projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SM: Code cleanup - separate dyntransition tests
[platform/core/test/security-tests.git] / src / security-manager-tests / security_manager_tests.cpp
1 /*
2  * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 #include <fcntl.h>
18 #include <stdio.h>
19 #include <unistd.h>
20
21 #include <sys/inotify.h>
22 #include <sys/ioctl.h>
23 #include <sys/prctl.h>
24 #include <sys/smack.h>
25 #include <sys/socket.h>
26 #include <sys/types.h>
27 #include <sys/un.h>
28 #include <sys/wait.h>
29 #include <ctime>
30
31 #include <algorithm>
32 #include <fstream>
33 #include <regex>
34 #include <string>
35 #include <unordered_set>
36
37 #include <ftw.h>
38 #include <grp.h>
39 #include <poll.h>
40
41 #include <access_provider.h>
42 #include <app_install_helper.h>
43 #include <cynara_test_admin.h>
44 #include <cynara_test_client.h>
45 #include <dpl/log/log.h>
46 #include <dpl/test/test_runner.h>
47 #include <memory.h>
48 #include <passwd_access.h>
49 #include <service_manager.h>
50 #include <sm_api.h>
51 #include <sm_commons.h>
52 #include <sm_db.h>
53 #include <sm_request.h>
54 #include <sm_user_request.h>
55 #include <synchronization_pipe.h>
56 #include <temp_test_user.h>
57 #include <tests_common.h>
58 #include <tzplatform.h>
59 #include <uds.h>
60
61 using namespace SecurityManagerTest;
62
63 void changeSecurityContext(const std::string& label, uid_t uid, gid_t gid)
64 {
65     RUNNER_ASSERT_ERRNO_MSG(0 == smack_set_label_for_self(label.c_str()),
66         "Error in smack_set_label_for_self(" << label << ")");
67
68     RUNNER_ASSERT_ERRNO_MSG(0 == setgid(gid), "Error in setgid.");
69     RUNNER_ASSERT_ERRNO_MSG(0 == setuid(uid), "Error in setuid.");
70 }
71
72 static const std::map<std::string, struct app_attributes> MANY_APPS_PKGS = {
73     {"security_manager_10_app_1", {"security_manager_10_pkg_1", "2.1"}},
74     {"security_manager_10_app_2", {"security_manager_10_pkg_2", "3.0"}},
75     {"security_manager_10_app_3", {"security_manager_10_pkg_3", "2.1.1"}},
76     {"security_manager_10_app_4", {"security_manager_10_pkg_4", "3.1"}},
77     {"security_manager_10_app_5", {"security_manager_10_pkg_5", "2.2"}}
78 };
79
80
81 RUNNER_TEST_GROUP_INIT(SECRUTIY_MANAGER_POLICY)
82
83 RUNNER_TEST(security_manager_18_user_cynara_policy)
84 {
85     const char *const MAIN_BUCKET = "MAIN";
86     const char *const MANIFESTS_BUCKET = "MANIFESTS";
87     const char *const ADMIN_BUCKET = "ADMIN";
88     const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL";
89     const std::string username("sm_test_10_user_cynara_policy");
90     CynaraTestAdmin::Admin admin;
91     std::string uid_string;
92     TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
93     user.create();
94     user.getUidString(uid_string);
95
96     CynaraTestAdmin::CynaraPoliciesContainer nonemptyContainer;
97     nonemptyContainer.add(MAIN_BUCKET,CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, CYNARA_ADMIN_BUCKET, USER_TYPE_NORMAL_BUCKET);
98     admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, nonemptyContainer,CYNARA_API_SUCCESS);
99
100     user.remove();
101     CynaraTestAdmin::CynaraPoliciesContainer emptyContainer;
102
103     admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
104     admin.listPolicies(MANIFESTS_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
105     admin.listPolicies(CYNARA_ADMIN_DEFAULT_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
106     admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
107 }
108
109 RUNNER_CHILD_TEST(security_manager_21_security_manager_admin_deny_user_priv)
110 {
111     const int BUFFER_SIZE = 128;
112     struct message {
113         uid_t uid;
114         gid_t gid;
115         char buf[BUFFER_SIZE];
116     } msg;
117
118     privileges_t admin_required_privs = {
119             "http://tizen.org/privilege/notexist",
120             "http://tizen.org/privilege/internal/usermanagement"};
121     privileges_t manifest_privs = {
122             "http://tizen.org/privilege/internet",
123             "http://tizen.org/privilege/datasharing"};
124     privileges_t real_privs_allow = {"http://tizen.org/privilege/datasharing"};
125     privileges_t real_privs_deny = {"http://tizen.org/privilege/internet"};
126
127     const std::string pirivman_id = "sm_test_13_ADMIN_APP";
128     const std::string pirivman_pkg_id = "sm_test_13_ADMIN_PKG";
129     const std::string app_id = "sm_test_13_SOME_APP";
130     const std::string pkg_id = "sm_test_13_SOME_PKG";
131
132     int pipefd[2];
133     pid_t pid;
134     int result = 0;
135
136     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
137     pid = fork();
138     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
139     if (pid != 0)//parent process
140     {
141         std::string childuidstr;
142         TemporaryTestUser admin("sm_test_13_ADMIN_USER", GUM_USERTYPE_ADMIN, false);
143         TemporaryTestUser child("sm_test_13_NORMAL_USER", GUM_USERTYPE_NORMAL, false);
144
145         InstallRequest request,request2;
146         FdUniquePtr pipeptr(pipefd+1);
147         close(pipefd[0]);
148
149         admin.create();
150         child.create();
151         child.getUidString(childuidstr);
152
153         //install privacy manager for admin
154         request.setAppId(pirivman_id.c_str());
155         request.setPkgId(pirivman_pkg_id.c_str());
156         request.setUid(admin.getUid());
157         for (auto &priv: admin_required_privs)
158             request.addPrivilege(priv.c_str());
159         Api::install(request);
160
161         //install app for child that has internet privilege
162         request2.setAppId(app_id.c_str());
163         request2.setPkgId(pkg_id.c_str());
164         request2.setUid(child.getUid());
165         for (auto &priv: manifest_privs)
166             request2.addPrivilege(priv.c_str());
167         Api::install(request2);
168
169         check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
170                               manifest_privs, SM_NO_PRIVILEGES);
171
172         //send info to child
173         msg.uid = admin.getUid();
174         msg.gid = admin.getGid();
175         strncpy (msg.buf, childuidstr.c_str(), BUFFER_SIZE);
176
177         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
178         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
179
180         waitPid(pid);
181
182         check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
183                               real_privs_allow, real_privs_deny);
184     }
185     if (pid == 0)//child
186     {
187         FdUniquePtr pipeptr(pipefd);
188         close(pipefd[1]);
189
190         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
191         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
192
193         //become admin privacy manager manager
194         Api::setProcessLabel(pirivman_id.c_str());
195         result = drop_root_privileges(msg.uid, msg.gid);
196         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
197         PolicyRequest addPolicyReq;
198         //change rights
199         for (auto &denypriv:real_privs_deny) {
200             /*this entry will deny some privileges for user whose uid (as c string)
201               was sent in message's buf field.
