} else { //child process
pipe.claimChildEp();
pipe.wait();
- //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
struct passwd *pw = getUserStruct(username);
+ std::string uidStr = std::to_string(pw->pw_uid);
register_current_process_as_privilege_manager(pw->pw_uid);
int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
std::string app = policyEntry.getAppId();
std::string privilege = policyEntry.getPrivilege();
+ RUNNER_ASSERT_MSG(user == uidStr, "Unexpected user: " << user);
+
try {
- struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
- std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
- if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
+ std::set<std::string>::iterator tmp = users2AppsMap.at(username).at(app).find(privilege);
+ if (tmp == users2AppsMap.at(username).at(app).end())
RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
} catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
- } catch (const std::invalid_argument& e) {
- RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
+ RUNNER_FAIL_MSG("Unexpected policy entry: unexpected app: " << policyEntry << ". Exception: " << e.what());
};
};
exit(0);
pipe.wait();
struct passwd *pw = getUserStruct(usernames.at(0));
+ std::string uidStr = std::to_string(pw->pw_uid);
register_current_process_as_privilege_manager(pw->pw_uid);
//change uid to normal user
std::string app = policyEntry.getAppId();
std::string privilege = policyEntry.getPrivilege();
+ RUNNER_ASSERT_MSG(uidStr == user, "Unexpected user: " << user);
+
try {
- struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
- std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
- if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
+ std::set<std::string>::iterator tmp = users2AppsMap.at(usernames.at(0)).at(app).find(privilege);
+ if (tmp == users2AppsMap.at(usernames.at(0)).at(app).end())
RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
} catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
- } catch (const std::invalid_argument& e) {
- RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
+ RUNNER_FAIL_MSG("Unexpected policy entry: app: " << policyEntry << ". Exception: " << e.what());
};
};
exit(0);
pipe.wait();
struct passwd *pw = getUserStruct(usernames.at(1));
- register_current_process_as_privilege_manager(pw->pw_uid, true);
+ uid_t myUid = pw->pw_uid;
+ gid_t myGid = pw->pw_gid;
+ std::string uidStr1 = std::to_string(myUid);
+ pw = getUserStruct(usernames.at(0));
+ std::string uidStr0 = std::to_string(pw->pw_uid);
+ register_current_process_as_privilege_manager(myUid, true);
//change uid to normal user
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ int result = drop_root_privileges(myUid, myGid);
RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
std::vector<PolicyEntry> policyEntries;
//this call should succeed as the calling user is privileged
Api::getPolicy(PolicyEntry(), policyEntries);
std::string app = policyEntry.getAppId();
std::string privilege = policyEntry.getPrivilege();
+ RUNNER_ASSERT_MSG(user == uidStr0 || user == uidStr1, "Unexpected user: " << user);
+
+ std::string uidStrToLook = user == uidStr0 ? usernames.at(0) : usernames.at(1);
+
try {
- struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
- std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
- if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
+ std::set<std::string>::iterator tmp = users2AppsMap.at(uidStrToLook).at(app).find(privilege);
+ if (tmp == users2AppsMap.at(uidStrToLook).at(app).end())
RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
} catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
+ RUNNER_FAIL_MSG("Unexpected policy entry: unexpected app: " << policyEntry << ". Exception: " << e.what());
} catch (const std::invalid_argument& e) {
RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
};
if (pid[1] == 0) { //child #2 process
sync[1].claimChildEp();
sync[1].wait();
- struct passwd *pw_target = getUserStruct(usernames.at(0));
- struct passwd *pw = getUserStruct(usernames.at(1));
- register_current_process_as_privilege_manager(pw->pw_uid);
+
+ struct passwd *pw = getUserStruct(usernames.at(0));
+ uid_t target_uid = pw->pw_uid;
+ pw = getUserStruct(usernames.at(1));
+ uid_t my_uid = pw->pw_uid;
+ gid_t my_gid = pw->pw_gid;
+
+ register_current_process_as_privilege_manager(my_uid);
//change uid to normal user
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ int result = drop_root_privileges(my_uid, my_gid);
RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
PolicyEntry filter = PolicyEntry(
SECURITY_MANAGER_ANY,
- std::to_string(pw_target->pw_uid),
+ std::to_string(target_uid),
SECURITY_MANAGER_ANY
);
//U2 requests contents of U1 privacy manager - should fail
- Api::getPolicyForSelf(filter, policyEntries);
+ Api::getPolicyForSelf(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED);
RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty, but is " << policyEntries.size());
filter = PolicyEntry(
sync[1].claimParentEp();
std::vector<TemporaryTestUser> users = {
TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
- TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
+ TemporaryTestUser(usernames.at(1), GUM_USERTYPE_NORMAL, false)
};
users.at(0).create();