2016-11-21 20:46:17 +00:00
|
|
|
/* Unit tests for systemd activation, with or without AppArmor.
|
|
|
|
|
*
|
|
|
|
|
* We compile this source file twice: once with AppArmor support (if available)
|
|
|
|
|
* and once without.
|
2015-01-26 20:10:39 +00:00
|
|
|
*
|
|
|
|
|
* Copyright © 2010-2011 Nokia Corporation
|
|
|
|
|
* Copyright © 2015 Collabora Ltd.
|
|
|
|
|
*
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person
|
|
|
|
|
* obtaining a copy of this software and associated documentation files
|
|
|
|
|
* (the "Software"), to deal in the Software without restriction,
|
|
|
|
|
* including without limitation the rights to use, copy, modify, merge,
|
|
|
|
|
* publish, distribute, sublicense, and/or sell copies of the Software,
|
|
|
|
|
* and to permit persons to whom the Software is furnished to do so,
|
|
|
|
|
* subject to the following conditions:
|
|
|
|
|
*
|
|
|
|
|
* The above copyright notice and this permission notice shall be
|
|
|
|
|
* included in all copies or substantial portions of the Software.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
|
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
|
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
|
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
|
* SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
2016-11-21 20:46:17 +00:00
|
|
|
#include <errno.h>
|
|
|
|
|
#include <unistd.h>
|
2015-01-26 20:10:39 +00:00
|
|
|
#include <string.h>
|
2016-11-21 20:46:17 +00:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
|
2017-02-14 19:03:44 +00:00
|
|
|
#include <glib/gstdio.h>
|
|
|
|
|
|
2016-11-28 12:20:47 +00:00
|
|
|
#if defined(HAVE_APPARMOR_2_10) && defined(DBUS_TEST_APPARMOR_ACTIVATION)
|
2016-11-21 20:46:17 +00:00
|
|
|
#include <sys/apparmor.h>
|
|
|
|
|
#endif
|
2015-01-26 20:10:39 +00:00
|
|
|
|
|
|
|
|
#include "test-utils-glib.h"
|
|
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
|
TestMainContext *ctx;
|
|
|
|
|
DBusError e;
|
|
|
|
|
GError *ge;
|
|
|
|
|
|
|
|
|
|
gchar *address;
|
|
|
|
|
GPid daemon_pid;
|
|
|
|
|
|
|
|
|
|
DBusConnection *caller;
|
|
|
|
|
const char *caller_name;
|
2015-10-16 17:33:36 +01:00
|
|
|
DBusMessage *caller_message;
|
|
|
|
|
dbus_bool_t caller_filter_added;
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
DBusConnection *systemd;
|
|
|
|
|
const char *systemd_name;
|
|
|
|
|
DBusMessage *systemd_message;
|
2015-10-16 17:33:36 +01:00
|
|
|
dbus_bool_t systemd_filter_added;
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
DBusConnection *activated;
|
|
|
|
|
const char *activated_name;
|
|
|
|
|
DBusMessage *activated_message;
|
2015-10-16 17:33:36 +01:00
|
|
|
dbus_bool_t activated_filter_added;
|
2017-02-14 19:03:44 +00:00
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
gchar *transient_service_file;
|
2017-02-14 19:03:44 +00:00
|
|
|
gchar *tmp_runtime_dir;
|
2015-01-26 20:10:39 +00:00
|
|
|
} Fixture;
|
|
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
typedef enum
|
|
|
|
|
{
|
|
|
|
|
FLAG_EARLY_TRANSIENT_SERVICE = (1 << 0),
|
|
|
|
|
FLAG_NONE = 0
|
|
|
|
|
} Flags;
|
|
|
|
|
|
2017-02-14 12:31:24 +00:00
|
|
|
typedef struct
|
|
|
|
|
{
|
|
|
|
|
const gchar *bus_name;
|
2017-02-14 15:10:20 +00:00
|
|
|
Flags flags;
|
2017-02-14 12:31:24 +00:00
|
|
|
} Config;
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
/* this is a macro so it gets the right line number */
|
|
|
|
|
#define assert_signal(m, \
|
|
|
|
|
sender, path, iface, member, signature, \
|
|
|
|
|
destination) \
|
|
|
|
|
do { \
|
|
|
|
|
g_assert_cmpstr (dbus_message_type_to_string (dbus_message_get_type (m)), \
|
|
|
|
|
==, dbus_message_type_to_string (DBUS_MESSAGE_TYPE_SIGNAL)); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_sender (m), ==, sender); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_destination (m), ==, destination); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_path (m), ==, path); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_interface (m), ==, iface); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_member (m), ==, member); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_signature (m), ==, signature); \
|
|
|
|
|
g_assert_cmpint (dbus_message_get_serial (m), !=, 0); \
|
|
|
|
|
g_assert_cmpint (dbus_message_get_reply_serial (m), ==, 0); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
2015-11-14 16:32:42 +01:00
|
|
|
#define assert_method_call(m, sender, \
|
|
|
|
|
destination, path, iface, method, signature) \
|
|
|
|
|
do { \
|
|
|
|
|
g_assert_cmpstr (dbus_message_type_to_string (dbus_message_get_type (m)), \
|
|
|
|
|
==, dbus_message_type_to_string (DBUS_MESSAGE_TYPE_METHOD_CALL)); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_sender (m), ==, sender); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_destination (m), ==, destination); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_path (m), ==, path); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_interface (m), ==, iface); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_member (m), ==, method); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_signature (m), ==, signature); \
|
|
|
|
|
g_assert_cmpint (dbus_message_get_serial (m), !=, 0); \
|
|
|
|
|
g_assert_cmpint (dbus_message_get_reply_serial (m), ==, 0); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
#define assert_method_reply(m, sender, destination, signature) \
|
|
|
|
|
do { \
|
|
|
|
|
g_assert_cmpstr (dbus_message_type_to_string (dbus_message_get_type (m)), \
|
|
|
|
|
==, dbus_message_type_to_string (DBUS_MESSAGE_TYPE_METHOD_RETURN)); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_sender (m), ==, sender); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_destination (m), ==, destination); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_path (m), ==, NULL); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_interface (m), ==, NULL); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_member (m), ==, NULL); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_signature (m), ==, signature); \
|
|
|
|
|
g_assert_cmpint (dbus_message_get_serial (m), !=, 0); \
|
|
|
|
|
g_assert_cmpint (dbus_message_get_reply_serial (m), !=, 0); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
2015-10-16 17:33:36 +01:00
|
|
|
#define assert_error_reply(m, sender, destination, error_name) \
|
|
|
|
|
do { \
|
|
|
|
|
g_assert_cmpstr (dbus_message_type_to_string (dbus_message_get_type (m)), \
|
|
|
|
|
==, dbus_message_type_to_string (DBUS_MESSAGE_TYPE_ERROR)); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_sender (m), ==, sender); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_destination (m), ==, destination); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_error_name (m), ==, error_name); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_path (m), ==, NULL); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_interface (m), ==, NULL); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_member (m), ==, NULL); \