202               That user would be denying internet for child in this case*/
203             PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, denypriv);
204             entry.setMaxLevel("Deny");
205             addPolicyReq.addEntry(entry);
206         }
207         Api::sendPolicy(addPolicyReq);
208         exit(0);
209     }
210 }
211
212
213 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_CMD)
214
215 RUNNER_TEST(security_manager_19_security_manager_cmd_install)
216 {
217     int ret;
218     const int SUCCESS = 0;
219     const int FAILURE = 256;
220     const std::string app_id = "security_manager_10_app";
221     const std::string pkg_id = "security_manager_10_pkg";
222     const std::string username("sm_test_10_user_name");
223     std::string uid_string;
224     TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
225     user.create();
226     user.getUidString(uid_string);
227     const std::string path1 = TzPlatformConfig::appDirPath(user, app_id, pkg_id) + "/p1";
228     const std::string path2 = TzPlatformConfig::appDirPath(user, app_id, pkg_id) + "/p2";
229     const std::string pkgopt = " --pkg=" + pkg_id;
230     const std::string appopt = " --app=" + app_id;
231     const std::string uidopt = " --uid=" + uid_string;
232
233     mktreeSafe(path1.c_str(), 0);
234     mktreeSafe(path2.c_str(), 0);
235
236     const std::string installcmd = "security-manager-cmd --install " + appopt + pkgopt + uidopt;
237
238     struct operation {
239         std::string command;
240         int expected_result;
241     };
242     std::vector<struct operation> operations = {
243             {"security-manager-cmd", FAILURE},//no option
244             {"security-manager-cmd --blah", FAILURE},//blah option is not known
245             {"security-manager-cmd --help", SUCCESS},
246             {"security-manager-cmd --install", FAILURE},//no params
247             {"security-manager-cmd -i", FAILURE},//no params
248             {"security-manager-cmd --i --app=app_id_10 --pkg=pkg_id_10", FAILURE},//no uid
249             {installcmd, SUCCESS},
250             {"security-manager-cmd -i -a" + app_id + " -g" + pkg_id + uidopt, SUCCESS},
251             {installcmd + " --path " + path1 + " rw", SUCCESS},
252             {installcmd + " --path " + path1, FAILURE},//no path type
253             {installcmd + " --path " + path1 + " rw" + " --path " + path2 + " ro", SUCCESS},
254             {installcmd + " --path " + path1 + " prie" + " --path " + path2 + " ro", FAILURE},//wrong path type
255             {installcmd + " --path " + path1 + " rw" + " --privilege somepriv --privilege somepriv2" , SUCCESS},
256     };
257
258     for (auto &op : operations) {
259         ret = system((op.command + " 1>/dev/null 2>&1").c_str());
260         RUNNER_ASSERT_MSG(ret == op.expected_result,
261                 "Unexpected result for command '" << op.command <<"': "
262                 << ret << " Expected was: "<< op.expected_result);
263     }
264 }
265
266 RUNNER_TEST(security_manager_20_security_manager_cmd_users)
267 {
268     int ret;
269     const int SUCCESS = 0;
270     const int FAILURE = 256;
271     const std::string username("sm_test_11_user_name");
272     std::string uid_string;
273     TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
274     user.create();
275     user.getUidString(uid_string);
276     const std::string uidopt = " --uid=" + uid_string;
277
278     struct operation {
279         std::string command;
280         int expected_result;
281     };
282     std::vector<struct operation> operations = {
283             {"security-manager-cmd --manage-users=remove", FAILURE},//no params
284             {"security-manager-cmd -m", FAILURE},//no params
285             {"security-manager-cmd -mr", FAILURE},//no uid
286             {"security-manager-cmd -mr --uid" + uidopt, FAILURE},//no uid
287             {"security-manager-cmd -mr --sdfj" + uidopt, FAILURE},//sdfj?
288             {"security-manager-cmd --msdf -u2004" , FAILURE},//sdf?
