From: Marcin Lis Date: Mon, 24 Mar 2014 10:44:07 +0000 (+0100) Subject: Refactor libprivilege-control stress tests. X-Git-Tag: security-manager_5.5_testing~273 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F65%2F18465%2F2;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Refactor libprivilege-control stress tests. [Issue#] N/A [Feature] Adapt tests to tizen.org [Cause] Tests failing under no-smack environment due to improper design. [Solution] Make stress tests work well when SMACK is not present by adding different conditions. In addition use types defined in common headers instead of repeating nested declarations of vectors. [Verification] Build, install, run tests. The following test cases should pass: << WITH SMACK >> - privilege_control22_app_installation_1x100_smack - privilege_control23_app_installation2_10x10_smack << WITHOUT SMACK >> - privilege_control22_app_installation_1x100_nosmack - privilege_control23_app_installation2_10x10_nosmack Change-Id: I8a9cfeeb4ce81c7543e3ef33b704441f25dd9c2d Signed-off-by: Marcin Lis --- diff --git a/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h b/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h index 9daaf81..5e52603 100644 --- a/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h +++ b/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h @@ -246,5 +246,7 @@ void test_app_enable_permissions_efl(bool smack); void test_app_disable_permissions_efl(bool smack); void test_app_disable_permissions(bool smack); void test_appsettings_privilege(bool smack); +bool check_all_accesses(bool smack, const rules_t &rules); +bool check_no_accesses(bool smack, const rules_t &rules); #endif /* LIBPRIVILEGE_CONTROL_TEST_COMMON_H_ */ diff --git a/tests/libprivilege-control-tests/test_cases_stress.cpp b/tests/libprivilege-control-tests/test_cases_stress.cpp index 8b86cf2..7e30320 100644 --- a/tests/libprivilege-control-tests/test_cases_stress.cpp +++ b/tests/libprivilege-control-tests/test_cases_stress.cpp @@ -38,18 +38,16 @@ #define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1" // OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also! -const char *FILE_PATH_TEST_OSP_FEATURE = "/usr/share/privilege-control/OSP_test-feature.osp_rxl.smack"; const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl", "~APP~ " TEST_WGT_FEATURE_APP_ID " rl", NULL }; const char *TEST_OSP_FEATURE_PRIVS[] = { TEST_OSP_FEATURE, NULL }; // WGT Api Feature Test data - rwx access only to WGT app -const char *FILE_PATH_TEST_WGT_FEATURE = "/usr/share/privilege-control/WRT_test-feature.wgt_rwx.smack"; const char *test_wgt_feature_rule_set[] = { "~APP~ " TEST_WGT_FEATURE_APP_ID " rwx", NULL }; const char *TEST_WGT_FEATURE_PRIVS[] = { TEST_WGT_FEATURE, NULL }; -const std::vector< std::vector > rules_to_test_any_access1 = { +rules_t rules_to_test_any_access1 = { { TEST_OSP_FEATURE_APP_ID, APP_ID, "r" }, { TEST_OSP_FEATURE_APP_ID, APP_ID, "w" }, { TEST_OSP_FEATURE_APP_ID, APP_ID, "x" }, @@ -58,7 +56,7 @@ const std::vector< std::vector > rules_to_test_any_access1 = { { TEST_OSP_FEATURE_APP_ID, APP_ID, "l" } }; -const std::vector< std::vector > rules_to_test_any_access2 = { +rules_t rules_to_test_any_access2 = { { APP_ID, TEST_OSP_FEATURE_APP_ID, "r" }, { APP_ID, TEST_OSP_FEATURE_APP_ID, "x" }, { APP_ID, TEST_OSP_FEATURE_APP_ID, "l" }, @@ -68,26 +66,26 @@ const std::vector< std::vector > rules_to_test_any_access2 = { { APP_ID, TEST_WGT_FEATURE_APP_ID, "l" } }; -#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \ - (const std::vector< std::vector >) { \ - { sub, obj, "r" }, \ - { sub, obj, "w" }, \ - { sub, obj, "x" }, \ - { sub, obj, "a" }, \ - { sub, obj, "t" }, \ +#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \ + (const rules_t) { \ + { sub, obj, "r" }, \ + { sub, obj, "w" }, \ + { sub, obj, "x" }, \ + { sub, obj, "a" }, \ + { sub, obj, "t" }, \ { sub, obj, "l" } } +RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress) + /** * Test - Simulation of 100 installations and uninstallations of one application. * Installed application will have various kind of permissions from api * features and shared folders. */ - -RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress) - -RUNNER_TEST(privilege_control22_app_installation_1x100) +void privilege_control22_app_installation_1x100(bool smack) { int result; + const int expected_smack_result = smack ? 