2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
21 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
23 * @brief libprivilege-control test runner
36 #include <sys/types.h>
39 #include <sys/socket.h>
41 #include <sys/smack.h>
43 #include <privilege-control.h>
44 #include <dpl/test/test_runner.h>
45 #include <dpl/test/test_runner_child.h>
46 #include <dpl/test/test_runner_multiprocess.h>
47 #include <dpl/log/log.h>
48 #include <tests_common.h>
49 #include <libprivilege-control_test_common.h>
50 #include "common/duplicates.h"
51 #include "common/db.h"
54 // Error codes for test_libprivilege_strerror
55 const std::vector<int> error_codes {
56 PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
57 PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
58 PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
59 PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
64 std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
66 std::vector<std::string> names;
67 for(size_t i = 0; i < size; ++i) {
68 names.push_back(prefix + "_" + std::to_string(i) + suffix);
73 const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
74 const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
75 const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
76 const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
77 const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
78 const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
79 const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
81 void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
83 std::ifstream dac_file(dac_file_path);
84 RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
86 auto it = gids.begin();
88 while (std::getline(dac_file,line)) {
89 std::istringstream is(line);
92 RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
93 RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
97 RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
102 void remove_smack_files()
105 unlink(OSP_BLAHBLAH);
106 unlink(WRT_BLAHBLAH);
107 unlink(OTHER_BLAHBLAH);
108 unlink(WRT_BLAHBLAH_DAC);
109 unlink(OTHER_BLAHBLAH_DAC);
111 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
112 unlink(OSP_BLAHBLAH_DAC[i].c_str());
114 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
115 unlink(OSP_BLAHBLAH_DAC[i].c_str());
120 RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
122 RUNNER_TEST(privilege_control02_perm_app_setup_path_01_PRIVATE)
126 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
127 RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
129 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
130 RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
134 result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
135 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_PRIVATE failed");
139 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
140 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
142 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
143 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
146 RUNNER_TEST(privilege_control02_perm_app_setup_path_02_FLOOR)
150 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
151 RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
153 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
154 RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
158 result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_FLOOR);
159 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_FLOOR type failed");
163 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
164 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
166 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
167 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
171 RUNNER_TEST_SMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO)
173 test_perm_app_setup_path_PUBLIC_RO(true);
177 * Revoke permissions from the list. Should be executed as privileged user.
179 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
181 test_revoke_permissions(__LINE__, WGT_APP_ID);
185 * Revoke permissions from the list. Should be executed as privileged user.
187 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
189 test_revoke_permissions(__LINE__, OSP_APP_ID);
192 void test_set_app_privilege(
193 const char* app_id, app_type_t APP_TYPE,
194 const char** privileges, const char* type,
195 const char* app_path, const char* dac_file,
196 const rules_t &rules) {
197 check_app_installed(app_path);
203 result = perm_app_uninstall(app_id);
204 RUNNER_ASSERT_MSG(result == 0,
205 " perm_app_uninstall returned " << result << ". "
206 "Errno: " << strerror(errno));
208 result = perm_app_install(app_id);
209 RUNNER_ASSERT_MSG(result == 0,
210 " perm_app_install returned " << result << ". "
211 "Errno: " << strerror(errno));
214 result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, false);
215 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
216 " Error registering app permissions. Result: " << result);
220 result = test_have_all_accesses(rules);
221 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
223 std::set<unsigned> groups_before;
224 read_user_gids(groups_before, APP_UID);
226 result = perm_app_set_privilege(app_id, type, app_path);
227 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
228 " Error in perm_app_set_privilege. Error: " << result);
230 // Check if SMACK label really set
232 result = smack_new_label_from_self(&label);
233 RUNNER_ASSERT_MSG(result >= 0,
234 " Error getting current process label");
235 RUNNER_ASSERT_MSG(label != nullptr,
236 " Process label is not set");
238 result = strcmp(USER_APP_ID, label);
239 RUNNER_ASSERT_MSG(result == 0,
240 " Process label " << label << " is incorrect");
242 check_groups(groups_before, dac_file);
246 * Set APP privileges. wgt.
248 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
250 test_set_app_privilege(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
251 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
255 * Set APP privileges. osp app.
257 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
259 test_set_app_privilege(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
260 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
263 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_efl)
265 test_set_app_privilege(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
267 LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
271 * Add new API feature
273 RUNNER_TEST(privilege_control08_add_api_feature)
277 remove_smack_files();
281 // argument validation
282 result = perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0);
283 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
285 result = perm_add_api_feature(APP_TYPE_OSP,"", nullptr, nullptr, 0);
286 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
289 // Already existing feature:
290 // TODO: Database will be malformed. (Rules for these features will be removed.)