289             {"security-manager-cmd -mr" + uidopt, SUCCESS},//ok, removed
290             {"security-manager-cmd -mr --blah" + uidopt, FAILURE},//blah
291             {"security-manager-cmd -ma" + uidopt, SUCCESS},//ok, added
292             {"security-manager-cmd -ma --usertype=normal" + uidopt, SUCCESS},//ok, added
293             {"security-manager-cmd -ma --usertype=mal" + uidopt, FAILURE},//ok, added
294     };
295
296     for (auto &op : operations) {
297         ret = system((op.command + " 1>/dev/null 2>&1").c_str());
298         RUNNER_ASSERT_MSG(ret == op.expected_result,
299                 "Unexpected result for command '" << op.command <<"': "
300                 << ret << " Expected was: "<< op.expected_result);
301     }
302 }
303
304 void setupPrivilegeGroups(const privileges_t &privileges, const std::vector<std::string> &groups)
305 {
306     TestSecurityManagerDatabase db;
307     for (const auto &privilege : privileges) {
308         db.setup_privilege_groups(privilege, groups);
309     }
310 }
311
312 std::vector<std::string> readPrivilegeGroups()
313 {
314     std::vector<std::string> groups;
315     const static std::string privilegeGroupMappingPath("/usr/share/security-manager/policy/privilege-group.list");
316     std::ifstream mappingFile(privilegeGroupMappingPath);
317
318     RUNNER_ASSERT_MSG(mappingFile.is_open(),
319         "Unable to read group mapping file " << privilegeGroupMappingPath);
320
321     std::string line;
322     std::regex r("^[^ #]+ +(.*)");
323     while (std::getline(mappingFile, line)) {
324         std::smatch m;
325         if (std::regex_search(line, m, r))
326             groups.push_back(m[1]);
327     }
328
329     return groups;
330 }
331
332 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_GROUPS)
333
334 RUNNER_TEST(security_manager_22_groups_get)
335 {
336     setupPrivilegeGroups(SM_ALLOWED_PRIVILEGES, SM_ALLOWED_GROUPS);
337
338     std::unordered_set<std::string> groups;
339     auto tmp = readPrivilegeGroups();
340     groups.insert(tmp.begin(), tmp.end());
341     groups.insert(SM_ALLOWED_GROUPS.begin(), SM_ALLOWED_GROUPS.end());
342
343     char ** c_groups;
344     size_t count = 0;
345
346     Api::getSecurityManagerGroups(&c_groups, &count);
347     RUNNER_ASSERT_MSG(count == groups.size(), "security_manager_groups_get should set count to: "
348                       << groups.size() << " but count is: " << count);
349
350     for (const auto &group : groups) {
351         bool found = false;
352         for (size_t i = 0; i < count; ++i) {
353             if (group == c_groups[i]) {
354                 found = true;
355                 break;
356             }
357         }
358         RUNNER_ASSERT_MSG(found, "PrivilegeGroup: " << group << " was not found");
359     }
360     security_manager_groups_free(c_groups, count);
361 }
362
363 namespace {
364 const int sm_app_shared_test_id = 27;
365 const char *const sm_app_shared_id = "sm_test_27_app_id_full";
366 const char *const sm_app_shared_another_in_package_id = "sm_test_27_app_2_id_full";
367 const char *const sm_pkg_shared_id = "sm_test_27_pkg_id_full";
368
369 void test_success_worker(const std::string &appName, int test_num)
370 {
371     std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
372
373     changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID);
374
375     RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1,
376         "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH );
377 }
378
379 void test_fail_worker(const std::string &appName, int test_num)
380 {
381     std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
382
383     changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID);
384
385     RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1,
386         "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName
387         << " surprisingly succeeded, while expecting fail");
388 }
389 }
390
391 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PUBLIC_SHARING)
392
393 RUNNER_TEST(security_manager_27a_API2X_app_install)
394 {
395     std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
396     std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
397     std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
398     std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
399     prepare_app_env(sm_app_shared_test_id, true);
400
401     // install other apps
402     for(const auto &app : MANY_APPS_PKGS) {
403         InstallRequest requestInst;
404         requestInst.setAppId(app.first.c_str());
405         requestInst.setPkgId(app.second.package.c_str());
406         requestInst.setAppTizenVersion(app.second.Tizen_ver.c_str());
407
408         Api::install(requestInst);
409     };
410
411     // install
412     {
413         InstallRequest requestInst;
414         requestInst.setAppId(sm_app_shared_id);
415         requestInst.setPkgId(sm_pkg_shared_id);
416         requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
417         requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
418         requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
419         requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
420         requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
421         requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
422         requestInst.setAppTizenVersion("2.4");
423         Api::install(requestInst);
424     }
425
426     // another app in package
427     {
428         InstallRequest requestInst;
429         requestInst.setAppId(sm_app_shared_another_in_package_id);
430         requestInst.setPkgId(sm_pkg_shared_id);
431         requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
432         requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
433         requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
434         requestInst.setAppTizenVersion("2.4");
435         Api::install(requestInst);
436     }
437
438     /* Check records in the security-manager database */
439     check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
