libsmack
libsmack-test
-libprivilege-control
- libprivilege-control-test
security-manager
security-manager-tests
cynara
<filesystem path="/usr/bin/tests-summary.sh" exec_label="_" />
<filesystem path="/usr/bin/test-performance-check.sh" exec_label="_" />
- <filesystem path="/usr/bin/perf" exec_label="_" />
<filesystem path="/usr/bin/libsmack-test" exec_label="_" />
- <filesystem path="/usr/bin/libprivilege-control-test" exec_label="_" />
<filesystem path="/usr/bin/security-manager-tests" exec_label="_" />
<filesystem path="/usr/bin/cynara-tests" exec_label="_" />
<filesystem path="/usr/bin/ckm-tests" exec_label="User" />
<filesystem path="/usr/bin/ckm-tests" exec_label="System" />
-
- <filesystem path="/usr/bin/test-app-wgt" exec_label="User" />
- <filesystem path="/usr/bin/test-app-efl" exec_label="User" />
- <filesystem path="/usr/bin/test-app-osp" exec_label="User" />
</assign>
<request>
<domain name="_" />
BuildRequires: libattr-devel
BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(libsmack)
-BuildRequires: pkgconfig(libprivilege-control)
BuildRequires: pkgconfig(security-manager)
BuildRequires: pkgconfig(key-manager)
BuildRequires: pkgconfig(dlog)
ln -sf /etc/smack/test_smack_rules %{buildroot}/etc/smack/test_smack_rules_lnk
%post
-find /etc/smack/test_privilege_control_DIR/ -type f -name exec -exec chmod 0755 {} +
-
-# Load permissions templates
-api_feature_loader --verbose
-
-# Set vconf key for cc-mode testing if vconf key isn't there.
-#%if "%{sec_product_feature_security_mdfpp_enable}" != "1"
-# echo "Install vconf key (file/security_mdpp/security_mdpp_state) for testing key-manager"
-# vconftool set -t string file/security_mdpp/security_mdpp_state "Unset"
-#%endif
-
id -u security_test_user 1>/dev/null 2>&1 || \
useradd -r -g users -s /sbin/nologin -c "for tests only" security_test_user
/etc/dbus-1/system.d/security-tests.conf
/usr/bin/libsmack-test
-/usr/bin/smack-dbus-tests
-/usr/bin/libprivilege-control-test
/etc/smack/test_smack_rules_full
/etc/smack/test_smack_rules2
/etc/smack/test_smack_rules3
/usr/bin/security-manager-tests
/etc/smack/test_smack_rules
/etc/smack/test_smack_rules_lnk
-/usr/share/privilege-control/*
-/etc/smack/test_privilege_control_DIR/*
/usr/apps/*
-/usr/bin/test-app-efl
-/usr/bin/test-app-osp
-/usr/bin/test-app-wgt
/usr/bin/cynara-test
/usr/bin/ckm-tests
/usr/bin/ckm-integration-tests
ADD_SUBDIRECTORY(common)
ADD_SUBDIRECTORY(ckm)
ADD_SUBDIRECTORY(ckm-integration)
-ADD_SUBDIRECTORY(libprivilege-control-tests)
ADD_SUBDIRECTORY(libsmack-tests)
-ADD_SUBDIRECTORY(smack-dbus-tests)
ADD_SUBDIRECTORY(security-manager-tests)
ADD_SUBDIRECTORY(cynara-tests)
ADD_SUBDIRECTORY(libwebappenc-tests)
#include <vector>
#include <algorithm>
-int DB::Transaction::db_result = PC_OPERATION_SUCCESS;
-
-const char *WGT_APP_ID = "QwCqJ0ttyS";
-
bool smack_check(void)
{
#ifndef WRT_SMACK_ENABLED
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
#include <dpl/test/test_runner_multiprocess.h>
-#include <privilege-control.h>
#include <sys/smack.h>
#include <string>
#include <tuple>
} \
void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-namespace DB {
-
- class Transaction
- {
- public:
-
- static int db_result;
-
- Transaction() {
- db_result = perm_begin();
- RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == db_result,
- "perm_begin returned: " << db_result);
- }
-
- ~Transaction() {
- db_result = perm_end();
- }
- };
-} // namespace DB
-
-// Database Transaction macros
-// PLEASE NOTE Both DB_BEGIN and DB_END need to be called in the same scope.
-// They are used to prevent developer from forgetting to close transaction.
-// Also note that variables defined between these macros will not be visible
-// after DB_END.
-#define DB_BEGIN \
- { \
- DB::Transaction db_transaction;
-
-#define DB_END } \
- RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == DB::Transaction::db_result, \
- "perm_end returned: " << DB::Transaction::db_result);
-
-// Common macros and labels used in tests
-extern const char *WGT_APP_ID;
-
-#endif
+#endif
\ No newline at end of file
PKG_CHECK_MODULES(CYNARA_TARGET_DEP
REQUIRED
- libprivilege-control
cynara-admin
cynara-agent
cynara-client
WORLD_EXECUTE
)
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/WRT_test_for_cynara_rules.smack
- DESTINATION /usr/share/privilege-control/
-)
-
INSTALL(DIRECTORY
${PROJECT_SOURCE_DIR}/src/cynara-tests/db_patterns
DESTINATION /etc/security-tests/
+++ /dev/null
-~APP~ cynara_test_1 r
-~APP~ cynara_test_2 w
-~APP~ cynara_test_3 x
-~APP~ cynara_test_4 rw
-~APP~ cynara_test_5 rx
-~APP~ cynara_test_6 wx
-~APP~ cynara_test_7 rwx
-cynara_subject_1 ~APP~ r
-cynara_subject_2 ~APP~ w
-cynara_subject_3 ~APP~ x
-cynara_subject_4 ~APP~ rw
-cynara_subject_5 ~APP~ rx
-cynara_subject_6 ~APP~ wx
-cynara_subject_7 ~APP~ rwx
+++ /dev/null
-# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# @file CMakeLists.txt
-# @author Jan Olszak (j.olszak@samsung.com)
-# @author Rafal Krypa (r.krypa@samsung.com)
-# @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
-# @version 0.1
-# @brief
-#
-INCLUDE(FindPkgConfig)
-
-SET(TEST_APP_EFL "test-app-efl")
-SET(TEST_APP_WGT "test-app-wgt")
-SET(TEST_APP_OSP "test-app-osp")
-SET(HELLO_TIZEN_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/hello-tizen.cpp
- )
-ADD_EXECUTABLE( ${TEST_APP_EFL} ${HELLO_TIZEN_TEST_SOURCES} )
-INSTALL(TARGETS ${TEST_APP_EFL}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES ${TEST_APP_EFL}
- DESTINATION /usr/bin
- RENAME ${TEST_APP_OSP}
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE)
-
-INSTALL(FILES ${TEST_APP_EFL}
- DESTINATION /usr/bin
- RENAME ${TEST_APP_WGT}
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE)
-
-SET(LPC_TARGET_TEST "libprivilege-control-test")
-
-#dependencies
-PKG_CHECK_MODULES(LPC_TARGET_DEP
- libsmack
- libprivilege-control
- sqlite3
- libtzplatform-config
- REQUIRED
- libiri
- )
-
-#files to compile
-SET(LPC_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/db.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/duplicates.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control-test.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_nosmack.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_incorrect_params.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_stress.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${LPC_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
- )
-
-#preprocessor definitions
-#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-
-#output format
-ADD_EXECUTABLE(${LPC_TARGET_TEST} ${LPC_TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${LPC_TARGET_TEST}
- ${LPC_TARGET_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- -lcrypt
- )
-
-#place for output file
-INSTALL(TARGETS ${LPC_TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-# Test SMACK rules
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules1.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_no_r.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_r.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_privilege_control_DIR
- DESTINATION /etc/smack/
-)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.dac
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.dac
- DESTINATION /usr/share/privilege-control/
- )
-
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.dac
- DESTINATION /usr/share/privilege-control/
- )
+++ /dev/null
-24567
-75678
+++ /dev/null
-~APP~ test_book_efl r
+++ /dev/null
-56789
-67890
+++ /dev/null
-~APP~ test_book_osp_8 r
-~APP~ test_book_osp_9 w
-~APP~ test_book_osp_10 x
-~APP~ test_book_osp_11 rw
-~APP~ test_book_osp_12 rx
-~APP~ test_book_osp_13 wx
-~APP~ test_book_osp_14 rwx
-~APP~ test_book_osp_15 rwxat
-test_subject_osp_8 ~APP~ r
-test_subject_osp_9 ~APP~ w
-test_subject_osp_10 ~APP~ x
-test_subject_osp_11 ~APP~ rw
-test_subject_osp_12 ~APP~ rx
-test_subject_osp_13 ~APP~ wx
-test_subject_osp_14 ~APP~ rwx
-test_subject_osp_15 ~APP~ rwxat
+++ /dev/null
-~APP~ test_book_1 r
-~APP~ test_book_2 w
-~APP~ test_book_3 x
-~APP~ test_book_4 rw
-~APP~ test_book_5 rx
-~APP~ test_book_6 wx
-~APP~ test_book_7 rwx
-test_subject_1 ~APP~ r
-test_subject_2 ~APP~ w
-test_subject_3 ~APP~ x
-test_subject_4 ~APP~ rw
-test_subject_5 ~APP~ rx
-test_subject_6 ~APP~ wx
-test_subject_7 ~APP~ rwx
+++ /dev/null
-~APP~ test_book_8 r
-~APP~ test_book_9 w
-~APP~ test_book_10 x
-~APP~ test_book_11 rw
-~APP~ test_book_12 rx
-~APP~ test_book_13 wx
-~APP~ test_book_14 rwx
-~APP~ test_book_15 rwxat
-test_subject_8 ~APP~ r
-test_subject_9 ~APP~ w
-test_subject_10 ~APP~ x
-test_subject_11 ~APP~ rw
-test_subject_12 ~APP~ rx
-test_subject_13 ~APP~ wx
-test_subject_14 ~APP~ rwx
-test_subject_15 ~APP~ rwxat
+++ /dev/null
-~APP~ test_book_9 w
-~APP~ test_book_10 x
-~APP~ test_book_11 w
-~APP~ test_book_12 x
-~APP~ test_book_13 wx
-~APP~ test_book_14 wx
-~APP~ test_book_15 wxat
-test_subject_9 ~APP~ w
-test_subject_10 ~APP~ x
-test_subject_11 ~APP~ w
-test_subject_12 ~APP~ x
-test_subject_13 ~APP~ wx
-test_subject_14 ~APP~ wx
-test_subject_15 ~APP~ wxat
+++ /dev/null
-~APP~ test_book_8 r
-~APP~ test_book_11 r
-~APP~ test_book_12 r
-~APP~ test_book_14 r
-~APP~ test_book_15 r
-test_subject_8 ~APP~ r
-test_subject_11 ~APP~ r
-test_subject_12 ~APP~ r
-test_subject_14 ~APP~ r
-test_subject_15 ~APP~ r
+++ /dev/null
-34567
-45678
+++ /dev/null
-~APP~ test_book_wgt_8 r
-~APP~ test_book_wgt_9 w
-~APP~ test_book_wgt_10 x
-~APP~ test_book_wgt_11 rw
-~APP~ test_book_wgt_12 rx
-~APP~ test_book_wgt_13 wx
-~APP~ test_book_wgt_14 rwx
-~APP~ test_book_wgt_15 rwxat
-test_subject_wgt_8 ~APP~ r
-test_subject_wgt_9 ~APP~ w
-test_subject_wgt_10 ~APP~ x
-test_subject_wgt_11 ~APP~ rw
-test_subject_wgt_12 ~APP~ rx
-test_subject_wgt_13 ~APP~ wx
-test_subject_wgt_14 ~APP~ rwx
-test_subject_wgt_15 ~APP~ rwxat
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db.cpp
