tests for send_destination_prefix

author Adrian Szyndela <adrian.s@samsung.com>

Fri, 7 Dec 2018 12:54:36 +0000 (13:54 +0100)

committer Adrian Szyndela <adrian.s@samsung.com>

Thu, 3 Jan 2019 14:11:29 +0000 (15:11 +0100)
author Adrian Szyndela <adrian.s@samsung.com>
Fri, 7 Dec 2018 12:54:36 +0000 (13:54 +0100)
committer Adrian Szyndela <adrian.s@samsung.com>
Thu, 3 Jan 2019 14:11:29 +0000 (15:11 +0100)
diff --git a/Makefile.am b/Makefile.am

index e7b63a1..35c5d37 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -83,7 +83,8 @@ TESTS = src/test-libdbuspolicy1-ownership \
         src/test-libdbuspolicy1-ownership-deny \
         src/test-libdbuspolicy1-signal \
         src/test-libdbuspolicy1-method \
-       src/test-libdbuspolicy1-access-deny
+       src/test-libdbuspolicy1-access-deny \
+       src/test-libdbuspolicy1-send_destination_prefix-deny
  
  check_PROGRAMS = $(TESTS)
  
@@ -92,6 +93,7 @@ src_test_libdbuspolicy1_ownership_deny_SOURCES = src/test-libdbuspolicy1-ownersh
  src_test_libdbuspolicy1_signal_SOURCES = src/test-libdbuspolicy1-signal.cpp
  src_test_libdbuspolicy1_method_SOURCES = src/test-libdbuspolicy1-method.cpp
  src_test_libdbuspolicy1_access_deny_SOURCES = src/test-libdbuspolicy1-access-deny.cpp
+src_test_libdbuspolicy1_send_destination_prefix_deny_SOURCES = src/test-libdbuspolicy1-send_destination_prefix-deny.cpp
  
  noinst_LTLIBRARIES = src/libinternal.a
  src_libinternal_a_SOURCES =\
@@ -109,6 +111,7 @@ src_test_libdbuspolicy1_ownership_deny_LDADD = $(TESTS_LDADD)
  src_test_libdbuspolicy1_signal_LDADD = $(TESTS_LDADD)
  src_test_libdbuspolicy1_method_LDADD = $(TESTS_LDADD)
  src_test_libdbuspolicy1_access_deny_LDADD = $(TESTS_LDADD)
+src_test_libdbuspolicy1_send_destination_prefix_deny_LDADD = $(TESTS_LDADD)
  
  if ENABLE_STANDALONE_TESTS
  noinst_LTLIBRARIES += src/libinternalfortests.a
diff --git a/src/test-libdbuspolicy1-send_destination_prefix-deny.cpp b/src/test-libdbuspolicy1-send_destination_prefix-deny.cpp

new file mode 100644 (file)

index 0000000..c2d5a45
--- /dev/null
+++ b/src/test-libdbuspolicy1-send_destination_prefix-deny.cpp
@@ -0,0 +1,164 @@
+#include <string>
+#include <dbuspolicy1/libdbuspolicy1.h>
+#include "internal/internal.h"
+#include "internal/policy.hpp"
+#include "libdbuspolicy1-private.h"
+
+struct Test {
+       bool expected_result;
+       uid_t user;
+       gid_t group;
+       const char *label;
+       const char *destination;
+       const char *path;
+       const char *interface;
+       const char *member;
+       ldp_xml_parser::MessageType type;
+};
+
+const int ROOT = 0;
+
+#define TC(expected_result, names) \
+       {(expected_result), ROOT, ROOT, "User::Shell", (names), "/", "a.b", "d", ldp_xml_parser::MessageType::METHOD_CALL}
+
+/**
+ * This test set tests ability to parse xml db
+ * and check sending privilege in use cases
+ * checking send_destination_prefix
+ */
+struct Test tests[]={
+       /* straight-forward tests - base allow */
+       TC(true, "org.tizen.test.dest_prefix.ap"),
+       TC(true, "org.tizen.test.dest_prefix.ap.f.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.apf"),
+       TC(false, "org.tizen.test.dest_prefix.apf.f.f.f.f"),
+       /* multiple names owned */
+       TC(true, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.ap.f"),
+       TC(true, "org.tizen.test.dest_prefix.ap.f org.tizen.test.dest_prefix.ao"),
+       TC(false, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.ap.f"),
+       TC(false, "org.tizen.test.dest_prefix.ap.f org.tizen.test.dest_prefix.do"),
+       /* target holes in default allow */
+       TC(false, "org.tizen.test.dest_prefix.ap.1.d"),
+       TC(false, "org.tizen.test.dest_prefix.ap.1.dp"),
+       TC(false, "org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f org.tizen.test.dest_prefix.ao"),
+       TC(false, "org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f org.tizen.test.dest_prefix.ap"),
+       TC(false, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.ap org.tizen.test.dest_prefix.ap.1.dp.f.f.f.f"),
+       /* target holes in holes in default allow */
+       TC(true, "org.tizen.test.dest_prefix.ap.1.d.ap"),
+       TC(true, "org.tizen.test.dest_prefix.ap.1.d.ap.f.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.ap.1.dp.ap"),
+       TC(true, "org.tizen.test.dest_prefix.ap.1.dp.ap.f.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.ap.1.dp.a"),
+       /* check redefinitions in default allow */
+       TC(false, "org.tizen.test.dest_prefix.ap.2.apxdp"),
+       TC(false, "org.tizen.test.dest_prefix.ap.2.apxdp.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.ap.2.apxdp.dp"),
+       TC(false, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap"),
+       TC(false, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.d"),
+       TC(true, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.a"),
+       TC(true, "org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.f.a"),
+       TC(true, "org.tizen.test.dest_prefix.ap.2.apxdp.f.f.f.ap"),
+       TC(true, "org.tizen.test.dest_prefix.ap.2.apxdp.f.f.f.ap.f.f.f"),
+       /* totally cancelling previous definitions in default allow */
+       TC(true, "org.tizen.test.dest_prefix.ap.3.dpxap"),
+       TC(true, "org.tizen.test.dest_prefix.ap.3.dpxap.f.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.ap.3.dpxap.ap"),
+       TC(true, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp"),
+       TC(true, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.f.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.ap"),
+       TC(true, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.ap.f.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.a"),
+       /* straight-forward tests - base deny */
+       TC(false, "org.tizen.test.dest_prefix.dp"),
+       TC(false, "org.tizen.test.dest_prefix.dp.f.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.dpf"),
+       TC(false, "org.tizen.test.dest_prefix.dpf.f.f.f.f"),
+       /* multiple names owned */
+       TC(false, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.dp.f"),
+       TC(false, "org.tizen.test.dest_prefix.dp.f org.tizen.test.dest_prefix.do"),
+       TC(false, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.dp.f"),
+       TC(false, "org.tizen.test.dest_prefix.dp.f org.tizen.test.dest_prefix.ao"),
+       /* target holes in default deny */
+       TC(true, "org.tizen.test.dest_prefix.dp.1.a"),
+       TC(true, "org.tizen.test.dest_prefix.dp.1.ap"),
+       TC(true, "org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f org.tizen.test.dest_prefix.do"),
+       TC(true, "org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f org.tizen.test.dest_prefix.dp"),
+       TC(true, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.dp org.tizen.test.dest_prefix.dp.1.ap.f.f.f.f"),
+       /* target holes in holes in default demy */
+       TC(false, "org.tizen.test.dest_prefix.dp.1.a.dp"),
+       TC(false, "org.tizen.test.dest_prefix.dp.1.a.dp.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.dp.1.ap.dp"),
+       TC(false, "org.tizen.test.dest_prefix.dp.1.ap.dp.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.dp.1.ap.d"),
+       /* check redefinitions in default deny */
+       TC(true, "org.tizen.test.dest_prefix.dp.2.dpxap"),
+       TC(true, "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.dp.2.dpxap.ap"),
+       TC(true, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.f.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp"),
+       TC(true, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.f.f.f.f"),
+       TC(true, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.a"),
+       TC(false, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.d"),
+       TC(false, "org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.f.d"),
+       TC(false, "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.dp"),
+       TC(false, "org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.dp.f.f.f"),
+       /* totally cancelling previous definitions in default deny */
+       TC(false, "org.tizen.test.dest_prefix.dp.3.apxdp"),
+       TC(false, "org.tizen.test.dest_prefix.dp.3.apxdp.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.dp.3.apxdp.dp"),
+       TC(false, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap"),
+       TC(false, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.dp"),
+       TC(false, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.dp.f.f.f.f"),
+       TC(false, "org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.d"),
+       /* checking order in multiple names case */
+       TC(false, "org.tizen.test.dest_prefix.ao org.tizen.test.dest_prefix.do"),
+       TC(true, "org.tizen.test.dest_prefix.ao.ao org.tizen.test.dest_prefix.do"),
+       TC(false, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.ao"),
+       TC(true, "org.tizen.test.dest_prefix.do org.tizen.test.dest_prefix.ao.ao"),
+};
+
+void test_print(struct Test* t, bool result) {
+       printf("uid = %lu, gid = %lu, label = %s, destination = %s, expected = %d, result = %d",
+                  (unsigned long)t->user, (unsigned long)t->group, t->label, t->destination, (int)t->expected_result, (int)result);
+}
+
+bool test()
+{
+       unsigned  i = 0;
+       bool flag = true;
+       bool ret = true;
+
+       __internal_init(false, "tests/default_deny/system.conf");
+
+       for (i = 0; i < sizeof(tests)/sizeof(struct Test); i++) {
+               ret = __internal_can_send(SYSTEM_BUS, tests[i].user,
+                               tests[i].group, tests[i].label, tests[i].destination,
+                               tests[i].path, tests[i].interface, tests[i].member,
+                               (int)tests[i].type);
+
+               if (tests[i].expected_result != ret) {
+                       printf("[ERROR][%d] test failed: %d %d ", i, (int)((tests[i].expected_result)), ret);
+                       test_print(&tests[i], ret);
+                       printf("\n");
+                       flag = false;
+               }
+       }
+       return flag;
+}
+
+int main()
+{
+       __internal_init_once();
+       if (!test())
+               return -1;
+       return 0;
+}
diff --git a/tests/default_deny/system.d/send_destination_prefix.test.conf b/tests/default_deny/system.d/send_destination_prefix.test.conf

