[thirdparty/systemd.git] / src / bus-proxyd / test-bus-xml-policy.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2014 Daniel Mack

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <errno.h>
#include <stddef.h>
#include <unistd.h>

#include "sd-bus.h"

#include "alloc-util.h"
#include "bus-xml-policy.h"
#include "log.h"
#include "string-util.h"
#include "strv.h"
#include "util.h"

static int test_policy_load(Policy *p, const char *name) {
        _cleanup_free_ char *path = NULL;
        int r = 0;

        path = strjoin(TEST_DIR, "/bus-policy/", name, NULL);
        assert_se(path);

        if (access(path, R_OK) == 0)
                r = policy_load(p, STRV_MAKE(path));
        else
                r = -ENOENT;

        return r;
}

static int show_policy(const char *fn) {
        Policy p = {};
        int r;

        r = policy_load(&p, STRV_MAKE(fn));
        if (r < 0) {
                log_error_errno(r, "Failed to load policy %s: %m", fn);
                return r;
        }

        policy_dump(&p);
        policy_free(&p);

        return 0;
}

int main(int argc, char *argv[]) {

        Policy p = {};

        printf("Showing session policy BEGIN\n");
        show_policy("/etc/dbus-1/session.conf");
        printf("Showing session policy END\n");

        printf("Showing system policy BEGIN\n");
        show_policy("/etc/dbus-1/system.conf");
        printf("Showing system policy END\n");

        /* Ownership tests */
        assert_se(test_policy_load(&p, "ownerships.conf") == 0);

        assert_se(policy_check_own(&p, 0, 0, "org.test.test1") == true);
        assert_se(policy_check_own(&p, 1, 0, "org.test.test1") == true);

        assert_se(policy_check_own(&p, 0, 0, "org.test.test2") == true);
        assert_se(policy_check_own(&p, 1, 0, "org.test.test2") == false);

        assert_se(policy_check_own(&p, 0, 0, "org.test.test3") == false);
        assert_se(policy_check_own(&p, 1, 0, "org.test.test3") == false);

        assert_se(policy_check_own(&p, 0, 0, "org.test.test4") == false);
        assert_se(policy_check_own(&p, 1, 0, "org.test.test4") == true);

        policy_free(&p);

        /* Signaltest */
        assert_se(test_policy_load(&p, "signals.conf") == 0);

        assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_SIGNAL, "bli.bla.blubb", NULL, "/an/object/path", NULL) == true);
        assert_se(policy_check_one_send(&p, 1, 0, SD_BUS_MESSAGE_SIGNAL, "bli.bla.blubb", NULL, "/an/object/path", NULL) == false);

        policy_free(&p);

        /* Method calls */
        assert_se(test_policy_load(&p, "methods.conf") == 0);
        policy_dump(&p);

        assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "bli.bla.blubb", "Member") == false);
        assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "bli.bla.blubb", "Member") == false);
        assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int1", "Member") == true);
        assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == true);

        assert_se(policy_check_one_recv(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test3", "/an/object/path", "org.test.int3", "Member111") == true);

        policy_free(&p);

        /* User and groups */
        assert_se(test_policy_load(&p, "hello.conf") == 0);
        policy_dump(&p);

        assert_se(policy_check_hello(&p, 0, 0) == true);
        assert_se(policy_check_hello(&p, 1, 0) == false);
        assert_se(policy_check_hello(&p, 0, 1) == false);

        policy_free(&p);

        /* dbus1 test file: ownership */

        assert_se(test_policy_load(&p, "check-own-rules.conf") >= 0);
        policy_dump(&p);

        assert_se(policy_check_own(&p, 0, 0, "org.freedesktop") == false);
        assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystem") == false);
        assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems") == true);
        assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems.foo") == true);
        assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems.foo.bar") == true);
        assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems2") == false);
        assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems2.foo") == false);
        assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems2.foo.bar") == false);

        policy_free(&p);

        /* dbus1 test file: many rules */

        assert_se(test_policy_load(&p, "many-rules.conf") >= 0);
        policy_dump(&p);
        policy_free(&p);

