tc01a_security_server_app_give_access)
111 const char *subject = "abc345v34sfa";
112 const char *object = "efg678x2lkjz";
113 const char *server_api = "security-server::api-data-share";
116 smack.add(subject, object, "-----");
117 smack.add(object, server_api, "rw");
120 smack_set_label_for_self(object);
122 RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
124 security_server_app_give_access(subject, getpid());
126 RUNNER_ASSERT_BT(1 == smack_have_access(subject, object, "rwxat"));
130 * Currently we are NOT revoking any permissions given by
131 * security_server_app_give_access function
133 /*RUNNER_TEST(tc01b_security_server_app_give_access)
135 const char *subject = "abc345v34sfa";
136 const char *object = "efg678x2lkjz";
138 // After part A thread from security-server will be notified about
139 // process end and revoke permissions. We need to give him some
143 RUNNER_ASSERT_BT(0 == smack_have_access(subject, object, "r----"));
144 RUNNER_ASSERT_BT(0 == smack_have_access(subject, object, "-w---"));
145 RUNNER_ASSERT_BT(0 == smack_have_access(subject, object, "--x--"));
146 RUNNER_ASSERT_BT(0 == smack_have_access(subject, object, "---a-"));
147 RUNNER_ASSERT_BT(0 == smack_have_access(subject, object, "----t"));
150 RUNNER_CHILD_TEST_SMACK(tc01c_security_server_app_give_access_no_access)
152 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
153 const char *subject = "xxx45v34sfa";
154 const char *object = "yyy78x2lkjz";
157 smack.add(subject, object, "-----");
160 RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(object), "Error in smack_label_for_self");
162 RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
164 RUNNER_ASSERT_BT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
165 security_server_app_give_access(subject, getpid()));
167 RUNNER_ASSERT_BT(0 == smack_have_access(subject, object, "r"));
170 RUNNER_TEST_SMACK(tc02_check_privilege_by_pid)
177 //we checking existing rule, it should return positive
178 ret = security_server_check_privilege_by_pid(pid, "_", "rx");
179 RUNNER_ASSERT_BT(ret == SECURITY_SERVER_API_SUCCESS);
181 //we checking rule with label that not exist
182 ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
183 RUNNER_ASSERT_BT(ret != SECURITY_SERVER_API_SUCCESS);
186 RUNNER_CHILD_TEST_SMACK(tc03_check_API_passwd_allow)
189 unsigned int attempt, max_attempt, expire_sec;
190 char *str = (char*) malloc(256);
192 attempt = max_attempt = expire_sec = 0;
194 ret = clear_password(&str);
195 RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << str);
197 SecurityServer::AccessProvider provider(TEST03_SUBJECT);
198 provider.allowAPI(API_PASSWD_CHECK, API_RULE_REQUIRED);
199 provider.allowAPI(API_PASSWD_SET, API_RULE_REQUIRED);
200 provider.allowAPI(API_PASSWD_RESET, API_RULE_REQUIRED);
201 provider.applyAndSwithToUser(APP_UID, APP_GID);
203 ret = security_server_set_pwd_validity(10);
204 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
206 ret = security_server_set_pwd_max_challenge(5);
207 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
209 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
210 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
212 usleep(PASSWORD_RETRY_TIMEOUT_US);
213 ret = security_server_set_pwd(NULL, "12345", 0, 0);
214 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
216 ret = security_server_reset_pwd("12345",0, 0);
217 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
219 usleep(PASSWORD_RETRY_TIMEOUT_US);
220 ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
221 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
223 ret = security_server_set_pwd_history(10);
224 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
227 RUNNER_CHILD_TEST(tc04_check_API_passwd_denied)
229 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
231 unsigned int attempt, max_attempt, expire_sec;
233 attempt = max_attempt = expire_sec = 0;
235 SecurityServer::AccessProvider privider(TEST04_SUBJECT);
236 privider.applyAndSwithToUser(APP_UID, APP_GID);
239 * now SS should return error
240 * at the moment SS doesn't check return code from
241 * authorize_SS_API_caller_socket() so it should give access
242 * you can check in logs if it's working properly
243 * has access result = 1
244 * no access result = 0
245 * D/SECURITY_SERVER( 2510): security-server-main.c: authorize_SS_API_caller_socket(205) >
246 * [SECURE_LOG] SS_SMACK: caller_pid=5278, subject=subject_allow,
247 * object=security-server::api-password-check, access=w, result=1,
248 * caller_path=/usr/bin/security-server-tests-server
249 * E/SECURITY_SERVER( 2510): security-server-main.c: authorize_SS_API_caller_socket(207) >
250 * [SECURE_LOG] SS_SMACK: caller_pid=5278, subject=subject_allow,
251 * object=security-server::api-password-check, access=w, result=0,
252 * caller_path=/usr/bin/security-server-tests-server
255 ret = security_server_set_pwd_validity(10);
256 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
257 "security_server_set_pwd_validity should return access denied,"
260 ret = security_server_set_pwd_max_challenge(5);
261 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
262 "security_server_set_pwd_max_challenge should return access denied,"
265 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
266 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
267 "security_server_is_pwd_valid should return access denied,"
270 usleep(PASSWORD_RETRY_TIMEOUT_US);
271 ret = security_server_set_pwd("12345", "12346", 0, 0);
272 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
273 "security_server_set_pwd should return access denied,"
276 ret = security_server_reset_pwd("12346",0, 0);
277 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
278 "security_server_reset_pwd should return access denied,"
280 usleep(PASSWORD_RETRY_TIMEOUT_US);
281 ret = security_server_chk_pwd("12346", &attempt, &max_attempt, &expire_sec);
282 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
283 "security_server_chk_pwd should return access denied,"
286 ret = security_server_set_pwd_history(10);
287 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
288 "security_server_set_pwd_history should return access denied,"
292 RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow)
294 SecurityServer::AccessProvider provider(TEST07_SUBJECT);
295 provider.allowFunction("security_server_app_give_access");
296 provider.applyAndSwithToUser(APP_UID, APP_GID);
298 int ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
299 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
302 RUNNER_CHILD_TEST_SMACK(tc08_check_API_data_share_denied)
304 RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
305 SecurityServer::AccessProvider provider(TEST08_SUBJECT);
306 provider.applyAndSwithToUser(APP_UID, APP_GID);
308 int ret = security_server_app_give_access(TEST08_SUBJECT, getpid());
309 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
310 "security_server_app_give_access should return access denied,"
314 //////////////////////////////////////////
315 /////////NOSMACK ENV TESTS////////////////
316 //////////////////////////////////////////
319 * NOSMACK version of tc01a and tc01c tests.
