From 287c5d0854d05339287832b0921b128b5225944c Mon Sep 17 00:00:00 2001 From: Pawel Polawski Date: Mon, 22 Jul 2013 11:39:26 +0200 Subject: [PATCH] Added security server stress tests [Issue#] SSDWSSP-250 [Bug/Feature] N/A [Cause] Missing stress tests for security server [Solution] Stress tests added [Verification] New tests should be avaible after compilation. They are available through security-server-tests-stress binary. It is also caled by security-tests-all.sh, or using security-tests.sh with ss-stress parameter. Change-Id: I8688d7326c201482928688407c42ff1adf8b4c7f --- packaging/security-tests.spec | 1 + tests/common/tests_common.h | 3 + tests/libsmack-tests/test_cases.cpp | 4 - tests/security-server-tests/CMakeLists.txt | 11 ++ .../security_server_tests_server.cpp | 6 +- .../security_server_tests_stress.cpp | 219 +++++++++++++++++++++ tests/security-tests-all.sh | 1 + tests/security-tests.sh | 9 +- 8 files changed, 244 insertions(+), 10 deletions(-) create mode 100644 tests/security-server-tests/security_server_tests_stress.cpp diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec index d5fcc57..7e31d73 100644 --- a/packaging/security-tests.spec +++ b/packaging/security-tests.spec @@ -77,6 +77,7 @@ osp-installer -u V5LKqDFBXm /usr/bin/security-server-tests-client-smack /usr/bin/security-server-tests-server /usr/bin/security-server-tests-password +/usr/bin/security-server-tests-stress /usr/bin/security-server-tests-dbus /usr/bin/security-client /etc/smack/test_smack_rules_full diff --git a/tests/common/tests_common.h b/tests/common/tests_common.h index 8b25108..8390997 100644 --- a/tests/common/tests_common.h +++ b/tests/common/tests_common.h @@ -40,6 +40,9 @@ const gid_t APP_GID = 5000; const uid_t DB_ALARM_UID = 6001; const gid_t DB_ALARM_GID = 6001; + +typedef std::unique_ptr > AccessesUniquePtr; + #define RUNNER_TEST_SMACK(Proc) \ void Proc(); \ static int Static##Proc##Init() \ diff --git a/tests/libsmack-tests/test_cases.cpp b/tests/libsmack-tests/test_cases.cpp index 94ee92b..2f8b577 100644 --- a/tests/libsmack-tests/test_cases.cpp +++ b/tests/libsmack-tests/test_cases.cpp @@ -46,10 +46,6 @@ std::vector accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" }; -typedef std::unique_ptr > AccessesUniquePtr; - - - int files_compare(int fd1, int fd2) { diff --git a/tests/security-server-tests/CMakeLists.txt b/tests/security-server-tests/CMakeLists.txt index 35d56d2..2487beb 100644 --- a/tests/security-server-tests/CMakeLists.txt +++ b/tests/security-server-tests/CMakeLists.txt @@ -37,6 +37,7 @@ PKG_CHECK_MODULES(SEC_SRV_TESTS_DEP SET(TARGET_SEC_SRV_CLIENT_SMACK_TESTS "security-server-tests-client-smack") SET(TARGET_SEC_SRV_TC_SERVER_TESTS "security-server-tests-server") SET(TARGET_SEC_SRV_PWD_TESTS "security-server-tests-password") +SET(TARGET_SEC_SRV_STRESS_TESTS "security-server-tests-stress") SET(TARGET_SEC_SRV_MT_TESTS "security-server-tests-mt") SET(TARGET_SEC_SRV_DBUS_TESTS "security-server-tests-dbus") SET(TARGET_SEC_SRV_MEASURER "security-server-tests-api-speed") @@ -61,6 +62,10 @@ SET(SEC_SRV_PWD_SOURCES ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_clean_env.cpp ) +SET(SEC_SRV_STRESS_SOURCES + ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_tests_stress.cpp + ) + SET(SEC_SRV_MT_SOURCES ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_tests_mt.cpp ) @@ -89,6 +94,7 @@ ADD_DEFINITIONS("-I/usr/include/dbus-1.0/dbus") ADD_EXECUTABLE(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} ${SEC_SRV_CLIENT_SMACK_SOURCES}) ADD_EXECUTABLE(${TARGET_SEC_SRV_TC_SERVER_TESTS} ${SEC_SRV_TC_SERVER_SOURCES}) ADD_EXECUTABLE(${TARGET_SEC_SRV_PWD_TESTS} ${SEC_SRV_PWD_SOURCES}) +ADD_EXECUTABLE(${TARGET_SEC_SRV_STRESS_TESTS} ${SEC_SRV_STRESS_SOURCES}) ADD_EXECUTABLE(${TARGET_SEC_SRV_MT_TESTS} ${SEC_SRV_MT_SOURCES}) ADD_EXECUTABLE(${TARGET_SEC_SRV_DBUS_TESTS} ${SEC_SRV_DBUS_SOURCES}) ADD_EXECUTABLE(${TARGET_SEC_SRV_MEASURER} ${SEC_SRV_MEASURER_SOURCES}) @@ -106,6 +112,10 @@ TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PWD_TESTS} ${SEC_SRV_TESTS_DEP_LIBRARIES} tests-common) +TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_STRESS_TESTS} + ${SEC_SRV_TESTS_DEP_LIBRARIES} + tests-common) + TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MT_TESTS} ${SEC_SRV_TESTS_DEP_LIBRARIES} tests-common) @@ -123,6 +133,7 @@ TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MEASURER} INSTALL(TARGETS ${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} DESTINATION /usr/bin) INSTALL(TARGETS ${TARGET_SEC_SRV_TC_SERVER_TESTS} DESTINATION /usr/bin) INSTALL(TARGETS ${TARGET_SEC_SRV_PWD_TESTS} DESTINATION /usr/bin) +INSTALL(TARGETS ${TARGET_SEC_SRV_STRESS_TESTS} DESTINATION /usr/bin) INSTALL(TARGETS ${TARGET_SEC_SRV_MT_TESTS} DESTINATION /usr/bin) INSTALL(TARGETS ${TARGET_SEC_SRV_DBUS_TESTS} DESTINATION /usr/bin) INSTALL(TARGETS ${TARGET_SEC_SRV_MEASURER} DESTINATION /usr/bin) diff --git a/tests/security-server-tests/security_server_tests_server.cpp b/tests/security-server-tests/security_server_tests_server.cpp index 49b7981..3f6d60d 100644 --- a/tests/security-server-tests/security_server_tests_server.cpp +++ b/tests/security-server-tests/security_server_tests_server.cpp @@ -487,8 +487,7 @@ RUNNER_CHILD_TEST_SMACK(tc01a_security_server_app_give_access) RUNNER_ASSERT(0 == smack_accesses_new(&tmp)); - std::unique_ptr > - smack(tmp, smack_accesses_free); + AccessesUniquePtr smack(tmp, smack_accesses_free); RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), subject, object, "-----")); RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), object, server_api, "rw")); @@ -532,8 +531,7 @@ RUNNER_CHILD_TEST_SMACK(tc01c_security_server_app_give_access_no_access) RUNNER_ASSERT(0 == smack_accesses_new(&tmp)); - std::unique_ptr > - smack(tmp, smack_accesses_free); + AccessesUniquePtr smack(tmp, smack_accesses_free); RUNNER_ASSERT(0 == smack_accesses_add(smack.get(), subject, object, "-----")); RUNNER_ASSERT(0 == smack_accesses_apply(smack.get())); diff --git a/tests/security-server-tests/security_server_tests_stress.cpp b/tests/security-server-tests/security_server_tests_stress.cpp new file mode 100644 index 0000000..da3959b --- /dev/null +++ b/tests/security-server-tests/security_server_tests_stress.cpp @@ -0,0 +1,219 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + */ +/* + * @file security_server_tests_stress.cpp + * @author Pawel Polawski (p.polawski@partner.samsung.com) + * @version 1.0 + * @brief Test cases for security server stress tests + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "security-server.h" + + +std::mutex g_mutex; +std::mutex g_msgMutex; +size_t g_successes = 0; + +//number of threads +const size_t g_threadsNumber = 100; + +//environment setup +const std::string g_subject("woda"); +const