Improved tests for *open_for* functions.

author Zbigniew Jasinski <z.jasinski@samsung.com>

Tue, 26 Nov 2013 13:07:22 +0000 (14:07 +0100)

committer Marcin Niesluchowski <m.niesluchow@samsung.com>

Wed, 29 Jan 2014 07:19:06 +0000 (08:19 +0100)
author Zbigniew Jasinski <z.jasinski@samsung.com>
Tue, 26 Nov 2013 13:07:22 +0000 (14:07 +0100)
committer Marcin Niesluchowski <m.niesluchow@samsung.com>
Wed, 29 Jan 2014 07:19:06 +0000 (08:19 +0100)
diff --git a/tests/security-server-tests/security_server_tests_open_for.cpp b/tests/security-server-tests/security_server_tests_open_for.cpp

index 4f06b6af1d610c26f0ab8b0979b959a42f2763c4..10696588cbcdfe6c0ebc0e2add877c9dea4cc1c2 100644 (file)
--- a/tests/security-server-tests/security_server_tests_open_for.cpp
+++ b/tests/security-server-tests/security_server_tests_open_for.cpp
@@ -7,6 +7,7 @@
   * @version 1.0
   * @brief   Test cases for security server open-for API
   */
+
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
@@ -22,95 +23,213 @@
  #include <access_provider.h>
  #include <security-server.h>
  
-#define TEST01_SUBJECT      "open-for-client"
+const std::string SENDER                = "open-for-sender";
+const std::string AUTHORIZED_RECEIVER   = "open-for-client";
+const std::string UNAUTHORIZED_RECEIVER = "open-for-bad-client";
  
-const char *file = "file";
-const char *write_buf1 = "ala ma kota";
-const char *write_buf2 = "kot ma ale";
-char *read_buf1 = new char[strlen(write_buf1)];
-char *read_buf2 = new char[strlen(write_buf2)];
+const std::string file          = "file";
+const std::string dir           = "/var/run/security-server/";
+const std::string path          = dir + file;
+const std::string write_buf1    = "ala ma kota";
+const std::string write_buf2    = "kot ma ale";
  
-void closefdptr(int* fd_ptr)
-{
-    close(*fd_ptr);
+void clearSecureDir(void) {
+    if (unlink(path.c_str()))
+        RUNNER_ASSERT_MSG_BT((ENOENT == errno), "unlink error: " << strerror(errno));
  }
-typedef std::unique_ptr<int, std::function<void(int*)> > FDUniquePtr;
  
  RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_OPEN_FOR_API);
  
-RUNNER_CHILD_TEST_SMACK(tc13_open_for_new_file)
+RUNNER_CHILD_TEST_SMACK(tc01_shared_file_open_new_file)
  {
      int fd = -1;
-    FDUniquePtr fd_ptr(&fd, closefdptr);
  
-    SecurityServer::AccessProvider provider(TEST01_SUBJECT);
+    // clear secure dir
+    clearSecureDir();
+
+    FDUniquePtr fd_ptr(&fd, closeFdPtr);
+
+    SecurityServer::AccessProvider provider(SENDER);
      provider.allowFunction("security_server_open_for");
      provider.applyAndSwithToUser(APP_UID, APP_GID);
  
-    int ret = security_server_open_for(file, fd_ptr.get());
-    RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
+    int ret = security_server_shared_file_open(file.c_str(), AUTHORIZED_RECEIVER.c_str(),
+        fd_ptr.get());
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
  
-    ret = write(*fd_ptr, write_buf1, strlen(write_buf1));
-    RUNNER_ASSERT_MSG_BT(ret == (int)strlen(write_buf1), "error in write: " << ret);
+    ret = write(*fd_ptr, write_buf1.c_str(), write_buf1.size());
+    RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in write: " << ret);
  }
  
-RUNNER_CHILD_TEST_SMACK(tc14_open_for_read_from_existing_file)
+RUNNER_CHILD_TEST_SMACK(tc02_shared_file_open_existing_file)
  {
      int fd = -1;
-    FDUniquePtr fd_ptr(&fd, closefdptr);
  
