--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file change-smack.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#include <sys/smack.h>
+
+#include <tests_common.h>
+
+#include <process-settings/change-smack.h>
+
+namespace ProcessSettings {
+
+ChangeSmack::ChangeSmack(const Policy &policy)
+ : m_policy(policy)
+{}
+
+void ChangeSmack::Apply() {
+ char *my_label = nullptr;
+
+ RUNNER_ASSERT(-1 != smack_new_label_from_self(&my_label));
+
+ if (my_label)
+ m_originalLabel = my_label;
+
+ free(my_label);
+
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_policy.GetSmackLabel().c_str()),
+ "Error in smack_set_label_for_self(" << m_policy.GetSmackLabel() << ")");
+}
+
+void ChangeSmack::Revoke() {
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_originalLabel.c_str()),
+ "Error in smack_set_label_for_self(" << m_originalLabel << ")");
+}
+
+ChangeSmack::~ChangeSmack() {}
+
+} // namespace ProcessSettings
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file change-smack.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#pragma once
+
+#include <string>
+
+#include <process-settings/policy.h>
+
+namespace ProcessSettings {
+
+class ChangeSmack {
+public:
+ ChangeSmack(const Policy &policy);
+ void Apply();
+ void Revoke();
+ virtual ~ChangeSmack();
+private:
+ const Policy &m_policy;
+ std::string m_originalLabel;
+};
+
+} // namespace ProcessSettings
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file change-uid.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#include <unistd.h>
+
+#include <tests_common.h>
+
+#include <process-settings/change-uid.h>
+
+namespace ProcessSettings {
+
+ChangeUid::ChangeUid(const Policy &policy)
+ : m_policy(policy)
+{}
+
+void ChangeUid::Apply() {
+ m_originalUid = getuid();
+ m_originalGid = getgid();
+
+ RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_policy.GetGid()),
+ "Error in setegid(" << m_policy.GetGid() << ")");
+ RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_policy.GetUid()),
+ "Error in seteuid(" << m_policy.GetUid() << ")");
+}
+
+void ChangeUid::Revoke() {
+ RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_originalUid),
+ "Error in seteuid(" << m_originalUid << ")");
+ RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_originalGid),
+ "Error in setegid(" << m_originalGid << ")");
+}
+
+ChangeUid::~ChangeUid() {}
+
+} // namespace ProcessSettings
+
+
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file change-uid.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#pragma once
+
+#include <sys/types.h>
+
+#include <process-settings/policy.h>
+
+namespace ProcessSettings {
+
+class ChangeUid {
+public:
+ ChangeUid(const Policy &policy);
+
+ void Apply();
+ void Revoke();
+
+ virtual ~ChangeUid();
+private:
+ const Policy &m_policy;
+ uid_t m_originalUid;
+ gid_t m_originalGid;
+};
+
+} // namespace ProcessSettings
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file create-user.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+
+#include <glib-object.h>
+#include <common/gum-user-types.h>
+
+#include <tests_common.h>
+
+#include <process-settings/create-user.h>
+
+namespace ProcessSettings {
+
+CreateUser::CreateUser(Policy &policy)
+ : m_policy(policy)
+ , m_userType(GUM_USERTYPE_NORMAL)
+ , m_guser(nullptr)
+{}
+
+void CreateUser::Apply()
+{
+ m_userName = m_policy.GetUserName();
+ m_guser = gum_user_create_sync(false);
+ RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object");
+ g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL);
+ g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL);
+ gboolean added = gum_user_add_sync(m_guser);
+ RUNNER_ASSERT_MSG(added, "Failed to add user");
+ g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL);
+ RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0.");
+ g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL);
+ RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0.");
+
+ m_policy.SetUid(m_uid);
+ m_policy.SetGid(m_gid);
+}
+
+void CreateUser::Revoke() {
+ if (m_guser) {
+ gum_user_delete_sync(m_guser, TRUE);
+ g_object_unref(m_guser);
+ m_guser = nullptr;
+ }
+}
+
+CreateUser::~CreateUser(){
+ if (m_guser)
+ g_object_unref(m_guser);
+}
+
+} // namespace ProcessSettings
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file create-user.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#pragma once
+
+#include <sys/types.h>
+#include <gum-user.h>
+#include <common/gum-user-types.h>
+
+#include <string>
+
+#include <process-settings/policy.h>
+
+namespace ProcessSettings {
+
+class CreateUser {
+public:
+ CreateUser(Policy &policy);
+ void Apply();
+ void Revoke();
+ virtual ~CreateUser();
+private:
+ Policy &m_policy;
+ uid_t m_uid;
+ gid_t m_gid;
+ std::string m_userName;
+ GumUserType m_userType;
+ GumUser *m_guser;
+};
+
+} // namespace ProcessSettings
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file executor.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#pragma once
+
+#include <stdlib.h>
+
+#include <iostream>
+
+#include <dpl/test/test_exception.h>
+
+#include <process-settings/policy.h>
+
+namespace ProcessSettings {
+
+template <typename PolicyArg, typename... Args>
+class Executor : public PolicyArg, public Args... {
+public:
+ template <typename... T>
+ Executor(T&&... t)
+ : PolicyArg(std::forward<T>(t)...)
