: m_mySubject(mySubject)
{}
-void AccessProvider::allowFunction(const std::string &functionName, const Tracker &tracker) {
+void AccessProvider::allowFunction(const std::string &functionName) {
static const std::map<std::string, std::string> translation = {
{"security_server_get_gid", "security-server::api-get-gid"},
{"security_server_request_cookie", "none"},
auto it = translation.find(functionName);
RUNNER_ASSERT_MSG_BT(it != translation.end(),
- tracker.str() << "Error no function " << functionName << " in security server.");
+ "Error no function " << functionName << " in security server.");
- m_smackAccess.add(m_mySubject, it->second, "w", tracker);
+ m_smackAccess.add(m_mySubject, it->second, "w");
}
-void AccessProvider::allowAPI(const std::string &api, const std::string &rule, const Tracker &tracker) {
- m_smackAccess.add(m_mySubject, api, rule, tracker);
+void AccessProvider::allowAPI(const std::string &api, const std::string &rule) {
+ m_smackAccess.add(m_mySubject, api, rule);
}
-void AccessProvider::apply(const Tracker &tracker) {
- m_smackAccess.apply(tracker);
+void AccessProvider::apply() {
+ m_smackAccess.apply();
}
-void AccessProvider::applyAndSwithToUser(int uid, int gid, const Tracker &tracker) {
+void AccessProvider::applyAndSwithToUser(int uid, int gid) {
RUNNER_ASSERT_MSG_BT(0 == smack_revoke_subject(m_mySubject.c_str()),
- tracker.str() << "Error in smack_revoke_subject(" << m_mySubject << ")");
- apply(tracker);
+ "Error in smack_revoke_subject(" << m_mySubject << ")");
+ apply();
RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(m_mySubject.c_str()),
- tracker.str() << "Error in smack_set_label_for_self.");
+ "Error in smack_set_label_for_self.");
RUNNER_ASSERT_MSG_BT(0 == setgid(gid),
- tracker.str() << "Error in setgid.");
+ "Error in setgid.");
RUNNER_ASSERT_MSG_BT(0 == setuid(uid),
- tracker.str() << "Error in setuid.");
+ "Error in setuid.");
}
} // namespace SecurityServer
#include <string>
-#include <tracker.h>
#include <smack_access.h>
namespace SecurityServer {
AccessProvider(const AccessProvider &second) = delete;
AccessProvider& operator=(const AccessProvider &second) = delete;
- void allowAPI(const std::string &api, const std::string &rules, const Tracker &tracker = Tracker());
- void allowFunction(const std::string &functionName, const Tracker &tracker = Tracker());
- void apply(const Tracker &tracker = Tracker());
- void applyAndSwithToUser(int uid, int gid, const Tracker &tracker = Tracker());
+ void allowAPI(const std::string &api, const std::string &rules);
+ void allowFunction(const std::string &functionName);
+ void apply();
+ void applyAndSwithToUser(int uid, int gid);
virtual ~AccessProvider(){}
private:
void DBusAccess::connect() {
m_conn = dbus_bus_get_private(DBUS_BUS_SYSTEM, &m_err);
- RUNNER_ASSERT_MSG_BT(dbus_error_is_set(&m_err) != 1, m_tracker.str() <<
+ RUNNER_ASSERT_MSG_BT(dbus_error_is_set(&m_err) != 1,
"Error in dbus_bus_get: " << m_err.message);
dbus_connection_set_exit_on_disconnect(m_conn, FALSE);
}
void DBusAccess::requestName() {
dbus_bus_request_name(m_conn, m_dbus_client_name.c_str(),
DBUS_NAME_FLAG_REPLACE_EXISTING , &m_err);
- RUNNER_ASSERT_MSG_BT(dbus_error_is_set(&m_err) != 1, m_tracker.str() <<
+ RUNNER_ASSERT_MSG_BT(dbus_error_is_set(&m_err) != 1,
"Error in dbus_bus_request_name: " << m_err.message);
}
dbus_systemd_object.c_str(),
dbus_systemd_interface.c_str(),
method.c_str());
- RUNNER_ASSERT_MSG_BT(NULL != m_msg, m_tracker.str() <<
+ RUNNER_ASSERT_MSG_BT(NULL != m_msg,
"Error in dbus_message_new_method_call");
}
dbus_message_iter_init_append(m_msg, &iter);
int ret = dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING,
&dbus_systemd_srv_unit_mode);
- RUNNER_ASSERT_MSG_BT(ret != 0, m_tracker.str() <<
+ RUNNER_ASSERT_MSG_BT(ret != 0,
"Error in dbus_message_iter_append_basic");
}
void DBusAccess::sendMsgWithReply() {
int ret = dbus_connection_send_with_reply(m_conn, m_msg, &m_pending, -1);
- RUNNER_ASSERT_MSG_BT(ret == 1, m_tracker.str() <<
+ RUNNER_ASSERT_MSG_BT(ret == 1,
"Error in dbus_connection_send_with_reply");
