From: Zofia Abramowska Date: Thu, 15 May 2025 08:24:40 +0000 (+0200) Subject: security-manager: adapt credential tests to nosmack X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1f47141005ab6da7c961009cde4201fc9be9060c;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git security-manager: adapt credential tests to nosmack Change-Id: I8a849f95f7162de76f18aabfef7fb0f7358df693 --- diff --git a/src/common/scoped_app_launcher.h b/src/common/scoped_app_launcher.h index 2ba5e169..a271b18e 100644 --- a/src/common/scoped_app_launcher.h +++ b/src/common/scoped_app_launcher.h @@ -32,6 +32,8 @@ public: ScopedAppLauncher(const ScopedAppLauncher&) = delete; ScopedAppLauncher& operator=(const ScopedAppLauncher&) = delete; + pid_t getPid() { return m_pid; } + private: void launch(const std::function& runInAppContext); SynchronizationPipe m_syncPipe; diff --git a/src/security-manager-tests/run-security-manager-no-smack-tests.sh b/src/security-manager-tests/run-security-manager-no-smack-tests.sh index fa54dac0..750e1738 100755 --- a/src/security-manager-tests/run-security-manager-no-smack-tests.sh +++ b/src/security-manager-tests/run-security-manager-no-smack-tests.sh @@ -226,6 +226,24 @@ required=( security_manager_14_privacy_manager_fetch_and_update_policy_for_admin security_manager_15_privacy_manager_send_policy_update_for_admin security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard + security_manager_51a_get_id_by_socket_hybrid + security_manager_51a_get_id_by_socket_nonhybrid + security_manager_51b_get_id_by_socket_bad_fd + security_manager_51c_get_id_by_socket_only_pkg + security_manager_51d_get_id_by_socket_only_appid + security_manager_51e_get_id_by_socket_nulls + security_manager_52a_get_id_by_pid_hybrid + security_manager_52a_get_id_by_pid_nonhybrid + security_manager_52b_get_id_by_pid_bad_pid + security_manager_52c_get_id_by_pid_only_pkg + security_manager_52d_get_id_by_pid_only_appid + security_manager_52e_get_id_by_pid_nulls + security_manager_53a_get_id_by_cynara_client_hybrid + security_manager_53a_get_id_by_cynara_client_nonhybrid + security_manager_53b_get_id_by_cynara_client_wrong_client + security_manager_53c_get_id_by_cynara_client_only_pkgid + security_manager_53d_get_id_by_cynara_client_only_appid + security_manager_53e_get_id_by_cynara_client_nulls ) function run_tests_and_exit { diff --git a/src/security-manager-tests/test_cases_credentials.cpp b/src/security-manager-tests/test_cases_credentials.cpp index 3a5a9d31..44790f8d 100644 --- a/src/security-manager-tests/test_cases_credentials.cpp +++ b/src/security-manager-tests/test_cases_credentials.cpp @@ -21,11 +21,14 @@ #include #include +#include #include #include #include #include #include +#include +#include #include #include #include @@ -38,72 +41,46 @@ RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_CREDENTIAL_API) using namespace SecurityManagerTest; -class ProcessCredentials { -public: - ProcessCredentials(const std::string &smackLabel) : m_label(smackLabel) {} - - const std::string &label(void) const { - return m_label; - } - - uid_t uid(void) const { - return TzPlatformConfig::getGlobalUserId(); - } - - gid_t gid(void) const { - return PasswdAccess::gid("users"); - } - -private: - std::string m_label; -}; - -void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr, - const struct ProcessCredentials &peerCredentials) { - AppContext ctx(peerCredentials.label()); - ctx.apply(peerCredentials.uid(), peerCredentials.gid()); - pipe.claimChildEp(); - - int sock = UDSHelpers::createServer(&sockaddr); - SockUniquePtr sockPtr(&sock); - pipe.post(); - int clientSock = UDSHelpers::acceptClient(sock); - - UDSHelpers::waitForDisconnect(clientSock); -} +// ############################### SOCKET ############################################# typedef std::function SocketAssertionFn; -void clientTestTemplate(SocketAssertionFn assertion, const std::string &scope, const std::string &smackLabel) { +void clientTestTemplate(SocketAssertionFn assertion, const std::string &scope, + const AppInstallHelper &app) +{ const auto sockaddr = UDSHelpers::makeAbstractAddress("test_sm_" + scope + ".socket"); - const ProcessCredentials