SET(SM_TESTS_SOURCES
${SM_TEST_SRC}/colour_log_formatter.cpp
+ ${SM_TEST_SRC}/filesystem_fixtures.cpp
${SM_TEST_SRC}/privilege_db_fixture.cpp
${SM_TEST_SRC}/security-manager-tests.cpp
${SM_TEST_SRC}/test_acl.cpp
+ ${SM_TEST_SRC}/test_dac-setup.cpp
${SM_TEST_SRC}/test_log.cpp
${SM_TEST_SRC}/test_filesystem.cpp
${SM_TEST_SRC}/test_file-lock.cpp
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * This file is licensed under the terms of MIT License or the Apache License
+ * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
+ * See the LICENSE file or the notice below for Apache License Version 2.0
+ * details.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file filesystem_fixtures.cpp
+ * @author Tomasz Świerczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief Tests of functions & classes to provide sample paths for manipulation in unit tests
+ */
+
+#include "filesystem_fixtures.h"
+#include "testmacros.h"
+
+#include <fcntl.h>
+#include <linux/xattr.h>
+#include <sys/smack.h>
+#include <sys/stat.h>
+#include <sys/xattr.h>
+
+FileFixture::FileFixture()
+{
+ fd = open(path, O_RDONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+ BOOST_REQUIRE_MESSAGE(fd >= 0, "Failed to open file: " << path);
+}
+
+FileFixture::~FileFixture()
+{
+ BOOST_WARN_MESSAGE(close(fd) == 0, "Error while closing the file: " << path);
+ BOOST_WARN_MESSAGE(unlink(path) == 0, "Error while unlink the file: " << path);
+}
+
+const char* FileFixture::path = "/tmp/SecurityManagerUTFile";
+
+DirectoryFixture::DirectoryFixture()
+{
+ int ret = mkdir(directoryPath, S_IRWXU | S_IRWXG | S_IRWXO);
+ BOOST_REQUIRE_MESSAGE(ret == 0, "Failed to make directory: " << directoryPath);
+
+ ret = mkdir(subdirectoryPath, S_IRWXU | S_IRWXG | S_IRWXO);
+ BOOST_REQUIRE_MESSAGE(ret == 0, "Failed to make directory: " << subdirectoryPath);
+
+ ret = creat(execPath, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
+ BOOST_REQUIRE_MESSAGE(ret >= 0, "Failed to creat file: " << execPath);
+ close(ret);
+
+ ret = symlink(execPath, linkPath);
+ BOOST_REQUIRE_MESSAGE(ret == 0, "Failed to creat symlink: " << linkPath);
+}
+
+DirectoryFixture::~DirectoryFixture()
+{
+ const std::string command = "rm -rf " + std::string(directoryPath);
+ int ret = system(command.c_str());
+ BOOST_WARN_MESSAGE(ret >= 0, "Failed to remove directory: " << directoryPath);
+}
+
+const char* DirectoryFixture::directoryPath = "/tmp/SecurityManagerUTDirectory/";
+const char* DirectoryFixture::subdirectoryPath = "/tmp/SecurityManagerUTDirectory/subdirectory";
+const char* DirectoryFixture::execPath = "/tmp/SecurityManagerUTDirectory/exec";
+const char* DirectoryFixture::linkPath = "/tmp/SecurityManagerUTDirectory/subdirectory/link";
+
+const std::string DirectoryFixture::getLabel(const char* path, const char* xattr) const
+{
+ char buffer[SMACK_LABEL_LEN+1] = {};
+
+ int ret = getxattr(path, xattr, buffer, SMACK_LABEL_LEN+1);
+ BOOST_REQUIRE_MESSAGE(ret > 0, "Failed to get xattr: " << path);
+
+ return std::string(buffer);
+}
+
+bool DirectoryFixture::labelNotExist(const char* path, const char* xattr) const
+{
+ char buffer[SMACK_LABEL_LEN+1] = {};
+
+ int ret = getxattr(path, xattr, buffer, SMACK_LABEL_LEN+1);
+
+ return ret == -1 ? true : false;
+}
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * This file is licensed under the terms of MIT License or the Apache License
+ * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
+ * See the LICENSE file or the notice below for Apache License Version 2.0
+ * details.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+
+struct FileFixture
+{
+ FileFixture();
+ ~FileFixture();
+ int fd;
+ const static char* path;