440                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
441     /* Check records in the security-manager database */
442     check_app_after_install(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
443                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
444
445     /* TODO: add parameters to this function */
446     check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
447
448     RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
449 }
450
451 RUNNER_CHILD_TEST(security_manager_27b_owner_1_have_access)
452 {
453     test_success_worker(sm_app_shared_id, sm_app_shared_test_id);
454 }
455
456 RUNNER_CHILD_TEST(security_manager_27c_owner_2_have_access)
457 {
458     test_success_worker(sm_app_shared_another_in_package_id, sm_app_shared_test_id);
459 }
460
461 RUNNER_CHILD_TEST(security_manager_27d_API2X_apps_have_access_app_1)
462 {
463     test_success_worker("security_manager_10_app_1", sm_app_shared_test_id);
464 }
465
466 RUNNER_CHILD_TEST(security_manager_27e_API2X_apps_dont_have_access_app_2)
467 {
468     test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id);
469 }
470
471 RUNNER_CHILD_TEST(security_manager_27f_API2X_apps_have_access_app_3)
472 {
473     test_success_worker("security_manager_10_app_3", sm_app_shared_test_id);
474 }
475
476 RUNNER_CHILD_TEST(security_manager_27g_API2X_apps_dont_have_access_app_4)
477 {
478     test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id);
479 }
480
481 RUNNER_CHILD_TEST(security_manager_27h_API2X_apps_have_access_app_5)
482 {
483     test_success_worker("security_manager_10_app_5", sm_app_shared_test_id);
484 }
485
486
487 RUNNER_TEST(security_manager_27i_API2X_app_uninstall)
488 {
489     {
490         InstallRequest requestUninst;
491         requestUninst.setAppId(sm_app_shared_id);
492         Api::uninstall(requestUninst);
493     }
494     {
495         InstallRequest requestUninst;
496         requestUninst.setAppId(sm_app_shared_another_in_package_id);
497         Api::uninstall(requestUninst);
498     }
499
500     /* Check records in the security-manager database,
501      * all previously allowed privileges should be removed */
502     check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
503                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
504     check_app_after_uninstall(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
505                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
506 }
507
508 RUNNER_TEST(security_manager_27j_API30_app_install)
509 {
510     std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
511     std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
512     std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
513     std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
514     prepare_app_env(sm_app_shared_test_id, true);
515
516     // install
517     InstallRequest requestInst;
518     requestInst.setAppId(sm_app_shared_id);
519     requestInst.setPkgId(sm_pkg_shared_id);
520     requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
521     requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
522     requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
523     requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
524     requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
525     requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
526     requestInst.setAppTizenVersion("3.0");
527
528     Api::install(requestInst);
529
530     /* Check records in the security-manager database */
531     check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
532                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
533
534     /* TODO: add parameters to this function */
535     check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
536
537     RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
538 }
539
540 RUNNER_CHILD_TEST(security_manager_27k_API30_apps_dont_have_access_app_1)
541 {
542     test_fail_worker("security_manager_10_app_1", sm_app_shared_test_id);
543 }
544
545 RUNNER_CHILD_TEST(security_manager_27l_API30_apps_dont_have_access_app_2)
546 {
547     test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id);
548 }
549
550 RUNNER_CHILD_TEST(security_manager_27m_API30_apps_dont_have_access_app_3)
551 {
552     test_fail_worker("security_manager_10_app_3", sm_app_shared_test_id);
553 }
554
555 RUNNER_CHILD_TEST(security_manager_27n_API30_apps_dont_have_access_app_4)
556 {
557     test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id);
558 }
559
560 RUNNER_CHILD_TEST(security_manager_27o_API30_apps_dont_have_access_app_5)
561 {
562     test_fail_worker("security_manager_10_app_5", sm_app_shared_test_id);
563 }
564
565 RUNNER_TEST(security_manager_27p_API30_app_uninstall)
566 {
567     InstallRequest requestUninst;
568     requestUninst.setAppId(sm_app_shared_id);
569
570     Api::uninstall(requestUninst);
571
572     /* Check records in the security-manager database,
573      * all previously allowed privileges should be removed */
574     check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
575                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
576
577     // install other apps
578     for(const auto &app : MANY_APPS_PKGS) {
579         InstallRequest requestUninst;
580         requestUninst.setAppId(app.first);
581
582         Api::uninstall(requestUninst);
583     };
584 }
585
586
587 RUNNER_CHILD_TEST(security_manager_53_app_has_privilege)
588 {
589     const char *const sm_app_id = "sm_test_53_app";
590     const char *const sm_pkg_id = "sm_test_53_pkg";
591     const std::string new_user_name = "sm_test_47_user_name";
592
593     InstallRequest requestInst;
594     requestInst.setAppId(sm_app_id);
595     requestInst.setPkgId(sm_pkg_id);
596     for (auto const &privilege : SM_ALLOWED_PRIVILEGES)
597         requestInst.addPrivilege(privilege.c_str());
598     Api::install(requestInst);
599
600     for (auto const &privilege : SM_ALLOWED_PRIVILEGES) {
601         int result;
602         Api::appHasPrivilege(sm_app_id, privilege.c_str(), TzPlatformConfig::getGlobalUserId(),
