From: Zofia Abramowska <z.abramowska@samsung.com>
Date: Thu, 16 Jul 2015 15:34:38 +0000 (+0200)
Subject: Add SM privilege mapping tests
X-Git-Tag: security-manager_5.5_testing~109^2~13
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8485aef7a35deef507dc595c39eaa4527829fc5b;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git

Add SM privilege mapping tests

Change-Id: Ib1c86133b116bd7f77e380233144cf7866d900ed
---

diff --git a/src/security-manager-tests/common/sm_api.cpp b/src/security-manager-tests/common/sm_api.cpp
index 12ede82c..2e79f1b6 100644
--- a/src/security-manager-tests/common/sm_api.cpp
+++ b/src/security-manager-tests/common/sm_api.cpp
@@ -18,10 +18,19 @@
 
 #include <dpl/test/test_runner.h>
 
+#include <memory>
+
 namespace SecurityManagerTest {
 
 namespace Api {
 
+void free_cstring_list(char **p, size_t count) {
+    for (size_t i = 0; i < count; i++) {
+        free(p[i]);
+    }
+    delete [] p;
+}
+
 void install(const InstallRequest &request, lib_retcode expectedResult)
 {
     int result = security_manager_app_install(request.get());
@@ -177,6 +186,45 @@ void getPolicyForAdmin(const PolicyEntry &filter, std::vector<PolicyEntry> &poli
     getConfiguredPolicy(filter, policyEntries, expectedResult, true);
 }
 
+void getPrivilegesMappings(const char *version_from,
+                           const char *version_to,
+                           const std::vector<std::string> &privileges,
+                           std::vector<std::string> &mappings,
+                           lib_retcode expectedResult)
+{
+    char **mappings_buff = nullptr;
+    size_t mappings_count;
+
+    size_t i = 0;
+
+    std::unique_ptr<char *, std::function<void(char**)>> privileges_buff(new char*[privileges.size()],
+                                                        std::bind(free_cstring_list, std::placeholders::_1, std::ref(i)));
+
+    for (; i < privileges.size(); i++) {
+        if (privileges[i].empty())
+            privileges_buff.get()[i] = nullptr;
+        else
+            privileges_buff.get()[i] = strdup(privileges[i].c_str());
+        RUNNER_ASSERT_MSG(privileges_buff.get()[i], "Couldn't copy string");
+    }
+
+    int result;
+    if (privileges.empty())
+        result = security_manager_get_privileges_mapping(version_from, version_to, nullptr,
+                                                         privileges.size(), &mappings_buff, &mappings_count);
+    else
+        result = security_manager_get_privileges_mapping(version_from, version_to, privileges_buff.get(),
+                                                         privileges.size(), &mappings_buff, &mappings_count);
+    RUNNER_ASSERT_MSG(static_cast<lib_retcode>(result) == expectedResult,
+                      "Unexpected result in security_manager_get_privileges_mapping()" << std::endl
+                      << "For version_from: " << version_from << " version_to: " << version_to << " for set of privileges" << std::endl
+                      << " Result: " << result << " Expected: " << expectedResult);
+    for (size_t i = 0; i < mappings_count; i++) {
+        mappings.push_back(mappings_buff[i]);
+    }
+    security_manager_privilege_mapping_free(mappings_buff, mappings_count);
+}
+
 } // namespace Api
 
 } // namespace SecurityManagerTest
diff --git a/src/security-manager-tests/common/sm_api.h b/src/security-manager-tests/common/sm_api.h
index 8a99e32f..e96e249c 100644
--- a/src/security-manager-tests/common/sm_api.h
+++ b/src/security-manager-tests/common/sm_api.h
@@ -40,6 +40,11 @@ void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult = SECUR
 void getPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
 void getPolicyForSelf(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
 void getPolicyForAdmin(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void getPrivilegesMappings(const char *version_from,
+                           const char *version_to,
+                           const std::vector<std::string> &privileges,
+                           std::vector<std::string> &mappings,
+                           lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
 } // namespace Api
 