- RUNNER_ASSERT_MSG_BT(NULL != m_pending, m_tracker.str() << "Pending call null");
+ RUNNER_ASSERT_MSG_BT(NULL != m_pending, "Pending call null");
dbus_connection_flush(m_conn);
dbus_pending_call_block(m_pending);
void DBusAccess::getMsgReply() {
m_msg = dbus_pending_call_steal_reply(m_pending);
- RUNNER_ASSERT_MSG_BT(NULL != m_msg, m_tracker.str() <<
+ RUNNER_ASSERT_MSG_BT(NULL != m_msg,
"Error in dbus_pending_call_steal_reply");
}
DBusMessageIter iter;
RUNNER_ASSERT_MSG_BT(dbus_message_iter_init(m_msg, &iter) != 0,
- m_tracker.str() << "Message has no arguments");
+ "Message has no arguments");
if (DBUS_TYPE_OBJECT_PATH == dbus_message_iter_get_arg_type(&iter)) {
dbus_message_iter_get_basic(&iter, &object_path);
m_jobID = std::strrchr(object_path, '/') + 1;
} else {
- RUNNER_ASSERT_MSG_BT(false, m_tracker.str() << "No job path in msg");
+ RUNNER_ASSERT_MSG_BT(false, "No job path in msg");
}
dbus_message_unref(m_msg);
dbus_pending_call_unref(m_pending);
if (dbus_message_is_signal(message, a->m_signal_interface.c_str(), a->m_signal_member.c_str()))
{
- RUNNER_ASSERT_MSG_BT(dbus_message_iter_init(message, &iter) != 0, a->m_tracker.str() <<
+ RUNNER_ASSERT_MSG_BT(dbus_message_iter_init(message, &iter) != 0,
"No messages in reply");
RUNNER_ASSERT_MSG_BT(dbus_message_iter_get_arg_type(&iter) == DBUS_TYPE_UINT32,
- a->m_tracker.str() << "Argument is not integer");
+ "Argument is not integer");
dbus_message_iter_get_basic(&iter, &id);
void DBusAccess::handleMsgRestartSignal() {
dbus_bus_add_match(m_conn, m_signal_match.c_str(), &m_err);
- RUNNER_ASSERT_MSG_BT(dbus_error_is_set(&m_err) != 1, m_tracker.str() <<
+ RUNNER_ASSERT_MSG_BT(dbus_error_is_set(&m_err) != 1,
"Error in dbus_bus_add_match: " << m_err.message);
dbus_connection_add_filter(m_conn, signalFilter, reinterpret_cast<void *>(this), NULL);
getMsgReply();
}
-void DBusAccess::restartSS(const Tracker &tracker) {
- m_tracker = tracker;
-
+void DBusAccess::restartSS() {
connectToDBus();
sendRestartToSS();
sendResetFailedToSS();
#include <dbus/dbus.h>
#include <dbus-glib.h>
#include <glib-object.h>
-#include <tracker.h>
#include <string>
public:
DBusAccess();
- void restartSS(const Tracker &tracker = Tracker());
+ void restartSS();
virtual ~DBusAccess();
private:
std::string m_dbus_client_name;
- Tracker m_tracker;
bool m_handled;
};
void SmackAccess::add(
const std::string &subject,
const std::string &object,
- const std::string &rights,
- const Tracker &tracker)
+ const std::string &rights)
{
RUNNER_ASSERT_MSG_BT(0 == smack_accesses_add(m_handle,
subject.c_str(),
object.c_str(),
rights.c_str()),
- tracker.str() << "Error in smack_accesses_add.");
+ "Error in smack_accesses_add.");
}
-void SmackAccess::apply(const Tracker &tracker) {
+void SmackAccess::apply() {
RUNNER_ASSERT_MSG_BT(0 == smack_accesses_apply(m_handle),
- tracker.str() << "Error in smack_accessses_apply.");
+ "Error in smack_accessses_apply.");
}
SmackAccess::~SmackAccess() {
#include <string>
-#include <tracker.h>
-
struct smack_accesses;
class SmackAccess {
void add(const std::string &subject,
const std::string &object,
- const std::string &rights,
- const Tracker &tracker = Tracker());
- void apply(const Tracker &tracker = Tracker());
+ const std::string &rights);
+ void apply();
virtual ~SmackAccess();
private:
struct smack_accesses *m_handle;
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file tracker.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#ifndef __TRACKER_H__
-#define __TRACKER_H__
-
-#include <string>
-#include <cstring>
-#include <sstream>
-
-#define TRACE_FROM_HERE Tracker((strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__), \
- __LINE__, std::string())
-#define TRACE_FROM_HERE_MSG(msg) Tracker((strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : \
- __FILE__), __LINE__, msg)
-
-class Tracker {
-public:
- Tracker()
- : m_line(-1)
- {}
-
- Tracker(const std::string &file, int line, const std::string &message)
- : m_file(file)
- , m_line(line)
- , m_msg(message)
- {}
-
- std::string str() const {
- if (m_line == -1)
- return std::string();
-
