From 3995320092bf779742be340286105d7cfe145153 Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Tue, 23 Aug 2016 16:22:36 +0200 Subject: [PATCH] SM: Use PasswdAccess instead of pwdnam Change-Id: I12db6dc0f48ac63a9d3d99b351ef6dd9b519e06f --- src/common/passwd_access.cpp | 26 ++++-- src/common/passwd_access.h | 1 + .../security_manager_tests.cpp | 92 +++++++------------ 3 files changed, 55 insertions(+), 64 deletions(-) diff --git a/src/common/passwd_access.cpp b/src/common/passwd_access.cpp index 6f555494..ffa164dc 100644 --- a/src/common/passwd_access.cpp +++ b/src/common/passwd_access.cpp @@ -28,15 +28,27 @@ #include "passwd_access.h" -namespace PasswdAccess { - uid_t uid(const std::string &username) { - struct passwd *passwd = nullptr; +namespace { + struct passwd *getPasswd(const std::string &username) { + struct passwd *info = nullptr; do { errno = 0; - passwd = getpwnam(username.c_str()); - } while (passwd == nullptr && errno == EINTR); - RUNNER_ASSERT_ERRNO_MSG(passwd != nullptr, "Error in getpwnam(). Username: " << username); - return passwd->pw_uid; + info = getpwnam(username.c_str()); + } while (info == nullptr && errno == EINTR); + RUNNER_ASSERT_ERRNO_MSG(info != nullptr, "Error in getpwnam(). Username: " << username); + return info; + } +} + +namespace PasswdAccess { + uid_t uid(const std::string &username) { + return getPasswd(username)->pw_uid; + } + + void allUser(const std::string &username, uid_t &uid, gid_t &gid) { + auto info = getPasswd(username); + uid = info->pw_uid; + gid = info->pw_gid; } gid_t gid(const std::string &groupname) { diff --git a/src/common/passwd_access.h b/src/common/passwd_access.h index 36388286..74d1f0d1 100644 --- a/src/common/passwd_access.h +++ b/src/common/passwd_access.h @@ -28,6 +28,7 @@ namespace PasswdAccess { uid_t uid(const std::string &username); + void allUser(const std::string &username, uid_t &uid, gid_t &gid) { gid_t gid(const std::string &groupname); } // namespace PasswdAccess diff --git a/src/security-manager-tests/security_manager_tests.cpp b/src/security-manager-tests/security_manager_tests.cpp index 21efcba9..e19e3374 100644 --- a/src/security-manager-tests/security_manager_tests.cpp +++ b/src/security-manager-tests/security_manager_tests.cpp @@ -44,7 +44,6 @@ #include #include -#include #include #include @@ -152,28 +151,6 @@ static inline void register_current_process_as_privilege_manager(uid_t uid, bool Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); }; -static inline struct passwd *getUserStruct(const std::string &userName) { - struct passwd *pw = nullptr; - errno = 0; - - while(!(pw = getpwnam(userName.c_str()))) { - RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed"); - }; - - return pw; -}; - -static inline struct passwd *getUserStruct(const uid_t uid) { - struct passwd *pw = nullptr; - errno = 0; - - while(!(pw = getpwuid(uid))) { - RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed"); - }; - - return pw; -}; - void check_exact_access(const std::string& subject, const std::string& object, const std::string& access) { // check access @@ -237,8 +214,6 @@ void check_exact_smack_accesses(const std::string &subject, const std::string &o } } - - RUNNER_CHILD_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_self) { //TEST DATA @@ -301,10 +276,11 @@ RUNNER_CHILD_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_sel pipe.claimChildEp(); pipe.wait(); - struct passwd *pw = getUserStruct(username); - std::string uidStr = std::to_string(pw->pw_uid); - register_current_process_as_privilege_manager(pw->pw_uid); - int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + uid_t uid; gid_t gid; + PasswdAccess::allUser(username, uid, gid); + std::string uidStr = std::to_string(uid); + register_current_process_as_privilege_manager(uid); + int result = drop_root_privileges(uid, gid); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); std::vector policyEntries; @@ -409,13 +385,14 @@ RUNNER_CHILD_TEST(security_manager_11_privacy_manager_fetch_whole_policy_for_adm pipe.claimChildEp(); pipe.wait(); - struct passwd *pw = getUserStruct(usernames.at(0)); - std::string uidStr = std::to_string(pw->pw_uid); - register_current_process_as_privilege_manager(pw->pw_uid); + uid_t uid; gid_t gid; + PasswdAccess::allUser(usernames.at(0), uid, gid); + std::string uidStr = std::to_string(uid); + register_current_process_as_privilege_manager(uid); //change uid to normal user errno = 0; - int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + int result = drop_root_privileges(uid, gid); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); std::vector policyEntries; @@ -522,16 +499,16 @@ RUNNER_CHILD_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_adm pipe.claimChildEp(); pipe.wait(); - struct passwd *pw = getUserStruct(usernames.at(1)); - uid_t myUid = pw->pw_uid; - gid_t myGid = pw->pw_gid; - std::string uidStr1 = std::to_string(myUid); - pw = getUserStruct(usernames.at(0)); - std::string uidStr0 = std::to_string(pw->pw_uid); - register_current_process_as_privilege_manager(myUid, true); + uid_t normalUid; + gid_t normalGid; + PasswdAccess::allUser(usernames.at(1), normalUid, normalUid); + std::string normalUidStr = std::to_string(normalUid); + uid_t adminUid = PasswdAccess::uid(usernames.at(0)); + std::string adminUidStr = std::to_string(adminUid); + register_current_process_as_privilege_manager(normalUid, true); //change uid to normal user - int result = drop_root_privileges(myUid, myGid); + int result = drop_root_privileges(normalUid, normalGid); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); @@ -550,9 +527,9 @@ RUNNER_CHILD_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_adm std::string app = policyEntry.getAppId(); std::string privilege = policyEntry.getPrivilege(); - RUNNER_ASSERT_MSG(user == uidStr0 || user == uidStr1, "Unexpected user: " << user); + RUNNER_ASSERT_MSG(user == normalUid || user == adminUid, "Unexpected user: " << user); - std::string uidStrToLook = user == uidStr0 ? usernames.at(0) : usernames.at(1); + std::string uidStrToLook = user == normalUid ? usernames.at(0) : usernames.at(1); try { std::set::iterator tmp = users2AppsMap.at(uidStrToLook).at(app).find(privilege); @@ -604,11 +581,12 @@ RUNNER_CHILD_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_ sync[0].claimChildEp(); sync[0].wait(); - struct passwd *pw = getUserStruct(usernames.at(0)); - register_current_process_as_privilege_manager(pw->pw_uid); + uid_t uid; gid_t gid; + PasswdAccess::allUser(usernames.at(0), uid, gid); + register_current_process_as_privilege_manager(uid); //change uid to normal user - int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + int result = drop_root_privileges(uid, gid); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); PolicyEntry filter; @@ -616,7 +594,7 @@ RUNNER_CHILD_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_ PolicyEntry policyEntry( MANY_APPS[0], - std::to_string(pw->pw_uid), + std::to_string(uid), "http://tizen.org/privilege/internet" ); policyEntry.setLevel("Deny"); @@ -624,7 +602,7 @@ RUNNER_CHILD_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_ policyRequest.addEntry(policyEntry); policyEntry = PolicyEntry( MANY_APPS[1], - std::to_string(pw->pw_uid), + std::to_string(uid), "http://tizen.org/privilege/display" ); policyEntry.setLevel("Deny"); @@ -641,11 +619,10 @@ RUNNER_CHILD_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_ sync[1].claimChildEp(); sync[1].wait(); - struct passwd *pw = getUserStruct(usernames.at(0)); - uid_t target_uid = pw->pw_uid; - pw = getUserStruct(usernames.at(1)); - uid_t my_uid = pw->pw_uid; - gid_t my_gid = pw->pw_gid; + uid_t target_uid = PasswdAccess::uid(usernames.at(0)); + uid_t my_uid; + gid_t my_gid; + PasswdAccess::allUser(usernames.at(1), my_uid, my_gid); register_current_process_as_privilege_manager(my_uid); @@ -795,11 +772,12 @@ RUNNER_CHILD_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_fo pipe.claimChildEp(); pipe.wait(); - struct passwd *pw = getUserStruct(usernames.at(1)); - register_current_process_as_privilege_manager(pw->pw_uid, true); + uid_t uid; gid_t gid; + PasswdAccess::allUser(usernames.at(1), uid, gid); + register_current_process_as_privilege_manager(uid, true); //change uid to normal user - int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + int result = drop_root_privileges(uid, gid); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); PolicyRequest *policyRequest = new PolicyRequest(); @@ -3141,7 +3119,7 @@ public: } uid_t uid(void) const { - return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER); + return TzPlatformConfig::getGlobalUserId(); } gid_t gid(void) const { -- 2.34.1