2 * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <sys/types.h>
23 #include <access_provider.h>
24 #include <cynara_helpers_creds.h>
25 #include <dpl/test/test_runner.h>
26 #include <label_generator.h>
28 #include <passwd_access.h>
30 #include <sm_commons.h>
31 #include <sm_request.h>
32 #include <synchronization_pipe.h>
33 #include <tests_common.h>
34 #include <tzplatform.h>
37 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_CREDENTIAL_API)
39 using namespace SecurityManagerTest;
41 class ProcessCredentials {
43 ProcessCredentials(const std::string &smackLabel) : m_label(smackLabel) {}
45 const std::string &label(void) const {
49 uid_t uid(void) const {
50 return TzPlatformConfig::getGlobalUserId();
53 gid_t gid(void) const {
54 return PasswdAccess::gid("users");
61 void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
62 const struct ProcessCredentials &peerCredentials) {
63 SecurityServer::AccessProvider ap(peerCredentials.label());
64 ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
67 int sock = UDSHelpers::createServer(&sockaddr);
68 SockUniquePtr sockPtr(&sock);
70 int clientSock = UDSHelpers::acceptClient(sock);
72 UDSHelpers::waitForDisconnect(clientSock);
75 typedef std::function<void(int sock, pid_t pid)> SocketAssertionFn;
77 void clientTestTemplate(SocketAssertionFn assertion, const std::string &scope, const std::string &smackLabel) {
78 const auto sockaddr = UDSHelpers::makeAbstractAddress("test_sm_" + scope + ".socket");
79 const ProcessCredentials peerCredentials(smackLabel);
81 SynchronizationPipe pipe;
83 pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
84 std::cref(peerCredentials)));
88 int sock = UDSHelpers::createClient(&sockaddr);
89 SockUniquePtr sockPtr(&sock);
94 void test_51a_get_id_by_socket(bool isHybrid) {
95 const char *const sm_app_id = "sm_test_51a_app";
96 const char *const sm_pkg_id = "sm_test_51a_pkg";
98 InstallRequest requestInst;
99 requestInst.setAppId(sm_app_id);
100 requestInst.setPkgId(sm_pkg_id);
102 requestInst.setHybrid();
104 Api::install(requestInst);
106 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid);
108 clientTestTemplate([&] (int sock, pid_t) {
109 std::string rcvPkgId, rcvAppId;
110 Api::getPkgIdBySocket(sock, &rcvPkgId, &rcvAppId);
111 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
112 << "; expected = " << sm_pkg_id);
114 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
115 << "; expected = " << sm_app_id);
117 RUNNER_ASSERT_MSG(rcvAppId.empty(), "magically acquired appId from nonhybrid app");
118 }, "tcsm27a", smackLabel);
120 InstallRequest requestUninst;
121 requestUninst.setAppId(sm_app_id);
123 Api::uninstall(requestUninst);
126 RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket_hybrid)
128 test_51a_get_id_by_socket(true);
131 RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket_nonhybrid)
133 test_51a_get_id_by_socket(false);
136 RUNNER_CHILD_TEST(security_manager_51b_get_id_by_socket_bad_fd)
138 const char *const sm_app_id = "sm_test_51b_app";
139 const char *const sm_pkg_id = "sm_test_51b_pkg";
141 InstallRequest requestInst;
142 requestInst.setAppId(sm_app_id);
143 requestInst.setPkgId(sm_pkg_id);
145 Api::install(requestInst);
147 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
149 clientTestTemplate([&] (int sock, pid_t) {
150 std::string rcvPkgId, rcvAppId;
151 Api::getPkgIdBySocket(sock + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
152 }, "tcsm27b", smackLabel);
154 InstallRequest requestUninst;
155 requestUninst.setAppId(sm_app_id);
157 Api::uninstall(requestUninst);
160 RUNNER_CHILD_TEST(security_manager_51c_get_id_by_socket_only_pkg)
162 const char *const sm_app_id = "sm_test_51c_app";
163 const char *const sm_pkg_id = "sm_test_51c_pkg";
165 InstallRequest requestInst;
166 requestInst.setAppId(sm_app_id);
167 requestInst.setPkgId(sm_pkg_id);
169 Api::install(requestInst);
171 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
173 clientTestTemplate([&] (int sock, pid_t) {
174 std::string rcvPkgId;
175 Api::getPkgIdBySocket(sock, &rcvPkgId, nullptr);
176 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
177 << "; expected = " << sm_pkg_id);
178 }, "tcsm27c", smackLabel);
180 InstallRequest requestUninst;
181 requestUninst.setAppId(sm_app_id);
183 Api::uninstall(requestUninst);
186 RUNNER_CHILD_TEST(security_manager_51d_get_id_by_socket_only_appid)
188 const char *const sm_app_id = "sm_test_51d_app";
189 const char *const sm_pkg_id = "sm_test_51d_pkg";
191 InstallRequest requestInst;
192 requestInst.setAppId(sm_app_id);
193 requestInst.setPkgId(sm_pkg_id);
