From: Marcin Niesluchowski Date: Wed, 10 Dec 2014 16:53:03 +0000 (+0100) Subject: Make security-manager tests use their common wrappers X-Git-Tag: security-manager_5.5_testing~109^2~53 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0de26accaa7a87e7947a3bc589f16c745fd18702;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Make security-manager tests use their common wrappers Change-Id: I0d2e83cc18d675a14b0cc812493171ae01ec634c --- diff --git a/tests/security-manager-tests/security_manager_tests.cpp b/tests/security-manager-tests/security_manager_tests.cpp index fba16fdf..b1fbb065 100644 --- a/tests/security-manager-tests/security_manager_tests.cpp +++ b/tests/security-manager-tests/security_manager_tests.cpp @@ -19,10 +19,13 @@ #include #include +#include #include +#include #include -DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr); +using namespace SecurityManagerTest; + DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr); static const privileges_t SM_ALLOWED_PRIVILEGES = { @@ -112,18 +115,6 @@ static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct st return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false); } -static app_inst_req* do_app_inst_req_new() -{ - int result; - app_inst_req *req = nullptr; - - result = security_manager_app_inst_req_new(&req); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "creation of new request failed. Result: " << result); - RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory"); - return req; -} - static void prepare_app_path() { int result; @@ -187,10 +178,7 @@ static void check_app_gids(const char *const app_id, const std::vector &a ret = setgroups(0, NULL); RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups"); - ret = security_manager_set_process_groups_from_appid(app_id); - RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, - "security_manager_set_process_groups_from_appid(" << - app_id << ") failed. Result: " << ret); + Api::setProcessGroups(app_id); ret = getgroups(0, nullptr); RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups"); @@ -264,40 +252,22 @@ static void check_app_after_uninstall(const char *const app_id, const char *cons static void install_app(const char *app_id, const char *pkg_id) { - int result; - AppInstReqUniquePtr request; - request.reset(do_app_inst_req_new()); - - result = security_manager_app_inst_req_set_app_id(request.get(), app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); + InstallRequest request; + request.setAppId(app_id); + request.setPkgId(pkg_id); - result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting pkg id failed. Result: " << result); - - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing app failed. Result: " << result); + Api::install(request); check_app_after_install(app_id, pkg_id); } -static void uninstall_app(const char *app_id, const char *pkg_id, - bool expect_installed, bool expect_pkg_removed) +static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed) { - int result; - AppInstReqUniquePtr request; - request.reset(do_app_inst_req_new()); + InstallRequest request; + request.setAppId(app_id); - result = security_manager_app_inst_req_set_app_id(request.get(), app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); - - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling app failed. Result: " << result); + Api::uninstall(request); check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed); } @@ -308,45 +278,24 @@ RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER) RUNNER_TEST(security_manager_01_app_double_install_double_uninstall) { - int result; - AppInstReqUniquePtr request; const char *const sm_app_id = "sm_test_01_app_id_double"; const char *const sm_pkg_id = "sm_test_01_pkg_id_double"; - request.reset(do_app_inst_req_new()); - - result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); - - result = security_manager_app_inst_req_set_pkg_id(request.get(), sm_pkg_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting pkg id failed. Result: " << result); - - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing app failed. Result: " << result); + InstallRequest requestInst; + requestInst.setAppId(sm_app_id); + requestInst.setPkgId(sm_pkg_id); - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing already installed app failed. Result: " << result); + Api::install(requestInst); + Api::install(requestInst); /* Check records in the security-manager database */ check_app_after_install(sm_app_id, sm_pkg_id); - request.reset(do_app_inst_req_new()); + InstallRequest requestUninst; + requestUninst.setAppId(sm_app_id); - result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); - - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling app failed. Result: " << result); - - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling already uninstalled app failed. Result: " << result); + Api::uninstall(requestUninst); + Api::uninstall(requestUninst); /* Check records in the security-manager database */ check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); @@ -354,43 +303,20 @@ RUNNER_TEST(security_manager_01_app_double_install_double_uninstall) RUNNER_TEST(security_manager_02_app_install_uninstall_full) { - int result; - AppInstReqUniquePtr request; const char *const sm_app_id = "sm_test_02_app_id_full"; const char *const sm_pkg_id = "sm_test_02_pkg_id_full"; prepare_app_env(); - request.reset(do_app_inst_req_new()); - - result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); - - result = security_manager_app_inst_req_set_pkg_id(request.get(), sm_pkg_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting pkg id failed. Result: " << result); + InstallRequest requestInst; + requestInst.setAppId(sm_app_id); + requestInst.setPkgId(sm_pkg_id); + requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); + requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); + requestInst.addPath(SM_PRIVATE_PATH, SECURITY_MANAGER_PATH_PRIVATE); + requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO); - result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed permission failed. Result: " << result); - result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed permission failed. Result: " << result); - - result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH, - SECURITY_MANAGER_PATH_PRIVATE); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed path failed. Result: " << result); - - result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH, - SECURITY_MANAGER_PATH_PUBLIC_RO); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed path failed. Result: " << result); - - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing app failed. Result: " << result); + Api::install(requestInst); /* Check records in the security-manager database */ check_app_after_install(sm_app_id, sm_pkg_id, @@ -399,15 +325,10 @@ RUNNER_TEST(security_manager_02_app_install_uninstall_full) /* TODO: add parameters to this function */ check_app_path_after_install(); - request.reset(do_app_inst_req_new()); + InstallRequest requestUninst; + requestUninst.setAppId(sm_app_id); - result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); - - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling app failed. Result: " << result); + Api::uninstall(requestUninst); /* Check