From: Zbigniew Jasinski Date: Tue, 26 Nov 2013 13:07:22 +0000 (+0100) Subject: Improved tests for *open_for* functions. X-Git-Tag: security-manager_5.5_testing~297 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=26af6369c2030141ea5aed6df68b33ff7369c456;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Improved tests for *open_for* functions. [Issue#] SSDWSSP-398 [Bug/Feature] New SS API function. [Cause] DataControl issues. [Solution] Proposal for DataControl issues. [Verification] Build and run new tests. Change-Id: Ib8c4d1a39cbd3956ae72254d3d9fc38eb4453cb1 --- diff --git a/tests/security-server-tests/security_server_tests_open_for.cpp b/tests/security-server-tests/security_server_tests_open_for.cpp index 4f06b6af..10696588 100644 --- a/tests/security-server-tests/security_server_tests_open_for.cpp +++ b/tests/security-server-tests/security_server_tests_open_for.cpp @@ -7,6 +7,7 @@ * @version 1.0 * @brief Test cases for security server open-for API */ + #include #include #include @@ -22,95 +23,213 @@ #include #include -#define TEST01_SUBJECT "open-for-client" +const std::string SENDER = "open-for-sender"; +const std::string AUTHORIZED_RECEIVER = "open-for-client"; +const std::string UNAUTHORIZED_RECEIVER = "open-for-bad-client"; -const char *file = "file"; -const char *write_buf1 = "ala ma kota"; -const char *write_buf2 = "kot ma ale"; -char *read_buf1 = new char[strlen(write_buf1)]; -char *read_buf2 = new char[strlen(write_buf2)]; +const std::string file = "file"; +const std::string dir = "/var/run/security-server/"; +const std::string path = dir + file; +const std::string write_buf1 = "ala ma kota"; +const std::string write_buf2 = "kot ma ale"; -void closefdptr(int* fd_ptr) -{ - close(*fd_ptr); +void clearSecureDir(void) { + if (unlink(path.c_str())) + RUNNER_ASSERT_MSG_BT((ENOENT == errno), "unlink error: " << strerror(errno)); } -typedef std::unique_ptr > FDUniquePtr; RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_OPEN_FOR_API); -RUNNER_CHILD_TEST_SMACK(tc13_open_for_new_file) +RUNNER_CHILD_TEST_SMACK(tc01_shared_file_open_new_file) { int fd = -1; - FDUniquePtr fd_ptr(&fd, closefdptr); - SecurityServer::AccessProvider provider(TEST01_SUBJECT); + // clear secure dir + clearSecureDir(); + + FDUniquePtr fd_ptr(&fd, closeFdPtr); + + SecurityServer::AccessProvider provider(SENDER); provider.allowFunction("security_server_open_for"); provider.applyAndSwithToUser(APP_UID, APP_GID); - int ret = security_server_open_for(file, fd_ptr.get()); - RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret); + int ret = security_server_shared_file_open(file.c_str(), AUTHORIZED_RECEIVER.c_str(), + fd_ptr.get()); + RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); - ret = write(*fd_ptr, write_buf1, strlen(write_buf1)); - RUNNER_ASSERT_MSG_BT(ret == (int)strlen(write_buf1), "error in write: " << ret); + ret = write(*fd_ptr, write_buf1.c_str(), write_buf1.size()); + RUNNER_ASSERT_MSG_BT(ret == static_cast(write_buf1.size()), "error in write: " << ret); } -RUNNER_CHILD_TEST_SMACK(tc14_open_for_read_from_existing_file) +RUNNER_CHILD_TEST_SMACK(tc02_shared_file_open_existing_file) { int fd = -1; - FDUniquePtr fd_ptr(&fd, closefdptr); - SecurityServer::AccessProvider provider(TEST01_SUBJECT); + // clear secure dir + clearSecureDir(); + + // prepare file for tests before dropping privs + FDUniquePtr fd_ptr(&fd, closeFdPtr); + *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT); + RUNNER_ASSERT_MSG_BT(-1 != *fd_ptr, "open error: " << strerror(errno)); + fd_ptr.reset(new int); + + SecurityServer::AccessProvider provider(SENDER); provider.allowFunction("security_server_open_for"); provider.applyAndSwithToUser(APP_UID, APP_GID); - int