return str;
}
-void setProcessLabel(const std::string &appId, lib_retcode expectedResult)
+void setAppProcessIdentity(const std::string &appId, lib_retcode expectedResult)
{
- int result = security_manager_set_process_label_from_appid(appId.c_str());
+ int result = security_manager_set_identity(process_type::SM_PROCESS_TYPE_APP, appId.c_str());
RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting process label from app id returned wrong value."
+ "setting app process identity from app id returned wrong value."
<< " App id: " << appId << ";"
<< " Result: " << result << ";"
<< " Expected result: " << expectedResult);
void update(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void uninstall(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
std::string getPkgId(const std::string &appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void setProcessLabel(const std::string &appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void setAppProcessIdentity(const std::string &appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void setProcessGroups(const std::string &appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void dropProcessPrivileges(lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void prepareApp(const std::string &appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
// run client procedure in app context
runInChildParentWait([=]() {
- Api::setProcessLabel(smackLabel);
+ Api::setAppProcessIdentity(smackLabel);
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(appUID, appGID) == 0,
"drop_root_privileges() failed");
procedure();
virtual int serverProcedure(int pipeFd) override
{
- Api::setProcessLabel(m_appContext.appId());
+ Api::setAppProcessIdentity(m_appContext.appId());
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(m_appContext.getUID(), m_appContext.getGID()) == 0,
"drop_root_privileges() failed");
virtual int serverProcedure(int pipeFd) override
{
- Api::setProcessLabel(m_appContext.appId());
+ Api::setAppProcessIdentity(m_appContext.appId());
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(m_appContext.getUID(), m_appContext.getGID()) == 0,
"drop_root_privileges() failed");
virtual int serverProcedure(int pipeFd) override
{
- Api::setProcessLabel(m_appContext.appId());
+ Api::setAppProcessIdentity(m_appContext.appId());
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(m_appContext.getUID(), m_appContext.getGID()) == 0,
"drop_root_privileges() failed");
if (pid != 0) {
waitPid(pid);
} else { //child process
- SecurityManagerTest::Api::setProcessLabel(appInstallHelper.getAppId());
+ SecurityManagerTest::Api::setAppProcessIdentity(appInstallHelper.getAppId());
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUserToSwitch.getUid(),
adminUserToSwitch.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) {
waitPid(pid);
} else { //child process
- SecurityManagerTest::Api::setProcessLabel(appInstallHelper.getAppId());
+ SecurityManagerTest::Api::setAppProcessIdentity(appInstallHelper.getAppId());
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUserToSwitch.getUid(),
adminUserToSwitch.getGid()) == 0,
"drop_root_privileges failed");
void runAccessTest(const AppInstallHelper &app, const std::string &testPath, int accessType) {
auto fun = [&](){
- Api::setProcessLabel(app.getAppId());
+ Api::setAppProcessIdentity(app.getAppId());
RUNNER_ASSERT_ERRNO_MSG(0 == drop_root_privileges(app.getUID(), app.getGID()),
"drop_root_privileges failed.");
accessTest(app.getAppId(), testPath, accessType);
pid_t pid = fork();
RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
if (pid == 0) { // child
- Api::setProcessLabel(app.getAppId());
+ Api::setAppProcessIdentity(app.getAppId());
char *label = nullptr;
CStringPtr labelPtr;
// FIXME - all other existing privileges should be checked
}
-RUNNER_CHILD_TEST(security_manager_11_set_identity)
+RUNNER_CHILD_TEST(security_manager_11a_set_identity_system)
{
- pid_t pid1 = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid1 >= 0, "Fork 1 failed");
- if (pid1 != 0) { //parent process
- waitPid(pid1);
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
} else {
int result = security_manager_set_identity(process_type::SM_PROCESS_TYPE_SYSTEM, nullptr);
RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