records in the security-manager database, * all previously allowed privileges should be removed */ @@ -425,7 +346,7 @@ RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid) CStringPtr labelPtr; int result; - uninstall_app(app_id, pkg_id, false, true); + uninstall_app(app_id, pkg_id, true); install_app(app_id, pkg_id); struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH}; @@ -447,10 +368,7 @@ RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid) RUNNER_ASSERT_ERRNO_MSG(result == 0, "Can't set socket label. Result: " << result); - result = security_manager_set_process_label_from_appid(app_id); - RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, - "security_manager_set_process_label_from_appid(" << - app_id << ") failed. Result: " << result); + Api::setProcessLabel(app_id); char value[SMACK_LABEL_LEN + 1]; ssize_t size; @@ -478,55 +396,37 @@ RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid) " Process label is incorrect. Expected: \"" << expected_label << "\" Actual: \"" << label << "\""); - uninstall_app(app_id, pkg_id, true, true); + uninstall_app(app_id, pkg_id, true); } RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack) { const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack"; const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack"; - int result; - uninstall_app(app_id, pkg_id, false, true); + uninstall_app(app_id, pkg_id, true); install_app(app_id, pkg_id); - result = security_manager_set_process_label_from_appid(app_id); - RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, - "security_manager_set_process_label_from_appid(" << - app_id << ") failed. Result: " << result); + Api::setProcessLabel(app_id); - uninstall_app(app_id, pkg_id, true, true); + uninstall_app(app_id, pkg_id, true); } -static void prepare_request(AppInstReqUniquePtr &request, +static void prepare_request(InstallRequest &request, const char *const app_id, const char *const pkg_id, app_install_path_type pathType, const char *const path, uid_t uid) { - int result; - request.reset(do_app_inst_req_new()); - - result = security_manager_app_inst_req_set_app_id(request.get(), app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); - - result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting pkg id failed. Result: " << result); + request.setAppId(app_id); + request.setPkgId(pkg_id); + request.addPath(path, pathType); - result = security_manager_app_inst_req_add_path(request.get(), path, pathType); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed path failed. Result: " << result); - - if (uid != 0) { - result = security_manager_app_inst_req_set_uid(request.get(), uid); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "security_manager_app_inst_req_set_uid failed. Result: " << result); - } + if (uid != 0) + request.setUid(uid); } @@ -541,38 +441,35 @@ static struct passwd* get_app_pw() } -static void install_and_check(AppInstReqUniquePtr &request, - const char *const sm_app_id, +static void install_and_check(const char *const sm_app_id, const char *const sm_pkg_id, const std::string &user, uid_t uid) { - int result; + InstallRequest requestPublic; + //install app for non-root user and try to register public path (should fail) - prepare_request(request, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER, uid); + prepare_request(requestPublic, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER, uid); + + Api::install(requestPublic, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, - "installing app not failed. Result: " << result); + InstallRequest requestPrivate; //install app for non-root user //should fail (users may only register folders inside their home) - prepare_request(request, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid); + prepare_request(requestPrivate, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid); + + Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); + + InstallRequest requestPrivateUser; - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, - "installing app not failed. Result: " << result); //install app for non-root user //should succeed - this time i register folder inside user's home dir - prepare_request(request, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER, uid); + prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER, uid); - for (auto &privilege : SM_ALLOWED_PRIVILEGES) { - result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed permission failed. Result: " << result); - } - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing app failed. Result: " << result); + for (auto &privilege : SM_ALLOWED_PRIVILEGES) + requestPrivateUser.addPrivilege(privilege.c_str()); + + Api::install(requestPrivateUser); check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES); } @@ -580,7 +477,6 @@ static void install_and_check(AppInstReqUniquePtr &request, RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self) { int result; - AppInstReqUniquePtr request; const char *const sm_app_id = "sm_test_04a_app_id_uid"; const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid"; @@ -591,18 +487,13 @@ RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_sel result = drop_root_privileges(pw->pw_uid, pw->pw_gid); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - install_and_check(request, sm_app_id, sm_pkg_id, user, 0); + install_and_check(sm_app_id, sm_pkg_id, user, 0); //uninstall app as non-root user - request.reset(do_app_inst_req_new()); + InstallRequest request; + request.setAppId(sm_app_id); - result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); - - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling app failed. Result: " << result); + Api::uninstall(request); check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); } @@ -610,29 +501,23 @@ RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_sel RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user) { int result; - AppInstReqUniquePtr request; const char *const sm_app_id = "sm_test_04b_app_id_uid"; const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid"; struct passwd *pw = get_app_pw(); const std::string user = std::to_string(static_cast(pw->pw_uid)); - install_and_check(request, sm_app_id, sm_pkg_id, user, pw->pw_uid); + install_and_check(sm_app_id, sm_pkg_id, user, pw->pw_uid); //switch user to non-root - root may not uninstall apps for specified users result = drop_root_privileges(pw->pw_uid, pw->pw_gid); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); //uninstall app as non-root user - request.reset(do_app_inst_req_new()); - - result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); + InstallRequest request; + request.setAppId(sm_app_id); - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling app failed. Result: " << result); + Api::uninstall(request); check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); } @@ -649,9 +534,7 @@ RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities) RUNNER_ASSERT_MSG(result == 0, "can't set capabilities. Result: " << result); - result = security_manager_drop_process_privileges(); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "dropping caps failed. Result: " << result); + Api::dropProcessPrivileges(); caps.reset(cap_get_proc()); RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");