291 result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", nullptr, nullptr, 0);
292 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
294 result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", nullptr, nullptr, 0);
295 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
298 result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", nullptr, nullptr, 0);
299 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
301 result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", nullptr, nullptr, 0);
302 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
305 const char *test1[] = { nullptr };
306 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, nullptr, 0);
307 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
309 const char *test2[] = { "", nullptr };
310 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, nullptr, 0);
311 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
313 const char *test3[] = { " \t\n", "\t \n", "\n\t ", nullptr };
314 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, nullptr, 0);
315 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
318 const char *test4[] = { "malformed", nullptr };
319 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, nullptr, 0);
320 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
322 const char *test5[] = { "malformed malformed", nullptr };
323 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, nullptr, 0);
324 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
326 const char *test6[] = { "-malformed malformed rwxat", nullptr };
327 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, nullptr, 0);
328 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
330 const char *test7[] = { "~/\"\\ malformed rwxat", nullptr };
331 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, nullptr, 0);
332 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
334 const char *test8[] = { "subject object rwxat something else", nullptr };
335 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, nullptr, 0);
336 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
340 const char *test9[] = {
341 "~APP~ object\t rwxatl",
343 "subject2\t~APP~ ltxarw",
347 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, nullptr, 0);
348 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
350 const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", nullptr };
351 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, nullptr, 0);
352 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
354 const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", nullptr }; // TODO This fails.
355 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, nullptr, 0);
356 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
359 // TODO For now identical/complementary rules are not merged.
360 const char *test12[] = {
361 "subject1 ~APP~ rwxatl",
363 "subject2 ~APP~ ltxarw",
366 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, nullptr, 0);
367 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
370 const char *test13[] = { "~APP~ b a", nullptr};
371 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
372 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
373 result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
374 RUNNER_ASSERT(result == -1);
375 remove_smack_files();
379 result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
380 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
381 osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
382 remove_smack_files();
384 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
385 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
386 osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
387 remove_smack_files();
389 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
390 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
391 osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
392 remove_smack_files();
398 * Add new API feature, assign it to an app and redefine the API feature.
399 * Check if app rules has changed after redefinition.
401 RUNNER_TEST_SMACK(privilege_control09_perm_add_api_feature_redefine)
404 const char *permissionName[] = { "org.tizen.test.permtoberedefined", nullptr};
406 // Rules to be used with the first check
407 const rules_t test_rules1 = {
408 { GENERATED_APP_ID, PERM_TO_REDEFINE, "rx" },
409 { PERM_TO_REDEFINE, GENERATED_APP_ID, "rwx" },
410 { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
413 // Rules that contain differences - to be used with the second check (after re-def)
414 const rules_t test_rules2 = {
415 { GENERATED_APP_ID, PERM_TO_REDEFINE, "rwx" },
416 { PERM_TO_REDEFINE, GENERATED_APP_ID, "rx" },
417 { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "watl" }
420 // Differences between rules1 and rules2 - should be revoked after re-def)
421 const rules_t diff_rules = {
422 { PERM_TO_REDEFINE, GENERATED_APP_ID, "w" },
423 { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
426 // Rules to be used with the first definition
427 const char *perm_rules1[] = {
428 "~APP~ " PERM_TO_REDEFINE " rx",
429 PERM_TO_REDEFINE " ~APP~ rwx",
430 "~APP~ " PERM_SUB_TO_REDEFINE " rx",
434 // Rules that contain differences - to be used with the second definition (re-def)
435 const char *perm_rules2[] = {
436 "~APP~ " PERM_TO_REDEFINE " rwx",
437 PERM_TO_REDEFINE " ~APP~ rx",
438 "~APP~ " PERM_SUB_TO_REDEFINE " watl",
444 // uninstall app to make sure that all rules and permissions are revoked
445 result = perm_app_uninstall(APP_ID);
446 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
447 "perm_app_uninstall failed: " << perm_strerror(result));
449 result = perm_app_install(APP_ID);
450 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
451 "perm_app_install failed: " << perm_strerror(result));
453 result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules1, nullptr, 0);
454 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
455 "perm_add_api_feature failed: " << result);
457 result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP, permissionName, true);
458 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
459 "perm_app_enable_permissions failed: " << perm_strerror(result));
463 // Check if rules are applied
464 result = test_have_all_accesses(test_rules1);
465 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
469 // Redefine the permission
470 result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules2, nullptr, 0);
471 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
472 "perm_add_api_feature failed: " << result);
476 // Check if rules are updated
477 result = test_have_all_accesses(test_rules2);
478 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added after update.");
479 // The difference between rules1 and rules2 should be revoked!
