From: Zofia Abramowska Date: Thu, 8 Sep 2016 15:30:44 +0000 (+0200) Subject: SM: Rename and use one label generators X-Git-Tag: security-manager_5.5_testing~20^2~52 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F94%2F87594%2F1;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git SM: Rename and use one label generators Change-Id: Iee19a490a5da8076c03260c86d58dd13baa60ba7 --- diff --git a/src/security-manager-tests/common/app_install_helper.h b/src/security-manager-tests/common/app_install_helper.h index 5162ba8..2a15dc4 100644 --- a/src/security-manager-tests/common/app_install_helper.h +++ b/src/security-manager-tests/common/app_install_helper.h @@ -23,6 +23,7 @@ #include #include +#include #include struct AppInstallHelper { @@ -90,11 +91,11 @@ struct AppInstallHelper { } std::string generateAppLabel() const { - return "User::App::" + getAppId(); + return generateProcessLabel(getAppId()); } std::string generatePkgLabel() const { - return "User::Pkg::" + getPkgId(); + return generatePathRWLabel(getPkgId()); } void removePaths() { diff --git a/src/security-manager-tests/common/sm_commons.cpp b/src/security-manager-tests/common/sm_commons.cpp index 53013d4..31cf3e2 100644 --- a/src/security-manager-tests/common/sm_commons.cpp +++ b/src/security-manager-tests/common/sm_commons.cpp @@ -65,12 +65,12 @@ const std::string uidToStr(const uid_t uid) // Common implementation details -std::string generateAppLabel(const std::string &appId) +std::string generateProcessLabel(const std::string &appId) { return "User::App::" + appId; } -std::string generatePkgLabel(const std::string &pkgId) +std::string generatePathRWLabel(const std::string &pkgId) { return "User::Pkg::" + pkgId; } @@ -217,7 +217,7 @@ void check_app_permissions(const char *const app_id, const char *const pkg_id, const privileges_t &denied_privs) { (void) pkg_id; - std::string smackLabel = generateAppLabel(app_id); + std::string smackLabel = generateProcessLabel(app_id); CynaraTestClient::Client ctc; @@ -313,14 +313,14 @@ void check_app_path_after_install(int app_num, const char *pkgId, bool others_en std::string SM_PUBLIC_RO_PATH = genPublicROPath(app_num); int result; - nftw_expected_label = generatePkgLabel(pkgId); + nftw_expected_label = generatePathRWLabel(pkgId); nftw_expected_transmute = true; nftw_expected_exec = false; result = nftw(SM_RW_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH); - nftw_expected_label = generatePkgLabel(pkgId) + "::RO"; + nftw_expected_label = generatePathRWLabel(pkgId) + "::RO"; nftw_expected_transmute = false; nftw_expected_exec = false; diff --git a/src/security-manager-tests/common/sm_commons.h b/src/security-manager-tests/common/sm_commons.h index efd0b40..971eace 100644 --- a/src/security-manager-tests/common/sm_commons.h +++ b/src/security-manager-tests/common/sm_commons.h @@ -25,7 +25,6 @@ #include -#include #include #include #include @@ -49,8 +48,8 @@ const std::string SM_RW_PATH = const std::string uidToStr(const uid_t uid); -std::string generateAppLabel(const std::string &appId); -std::string generatePkgLabel(const std::string &pkgId); +std::string generateProcessLabel(const std::string &appId); +std::string generatePathRWLabel(const std::string &pkgId); std::string genRWPath(int app_num); std::string genROPath(int app_num); std::string genPublicROPath(int app_num); diff --git a/src/security-manager-tests/test_cases.cpp b/src/security-manager-tests/test_cases.cpp index 3899c04..a4d95db 100644 --- a/src/security-manager-tests/test_cases.cpp +++ b/src/security-manager-tests/test_cases.cpp @@ -172,7 +172,7 @@ RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid) const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack"; const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack"; const char *const socketLabel = "not_expected_label"; - std::string expected_label = generateAppLabel(app_id); + std::string expected_label = generateProcessLabel(app_id); std::string expected_socket_label = socketLabel; char *label = nullptr; CStringPtr labelPtr; diff --git a/src/security-manager-tests/test_cases_credentials.cpp b/src/security-manager-tests/test_cases_credentials.cpp index d2811e8..ce5c1f9 100644 --- a/src/security-manager-tests/test_cases_credentials.cpp +++ b/src/security-manager-tests/test_cases_credentials.cpp @@ -112,7 +112,7 @@ RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket) Api::install(requestInst); - std::string smackLabel = generateAppLabel(sm_app_id); + std::string smackLabel = generateProcessLabel(sm_app_id); clientTestTemplate([&] (int sock, pid_t) { std::string rcvPkgId, rcvAppId; @@ -140,7 +140,7 @@ RUNNER_CHILD_TEST(security_manager_51b_get_id_by_socket) Api::install(requestInst); - std::string smackLabel = generateAppLabel(sm_app_id); + std::string smackLabel = generateProcessLabel(sm_app_id); clientTestTemplate([&] (int sock, pid_t) { std::string rcvPkgId, rcvAppId; @@ -164,7 +164,7 @@ RUNNER_CHILD_TEST(security_manager_51c_get_id_by_socket) Api::install(requestInst); - std::string smackLabel = generateAppLabel(sm_app_id); + std::string smackLabel = generateProcessLabel(sm_app_id); clientTestTemplate([&] (int sock, pid_t) { std::string rcvPkgId; @@ -190,7 +190,7 @@ RUNNER_CHILD_TEST(security_manager_51d_get_id_by_socket) Api::install(requestInst); - std::string smackLabel = generateAppLabel(sm_app_id); + std::string smackLabel = generateProcessLabel(sm_app_id); clientTestTemplate([&] (int sock, pid_t) { std::string rcvAppId; @@ -216,7 +216,7 @@ RUNNER_CHILD_TEST(security_manager_51e_get_id_by_socket) Api::install(requestInst); - std::string smackLabel = generateAppLabel(sm_app_id); + std::string smackLabel = generateProcessLabel(sm_app_id); clientTestTemplate([&] (int sock, pid_t) { Api::getPkgIdBySocket(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM); @@ -239,7 +239,7 @@ RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid) Api::install(requestInst); - std::string smackLabel = generateAppLabel(sm_app_id); + std::string smackLabel = generateProcessLabel(sm_app_id); clientTestTemplate([&] (int, pid_t pid) { std::string rcvPkgId, rcvAppId; @@ -267,7 +267,7 @@ RUNNER_CHILD_TEST(security_manager_52b_get_id_by_pid) Api::install(requestInst); - std::string smackLabel = generateAppLabel(sm_app_id); + std::string smackLabel = generateProcessLabel(sm_app_id); clientTestTemplate([&] (int, pid_t pid) { std::string rcvPkgId, rcvAppId; @@ -291,7 +291,7 @@ RUNNER_CHILD_TEST(security_manager_52c_get_id_by_pid) Api::install(requestInst); - std::string smackLabel = generateAppLabel(sm_app_id); + std::string smackLabel = generateProcessLabel(sm_app_id); clientTestTemplate([&] (int, pid_t pid) { std::string rcvPkgId; @@ -317,7 +317,7 @@ RUNNER_CHILD_TEST(security_manager_52d_get_id_by_pid) Api::install(requestInst); - std::string smackLabel = generateAppLabel(sm_app_id); + std::string smackLabel = generateProcessLabel(sm_app_id); clientTestTemplate([&] (int, pid_t pid) { std::string rcvAppId; @@ -343,7 +343,7 @@ RUNNER_CHILD_TEST(security_manager_52e_get_id_by_pid) Api::install(requestInst); - std::string smackLabel = generateAppLabel(sm_app_id); + std::string smackLabel = generateProcessLabel(sm_app_id); clientTestTemplate([&] (int sock, pid_t) { Api::getPkgIdByPid(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM); diff --git a/src/security-manager-tests/test_cases_dyntransition.cpp b/src/security-manager-tests/test_cases_dyntransition.cpp index 76ab8ac..28b7a35 100644 --- a/src/security-manager-tests/test_cases_dyntransition.cpp +++ b/src/security-manager-tests/test_cases_dyntransition.cpp @@ -59,7 +59,7 @@ static UidGidMsg readCreds(int pipefd0) static void testSetLabelForSelf(const char *app_id, bool expected_success) { - std::string label = generateAppLabel(app_id); + std::string label = generateProcessLabel(app_id); int result = smack_set_label_for_self(label.c_str()); if (expected_success) RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self(" << label << diff --git a/src/security-manager-tests/test_cases_privacy_manager.cpp b/src/security-manager-tests/test_cases_privacy_manager.cpp index 3f651d3..7645f55 100644 --- a/src/security-manager-tests/test_cases_privacy_manager.cpp +++ b/src/security-manager-tests/test_cases_privacy_manager.cpp @@ -772,7 +772,7 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_adm waitPid(pid); - admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), + admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id).c_str(), std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); } if(pid == 0) @@ -839,7 +839,7 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_adm