"security_manager_set_identity(SM_PROCESS_TYPE_SYSTEM, nullptr) failed");
exit(0);
}
+}
- pid_t pid2 = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid2 >= 0, "Fork 2 failed");
- if (pid2 != 0) { //parent process
- waitPid(pid2);
+RUNNER_CHILD_TEST(security_manager_11b_set_identity_privileged)
+{
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
} else {
- int result = security_manager_set_identity(process_type::SM_PROCESS_TYPE_SYSTEM_PRIVILEGED, nullptr);
+ int result = security_manager_set_identity(process_type::SM_PROCESS_TYPE_SYSTEM_PRIVILEGED,
+ nullptr);
RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
"security_manager_set_identity(SM_PROCESS_TYPE_SYSTEM_PRIVILEGED, nullptr) failed");
exit(0);
}
+}
- const std::string appLocalName = "sm_test_set_identity_local1";
+RUNNER_CHILD_TEST(security_manager_11c_set_identity_app_no_author)
+{
+ const std::string appLocalName = "sm_test_11c_set_identity_app_no_author";
AppInstallHelper appLocal(appLocalName);
ScopedInstaller appInstall(appLocal);
- pid_t pid3 = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid3 >= 0, "Fork 3 failed");
- if (pid3 != 0) { //parent process
- waitPid(pid3);
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
} else {
int result = security_manager_set_identity(process_type::SM_PROCESS_TYPE_APP, nullptr);
- RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_INPUT_PARAM,
- "security_manager_set_identity(SM_PROCESS_TYPE_APP, nullptr) wrongly succeeded");
- result = security_manager_set_identity(process_type::SM_PROCESS_TYPE_APP, appLocal.getAppId().c_str());
- RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_identity(SM_PROCESS_TYPE_APP, appLocal.getAppId().c_str()) failed");
+ RUNNER_ASSERT_MSG(
+ result == SECURITY_MANAGER_ERROR_INPUT_PARAM,
+ "security_manager_set_identity(SM_PROCESS_TYPE_APP, nullptr) wrongly succeeded");
+ result = security_manager_set_identity(process_type::SM_PROCESS_TYPE_APP,
+ appLocal.getAppId().c_str());
+ RUNNER_ASSERT_MSG(
+ result == SECURITY_MANAGER_SUCCESS,
+ "security_manager_set_identity(SM_PROCESS_TYPE_APP, appLocal.getAppId().c_str()) failed"
+ );
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_11d_set_identity_app_author)
+{
+ const std::string appLocalName = "sm_test_11d_set_identity_app_author";
+ AppInstallHelper appLocal(appLocalName);
+ appLocal.setAuthor("sm_test_app_author");
+ ScopedInstaller appInstall(appLocal);
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else {
+ int result = security_manager_set_identity(process_type::SM_PROCESS_TYPE_APP, nullptr);
+ RUNNER_ASSERT_MSG(
+ result == SECURITY_MANAGER_ERROR_INPUT_PARAM,
+ "security_manager_set_identity(SM_PROCESS_TYPE_APP, nullptr) wrongly succeeded");
+ result = security_manager_set_identity(process_type::SM_PROCESS_TYPE_APP,
+ appLocal.getAppId().c_str());
+ RUNNER_ASSERT_MSG(
+ result == SECURITY_MANAGER_SUCCESS,
+ "security_manager_set_identity(SM_PROCESS_TYPE_APP, appLocal.getAppId().c_str()) failed"
+ );
exit(0);
}
}
waitPid(pid);
normalApp.checkPrivileges(allowedPrivsAfterChange, deniedPrivsAfterChange);
} else {
- Api::setProcessLabel(adminApp.getAppId());
+ Api::setAppProcessIdentity(adminApp.getAppId());
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUser.getUid(),adminUser.getGid()) == 0,
"drop_root_privileges failed");
waitPid(pid);
} else {
// here we can check if the function will return it IS an app
- Api::setProcessLabel(app.getAppId());
+ Api::setAppProcessIdentity(app.getAppId());
bool is_app;
RUNNER_ASSERT_MSG(security_manager_self_is_app(&is_app) == SECURITY_MANAGER_SUCCESS,
"failed security_manager_self_is_app");
} else {
pipe.claimChildEp();
// here we can check if the function will return it IS an app
- Api::setProcessLabel(app.getAppId());
+ Api::setAppProcessIdentity(app.getAppId());
pipe.post(); // A1
bool is_app;
RUNNER_ASSERT_MSG(security_manager_is_app_from_pid(getpid(), &is_app) == SECURITY_MANAGER_SUCCESS,
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(app.getAppId());
+ Api::setAppProcessIdentity(app.getAppId());
RUNNER_ASSERT_ERRNO_MSG(
drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(app.getAppId());
+ Api::setAppProcessIdentity(app.getAppId());
RUNNER_ASSERT_ERRNO_MSG(
drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(app.getAppId());
+ Api::setAppProcessIdentity(app.getAppId());