|
|
|
|
|
g_assert_cmpstr (dbus_message_get_signature (m), ==, "s"); \
|
|
|
|
|
g_assert_cmpint (dbus_message_get_serial (m), !=, 0); \
|
|
|
|
|
g_assert_cmpint (dbus_message_get_reply_serial (m), !=, 0); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
static DBusHandlerResult
|
|
|
|
|
systemd_filter (DBusConnection *connection,
|
|
|
|
|
DBusMessage *message,
|
|
|
|
|
void *user_data)
|
|
|
|
|
{
|
|
|
|
|
Fixture *f = user_data;
|
|
|
|
|
|
|
|
|
|
if (dbus_message_is_signal (message, DBUS_INTERFACE_DBUS,
|
|
|
|
|
"NameAcquired") ||
|
|
|
|
|
dbus_message_is_signal (message, DBUS_INTERFACE_DBUS,
|
|
|
|
|
"NameLost"))
|
|
|
|
|
{
|
|
|
|
|
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-14 16:32:42 +01:00
|
|
|
g_test_message("sender %s iface %s member %s",
|
|
|
|
|
dbus_message_get_sender (message),
|
|
|
|
|
dbus_message_get_interface (message),
|
|
|
|
|
dbus_message_get_member (message));
|
|
|
|
|
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
g_assert (f->systemd_message == NULL);
|
|
|
|
|
f->systemd_message = dbus_message_ref (message);
|
|
|
|
|
|
2015-11-14 16:32:42 +01:00
|
|
|
if (dbus_message_is_method_call (message, "org.freedesktop.systemd1.Manager",
|
|
|
|
|
"SetEnvironment"))
|
|
|
|
|
{
|
|
|
|
|
g_assert (dbus_message_get_no_reply (message));
|
|
|
|
|
g_test_message("got call");
|
|
|
|
|
return DBUS_HANDLER_RESULT_HANDLED;
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static DBusHandlerResult
|
|
|
|
|
activated_filter (DBusConnection *connection,
|
|
|
|
|
DBusMessage *message,
|
|
|
|
|
void *user_data)
|
|
|
|
|
{
|
|
|
|
|
Fixture *f = user_data;
|
|
|
|
|
|
|
|
|
|
if (dbus_message_is_signal (message, DBUS_INTERFACE_DBUS,
|
|
|
|
|
"NameAcquired") ||
|
|
|
|
|
dbus_message_is_signal (message, DBUS_INTERFACE_DBUS,
|
|
|
|
|
"NameLost"))
|
|
|
|
|
{
|
|
|
|
|
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
g_assert (f->activated_message == NULL);
|
|
|
|
|
f->activated_message = dbus_message_ref (message);
|
|
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
/* Test code is expected to reply to method calls itself */
|
|
|
|
|
if (dbus_message_get_type (message) == DBUS_MESSAGE_TYPE_METHOD_CALL)
|
|
|
|
|
return DBUS_HANDLER_RESULT_HANDLED;
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-16 17:33:36 +01:00
|
|
|
static DBusHandlerResult
|
|
|
|
|
caller_filter (DBusConnection *connection,
|
|
|
|
|
DBusMessage *message,
|
|
|
|
|
void *user_data)
|
|
|
|
|
{
|
|
|
|
|
Fixture *f = user_data;
|
|
|
|
|
|
|
|
|
|
if (dbus_message_is_signal (message, DBUS_INTERFACE_DBUS,
|
|
|
|
|
"NameAcquired") ||
|
|
|
|
|
dbus_message_is_signal (message, DBUS_INTERFACE_DBUS,
|
|
|
|
|
"NameLost"))
|
|
|
|
|
{
|
|
|
|
|
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
g_assert (f->caller_message == NULL);
|
|
|
|
|
f->caller_message = dbus_message_ref (message);
|
|
|
|
|
|
|
|
|
|
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
static void
|
|
|
|
|
fixture_create_transient_service (Fixture *f,
|
|
|
|
|
const gchar *name)
|
|
|
|
|
{
|
|
|
|
|
gchar *service;
|
|
|
|
|
gchar *content;
|
|
|
|
|
gboolean ok;
|
|
|
|
|
|
|
|
|
|
service = g_strdup_printf ("%s.service", name);
|
|
|
|
|
f->transient_service_file = g_build_filename (f->tmp_runtime_dir, "dbus-1",
|
|
|
|
|
"services", service, NULL);
|
|
|
|
|
g_free (service);
|
|
|
|
|
|
|
|
|
|
content = g_strdup_printf (
|
|
|
|
|
"[D-BUS Service]\n"
|
|
|
|
|
"Name=%s\n"
|
|
|
|
|
"Exec=/bin/false %s\n"
|
|
|
|
|
"SystemdService=dbus-%s.service\n", name, name, name);
|
|
|
|
|
ok = g_file_set_contents (f->transient_service_file, content, -1, &f->ge);
|
|
|
|
|
g_assert_no_error (f->ge);
|
|
|
|
|
g_assert (ok);
|
|
|
|
|
g_free (content);
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
static void
|
|
|
|
|
setup (Fixture *f,
|
2017-02-14 15:10:20 +00:00
|
|
|
gconstpointer context)
|
2015-01-26 20:10:39 +00:00
|
|
|
{
|
2017-02-14 15:10:20 +00:00
|
|
|
const Config *config = context;
|
2017-02-14 19:03:44 +00:00
|
|
|
#if defined(DBUS_TEST_APPARMOR_ACTIVATION) && defined(HAVE_APPARMOR_2_10)
|
|
|
|
|
aa_features *features;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
f->ge = NULL;
|
|
|
|
|
dbus_error_init (&f->e);
|
|
|
|
|
|
|
|
|
|
f->tmp_runtime_dir = g_dir_make_tmp ("dbus-daemon-test.XXXXXX", &f->ge);
|
|
|
|
|
g_assert_no_error (f->ge);
|
|
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
if (config != NULL && (config->flags & FLAG_EARLY_TRANSIENT_SERVICE) != 0)
|
|
|
|
|
{
|
|
|
|
|
gchar *dbus1 = g_build_filename (f->tmp_runtime_dir, "dbus-1", NULL);
|
|
|
|
|
gchar *services = g_build_filename (dbus1, "services", NULL);
|
|
|
|
|
|
|
|
|
|
/* We just created it so the directories shouldn't exist yet */
|
|
|
|
|
test_mkdir (dbus1, 0700);
|
|
|
|
|
test_mkdir (services, 0700);
|
|
|
|
|
fixture_create_transient_service (f, config->bus_name);
|
|
|
|
|
g_free (dbus1);
|
|
|
|
|
g_free (services);
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-28 12:20:47 +00:00
|
|
|
#if defined(DBUS_TEST_APPARMOR_ACTIVATION) && !defined(HAVE_APPARMOR_2_10)
|
2016-11-21 20:46:17 +00:00
|
|
|
|
2016-11-28 12:20:47 +00:00
|
|
|
g_test_skip ("AppArmor support not compiled or AppArmor 2.10 unavailable");
|
2016-11-21 20:46:17 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
#if defined(DBUS_TEST_APPARMOR_ACTIVATION)
|
|
|
|
|
if (!aa_is_enabled ())
|
|
|
|
|
{
|
|
|
|
|
g_test_message ("aa_is_enabled() -> %s", g_strerror (errno));
|
|
|
|
|
g_test_skip ("AppArmor not enabled");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (aa_features_new_from_kernel (&features) != 0)
|
|
|
|
|
{
|
|
|
|
|
g_test_skip ("Unable to check AppArmor features");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!aa_features_supports (features, "dbus/mask/send") ||
|
|
|
|
|
!aa_features_supports (features, "dbus/mask/receive"))
|
|
|
|
|
{
|
|
|
|
|
g_test_skip ("D-Bus send/receive mediation unavailable");
|
|
|
|
|
aa_features_unref (features);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
aa_features_unref (features);
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
f->ctx = test_main_context_get ();
|
|
|
|
|
|
|
|
|
|
f->address = test_get_dbus_daemon (
|
|
|
|
|
"valid-config-files/systemd-activation.conf",
|
2017-02-14 19:03:44 +00:00
|
|
|
TEST_USER_ME, f->tmp_runtime_dir, &f->daemon_pid);
|
2015-01-26 20:10:39 +00:00
|
|
|
|
|
|
|
|
if (f->address == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
2016-11-21 20:46:17 +00:00
|
|
|
#if defined(DBUS_TEST_APPARMOR_ACTIVATION)
|
|
|
|
|
/*
|
|
|
|
|
* Make use of the fact that the LSM security label (and other process
|
|
|
|
|
* properties) that are used for access-control are whatever was current
|
|
|
|
|
* at the time the connection was opened.
