*/
/*
* @file security_server_tests_client_smack.cpp
- * @author Bumjin Im (bj.im@samsung.com)
- * @author Mariusz Domanski (m.domanski@samsung.com)
- * @version 1.0
- * @brief Test cases for security server client
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.1
+ * @brief Test cases for security-server-client-smack.
*/
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/smack.h>
+#include <sys/wait.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <memory>
+#include <functional>
+
+#include <dpl/log/log.h>
#include <dpl/test/test_runner.h>
-#include <dlog.h>
-#include "security_server_tests_client.h"
+#include <dpl/test/test_runner_child.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include "security_server_mockup.h"
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_CLIENT_SMACK)
+#include <security-server.h>
+#include <access_provider.h>
+#include "tests_common.h"
+#include <summary_collector.h>
+
+
+#define PROPER_COOKIE_SIZE 20
-RUNNER_TEST(tc_security_server_get_cookie_size)
+/**
+ * Unique_ptr typedef for NOSMACK version of tc06 test
+ */
+void closesockfdptr(int* sockfd_ptr)
{
- int ret = security_server_get_cookie_size();
- LOGD("ret = %d", ret);
- RUNNER_ASSERT(ret == 20);
+ close(*sockfd_ptr);
}
+typedef std::unique_ptr<int, std::function<void(int*)> > SockFDUniquePtr;
+
+RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_CLIENT_SMACK)
-RUNNER_TEST(tc_security_server_request_cookie_normal_case)
+/*
+ * test: tc04_security_server_get_gid
+ * description: Checking for security_server_get_gid
+ * with nonexisting gid and existing one
+ * expected: security_server_get_gid should return
+ * SECURITY_SERVER_ERROR_NO_SUCH_OBJECT with first call
+ * and group id with second call
+ */
+RUNNER_CHILD_TEST_SMACK(tc04_security_server_get_gid)
{
- int ret = security_server_request_cookie(cookie, 20);
- LOGD("ret = %d", ret);
- RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
+ SecurityServer::AccessProvider provider("tc04mylabel");
+ provider.allowFunction("security_server_get_gid");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = security_server_get_gid("abc123xyz_pysiaczek");
+ LogDebug("ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT == ret, "Ret: " << ret);
+ ret = security_server_get_gid("root");
+ LogDebug("ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(0 == ret, "Ret: " << ret);
}
-RUNNER_TEST(tc_security_server_request_cookie_too_small_buffer_size)
+/*
+ * test: tc05_check_privilege_by_cookie
+ * description: Function security_server_check_privilege_by_cookie should
+ * return status of access rights of cookie owner. In this case cookie owner
+ * is the same process that ask for the rights.
+ * expected: Function call with access rights set to "r" should return SUCCESS,
+ * with "rw" should return ACCESS DENIED.
+ */
+RUNNER_CHILD_TEST_SMACK(tc05_check_privilege_by_cookie)
{
- int ret = security_server_request_cookie(cookie, 10);
- LOGD("ret = %d", ret);
- RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL);
+ char cookie[20];
+ const char *object_label = "tc05objectlabel";
+ const char *access_rights = "r";
+ const char *access_rights_ext = "rw";
+ const char *subject_label = "tc05subjectlabel";
+
+ SmackAccess access;
+ access.add(subject_label, object_label, access_rights);
+ access.add(subject_label, "security-server::api-cookie-check", "w");
+ access.apply();
+
+ RUNNER_ASSERT_BT(0 == smack_set_label_for_self(subject_label));
+
+ RUNNER_ASSERT_BT(SECURITY_SERVER_API_SUCCESS ==
+ security_server_request_cookie(cookie,20));
+
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
+
+ RUNNER_ASSERT_BT(SECURITY_SERVER_API_SUCCESS ==
+ security_server_check_privilege_by_cookie(
+ cookie,
+ object_label,
+ access_rights));
+
+ RUNNER_ASSERT_BT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
+ security_server_check_privilege_by_cookie(
+ cookie,
+ object_label,
+ access_rights_ext));
}
-RUNNER_TEST(tc_security_server_get_gid_client_is_not_allowed)
+/*
+ * test: security_server_check_privilege_by_sockfd
+ * description: This test will create dummy server that will accept connection
+ * and die. The client will try to check access rights using connection descriptor.
+ * expected: Function call with access rights set to "r" should return SUCCESS,
+ * with "rw" should return ACCESS DENIED.