new file mode 100644 (file)

index 0000000..b0496d5
--- /dev/null
+++ b/tests/default_deny/system.d/send_destination_prefix.test.conf
@@ -0,0 +1,99 @@
+<!DOCTYPE busconfig PUBLIC
+          "-//tizen//DTD D-BUS Bus Configuration 1.0//EN"
+          "http://www.tizen.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <policy user="root">
+    <!-- org.tizen.test.dest_prefix as a base for testing names -->
+    <allow own_prefix="org.tizen.test.dest_prefix"/>
+
+       <!-- abbreviations:
+       a - allow
+       d - deny
+       p - prefix
+       o - other
+       n - no_prefix
+       f - filler, no meaning, just for longer names
+       x - it's a trap!
+       -->
+       <!-- base allow -->
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.ap"/>
+
+       <!-- a neighbour for base allow -->
+       <allow send_destination="org.tizen.test.dest_prefix.ao"/>
+
+       <!-- cut out some part of allowed space -->
+       <deny send_destination="org.tizen.test.dest_prefix.ap.1.d"/>
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.ap.1.dp"/>
+
+       <!-- punch holes in the cutout -->
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.ap.1.d.ap"/>
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.ap.1.dp.ap"/>
+       <allow send_destination="org.tizen.test.dest_prefix.ap.1.dp.a"/>
+
+       <!-- define something but redefine other way -->
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.ap.2.apxdp"/>
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.ap.2.apxdp.dp"/>
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap"/>
+       <deny send_destination="org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.d"/>
+       <!-- redefine -->
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.ap.2.apxdp"/>
+       <allow send_destination="org.tizen.test.dest_prefix.ap.2.apxdp.dp.a"/>
+       <allow send_destination="org.tizen.test.dest_prefix.ap.2.apxdp.dp.ap.f.a"/>
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.ap.2.apxdp.f.f.f.ap"/>
+
+       <!-- make something complicated but allow it at the end -->
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.ap.3.dpxap"/>
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.ap.3.dpxap.ap"/>
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp"/>
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.ap"/>
+       <allow send_destination="org.tizen.test.dest_prefix.ap.3.dpxap.ap.dp.a"/>
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.ap.3.dpxap"/>
+
+       <!-- base deny -->
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.dp"/>
+
+       <!-- a neighbour for base deny -->
+       <deny send_destination="org.tizen.test.dest_prefix.do"/>
+       <allow send_destination="org.tizen.test.dest_prefix.ao.ao"/>
+
+       <!-- cut out some part of allowed space -->
+       <allow send_destination="org.tizen.test.dest_prefix.dp.1.a"/>
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.dp.1.ap"/>
+
+       <!-- punch holes in the cutout -->
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.dp.1.a.dp"/>
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.dp.1.ap.dp"/>
+       <deny send_destination="org.tizen.test.dest_prefix.dp.1.ap.d"/>
+
+       <!-- define something but redefine other way -->
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.dp.2.dpxap"/>
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.dp.2.dpxap.ap"/>
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp"/>
+       <allow send_destination="org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.a"/>
+       <!-- redefine -->
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.dp.2.dpxap"/>
+       <deny send_destination="org.tizen.test.dest_prefix.dp.2.dpxap.ap.d"/>
+       <deny send_destination="org.tizen.test.dest_prefix.dp.2.dpxap.ap.dp.f.d"/>
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.dp.2.dpxap.f.f.f.dp"/>
+
+       <!-- make something complicated but deny it at the end -->
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.dp.3.apxdp"/>
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.dp.3.apxdp.dp"/>
+       <allow send_destination_prefix="org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap"/>
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.dp"/>
+       <deny send_destination="org.tizen.test.dest_prefix.dp.3.apxdp.dp.ap.d"/>
+       <deny send_destination_prefix="org.tizen.test.dest_prefix.dp.3.apxdp"/>
+
+  </policy>
+
+  <policy context="default">
+    <deny send_destination_prefix="org.tizen.test"/>
+  </policy>
+
+  <policy at_console="true">
+    <!-- just check that it will be never loaded -->
+    <deny send_destination_prefix="org.tizen.test"/>
+  </policy>
+</busconfig>
+<!-- vim: set ft=xml: -->
author	Adrian Szyndela <adrian.s@samsung.com>
	Fri, 7 Dec 2018 12:54:36 +0000 (13:54 +0100)
committer	Adrian Szyndela <adrian.s@samsung.com>
	Thu, 3 Jan 2019 14:11:29 +0000 (15:11 +0100)
Makefile.am		patch \| blob \| history
src/test-libdbuspolicy1-send_destination_prefix-deny.cpp	[new file with mode: 0644]	patch \| blob
tests/default_deny/system.d/send_destination_prefix.test.conf	[new file with mode: 0644]	patch \| blob