}
//---------------------------------------------------------------------------
-// security_server_get_cookie_size() is no longer ptotected by SMACK
-RUNNER_CHILD_TEST(tc_unit_01_02_security_server_get_cookie_size)
+// Get cookie size when smack is not loaded
+RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
{
- SecurityServer::AccessProvider provider("selflabel_01_02");
+ int ret;
+
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG_BT(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+ ret = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
+}
+
+//---------------------------------------------------------------------------
+// Test setting up a cookie in normal case when smack is not loaded
+RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
+{
+ int ret;
+ int cookieSize = security_server_get_cookie_size();
+ Cookie cookie(cookieSize);
+
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG_BT(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+
+ ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+//---------------------------------------------------------------------------
+// Test setting up a cookie when smack is not loaded but with too small
+// buffer size
+RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
+{
+ int ret;
+ int cookieSize = security_server_get_cookie_size();
+ Cookie cookie(cookieSize);
+
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG_BT(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+
+ ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
+}
+
+//---------------------------------------------------------------------------
+// Get cookie size when smack is loaded
+RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
+{
+ SecurityServer::AccessProvider provider("selflabel_01_05");
provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_get_cookie_size();
{
int cookieSize = security_server_get_cookie_size();
RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
+ "Error in security_server_get_cookie_size(): " << cookieSize);
+
+ Cookie cookie(cookieSize);
+ int ret = security_server_request_cookie(cookie.data(), cookie.size());
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
+ "Error in security_server_request_cookie(): " << ret);
+}
+
+//---------------------------------------------------------------------------
+// Test setting up a cookie in normal case when smack is loaded
+RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
"Error in security_server_get_cookie_size(): " << cookieSize);
+ SecurityServer::AccessProvider provider("selflabel_02_01");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
Cookie cookie(cookieSize);
int ret = security_server_request_cookie(cookie.data(), cookie.size());
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
}
//---------------------------------------------------------------------------
+// Test setting up a cookie when smack is loaded but with too small buffer
+// size
+RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG_BT(cookieSize == KNOWN_COOKIE_SIZE,
+ "Error in security_server_get_cookie_size(): " << cookieSize);
+ cookieSize >>= 1;
+
+ SecurityServer::AccessProvider provider("selflabel_02_02");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ Cookie cookie(cookieSize);
+ int ret = security_server_request_cookie(cookie.data(), cookie.size());
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
+ "Error in security_server_request_cookie(): " << ret);
+}
+
+//---------------------------------------------------------------------------
//root has access to API
RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
{
}
//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_security_server_check_privilege)
+RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
{
RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
Cookie cookie = getCookieFromSS();
}
//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_security_server_check_privilege)
+RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
{
Cookie cookie = getCookieFromSS();
}
//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_security_server_get_cookie_pid)
+RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
{
RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
Cookie cookie = getCookieFromSS();
}
//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_security_server_get_cookie_pid)
+RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
{
Cookie cookie = getCookieFromSS();
}
//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_security_server_get_smacklabel_cookie)
+RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
{
RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
Cookie cookie = getCookieFromSS();
}
//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_security_server_get_smacklabel_cookie)
+RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
{
SecurityServer::AccessProvider provider("selflabel_06_03");
provider.allowFunction("security_server_get_smacklabel_cookie");
//---------------------------------------------------------------------------
// apply smack labels and drop privileges
-RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_cookie_API_access_allow)
+RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
{
add_process_group(PROC_AUDIO_GROUP_NAME);
}
// disable access and drop privileges
-RUNNER_CHILD_TEST(tc_unit_09_02_cookie_API_access_deny)
+RUNNER_CHILD_TEST(tc_unit_09_02_app_user_cookie_API_access_deny)
{
RUNNER_IGNORED_MSG("Security-server sockets are not labeled.");
SecurityServer::AccessProvider provider("subject_1d414140");
}
// NOSMACK version of the test above
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_cookie_API_access_allow_nosmack)
+RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
{
add_process_group(PROC_AUDIO_GROUP_NAME);
#define PROPER_COOKIE_SIZE 20
-#define ENVIRONMENT \
- do { \
- const char *subject_label = "mylabel"; \
- RUNNER_ASSERT_MSG_BT(-1 != system("touch /opt/home/root/pid_cycle"), \
- "Cannot prepare environment for test."); \
- RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(subject_label), \
- "Cannot prepare environment for test."); \
- RUNNER_ASSERT_MSG_BT(-1 != setgid(1), \
- "Cannot prepare environment for test."); \
- RUNNER_ASSERT_MSG_BT(-1 != setuid(1), \
- "Cannot prepare environment for test"); \
- } while (0)
-
-
-/**
- * Environment preparation should only differ in setting label. On NOSMACK system
- * smack_set_label_for_self returns error because of no access to /proc/self/attr/current.