+ */
+RUNNER_MULTIPROCESS_TEST_SMACK(tc06_check_privilege_by_sockfd)
{
- int ret = security_server_get_gid("telephony");
- LOGD("ret = %d", ret);
- RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED);
+ const char *object_label = "tc06objectlabel";
+ const char *access_rights = "r";
+ const char *access_rights_ext = "rw";
+ const char *subject_label = "tc06subjectlabel";
+
+ int result1 = -1;
+ int result2 = -1;
+
+ smack_accesses *handle;
+ RUNNER_ASSERT_BT(0 == smack_accesses_new(&handle));
+ RUNNER_ASSERT_BT(0 == smack_accesses_add(handle,
+ subject_label,
+ object_label,
+ access_rights));
+ RUNNER_ASSERT_BT(0 == smack_accesses_apply(handle));
+ smack_accesses_free(handle);
+
+ int pid = fork();
+ char *label;
+ RUNNER_ASSERT_BT(-1 != pid);
+
+ if (0 == pid) {
+ // child
+ RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
+
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "create_new_socket() failed");
+
+ SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
+
+ label = security_server_get_smacklabel_sockfd(sockfd);
+ RUNNER_ASSERT_MSG_BT(label != NULL, "security_server_get_smacklabel_sockfd failed");
+ RUNNER_ASSERT_MSG_BT(strcmp(label,"") == 0, "label is \"" << label << "\"");
+ free(label);
+
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
+
+ RUNNER_ASSERT_MSG_BT(listen(sockfd, 5) >= 0, "child listen failed");
+
+ label = security_server_get_smacklabel_sockfd(sockfd);
+ RUNNER_ASSERT_MSG_BT(label != NULL, "security_server_get_smacklabel_sockfd failed");
+ RUNNER_ASSERT_MSG_BT(strcmp(label,"") == 0, "label is \"" << label << "\"");
+ free(label);
+
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
+ int csockfd;
+ RUNNER_ASSERT_MSG_BT((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
+
+ usleep(500);
+
+ close(csockfd);
+ exit(0);
+ } else {
+ // parent
+ sleep(1);
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "connect_to_testserver() failed");
+
+ SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
+
+ label = security_server_get_smacklabel_sockfd(sockfd);
+ RUNNER_ASSERT_MSG_BT(label != NULL, "security_server_get_smacklabel_sockfd failed");
+ RUNNER_ASSERT_MSG_BT(strcmp(label,subject_label) == 0, "label is \"" << label << "\"" << ", subject_label is \"" << subject_label << "\"" );
+ free(label);
+
+ result1 = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights);
+ result2 = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights_ext);
+ }
+
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS == result1, "result = " << result1);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, "result = " << result2);
}
-RUNNER_TEST(tc_requesting_access_to_test_server_via_security_server)
+/*
+ * test: security_server_check_privilege_by_sockfd
+ * description: This test will create dummy server that will accept connection
+ * and die. The client will try to check access rights using connection descriptor.
+ * Because we read a smack label not from socket directly, but from from pid of process
+ * on the other end of socket - that's why smack label will be updated.
+ * In this test client is running under root and server is not - to test the extreme case.
+ * expected: Function call with access rights set to "r" should return SUCCESS,
+ * with "rw" should return ACCESS DENIED.