peerCredentials(smackLabel); SynchronizationPipe pipe; - pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr), - std::cref(peerCredentials))); + ScopedAppLauncher launcher(app, [&] { + pipe.claimChildEp(); + + int sock = UDSHelpers::createServer(&sockaddr); + SockUniquePtr sockPtr(&sock); + pipe.post(); + int clientSock = UDSHelpers::acceptClient(sock); + + UDSHelpers::waitForDisconnect(clientSock); + }); pipe.claimParentEp(); pipe.wait(); int sock = UDSHelpers::createClient(&sockaddr); SockUniquePtr sockPtr(&sock); - assertion(sock, pid); + assertion(sock, launcher.getPid()); } void test_51a_get_id_by_socket(bool isHybrid) { - const char *const sm_app_id = "sm_test_51a_app"; - const char *const sm_pkg_id = "sm_test_51a_pkg"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - if (isHybrid) - requestInst.setHybrid(); + AppInstallHelper app("sm_test_51a"); + if (isHybrid) { + app.setHybrid(); + } - Api::install(requestInst); + auto sm_pkg_id = app.getPkgId(); + auto sm_app_id = app.getAppId(); - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int sock, pid_t) { std::string rcvPkgId, rcvAppId; @@ -114,15 +91,9 @@ void test_51a_get_id_by_socket(bool isHybrid) { RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId << "; expected = " << sm_app_id); else - RUNNER_ASSERT_MSG(rcvAppId.empty(), "magically acquired appId from nonhybrid app"); - }, "tcsm27a", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + RUNNER_ASSERT_MSG(rcvAppId.empty(), "magically acquired appId from nonhybrid app: " << rcvAppId ); + }, "tcsm27a", app); } - RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket_hybrid) { test_51a_get_id_by_socket(true); @@ -135,116 +106,80 @@ RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket_nonhybrid) RUNNER_CHILD_TEST(security_manager_51b_get_id_by_socket_bad_fd) { - const char *const sm_app_id = "sm_test_51b_app"; - const char *const sm_pkg_id = "sm_test_51b_pkg"; + AppInstallHelper app("sm_test_51b"); - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + auto sm_app_id = app.getAppId(); + auto sm_pkg_id = app.getPkgId(); - Api::install(requestInst); - - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int sock, pid_t) { std::string rcvPkgId, rcvAppId; - Api::getPkgIdBySocket(sock + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); - }, "tcsm27b", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + Api::getPkgIdBySocket(sock + 100, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); + }, "tcsm27b", app); } RUNNER_CHILD_TEST(security_manager_51c_get_id_by_socket_only_pkg) { - const char *const sm_app_id = "sm_test_51c_app"; - const char *const sm_pkg_id = "sm_test_51c_pkg"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + AppInstallHelper app("sm_test_51c"); - Api::install(requestInst); + auto sm_app_id = app.getAppId(); + auto sm_pkg_id = app.getPkgId(); - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int sock, pid_t) { std::string rcvPkgId; Api::getPkgIdBySocket(sock, &rcvPkgId, nullptr); RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId << "; expected = " << sm_pkg_id); - }, "tcsm27c", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + }, "tcsm27c", app); } RUNNER_CHILD_TEST(security_manager_51d_get_id_by_socket_only_appid) { - const char *const sm_app_id = "sm_test_51d_app"; - const char *const sm_pkg_id = "sm_test_51d_pkg"; + AppInstallHelper app("sm_test_51d"); + app.setHybrid(); - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - requestInst.setHybrid(); + auto sm_app_id = app.getAppId(); + auto sm_pkg_id = app.getPkgId(); - Api::install(requestInst); - - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int sock, pid_t) { std::string rcvAppId; Api::getPkgIdBySocket(sock, nullptr, &rcvAppId); RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId << "; expected = " << sm_app_id); - }, "tcsm27d", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + }, "tcsm27d", app); } RUNNER_CHILD_TEST(security_manager_51e_get_id_by_socket_nulls) { - const char *const sm_app_id = "sm_test_51e_app"; - const char *const sm_pkg_id = "sm_test_51e_pkg"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + AppInstallHelper