Same as RUNNER_TEST_CHILD but run only with smack disabled.
RUNNER_MULTIPROCESS_TEST_SMACK
Same as RUNNER_TEST_MULTIPROCESS but run only with smack enabled.
- RUNNER_MULTIPROCESS_TEST_NOSMACK
- Same as RUNNER_TEST_MULTIPROCESS but run only with smack disabled.
--Assert macros----------------------------------------------------------------
Used within test registering macros.
/*
- * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
}
void check_alias_info_list_helper(const CKM::AliasPwdVector& expected, const CKM::AliasPwdVector& actual,
- const std::string userSmackLabel)
+ const std::string &userSmackLabel)
{
std::string errorLogMsg;
std::unordered_map<std::string, bool> aliasPwdMap;
}
}
-void check_alias_info_list(const CKM::AliasPwdVector& expected, const std::string& userSmackLabel)
+void check_alias_info_list(const CKM::AliasPwdVector& expected)
{
ckmc_alias_info_list_s *aliasInfoList = NULL;
int ret = ckmc_get_data_alias_info_list(&aliasInfoList);
it++;
}
ckmc_alias_info_list_all_free(aliasInfoList);
- check_alias_info_list_helper(expected, actual, userSmackLabel);
+ check_alias_info_list_helper(expected, actual);
}
size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count)
/*
- * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
ckmc_raw_buffer_s prepare_message_buffer(const char * input);
void check_alias_list(const CKM::AliasVector& expected);
void check_alias_info_list_helper(const CKM::AliasPwdVector& expected, const CKM::AliasPwdVector& actual,
- const std::string userSmackLabel = "");
-void check_alias_info_list(const CKM::AliasPwdVector& expected,
- const std::string& userSmackLabel = "");
+ const std::string &userSmackLabel = {});
+void check_alias_info_list(const CKM::AliasPwdVector& expected);
typedef enum {
ALIAS_KEY,
/*
- * Copyright (c) 2013-2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2013-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
DBus::MessageOut ServiceManager::newMethodCall(const std::string &method)
{
- return DBus::MessageOut(SYSTEMD_DESTINATION.c_str(),
- SYSTEMD_PATH.c_str(),
- SYSTEMD_MANAGER_INTERFACE.c_str(),
- method.c_str());
+ return DBus::MessageOut(SYSTEMD_DESTINATION,
+ SYSTEMD_PATH,
+ SYSTEMD_MANAGER_INTERFACE,
+ method);
}
std::string ServiceManager::handleObjectPathMsgReply(DBus::MessageIn &messageIn)
/*
- * Copyright (c) 2013 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2013-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*/
#include "tests_common.h"
-#include <fcntl.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
-#include <grp.h>
#include <errno.h>
-#include <vector>
-#include <algorithm>
bool smack_check(void)
{
return 1;
}
-/*
- * Add a new group to the current process groups.
- */
-void add_process_group(const char* group_name)
-{
- // get group ID by group name
- group *gr = getgrnam(group_name);
- RUNNER_ASSERT_ERRNO_MSG(gr != nullptr, "getgrnam failed on '" << group_name << "' group");
- const gid_t new_group_id = gr->gr_gid;
-
- // get number of groups that the current process belongs to
- int ngroups = getgroups(0, nullptr);
-
- //allocate groups table + space for new group entry
- std::vector<gid_t> groups(ngroups + 1);
- getgroups(ngroups, groups.data());
-
- // check if the process already belongs to the group
- if (std::find(groups.begin(), groups.end(), new_group_id) != groups.end()) return;
-
- // add new group & apply change
- groups[ngroups] = new_group_id;
- int ret = setgroups(groups.size(), groups.data());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "setgroups() failed");
-}
-
-/*
- * Remove specific group from the current process groups.