+ */
+RUNNER_MULTIPROCESS_TEST_SMACK(tc07_check_privilege_by_sockfd)
{
- sock_fd = connect_to_testserver();
- if(sock_fd < 1)
- {
- LOGD("sock_fd = %d", sock_fd);
- RUNNER_ASSERT_MSG(false, "Socket connection error");
- }
- int ret = send_request_new_cookie(sock_fd, cookie, object_label, access_rights);
- if(ret != 0)
- {
- close(sock_fd);
- LOGD("ret = %d", ret);
- RUNNER_ASSERT_MSG(false, "send failed");
- }
- ret = recv_result(sock_fd);
- close(sock_fd);
- sock_fd = 0;
- if(ret == SECURITY_SERVER_API_SUCCESS)
- {
- LOGD("Permission granted\n");
- }
- else if(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED)
- {
- RUNNER_ASSERT_MSG(false, "Permission denied");
- }
- else
- {
- LOGD("ret = %d", ret);
- RUNNER_ASSERT_MSG(false, "Recv error");
+ const char *object_label = "tc07objectlabel";
+ const char *access_rights = "r";
+ const char *access_rights_ext = "rw";
+ const char *subject_label = "tc07subjectlabel";
+
+ int result1 = -1;
+ int result2 = -1;
+
+ SmackAccess access;
+ access.add(subject_label, object_label, access_rights);
+ access.apply();
+
+ int pid = fork();
+ RUNNER_ASSERT_BT(-1 != pid);
+
+ if (0 == pid) {
+
+ pid = fork();
+ RUNNER_ASSERT_BT(-1 != pid);
+
+ if (0 == pid) {
+ // child
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "create_new_socket() failed");
+
+ SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
+
+ RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
+
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
+
+ RUNNER_ASSERT_MSG_BT(listen(sockfd, 5) >= 0, "child listen failed");
+
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
+ int csockfd = TEMP_FAILURE_RETRY(accept(sockfd,(struct sockaddr*)&client_addr, &client_len));
+ if (csockfd >= 0)
+ close(csockfd);
+ LogDebug("Exit!");
+ exit(0);
+ } else {
+ // parent
+ sleep(1);
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "connect_to_testserver() failed");
+
+ result1 = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights);
+ result2 = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights_ext);
+
+ close(sockfd);
+
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, " result2 = " << result2);
+ }
}
}
-RUNNER_TEST(tc_requesting_access_to_test_server_with_direct_ipc)
+///////////////////////////
+/////NOSMACK ENV TESTS/////
+///////////////////////////
+
+RUNNER_CHILD_TEST_NOSMACK(tc04_security_server_get_gid_nosmack)
{
- LOGD("subject: >%s<\n", subject_label);
- LOGD("object: >%s<\n", object_label);
- LOGD("access: >%s<\n", access_rights);
-
- sock_fd = connect_to_testserver();
- if(sock_fd < 1)
- {
- LOGD("sock_fd = %d", sock_fd);
- RUNNER_ASSERT_MSG(false, "Socket connection error");
- }
- int ret = send_request_new_direct(sock_fd, object_label, access_rights);
- if(ret != 0)
- {
- close(sock_fd);
- LOGD("ret = %d", ret);
- RUNNER_ASSERT_MSG(false, "send failed");
- }
- ret = recv_result(sock_fd);
- close(sock_fd);
- if(ret == SECURITY_SERVER_API_SUCCESS)
- {
- LOGD("Permission granted\n");
- }
- else if(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED)
- {
- RUNNER_ASSERT_MSG(false, "Permission denied");
- }
- else
- {
- LOGD("ret = %d", ret);
- RUNNER_ASSERT_MSG(false, "Recv error");
- }
+ int ret;
+
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG_BT(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+
+ ret = security_server_get_gid("definitely_not_existing_object");
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret = " << ret);
+ ret = security_server_get_gid("root");
+ RUNNER_ASSERT_MSG_BT(ret == 0, "ret = " << ret);
}
-RUNNER_TEST(tc_requesting_cookie_for_same_pid_with_different_path)
+/*
+ * NOSMACK version of tc05 test.
+ *
+ * Correct behaviour of smack_accesses_apply and smack_set_label_for_self was checked by libsmack
+ * tests. We assume, that those tests pass. Additionally security_server_check_privilege_by_cookie
+ * should return SUCCESS no matter what access_rights we give to this function.
+ */
+RUNNER_CHILD_TEST_NOSMACK(tc05_check_privilege_by_cookie_nosmack)
{
- LOGI(" Exiting this process to cycle different process as same PID.\n");
- LOGI(" Please look at the test server's terminal for the result\n");
- cur_pid = getpid();
- sock_fd = connect_to_testserver();
- if(sock_fd < 1)
- {
- RUNNER_ASSERT_MSG(false, "Socket connection error");
+ char cookie[20];
+ const char* object_label = "tc05objectlabel";
+
+ RUNNER_ASSERT_BT(security_server_request_cookie(cookie,20) == SECURITY_SERVER_API_SUCCESS);
+
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
+
+ RUNNER_ASSERT_BT(SECURITY_SERVER_API_SUCCESS ==
+ security_server_check_privilege_by_cookie(cookie, object_label, "r"));
+
+ //On NOSMACK env security server should return success on any accesses, even those that are
+ //incorrect.
+ RUNNER_ASSERT_BT(SECURITY_SERVER_API_SUCCESS ==
+ security_server_check_privilege_by_cookie(cookie, object_label, "rw"));
+}
+
+/**
+ * NOSMACK version of tc06 test.