std::string g_object("wiadro"); +const std::string g_rule("rwx"); + +//for storing errors +std::string g_errors; + + +void appendError(const std::string &message) +{ + std::lock_guard lock(g_msgMutex); + g_errors += message; + g_errors += "\n"; +} + +void cookie_api_thread_function(bool isSmack) +{ + /* + Tested API functions: + + int security_server_get_cookie_size(void); + int security_server_request_cookie(char *cookie, size_t bufferSize); + int security_server_check_privilege(const char *cookie, gid_t privilege); + int security_server_check_privilege_by_cookie(const char *cookie, + const char *object, + const char *access_rights); + int security_server_get_cookie_pid(const char *cookie); + char *security_server_get_smacklabel_cookie(const char *cookie); + int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid); + int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid); + */ + + int ret; + size_t COOKIE_SIZE; + pid_t pid; + uid_t uid; + gid_t gid; + + //security_server_get_cookie_size() + COOKIE_SIZE = security_server_get_cookie_size(); + if (COOKIE_SIZE != 20) { + appendError("Error in security_server_get_cookie_size(): " + std::to_string(COOKIE_SIZE)); + return; + } + + //security_server_request_cookie() + std::vector cookie(COOKIE_SIZE); + ret = security_server_request_cookie(cookie.data(), COOKIE_SIZE); + if (ret < 0) { + appendError("Error in security_server_request_cookie(): " + std::to_string(ret)); + return; + } + + //security_server_check_privilege() + ret = security_server_check_privilege(cookie.data(), 0); + if (ret < 0) { + appendError("Error in security_server_check_privilege(): " + std::to_string(ret)); + return; + } + + //security_server_check_privilege_by_cookie() + ret = security_server_check_privilege_by_cookie(cookie.data(), g_object.data(), g_rule.data()); + if (ret < 0) { + appendError("Error in security_server_check_privilege_by_cookie(): " + std::to_string(ret)); + return; + } + + //security_server_get_cookie_pid + pid = getpid(); + ret = security_server_get_cookie_pid(cookie.data()); + if (ret < 0) { + appendError("Error in security_server_get_cookie_pid(): " + std::to_string(ret)); + return; + } + + if (isSmack) { + //security_server_get_smacklabel_cookie() + char *tmp = security_server_get_smacklabel_cookie(cookie.data()); + std::string labelFromCookie(tmp ? tmp : ""); + free(tmp); + if (labelFromCookie.size() == 0) { + appendError("Error in security_server_get_smacklabel_cookie(): " + labelFromCookie); + return; + } + + char *labelFromSelfTmp = NULL; + ret = smack_new_label_from_self(&labelFromSelfTmp); + if (ret < 0) { + appendError("Error in smack_new_label_from_self(): " + std::to_string(ret)); + return; + } + + std::string labelFromSelf(labelFromSelfTmp ? labelFromSelfTmp : ""); + free(labelFromSelfTmp); + if (labelFromSelf != labelFromCookie) { + appendError("Error in comparing SMACK label: " + std::to_string(ret)); + return; + } + } + + //security_server_get_uid_by_cookie() + ret = security_server_get_uid_by_cookie(cookie.data(), &uid); + if (ret < 0) { + appendError("Error in security_server_get_uid_by_cookie(): " + std::to_string(ret)); + return; + } + uid_t trueUid = getuid(); + if (trueUid != uid) { + appendError("Error in UID match"); + return; + } + + //security_server_get_gid_by_cookie() + ret = security_server_get_gid_by_cookie(cookie.data(), &gid); + if (ret < 0) { + appendError("Error in security_server_get_gid_by_cookie(): " + std::to_string(ret)); + return; + } + gid_t trueGid = getgid(); + if (trueGid != gid) { + appendError("Error in GID match"); + return; + } + + std::lock_guard lock(g_mutex); + ++g_successes; +} + +void testFunction(bool isSmack) +{ + std::vector threadsVector; + + if (isSmack) { + //preapre environment + int ret = smack_set_label_for_self(g_subject.data()); + RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self()"); + + struct smack_accesses *rulesRaw = NULL; + ret = smack_accesses_new(&rulesRaw); + RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_new()"); + AccessesUniquePtr rules(rulesRaw, smack_accesses_free); + ret = smack_accesses_add(rules.get(), g_subject.data(), g_object.data(), g_rule.data()); + RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_add()"); + ret = smack_accesses_apply(rules.get()); + RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_apply()"); + } + + //spawning threads + for (size_t i = 0 ; i < g_threadsNumber; ++i) + threadsVector.push_back(std::thread(cookie_api_thread_function, isSmack)); + + //waiting for threads end + for (auto itr = threadsVector.begin(); itr != threadsVector.end(); ++itr) + itr->join(); +} + + +RUNNER_TEST_GROUP_INIT(stress_tests) + +RUNNER_CHILD_TEST_SMACK(tc_stress_cookie_api_smack) +{ + testFunction(true); + + RUNNER_ASSERT_MSG(g_successes == g_threadsNumber, + "Not all threads exit with success: " + << g_successes << "/ " << g_threadsNumber + << std::endl << "Errors:" << std::endl << g_errors); +} + +RUNNER_CHILD_TEST_NOSMACK(tc_stress_cookie_api_no_smack) +{ + testFunction(false); + + RUNNER_ASSERT_MSG(g_successes == g_threadsNumber, + "Not all threads exit with success: " + << g_successes << "/ " << g_threadsNumber + << std::endl << "Errors:" << std::endl << g_errors); +} + + + +int main (int argc, char *argv[]) +{ + int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); + return status; +} + diff --git a/tests/security-tests-all.sh b/tests/security-tests-all.sh index 506d8c7..d1c4bab 100644 --- a/tests/security-tests-all.sh +++ b/tests/security-tests-all.sh @@ -14,4 +14,5 @@ security-tests.sh ss-clientsmack --output=text $ign security-tests.sh ss-server --output=text $ign security-tests.sh ss-password --output=text $ign security-tests.sh ss-dbus --output=text $ign +security-tests.sh ss-stress --output=text $ign echo "[Done]" diff --git a/tests/security-tests.sh b/tests/security-tests.sh index 81bf59d..1a550f7 100644 --- a/tests/security-tests.sh +++ b/tests/security-tests.sh @@ -28,7 +28,6 @@ case $1 in echo libsmack-test $2 $3 ;; - "libprivilege-control") echo "=========================================================================" echo $1 @@ -41,6 +40,12 @@ case $1 in echo security-server-tests-client-smack $2 $3 ;; +"ss-stress") + echo "=========================================================================" + echo "SECURITY SERVER TEST STRESS" + echo + security-server-tests-stress $2 $3 + ;; "ss-server") echo "=========================================================================" echo "SECURITY SERVER TEST SERVER" @@ -71,7 +76,7 @@ case $1 in echo " security_test.sh " echo echo "modules: smack, libprivilege-control, ss-clientsmack" - echo " ss-server, ss-api-speed, ss-password" + echo " ss-server, ss-api-speed, ss-password, ss-stress" ;; esac -- 2.7.4