 } // namespace SecurityManagerTest
diff --git a/src/security-manager-tests/common/sm_db.cpp b/src/security-manager-tests/common/sm_db.cpp
index 8e3e5622..10aa48c8 100644
--- a/src/security-manager-tests/common/sm_db.cpp
+++ b/src/security-manager-tests/common/sm_db.cpp
@@ -197,3 +197,47 @@ void TestSecurityManagerDatabase::setup_privilege_groups(const std::string &priv
         m_base.execute(sql.str(), result);
     }
 }
+
+void TestSecurityManagerDatabase::setup_privilege_mapping(const std::string &version_from,
+                                                          const std::string &version_to,
+                                                          const std::string &privilege,
+                                                          const std::string &mapping)
+{
+    Sqlite3DBaseSelectResult result;
+    std::ostringstream sql;
+
+    if (!m_base.is_open())
+        m_base.open();
+
+    sql.clear();
+    sql.str("");
+    sql << "INSERT INTO privilege_mapping_view (version_from_name, version_to_name, privilege_name, privilege_mapping_name) "
+           "VALUES ("
+            << "'" << version_from << "'" << ","
+            << "'" << version_to << "'" << ","
+            << "'" << privilege << "'" << ","
+            << "'" << mapping << "'" << ")";
+    m_base.execute(sql.str(), result);
+}
+
+void TestSecurityManagerDatabase::setup_default_version_privilege(const std::string &version_from,
+                                                                  const std::string &version_to,
+                                                                  const std::string &privilege)
+{
+    Sqlite3DBaseSelectResult result;
+    std::ostringstream sql;
+
+    if (!m_base.is_open())
+        m_base.open();
+
+        sql.clear();
+        sql.str("");
+        sql << "INSERT INTO privilege_mapping_view (version_from_name, version_to_name, privilege_name, privilege_mapping_name) "
+               "VALUES ("
+                << "'" << version_from << "'" << ","
+                << "'" << version_to << "'" << ","
+                << "NULL,"
+                << "'" << privilege << "'" << ")";
+        m_base.execute(sql.str(), result);
+
+}
diff --git a/src/security-manager-tests/common/sm_db.h b/src/security-manager-tests/common/sm_db.h
index 25ca91a8..0cffde26 100644
--- a/src/security-manager-tests/common/sm_db.h
+++ b/src/security-manager-tests/common/sm_db.h
@@ -138,6 +138,33 @@ public:
     void setup_privilege_groups(const std::string &privilege,
                                 const std::vector<std::string> &groups);
 
+/**
+ * @brief Method for setting privilege to privilege mappings from one version to another
+ *        in security-manager database
+ *
+ * @param version_from version which mapping is from
+ * @param version_to version which mapping is to
+ * @param privilege privilege for which mapping is set
+ * @param mappings mapping of given privielege
+ *
+ */
+    void setup_privilege_mapping(const std::string &version_from,
+                                 const std::string &version_to,
+                                 const std::string &privilege,
+                                 const std::string &mapping);
+/**
+ * @brief Method for setting privilege to privilege mappings from one version to another
+ *        in security-manager database
+ *
+ * @param version_from version which mapping is from
+ * @param version_to version which mapping is to
+ * @param privilege privilege for which mapping is set
+ * @param mappings default privilege
+ *
+ */
+    void setup_default_version_privilege(const std::string &version_from,
+                                         const std::string &version_to,
+                                         const std::string &privilege);
 private:
 /**
  * @var base
diff --git a/src/security-manager-tests/security_manager_tests.cpp b/src/security-manager-tests/security_manager_tests.cpp
index 63a116c6..0a4e75a0 100644
--- a/src/security-manager-tests/security_manager_tests.cpp
+++ b/src/security-manager-tests/security_manager_tests.cpp
@@ -1,33 +1,33 @@
-#include <dpl/log/log.h>
-#include <dpl/test/test_runner.h>
+
 #include <fcntl.h>
 #include <stdio.h>
 #include <memory.h>
-#include <string>
-#include <unordered_set>
-#include <sys/capability.h>
 #include <semaphore.h>
-
 #include <unistd.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/socket.h>
-#include <sys/un.h>
+
 #include <attr/xattr.h>
 #include <linux/xattr.h>
-
-#include <unistd.h>
+#include <sys/capability.h>
+#include <sys/socket.h>
 #include <sys/types.h>
+#include <sys/un.h>
 #include <sys/wait.h>
 