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests database record check functions
- */
-
-#include <tests_common.h>
-#include <privilege-control.h>
-#include <tzplatform_config.h>
-#include <sstream>
-#include <string.h>
-#include "db.h"
-#include "db_sqlite.h"
-#include "duplicates.h"
-
-const std::string DBASE_PATH = tzplatform_mkpath(TZ_SYS_DB, ".rules-db.db3");
-const std::string ALL_APPS ="ALL_APPS";
-
-const int PERMISSION_VOLATILE = 1;
-const int PERMISSION_PERSISTENT = 0;
-
-const int PERMISSION_ENABLED = 1;
-const int PERMISSION_DISABLED = 0;
-
-using std::ostringstream;
-using std::string;
-
-TestLibPrivilegeControlDatabase::TestLibPrivilegeControlDatabase() : m_base(DBASE_PATH)
-{
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_install(const char* name)
-{
- if (!m_base.is_open())
- m_base.open();
-
- app_label(name);
- app_permission(name, ALL_APPS, ALL_APPS, PERMISSION_PERSISTENT, PERMISSION_ENABLED);
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_uninstall(const char* name)
-{
- if (!m_base.is_open())
- m_base.open();
-
- app_not_label(name);
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_enable_permissions(
- const char* name, app_type_t app_type, const char** perm_list, bool persistent)
-{
- if (!m_base.is_open())
- m_base.open();
-
- string permission_type_name = app_type_name(app_type);
- string permission_group_type_name = app_type_group_name(app_type);
- const int is_volatile = persistent ? PERMISSION_PERSISTENT : PERMISSION_VOLATILE;
- string permission_name;
- int ret;
-
- app_permission(name, permission_type_name, permission_type_name, is_volatile,
- PERMISSION_ENABLED);
-
- int i;
- for (i = 0; perm_list[i] != nullptr; ++i) {
- // Ignore empty lines
- if (strspn(perm_list[i], " \t\n") == strlen(perm_list[i]))
- continue;
-
- ret = base_name_from_perm(perm_list[i], permission_name);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "permission : <" << perm_list[i] <<
- "> cannot be converted to basename (iri parse error)");
- app_permission(name, permission_name, permission_group_type_name, is_volatile,
- PERMISSION_ENABLED);
- }
-}
-
-void TestLibPrivilegeControlDatabase::app_label(const std::string& app_name)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT app_id FROM app "
- "NATURAL JOIN label "
- "WHERE name == '" << app_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 1, "query : <" <<
- sql.str() << "> returned [" << result.rows.size() << "] rows");
-}
-
-void TestLibPrivilegeControlDatabase::app_not_label(const std::string& app_name)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT label_id FROM label "
- "WHERE name == '" << app_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-}
-
-void TestLibPrivilegeControlDatabase::app_permission(const std::string& app_name,
- const std::string& permission_name, const std::string& permission_type_name,
- int is_volatile, int is_enabled)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT * FROM app_permission "
- "INNER JOIN app USING(app_id) "
- "INNER JOIN permission USING(permission_id) "
- "INNER JOIN permission_type USING(permission_type_id)"
- "INNER JOIN label USING(label_id)"
- "WHERE "
- "label.name == '" << app_name << "' "
- "AND app_permission.is_enabled == " << is_enabled << " "
- "AND app_permission.is_volatile == " << is_volatile << " "
- "AND permission.name == '" << permission_name << "' "
- "AND permission_type.type_name == '" << permission_type_name << "' "
- ";";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 1, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db.h
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests database record check functions
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_DB_H_
-#define LIBPRIVILEGE_CONTROL_TEST_DB_H_
-
-#include <privilege-control.h>
-#include "libprivilege-control_test_common.h"
-#include "db_sqlite.h"
-
-/**
- * @class TestLibPrivilegeControlDatabase
- * @brief Class containing methods for testing libprivlege database.
- */
-class TestLibPrivilegeControlDatabase
-{
-public:
-/**
- * @brief A constructor
- */
- TestLibPrivilegeControlDatabase();
-
-/**
- * @brief A destructor
- */
- ~TestLibPrivilegeControlDatabase() = default;
-
-/**
- * @brief Method for testing database after "perm_app_install" was run.
- *
- * It checks existence of proper: label, app records and permission for ALL_APPS for installed app.
- *
- * @param name name of installed app
- */
- void test_db_after__perm_app_install(const char* name);
-
-/**
- * @brief Method for testing database after "perm_app_uninstall" was run.
- *
- * It checks absence of proper: label for installed app.
- *
- * @param name name of uninstalled app
- */
- void test_db_after__perm_app_uninstall(const char* name);
-
-/**
- * @brief Method for testing database after "perm_app_enable_permissions" was run.
- *
- * It checks existence of proper permissions from perm_list and main permission for whole app_type.
- *
- * @param name name of application
- * @param app_type type of application (EFL, WRT, etc. )
- * @param perm_list list of permission to enable
- * @param persistent persistence or volatileness of permissions
- */
- void test_db_after__perm_app_enable_permissions(const char* name, app_type_t app_type,
- const char** perm_list, bool persistent);
-
-private:
-/**
- * @var base
- * @brief Sqlite3DBase object giving simple access to database
- *
- * Connection to database is open first time it is needed
- * and closed in destructor of TestLibPrivilegeControlDatabase.
- */
- Sqlite3DBase m_base;
-
-/**
- * @brief Check existence of label related records for given app.
- *
- * @param app_name name of application
- */
- void app_label(const std::string& app_name);
-
-/**
- * @brief Check absence of label record for given app.
- *
- * @param app_name name of application
- */
- void app_not_label(const std::string& app_name);
-
-/**
- * @brief It checks existence of single permission.
- *
- * @param app_name name of application
- * @param permission_name name of permission
- * @param permission_type_name name of permission type
- * @param is_volatile persistence or volatileness of permissions
- * @param is_enabled permission enable flag
- */
- void app_permission(const std::string& app_name, const std::string& permission_name,
- const std::string& permission_type_name, int is_volatile, int is_enabled);
-};
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_DB_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_duplicates.cpp
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control private functions duplicates
- */
-
-#include <stdlib.h>
-#include <iri.h>
-#include <algorithm>
-#include <string>
-#include <set>
-#include <sys/smack.h>
-#ifndef _XOPEN_SOURCE
-#define _XOPEN_SOURCE
-#endif
-#include <unistd.h>
-#include "duplicates.h"
-
-std::string app_type_name(app_type_t app_type)
-{
- switch(app_type)
- {
- case APP_TYPE_WGT:
- return "WRT";
- case APP_TYPE_OSP:
- return "OSP";
- case APP_TYPE_EFL:
- return "EFL";
- default:
- return "";
- }
-}
-
-std::string app_type_group_name(app_type_t app_type)
-{
- switch (app_type)
- {
- case APP_TYPE_WGT:
- return "WRT";
- case APP_TYPE_OSP:
- return "OSP";
- case APP_TYPE_EFL:
- return "EFL";
- default:
- return "";
- }
-}
-
-
-/*
- * This function changes permission URI to basename for file name.
- * For e.g. from http://tizen.org/privilege/contact.read will be
- * created basename : org.tizen.privilege.contact.read
- */
-int base_name_from_perm(const char *perm, std::string& name)
-{
- iri_t *iris = iri_parse(perm);
- if (iris == nullptr || iris->host == nullptr)
- {
- iri_destroy(iris);
- return PC_ERR_INVALID_PARAM;
- }
-
- std::string host_dot;
- std::string host;
- std::string path;
- std::string::size_type pos;
-
- if (iris->path == nullptr)
- {
- path = iris->host;
- }
- else
- {
- path = iris->path;
- host = iris->host;
- pos = host.rfind('.');
- if (pos != std::string::npos)
- {
- host_dot = host.substr(pos + 1) + ".";
- host = host.substr(0, pos);
- }
- }
-
- iri_destroy(iris);
-
- std::replace(path.begin(), path.end(), '/', '.');
-
- name = host_dot + host + path;
-
- return PC_OPERATION_SUCCESS;
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_duplicates.h
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control private functions duplicates
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_
-#define LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_
-
-#include <string>
-#include <privilege-control.h>
-
-/**
- * @brief Get the permission family type name.
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param app_type type of the application
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-std::string app_type_name(app_type_t app_type);
-
-/**
- * @brief Get the permission type name
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param app_type type of the application
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-std::string app_type_group_name(app_type_t app_type);
-
-/**
- * @brief URI to basename conversion
- *
- * This function changes permission URI to basename for file name.
- * For e.g. from http://tizen.org/privilege/contact.read will be
- * created basename : org.tizen.privilege.contact.read
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param perm permission URI
- * @param name created basename
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-int base_name_from_perm(const char *perm, std::string& name);
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests commons
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
-#define LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
-
-#include <vector>
-#include <string>
-#include <set>
-#include <ftw.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <unistd.h>
-#include <tzplatform_config.h>
-
-// How many open file descriptors should ftw() function use?