603                              result);
604         RUNNER_ASSERT_MSG(result == 1, "Application " << sm_app_id <<
605             " should have access to privilege " << privilege);
606     }
607
608     for (auto const &privilege : SM_DENIED_PRIVILEGES) {
609         int result;
610         Api::appHasPrivilege(sm_app_id, privilege.c_str(), TzPlatformConfig::getGlobalUserId(),
611                 result);
612         RUNNER_ASSERT_MSG(result == 0, "Application " << sm_app_id <<
613             " should not have access to privilege " << privilege);
614     }
615
616     InstallRequest requestUninst;
617     requestUninst.setAppId(sm_app_id);
618     Api::uninstall(requestUninst);
619 }
620
621 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_INSTALL_TYPE)
622
623 RUNNER_TEST(security_manager_49a_global_user_set_install_type_global)
624 {
625     const char *const sm_app_id = "sm_test_49a_app_id_global";
626     const char *const sm_pkg_id = "sm_test_49a_pkg_id_global";
627
628     InstallRequest requestInst;
629     requestInst.setAppId(sm_app_id);
630     requestInst.setPkgId(sm_pkg_id);
631     requestInst.setInstallType(SM_APP_INSTALL_GLOBAL);
632
633     Api::install(requestInst);
634
635     // Check records in the security-manager database
636     check_app_after_install(sm_app_id, sm_pkg_id);
637
638     InstallRequest requestUninst;
639     requestUninst.setAppId(sm_app_id);
640
641     Api::uninstall(requestUninst);
642
643     // Check records in the security-manager database
644     check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
645 }
646
647 RUNNER_TEST(security_manager_49b_global_user_set_install_type_local)
648 {
649     const char *const sm_app_id = "sm_test_49b_app_id_local";
650     const char *const sm_pkg_id = "sm_test_49b_pkg_id_local";
651
652     InstallRequest requestInst;
653     requestInst.setAppId(sm_app_id);
654     requestInst.setPkgId(sm_pkg_id);
655     requestInst.setInstallType(SM_APP_INSTALL_LOCAL);
656
657     Api::install(requestInst, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
658 }
659
660 RUNNER_TEST(security_manager_49c_global_user_set_install_type_preloaded)
661 {
662     const char *const sm_app_id = "sm_test_49c_app_id_preloaded";
663     const char *const sm_pkg_id = "sm_test_49c_pkg_id_preloaded";
664
665     InstallRequest requestInst;
666     requestInst.setAppId(sm_app_id);
667     requestInst.setPkgId(sm_pkg_id);
668     requestInst.setInstallType(SM_APP_INSTALL_PRELOADED);
669
670     Api::install(requestInst);
671
672     // Check records in the security-manager database
673     check_app_after_install(sm_app_id, sm_pkg_id);
674
675     InstallRequest requestUninst;
676     requestUninst.setAppId(sm_app_id);
677
678     Api::uninstall(requestUninst);
679
680     // Check records in the security-manager database
681     check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
682 }
683
684 RUNNER_CHILD_TEST(security_manager_49d_local_user_set_install_type_global)
685 {
686     int result;
687     const char *const sm_app_id = "sm_test_49d_app_id_global";
688     const char *const sm_pkg_id = "sm_test_49d_pkg_id_global";
689     const std::string new_user_name = "sm_test_49d_user_name";
690
691     TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
692     testUser.create();
693
694     removeTestDirs(testUser, sm_app_id, sm_pkg_id);
695     createTestDirs(testUser, sm_app_id, sm_pkg_id);
696
697     const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id);
698
699     //switch user to non-root
700     result = drop_root_privileges(testUser.getUid(), testUser.getGid());
701     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
702
703     InstallRequest requestPrivateUser;
704     prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
705                     SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(),
706                     false);
707
708     requestPrivateUser.setInstallType((app_install_type)0, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
709     requestPrivateUser.setInstallType((app_install_type)22, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
710     requestPrivateUser.setInstallType(SM_APP_INSTALL_GLOBAL);
711
712     for (auto &privilege : SM_ALLOWED_PRIVILEGES)
713         requestPrivateUser.addPrivilege(privilege.c_str());
714
715     /*
716      * It is possible for local user to install global application but one needs app_install privileges
717      * By default only global user or root can install global apps
718      */
719     Api::install(requestPrivateUser, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
720 }
721
722 RUNNER_CHILD_TEST(security_manager_49e_local_user_set_install_type_local)
723 {
724     int result;
725     const char *const sm_app_id = "sm_test_49e_app_id_local";
726     const char *const sm_pkg_id = "sm_test_49e_pkg_id_local";
727     const std::string new_user_name = "sm_test_49e_user_name";
728
729     TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
730     testUser.create();
731
732     removeTestDirs(testUser, sm_app_id, sm_pkg_id);
733     createTestDirs(testUser, sm_app_id, sm_pkg_id);
734
735     const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id);
736
737     //switch user to non-root
738     result = drop_root_privileges(testUser.getUid(), testUser.getGid());
739     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
740
741     InstallRequest requestPrivateUser;
742     prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
743                     SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(),
744                     false);
745
746     requestPrivateUser.setInstallType(SM_APP_INSTALL_LOCAL);
747
748     for (auto &privilege : SM_ALLOWED_PRIVILEGES)
749         requestPrivateUser.addPrivilege(privilege.c_str());
750
751     Api::install(requestPrivateUser);
752
753     check_app_permissions(sm_app_id, sm_pkg_id,
754                           uidToStr(testUser.getUid()).c_str(),
755                           SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
756
