#include <security-server.h>
#include <access_provider.h>
-#include <tracker.h>
#include "tests_common.h"
#include <summary_collector.h>
#define PROPER_COOKIE_SIZE 20
-#define ENVIRONMENT \
- do { \
- const char *subject_label = "mylabel"; \
- RUNNER_ASSERT_MSG(-1 != system("touch /opt/home/root/pid_cycle"), \
- "Cannot prepare environment for test."); \
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), \
- "Cannot prepare environment for test."); \
- RUNNER_ASSERT_MSG(-1 != setgid(1), \
- "Cannot prepare environment for test."); \
- RUNNER_ASSERT_MSG(-1 != setuid(1), \
- "Cannot prepare environment for test"); \
- } while (0)
-
-
-/**
- * Environment preparation should only differ in setting label. On NOSMACK system
- * smack_set_label_for_self returns error because of no access to /proc/self/attr/current.
- */
-#define ENVIRONMENT_NOSMACK \
- do { \
- int fd = open("/opt/home/root/pid_cycle", O_CREAT|O_APPEND, 0444);\
- RUNNER_ASSERT_MSG(fd >= 0, \
- "Couldn't create pid_cycle file. errno: " << strerror(errno));\
- close(fd); \
- RUNNER_ASSERT_MSG(-1 != setgid(1), \
- "Cannot prepare environment for test."); \
- RUNNER_ASSERT_MSG(-1 != setuid(1), \
- "Cannot prepare environment for test"); \
- } while (0)
-
-
/**
* Unique_ptr typedef for NOSMACK version of tc06 test
*/
RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_CLIENT_SMACK)
/*
- * test: Check cookie size returned by security_server_get_cookie_size.
- * description: Cookie used by security-server is 20 bytes long.
- * Any other size of cookies should be treated as error.
- * expected: Function security_server_get_cookie_size returns 20.
- */
-RUNNER_CHILD_TEST_SMACK(tc01_security_server_get_cookie_size)
-{
- ENVIRONMENT;
-
- int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(20 == ret, "ret = " << ret);
-}
-
-/*
- * test: security_server_request_cookie
- * description: Function security_server_request_cookie will return
- * 20 bytes long cookie.
- * expected: function will set up cookie in the array and return
- * SECURITY_SERVER_API_SUCCESS.
- */
-RUNNER_CHILD_TEST_SMACK(tc02_security_server_request_cookie_normal_case)
-{
- ENVIRONMENT;
-
- char cookie[20];
- int ret = security_server_request_cookie(cookie, 20);
- LogDebug("ret = " << ret);
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS == ret);
-}
-
-/*
- * test: security_server_request_cookie
- * description: Function security_server_request_cookie will return
- * 20 bytes long cookie.
- * expected: function will set up cookie in the array and return
- * SECURITY_SERVER_API_SUCCESS.
- */
-RUNNER_CHILD_TEST_SMACK(tc03_security_server_request_cookie_too_small_buffer_size)
-{
- ENVIRONMENT;
-
- char cookie[20];
- int ret = security_server_request_cookie(cookie, 10);
- LogDebug("ret = " << ret);
- RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL == ret);
-}
-
-/*
* test: tc04_security_server_get_gid
* description: Checking for security_server_get_gid
* with nonexisting gid and existing one
RUNNER_CHILD_TEST_SMACK(tc04_security_server_get_gid)
{
SecurityServer::AccessProvider provider("tc04mylabel");
- provider.allowFunction("security_server_get_gid", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_get_gid");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_get_gid("abc123xyz_pysiaczek");
LogDebug("ret = " << ret);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT == ret, "Ret: " << ret);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT == ret, "Ret: " << ret);
ret = security_server_get_gid("root");
LogDebug("ret = " << ret);
- RUNNER_ASSERT_MSG(0 == ret, "Ret: " << ret);
+ RUNNER_ASSERT_MSG_BT(0 == ret, "Ret: " << ret);
}
/*
const char *subject_label = "tc05subjectlabel";
SmackAccess access;
- access.add(subject_label, object_label, access_rights, TRACE_FROM_HERE);
- access.add(subject_label, "security-server::api-cookie-check", "w", TRACE_FROM_HERE);
- access.apply(TRACE_FROM_HERE);
+ access.add(subject_label, object_label, access_rights);
+ access.add(subject_label, "security-server::api-cookie-check", "w");
+ access.apply();
- RUNNER_ASSERT(0 == smack_set_label_for_self(subject_label));
+ RUNNER_ASSERT_BT(0 == smack_set_label_for_self(subject_label));
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
+ RUNNER_ASSERT_BT(SECURITY_SERVER_API_SUCCESS ==
security_server_request_cookie(cookie,20));
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