-#define FTW_MAX_FDS 16
-
-#define SOCK_PATH "/tmp/test-smack-socket"
-
-#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
-#define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
-
-#define APP_ID "test_APP"
-#define APPID_DIR "test_APP_ID_dir"
-#define GENERATED_APP_ID "User" // TODO to be replaced in the future
-
-const uid_t TZ_APP_UID = tzplatform_getuid(TZ_USER_NAME);
-const gid_t TZ_APP_GID = tzplatform_getgid(TZ_USER_NAME);
-
-#define PERM_TO_REDEFINE "Test::RedefinePermission"
-#define PERM_SUB_TO_REDEFINE "Test::RedefinePermission::Sub"
-
-#define APP_1 "app_1"
-#define APP_1_DIR "/tmp/app_1"
-
-#define APP_2 "app_2"
-#define APP_2_DIR "/tmp/app_2"
-
-#define APP_TEST "app_test"
-
-#define EFL_APP_ID "hello-tizen"
-
-#define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac"
-#define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac"
-#define LIBPRIVILEGE_TEST_DAC_FILE_EFL "/usr/share/privilege-control/EFL_test_privilege_control_rules_efl.dac"
-
-#define OSP_APP_ID "uqNfgEjqc7"
-
-#define WGT_APP_PATH "/usr/bin/test-app-wgt"
-#define OSP_APP_PATH "/usr/bin/test-app-osp"
-#define EFL_APP_PATH "/usr/bin/test-app-efl"
-
-#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
-
-extern const char *USER_APP_ID;
-
-extern const char *PRIVS1[];
-extern const char *PRIVS2[];
-extern const char *PRIVS2_NO_R[];
-extern const char *PRIVS2_R[];
-extern const char *PRIVS2_R_AND_NO_R[];
-
-extern const char *PRIVS_WGT[];
-extern const char *PRIVS_OSP[];
-extern const char *PRIVS_EFL[];
-
-extern const char *PRIV_APPSETTING[];
-extern const char *PRIV_APPSETTING_RULES[];
-
-typedef std::vector< std::vector<std::string> > rules_t;
-
-// Rules from WRT_test_privilege_control_rules1.smack for wgt
-const rules_t rules1 = {
- { USER_APP_ID, "test_book_1", "r" },
- { USER_APP_ID, "test_book_2", "w" },
- { USER_APP_ID, "test_book_3", "x" },
- { USER_APP_ID, "test_book_4", "rw" },
- { USER_APP_ID, "test_book_5", "rx" },
- { USER_APP_ID, "test_book_6", "wx" },
- { USER_APP_ID, "test_book_7", "rwx" },
- { "test_subject_1", USER_APP_ID, "r" },
- { "test_subject_2", USER_APP_ID, "w" },
- { "test_subject_3", USER_APP_ID, "x" },
- { "test_subject_4", USER_APP_ID, "rw" },
- { "test_subject_5", USER_APP_ID, "rx" },
- { "test_subject_6", USER_APP_ID, "wx" },
- { "test_subject_7", USER_APP_ID, "rwx" }
-};
-
-// Rules from WRT_test_privilege_control_rules2.smack
-const rules_t rules2 = {
- { USER_APP_ID, "test_book_8", "r" },
- { USER_APP_ID, "test_book_9", "w" },
- { USER_APP_ID, "test_book_10", "x" },
- { USER_APP_ID, "test_book_11", "rw" },
- { USER_APP_ID, "test_book_12", "rx" },
- { USER_APP_ID, "test_book_13", "wx" },
- { USER_APP_ID, "test_book_14", "rwx" },
- { USER_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", USER_APP_ID, "r" },
- { "test_subject_9", USER_APP_ID, "w" },
- { "test_subject_10", USER_APP_ID, "x" },
- { "test_subject_11", USER_APP_ID, "rw" },
- { "test_subject_12", USER_APP_ID, "rx" },
- { "test_subject_13", USER_APP_ID, "wx" },
- { "test_subject_14", USER_APP_ID, "rwx" },
- { "test_subject_15", USER_APP_ID, "rwxat" }
-};
-
-// Rules from WRT_test_privilege_control_rules_no_r.smack
-const rules_t rules2_no_r = {
- { USER_APP_ID, "test_book_9", "w" },
- { USER_APP_ID, "test_book_10", "x" },
- { USER_APP_ID, "test_book_11", "w" },
- { USER_APP_ID, "test_book_12", "x" },
- { USER_APP_ID, "test_book_13", "x" },
- { USER_APP_ID, "test_book_14", "wx" },
- { USER_APP_ID, "test_book_15", "wxat" },
- { "test_subject_9", USER_APP_ID, "w" },
- { "test_subject_10", USER_APP_ID, "x" },
- { "test_subject_11", USER_APP_ID, "w" },
- { "test_subject_12", USER_APP_ID, "x" },
- { "test_subject_13", USER_APP_ID, "x" },
- { "test_subject_14", USER_APP_ID, "wx" },
- { "test_subject_15", USER_APP_ID, "wxat" }
-};
-
-// Rules from test_privilege_control_rules.smack
-// minus WRT_test_privilege_control_rules_no_r.smack
-const rules_t rules2_r = {
- { USER_APP_ID, "test_book_8", "r" },
- { USER_APP_ID, "test_book_11", "r" },
- { USER_APP_ID, "test_book_12", "r" },
- { USER_APP_ID, "test_book_14", "r" },
- { USER_APP_ID, "test_book_15", "r" },
- { "test_subject_8", USER_APP_ID, "r" },
- { "test_subject_11", USER_APP_ID, "r" },
- { "test_subject_12", USER_APP_ID, "r" },
- { "test_subject_14", USER_APP_ID, "r" },
- { "test_subject_15", USER_APP_ID, "r" }
-};
-
-// Rules from EFL_test_privilege_control_rules_efl.smack for rpm
-const rules_t rules_efl = {
- { USER_APP_ID, "test_book_efl", "r" }
-};
-
-// Rules from WRT_test_privilege_control_rules_wgt.smack for wgt
-const rules_t rules_wgt = {
- { USER_APP_ID, "test_book_wgt_8", "r" },
- { USER_APP_ID, "test_book_wgt_9", "w" },
- { USER_APP_ID, "test_book_wgt_10", "x" },
- { USER_APP_ID, "test_book_wgt_11", "rw" },
- { USER_APP_ID, "test_book_wgt_12", "rx" },
- { USER_APP_ID, "test_book_wgt_13", "wx" },
- { USER_APP_ID, "test_book_wgt_14", "rwx" },
- { USER_APP_ID, "test_book_wgt_15", "rwxat" },
- { "test_subject_wgt_8", USER_APP_ID, "r" },
- { "test_subject_wgt_9", USER_APP_ID, "w" },
- { "test_subject_wgt_10", USER_APP_ID, "x" },
- { "test_subject_wgt_11", USER_APP_ID, "rw" },
- { "test_subject_wgt_12", USER_APP_ID, "rx" },
- { "test_subject_wgt_13", USER_APP_ID, "wx" },
- { "test_subject_wgt_14", USER_APP_ID, "rwx" },
- { "test_subject_wgt_15", USER_APP_ID, "rwxat" }
-};
-
-// Rules from OSP_test_privilege_control_rules_osp.smack for osp
-const rules_t rules_osp = {
- { USER_APP_ID, "test_book_osp_8", "r" },
- { USER_APP_ID, "test_book_osp_9", "w" },
- { USER_APP_ID, "test_book_osp_10", "x" },
- { USER_APP_ID, "test_book_osp_11", "rw" },
- { USER_APP_ID, "test_book_osp_12", "rx" },
- { USER_APP_ID, "test_book_osp_13", "wx" },
- { USER_APP_ID, "test_book_osp_14", "rwx" },
- { USER_APP_ID, "test_book_osp_15", "rwxat" },
- { "test_subject_osp_8", USER_APP_ID, "r" },
- { "test_subject_osp_9", USER_APP_ID, "w" },
- { "test_subject_osp_10", USER_APP_ID, "x" },
- { "test_subject_osp_11", USER_APP_ID, "rw" },
- { "test_subject_osp_12", USER_APP_ID, "rx" },
- { "test_subject_osp_13", USER_APP_ID, "wx" },
- { "test_subject_osp_14", USER_APP_ID, "rwx" },
- { "test_subject_osp_15", USER_APP_ID, "rwxat" }
-};
-
-int test_have_all_accesses(const rules_t &rules);
-int test_have_any_accesses(const rules_t &rules);
-int test_have_nosmack_accesses(const rules_t &rules);
-
-void read_user_gids(std::set<unsigned> &set, const uid_t user_id);
-void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file);
-
-int file_exists(const char *path);
-void check_app_installed(const char *app_path);
-
-void check_perm_app_has_permission(const char *app_label,
- const char *permission,
- bool is_enabled_expected);
-
-int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-
-void test_perm_app_setup_path_PUBLIC_RO(bool smack);
-void test_revoke_permissions(int line_no, const char* app_id);
-void test_app_enable_permissions_efl(bool smack);
-void test_app_disable_permissions_efl(bool smack);
-void test_app_disable_permissions(bool smack);
-bool check_all_accesses(bool smack, const rules_t &rules);
-bool check_no_accesses(bool smack, const rules_t &rules);
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_COMMON_H_ */
+++ /dev/null
-#include <iostream>
-
-int main() {
- std::cout << "Hello Tizen!" << std::endl;
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file libprivilege-control-test.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @version 1.0
- * @brief Main file for libprivilege-control unit tests.
- */
-
-#include <dpl/test/test_runner.h>
-#include <dpl/log/log.h>
-
-int main (int argc, char *argv[])
-{
- LogInfo("Starting libprivilege-control tests");
-
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file libprivilege-control-test.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief Main file for libprivilege-control unit tests.
- */
-
-#include <fcntl.h>
-#include <fstream>
-#include <iostream>
-#include <set>
-#include <string>
-#include <string.h>
-#include <sys/sendfile.h>
-#include <sys/smack.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <vector>
-#include <grp.h>
-#include <pwd.h>
-
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-#include "common/duplicates.h"
-#include <memory.h>
-
-#define CANARY_LABEL "tiny_yellow_canary"
-
-const char *USER_APP_ID = "User";
-
-const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", nullptr };
-const char *PRIVS2[] = { "test_privilege_control_rules2", nullptr };
-const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", nullptr };
-const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", nullptr };
-const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", nullptr };
-
-const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", nullptr };
-const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", nullptr };
-const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", nullptr };
-
-const char *PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", nullptr};
-const char *PRIV_APPSETTING_RULES[] = { "~APP~ ~SETTINGS_PATH~ rwx",
- "~APP~ ~ALL_APPS~ rx",
- nullptr};
-/**
- * Check if every rule is true.
- * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
- */
-int test_have_all_accesses(const rules_t &rules)
-{
- for (size_t i = 0; i < rules.size(); ++i) {
- int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (access <= 0)
- return 0;
- }
- return 1;
-}
-
-/**
- * Check if every rule is true.
- * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
- */
-int test_have_any_accesses(const rules_t &rules)
-{
- for (size_t i = 0; i < rules.size(); ++i) {
- int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (access > 0)
- return 1;
- }
- return 0;
-}
-
-/**
- * NOSMACK version of test_have_accesses functions.
- *
- * This will be used in many tests. Checks if for every rule smack_have_access returns error.
- * If for any of rules smack_have_access will return something different than error, this result
- * is being returned to caller.