757     //uninstall app as non-root user
758     InstallRequest request;
759     request.setAppId(sm_app_id);
760
761     Api::uninstall(request);
762
763     check_app_permissions(sm_app_id, sm_pkg_id,
764                           uidToStr(testUser.getUid()).c_str(),
765                           SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
766 }
767
768 RUNNER_CHILD_TEST(security_manager_49f_local_user_set_install_type_preloaded)
769 {
770     int result;
771     const char *const sm_app_id = "sm_test_49f_app_id_preloaded";
772     const char *const sm_pkg_id = "sm_test_49f_pkg_id_preloaded";
773     const std::string new_user_name = "sm_test_49f_user_name";
774
775     TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
776     testUser.create();
777
778     removeTestDirs(testUser, sm_app_id, sm_pkg_id);
779     createTestDirs(testUser, sm_app_id, sm_pkg_id);
780
781     const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id);
782
783     //switch user to non-root
784     result = drop_root_privileges(testUser.getUid(), testUser.getGid());
785     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
786
787     InstallRequest requestPrivateUser;
788     prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
789                     SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(),
790                     false);
791
792     requestPrivateUser.setInstallType((app_install_type)0, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
793     requestPrivateUser.setInstallType((app_install_type)22, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
794     requestPrivateUser.setInstallType(SM_APP_INSTALL_PRELOADED);
795
796     for (auto &privilege : SM_ALLOWED_PRIVILEGES)
797         requestPrivateUser.addPrivilege(privilege.c_str());
798
799     /*
800      * It is possible for local user to install preloaded application but one needs app_install privileges
801      * By default only global user or root can install preloaded apps
802      */
803     Api::install(requestPrivateUser, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
804 }
805
806 RUNNER_TEST(security_manager_50_app_install_constraint_check)
807 {
808     auto install = [](const TemporaryTestUser& user,
809                       const char *pkgId,
810                       const char *appId,
811                       const char *version,
812                       const char *author,
813                       enum lib_retcode expected,
814                       bool uninstall = true)
815     {
816         InstallRequest request;
817         request.setAppId(appId);
818         request.setPkgId(pkgId);
819         request.setAppTizenVersion(version);
820         request.setAuthorId(author);
821         request.setUid(user.getUid());
822
823         Api::install(request, expected);
824
825         if(expected == SECURITY_MANAGER_SUCCESS) {
826             // TODO add verification once check_app_after_install() supports uid
827             // check_app_after_install(appId, pkgId);
828             if(uninstall)
829                 Api::uninstall(request);
830         }
831     };
832
833     std::vector<TemporaryTestUser> users = {
834             {"sm_test_50_user_name_0", GUM_USERTYPE_NORMAL, false},
835             {"sm_test_50_user_name_1", GUM_USERTYPE_NORMAL, false}
836     };
837
838     for(auto& gu : users)
839         gu.create();
840
841     const char *const pkgId[] =   {"sm_test_50_pkg_id_0",  "sm_test_50_pkg_id_1"};
842     const char *const appId[] =   {"sm_test_50_app_id_0",  "sm_test_50_app_id_1"};
843     const char *const version[] = {"sm_test_50_version_0", "sm_test_50_version_1"};
844     const char *const author[] =  {"sm_test_50_author_0",  "sm_test_50_author_1"};
845
846     // uid_0, pkg_0, app_0, version_0, author_0
847     install(users[0], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS, false);
848
849     // uid_1, pkg_0, app_0, version_0, author_0 -> ok (different uid)
850     install(users[1], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS);
851     // uid_1, pkg_0, app_0, version_0, author_1 -> fail (author of app_0 must be the same)
852     install(users[1], pkgId[0], appId[0], version[0], author[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
853     // uid_1, pkg_0, app_0, version_1, author_0 -> fail (version of app_0 must be the same)
854     install(users[1], pkgId[0], appId[0], version[1], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
855     // uid_1, pkg_1, app_0, version_0, author_0 -> fail (pkg of app_0 must be the same)
856     install(users[1], pkgId[1], appId[0], version[0], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
857     // uid_0, pkg_0, app_0, version_0, author_0 -> ok (the same app again)
858     install(users[0], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS, false);
859     // uid_0, pkg_1, app_0, version_0, author_0 -> fail (app_name + uid must be unique)
860     install(users[0], pkgId[1], appId[0], version[0], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
861     // uid_0, pkg_0, app_0, version_1, author_0 -> fail (app_name + uid must be unique)
862     install(users[0], pkgId[0], appId[0], version[1], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
863     // uid_0, pkg_0, app_0, version_0, author_1 -> fail (app_name + uid must be unique)
864     install(users[0], pkgId[0], appId[0], version[0], author[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
865 }
866
867 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_REGISTER_PATH)
868
869 RUNNER_TEST(security_manager_54_path_req_no_pkg)
870 {
871     const char *const sm_app_id = "sm_test_54_app_id";
872     const char *const sm_pkg_id = "sm_test_54_pkg_id";
873
874     TemporaryTestUser user("sm_test_54_user_name", GUM_USERTYPE_NORMAL, false);
875     user.create();
876     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
877
878     removeTestDirs(user, sm_app_id, sm_pkg_id);
879     createTestDirs(user, sm_app_id, sm_pkg_id);
880
881     PathsRequest req;
882     req.setPkgId("non-existing-pkg-id");
883     req.setUid(user.getUid());
