Add dbus tests for send destination check

* tcc_2130_send_destination_deny
    Check for send destination created in conf file. Not granted for
    client sending message to destination.
* tcc_2170_send_destination_allow
    Check for send destination created in conf file. Granted for
    client sending message to destination.

Change-Id: I6a86aa2ddd822a4c32b5a3c56367665537a87b57

diff --git a/tests/dbus-tests/cynara_dbus_tests.cpp b/tests/dbus-tests/cynara_dbus_tests.cpp
index 09148f2d6bd0945bb27a763d6584d191ae248abe..c206759250675b5b2b1c118dfb41ea95b3581f68 100644 (file)
--- a/tests/dbus-tests/cynara_dbus_tests.cpp
+++ b/tests/dbus-tests/cynara_dbus_tests.cpp
@@ -26,8 +26,10 @@
 
 #include <cynara_test_admin.h>
 #include <dbus_connection.h>
+#include <dbus_message_out.h>
 #include <dbus_test_busconfig_writer.h>
 #include <dbus_test_commons.h>
+#include <dbus_test_service.h>
 #include <smack_access.h>
 #include <tests_common.h>
 
@@ -41,6 +43,21 @@ using namespace DBusTest;
 
 static const std::string ROOT_UID_STR("0");
 
+static const std::string clientIdFromStr(const std::string &str)
+{
+    return str + "Client";
+}
+
+static const std::string serviceIdFromStr(const std::string &str)
+{
+    return str + "Service";
+}
+
+static const std::string memberFromStr(const std::string &str)
+{
+    return str + "Member";
+}
+
 static const std::string privilegeFromStr(const std::string &str)
 {
     return str + "Privilege";
@@ -147,3 +164,101 @@ RUNNER_CHILD_TEST_SMACK(tcc_1270_own_prefix_allow)
 {
     testOwn("tcc1270", addBusconfigPolicyOwnPrefix, true);
 }
+
+static void addBusconfigPolicySendDestination(const std::string &testId)
+{
+    const std::string methodCall = "method_call";
+    BusConfigWriter writer;
+    writer.addPolicyAllow({{Attr::OWN_PREFIX, CONNECTION_NAME_PREFIX}});
+    writer.addPolicyAllow({{Attr::RECEIVE_TYPE, methodCall}});
+    writer.addPolicyCheck(privilegeFromStr(clientIdFromStr(testId)),
+                          {{Attr::SEND_DESTINATION, connectionNameFromStr(serviceIdFromStr(testId))}});
+    writer.save();
+}
+
+static void runSendClient(const std::string &testId)
+{
+    const std::string clientId(clientIdFromStr(testId));
+    const std::string serviceId(serviceIdFromStr(testId));
+    const ServiceCreds serviceCreds(serviceId);
+
+    sleep(1);
+
+    RUNNER_ASSERT(0 == smack_set_label_for_self(smackLabelFromStr(clientId).c_str()));
+    DBus::Connection client(DBUS_BUS_SYSTEM, true);
+    client.requestName(connectionNameFromStr(clientId));
+
+    DBus::MessageOut messageOut(serviceCreds.connectionName(),
+                                serviceCreds.objectPath(),
+                                serviceCreds.interface(),
+                                memberFromStr(serviceId));
+    client.send(messageOut);
+    client.flush();
+
+    sleep(1);
+}
+
+static void runSendService(const std::string &testId, bool allow)
+{
+    const std::string clientId(clientIdFromStr(testId));
+    const std::string serviceId(serviceIdFromStr(testId));
+    const std::string member(memberFromStr(serviceId));
+    const ServiceCreds serviceCreds(serviceId);
+
+    Service service(serviceCreds);
+    bool finish = false;
+    if (allow) {
+        service.insertMethodHandler(
+            member,
+            [&] (DBus::Connection &connection,
+                 DBus::MessageIn &messageIn,
+                 std::string &errorMessage)->void {
+                    (void) connection;
+                    (void) messageIn;
+                    (void) errorMessage;
+                    finish = true;
+                });
+    } else {
+        service.insertMethodHandler(
+            member,
+            [&] (DBus::Connection &connection,
+                 DBus::MessageIn &messageIn,
+                 std::string &errorMessage)->void {
+                    (void) connection;
+                    (void) messageIn;
+                    errorMessage = "Should not be able to send to " + serviceCreds.connectionName();
+                });
+    }
+    service.run(finish, !allow);
+
+    assertUnlink(CONF_FILE_PATH);
+}
+
+static void testSend(const std::string &testId, bool allow)
+{
+    SmackAccess access;
+    const std::string clientId(clientIdFromStr(testId));
+
+    addBusconfigPolicySendDestination(testId);
+    addSmackAccessForDbus(access, smackLabelFromStr(clientId));
+    if (allow)
+        addCynaraPolicy(clientId);
+
+    sleep(1);
+
+    pid_t pid = assertFork();
+    if (pid == 0)
+        runSendClient(testId);
+    else
+        runSendService(testId, allow);
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tcc_2130_send_destination_deny)
+{
+    testSend("tcc2130", false);
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tcc_2170_send_destination_allow)
+{
+    testSend("tcc2170", true);
+}