+};
+
+struct DirectoryFixture
+{
+ DirectoryFixture();
+ ~DirectoryFixture();
+
+ const static char* directoryPath;
+ const static char* subdirectoryPath;
+ const static char* execPath;
+ const static char* linkPath;
+
+ const std::string getLabel(const char* path, const char* xattr) const;
+ bool labelNotExist(const char* path, const char* xattr) const;
+};
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * This file is licensed under the terms of MIT License or the Apache License
+ * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
+ * See the LICENSE file or the notice below for Apache License Version 2.0
+ * details.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file test_dac-setup.cpp
+ * @author Tomasz Świerczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief Tests of functions & classes manipulating DAC permissions
+ */
+
+#include <dpl/exception.h>
+#include <dac-setup.h>
+#include <string>
+#include <stdexcept>
+#include <security-manager-types.h>
+#include <sys/types.h>
+#include <testmacros.h>
+
+#include "access-control-exception.h"
+#include "filesystem_fixtures.h"
+#include "utils.h"
+
+
+using namespace SecurityManager;
+
+BOOST_AUTO_TEST_SUITE(DAC_TEST)
+
+NEGATIVE_FIXTURE_TEST_CASE(T1100_setup_path_rw_n, DirectoryFixture)
+{
+ uid_t owner = 5001; // owner UID
+ std::vector<uid_t> puids = {10001}; // app proces UIDs
+ gid_t author = 101; // author GID
+ BOOST_REQUIRE_THROW(DacSetup::setupPath(owner,
+ directoryPath,
+ SECURITY_MANAGER_ENUM_END,
+ puids,
+ author),
+ AccessControlException::InvalidParam);
+ BOOST_REQUIRE(!DacSetup::isAppPrivatePath(puids[0], directoryPath));
+}
+
+POSITIVE_FIXTURE_TEST_CASE(T1100_setup_path_rw_p, DirectoryFixture)
+{
+ uid_t owner = 5001; // owner UID
+ std::vector<uid_t> puids = {10001}; // app proces UIDs
+ gid_t author = 101; // author GID
+ BOOST_REQUIRE_NO_THROW(DacSetup::setupPath(owner,
+ directoryPath,
+ SECURITY_MANAGER_PATH_RW,
+ puids,
+ author));
+ BOOST_REQUIRE(DacSetup::isAppPrivatePath(puids[0], directoryPath));
+}
+
+
+NEGATIVE_FIXTURE_TEST_CASE(T1101_setup_file_rw_n, FileFixture)
+{
+ uid_t owner = 5001; // owner UID
+ std::vector<uid_t> puids = {10001}; // app proces UIDs
+ gid_t author = 101; // author GID
+ BOOST_REQUIRE_THROW(DacSetup::setupPath(owner,
+ path,
+ SECURITY_MANAGER_ENUM_END,
+ puids,
+ author),
+ AccessControlException::InvalidParam);
+ BOOST_REQUIRE(!DacSetup::isAppPrivatePath(puids[0], path));
+}
+
+POSITIVE_FIXTURE_TEST_CASE(T1101_setup_file_rw_p, FileFixture)
+{
+ uid_t owner = 5001; // owner UID
+ std::vector<uid_t> puids = {10001}; // app proces UIDs
+ gid_t author = 101; // author GID
+ BOOST_REQUIRE_NO_THROW(DacSetup::setupPath(owner,
+ path,
+ SECURITY_MANAGER_PATH_RW,
+ puids,
+ author));
+ BOOST_REQUIRE(DacSetup::isAppPrivatePath(puids[0], path));
+}
+
+NEGATIVE_FIXTURE_TEST_CASE(T1102_setup_path_trusted_n, DirectoryFixture)
+{
+ uid_t owner = 5001; // owner UID
+ std::vector<uid_t> puids = {10001}; // app proces UIDs
+ BOOST_REQUIRE_THROW(DacSetup::setupPath(owner,
+ directoryPath,
+ SECURITY_MANAGER_PATH_TRUSTED_RW,
+ puids,
+ std::nullopt), // no author, should throw
+ AccessControlException::InvalidParam);
+ BOOST_REQUIRE(!DacSetup::isAppPrivatePath(puids[0], directoryPath));
+}
+
+POSITIVE_FIXTURE_TEST_CASE(T1103_private_file_sharing_p, FileFixture)
+{
+ uid_t owner = 5001; // owner UID
+ std::vector<uid_t> puids = {10001}; // app proces UIDs
+ gid_t author = 101; // author GID
+ BOOST_REQUIRE_NO_THROW(DacSetup::setupPath(owner,
+ path,
+ SECURITY_MANAGER_PATH_RW,
+ puids,
+ author));
+ BOOST_REQUIRE(DacSetup::isAppPrivatePath(puids[0], path));
+ uid_t target_puid = 10002;