- */
-int test_have_nosmack_accesses(const rules_t &rules)
-{
- int result;
- for (uint i = 0; i < rules.size(); ++i) {
- result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result != -1)
- return result;
- }
- return -1;
-}
-
-bool check_all_accesses(bool smack, const rules_t &rules)
-{
- if (smack)
- return test_have_all_accesses(rules) == 1;
- else
- return test_have_nosmack_accesses(rules) == -1;
-}
-
-bool check_no_accesses(bool smack, const rules_t &rules)
-{
- if (smack)
- return test_have_any_accesses(rules) == 0;
- else
- return test_have_nosmack_accesses(rules) == -1;
-}
-
-void read_gids(std::set<unsigned> &set, const char *file_path)
-{
- FILE *f = fopen(file_path, "r");
- RUNNER_ASSERT_ERRNO_MSG(f != nullptr, "Unable to open file " << file_path);
- unsigned gid;
- while (fscanf(f, "%u\n", &gid) == 1) {
- set.insert(gid);
- }
- fclose(f);
-}
-
-void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
-{
- int ret;
-
- errno = 0;
- struct passwd *pw = getpwuid(user_id);
- RUNNER_ASSERT_ERRNO_MSG(pw != nullptr, "getpwuid() failed");
-
- int groups_cnt = 0;
- gid_t *groups_list = nullptr;
- ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
- RUNNER_ASSERT_MSG(ret == -1, "getgrouplist() failed.");
- if (groups_cnt == 0)
- return;
- groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
-
- ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
- if (ret == -1) {
- free(groups_list);
- RUNNER_FAIL_MSG("getgrouplist() failed.");
- }
-
- for (int i = 0; i < groups_cnt; ++i) {
- set.insert(groups_list[i]);
- }
- free(groups_list);
-}
-
-void read_current_gids(std::set<unsigned> &set)
-{
- int groups_cnt = getgroups(0, nullptr);
- RUNNER_ASSERT_ERRNO_MSG(groups_cnt > 0, "Wrong number of supplementary groups");
- gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
- if (getgroups(groups_cnt, groups_list) == -1){
- free(groups_list);
- RUNNER_FAIL_MSG("getgroups failed.");
- }
-
- for (int i = 0; i < groups_cnt; ++i) {
- set.insert(groups_list[i]);
- }
- free(groups_list);
-}
-
-void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
-{
- std::set<unsigned> groups_check;
- std::set<unsigned> groups_current;
- if(dac_file != nullptr)
- read_gids(groups_check, dac_file);
- read_current_gids(groups_current);
-
- std::string groups_left;
- for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
- {
- (void)groups_check.erase(*it);
- if(groups_current.erase(*it) == 0)
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application lost some groups: " << groups_left);
-
- for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
- {
- if(groups_current.erase(*it) == 0)
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application doesn't belong to some required groups: " << groups_left);
-
- for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
- {
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application belongs to groups it should't belong to: " << groups_left);
-}
-
-int file_exists(const char *path)
-{
- FILE *file = fopen(path, "r");
- if (file) {
- fclose(file);
- return 0;
- }
- return -1;
-}
-
-void check_app_installed(const char *app_path)
-{
- RUNNER_ASSERT_MSG(file_exists(app_path) == 0,
- " App not installed: " << app_path);
-}
-
-int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
-void check_perm_app_has_permission(const char *app_label,
- const char *permission,
- bool is_enabled_expected)
-{
- int result;
- bool is_enabled_result;
-
- result = perm_app_has_permission(app_label, APP_TYPE_WGT, permission, &is_enabled_result);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error calling perm_app_has_permission. Result: " << result);
-
- RUNNER_ASSERT_MSG(is_enabled_result == is_enabled_expected,
- " Result of perm_app_has_permission should be: " << is_enabled_expected);
-}
-
-int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
- const char* correctLabel)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
- RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-
-int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_labels_app_dir(fpath, sb, USER_APP_ID);
-}
-
-int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_labels_app_dir(fpath, sb, "_");
-}
-
-int nftw_check_labels_app_public_ro_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- CStringPtr labelPtr;
- char *label;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(LABEL_FOR_PUBLIC_SHARED_DIRS, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- if (S_ISDIR(sb->st_mode)) {
- RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set");
- result = strcmp("TRUE", label);
- RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
-int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(labelPtr.get() == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-void test_perm_app_setup_path_PUBLIC_RO(bool smack)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_ro_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-
- RUNNER_ASSERT(check_all_accesses(smack, {{ USER_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "r"}}));
-}
-
-void test_revoke_permissions(int line_no, const char* app_id)
-{
- int result;
-
- // Cleanup
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_uninstall returned " << result);
-
- // Close transaction to commit uninstallation before further actions
- DB_END
-
- DB_BEGIN
-
- // Install test apps
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_install returned " << result);
-
- // Close transaction to commit installation before further actions
- DB_END
-
- DB_BEGIN
-
- // TEST:
- // Revoke permissions
- result = perm_app_revoke_permissions(app_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
- DB_BEGIN
-
- // Cleanup - uninstall test apps
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_uninstall returned " << result);
-
- DB_END
-}
-
-void test_app_enable_permissions_efl(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
- result = perm_app_install(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- // Register a permission:
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not granted for EFL_APP");
-
- DB_BEGIN
-
- // Cleanup
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- DB_END
-}
-
-void test_app_disable_permissions_efl(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- result = perm_app_install(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not disabled for EFL_APP");
-
- DB_BEGIN
-
- // Register a permission
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not granted for EFL_APP");
-
- DB_BEGIN
-
- // Disable a permission
- result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not disabled for EFL_APP");
-
- DB_BEGIN
-
- // Cleanup
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- DB_END
-}
-
-void test_app_disable_permissions(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app first permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app no r permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2),
- "SMACK accesses not disabled.");
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1),
- "SMACK accesses not disabled.");
-
- DB_BEGIN
-
-/**
- * Test - disable all granted permissions.
- */
-
- // Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Are all the permissions enabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- // Are all the permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
-
-/**
- * Test - disable some granted permissions leaving non complementary and then disabling those too.
- */
-
- DB_BEGIN
-
- // Prepare permissions that will not be disabled
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app first permissions. Result: " << result);
-
- // Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app second permissions. Result: " << result);
-
- // Disable second permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app second permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
-
- // Are all first permissions not disabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules1), "Some of second permissions disabled.");
-
- DB_BEGIN
-
- // Disable first permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app first permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1), "Not all second permisions disabled.");
-
-/**
- * Test - disable only no r granted permissions.
- */
-
- DB_BEGIN
-
- // Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app r permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app no r permissions. Result: " << result);
-
- // Disable same permissions without r
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app no r permissions. Result: " << result);
-
- DB_END
-
- // Is any r permissions disabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
- // Are all no r permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
-
- DB_BEGIN
-
- // Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app no r permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
-
- DB_BEGIN
-
- // Disable all permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
-
- DB_BEGIN
-
- // Clean up after test:
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <string>
-#include <vector>
-#include <fstream>
-#include <sstream>
-#include <set>
-
-#include <fcntl.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/smack.h>
-
-#include <privilege-control.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dpl/log/log.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-#include "common/duplicates.h"
-#include "common/db.h"
-#include "memory.h"
-
-// Error codes for test_libprivilege_strerror
-const std::vector<int> error_codes {
- PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
- PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
- PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
- PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
-};
-
-namespace {
-
-std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
-{
- std::vector<std::string> names;
- for(size_t i = 0; i < size; ++i) {
- names.push_back(prefix + "_" + std::to_string(i) + suffix);
- }
- return names;
-}
-
-const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
-const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
-const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
-const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
-const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
-const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
-const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
-
-void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
-{
- std::ifstream dac_file(dac_file_path);
- RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
-
- auto it = gids.begin();
- std::string line;
- while (std::getline(dac_file,line)) {
- std::istringstream is(line);
- unsigned gid;
- is >> gid;
- RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
- RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
- it++;
- }
-
- RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
-
- dac_file.close();
-}
-
-void remove_smack_files()
-{
- // TODO array
- unlink(OSP_BLAHBLAH);
- unlink(WRT_BLAHBLAH);
- unlink(OTHER_BLAHBLAH);
- unlink(WRT_BLAHBLAH_DAC);
- unlink(OTHER_BLAHBLAH_DAC);
-
- for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
- unlink(OSP_BLAHBLAH_DAC[i].c_str());
-
- for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
- unlink(OSP_BLAHBLAH_DAC[i].c_str());
-}
-
-} // namespace
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
-
-RUNNER_TEST(privilege_control02_perm_app_setup_path_01_PRIVATE)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_PRIVATE failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-}
-
-RUNNER_TEST(privilege_control02_perm_app_setup_path_02_FLOOR)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_FLOOR);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_FLOOR type failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-}
-
-
-RUNNER_TEST_SMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO)
-{
- test_perm_app_setup_path_PUBLIC_RO(true);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
-{
- test_revoke_permissions(__LINE__, WGT_APP_ID);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
-{
- test_revoke_permissions(__LINE__, OSP_APP_ID);
-}
-
-void test_set_app_privilege(
- const char* app_id, app_type_t APP_TYPE,
- const char** privileges, const char* type,
- const char* app_path, const char* dac_file,
- const rules_t &rules) {
- check_app_installed(app_path);
-
- int result;
-
- /* Remove the group file to make sure other tests do not affect current one. This is because all
- apps get the same label "User" */
- const char* db_file = tzplatform_mkpath(TZ_SYS_DB,".privilege_control_app_gids.db");
- RUNNER_ASSERT_MSG(db_file, "Failed to get groups db path");
- result = unlink(db_file);
- RUNNER_ASSERT_MSG(result == 0, "Removing group db failed " << strerror(errno));
-
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- " perm_app_uninstall returned " << result << ". "
- "Errno: " << strerror(errno));
-
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- " perm_app_install returned " << result << ". "
- "Errno: " << strerror(errno));
-
- // TEST:
- result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_all_accesses(rules);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, TZ_APP_UID);
-
- result = perm_app_set_privilege(app_id, type, app_path);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0,
- " Error getting current process label");
- RUNNER_ASSERT_MSG(label != nullptr,
- " Process label is not set");
-
- result = strcmp(USER_APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0,
- " Process label " << label << " is incorrect");
-
- check_groups(groups_before, dac_file);
-}
-
-/**
- * Set APP privileges. wgt.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
-{
- test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
-}
-
-/**
- * Set APP privileges. osp app.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
-{
- test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
-}
-
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_efl)
-{
- test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
- "rpm", EFL_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
-}
-
-/**
- * Add new API feature
- */
-RUNNER_TEST(privilege_control08_add_api_feature)
-{
- int result;
-
- remove_smack_files();
-
- DB_BEGIN
-
- // argument validation
- result = perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
-
- result = perm_add_api_feature(APP_TYPE_OSP,"", nullptr, nullptr, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
-
-
- // Already existing feature:
- // TODO: Database will be malformed. (Rules for these features will be removed.)
- result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty features
- result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty rules
- const char *test1[] = { nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test2[] = { "", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test3[] = { " \t\n", "\t \n", "\n\t ", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // malformed rules
- const char *test4[] = { "malformed", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test5[] = { "malformed malformed", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test6[] = { "-malformed malformed rwxat", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test7[] = { "~/\"\\ malformed rwxat", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test8[] = { "subject object rwxat something else", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
-
- // correct rules
- const char *test9[] = {
- "~APP~ object\t rwxatl",
- " \t \n",
- "subject2\t~APP~ ltxarw",
- "",
- nullptr};
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", nullptr }; // TODO This fails.
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
-
- // TODO For now identical/complementary rules are not merged.
- const char *test12[] = {
- "subject1 ~APP~ rwxatl",
- " \t \n",
- "subject2 ~APP~ ltxarw",
- "",
- nullptr};
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty group ids
- const char *test13[] = { "~APP~ b a", nullptr};
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
- RUNNER_ASSERT(result == -1);
- remove_smack_files();
-
-
- // valid group ids
- result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
- remove_smack_files();
-
- DB_END
-}
-
-/**
- * Add new API feature, assign it to an app and redefine the API feature.
- * Check if app rules has changed after redefinition.