RUNNER_ASSERT_ERRNO_MSG(
drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(app1.getAppId());
+ Api::setAppProcessIdentity(app1.getAppId());
RUNNER_ASSERT_ERRNO_MSG(
drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(privManagerAppId);
+ Api::setAppProcessIdentity(privManagerAppId);
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(privManagerAppId);
+ Api::setAppProcessIdentity(privManagerAppId);
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(normalUserToSwitch.getUid(),
normalUserToSwitch.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(privManagerAppId);
+ Api::setAppProcessIdentity(privManagerAppId);
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUserToSwitch.getUid(),
adminUserToSwitch.getGid()) == 0,
"drop_root_privileges failed");
pid_t pid = fork();
RUNNER_ASSERT_ERRNO_MSG(pid >=0, "Fork failed");
if (pid == 0) { //child #1 process
- Api::setProcessLabel(privManagerAppId);
+ Api::setAppProcessIdentity(privManagerAppId);
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(normalUser.getUid(), normalUser.getGid()) == 0,
"drop_root_privileges failed");
auto &app1 = uidToAIHs[normalUser.getUid()][0];
pid = fork();
RUNNER_ASSERT_ERRNO_MSG(pid >=0, "Fork failed");
if (pid == 0) { //child #2 process
- Api::setProcessLabel(privManagerAppId);
+ Api::setAppProcessIdentity(privManagerAppId);
// Admin user, but in context of app, which doesn't have usermanagement privilege
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUser.getUid(), adminUser.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) {
waitPid(pid);
} else { //child process
- Api::setProcessLabel(privManager.getAppId());
+ Api::setAppProcessIdentity(privManager.getAppId());
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUserToSwitch.getUid(),
adminUserToSwitch.getGid()) == 0,
"drop_root_privileges failed");
adminUser.getUidString().c_str(), updatePriv.c_str(), CYNARA_ADMIN_ALLOW,
nullptr);
} else {
- Api::setProcessLabel(privManager.getAppId());
+ Api::setAppProcessIdentity(privManager.getAppId());
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUser.getUid(), adminUser.getGid()) == 0,
"drop_root_privileges failed");
adminUser.getUidString().c_str(), updatePriv.c_str(), CYNARA_ADMIN_ALLOW,
nullptr);
} else {
- Api::setProcessLabel(privManager.getAppId());
+ Api::setAppProcessIdentity(privManager.getAppId());
RUNNER_ASSERT_MSG(drop_root_privileges(adminUser.getUid(), adminUser.getGid()) == 0,
"drop_root_privileges failed");
admin.adminCheck("", false, app.generateAppLabel().c_str(), user.getUidString().c_str(),
updatePriv.c_str(), CYNARA_ADMIN_ALLOW, nullptr);
} else {
- Api::setProcessLabel(privManager.getAppId());
+ Api::setAppProcessIdentity(privManager.getAppId());
RUNNER_ASSERT_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
"drop_root_privileges failed");
} else {
synchPipe.claimChildEp();
- Api::setProcessLabel(privManager.getAppId());
+ Api::setAppProcessIdentity(privManager.getAppId());
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
"drop_root_privileges failed");
{
waitPid(pid);
} else {
- Api::setProcessLabel(privManagerAppId);
+ Api::setAppProcessIdentity(privManagerAppId);
RUNNER_ASSERT_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(app.getAppId());
+ Api::setAppProcessIdentity(app.getAppId());
RUNNER_ASSERT_ERRNO_MSG(
drop_root_privileges(user.getUid(), user.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(app.getAppId());
+ Api::setAppProcessIdentity(app.getAppId());
RUNNER_ASSERT_ERRNO_MSG(
drop_root_privileges(user.getUid(), user.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(app1.getAppId());
+ Api::setAppProcessIdentity(app1.getAppId());
RUNNER_ASSERT_ERRNO_MSG(
drop_root_privileges(user1.getUid(), user1.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(app1.getAppId());
+ Api::setAppProcessIdentity(app1.getAppId());
RUNNER_ASSERT_ERRNO_MSG(
drop_root_privileges(user.getUid(), user.getGid()) == 0,
"drop_root_privileges failed");
if (pid != 0) { //parent process
waitPid(pid);
} else { //child process
- Api::setProcessLabel(app1.getAppId());
+ Api::setAppProcessIdentity(app1.getAppId());
RUNNER_ASSERT_ERRNO_MSG(
drop_root_privileges(user.getUid(), user.getGid()) == 0,
"drop_root_privileges failed");
projects / platform / core / test / security-tests.git / commitdiff