Add dbus tests for bus ownership check

* tcc_1130_own_deny
    Check for ownership created in conf file. Not granted for client
    requesting name.
* tcc_1170_own_allow
    Check for ownership created in conf file. Granted for client
    requesting name.

Change-Id: Iaa560246f4837a5713528523e8632b4313b7a534

diff --git a/tests/dbus-tests/CMakeLists.txt b/tests/dbus-tests/CMakeLists.txt
index 61a0c8aa10b949f129822b7bfac8084b2df649b3..3659053199f2480a4475dbac2dd0a30c77de4dfc 100644 (file)
--- a/tests/dbus-tests/CMakeLists.txt
+++ b/tests/dbus-tests/CMakeLists.txt
@@ -23,6 +23,7 @@ INCLUDE(FindPkgConfig)
 # Dependencies
 PKG_CHECK_MODULES(DBUS_TESTS_DEP
     libsmack
+    cynara-admin
     dbus-1
     REQUIRED)
 
@@ -37,6 +38,7 @@ SET(TARGET_DBUS_TESTS "dbus-tests")
 # Sources definition
 
 SET(DBUS_TESTS_SOURCES
+    ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_admin.cpp
     ${PROJECT_SOURCE_DIR}/tests/dbus-tests/main.cpp
     ${PROJECT_SOURCE_DIR}/tests/dbus-tests/common/dbus_test_busconfig_writer.cpp
     ${PROJECT_SOURCE_DIR}/tests/dbus-tests/cynara_dbus_tests.cpp
@@ -45,6 +47,7 @@ SET(DBUS_TESTS_SOURCES
 
 INCLUDE_DIRECTORIES(
     ${PROJECT_SOURCE_DIR}/tests/common/
+    ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/
     ${PROJECT_SOURCE_DIR}/tests/dbus-tests/common/
    )
 

diff --git a/tests/dbus-tests/cynara_dbus_tests.cpp b/tests/dbus-tests/cynara_dbus_tests.cpp
index d5c3329fc7b59f81f0a011469ba0faaef3454525..d71d5c2a26c70bb25b25d10df72f42d09d45c638 100644 (file)
--- a/tests/dbus-tests/cynara_dbus_tests.cpp
+++ b/tests/dbus-tests/cynara_dbus_tests.cpp
@@ -22,5 +22,113 @@
  */
 
 #include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <cynara_test_admin.h>
+#include <dbus_connection.h>
+#include <dbus_test_busconfig_writer.h>
+#include <smack_access.h>
+#include <tests_common.h>
+
+#include <sys/smack.h>
+
+#include <string>
+#include <unistd.h>
+#include <iostream>
+
+using namespace DBusTest;
+
+static const std::string ROOT_UID_STR("0");
+
+static const std::string connectionNameFromStr(const std::string &str)
+{
+    return "com.security_tests." + str;
+}
+
+static const std::string privilegeFromStr(const std::string &str)
+{
+    return str + "Privilege";
+}
+
+static const std::string smackLabelFromStr(const std::string &str)
+{
+    return str + "SmackLabel";
+}
+
+static void addBusconfigPolicyOwn(const std::string &id)
+{
+    BusConfigWriter writer;
+    writer.addPolicyCheck(privilegeFromStr(id), {{Attr::OWN, connectionNameFromStr(id)}});
+    writer.save();
+}
+
+static void assertUnlink(const std::string &filePath)
+{
+    RUNNER_ASSERT_MSG(0 == unlink(filePath.c_str()), "Unable to unlink " << filePath << " file");
+}
+
+static void addCynaraPolicy(const std::string &id)
+{
+    CynaraTestAdmin admin;
+    CynaraPoliciesContainer cp;
+    cp.add(CYNARA_ADMIN_DEFAULT_BUCKET,
+           smackLabelFromStr(id).c_str(), ROOT_UID_STR.c_str(), privilegeFromStr(id).c_str(),
+           CYNARA_ADMIN_ALLOW, nullptr);
+    admin.setPolicies(cp);
+}
+
+static void addSmackAccessForDbus(SmackAccess &access, const std::string &label)
+{
+    access.add("System", label, "rx");
+    access.apply();
+}
+
+static void removeSmackAccessForDbus(SmackAccess &access)
+{
+    access.clear();
+}
+
+static pid_t assertFork()
+{
+    pid_t pid = fork();
+    RUNNER_ASSERT_ERRNO_MSG(pid != -1, "fork() failed");
+    return pid;
+}
 
 RUNNER_TEST_GROUP_INIT(CYNARA_DBUS);
+
+static void testOwn(const std::string &testId, bool allow)
+{
+    SmackAccess access;
+    const std::string label(smackLabelFromStr(testId));
+
+    addBusconfigPolicyOwn(testId);
+    addSmackAccessForDbus(access, label);
+    if (allow)
+        addCynaraPolicy(testId);
+
+    sleep(1);
+
+    pid_t pid = assertFork();
+
+    if (pid == 0) {
+        RUNNER_ASSERT(0 == smack_set_label_for_self(label.c_str()));
+        DBus::Connection client(DBUS_BUS_SYSTEM, true);
+        client.requestName(connectionNameFromStr(testId),
+                           allow ? DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER : -1);
+    } else {
+        sleep(3);
+        removeSmackAccessForDbus(access);
+        assertUnlink(CONF_FILE_PATH);
+    }
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tcc_1130_own_deny)
+{
+    testOwn("tcc1130", false);
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tcc_1170_own_allow)
+{
+    testOwn("tcc1170", true);
+}