- */
-void remove_process_group(const char* group_name)
-{
- // get group ID by group name
- group *gr = getgrnam(group_name);
- RUNNER_ASSERT_ERRNO_MSG(gr != nullptr, "getgrnam failed on '" << group_name << "' group");
- const gid_t new_group_id = gr->gr_gid;
-
- int ngroups = getgroups(0, nullptr);
- std::vector<gid_t> groups(ngroups);
- getgroups(ngroups, groups.data());
-
- // remove group from the list
- groups.erase(std::remove(groups.begin(), groups.end(), new_group_id), groups.end());
-
- if (groups.size() != (size_t)ngroups) {
- // apply change
- int ret = setgroups(groups.size(), groups.data());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "setgroups() failed");
- }
-}
-
std::string formatCstr(const char *cstr)
{
if (!cstr)
return result;
}
-void mkdirSafe(const std::string &path, mode_t mode)
+static void mkdirSafe(const std::string &path, mode_t mode)
{
RUNNER_ASSERT_ERRNO_MSG(0 == mkdir(path.c_str(), mode) || errno == EEXIST,
"mkdir for <" << path << "> with mode <" << mode << "> failed");
mkdirSafe(path, mode);
}
-void creatSafe(const std::string &path, mode_t mode)
-{
- RUNNER_ASSERT_ERRNO_MSG(-1 != creat(path.c_str(), mode),
- "creat for <" << path << "> with mode <" << mode << "> failed");
-}
-
-void symlinkSafe(const std::string &targetPath, const std::string &linkPath)
-{
- RUNNER_ASSERT_ERRNO_MSG(0 == symlink(targetPath.c_str(), linkPath.c_str()),
- "symlink for <" << linkPath << "> to <" << targetPath << "> failed");
-}
-
-void removeDir(const std::string &path)
-{
- DIR *d = opendir(path.c_str());
-
- if (nullptr == d) {
- RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "opendir of <" << path << "> failed");
- return;
- }
-
- struct dirent *dirEntry;
- while (nullptr != (dirEntry = readdir(d))) {
- std::string entryName(dirEntry->d_name);
- if (entryName == "." || entryName == "..")
- continue;
-
- std::string entryPath(path + "/" + entryName);
- struct stat st;
-
- RUNNER_ASSERT_ERRNO_MSG(0 == lstat(entryPath.c_str(), &st),
- "stat for <" << entryPath << "> failed");
- if (S_ISDIR(st.st_mode))
- removeDir(entryPath);
- else
- RUNNER_ASSERT_ERRNO_MSG(0 == unlink(entryPath.c_str()),
- "unlink for <" << entryPath << "> failed");
- }
-
- closedir(d);
-
- RUNNER_ASSERT_ERRNO_MSG(0 == rmdir(path.c_str()), "rmdir for <" << path << "> failed");
-}
-
void waitPid(pid_t pid)
{
int status;
#include <sys/types.h>
#include <string>
#include <tuple>
-#include <errno.h>
#include <string.h>
const uid_t APP_UID = 5001;
const gid_t APP_GID = 100;
-const uid_t APP_UID_2 = 5200;
-const gid_t APP_GID_2 = 5200;
-const uid_t DB_ALARM_UID = 6001;
-const gid_t DB_ALARM_GID = 6001;
-const std::string TMP_DIR("/tmp");
bool smack_check(void);
int drop_root_privileges(uid_t appUid = APP_UID, gid_t appGid = APP_GID);
-void add_process_group(const char* group_name);
-void remove_process_group(const char* group_name);
std::string formatCstr(const char *cstr);
int files_compare(int fd1, int fd2);
-void mkdirSafe(const std::string &path, mode_t mode);
void mktreeSafe(const std::string &path, mode_t mode);
-void creatSafe(const std::string &path, mode_t mode);
-void symlinkSafe(const std::string &targetPath, const std::string &linkPath);
-void removeDir(const std::string &path);
void waitPid(pid_t pid);
pid_t runInChild(const std::function<void(void)> &process);
} \
void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-#define RUNNER_MULTIPROCESS_TEST_NOSMACK(Proc, ...) \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- static int Static##Proc##Init() \
- { \
- if (!smack_check()) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \
- new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple) { \
- DPL::Test::RunMultiProc(std::bind(Proc##Multi, optionalArgsTuple)); \
- } \
- void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-
#endif
/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
FileOperations::removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR);
for (const auto &dir : pluginDirectories)