        /* dbus1 test file: generic test */

        assert_se(test_policy_load(&p, "test.conf") >= 0);
        policy_dump(&p);

        assert_se(policy_check_own(&p, 0, 0, "org.foo.FooService") == true);
        assert_se(policy_check_own(&p, 0, 0, "org.foo.FooService2") == false);
        assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
        assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
        assert_se(policy_check_one_recv(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
        assert_se(policy_check_one_recv(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
        assert_se(policy_check_one_recv(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);

        assert_se(policy_check_own(&p, 100, 0, "org.foo.FooService") == false);
        assert_se(policy_check_own(&p, 100, 0, "org.foo.FooService2") == false);
        assert_se(policy_check_one_send(&p, 100, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
        assert_se(policy_check_one_send(&p, 100, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
        assert_se(policy_check_one_recv(&p, 100, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
        assert_se(policy_check_one_recv(&p, 100, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
        assert_se(policy_check_one_recv(&p, 100, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);

        policy_free(&p);

        return EXIT_SUCCESS;
}
Commit	Line	Data
20725d92 DM	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2014 Daniel Mack
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU Lesser General Public License as published by
	10	the Free Software Foundation; either version 2.1 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	Lesser General Public License for more details.
	17
	18	You should have received a copy of the GNU Lesser General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
20725d92	22	#include <errno.h>
20725d92	23	#include <stddef.h>
07630cea	24	#include <unistd.h>
20725d92	25
20725d92	26	#include "sd-bus.h"
07630cea	27
b5efdb8a	28	#include "alloc-util.h"
3c70e3bb	29	#include "bus-xml-policy.h"
07630cea LP	30	#include "log.h"
	31	#include "string-util.h"
	32	#include "strv.h"
	33	#include "util.h"
20725d92	34
3c70e3bb	35	static int test_policy_load(Policy p, const char name) {
5e90b6a9	36	_cleanup_free_ char *path = NULL;
45f1b67a DM	37	int r = 0;
	38
	39	path = strjoin(TEST_DIR, "/bus-policy/", name, NULL);
5e90b6a9	40	assert_se(path);
45f1b67a DM	41
45f1b67a DM	42	if (access(path, R_OK) == 0)
48aae6d6	43	r = policy_load(p, STRV_MAKE(path));
45f1b67a DM	44	else
	45	r = -ENOENT;
	46
45f1b67a DM	47	return r;
	48	}
	49
48aae6d6 LP	50	static int show_policy(const char *fn) {
	51	Policy p = {};
	52	int r;
	53
	54	r = policy_load(&p, STRV_MAKE(fn));
	55	if (r < 0) {
	56	log_error_errno(r, "Failed to load policy %s: %m", fn);
	57	return r;
	58	}
	59
	60	policy_dump(&p);
	61	policy_free(&p);
	62
	63	return 0;
	64	}
	65
20725d92 DM	66	int main(int argc, char *argv[]) {
	67
	68	Policy p = {};
20725d92	69
48aae6d6 LP	70	printf("Showing session policy BEGIN\n");
	71	show_policy("/etc/dbus-1/session.conf");
	72	printf("Showing session policy END\n");
	73
	74	printf("Showing system policy BEGIN\n");
	75	show_policy("/etc/dbus-1/system.conf");
	76	printf("Showing system policy END\n");
	77
20725d92	78	/* Ownership tests */
45f1b67a	79	assert_se(test_policy_load(&p, "ownerships.conf") == 0);
20725d92	80
78f9b196 LP	81	assert_se(policy_check_own(&p, 0, 0, "org.test.test1") == true);
78f9b196 LP	82	assert_se(policy_check_own(&p, 1, 0, "org.test.test1") == true);
20725d92	83
78f9b196 LP	84	assert_se(policy_check_own(&p, 0, 0, "org.test.test2") == true);
78f9b196 LP	85	assert_se(policy_check_own(&p, 1, 0, "org.test.test2") == false);
20725d92	86
78f9b196 LP	87	assert_se(policy_check_own(&p, 0, 0, "org.test.test3") == false);
78f9b196 LP	88	assert_se(policy_check_own(&p, 1, 0, "org.test.test3") == false);
20725d92	89
78f9b196 LP	90	assert_se(policy_check_own(&p, 0, 0, "org.test.test4") == false);
78f9b196 LP	91	assert_se(policy_check_own(&p, 1, 0, "org.test.test4") == true);
20725d92 DM	92
	93	policy_free(&p);
	94
078ef7b8	95	/* Signaltest */
45f1b67a	96	assert_se(test_policy_load(&p, "signals.conf") == 0);