+#include <algorithm>
+#include <fstream>
+#include <string>
+#include <unordered_set>
+
 #include <grp.h>
 #include <pwd.h>
 
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-
 #include <tzplatform_config.h>
 #include <security-manager.h>
+
+#include <dpl/log/log.h>
+#include <dpl/test/test_runner.h>
+#include <libprivilege-control_test_common.h>
+#include <tests_common.h>
 #include <sm_api.h>
 #include <sm_db.h>
 #include <sm_request.h>
@@ -117,6 +117,26 @@ static const std::vector<privileges_t> MANY_APPS_PRIVILEGES = {
     }
 };
 
+/* PRIVILEGE MAPPING TEST CONSTS */
+
+static const std::string OLD_VERSION = "2.4";
+static const std::string NEW_VERSION = "3.0";
+
+static const std::vector<std::string> OLD_PRIVILEGES = {
+        "http://tizen.org/privilege/internet.old",
+        "http://tizen.org/privilege/telephony.old",
+        "http://tizen.org/privilege/contact.old",
+        "http://tizen.org/privilege/led.old",
+        "http://tizen.org/privilege/email.old"
+};
+
+static const std::vector<privileges_t> &NEW_PRIVILEGES = MANY_APPS_PRIVILEGES;
+
+static const privileges_t DEFAULT_PRIVILEGES = {
+        "http://tizen.org/privilege/led",
+        "http://tizen.org/privilege/internet"
+};
+
 static std::string generateAppLabel(const std::string &appId)
 {
     return "User::App::" + appId;
@@ -2070,7 +2090,7 @@ RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_fetch_whole_policy_
     }
 }
 
-RUNNER_CHILD_TEST(security_manager_10_user_cynara_policy)
+RUNNER_CHILD_TEST(security_manager_18_user_cynara_policy)
 {
     RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
     const char *const MAIN_BUCKET = "MAIN";
@@ -2097,7 +2117,7 @@ RUNNER_CHILD_TEST(security_manager_10_user_cynara_policy)
     admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
 }
 
-RUNNER_CHILD_TEST(security_manager_11_security_manager_cmd_install)
+RUNNER_CHILD_TEST(security_manager_19_security_manager_cmd_install)
 {
     RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
     int ret;
@@ -2149,7 +2169,7 @@ RUNNER_CHILD_TEST(security_manager_11_security_manager_cmd_install)
     }
 }
 
-RUNNER_CHILD_TEST(security_manager_12_security_manager_cmd_users)
+RUNNER_CHILD_TEST(security_manager_20_security_manager_cmd_users)
 {
     RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
     int ret;
@@ -2188,7 +2208,7 @@ RUNNER_CHILD_TEST(security_manager_12_security_manager_cmd_users)
     }
 }
 
-RUNNER_MULTIPROCESS_TEST(security_manager_13_security_manager_admin_deny_user_priv)
+RUNNER_MULTIPROCESS_TEST(security_manager_21_security_manager_admin_deny_user_priv)
 {
     const int BUFFER_SIZE = 128;
     struct message {
@@ -2292,6 +2312,135 @@ RUNNER_MULTIPROCESS_TEST(security_manager_13_security_manager_admin_deny_user_pr
     }
 }
 