480 result = test_have_any_accesses(diff_rules);
481 RUNNER_ASSERT_MSG(result == 0, "Permissions are not fully updated.");
485 * Check perm_app_uninstall function
487 void check_perm_app_uninstall(const char* pkg_id)
493 result = perm_app_uninstall(pkg_id);
494 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned: " << perm_strerror(result));
499 RUNNER_TEST(privilege_control07_app_uninstall)
501 check_perm_app_uninstall(APP_ID);
505 * Check perm_app_install function
507 void check_perm_app_install(const char* pkg_id)
513 result = perm_app_install(pkg_id);
514 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
518 TestLibPrivilegeControlDatabase db_test;
519 db_test.test_db_after__perm_app_install(USER_APP_ID);
522 RUNNER_TEST(privilege_control01_app_install)
524 check_perm_app_uninstall(APP_ID);
525 check_perm_app_install(APP_ID);
526 // try install second time app with the same ID - it should pass.
527 check_perm_app_install(APP_ID);
531 * Check perm_rollback function
533 RUNNER_TEST(privilege_control07_app_rollback)
535 check_perm_app_uninstall(APP_ID);
541 result = perm_app_install(APP_ID);
542 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
544 // transaction rollback
545 result = perm_rollback();
546 RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
551 RUNNER_TEST(privilege_control07_app_rollback_2)
553 check_perm_app_uninstall(APP_ID);
559 result = perm_app_install(APP_ID);
560 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
562 // transaction rollback
563 result = perm_rollback();
564 RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
566 // install once again after the rollback
567 result = perm_app_install(APP_ID);
568 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
572 TestLibPrivilegeControlDatabase db_test;
573 db_test.test_db_after__perm_app_install(USER_APP_ID);
577 * Grant SMACK permissions based on permissions list.
579 RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
583 // Clean up after test:
586 result = perm_app_uninstall(WGT_APP_ID);
587 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
588 result = perm_app_install(WGT_APP_ID);
589 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
592 * Test - Enabling all permissions with persistant mode enabled
594 result = perm_app_revoke_permissions(WGT_APP_ID);
595 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
596 "Error revoking app permissions. Result: " << result);
598 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
599 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
600 " Error registering app permissions. Result: " << result);
604 // Check if the accesses are realy applied..
605 result = test_have_all_accesses(rules2);
606 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
611 result = perm_app_revoke_permissions(WGT_APP_ID);
612 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
613 "Error revoking app permissions. Result: " << result);
618 * Test - Enabling all permissions with persistant mode disabled
622 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
623 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
624 " Error registering app permissions. Result: " << result);
626 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
627 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
628 " Error enabling app permissions. Result: " << result);
632 // Check if the accesses are realy applied..
633 result = test_have_all_accesses(rules2);
634 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
639 result = perm_app_revoke_permissions(WGT_APP_ID);
640 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
641 "Error revoking app permissions. Result: " << result);
646 * Test - Registering new permissions in two complementary files
651 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
652 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
653 " Error registering app permissions. Result: " << result);
657 // Check if the accesses are realy applied..
658 result = test_have_all_accesses(rules2_no_r);
659 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
664 result = perm_app_revoke_permissions(WGT_APP_ID);
665 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
666 "Error revoking app permissions. Result: " << result);
671 * Test - Enabling some permissions and then enabling complementary permissions
676 // Register permission for rules 2 no r
677 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
678 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
679 " Error registering app permissions without r. Result: " << result);
683 // Check if the accesses are realy applied..
684 result = test_have_all_accesses(rules2_no_r);
685 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
689 // Register permission for rules 2
690 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
691 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
692 " Error registering app all permissions. Result: " << result);
696 // Check if the accesses are realy applied..
697 result = test_have_all_accesses(rules2);
698 RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
703 result = perm_app_revoke_permissions(WGT_APP_ID);
704 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
705 "Error revoking app permissions. Result: " << result);
708 * Test - Enabling some permissions and then enabling all permissions
711 // Enable permission for rules 2 no r
712 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
713 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
714 " Error registering app permissions without r. Result: " << result);
718 // Check if the accesses are realy applied..
719 result = test_have_all_accesses(rules2_no_r);
720 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
724 // Enable permission for rules 2
725 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
726 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
727 " Error registering app permissions with only r. Result: " << result);
731 // Check if the accesses are realy applied..
732 result = test_have_all_accesses(rules2_r);
733 RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
738 result = perm_app_revoke_permissions(WGT_APP_ID);
739 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
740 "Error revoking app permissions. Result: " << result);
744 // Clean up after test:
745 result = perm_app_uninstall(WGT_APP_ID);
746 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
751 RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
753 test_app_enable_permissions_efl(true);
757 * Check perm_app_install function
759 RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
761 test_app_disable_permissions_efl(true);
766 * Remove previously granted SMACK permissions based on permissions list.
768 RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
770 test_app_disable_permissions(true);
774 * Reset SMACK permissions for an application by revoking all previously
775 * granted rules and enabling them again from a rules file from disk.
777 // TODO: This test is incomplete.
