tests/security_daemon_tests/ace_ipc_test_cases.cpp

   1 /*
   2  * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *    Licensed under the Apache License, Version 2.0 (the "License");
   5  *    you may not use this file except in compliance with the License.
   6  *    You may obtain a copy of the License at
   7  *
   8  *        http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *    Unless required by applicable law or agreed to in writing, software
  11  *    distributed under the License is distributed on an "AS IS" BASIS,
  12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *    See the License for the specific language governing permissions and
  14  *    limitations under the License.
  15  */
  16
  17 #include <dpl/assert.h>
  18 #include <dpl/test/test_runner.h>
  19 #include <ace/PolicyResult.h>
  20 #include <ace-dao-ro/PromptModel.h>
  21 #include <ace-dao-ro/PromptModel.h>
  22 #include "SecurityCommunicationClient.h"
  23 #include <widget_installer.h>
  24
  25 #include <vector>
  26 #include <string>
  27 #include <memory>
  28
  29 using namespace DPL;
  30
  31 namespace {
  32
  33 const std::string ACE_INTERFACE_NAME =
  34     "org.tizen.AceCheckAccessInterface";
  35 const std::string ACE_CHECK_ACCESS_METHOD = "check_access";
  36
  37 const std::string POPUP_INTERFACE_NAME =
  38     "org.tizen.PopupResponse";
  39 const std::string  VALIDATION_METHOD = "validate";
  40
  41 }
  42
  43 class AceClientStub
  44 {
  45   public:
  46
  47     PolicyResult callCheckAccess(int handle,
  48                                  const std::string& subjectId,
  49                                  const std::string& resourceId,
  50                                  const std::vector<std::string> keys,
  51                                  const std::vector<std::string> values)
  52     {
  53         Assert(!!m_aceCommunicationClient);
  54         int serialized = 0;
  55         std::string sessionId = "fakeSession";
  56         m_aceCommunicationClient->call(ACE_CHECK_ACCESS_METHOD,
  57                               handle,
  58                               subjectId,
  59                               resourceId,
  60                               keys,
  61                               values,
  62                               sessionId,
  63                               &serialized);
  64         PolicyResult policyResult = PolicyResult::deserialize(serialized);
  65         return policyResult;
  66     }
  67
  68     bool callPopupAnswer(bool allowed,
  69                          int serializedValidity,
  70                          int handle,
  71                          const std::string& subjectId,
  72                          const std::string& resourceId,
  73                          const std::vector<std::string> keys,
  74                          const std::vector<std::string> values,
  75                          const std::string& session)
  76     {
  77         Assert(!!m_popupCommunicationClient);
  78         bool status = false;
  79         m_popupCommunicationClient->call(VALIDATION_METHOD,
  80                                 allowed,
  81                                 serializedValidity,
  82                                 handle,
  83                                 subjectId,
  84                                 resourceId,
  85                                 keys,
  86                                 values,
  87                                 session,
  88                                 &status);
  89         return status;
  90     }
  91
  92     static AceClientStub& getInstance();
  93
  94   private:
  95     AceClientStub() :
  96         m_aceCommunicationClient(new WrtSecurity::Communication::Client(ACE_INTERFACE_NAME)),
  97         m_popupCommunicationClient(new WrtSecurity::Communication::Client(POPUP_INTERFACE_NAME))
  98     {
  99     }
 100
 101     ~AceClientStub() { }
 102
 103     std::unique_ptr<WrtSecurity::Communication::Client> m_aceCommunicationClient;
 104     std::unique_ptr<WrtSecurity::Communication::Client> m_popupCommunicationClient;
 105 };
 106
 107 AceClientStub& AceClientStub::getInstance()
 108 {
 109     static AceClientStub instance;
 110     return instance;
 111 }
 112
 113 RUNNER_TEST_GROUP_INIT(ace)
 114
 115 /*
 116  * author:      ---
 117  * test:        Policy evaluation by security server.
 118  * description: Prepared policy is passed to ACE and evaluation result is checked.
 119  * expect:      Evaluation effect match assumptions, result should be PolicyEffect::PROMPT_ONESHOT.
 120  */
 121 RUNNER_TEST(policy1)
 122 {
 123     std::vector<std::string> names;
 124     std::vector<std::string> values;
 125     std::string subjectId = "resource_id_prompt_oneshot";
 126     std::string resourceId = subjectId;
 127     WidgetHandle widgetHandle = InstallerMockup::registerWidget();
 128     auto policy = AceClientStub::getInstance().callCheckAccess(
 129         widgetHandle,
 130         subjectId,
 131         resourceId,
 132         names,
 133         values);
 134     RUNNER_ASSERT(!!policy.getEffect());
 135     RUNNER_ASSERT(*policy.getEffect() == PolicyEffect::PROMPT_ONESHOT);
 136 }
 137
 138 /*
 139  * author:      ---
 140  * test:        Policy evaluation by security server.
 141  * description: Prepared policy is passed to ACE and evaluation result is checked.
 142  * expect:      Evaluation effect match assumptions, result should be PolicyEffect::PROMPT_BLANKET.