1:-1; std::string shared_dir_auto_label; // Clear any previously created apps, files, labels and permissions @@ -111,11 +109,6 @@ RUNNER_TEST(privilege_control22_app_installation_1x100) RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. Result: " << result); - // remove api features by deleting files - // TODO: Rewrite deleting features - unlink(FILE_PATH_TEST_OSP_FEATURE); - unlink(FILE_PATH_TEST_WGT_FEATURE); - // Install setting app and give it app-setting permissions result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, @@ -220,8 +213,8 @@ RUNNER_TEST(privilege_control22_app_installation_1x100) // Verify that some previously installed app does not have any access // to APP_ID private label - result = test_have_any_accesses(rules_to_test_any_access1); - RUNNER_ASSERT_MSG_BT(result == 0, + result = check_no_accesses(smack, rules_to_test_any_access1); + RUNNER_ASSERT_MSG_BT(result == 1, "Error - other app has access to private label. Loop index: " << i); @@ -238,12 +231,13 @@ RUNNER_TEST(privilege_control22_app_installation_1x100) // Verify that all permissions to public dir have been added // correctly, also to other app result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl"); - RUNNER_ASSERT_MSG_BT(result == 1, + + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to Public RO dir are granted. Loop index: " << i); result = smack_have_access(TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" ); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to Public RO dir are granted. Loop index: " << i); @@ -282,19 +276,19 @@ RUNNER_TEST(privilege_control22_app_installation_1x100) // Verify that setting app has rwx permission to app dir // and rx permissions to app result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl"); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to App-Setting dir are granted. " << APP_ID << " "<< shared_dir_auto_label << " rwxatl " << "Loop index: " << i); result = smack_have_access(APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx"); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to App-Setting dir are granted. " << APP_TEST_SETTINGS_ASP1 << " " << shared_dir_auto_label << " rwx. " << "Loop index: " << i); result = smack_have_access(APP_TEST_SETTINGS_ASP1, APP_ID, "rx"); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to App-Setting dir are granted. " << APP_TEST_SETTINGS_ASP1 << " " << APP_ID << " rx" << "Loop index: " << i); @@ -302,7 +296,7 @@ RUNNER_TEST(privilege_control22_app_installation_1x100) // Verify that all permissions to public dir have been added // correctly, also to other app result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl"); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to Group RW dir are granted. Loop index: " << i); @@ -311,10 +305,10 @@ RUNNER_TEST(privilege_control22_app_installation_1x100) } // END switch // check if api-features permissions are added properly - result = test_have_all_accesses( - (const std::vector< std::vector >) { - { APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" }, - { APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } ); + result = check_all_accesses(smack, + (const rules_t) { + { APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" }, + { APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } ); RUNNER_ASSERT_MSG_BT(result == 1, "Not all permisions from api features added. Loop index: " << i); @@ -326,8 +320,8 @@ RUNNER_TEST(privilege_control22_app_installation_1x100) << ". Result: " << result); // check if api-features permissions are removed properly - result = test_have_any_accesses(rules_to_test_any_access2); - RUNNER_ASSERT_MSG_BT(result == 0, + result = check_no_accesses(smack, rules_to_test_any_access2); + RUNNER_ASSERT_MSG_BT(result == 1, "Not all permisions revoked. Loop index: " << i); // remove labels from app folder @@ -360,12 +354,6 @@ RUNNER_TEST(privilege_control22_app_installation_1x100) "Error in perm_app_uninstall. Result: " << result); DB_END - - // Remove api features - // TODO: Rewrite removing features - unlink(FILE_PATH_TEST_OSP_FEATURE); - unlink(FILE_PATH_TEST_WGT_FEATURE); - } /** @@ -391,9 +379,10 @@ RUNNER_TEST(privilege_control22_app_installation_1x100) * test_APP4 & test_APP9 register their directories as * APP_PATH_SETTINGS_RW */ -RUNNER_TEST(privilege_control23_app_installation2_10x10) +void privilege_control23_app_installation2_10x10(bool smack) { int result; + const int expected_smack_result = smack ? 