- std::ostringstream stream;
- stream << "\n[File: " << m_file << ":" << m_line << m_msg << "]\n";
- return stream.str();
- }
-private:
- std::string m_file;
- int m_line;
- std::string m_msg;
-};
-
-#endif // __TRACKER_H__
const std::string ruleAll = "x";
SecurityServer::AccessProvider provider(subject);
- provider.allowAPI("system::homedir", ruleAll, TRACE_FROM_HERE);
- provider.allowAPI(object, access, TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowAPI("system::homedir", ruleAll);
+ provider.allowAPI(object, access);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
}
//- Add "l" rule to system
//function inside checks if rule exist after add it
SecurityServer::AccessProvider provider(selfLabel);
- provider.allowAPI(filename, "l", TRACE_FROM_HERE);
- provider.apply(TRACE_FROM_HERE);
+ provider.allowAPI(filename, "l");
+ provider.apply();
int ret = smack_have_access(selfLabel.c_str(), filename.c_str(), "l");
RUNNER_ASSERT_MSG_BT(ret == 1, "Error in adding laccess rule - l");
FDUniquePtr fp(&fd, closeFdPtr);
SecurityServer::AccessProvider provider(selfLabel);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = flock(fd, LOCK_EX | LOCK_NB);
RUNNER_ASSERT_MSG_BT(ret < 0, "Error, able to lock file: " << strerror(errno));
#include <access_provider.h>
#include <security-server.h>
#include <smack_access.h>
-#include <tracker.h>
typedef std::unique_ptr<char, void(*)(void *)> UniquePtrCstring;
const int KNOWN_COOKIE_SIZE = 20;
typedef std::vector<char> Cookie;
-Cookie getCookieFromSS(const Tracker &tracker = Tracker()) {
+Cookie getCookieFromSS() {
Cookie cookie(security_server_get_cookie_size());
RUNNER_ASSERT_MSG_BT(SECURITY_SERVER_API_SUCCESS ==
security_server_request_cookie(cookie.data(), cookie.size()),
- tracker.str() << " Error in security_server_request_cookie.");
+ "Error in security_server_request_cookie.");
return cookie;
}
//passing NULL as an object pointer
RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
int ret = security_server_check_privilege_by_cookie(cookie.data(), NULL, "rwx");
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
//passing NULL as an access pointer
RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", NULL);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
//passing NULL as an uid pointer
RUNNER_CHILD_TEST(tc_arguments_06_02_security_server_get_uid_by_cookie)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
int ret = security_server_get_uid_by_cookie(cookie.data(), NULL);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
//passing NULL as an gid pointer
RUNNER_CHILD_TEST(tc_arguments_07_02_security_server_get_gid_by_cookie)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
int ret = security_server_get_gid_by_cookie(cookie.data(), NULL);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
RUNNER_CHILD_TEST(tc_unit_01_02_security_server_get_cookie_size)
{
SecurityServer::AccessProvider provider("selflabel_01_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_get_cookie_size();
RUNNER_ASSERT_MSG_BT(ret == KNOWN_COOKIE_SIZE,
//root has access to API
RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
int ret = security_server_check_privilege(cookie.data(), 0);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
//privileges drop and no smack rule
RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_security_server_check_privilege)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
SecurityServer::AccessProvider provider("selflabel_03_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_check_privilege(cookie.data(), 0);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
//privileges drop and added smack rule
RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_security_server_check_privilege)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
SecurityServer::AccessProvider provider("selflabel_03_03");
- provider.allowFunction("security_server_check_privilege", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_check_privilege");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_check_privilege(cookie.data(), 0);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS,