+ , Args(static_cast<Policy&>(*this))...
+ , m_applied(false)
+ {}
+
+ void Apply() {
+ if (!m_applied)
+ InternalApply<Args...>();
+ m_applied = true;
+ }
+
+ void Revoke() {
+ if (m_applied)
+ InternalRevoke<Args...>();
+ m_applied = false;
+ }
+
+ virtual ~Executor() {
+ try {
+ Revoke();
+ } catch (const DPL::Test::TestException &e) {
+ // This is bad. The rest of test will not work properly!
+ std::cerr << "Error during cleaning up environment. "
+ "The rest of test will probably fail." << e.GetMessage() << std::endl;
+ }
+ }
+
+private:
+
+ template <typename First>
+ void InternalApply() {
+ First::Apply();
+ }
+
+ template <typename First, typename Second, typename... Rest>
+ void InternalApply() {
+ First::Apply();
+ InternalApply<Second, Rest...>();
+ }
+
+ template <typename First>
+ void InternalRevoke() {
+ First::Revoke();
+ }
+
+ template <typename First, typename Second, typename... Rest>
+ void InternalRevoke() {
+ InternalRevoke<Second, Rest...>();
+ First::Revoke();
+ }
+
+ bool m_applied;
+};
+
+} // namespace ProcessSetings
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file install-app.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#include <security-manager.h>
+
+#include <tests_common.h>
+
+#include <process-settings/install-app.h>
+
+#define ERRORDESCRIBE(name) case name: return #name
+
+namespace {
+
+const char *ToString(int code) {
+ switch(static_cast<lib_retcode>(code)) {
+ ERRORDESCRIBE(SECURITY_MANAGER_SUCCESS);
+ ERRORDESCRIBE(SECURITY_MANAGER_ERROR_UNKNOWN);
+ ERRORDESCRIBE(SECURITY_MANAGER_ERROR_INPUT_PARAM);
+ ERRORDESCRIBE(SECURITY_MANAGER_ERROR_MEMORY);
+ ERRORDESCRIBE(SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
+ ERRORDESCRIBE(SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ ERRORDESCRIBE(SECURITY_MANAGER_ERROR_ACCESS_DENIED);
+ default:
+ return "Unknown code";
+ }
+}
+
+} // namespace anonymous
+
+#undef ERRORDESCRIBE
+
+namespace ProcessSettings {
+
+InstallApp::InstallApp(const Policy &policy)
+ : m_policy(policy)
+ , m_req(nullptr, security_manager_app_inst_req_free)
+{}
+
+void InstallApp::Apply() {
+ app_inst_req *whatever = nullptr;
+
+ int retcode = security_manager_app_inst_req_new(&whatever);
+ RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
+ "Error in security_manager_app_inst_req_new. Error: " << ToString(retcode));
+
+ m_req.reset(whatever);
+
+ retcode = security_manager_app_inst_req_set_app_id(m_req.get(), m_policy.GetAppId().c_str());
+ RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
+ "Error in security_manager_app_inst_req_set_app_id. Error: " << ToString(retcode));
+
+ retcode = security_manager_app_inst_req_set_pkg_id(m_req.get(), m_policy.GetPkgId().c_str());
+ RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
+ "Error in security_manager_app_inst_req_set_pkg_id. Error: " << ToString(retcode));
+
+ for(auto &e : m_policy.GetPrivileges()) {
+ retcode = security_manager_app_inst_req_add_privilege(m_req.get(), e.c_str());
+ RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
+ "Error in security_manager_app_inst_req_add_privilege. Error: " << ToString(retcode));
+ }
+
+ retcode = security_manager_app_inst_req_set_uid(m_req.get(), m_policy.GetUid());
+ RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
+ "Error in security_manager_app_inst_req_set_uid. Error: " << ToString(retcode));
+
+ retcode = security_manager_app_install(m_req.get());
+ RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
+ "Error in security_manager_app_install. Error: " << ToString(retcode));
+}
+
+void InstallApp::Revoke() {
+ int retcode = security_manager_app_uninstall(m_req.get());
+ RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
+ "Error in security_manager_app_uninstall. Error: " << ToString(retcode));
+}
+
+InstallApp::~InstallApp() {}
+
+} // ProcessSettings
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file install-app.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+
+
+#pragma once
+
+#include <memory>
+#include <functional>
+
+#include <process-settings/policy.h>
+
+extern "C" {
+struct app_inst_req;
+typedef struct app_inst_req app_inst_req;
+} // extern "C"
+
+namespace ProcessSettings {
+
+class InstallApp {
+public:
+ InstallApp(const Policy &policy);
+
+ void Apply();
+ void Revoke();
+
+ virtual ~InstallApp();
+private:
+ const Policy &m_policy;
+ std::unique_ptr<app_inst_req, std::function<void(app_inst_req*)>> m_req;
+};
+
+} // namespace ProcessSettings
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file policy.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#pragma once
+
+#include <sys/types.h>
+
+#include <string>
+#include <vector>
+
+namespace ProcessSettings {
+typedef std::vector<std::string> PrivilegeVector;
+
+class Policy {
+public:
+ virtual std::string GetUserName() const = 0;
+ virtual void SetUserName(std::string) = 0;
+ virtual gid_t GetGid() const = 0;
+ virtual void SetGid(gid_t) = 0;
+ virtual uid_t GetUid() const = 0;
+ virtual void SetUid(uid_t) = 0;
+ virtual std::string GetSmackLabel() const = 0;
+ virtual void SetSmackLabel(std::string) = 0;
+ virtual std::string GetAppId() const = 0;
+ virtual void SetAppId(std::string) = 0;
+ virtual std::string GetPkgId() const = 0;
+ virtual void SetPkgId(std::string) = 0;
+ virtual PrivilegeVector GetPrivileges() const = 0;
+ virtual void SetPrivileges(PrivilegeVector) = 0;
+ virtual ~Policy() {}
+};
+
+} // namespace ProcessSettings
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file unlock-ckm.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#include <ckm/ckm-control.h>
+
+#include <tests_common.h>
+
+#include <process-settings/unlock-ckm.h>
+
+namespace ProcessSettings {
+
+UnlockCkm::UnlockCkm(const Policy &policy)
+ : m_policy(policy)
+{}
+
+void UnlockCkm::Apply() {
+ int temp;
+
+ m_uid = m_policy.GetUid();
+
+ auto control = CKM::Control::create();
+
+ // Let's clean up environment.
+ // It will usually fails.
+ control->removeUserData(m_uid);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(m_uid, "DummyPassword")),
+ "Error=" << CKM::ErrorToString(temp));
+
+}
+
+void UnlockCkm::Revoke() {
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(m_uid)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+UnlockCkm::~UnlockCkm() {}
+
+} // namespace ProcessSettings
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file unlock-ckm.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#pragma once
+
+#include <sys/types.h>
+
+#include <string>
+
+#include <process-settings/policy.h>
+
+namespace ProcessSettings {
+
+class UnlockCkm {
+public:
+ UnlockCkm(const Policy &policy);
+ void Apply();
+ void Revoke();
+ virtual ~UnlockCkm();
+private:
+ const Policy &m_policy;
+ uid_t m_uid;
+};
+
+} // namespace ProcessSettings
+
+
projects / platform / core / test / security-tests.git / commitdiff