app("sm_test_51e"); - Api::install(requestInst); + auto sm_app_id = app.getAppId(); + auto sm_pkg_id = app.getPkgId(); - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int sock, pid_t) { Api::getPkgIdBySocket(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM); - }, "tcsm27e", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + }, "tcsm27e", app); } +// ############################### PID ############################################# + void test_52a_get_id_by_pid(bool isHybrid) { - const char *const sm_app_id = "sm_test_52a_app"; - const char *const sm_pkg_id = "sm_test_52a_pkg"; + AppInstallHelper app("sm_test_52a"); + if (isHybrid) { + app.setHybrid(); + } - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - if (isHybrid) - requestInst.setHybrid(); - Api::install(requestInst); + auto sm_app_id = app.getAppId(); + auto sm_pkg_id = app.getPkgId(); - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int, pid_t pid) { std::string rcvPkgId, rcvAppId; @@ -255,13 +190,8 @@ void test_52a_get_id_by_pid(bool isHybrid) { RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId << "; expected = " << sm_app_id); else - RUNNER_ASSERT_MSG(rcvAppId.empty(), "magically acquired appId from nonhybrid app"); - }, "tcsm28a", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + RUNNER_ASSERT_MSG(rcvAppId.empty(), "magically acquired appId from nonhybrid app: " << rcvAppId ); + }, "tcsm28a", app); } RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid_hybrid) @@ -274,119 +204,84 @@ RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid_nonhybrid) test_52a_get_id_by_pid(false); } -RUNNER_CHILD_TEST(security_manager_52b_get_id_by_pid_bad_fd) +RUNNER_CHILD_TEST(security_manager_52b_get_id_by_pid_bad_pid) { - const char *const sm_app_id = "sm_test_52b_app"; - const char *const sm_pkg_id = "sm_test_52b_pkg"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + AppInstallHelper app("sm_test_52b_app"); - Api::install(requestInst); + auto sm_app_id = app.getAppId(); + auto sm_pkg_id = app.getPkgId(); - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int, pid_t pid) { std::string rcvPkgId, rcvAppId; - Api::getPkgIdByPid(pid + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); - }, "tcsm28b", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + Api::getPkgIdByPid(pid + 100, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); + }, "tcsm28b", app); } RUNNER_CHILD_TEST(security_manager_52c_get_id_by_pid_only_pkg) { - const char *const sm_app_id = "sm_test_52c_app"; - const char *const sm_pkg_id = "sm_test_52c_pkg"; + AppInstallHelper app("sm_test_52c"); - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + auto sm_app_id = app.getAppId(); + auto sm_pkg_id = app.getPkgId(); - Api::install(requestInst); - - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int, pid_t pid) { std::string rcvPkgId; Api::getPkgIdByPid(pid, &rcvPkgId, nullptr); RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId << "; expected = " << sm_pkg_id); - }, "tcsm28c", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + }, "tcsm28c", app); } RUNNER_CHILD_TEST(security_manager_52d_get_id_by_pid_only_appid) { - const char *const sm_app_id = "sm_test_52d_app"; - const char *const sm_pkg_id = "sm_test_52d_pkg"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - requestInst.setHybrid(); + AppInstallHelper app("sm_test_52d_app"); + app.setHybrid(); - Api::install(requestInst); + auto sm_app_id = app.getAppId(); + auto sm_pkg_id = app.getPkgId(); - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int, pid_t pid) { std::string rcvAppId; Api::getPkgIdByPid(pid, nullptr, &rcvAppId); RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId << "; expected = " << sm_app_id); - }, "tcsm28d", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + }, "tcsm28d", app); } RUNNER_CHILD_TEST(security_manager_52e_get_id_by_pid_nulls) { - const char *const sm_app_id = "sm_test_52e_app"; - const char *const sm_pkg_id = "sm_test_52e_pkg"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + AppInstallHelper app("sm_test_52e_app"); - Api::install(requestInst); + auto sm_app_id = app.getAppId(); + auto sm_pkg_id = app.getPkgId(); - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int