-    SecurityServer::AccessProvider provider(TEST01_SUBJECT);
+    // clear secure dir
+    clearSecureDir();
+
+    // prepare file for tests before dropping privs
+    FDUniquePtr fd_ptr(&fd, closeFdPtr);
+    *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT);
+    RUNNER_ASSERT_MSG_BT(-1 != *fd_ptr, "open error: " << strerror(errno));
+    fd_ptr.reset(new int);
+
+    SecurityServer::AccessProvider provider(SENDER);
      provider.allowFunction("security_server_open_for");
      provider.applyAndSwithToUser(APP_UID, APP_GID);
  
-    int ret = security_server_open_for(file, fd_ptr.get());
-    RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
+    int ret = security_server_shared_file_open(file.c_str(), AUTHORIZED_RECEIVER.c_str(), fd_ptr.get());
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_FILE_EXIST, "ret: " << ret);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc03_shared_file_reopen_auth_existing_file_for_read)
+{
+    int fd = -1;
+
+    clearSecureDir();
+
+    FDUniquePtr fd_ptr(&fd, closeFdPtr);
+    *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT);
+    int ret = write(*fd_ptr, write_buf1.c_str(), write_buf1.size());
+    RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in write: " << ret);
+    RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
+        SMACK_LABEL_ACCESS), "smack_setlabel error");
+    fd_ptr.reset(new int);
+
+    SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
+    provider.allowFunction("security_server_open_for");
+    provider.applyAndSwithToUser(APP_UID, APP_GID);
  
-    ret = read(*fd_ptr, read_buf1, strlen(write_buf1));
-    int err = errno;
-    RUNNER_ASSERT_MSG_BT(ret == (int)strlen(write_buf1), "error in read: " << ret << " err: " << strerror(err));
+    ret = security_server_shared_file_reopen(file.c_str(), fd_ptr.get());
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
  
-    RUNNER_ASSERT_MSG_BT(strncmp(read_buf1, write_buf1, strlen(read_buf1)) == 0, "string mismatch");
+    std::vector<char> read_buf1(write_buf1.size());
+    ret = read(*fd_ptr, read_buf1.data(), write_buf1.size());
+    RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in read: " << strerror(errno));
+    RUNNER_ASSERT_MSG_BT(std::string(read_buf1.data(), ret) == write_buf1, "string mismatch");
  }
  
-RUNNER_CHILD_TEST_SMACK(tc15_open_for_write_to_existing_file)
+RUNNER_CHILD_TEST_SMACK(tc04_shared_file_reopen_auth_existing_file_for_write)
  {
+    int fd = -1;
  
-    int fd = open("/var/run/security-server/file", O_RDWR);
-    int ret = ftruncate(fd, 0);
-    FDUniquePtr fd_ptr(&fd, closefdptr);
+    clearSecureDir();
  
-    ret = write(*fd_ptr, write_buf2, strlen(write_buf2));
-    int err = errno;
-    RUNNER_ASSERT_MSG_BT(ret == (int)strlen(write_buf2), "error in read: " << ret << " err: " << strerror(err));
+    FDUniquePtr fd_ptr(&fd, closeFdPtr);
+    *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT);
+    RUNNER_ASSERT_MSG_BT(-1 != *fd_ptr, "open error: " << strerror(errno));
+    int ret = write(*fd_ptr, write_buf1.c_str(), write_buf1.size());
+    RUNNER_ASSERT_MSG_BT(ret == static_cast<int>(write_buf1.size()), "error in write: " << ret);
+    fd_ptr.reset(new int);
+    RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
+        SMACK_LABEL_ACCESS), "smack_setlabel error");
  
-    SecurityServer::AccessProvider provider(TEST01_SUBJECT);
+    SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
      provider.allowFunction("security_server_open_for");
      provider.applyAndSwithToUser(APP_UID, APP_GID);
  
-    ret = security_server_open_for(file, fd_ptr.get());
-    RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
+    ret = security_server_shared_file_reopen(file.c_str(), fd_ptr.get());
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
  
-    ret = read(*fd_ptr, read_buf2, strlen(write_buf2));
-    err = errno;
-    RUNNER_ASSERT_MSG_BT(ret == (int)strlen(write_buf2), "error in read: " << ret << " err: " << strerror(err));
+    RUNNER_ASSERT_MSG_BT(-1 != ftruncate(*fd_ptr, 0), "error in ftruncate: " << strerror(errno));
+    std::vector<char> read_buf2(write_buf2.size());
+    ret = write(*fd_ptr, write_buf2.c_str(), write_buf2.size());
+
+    RUNNER_ASSERT_MSG_BT(-1 != lseek(*fd_ptr, 0L, 0), "error in lseek: " << strerror(errno));
+    ret = read(*fd_ptr, read_buf2.data(), write_buf2.size());
+    RUNNER_ASSERT_MSG_BT(std::string(read_buf2.data(), ret) == write_buf2, "string mismatch");
  
