From: Marcin Niesluchowski <m.niesluchow@samsung.com>
Date: Tue, 17 Feb 2015 10:38:37 +0000 (+0100)
Subject: Add dbus tests for receive sender check
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3d8057a4428612b093af9a037bf0e13a165166ed;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git

Add dbus tests for receive sender check

* tcc_3130_receive_sender_deny
    Check for receive sender created in conf file. Not granted for service
    receiving message.
* tcc_3170_receive_sender_allow
    Check for receive sender created in conf file. Granted for service
    receiving message.

Change-Id: I51b141bea7710394f464585e34376ae7cae0cc9f
---

diff --git a/tests/dbus-tests/cynara_dbus_tests.cpp b/tests/dbus-tests/cynara_dbus_tests.cpp
index 1c049fe8..2fade043 100644
--- a/tests/dbus-tests/cynara_dbus_tests.cpp
+++ b/tests/dbus-tests/cynara_dbus_tests.cpp
@@ -188,7 +188,7 @@ static void addBusconfigPolicySendDestination(const std::string &testId)
     writer.save();
 }
 
-static void runSendClient(const std::string &testId)
+static void runMessageClient(const std::string &testId, bool changeLabel)
 {
     const std::string clientId(clientIdFromStr(testId));
     const std::string serviceId(serviceIdFromStr(testId));
@@ -196,7 +196,8 @@ static void runSendClient(const std::string &testId)
 
     sleep(1);
 
-    RUNNER_ASSERT(0 == smack_set_label_for_self(smackLabelFromStr(clientId).c_str()));
+    if (changeLabel)
+        RUNNER_ASSERT(0 == smack_set_label_for_self(smackLabelFromStr(clientId).c_str()));
     DBus::Connection client(DBUS_BUS_SYSTEM, true);
     client.requestName(connectionNameFromStr(clientId));
 
@@ -210,13 +211,17 @@ static void runSendClient(const std::string &testId)
     sleep(1);
 }
 
-static void runSendService(const std::string &testId, bool allow)
+static void runMessageService(const std::string &testId, bool changeLabel,
+                              const std::string &errorStr, bool allow)
 {
     const std::string clientId(clientIdFromStr(testId));
     const std::string serviceId(serviceIdFromStr(testId));
     const std::string member(memberFromStr(serviceId));
     const ServiceCreds serviceCreds(serviceId);
 
+    if (changeLabel)
+        RUNNER_ASSERT(0 == smack_set_label_for_self(smackLabelFromStr(serviceId).c_str()));
+
     Service service(serviceCreds);
     bool finish = false;
     if (allow) {
@@ -238,7 +243,7 @@ static void runSendService(const std::string &testId, bool allow)
                  std::string &errorMessage)->void {
                     (void) connection;
                     (void) messageIn;
-                    errorMessage = "Should not be able to send to " + serviceCreds.connectionName();
+                    errorMessage = errorStr;
                 });
     }
     service.run(finish, !allow);
@@ -252,6 +257,7 @@ static void testSend(const std::string &testId,
 {
     SmackAccess access;
     const std::string clientId(clientIdFromStr(testId));
+    const std::string serviceId(serviceIdFromStr(testId));
 
     addBusconfigPolicyFunc(testId);
     addSmackAccessForDbus(access, smackLabelFromStr(clientId));
@@ -262,9 +268,11 @@ static void testSend(const std::string &testId,
 
     pid_t pid = assertFork();
     if (pid == 0)
-        runSendClient(testId);
+        runMessageClient(testId, true);
     else
-        runSendService(testId, allow);
+        runMessageService(testId, false,
+                          "Should not be able to send to " + connectionNameFromStr(serviceId),
+                          allow);
 }
 
 RUNNER_MULTIPROCESS_TEST_SMACK(tcc_2130_send_destination_deny)
@@ -478,3 +486,51 @@ RUNNER_MULTIPROCESS_TEST_SMACK(tcc_2670_send_error_allow)
 {
     testSendError("tcc2670", true);
 }
+
+static void addBusconfigPolicyReceiveAllows(BusConfigWriter &writer)
+{
+    writer.addPolicyAllow({{Attr::OWN_PREFIX, CONNECTION_NAME_PREFIX}});
+    writer.addPolicyAllow({{Attr::SEND_TYPE, MESSSAGE_TYPE_METHOD_CALL}});
+}
+
+static void addBusconfigPolicyReceiveSender(const std::string &testId)
+{
+    BusConfigWriter writer;
+    addBusconfigPolicyReceiveAllows(writer);
+    writer.addPolicyCheck(privilegeFromStr(serviceIdFromStr(testId)),
+                          {{Attr::RECEIVE_SENDER, connectionNameFromStr(clientIdFromStr(testId))}});
+    writer.save();
+}
+
+static void testReceive(const std::string &testId,
+                        const std::function<void(const std::string &)> addBusconfigPolicyFunc,
+                        bool allow)
+{
+    const std::string clientId(clientIdFromStr(testId));
+    const std::string serviceId(serviceIdFromStr(testId));
+    addBusconfigPolicyFunc(testId);
+    SmackAccess access;
+    addSmackAccessForDbus(access, smackLabelFromStr(serviceId));
+    if (allow)
+        addCynaraPolicy(serviceId);
+
+    sleep(1);
+
+    pid_t pid = assertFork();
+    if (pid == 0)
+        runMessageService(testId, true,
+                          "Should not be able to receive from " + connectionNameFromStr(clientId),
+                          allow);
+    else
+        runMessageClient(testId, false);
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tcc_3130_receive_sender_deny)
+{
+    testReceive("tcc3130", addBusconfigPolicyReceiveSender, false);
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tcc_3170_receive_sender_allow)
+{
+    testReceive("tcc3170", addBusconfigPolicyReceiveSender, true);
+}