summaryrefslogtreecommitdiff
path: root/test/unit_tests/security_tests/ut_is_policy_update_allowed.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'test/unit_tests/security_tests/ut_is_policy_update_allowed.cpp')
-rw-r--r--test/unit_tests/security_tests/ut_is_policy_update_allowed.cpp221
1 files changed, 221 insertions, 0 deletions
diff --git a/test/unit_tests/security_tests/ut_is_policy_update_allowed.cpp b/test/unit_tests/security_tests/ut_is_policy_update_allowed.cpp
new file mode 100644
index 0000000..20c6ba5
--- /dev/null
+++ b/test/unit_tests/security_tests/ut_is_policy_update_allowed.cpp
@@ -0,0 +1,221 @@
+// Copyright (C) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include <memory>
+#include <iostream>
+#include <gtest/gtest.h>
+#include "../../common/utility.hpp"
+
+namespace {
+std::string configuration_file { "/vsomeip/0_0/vsomeip_security.json" };
+
+vsomeip_v3::uid_t valid_uid { 0 };
+vsomeip_v3::uid_t invalid_uid { 1234567 };
+
+vsomeip_v3::gid_t valid_gid { 0 };
+
+vsomeip_v3::service_t valid_service { 0xf913 };
+vsomeip_v3::service_t invalid_service { 0x41 };
+}
+
+TEST(is_policy_update_allowed, check_whitelist_disabled)
+{
+ // Test object.
+ std::unique_ptr<vsomeip_v3::policy_manager_impl> security(new vsomeip_v3::policy_manager_impl);
+
+ // Get some configurations.
+ std::set<std::string> its_failed;
+ std::vector<vsomeip_v3::configuration_element> policy_elements;
+ std::set<std::string> input { utility::get_policies_path() + configuration_file };
+ utility::read_data(input, policy_elements, its_failed);
+
+ // Load the configuration into the security.
+ ASSERT_GT(policy_elements.size(), 0) << "Failed to fetch policy elements!";
+ const bool check_whitelist { false };
+ utility::add_security_whitelist(policy_elements.at(0), check_whitelist);
+ security->load(policy_elements.at(0), false);
+
+ // Create policy credentials.
+ boost::icl::discrete_interval<uid_t> its_uids(valid_uid, valid_uid);
+ boost::icl::interval_set<gid_t> its_gids;
+ its_gids.insert(boost::icl::interval<gid_t>::closed(valid_gid, valid_gid));
+
+ // Create a policy.
+ std::shared_ptr<vsomeip::policy> policy(std::make_shared<vsomeip::policy>());
+ policy->credentials_ += std::make_pair(its_uids, its_gids);
+ policy->allow_who_ = true;
+ policy->allow_what_ = true;
+
+ // NO REQUESTS IN POLICY ---------------------------------------------------------------------//
+
+ EXPECT_TRUE(security->is_policy_update_allowed(invalid_uid, policy))
+ << "Failed to allow policy update with invalid user id when check_whitelist is "
+ "disabled!";
+
+ EXPECT_TRUE(security->is_policy_update_allowed(valid_uid, policy))
+ << "Failed to allow policy update with valid user id when check_whitelist is "
+ "disabled!";
+
+ // ONLY VALID REQUESTS IN POLICY -------------------------------------------------------------//
+
+ boost::icl::discrete_interval<vsomeip::instance_t> its_instances(0x1, 0x2);
+ boost::icl::interval_set<vsomeip::method_t> its_methods;
+ its_methods.insert(boost::icl::interval<vsomeip::method_t>::closed(0x01, 0x2));
+ boost::icl::interval_map<vsomeip::instance_t, boost::icl::interval_set<vsomeip::method_t>>
+ its_instances_methods;
+ its_instances_methods += std::make_pair(its_instances, its_methods);
+
+ // Add a valid request to the policy.
+ policy->requests_ += std::make_pair(
+ boost::icl::discrete_interval<vsomeip::service_t>(
+ valid_service, valid_service, boost::icl::interval_bounds::closed()),
+ its_instances_methods);
+
+ EXPECT_TRUE(security->is_policy_update_allowed(invalid_uid, policy))
+ << "Failed to allow policy update with invalid user id and valid request when "
+ "check_whitelist is disabled!";
+
+ EXPECT_TRUE(security->is_policy_update_allowed(valid_uid, policy))
+ << "Failed to allow policy update with valid user id and valid request when "
+ "check_whitelist is disabled!";
+
+ // INVALID REQUESTS IN POLICY ----------------------------------------------------------------//
+
+ // Add a invalid request to the policy.
+ policy->requests_ += std::make_pair(
+ boost::icl::discrete_interval<vsomeip::service_t>(
+ invalid_service, invalid_service, boost::icl::interval_bounds::closed()),
+ its_instances_methods);
+
+ EXPECT_TRUE(security->is_policy_update_allowed(invalid_uid, policy))
+ << "Failed to allow policy update with invalid user id and invalid request when "
+ "check_whitelist is disabled!";
+
+ EXPECT_TRUE(security->is_policy_update_allowed(valid_uid, policy))
+ << "Failed to allow policy update with valid user id and invalid request when "
+ "check_whitelist is disabled!";
+}
+
+TEST(is_policy_update_allowed, check_whitelist_enabled)
+{
+ // Test object.
+ std::unique_ptr<vsomeip_v3::policy_manager_impl> security(new vsomeip_v3::policy_manager_impl);
+
+ // Get some configurations.
