X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=tests%2Flibprivilege-control-tests%2Ftest_cases.cpp;h=4bfa186e2d3f8ca3963ba73d5b232dc30c092498;hb=437838c6e9e34b3a76782ddb8eafa43e213ae876;hp=8f5d77d5b9c6dfb706fb35b8fa10e2903f081068;hpb=a7003ab882cedf38542e79b48d137c0c49a79503;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git diff --git a/tests/libprivilege-control-tests/test_cases.cpp b/tests/libprivilege-control-tests/test_cases.cpp index 8f5d77d..4bfa186 100644 --- a/tests/libprivilege-control-tests/test_cases.cpp +++ b/tests/libprivilege-control-tests/test_cases.cpp @@ -83,8 +83,17 @@ const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL }; #define APP_TEST_AV_1 "test-antivirus1" #define APP_TEST_AV_2 "test-antivirus_2" #define APP_TEST_AV_3 "test-av-3" + #define SMACK_APPS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_apps_id.db" #define SMACK_AVS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_avs_id.db" +#define SMACK_PUBLIC_DIRS_DATABASE "/opt/dbspace/.privilege_control_public_dirs.db" +#define SMACK_APPS_SETTINGS_LABELS_DATABASE "/opt/dbspace/.privilege_control_app_setting.db" +#define SMACK_SETTINGS_DIRS_DATABASE "/opt/dbspace/.privilege_control_setting_dir.db" + +#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1" +#define APP_TEST_SETTINGS_ASP2 "test-app-settings-asp2" +#define APP_TEST_AV_ASP1 "test-app-av-asp1" +#define APP_TEST_AV_ASP2 "test-app-av-asp2" #define SOCK_PATH "/tmp/test-smack-socket" @@ -366,6 +375,10 @@ int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb, result = strcmp(APPID_SHARED_DIR, label); RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"); + result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxat"); + RUNNER_ASSERT_MSG(result == 1, + "Error rwxat access was not given shared dir. Subject: " << + APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result); /* EXEC */ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); @@ -384,6 +397,123 @@ int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb, return 0; } +int check_labels_dir(const char *fpath, const struct stat *sb, + const char* labels_db_path, const char* dir_db_path, + const char* access) +{ + int result; + char* label; + char* label_gen; + char* scanf_label_format; + char label_temp[SMACK_LABEL_LEN + 1]; + FILE* file_db; + + /* ACCESS */ + result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS); + RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); + RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set"); + + /* EXEC */ + result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); + if(result != 0){ + free(label_gen); + RUNNER_ASSERT_MSG(false, "Could not get label for the path"); + } + if(label != NULL){ + free(label_gen); + free(label); + RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set."); + } + + /* TRANSMUTE */ + result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); + if(result != 0){ + free(label_gen); + free(label); + RUNNER_ASSERT_MSG(false, "Could not get label for the path"); + } + if (S_ISDIR(sb->st_mode)) { + if(label == NULL){ + free(label_gen); + free(label); + RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set"); + } + result = strcmp("TRUE", label); + if(result != 0){ + free(label_gen); + free(label); + RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set to TRUE"); + } + } else if(label != NULL){ + free(label_gen); + free(label); + RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set"); + } + + free(label); + + if(0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)){ + free(label_gen); + RUNNER_ASSERT_MSG(false, "asprintf failed"); + } + + file_db = fopen(labels_db_path, "r"); + if(file_db == NULL){ + free(label_gen); + free(scanf_label_format); + RUNNER_ASSERT_MSG(false, "Can not open database for apps"); + } + while(fscanf(file_db, scanf_label_format, label_temp)==1){ + result = smack_have_access(label_temp, label_gen, access); + if(result != 1){ + fclose(file_db); + free(label_gen); + free(scanf_label_format); + RUNNER_ASSERT_MSG(false, + "Error " << access << " access was not given for subject: " + << label_temp << ". Result: " << result); + } + } + fclose(file_db); + + file_db = fopen(dir_db_path, "r"); + if(file_db == NULL){ + free(label_gen); + free(scanf_label_format); + RUNNER_ASSERT_MSG(false, "Can not open database for dirs"); + } + bool is_dir = false; + while(fscanf(file_db, scanf_label_format, label_temp)==1){ + if(strcmp(label_gen, label_temp) == 0){ + is_dir = true; + break; + } + } + free(scanf_label_format); + free(label_gen); + fclose(file_db); + + RUNNER_ASSERT_MSG(is_dir, "Error autogenerated label is not in dirs db."); + + return 0; +} + +int