+ *
+ * Differences between this and SMACK version (server):
+ * - Skipped setting access_rights
+ * - Skipped setting label for server
+ * - get_smacklabel_sockfd is called only once for server, almost right after fork and creation
+ * of socket (because it should do nothing when SMACK is off)
+ * - After get_smacklabel_sockfd privileges are dropped and server is prepared to accept connections
+ * from client
+ *
+ * For client the only difference are expected results from check_privilege_by_sockfd - both should
+ * return SUCCESS.
+ */
+RUNNER_MULTIPROCESS_TEST_NOSMACK(tc06_check_privilege_by_sockfd_nosmack)
+{
+ const char* object_label = "tc06objectlabel";
+
+ int result1 = -1;
+ int result2 = -1;
+
+ int pid = fork();
+ char* label;
+ RUNNER_ASSERT_BT(pid >= 0);
+
+ int ret;
+
+ if (pid == 0) { //child process - server
+ //create new socket
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "create_new_socket() failed");
+
+ SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
+
+ //check if get_smacklabel_sockfd works correctly
+ label = security_server_get_smacklabel_sockfd(sockfd);
+ RUNNER_ASSERT_MSG_BT(label != NULL, "security_server_get_smacklabel_sockfd failed");
+ ret = strcmp(label, "");
+ free(label);
+ RUNNER_ASSERT_MSG_BT(ret == 0, "label is \"" << label << "\"");
+
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
+
+ RUNNER_ASSERT_MSG_BT(listen(sockfd, 5) >= 0, "child listen failed");
+
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
+
+ int csockfd;
+ RUNNER_ASSERT_MSG_BT((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
+
+ //wait a little bit for parent to do it's job
+ usleep(200);
+
+ //if everything works, cleanup and return 0
+ close(csockfd);
+ exit(0);
+ } else {
+ //parent
+ sleep(1);
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "Failed to connect to server.");
+
+ SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
+
+ label = security_server_get_smacklabel_sockfd(sockfd);
+ RUNNER_ASSERT_MSG_BT(label != NULL, "get_smacklabel_sockfd failed.");
+ ret = strcmp(label, "");
+ free(label);
+ RUNNER_ASSERT_MSG_BT(ret == 0, "label is \"" << label << "\"");
+
+ result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
+ result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
}
- unsigned char buf[32] = {255, 255, 255, 255, };
- int size;
+ RUNNER_ASSERT_MSG_BT(result1 == SECURITY_SERVER_API_SUCCESS, "result = " << result1);
+ RUNNER_ASSERT_MSG_BT(result2 == SECURITY_SERVER_API_SUCCESS, "result = " << result2);
+}
+
+/**
+ * NOSMACK version of tc07 test.
+ */
+RUNNER_MULTIPROCESS_TEST_NOSMACK(tc07_check_privilege_by_sockfd_nosmack)
+{
+ const char* object_label = "tc07objectlabel";
+
+ int result1 = -1;
+ int result2 = -1;
+
+ int pid = fork();
+ RUNNER_ASSERT_BT(-1 != pid);
+
+ if (pid == 0) {
+
+ pid = fork();
+ RUNNER_ASSERT_BT(-1 != pid);
+
+ if (pid == 0) { //child process
+ //Create socket
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "create_new_socket() failed");
- memcpy(buf + 4, cookie, 20);
- memcpy(buf + 24, &cur_pid, sizeof(int));
- int ret = getuid();
- memcpy(buf + 28, &ret, sizeof(int));
+ SockFDUniquePtr sockfd_ptr(&sockfd, closesockfdptr);
- size = write(sock_fd, buf, 32);
- if(size < 32)
- {
- close(sock_fd);
- RUNNER_ASSERT_MSG(false, "Cannot send");
+ //Drop privileges
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
+
+ //Prepare for accepting
+ RUNNER_ASSERT_MSG_BT(listen(sockfd, 5) >= 0, "child listen failed");
+
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
+
+ //Accept connections
+ int csockfd;
+ RUNNER_ASSERT_MSG_BT((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, "child accept failed");
+
+ //wait a little bit for parent to do it's job
+ usleep(200);
+
+ //cleanup and kill child
+ close(csockfd);
+ exit(0);
+ } else { //parent process
+ //Drop root privileges
+ RUNNER_ASSERT_MSG_BT(drop_root_privileges() == 0, "uid = " << getuid());
+
+ //Wait for server to set up
+ sleep(1);
+
+ //Connect and check privileges
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG_BT(sockfd >= 0, "Failed to create socket fd.");
+
+ result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
+ result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
+
+ close(sockfd);
+
+ //Both results (just like in the previous test case) should return success.