|
|
|
|
|
*
|
|
|
|
|
* 42 is arbitrary. In a real use of AppArmor it would be a securely-random
|
|
|
|
|
* value, to prevent less-privileged code (that does not know the magic
|
|
|
|
|
* value) from changing back.
|
|
|
|
|
*/
|
|
|
|
|
if (aa_change_hat ("caller", 42) != 0)
|
|
|
|
|
g_error ("Unable to change profile to ...//^caller: %s",
|
|
|
|
|
g_strerror (errno));
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
f->caller = test_connect_to_bus (f->ctx, f->address);
|
|
|
|
|
f->caller_name = dbus_bus_get_unique_name (f->caller);
|
2016-11-21 20:46:17 +00:00
|
|
|
|
|
|
|
|
#if defined(DBUS_TEST_APPARMOR_ACTIVATION)
|
|
|
|
|
if (aa_change_hat (NULL, 42) != 0)
|
|
|
|
|
g_error ("Unable to change back to initial profile: %s",
|
|
|
|
|
g_strerror (errno));
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#endif
|
2015-01-26 20:10:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
take_well_known_name (Fixture *f,
|
|
|
|
|
DBusConnection *connection,
|
|
|
|
|
const char *name)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
ret = dbus_bus_request_name (connection, name,
|
|
|
|
|
DBUS_NAME_FLAG_DO_NOT_QUEUE, &f->e);
|
|
|
|
|
test_assert_no_error (&f->e);
|
|
|
|
|
g_assert_cmpint (ret, ==, DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
test_activation (Fixture *f,
|
|
|
|
|
gconstpointer context)
|
|
|
|
|
{
|
|
|
|
|
DBusMessage *m;
|
|
|
|
|
|
|
|
|
|
if (f->address == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* The sender sends a message to an activatable service. */
|
|
|
|
|
m = dbus_message_new_signal ("/foo", "com.example.bar", "UnicastSignal1");
|
|
|
|
|
if (!dbus_message_set_destination (m, "com.example.SystemdActivatable1"))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
dbus_connection_send (f->caller, m, NULL);
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
/* The fake systemd connects to the bus. */
|
|
|
|
|
f->systemd = test_connect_to_bus (f->ctx, f->address);
|
|
|
|
|
if (!dbus_connection_add_filter (f->systemd, systemd_filter, f, NULL))
|
|
|
|
|
g_error ("OOM");
|
2015-10-16 17:33:36 +01:00
|
|
|
f->systemd_filter_added = TRUE;
|
2015-01-26 20:10:39 +00:00
|
|
|
f->systemd_name = dbus_bus_get_unique_name (f->systemd);
|
|
|
|
|
take_well_known_name (f, f->systemd, "org.freedesktop.systemd1");
|
|
|
|
|
|
|
|
|
|
/* It gets its activation request. */
|
|
|
|
|
while (f->systemd_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->systemd_message;
|
|
|
|
|
f->systemd_message = NULL;
|
|
|
|
|
assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS,
|
|
|
|
|
"org.freedesktop.systemd1.Activator", "ActivationRequest", "s",
|
|
|
|
|
"org.freedesktop.systemd1");
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
/* systemd starts the activatable service. */
|
|
|
|
|
f->activated = test_connect_to_bus (f->ctx, f->address);
|
|
|
|
|
if (!dbus_connection_add_filter (f->activated, activated_filter,
|
|
|
|
|
f, NULL))
|
|
|
|
|
g_error ("OOM");
|
2015-10-16 17:33:36 +01:00
|
|
|
f->activated_filter_added = TRUE;
|
2015-01-26 20:10:39 +00:00
|
|
|
f->activated_name = dbus_bus_get_unique_name (f->activated);
|
|
|
|
|
take_well_known_name (f, f->activated, "com.example.SystemdActivatable1");
|
|
|
|
|
|
|
|
|
|
/* The message is delivered to the activatable service. */
|
|
|
|
|
while (f->activated_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->activated_message;
|
|
|
|
|
f->activated_message = NULL;
|
|
|
|
|
assert_signal (m, f->caller_name, "/foo",
|
|
|
|
|
"com.example.bar", "UnicastSignal1", "",
|
|
|
|
|
"com.example.SystemdActivatable1");
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
/* The sender sends a message to a different activatable service. */
|
|
|
|
|
m = dbus_message_new_signal ("/foo", "com.example.bar", "UnicastSignal2");
|
|
|
|
|
if (!dbus_message_set_destination (m, "com.example.SystemdActivatable2"))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
dbus_connection_send (f->caller, m, NULL);
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
/* This time systemd is already ready for it. */
|
|
|
|
|
while (f->systemd_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->systemd_message;
|
|
|
|
|
f->systemd_message = NULL;
|
|
|
|
|
assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS,
|
|
|
|
|
"org.freedesktop.systemd1.Activator", "ActivationRequest", "s",
|
|
|
|
|
"org.freedesktop.systemd1");
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
2015-01-26 20:07:14 +00:00
|
|
|
/* A malicious process tries to disrupt the activation.