ret = security_server_open_for(file, fd_ptr.get()); - RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret); + int ret = security_server_shared_file_open(file.c_str(), AUTHORIZED_RECEIVER.c_str(), fd_ptr.get()); + RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_FILE_EXIST, "ret: " << ret); +} + +RUNNER_CHILD_TEST_SMACK(tc03_shared_file_reopen_auth_existing_file_for_read) +{ + int fd = -1; + + clearSecureDir(); + + FDUniquePtr fd_ptr(&fd, closeFdPtr); + *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT); + int ret = write(*fd_ptr, write_buf1.c_str(), write_buf1.size()); + RUNNER_ASSERT_MSG_BT(ret == static_cast(write_buf1.size()), "error in write: " << ret); + RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(), + SMACK_LABEL_ACCESS), "smack_setlabel error"); + fd_ptr.reset(new int); + + SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER); + provider.allowFunction("security_server_open_for"); + provider.applyAndSwithToUser(APP_UID, APP_GID); - ret = read(*fd_ptr, read_buf1, strlen(write_buf1)); - int err = errno; - RUNNER_ASSERT_MSG_BT(ret == (int)strlen(write_buf1), "error in read: " << ret << " err: " << strerror(err)); + ret = security_server_shared_file_reopen(file.c_str(), fd_ptr.get()); + RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); - RUNNER_ASSERT_MSG_BT(strncmp(read_buf1, write_buf1, strlen(read_buf1)) == 0, "string mismatch"); + std::vector read_buf1(write_buf1.size()); + ret = read(*fd_ptr, read_buf1.data(), write_buf1.size()); + RUNNER_ASSERT_MSG_BT(ret == static_cast(write_buf1.size()), "error in read: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(std::string(read_buf1.data(), ret) == write_buf1, "string mismatch"); } -RUNNER_CHILD_TEST_SMACK(tc15_open_for_write_to_existing_file) +RUNNER_CHILD_TEST_SMACK(tc04_shared_file_reopen_auth_existing_file_for_write) { + int fd = -1; - int fd = open("/var/run/security-server/file", O_RDWR); - int ret = ftruncate(fd, 0); - FDUniquePtr fd_ptr(&fd, closefdptr); + clearSecureDir(); - ret = write(*fd_ptr, write_buf2, strlen(write_buf2)); - int err = errno; - RUNNER_ASSERT_MSG_BT(ret == (int)strlen(write_buf2), "error in read: " << ret << " err: " << strerror(err)); + FDUniquePtr fd_ptr(&fd, closeFdPtr); + *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT); + RUNNER_ASSERT_MSG_BT(-1 != *fd_ptr, "open error: " << strerror(errno)); + int ret = write(*fd_ptr, write_buf1.c_str(), write_buf1.size()); + RUNNER_ASSERT_MSG_BT(ret == static_cast(write_buf1.size()), "error in write: " << ret); + fd_ptr.reset(new int); + RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(), + SMACK_LABEL_ACCESS), "smack_setlabel error"); - SecurityServer::AccessProvider provider(TEST01_SUBJECT); + SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER); provider.allowFunction("security_server_open_for"); provider.applyAndSwithToUser(APP_UID, APP_GID); - ret = security_server_open_for(file, fd_ptr.get()); - RUNNER_ASSERT_MSG_BT(ret == 0, "ret: " << ret); + ret = security_server_shared_file_reopen(file.c_str(), fd_ptr.get()); + RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); - ret = read(*fd_ptr, read_buf2, strlen(write_buf2)); - err = errno; - RUNNER_ASSERT_MSG_BT(ret == (int)strlen(write_buf2), "error in read: " << ret << " err: " << strerror(err)); + RUNNER_ASSERT_MSG_BT(-1 != ftruncate(*fd_ptr, 0), "error in ftruncate: " << strerror(errno)); + std::vector read_buf2(write_buf2.size()); + ret = write(*fd_ptr, write_buf2.c_str(), write_buf2.size()); + + RUNNER_ASSERT_MSG_BT(-1 != lseek(*fd_ptr, 0L, 0), "error in lseek: " << strerror(errno)); + ret = read(*fd_ptr, read_buf2.data(), write_buf2.size()); + RUNNER_ASSERT_MSG_BT(std::string(read_buf2.data(), ret) == write_buf2, "string