-    RUNNER_ASSERT_MSG_BT(strncmp(read_buf2, write_buf2, strlen(read_buf2)) == 0, "string mismatch");
  }
  
-RUNNER_CHILD_TEST_SMACK(tc16_open_for_bad_file_name)
+RUNNER_CHILD_TEST_SMACK(tc05_shared_file_reopen_unauth_existing_file_for_read)
  {
      int fd = -1;
-    FDUniquePtr fd_ptr(&fd, closefdptr);
  
-    SecurityServer::AccessProvider provider(TEST01_SUBJECT);
+    clearSecureDir();
+
+    FDUniquePtr fd_ptr(&fd, closeFdPtr);
+    *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT);
+    RUNNER_ASSERT_MSG_BT(-1 != *fd_ptr, "open error: " << strerror(errno));
+    fd_ptr.reset(new int);
+    RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
+        SMACK_LABEL_ACCESS), "smack_setlabel error");
+
+    SecurityServer::AccessProvider provider(UNAUTHORIZED_RECEIVER);
      provider.allowFunction("security_server_open_for");
      provider.applyAndSwithToUser(APP_UID, APP_GID);
  
-    std::vector<std::string> badFile = { "/plik","-plik",".plik","pl..k","..plik",
-                                        "..","." };
+    int ret = security_server_shared_file_reopen(file.c_str(), fd_ptr.get());
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED, "ret: " << ret);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc06_shared_file_delete_unauth_existing_file)
+{
+    int fd = -1;
+
+    clearSecureDir();
+
+    FDUniquePtr fd_ptr(&fd, closeFdPtr);
+    *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT);
+    RUNNER_ASSERT_MSG_BT(-1 != *fd_ptr, "open error: " << strerror(errno));
+    fd_ptr.reset(new int);
+    RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
+        SMACK_LABEL_ACCESS), "smack_setlabel error");
+
+    SecurityServer::AccessProvider provider(UNAUTHORIZED_RECEIVER);
+    provider.allowFunction("security_server_open_for");
+    provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+    int ret = security_server_shared_file_delete(file.c_str());
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED, "ret: " << ret);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc07_shared_file_delete_auth_existing_file)
+{
+    int fd = -1;
+
+    clearSecureDir();
+
+    FDUniquePtr fd_ptr(&fd, closeFdPtr);
+    *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT);
+    RUNNER_ASSERT_MSG_BT(-1 != *fd_ptr, "open error: " << strerror(errno));
+    fd_ptr.reset(new int);
+    RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(),
+        SMACK_LABEL_ACCESS), "smack_setlabel error");
+
+    SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
+    provider.allowFunction("security_server_open_for");
+    provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+    int ret = security_server_shared_file_delete(file.c_str());
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc08_shared_file_delete_missing_file)
+{
+    SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER);
+    provider.allowFunction("security_server_open_for");
+    provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+    int ret = security_server_shared_file_delete(file.c_str());
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_FILE_NOT_EXIST, "ret: " << ret);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc09_shared_file_open_bad_file_name)
+{
+    int fd = -1;
+
+    FDUniquePtr fd_ptr(&fd, closeFdPtr);
+
+    SecurityServer::AccessProvider provider(SENDER);
+    provider.allowFunction("security_server_open_for");
+    provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+    std::vector<std::string> badFile = { "/plik","-plik",".plik","..plik","..",".","../plik",
+                                         "../../plik" };
+
      for (auto iter = badFile.begin(); iter != badFile.end(); ++iter) {
-        int ret = security_server_open_for((*iter).c_str(), fd_ptr.get());
+        int ret = security_server_shared_file_open((*iter).c_str(), AUTHORIZED_RECEIVER.c_str(),
+            fd_ptr.get());
          RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
      }
  }
author	Zbigniew Jasinski <z.jasinski@samsung.com>
	Tue, 26 Nov 2013 13:07:22 +0000 (14:07 +0100)
committer	Marcin Niesluchowski <m.niesluchow@samsung.com>
	Wed, 29 Jan 2014 07:19:06 +0000 (08:19 +0100)