CLEANFILES += src/libdbuspolicy1.pc
TESTS = src/test-libdbuspolicy1-ownership \
+ src/test-libdbuspolicy1-ownership-gdi \
src/test-libdbuspolicy1-ownership-deny \
+ src/test-libdbuspolicy1-ownership-deny-gdi \
src/test-libdbuspolicy1-signal \
+ src/test-libdbuspolicy1-signal-gdi \
src/test-libdbuspolicy1-method \
+ src/test-libdbuspolicy1-method-gdi \
src/test-libdbuspolicy1-access-deny \
+ src/test-libdbuspolicy1-access-deny-gdi \
src/test-libdbuspolicy1-send_destination_prefix-deny \
+ src/test-libdbuspolicy1-send_destination_prefix-deny-gdi \
src/test-serializer
check_PROGRAMS = $(TESTS)
src_test_libdbuspolicy1_ownership_SOURCES = src/test-libdbuspolicy1-ownership.cpp
+src_test_libdbuspolicy1_ownership_gdi_SOURCES = src/test-libdbuspolicy1-ownership-gdi.cpp
src_test_libdbuspolicy1_ownership_deny_SOURCES = src/test-libdbuspolicy1-ownership-deny.cpp
+src_test_libdbuspolicy1_ownership_deny_gdi_SOURCES = src/test-libdbuspolicy1-ownership-deny-gdi.cpp
src_test_libdbuspolicy1_signal_SOURCES = src/test-libdbuspolicy1-signal.cpp
+src_test_libdbuspolicy1_signal_gdi_SOURCES = src/test-libdbuspolicy1-signal-gdi.cpp
src_test_libdbuspolicy1_method_SOURCES = src/test-libdbuspolicy1-method.cpp
+src_test_libdbuspolicy1_method_gdi_SOURCES = src/test-libdbuspolicy1-method-gdi.cpp
src_test_libdbuspolicy1_access_deny_SOURCES = src/test-libdbuspolicy1-access-deny.cpp
+src_test_libdbuspolicy1_access_deny_gdi_SOURCES = src/test-libdbuspolicy1-access-deny-gdi.cpp
src_test_libdbuspolicy1_send_destination_prefix_deny_SOURCES = src/test-libdbuspolicy1-send_destination_prefix-deny.cpp
+src_test_libdbuspolicy1_send_destination_prefix_deny_gdi_SOURCES = src/test-libdbuspolicy1-send_destination_prefix-deny-gdi.cpp
src_test_serializer_SOURCES = src/test-serializer.cpp
noinst_LTLIBRARIES = src/libinternal.a
-lexpat
src_test_libdbuspolicy1_ownership_LDADD = $(TESTS_LDADD)
+src_test_libdbuspolicy1_ownership_gdi_LDADD = $(TESTS_LDADD)
src_test_libdbuspolicy1_ownership_deny_LDADD = $(TESTS_LDADD)
+src_test_libdbuspolicy1_ownership_deny_gdi_LDADD = $(TESTS_LDADD)
src_test_libdbuspolicy1_signal_LDADD = $(TESTS_LDADD)
+src_test_libdbuspolicy1_signal_gdi_LDADD = $(TESTS_LDADD)
src_test_libdbuspolicy1_method_LDADD = $(TESTS_LDADD)
+src_test_libdbuspolicy1_method_gdi_LDADD = $(TESTS_LDADD)
src_test_libdbuspolicy1_access_deny_LDADD = $(TESTS_LDADD)
+src_test_libdbuspolicy1_access_deny_gdi_LDADD = $(TESTS_LDADD)
src_test_libdbuspolicy1_send_destination_prefix_deny_LDADD = $(TESTS_LDADD)
+src_test_libdbuspolicy1_send_destination_prefix_deny_gdi_LDADD = $(TESTS_LDADD)
src_test_serializer_LDADD = $(TESTS_LDADD)
if ENABLE_STANDALONE_TESTS
--- /dev/null
+#include <string>
+#include <vector>
+#include <map>
+#include "internal/internal.h"
+#include "internal/policy.hpp"
+#include "internal/naive_policy_checker.hpp"
+#include "internal/naive_policy_db.hpp"
+#include "internal/serializer.hpp"
+#include "internal/include/fb_generated.h"
+#include "internal/storage_backend_serialized.hpp"
+#include "internal/storage_backend_xml.hpp"
+#include <dbuspolicy1/libdbuspolicy1.h>
+
+using namespace ldp_xml_parser;
+using namespace ldp_serialized;
+
+struct AccessTest {
+ Decision expected_result;
+ uid_t user;
+ gid_t group;
+ const char* label;
+};
+
+const char* DEFAULT_LABEL = "User::Shell";
+const char* PRIVILEGED_LABEL = "System::Privileged";
+
+std::map<Decision, const char*> DECISIONS {
+ {Decision::ANY, "ANY"},
+ {Decision::ALLOW, "ALLOW"},
+ {Decision::DENY, "DENY"},
+ {Decision::CHECK, "CHECK"}};
+
+
+const std::vector<AccessTest> default_allow_tests = {
+ {Decision::ALLOW, 0, 0, PRIVILEGED_LABEL},
+ {Decision::ALLOW, 2, 20, DEFAULT_LABEL}, //deny user, allow group
+ {Decision::ALLOW, 3, 30, DEFAULT_LABEL}, //deny group, allow user
+ {Decision::DENY, 4, 30, DEFAULT_LABEL}, //deny group, no user rule
+ {Decision::ALLOW, 5, 5, DEFAULT_LABEL}, //no rules
+ {Decision::DENY, 6, 6, DEFAULT_LABEL}, //deny user (mandatory)
+ {Decision::DENY, 7, 7, DEFAULT_LABEL}, //allow user (def), deny user (mandatory)
+ {Decision::ALLOW, 8, 8, DEFAULT_LABEL}, //deny user (def), allow user (mandatory)
+ {Decision::CHECK, 9991, 9991, DEFAULT_LABEL}, //check-user=allow (def)
+ {Decision::CHECK, 9992, 9992, DEFAULT_LABEL}, //check-user=allow (def), check-group=deny (mandatory)
+ {Decision::CHECK, 9993, 9993, DEFAULT_LABEL}, //check-user=allow (def, mandatory)
+ {Decision::CHECK, 888, 888, PRIVILEGED_LABEL} //check-user=allow (def) (label)
+};
+
+const std::vector<AccessTest> default_deny_tests = {
+ {Decision::DENY, 0, 0, PRIVILEGED_LABEL},
+ {Decision::ALLOW, 2, 20, DEFAULT_LABEL},
+ {Decision::ALLOW, 3, 30, DEFAULT_LABEL},
+ {Decision::DENY, 4, 30, DEFAULT_LABEL},
+ {Decision::DENY, 5, 5, DEFAULT_LABEL}, // no rules, so denied by default