//root has access to API
RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
int ret = security_server_get_cookie_pid(cookie.data());
RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
//privileges drop and no smack rule
RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_security_server_get_cookie_pid)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
SecurityServer::AccessProvider provider("selflabel_05_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_get_cookie_pid(cookie.data());
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
//privileges drop and added smack rule
RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_security_server_get_cookie_pid)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
SecurityServer::AccessProvider provider("selflabel_05_03");
- provider.allowFunction("security_server_get_cookie_pid", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_get_cookie_pid");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_get_cookie_pid(cookie.data());
RUNNER_ASSERT_MSG_BT(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
{
setLabelForSelf(__LINE__, "selflabel_06_01");
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_01") == 0,
//privileges drop and no smack rule
RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_security_server_get_smacklabel_cookie)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
SecurityServer::AccessProvider provider("selflabel_06_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
RUNNER_ASSERT_MSG_BT(label.get() == NULL,
RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_security_server_get_smacklabel_cookie)
{
SecurityServer::AccessProvider provider("selflabel_06_03");
- provider.allowFunction("security_server_get_smacklabel_cookie", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_get_smacklabel_cookie");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
RUNNER_ASSERT_MSG_BT(strcmp(label.get(), "selflabel_06_03") == 0,
//root has access to API
RUNNER_CHILD_TEST(tc_unit_07_01_security_server_get_uid_by_cookie)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
uid_t uid;
int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
RUNNER_CHILD_TEST_SMACK(tc_unit_07_02_security_server_get_uid_by_cookie)
{
SecurityServer::AccessProvider provider("selflabel_07_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
Cookie cookie(KNOWN_COOKIE_SIZE);
uid_t uid;
RUNNER_CHILD_TEST_SMACK(tc_unit_07_03_security_server_get_uid_by_cookie)
{
SecurityServer::AccessProvider provider("selflabel_07_02");
- provider.allowFunction("security_server_get_uid_by_cookie", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_get_uid_by_cookie");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
uid_t uid;
int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
//root has access to API
RUNNER_CHILD_TEST(tc_unit_08_01_security_server_get_gid_by_cookie)
{
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
gid_t gid;
RUNNER_CHILD_TEST_SMACK(tc_unit_08_02_security_server_get_gid_by_cookie)
{
SecurityServer::AccessProvider provider("selflabel_08_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
Cookie cookie(KNOWN_COOKIE_SIZE);
gid_t gid;
RUNNER_CHILD_TEST_SMACK(tc_unit_08_03_security_server_get_gid_by_cookie)
{
SecurityServer::AccessProvider provider("selflabel_08_03");
- provider.allowFunction("security_server_get_gid_by_cookie", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_get_gid_by_cookie");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
- Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
+ Cookie cookie = getCookieFromSS();
gid_t gid;
int ret = security_server_get_gid_by_cookie(cookie.data(), &gid);
#include <unistd.h>
#include <dbus_access.h>
-#include <tracker.h>
-int restart_security_server(const Tracker &tracker) {
+int restart_security_server() {
DBusAccess dbusAccess;
- dbusAccess.restartSS(tracker);
+ dbusAccess.restartSS();
return 0;
}
* This function should be called at the begining of every SS test, so all the tests
* are independent of each other.