778 RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
783 * Test - doing reset and checking if rules exist again.
788 result = perm_app_install(WGT_APP_ID);
789 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
791 // Disable permissions
792 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
793 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
794 "Error disabling app permissions. Result: " << result);
796 // Prepare permissions to reset
797 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
798 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
799 " Error registering app permissions. Result: " << result);
802 result = perm_app_reset_permissions(WGT_APP_ID);
803 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
804 "Error reseting app permissions. Result: " << result);
808 // Are all second permissions not disabled?
809 result = test_have_all_accesses(rules2);
810 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
814 // Disable permissions
815 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
816 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
817 "Error disabling app permissions. Result: " << result);
819 result = perm_app_uninstall(WGT_APP_ID);
820 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
825 static void smack_set_random_label_based_on_pid_on_self(void)
828 std::stringstream ss;
830 ss << "s-" << getpid() << "-" << getppid();
831 result = smack_set_label_for_self(ss.str().c_str());
832 RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
833 << ss.str().c_str() << ") failed");
836 static void smack_unix_sock_server(int sock)
842 fd = accept(sock, nullptr, nullptr);
847 FdUniquePtr fdPtr(&fd);
849 result = smack_new_label_from_self(&smack_label);
850 RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
851 SmackLabelPtr smackLabelPtr(smack_label);
853 ssize_t bitsNum = write(fd, smack_label, strlen(smack_label));
854 RUNNER_ASSERT_ERRNO_MSG(bitsNum >= 0 && static_cast<size_t>(bitsNum) == strlen(smack_label),
858 RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
861 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
865 RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
867 smack_set_random_label_based_on_pid_on_self();
869 if (!pid) { /* child process, server */
872 /* Set the process label before creating a socket */
873 sock = socket(AF_UNIX, SOCK_STREAM, 0);
874 RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
875 SockUniquePtr sockPtr(&sock);
878 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
879 RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
881 result = listen(sock, 1);
882 RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
883 smack_unix_sock_server(sock);
885 /* Change the process label with listening socket */
886 smack_unix_sock_server(sock);
889 RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
890 /* Now running two concurrent servers.
891 Test if socket label was unaffected by fork() */
892 smack_unix_sock_server(sock);
893 /* Let's give the two servers different labels */
894 smack_unix_sock_server(sock);
897 } else { /* parent process, client */
898 sleep(1); /* Give server some time to setup listening socket */
900 for (i = 0; i < 4; ++i) {
903 char smack_label1[SMACK_LABEL_LEN + 1];
906 sock = socket(AF_UNIX, SOCK_STREAM, 0);
907 RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
908 SockUniquePtr sockPtr(&sock);
910 result = connect(sock,
911 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
912 RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
915 result = read(sock, smack_label1, SMACK_LABEL_LEN);
917 RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
919 smack_label1[result] = '\0';
920 smack_label2 = perm_app_id_from_socket(sock);
921 RUNNER_ASSERT_MSG(smack_label2 != nullptr, "perm_app_id_from_socket failed");
922 result = strcmp(smack_label1, smack_label2);
923 RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
924 << "' != '" << smack_label2 << "-" << random() << "'");
929 RUNNER_TEST(privilege_control20_perm_app_has_permission)
932 const char *other_app_label = "test_other_app_label";
936 result = perm_app_uninstall(WGT_APP_ID);
937 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
938 "Error uninstalling app. Result" << result);
940 result = perm_app_install(WGT_APP_ID);
941 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
942 "Error installing app. Result" << result);
944 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R);
945 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
946 "Error disabling app r and no r permissions. Result: " << result);
950 check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
951 check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
952 check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
953 check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
957 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
958 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
959 "Error registering app r permissions. Result: " << result);
963 check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
964 check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
965 check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
966 check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
970 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
971 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
972 "Error registering app r permissions. Result: " << result);
976 check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
977 check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
978 check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
979 check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
983 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
984 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
985 "Error disabling app r and no r permissions. Result: " << result);
989 check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
990 check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
991 check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
992 check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
996 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
997 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
998 "Error disabling app r and no r permissions. Result: " << result);
1002 check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
1003 check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
1004 check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
1005 check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
1008 RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
1009 int POSITIVE_ERROR_CODE = 1;
1010 int NONEXISTING_ERROR_CODE = -239042;
1013 for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
1014 RUNNER_ASSERT_MSG(strcmp(perm_strerror(*itr), "Unknown error") != 0,
1015 "Returned invalid error code description.");
1018 result = perm_strerror(POSITIVE_ERROR_CODE);
1019 RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
1020 "Bad message returned for invalid error code: \"" << result << "\"");
1022 result = perm_strerror(NONEXISTING_ERROR_CODE);
1023 RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
1024 "Bad message returned for invalid error code: \"" << result << "\"");