#include <tests_common.h>
#include <security-manager.h>
+#include <sm_api.h>
#include <sm_db.h>
+#include <sm_request.h>
#include <cynara_test_client.h>
-DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
+using namespace SecurityManagerTest;
+
DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
static const privileges_t SM_ALLOWED_PRIVILEGES = {
return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
}
-static app_inst_req* do_app_inst_req_new()
-{
- int result;
- app_inst_req *req = nullptr;
-
- result = security_manager_app_inst_req_new(&req);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new request failed. Result: " << result);
- RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory");
- return req;
-}
-
static void prepare_app_path()
{
int result;
ret = setgroups(0, NULL);
RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
- ret = security_manager_set_process_groups_from_appid(app_id);
- RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_groups_from_appid(" <<
- app_id << ") failed. Result: " << ret);
+ Api::setProcessGroups(app_id);
ret = getgroups(0, nullptr);
RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
static void install_app(const char *app_id, const char *pkg_id)
{
- int result;
- AppInstReqUniquePtr request;
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ InstallRequest request;
+ request.setAppId(app_id);
+ request.setPkgId(pkg_id);
- result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ Api::install(request);
check_app_after_install(app_id, pkg_id);
}
-static void uninstall_app(const char *app_id, const char *pkg_id,
- bool expect_installed, bool expect_pkg_removed)
+static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed)
{
- int result;
- AppInstReqUniquePtr request;
- request.reset(do_app_inst_req_new());
+ InstallRequest request;
+ request.setAppId(app_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ Api::uninstall(request);
check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
}
RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
{
- int result;
- AppInstReqUniquePtr request;
const char *const sm_app_id = "sm_test_01_app_id_double";
const char *const sm_pkg_id = "sm_test_01_pkg_id_double";
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), sm_pkg_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing already installed app failed. Result: " << result);
+ Api::install(requestInst);
+ Api::install(requestInst);
/* Check records in the security-manager database */
check_app_after_install(sm_app_id, sm_pkg_id);
- request.reset(do_app_inst_req_new());
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling already uninstalled app failed. Result: " << result);
+ Api::uninstall(requestUninst);
+ Api::uninstall(requestUninst);
/* Check records in the security-manager database */
check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
RUNNER_TEST(security_manager_02_app_install_uninstall_full)
{
- int result;
- AppInstReqUniquePtr request;
const char *const sm_app_id = "sm_test_02_app_id_full";
const char *const sm_pkg_id = "sm_test_02_pkg_id_full";
prepare_app_env();
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), sm_pkg_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+ requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
+ requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
+ requestInst.addPath(SM_PRIVATE_PATH, SECURITY_MANAGER_PATH_PRIVATE);
+ requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
-
- result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
- SECURITY_MANAGER_PATH_PRIVATE);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
-
- result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
- SECURITY_MANAGER_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ Api::install(requestInst);
/* Check records in the security-manager database */
check_app_after_install(sm_app_id, sm_pkg_id,
/* TODO: add parameters to this function */
check_app_path_after_install();
- request.reset(do_app_inst_req_new());
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ Api::uninstall(requestUninst);
/* Check records in the security-manager database,
* all previously allowed privileges should be removed */
CStringPtr labelPtr;
int result;
- uninstall_app(app_id, pkg_id, false, true);
+ uninstall_app(app_id, pkg_id, true);
install_app(app_id, pkg_id);
struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
RUNNER_ASSERT_ERRNO_MSG(result == 0,
"Can't set socket label. Result: " << result);
- result = security_manager_set_process_label_from_appid(app_id);
- RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_label_from_appid(" <<
- app_id << ") failed. Result: " << result);
+ Api::setProcessLabel(app_id);
char value[SMACK_LABEL_LEN + 1];
ssize_t size;
" Process label is incorrect. Expected: \"" << expected_label <<
"\" Actual: \"" << label << "\"");
- uninstall_app(app_id, pkg_id, true, true);
+ uninstall_app(app_id, pkg_id, true);
}
RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
{
const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack";
const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack";
- int result;
- uninstall_app(app_id, pkg_id, false, true);
+ uninstall_app(app_id, pkg_id, true);
install_app(app_id, pkg_id);
- result = security_manager_set_process_label_from_appid(app_id);
- RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_label_from_appid(" <<
- app_id << ") failed. Result: " << result);
+ Api::setProcessLabel(app_id);
- uninstall_app(app_id, pkg_id, true, true);
+ uninstall_app(app_id, pkg_id, true);
}
-static void prepare_request(AppInstReqUniquePtr &request,
+static void prepare_request(InstallRequest &request,
const char *const app_id,
const char *const pkg_id,
app_install_path_type pathType,
const char *const path,
uid_t uid)
{
- int result;
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
+ request.setAppId(app_id);
+ request.setPkgId(pkg_id);
+ request.addPath(path, pathType);
- result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
-
- if (uid != 0) {
- result = security_manager_app_inst_req_set_uid(request.get(), uid);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "security_manager_app_inst_req_set_uid failed. Result: " << result);
- }
+ if (uid != 0)
+ request.setUid(uid);
}
}
-static void install_and_check(AppInstReqUniquePtr &request,
- const char *const sm_app_id,
+static void install_and_check(const char *const sm_app_id,
const char *const sm_pkg_id,
const std::string &user, uid_t uid)
{
- int result;
+ InstallRequest requestPublic;
+
//install app for non-root user and try to register public path (should fail)
- prepare_request(request, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER, uid);
+ prepare_request(requestPublic, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER, uid);
+
+ Api::install(requestPublic, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- "installing app not failed. Result: " << result);
+ InstallRequest requestPrivate;
//install app for non-root user
//should fail (users may only register folders inside their home)
- prepare_request(request, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid);
+ prepare_request(requestPrivate, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid);
+
+ Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+
+ InstallRequest requestPrivateUser;
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- "installing app not failed. Result: " << result);
//install app for non-root user
//should succeed - this time i register folder inside user's home dir
- prepare_request(request, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER, uid);
+ prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER, uid);
- for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
- result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
- }
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ for (auto &privilege : SM_ALLOWED_PRIVILEGES)
+ requestPrivateUser.addPrivilege(privilege.c_str());
+
+ Api::install(requestPrivateUser);
check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
}
RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
{
int result;
- AppInstReqUniquePtr request;
const char *const sm_app_id = "sm_test_04a_app_id_uid";
const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- install_and_check(request, sm_app_id, sm_pkg_id, user, 0);
+ install_and_check(sm_app_id, sm_pkg_id, user, 0);
//uninstall app as non-root user
- request.reset(do_app_inst_req_new());
+ InstallRequest request;
+ request.setAppId(sm_app_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ Api::uninstall(request);
check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
}
RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
{
int result;
- AppInstReqUniquePtr request;
const char *const sm_app_id = "sm_test_04b_app_id_uid";
const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
struct passwd *pw = get_app_pw();
const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
- install_and_check(request, sm_app_id, sm_pkg_id, user, pw->pw_uid);
+ install_and_check(sm_app_id, sm_pkg_id, user, pw->pw_uid);
//switch user to non-root - root may not uninstall apps for specified users
result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
//uninstall app as non-root user
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ InstallRequest request;
+ request.setAppId(sm_app_id);
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ Api::uninstall(request);
check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
}
RUNNER_ASSERT_MSG(result == 0,
"can't set capabilities. Result: " << result);
- result = security_manager_drop_process_privileges();
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "dropping caps failed. Result: " << result);
+ Api::dropProcessPrivileges();
caps.reset(cap_get_proc());
RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
projects / platform / core / test / security-tests.git / commitdiff