From bf6e3967d5a6d268937fc1ccbbf0a20bc92ae6d5 Mon Sep 17 00:00:00 2001 From: Marcin Lis Date: Thu, 3 Jul 2014 15:45:38 +0200 Subject: [PATCH] Add parameters to security-manager tests functions. This commit pre-reorganizes tests. It prepares security-manager tests to implement database records checks in next step. Change-Id: I4687a71f12117c8b5c02e90cb71851ec95aacf16 Signed-off-by: Marcin Lis --- .../security_manager_tests.cpp | 145 ++++++++++++--------- 1 file changed, 84 insertions(+), 61 deletions(-) diff --git a/tests/security-manager-tests/security_manager_tests.cpp b/tests/security-manager-tests/security_manager_tests.cpp index 6a83e3a..1c677ba 100644 --- a/tests/security-manager-tests/security_manager_tests.cpp +++ b/tests/security-manager-tests/security_manager_tests.cpp @@ -13,6 +13,7 @@ #include #include +#include DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr); @@ -22,8 +23,16 @@ static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double"; static const char *const SM_APP_ID2 = "sm_test_app_id_full"; static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full"; -static const char *const SM_ALLOWED_PERMISSION1 = "security_manager_test_rules2_r"; -static const char *const SM_ALLOWED_PERMISSION2 = "security_manager_test_rules2_no_r"; +static const privileges_t SM_ALLOWED_PRIVILEGES = { + "security_manager_test_rules2_r", + "security_manager_test_rules2_no_r" +}; + +static const privileges_t SM_DENIED_PRIVILEGES = { + "security_manager_test_rules1", + "security_manager_test_rules2" +}; + static const char *const XATTR_NAME_TIZENEXEC = XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL"; static const rules_t SM_ALLOWED_RULES = { @@ -61,9 +70,6 @@ static const rules_t SM_DENIED_RULES = { { "test_sm_subject_7", USER_APP_ID, "rwx" } }; -static const char *const SM_DENIED_PERMISSION1 = "security_manager_test_rules1"; -static const char *const SM_DENIED_PERMISSION2 = "security_manager_test_rules2"; - static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir"; static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public"; static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro"; @@ -175,9 +181,6 @@ static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct st return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false); } - -RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER) - static app_inst_req* do_app_inst_req_new() { int result; @@ -190,44 +193,6 @@ static app_inst_req* do_app_inst_req_new() return req; } -RUNNER_TEST(security_manager_01_app_double_install_double_uninstall) -{ - int result; - AppInstReqUniquePtr request; - - request.reset(do_app_inst_req_new()); - - result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1); - RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); - - result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1); - RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting pkg id failed. Result: " << result); - - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing app failed. Result: " << result); - - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing already installed app failed. Result: " << result); - - request.reset(do_app_inst_req_new()); - - result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1); - RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); - - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling app failed. Result: " << result); - - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling already uninstalled app failed. Result: " << result); -} - static void prepare_app_path() { int result; @@ -245,6 +210,12 @@ static void prepare_app_path() RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH); } +static void prepare_app_env() +{ + prepare_app_path(); +} + +/* TODO: add parameters to this function */ static void check_app_path_after_install() { int result; @@ -262,30 +233,77 @@ static void check_app_path_after_install() RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH); } -static void check_app_permission_after_install() +static void check_app_permissions(const char *const app_id, const char *const pkg_id, + const privileges_t &allowed_privs, const privileges_t &denied_privs, + const rules_t &allowed_rules, const rules_t &denied_rules) { bool result; - result = check_all_accesses(smack_check(), SM_ALLOWED_RULES); + result = check_all_accesses(smack_check(), allowed_rules); RUNNER_ASSERT_MSG_BT(result, "Permissions not added."); - result = check_no_accesses(smack_check(), SM_DENIED_RULES); + result = check_no_accesses(smack_check(), denied_rules); RUNNER_ASSERT_MSG_BT(result, "Permissions added."); - check_perm_app_has_permission(USER_APP_ID, SM_ALLOWED_PERMISSION1, true); - check_perm_app_has_permission(USER_APP_ID, SM_ALLOWED_PERMISSION2, true); - check_perm_app_has_permission(USER_APP_ID, SM_DENIED_PERMISSION1, false); - check_perm_app_has_permission(USER_APP_ID, SM_DENIED_PERMISSION2, false); + /* TODO: USER_APP_ID is hardcoded in the following checks, because libprivilege always generate + * label "User" for all installed apps. Adjust it when libprivilege is upgraded. */ + (void)app_id; // unused parameter + (void)pkg_id; // unused parameter + + for (auto it = allowed_privs.begin(); it != allowed_privs.end(); ++it) + check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), true); + + for (auto it = denied_privs.begin(); it != denied_privs.end(); ++it) + check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), false); } -static void prepare_app_env() +static void check_app_after_install(const char *const app_id, const char *const pkg_id, + const privileges_t &allowed_privs, const privileges_t &denied_privs, + const rules_t &allowed_rules, const rules_t &denied_rules) { - prepare_app_path(); + check_app_permissions(app_id, pkg_id, + allowed_privs, denied_privs, + allowed_rules, denied_rules); } -static void check_app_env_after_install() +RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER) + + +RUNNER_TEST(security_manager_01_app_double_install_double_uninstall) { - check_app_path_after_install(); - check_app_permission_after_install(); + int result; + AppInstReqUniquePtr request; + + request.reset(do_app_inst_req_new()); + + result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1); + RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "setting app id failed. Result: " << result); + + result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1); + RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "setting pkg id failed. Result: " << result); + + result = security_manager_app_install(request.get()); + RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "installing app failed. Result: " << result); + + result = security_manager_app_install(request.get()); + RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "installing already installed app failed. Result: " << result); + + request.reset(do_app_inst_req_new()); + + result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1); + RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "setting app id failed. Result: " << result); + + result = security_manager_app_uninstall(request.get()); + RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "uninstalling app failed. Result: " << result); + + result = security_manager_app_uninstall(request.get()); + RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "uninstalling already uninstalled app failed. Result: " << result); } RUNNER_TEST(security_manager_02_app_install_uninstall_full) @@ -305,10 +323,10 @@ RUNNER_TEST(security_manager_02_app_install_uninstall_full) RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, "setting pkg id failed. Result: " << result); - result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PERMISSION1); + result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str()); RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, "setting allowed permission failed. Result: " << result); - result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PERMISSION2); + result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str()); RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, "setting allowed permission failed. Result: " << result); @@ -331,7 +349,12 @@ RUNNER_TEST(security_manager_02_app_install_uninstall_full) RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS, "installing app failed. Result: " << result); - check_app_env_after_install(); + check_app_after_install(SM_APP_ID2, SM_PKG_ID2, + SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, + SM_ALLOWED_RULES, SM_DENIED_RULES); + + /* TODO: add parameters to this function */ + check_app_path_after_install(); request.reset(do_app_inst_req_new()); -- 2.7.4