1:-1; const int app_count = 10; std::string shared_dir3_auto_label; std::string shared_dir7_auto_label; @@ -589,10 +578,10 @@ RUNNER_TEST(privilege_control23_app_installation2_10x10) // Apps 1-9 should not have any access to app 0 if (j != 0) { - result = test_have_any_accesses( + result = check_no_accesses(smack, FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0]) ); - RUNNER_ASSERT_MSG_BT(result == 0, + RUNNER_ASSERT_MSG_BT(result == 1, "Other app (app id: " << app_ids[j] << ") has access to private label of: " << app_ids[0] << ". It may not be shared. Loop index: " << i << "."); @@ -601,10 +590,10 @@ RUNNER_TEST(privilege_control23_app_installation2_10x10) // Apps 0-4 and 6-9 should not have any access to app 5 if (j != 5) { - result = test_have_any_accesses( + result = check_no_accesses(smack, FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5]) ); - RUNNER_ASSERT_MSG_BT(result == 0, + RUNNER_ASSERT_MSG_BT(result == 1, "Other app (app id: " << app_ids[j] << ") has access to private label of: " << app_ids[5] << ". It may not be shared. Loop index: " << i << "."); @@ -612,8 +601,8 @@ RUNNER_TEST(privilege_control23_app_installation2_10x10) } // End for Verify PRIVATE // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders - result = test_have_all_accesses( - (const std::vector< std::vector >) { + result = check_all_accesses(smack, + (const rules_t) { { app_ids[1], APPID_SHARED_DIR, "rwxatl" }, { app_ids[2], APPID_SHARED_DIR, "rwxatl" }, { app_ids[6], APPID_SHARED_DIR, "rwxatl" } } ); @@ -653,64 +642,64 @@ RUNNER_TEST(privilege_control23_app_installation2_10x10) { if (j == 3) { - result = test_have_all_accesses( - (const std::vector< std::vector >) { + result = check_all_accesses(smack, + (const rules_t) { { app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } ); RUNNER_ASSERT_MSG_BT(result == 1, "Not all accesses to owned Public RO dir are granted. App id: " << app_ids[j] << " Loop index: " << i); // Verify that there are no extra permissions to public dirs - result = test_have_any_accesses( - (const std::vector< std::vector >) { + result = check_no_accesses(smack, + (const rules_t) { { app_ids[j], shared_dir7_auto_label.c_str(), "w" }, { app_ids[j], shared_dir7_auto_label.c_str(), "t" }, { app_ids[j], shared_dir8_auto_label.c_str(), "w" }, { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } ); - RUNNER_ASSERT_MSG_BT(result == 0, + RUNNER_ASSERT_MSG_BT(result == 1, "Unexpected extra permissions added for app:" << app_ids[j] << ". Loop index: " << i); } if (j == 7) { - result = test_have_all_accesses( - (const std::vector< std::vector >) { + result = check_all_accesses(smack, + (const rules_t) { { app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } ); RUNNER_ASSERT_MSG_BT(result == 1, "Not all accesses to owned Public RO dir are granted. App id: " << app_ids[j] << " Loop index: " << i); // Verify that there are no extra permissions to public dirs - result = test_have_any_accesses( - (const std::vector< std::vector >) { + result = check_no_accesses(smack, + (const rules_t) { { app_ids[j], shared_dir3_auto_label.c_str(), "w" }, { app_ids[j], shared_dir3_auto_label.c_str(), "t" }, { app_ids[j], shared_dir8_auto_label.c_str(), "w" }, { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } ); - RUNNER_ASSERT_MSG_BT(result == 0, + RUNNER_ASSERT_MSG_BT(result == 1, "Unexpected extra permissions added for app:" << app_ids[j] << ". Loop index: " << i); } if (j == 8) { - result = test_have_all_accesses( - (const std::vector< std::vector >) { + result = check_all_accesses(smack, + (const rules_t) { { app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } ); RUNNER_ASSERT_MSG_BT(result == 1, "Not all accesses to owned Public RO dir are granted. App id: " << app_ids[j] << " Loop index: " << i); // Verify that there are no extra permissions to other public dirs - result = test_have_any_accesses( - (const