+ {Decision::DENY, 6, 6, DEFAULT_LABEL},
+ {Decision::DENY, 7, 7, DEFAULT_LABEL},
+ {Decision::ALLOW, 8, 8, DEFAULT_LABEL},
+ {Decision::CHECK, 9991, 9991, DEFAULT_LABEL},
+ {Decision::CHECK, 9992, 9992, DEFAULT_LABEL},
+ {Decision::CHECK, 9993, 9993, DEFAULT_LABEL},
+ {Decision::CHECK, 888, 888, PRIVILEGED_LABEL}
+};
+
+const uid_t bus_owner = 500;
+
+const std::vector<AccessTest> session_tests = {
+ {Decision::ALLOW, 500, 500, DEFAULT_LABEL}, // allowed implicitly as the bus owner
+ {Decision::ANY, 400, 500, DEFAULT_LABEL},
+ {Decision::ANY, 0, 0, PRIVILEGED_LABEL},
+ {Decision::ANY, 900, 900, DEFAULT_LABEL},
+ {Decision::ALLOW, 600, 600, DEFAULT_LABEL}, // allowed explicitly in policy (user)
+ {Decision::ALLOW, 700, 700, DEFAULT_LABEL}, // allowed explicitly in policy (group)
+ {Decision::DENY, 800, 700, DEFAULT_LABEL} // allow group, deny user
+};
+
+typedef std::pair<std::string, std::vector<AccessTest>> TestBusSetup;
+
+const std::vector<std::pair<TestBusSetup, TestBusSetup>> access_tests{
+ {{"tests/default_deny/system.conf", default_allow_tests}, {"tests/default_deny/session.conf", session_tests}},
+ {{"tests/default_deny/system-au.conf", default_allow_tests}, {}},
+ {{"tests/default_deny/system-ag.conf", default_allow_tests}, {}},
+ {{"tests/default_deny/system-du.conf", default_deny_tests}, {}},
+ {{"tests/default_deny/system-dg.conf", default_deny_tests}, {}}
+};
+
+void print_test(const struct AccessTest* t, bool result) {
+ printf("uid = %lu, gid = %lu, label = %s, expected = %d, result = %d",
+ (unsigned long)t->user, (unsigned long)t->group, t->label, (int)t->expected_result, (int)result);
+}
+
+template <typename DB>
+bool run_tests_for_bus(const DB &db, const BusType bus_type, const std::vector<AccessTest>& test_setup, int& i, bool& passed) {
+
+ for (const auto& test : test_setup) {
+ __internal_init_sup_group(bus_type, test.user, test.group);
+
+ auto *policydb = &policy_checker().getPolicyDb(bus_type);
+
+ const auto &gids = *policydb->getGroups<MatchItemAccess>(test.user, test.group);
+ auto m_item = MatchItemAccess(test.user, gids);
+ auto decision = db.getDecisionItemContextMandatory(m_item).getDecision();
+ if (decision == Decision::ANY)
+ decision = db.getDecisionItemContextDefault(m_item).getDecision();
+ if (decision == Decision::ANY) {
+ if (bus_owner == test.user)
+ decision = Decision::ALLOW;
+
+ }
+ bool res = decision == test.expected_result;
+ if (!res) {
+ printf("[ERROR][%d] access test failed: %s %s ", i, DECISIONS[test.expected_result],
+ DECISIONS[decision]);
+ print_test(&test, res);
+ printf("\n");
+ passed = false;
+ }
+ i++;
+ }
+ return passed;
+}
+
+bool run_policy_db(const std::pair<TestBusSetup, TestBusSetup> access_test) {
+ bool passed = true;
+ int i = 0;
+ const auto& system_bus_setup = access_test.first;
+ const auto& session_bus_setup = access_test.second;
+
+ __internal_init(SYSTEM_BUS, system_bus_setup.first.c_str());
+ if (session_bus_setup.first != "") {
+ __internal_init(SESSION_BUS, session_bus_setup.first.c_str());
+ }
+
+ auto *sys_db = &policy_checker().getPolicyDb(SYSTEM_BUS);
+ auto *ses_db = &policy_checker().getPolicyDb(SESSION_BUS);
+
+ printf("POLICY_DB:\n");
+ return run_tests_for_bus(*sys_db, SYSTEM_BUS, system_bus_setup.second, i, passed) &&
+ run_tests_for_bus(*ses_db, SESSION_BUS, session_bus_setup.second, i, passed);
+}
+
+bool run_fb(const std::pair<TestBusSetup, TestBusSetup> access_test) {
+ bool passed = true;
+ int i = 0;
+ Serializer serializer;
+
+ const auto& system_bus_setup = access_test.first;
+ const auto& session_bus_setup = access_test.second;
+
+ size_t size;
+
+ uint8_t *buff_sys = nullptr, *buff_ses = nullptr;
+ buff_sys = serializer.serialize(system_bus_setup.first.c_str(), size);
+ if (session_bus_setup.first == "")
+ buff_ses = serializer.serialize(session_bus_setup.first.c_str(), size);
+
+ StorageBackendSerialized storage_sys, storage_ses;
+
+ printf("FLATBUFFERS:\n");
+
+ const FB::File *file_sys = FB::GetFile(buff_sys);
+ storage_sys.init(file_sys);
+ bool res = run_tests_for_bus(storage_sys, SYSTEM_BUS, system_bus_setup.second, i, passed);
+
+ if (buff_ses) {
+ const FB::File *file_ses = FB::GetFile(buff_ses);
+ storage_ses.init(file_ses);
+ res &= run_tests_for_bus(storage_ses, SESSION_BUS, session_bus_setup.second, i, passed);
+ }
+ return res;
+}
+
+bool run_xml(const std::pair<TestBusSetup, TestBusSetup> access_test) {
+ (void)access_test;
+ return true;
+}
+
+bool run_tests() {
+ bool passed = true;
+ for (const auto& access_test : access_tests) {
+ printf("f: %s s: %s\n", access_test.first.first.c_str(), access_test.second.first.c_str());
+ passed &= run_policy_db(access_test);
+ passed &= run_fb(access_test);
