Unify privilege representation

[platform/core/test/security-tests.git] / src / security-manager-tests / common / policy_configuration.cpp

/*
 * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

#include <fstream>
#include <regex>
#include <string>
#include <vector>

#include <grp.h>
#include <sys/types.h>
#include <unistd.h>

#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
#include <policy_configuration.h>

#define CONF_DIR "/usr/share/security-manager/policy/"
#define CONF_GROUP_FILE "privilege-group.list"
#define CONF_SYSTEMD_PRIVS_FILE "privilege-managed-by-systemd-for-daemons.list"
#define CONF_USER_TEMPLATE_FILE "usertype-%s.profile"

namespace SecurityManagerTest {

gid_t nameToGid(const char *name) {
    struct group entry, *gresult;
    char buffer[1024];
    RUNNER_ASSERT_MSG(
        0 == getgrnam_r(name, &entry, buffer, 1024, &gresult) && (gresult != NULL),
        "Error in getgrnam. Group name: " << name);
    return entry.gr_gid;
}


std::string PolicyConfiguration::getConfigFilePath(UserType userType) {
    const char *user = NULL;
    switch(userType) {
    case GUEST:  user = "guest"; break;
    case NORMAL: user = "normal"; break;
    case ADMIN:  user = "admin"; break;
    case SYSTEM: user = "system"; break;
    }
    char buffer[1024];
    snprintf(buffer, 1024, CONF_DIR CONF_USER_TEMPLATE_FILE, user);
    return std::string(buffer);
}

PolicyConfiguration::PrivVector PolicyConfiguration::getUserPriv(PolicyConfiguration::UserType userType) {
    return getUserDescription(userType).privVector;
}

PolicyConfiguration::GroupVector PolicyConfiguration::getUserGroup(PolicyConfiguration::UserType userType) {
    return getUserDescription(userType).groupVector;
}

PolicyConfiguration::GidVector PolicyConfiguration::getUserGid(PolicyConfiguration::UserType userType) {
    return getUserDescription(userType).gidVector;
}

PolicyConfiguration::GidVector PolicyConfiguration::getGid() {
    return groupToGid(getGroup());
}

PolicyConfiguration::GroupVector PolicyConfiguration::getGroup() {
    GroupVector result;
    if (m_privGroupMap.empty())
        loadPrivGroupMap();
    for (auto &e : m_privGroupMap)
        result.push_back(e.second);
    return result;
}

PolicyConfiguration::UserDescription& PolicyConfiguration::getUserDescription(PolicyConfiguration::UserType userType) {
    auto it = m_userDescriptionMap.find(userType);
    if (it == m_userDescriptionMap.end())
        m_userDescriptionMap[userType] = loadUserDescription(userType);
    return m_userDescriptionMap[userType];
}

gid_t PolicyConfiguration::groupToGid(const std::string &gname) {
    auto it = m_groupGidMap.find(gname);
    if (it == m_groupGidMap.end())
        m_groupGidMap[gname] = nameToGid(gname.c_str());
    return m_groupGidMap[gname];
}

PolicyConfiguration::GidVector PolicyConfiguration::groupToGid(const PolicyConfiguration::GroupVector &groupVector) {
    GidVector result;
    for (auto &e : groupVector)
        result.push_back(groupToGid(e));
    return result;
}

PolicyConfiguration::PrivGroupMap PolicyConfiguration::getPrivGroupMap()
{
    if (m_privGroupMap.empty())
        loadPrivGroupMap();
    return m_privGroupMap;
}

bool PolicyConfiguration::getIsAskuserEnabled() {
#ifdef ASKUSER_ENABLED
    return true;
#else
    return false;
#endif
}

PolicyConfiguration::UserDescription PolicyConfiguration::loadUserDescription(PolicyConfiguration::UserType userType) {
    UserDescription result;
    std::string path = getConfigFilePath(userType);
    result.privVector = loadPrivFile(path);
    result.groupVector = privToGroup(result.privVector);
    result.gidVector = groupToGid(result.groupVector);
    return result;
}

PolicyConfiguration::PrivVector PolicyConfiguration::loadPrivFile(const std::string &path) {
    PrivVector result;
    std::ifstream file(path);
    std::string line;
    std::regex r("^\\*[ \t]+(.*)");
    while (std::getline(file, line)) {
        std::smatch m;
        if (std::regex_search(line, m, r))
            result.push_back(m[1]);
    }
    return result;
}

PolicyConfiguration::PrivVector PolicyConfiguration::getSystemdManagedPrivs()
{
    PolicyConfiguration::PrivVector result;
    std::ifstream file(CONF_DIR CONF_SYSTEMD_PRIVS_FILE);
    if (!file.is_open()) {
        RUNNER_ASSERT_MSG(file.is_open(),
          "Unable to read config file " << CONF_DIR CONF_SYSTEMD_PRIVS_FILE);
    }
    std::string line;
    std::regex r("^(http(.*))");
    while (std::getline(file, line)) {
        std::smatch m;
        if (std::regex_search(line, m, r))
            result.emplace_back(m[1]);
    }
    return result;
}

void PolicyConfiguration::loadPrivGroupMap(void) {
    std::string pgPath(CONF_DIR CONF_GROUP_FILE);
    std::ifstream file(pgPath);

    RUNNER_ASSERT_MSG(file.is_open(),
      "Unable to read group mapping file " << pgPath);

    std::string line;
    std::regex r("^(http(.*)) +(.*)");
    while (std::getline(file, line)) {
        std::smatch m;
        if (std::regex_search(line, m, r))
            m_privGroupMap[m[1]] = m[3];
    }
}

std::string PolicyConfiguration::getPkgRulesFilePath() {
    return CONF_DIR "pkg-rules-template.smack";
}
std::string PolicyConfiguration::getAppRulesFilePath() {
    return CONF_DIR "app-rules-template.smack";
}

} // namespace SecurityManagerTest