writer.save();
}
-static void runSendClient(const std::string &testId)
+static void runMessageClient(const std::string &testId, bool changeLabel)
{
const std::string clientId(clientIdFromStr(testId));
const std::string serviceId(serviceIdFromStr(testId));
sleep(1);
- RUNNER_ASSERT(0 == smack_set_label_for_self(smackLabelFromStr(clientId).c_str()));
+ if (changeLabel)
+ RUNNER_ASSERT(0 == smack_set_label_for_self(smackLabelFromStr(clientId).c_str()));
DBus::Connection client(DBUS_BUS_SYSTEM, true);
client.requestName(connectionNameFromStr(clientId));
sleep(1);
}
-static void runSendService(const std::string &testId, bool allow)
+static void runMessageService(const std::string &testId, bool changeLabel,
+ const std::string &errorStr, bool allow)
{
const std::string clientId(clientIdFromStr(testId));
const std::string serviceId(serviceIdFromStr(testId));
const std::string member(memberFromStr(serviceId));
const ServiceCreds serviceCreds(serviceId);
+ if (changeLabel)
+ RUNNER_ASSERT(0 == smack_set_label_for_self(smackLabelFromStr(serviceId).c_str()));
+
Service service(serviceCreds);
bool finish = false;
if (allow) {
std::string &errorMessage)->void {
(void) connection;
(void) messageIn;
- errorMessage = "Should not be able to send to " + serviceCreds.connectionName();
+ errorMessage = errorStr;
});
}
service.run(finish, !allow);
{
SmackAccess access;
const std::string clientId(clientIdFromStr(testId));
+ const std::string serviceId(serviceIdFromStr(testId));
addBusconfigPolicyFunc(testId);
addSmackAccessForDbus(access, smackLabelFromStr(clientId));
pid_t pid = assertFork();
if (pid == 0)
- runSendClient(testId);
+ runMessageClient(testId, true);
else
- runSendService(testId, allow);
+ runMessageService(testId, false,
+ "Should not be able to send to " + connectionNameFromStr(serviceId),
+ allow);
}
RUNNER_MULTIPROCESS_TEST_SMACK(tcc_2130_send_destination_deny)
{
testSendError("tcc2670", true);
}
+
+static void addBusconfigPolicyReceiveAllows(BusConfigWriter &writer)
+{
+ writer.addPolicyAllow({{Attr::OWN_PREFIX, CONNECTION_NAME_PREFIX}});
+ writer.addPolicyAllow({{Attr::SEND_TYPE, MESSSAGE_TYPE_METHOD_CALL}});
+}
+
+static void addBusconfigPolicyReceiveSender(const std::string &testId)
+{
+ BusConfigWriter writer;
+ addBusconfigPolicyReceiveAllows(writer);
+ writer.addPolicyCheck(privilegeFromStr(serviceIdFromStr(testId)),
+ {{Attr::RECEIVE_SENDER, connectionNameFromStr(clientIdFromStr(testId))}});
+ writer.save();
+}
+
+static void testReceive(const std::string &testId,
+ const std::function<void(const std::string &)> addBusconfigPolicyFunc,
+ bool allow)
+{
+ const std::string clientId(clientIdFromStr(testId));
+ const std::string serviceId(serviceIdFromStr(testId));
+ addBusconfigPolicyFunc(testId);
+ SmackAccess access;
+ addSmackAccessForDbus(access, smackLabelFromStr(serviceId));
+ if (allow)
+ addCynaraPolicy(serviceId);
+
+ sleep(1);
+
+ pid_t pid = assertFork();
+ if (pid == 0)
+ runMessageService(testId, true,
+ "Should not be able to receive from " + connectionNameFromStr(clientId),
+ allow);
+ else
+ runMessageClient(testId, false);
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tcc_3130_receive_sender_deny)
+{
+ testReceive("tcc3130", addBusconfigPolicyReceiveSender, false);
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tcc_3170_receive_sender_allow)
+{
+ testReceive("tcc3170", addBusconfigPolicyReceiveSender, true);
+}
projects / platform / core / test / security-tests.git / commitdiff