|
|
|
|
|
* In a more realistic scenario this would be another parallel
|
|
|
|
|
* connection. */
|
|
|
|
|
m = dbus_message_new_signal ("/org/freedesktop/systemd1",
|
|
|
|
|
"org.freedesktop.systemd1.Activator", "ActivationFailure");
|
|
|
|
|
if (!dbus_message_set_destination (m, "org.freedesktop.DBus"))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
const char *unit = "dbus-com.example.SystemdActivatable2.service";
|
|
|
|
|
const char *error_name = "com.example.Malice";
|
|
|
|
|
const char *error_message = "I'm on yr bus, making yr activations fail";
|
|
|
|
|
|
|
|
|
|
if (!dbus_message_append_args (m,
|
|
|
|
|
DBUS_TYPE_STRING, &unit,
|
|
|
|
|
DBUS_TYPE_STRING, &error_name,
|
|
|
|
|
DBUS_TYPE_STRING, &error_message,
|
|
|
|
|
DBUS_TYPE_INVALID))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
}
|
|
|
|
|
while (0);
|
|
|
|
|
|
|
|
|
|
dbus_connection_send (f->caller, m, NULL);
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
/* This is just to make sure that the malicious message has arrived and
|
|
|
|
|
* been processed by the dbus-daemon, i.e. @caller won the race
|
|
|
|
|
* with @activated. */
|
|
|
|
|
take_well_known_name (f, f->caller, "com.example.Sync");
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
/* The activatable service takes its name. Here I'm faking it by using
|
|
|
|
|
* an existing connection; in real life it would be yet another
|
|
|
|
|
* connection. */
|
|
|
|
|
take_well_known_name (f, f->activated, "com.example.SystemdActivatable2");
|
|
|
|
|
|
|
|
|
|
/* The message is delivered to the activatable service. */
|
|
|
|
|
while (f->activated_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->activated_message;
|
|
|
|
|
f->activated_message = NULL;
|
|
|
|
|
assert_signal (m, f->caller_name, "/foo",
|
|
|
|
|
"com.example.bar", "UnicastSignal2", "",
|
|
|
|
|
"com.example.SystemdActivatable2");
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
/* A third activation. */
|
|
|
|
|
m = dbus_message_new_signal ("/foo", "com.example.bar", "UnicastSignal3");
|
|
|
|
|
if (!dbus_message_set_destination (m, "com.example.SystemdActivatable3"))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
dbus_connection_send (f->caller, m, NULL);
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
while (f->systemd_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->systemd_message;
|
|
|
|
|
f->systemd_message = NULL;
|
|
|
|
|
assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS,
|
|
|
|
|
"org.freedesktop.systemd1.Activator", "ActivationRequest", "s",
|
|
|
|
|
"org.freedesktop.systemd1");
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
/* This time activation fails */
|
|
|
|
|
m = dbus_message_new_signal ("/org/freedesktop/systemd1",
|
|
|
|
|
"org.freedesktop.systemd1.Activator", "ActivationFailure");
|
|
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
const char *unit = "dbus-com.example.SystemdActivatable3.service";
|
|
|
|
|
const char *error_name = "com.example.Nope";
|
|
|
|
|
const char *error_message = "Computer says no";
|
|
|
|
|
|
|
|
|
|
if (!dbus_message_append_args (m,
|
|
|
|
|
DBUS_TYPE_STRING, &unit,
|
|
|
|
|
DBUS_TYPE_STRING, &error_name,
|
|
|
|
|
DBUS_TYPE_STRING, &error_message,
|
|
|
|
|
DBUS_TYPE_INVALID))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
}
|
|
|
|
|
while (0);
|
|
|
|
|
|
|
|
|
|
if (!dbus_message_set_destination (m, "org.freedesktop.DBus"))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
dbus_connection_send (f->systemd, m, NULL);
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-14 16:32:42 +01:00
|
|
|
static void
|
|
|
|
|
test_uae (Fixture *f,
|
|
|
|
|
gconstpointer context)
|
|
|
|
|
{
|
2017-11-21 11:59:20 +00:00
|
|
|
DBusMessage *m = NULL;
|
|
|
|
|
DBusMessage *reply = NULL;
|
2015-11-14 16:32:42 +01:00
|
|
|
DBusMessageIter args_iter, arr_iter, entry_iter;
|
|
|
|
|
const char *s;
|
|
|
|
|
|
|
|
|
|
if (f->address == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
m = dbus_message_new_method_call (DBUS_SERVICE_DBUS, DBUS_PATH_DBUS,
|
|
|
|
|
DBUS_INTERFACE_DBUS, "UpdateActivationEnvironment");
|
|
|
|
|
|
|
|
|
|
if (m == NULL)
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
|
|
|
|
dbus_message_iter_init_append (m, &args_iter);
|
|
|
|
|
|
|
|
|
|
/* Append an empty a{ss} (string => string dictionary). */
|
|
|
|
|
if (!dbus_message_iter_open_container (&args_iter, DBUS_TYPE_ARRAY,
|
|
|
|
|
"{ss}", &arr_iter) ||
|
|
|
|
|
!dbus_message_iter_close_container (&args_iter, &arr_iter))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
2017-11-21 16:01:02 +00:00
|
|
|
reply = test_main_context_call_and_wait (f->ctx, f->caller, m,
|
|
|
|
|
DBUS_TIMEOUT_USE_DEFAULT);
|
2015-11-14 16:32:42 +01:00
|
|
|
|
2017-11-21 11:59:20 +00:00
|
|
|
assert_method_reply (reply, DBUS_SERVICE_DBUS, f->caller_name, "");
|
2015-11-14 16:32:42 +01:00
|
|
|
|
2017-11-21 11:59:20 +00:00
|
|
|
dbus_clear_message (&reply);
|
2017-11-21 12:03:34 +00:00
|
|
|
dbus_clear_message (&m);
|
2017-11-21 12:01:23 +00:00
|
|
|
|
2015-11-14 16:32:42 +01:00
|
|
|
/* The fake systemd connects to the bus. */
|
|
|
|
|
f->systemd = test_connect_to_bus (f->ctx, f->address);
|
|
|
|
|
if (!dbus_connection_add_filter (f->systemd, systemd_filter, f, NULL))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
f->systemd_name = dbus_bus_get_unique_name (f->systemd);
|
|
|
|
|
take_well_known_name (f, f->systemd, "org.freedesktop.systemd1");
|
|
|
|
|
|
|
|
|
|
/* It gets the SetEnvironment */
|
|
|
|
|
while (f->systemd_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->systemd_message;
|
|
|
|
|
f->systemd_message = NULL;
|
|
|
|
|
|
|
|
|
|
/* With activation, the destination is the well-known name */
|
|
|
|
|
assert_method_call (m, DBUS_SERVICE_DBUS, "org.freedesktop.systemd1",
|
|
|
|
|
"/org/freedesktop/systemd1", "org.freedesktop.systemd1.Manager",
|
|
|
|
|
"SetEnvironment", "as");
|
|
|
|
|
|
|
|
|
|
dbus_message_iter_init (m, &args_iter);