*/
-int reset_security_server(const Tracker &tracker)
+int reset_security_server()
{
const char* path = "/opt/data/security-server/";
const int max_descriptors = 10; //max number of open file descriptors by nftw function
sync();
}
- restart_security_server(tracker);
+ restart_security_server();
return 0;
}
#ifndef SECURITY_SERVER_CLEAN_ENV_H
#define SECURITY_SERVER_CLEAN_ENV_H
-#include <tracker.h>
-
-int reset_security_server(const Tracker &tracker = Tracker());
-int restart_security_server(const Tracker &tracker = Tracker());
+int reset_security_server();
+int restart_security_server();
#endif
#include <security-server.h>
#include <access_provider.h>
-#include <tracker.h>
#include "tests_common.h"
#include <summary_collector.h>
RUNNER_CHILD_TEST_SMACK(tc04_security_server_get_gid)
{
SecurityServer::AccessProvider provider("tc04mylabel");
- provider.allowFunction("security_server_get_gid", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_get_gid");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_get_gid("abc123xyz_pysiaczek");
LogDebug("ret = " << ret);
const char *subject_label = "tc05subjectlabel";
SmackAccess access;
- access.add(subject_label, object_label, access_rights, TRACE_FROM_HERE);
- access.add(subject_label, "security-server::api-cookie-check", "w", TRACE_FROM_HERE);
- access.apply(TRACE_FROM_HERE);
+ access.add(subject_label, object_label, access_rights);
+ access.add(subject_label, "security-server::api-cookie-check", "w");
+ access.apply();
RUNNER_ASSERT_BT(0 == smack_set_label_for_self(subject_label));
int result2 = -1;
SmackAccess access;
- access.add(subject_label, object_label, access_rights, TRACE_FROM_HERE);
- access.apply(TRACE_FROM_HERE);
+ access.add(subject_label, object_label, access_rights);
+ access.apply();
int pid = fork();
RUNNER_ASSERT_BT(-1 != pid);
#pragma GCC diagnostic warning "-Wdeprecated-declarations"
#include <access_provider.h>
#include <security-server.h>
-#include <tracker.h>
#define TEST01_SUBJECT "open-for-client"
FDUniquePtr fd_ptr(&fd, closefdptr);
SecurityServer::AccessProvider provider(TEST01_SUBJECT);
- provider.allowFunction("security_server_open_for", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_open_for");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_open_for(file, fd_ptr.get());
RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
FDUniquePtr fd_ptr(&fd, closefdptr);
SecurityServer::AccessProvider provider(TEST01_SUBJECT);
- provider.allowFunction("security_server_open_for", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_open_for");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_open_for(file, fd_ptr.get());
RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
RUNNER_ASSERT_MSG_BT(ret == (int)strlen(write_buf2), "error in read: " << ret << " err: " << strerror(err));
SecurityServer::AccessProvider provider(TEST01_SUBJECT);
- provider.allowFunction("security_server_open_for", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_open_for");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
ret = security_server_open_for(file, fd_ptr.get());
RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret);
FDUniquePtr fd_ptr(&fd, closefdptr);
SecurityServer::AccessProvider provider(TEST01_SUBJECT);
- provider.allowFunction("security_server_open_for", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_open_for");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
std::vector<std::string> badFile = { "/plik","-plik",".plik","pl..k","..plik",
"..","." };
#include <tests_common.h>
#include <dlog.h>
#include "security_server_clean_env.h"
-#include <tracker.h>
#include <summary_collector.h>
if (getuid() == 0)
{
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
// TESTS:
// WITHOUT password
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
// TESTS:
// WITHOUT password
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment - there is no password now!