- */
-RUNNER_TEST_SMACK(privilege_control09_perm_add_api_feature_redefine)
-{
- int result;
- const char *permissionName[] = { "org.tizen.test.permtoberedefined", nullptr};
-
- // Rules to be used with the first check
- const rules_t test_rules1 = {
- { GENERATED_APP_ID, PERM_TO_REDEFINE, "rx" },
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "rwx" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
- };
-
- // Rules that contain differences - to be used with the second check (after re-def)
- const rules_t test_rules2 = {
- { GENERATED_APP_ID, PERM_TO_REDEFINE, "rwx" },
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "rx" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "watl" }
- };
-
- // Differences between rules1 and rules2 - should be revoked after re-def)
- const rules_t diff_rules = {
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "w" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
- };
-
- // Rules to be used with the first definition
- const char *perm_rules1[] = {
- "~APP~ " PERM_TO_REDEFINE " rx",
- PERM_TO_REDEFINE " ~APP~ rwx",
- "~APP~ " PERM_SUB_TO_REDEFINE " rx",
- nullptr
- };
-
- // Rules that contain differences - to be used with the second definition (re-def)
- const char *perm_rules2[] = {
- "~APP~ " PERM_TO_REDEFINE " rwx",
- PERM_TO_REDEFINE " ~APP~ rx",
- "~APP~ " PERM_SUB_TO_REDEFINE " watl",
- nullptr
- };
-
- DB_BEGIN
-
- // uninstall app to make sure that all rules and permissions are revoked
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << perm_strerror(result));
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << perm_strerror(result));
-
- result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules1, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_add_api_feature failed: " << result);
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP, permissionName, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_enable_permissions failed: " << perm_strerror(result));
-
- DB_END
-
- // Check if rules are applied
- result = test_have_all_accesses(test_rules1);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
-
- DB_BEGIN
-
- // Redefine the permission
- result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_add_api_feature failed: " << result);
-
- DB_END
-
- // Check if rules are updated
- result = test_have_all_accesses(test_rules2);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added after update.");
- // The difference between rules1 and rules2 should be revoked!
- result = test_have_any_accesses(diff_rules);
- RUNNER_ASSERT_MSG(result == 0, "Permissions are not fully updated.");
-}
-
-/*
- * Check perm_app_uninstall function
- */
-void check_perm_app_uninstall(const char* pkg_id)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(pkg_id);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned: " << perm_strerror(result));
-
- DB_END
-}
-
-RUNNER_TEST(privilege_control07_app_uninstall)
-{
- check_perm_app_uninstall(APP_ID);
-}
-
-/*
- * Check perm_app_install function
- */
-void check_perm_app_install(const char* pkg_id)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(pkg_id);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- DB_END
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-RUNNER_TEST(privilege_control01_app_install)
-{
- check_perm_app_uninstall(APP_ID);
- check_perm_app_install(APP_ID);
- // try install second time app with the same ID - it should pass.
- check_perm_app_install(APP_ID);
-}
-
-/*
- * Check perm_rollback function
- */
-RUNNER_TEST(privilege_control07_app_rollback)
-{
- check_perm_app_uninstall(APP_ID);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- // transaction rollback
- result = perm_rollback();
- RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
-
- DB_END
-}
-
-RUNNER_TEST(privilege_control07_app_rollback_2)
-{
- check_perm_app_uninstall(APP_ID);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- // transaction rollback
- result = perm_rollback();
- RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
-
- // install once again after the rollback
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- DB_END
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-/**
- * Grant SMACK permissions based on permissions list.
- */
-RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
-{
- int result;
-
- // Clean up after test:
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
-/**
- * Test - Enabling all permissions with persistant mode enabled
- */
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Enabling all permissions with persistant mode disabled
- */
-
- DB_BEGIN
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Registering new permissions in two complementary files
- */
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Enabling some permissions and then enabling complementary permissions
- */
-
- DB_BEGIN
-
- // Register permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions without r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
-
- DB_BEGIN
-
- // Register permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app all permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
-/**
- * Test - Enabling some permissions and then enabling all permissions
- */
-
- // Enable permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions without r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
-
- DB_BEGIN
-
- // Enable permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions with only r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
-
-
- // Clean up after test:
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
-
-RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
-{
- test_app_enable_permissions_efl(true);
-}
-
-/*
- * Check perm_app_install function
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
-{
- test_app_disable_permissions_efl(true);
-}
-
-
-/**
- * Remove previously granted SMACK permissions based on permissions list.
- */
-RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
-{
- test_app_disable_permissions(true);
-}
-
-/**
- * Reset SMACK permissions for an application by revoking all previously
- * granted rules and enabling them again from a rules file from disk.
- */
-// TODO: This test is incomplete.
-RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
-{
- int result;
-
-/**
- * Test - doing reset and checking if rules exist again.
- */
-
- DB_BEGIN
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- // Prepare permissions to reset
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- // Reset permissions
- result = perm_app_reset_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error reseting app permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions not disabled?
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
-
-static void smack_set_random_label_based_on_pid_on_self(void)
-{
- int result;
- std::stringstream ss;
-
- ss << "s-" << getpid() << "-" << getppid();
- result = smack_set_label_for_self(ss.str().c_str());
- RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
- << ss.str().c_str() << ") failed");
-}
-
-static void smack_unix_sock_server(int sock)
-{
- int fd, result;
- char *smack_label;
-
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- if (fd < 0)
- return;
-
- FdUniquePtr fdPtr(&fd);
-
- result = smack_new_label_from_self(&smack_label);
- RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
- SmackLabelPtr smackLabelPtr(smack_label);
-
- ssize_t bitsNum = write(fd, smack_label, strlen(smack_label));
- RUNNER_ASSERT_ERRNO_MSG(bitsNum >= 0 && static_cast<size_t>(bitsNum) == strlen(smack_label),
- "write() failed");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
-
- unlink(SOCK_PATH);
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
-
- smack_set_random_label_based_on_pid_on_self();
-
- if (!pid) { /* child process, server */
- int sock, result;
-
- /* Set the process label before creating a socket */
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- result = bind(sock,
- (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
- smack_unix_sock_server(sock);
-
- /* Change the process label with listening socket */
- smack_unix_sock_server(sock);
-
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- /* Now running two concurrent servers.
- Test if socket label was unaffected by fork() */
- smack_unix_sock_server(sock);
- /* Let's give the two servers different labels */
- smack_unix_sock_server(sock);
-
- exit(0);
- } else { /* parent process, client */
- sleep(1); /* Give server some time to setup listening socket */
- int i;
- for (i = 0; i < 4; ++i) {
- int sock;
- int result;
- char smack_label1[SMACK_LABEL_LEN + 1];
- char *smack_label2;
-
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- result = connect(sock,
- (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- alarm(2);
- result = read(sock, smack_label1, SMACK_LABEL_LEN);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
-
- smack_label1[result] = '\0';
- smack_label2 = perm_app_id_from_socket(sock);
- RUNNER_ASSERT_MSG(smack_label2 != nullptr, "perm_app_id_from_socket failed");
- result = strcmp(smack_label1, smack_label2);
- RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
- << "' != '" << smack_label2 << "-" << random() << "'");
- }
- }
-}
-
-RUNNER_TEST(privilege_control20_perm_app_has_permission)
-{
- int result;
- const char *other_app_label = "test_other_app_label";
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error uninstalling app. Result" << result);
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error installing app. Result" << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-}
-
-RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
- int POSITIVE_ERROR_CODE = 1;
- int NONEXISTING_ERROR_CODE = -239042;
- const char *result;
-
- for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
- RUNNER_ASSERT_MSG(strcmp(perm_strerror(*itr), "Unknown error") != 0,
- "Returned invalid error code description.");
- }
-
- result = perm_strerror(POSITIVE_ERROR_CODE);
- RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
- "Bad message returned for invalid error code: \"" << result << "\"");
-
- result = perm_strerror(NONEXISTING_ERROR_CODE);
- RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
- "Bad message returned for invalid error code: \"" << result << "\"");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <dpl/test/test_runner.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-
-
-
-//////////////////////////////////////////////////////
-//TEST FOR INCORRECT PARAMS CHECK IN LIBPRIVILEGE APIS
-//////////////////////////////////////////////////////
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_incorrect_params)
-
-RUNNER_TEST(privilege_control21c_incorrect_params_perm_app_set_privilege)
-{
- RUNNER_ASSERT_MSG(perm_app_set_privilege(nullptr, nullptr, APP_SET_PRIV_PATH) == PC_ERR_INVALID_PARAM,
- "perm_app_set_privilege didn't check if package name isn't nullptr.");
-}
-
-RUNNER_TEST(privilege_control21d_incorrect_params_perm_app_install)
-{
- RUNNER_ASSERT_MSG(perm_app_install(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_install didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_install("") == PC_ERR_INVALID_PARAM,
- "perm_app_install didn't check if pkg_id isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21e_incorrect_params_perm_app_uninstall)
-{
- RUNNER_ASSERT_MSG(perm_app_uninstall(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_uninstall didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_uninstall("") == PC_ERR_INVALID_PARAM,
- "perm_app_uninstall didn't check if pkg_id isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21f_incorrect_params_perm_app_enable_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, nullptr, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if perm_list isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions("", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id is valid");
-}
-
-RUNNER_TEST(privilege_control21g_incorrect_params_app_revoke_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions("") == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions("~APP~") == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21h_incorrect_params_app_reset_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_reset_permissions(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_reset_permissions("") == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_reset_permissions("~APP~") == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21i_incorrect_params_app_setup_path)
-{
- RUNNER_ASSERT_MSG(perm_app_setup_path(APPID_DIR, nullptr, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if path isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_setup_path(nullptr, TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_setup_path("", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_setup_path("~APP~", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21k_incorrect_params_add_api_feature)
-{
- RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM,
- "perm_add_api_feature didn't check if api_feature_name isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, "", nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM,
- "perm_add_api_feature didn't check if api_feature_name isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21l_incorrect_params_ignored_disable_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if perm_list isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions("", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21m_incorrect_params_perm_app_has_permission)
-{
- bool has_permission;
- const char *app_label = "test_app_label";
-
- RUNNER_ASSERT_MSG(perm_app_has_permission(nullptr, APP_TYPE_WGT,
- PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_OTHER,
- PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission should not accept app_type = OTHER.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT,
- nullptr, &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if permission_name isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT,
- PRIVS2[0], nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if has_permission isn't nullptr.");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <memory>
-#include <functional>
-#include <fstream>
-#include <set>
-
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/wait.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <sys/smack.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-#include "common/db.h"
-#include <memory.h>
-
-#define APP_USER_NAME "app"
-#define APP_HOME_DIR "/opt/home/app"
-
-
-#define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
-
-
-/////////////////////////////////////////
-//////NOSMACK ENVIRONMENT TESTS//////////
-/////////////////////////////////////////
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_nosmack)
-
-RUNNER_TEST_NOSMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO_nosmack)
-{
- test_perm_app_setup_path_PUBLIC_RO(false);
-}
-
-/**
- * NOSMACK version of privilege_control04 test.
- *
- * Tries to add permisions from test_privilege_control_rules template and checks if
- * smack_have_access returns -1 on check between every rule.
- */
-RUNNER_TEST_NOSMACK(privilege_control04_add_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- //Add permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error adding app permissions. Result: " << result);
-
- DB_END
-
- //Check if smack_have_access always fails on every rule
- result = test_have_nosmack_accesses(rules_efl);
- RUNNER_ASSERT_MSG(result == -1,
- "Despite SMACK being off some accesses were added. Result: " << result);
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
- db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling permissions: " << perm_strerror(result));
- DB_END
-}
-
-void test_set_app_privilege_nosmack(
- const char* app_id, app_type_t app_type,
- const char** privileges, const char* type,
- const char* app_path, const char* dac_file,
- const rules_t &rules)
-{
- check_app_installed(app_path);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_enable_permissions(app_id, app_type, privileges, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_nosmack_accesses(rules);
- RUNNER_ASSERT_MSG(result == -1,
- " Permissions shouldn't be added. Result: " << result);
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, TZ_APP_UID);
-
- result = perm_app_set_privilege(app_id, type, app_path);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error in perm_app_set_privilege. Error: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = nullptr;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- " new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == nullptr,
- " new_label_from_self shouldn't allocate memory for label.");
-
- check_groups(groups_before, dac_file);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege test.
