*/
#include <dpl/log/log.h>
-#include <dpl/serialization.h>
#include <dpl/singleton.h>
#include <dpl/singleton_safe_impl.h>
#include <dpl/test/test_runner.h>
#include <sys/time.h>
#include <sys/un.h>
#include <unistd.h>
-#include <memory>
+#include <memory.h>
#include "security_server_mockup.h"
#include <summary_collector.h>
+#include <smack_access.h>
+
+IMPLEMENT_SAFE_SINGLETON(DPL::Log::LogSystem);
+#include <security_server_tests_common.h>
+#include <tests_common.h>
/*Number of calls in a single test*/
#define NUMBER_OF_CALLS (5)
#define M160_CUSTOMER_LABEL "my_customer_label"
#define M170_OBJECT_LABEL "myObject"
-
-IMPLEMENT_SAFE_SINGLETON(DPL::Log::LogSystem);
-#include <tests_common.h>
-
namespace {
void securityClientEnableLogSystem(void) {
DPL::Log::LogSystemSingleton::Instance().SetTag("SEC_SRV_API_SPEED");
int communication_succeeded(int result_code) {
switch(result_code)
{
+ case SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE:
case SECURITY_SERVER_API_ERROR_SOCKET:
case SECURITY_SERVER_API_ERROR_BAD_REQUEST:
case SECURITY_SERVER_API_ERROR_BAD_RESPONSE:
LogDebug("No function call succeeded\n");
}
-void closesockfdptr(int* sockfd_ptr)
-{
- close(*sockfd_ptr);
-}
-typedef std::unique_ptr<int, std::function<void(int*)> > SockFDUniquePtr;
-
/*TEST CASES*/
RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_API_SPEED_MEASURER)
finish_stats(&stats, "security_server_check_privilege");
}
-/*
- * measurer: Fails only on connection error.
- */
-
-RUNNER_TEST(m060_security_server_check_privilege_by_cookie) {
- size_t cookie_size;
- cookie_size = security_server_get_cookie_size();
- char cookie[cookie_size];
+void testSecurityServerCheckPrivilegeByCookie(bool smack) {
const char *object_label = M60_OBJECT_LABEL;
const char *access_rights = "r";
const char *access_rights_ext = "rw";
const char *subject_label = M60_SUBJECT_LABEL;
- smack_accesses *handle;
int ret;
readwrite_stats stats;
initialize_stats(&stats);
- RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(subject_label),
- "Cannot prepare environment for test.");
- RUNNER_ASSERT_MSG_BT(0 == (ret = smack_accesses_new(&handle)), "Error in smack_accesses_new()");
- RUNNER_ASSERT_MSG_BT(0 == smack_accesses_add(handle,
- subject_label,
- object_label,
- access_rights), "Error in smack_accesses_add()" );
- RUNNER_ASSERT_MSG_BT(0 == (ret = smack_accesses_apply(handle)), "Error in smack_accesses_apply(); ret = " << ret);
- smack_accesses_free(handle);
- RUNNER_ASSERT_MSG_BT(0 == (ret = smack_set_label_for_self(subject_label)), "Error in smack_set_label_for_self(); ret = " << ret);
- RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS == security_server_request_cookie(cookie, cookie_size), "Error in security_server_request_cookie()");
+
+ if (smack) {
+ SmackAccess smackAccess;
+ smackAccess.add(subject_label, object_label, access_rights);
+ smackAccess.apply();
+ RUNNER_ASSERT_MSG_BT(0 == (ret = smack_set_label_for_self(subject_label)),
+ "Error in smack_set_label_for_self(); ret = " << ret);
+ }
+
+ Cookie cookie = getCookieFromSS();
+
for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
start_stats_update(&stats);
/*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */
if (i%2)
ret = security_server_check_privilege_by_cookie(
- cookie,
+ cookie.data(),
object_label,
access_rights);
else
ret = security_server_check_privilege_by_cookie(
- cookie,
+ cookie.data(),
object_label,
access_rights_ext);
* measurer: Fails only on connection error.
*/
-RUNNER_MULTIPROCESS_TEST(m070_security_server_check_privilege_by_sockfd) {
+RUNNER_TEST_SMACK(m060_security_server_check_privilege_by_cookie_smack) {
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ testSecurityServerCheckPrivilegeByCookie(true);
+}
+
+RUNNER_TEST_NOSMACK(m060_security_server_check_privilege_by_cookie_nosmack) {
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ testSecurityServerCheckPrivilegeByCookie(false);
+}
+
+void testSecurityServerCheckPrivilegeBySockfd(bool smack) {
const char *object_label = M70_OBJECT_LABEL;
const char *access_rights = "r";
const char *access_rights_ext = "rw";
int ret;
readwrite_stats stats;
initialize_stats(&stats);
- smack_accesses *handle;
- RUNNER_ASSERT_BT(0 == smack_accesses_new(&handle));
- RUNNER_ASSERT_BT(0 == smack_accesses_add(handle,
- subject_label,
- object_label,
- access_rights));
- RUNNER_ASSERT_BT(0 == smack_accesses_apply(handle));
- smack_accesses_free(handle);
+
+ if (smack) {
+ SmackAccess smackAccess;
+ smackAccess.add(subject_label, object_label, access_rights);
+ smackAccess.apply();
+ }
+
int pid = fork();
RUNNER_ASSERT_BT(-1 != pid);
if (0 == pid) {
int sockfd = create_new_socket();
RUNNER_ASSERT_MSG_BT(sockfd >= 0, "create_new_socket() failed");
- SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
+ SockUniquePtr sockfd_ptr(&sockfd);
- RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
+ if (smack)
+ RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
RUNNER_ASSERT_MSG_BT(listen(sockfd, 5) >= 0, "child listen failed");
int sockfd = connect_to_testserver();
RUNNER_ASSERT_MSG_BT(sockfd >= 0, "connect_to_testserver() failed");
- SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
+ SockUniquePtr sockfd_ptr(&sockfd);
for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
start_stats_update(&stats);
/*
* measurer: Fails only on connection error.
*/
+
+RUNNER_MULTIPROCESS_TEST_SMACK(m070_security_server_check_privilege_by_sockfd_smack) {
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+ testSecurityServerCheckPrivilegeBySockfd(true);
+}
+
+RUNNER_MULTIPROCESS_TEST_NOSMACK(m070_security_server_check_privilege_by_sockfd_nosmack) {
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+ testSecurityServerCheckPrivilegeBySockfd(false);
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
RUNNER_TEST(m080_security_server_get_cookie_pid) {
int ret;
size_t cookie_size;
*/
RUNNER_TEST(m170_security_server_check_privilege_by_pid) {
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
int ret;
readwrite_stats stats;
initialize_stats(&stats);