waitPid(pid); - admin.adminCheck(check_start_bucket, false, generateAppLabel(update_other_app_id).c_str(), + admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_other_app_id).c_str(), std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); } if(pid == 0) @@ -907,7 +907,7 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_sel waitPid(pid); - admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), + admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id).c_str(), std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); } if(pid == 0) @@ -1050,7 +1050,7 @@ RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self) waitPid(pid[0]); - admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), + admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id).c_str(), std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); pid[1] = fork(); @@ -1068,7 +1068,7 @@ RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self) waitPid(pid[1]); - admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), + admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id).c_str(), std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr); } if(pid[1] == 0) diff --git a/src/security-manager-tests/test_cases_public_sharing.cpp b/src/security-manager-tests/test_cases_public_sharing.cpp index 8366fcb..b021864 100644 --- a/src/security-manager-tests/test_cases_public_sharing.cpp +++ b/src/security-manager-tests/test_cases_public_sharing.cpp @@ -55,7 +55,7 @@ void test_success_worker(const std::string &appName, int test_num) { std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num); - changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID); + changeSecurityContext(generateProcessLabel(appName), APP_UID, APP_GID); RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH ); @@ -65,7 +65,7 @@ void test_fail_worker(const std::string &appName, int test_num) { std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num); - changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID); + changeSecurityContext(generateProcessLabel(appName), APP_UID, APP_GID); RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName diff --git a/src/security-manager-tests/test_cases_register_paths.cpp b/src/security-manager-tests/test_cases_register_paths.cpp index 252d440..5857c55 100644 --- a/src/security-manager-tests/test_cases_register_paths.cpp +++ b/src/security-manager-tests/test_cases_register_paths.cpp @@ -374,7 +374,7 @@ RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X) Api::registerPaths(preq); // check labels - check_path(path, generatePkgLabel(sm_pkg_id) + "::SharedRO"); + check_path(path, generatePathRWLabel(sm_pkg_id) + "::SharedRO"); } RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author) diff --git a/src/security-manager-tests/test_cases_trusted_sharing.cpp b/src/security-manager-tests/test_cases_trusted_sharing.cpp index a728c3e..975f350 100644 --- a/src/security-manager-tests/test_cases_trusted_sharing.cpp +++ b/src/security-manager-tests/test_cases_trusted_sharing.cpp @@ -131,8 +131,8 @@ RUNNER_TEST(security_manager_43_app_install_with_trusted_path) // check rules check_exact_access("System", trusted_label, system_access); check_exact_access("User", trusted_label, system_access); - check_exact_access(generateAppLabel(provider.getAppId()), trusted_label, trusted_access); - check_exact_access(generatePkgLabel(provider.getPkgId()), trusted_label, ""); + check_exact_access(generateProcessLabel(provider.getAppId()), trusted_label, trusted_access); + check_exact_access(generatePathRWLabel(provider.getPkgId()), trusted_label, ""); // install trusted app InstallRequest trustedApp; @@ -142,8 +142,8 @@ RUNNER_TEST(security_manager_43_app_install_with_trusted_path) Api::install(trustedApp); // check rules - check_exact_access(generateAppLabel(user.getAppId()), trusted_label, trusted_access); - check_exact_access(generatePkgLabel(user.getPkgId()), trusted_label, ""); + check_exact_access(generateProcessLabel(user.getAppId()), trusted_label, trusted_access); + check_exact_access(generatePathRWLabel(user.getPkgId()), trusted_label, ""); // install untrusted app InstallRequest untrustedApp; @@ -152,8 +152,8 @@ RUNNER_TEST(security_manager_43_app_install_with_trusted_path) Api::install(untrustedApp); // check rules - check_exact_access(generateAppLabel(untrusted.getAppId()), trusted_label, ""); - check_exact_access(generatePkgLabel(untrusted.getPkgId()), trusted_label, ""); + check_exact_access(generateProcessLabel(untrusted.getAppId()), trusted_label, ""); + check_exact_access(generatePathRWLabel(untrusted.getPkgId()), trusted_label, ""); // uninstall