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
// TEST
ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
// TEST
ret = security_server_set_pwd(NULL, NULL, 0, 0);
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
// TEST
// 33 char password
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
// TEST
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
{
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
{
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
{
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
{
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
{
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
{
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
// calculate max applicable valid days that will not be rejected by ss
// ensure, that after conversion from days to seconds in ss there will be no uint overflow
unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
int ret;
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
unsigned int i, attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
unsigned int i, attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
int ret;
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
char buf1[33], buf2[33];
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
clean_password_dir();
struct timeval cur_time;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
int ret;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
// TEST
ret = security_server_reset_pwd(NULL, 10, 10);
unsigned int expected_current_attempt,
unsigned int expected_max_attempt,
unsigned int expected_valid_secs,
- const Tracker &tracker = Tracker())
+ const std::string &info)
{
/* ensure that initial values differ from expected ones */
unsigned int attempt = expected_current_attempt - 1;
// validate returned value
RUNNER_ASSERT_MSG_BT(ret == expected_result,
- tracker.str() <<
- "security_server_chk_pwd returned "
+ info << "security_server_chk_pwd returned "
<< ret << " (expected: " << expected_result << ")");
// validate current attempts value
RUNNER_ASSERT_MSG_BT(attempt == expected_current_attempt,
- tracker.str() <<
- "security_server_chk_pwd returned attempt = " << attempt <<
+ info << "security_server_chk_pwd returned attempt = " << attempt <<
" (expected: " << expected_current_attempt << ")");
// validate max attempt value
RUNNER_ASSERT_MSG_BT(max_attempt == expected_max_attempt,
- tracker.str() <<
- "security_server_chk_pwd returned max_attempt = " << max_attempt <<
+ info << "security_server_chk_pwd returned max_attempt = " << max_attempt <<
" (expected: " << expected_max_attempt << ")");
// validate expire seconds
if (expected_valid_secs == PASSWORD_INFINITE_EXPIRATION_TIME) {
RUNNER_ASSERT_MSG_BT(expire_sec == expected_valid_secs,
- tracker.str() <<
- "security_server_chk_pwd returned expire_sec = " << expire_sec <<
+ info << "security_server_chk_pwd returned expire_sec = " << expire_sec <<
" (expected: " << expected_valid_secs << ")");
} else {
// because of sleeps in test code we need to check period of time.
unsigned int end = expected_valid_secs + 5;
RUNNER_ASSERT_MSG_BT(expire_sec >= begin && expire_sec <= end,
- tracker.str() <<
- "security_server_chk_pwd returned expire_sec = " << expire_sec <<
+ info << "security_server_chk_pwd returned expire_sec = " << expire_sec <<
" (expected: <" << begin << "," << end << ")");
}
}
int expected_result,
unsigned int expected_current_attempt,
unsigned int expected_max_attempt,
- const Tracker &tracker = Tracker())
+ const std::string &info = std::string())
{
verify_chk_pwd_basic(
challenge,
expected_current_attempt,
expected_max_attempt,
PASSWORD_INFINITE_EXPIRATION_TIME,
- tracker);
+ info);
}
RUNNER_TEST(tc34_security_server_max_attempts)
{
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
attempt_nr,
max_challenges,
- TRACE_FROM_HERE_MSG(
- std::string("pass = " + std::to_string(pass) +
- ", attempt = " + std::to_string(attempt_nr))));
+ std::string("pass = ") + std::to_string(pass) +
+ ", attempt = " + std::to_string(attempt_nr));
// Check correct password finally
verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
- max_challenges, max_challenges, TRACE_FROM_HERE);
+ max_challenges, max_challenges);
}
}
const unsigned int max_challenge_less = 5;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge_more, 0);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
attempt,
max_challenge_more,
- TRACE_FROM_HERE_MSG(
- std::string("attempt = " + std::to_string(attempt))));
+ std::string("attempt = ") + std::to_string(attempt));
// lower max_challenge