- FileOperations::copyCynaraFiles(dir.c_str(), CynaraTestConsts::SERVICE_PLUGINS_DIR);
+ FileOperations::copyCynaraFiles(dir, CynaraTestConsts::SERVICE_PLUGINS_DIR);
}
void restartCynaraService()
/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
void CynaraTestEnv::init(const std::string &testName)
{
- m_saveDir = TMP_DIR + "/" + testName;
+ m_saveDir = "/tmp/" + testName;
m_dbSaveDir = m_saveDir + "/db";
m_defaultDir = "/etc/security-tests/db_patterns/default";
m_pluginsToInstallDir = "/opt/plugins_to_install";
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
namespace FileOperations
{
-static int removeFile(const char *fpath, const struct stat * /*sb*/,
+namespace {
+
+int removeFile(const char *fpath, const struct stat * /*sb*/,
int tflag, struct FTW * /*ftwbuf*/)
{
if (tflag == FTW_F)
return 0;
}
-bool dirExists(const std::string &directory)
+void syncElem(const std::string &filename, int flags, mode_t mode)
{
- struct stat st;
- int ret = stat(directory.c_str(), &st);
- if (ret == -1 && errno == ENOENT) {
- return false;
- } else if (ret == -1) {
- RUNNER_ASSERT_ERRNO_MSG(false, "Cannot stat " << directory
- << " not due to its nonexistence");
- }
- RUNNER_ASSERT_MSG(st.st_mode & S_IFDIR, directory << " is not a directory");
- return true;
+ int fileFd = TEMP_FAILURE_RETRY(open(filename.c_str(), flags, mode));
+ RUNNER_ASSERT_ERRNO_MSG(fileFd != -1, "open failed name=" << filename);
+ FdUniquePtr fdPtr(&fileFd);
+
+ int ret = fsync(fileFd);
+ RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fsync failed name=" << filename);
+}
+
+void syncDir(const std::string &dirname, mode_t mode = S_IRUSR | S_IWUSR) {
+ syncElem(dirname, O_DIRECTORY, mode);
}
void copyCynaraFile(const std::string &src, const std::string &dst)
RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fsync failed");
}
+} // namespace
+
+bool dirExists(const std::string &directory)
+{
+ struct stat st;
+ int ret = stat(directory.c_str(), &st);
+ if (ret == -1 && errno == ENOENT) {
+ return false;
+ } else if (ret == -1) {
+ RUNNER_ASSERT_ERRNO_MSG(false, "Cannot stat " << directory
+ << " not due to its nonexistence");
+ }
+ RUNNER_ASSERT_MSG(st.st_mode & S_IFDIR, directory << " is not a directory");
+ return true;
+}
+
void copyCynaraFiles(const std::string &source, const std::string &destination)
{
DIR *dirPtr = nullptr;
syncDir(destination);
}
-void syncElem(const std::string &filename, int flags, mode_t mode)
-{
- int fileFd = TEMP_FAILURE_RETRY(open(filename.c_str(), flags, mode));
- RUNNER_ASSERT_ERRNO_MSG(fileFd != -1, "open failed name=" << filename);
- FdUniquePtr fdPtr(&fileFd);
-
- int ret = fsync(fileFd);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fsync failed name=" << filename);
-}
-
-void syncDir(const std::string &dirname, mode_t mode) {
- syncElem(dirname, O_DIRECTORY, mode);
-}
-
void makeDir(const std::string &directory)
{
RUNNER_ASSERT_ERRNO_MSG(!mkdir(directory.c_str(), S_IRWXU | S_IRWXG | S_IRWXO),
#ifndef CYNARA_TEST_FILE_OPERATIONS_H
#define CYNARA_TEST_FILE_OPERATIONS_H
-#include <fcntl.h>
#include <string>
namespace FileOperations
{
bool dirExists(const std::string &directory);
-void copyCynaraFile(const std::string &src, const std::string &dst);
void copyCynaraFiles(const std::string &source, const std::string &destination);
-void syncElem(const std::string &filename, int flags = O_RDONLY, mode_t mode = S_IRUSR | S_IWUSR);
-void syncDir(const std::string &dirname, mode_t mode = S_IRUSR | S_IWUSR);
void makeDir(const std::string &directory);
void removeDirFiles(const std::string &dir);
void removeDirIfExists(const std::string &dir);
/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2011-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
static void DisplayKnownException(const Exception& e)
{
- LogUnhandledException(KnownExceptionToString(e).c_str());
+ LogUnhandledException(KnownExceptionToString(e));
}
static void DisplayUnknownException()
{
- LogUnhandledException(UnknownExceptionToString().c_str());