- *
- * Another very similar test to it's SMACK version, this time smack_new_label_from_self is
- * expected to return different result.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_nosmack)
-{
- int result;
-
- check_app_installed(APP_SET_PRIV_PATH);
-
- //Preset exec label
- smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
- smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
-
- DB_BEGIN
- perm_app_uninstall(APP_ID);
- DB_END
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, TZ_APP_UID);
-
- //Set app privileges
- result = perm_app_set_privilege(APP_ID, nullptr, APP_SET_PRIV_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Error: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = nullptr;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory for label.");
-
- //Check if DAC privileges really set
- RUNNER_ASSERT_MSG(getuid() == TZ_APP_UID, "Wrong UID");
- RUNNER_ASSERT_MSG(getgid() == TZ_APP_GID, "Wrong GID");
-
- result = strcmp(getenv("HOME"), APP_HOME_DIR);
- RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR. Result: " << result);
-
- result = strcmp(getenv("USER"), APP_USER_NAME);
- RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME. Result: " << result);
-
- check_groups(groups_before, nullptr);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_wgt test.
- *
- * Same as the above, plus uses test_have_nosmack_accesses instead of test_have_all_accesses.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_nosmack)
-{
- test_set_app_privilege_nosmack(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_osp test.
- *
- * Same as the above.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_nosmack)
-{
- test_set_app_privilege_nosmack(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_efl_nosmack)
-{
- test_set_app_privilege_nosmack(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
- "rpm", EFL_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack)
-{
- test_revoke_permissions(__LINE__, WGT_APP_ID);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_nosmack)
-{
- test_revoke_permissions(__LINE__, OSP_APP_ID);
-}
-
-/**
- * NOSMACK version of privilege_control11_app_enable_permissions test.
- *
- * Since the original test did the same thing around five times, there is no need to redo the
- * same test for perm_app_enable_permissions. perm_app_enable_permissions will be called once,
- * test_have_nosmack_accesses will check if smack_have_access still returns error and then
- * we will check if SMACK file was correctly created.
- */
-RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling app permissions. Result: " << result);
-
- DB_END
-
- //Check if accesses aren't added
- result = test_have_nosmack_accesses(rules2);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
- db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_WGT, PRIVS2, true);
-
- DB_BEGIN
-
- //Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(privilege_control11_app_enable_permissions_efl_nosmack)
-{
- test_app_enable_permissions_efl(false);
-}
-
-/*
- * Check perm_app_install function
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control12_app_disable_permissions_efl_nosmack)
-{
- test_app_disable_permissions_efl(false);
-}
-
-/**
- * Remove previously granted SMACK permissions based on permissions list.
- */
-RUNNER_TEST_NOSMACK(privilege_control12_app_disable_permissions_nosmack)
-{
- test_app_disable_permissions(false);
-}
-
-/**
- * NOSMACK version of privilege_control13 test.
- *
- * Uses perm_app_reset_permissions and checks with test_have_nosmack_accesses if nothing has
- * changed.
- */
-RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- // Prepare permissions to reset
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
-
- // Reset permissions
- result = perm_app_reset_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error reseting app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_nosmack_accesses(rules2);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be changed. Result: " << result);
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-}
-
-/**
- * NOSMACK version of privilege_control15_app_id_from_socket.
- *
- * SMACK version of this test case utilized smack_new_label_from_self and smack_set_label_for_self.
- * Those functions rely on /proc/self/attr/current file, which is unreadable and has no contents on
- * NOSMACK environment. Functions mentioned above were tested during libsmack tests, so they are
- * assumed to react correctly and are not tested in this test case.
- *
- * This test works similarly to libsmack test smack09_new_label_from_socket. At first server and
- * client are created then sockets are set up and perm_app_id_from_socket is used. On NOSMACK env
- * correct behavior for perm_app_id_from_socket would be returning nullptr label.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(privilege_control15_app_id_from_socket_nosmack)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
-
- //Clean up before creating socket
- unlink(SOCK_PATH);
-
- //Create our server and client with fork
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
-
- if (!pid) { //child (server)
- int sock, result, fd;
-
- //Create a socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- //Bind socket to address
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- //Prepare for listening
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
-
- //Accept connection
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "accept failed");
-
- //Wait a little bit for client to use perm_app_id_from_socket
- usleep(200);
-
- //cleanup
- exit(0);
- } else { //parent (client)
- // Give server some time to setup listening socket
- sleep(1);
- int sock, result;
- char* smack_label = nullptr;
-
- //Create socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- //Try connecting to address
- result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- //Use perm_app_id_from_socket. Should fail and return nullptr smack_label.
- smack_label = perm_app_id_from_socket(sock);
- RUNNER_ASSERT_MSG(!smack_label, "perm_app_id_from_socket should fail.");
-
- //cleanup
- RUNNER_ASSERT_MSG(smack_label == nullptr, "perm_app_id_from_socket should fail.");
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <vector>
-#include <ftw.h>
-#include <dpl/test/test_runner.h>
-#include <privilege-control.h>
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-
-// ---- Macros and arrays used in stress tests ----
-#define TEST_OSP_FEATURE_APP_ID "test-osp-feature-app"
-#define TEST_WGT_FEATURE_APP_ID "test-wgt-feature-app"
-#define TEST_OSP_FEATURE "OSP_test-feature.osp_rxl"
-#define TEST_WGT_FEATURE "WGT_test-feature.wgt_rxl"
-
-#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1"
-// OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also!
-const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl",
- "~APP~ " TEST_WGT_FEATURE_APP_ID " rl",
- nullptr };
-const char *TEST_OSP_FEATURE_PRIVS[] = { TEST_OSP_FEATURE, nullptr };
-// WGT Api Feature Test data - rwx access only to WGT app
-const char *test_wgt_feature_rule_set[] = { "~APP~ " TEST_WGT_FEATURE_APP_ID " rwx",
- nullptr };
-const char *TEST_WGT_FEATURE_PRIVS[] = { TEST_WGT_FEATURE, nullptr };
-
-rules_t rules_to_test_any_access1 = {
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "r" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "w" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "x" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "a" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "t" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "l" }
-};
-
-rules_t rules_to_test_any_access2 = {
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "r" },
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "x" },
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "l" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "r" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "w" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "x" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "l" }
-};
-
-#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \
- (const rules_t) { \
- { sub, obj, "r" }, \
- { sub, obj, "w" }, \
- { sub, obj, "x" }, \
- { sub, obj, "a" }, \
- { sub, obj, "t" }, \
- { sub, obj, "l" } }
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress)
-
-/**
- * Test - Simulation of 100 installations and uninstallations of one application.
- * Installed application will have various kind of permissions from api
- * features and shared folders.
- */
-void privilege_control22_app_installation_1x100(bool smack)
-{
- int result;
- const int expected_smack_result = smack ? 1:-1;
- std::string shared_dir_auto_label;
-
- // Clear any previously created apps, files, labels and permissions
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_APP_DIR
- << ". Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_NON_APP_DIR
- << ". Result: " << result);
-
- DB_BEGIN
-
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
-
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
-
- // Register appsettings feature
- result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error while registering api feature. Result: " << result);
-
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling App-Setting permissions. Result: " << result);
-
- // Install one additional app (used to check perm to shared directories)
- result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
- const char *test1[] = { nullptr };
- result = perm_app_enable_permissions(TEST_OSP_FEATURE_APP_ID,
- APP_TYPE_OSP, test1, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling permissions. Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
- DB_END
-
-
- // Install app loop
- for (int i = 0; i < 100; ++i)
- {
- DB_BEGIN
-
- // Add application
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Loop index: " << i
- << ". Result: " << result);
-
- // Add persistent permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from OSP Feature. Loop index: "
- << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. Loop index: "
- << i << ". Result: " << result);
-
- DB_END
-
- // add shared dirs
- switch (i%2) // separate odd and even loop runs
- {
- case 0: // Shared dirs: APP_PATH_PRIVATE & APP_PATH_PUBLIC_RO
- {
- DB_BEGIN
-
- // Add app shared dir - APP_PATH_PRIVATE
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- DB_END
-
- // Verify that some previously installed app does not have any access
- // to APP_ID private label
- result = check_no_accesses(smack, rules_to_test_any_access1);
- RUNNER_ASSERT_MSG(result == 1,
- "Error - other app has access to private label. Loop index: "
- << i);
-
- // Get autogenerated Public RO label
- char *label;
- result = smack_getlabel(TEST_NON_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = smack_have_access(GENERATED_APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
-
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Public RO dir are granted. Loop index: "
- << i);
-
- /* all apps are getting the label "User" at the moment. Calling smack_have_access with
- "User" as an argument is no different from previous call */
- /*result = smack_have_access(TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" );
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Public RO dir are granted. Loop index: "
- << i);*/
-
- break;
- }
- case 1: // Shared dirs: APP_PATH_APPSETTING_RW & APP_PATH_GROUP_RW
- {
- DB_BEGIN
-
- // Add app shared dir - APP_PATH_SETTINGS_RW
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- DB_END
-
- // Get autogenerated App-Setting label
- char *label;
- result = smack_getlabel(TEST_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app dir
- // and rx permissions to app
- result = smack_have_access(GENERATED_APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_ID << " "<< shared_dir_auto_label << " rwxatl "
- << "Loop index: " << i);
-
- /* all apps are getting the label "User" at the moment. Calling smack_have_access with
- "User" as an argument is no different from previous call */
- /*result = smack_have_access(APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_TEST_SETTINGS_ASP1 << " " << shared_dir_auto_label << " rwx. "
- << "Loop index: " << i);
-
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, GENERATED_APP_ID, "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_TEST_SETTINGS_ASP1 << " " << GENERATED_APP_ID << " rx"
- << "Loop index: " << i);*/
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = smack_have_access(GENERATED_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- break;
- }
- } // END switch
-
- // check if api-features permissions are added properly
- result = check_all_accesses(smack,
- (const rules_t) {
- { GENERATED_APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" },
- { GENERATED_APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added. Loop index: "
- << i);
-
- // revoke permissions
- result = perm_app_revoke_permissions(GENERATED_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
-
- // check if api-features permissions are removed properly
- result = check_no_accesses(smack, rules_to_test_any_access2);
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions revoked. Loop index: " << i);
-
- // remove labels from app folder
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
- // remove labels from shared folder
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
-
- // uninstall app
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Loop index: " << i
- << ". Result: " << result);
- } // END Install app loop
-
- DB_BEGIN
-
- // Uninstall setting app and additional app
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
- DB_END
-}
-
-/**
- * Test - Simulation of 10 installations and uninstallations of set of 10 applications.
- * Installed applications will have various kind of permissions to each other
- * from api-features and shared folders.
