#include <tzplatform_config.h>
#include <security-manager.h>
+#include <access_provider.h>
#include <dpl/log/log.h>
#include <dpl/test/test_runner.h>
#include <libprivilege-control_test_common.h>
+#include <passwd_access.h>
#include <tests_common.h>
#include <sm_api.h>
#include <sm_db.h>
#include <sm_sharing_request.h>
#include <sm_user_request.h>
#include <app_install_helper.h>
+#include <synchronization_pipe.h>
#include <temp_test_user.h>
+#include <uds.h>
#include <cynara_test_client.h>
#include <cynara_test_admin.h>
#include <service_manager.h>
Api::install(app, SECURITY_MANAGER_ERROR_INPUT_PARAM);
}
+class ProcessCredentials {
+public:
+ ProcessCredentials(const std::string &smackLabel) : m_label(smackLabel) {}
+
+ const std::string &label(void) const {
+ return m_label;
+ }
+
+ uid_t uid(void) const {
+ return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
+ }
+
+ gid_t gid(void) const {
+ return PasswdAccess::gid("users");
+ }
+
+private:
+ std::string m_label;
+};
+
+pid_t runInChild(const std::function<void(void)> &process) {
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
+
+ if (pid == 0) {
+ process();
+ exit(EXIT_SUCCESS);
+ }
+
+ return pid;
+}
+
+void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
+ const struct ProcessCredentials &peerCredentials) {
+ SecurityServer::AccessProvider ap(peerCredentials.label());
+ ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
+ pipe.claimChildEp();
+
+ int sock = UDSHelpers::createServer(&sockaddr);
+ SockUniquePtr sockPtr(&sock);
+ pipe.post();
+ int clientSock = UDSHelpers::acceptClient(sock);
+
+ UDSHelpers::waitForDisconnect(clientSock);
+}
+
+typedef std::function<void(int sock, pid_t pid)> SocketAssertionFn;
+
+void clientTestTemplate(SocketAssertionFn assertion, const std::string &scope, const std::string &smackLabel) {
+ const auto sockaddr = UDSHelpers::makeAbstractAddress("test_sm_" + scope + ".socket");
+ const ProcessCredentials peerCredentials(smackLabel);
+
+ SynchronizationPipe pipe;
+
+ pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
+ std::cref(peerCredentials)));
+
+ pipe.claimParentEp();
+ pipe.wait();
+ int sock = UDSHelpers::createClient(&sockaddr);
+ SockUniquePtr sockPtr(&sock);
+
+ assertion(sock, pid);
+}
+
+RUNNER_CHILD_TEST(security_manager_45a_get_id_by_socket)
+{
+ const char *const sm_app_id = "sm_test_45a_app";
+ const char *const sm_pkg_id = "sm_test_45a_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateAppLabel(sm_app_id);
+
+ clientTestTemplate([&] (int sock, pid_t) {
+ std::string rcvPkgId, rcvAppId;
+ Api::getPkgIdBySocket(sock, &rcvPkgId, &rcvAppId);
+ RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
+ << "; expected = " << sm_pkg_id);
+ RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
+ << "; expected = " << sm_app_id);
+ }, "tcsm27a", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_45b_get_id_by_socket)
+{
+ const char *const sm_app_id = "sm_test_45b_app";
+ const char *const sm_pkg_id = "sm_test_45b_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateAppLabel(sm_app_id);
+
+ clientTestTemplate([&] (int sock, pid_t) {
+ std::string rcvPkgId, rcvAppId;
+ Api::getPkgIdBySocket(sock + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
+ }, "tcsm27b", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_45c_get_id_by_socket)
+{
+ const char *const sm_app_id = "sm_test_45c_app";
+ const char *const sm_pkg_id = "sm_test_45c_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateAppLabel(sm_app_id);
+
+ clientTestTemplate([&] (int sock, pid_t) {
+ std::string rcvPkgId;
+ Api::getPkgIdBySocket(sock, &rcvPkgId, nullptr);
+ RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
+ << "; expected = " << sm_pkg_id);
+ }, "tcsm27c", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_45d_get_id_by_socket)
+{
+ const char *const sm_app_id = "sm_test_45d_app";
+ const char *const sm_pkg_id = "sm_test_45d_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateAppLabel(sm_app_id);
+
+ clientTestTemplate([&] (int sock, pid_t) {
+ std::string rcvAppId;
+ Api::getPkgIdBySocket(sock, nullptr, &rcvAppId);
+ RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
+ << "; expected = " << sm_app_id);
+ }, "tcsm27d", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_45e_get_id_by_socket)
+{
+ const char *const sm_app_id = "sm_test_45e_app";
+ const char *const sm_pkg_id = "sm_test_45e_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateAppLabel(sm_app_id);
+
+ clientTestTemplate([&] (int sock, pid_t) {
+ Api::getPkgIdBySocket(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
+ }, "tcsm27e", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_46a_get_id_by_pid)
+{
+ const char *const sm_app_id = "sm_test_46a_app";
+ const char *const sm_pkg_id = "sm_test_46a_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateAppLabel(sm_app_id);
+
+ clientTestTemplate([&] (int, pid_t pid) {
+ std::string rcvPkgId, rcvAppId;
+ Api::getPkgIdByPid(pid, &rcvPkgId, &rcvAppId);
+ RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
+ << "; expected = " << sm_pkg_id);
+ RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
+ << "; expected = " << sm_app_id);
+ }, "tcsm28a", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_46b_get_id_by_pid)
+{
+ const char *const sm_app_id = "sm_test_46b_app";
+ const char *const sm_pkg_id = "sm_test_46b_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateAppLabel(sm_app_id);
+
+ clientTestTemplate([&] (int, pid_t pid) {
+ std::string rcvPkgId, rcvAppId;
+ Api::getPkgIdByPid(pid + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
+ }, "tcsm28b", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_46c_get_id_by_pid)
+{
+ const char *const sm_app_id = "sm_test_46c_app";
+ const char *const sm_pkg_id = "sm_test_46c_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateAppLabel(sm_app_id);
+
+ clientTestTemplate([&] (int, pid_t pid) {
+ std::string rcvPkgId;
+ Api::getPkgIdByPid(pid, &rcvPkgId, nullptr);
+ RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
+ << "; expected = " << sm_pkg_id);
+ }, "tcsm28c", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_46d_get_id_by_pid)
+{
+ const char *const sm_app_id = "sm_test_46d_app";
+ const char *const sm_pkg_id = "sm_test_46d_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateAppLabel(sm_app_id);
+
+ clientTestTemplate([&] (int, pid_t pid) {
+ std::string rcvAppId;
+ Api::getPkgIdByPid(pid, nullptr, &rcvAppId);
+ RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
+ << "; expected = " << sm_app_id);
+ }, "tcsm28d", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
+RUNNER_CHILD_TEST(security_manager_46e_get_id_by_pid)
+{
+ const char *const sm_app_id = "sm_test_46e_app";
+ const char *const sm_pkg_id = "sm_test_46e_pkg";
+
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ std::string smackLabel = generateAppLabel(sm_app_id);
+
+ clientTestTemplate([&] (int sock, pid_t) {
+ Api::getPkgIdByPid(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
+ }, "tcsm28e", smackLabel);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+}
+
int main(int argc, char *argv[])
{
return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
projects / platform / core / test / security-tests.git / commitdiff