+ passed &= run_xml(access_test);
+ }
+
+ return passed;
+}
+
+int main() {
+ __internal_init_once();
+ if (!run_tests())
+ return -1;
+ return 0;
+}
--- /dev/null
+
+#include <iostream>
+#include <string>
+#include <map>
+#include <sys/types.h>
+#include <dbuspolicy1/libdbuspolicy1.h>
+#include "internal/internal.h"
+#include "internal/policy.hpp"
+#include "internal/naive_policy_checker.hpp"
+#include "internal/serializer.hpp"
+#include "internal/include/fb_generated.h"
+#include "internal/storage_backend_serialized.hpp"
+#include "internal/storage_backend_xml.hpp"
+
+using namespace ldp_xml_parser;
+using namespace ldp_serialized;
+
+std::map<Decision, const char*> DECISIONS {
+ {Decision::ANY, "ANY" },
+ {Decision::ALLOW, "ALLOW" },
+ {Decision::DENY, "DENY" },
+ {Decision::CHECK, "CHECK" }
+};
+
+enum MessageDirection {
+ RECEIVE,
+ SEND
+};
+
+struct MethodTest {
+ Decision expected_result;
+ uid_t user;
+ gid_t group;
+ const char* label;
+ const char* name;
+ const char* path;
+ const char* interface;
+ const char* member;
+ MessageType type;
+ MessageDirection recv_send;
+};
+
+/**
+ * This test set tests ability to parse xml db
+ * and check method call allowance in many use cases
+ */
+
+struct MethodTest method_tests[]={
+ (struct MethodTest){Decision::ALLOW, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
+ (struct MethodTest){Decision::ALLOW, 0, 0, "test", "org.test.test3", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
+
+ (struct MethodTest){Decision::ALLOW, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
+ (struct MethodTest){Decision::ALLOW, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
+
+ (struct MethodTest){Decision::DENY, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
+ (struct MethodTest){Decision::ALLOW, 0, 0, "test", "org.test.test3", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
+
+ (struct MethodTest){Decision::DENY, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::SEND },
+ (struct MethodTest){Decision::DENY, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest1", "DontDoIt", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
+
+ (struct MethodTest){Decision::ALLOW, 0, 0, "test", "test.te34.fg4 a.b.c.d.e org.test.test2", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
+ (struct MethodTest){Decision::DENY, 0, 0, "test", "test.te34.fg4 a.b.c.d.e", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
+ (struct MethodTest){Decision::ALLOW, 0, 0, "test", "org.test.test3", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
+
+ (struct MethodTest){Decision::ALLOW, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
+ (struct MethodTest){Decision::DENY, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest1", "NotKnown", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
+
+ (struct MethodTest){Decision::DENY, 0, 0, "test", "org.test.test2", NULL, "org.test.Itest2", "NotKnown", MessageType::METHOD_CALL, MessageDirection::SEND },
+ (struct MethodTest){Decision::ALLOW, 5001, 100, "test", "org.test.test3", NULL, "org.test.Itest2", "NotKnown", MessageType::METHOD_CALL, MessageDirection::RECEIVE },
+};
+
+void methodTest_print(const struct MethodTest* t, Decision result) {
+ printf("uid = %lu, gid = %lu, label = %s, name = %s, path = %s, interface = %s, member = %s, expected = %s, result = %s (type=%d)",
+ (unsigned long)t->user, (unsigned long)t->group, t->label, t->name, t->path, t->interface, t->member, DECISIONS[t->expected_result], DECISIONS[result], (int)t->recv_send);
+}
+
+template <typename DB, typename T>
+Decision get_decision(DB &db, const MethodTest &test) {
+ DecisionItem ret;
+
+ T m_item = T(test.interface, test.member, test.path, test.type);
+ m_item.addNames(test.name);
+
+ ret = db.getDecisionItemContextMandatory(m_item);
+ if (ret.getDecision() == Decision::ANY) {
+ ret = db.getDecisionItemUser(test.user, m_item);
+ }
+ if (ret.getDecision() == Decision::ANY) {
+ ret = db.getDecisionItemGroup(test.group, m_item);
+ }
+ if (ret.getDecision() == Decision::ANY) {
+ ret = db.getDecisionItemContextDefault(m_item);
+ }
+ return ret.getDecision();
+}
+
+template <typename DB>
+bool method_test(DB &db) {
+ unsigned int i = 0;
+ bool flag = true;
+ Decision decision;
+
+ for (const auto& test : method_tests) {
+ if (test.recv_send == MessageDirection::SEND) {
+ decision = get_decision<DB, MatchItemSend>(db, test);
+ } else {
+ decision = get_decision<DB, MatchItemReceive>(db, test);
+ }
+
+ bool res = decision == test.expected_result;
+ if (!res) {
+ printf("[ERROR][%d] method test failed: %s %s ", i++, DECISIONS[test.expected_result],
+ DECISIONS[decision]);
+ methodTest_print(&test, decision);
+ printf("\n");
+ flag = false;
+ }
+ }
+ return flag;
+}
+
+bool run_policy_db() {
