2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
21 #include <sys/types.h>
24 #include <dpl/test/test_runner.h>
25 #include <dpl/test/test_runner_child.h>
26 #include <policy_configuration.h>
28 #include <sm_policy_request.h>
29 #include <sm_user_request.h>
30 #include <temp_test_user.h>
32 #include <security-manager.h>
34 using namespace SecurityManagerTest;
36 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_NSS_PLUGIN)
38 RUNNER_CHILD_TEST(nss_01_unknown_user) {
39 const std::string newUserName = "nss_01_user";
40 PolicyConfiguration pc;
41 TemporaryTestUser testUser(newUserName, GUM_USERTYPE_NORMAL, false);
44 auto gidVector = pc.getGid();
46 RUNNER_ASSERT_MSG(0 == initgroups(newUserName.c_str(), 0), "Init groups failed");
49 int grsize = getgroups(64, list);
52 for (size_t i=0; i<gidVector.size(); ++i) {
53 for (int j=0; j<grsize; ++j)
54 if(list[j] == gidVector[i]) {
60 RUNNER_ASSERT_MSG(gidVector.size() == counter,
61 "Process should have all groups related with privileges but it have only " <<
62 counter << " of " << gidVector.size() << " required groups");
65 RUNNER_CHILD_TEST(nss_02_normal_user_all_priv) {
66 const std::string newUserName = "nss_02_user";
67 PolicyConfiguration pc;
68 TemporaryTestUser testUser(newUserName, GUM_USERTYPE_NORMAL, false);
71 auto gidVector = pc.getUserGid(PolicyConfiguration::NORMAL);
73 UserRequest addUserRequest;
74 addUserRequest.setUid(testUser.getUid());
75 addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
76 Api::addUser(addUserRequest);
78 RUNNER_ASSERT_MSG(0 == initgroups(newUserName.c_str(), 0), "Init groups failed");
81 int grsize = getgroups(64, list);
84 for (size_t i=0; i<gidVector.size(); ++i) {
85 for (int j=0; j<grsize; ++j)
86 if(list[j] == gidVector[i]) {
92 RUNNER_ASSERT_MSG(gidVector.size() == counter,
93 "Process should have all groups related with privileges but it have only " <<
94 counter << " of " << gidVector.size() << " required groups");
97 RUNNER_CHILD_TEST(nss_03_normal_user_without_camera) {
98 const std::string newUserName = "nss_03_user";
99 TemporaryTestUser testUser(newUserName, GUM_USERTYPE_NORMAL, false);
101 gid_t cameraPrivId = nameToGid("priv_camera");
103 UserRequest addUserRequest;
104 addUserRequest.setUid(testUser.getUid());
105 addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
106 Api::addUser(addUserRequest);
108 PolicyRequest policyRequest;
110 SECURITY_MANAGER_ANY,
111 std::to_string(static_cast<int>(testUser.getUid())),
112 "http://tizen.org/privilege/camera");
113 entry.setMaxLevel("Deny");
114 policyRequest.addEntry(entry);
115 Api::sendPolicy(policyRequest);
117 RUNNER_ASSERT_MSG(0 == initgroups(newUserName.c_str(), 0), "Init groups failed");
120 int grsize = getgroups(64, list);
123 for (int i=0; i<grsize; ++i) {
124 if (list[i] == cameraPrivId) {
130 RUNNER_ASSERT_MSG(0 == counter, "Process should not have priv_camera group");
132 PolicyConfiguration pc;
133 auto gidVector = pc.getUserGid(PolicyConfiguration::NORMAL);
135 std::remove_if(gidVector.begin(), gidVector.end(), [=](gid_t g) { return g == cameraPrivId; }),
138 for (size_t i=0; i<gidVector.size(); ++i) {
139 for (int j=0; j<grsize; ++j)
140 if(list[j] == gidVector[i]) {
146 RUNNER_ASSERT_MSG(gidVector.size() == counter,
147 "Process should have all groups related with privileges but it have only " <<
148 counter << " of " << gidVector.size() << " required groups");
151 RUNNER_CHILD_TEST(nss_04_guest_user) {
152 const std::string newUserName = "nss_04_user";
153 TemporaryTestUser testUser(newUserName, GUM_USERTYPE_GUEST, false);
156 UserRequest addUserRequest;
157 addUserRequest.setUid(testUser.getUid());
158 addUserRequest.setUserType(SM_USER_TYPE_GUEST);
159 Api::addUser(addUserRequest);
161 RUNNER_ASSERT_MSG(0 == initgroups(newUserName.c_str(), 0), "Init groups failed");
164 int grsize = getgroups(64, list);
167 PolicyConfiguration pc;
168 auto gidVector = pc.getUserGid(PolicyConfiguration::GUEST);
170 for (size_t i=0; i<gidVector.size(); ++i) {
171 for (int j=0; j<grsize; ++j)
172 if(list[j] == gidVector[i]) {
178 RUNNER_ASSERT_MSG(gidVector.size() == counter,
179 "Process should have all groups related with privileges but it have only " <<
180 counter << " of " << gidVector.size() << " required groups");