+ RUNNER_ASSERT_BT(SECURITY_SERVER_API_SUCCESS ==
security_server_check_privilege_by_cookie(
cookie,
object_label,
access_rights));
- RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
+ RUNNER_ASSERT_BT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
security_server_check_privilege_by_cookie(
cookie,
object_label,
int result2 = -1;
smack_accesses *handle;
- RUNNER_ASSERT(0 == smack_accesses_new(&handle));
- RUNNER_ASSERT(0 == smack_accesses_add(handle,
+ RUNNER_ASSERT_BT(0 == smack_accesses_new(&handle));
+ RUNNER_ASSERT_BT(0 == smack_accesses_add(handle,
subject_label,
object_label,
access_rights));
- RUNNER_ASSERT(0 == smack_accesses_apply(handle));
+ RUNNER_ASSERT_BT(0 == smack_accesses_apply(handle));
smack_accesses_free(handle);
int pid = fork();
char *label;
- RUNNER_ASSERT(-1 != pid);
+ RUNNER_ASSERT_BT(-1 != pid);
if (0 == pid) {
// child
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
+ RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "create_new_socket() failed");
SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != NULL, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\"");
+ RUNNER_ASSERT_MSG_BT(label != NULL, "security_server_get_smacklabel_sockfd failed");
+ RUNNER_ASSERT_MSG_BT(strcmp(label,"") == 0, "label is \"" << label << "\"");
free(label);
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
- RUNNER_ASSERT_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+ RUNNER_ASSERT_MSG_BT(listen(sockfd, 5) >= 0, "child listen failed");
label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != NULL, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\"");
+ RUNNER_ASSERT_MSG_BT(label != NULL, "security_server_get_smacklabel_sockfd failed");
+ RUNNER_ASSERT_MSG_BT(strcmp(label,"") == 0, "label is \"" << label << "\"");
free(label);
struct sockaddr_un client_addr;
socklen_t client_len = sizeof(client_addr);
int csockfd;
- RUNNER_ASSERT_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
+ RUNNER_ASSERT_MSG_BT((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
usleep(500);
// parent
sleep(1);
int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "connect_to_testserver() failed");
SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != NULL, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,subject_label) == 0, "label is \"" << label << "\"" << ", subject_label is \"" << subject_label << "\"" );
+ RUNNER_ASSERT_MSG_BT(label != NULL, "security_server_get_smacklabel_sockfd failed");
+ RUNNER_ASSERT_MSG_BT(strcmp(label,subject_label) == 0, "label is \"" << label << "\"" << ", subject_label is \"" << subject_label << "\"" );
free(label);
result1 = security_server_check_privilege_by_sockfd(
access_rights_ext);
}
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, "result = " << result2);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS == result1, "result = " << result1);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, "result = " << result2);
}
/*
int result2 = -1;
SmackAccess access;
- access.add(subject_label, object_label, access_rights, TRACE_FROM_HERE);
- access.apply(TRACE_FROM_HERE);
+ access.add(subject_label, object_label, access_rights);
+ access.apply();
int pid = fork();
- RUNNER_ASSERT(-1 != pid);
+ RUNNER_ASSERT_BT(-1 != pid);
if (0 == pid) {
pid = fork();
- RUNNER_ASSERT(-1 != pid);
+ RUNNER_ASSERT_BT(-1 != pid);
if (0 == pid) {
// child
int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "create_new_socket() failed");
SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
+ RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
- RUNNER_ASSERT_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+ RUNNER_ASSERT_MSG_BT(listen(sockfd, 5) >= 0, "child listen failed");
struct sockaddr_un client_addr;
socklen_t client_len = sizeof(client_addr);
// parent
sleep(1);
int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "connect_to_testserver() failed");
result1 = security_server_check_privilege_by_sockfd(
sockfd,
close(sockfd);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, " result2 = " << result2);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, " result2 = " << result2);
}
}
}
/////NOSMACK ENV TESTS/////
///////////////////////////
-/**
- * First four test cases are the same as their SMACK versions. The only difference is environment
- * preparation (described near ENVIRONMENT_NOSMACK macro).
