#define EFL_APP_ID "hello-tizen"
-#define LIBPRIVILEGE_TEST_DAC_FILE "/usr/share/privilege-control/test_privilege_control_rules.dac"
#define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac"
#define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac"
#define LIBPRIVILEGE_TEST_DAC_FILE_EFL "/usr/share/privilege-control/EFL_test_privilege_control_rules_efl.dac"
int test_have_any_accesses(const rules_t &rules);
int test_have_nosmack_accesses(const rules_t &rules);
-void read_gids(std::set<unsigned> &set, const char *file_path);
-void check_groups(const char *dac_file);
+void read_user_gids(std::set<unsigned> &set, const uid_t user_id);
+void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file);
int file_exists(const char *path);
void check_app_installed(const char *app_path);
#include <sys/stat.h>
#include <sys/types.h>
#include <vector>
+#include <grp.h>
+#include <pwd.h>
#include <libprivilege-control_test_common.h>
#include <tests_common.h>
fclose(f);
}
-void check_groups(const char *dac_file)
+void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
{
- std::set<unsigned> groups_check;
- read_gids(groups_check, dac_file);
+ int ret;
+
+ struct passwd *pw = getpwuid(user_id);
+ RUNNER_ASSERT_MSG_BT(pw != NULL, "getpwuid() failed.");
+
+ int groups_cnt = 0;
+ gid_t *groups_list = NULL;
+ ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
+ RUNNER_ASSERT_MSG_BT(ret == -1, "getgrouplist() failed.");
+ if (groups_cnt == 0)
+ return;
+ groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
+ RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed.");
+
+ ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
+ if (ret == -1) {
+ free(groups_list);
+ RUNNER_ASSERT_MSG_BT(false, "getgrouplist() failed.");
+ }
+ for (int i = 0; i < groups_cnt; ++i) {
+ set.insert(groups_list[i]);
+ }
+ free(groups_list);
+}
+
+void read_current_gids(std::set<unsigned> &set)
+{
int groups_cnt = getgroups(0, NULL);
- RUNNER_ASSERT_MSG_BT(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
+ RUNNER_ASSERT_MSG_BT(groups_cnt > 0, "Wrong number of supplementary groups.");
gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed");
- RUNNER_ASSERT_BT(-1 != getgroups(groups_cnt, groups_list));
+ RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed.");
+ if (getgroups(groups_cnt, groups_list) == -1){
+ free(groups_list);
+ RUNNER_ASSERT_MSG_BT(false, "getgroups failed.");
+ }
for (int i = 0; i < groups_cnt; ++i) {
- //getgroups() can return multiple number of the same group
- //they are returned in sequence, so we will given number when last
- //element of this number is reached
- if ((i < groups_cnt - 1) && (groups_list[i + 1] == groups_list[i]))
- continue;
- if (groups_check.erase(groups_list[i]) == 0) {
- // getgroups() may also return process' main group
- if (groups_list[i] != getgid())
- RUNNER_ASSERT_MSG_BT(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
- }
+ set.insert(groups_list[i]);
}
free(groups_list);
+}
+
+void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
+{
+ std::set<unsigned> groups_check;
+ std::set<unsigned> groups_current;
+ if(dac_file != NULL)
+ read_gids(groups_check, dac_file);
+ read_current_gids(groups_current);
+
std::string groups_left;
- for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
+ for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
+ {
+ (void)groups_check.erase(*it);
+ if(groups_current.erase(*it) == 0)
+ groups_left.append(std::to_string(*it)).append(" ");
+ }
+ RUNNER_ASSERT_MSG_BT(groups_left.empty(),
+ "Application lost some groups: " << groups_left);
+
+ for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
+ {
+ if(groups_current.erase(*it) == 0)
+ groups_left.append(std::to_string(*it)).append(" ");
+ }
+ RUNNER_ASSERT_MSG_BT(groups_left.empty(),
+ "Application doesn't belong to some required groups: " << groups_left);
+
+ for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
+ {
groups_left.append(std::to_string(*it)).append(" ");
}
- RUNNER_ASSERT_MSG_BT(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
+ RUNNER_ASSERT_MSG_BT(groups_left.empty(),
+ "Application belongs to groups it should't belong to: " << groups_left);
}
int file_exists(const char *path)
#include <memory>
#include <functional>
#include <fstream>
+#include <set>
#include <string.h>
#include <errno.h>
RUNNER_ASSERT_MSG_BT(result == -1,
" Permissions shouldn't be added. Result: " << result);
+ std::set<unsigned> groups_before;
+ read_user_gids(groups_before, APP_UID);
+
result = perm_app_set_privilege(app_id, type, app_path);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error in perm_app_set_privilege. Error: " << result);
RUNNER_ASSERT_MSG_BT(label == NULL,
" new_label_from_self shouldn't allocate memory for label.");
- check_groups(dac_file);
+ check_groups(groups_before, dac_file);
}
/**
perm_app_uninstall(APP_ID);
DB_END
+ std::set<unsigned> groups_before;
+ read_user_gids(groups_before, APP_UID);
+
//Set app privileges
result = perm_app_set_privilege(APP_ID, NULL, APP_SET_PRIV_PATH);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
result = strcmp(getenv("USER"), APP_USER_NAME);
RUNNER_ASSERT_MSG_BT(result == 0, "Wrong user USER NAME. Result: " << result);
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE);
+ check_groups(groups_before, NULL);
}
/**
projects / platform / core / test / security-tests.git / commitdiff