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
+ RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2);
+ }
}
- if(sock_fd > 0)
- close(sock_fd);
}
+RUNNER_TEST_SMACK(tc18_security_server_get_smacklabel_cookie) {
+ int res;
-int main(int argc, char *argv[])
-{
- /* needed for dlog to work properly
- * during tests guid changes and dlog looses permission to write logs
- * printing log now opens file descriptor with proper privileges */
- LOGD("%s starts", argv[0]);
-
- g_group_num = 0;
- g_perm_num = 0;
-
- int ret = getuid();
- if(ret != 0)
- {
- printf("You must be root to test. Current UID: %d\nExiting...\n", ret);
- exit(1);
+ char *label_smack = NULL;
+ char *label_ss = NULL;
+ char *cookie = NULL;
+
+ int cookie_size = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG_BT(PROPER_COOKIE_SIZE == cookie_size, "Wrong cookie size from security-server");
+
+ cookie = (char*) calloc(cookie_size, 1);
+ RUNNER_ASSERT_MSG_BT(NULL != cookie, "Memory allocation error");
+
+ res = security_server_request_cookie(cookie, cookie_size);
+ if (res != SECURITY_SERVER_API_SUCCESS) {
+ free(cookie);
+ RUNNER_ASSERT_MSG_BT(res == SECURITY_SERVER_API_SUCCESS, "Error in requesting cookie from security-server");
}
- int argcc = 7;
- char *argvv[] = {argv[0], "-s", "mylabel", "-o", "objlabel", "-a", "rx"};
+ label_ss = security_server_get_smacklabel_cookie(cookie);
+ free(cookie);
+ RUNNER_ASSERT_MSG_BT(label_ss != NULL, "Error in getting label by cookie");
- system("touch /opt/home/root/pid_cycle");
- privilege_control(argcc, argvv);
- LOGD("Strting test. My PID is %d", getpid());
+ std::string label_cookie(label_ss);
+ free(label_ss);
+
+ res = smack_new_label_from_self(&label_smack);
+ if (res < 0) {
+ free(label_smack);
+ RUNNER_ASSERT_MSG_BT(res == 0, "Error in getting self SMACK label");
+ }
+ std::string label_self(label_smack ? label_smack : "");
+ free(label_smack);
- int status =
- DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ RUNNER_ASSERT_MSG_BT(label_self == label_cookie, "No match in SMACK labels");
- if(g_groups != NULL)
- free(g_groups);
- if(g_permissions != NULL)
- free(g_permissions);
- return status;
+
+ //TODO: here could be label change using SMACK API and checking if it
+ //is changed using security-server API function based on the same cookie
+}
+
+/**
+ * NOSMACK version of tc_security_server_get_smacklabel_cookie test.
+ *
+ * Most of this test goes exactly as the original one. The only difference are the labels:
+ * - We assume that libsmack tests passed and smack_new_label_from_self will return -1 and NULL
+ * label - there is no need to re-check it.
+ * - Label acquired from security_server_get_smacklabel_cookie should be an empty string.
+ */
+RUNNER_TEST_NOSMACK(tc18_security_server_get_smacklabel_cookie_nosmack) {
+ int res;
+
+ char* label_ss = NULL;
+ char* cookie = NULL;
+
+ int cookie_size = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG_BT(PROPER_COOKIE_SIZE == cookie_size,
+ "Wrong cookie size from security-server. Size: " << cookie_size);
+
+ cookie = (char*) calloc(cookie_size, sizeof(char));
+ RUNNER_ASSERT_MSG_BT(NULL != cookie, "Memory allocation error");
+
+ //Request cookie from SS
+ res = security_server_request_cookie(cookie, cookie_size);
+ std::unique_ptr<char, std::function<void(char*)> > cookie_ptr(cookie, free);
+ cookie = NULL;
+ RUNNER_ASSERT_MSG_BT(res == SECURITY_SERVER_API_SUCCESS,
+ "Error in requesting cookie from security-server. Result: " << res);
+
+ label_ss = security_server_get_smacklabel_cookie(cookie_ptr.get());
+ RUNNER_ASSERT_MSG_BT(label_ss != NULL, "Error in getting label by cookie");
+
+ std::string label(label_ss);
+ free(label_ss);
+ RUNNER_ASSERT_MSG_BT(label.empty(), "label_ss is not an empty string.");
+
+}
+
+////////////////////
+/////MAIN///////////
+////////////////////
+
+int main(int argc, char *argv[])
+{
+ SummaryCollector::Register();
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
}