1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
|
// Copyright (C) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
#include <memory>
#include <gtest/gtest.h>
#include "../../common/utility.hpp"
namespace {
std::string configuration_file { "/vsomeip/0_0/vsomeip_security.json" };
vsomeip_v3::service_t valid_service_id = 0xf91f;
vsomeip_v3::service_t invalid_service_id = 0xf923;
vsomeip_v3::uid_t valid_uid = 4017205;
vsomeip_v3::uid_t invalid_uid = 111111;
}
// Since this set of tests check a private method, there is the need to indirectly change the
// parameters used by load_security_update_whitelist, and check its changes using other methods.
// The is_policy_removal_allowed method checks if a selected uid is present in the whitelist.
// The is_policy_update_allowed method checks if a selected service_id is present in the whitelist.
TEST(load_security_update_whitelist, check_uids)
{
// LOADED POLICY W/O UIDS ON SECURITY WHITELIST ---------------------------------------------//
std::unique_ptr<vsomeip_v3::policy_manager_impl> security(new vsomeip_v3::policy_manager_impl);
// Force load of some policies.
std::set<std::string> its_failed;
std::vector<vsomeip_v3::configuration_element> policy_elements;
std::set<std::string> input { utility::get_policies_path() + configuration_file };
utility::read_data(input, policy_elements, its_failed);
// Check if the load worked.
ASSERT_EQ(its_failed.size(), 0);
std::vector<vsomeip_v3::service_t> services;
utility::get_policy_services(policy_elements.at(0), services);
// Add a security whitelist with an empty list of user uids.
std::vector<vsomeip_v3::uid_t> user_ids;
utility::add_security_whitelist(policy_elements.at(0), user_ids, services, true);
// Using load function to indirectly call load_security_update_whitelist.
security->load(policy_elements.at(0));
// Check that the valid and invalid uids are not present in the whitelist by calling a method
// that verifies that condition.
ASSERT_FALSE(security->is_policy_removal_allowed(valid_uid))
<< "The whitelist unexpectedly holds a valid uid";
ASSERT_FALSE(security->is_policy_removal_allowed(invalid_uid))
<< "The whitelist unexpectedly holds an invalid uid";
// LOADED POLICY WITH UIDS ON SECURITY WHITELIST ---------------------------------------------//
utility::get_policy_uids(policy_elements.at(0), user_ids);
// Add a security whitelist with list of user uids loaded.
utility::add_security_whitelist(policy_elements.at(0), user_ids, services, true);
// Using load function to indirectly call load_security_update_whitelist.
security->load(policy_elements.at(0));
// Check that the valid and invalid uids are not present in the whitelist by calling a method
// that verifies that condition.
ASSERT_TRUE(security->is_policy_removal_allowed(valid_uid))
<< "The whitelist expected to hold a valid uid";
ASSERT_FALSE(security->is_policy_removal_allowed(invalid_uid))
<< "The whitelist unexpectedly holds an invalid uid";
}
TEST(load_security_update_whitelist, check_service_ids)
{
// LOADED POLICY W/O SERVICE IDS ON SECURITY WHITELIST -------------------------------------//
std::unique_ptr<vsomeip_v3::policy_manager_impl> security(new vsomeip_v3::policy_manager_impl);
// Force load of some policies.
std::set<std::string> its_failed;
std::vector<vsomeip_v3::configuration_element> policy_elements;
std::set<std::string> input { utility::get_policies_path() + configuration_file };
utility::read_data(input, policy_elements, its_failed);
// Check if the load worked.
ASSERT_EQ(its_failed.size(), 0);
std::vector<vsomeip_v3::uid_t> user_ids;
utility::get_policy_uids(policy_elements.at(0), user_ids);
// Add a security whitelist with an empty list of service ids.
std::vector<vsomeip_v3::service_t> services;
utility::add_security_whitelist(policy_elements.at(0), user_ids, services, true);
// Using load function to indirectly call load_security_update_whitelist.
security->load(policy_elements.at(0));
std::shared_ptr<vsomeip::policy> policy(std::make_shared<vsomeip::policy>());
vsomeip::service_t its_service(valid_service_id);
vsomeip::service_t its_invalid_service(invalid_service_id);
boost::icl::discrete_interval<vsomeip::instance_t> its_instances(0x1, 0x2);
boost::icl::interval_set<vsomeip::method_t> its_methods;
its_methods.insert(boost::icl::interval<vsomeip::method_t>::closed(0x01, 0x2));
boost::icl::interval_map<vsomeip::instance_t, boost::icl::interval_set<vsomeip::method_t>>
its_instances_methods;
its_instances_methods += std::make_pair(its_instances, its_methods);
// Add a valid request to the policy
policy->requests_ +=
std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>(
its_service, its_service, boost::icl::interval_bounds::closed()),
its_instances_methods);
// Check its presence using the is_policy_update_allowed method.
