From: Dariusz Michaluk Date: Mon, 19 Dec 2016 13:19:10 +0000 (+0100) Subject: [Unit tests] Add test for src/common/include/smack-labels.h X-Git-Tag: submit/tizen/20170123.035947~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=01ddb7724ea91fb617a48959e93d4adbb7ef42ee;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git [Unit tests] Add test for src/common/include/smack-labels.h Change-Id: I2cfdf300490509c77a6b65e11abf0b13aa4f951b --- diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index c88e2bde..f190cf69 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -42,6 +42,7 @@ SET(SM_TESTS_SOURCES ${SM_TEST_SRC}/security-manager-tests.cpp ${SM_TEST_SRC}/test_file-lock.cpp ${SM_TEST_SRC}/test_privilege_db.cpp + ${SM_TEST_SRC}/test_smack-labels.cpp ${DPL_PATH}/core/src/assert.cpp ${DPL_PATH}/core/src/colors.cpp ${DPL_PATH}/core/src/errno_string.cpp @@ -54,6 +55,7 @@ SET(SM_TESTS_SOURCES ${DPL_PATH}/log/src/old_style_log_provider.cpp ${PROJECT_SOURCE_DIR}/src/common/file-lock.cpp ${PROJECT_SOURCE_DIR}/src/common/privilege_db.cpp + ${PROJECT_SOURCE_DIR}/src/common/smack-labels.cpp ${PROJECT_SOURCE_DIR}/src/common/tzplatform-config.cpp ) @@ -91,6 +93,7 @@ TARGET_LINK_LIBRARIES(${TARGET_SM_TESTS} ${DLOG_DEP_LIBRARIES} boost_unit_test_framework -ldl + -lcrypt ) -INSTALL(TARGETS ${TARGET_SM_TESTS} DESTINATION ${BIN_INSTALL_DIR}) \ No newline at end of file +INSTALL(TARGETS ${TARGET_SM_TESTS} DESTINATION ${BIN_INSTALL_DIR}) diff --git a/test/test_smack-labels.cpp b/test/test_smack-labels.cpp new file mode 100644 index 00000000..106ed4f6 --- /dev/null +++ b/test/test_smack-labels.cpp @@ -0,0 +1,259 @@ +/* + * Copyright (c) 2016 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file test_smack-labels.cpp + * @author Dariusz Michaluk (d.michaluk@samsung.com) + * @version 1.0 + */ + +#include + +#include +#include +#include +#include +#include + +#include +#include + +using namespace SecurityManager; +using namespace SecurityManager::SmackLabels; + +struct FileFixture +{ + FileFixture() + { + fd = open(path, O_RDONLY | O_CREAT, 0644); + BOOST_REQUIRE_MESSAGE(fd > 0, "Failed to open file: " << path); + } + + ~FileFixture() + { + BOOST_WARN_MESSAGE(close(fd) == 0, "Error while closing the file: " << path); + BOOST_WARN_MESSAGE(unlink(path) == 0, "Error while unlink the file: " << path); + } + + int fd; + const static char* path; +}; + +const char* FileFixture::path = "/tmp/SecurityManagerUTFile"; + +struct DirectoryFixture +{ + DirectoryFixture() + { + int ret = mkdir(directoryPath, S_IRWXU | S_IRWXG | S_IRWXO); + BOOST_REQUIRE_MESSAGE(ret == 0, "Failed to make directory: " << directoryPath); + + ret = mkdir(subdirectoryPath, S_IRWXU | S_IRWXG | S_IRWXO); + BOOST_REQUIRE_MESSAGE(ret == 0, "Failed to make directory: " << subdirectoryPath); + + ret = creat(execPath, 0755); + BOOST_REQUIRE_MESSAGE(ret > 0, "Failed to creat file: " << execPath); + + ret = symlink(execPath, linkPath); + BOOST_REQUIRE_MESSAGE(ret == 0, "Failed to creat symlink: " << linkPath); + } + + ~DirectoryFixture() + { + const std::string command = "rm -rf " + std::string(directoryPath); + int ret = system(command.c_str()); + BOOST_WARN_MESSAGE(ret >= 0, "Failed to remove directory: " << directoryPath); + } + + const static char* directoryPath; + const static char* subdirectoryPath; + const static char* execPath; + const static char* linkPath; + + const std::string getLabel(const char* path, const char* xattr) const; + bool labelNotExist(const char* path, const char* xattr) const; +}; + +const char* DirectoryFixture::directoryPath = "/tmp/SecurityManagerUTDirectory/"; +const char* DirectoryFixture::subdirectoryPath = "/tmp/SecurityManagerUTDirectory/subdirectory"; +const char* DirectoryFixture::execPath = "/tmp/SecurityManagerUTDirectory/exec"; +const char* DirectoryFixture::linkPath = "/tmp/SecurityManagerUTDirectory/subdirectory/link"; + +const std::string DirectoryFixture::getLabel(const char* path, const char* xattr) const +{ + char buffer[SMACK_LABEL_LEN+1] = {}; + + int ret = getxattr(path, xattr, buffer, SMACK_LABEL_LEN+1); + BOOST_REQUIRE_MESSAGE(ret > 0, "Failed to get xattr: " << path); + + return std::string(buffer); +} + +bool DirectoryFixture::labelNotExist(const char* path, const char* xattr) const +{ + char buffer[SMACK_LABEL_LEN+1] = {}; + + int ret = getxattr(path, xattr, buffer, SMACK_LABEL_LEN+1); + + return ret == -1 ? true : false; +} + +BOOST_AUTO_TEST_SUITE(SMACK_LABELS_TEST) + +BOOST_FIXTURE_TEST_CASE(T1010_set_get_smack_label_file, FileFixture) +{ + int invalidFd = -1; + const std::string invalidLabel = ""; + const std::string validLabel = "smack_label"; + const std::string noExistingFilePath = "/tmp/SecurityManagerUTNoExistingFile"; + + BOOST_REQUIRE_THROW(setSmackLabelForFd(invalidFd, validLabel), SmackException::FileError); + BOOST_REQUIRE_THROW(setSmackLabelForFd(fd, invalidLabel), SmackException::FileError); + BOOST_REQUIRE_THROW(getSmackLabelFromFd(invalidFd), SmackException::Base); + BOOST_REQUIRE_THROW(getSmackLabelFromPath(noExistingFilePath), SmackException::Base); + + BOOST_REQUIRE_NO_THROW(setSmackLabelForFd(fd, validLabel)); + BOOST_REQUIRE(getSmackLabelFromFd(fd) == validLabel); + BOOST_REQUIRE(getSmackLabelFromPath(path) == validLabel); +} + +BOOST_AUTO_TEST_CASE(T1020_get_smack_label_process) +{ + pid_t pid = -1; + std::string processLabel, selfLabel; + + BOOST_REQUIRE_THROW(getSmackLabelFromPid(pid), SmackException::Base); + BOOST_REQUIRE_NO_THROW(selfLabel = getSmackLabelFromSelf()); + + pid = getpid(); + BOOST_REQUIRE_NO_THROW(processLabel = getSmackLabelFromPid(pid)); + BOOST_REQUIRE(processLabel == selfLabel); +} + +BOOST_AUTO_TEST_CASE(T1030_generate_smack_label) +{ + const std::string invalidAppName = " "; + const std::string appName = "appNameT1030"; + const std::string invalidPkgName = " "; + const std::string pkgName = "pkgNameT1030"; + const int invalidAuthorId = -1; + const int validAuthorId = 42; + const std::string path = "/usr/apps/" + appName + "/shared/"; + + const std::string processLabel = "User::Pkg::pkgNameT1030"; + BOOST_REQUIRE_THROW(generateProcessLabel(appName, invalidPkgName, false), + SmackException::InvalidLabel); + BOOST_REQUIRE(generateProcessLabel(appName, pkgName, false) == processLabel); + + const std::string processLabelHybrid = "User::Pkg::pkgNameT1030::App::appNameT1030"; + BOOST_REQUIRE_THROW(generateProcessLabel(appName, invalidPkgName, true), + SmackException::InvalidLabel); + BOOST_REQUIRE_THROW(generateProcessLabel(invalidAppName, pkgName, true), + SmackException::InvalidLabel); + BOOST_REQUIRE_THROW(generateProcessLabel(invalidAppName, invalidPkgName, true), + SmackException::InvalidLabel); + BOOST_REQUIRE(generateProcessLabel(appName, pkgName, true) == processLabelHybrid); + + const std::string pathSharedROLabel = "User::Pkg::pkgNameT1030::SharedRO"; + BOOST_REQUIRE_THROW(generatePathSharedROLabel(invalidPkgName), SmackException::InvalidLabel); + BOOST_REQUIRE(generatePathSharedROLabel(pkgName) == pathSharedROLabel); + + const std::string pathRWLabel = "User::Pkg::pkgNameT1030"; + BOOST_REQUIRE_THROW(generatePathRWLabel(invalidPkgName), SmackException::InvalidLabel); + BOOST_REQUIRE(generatePathRWLabel(pkgName) == pathRWLabel); + + const std::string pathROLabel = "User::Pkg::pkgNameT1030::RO"; + BOOST_REQUIRE_THROW(generatePathROLabel(invalidPkgName), SmackException::InvalidLabel); + BOOST_REQUIRE(generatePathROLabel(pkgName) == pathROLabel); + + const std::string sharedPrivateLabel = "User::Pkg::$1$pkgNameT$j2QeZi5Xvx67DnPfPtwSF."; + BOOST_REQUIRE(generateSharedPrivateLabel(pkgName, path) == sharedPrivateLabel); + + const std::string pathTrustedLabel = "User::Author::42"; + BOOST_REQUIRE_THROW(generatePathTrustedLabel(invalidAuthorId), SmackException::InvalidLabel); + BOOST_REQUIRE(generatePathTrustedLabel(validAuthorId) == pathTrustedLabel); +} + +BOOST_AUTO_TEST_CASE(T1040_generate_app_pkg_name_from_label) +{ + std::string app, pkg; + const std::string appName = "appNameT1040"; + const std::string pkgName = "pkgNameT1040"; + + std::string invalidLabel = "Admin::Pkg::pkgNameT1040"; + BOOST_REQUIRE_THROW(generateAppPkgNameFromLabel(invalidLabel, app, pkg), + SmackException::InvalidLabel); + + invalidLabel = generateProcessLabel(appName, "", false); + BOOST_REQUIRE_THROW(generateAppPkgNameFromLabel(invalidLabel, app, pkg), + SmackException::InvalidLabel); + + std::string validLabel = generateProcessLabel(appName, pkgName, true); + BOOST_REQUIRE_NO_THROW(generateAppPkgNameFromLabel(validLabel, app, pkg)); + BOOST_REQUIRE(pkg == pkgName); + BOOST_REQUIRE(app == appName); + + validLabel = generateProcessLabel(appName, pkgName, false); + BOOST_REQUIRE_NO_THROW(generateAppPkgNameFromLabel(validLabel, app, pkg)); + BOOST_REQUIRE(pkg == pkgName); + BOOST_REQUIRE(app.empty()); +} + +BOOST_FIXTURE_TEST_CASE(T1050_setup_path_rw, DirectoryFixture) +{ + const std::string pkgName = "pkgNameT1050"; + const std::string noExistingDirectoryPath = "/tmp/SecurityManagerUTNoExistingDirectory/"; + const int invalidAuthorId = -1; + + BOOST_REQUIRE_THROW(setupPath(pkgName, directoryPath, static_cast(-1)), + SmackException::InvalidPathType); + BOOST_REQUIRE_THROW(setupPath(pkgName, directoryPath, SECURITY_MANAGER_PATH_TRUSTED_RW, invalidAuthorId), + SmackException::InvalidParam); + BOOST_REQUIRE_THROW(setupPath(pkgName, noExistingDirectoryPath, SECURITY_MANAGER_PATH_RW), + SmackException::FileError); + + BOOST_REQUIRE_NO_THROW(setupPath(pkgName, directoryPath, SECURITY_MANAGER_PATH_RW)); + const std::string pathRWLabel = generatePathRWLabel(pkgName); + + BOOST_REQUIRE(pathRWLabel == getLabel(directoryPath, XATTR_NAME_SMACK)); + BOOST_REQUIRE(pathRWLabel == getLabel(subdirectoryPath, XATTR_NAME_SMACK)); + BOOST_REQUIRE(pathRWLabel == getLabel(linkPath, XATTR_NAME_SMACK)); + BOOST_REQUIRE(pathRWLabel == getLabel(execPath, XATTR_NAME_SMACK)); + + BOOST_REQUIRE("TRUE" == getLabel(directoryPath, XATTR_NAME_SMACKTRANSMUTE)); + BOOST_REQUIRE("TRUE" == getLabel(subdirectoryPath, XATTR_NAME_SMACKTRANSMUTE)); + + BOOST_REQUIRE(labelNotExist(execPath, XATTR_NAME_SMACKEXEC)); +} + +BOOST_FIXTURE_TEST_CASE(T1060_setup_path_ro, DirectoryFixture) +{ + const std::string pkgName = "pkgNameT1060"; + + BOOST_REQUIRE_NO_THROW(setupPath(pkgName, directoryPath, SECURITY_MANAGER_PATH_RO)); + const std::string pathROLabel = generatePathROLabel(pkgName); + + BOOST_REQUIRE(pathROLabel == getLabel(directoryPath, XATTR_NAME_SMACK)); + BOOST_REQUIRE(pathROLabel == getLabel(subdirectoryPath, XATTR_NAME_SMACK)); + BOOST_REQUIRE(pathROLabel == getLabel(linkPath, XATTR_NAME_SMACK)); + BOOST_REQUIRE(pathROLabel == getLabel(execPath, XATTR_NAME_SMACK)); + + BOOST_REQUIRE(labelNotExist(directoryPath, XATTR_NAME_SMACKTRANSMUTE)); + BOOST_REQUIRE(labelNotExist(subdirectoryPath, XATTR_NAME_SMACKTRANSMUTE)); + BOOST_REQUIRE(labelNotExist(execPath, XATTR_NAME_SMACKEXEC)); +} + +BOOST_AUTO_TEST_SUITE_END()