+ LogUnhandledException(UnknownExceptionToString());
}
Exception(const Exception &other)
/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
void SummaryCollector::writeStats(bool segfault)
{
- m_output.open(m_filename.c_str(), std::ofstream::out | std::ofstream::trunc);
+ m_output.open(m_filename, std::ofstream::out | std::ofstream::trunc);
if (!m_output) {
LogPedantic("Could not open file " << m_filename << " for writing");
return;
/*
- * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
int result;
for (auto &priv : allowedPrivs) {
- ctc.check(smackLabel.c_str(), "", user, priv.getName().c_str(), CYNARA_API_ACCESS_ALLOWED);
+ ctc.check(smackLabel, "", user, priv.getName(), CYNARA_API_ACCESS_ALLOWED);
Api::appHasPrivilege(m_appName, priv, m_uidGid, result);
RUNNER_ASSERT_MSG(result == 1,
}
for (auto &priv : deniedPrivs) {
- ctc.check(smackLabel.c_str(), "", user, priv.getName().c_str(), CYNARA_API_ACCESS_DENIED);
+ ctc.check(smackLabel, "", user, priv.getName(), CYNARA_API_ACCESS_DENIED);
Api::appHasPrivilege(m_appName, priv, m_uidGid, result);
RUNNER_ASSERT_MSG(result == 0,
/*
- * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(app.getUID(), app.getGID()) == 0,
"launcher failed");
Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId().c_str());
+ Api::prepareApp(app.getAppId());
runInAppContext();
} catch (...) {
m_syncPipe.post();
/*
- * Copyright (c) 2016 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const std::string appopt = " --app=" + app_id;
const std::string uidopt = " --uid=" + user.getUidString();
- mktreeSafe(path1.c_str(), 0);
- mktreeSafe(path2.c_str(), 0);
+ mktreeSafe(path1, 0);
+ mktreeSafe(path2, 0);
const std::string installcmd = "security-manager-cmd --install " + appopt + pkgopt + uidopt;
std::string getTextFileContents(const std::string &path)
{
- std::ifstream in(path.c_str());
+ std::ifstream in(path);
if (in.fail())
return std::string();
std::stringstream ss;
for (size_t i = 0; i < THREADS; i++)
threads[i].run(i, expectedLabel);
- Api::prepareApp(app.getAppId().c_str());
+ Api::prepareApp(app.getAppId());
}
RUNNER_ASSERT_MSG(thread_errors.empty(), std::endl << thread_errors);
exit(0);
} else {
waitPid(pid);
- Api::cleanupApp(app.getAppId().c_str(), tmpUser.getUid(), pid);
+ Api::cleanupApp(app.getAppId(), tmpUser.getUid(), pid);
}
}
synchPipe.claimParentEp();
RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(tmpUser) == 0, "launcher failed");
Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId().c_str());
+ Api::prepareApp(app.getAppId());
synchPipe.post();
synchPipe.wait();
synchPipe.post();
waitPid(pid);
- Api::cleanupApp(app.getAppId().c_str(), tmpUser.getUid(), pid);
+ Api::cleanupApp(app.getAppId(), tmpUser.getUid(), pid);
}
}
synchPipe.claimParentEp();
RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(tmpUser) == 0, "launcher failed");
Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId().c_str());
+ Api::prepareApp(app.getAppId());
synchPipe.post();
synchPipe.wait();
synchPipe.post();
waitPid(pid);
- Api::cleanupApp(app.getAppId().c_str(), tmpUser.getUid(), pid);
+ Api::cleanupApp(app.getAppId(), tmpUser.getUid(), pid);
}
}
synchPipe.claimParentEp();
RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(tmpUser) == 0, "launcher failed");
Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId().c_str());
+ Api::prepareApp(app.getAppId());
synchPipe.post();
synchPipe.wait();
synchPipe.post();
waitPid(pid);
- Api::cleanupApp(app.getAppId().c_str(), tmpUser.getUid(), pid);
+ Api::cleanupApp(app.getAppId(), tmpUser.getUid(), pid);
}
}
/*
- * Copyright (c) 2016-2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
if (pid == 0) {
setLauncherSecurityAttributes(uid, gid);
Api::prepareAppCandidate();
- Api::prepareApp(appId.c_str());
+ Api::prepareApp(appId);
f();
exit(0);
} else {
waitPid(pid);
- Api::cleanupApp(appId.c_str(), uid, pid);
+ Api::cleanupApp(appId, uid, pid);
}
}
projects / platform / core / test / security-tests.git / commitdiff