usleep(PASSWORD_RETRY_TIMEOUT_US);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// try valid password - should pass (curr attempts is reset)
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less,
- TRACE_FROM_HERE);
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less);
// remove max attempts limit
usleep(PASSWORD_RETRY_TIMEOUT_US);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// try valid password again - should pass
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0, TRACE_FROM_HERE);
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
// try to change the password - should pass
usleep(PASSWORD_RETRY_TIMEOUT_US);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// validate new password
- verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0, TRACE_FROM_HERE);
+ verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
}
/**
std::string prev_pass, new_pass = TEST_PASSWORD;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
int ret = security_server_set_pwd_history(history_depth);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1,
max_challenge,
- TRACE_FROM_HERE_MSG(
- std::string("depth = " + std::to_string(depth))));
+ std::string("depth = ") + std::to_string(depth));
// challenge previous password
verify_chk_pwd(
SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
2,
max_challenge,
- TRACE_FROM_HERE_MSG(
- std::string("depth = " + std::to_string(depth)).c_str()));
+ std::string("depth = ") + std::to_string(depth));
}
}
RUNNER_TEST(tc37_security_server_challenge_mixed)
{
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
const unsigned int max_challenge = 2;
int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
SECURITY_SERVER_API_SUCCESS,
1,
max_challenge,
- TRACE_FROM_HERE_MSG(
- std::string("i = " + std::to_string(i))));
+ std::string("i = ") + std::to_string(i));
// Ensure that challenging valid password resets 'cuurrent attempt' value.
// If it didn't, the test would fail in third loop pass.
SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1,
max_challenge,
- TRACE_FROM_HERE_MSG(
- std::string("i = " + std::to_string(i))));
+ std::string("i = ") + std::to_string(i));
// correct pwd
verify_chk_pwd(
SECURITY_SERVER_API_SUCCESS,
2,
max_challenge,
- TRACE_FROM_HERE_MSG(
- std::string("i = " + std::to_string(i))));
+ std::string("i = ") + std::to_string(i));
}
// incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
i,
max_challenge,
- TRACE_FROM_HERE_MSG(
- std::string("i = " + std::to_string(i))));
+ std::string("i = ") + std::to_string(i));
// correct - refused
for (unsigned int i = 1; i <= max_challenge; ++i)
SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
max_challenge + i,
max_challenge,
- TRACE_FROM_HERE_MSG(
- std::string("i = " + std::to_string(i))));
+ std::string("i = ") + std::to_string(i));
}
/*
const int increased_history_depth = 3;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
ret = security_server_set_pwd_history(initial_history_depth);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
const unsigned int invalid_attempts_num = 3;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
SECOND_TEST_PASSWORD,
SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
attempt,
- max_challenge,
- TRACE_FROM_HERE_MSG(
- std::string("attempt = " + std::to_string(attempt))));
+ max_challenge);
usleep(PASSWORD_RETRY_TIMEOUT_US);
attempt = max_attempt = expire_sec = UINT_MAX;
SECOND_TEST_PASSWORD,
SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
invalid_attempts_num + 1,
- max_challenge,
- TRACE_FROM_HERE);
+ max_challenge);
// challenge valid password
verify_chk_pwd(
TEST_PASSWORD,
SECURITY_SERVER_API_SUCCESS,
invalid_attempts_num + 2,
- max_challenge,
- TRACE_FROM_HERE);
+ max_challenge);
}
/**
const unsigned int history_depth = 2;
// Prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
int ret = security_server_set_pwd_history(history_depth);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
const unsigned int empty_history_depth = 0;
//prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
//set new history count
int ret = security_server_set_pwd_history(history_depth);
THIRD_TEST_PASSWORD,
SECURITY_SERVER_API_SUCCESS,
3,
- 0,
- TRACE_FROM_HERE);
+ 0);
//make sure that it's possible to reuse old password once history limit is set to 0
usleep(PASSWORD_RETRY_TIMEOUT_US);
RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
{
//prepare environment
- reset_security_server(TRACE_FROM_HERE);
+ reset_security_server();
//set a password
int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
const char *server_api = "security-server::api-data-share";
SmackAccess smack;
- smack.add(subject, object, "-----", TRACE_FROM_HERE);