+ std::set<std::string> its_failed;
+ std::vector<vsomeip_v3::configuration_element> policy_elements;
+ std::set<std::string> input { utility::get_policies_path() + configuration_file };
+ utility::read_data(input, policy_elements, its_failed);
+
+ // Load the policy into the security.
+ ASSERT_GT(policy_elements.size(), 0) << "Failed to fetch policy elements!";
+ const bool check_whitelist { true };
+ utility::add_security_whitelist(policy_elements.at(0), check_whitelist);
+ security->load(policy_elements.at(0), false);
+
+ // Create policy credentials.
+ boost::icl::discrete_interval<uid_t> its_uids(valid_uid, valid_uid);
+ boost::icl::interval_set<gid_t> its_gids;
+ its_gids.insert(boost::icl::interval<gid_t>::closed(valid_gid, valid_gid));
+
+ // Create a policy.
+ std::shared_ptr<vsomeip::policy> policy(std::make_shared<vsomeip::policy>());
+ policy->credentials_ += std::make_pair(its_uids, its_gids);
+ policy->allow_who_ = true;
+ policy->allow_what_ = true;
+
+ // NO REQUESTS IN POLICY ---------------------------------------------------------------------//
+
+ EXPECT_FALSE(security->is_policy_update_allowed(invalid_uid, policy))
+ << "Failed to deny policy update with invalid user id!";
+
+ EXPECT_TRUE(security->is_policy_update_allowed(valid_uid, policy))
+ << "Failed to allow policy update with valid user id!";
+
+ // ONLY VALID REQUESTS IN POLICY -------------------------------------------------------------//
+
+ boost::icl::discrete_interval<vsomeip::instance_t> its_instances(0x1, 0x2);
+ boost::icl::interval_set<vsomeip::method_t> its_methods;
+ its_methods.insert(boost::icl::interval<vsomeip::method_t>::closed(0x01, 0x2));
+ boost::icl::interval_map<vsomeip::instance_t, boost::icl::interval_set<vsomeip::method_t>>
+ its_instances_methods;
+ its_instances_methods += std::make_pair(its_instances, its_methods);
+
+ // Add valid request to the policy.
+ policy->requests_ += std::make_pair(
+ boost::icl::discrete_interval<vsomeip::service_t>(
+ valid_service, valid_service, boost::icl::interval_bounds::closed()),
+ its_instances_methods);
+
+ EXPECT_FALSE(security->is_policy_update_allowed(invalid_uid, policy))
+ << "Failed to deny policy update with invalid user id and valid request!";
+
+ EXPECT_TRUE(security->is_policy_update_allowed(valid_uid, policy))
+ << "Failed to allow policy update with valid user id and valid request!";
+
+ // INVALID REQUESTS IN POLICY ----------------------------------------------------------------//
+
+ // Add invalid request to the policy.
+ policy->requests_ += std::make_pair(
+ boost::icl::discrete_interval<vsomeip::service_t>(
+ invalid_service, invalid_service, boost::icl::interval_bounds::closed()),
+ its_instances_methods);
+
+ EXPECT_FALSE(security->is_policy_update_allowed(invalid_uid, policy))
+ << "Failed to deny policy update with invalid user id and invalid request!";
+
+ EXPECT_FALSE(security->is_policy_update_allowed(valid_uid, policy))
+ << "Failed to deny policy update with valid user id and invalid request!";
+}
+
+TEST(is_policy_update_allowed, null_policy)
+{
+ // Test objects.
+ std::unique_ptr<vsomeip_v3::policy_manager_impl> security(new vsomeip_v3::policy_manager_impl);
+ std::shared_ptr<vsomeip_v3::policy> policy = nullptr;
+
+ // NO POLICIES LOADED ------------------------------------------------------------------------//
+
+ ASSERT_EXIT((security->is_policy_update_allowed(0, policy), exit(0)),
+ testing::ExitedWithCode(0), ".*")
+ << "Could not handle a nullptr when no policies are loaded!";
+
+ EXPECT_TRUE(security->is_policy_update_allowed(0, policy))
+ << "Denied update of policy when security whitelist is not loaded!";
+
+ // LOADED POLICY W/O SECURITY WHITELIST ------------------------------------------------------//
+
+ // Get some configurations.
+ std::set<std::string> its_failed;
+ std::vector<vsomeip_v3::configuration_element> policy_elements;
+ std::set<std::string> input { utility::get_policies_path() + configuration_file };
+ utility::read_data(input, policy_elements, its_failed);
+
+ // Load the policy into the security.
+ ASSERT_GT(policy_elements.size(), 0) << "Failed to fetch policy elements!";
+ security->load(policy_elements.at(0), false);
+
+ ASSERT_EXIT((security->is_policy_update_allowed(0, policy), exit(0)),
+ testing::ExitedWithCode(0), ".*")
+ << "Could not handle a nullptr when a policy without a security whitelist was loaded!";
+
+ EXPECT_TRUE(security->is_policy_update_allowed(0, policy))
+ << "Denied update of policy when security whitelist is not loaded!";
+
+ // LOADED POLICY W/ SECURITY WHITELIST -------------------------------------------------------//
+
+ // Add a security whitelist to the policy.
+
+ utility::add_security_whitelist(policy_elements.at(0), true);
+
+ security->load(policy_elements.at(0), false);
+
+ ASSERT_EXIT((security->is_policy_update_allowed(0, policy), exit(0)),
+ testing::ExitedWithCode(0), ".*")
+ << "Could not handle a nullptr when a policy with a security whitelist was loaded!";
+
+ EXPECT_FALSE(security->is_policy_update_allowed(0, policy))
+ << "Allowed update of invalid policy!";
+}
View Lorry Controller Status