--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file cynara_test_helpers.cpp
+ * @author Aleksander Zdyb <a.zdyb@samsung.com>
+ * @version 1.0
+ * @brief Helpers for cynara-helpers
+ */
+
+#include <dpl/test/test_runner.h>
+
+#include <cynara-creds-socket.h>
+
+#include "cynara_test_helpers.h"
+
+namespace CynaraHelperCredentials {
+
+char *socketGetClient(int sock, cynara_client_creds method, int expectedResult) {
+ char *buff;
+ auto ret = cynara_creds_socket_get_client(sock, method, &buff);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_creds_socket_get_client failed, ret = " << ret
+ << "; expected = " << expectedResult);
+ return buff;
+}
+
+char *socketGetUser(int sock, cynara_user_creds method, int expectedResult) {
+ char *buff;
+ auto ret = cynara_creds_socket_get_user(sock, method, &buff);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_creds_socket_get_user failed, ret = " << ret
+ << "; expected = " << expectedResult);
+ return buff;
+}
+
+pid_t socketGetPid(int sock, int expectedResult) {
+ pid_t pid;
+ auto ret = cynara_creds_socket_get_pid(sock, &pid);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_creds_socket_get_pid failed, ret = " << ret << "; expected = "
+ << expectedResult);
+ return pid;
+}
+
+} //namespace CynaraHelperCredentials
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file cynara_test_helpers.h
+ * @author Aleksander Zdyb <a.zdyb@samsung.com>
+ * @version 1.0
+ * @brief Helpers for cynara-helpers
+ */
+
+#ifndef CYNARA_TEST_HELPERS_H_
+#define CYNARA_TEST_HELPERS_H_
+
+#include <sys/types.h>
+
+#include <cynara-creds-commons.h>
+#include <cynara-error.h>
+
+namespace CynaraHelperCredentials {
+
+char *socketGetClient(int sock, cynara_client_creds method,
+ int expectedResult = CYNARA_API_SUCCESS);
+
+char *socketGetUser(int sock, cynara_user_creds method,
+ int expectedResult = CYNARA_API_SUCCESS);
+
+pid_t socketGetPid(int sock, int expectedResult = CYNARA_API_SUCCESS);
+
+} // namespace CynaraHelperCredentials
+
+
+#endif // CYNARA_TEST_HELPERS_H_
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file test_cases_helpers.cpp
+ * @author Aleksander Zdyb <a.zdyb@samsung.com>
+ * @version 1.0
+ * @brief Tests for cynara-helper-credentials-socket
+ */
+
+#include <cstdlib>
+#include <functional>
+#include <string>
+#include <sys/types.h>
+#include <sys/un.h>
+#include <unistd.h>
+
+#include <access_provider.h>
+#include <dpl/test/test_runner.h>
+#include <memory.h>
+#include <synchronization_pipe.h>
+#include <tests_common.h>
+#include <uds.h>
+#include <passwd_access.h>
+
+#include <cynara_test_helpers.h>
+
+class ProcessCredentials {
+public:
+ ProcessCredentials() {}
+
+ const std::string &label(void) const {
+ return m_label;
+ }
+
+ uid_t uid(void) const {
+ return PasswdAccess::uid(APP_USER);
+ }
+
+ gid_t gid(void) const {
+ return PasswdAccess::gid("users");
+ }
+
+private:
+ std::string m_label = "cynara_helpers";
+};
+
+pid_t runInChild(const std::function<void(void)> &process) {
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
+
+ if (pid == 0) {
+ process();
+ exit(EXIT_SUCCESS);
+ }
+
+ return pid;
+}
+
+void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
+ const struct ProcessCredentials &peerCredentials) {
+ SecurityServer::AccessProvider ap(peerCredentials.label());
+ ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
+ pipe.claimChildEp();
+
+ int sock = UDSHelpers::createServer(&sockaddr);
+ SockUniquePtr sockPtr(&sock);
+ pipe.post();
+ int clientSock = UDSHelpers::acceptClient(sock);
+
+ UDSHelpers::waitForDisconnect(clientSock);
+}
+
+typedef std::function<void(int sock, pid_t pid,
+ const ProcessCredentials &peerCredentials)> SocketAssertionFn;
+
+void socketTestTemplate(SocketAssertionFn assertion, const std::string &scope) {
+ const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_" + scope + ".socket");
+ const ProcessCredentials peerCredentials;
+
+ SynchronizationPipe pipe;
+
+ pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
+ std::cref(peerCredentials)));
+
+ pipe.claimParentEp();
+ pipe.wait();
+ int sock = UDSHelpers::createClient(&sockaddr);
+ SockUniquePtr sockPtr(&sock);
+
+ assertion(sock, pid, peerCredentials);
+}
+
+RUNNER_TEST_GROUP_INIT(cynara_creds_socket)
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccs01_socket_credentials_client_smack)
+{
+ socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
+ CStringPtr label(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
+ RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(),
+ "Labels don't match ret = " << label.get()
+ << "; expected = " << peerCredentials.label());
+ }, "tccs01");
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccs02_socket_credentials_client_pid)
+{
+ socketTestTemplate([] (int sock, pid_t pid, const ProcessCredentials &) {
+ CStringPtr clientPidStr(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_PID));
+ pid_t clientPid = std::stoi(clientPidStr.get());
+ RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid
+ << "; expected = " << pid);
+ }, "tccs02");
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccs03_socket_credentials_user_uid)
+{
+ socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
+ CStringPtr uidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_UID));
+ uid_t uid = std::stoul(uidStr.get());
+ RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid
+ << "; expected = "<< peerCredentials.uid());
+ }, "tccs03");
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccs04_socket_credentials_user_gid)
+{
+ socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
+ CStringPtr gidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_GID));
+ gid_t gid = std::stoul(gidStr.get());
+ RUNNER_ASSERT_MSG(peerCredentials.gid() == gid, "GIDs don't match ret = " << gid
+ << "; expected = "<< peerCredentials.gid());
+ }, "tccs04");
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccs05_cynara_creds_socket_pid)
+{
+ const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_tccs05.socket");
+ const ProcessCredentials peerCredentials;
+
+ SynchronizationPipe pipe;
+ pid_t expectedPid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
+ std::cref(peerCredentials)));
+
+ pipe.claimParentEp();
+ pipe.wait();
+ int sock = UDSHelpers::createClient(&sockaddr);
+ SockUniquePtr sockPtr(&sock);
+
+ pid_t helperPid = CynaraHelperCredentials::socketGetPid(sock);
+ RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid
+ << "; expected = " << expectedPid);
+}
projects / platform / core / test / security-tests.git / commitdiff