Commit 7b7c5724 authored by Adrian Szyndela's avatar Adrian Szyndela

test: send_destination(_prefix) tests

This adds tests for mostly "send_destination_prefix" cases
and some "send_destination" cases.

The general test case is:
- addressed recipient is running and owns a name;
- a message is sent to the name owner;
- the response is checked for allow/deny (method return/error).
Each test case is executed both for primary and queued ownership.

The tests include:
- checking send allow/deny for names and namespaces, including nesting;
- checking send allow/deny for neighbour names;
- checking send allow/deny for names/namespaces+interface+member.
Signed-off-by: Adrian Szyndela's avatarAdrian Szyndela <adrian.s@samsung.com>
Change-Id: If5fcada01601355e7aadefadad79c0b24f8c397f
parent 055ff9e6
......@@ -604,6 +604,7 @@ in_data = \
data/valid-config-files/max-replies-per-connection.conf.in \
data/valid-config-files/multi-user.conf.in \
data/valid-config-files/pending-fd-timeout.conf.in \
data/valid-config-files/send-destination-prefix-rules.conf.in \
data/valid-config-files/systemd-activation.conf.in \
data/valid-config-files/tmp-session.conf.in \
data/valid-config-files-system/tmp-session-like-system.conf.in \
......
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<listen>@TEST_LISTEN@</listen>
<policy context="default">
<allow user="*"/>
<deny own="*"/>
<deny send_type="method_call"/>
<allow send_type="signal"/>
<allow send_requested_reply="true" send_type="method_return"/>
<allow send_requested_reply="true" send_type="error"/>
<allow receive_type="method_call"/>
<allow receive_type="method_return"/>
<allow receive_type="error"/>
<allow receive_type="signal"/>
<allow send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.DBus" />
</policy>
<policy context="default">
<!-- deny the whole namespace first -->
<deny send_destination_prefix="foo.bar.test"/>
<!-- foo.bar.test.dest_prefix as a base for testing names -->
<allow own_prefix="foo.bar.test.dest_prefix"/>
<!-- abbreviations:
a - allow
d - deny
p - prefix
o - other
f - filler, no meaning, just for longer names
x - it's a trap!
-->
<!-- base allow -->
<allow send_destination_prefix="foo.bar.test.dest_prefix.ap"/>
<!-- a neighbour -->
<allow send_destination="foo.bar.test.dest_prefix.ao"/>
<!-- cut out some part of allowed space -->
<deny send_destination="foo.bar.test.dest_prefix.ap.f1.d"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.ap.f1.dp"/>
<!-- punch holes in the cutout -->
<allow send_destination_prefix="foo.bar.test.dest_prefix.ap.f1.d.ap"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.ap.f1.dp.ap"/>
<allow send_destination="foo.bar.test.dest_prefix.ap.f1.dp.a"/>
<!-- define something but redefine other way -->
<allow send_destination_prefix="foo.bar.test.dest_prefix.ap.f2.apxdp"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.ap.f2.apxdp.dp"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.ap.f2.apxdp.dp.ap"/>
<deny send_destination="foo.bar.test.dest_prefix.ap.f2.apxdp.dp.ap.d"/>
<!-- redefine -->
<deny send_destination_prefix="foo.bar.test.dest_prefix.ap.f2.apxdp"/>
<allow send_destination="foo.bar.test.dest_prefix.ap.f2.apxdp.dp.a"/>
<allow send_destination="foo.bar.test.dest_prefix.ap.f2.apxdp.dp.ap.f.a"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.ap.f2.apxdp.f.f.f.ap"/>
<!-- make something complicated but allow it at the end -->
<deny send_destination_prefix="foo.bar.test.dest_prefix.ap.f3.dpxap"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.ap.f3.dpxap.ap"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.ap.f3.dpxap.ap.dp"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.ap.f3.dpxap.ap.dp.ap"/>
<allow send_destination="foo.bar.test.dest_prefix.ap.f3.dpxap.ap.dp.a"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.ap.f3.dpxap"/>
<!-- base deny -->
<deny send_destination_prefix="foo.bar.test.dest_prefix.dp"/>
<!-- neighbours for base deny -->
<deny send_destination="foo.bar.test.dest_prefix.do"/>
<deny send_destination="foo.bar.test.dest_prefix.do.f"/>
<deny send_destination="foo.bar.test.dest_prefix.do.f.f"/>
<allow send_destination="foo.bar.test.dest_prefix.ao.ao"/>
<!-- cut out some part of allowed space -->
<allow send_destination="foo.bar.test.dest_prefix.dp.f1.a"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.dp.f1.ap"/>
<!-- punch holes in the cutout -->
<deny send_destination_prefix="foo.bar.test.dest_prefix.dp.f1.a.dp"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.dp.f1.ap.dp"/>
<deny send_destination="foo.bar.test.dest_prefix.dp.f1.ap.d"/>
<!-- define something but redefine other way -->
<deny send_destination_prefix="foo.bar.test.dest_prefix.dp.f2.dpxap"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.dp.f2.dpxap.ap"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.dp.f2.dpxap.ap.dp"/>
<allow send_destination="foo.bar.test.dest_prefix.dp.f2.dpxap.ap.dp.a"/>
<!-- redefine -->
<allow send_destination_prefix="foo.bar.test.dest_prefix.dp.f2.dpxap"/>
<deny send_destination="foo.bar.test.dest_prefix.dp.f2.dpxap.ap.d"/>
<deny send_destination="foo.bar.test.dest_prefix.dp.f2.dpxap.ap.dp.f.d"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.dp.f2.dpxap.f.f.f.dp"/>
<!-- make something complicated but deny it at the end -->
<allow send_destination_prefix="foo.bar.test.dest_prefix.dp.f3.apxdp"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.dp.f3.apxdp.dp"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.dp.f3.apxdp.dp.ap"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.dp.f3.apxdp.dp.ap.dp"/>
<deny send_destination="foo.bar.test.dest_prefix.dp.f3.apxdp.dp.ap.d"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.dp.f3.apxdp"/>
<!-- test send_destination_prefix with interface and method -->
<deny send_destination_prefix="foo.bar.test.dest_prefix.ap.m"
send_interface="foo.bar.a" send_member="CallDeny"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.ap.m"
send_interface="foo.bar.d"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.ap.m"
send_interface="foo.bar.d" send_member="CallAllow"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.dp.m"
send_interface="foo.bar.a"/>
<deny send_destination_prefix="foo.bar.test.dest_prefix.dp.m"
send_interface="foo.bar.a" send_member="CallDeny"/>
<allow send_destination_prefix="foo.bar.test.dest_prefix.dp.m"
send_interface="foo.bar.d" send_member="CallAllow"/>
</policy>
</busconfig>
<!-- vim: set ft=xml: -->
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment