From: Filip Skrzeczkowski Date: Mon, 10 Mar 2025 11:44:25 +0000 (+0100) Subject: Add internet access control tests X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=88efbe42b21ebf731e30d0449a325c96be14ffb9;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Add internet access control tests Change-Id: Ic5d2132e20afa35cbb1b73775d16b1033d0f9660 --- diff --git a/src/security-manager-tests/run-security-manager-no-smack-tests.sh b/src/security-manager-tests/run-security-manager-no-smack-tests.sh index 2beae6a3..c7990166 100644 --- a/src/security-manager-tests/run-security-manager-no-smack-tests.sh +++ b/src/security-manager-tests/run-security-manager-no-smack-tests.sh @@ -70,6 +70,8 @@ required=( security_manager_11b_set_identity_privileged security_manager_11c_set_identity_app_no_author security_manager_11d_set_identity_app_author + security_manager_12a_internet_access_positive + security_manager_12b_internet_access_negative app_defined_06_get_provider app_defined_07_get_provider_license app_defined_08_add_get_license_with_untrusted_priv diff --git a/src/security-manager-tests/test_cases.cpp b/src/security-manager-tests/test_cases.cpp index 46f34519..875036e3 100644 --- a/src/security-manager-tests/test_cases.cpp +++ b/src/security-manager-tests/test_cases.cpp @@ -809,6 +809,64 @@ RUNNER_CHILD_TEST(security_manager_11d_set_identity_app_author) } } +RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_INTERNET) + +namespace +{ + [[nodiscard]] int ping() { + FILE *in; + RUNNER_ASSERT(in = popen("curl -o /dev/null example.com", "r")); + return pclose(in); + }; +} + +RUNNER_CHILD_TEST(security_manager_12a_internet_access_positive) +{ + TemporaryTestUser testUser("sm_test_12a_internet_access", GUM_USERTYPE_NORMAL); + testUser.create(); + AppInstallHelperExt app("sm_test_12a", "sm_test_12a", testUser.getUid()); + app.addPrivilege(PRIV_INTERNET); + ScopedInstaller appInstall(app); + + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed"); + if (pid != 0) { + // wait for child to exit before uninstallation + waitPid(pid); + Api::cleanupApp(app.getAppId(), testUser.getUid(), pid); + } else { + // child - the actual application + RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed"); + Api::prepareAppCandidate(); + Api::prepareApp(app.getAppId()); + + RUNNER_ASSERT_MSG(ping() == 0, "No internet access while the privilege is present"); + } +} + +RUNNER_CHILD_TEST(security_manager_12b_internet_access_negative) +{ + TemporaryTestUser testUser("sm_test_12b_internet_access", GUM_USERTYPE_NORMAL); + testUser.create(); + AppInstallHelperExt app("sm_test_12b", "sm_test_12b", testUser.getUid()); + ScopedInstaller appInstall(app); + + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed"); + if (pid != 0) { + // wait for child to exit before uninstallation + waitPid(pid); + Api::cleanupApp(app.getAppId(), testUser.getUid(), pid); + } else { + // child - the actual application + RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed"); + Api::prepareAppCandidate(); + Api::prepareApp(app.getAppId()); + + RUNNER_ASSERT_MSG(ping() != 0, "Internet access detected despite no privilege"); + } +} + RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_POLICY) RUNNER_TEST(security_manager_20_user_cynara_policy)