2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
21 #include <sys/capability.h>
23 #include <sys/types.h>
27 #include <security-manager-types.h>
29 #include <app_install_helper.h>
31 #include <temp_test_user.h>
32 #include <tzplatform.h>
34 DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
36 const int FTW_MAX_FDS = 16;
38 std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid = false);
39 std::string generatePathRWLabel(const std::string &pkgId);
40 std::string generatePathROLabel(const std::string &pkgId);
41 std::string generatePathSharedROLabel(const std::string &pkgId);
42 std::string generatePathTrustedLabel(int64_t authorId);
43 std::string getPublicPathLabel();
45 typedef std::vector<std::string> privileges_t;
47 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
48 int /*typeflag*/, struct FTW* /*ftwbuf*/);
49 void check_app_permissions(const std::string &app_id, const std::string &pkg_id,
50 const std::string &user, const privileges_t &allowed_privs,
51 const privileges_t &denied_privs, bool isHybrid = false);
52 void sm_app_has_privileges(const AppInstallHelper &app,
53 const std::vector<std::string> &privileges,
55 void check_app_after_install(const std::string &app_id, const std::string &pkg_id);
56 void check_app_after_install(const std::string &app_id, const std::string &pkg_id,
57 const privileges_t &allowed_privs,
58 const privileges_t &denied_privs,
59 bool isHybrid = false);
60 void check_path(const std::string &path, const std::string &label,
61 bool transmute = true, bool execute = false);
62 void check_app_after_uninstall(const std::string &app_id, const std::string &pkg_id);
63 void check_app_after_uninstall(const std::string &app_id, const std::string &pkg_id,
64 const privileges_t &privileges, bool isHybrid = false);
66 std::string access_opposite(std::string &access);
67 void check_exact_smack_accesses(const std::string &subject,
68 const std::string &object,
69 const std::string &access);
71 CapsSetsUniquePtr setCaps(const char *cap_string);
73 pid_t runInChild(const std::function<void(void)> &process);
75 void runInChildParentWait(const std::function<void(void)> &process);
76 void runAccessTest(const std::string &label, uid_t uid, gid_t gid,
77 const std::string &testPath, int accessType);
78 void runAccessTest(const AppInstallHelper &app, const std::string &testPath, int accessType);
79 void runSystemAccessTest(uid_t uid, gid_t gid, const std::string &testPath, int accessType);