|
|
|
|
|
g_assert_cmpuint (dbus_message_iter_get_arg_type (&args_iter), ==,
|
|
|
|
|
DBUS_TYPE_ARRAY);
|
|
|
|
|
g_assert_cmpuint (dbus_message_iter_get_element_type (&args_iter), ==,
|
|
|
|
|
DBUS_TYPE_STRING);
|
|
|
|
|
dbus_message_iter_recurse (&args_iter, &arr_iter);
|
|
|
|
|
g_assert_cmpuint (dbus_message_iter_get_arg_type (&arr_iter), ==,
|
|
|
|
|
DBUS_TYPE_INVALID);
|
|
|
|
|
dbus_message_iter_next (&args_iter);
|
|
|
|
|
g_assert_cmpuint (dbus_message_iter_get_arg_type (&args_iter), ==,
|
|
|
|
|
DBUS_TYPE_INVALID);
|
2017-11-21 12:03:34 +00:00
|
|
|
dbus_clear_message (&m);
|
2015-11-14 16:32:42 +01:00
|
|
|
|
|
|
|
|
m = dbus_message_new_method_call (DBUS_SERVICE_DBUS, DBUS_PATH_DBUS,
|
|
|
|
|
DBUS_INTERFACE_DBUS, "UpdateActivationEnvironment");
|
|
|
|
|
|
|
|
|
|
if (m == NULL)
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
|
|
|
|
dbus_message_iter_init_append (m, &args_iter);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
const char *k1 = "Key1", *v1 = "Value1",
|
|
|
|
|
*k2 = "Key2", *v2 = "Value2";
|
|
|
|
|
|
|
|
|
|
/* Append a filled a{ss} (string => string dictionary). */
|
|
|
|
|
if (!dbus_message_iter_open_container (&args_iter, DBUS_TYPE_ARRAY,
|
|
|
|
|
"{ss}", &arr_iter) ||
|
|
|
|
|
!dbus_message_iter_open_container (&arr_iter, DBUS_TYPE_DICT_ENTRY,
|
|
|
|
|
NULL, &entry_iter) ||
|
|
|
|
|
!dbus_message_iter_append_basic (&entry_iter, DBUS_TYPE_STRING,
|
|
|
|
|
&k1) ||
|
|
|
|
|
!dbus_message_iter_append_basic (&entry_iter, DBUS_TYPE_STRING,
|
|
|
|
|
&v1) ||
|
|
|
|
|
!dbus_message_iter_close_container (&arr_iter, &entry_iter) ||
|
|
|
|
|
!dbus_message_iter_open_container (&arr_iter, DBUS_TYPE_DICT_ENTRY,
|
|
|
|
|
NULL, &entry_iter) ||
|
|
|
|
|
!dbus_message_iter_append_basic (&entry_iter, DBUS_TYPE_STRING,
|
|
|
|
|
&k2) ||
|
|
|
|
|
!dbus_message_iter_append_basic (&entry_iter, DBUS_TYPE_STRING,
|
|
|
|
|
&v2) ||
|
|
|
|
|
!dbus_message_iter_close_container (&arr_iter, &entry_iter) ||
|
|
|
|
|
!dbus_message_iter_close_container (&args_iter, &arr_iter))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-21 16:01:02 +00:00
|
|
|
reply = test_main_context_call_and_wait (f->ctx, f->caller, m,
|
|
|
|
|
DBUS_TIMEOUT_USE_DEFAULT);
|
2015-11-14 16:32:42 +01:00
|
|
|
|
2017-11-21 11:59:20 +00:00
|
|
|
assert_method_reply (reply, DBUS_SERVICE_DBUS, f->caller_name, "");
|
2015-11-14 16:32:42 +01:00
|
|
|
|
2017-11-21 11:59:20 +00:00
|
|
|
dbus_clear_message (&reply);
|
2017-11-21 12:03:34 +00:00
|
|
|
dbus_clear_message (&m);
|
2017-11-21 12:01:23 +00:00
|
|
|
|
2015-11-14 16:32:42 +01:00
|
|
|
while (f->systemd_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->systemd_message;
|
|
|
|
|
f->systemd_message = NULL;
|
|
|
|
|
|
|
|
|
|
/* Without activation, the destination is the unique name */
|
|
|
|
|
assert_method_call (m, DBUS_SERVICE_DBUS, f->systemd_name,
|
|
|
|
|
"/org/freedesktop/systemd1", "org.freedesktop.systemd1.Manager",
|
|
|
|
|
"SetEnvironment", "as");
|
|
|
|
|
|
|
|
|
|
dbus_message_iter_init (m, &args_iter);
|
|
|
|
|
g_assert_cmpuint (dbus_message_iter_get_arg_type (&args_iter), ==,
|
|
|
|
|
DBUS_TYPE_ARRAY);
|
|
|
|
|
g_assert_cmpuint (dbus_message_iter_get_element_type (&args_iter), ==,
|
|
|
|
|
DBUS_TYPE_STRING);
|
|
|
|
|
dbus_message_iter_recurse (&args_iter, &arr_iter);
|
|
|
|
|
g_assert_cmpuint (dbus_message_iter_get_arg_type (&arr_iter), ==,
|
|
|
|
|
DBUS_TYPE_STRING);
|
|
|
|
|
dbus_message_iter_get_basic (&arr_iter, &s);
|
|
|
|
|
g_assert_cmpstr (s, ==, "Key1=Value1");
|
|
|
|
|
dbus_message_iter_next (&arr_iter);
|
|
|
|
|
g_assert_cmpuint (dbus_message_iter_get_arg_type (&arr_iter), ==,
|
|
|
|
|
DBUS_TYPE_STRING);
|
|
|
|
|
dbus_message_iter_get_basic (&arr_iter, &s);
|
|
|
|
|
g_assert_cmpstr (s, ==, "Key2=Value2");
|
|
|
|
|
dbus_message_iter_next (&arr_iter);
|
|
|
|
|
g_assert_cmpuint (dbus_message_iter_get_arg_type (&arr_iter), ==,
|
|
|
|
|
DBUS_TYPE_INVALID);
|
|
|
|
|
dbus_message_iter_next (&args_iter);
|
|
|
|
|
g_assert_cmpuint (dbus_message_iter_get_arg_type (&args_iter), ==,
|
|
|
|
|
DBUS_TYPE_INVALID);
|
2017-11-21 12:03:34 +00:00
|
|
|
dbus_clear_message (&m);
|
2015-11-14 16:32:42 +01:00
|
|
|
}
|
|
|
|
|
|
2015-10-16 17:33:36 +01:00
|
|
|
static void
|
|
|
|
|
test_deny_send (Fixture *f,
|
|
|
|
|
gconstpointer context)
|
|
|
|
|
{
|
|
|
|
|
DBusMessage *m;
|
2017-02-14 12:31:24 +00:00
|
|
|
const Config *config = context;
|
|
|
|
|
|
|
|
|
|
g_assert (config != NULL);
|
|
|
|
|
g_assert (config->bus_name != NULL);
|
2015-10-16 17:33:36 +01:00
|
|
|
|
|
|
|
|
if (f->address == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (!dbus_connection_add_filter (f->caller, caller_filter, f, NULL))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
|
|
|
|
f->caller_filter_added = TRUE;
|
|
|
|
|
|
|
|
|
|
/* The sender sends a message to an activatable service. */
|
2017-02-14 12:31:24 +00:00
|
|
|
m = dbus_message_new_method_call (config->bus_name, "/foo",
|
2015-10-16 17:33:36 +01:00
|
|
|
"com.example.bar", "Call");
|
|
|
|
|
if (m == NULL)
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
|
|
|
|
dbus_connection_send (f->caller, m, NULL);
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
2016-11-21 20:46:17 +00:00
|
|
|
/*
|
|
|
|
|
* Even before the fake systemd connects to the bus, we get an error
|
|
|
|
|
* back: activation is not allowed.
|
|
|
|
|
*
|
|
|
|
|
* In the normal case, this is because the XML policy does not allow
|
|
|
|
|
* anyone to send messages to the bus name com.example.SendDenied.
|
|
|
|
|
*
|
|
|
|
|
* In the AppArmor case, this is because the AppArmor policy does not allow
|
|
|
|
|
* this process to send messages to the bus name
|
|
|
|
|
* com.example.SendDeniedByAppArmorName, or to the label
|
|
|
|
|
* @DBUS_TEST_EXEC@/com.example.SendDeniedByAppArmorLabel that we assume the
|
|
|
|
|
* service com.example.SendDeniedByAppArmorLabel will receive after systemd
|
|
|
|
|
* runs it.