- */
-#define ENVIRONMENT_NOSMACK \
- do { \
- int fd = open("/opt/home/root/pid_cycle", O_CREAT|O_APPEND, 0444);\
- RUNNER_ASSERT_MSG_BT(fd >= 0, \
- "Couldn't create pid_cycle file. errno: " << strerror(errno));\
- close(fd); \
- RUNNER_ASSERT_MSG_BT(-1 != setgid(1), \
- "Cannot prepare environment for test."); \
- RUNNER_ASSERT_MSG_BT(-1 != setuid(1), \
- "Cannot prepare environment for test"); \
- } while (0)
-
-
/**
* Unique_ptr typedef for NOSMACK version of tc06 test
*/
RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_CLIENT_SMACK)
/*
- * test: Check cookie size returned by security_server_get_cookie_size.
- * description: Cookie used by security-server is 20 bytes long.
- * Any other size of cookies should be treated as error.
- * expected: Function security_server_get_cookie_size returns 20.
- */
-RUNNER_CHILD_TEST_SMACK(tc01_security_server_get_cookie_size)
-{
- ENVIRONMENT;
-
- int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG_BT(20 == ret, "ret = " << ret);
-}
-
-/*
- * test: security_server_request_cookie
- * description: Function security_server_request_cookie will return
- * 20 bytes long cookie.
- * expected: function will set up cookie in the array and return
- * SECURITY_SERVER_API_SUCCESS.
- */
-RUNNER_CHILD_TEST_SMACK(tc02_security_server_request_cookie_normal_case)
-{
- ENVIRONMENT;
-
- char cookie[20];
- int ret = security_server_request_cookie(cookie, 20);
- LogDebug("ret = " << ret);
- RUNNER_ASSERT_BT(SECURITY_SERVER_API_SUCCESS == ret);
-}
-
-/*
- * test: security_server_request_cookie
- * description: Function security_server_request_cookie will return
- * 20 bytes long cookie.
- * expected: function will set up cookie in the array and return
- * SECURITY_SERVER_API_SUCCESS.
- */
-RUNNER_CHILD_TEST_SMACK(tc03_security_server_request_cookie_too_small_buffer_size)
-{
- ENVIRONMENT;
-
- char cookie[20];
- int ret = security_server_request_cookie(cookie, 10);
- LogDebug("ret = " << ret);
- RUNNER_ASSERT_BT(SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL == ret);
-}
-
-/*
* test: tc04_security_server_get_gid
* description: Checking for security_server_get_gid
* with nonexisting gid and existing one
/////NOSMACK ENV TESTS/////
///////////////////////////
-/**
- * First four test cases are the same as their SMACK versions. The only difference is environment
- * preparation (described near ENVIRONMENT_NOSMACK macro).
- */
-RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_get_cookie_size_nosmack)
-{
- ENVIRONMENT_NOSMACK;
-
- int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG_BT(ret == 20, "ret = " << ret);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc02_security_server_request_cookie_normal_case_nosmack)
-{
- ENVIRONMENT_NOSMACK;
-
- char cookie[20];
- int ret = security_server_request_cookie(cookie, 20);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc03_security_server_request_cookie_too_small_buffer_size_nosmack)
-{
- ENVIRONMENT_NOSMACK;
-
- char cookie[20];
- int ret = security_server_request_cookie(cookie, 10);
- RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
-}
-
RUNNER_CHILD_TEST_NOSMACK(tc04_security_server_get_gid_nosmack)
{
- ENVIRONMENT_NOSMACK;
+ int ret;
+
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG_BT(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
- int ret = security_server_get_gid("definitely_not_existing_object");
+ ret = security_server_get_gid("definitely_not_existing_object");
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret = " << ret);
ret = security_server_get_gid("root");
RUNNER_ASSERT_MSG_BT(ret == 0, "ret = " << ret);