- */
-RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_get_cookie_size_nosmack)
-{
- ENVIRONMENT_NOSMACK;
-
- int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(ret == 20, "ret = " << ret);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc02_security_server_request_cookie_normal_case_nosmack)
-{
- ENVIRONMENT_NOSMACK;
-
- char cookie[20];
- int ret = security_server_request_cookie(cookie, 20);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc03_security_server_request_cookie_too_small_buffer_size_nosmack)
-{
- ENVIRONMENT_NOSMACK;
-
- char cookie[20];
- int ret = security_server_request_cookie(cookie, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
-}
-
RUNNER_CHILD_TEST_NOSMACK(tc04_security_server_get_gid_nosmack)
{
- ENVIRONMENT_NOSMACK;
+ int ret;
+
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG_BT(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
- int ret = security_server_get_gid("definitely_not_existing_object");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret = " << ret);
+ ret = security_server_get_gid("definitely_not_existing_object");
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret = " << ret);
ret = security_server_get_gid("root");
- RUNNER_ASSERT_MSG(ret == 0, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == 0, "ret = " << ret);
}
/*
char cookie[20];
const char* object_label = "tc05objectlabel";
- RUNNER_ASSERT(security_server_request_cookie(cookie,20) == SECURITY_SERVER_API_SUCCESS);
+ RUNNER_ASSERT_BT(security_server_request_cookie(cookie,20) == SECURITY_SERVER_API_SUCCESS);
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
+ RUNNER_ASSERT_BT(SECURITY_SERVER_API_SUCCESS ==
security_server_check_privilege_by_cookie(cookie, object_label, "r"));
//On NOSMACK env security server should return success on any accesses, even those that are
//incorrect.
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
+ RUNNER_ASSERT_BT(SECURITY_SERVER_API_SUCCESS ==
security_server_check_privilege_by_cookie(cookie, object_label, "rw"));
}
int pid = fork();
char* label;
- RUNNER_ASSERT(pid >= 0);
+ RUNNER_ASSERT_BT(pid >= 0);
int ret;
if (pid == 0) { //child process - server
//create new socket
int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "create_new_socket() failed");
SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
//check if get_smacklabel_sockfd works correctly
label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != NULL, "security_server_get_smacklabel_sockfd failed");
+ RUNNER_ASSERT_MSG_BT(label != NULL, "security_server_get_smacklabel_sockfd failed");
ret = strcmp(label, "");
free(label);
- RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\"");
+ RUNNER_ASSERT_MSG_BT(ret == 0, "label is \"" << label << "\"");
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
- RUNNER_ASSERT_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+ RUNNER_ASSERT_MSG_BT(listen(sockfd, 5) >= 0, "child listen failed");
struct sockaddr_un client_addr;
socklen_t client_len = sizeof(client_addr);
int csockfd;
- RUNNER_ASSERT_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
+ RUNNER_ASSERT_MSG_BT((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
//wait a little bit for parent to do it's job
usleep(200);
//parent
sleep(1);
int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to connect to server.");
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "Failed to connect to server.");
SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != NULL, "get_smacklabel_sockfd failed.");
+ RUNNER_ASSERT_MSG_BT(label != NULL, "get_smacklabel_sockfd failed.");
ret = strcmp(label, "");
free(label);
- RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\"");
+ RUNNER_ASSERT_MSG_BT(ret == 0, "label is \"" << label << "\"");
result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
}
- RUNNER_ASSERT_MSG(result1 == SECURITY_SERVER_API_SUCCESS, "result = " << result1);
- RUNNER_ASSERT_MSG(result2 == SECURITY_SERVER_API_SUCCESS, "result = " << result2);
+ RUNNER_ASSERT_MSG_BT(result1 == SECURITY_SERVER_API_SUCCESS, "result = " << result1);
+ RUNNER_ASSERT_MSG_BT(result2 == SECURITY_SERVER_API_SUCCESS, "result = " << result2);
}
/**
int result2 = -1;
int pid = fork();
- RUNNER_ASSERT(-1 != pid);
+ RUNNER_ASSERT_BT(-1 != pid);
if (pid == 0) {
pid = fork();
- RUNNER_ASSERT(-1 != pid);
+ RUNNER_ASSERT_BT(-1 != pid);