- *
- * APP_TEST_SETTINGS_ASP1 ("test-app-settings-asp1") - registered as setting app
- *
- * Permissions:
- * test_APP0-4 - receive test_osp_feature_rule_set2
- * test_APP5-9 - receive test_wgt_feature_rule_set2
- *
- * During this test there is one directory created for each app for each loop run,
- * dir name syntax is: /tmp/<app_name>_<i-loop_run>
- *
- * test_APP0 & test_APP5 register their directories as APP_PATH_PRIVATE
- * test_APP1, test_APP2 & test_APP6 register their directories as
- * APP_PATH_GROUP_RW using the same label
- * LABEL_FOR_PUBLIC_SHARED_DIRS
- * test_APP3, test_APP7 & test_APP8 register their directories as
- * APP_PATH_PUBLIC_RO
- * test_APP4 & test_APP9 register their directories as
- * APP_PATH_SETTINGS_RW
- */
-void privilege_control23_app_installation2_10x10(bool smack)
-{
- int result;
- const int expected_smack_result = smack ? 1:-1;
- const int app_count = 10;
- std::string shared_dir3_auto_label;
- std::string shared_dir7_auto_label;
- std::string shared_dir8_auto_label;
- std::string setting_dir4_auto_label;
- std::string setting_dir9_auto_label;
- char app_ids[app_count][strlen(APP_ID) + 3];
- char app_dirs[app_count][strlen(APP_ID) + 12];
- const char *test_osp_feature_rule_set2[] = { "~APP~ " APP_ID "6 r",
- "~APP~ " APP_ID "7 rxl",
- "~APP~ " APP_ID "8 rwxal",
- "~APP~ " APP_ID "9 rwxatl",
- nullptr };
- const char *test_wgt_feature_rule_set2[] = { "~APP~ " APP_ID "1 r",
- "~APP~ " APP_ID "2 rxl",
- "~APP~ " APP_ID "3 rwxal",
- "~APP~ " APP_ID "4 rwxatl",
- nullptr };
-
-
- // generate app ids: test_APP0, test_APP1, test_APP2 etc.:
- for (int i = 0; i < app_count; ++i)
- {
- /* Libprivilege-control assigns "User" label to all apps. Replace it when individual labels
- are supported. */
- result = sprintf(app_ids[i], GENERATED_APP_ID);
- RUNNER_ASSERT_MSG(result > 0, "Cannot generate name for app nr: " << i);
- }
-
- DB_BEGIN
-
- // Clear any previously created apps, files, labels and permissions
- for (int i = 0; i < app_count; ++i)
- {
- result = perm_app_revoke_permissions(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions for app: "
- << app_ids[i] << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[i] << ". Result: " << result);
- }
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions."
- << " Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall."
- << " Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install."
- << " Result: " << result);
-
- // Register appsettings feature
- result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error while registering api feature. Result: " << result);
-
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering App-Setting permissions."
- << " Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
- DB_END
-
-
- // Install apps loop
- for (int i = 0; i < 10; ++i)
- {
- DB_BEGIN
-
- // Install 10 apps
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_install(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. App id: "
- << app_ids[j]
- << " Loop index: " << i
- << ". Result: " << result);
-
- // Create 10 directories
- result = sprintf(app_dirs[j],"/tmp/" APP_ID "%d_%d", j, i);
- RUNNER_ASSERT_MSG(result > 0,
- "Cannot generate directory name for app nr: " << j
- << " Loop index: " << i);
- result = mkdir(app_dirs[j], S_IRWXU | S_IRGRP | S_IXGRP);
- RUNNER_ASSERT_ERRNO_MSG(result == 0 || errno == EEXIST,
- "Cannot create directory: " << app_dirs[j]);
- result = nftw(app_dirs[j], &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << app_dirs[j]
- << ". Result: " << result);
- }
-
- // Give permissions from api-features
- for (int j = 0; j < (app_count/2); ++j)
- {
- // add persistent api feature permissions
- result = perm_app_enable_permissions(app_ids[j], APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app__permissions from OSP Feature. App id: "
- << app_ids[j] << " Loop index: " << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(app_ids[j+5], APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. App id: "
- << app_ids[j+5] << " Loop index: " << i << ". Result: " << result);
- }
-
- // Add app shared dirs - APP_PATH_PRIVATE (apps 0, 5)
- result = perm_app_setup_path(app_ids[0], app_dirs[0], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[0]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[5], app_dirs[5], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[5]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW (apps 1, 2, 6)
- result = perm_app_setup_path(app_ids[1], app_dirs[1],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[2], app_dirs[2],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[2]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[6], app_dirs[6],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[6]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO (apps 3, 7, 8)
- result = perm_app_setup_path(app_ids[3], app_dirs[3],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[7], app_dirs[7],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[7]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[8], app_dirs[8],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[8]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_SETTINGS_RW (apps ,4, 9)
- result = perm_app_setup_path(app_ids[4], app_dirs[4],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[4]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[9], app_dirs[9],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[9]
- << " Loop index: " << i << ". Result: " << result);
-
- DB_END
-
- // All apps have the same label "User" so this check makes no sense.
- // Verify that some previously installed app does not have
- // any acces to app 0 and app 5 PRIVATE folders
- /*for (int j = 0; j < app_count; ++j)
- {
- // Apps 1-9 should not have any access to app 0
- if (j != 0)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[0] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
-
- // Apps 0-4 and 6-9 should not have any access to app 5
- if (j != 5)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[5] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
- }*/ // End for Verify PRIVATE
-
- // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[1], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" },
- { app_ids[2], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" },
- { app_ids[6], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- // Get autogenerated Public_RO labels
- char *label;
- result = smack_getlabel(app_dirs[3], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[3]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir3_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[7], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[7]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir7_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[8], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[8]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir8_auto_label = label;
- free(label);
-
- // Verify that all apps have ro permissions to public folders of apps 3, 7 and 8
- // Also apps 3, 7 and 8 should have all permisisons to their own PUBLIC_RO dirs
- for (int j = 0; j < app_count; ++j)
- {
- if (j == 3)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- // Verify that there are no extra permissions to public dirs
- /*result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);*/
- }
- if (j == 7)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- // Verify that there are no extra permissions to public dirs
- /*result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);*/
- }
- if (j == 8)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- // Verify that there are no extra permissions to other public dirs
- /*result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);*/
- }
-
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Public RO dirs are granted. App id: "
- << app_ids[j] << ". Loop index: " << i);
- } // End for Verify PUBLIC_RO
-
- // Get autogenerated SETTING_RW labels
- result = smack_getlabel(app_dirs[4], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[4] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir4_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[9], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[9] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir9_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app-settings dirs and rx to apps
- result = smack_have_access(app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << app_ids[4] << " " << setting_dir4_auto_label
- << " Loop index: " << i);
- result = smack_have_access(app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << app_ids[9] << " " << setting_dir9_auto_label
- << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- /*result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[4], "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << app_ids[4]
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[9], "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << app_ids[9]
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << setting_dir4_auto_label
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << setting_dir9_auto_label
- << " Loop index: " << i);*/
-
-
-
- // Check if api-features permissions are added properly
- for (int j = 0; j < 5; ++j)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], app_ids[6], "r" },
- { app_ids[j], app_ids[7], "rxl" },
- { app_ids[j], app_ids[8], "rwxal" },
- { app_ids[j], app_ids[9], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- for (int j = 5; j < app_count; ++j)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], app_ids[1], "r" },
- { app_ids[j], app_ids[2], "rxl" },
- { app_ids[j], app_ids[3], "rwxal" },
- { app_ids[j], app_ids[4], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- DB_BEGIN
-
- // Revoke permissions
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_revoke_permissions(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. App id: "
- << app_ids[j] << " Loop index: " << i
- << ". Result: " << result);
- }
-
- DB_END
-
- // All apps have the same label "User" so this check makes no sense.
- // Check if permissions are removed properly
- /*for (int j = 0; j < app_count; ++j)
- {
- // To all other apps
- for (int k = 0; k < app_count; ++k)
- if (j != k)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions revoked. Subject: " << app_ids[j]
- << " Object: " << app_ids[k] << " Loop index: " << i);
- }
- }*/
-
- DB_BEGIN
-
- // Remove labels from folders and uninstall all apps
- for (int j = 0; j < app_count; ++j)
- {
- result = nftw(app_dirs[j], &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS); // rm labels from app folder
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: "
- << app_dirs[j] << " . Loop index: " << i
- << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[j] << " . Loop index: " << i
- << ". Result: " << result);
- }
-
- DB_END
-
- // Remove created dirs
- for (int j = 0; j < app_count; ++j)
- {
- result = rmdir(app_dirs[j]);
- RUNNER_ASSERT_ERRNO_MSG(result == 0,
- "Cannot remove directory: " << app_dirs[j]);
- }
- } // END Install app loop
-
- // Uninstall setting app
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
-}
-
-RUNNER_TEST_SMACK(privilege_control22_app_installation_1x100_smack)
-{
- privilege_control22_app_installation_1x100(true);
-}
-
-RUNNER_TEST_NOSMACK(privilege_control22_app_installation_1x100_nosmack)
-{
- privilege_control22_app_installation_1x100(false);
-}
-
-RUNNER_TEST_SMACK(privilege_control23_app_installation2_10x10_smack)
-{
- privilege_control23_app_installation2_10x10(true);
-}
-
-RUNNER_TEST_NOSMACK(privilege_control23_app_installation2_10x10_nosmack)
-{
- privilege_control23_app_installation2_10x10(false);
-}
+++ /dev/null
-.