+ __internal_init(SYSTEM_BUS, "tests/default_allow/system.conf");
+ auto &db = policy_checker().getPolicyDb(SYSTEM_BUS);
+ printf("POLICY_DB:\n");
+ return method_test(db);
+}
+
+bool run_fb() {
+ Serializer serializer;
+
+ size_t size;
+ uint8_t *buff = serializer.serialize("tests/default_allow/system.conf", size);
+ const FB::File *file = FB::GetFile(buff);
+
+ StorageBackendSerialized storage;
+ storage.init(file);
+ printf("FLATBUFFERS:\n");
+ bool ret = method_test(storage);
+ return ret;
+}
+
+bool run_xml() {
+ // This will be filled in the future
+ return true;
+}
+
+bool run_tests() {
+ return run_policy_db() && run_fb() && run_xml();
+}
+
+int main() {
+ __internal_init_once();
+ if (!run_tests())
+ return -1;
+return 0;
+}
--- /dev/null
+#include <string>
+#include <map>
+#include <dbuspolicy1/libdbuspolicy1.h>
+#include "internal/naive_policy_checker.hpp"
+#include "internal/policy.hpp"
+#include "internal/internal.h"
+#include "internal/serializer.hpp"
+#include "internal/include/fb_generated.h"
+#include "internal/storage_backend_serialized.hpp"
+#include "internal/storage_backend_xml.hpp"
+
+using namespace ldp_xml_parser;
+using namespace ldp_serialized;
+
+struct OwnershipTest {
+ Decision expected_result;
+ uid_t user;
+ gid_t group;
+ const char* label;
+ const char* service;
+};
+
+std::map<Decision, const char*> DECISIONS {
+ { Decision::ANY, "ANY" },
+ { Decision::ALLOW, "ALLOW" },
+ { Decision::DENY, "DENY" },
+ { Decision::CHECK, "CHECK" }
+};
+
+const int ROOT = 0;
+const int GUEST = 9999;
+const int GUEST1 = 9991;
+const int GUEST2 = 9992;
+const int GUEST12 = 9993;
+
+/**
+ * This test set tests ability to parse xml db
+ * and check ownership privilege in many use cases
+ * including prefix feature
+ */
+struct OwnershipTest ownership_tests[]={
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.ldpo.a" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.ldpoga" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.ldpogd" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.ldposa" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.ldpo.any_suffix" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.ldpnotexistent" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.ldponotexistent" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.z" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.zz" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.aa" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.aaa" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a1" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a1.b" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a1.b1" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a1.c" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.b" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.b.c" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.b.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.c" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.c.c" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.c.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.zz" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.bsth" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.bsthelse" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.z.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.z" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.e" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.esth" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.ee" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.e.z" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.e.z.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c.d.e.f" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.z.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.e" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.esth" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.ee" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.e.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.e.z.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.e.f" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c1.d.e.f.g" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d.z" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.dd" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d.e" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d.e.f" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d.e.f.z" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c2.d.e.fsth" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.z.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.z" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.e" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.esth" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.ee" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.e.z" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.e.z.z" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.e.f" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.b.c3.d.e.f.g" },