if (pid == 0) { //child process
//Create socket
int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "create_new_socket() failed");
SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
//Drop privileges
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
//Prepare for accepting
- RUNNER_ASSERT_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+ RUNNER_ASSERT_MSG_BT(listen(sockfd, 5) >= 0, "child listen failed");
struct sockaddr_un client_addr;
socklen_t client_len = sizeof(client_addr);
//Accept connections
int csockfd;
- RUNNER_ASSERT_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
+ RUNNER_ASSERT_MSG_BT((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
//wait a little bit for parent to do it's job
usleep(200);
exit(0);
} else { //parent process
//Drop root privileges
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
//Wait for server to set up
sleep(1);
//Connect and check privileges
int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to create socket fd.");
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "Failed to create socket fd.");
result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
close(sockfd);
//Both results (just like in the previous test case) should return success.
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2);
}
}
}
-int apply_smack_rule(const char *subject, const char *object, const char *rule)
-{
- struct smack_accesses *ruleHandler = NULL;
- if (smack_accesses_new(&ruleHandler) != 0)
- goto error;
- if (smack_accesses_add(ruleHandler, subject, object, rule) != 0)
- goto error;
- if (smack_accesses_apply(ruleHandler) != 0)
- goto error;
-
- smack_accesses_free(ruleHandler);
- return 0;
-
-error:
- smack_accesses_free(ruleHandler);
- return -1;
-}
-
-RUNNER_TEST(tc10_security_server_get_uid_by_cookie)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- std::vector<char> cookie(cookieSize);
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //checking function
- uid_t cookieUid, realUid;
- realUid = getuid();
- retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie. My uid: " << realUid << " Server error: " << retval);
- RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
-
- //checking for input parameters
- retval = security_server_get_uid_by_cookie(NULL, &cookieUid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "Error in checking input parameters by function");
- retval = security_server_get_uid_by_cookie(&cookie[0], NULL);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "Error in checking input parameters by function");
-}
-
-RUNNER_CHILD_TEST_SMACK(tc11_security_server_get_uid_by_cookie_smack)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- std::vector<char> cookie(cookieSize);
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //preapare SMACK environment
- RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG(smack_revoke_subject("BialyMis") == 0, "Error in smack_revoke_subject");
- //drop privileges
- RUNNER_ASSERT_MSG(setuid(APP_UID) == 0, "Unable to drop privileges");
-
- //checking function
- uid_t cookieUid;
- retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "Socket not protected by smack");
-}
-
-RUNNER_CHILD_TEST_SMACK(tc12_security_server_get_uid_by_cookie_smack)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- uid_t realUid = getuid();
-
- std::vector<char> cookie(cookieSize);
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //preapare SMACK environment
- RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
- //drop privileges
- RUNNER_ASSERT_MSG(setuid(APP_UID) == 0, "Unable to drop privileges");
-
- //checking function
- uid_t cookieUid;
- retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
- RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc12_security_server_get_uid_by_cookie_nosmack)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- uid_t realUid = getuid();
-
- std::vector<char> cookie(cookieSize);
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //drop privileges
- RUNNER_ASSERT_MSG(setuid(APP_UID) == 0, "Unable to drop privileges");
-
- //checking function
- uid_t cookieUid;
- retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
- RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
-}
-
-RUNNER_CHILD_TEST_SMACK(tc13_security_server_get_uid_by_cookie_smack)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- //preapare SMACK environment
- RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
- RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-get", "w") == 0, "Error in adding rule");
- //drop privileges
- RUNNER_ASSERT_MSG(setuid(APP_UID) == 0, "Unable to drop privileges");
-
- std::vector<char> cookie(cookieSize);
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //checking function
- uid_t cookieUid, realUid = getuid();
- retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
- RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc13_security_server_get_uid_by_cookie_nosmack)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- //drop privileges
- RUNNER_ASSERT_MSG(setuid(APP_UID) == 0, "Unable to drop privileges");
-
- std::vector<char> cookie(cookieSize);
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //checking function
- uid_t cookieUid, realUid = getuid();
- retval = security_server_get_uid_by_cookie(&cookie[0], &cookieUid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get UID from cookie");
- RUNNER_ASSERT_MSG(realUid == cookieUid, "No match in received UID");
-}
-
-RUNNER_TEST(tc14_security_server_get_gid_by_cookie)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- std::vector<char> cookie(cookieSize);
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //checking function
- gid_t cookieGid, realGid;
- realGid = getgid();
- retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
- RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID");
-
- //checking for input parameters
- retval = security_server_get_gid_by_cookie(NULL, &cookieGid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "Error in checking input parameters by function");
- retval = security_server_get_gid_by_cookie(&cookie[0], NULL);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "Error in checking input parameters by function");
-
-}
-
-RUNNER_CHILD_TEST_SMACK(tc15_security_server_get_gid_by_cookie_smack)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- std::vector<char> cookie(cookieSize);
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //preapare SMACK environment
- RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG(smack_revoke_subject("BialyMis") == 0, "Error in smack_revoke_subject");
- //drop privileges
- RUNNER_ASSERT_MSG(setgid(APP_GID) == 0, "Unable to drop privileges");
- RUNNER_ASSERT_MSG(setuid(APP_UID) == 0, "Unable to drop privileges");
-
- //checking function
- gid_t cookieGid, realGid;
- realGid = getgid();
- retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "Socket not protected by smack");
-}
-
-RUNNER_CHILD_TEST_SMACK(tc16_security_server_get_gid_by_cookie_smack)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- std::vector<char> cookie(cookieSize);
-
- gid_t realGid = getgid();
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //preapare SMACK environment
- RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
- //drop privileges
- RUNNER_ASSERT_MSG(setgid(APP_GID) == 0, "Unable to drop privileges");
- RUNNER_ASSERT_MSG(setuid(APP_UID) == 0, "Unable to drop privileges");
-
- //checking function
- gid_t cookieGid;
- retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
- RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc16_security_server_get_gid_by_cookie_nosmack)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- std::vector<char> cookie(cookieSize);
-
- gid_t realGid = getgid();
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //drop privileges
- RUNNER_ASSERT_MSG(setgid(APP_GID) == 0, "Unable to drop privileges");
- RUNNER_ASSERT_MSG(setuid(APP_UID) == 0, "Unable to drop privileges");
-
- //checking function
- gid_t cookieGid;
- retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
- RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc17_security_server_get_gid_by_cookie_smack)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- //preapare SMACK environment
- RUNNER_ASSERT_MSG(smack_set_label_for_self("BialyMis") == 0, "Unable to set label for self");
- RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-check", "w") == 0, "Error in adding rule");
- RUNNER_ASSERT_MSG(apply_smack_rule("BialyMis", "security-server::api-cookie-get", "w") == 0, "Error in adding rule");
- //drop privileges
- RUNNER_ASSERT_MSG(setgid(APP_GID) == 0, "Unable to drop privileges");