194 requestInst.setHybrid();
196 Api::install(requestInst);
198 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true);
200 clientTestTemplate([&] (int sock, pid_t) {
201 std::string rcvAppId;
202 Api::getPkgIdBySocket(sock, nullptr, &rcvAppId);
203 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
204 << "; expected = " << sm_app_id);
205 }, "tcsm27d", smackLabel);
207 InstallRequest requestUninst;
208 requestUninst.setAppId(sm_app_id);
210 Api::uninstall(requestUninst);
213 RUNNER_CHILD_TEST(security_manager_51e_get_id_by_socket_nulls)
215 const char *const sm_app_id = "sm_test_51e_app";
216 const char *const sm_pkg_id = "sm_test_51e_pkg";
218 InstallRequest requestInst;
219 requestInst.setAppId(sm_app_id);
220 requestInst.setPkgId(sm_pkg_id);
222 Api::install(requestInst);
224 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
226 clientTestTemplate([&] (int sock, pid_t) {
227 Api::getPkgIdBySocket(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
228 }, "tcsm27e", smackLabel);
230 InstallRequest requestUninst;
231 requestUninst.setAppId(sm_app_id);
233 Api::uninstall(requestUninst);
236 void test_52a_get_id_by_pid(bool isHybrid) {
237 const char *const sm_app_id = "sm_test_52a_app";
238 const char *const sm_pkg_id = "sm_test_52a_pkg";
240 InstallRequest requestInst;
241 requestInst.setAppId(sm_app_id);
242 requestInst.setPkgId(sm_pkg_id);
244 requestInst.setHybrid();
245 Api::install(requestInst);
247 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid);
249 clientTestTemplate([&] (int, pid_t pid) {
250 std::string rcvPkgId, rcvAppId;
251 Api::getPkgIdByPid(pid, &rcvPkgId, &rcvAppId);
252 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
253 << "; expected = " << sm_pkg_id);
255 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
256 << "; expected = " << sm_app_id);
258 RUNNER_ASSERT_MSG(rcvAppId.empty(), "magically acquired appId from nonhybrid app");
259 }, "tcsm28a", smackLabel);
261 InstallRequest requestUninst;
262 requestUninst.setAppId(sm_app_id);
264 Api::uninstall(requestUninst);
267 RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid_hybrid)
269 test_52a_get_id_by_pid(true);
272 RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid_nonhybrid)
274 test_52a_get_id_by_pid(false);
277 RUNNER_CHILD_TEST(security_manager_52b_get_id_by_pid_bad_fd)
279 const char *const sm_app_id = "sm_test_52b_app";
280 const char *const sm_pkg_id = "sm_test_52b_pkg";
282 InstallRequest requestInst;
283 requestInst.setAppId(sm_app_id);
284 requestInst.setPkgId(sm_pkg_id);
286 Api::install(requestInst);
288 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
290 clientTestTemplate([&] (int, pid_t pid) {
291 std::string rcvPkgId, rcvAppId;
292 Api::getPkgIdByPid(pid + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
293 }, "tcsm28b", smackLabel);
295 InstallRequest requestUninst;
296 requestUninst.setAppId(sm_app_id);
298 Api::uninstall(requestUninst);
301 RUNNER_CHILD_TEST(security_manager_52c_get_id_by_pid_only_pkg)
303 const char *const sm_app_id = "sm_test_52c_app";
304 const char *const sm_pkg_id = "sm_test_52c_pkg";
306 InstallRequest requestInst;
307 requestInst.setAppId(sm_app_id);
308 requestInst.setPkgId(sm_pkg_id);
310 Api::install(requestInst);
312 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
314 clientTestTemplate([&] (int, pid_t pid) {
315 std::string rcvPkgId;
316 Api::getPkgIdByPid(pid, &rcvPkgId, nullptr);
317 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
318 << "; expected = " << sm_pkg_id);
319 }, "tcsm28c", smackLabel);
321 InstallRequest requestUninst;
322 requestUninst.setAppId(sm_app_id);
324 Api::uninstall(requestUninst);
327 RUNNER_CHILD_TEST(security_manager_52d_get_id_by_pid_only_appid)
329 const char *const sm_app_id = "sm_test_52d_app";
330 const char *const sm_pkg_id = "sm_test_52d_pkg";
332 InstallRequest requestInst;
333 requestInst.setAppId(sm_app_id);
334 requestInst.setPkgId(sm_pkg_id);
335 requestInst.setHybrid();
337 Api::install(requestInst);
339 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true);
341 clientTestTemplate([&] (int, pid_t pid) {
342 std::string rcvAppId;
343 Api::getPkgIdByPid(pid, nullptr, &rcvAppId);
344 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
345 << "; expected = " << sm_app_id);
346 }, "tcsm28d", smackLabel);
348 InstallRequest requestUninst;
349 requestUninst.setAppId(sm_app_id);
351 Api::uninstall(requestUninst);
354 RUNNER_CHILD_TEST(security_manager_52e_get_id_by_pid_nulls)
356 const char *const sm_app_id = "sm_test_52e_app";
357 const char *const sm_pkg_id = "sm_test_52e_pkg";
359 InstallRequest requestInst;
