From: Zofia Abramowska Date: Tue, 4 Jul 2017 13:16:46 +0000 (+0200) Subject: Add tests for app fetching it's own policy X-Git-Tag: security-manager_5.5_testing~15^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1b21a9c201c0e1869287b78c0dcfd9c7529c5392;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Add tests for app fetching it's own policy Change-Id: I3428d9d47f30de5fb38e7d56eac8988d88cb902a --- diff --git a/src/security-manager-tests/CMakeLists.txt b/src/security-manager-tests/CMakeLists.txt index c5badf98..54c7ae40 100644 --- a/src/security-manager-tests/CMakeLists.txt +++ b/src/security-manager-tests/CMakeLists.txt @@ -42,6 +42,7 @@ SET(SEC_MGR_SOURCES ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases.cpp ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_app_defined_privilege.cpp + ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_app_policy.cpp ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_credentials.cpp ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_dyntransition.cpp ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_nss.cpp diff --git a/src/security-manager-tests/test_cases_app_policy.cpp b/src/security-manager-tests/test_cases_app_policy.cpp new file mode 100644 index 00000000..00f99910 --- /dev/null +++ b/src/security-manager-tests/test_cases_app_policy.cpp @@ -0,0 +1,188 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include +#include +#include +#include +#include + +#include +#include + +const std::vector TEST_PRIVACY_PRIVILEGES = { + "http://tizen.org/privilege/callhistory.read", + "http://tizen.org/privilege/account.read", + "http://tizen.org/privilege/healthinfo" }; + +using namespace SecurityManagerTest; + +RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_POLICY) + +RUNNER_CHILD_TEST(security_manager_ap1_app_policy_fetch_for_self) { + TemporaryTestUser tmpUser("sm_test_ap1_user_name", GUM_USERTYPE_NORMAL, false); + tmpUser.create(); + + unsigned expectedPolicyCount = 1; + + AppInstallHelper app("sm_test_ap1", tmpUser.getUid()); + app.addPrivileges(TEST_PRIVACY_PRIVILEGES); + + ScopedInstaller appInstall(app); + + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed"); + if (pid != 0) { //parent process + waitPid(pid); + } else { //child process + Api::setProcessLabel(app.getAppId()); + RUNNER_ASSERT_ERRNO_MSG( + drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0, + "drop_root_privileges failed"); + + std::string uidStr = tmpUser.getUidString(); + for (const auto &appPrivilege : app.getPrivileges()) { + PolicyEntry filter(app.getAppId(), uidStr, appPrivilege); + + std::vector policyEntries; + Api::getPolicyForSelf(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); + RUNNER_ASSERT_MSG(policyEntries.size() == 1, + "Number of policies doesn't match - should be: " << expectedPolicyCount << " and is " << policyEntries.size()); + + for (const auto &policyEntry : policyEntries) { + std::string user = policyEntry.getUser(); + std::string appId = policyEntry.getAppId(); + std::string privilege = policyEntry.getPrivilege(); + + RUNNER_ASSERT_MSG(appId == app.getAppId(), + "Policy returned for wrong appId," " expected : " << app.getAppId() << ", got : " << appId); + RUNNER_ASSERT_MSG(user == uidStr, + "Policy returned for wrong user," " expected : " << uidStr << ", got : " << user); + RUNNER_ASSERT_MSG(privilege == appPrivilege.getName(), + "Policy returned for wrong privilege," " expected : " << appPrivilege << ", got : " << privilege); + + } + } + exit(0); + } +} + +RUNNER_CHILD_TEST(security_manager_ap2_app_policy_fetch_for_self_different_user) { + TemporaryTestUser tmpUser("sm_test_ap2_1_user_name", GUM_USERTYPE_NORMAL, false); + tmpUser.create(); + TemporaryTestUser tmpUser2("sm_test_ap2_2_user_name", GUM_USERTYPE_NORMAL, false); + tmpUser2.create(); + + AppInstallHelper app("sm_test_ap2", tmpUser.getUid()); + app.addPrivileges(TEST_PRIVACY_PRIVILEGES); + + ScopedInstaller appInstall(app); + + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed"); + if (pid != 0) { //parent process + waitPid(pid); + } else { //child process + Api::setProcessLabel(app.getAppId()); + RUNNER_ASSERT_ERRNO_MSG( + drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0, + "drop_root_privileges failed"); + + std::string wrongUidStr = tmpUser2.getUidString(); + for (const auto &appPrivilege : app.getPrivileges()) { + PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege); + + std::vector policyEntries; + Api::getPolicyForSelf(filter, policyEntries, + SECURITY_MANAGER_ERROR_ACCESS_DENIED); + } + exit(0); + } +} + +RUNNER_CHILD_TEST(security_manager_ap3_app_policy_fetch_for_self_different_user_global) { + TemporaryTestUser tmpUser("sm_test_ap3_1_user_name", GUM_USERTYPE_NORMAL, false); + tmpUser.create(); + TemporaryTestUser tmpUser2("sm_test_ap3_2_user_name", GUM_USERTYPE_NORMAL, false); + tmpUser2.create(); + + AppInstallHelper app("sm_test_ap3"); + app.setInstallType(SM_APP_INSTALL_GLOBAL); + app.addPrivileges(TEST_PRIVACY_PRIVILEGES); + + ScopedInstaller appInstall(app); + + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed"); + if (pid != 0) { //parent process + waitPid(pid); + } else { //child process + Api::setProcessLabel(app.getAppId()); + RUNNER_ASSERT_ERRNO_MSG( + drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0, + "drop_root_privileges failed"); + + std::string wrongUidStr = tmpUser2.getUidString(); + for (const auto &appPrivilege : app.getPrivileges()) { + PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege); + + std::vector policyEntries; + Api::getPolicyForSelf(filter, policyEntries, + SECURITY_MANAGER_ERROR_ACCESS_DENIED); + } + exit(0); + } +} + +RUNNER_CHILD_TEST(security_manager_ap3_app_policy_fetch_for_self_different_app) { + TemporaryTestUser tmpUser("sm_test_ap3_user_name", GUM_USERTYPE_NORMAL, false); + tmpUser.create(); + + AppInstallHelper app1("sm_test_ap3_1", tmpUser.getUid()); + app1.addPrivileges(TEST_PRIVACY_PRIVILEGES); + + AppInstallHelper app2("sm_test_ap3_2", tmpUser.getUid()); + app2.addPrivileges(TEST_PRIVACY_PRIVILEGES); + + ScopedInstaller appInstall1(app1); + ScopedInstaller appInstall2(app2); + + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed"); + if (pid != 0) { //parent process + waitPid(pid); + } else { //child process + Api::setProcessLabel(app1.getAppId()); + RUNNER_ASSERT_ERRNO_MSG( + drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0, + "drop_root_privileges failed"); + + std::string uidStr = tmpUser.getUidString(); + for (const auto &appPrivilege : app1.getPrivileges()) { + PolicyEntry filter(app2.getAppId(), uidStr, appPrivilege); + + std::vector policyEntries; + Api::getPolicyForSelf(filter, policyEntries, + SECURITY_MANAGER_ERROR_ACCESS_DENIED); + } + exit(0); + } +}