+ {Decision::DENY, ROOT, ROOT, "User::Shell", "org.tizen.a.c" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.c.z" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.d" },
+ {Decision::ALLOW, ROOT, ROOT, "User::Shell", "org.tizen.a.d.z" },
+ {Decision::CHECK, ROOT, ROOT, "User::Shell", "org.tizen.pok" },
+ {Decision::CHECK, ROOT, ROOT, "User::Shell", "org.tizen.pnope" },
+ {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok" },
+ {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pnope" },
+ {Decision::ALLOW, GUEST, GUEST, "User::Shell", "org.tizen.pok1" },
+ {Decision::ALLOW, GUEST, GUEST, "User::Shell", "org.tizen.pok1.z" },
+ {Decision::DENY, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a" },
+ {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b1" },
+ {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b1.z" },
+ {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b2" },
+ {Decision::DENY, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b2.z" },
+ {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b3" },
+ {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b3.z" },
+ {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b4" },
+ {Decision::DENY, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a.b4.z" },
+ {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a1" },
+ {Decision::CHECK, GUEST, GUEST, "User::Shell", "org.tizen.pok1.a1.z" },
+ {Decision::CHECK, GUEST1, GUEST1, "User::Shell", "org.tizen.pok2" },
+ {Decision::CHECK, GUEST2, GUEST2, "User::Shell", "org.tizen.pok2" },
+ {Decision::CHECK, GUEST12, GUEST12, "User::Shell", "org.tizen.pok2" },
+ {Decision::DENY, GUEST1, GUEST1, "User::Shell", "org.tizen.pok2.a" },
+ {Decision::DENY, GUEST2, GUEST2, "User::Shell", "org.tizen.pok2.a" },
+ {Decision::DENY, GUEST12, GUEST12, "User::Shell", "org.tizen.pok2.a" },
+ {Decision::CHECK, GUEST1, GUEST1, "User::Shell", "org.tizen.pok2.a.b" },
+ {Decision::CHECK, GUEST2, GUEST2, "User::Shell", "org.tizen.pok2.a.b" },
+ {Decision::CHECK, GUEST12, GUEST12, "User::Shell", "org.tizen.pok2.a.b" }
+};
+
+void ownershipTest_print(const struct OwnershipTest* t, Decision result) {
+ printf("uid = %lu, gid = %lu, label = %s, service = %s, expected = %s, result = %s",
+ (unsigned long)t->user, (unsigned long)t->group, t->label, t->service, DECISIONS[t->expected_result], DECISIONS[result]);
+}
+
+template <typename DB>
+bool ownership_test(const DB &db) {
+ unsigned i = 0;
+ bool flag = true;
+
+ for (auto const &test : ownership_tests) {
+ auto m_item = MatchItemOwn(test.service);
+
+ auto ret = db.getDecisionItemContextMandatory(m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemUser(test.user, m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemGroup(test.group, m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemContextDefault(m_item);
+
+ auto decision = ret.getDecision();
+ if (decision != test.expected_result) {
+ printf("[ERROR][%d] ownership test failed: %s %s ", i, DECISIONS[test.expected_result], DECISIONS[decision]);
+ ownershipTest_print(&test, decision);
+ printf("\n");
+ flag = false;
+ }
+ }
+ return flag;
+}
+
+bool run_policy_db() {
+ __internal_init(SYSTEM_BUS, "tests/default_deny/system.conf");
+ auto &db = policy_checker().getPolicyDb(SYSTEM_BUS);
+ printf("POLICY_DB:\n");
+ return ownership_test(db);
+}
+
+bool run_fb() {
+ Serializer serializer;
+ size_t size;
+ uint8_t *buff = serializer.serialize("tests/default_deny/system.conf", size);
+
+ const FB::File *file = FB::GetFile(buff);
+ StorageBackendSerialized storage;
+ storage.init(file);
+
+ printf("FRAMEBUFFERS:\n");
+ return ownership_test(storage);
+}
+
+bool run_xml() {
+ return true;
+}
+
+bool run_tests() {
+ return run_policy_db() && run_fb() && run_xml();
+}
+
+int main() {
+ __internal_init_once();
+ if (!run_tests())
+ return -1;
+return 0;
+}
--- /dev/null
+#include <iostream>
+#include <string>
+#include <map>
+#include <sys/types.h>
+#include <dbuspolicy1/libdbuspolicy1.h>
+#include "internal/internal.h"
+#include "internal/policy.hpp"
+#include "internal/naive_policy_checker.hpp"
+#include "internal/serializer.hpp"
+#include "internal/include/fb_generated.h"
+#include "internal/storage_backend_serialized.hpp"
+#include "internal/storage_backend_serialized.hpp"
+
+using namespace ldp_xml_parser;
+using namespace ldp_serialized;
+
+struct OwnershipTest {
+ Decision expected_result;
+ uid_t user;
+ gid_t group;