|
|
|
|
|
*/
|
2015-10-16 17:33:36 +01:00
|
|
|
|
2016-11-21 20:56:55 +00:00
|
|
|
while (f->caller_message == NULL)
|
2015-10-16 17:33:36 +01:00
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->caller_message;
|
|
|
|
|
f->caller_message = NULL;
|
|
|
|
|
assert_error_reply (m, DBUS_SERVICE_DBUS, f->caller_name,
|
|
|
|
|
DBUS_ERROR_ACCESS_DENIED);
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
test_deny_receive (Fixture *f,
|
|
|
|
|
gconstpointer context)
|
|
|
|
|
{
|
|
|
|
|
DBusMessage *m;
|
2017-02-14 12:31:24 +00:00
|
|
|
const Config *config = context;
|
2015-10-16 17:33:36 +01:00
|
|
|
|
2017-02-28 08:56:25 +00:00
|
|
|
g_assert (config != NULL);
|
|
|
|
|
g_assert (config->bus_name != NULL);
|
|
|
|
|
|
2015-10-16 17:33:36 +01:00
|
|
|
if (f->address == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (!dbus_connection_add_filter (f->caller, caller_filter, f, NULL))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
|
|
|
|
f->caller_filter_added = TRUE;
|
|
|
|
|
|
2016-11-21 20:46:17 +00:00
|
|
|
/* The sender sends a message to an activatable service.
|
|
|
|
|
* We set the interface name equal to the bus name to make it
|
|
|
|
|
* easier to write the necessary policy rules. */
|
2017-02-14 12:31:24 +00:00
|
|
|
m = dbus_message_new_method_call (config->bus_name, "/foo",
|
|
|
|
|
config->bus_name, "Call");
|
2015-10-16 17:33:36 +01:00
|
|
|
if (m == NULL)
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
|
|
|
|
dbus_connection_send (f->caller, m, NULL);
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
/* The fake systemd connects to the bus. */
|
|
|
|
|
f->systemd = test_connect_to_bus (f->ctx, f->address);
|
|
|
|
|
if (!dbus_connection_add_filter (f->systemd, systemd_filter, f, NULL))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
f->systemd_filter_added = TRUE;
|
|
|
|
|
f->systemd_name = dbus_bus_get_unique_name (f->systemd);
|
|
|
|
|
take_well_known_name (f, f->systemd, "org.freedesktop.systemd1");
|
|
|
|
|
|
|
|
|
|
/* It gets its activation request. */
|
|
|
|
|
while (f->systemd_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->systemd_message;
|
|
|
|
|
f->systemd_message = NULL;
|
|
|
|
|
assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS,
|
|
|
|
|
"org.freedesktop.systemd1.Activator", "ActivationRequest", "s",
|
|
|
|
|
"org.freedesktop.systemd1");
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
/* systemd starts the activatable service. */
|
2016-11-21 20:46:17 +00:00
|
|
|
|
2016-11-28 12:20:47 +00:00
|
|
|
#if defined(DBUS_TEST_APPARMOR_ACTIVATION) && defined(HAVE_APPARMOR_2_10)
|
2016-11-21 20:46:17 +00:00
|
|
|
/* The use of 42 here is arbitrary, see setup(). */
|
2017-02-14 12:31:24 +00:00
|
|
|
if (aa_change_hat (config->bus_name, 42) != 0)
|
2016-11-21 20:46:17 +00:00
|
|
|
g_error ("Unable to change profile to ...//^%s: %s",
|
2017-02-14 12:31:24 +00:00
|
|
|
config->bus_name, g_strerror (errno));
|
2016-11-21 20:46:17 +00:00
|
|
|
#endif
|
|
|
|
|
|
2015-10-16 17:33:36 +01:00
|
|
|
f->activated = test_connect_to_bus (f->ctx, f->address);
|
|
|
|
|
if (!dbus_connection_add_filter (f->activated, activated_filter,
|
|
|
|
|
f, NULL))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
f->activated_filter_added = TRUE;
|
|
|
|
|
f->activated_name = dbus_bus_get_unique_name (f->activated);
|
2017-02-14 12:31:24 +00:00
|
|
|
take_well_known_name (f, f->activated, config->bus_name);
|
2016-11-21 20:46:17 +00:00
|
|
|
|
2016-11-28 12:20:47 +00:00
|
|
|
#if defined(DBUS_TEST_APPARMOR_ACTIVATION) && defined(HAVE_APPARMOR_2_10)
|
2016-11-21 20:46:17 +00:00
|
|
|
if (aa_change_hat (NULL, 42) != 0)
|
|
|
|
|
g_error ("Unable to change back to initial profile: %s",
|
|
|
|
|
g_strerror (errno));
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We re-do the message matching, and now the message is
|
|
|
|
|
* forbidden by the receive policy.
|
|
|
|
|
*
|
|
|
|
|
* In the normal case, this is because the XML policy does not allow
|
|
|
|
|
* receiving any message with interface com.example.ReceiveDenied.
|
|
|
|
|
* We can't use the recipient's bus name here because the XML policy
|
|
|
|
|
* has no syntax for preventing the owner of a name from receiving
|
|
|
|
|
* messages - that would be pointless, because the sender could just
|
|
|
|
|
* open another connection and not own the same name on that connection.
|
|
|
|
|
*
|
|
|
|
|
* In the AppArmor case, this is because the AppArmor policy does not allow
|
|
|
|
|
* receiving messages with interface com.example.ReceiveDeniedByAppArmor
|
|
|
|
|
* from a peer with the same label we have. Again, we can't use the
|
|
|
|
|
* recipient's bus name because there is no syntax for this.
|
|
|
|
|
*/
|
2015-10-16 17:33:36 +01:00
|
|
|
while (f->caller_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->caller_message;
|
|
|
|
|
f->caller_message = NULL;
|
|
|
|
|
assert_error_reply (m, DBUS_SERVICE_DBUS, f->caller_name,
|
|
|
|
|
DBUS_ERROR_ACCESS_DENIED);
|
|
|
|
|
dbus_message_unref (m);
|
|
|
|
|
|
|
|
|
|
/* The activated service never even saw it. */
|
|
|
|
|
g_assert (f->activated_message == NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
/*
|
|
|
|
|
* Test that we can set up transient services.
|
|
|
|
|
*
|
|
|
|
|
* If (flags & FLAG_EARLY_TRANSIENT_SERVICE), we assert that a service that
|
|
|
|
|
* was deployed before starting systemd (in setup()) is available.