 143  */
 144 RUNNER_TEST(policy2)
 145 {
 146     std::vector<std::string> names;
 147     std::vector<std::string> values;
 148     std::string subjectId = "resource_id_prompt_blanket";
 149     std::string resourceId = subjectId;
 150     WidgetHandle widgetHandle = InstallerMockup::registerWidget();
 151     auto policy = AceClientStub::getInstance().callCheckAccess(widgetHandle,
 152                                                                subjectId,
 153                                                                resourceId,
 154                                                                names,
 155                                                                values);
 156     RUNNER_ASSERT(!!policy.getEffect());
 157     RUNNER_ASSERT(*policy.getEffect() == PolicyEffect::PROMPT_BLANKET);
 158 }
 159
 160 /*
 161  * author:      ---
 162  * test:        Policy evaluation by security server.
 163  * description: Prepared policy is passed to ACE and evaluation result is checked.
 164  * expect:      Evaluation effect match assumptions, result should be PolicyEffect::PROMPT_SESSION.
 165  */
 166 RUNNER_TEST(policy3)
 167 {
 168     std::vector<std::string> names;
 169     std::vector<std::string> values;
 170     std::string subjectId = "resource_id_prompt_session";
 171     std::string resourceId = subjectId;
 172     WidgetHandle widgetHandle = InstallerMockup::registerWidget();
 173     auto policy = AceClientStub::getInstance().callCheckAccess(widgetHandle,
 174                                                                subjectId,
 175                                                                resourceId,
 176                                                                names,
 177                                                                values);
 178     RUNNER_ASSERT(!!policy.getEffect());
 179     RUNNER_ASSERT(*policy.getEffect() == PolicyEffect::PROMPT_SESSION);
 180 }
 181
 182 /*
 183  * author:      ---
 184  * test:        Policy evaluation by security server.
 185  * description: Prepared policy is passed to ACE and evaluation result is checked.
 186  * expect:      Evaluation effect match assumptions, result should be PolicyEffect::PERMIT.
 187  */
 188 RUNNER_TEST(policy4)
 189 {
 190     std::vector<std::string> names;
 191     std::vector<std::string> values;
 192     std::string subjectId = "resource_id_permit";
 193     std::string resourceId = subjectId;
 194     WidgetHandle widgetHandle = InstallerMockup::registerWidget();
 195     auto policy = AceClientStub::getInstance().callCheckAccess(widgetHandle,
 196                                                                subjectId,
 197                                                                resourceId,
 198                                                                names,
 199                                                                values);
 200     RUNNER_ASSERT(!!policy.getEffect());
 201     RUNNER_ASSERT(*policy.getEffect() == PolicyEffect::PERMIT);
 202 }
 203
 204 /*
 205  * author:      ---
 206  * test:        Policy evaluation by security server.
 207  * description: Prepared policy is passed to ACE and evaluation result is checked.
 208  * expect:      Evaluation effect match assumptions, result should be PolicyEffect::DENY.
 209  */
 210 RUNNER_TEST(policy5)
 211 {
 212     std::vector<std::string> names;
 213     std::vector<std::string> values;
 214     std::string subjectId = "resource_id_deny";
 215     std::string resourceId = subjectId;
 216     WidgetHandle widgetHandle = InstallerMockup::registerWidget();
 217     auto policy = AceClientStub::getInstance().callCheckAccess(widgetHandle,
 218                                                                subjectId,
 219                                                                resourceId,
 220                                                                names,
 221                                                                values);
 222     RUNNER_ASSERT(!!policy.getEffect());
 223     RUNNER_ASSERT(*policy.getEffect() == PolicyEffect::DENY);
 224 }
 225
 226 /*
 227  * author:      ---
 228  * test:        Policy evaluation by security server.
 229  * description: Prepared policy is passed to ACE and evaluation result is checked.
 230  *              Next popup asking about accesses is passed to user.
 231  * expect:      Evaluation effect match assumptions, result should be PolicyEffect::PROMPT_ONESHOT.
 232  *              Popup contains correct evaluation results.
 233  */
 234 RUNNER_TEST(popup_test_after_policy1)
 235 {
 236     std::vector<std::string> names;
 237     std::vector<std::string> values;
 238     std::string resourceId = "resource_id_prompt_oneshot";
 239     std::string subjectId = resourceId;
 240     WidgetHandle widgetHandle = InstallerMockup::registerWidget();
 241     auto policy = AceClientStub::getInstance().callCheckAccess(widgetHandle,
 242                                                                subjectId,
 243                                                                resourceId,
 244                                                                names,
 245                                                                values);
 246     RUNNER_ASSERT(!!policy.getEffect());
 247     RUNNER_ASSERT(*policy.getEffect() == PolicyEffect::PROMPT_ONESHOT);
 248
 249     int validity = static_cast<int>(Prompt::Validity::ONCE);
 250     auto status = AceClientStub::getInstance().callPopupAnswer(true,
 251                                                                validity,
 252                                                                widgetHandle,
 253                                                                subjectId,
 254                                                                resourceId,
 255                                                                names,
 256                                                                values,
 257                                                                "");
 258     RUNNER_ASSERT(status);
 259     LogDebug("1: " << status);
 260     status = AceClientStub::getInstance().callPopupAnswer(false,
 261                                                           validity,
 262                                                           widgetHandle,
 263                                                           subjectId,
 264                                                           resourceId,
 265                                                           names,
 266                                                           values,
 267                                                           "");
 268     RUNNER_ASSERT(!status);
 269     status = AceClientStub::getInstance().callPopupAnswer(true,
 270                                                           validity,
 271                                                           widgetHandle,
 272                                                           subjectId,
 273                                                           resourceId,
 274                                                           names,
 275                                                           values,
 276                                                           "");
 277     RUNNER_ASSERT(status);
 278 }
 279
 280 /*
 281  * author:      ---
 282  * test:        Policy evaluation by security server.