+ BOOST_REQUIRE_NO_THROW(DacSetup::addPrivateSharing(target_puid, path));
+ BOOST_REQUIRE_NO_THROW(DacSetup::removePrivateSharing(target_puid, path));
+}
+
+POSITIVE_FIXTURE_TEST_CASE(T1104_pkg_base_path, DirectoryFixture)
+{
+ uid_t owner = 5001; // owner UID
+ std::vector<uid_t> puids = {10001}; // app proces UIDs
+ BOOST_REQUIRE_NO_THROW(DacSetup::setupPkgBasePath(owner,
+ directoryPath,
+ puids));
+}
+
+BOOST_AUTO_TEST_SUITE_END()
#include <algorithm>
#include <credentials.h>
+#include <check-proper-drop.h>
#include <dpl/errno_string.h>
#include <dpl/exception.h>
#include <string>
}
#endif // SMACK_ENABLED
+POSITIVE_TEST_CASE(T311_capabilities_computeFlags)
+{
+ BOOST_REQUIRE_NO_THROW((void)CheckProperDrop::computeFlags());
+}
+
BOOST_AUTO_TEST_SUITE_END()
*/
#include "access-control-exception.h"
+#include "filesystem_fixtures.h"
#include "protocols.h"
#include "smack-labels.h"
#include "smack-setup.h"
using namespace SecurityManager;
using namespace SecurityManager::SmackLabels;
-struct FileFixture
-{
- FileFixture()
- {
- fd = open(path, O_RDONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
- BOOST_REQUIRE_MESSAGE(fd >= 0, "Failed to open file: " << path);
- }
-
- ~FileFixture()
- {
- BOOST_WARN_MESSAGE(close(fd) == 0, "Error while closing the file: " << path);
- BOOST_WARN_MESSAGE(unlink(path) == 0, "Error while unlink the file: " << path);
- }
-
- int fd;
- const static char* path;
-};
-
-const char* FileFixture::path = "/tmp/SecurityManagerUTFile";
-
-struct DirectoryFixture
-{
- DirectoryFixture()
- {
- int ret = mkdir(directoryPath, S_IRWXU | S_IRWXG | S_IRWXO);
- BOOST_REQUIRE_MESSAGE(ret == 0, "Failed to make directory: " << directoryPath);
-
- ret = mkdir(subdirectoryPath, S_IRWXU | S_IRWXG | S_IRWXO);
- BOOST_REQUIRE_MESSAGE(ret == 0, "Failed to make directory: " << subdirectoryPath);
-
- ret = creat(execPath, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
- BOOST_REQUIRE_MESSAGE(ret >= 0, "Failed to creat file: " << execPath);
- close(ret);
-
- ret = symlink(execPath, linkPath);
- BOOST_REQUIRE_MESSAGE(ret == 0, "Failed to creat symlink: " << linkPath);
- }
-
- ~DirectoryFixture()
- {
- const std::string command = "rm -rf " + std::string(directoryPath);
- int ret = system(command.c_str());
- BOOST_WARN_MESSAGE(ret >= 0, "Failed to remove directory: " << directoryPath);
- }
-
- const static char* directoryPath;
- const static char* subdirectoryPath;
- const static char* execPath;
- const static char* linkPath;
-
- const std::string getLabel(const char* path, const char* xattr) const;
- bool labelNotExist(const char* path, const char* xattr) const;
-};
-
-const char* DirectoryFixture::directoryPath = "/tmp/SecurityManagerUTDirectory/";
-const char* DirectoryFixture::subdirectoryPath = "/tmp/SecurityManagerUTDirectory/subdirectory";
-const char* DirectoryFixture::execPath = "/tmp/SecurityManagerUTDirectory/exec";
-const char* DirectoryFixture::linkPath = "/tmp/SecurityManagerUTDirectory/subdirectory/link";
-
-const std::string DirectoryFixture::getLabel(const char* path, const char* xattr) const
-{
- char buffer[SMACK_LABEL_LEN+1] = {};
-
- int ret = getxattr(path, xattr, buffer, SMACK_LABEL_LEN+1);
- BOOST_REQUIRE_MESSAGE(ret > 0, "Failed to get xattr: " << path);
-
- return std::string(buffer);
-}
-
-bool DirectoryFixture::labelNotExist(const char* path, const char* xattr) const
-{
- char buffer[SMACK_LABEL_LEN+1] = {};
-
- int ret = getxattr(path, xattr, buffer, SMACK_LABEL_LEN+1);
-
- return ret == -1 ? true : false;
-}
-
BOOST_AUTO_TEST_SUITE(SMACK_LABELS_TEST)
#ifdef SMACK_ENABLED
projects / platform / core / security / security-manager.git / commitdiff