884     req.addPath(path, SECURITY_MANAGER_PATH_RW);
885
886     Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
887 }
888
889 RUNNER_TEST(security_manager_55_path_req_empty_pkg)
890 {
891     const char *const sm_app_id = "sm_test_55_app_id";
892     const char *const sm_pkg_id = "sm_test_55_pkg_id";
893
894     TemporaryTestUser user("sm_test_55_user_name", GUM_USERTYPE_NORMAL, false);
895     user.create();
896     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
897
898     removeTestDirs(user, sm_app_id, sm_pkg_id);
899     createTestDirs(user, sm_app_id, sm_pkg_id);
900
901     PathsRequest req;
902     req.setPkgId("");
903     req.setUid(user.getUid());
904     req.addPath(path, SECURITY_MANAGER_PATH_RW);
905
906     Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
907 }
908
909 RUNNER_TEST(security_manager_56_path_req_wrong_type)
910 {
911     PathsRequest req;
912     req.setInstallType(SM_APP_INSTALL_END,
913                        (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
914     req.setInstallType((app_install_type)(SM_APP_INSTALL_NONE-1),
915                        (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
916 }
917
918 RUNNER_TEST(security_manager_57_path_req_wrong_uid)
919 {
920     const char *const sm_app_id = "sm_test_57_app_id";
921     const char *const sm_pkg_id = "sm_test_57_pkg_id";
922
923     TemporaryTestUser user("sm_test_57_user_name", GUM_USERTYPE_NORMAL, false);
924     user.create();
925     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
926
927     removeTestDirs(user, sm_app_id, sm_pkg_id);
928     createTestDirs(user, sm_app_id, sm_pkg_id);
929
930     install_app(sm_app_id, sm_pkg_id, user.getUid());
931
932     PathsRequest preq;
933     preq.setPkgId(sm_pkg_id);
934     preq.setUid(-1);
935     preq.setInstallType(SM_APP_INSTALL_LOCAL);
936     preq.addPath(path, SECURITY_MANAGER_PATH_RW);
937
938     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
939 }
940
941 RUNNER_TEST(security_manager_58_path_req_empty_paths)
942 {
943     const char *const sm_app_id = "sm_test_58_app_id";
944     const char *const sm_pkg_id = "sm_test_58_pkg_id";
945
946     TemporaryTestUser user("sm_test_58_user_name", GUM_USERTYPE_NORMAL, false);
947     user.create();
948
949     install_app(sm_app_id, sm_pkg_id, user.getUid());
950
951     PathsRequest req;
952     req.setPkgId(sm_pkg_id);
953     req.setUid(user.getUid());
954     Api::registerPaths(req);
955 }
956
957 RUNNER_TEST(security_manager_59_path_req_as_root_positive)
958 {
959     const char *const sm_app_id = "sm_test_59_app_id";
960     const char *const sm_pkg_id = "sm_test_59_pkg_id";
961
962     TemporaryTestUser user("sm_test_59_user_name", GUM_USERTYPE_NORMAL, false);
963     user.create();
964     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
965
966     removeTestDirs(user, sm_app_id, sm_pkg_id);
967     createTestDirs(user, sm_app_id, sm_pkg_id);
968
969     install_app(sm_app_id, sm_pkg_id, user.getUid());
970
971     PathsRequest preq;
972     preq.setPkgId(sm_pkg_id);
973     preq.setUid(user.getUid());
974     preq.addPath(path, SECURITY_MANAGER_PATH_RW);
975
976     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
977 }
978
979 RUNNER_CHILD_TEST(security_manager_60_path_req_as_user_positive)
980 {
981     const char *const sm_app_id = "sm_test_60_app_id";
982     const char *const sm_pkg_id = "sm_test_60_pkg_id";
983
984     TemporaryTestUser user("sm_test_60_user_name", GUM_USERTYPE_NORMAL, false);
985     user.create();
986     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
987
988     removeTestDirs(user, sm_app_id, sm_pkg_id);
989     createTestDirs(user, sm_app_id, sm_pkg_id);
990
991     install_app(sm_app_id, sm_pkg_id, user.getUid());
992
993     int result = drop_root_privileges(user.getUid(), user.getGid());
994     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
995
996     PathsRequest preq;
997     preq.setPkgId(sm_pkg_id);
998     preq.setUid(user.getUid());
999     preq.addPath(path, SECURITY_MANAGER_PATH_RW);
1000
1001     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
1002 }
1003
1004 RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
1005 {
1006     const char *const sm_app_id = "sm_test_61_app_id";
1007     const char *const sm_pkg_id = "sm_test_61_pkg_id";
1008
1009     TemporaryTestUser user1("sm_test_61_1_user_name", GUM_USERTYPE_NORMAL, false);
1010     user1.create();
1011     TemporaryTestUser user2("sm_test_61_2_user_name", GUM_USERTYPE_NORMAL, false);
1012     user2.create();
1013
1014     std::string path = TzPlatformConfig::appDirPath(user2, sm_app_id, sm_pkg_id);
1015
1016     removeTestDirs(user2, sm_app_id, sm_pkg_id);
1017     createTestDirs(user2, sm_app_id, sm_pkg_id);
1018
1019     install_app(sm_app_id, sm_pkg_id, user2.getUid());
1020
1021     int result = drop_root_privileges(user1.getUid(), user1.getGid());
1022     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1023
1024     PathsRequest preq;
1025     preq.setPkgId(sm_pkg_id);
1026     preq.setUid(user2.getUid());
1027     preq.addPath(path, SECURITY_MANAGER_PATH_RW);
1028
1029     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
1030 }
1031
1032 void testPathOutside(const std::string& pkgId, uid_t uid, const std::string& path)
1033 {
1034     PathsRequest preq;
1035     preq.setPkgId(pkgId);
1036     preq.setUid(uid);
1037     preq.addPath(path, SECURITY_MANAGER_PATH_RW);
1038
1039     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
1040 }
1041
1042 RUNNER_TEST(security_manager_62_path_req_path_outside)
1043 {
1044     const char *const sm_app_id = "sm_test_62_app_id";
1045     const char *const sm_pkg_id = "sm_test_62_pkg_id";
1046
1047     TemporaryTestUser user1("sm_test_62_1_user_name", GUM_USERTYPE_NORMAL, false);
1048     user1.create();
1049     TemporaryTestUser user2("sm_test_62_2_user_name", GUM_USERTYPE_NORMAL, false);
1050     user2.create();
1051
1052     install_app(sm_app_id, sm_pkg_id, user1.getUid());
1053
1054     removeTestDirs(user1, sm_app_id, sm_pkg_id);
1055     removeTestDirs(user2, sm_app_id, sm_pkg_id);