 283  * description: Prepared policy is passed to ACE and evaluation result is checked.
 284  *              Next popup asking about accesses is passed to user.
 285  * expect:      Evaluation effect match assumptions, result should be PolicyEffect::PROMPT_BLANKET.
 286  *              Popup contains correct evaluation results.
 287  */
 288 RUNNER_TEST(popup_test_after_policy2)
 289 {
 290     std::vector<std::string> names;
 291     std::vector<std::string> values;
 292     std::string resourceId = "resource_id_prompt_blanket";
 293     std::string subjectId = resourceId;
 294     WidgetHandle widgetHandle = InstallerMockup::registerWidget();
 295     auto policy = AceClientStub::getInstance().callCheckAccess(widgetHandle,
 296                                                                subjectId,
 297                                                                resourceId,
 298                                                                names,
 299                                                                values);
 300     RUNNER_ASSERT(!!policy.getEffect());
 301     RUNNER_ASSERT(*policy.getEffect() == PolicyEffect::PROMPT_BLANKET);
 302
 303     int validity = static_cast<int>(Prompt::Validity::ALWAYS);
 304     auto status = AceClientStub::getInstance().callPopupAnswer(true,
 305                                                                validity,
 306                                                                widgetHandle,
 307                                                                subjectId,
 308                                                                resourceId,
 309                                                                names,
 310                                                                values,
 311                                                                "");
 312     RUNNER_ASSERT(status);
 313     LogDebug("1: " << status);
 314     status = AceClientStub::getInstance().callPopupAnswer(false,
 315                                                           validity,
 316                                                           widgetHandle,
 317                                                           subjectId,
 318                                                           resourceId,
 319                                                           names,
 320                                                           values,
 321                                                           "");
 322     RUNNER_ASSERT(!status);
 323     status = AceClientStub::getInstance().callPopupAnswer(true,
 324                                                           validity,
 325                                                           widgetHandle,
 326                                                           subjectId,
 327                                                           resourceId,
 328                                                           names,
 329                                                           values,
 330                                                           "");
 331     RUNNER_ASSERT(status);
 332 }
 333
 334 /*
 335  * author:      ---
 336  * test:        Policy evaluation by security server.
 337  * description: Prepared policy is passed to ACE and evaluation result is checked.
 338  *              Next popup asking about accesses is passed to user.
 339  * expect:      Evaluation effect match assumptions, result should be Prompt::Validity::SESSION.
 340  *              Popup contains correct evaluation results.
 341  */
 342 RUNNER_TEST(popup_test_after_policy3)
 343 {
 344     std::vector<std::string> names;
 345     std::vector<std::string> values;
 346     std::string resourceId = "resource_id_prompt_session";
 347     std::string subjectId = resourceId;
 348     WidgetHandle widgetHandle = InstallerMockup::registerWidget();
 349     auto policy = AceClientStub::getInstance().callCheckAccess(widgetHandle,
 350                                                                subjectId,
 351                                                                resourceId,
 352                                                                names,
 353                                                                values);
 354     RUNNER_ASSERT(!!policy.getEffect());
 355     RUNNER_ASSERT(*policy.getEffect() == PolicyEffect::PROMPT_SESSION);
 356
 357     int validity = static_cast<int>(Prompt::Validity::SESSION);
 358     auto status = AceClientStub::getInstance().callPopupAnswer(true,
 359                                                                validity,
 360                                                                widgetHandle,
 361                                                                subjectId,
 362                                                                resourceId,
 363                                                                names,
 364                                                                values,
 365                                                                "some_session");
 366     RUNNER_ASSERT(status);
 367     status = AceClientStub::getInstance().callPopupAnswer(false,
 368                                                           validity,
 369                                                           widgetHandle,
 370                                                           subjectId,
 371                                                           resourceId,
 372                                                           names,
 373                                                           values,
 374                                                           "some_session");
 375     RUNNER_ASSERT(!status);
 376     status = AceClientStub::getInstance().callPopupAnswer(true,
 377                                                           validity,
 378                                                           widgetHandle,
 379                                                           subjectId,
 380                                                           resourceId,
 381                                                           names,
 382                                                           values,
 383                                                           "some_session");
 384     RUNNER_ASSERT(status);
 385 }
 386