360 requestInst.setAppId(sm_app_id);
361 requestInst.setPkgId(sm_pkg_id);
363 Api::install(requestInst);
365 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
367 clientTestTemplate([&] (int sock, pid_t) {
368 Api::getPkgIdByPid(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
369 }, "tcsm28e", smackLabel);
371 InstallRequest requestUninst;
372 requestUninst.setAppId(sm_app_id);
374 Api::uninstall(requestUninst);
377 void test_53a_get_id_by_cynara_client(bool isHybrid) {
378 const char *const sm_app_id = "sm_test_53a_app";
379 const char *const sm_pkg_id = "sm_test_53a_pkg";
381 InstallRequest requestInst;
382 requestInst.setAppId(sm_app_id);
383 requestInst.setPkgId(sm_pkg_id);
385 requestInst.setHybrid();
387 Api::install(requestInst);
389 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, isHybrid);
391 clientTestTemplate([&] (int sock, pid_t) {
392 std::string rcvPkgId, rcvAppId;
393 CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
394 RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
395 Api::getPkgIdByCynaraClient(cynaraClient.get(), &rcvPkgId, &rcvAppId);
396 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
397 << "; expected = " << sm_pkg_id);
399 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
400 << "; expected = " << sm_app_id);
401 }, "tcsmc53a", smackLabel);
403 InstallRequest requestUninst;
404 requestUninst.setAppId(sm_app_id);
406 Api::uninstall(requestUninst);
409 RUNNER_CHILD_TEST(security_manager_53a_get_id_by_cynara_client_hybrid)
411 test_53a_get_id_by_cynara_client(true);
414 RUNNER_CHILD_TEST(security_manager_53a_get_id_by_cynara_client_nonhybrid)
416 test_53a_get_id_by_cynara_client(false);
419 RUNNER_CHILD_TEST(security_manager_53b_get_id_by_cynara_client_wrong_client)
422 std::string rcvPkgId, rcvAppId;
423 Api::getPkgIdByCynaraClient("NotAnApp", &rcvPkgId, &rcvAppId,
424 SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
427 RUNNER_CHILD_TEST(security_manager_53c_get_id_by_cynara_client_only_pkgid)
429 const char *const sm_app_id = "sm_test_53c_app";
430 const char *const sm_pkg_id = "sm_test_53c_pkg";
432 InstallRequest requestInst;
433 requestInst.setAppId(sm_app_id);
434 requestInst.setPkgId(sm_pkg_id);
436 Api::install(requestInst);
438 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
440 clientTestTemplate([&] (int sock, pid_t) {
441 std::string rcvPkgId;
442 CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
443 RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
444 Api::getPkgIdByCynaraClient(cynaraClient.get(), &rcvPkgId, nullptr);
445 RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
446 << "; expected = " << sm_pkg_id);
447 }, "tcsm28c", smackLabel);
449 InstallRequest requestUninst;
450 requestUninst.setAppId(sm_app_id);
452 Api::uninstall(requestUninst);
455 RUNNER_CHILD_TEST(security_manager_53d_get_id_by_cynara_client_only_appid)
457 const char *const sm_app_id = "sm_test_53d_app";
458 const char *const sm_pkg_id = "sm_test_53d_pkg";
460 InstallRequest requestInst;
461 requestInst.setAppId(sm_app_id);
462 requestInst.setPkgId(sm_pkg_id);
463 requestInst.setHybrid();
465 Api::install(requestInst);
467 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id, true);
469 clientTestTemplate([&] (int sock, pid_t) {
470 std::string rcvAppId;
471 CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
472 RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
473 Api::getPkgIdByCynaraClient(cynaraClient.get(), nullptr, &rcvAppId);
474 RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
475 << "; expected = " << sm_app_id);
476 }, "tcsm28d", smackLabel);
478 InstallRequest requestUninst;
479 requestUninst.setAppId(sm_app_id);
481 Api::uninstall(requestUninst);
484 RUNNER_CHILD_TEST(security_manager_53e_get_id_by_cynara_client_nulls)
486 const char *const sm_app_id = "sm_test_53e_app";
487 const char *const sm_pkg_id = "sm_test_53e_pkg";
489 InstallRequest requestInst;
490 requestInst.setAppId(sm_app_id);
491 requestInst.setPkgId(sm_pkg_id);
493 Api::install(requestInst);
495 std::string smackLabel = generateProcessLabel(sm_app_id, sm_pkg_id);
497 clientTestTemplate([&] (int sock, pid_t) {
498 std::string rcvAppId;
499 CStringPtr cynaraClient(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
500 RUNNER_ASSERT_MSG(cynaraClient, "Cynara client from socket returned NULL");
501 Api::getPkgIdByCynaraClient(cynaraClient.get(), nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
502 }, "tcsm28e", smackLabel);
504 InstallRequest requestUninst;
505 requestUninst.setAppId(sm_app_id);
507 Api::uninstall(requestUninst);