Tests for sending policies update for admin and self

Change-Id: I389145fdb8593c052f7bde1951d36e196e4310c4
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>

diff --git a/tests/security-manager-tests/CMakeLists.txt b/tests/security-manager-tests/CMakeLists.txt
index c0894ec..3ee5beb 100644 (file)
--- a/tests/security-manager-tests/CMakeLists.txt
+++ b/tests/security-manager-tests/CMakeLists.txt
@@ -26,6 +26,7 @@ PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP
     libsmack
     libprivilege-control
     cynara-client
+    cynara-admin
     security-manager
     libtzplatform-config
     sqlite3
@@ -44,6 +45,7 @@ SET(SEC_MGR_SOURCES
     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/sm_user_request.cpp
     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/sm_policy_request.cpp
     ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_client.cpp
+    ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_admin.cpp
     ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp
    )
 
@@ -59,6 +61,7 @@ INCLUDE_DIRECTORIES(
     ${PROJECT_SOURCE_DIR}/tests/common/
     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/
     ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/
+    ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/
     ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/common/
    )
 

diff --git a/tests/security-manager-tests/security_manager_tests.cpp b/tests/security-manager-tests/security_manager_tests.cpp
index 9d9df10..2da8689 100644 (file)
--- a/tests/security-manager-tests/security_manager_tests.cpp
+++ b/tests/security-manager-tests/security_manager_tests.cpp
@@ -31,6 +31,7 @@
 #include <sm_user_request.h>
 #include <temp_test_user.h>
 #include <cynara_test_client.h>
+#include <cynara_test_admin.h>
 #include <service_manager.h>
 
 using namespace SecurityManagerTest;
@@ -1560,6 +1561,217 @@ RUNNER_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_for_admi
 
 }
 
+RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin)
+{
+    const char *const update_app_id = "security_manager_15_update_app_id";
+    const char *const update_privilege = "http://tizen.org/privilege/led";
+    const char *const check_start_bucket = "ADMIN";
+    const std::string username("sm_test_15_username");
+    PolicyRequest addPolicyRequest;
+    CynaraTestAdmin::Admin admin;
+
+    std::string smackLabel;
+    generateAppLabel(update_app_id, smackLabel);
+
+    struct message {
+        uid_t uid;
+        gid_t gid;
+    } msg;
+
+    int pipefd[2];
+    pid_t pid;
+    int result = 0;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+
+    TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
+    user.create();
+
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        register_current_process_as_privilege_manager(user.getUid(), true);
+
+        //send info to child
+        msg.uid = user.getUid();
+        msg.gid = user.getGid();
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+        admin.adminCheck(check_start_bucket, false, smackLabel.c_str(),
+                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+    }
+    if(pid == 0)
+    {
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+        entry.setMaxLevel("Allow");
+
+        addPolicyRequest.addEntry(entry);
+        Api::sendPolicy(addPolicyRequest);
+        exit(0);
+    }
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard)
+{
+    const char *const update_other_app_id = "security_manager_15_update_other_app_id";
+    const char *const update_privilege = "http://tizen.org/privilege/led";
+    const char *const check_start_bucket = "ADMIN";
+    const std::string username("sm_test_15_username");
+    PolicyRequest addPolicyRequest;
+    CynaraTestAdmin::Admin admin;
+
+    std::string smackLabel;
+    generateAppLabel(update_other_app_id, smackLabel);
+
+    struct message {
+        uid_t uid;
+        gid_t gid;
+    } msg;
+
+    int pipefd[2];
+    pid_t pid;
+    int result = 0;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+
+    TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
+    user.create();
+
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        register_current_process_as_privilege_manager(user.getUid(), true);
+
+        //send info to child
+        msg.uid = user.getUid();
+        msg.gid = user.getGid();
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+        admin.adminCheck(check_start_bucket, false, smackLabel.c_str(),
+                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+    }
+    if(pid == 0)
+    {
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        // use wildcard as appId
+        PolicyEntry entry(SECURITY_MANAGER_ANY, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+        entry.setMaxLevel("Allow");
+
+        addPolicyRequest.addEntry(entry);
+        Api::sendPolicy(addPolicyRequest);
+        exit(0);
+    }
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_self)
+{
+    const char *const update_app_id = "security_manager_15_update_app_id";
+    const char *const update_privilege = "http://tizen.org/privilege/led";
+    const char *const check_start_bucket = "";
+    const std::string username("sm_test_15_username");
+    PolicyRequest addPolicyRequest;
+    CynaraTestAdmin::Admin admin;
+
+    std::string smackLabel;
+    generateAppLabel(update_app_id, smackLabel);
+
+    struct message {
+        uid_t uid;
+        gid_t gid;
+    } msg;
+
+    int pipefd[2];
+    pid_t pid;
+    int result = 0;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+
+    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+    user.create();
+
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        register_current_process_as_privilege_manager(user.getUid(), false);
+
+        //send info to child
+        msg.uid = user.getUid();
+        msg.gid = user.getGid();
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+        admin.adminCheck(check_start_bucket, false, smackLabel.c_str(),
+                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+    }
+    if(pid == 0)
+    {
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+        entry.setLevel("Allow");
+
+        addPolicyRequest.addEntry(entry);
+        Api::sendPolicy(addPolicyRequest);
+        exit(0);
+    }
+}
+
 int main(int argc, char *argv[])
 {
     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);