+ const char* label;
+ const char* service;
+};
+
+std::map<Decision, const char*> DECISIONS {
+ { Decision::ANY, "ANY" },
+ { Decision::ALLOW, "ALLOW" },
+ { Decision::DENY, "DENY" },
+ { Decision::CHECK, "CHECK" }
+};
+
+/**
+ * This test set tests ability to parse xml db
+ * and check ownership privilege in many use cases
+ * including prefix feature
+ */
+struct OwnershipTest ownership_tests[]={
+ (struct OwnershipTest){Decision::ALLOW, 0, 0, "test", "org.test.test1" },
+ (struct OwnershipTest){Decision::ALLOW, 5009, 0, "test", "org.test.test1" },
+
+ (struct OwnershipTest){Decision::DENY, 0, 0, "test", "org.test.test2" },
+ (struct OwnershipTest){Decision::DENY, 5009, 0, "test", "org.test.test2" },
+
+ (struct OwnershipTest){Decision::DENY, 0, 0, "test", "org.test.test3" },
+ (struct OwnershipTest){Decision::DENY, 5009, 0, "test", "org.test.test3" },
+
+ (struct OwnershipTest){Decision::DENY, 0, 0, "test", "org.test.test4" },
+ (struct OwnershipTest){Decision::ALLOW, 5009, 0, "test", "org.test.test4" },
+
+ (struct OwnershipTest){Decision::DENY, 0, 0, "test", "org.test.test5" },
+
+ (struct OwnershipTest){Decision::ALLOW, 0, 0, "test", "org.test.test6" },
+
+ (struct OwnershipTest){Decision::ALLOW, 0, 0, "test", "org.test.test7" },
+
+ (struct OwnershipTest){Decision::ALLOW, 0, 0, "test", "a.b.c" },
+ (struct OwnershipTest){Decision::ALLOW, 0, 0, "test", "a.b" },
+ (struct OwnershipTest){Decision::DENY, 0, 0, "test", "c" },
+ (struct OwnershipTest){Decision::DENY, 0, 0, "test", "a.c" },
+ (struct OwnershipTest){Decision::DENY, 0, 0, "test", "b.c" },
+
+ (struct OwnershipTest){Decision::ALLOW, 1000, 0, "test", "org.test.testX" },
+ (struct OwnershipTest){Decision::ALLOW, 1000, 0, "test", "org.test.testY" }
+};
+
+void ownershipTest_print(const struct OwnershipTest* t, const Decision result) {
+ printf("uid = %lu, gid = %lu, label = %s, service = %s, expected = %s, result = %s",
+ (unsigned long)t->user, (unsigned long)t->group, t->label, t->service, DECISIONS[t->expected_result], DECISIONS[result]);
+}
+
+template <typename DB>
+bool ownership_test(const DB &db) {
+ unsigned i = 0;
+ bool flag = true;
+ for (const auto& test : ownership_tests) {
+ auto m_item = MatchItemOwn(test.service);
+
+ auto ret = db.getDecisionItemContextMandatory(m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemUser(test.user, m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemGroup(test.group, m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemContextDefault(m_item);
+
+ auto decision = ret.getDecision();
+
+ if (decision != test.expected_result) {
+ printf("[ERROR][%d] ownership test failed: %s %s ", i, DECISIONS[test.expected_result],
+ DECISIONS[decision]);
+ ownershipTest_print(&test, decision);
+ printf("\n");
+ flag = false;
+ }
+ }
+ return flag;
+}
+
+bool run_policy_db() {
+ __internal_init(SYSTEM_BUS, "tests/default_allow/system.conf");
+ auto &db = policy_checker().getPolicyDb(SYSTEM_BUS);
+ printf("POLICY DB:\n");
+ return ownership_test(db);
+}
+
+bool run_fb() {
+ Serializer serializer;
+ size_t size;
+ uint8_t *buff = serializer.serialize("tests/default_allow/system.conf", size);
+ const FB::File *file = FB::GetFile(buff);
+
+ StorageBackendSerialized storage;
+ storage.init(file);
+ printf("FLATBUFFERS:\n");
+ return ownership_test(storage);
+}
+
+bool run_xml() {
+ // This will be filled in the future
+ return true;
+}
+
+bool run_tests() {
+ return run_policy_db() && run_fb() && run_xml();
+}
+
+int main() {
+ __internal_init_once();
+ if (!run_tests())
+ return -1;
+return 0;
+}
--- /dev/null
+#include <iostream>
+#include <string>
+#include <map>
+#include <sys/types.h>
+#include <dbuspolicy1/libdbuspolicy1.h>
+#include "internal/internal.h"
+#include "internal/policy.hpp"
+#include "internal/naive_policy_checker.hpp"
+#include "internal/serializer.hpp"
+#include "internal/include/fb_generated.h"
+#include "internal/storage_backend_serialized.hpp"
+#include "internal/storage_backend_serialized.hpp"
+
+using namespace ldp_xml_parser;
+using namespace ldp_serialized;
+
+std::map<Decision, const char*> DECISIONS {
+ { Decision::ANY, "ANY" },
+ { Decision::ALLOW, "ALLOW" },
+ { Decision::DENY, "DENY" },
+ { Decision::CHECK, "CHECK" }
+};
+
+struct Test {
+ Decision expected_result;
+ uid_t user;
+ gid_t group;
+ const char *label;
+ const char *destination;
+ const char *path;
+ const char *interface;
+ const char *member;
+ ldp_xml_parser::MessageType type;
+};
+
+const int ROOT = 0;
+
+#define TC(expected_result, names) \
+ {(expected_result), ROOT, ROOT, "User::Shell", (names), "/", "a.b", "d", ldp_xml_parser::MessageType::METHOD_CALL}
+
+/**
+ * This test set tests ability to parse xml db
+ * and check sending privilege in use cases