- smack.add(object, server_api, "rw", TRACE_FROM_HERE);
- smack.apply(TRACE_FROM_HERE);
+ smack.add(subject, object, "-----");
+ smack.add(object, server_api, "rw");
+ smack.apply();
smack_set_label_for_self(object);
const char *object = "yyy78x2lkjz";
SmackAccess smack;
- smack.add(subject, object, "-----", TRACE_FROM_HERE);
- smack.apply(TRACE_FROM_HERE);
+ smack.add(subject, object, "-----");
+ smack.apply();
RUNNER_ASSERT_MSG_BT(0 == smack_set_label_for_self(object), "Error in smack_label_for_self");
RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << str);
SecurityServer::AccessProvider provider(TEST03_SUBJECT);
- provider.allowAPI(API_PASSWD_CHECK, API_RULE_REQUIRED, TRACE_FROM_HERE);
- provider.allowAPI(API_PASSWD_SET, API_RULE_REQUIRED, TRACE_FROM_HERE);
- provider.allowAPI(API_PASSWD_RESET, API_RULE_REQUIRED, TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowAPI(API_PASSWD_CHECK, API_RULE_REQUIRED);
+ provider.allowAPI(API_PASSWD_SET, API_RULE_REQUIRED);
+ provider.allowAPI(API_PASSWD_RESET, API_RULE_REQUIRED);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
ret = security_server_set_pwd_validity(10);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
attempt = max_attempt = expire_sec = 0;
SecurityServer::AccessProvider privider(TEST04_SUBJECT);
- privider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ privider.applyAndSwithToUser(APP_UID, APP_GID);
/*
* now SS should return error
add_process_group(PROC_AUDIO_GROUP_NAME);
SecurityServer::AccessProvider provider(TEST05_SUBJECT);
- provider.allowFunction("security_server_get_gid", TRACE_FROM_HERE);
- provider.allowFunction("security_server_request_cookie", TRACE_FROM_HERE);
- provider.allowFunction("security_server_check_privilege", TRACE_FROM_HERE);
- provider.allowFunction("security_server_get_cookie_pid", TRACE_FROM_HERE);
- provider.allowFunction("security_server_get_smacklabel_cookie", TRACE_FROM_HERE);
- provider.allowFunction("security_server_check_privilege_by_pid", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_get_gid");
+ provider.allowFunction("security_server_request_cookie");
+ provider.allowFunction("security_server_check_privilege");
+ provider.allowFunction("security_server_get_cookie_pid");
+ provider.allowFunction("security_server_get_smacklabel_cookie");
+ provider.allowFunction("security_server_check_privilege_by_pid");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
ret = security_server_request_cookie(cookie, cookie_size);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
char *ss_label = NULL;
SecurityServer::AccessProvider provider(TEST06_SUBJECT);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
ret = security_server_request_cookie(cookie, cookie_size);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow)
{
SecurityServer::AccessProvider provider(TEST07_SUBJECT);
- provider.allowFunction("security_server_app_give_access", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_app_give_access");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
RUNNER_CHILD_TEST_SMACK(tc08_check_API_data_share_denied)
{
SecurityServer::AccessProvider provider(TEST08_SUBJECT);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
int ret = security_server_app_give_access(TEST08_SUBJECT, getpid());
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
SecurityServer::AccessProvider provider(TEST09_SUBJECT);
- provider.allowFunction("security_server_app_has_privilege", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_app_has_privilege");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
// Check if permissions are given
check_app_has_privilege(WGT_APP_ID, APP_TYPE_WGT, perm_list, true);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
SecurityServer::AccessProvider provider(TEST10_SUBJECT);
- provider.allowFunction("security_server_app_has_privilege", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_app_has_privilege");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
// Check if permissions are disabled
check_app_has_privilege(WGT_APP_ID, APP_TYPE_WGT, perm_list, false);
RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
SecurityServer::AccessProvider provider(TEST11_SUBJECT);
- provider.allowFunction("security_server_app_caller_has_privilege", TRACE_FROM_HERE);
- provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
+ provider.allowFunction("security_server_app_caller_has_privilege");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
// Check if permissions are given using "caller" API
check_app_caller_has_privilege(APP_TYPE_WGT, perm_list_pers, true);
projects / platform / core / test / security-tests.git / commitdiff