20725d92	97
7447362c DH	98	assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_SIGNAL, "bli.bla.blubb", NULL, "/an/object/path", NULL) == true);
7447362c DH	99	assert_se(policy_check_one_send(&p, 1, 0, SD_BUS_MESSAGE_SIGNAL, "bli.bla.blubb", NULL, "/an/object/path", NULL) == false);
20725d92 DM	100
	101	policy_free(&p);
	102
	103	/* Method calls */
45f1b67a	104	assert_se(test_policy_load(&p, "methods.conf") == 0);
078ef7b8	105	policy_dump(&p);
20725d92	106
7447362c DH	107	assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "bli.bla.blubb", "Member") == false);
	108	assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "bli.bla.blubb", "Member") == false);
	109	assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int1", "Member") == true);
	110	assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == true);
20725d92	111
7447362c	112	assert_se(policy_check_one_recv(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test3", "/an/object/path", "org.test.int3", "Member111") == true);
20725d92 DM	113
	114	policy_free(&p);
	115
	116	/* User and groups */
45f1b67a	117	assert_se(test_policy_load(&p, "hello.conf") == 0);
20725d92 DM	118	policy_dump(&p);
20725d92 DM	119
78f9b196 LP	120	assert_se(policy_check_hello(&p, 0, 0) == true);
	121	assert_se(policy_check_hello(&p, 1, 0) == false);
	122	assert_se(policy_check_hello(&p, 0, 1) == false);
20725d92 DM	123
	124	policy_free(&p);
	125
3a9cca11 LP	126	/* dbus1 test file: ownership */
	127
	128	assert_se(test_policy_load(&p, "check-own-rules.conf") >= 0);
	129	policy_dump(&p);
	130
78f9b196 LP	131	assert_se(policy_check_own(&p, 0, 0, "org.freedesktop") == false);
	132	assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystem") == false);
	133	assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems") == true);
	134	assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems.foo") == true);
	135	assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems.foo.bar") == true);
	136	assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems2") == false);
	137	assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems2.foo") == false);
	138	assert_se(policy_check_own(&p, 0, 0, "org.freedesktop.ManySystems2.foo.bar") == false);
3a9cca11 LP	139
	140	policy_free(&p);
	141
55e18900 LP	142	/* dbus1 test file: many rules */
	143
	144	assert_se(test_policy_load(&p, "many-rules.conf") >= 0);
	145	policy_dump(&p);
	146	policy_free(&p);
	147
	148	/* dbus1 test file: generic test */
	149
	150	assert_se(test_policy_load(&p, "test.conf") >= 0);
	151	policy_dump(&p);
278ebf8d	152
78f9b196 LP	153	assert_se(policy_check_own(&p, 0, 0, "org.foo.FooService") == true);
78f9b196 LP	154	assert_se(policy_check_own(&p, 0, 0, "org.foo.FooService2") == false);
7447362c DH	155	assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
	156	assert_se(policy_check_one_send(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
	157	assert_se(policy_check_one_recv(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
	158	assert_se(policy_check_one_recv(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
	159	assert_se(policy_check_one_recv(&p, 0, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
78f9b196 LP	160
	161	assert_se(policy_check_own(&p, 100, 0, "org.foo.FooService") == false);
	162	assert_se(policy_check_own(&p, 100, 0, "org.foo.FooService2") == false);
7447362c DH	163	assert_se(policy_check_one_send(&p, 100, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == false);
	164	assert_se(policy_check_one_send(&p, 100, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.test.test1", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
	165	assert_se(policy_check_one_recv(&p, 100, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == true);
	166	assert_se(policy_check_one_recv(&p, 100, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService", "/an/object/path", "org.foo.FooBroadcastInterface2", "Member") == false);
	167	assert_se(policy_check_one_recv(&p, 100, 0, SD_BUS_MESSAGE_METHOD_CALL, "org.foo.FooService2", "/an/object/path", "org.foo.FooBroadcastInterface", "Member") == false);
278ebf8d	168
55e18900 LP	169	policy_free(&p);
55e18900 LP	170
20725d92 DM	171	return EXIT_SUCCESS;
20725d92 DM	172	}