From: Aleksander Zdyb Date: Thu, 5 Mar 2015 13:26:13 +0000 (+0100) Subject: Add tests for cynara-creds-socket X-Git-Tag: security-manager_5.5_testing~115 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2f15b2770175956fe214b395ca1293aa6ec4f279;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Add tests for cynara-creds-socket Change-Id: I9b4fe70b74424e6b1d70f12751ca87f0896b6f55 --- diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec index a3d222e2..1358aec0 100644 --- a/packaging/security-tests.spec +++ b/packaging/security-tests.spec @@ -49,7 +49,8 @@ cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DSECURITY_MDFPP_STATE_ENABLE=1 \ %endif -DCMAKE_VERBOSE_MAKEFILE=ON \ - -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db + -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \ + -DAPP_USER="security_test_user" make %{?jobs:-j%jobs} %install @@ -69,6 +70,9 @@ api_feature_loader --verbose vconftool set -t string file/security_mdpp/security_mdpp_state "Unset" %endif +id -u security_test_user 1>/dev/null 2>&1 || \ + useradd -r -g users -s /sbin/nologin -c "for tests only" security_test_user + echo "security-tests postinst done ..." %files @@ -111,3 +115,6 @@ echo "security-tests postinst done ..." /usr/lib/security-tests/cynara-tests/plugins/multiple-policy/* /usr/lib/security-tests/cynara-tests/plugins/test-agent/* /usr/bin/security-tests-inner-test + +%postun +id -u security_test_user 1>/dev/null 2>&1 && userdel security_test_user \ No newline at end of file diff --git a/src/cynara-tests/CMakeLists.txt b/src/cynara-tests/CMakeLists.txt index 1b275fd4..ae8c617d 100644 --- a/src/cynara-tests/CMakeLists.txt +++ b/src/cynara-tests/CMakeLists.txt @@ -25,6 +25,7 @@ PKG_CHECK_MODULES(CYNARA_TARGET_DEP cynara-agent cynara-client cynara-client-async + cynara-creds-socket cynara-plugin dbus-1 ) @@ -43,12 +44,14 @@ SET(CYNARA_TARGET_TEST_SOURCES ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_cynara_mask.cpp ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_env.cpp ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp + ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_helpers.cpp ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp ${PROJECT_SOURCE_DIR}/src/cynara-tests/cynara-test.cpp ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases.cpp ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_agent.cpp ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_async.cpp ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_db.cpp + ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_helpers.cpp ) #header directories diff --git a/src/cynara-tests/common/cynara_test_helpers.cpp b/src/cynara-tests/common/cynara_test_helpers.cpp new file mode 100644 index 00000000..033fbecd --- /dev/null +++ b/src/cynara-tests/common/cynara_test_helpers.cpp @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file cynara_test_helpers.cpp + * @author Aleksander Zdyb + * @version 1.0 + * @brief Helpers for cynara-helpers + */ + +#include + +#include + +#include "cynara_test_helpers.h" + +namespace CynaraHelperCredentials { + +char *socketGetClient(int sock, cynara_client_creds method, int expectedResult) { + char *buff; + auto ret = cynara_creds_socket_get_client(sock, method, &buff); + RUNNER_ASSERT_MSG(ret == expectedResult, + "cynara_creds_socket_get_client failed, ret = " << ret + << "; expected = " << expectedResult); + return buff; +} + +char *socketGetUser(int sock, cynara_user_creds method, int expectedResult) { + char *buff; + auto ret = cynara_creds_socket_get_user(sock, method, &buff); + RUNNER_ASSERT_MSG(ret == expectedResult, + "cynara_creds_socket_get_user failed, ret = " << ret + << "; expected = " << expectedResult); + return buff; +} + +pid_t socketGetPid(int sock, int expectedResult) { + pid_t pid; + auto ret = cynara_creds_socket_get_pid(sock, &pid); + RUNNER_ASSERT_MSG(ret == expectedResult, + "cynara_creds_socket_get_pid failed, ret = " << ret << "; expected = " + << expectedResult); + return pid; +} + +} //namespace CynaraHelperCredentials diff --git a/src/cynara-tests/common/cynara_test_helpers.h b/src/cynara-tests/common/cynara_test_helpers.h new file mode 100644 index 00000000..1acd6f88 --- /dev/null +++ b/src/cynara-tests/common/cynara_test_helpers.