/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* limitations under the License.
*/
-#include <cstdlib>
#include <functional>
#include <string>
#include <sys/types.h>
#include <sys/un.h>
#include <unistd.h>
-#include <access_provider.h>
+#include <app_context.h>
+#include <cynara_helpers_creds.h>
#include <dpl/test/test_runner.h>
+#include <label_generator.h>
#include <memory.h>
#include <passwd_access.h>
#include <sm_api.h>
std::string m_label;
};
-pid_t runInChild(const std::function<void(void)> &process) {
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
-
- if (pid == 0) {
- process();
- exit(EXIT_SUCCESS);
- }
- return pid;
-}
-
void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
const struct ProcessCredentials &peerCredentials) {
- SecurityServer::AccessProvider ap(peerCredentials.label());
- ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
+ AppContext ctx(peerCredentials.label());
+ ctx.apply(peerCredentials.uid(), peerCredentials.gid());
pipe.claimChildEp();
int sock = UDSHelpers::createServer(&sockaddr);
assertion(sock, pid);
}
-RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket)
-{
+void test_51a_get_id_by_socket(bool isHybrid) {
const char *const sm_app_id = "sm_test_51a_app";
const char *const sm_pkg_id = "sm_test_51a_pkg";
InstallRequest requestInst;
requestInst.setAppId(sm_app_id);
requestInst.setPkgId(sm_pkg_id);
+ if (isHybrid)
+ requestInst.setHybrid();
Api::install(requestInst);
- std::string smackLabel = generateProcessLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid);
clientTestTemplate([&] (int sock, pid_t) {
std::string rcvPkgId, rcvAppId;
Api::getPkgIdBySocket(sock, &rcvPkgId, &rcvAppId);
RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
<< "; expected = " << sm_pkg_id);
- RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
- << "; expected = " << sm_app_id);
+ if (isHybrid)
+ RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
+ << "; expected = " << sm_app_id);
+ else
+ RUNNER_ASSERT_MSG(rcvAppId.empty(), "magically acquired appId from nonhybrid app");
}, "tcsm27a", smackLabel);
InstallRequest requestUninst;
Api::uninstall(requestUninst);
}
-RUNNER_CHILD_TEST(security_manager_51b_get_id_by_socket)
+RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket_hybrid)
+{
+ test_51a_get_id_by_socket(true);
+}
+
+RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket_nonhybrid)
+{
+ test_51a_get_id_by_socket(false);
+}
+
+RUNNER_CHILD_TEST(security_manager_51b_get_id_by_socket_bad_fd)
{
const char *const sm_app_id = "sm_test_51b_app";
const char *const sm_pkg_id = "sm_test_51b_pkg";
Api::install(requestInst);
- std::string smackLabel = generateProcessLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
clientTestTemplate([&] (int sock, pid_t) {
std::string rcvPkgId, rcvAppId;
Api::uninstall(requestUninst);
}
-RUNNER_CHILD_TEST(security_manager_51c_get_id_by_socket)
+RUNNER_CHILD_TEST(security_manager_51c_get_id_by_socket_only_pkg)
{
const char *const sm_app_id = "sm_test_51c_app";
const char *const sm_pkg_id = "sm_test_51c_pkg";
Api::install(requestInst);
- std::string smackLabel = generateProcessLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
clientTestTemplate([&] (int sock, pid_t) {
std::string rcvPkgId;
Api::uninstall(requestUninst);
}
-RUNNER_CHILD_TEST(security_manager_51d_get_id_by_socket)
+RUNNER_CHILD_TEST(security_manager_51d_get_id_by_socket_only_appid)
{
const char *const sm_app_id = "sm_test_51d_app";
const char *const sm_pkg_id = "sm_test_51d_pkg";
InstallRequest requestInst;
requestInst.setAppId(sm_app_id);
requestInst.setPkgId(sm_pkg_id);
+ requestInst.setHybrid();
Api::install(requestInst);
- std::string smackLabel = generateProcessLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true);
clientTestTemplate([&] (int sock, pid_t) {
std::string rcvAppId;
Api::uninstall(requestUninst);
}
-RUNNER_CHILD_TEST(security_manager_51e_get_id_by_socket)
+RUNNER_CHILD_TEST(security_manager_51e_get_id_by_socket_nulls)
{
const char *const sm_app_id = "sm_test_51e_app";
const char *const sm_pkg_id = "sm_test_51e_pkg";
Api::install(requestInst);
- std::string smackLabel = generateProcessLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
clientTestTemplate([&] (int sock, pid_t) {
Api::getPkgIdBySocket(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
Api::uninstall(requestUninst);
}
-RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid)
-{
+void test_52a_get_id_by_pid(bool isHybrid) {
const char *const sm_app_id = "sm_test_52a_app";
const char *const sm_pkg_id = "sm_test_52a_pkg";
InstallRequest requestInst;
requestInst.setAppId(sm_app_id);
requestInst.setPkgId(sm_pkg_id);
-
+ if (isHybrid)
+ requestInst.setHybrid();
Api::install(requestInst);
- std::string smackLabel = generateProcessLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid);
clientTestTemplate([&] (int, pid_t pid) {
std::string rcvPkgId, rcvAppId;
Api::getPkgIdByPid(pid, &rcvPkgId, &rcvAppId);
RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
<< "; expected = " << sm_pkg_id);
- RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
- << "; expected = " << sm_app_id);
+ if (isHybrid)
+ RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
+ << "; expected = " << sm_app_id);
+ else
+ RUNNER_ASSERT_MSG(rcvAppId.empty(), "magically acquired appId from nonhybrid app");
}, "tcsm28a", smackLabel);
InstallRequest requestUninst;
Api::uninstall(requestUninst);
}