- RUNNER_ASSERT_MSG(setuid(APP_UID) == 0, "Unable to drop privileges");
-
- std::vector<char> cookie(cookieSize);
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //checking function
- gid_t cookieGid, realGid = getgid();
- retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
- RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc17_security_server_get_gid_by_cookie_nosmack)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == 20, "Wrong cookie size");
-
- //drop privileges
- RUNNER_ASSERT_MSG(setgid(APP_GID) == 0, "Unable to drop privileges");
- RUNNER_ASSERT_MSG(setuid(APP_UID) == 0, "Unable to drop privileges");
-
- std::vector<char> cookie(cookieSize);
- int retval = security_server_request_cookie(&cookie[0], cookieSize);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get cookie");
-
- //checking function
- gid_t cookieGid, realGid = getgid();
- retval = security_server_get_gid_by_cookie(&cookie[0], &cookieGid);
- RUNNER_ASSERT_MSG(retval == SECURITY_SERVER_API_SUCCESS, "Unable to get GID from cookie");
- RUNNER_ASSERT_MSG(realGid == cookieGid, "No match in received GID. ReadGid: " << realGid << " CookieGid: " << cookieGid);
-}
-
RUNNER_TEST_SMACK(tc18_security_server_get_smacklabel_cookie) {
int res;
- pid_t mypid;
-
char *label_smack = NULL;
char *label_ss = NULL;
char *cookie = NULL;
int cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size, "Wrong cookie size from security-server");
-
- mypid = getpid();
+ RUNNER_ASSERT_MSG_BT(PROPER_COOKIE_SIZE == cookie_size, "Wrong cookie size from security-server");
cookie = (char*) calloc(cookie_size, 1);
- RUNNER_ASSERT_MSG(NULL != cookie, "Memory allocation error");
+ RUNNER_ASSERT_MSG_BT(NULL != cookie, "Memory allocation error");
res = security_server_request_cookie(cookie, cookie_size);
if (res != SECURITY_SERVER_API_SUCCESS) {
free(cookie);
- RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS, "Error in requesting cookie from security-server");
+ RUNNER_ASSERT_MSG_BT(res == SECURITY_SERVER_API_SUCCESS, "Error in requesting cookie from security-server");
}
label_ss = security_server_get_smacklabel_cookie(cookie);
free(cookie);
- RUNNER_ASSERT_MSG(label_ss != NULL, "Error in getting label by cookie");
+ RUNNER_ASSERT_MSG_BT(label_ss != NULL, "Error in getting label by cookie");
std::string label_cookie(label_ss);
res = smack_new_label_from_self(&label_smack);
if (res < 0) {
free(label_smack);
- RUNNER_ASSERT_MSG(res == 0, "Error in getting self SMACK label");
+ RUNNER_ASSERT_MSG_BT(res == 0, "Error in getting self SMACK label");
}
std::string label_self(label_smack ? label_smack : "");
free(label_smack);
- RUNNER_ASSERT_MSG(label_self == label_cookie, "No match in SMACK labels");
+ RUNNER_ASSERT_MSG_BT(label_self == label_cookie, "No match in SMACK labels");
//TODO: here could be label change using SMACK API and checking if it
RUNNER_TEST_NOSMACK(tc18_security_server_get_smacklabel_cookie_nosmack) {
int res;
- pid_t mypid;
-
char* label_ss = NULL;
char* cookie = NULL;
int cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size,
+ RUNNER_ASSERT_MSG_BT(PROPER_COOKIE_SIZE == cookie_size,
"Wrong cookie size from security-server. Size: " << cookie_size);
cookie = (char*) calloc(cookie_size, sizeof(char));
- RUNNER_ASSERT_MSG(NULL != cookie, "Memory allocation error");
-
- mypid = getpid();
+ RUNNER_ASSERT_MSG_BT(NULL != cookie, "Memory allocation error");
//Request cookie from SS
res = security_server_request_cookie(cookie, cookie_size);
std::unique_ptr<char, std::function<void(char*)> > cookie_ptr(cookie, free);
cookie = NULL;
- RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(res == SECURITY_SERVER_API_SUCCESS,
"Error in requesting cookie from security-server. Result: " << res);
label_ss = security_server_get_smacklabel_cookie(cookie_ptr.get());
- RUNNER_ASSERT_MSG(label_ss != NULL, "Error in getting label by cookie");
-
- //Check if label_ss is correct, that is only one NULL character.
- if (label_ss[0] != '\0') {
- free(label_ss);
- RUNNER_ASSERT_MSG(label_ss[0] == '\0', "label_ss was not an empty string.");
- }
+ RUNNER_ASSERT_MSG_BT(label_ss != NULL, "Error in getting label by cookie");
+ std::string label(label_ss);
free(label_ss);
+ RUNNER_ASSERT_MSG_BT(label.empty(), "label_ss is not an empty string.");
+
}
////////////////////
projects / platform / core / test / security-tests.git / blobdiff