trusting app Api::uninstall(trustingApp); @@ -161,18 +161,18 @@ RUNNER_TEST(security_manager_43_app_install_with_trusted_path) // there's still one app with author id, rules should be kept check_exact_access("System", trusted_label, system_access); check_exact_access("User", trusted_label, system_access); - check_exact_access(generateAppLabel(provider.getAppId()), trusted_label, ""); - check_exact_access(generatePkgLabel(provider.getPkgId()), trusted_label, ""); - check_exact_access(generateAppLabel(user.getAppId()), trusted_label, trusted_access); - check_exact_access(generatePkgLabel(user.getPkgId()), trusted_label, ""); + check_exact_access(generateProcessLabel(provider.getAppId()), trusted_label, ""); + check_exact_access(generatePathRWLabel(provider.getPkgId()), trusted_label, ""); + check_exact_access(generateProcessLabel(user.getAppId()), trusted_label, trusted_access); + check_exact_access(generatePathRWLabel(user.getPkgId()), trusted_label, ""); Api::uninstall(trustedApp); // no more apps with author id check_exact_access("System", trusted_label, ""); check_exact_access("User", trusted_label, ""); - check_exact_access(generateAppLabel(user.getAppId()), trusted_label, ""); - check_exact_access(generatePkgLabel(user.getPkgId()), trusted_label, ""); + check_exact_access(generateProcessLabel(user.getAppId()), trusted_label, ""); + check_exact_access(generatePathRWLabel(user.getPkgId()), trusted_label, ""); Api::uninstall(untrustedApp); } @@ -268,26 +268,26 @@ RUNNER_TEST(security_manager_46_pkgId_deinstalation_test) trustingApp2.setAuthorId(authorId1); Api::install(trustingApp2); - check_exact_access("System", generateAppLabel(trusted1.getAppId()), "rwxl"); - check_exact_access("User", generateAppLabel(trusted1.getAppId()), "rwxl"); - check_exact_access("System", generatePkgLabel(trusted1.getPkgId()), "rwxatl"); - check_exact_access("User", generatePkgLabel(trusted1.getPkgId()), "rwxatl"); - check_exact_access("System", generateAppLabel(trusted2.getAppId()), "rwxl"); - check_exact_access("User", generateAppLabel(trusted2.getAppId()), "rwxl"); + check_exact_access("System", generateProcessLabel(trusted1.getAppId()), "rwxl"); + check_exact_access("User", generateProcessLabel(trusted1.getAppId()), "rwxl"); + check_exact_access("System", generatePathRWLabel(trusted1.getPkgId()), "rwxatl"); + check_exact_access("User", generatePathRWLabel(trusted1.getPkgId()), "rwxatl"); + check_exact_access("System", generateProcessLabel(trusted2.getAppId()), "rwxl"); + check_exact_access("User", generateProcessLabel(trusted2.getAppId()), "rwxl"); Api::uninstall(trustingApp2); - check_exact_access("System", generateAppLabel(trusted1.getAppId()), "rwxl"); - check_exact_access("User", generateAppLabel(trusted1.getAppId()), "rwxl"); - check_exact_access("System", generatePkgLabel(trusted1.getPkgId()), "rwxatl"); - check_exact_access("User", generatePkgLabel(trusted1.getPkgId()), "rwxatl"); - check_exact_access("System", generateAppLabel(trusted2.getAppId()), ""); - check_exact_access("User", generateAppLabel(trusted2.getAppId()), ""); + check_exact_access("System", generateProcessLabel(trusted1.getAppId()), "rwxl"); + check_exact_access("User", generateProcessLabel(trusted1.getAppId()), "rwxl"); + check_exact_access("System", generatePathRWLabel(trusted1.getPkgId()), "rwxatl"); + check_exact_access("User", generatePathRWLabel(trusted1.getPkgId()), "rwxatl"); + check_exact_access("System", generateProcessLabel(trusted2.getAppId()), ""); + check_exact_access("User", generateProcessLabel(trusted2.getAppId()), ""); Api::uninstall(trustingApp); - check_exact_access("System", generateAppLabel(trusted1.getAppId()), ""); - check_exact_access("User", generateAppLabel(trusted1.getAppId()), ""); - check_exact_access("System", generatePkgLabel(trusted1.getPkgId()), ""); - check_exact_access("User", generatePkgLabel(trusted1.getPkgId()), ""); + check_exact_access("System", generateProcessLabel(trusted1.getAppId()), ""); + check_exact_access("User", generateProcessLabel(trusted1.getAppId()), ""); + check_exact_access("System", generatePathRWLabel(trusted1.getPkgId()), ""); + check_exact_access("User", generatePathRWLabel(trusted1.getPkgId()), ""); }