sock, pid_t) { Api::getPkgIdByPid(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM); - }, "tcsm28e", smackLabel); + }, "tcsm28e", app); +} - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); +// ############################### CYNARA CLIENT ############################################# - Api::uninstall(requestUninst); -} +constexpr char NO_SMACK_ID[] = "default_app_no_Smack_mode"; void test_53a_get_id_by_cynara_client(bool isHybrid) { - const char *const sm_app_id = "sm_test_53a_app"; - const char *const sm_pkg_id = "sm_test_53a_pkg"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - if (isHybrid) - requestInst.setHybrid(); + AppInstallHelper app("sm_test_53a_app"); + if (isHybrid) { + app.setHybrid(); + } - Api::install(requestInst); + auto sm_app_id = smack_check() ? app.getAppId() : ""; + auto sm_pkg_id = smack_check() ? app.getPkgId() : NO_SMACK_ID; - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int sock, pid_t) { std::string rcvPkgId, rcvAppId; @@ -398,12 +293,7 @@ void test_53a_get_id_by_cynara_client(bool isHybrid) { if (isHybrid) RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId << "; expected = " << sm_app_id); - }, "tcsmc53a", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + }, "tcsmc53a", app); } RUNNER_CHILD_TEST(security_manager_53a_get_id_by_cynara_client_hybrid) @@ -426,16 +316,12 @@ RUNNER_CHILD_TEST(security_manager_53b_get_id_by_cynara_client_wrong_client) RUNNER_CHILD_TEST(security_manager_53c_get_id_by_cynara_client_only_pkgid) { - const char *const sm_app_id = "sm_test_53c_app"; - const char *const sm_pkg_id = "sm_test_53c_pkg"; + AppInstallHelper app("sm_test_53c_app"); - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + auto sm_app_id = smack_check() ? app.getAppId() : ""; + auto sm_pkg_id = smack_check() ? app.getPkgId() : NO_SMACK_ID; - Api::install(requestInst); - - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int sock, pid_t) { std::string rcvPkgId; @@ -444,27 +330,18 @@ RUNNER_CHILD_TEST(security_manager_53c_get_id_by_cynara_client_only_pkgid) Api::getPkgIdByCynaraClient(cynaraClient.get(), &rcvPkgId, nullptr); RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId << "; expected = " << sm_pkg_id); - }, "tcsm28c", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + }, "tcsm28c", app); } RUNNER_CHILD_TEST(security_manager_53d_get_id_by_cynara_client_only_appid) { - const char *const sm_app_id = "sm_test_53d_app"; - const char *const sm_pkg_id = "sm_test_53d_pkg"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - requestInst.setHybrid(); + AppInstallHelper app("sm_test_53d_app"); + app.setHybrid(); - Api::install(requestInst); + auto sm_app_id = smack_check() ? app.getAppId() : ""; + auto sm_pkg_id = smack_check() ? app.getPkgId() : NO_SMACK_ID; - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int sock, pid_t) { std::string rcvAppId; @@ -473,36 +350,22 @@ RUNNER_CHILD_TEST(security_manager_53d_get_id_by_cynara_client_only_appid) Api::getPkgIdByCynaraClient(cynaraClient.get(), nullptr, &rcvAppId); RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId << "; expected = " << sm_app_id); - }, "tcsm28d", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + }, "tcsm28d", app); } RUNNER_CHILD_TEST(security_manager_53e_get_id_by_cynara_client_nulls) { - const char *const sm_app_id = "sm_test_53e_app"; - const char *const sm_pkg_id = "sm_test_53e_pkg"; + AppInstallHelper app("sm_test_53e_app"); - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + auto sm_app_id = smack_check() ? app.getAppId() : ""; + auto sm_pkg_id = smack_check() ? app.getPkgId() : NO_SMACK_ID; - Api::install(requestInst); - - std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id); + ScopedInstaller appInstall(app); clientTestTemplate([&] (int sock, pid_t) { std::string rcvAppId; CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK)); RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL"); Api::getPkgIdByCynaraClient(cynaraClient.get(), nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM); - }, "tcsm28e", smackLabel); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); + }, "tcsm28e", app); }