-RUNNER_CHILD_TEST(security_manager_52b_get_id_by_pid)
+RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid_hybrid)
+{
+ test_52a_get_id_by_pid(true);
+}
+
+RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid_nonhybrid)
+{
+ test_52a_get_id_by_pid(false);
+}
+
+RUNNER_CHILD_TEST(security_manager_52b_get_id_by_pid_bad_fd)
{
const char *const sm_app_id = "sm_test_52b_app";
const char *const sm_pkg_id = "sm_test_52b_pkg";
Api::install(requestInst);
- std::string smackLabel = generateProcessLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
clientTestTemplate([&] (int, pid_t pid) {
std::string rcvPkgId, rcvAppId;
Api::uninstall(requestUninst);
}
-RUNNER_CHILD_TEST(security_manager_52c_get_id_by_pid)
+RUNNER_CHILD_TEST(security_manager_52c_get_id_by_pid_only_pkg)
{
const char *const sm_app_id = "sm_test_52c_app";
const char *const sm_pkg_id = "sm_test_52c_pkg";
Api::install(requestInst);
- std::string smackLabel = generateProcessLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
clientTestTemplate([&] (int, pid_t pid) {
std::string rcvPkgId;
Api::uninstall(requestUninst);
}
-RUNNER_CHILD_TEST(security_manager_52d_get_id_by_pid)
+RUNNER_CHILD_TEST(security_manager_52d_get_id_by_pid_only_appid)
{
const char *const sm_app_id = "sm_test_52d_app";
const char *const sm_pkg_id = "sm_test_52d_pkg";
InstallRequest requestInst;
requestInst.setAppId(sm_app_id);
requestInst.setPkgId(sm_pkg_id);
+ requestInst.setHybrid();
Api::install(requestInst);
- std::string smackLabel = generateProcessLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true);
clientTestTemplate([&] (int, pid_t pid) {
std::string rcvAppId;
Api::uninstall(requestUninst);
}
-RUNNER_CHILD_TEST(security_manager_52e_get_id_by_pid)
+RUNNER_CHILD_TEST(security_manager_52e_get_id_by_pid_nulls)
{
const char *const sm_app_id = "sm_test_52e_app";
const char *const sm_pkg_id = "sm_test_52e_pkg";
Api::install(requestInst);
- std::string smackLabel = generateProcessLabel(sm_app_id);
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
clientTestTemplate([&] (int sock, pid_t) {
Api::getPkgIdByPid(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
Api::uninstall(requestUninst);
}
+
+void test_53a_get_id_by_cynara_client(bool isHybrid) {
+ const char *const sm_app_id = "sm_test_53a_app";
+ const char *const sm_pkg_id = "sm_test_53a_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+ if (isHybrid)
+ requestInst.setHybrid();
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid);
+
+ clientTestTemplate([&] (int sock, pid_t) {
+ std::string rcvPkgId, rcvAppId;
+ CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
+ RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
+ Api::getPkgIdByCynaraClient(cynaraClient.get(), &rcvPkgId, &rcvAppId);
+ RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
+ << "; expected = " << sm_pkg_id);
+ if (isHybrid)
+ RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
+ << "; expected = " << sm_app_id);
+ }, "tcsmc53a", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_53a_get_id_by_cynara_client_hybrid)
+{
+ test_53a_get_id_by_cynara_client(true);
+}
+
+RUNNER_CHILD_TEST(security_manager_53a_get_id_by_cynara_client_nonhybrid)
+{
+ test_53a_get_id_by_cynara_client(false);
+}
+
+RUNNER_CHILD_TEST(security_manager_53b_get_id_by_cynara_client_wrong_client)
+{
+
+ std::string rcvPkgId, rcvAppId;
+ Api::getPkgIdByCynaraClient("NotAnApp", &rcvPkgId, &rcvAppId,
+ SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
+}
+
+RUNNER_CHILD_TEST(security_manager_53c_get_id_by_cynara_client_only_pkgid)
+{
+ const char *const sm_app_id = "sm_test_53c_app";
+ const char *const sm_pkg_id = "sm_test_53c_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
+
+ clientTestTemplate([&] (int sock, pid_t) {
+ std::string rcvPkgId;
+ CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
+ RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
+ Api::getPkgIdByCynaraClient(cynaraClient.get(), &rcvPkgId, nullptr);
+ RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
+ << "; expected = " << sm_pkg_id);
+ }, "tcsm28c", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_53d_get_id_by_cynara_client_only_appid)
+{
+ const char *const sm_app_id = "sm_test_53d_app";
+ const char *const sm_pkg_id = "sm_test_53d_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+ requestInst.setHybrid();
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true);
+
+ clientTestTemplate([&] (int sock, pid_t) {
+ std::string rcvAppId;
+ CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
+ RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
+ Api::getPkgIdByCynaraClient(cynaraClient.get(), nullptr, &rcvAppId);
+ RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
+ << "; expected = " << sm_app_id);
+ }, "tcsm28d", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_53e_get_id_by_cynara_client_nulls)
+{
+ const char *const sm_app_id = "sm_test_53e_app";
+ const char *const sm_pkg_id = "sm_test_53e_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
+
+ clientTestTemplate([&] (int sock, pid_t) {
+ std::string rcvAppId;
+ CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
+ RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
+ Api::getPkgIdByCynaraClient(cynaraClient.get(), nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
+ }, "tcsm28e", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
projects / platform / core / test / security-tests.git / blobdiff