From f0a7a142df02eec585d507af13b643ac6381ce68 Mon Sep 17 00:00:00 2001 From: Michal Eljasiewicz Date: Mon, 16 Feb 2015 12:59:39 +0100 Subject: [PATCH] Test for getting policies levels descriptions Without plugins in Cynara - so only Allow and Deny Change-Id: Iaf78ce6de77ba9c1e73d0a56ee6eac1385ee2f9c Signed-off-by: Michal Eljasiewicz --- .../security_manager_tests.cpp | 75 ++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/tests/security-manager-tests/security_manager_tests.cpp b/tests/security-manager-tests/security_manager_tests.cpp index 2da8689..8c98d9a 100644 --- a/tests/security-manager-tests/security_manager_tests.cpp +++ b/tests/security-manager-tests/security_manager_tests.cpp @@ -1772,6 +1772,81 @@ RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_ } } +RUNNER_MULTIPROCESS_TEST(security_manager_16_policy_levels_get) +{ + const std::string username("sm_test_16_user_cynara_policy"); + CynaraTestAdmin::Admin admin; + int pipefd[2]; + pid_t pid; + int result = 0; + + struct message { + uid_t uid; + gid_t gid; + } msg; + + RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); + + TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); + user.create(); + + pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0)//parent process + { + FdUniquePtr pipeptr(pipefd+1); + close(pipefd[0]); + + //send info to child + msg.uid = user.getUid(); + msg.gid = user.getGid(); + + ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + + //wait for child + RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); + } + if(pid == 0) + { + int ret; + char** levels; + std::string allow_policy, deny_policy; + size_t count; + FdUniquePtr pipeptr(pipefd); + close(pipefd[1]); + + ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + + //become admin privacy manager manager + result = drop_root_privileges(msg.uid, msg.gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + // without plugins there should only be 2 policies - Allow and Deny + ret = security_manager_policy_levels_get(&levels, &count); + + RUNNER_ASSERT_MSG((lib_retcode)ret == SECURITY_MANAGER_SUCCESS, + "Invlid return code: " << ret); + + RUNNER_ASSERT_MSG(count == 2, "Invalid number of policy levels. Should be 2, instead there is: " << static_cast(count)); + + deny_policy = std::string(levels[0]); + allow_policy = std::string(levels[count-1]); + + // first should always be Deny + RUNNER_ASSERT_MSG(deny_policy.compare("Deny") == 0, + "Invalid first policy level. Should be Deny, instead there is: " << levels[0]); + + // last should always be Allow + RUNNER_ASSERT_MSG(allow_policy.compare("Allow") == 0, + "Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]); + + security_manager_policy_levels_free(levels, count); + exit(0); + } +} + int main(int argc, char *argv[]) { return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -- 2.7.4