\ No newline at end of file
+++ /dev/null
-../
\ No newline at end of file
+++ /dev/null
-../../
\ No newline at end of file
+++ /dev/null
-../../../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-test_APP_REAL
\ No newline at end of file
PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP
REQUIRED
libsmack
- libprivilege-control
cynara-client
cynara-admin
security-manager
${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
)
INCLUDE_DIRECTORIES(SYSTEM
${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/
${PROJECT_SOURCE_DIR}/src/cynara-tests/common/
${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
)
FIND_PACKAGE(Threads)
#include <string>
#include <unordered_set>
+#include <ftw.h>
#include <grp.h>
#include <pwd.h>
#include <access_provider.h>
#include <dpl/log/log.h>
#include <dpl/test/test_runner.h>
-#include <libprivilege-control_test_common.h>
#include <passwd_access.h>
#include <tests_common.h>
#include <sm_api.h>
return "User::Pkg::" + pkgId;
}
+#define FTW_MAX_FDS 16
+
+static int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ smack_lsetlabel(fpath, nullptr, SMACK_LABEL_ACCESS);
+ smack_lsetlabel(fpath, nullptr, SMACK_LABEL_EXEC);
+ smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
+
+ return 0;
+}
+
+static int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ smack_lsetlabel(fpath, "canary_label", SMACK_LABEL_ACCESS);
+ smack_lsetlabel(fpath, "canary_label", SMACK_LABEL_EXEC);
+ smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
+
+ return 0;
+}
+
+static int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ int result;
+ CStringPtr labelPtr;
+ char* label = nullptr;
+
+ /* ACCESS */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ result = strcmp("canary_label", labelPtr.get());
+ RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
+
+ /* EXEC */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ result = strcmp("canary_label", labelPtr.get());
+ RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
+
+ /* TRANSMUTE */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG(labelPtr.get() == nullptr, "TRANSMUTE label on " << fpath << " is set");
+
+ return 0;
+}
+
static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
const char* correctLabel, bool transmute_test, bool exec_test)
{
uninstall_app(app_id, pkg_id, true);
install_app(app_id, pkg_id);
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
- //Clean up before creating socket
- unlink(SOCK_PATH);
- int sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ const auto sockaddr = UDSHelpers::makeAbstractAddress("sm_test_03.socket");
+ int sock = UDSHelpers::createServer(&sockaddr);
SockUniquePtr sockPtr(&sock);
- //Bind socket to address
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
+
//Set socket label to something different than expecedLabel
- result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPIN, socketLabel);
+ result = smack_set_label_for_file(*sockPtr, XATTR_NAME_SMACKIPIN, socketLabel);
RUNNER_ASSERT_ERRNO_MSG(result == 0,
"Can't set socket label. Result: " << result);
- result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPOUT, socketLabel);
+ result = smack_set_label_for_file(*sockPtr, XATTR_NAME_SMACKIPOUT, socketLabel);
RUNNER_ASSERT_ERRNO_MSG(result == 0,
"Can't set socket label. Result: " << result);
Api::setProcessLabel(app_id);
- result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPIN, &label);
+ result = smack_new_label_from_file(*sockPtr, XATTR_NAME_SMACKIPIN, &label);
RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
labelPtr.reset(label);
result = expected_label.compare(label);
RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
expected_label << " Actual: " << label);
- result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPOUT, &label);
+ result = smack_new_label_from_file(*sockPtr, XATTR_NAME_SMACKIPOUT, &label);
RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
labelPtr.reset(label);
result = expected_label.compare(label);
}
runTest smack
-runTest smack-dbus
-runTest libprivilege-control
-#runTest ss-clientsmack
-#runTest ss-server
-#runTest ss-password
-#runTest ss-privilege
-#runTest ss-stress
runTest security-manager
runTest cynara
runTest ckm
echo
libsmack-test "${@:2}" # propagate all remaining arguments (except first)
;;
-"smack-dbus")
- echo "========================================================================="
- echo "SMACK DBUS TEST"
- echo
- smack-dbus-tests "${@:2}"
- ;;
-"libprivilege-control")
- echo "========================================================================="
- echo $1
- echo
- libprivilege-control-test "${@:2}"
- ;;
"security-manager")
echo "========================================================================="
echo "SECURITY MANAGER TESTS"
echo "Correct using:"
echo " security_test.sh <module> <args_for_module>"
echo
- echo "modules: smack, smack-dbus, libprivilege-control, ss-clientsmack"
- echo " ss-server, ss-api-speed, ss-password, ss-stress"
- echo " ss-privilege, security-manager, cynara, ckm"
+ echo "modules: smack, security-manager, cynara, ckm"
;;
esac
+++ /dev/null
-# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Michal Eljasiewicz (m.eljasiewic@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(SMACK_DBUS_TESTS_DEP
- libsmack
- dbus-1
- REQUIRED)
-
-# Targets definition
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SMACK_DBUS_TESTS_DEP_INCLUDE_DIRS}
- )
-
-SET(TARGET_SMACK_DBUS_TESTS "smack-dbus-tests")
-
-# Sources definition
-
-SET(SMACK_DBUS_SOURCES
- ${PROJECT_SOURCE_DIR}/src/smack-dbus-tests/smack_dbus_tests.cpp
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- )
-
-ADD_EXECUTABLE(${TARGET_SMACK_DBUS_TESTS} ${SMACK_DBUS_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_SMACK_DBUS_TESTS}
- ${SMACK_DBUS_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-# Installation
-
-INSTALL(TARGETS ${TARGET_SMACK_DBUS_TESTS} DESTINATION /usr/bin)
+++ /dev/null
-#include <cstring>
-#include <unistd.h>
-#include <sys/smack.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dbus/dbus.h>
-#include "tests_common.h"
-
-#define DBUS_SERVER_NAME "test.method.server"
-#define DBUS_CALLER_NAME "test.method.caller"
-
-#define DBUS_SMACK_NAME "org.freedesktop.DBus"
-#define DBUS_SMACK_OBJECT "/org/freedesktop/DBus"
-#define DBUS_SMACK_INTERFACE "org.freedesktop.DBus"
-#define DBUS_SMACK_METHOD "GetConnectionCredentials"
-
-RUNNER_TEST_GROUP_INIT(SMACK_DBUS);
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tc01_smack_context_from_DBus)
-{
- RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method"
- " yet.");
-
- int ret = -1;
- const char *subject_parent = "subject_parent";
- const char *subject_child = "subject_child";
-
- DBusMessage* msg = nullptr;
- DBusMessageIter args, iter, var, var_iter, var_value;
- DBusConnection* conn = nullptr;
- DBusError err;
- DBusPendingCall *pending = nullptr;
- const char *dbus_server_name = DBUS_SERVER_NAME;
- char *smack_context = nullptr;
-
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed");
-
- if (pid == 0) {
- // child
- ret = smack_set_label_for_self(subject_child);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- "smack_set__label_for_self() failed, ret: " << ret);
-
- // initialize the errors
- dbus_error_init(&err);
-
- // connect to the system bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus
- ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // crate a new method call for checking SMACK context from DBus interface
- msg = dbus_message_new_method_call(DBUS_SMACK_NAME,
- DBUS_SMACK_OBJECT,
- DBUS_SMACK_INTERFACE,
- DBUS_SMACK_METHOD);
-
- RUNNER_ASSERT_MSG(nullptr != msg,
- "dbus_message_new_method_call() failed, ret: " << ret);
-
- // append arguments, we need SMACK context for our parent process "test.method.server"
- dbus_message_iter_init_append(msg, &args);
- ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name);
- RUNNER_ASSERT_MSG(1 == ret, "Out of memory");
-
- // wait for parent to connect to DBus
- sleep(3);
-
- // send message and get a handle for a reply
- // -1 is default timeout
- ret = dbus_connection_send_with_reply (conn, msg, &pending, -1);
- RUNNER_ASSERT_MSG(1 == ret, "Out of memory");
- RUNNER_ASSERT_MSG(nullptr != pending, "Pending call null");
-
- dbus_connection_flush(conn);
-
- // free message
- dbus_message_unref(msg);
-
- // block until reply
- dbus_pending_call_block(pending);
-
- // get the reply
- msg = dbus_pending_call_steal_reply(pending);
- RUNNER_ASSERT_MSG(nullptr != msg, "Reply null");
-
- // free message handle
- dbus_pending_call_unref(pending);
-
- ret = dbus_message_iter_init(msg, &iter);
- RUNNER_ASSERT_MSG(0 != ret, "Message has no arguments");
-
- dbus_message_iter_recurse(&iter, &var);
-
- while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var, &var_iter);
- while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var_iter, &var_value);
- switch(dbus_message_iter_get_arg_type(&var_value)) {
- case DBUS_TYPE_STRING:
- dbus_message_iter_get_basic(&var_value, &smack_context);
- break;
- default:
- ;
- }
- dbus_message_iter_next(&var_iter);
- }
- dbus_message_iter_next(&var);
- }
-
- // free reply and close connection
- dbus_message_unref(msg);
- dbus_connection_unref(conn);
-
- RUNNER_ASSERT(smack_context != nullptr);
- ret = strcmp(smack_context, subject_parent);
- RUNNER_ASSERT_MSG(0 == ret,
- "Context mismatch! context from dbus: " << smack_context);
-
- exit(0);
-
- } else {
- // parent
- ret = smack_set_label_for_self(subject_parent);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- "smack_set_label_for_self() failed, ret: " << ret);
-
- // initialise the error
- dbus_error_init(&err);
-
- // connect to the bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus and check for errors
- ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // close the connection
- dbus_connection_unref(conn);
- }
-}
-
-///////////////////////////////////////
-//////NOSMACK ENV TESTS////////////////
-///////////////////////////////////////
-
-RUNNER_MULTIPROCESS_TEST_NOSMACK(tc01_smack_context_from_DBus_nosmack)
-{
- RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method"
- " yet.");
-
- int ret = -1;
- const char* subject_parent = "subject_parent";
-
- DBusMessage* msg = nullptr;
- DBusMessageIter args, iter, var, var_iter, var_value;
- DBusConnection* conn = nullptr;
- DBusError err;
- DBusPendingCall *pending = nullptr;
- const char *dbus_server_name = DBUS_SERVER_NAME;
- char *smack_context = nullptr;
-
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed");
-
- if (pid == 0) {
- // child
-
- // initialize the errors
- dbus_error_init(&err);
-
- // connect to the system bus and check for errors; failure = exit with result 1
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_FAIL_MSG("Failed to connect to system bus. Ret " << ret);
- }
-
- // request our name on the bus; failure = exit with result 2
- ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_FAIL_MSG("Failed to request name on the bus. Ret " << ret);
- }
-
- // crate a new method call for checking SMACK context from DBus interface
- msg = dbus_message_new_method_call(DBUS_SMACK_NAME,
- DBUS_SMACK_OBJECT,
- DBUS_SMACK_INTERFACE,
- DBUS_SMACK_METHOD);
-
- RUNNER_ASSERT_MSG(msg != nullptr, "dbus_message_new_method_call() failed.");
-
- // append arguments, we need SMACK context for our parent process "test.method.server"
- dbus_message_iter_init_append(msg, &args);
- ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name);
- RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret);
-
- // wait for parent to connect to DBus
- sleep(3);
-
- // send message and get a handle for a reply
- // -1 is default timeout
- ret = dbus_connection_send_with_reply (conn, msg, &pending, -1);
- RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret);
- RUNNER_ASSERT_MSG(pending != nullptr, "Pending call is nullptr.");
-
- dbus_connection_flush(conn);
-
- // free message
- dbus_message_unref(msg);
-
- // block until reply
- dbus_pending_call_block(pending);
-
- // get the reply
- msg = dbus_pending_call_steal_reply(pending);
- RUNNER_ASSERT_MSG(msg != nullptr, "Failed to get the reply from bus.");
-
- // free message handle
- dbus_pending_call_unref(pending);
-
- ret = dbus_message_iter_init(msg, &iter);
- RUNNER_ASSERT_MSG(ret != 0, "DBus message has no arguments. Ret " << ret);
-
- dbus_message_iter_recurse(&iter, &var);
- while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var, &var_iter);
- while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var_iter, &var_value);
- switch(dbus_message_iter_get_arg_type(&var_value)) {
- case DBUS_TYPE_STRING:
- dbus_message_iter_get_basic(&var_value, &smack_context);
- break;
- default:
- ;
- }
- dbus_message_iter_next(&var_iter);
- }
- dbus_message_iter_next(&var);
- }
-
- // free reply and close connection
- dbus_message_unref(msg);
- dbus_connection_unref(conn);
-
- RUNNER_ASSERT(smack_context != nullptr);
- ret = strcmp(smack_context, subject_parent);
- RUNNER_ASSERT_MSG(ret == 0, "Context mismatch. Context " << smack_context);
-
- exit(0);
-
- } else {
- // parent
-
- // initialise the error
- dbus_error_init(&err);
-
- // connect to the bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus and check for errors
- ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // close the connection
- dbus_connection_unref(conn);
- }
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
projects / platform / core / test / security-tests.git / commitdiff