mismatch"); - RUNNER_ASSERT_MSG_BT(strncmp(read_buf2, write_buf2, strlen(read_buf2)) == 0, "string mismatch"); } -RUNNER_CHILD_TEST_SMACK(tc16_open_for_bad_file_name) +RUNNER_CHILD_TEST_SMACK(tc05_shared_file_reopen_unauth_existing_file_for_read) { int fd = -1; - FDUniquePtr fd_ptr(&fd, closefdptr); - SecurityServer::AccessProvider provider(TEST01_SUBJECT); + clearSecureDir(); + + FDUniquePtr fd_ptr(&fd, closeFdPtr); + *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT); + RUNNER_ASSERT_MSG_BT(-1 != *fd_ptr, "open error: " << strerror(errno)); + fd_ptr.reset(new int); + RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(), + SMACK_LABEL_ACCESS), "smack_setlabel error"); + + SecurityServer::AccessProvider provider(UNAUTHORIZED_RECEIVER); provider.allowFunction("security_server_open_for"); provider.applyAndSwithToUser(APP_UID, APP_GID); - std::vector badFile = { "/plik","-plik",".plik","pl..k","..plik", - "..","." }; + int ret = security_server_shared_file_reopen(file.c_str(), fd_ptr.get()); + RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED, "ret: " << ret); +} + +RUNNER_CHILD_TEST_SMACK(tc06_shared_file_delete_unauth_existing_file) +{ + int fd = -1; + + clearSecureDir(); + + FDUniquePtr fd_ptr(&fd, closeFdPtr); + *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT); + RUNNER_ASSERT_MSG_BT(-1 != *fd_ptr, "open error: " << strerror(errno)); + fd_ptr.reset(new int); + RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(), + SMACK_LABEL_ACCESS), "smack_setlabel error"); + + SecurityServer::AccessProvider provider(UNAUTHORIZED_RECEIVER); + provider.allowFunction("security_server_open_for"); + provider.applyAndSwithToUser(APP_UID, APP_GID); + + int ret = security_server_shared_file_delete(file.c_str()); + RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED, "ret: " << ret); +} + +RUNNER_CHILD_TEST_SMACK(tc07_shared_file_delete_auth_existing_file) +{ + int fd = -1; + + clearSecureDir(); + + FDUniquePtr fd_ptr(&fd, closeFdPtr); + *fd_ptr = open(path.c_str(), O_RDWR | O_CREAT); + RUNNER_ASSERT_MSG_BT(-1 != *fd_ptr, "open error: " << strerror(errno)); + fd_ptr.reset(new int); + RUNNER_ASSERT_MSG_BT(0 >= smack_setlabel(path.c_str(), AUTHORIZED_RECEIVER.c_str(), + SMACK_LABEL_ACCESS), "smack_setlabel error"); + + SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER); + provider.allowFunction("security_server_open_for"); + provider.applyAndSwithToUser(APP_UID, APP_GID); + + int ret = security_server_shared_file_delete(file.c_str()); + RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); +} + +RUNNER_CHILD_TEST_SMACK(tc08_shared_file_delete_missing_file) +{ + SecurityServer::AccessProvider provider(AUTHORIZED_RECEIVER); + provider.allowFunction("security_server_open_for"); + provider.applyAndSwithToUser(APP_UID, APP_GID); + + int ret = security_server_shared_file_delete(file.c_str()); + RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_FILE_NOT_EXIST, "ret: " << ret); +} + +RUNNER_CHILD_TEST_SMACK(tc09_shared_file_open_bad_file_name) +{ + int fd = -1; + + FDUniquePtr fd_ptr(&fd, closeFdPtr); + + SecurityServer::AccessProvider provider(SENDER); + provider.allowFunction("security_server_open_for"); + provider.applyAndSwithToUser(APP_UID, APP_GID); + + std::vector badFile = { "/plik","-plik",".plik","..plik","..",".","../plik", + "../../plik" }; + for (auto iter = badFile.begin(); iter != badFile.end(); ++iter) { - int ret = security_server_open_for((*iter).c_str(), fd_ptr.get()); + int ret = security_server_shared_file_open((*iter).c_str(), AUTHORIZED_RECEIVER.c_str(), + fd_ptr.get()); RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); } }