ASSERT_FALSE(security->is_policy_update_allowed(valid_uid, policy))
<< "The whitelist unexpectedly holds a valid service_id";
// Add an invalid request to the policy
policy->requests_ += std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>(
its_invalid_service, its_invalid_service,
boost::icl::interval_bounds::closed()),
its_instances_methods);
// Check its presence using the is_policy_update_allowed method.
ASSERT_FALSE(security->is_policy_update_allowed(valid_uid, policy))
<< "The whitelist unexpectedly holds an invalid service_id";
// LOADED POLICY WITH SERVICE IDS ON SECURITY WHITELIST --------------------------------------//
utility::get_policy_services(policy_elements.at(0), services);
utility::add_security_whitelist(policy_elements.at(0), user_ids, services, true);
security->load(policy_elements.at(0));
// Reset the policies pointer to add a correct serviceid and an incorrect one.
policy->requests_.clear();
// Add a valid request to the policy.
policy->requests_ +=
std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>(
its_service, its_service, boost::icl::interval_bounds::closed()),
its_instances_methods);
// Check its presence using the is_policy_update_allowed method.
ASSERT_TRUE(security->is_policy_update_allowed(valid_uid, policy))
<< "The whitelist expected to hold a valid service_id";
// Add an invalid request to the policy.
policy->requests_ += std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>(
its_invalid_service, its_invalid_service,
boost::icl::interval_bounds::closed()),
its_instances_methods);
// Check its presence using the is_policy_update_allowed method.
ASSERT_FALSE(security->is_policy_update_allowed(invalid_uid, policy))
<< "The whitelist unexpectedly holds an invalid service_id";
}
TEST(load_security_update_whitelist, check_whitelist_disabled)
{
std::unique_ptr<vsomeip_v3::policy_manager_impl> security(new vsomeip_v3::policy_manager_impl);
// Force load of some policies.
std::set<std::string> its_failed;
std::vector<vsomeip_v3::configuration_element> policy_elements;
std::set<std::string> input { utility::get_policies_path() + configuration_file };
utility::read_data(input, policy_elements, its_failed);
// Check if the load worked.
ASSERT_EQ(its_failed.size(), 0);
std::vector<vsomeip_v3::uid_t> user_ids;
utility::get_policy_uids(policy_elements.at(0), user_ids);
std::vector<vsomeip_v3::service_t> services;
utility::get_policy_services(policy_elements.at(0), services);
// Add a security whitelist with check_whitelist disabled.
utility::add_security_whitelist(policy_elements.at(0), user_ids, services, false);
security->load(policy_elements.at(0));
std::shared_ptr<vsomeip::policy> policy(std::make_shared<vsomeip::policy>());
vsomeip::service_t its_service(valid_service_id);
vsomeip::service_t its_invalid_service(invalid_service_id);
boost::icl::discrete_interval<vsomeip::instance_t> its_instances(0x1, 0x2);
boost::icl::interval_set<vsomeip::method_t> its_methods;
its_methods.insert(boost::icl::interval<vsomeip::method_t>::closed(0x01, 0x2));
boost::icl::interval_map<vsomeip::instance_t, boost::icl::interval_set<vsomeip::method_t>>
its_instances_methods;
its_instances_methods += std::make_pair(its_instances, its_methods);
// Add a valid request to the policy.
policy->requests_ +=
std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>(
its_service, its_service, boost::icl::interval_bounds::closed()),
its_instances_methods);
ASSERT_TRUE(security->is_policy_removal_allowed(valid_uid))
<< "The whitelist is disabled, a valid uid should be allowed to be removed";
ASSERT_TRUE(security->is_policy_removal_allowed(invalid_uid))
<< "The whitelist is disabled, an invalid uid should be allowed to be removed";
ASSERT_TRUE(security->is_policy_update_allowed(valid_uid, policy))
<< "The whitelist is disabled, a valid service_id should be allowed to be updated";
// Add an invalid request to the policy.
policy->requests_ += std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>(
its_invalid_service, its_invalid_service,
boost::icl::interval_bounds::closed()),
its_instances_methods);
ASSERT_TRUE(security->is_policy_update_allowed(valid_uid, policy))
<< "The whitelist is disabled, a valid service_id should be allowed to be updated";
}
|