|
|
|
|
|
*
|
|
|
|
|
* Otherwise, we assert that a service that is deployed while dbus-daemon
|
|
|
|
|
* is already running becomes available after reloading the dbus-daemon
|
|
|
|
|
* configuration.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
test_transient_services (Fixture *f,
|
|
|
|
|
gconstpointer context)
|
|
|
|
|
{
|
|
|
|
|
const Config *config = context;
|
|
|
|
|
DBusMessage *m = NULL;
|
|
|
|
|
DBusMessage *send_reply = NULL;
|
|
|
|
|
DBusMessage *reply = NULL;
|
|
|
|
|
DBusPendingCall *pc;
|
|
|
|
|
|
2017-02-28 08:56:25 +00:00
|
|
|
g_assert (config != NULL);
|
|
|
|
|
g_assert (config->bus_name != NULL);
|
|
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
if (f->address == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* Connect the fake systemd to the bus. */
|
|
|
|
|
f->systemd = test_connect_to_bus (f->ctx, f->address);
|
|
|
|
|
if (!dbus_connection_add_filter (f->systemd, systemd_filter, f, NULL))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
f->systemd_filter_added = TRUE;
|
|
|
|
|
f->systemd_name = dbus_bus_get_unique_name (f->systemd);
|
|
|
|
|
take_well_known_name (f, f->systemd, "org.freedesktop.systemd1");
|
|
|
|
|
|
2017-02-28 08:56:25 +00:00
|
|
|
if ((config->flags & FLAG_EARLY_TRANSIENT_SERVICE) == 0)
|
2017-02-14 15:10:20 +00:00
|
|
|
{
|
|
|
|
|
/* Try to activate a service that isn't there. */
|
|
|
|
|
m = dbus_message_new_method_call (config->bus_name,
|
|
|
|
|
"/foo", "com.example.bar", "Activate");
|
|
|
|
|
|
2017-11-21 16:01:02 +00:00
|
|
|
if (m == NULL)
|
|
|
|
|
test_oom ();
|
2017-02-14 15:10:20 +00:00
|
|
|
|
|
|
|
|
/* It fails. */
|
2017-11-21 16:01:02 +00:00
|
|
|
reply = test_main_context_call_and_wait (f->ctx, f->caller, m,
|
|
|
|
|
DBUS_TIMEOUT_USE_DEFAULT);
|
2017-11-21 11:59:20 +00:00
|
|
|
assert_error_reply (reply, DBUS_SERVICE_DBUS, f->caller_name,
|
2017-02-14 15:10:20 +00:00
|
|
|
DBUS_ERROR_SERVICE_UNKNOWN);
|
|
|
|
|
|
2017-11-21 11:59:20 +00:00
|
|
|
dbus_clear_message (&reply);
|
2017-11-21 12:03:34 +00:00
|
|
|
dbus_clear_message (&m);
|
2017-02-14 15:10:20 +00:00
|
|
|
|
|
|
|
|
/* Now generate a transient D-Bus service file for it. The directory
|
|
|
|
|
* should have been created during dbus-daemon startup, so we don't have to
|
|
|
|
|
* recreate it. */
|
|
|
|
|
fixture_create_transient_service (f, config->bus_name);
|
|
|
|
|
|
|
|
|
|
/* To guarantee that the transient service has been picked up, we have
|
|
|
|
|
* to reload. */
|
|
|
|
|
m = dbus_message_new_method_call (DBUS_SERVICE_DBUS, DBUS_PATH_DBUS,
|
|
|
|
|
DBUS_INTERFACE_DBUS, "ReloadConfig");
|
|
|
|
|
|
2017-11-21 16:01:02 +00:00
|
|
|
if (m == NULL)
|
|
|
|
|
test_oom ();
|
2017-02-14 15:10:20 +00:00
|
|
|
|
2017-11-21 16:01:02 +00:00
|
|
|
reply = test_main_context_call_and_wait (f->ctx, f->caller, m,
|
|
|
|
|
DBUS_TIMEOUT_USE_DEFAULT);
|
2017-11-21 11:59:20 +00:00
|
|
|
assert_method_reply (reply, DBUS_SERVICE_DBUS, f->caller_name, "");
|
2017-11-21 12:01:23 +00:00
|
|
|
|
2017-11-21 11:59:20 +00:00
|
|
|
dbus_clear_message (&reply);
|
2017-11-21 12:03:34 +00:00
|
|
|
dbus_clear_message (&m);
|
2017-02-14 15:10:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* The service is present now. */
|
|
|
|
|
m = dbus_message_new_method_call (config->bus_name,
|
|
|
|
|
"/foo", "com.example.bar", "Activate");
|
|
|
|
|
|
|
|
|
|
if (m == NULL ||
|
|
|
|
|
!dbus_connection_send_with_reply (f->caller, m, &pc,
|
|
|
|
|
DBUS_TIMEOUT_USE_DEFAULT) || pc == NULL)
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
2017-11-21 12:03:34 +00:00
|
|
|
dbus_clear_message (&m);
|
2017-02-14 15:10:20 +00:00
|
|
|
|
|
|
|
|
if (dbus_pending_call_get_completed (pc))
|
|
|
|
|
test_pending_call_store_reply (pc, &reply);
|
|
|
|
|
else if (!dbus_pending_call_set_notify (pc, test_pending_call_store_reply,
|
|
|
|
|
&reply, NULL))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
2017-11-21 12:01:23 +00:00
|
|
|
dbus_clear_pending_call (&pc);
|
|
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
/* The mock systemd is told to start the service. */
|
|
|
|
|
while (f->systemd_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->systemd_message;
|
|
|
|
|
f->systemd_message = NULL;
|
|
|
|
|
assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS,
|
|
|
|
|
"org.freedesktop.systemd1.Activator", "ActivationRequest", "s",
|
|
|
|
|
"org.freedesktop.systemd1");
|
2017-11-21 12:03:34 +00:00
|
|
|
dbus_clear_message (&m);
|
2017-02-14 15:10:20 +00:00
|
|
|
|
|
|
|
|
/* The activatable service connects and gets its name. */
|
|
|
|
|
f->activated = test_connect_to_bus (f->ctx, f->address);
|
|
|
|
|
if (!dbus_connection_add_filter (f->activated, activated_filter,
|
|
|
|
|
f, NULL))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
f->activated_filter_added = TRUE;
|
|
|
|
|
f->activated_name = dbus_bus_get_unique_name (f->activated);
|
|
|
|
|
take_well_known_name (f, f->activated, config->bus_name);
|
|
|
|
|
|
|
|
|
|
/* The message is delivered to the activatable service. */
|
|
|
|
|
while (f->activated_message == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
m = f->activated_message;
|
|
|
|
|
f->activated_message = NULL;
|
|
|
|
|
assert_method_call (m, f->caller_name, config->bus_name, "/foo",
|
|
|
|
|
"com.example.bar", "Activate", "");
|
|
|
|
|
|
|
|
|
|
/* The activatable service sends back a reply. */
|
|
|
|
|
send_reply = dbus_message_new_method_return (m);
|
|
|
|
|
|
|
|
|
|
if (send_reply == NULL ||
|
|
|
|
|
!dbus_connection_send (f->activated, send_reply, NULL))
|
|
|
|
|
g_error ("OOM");
|
|
|
|
|
|
2017-11-21 12:03:34 +00:00
|
|
|
dbus_clear_message (&send_reply);
|
|
|
|
|
dbus_clear_message (&m);
|
2017-02-14 15:10:20 +00:00
|
|
|
|
|
|
|
|
/* The caller receives the reply. */
|
|
|
|
|
while (reply == NULL)
|
|
|
|
|