nftw_check_labels_app_public_dir(const char *fpath, const struct stat *sb, + int /*typeflag*/, struct FTW * /*ftwbuf*/) +{ + return check_labels_dir(fpath, sb, + SMACK_APPS_LABELS_DATABASE, + SMACK_PUBLIC_DIRS_DATABASE, "rx"); +} + +int nftw_check_labels_app_settings_dir(const char *fpath, const struct stat *sb, + int /*typeflag*/, struct FTW * /*ftwbuf*/) +{ + return check_labels_dir(fpath, sb, + SMACK_APPS_SETTINGS_LABELS_DATABASE, + SMACK_SETTINGS_DIRS_DATABASE, "rwx"); +} + int file_exists(const char* path) { FILE* file = fopen(path, "r"); @@ -479,8 +609,81 @@ int cleaning_smack_database_files (void) return -1; } + //clean app settings database + unlink(SMACK_APPS_SETTINGS_LABELS_DATABASE); + fd = open(SMACK_APPS_SETTINGS_LABELS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644); + if (fd == -1) { + return -1; + } + + //clean public dirs database + unlink(SMACK_PUBLIC_DIRS_DATABASE); + fd = open(SMACK_PUBLIC_DIRS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644); + if (fd == -1) { + return -1; + } + + //clean settings dirs database + unlink(SMACK_SETTINGS_DIRS_DATABASE); + fd = open(SMACK_SETTINGS_DIRS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644); + if (fd == -1) { + return -1; + } + return 0; } + +void add_lables_to_db() +{ + FILE* file_db; + + file_db = fopen(SMACK_AVS_LABELS_DATABASE, "a"); + RUNNER_ASSERT_MSG(file_db != NULL, "Error database file " + << SMACK_AVS_LABELS_DATABASE << " can not be opened to apend!"); + if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP1)) { + fclose(file_db); + RUNNER_ASSERT_MSG(false, "Error writing to database file"); + } + if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP2)) { + fclose(file_db); + RUNNER_ASSERT_MSG(false, "Error writing to database file"); + } + fclose(file_db); + + file_db = fopen(SMACK_APPS_SETTINGS_LABELS_DATABASE, "a"); + RUNNER_ASSERT_MSG(file_db != NULL, "Error database file " + << SMACK_APPS_SETTINGS_LABELS_DATABASE << " can not be opened to apend!"); + if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP1)) { + fclose(file_db); + RUNNER_ASSERT_MSG(false, "Error writing to database file"); + } + if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP2)) { + fclose(file_db); + RUNNER_ASSERT_MSG(false, "Error writing to database file"); + } + fclose(file_db); + + file_db = fopen(SMACK_APPS_LABELS_DATABASE, "a"); + RUNNER_ASSERT_MSG(file_db != NULL, "Error database file " + << SMACK_APPS_LABELS_DATABASE << " can not be opened to apend!"); + if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP1)) { + fclose(file_db); + RUNNER_ASSERT_MSG(false, "Error writing to database file"); + } + if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP2)) { + fclose(file_db); + RUNNER_ASSERT_MSG(false, "Error writing to database file"); + } + if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP1)) { + fclose(file_db); + RUNNER_ASSERT_MSG(false, "Error writing to database file"); + } + if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP2)) { + fclose(file_db); + RUNNER_ASSERT_MSG(false, "Error writing to database file"); + } + fclose(file_db); +} } // namespace RUNNER_TEST_GROUP_INIT(libprivilegecontrol) @@ -531,7 +734,6 @@ RUNNER_TEST(privilege_control03_app_label_shared_dir) RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir"); } - /** * Add permisions from test_privilege_control_rules template */ @@ -2072,3 +2274,53 @@ RUNNER_TEST(privilege_control17_appsettings_privilege) } + +RUNNER_TEST(privilege_control18_app_setup_path_public) +{ + int result; + + cleaning_smack_database_files(); + add_lables_to_db(); + + result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR); + + result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR); + + result = app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO); + RUNNER_ASSERT_MSG(result == 0, "app_setup_path() failed"); + + result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir"); + + result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir"); + + cleaning_smack_database_files(); +} + +RUNNER_TEST(privilege_control19_app_setup_path_settings) +{ + int result; + + cleaning_smack_database_files(); + add_lables_to_db(); + + result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR); + + result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR); + + result = app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_SETTINGS_RW); + RUNNER_ASSERT_MSG(result == 0, "app_setup_path() failed"); + + result = nftw(TEST_APP_DIR, &nftw_check_labels_app_settings_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir"); + + result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir"); + + cleaning_smack_database_files(); +}