+void saveMappingsToDb(const std::string &version_from, const std::string &version_to,
+                      const privileges_t &privileges, const std::vector<privileges_t> &mappings) {
+    TestSecurityManagerDatabase db;
+    RUNNER_ASSERT_MSG(privileges.size() == mappings.size(), "Wrong given privileges and mappings size");
+    auto privIt = privileges.begin();
+    auto mappIt = mappings.begin();
+    for (; privIt != privileges.end() && mappIt != mappings.end(); privIt++, mappIt++) {
+        for (const auto &mapping : *mappIt) {
+            db.setup_privilege_mapping(version_from, version_to, *privIt, mapping);
+        }
+    }
+}
+
+void saveDefaultMappingsToDb(const std::string &version_from, const std::string &version_to,
+                             const privileges_t &privileges) {
+    TestSecurityManagerDatabase db;
+    for (auto &privilege : privileges) {
+        db.setup_default_version_privilege(version_from, version_to, privilege);
+    }
+}
+
+void concatUnique(privileges_t &to, const privileges_t &from) {
+    to.reserve(to.size() + from.size());
+    for (auto &new_priv : from) {
+        if (std::find(to.begin(), to.end(), new_priv) == to.end())
+            to.push_back(new_priv);
+    }
+}
+
+RUNNER_TEST(security_manager_22_get_privilege_mappings)
+{
+    saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES);
+    saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
+    privileges_t retrievedMapping;
+    std::string current;
+    auto expectedIt = NEW_PRIVILEGES.begin();
+    for (const auto &privilege : OLD_PRIVILEGES) {
+        retrievedMapping.clear();
+        std::vector<std::string> privilegeToMap = {privilege};
+        Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(),
+                                   privilegeToMap, retrievedMapping);
+        std::vector<std::string> expectedPrivileges = *expectedIt;
+        concatUnique(expectedPrivileges, DEFAULT_PRIVILEGES);
+        RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
+                          "Wrong count of mappings returned for " << privilege << "."
+                          " Got " << retrievedMapping.size()
+                          << " expected " << expectedPrivileges.size());
+        RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
+                          "Wrong mapping returned for " << privilege);
+        ++expectedIt;
+    }
+}
+
+RUNNER_TEST(security_manager_23_get_privileges_mappings)
+{
+    saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES);
+    saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
+
+    std::vector<std::string> retrievedMapping;
+    std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
+    for(auto &expected : NEW_PRIVILEGES) {
+        concatUnique(expectedPrivileges, expected);
+    }
+    const std::vector<std::string> &privilegesToMap = OLD_PRIVILEGES;
+
+    Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(), privilegesToMap, retrievedMapping);
+    RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
+                      "Wrong count of mappings returned. Got " << retrievedMapping.size()
+                      << " expected " << expectedPrivileges.size());
+    RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
+                      "Wrong mapping returned for privileges set");
+}
+
+RUNNER_TEST(security_manager_24_get_privileges_mappings_default_version)
+{
+    saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES);
+    saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
+
+    std::vector<std::string> retrievedMapping;
+    std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
+    for(auto &expected : NEW_PRIVILEGES) {
+        concatUnique(expectedPrivileges, expected);
+    }
+    const std::vector<std::string> &privilegesToMap = OLD_PRIVILEGES;
+
+    Api::getPrivilegesMappings(OLD_VERSION.c_str(), nullptr, privilegesToMap, retrievedMapping);
+    RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
+                      "Wrong count of mappings returned. Got " << retrievedMapping.size()
+                      << " expected " << expectedPrivileges.size());
+    RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
+                      "Wrong mapping returned for privileges set");
+}
+
+RUNNER_TEST(security_manager_25_get_default_mappings)
+{
+    saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
+
+    std::vector<std::string> retrievedMapping;
+    std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
+
+    // Empty privilege to map vector will indicate nullptr privilege array in security-manager API
+    std::vector<std::string> privilegeToMap;
+
+    Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(), privilegeToMap, retrievedMapping);
+    RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
+                      "Wrong count of mappings returned. Got " << retrievedMapping.size()
+                      << " expected " << expectedPrivileges.size());
+    RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
+                      "Wrong default mapping returned");
+}
+
+RUNNER_TEST(security_manager_26_get_default_mappings_default_version)
+{
+    saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
+
+    std::vector<std::string> retrievedMapping;
+    std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
+
+    // Empty privilege to map vector will indicate nullptr privilege array in security-manager API
+    std::vector<std::string> privilegeToMap;
+
+    Api::getPrivilegesMappings(OLD_VERSION.c_str(), nullptr, privilegeToMap, retrievedMapping);
+    RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
+                      "Wrong count of mappings returned. Got " << retrievedMapping.size()
+                      << " expected " << expectedPrivileges.size());
+    RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
+                      "Wrong default mapping returned");
+}
+
 int main(int argc, char *argv[])
 {
     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);