std::vector< std::vector >) { + result = check_no_accesses(smack, + (const rules_t) { { app_ids[j], shared_dir3_auto_label.c_str(), "w" }, { app_ids[j], shared_dir3_auto_label.c_str(), "t" }, { app_ids[j], shared_dir7_auto_label.c_str(), "w" }, { app_ids[j], shared_dir7_auto_label.c_str(), "t" } } ); - RUNNER_ASSERT_MSG_BT(result == 0, + RUNNER_ASSERT_MSG_BT(result == 1, "Unexpected extra permissions added for app:" << app_ids[j] << ". Loop index: " << i); } - result = test_have_all_accesses( - (const std::vector< std::vector >) { + result = check_all_accesses(smack, + (const rules_t) { { app_ids[j], shared_dir3_auto_label.c_str(), "rx" }, { app_ids[j], shared_dir7_auto_label.c_str(), "rx" }, { app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } ); @@ -740,32 +729,32 @@ RUNNER_TEST(privilege_control23_app_installation2_10x10) // Verify that setting app has rwx permission to app-settings dirs and rx to apps result = smack_have_access(app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl"); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to App-Setting dir are granted." << app_ids[4] << " " << setting_dir4_auto_label << " Loop index: " << i); result = smack_have_access(app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl"); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to App-Setting dir are granted." << app_ids[9] << " " << setting_dir9_auto_label << " Loop index: " << i); result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[4], "rx"); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to App-Setting dir are granted." << APP_TEST_SETTINGS_ASP1 << " " << app_ids[4] << " Loop index: " << i); result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[9], "rx"); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to App-Setting dir are granted." << APP_TEST_SETTINGS_ASP1 << " " << app_ids[9] << " Loop index: " << i); result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx"); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to App-Setting dir are granted." << APP_TEST_SETTINGS_ASP1 << " " << setting_dir4_auto_label << " Loop index: " << i); result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx"); - RUNNER_ASSERT_MSG_BT(result == 1, + RUNNER_ASSERT_MSG_BT(result == expected_smack_result, "Not all accesses to App-Setting dir are granted." << APP_TEST_SETTINGS_ASP1 << " " << setting_dir9_auto_label << " Loop index: " << i); @@ -775,8 +764,8 @@ RUNNER_TEST(privilege_control23_app_installation2_10x10) // Check if api-features permissions are added properly for (int j = 0; j < 5; ++j) { - result = test_have_all_accesses( - (const std::vector< std::vector >) { + result = check_all_accesses(smack, + (const rules_t) { { app_ids[j], app_ids[6], "r" }, { app_ids[j], app_ids[7], "rxl" }, { app_ids[j], app_ids[8], "rwxal" }, @@ -788,8 +777,8 @@ RUNNER_TEST(privilege_control23_app_installation2_10x10) for (int j = 5; j < app_count; ++j) { - result = test_have_all_accesses( - (const std::vector< std::vector >) { + result = check_all_accesses(smack, + (const rules_t) { { app_ids[j], app_ids[1], "r" }, { app_ids[j], app_ids[2], "rxl" }, { app_ids[j], app_ids[3], "rwxal" }, @@ -820,10 +809,10 @@ RUNNER_TEST(privilege_control23_app_installation2_10x10) for (int k = 0; k < app_count; ++k) if (j != k) { - result = test_have_any_accesses( + result = check_no_accesses(smack, FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k]) ); - RUNNER_ASSERT_MSG_BT(result == 0, + RUNNER_ASSERT_MSG_BT(result == 1, "Not all permisions revoked. Subject: " << app_ids[j] << " Object: " << app_ids[k] << " Loop index: " << i); } @@ -865,3 +854,23 @@ RUNNER_TEST(privilege_control23_app_installation2_10x10) "Error in perm_app_uninstall. Result: " << result); } + +RUNNER_TEST_SMACK(privilege_control22_app_installation_1x100_smack) +{ + privilege_control22_app_installation_1x100(true); +} + +RUNNER_TEST_NOSMACK(privilege_control22_app_installation_1x100_nosmack) +{ + privilege_control22_app_installation_1x100(false); +} + +RUNNER_TEST_SMACK(privilege_control23_app_installation2_10x10_smack) +{ + privilege_control23_app_installation2_10x10(true); +} + +RUNNER_TEST_NOSMACK(privilege_control23_app_installation2_10x10_nosmack) +{ + privilege_control23_app_installation2_10x10(false); +}