2 * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
23 #include <sys/types.h>
26 #include <dpl/test/test_runner.h>
27 #include <dpl/test/test_runner_child.h>
28 #include <policy_configuration.h>
30 #define CONF_DIR "/usr/share/security-manager/policy/"
31 #define CONF_GROUP_FILE "privilege-group.list"
32 #define CONF_SYSTEMD_PRIVS_FILE "privilege-managed-by-systemd-for-daemons.list"
33 #define CONF_USER_TEMPLATE_FILE "usertype-%s.profile"
35 namespace SecurityManagerTest {
37 gid_t nameToGid(const char *name) {
38 struct group entry, *gresult;
41 0 == getgrnam_r(name, &entry, buffer, 1024, &gresult) && (gresult != NULL),
42 "Error in getgrnam. Group name: " << name);
47 std::string PolicyConfiguration::getConfigFilePath(UserType userType) {
48 const char *user = NULL;
50 case GUEST: user = "guest"; break;
51 case NORMAL: user = "normal"; break;
52 case ADMIN: user = "admin"; break;
53 case SYSTEM: user = "system"; break;
56 snprintf(buffer, 1024, CONF_DIR CONF_USER_TEMPLATE_FILE, user);
57 return std::string(buffer);
60 PolicyConfiguration::PrivVector PolicyConfiguration::getUserPriv(PolicyConfiguration::UserType userType) {
61 return getUserDescription(userType).privVector;
64 PolicyConfiguration::GroupVector PolicyConfiguration::getUserGroup(PolicyConfiguration::UserType userType) {
65 return getUserDescription(userType).groupVector;
68 PolicyConfiguration::GidVector PolicyConfiguration::getUserGid(PolicyConfiguration::UserType userType) {
69 return getUserDescription(userType).gidVector;
72 PolicyConfiguration::GidVector PolicyConfiguration::getGid() {
73 return groupToGid(getGroup());
76 PolicyConfiguration::GroupVector PolicyConfiguration::getGroup() {
78 if (m_privGroupMap.empty())
80 for (auto &e : m_privGroupMap)
81 result.push_back(e.second);
85 PolicyConfiguration::UserDescription& PolicyConfiguration::getUserDescription(PolicyConfiguration::UserType userType) {
86 auto it = m_userDescriptionMap.find(userType);
87 if (it == m_userDescriptionMap.end())
88 m_userDescriptionMap[userType] = loadUserDescription(userType);
89 return m_userDescriptionMap[userType];
92 gid_t PolicyConfiguration::groupToGid(const std::string &gname) {
93 auto it = m_groupGidMap.find(gname);
94 if (it == m_groupGidMap.end())
95 m_groupGidMap[gname] = nameToGid(gname.c_str());
96 return m_groupGidMap[gname];
99 PolicyConfiguration::GidVector PolicyConfiguration::groupToGid(const PolicyConfiguration::GroupVector &groupVector) {
101 for (auto &e : groupVector)
102 result.push_back(groupToGid(e));
106 PolicyConfiguration::PrivGroupMap PolicyConfiguration::getPrivGroupMap()
108 if (m_privGroupMap.empty())
110 return m_privGroupMap;
113 bool PolicyConfiguration::getIsAskuserEnabled() {
114 #ifdef ASKUSER_ENABLED
121 PolicyConfiguration::UserDescription PolicyConfiguration::loadUserDescription(PolicyConfiguration::UserType userType) {
122 UserDescription result;
123 std::string path = getConfigFilePath(userType);
124 result.privVector = loadPrivFile(path);
125 result.groupVector = privToGroup(result.privVector);
126 result.gidVector = groupToGid(result.groupVector);
130 PolicyConfiguration::PrivVector PolicyConfiguration::loadPrivFile(const std::string &path) {
132 std::ifstream file(path);
134 std::regex r("^\\*[ \t]+(.*)");
135 while (std::getline(file, line)) {
137 if (std::regex_search(line, m, r))
138 result.push_back(m[1]);
143 PolicyConfiguration::PrivVector PolicyConfiguration::getSystemdManagedPrivs()
145 PolicyConfiguration::PrivVector result;
146 std::ifstream file(CONF_DIR CONF_SYSTEMD_PRIVS_FILE);
147 if (!file.is_open()) {
148 RUNNER_ASSERT_MSG(file.is_open(),
149 "Unable to read config file " << CONF_DIR CONF_SYSTEMD_PRIVS_FILE);
152 std::regex r("^(http(.*))");
153 while (std::getline(file, line)) {
155 if (std::regex_search(line, m, r))
156 result.emplace_back(m[1]);
161 void PolicyConfiguration::loadPrivGroupMap(void) {
162 std::string pgPath(CONF_DIR CONF_GROUP_FILE);
163 std::ifstream file(pgPath);
165 RUNNER_ASSERT_MSG(file.is_open(),
166 "Unable to read group mapping file " << pgPath);
169 std::regex r("^(http(.*)) +(.*)");
170 while (std::getline(file, line)) {
172 if (std::regex_search(line, m, r))
173 m_privGroupMap[m[1]] = m[3];
177 std::string PolicyConfiguration::getPkgRulesFilePath() {
178 return CONF_DIR "pkg-rules-template.smack";
180 std::string PolicyConfiguration::getAppRulesFilePath() {
181 return CONF_DIR "app-rules-template.smack";
184 } // namespace SecurityManagerTest