test_main_context_iterate (f->ctx, TRUE);
|
|
|
|
|
|
|
|
|
|
assert_method_reply (reply, f->activated_name, f->caller_name, "");
|
2017-11-21 12:03:34 +00:00
|
|
|
dbus_clear_message (&reply);
|
2017-02-14 15:10:20 +00:00
|
|
|
}
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
static void
|
|
|
|
|
teardown (Fixture *f,
|
|
|
|
|
gconstpointer context G_GNUC_UNUSED)
|
|
|
|
|
{
|
|
|
|
|
dbus_error_free (&f->e);
|
|
|
|
|
g_clear_error (&f->ge);
|
|
|
|
|
|
|
|
|
|
if (f->caller != NULL)
|
|
|
|
|
{
|
2015-10-16 17:33:36 +01:00
|
|
|
if (f->caller_filter_added)
|
|
|
|
|
dbus_connection_remove_filter (f->caller, caller_filter, f);
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
dbus_connection_close (f->caller);
|
|
|
|
|
dbus_connection_unref (f->caller);
|
|
|
|
|
f->caller = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (f->systemd != NULL)
|
|
|
|
|
{
|
2015-10-16 17:33:36 +01:00
|
|
|
if (f->systemd_filter_added)
|
|
|
|
|
dbus_connection_remove_filter (f->systemd, systemd_filter, f);
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
dbus_connection_close (f->systemd);
|
|
|
|
|
dbus_connection_unref (f->systemd);
|
|
|
|
|
f->systemd = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (f->activated != NULL)
|
|
|
|
|
{
|
2015-10-16 17:33:36 +01:00
|
|
|
if (f->activated_filter_added)
|
|
|
|
|
dbus_connection_remove_filter (f->activated, activated_filter, f);
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
dbus_connection_close (f->activated);
|
|
|
|
|
dbus_connection_unref (f->activated);
|
|
|
|
|
f->activated = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-29 00:48:14 +00:00
|
|
|
if (f->daemon_pid != 0)
|
|
|
|
|
{
|
|
|
|
|
test_kill_pid (f->daemon_pid);
|
|
|
|
|
g_spawn_close_pid (f->daemon_pid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (f->ctx != NULL)
|
|
|
|
|
test_main_context_unref (f->ctx);
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
g_free (f->address);
|
2017-02-14 19:03:44 +00:00
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
if (f->transient_service_file != NULL)
|
|
|
|
|
{
|
|
|
|
|
test_remove_if_exists (f->transient_service_file);
|
|
|
|
|
g_free (f->transient_service_file);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-14 19:03:44 +00:00
|
|
|
if (f->tmp_runtime_dir != NULL)
|
|
|
|
|
{
|
2017-02-14 15:10:20 +00:00
|
|
|
gchar *dbus1 = g_build_filename (f->tmp_runtime_dir, "dbus-1", NULL);
|
|
|
|
|
gchar *services = g_build_filename (dbus1, "services", NULL);
|
|
|
|
|
|
|
|
|
|
test_rmdir_if_exists (services);
|
|
|
|
|
test_rmdir_if_exists (dbus1);
|
2017-02-14 19:03:44 +00:00
|
|
|
test_rmdir_if_exists (f->tmp_runtime_dir);
|
|
|
|
|
|
|
|
|
|
g_free (f->tmp_runtime_dir);
|
2017-02-14 15:10:20 +00:00
|
|
|
g_free (dbus1);
|
|
|
|
|
g_free (services);
|
2017-02-14 19:03:44 +00:00
|
|
|
}
|
2015-01-26 20:10:39 +00:00
|
|
|
}
|
|
|
|
|
|
2017-02-14 12:31:24 +00:00
|
|
|
static const Config deny_send_tests[] =
|
|
|
|
|
{
|
|
|
|
|
#if defined(DBUS_TEST_APPARMOR_ACTIVATION)
|
|
|
|
|
{ "com.example.SendDeniedByAppArmorLabel" },
|
|
|
|
|
{ "com.example.SendDeniedByNonexistentAppArmorLabel" },
|
|
|
|
|
{ "com.example.SendDeniedByAppArmorName" },
|
|
|
|
|
#endif
|
|
|
|
|
{ "com.example.SendDenied" }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const Config deny_receive_tests[] =
|
|
|
|
|
{
|
|
|
|
|
#if defined(DBUS_TEST_APPARMOR_ACTIVATION)
|
|
|
|
|
{ "com.example.ReceiveDeniedByAppArmorLabel" },
|
|
|
|
|
#endif
|
|
|
|
|
{ "com.example.ReceiveDenied" }
|
|
|
|
|
};
|
|
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
static const Config transient_service_later =
|
|
|
|
|
{
|
|
|
|
|
"com.example.TransientActivatable1",
|
|
|
|
|
FLAG_NONE
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const Config transient_service_in_advance =
|
|
|
|
|
{
|
|
|
|
|
"com.example.TransientActivatable1",
|
|
|
|
|
FLAG_EARLY_TRANSIENT_SERVICE
|
|
|
|
|
};
|
|
|
|
|
|
2015-01-26 20:10:39 +00:00
|
|
|
int
|
|
|
|
|
main (int argc,
|
|
|
|
|
char **argv)
|
|
|
|
|
{
|
2017-02-14 12:31:24 +00:00
|
|
|
gsize i;
|
2018-07-11 16:40:12 +01:00
|
|
|
int ret;
|
2017-02-14 12:31:24 +00:00
|
|
|
|
2015-02-03 14:45:35 +00:00
|
|
|
test_init (&argc, &argv);
|
2015-01-26 20:10:39 +00:00
|
|
|
|
2015-11-14 16:32:42 +01:00
|
|
|
g_test_add ("/sd-activation/activation", Fixture, NULL,
|
2015-01-26 20:10:39 +00:00
|
|
|
setup, test_activation, teardown);
|
2015-11-14 16:32:42 +01:00
|
|
|
g_test_add ("/sd-activation/uae", Fixture, NULL,
|
|
|
|
|
setup, test_uae, teardown);
|
2016-11-21 20:46:17 +00:00
|
|
|
|
2017-02-14 12:31:24 +00:00
|
|
|
for (i = 0; i < G_N_ELEMENTS (deny_send_tests); i++)
|
|
|
|
|
{
|
|
|
|
|
gchar *name = g_strdup_printf ("/sd-activation/deny-send/%s",
|
|
|
|
|
deny_send_tests[i].bus_name);
|
|
|
|
|
|
|
|
|
|
g_test_add (name, Fixture, &deny_send_tests[i],
|
|
|
|
|
setup, test_deny_send, teardown);
|
|
|
|
|
g_free (name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < G_N_ELEMENTS (deny_receive_tests); i++)
|
|
|
|
|
{
|
|
|
|
|
gchar *name = g_strdup_printf ("/sd-activation/deny-receive/%s",
|
|
|
|
|
deny_receive_tests[i].bus_name);
|
|
|
|
|
|
|
|
|
|
g_test_add (name, Fixture, &deny_receive_tests[i],
|
|
|
|
|
setup, test_deny_receive, teardown);
|
|
|
|
|
g_free (name);
|
|
|
|
|
}
|
2015-01-26 20:10:39 +00:00
|
|
|
|
2017-02-14 15:10:20 +00:00
|
|
|
g_test_add ("/sd-activation/transient-services/later", Fixture,
|
|
|
|
|
&transient_service_later, setup, test_transient_services, teardown);
|
|
|
|
|
g_test_add ("/sd-activation/transient-services/in-advance", Fixture,
|
|
|
|
|
&transient_service_in_advance, setup, test_transient_services, teardown);
|
|
|
|
|
|
2018-07-11 16:40:12 +01:00
|
|
|
ret = g_test_run ();
|
|
|
|
|
dbus_shutdown ();
|
|
|
|
|
return ret;
|
2015-01-26 20:10:39 +00:00
|
|
|
}
|