+ * checking send_destination_prefix
+ */
+struct Test tests[]={
+ /* straight-forward tests - base allow */
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.f.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.apf"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.apf.f.f.f.f"),
+ /* multiple names owned */
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.ap.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.f org.tizen.test.dest_prefix.ao"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.ap.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.f org.tizen.test.dest_prefix.do"),
+ /* target holes in default allow */
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.1.d"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.1.dp"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f org.tizen.test.dest_prefix.ao"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f org.tizen.test.dest_prefix.ap"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f"),
+ /* target holes in holes in default allow */
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.1.d.ap"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.1.d.ap.f.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.1.dp.ap"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.1.dp.ap.f.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.1.dp.a"),
+ /* check redefinitions in default allow */
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.dp"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.d"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.a"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.f.a"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.2.apxdp.f.f.f.ap"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.2.apxdp.f.f.f.ap.f.f.f"),
+ /* totally cancelling previous definitions in default allow */
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.f.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.f.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.ap"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.ap.f.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.a"),
+ /* straight-forward tests - base deny */
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.f.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dpf"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dpf.f.f.f.f"),
+ /* multiple names owned */
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.dp.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.f org.tizen.test.dest_prefix.do"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.dp.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.f org.tizen.test.dest_prefix.ao"),
+ /* target holes in default deny */
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.1.a"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.1.ap"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f org.tizen.test.dest_prefix.do"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f org.tizen.test.dest_prefix.dp"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f"),
+ /* target holes in holes in default demy */
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.1.a.dp"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.1.a.dp.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.1.ap.dp"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.1.ap.dp.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.1.ap.d"),
+ /* check redefinitions in default deny */
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.ap"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.f.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.f.f.f.f"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.a"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.d"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.f.d"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.dp"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.dp.f.f.f"),
+ /* totally cancelling previous definitions in default deny */
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.dp"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.dp.f.f.f.f"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.d"),
+ /* checking order in multiple names case */
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.do"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.ao.ao org.tizen.test.dest_prefix.do"),
+ TC(Decision::DENY, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.ao"),
+ TC(Decision::ALLOW, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.ao.ao"),
+};
+
+void test_print(const struct Test* t, Decision result) {
+ printf("uid = %lu, gid = %lu, label = %s, destination = %s, expected = %s, result = %s",
+ (unsigned long)t->user, (unsigned long)t->group, t->label, t->destination, DECISIONS[t->expected_result], DECISIONS[result]);
+}
+
+template <typename DB>
+bool send_prefix_test(const DB &db)
+{
+ unsigned i = 0;
+ bool flag = true;
+
+ for (const auto &test : tests) {
+ MatchItemSend m_item(test.interface, test.member, test.path, test.type);
+ m_item.addNames(test.destination);
+
+ auto ret = db.getDecisionItemContextMandatory(m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemUser(test.user, m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemGroup(test.group, m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemContextDefault(m_item);
+
+ auto decision = ret.getDecision();
+
+ if (test.expected_result != decision) {
+ printf("[ERROR][%d] test failed: %s %s ", i, DECISIONS[test.expected_result], DECISIONS[decision]);
+ test_print(&test, decision);
+ printf("\n");
+ flag = false;
+ }
+ }
+ return flag;
+}
+
+bool run_policy_db() {
+ __internal_init(SYSTEM_BUS, "tests/default_deny/system.conf");
+ auto &db = policy_checker().getPolicyDb(SYSTEM_BUS);
+ printf("POLICY_DB:\n");
+ return send_prefix_test(db);
+}
+
+bool run_fb() {
+ Serializer serializer;
+ size_t size;
+ uint8_t *buff = serializer.serialize("tests/default_deny/system.conf", size);
+
+ const FB::File *file = FB::GetFile(buff);
+
+ StorageBackendSerialized storage;
+ storage.init(file);
+
+ printf("FLATBUFFERS:\n");
+ return send_prefix_test(storage);
+}
+
+bool run_xml() {
+ return true;
+}
+
+bool run_tests() {
+ return run_policy_db() && run_fb() && run_xml();
+}
+
+int main()
+{
+ __internal_init_once();
+ if (!run_tests())
+ return -1;
+ return 0;
+}
--- /dev/null
+#include <iostream>
+#include <string>
+#include <map>
+#include <sys/types.h>
+#include <dbuspolicy1/libdbuspolicy1.h>
+#include "internal/internal.h"
+#include "internal/policy.hpp"
+#include "internal/naive_policy_checker.hpp"
+#include "internal/serializer.hpp"
+#include "internal/include/fb_generated.h"
+#include "internal/storage_backend_serialized.hpp"
+#include "internal/storage_backend_serialized.hpp"
+
+using namespace ldp_xml_parser;
+using namespace ldp_serialized;
+
+struct SignalTest {
+ Decision expected_result;
+ uid_t user;
+ gid_t group;
+ const char* label;
+ const char* dest;
+ const char* interface;
+};
+
+std::map<Decision, const char*> DECISIONS {
+ { Decision::ANY, "ANY" },
+ { Decision::ALLOW, "ALLOW" },
+ { Decision::DENY, "DENY" },
+ { Decision::CHECK, "CHECK" }
+};
+
+/**
+ * This test set tests ability to parse xml db
+ * and check signal call allowance in many use cases
+ */
+struct SignalTest signal_tests[]={
+ (struct SignalTest){Decision::ALLOW, 0, 0, "test", "bli.bla.blubb test.test1 test.tes3", "/an/object/path"},
+ (struct SignalTest){Decision::DENY, 5010, 0, "test", "bli.bla.blubb", "/an/object/path"},
+};
+
+void signalTest_print(const struct SignalTest* t, Decision result) {
+ printf("uid = %lu, gid = %lu, label = %s, dest = %s, interface = %s, expected = %s, result = %s",
+ (unsigned long)t->user, (unsigned long)t->group, t->label, t->dest, t->interface, DECISIONS[t->expected_result], DECISIONS[result]);
+}
+
+template <typename DB>
+bool signal_test(const DB &db) {
+ unsigned i = 0;
+ bool flag = true;
+ for (const auto &test : signal_tests) {
+ MatchItemSend m_item(test.interface, NULL, NULL, ldp_xml_parser::MessageType::SIGNAL);
+ m_item.addNames(test.dest);
+
+ auto ret = db.getDecisionItemContextMandatory(m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemUser(test.user, m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemGroup(test.group, m_item);
+
+ if (ret.getDecision() == Decision::ANY)
+ ret = db.getDecisionItemContextDefault(m_item);
+
+ auto decision = ret.getDecision();
+
+ if (test.expected_result != decision) {
+ printf("[ERROR][%d] signal test failed: %s %s ", i, DECISIONS[test.expected_result], DECISIONS[decision]);
+ signalTest_print(&test, decision);
+ printf("\n");
+ flag = false;
+ }
+ }
+ return flag;
+}
+
+bool run_policy_db() {
+ __internal_init(SYSTEM_BUS, "tests/default_allow/system.conf");
+ auto &db = policy_checker().getPolicyDb(SYSTEM_BUS);
+
+ printf("POLICY_DB:\n");
+ return signal_test(db);
+}
+
+bool run_fb() {
+ Serializer serializer;
+ size_t size;
+ uint8_t *buff = serializer.serialize("tests/default_allow/system.conf", size);
+
+ const FB::File *file = FB::GetFile(buff);
+
+ StorageBackendSerialized storage;
+ storage.init(file);
+
+ printf("FLATBUFFERS:\n");
+ return signal_test(storage);
+}
+
+bool run_xml() {
+ return true;
+}
+
+bool run_tests() {
+ return run_policy_db() && run_fb() && run_xml();
+}
+
+int main() {
+ __internal_init_once();
+ if (!run_tests())
+ return -1;
+return 0;
+}
projects / platform / core / system / libdbuspolicy.git / commitdiff