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file cynara_test_helpers.h + * @author Aleksander Zdyb + * @version 1.0 + * @brief Helpers for cynara-helpers + */ + +#ifndef CYNARA_TEST_HELPERS_H_ +#define CYNARA_TEST_HELPERS_H_ + +#include + +#include +#include + +namespace CynaraHelperCredentials { + +char *socketGetClient(int sock, cynara_client_creds method, + int expectedResult = CYNARA_API_SUCCESS); + +char *socketGetUser(int sock, cynara_user_creds method, + int expectedResult = CYNARA_API_SUCCESS); + +pid_t socketGetPid(int sock, int expectedResult = CYNARA_API_SUCCESS); + +} // namespace CynaraHelperCredentials + + +#endif // CYNARA_TEST_HELPERS_H_ diff --git a/src/cynara-tests/test_cases_helpers.cpp b/src/cynara-tests/test_cases_helpers.cpp new file mode 100644 index 00000000..992a77e5 --- /dev/null +++ b/src/cynara-tests/test_cases_helpers.cpp @@ -0,0 +1,165 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file test_cases_helpers.cpp + * @author Aleksander Zdyb + * @version 1.0 + * @brief Tests for cynara-helper-credentials-socket + */ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +class ProcessCredentials { +public: + ProcessCredentials() {} + + const std::string &label(void) const { + return m_label; + } + + uid_t uid(void) const { + return PasswdAccess::uid(APP_USER); + } + + gid_t gid(void) const { + return PasswdAccess::gid("users"); + } + +private: + std::string m_label = "cynara_helpers"; +}; + +pid_t runInChild(const std::function &process) { + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed"); + + if (pid == 0) { + process(); + exit(EXIT_SUCCESS); + } + + return pid; +} + +void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr, + const struct ProcessCredentials &peerCredentials) { + SecurityServer::AccessProvider ap(peerCredentials.label()); + ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid()); + pipe.claimChildEp(); + + int sock = UDSHelpers::createServer(&sockaddr); + SockUniquePtr sockPtr(&sock); + pipe.post(); + int clientSock = UDSHelpers::acceptClient(sock); + + UDSHelpers::waitForDisconnect(clientSock); +} + +typedef std::function SocketAssertionFn; + +void socketTestTemplate(SocketAssertionFn assertion, const std::string &scope) { + const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_" + scope + ".socket"); + const ProcessCredentials peerCredentials; + + SynchronizationPipe pipe; + + pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr), + std::cref(peerCredentials))); + + pipe.claimParentEp(); + pipe.wait(); + int sock = UDSHelpers::createClient(&sockaddr); + SockUniquePtr sockPtr(&sock); + + assertion(sock, pid, peerCredentials); +} + +RUNNER_TEST_GROUP_INIT(cynara_creds_socket) + +RUNNER_MULTIPROCESS_TEST_SMACK(tccs01_socket_credentials_client_smack) +{ + socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) { + CStringPtr label(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK)); + RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(), + "Labels don't match ret = " << label.get() + << "; expected = " << peerCredentials.label()); + }, "tccs01"); +} + +RUNNER_MULTIPROCESS_TEST_SMACK(tccs02_socket_credentials_client_pid) +{ + socketTestTemplate([] (int sock, pid_t pid, const ProcessCredentials &) { + CStringPtr clientPidStr(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_PID)); + pid_t clientPid = std::stoi(clientPidStr.get()); + RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid + << "; expected = " << pid); + }, "tccs02"); +} + +RUNNER_MULTIPROCESS_TEST_SMACK(tccs03_socket_credentials_user_uid) +{ + socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) { + CStringPtr uidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_UID)); + uid_t uid = std::stoul(uidStr.get()); + RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid + << "; expected = "<< peerCredentials.uid()); + }, "tccs03"); +} + +RUNNER_MULTIPROCESS_TEST_SMACK(tccs04_socket_credentials_user_gid) +{ + socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) { + CStringPtr gidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_GID)); + gid_t gid = std::stoul(gidStr.get()); + RUNNER_ASSERT_MSG(peerCredentials.gid() == gid, "GIDs don't match ret = " << gid + << "; expected = "<< peerCredentials.gid()); + }, "tccs04"); +} + +RUNNER_MULTIPROCESS_TEST_SMACK(tccs05_cynara_creds_socket_pid) +{ + const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_tccs05.socket"); + const ProcessCredentials peerCredentials; + + SynchronizationPipe pipe; + pid_t expectedPid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr), + std::cref(peerCredentials))); + + pipe.claimParentEp(); + pipe.wait(); + int sock = UDSHelpers::createClient(&sockaddr); + SockUniquePtr sockPtr(&sock); + + pid_t helperPid = CynaraHelperCredentials::socketGetPid(sock); + RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid + << "; expected = " << expectedPid); +}