321 * SMACK is turned off - that means for us, that we don't need any accesses added to our process
322 * in SMACK before dropping root privileges. This test drops root privileges, calls
323 * security_server_app_give_access and then checks if smack_have_access returns error (because
326 * security_server_app_give_access shouldn't return anything else than success when SMACK is off,
327 * hence there is only one test that replaces tests tc01a and tc01c.
329 RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_app_give_access_nosmack)
331 const char* subject = "abc345v34sfa";
332 const char* object = "efg678x2lkjz";
335 result = drop_root_privileges();
336 RUNNER_ASSERT_MSG_BT(result == 0,
337 "Failed to drop root privileges. Result: " << result << "uid = " << getuid());
339 result = security_server_app_give_access(subject, getpid());
340 RUNNER_ASSERT_MSG_BT(result == SECURITY_SERVER_API_SUCCESS,
341 "Error in security_server_app_give_access. Result: " << result);
343 result = smack_have_access(subject, object, "rwxat");
344 RUNNER_ASSERT_MSG_BT(result == -1,
345 "smack_have_access should return error when SMACK is off. Result: " << result);
349 * NOSMACK version of tc02 test.
351 * check_privilege_by_pid should always return success when SMACK is off, no matter if label is
354 RUNNER_TEST_NOSMACK(tc02_check_privilege_by_pid_nosmack)
361 //we checking existing rule, it should return positive
362 ret = security_server_check_privilege_by_pid(pid, "_", "rx");
363 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
364 "check_privilege_by_pid for existing label failed. Result: " << ret);
366 //we checking rule with label that not exist
367 ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
368 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
369 "check_privilege_by_pid for nonexisting label failed. Result: " << ret);
373 * NOSMACK version of clear_password function.
375 * Compared to SMACK version of this function, this one skips adding rules and setting label.
377 int clear_password_nosmack()
380 unsigned int attempt, max_attempt, expire_sec;
383 reset_security_server();
385 attempt = max_attempt = expire_sec = UINT_MAX;
386 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
388 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
389 "is_pwd_faild should return no password error. Result: " << ret);
390 RUNNER_ASSERT_MSG_BT(expire_sec == 0, "expire_sec = " << expire_sec << ", should be 0.");
391 RUNNER_ASSERT_MSG_BT(max_attempt == 0, "max_attempt = " << max_attempt << ", should be 0.");
392 RUNNER_ASSERT_MSG_BT(attempt == 0, "attempt = " << attempt << ", should be 0.");
400 * NOSMACK version of tc03 test.
402 * Just as tc01a/tc01c NOSMACK replacement, we don't need to do anything with SMACK because most
403 * important functions will return errors (that is smack_accesses_apply/smack_have_access etc.).
404 * First clear password, then drop privileges and proceed to regular testing.
407 RUNNER_CHILD_TEST_NOSMACK(tc03_check_API_passwd_allow_nosmack)
410 unsigned int attempt, max_attempt, expire_sec;
412 attempt = max_attempt = expire_sec = 0;
414 clear_password_nosmack();
416 // drop root privileges
417 ret = drop_root_privileges();
418 RUNNER_ASSERT_MSG_BT(ret == 0,
419 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
421 ret = security_server_set_pwd_validity(10);
422 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
423 "set_pwd_validity should return no password error. Result: " << ret);
425 ret = security_server_set_pwd_max_challenge(5);
426 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
427 "set_pwd_max_challenge should return no password error. Result: " << ret);
429 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
430 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
431 "is_pwd_valid should return no password error. Result: " << ret);
433 usleep(PASSWORD_RETRY_TIMEOUT_US);
434 ret = security_server_set_pwd(NULL, "12345", 0, 0);
435 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
436 "set_pwd failed. Result: " << ret);
438 ret = security_server_reset_pwd("12345",0, 0);
439 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
440 "reset_pwd failed. Result: " << ret);
442 usleep(PASSWORD_RETRY_TIMEOUT_US);
443 ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
444 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
445 "chk_pwd failed. Result: " << ret);
447 ret = security_server_set_pwd_history(10);
448 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
449 "set_pwd_history failed. Result: " << ret);
453 * NOSMACK version of tc07 test.
455 * Similarily to previous tests - no need to set self label because SMACK is off. Just as
456 * tc01a/tc01c replacement, security_server_app_give_access should return only success. Hence the
457 * NOSMACK version of tc08 test is skipped.
459 RUNNER_CHILD_TEST_NOSMACK(tc07_check_API_data_share_allow_nosmack)
463 // drop root privileges
464 ret = drop_root_privileges();
465 RUNNER_ASSERT_MSG_BT(ret == 0,
466 "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
468 ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
469 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
470 "app_give_access failed. Result: " << ret);
473 int main(int argc, char *argv[]) {
475 printf("Error: %s must be executed by root\n", argv[0]);
478 SummaryCollector::Register();
479 return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);