1056     createTestDirs(user1, sm_app_id, sm_pkg_id);
1057     createTestDirs(user2, sm_app_id, sm_pkg_id);
1058
1059     testPathOutside(sm_pkg_id, user1.getUid(),
1060                     TzPlatformConfig::appDirPath(user2, sm_app_id, sm_pkg_id));
1061     testPathOutside(sm_pkg_id, user1.getUid(),
1062                     TzPlatformConfig::appDirPath(user1, sm_app_id, "sm_test_62_non_existing_pkg_id"));
1063     testPathOutside(sm_pkg_id, user1.getUid(), std::string("/home/") + user1.getUserName());
1064 }
1065
1066 void testPathsReqAsUser(const enum app_install_type &type, lib_retcode expectedResult) {
1067     const char *const sm_app_id = "sm_test_63_app_id";
1068     const char *const sm_pkg_id = "sm_test_63_pkg_id";
1069
1070     TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
1071     user.create();
1072     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1073
1074     removeTestDirs(user, sm_app_id, sm_pkg_id);
1075     createTestDirs(user, sm_app_id, sm_pkg_id);
1076
1077     install_app(sm_app_id, sm_pkg_id, user.getUid());
1078
1079     int result = drop_root_privileges(user.getUid(), user.getGid());
1080     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1081
1082     PathsRequest preq;
1083     preq.setPkgId(sm_pkg_id);
1084     preq.setUid(user.getUid());
1085     preq.setInstallType(type);
1086     preq.addPath(path, SECURITY_MANAGER_PATH_RW);
1087
1088     Api::registerPaths(preq, expectedResult);
1089 }
1090
1091 RUNNER_CHILD_TEST(security_manager_63a_path_req_as_user)
1092 {
1093     testPathsReqAsUser(SM_APP_INSTALL_GLOBAL,
1094                            (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
1095 }
1096
1097 RUNNER_CHILD_TEST(security_manager_63b_path_req_preloaded_as_user)
1098 {
1099     testPathsReqAsUser(SM_APP_INSTALL_PRELOADED,
1100                            (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
1101 }
1102
1103 void testPathsReqLocal(uid_t uid, gid_t gid)
1104 {
1105     const char *const sm_app_id = "sm_test_64_app_id";
1106     const char *const sm_pkg_id = "sm_test_64_pkg_id";
1107
1108     TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
1109     user.create();
1110     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1111
1112     removeTestDirs(user, sm_app_id, sm_pkg_id);
1113     createTestDirs(user, sm_app_id, sm_pkg_id);
1114
1115     install_app(sm_app_id, sm_pkg_id, user.getUid());
1116
1117     int result = drop_root_privileges(uid, gid);
1118     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1119
1120     PathsRequest preq;
1121     preq.setPkgId(sm_pkg_id);
1122     preq.setUid(user.getUid());
1123     preq.setInstallType(SM_APP_INSTALL_LOCAL);
1124     preq.addPath(path, SECURITY_MANAGER_PATH_RW);
1125
1126     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
1127 }
1128
1129
1130 RUNNER_CHILD_TEST(security_manager_64a_path_req_as_local_as_root)
1131 {
1132     testPathsReqLocal(0, 0);
1133 }
1134
1135 RUNNER_CHILD_TEST(security_manager_64b_path_req_as_local_asuser)
1136 {
1137     testPathsReqLocal(TzPlatformConfig::getGlobalUserId(), TzPlatformConfig::getGlobalGroupId());
1138 }
1139
1140 RUNNER_TEST(security_manager_66_path_req_check_labels)
1141 {
1142     const char *const sm_app_id = "sm_test_66_app_id_full";
1143     const char *const sm_pkg_id = "sm_test_66_pkg_id_full";
1144
1145     std::string SM_RW_PATH = genRWPath(66);
1146     std::string SM_RO_PATH = genROPath(66);
1147     std::string SM_PUBLIC_RO_PATH = genPublicROPath(66);
1148
1149     prepare_app_env(66);
1150
1151     install_app(sm_app_id, sm_pkg_id);
1152
1153     PathsRequest preq;
1154     preq.setPkgId(sm_pkg_id);
1155     preq.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
1156     preq.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
1157     preq.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
1158     Api::registerPaths(preq);
1159
1160     uninstall_app(sm_app_id, sm_pkg_id, true);
1161 }
1162
1163 RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
1164 {
1165     const char *const sm_app_id = "sm_test_67_app_id";
1166     const char *const sm_pkg_id = "sm_test_67_pkg_id";
1167
1168     TemporaryTestUser user("sm_test_67_user_name", GUM_USERTYPE_NORMAL, false);
1169     user.create();
1170     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1171
1172     removeTestDirs(user, sm_app_id, sm_pkg_id);
1173     createTestDirs(user, sm_app_id, sm_pkg_id);
1174
1175     InstallRequest ireq;
1176     ireq.setAppId(sm_app_id);
1177     ireq.setPkgId(sm_pkg_id);
1178     ireq.setUid(user.getUid());
1179     ireq.setAppTizenVersion("3.0");
1180     Api::install(ireq);
1181
1182     PathsRequest preq;
1183     preq.setPkgId(sm_pkg_id);
1184     preq.setUid(user.getUid());
1185     preq.addPath(path, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
1186
1187     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
1188 }
1189
1190 RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
1191 {
1192     const char *const sm_app_id = "sm_test_68_app_id";
1193     const char *const sm_pkg_id = "sm_test_68_pkg_id";
1194
1195     TemporaryTestUser user("sm_test_68_user_name", GUM_USERTYPE_NORMAL, false);
1196     user.create();
1197     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1198
1199     removeTestDirs(user, sm_app_id, sm_pkg_id);
1200     createTestDirs(user, sm_app_id, sm_pkg_id);
1201
1202     InstallRequest ireq;
1203     ireq.setAppId(sm_app_id);
1204     ireq.setPkgId(sm_pkg_id);
1205     ireq.setUid(user.getUid());
1206     ireq.setAppTizenVersion("2.4");
1207     Api::install(ireq);
1208
1209     PathsRequest preq;
1210     preq.setPkgId(sm_pkg_id);
1211     preq.setUid(user.getUid());
1212     preq.addPath(path, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
1213
1214     Api::registerPaths(preq);
1215
1216     // check labels
1217     check_path(path, generatePkgLabel(sm_pkg_id) + "::SharedRO");
1218 }
1219
1220 RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)
1221 {
1222     const char *const sm_app_id = "sm_test_69_app_id";
1223     const char *const sm_pkg_id = "sm_test_69_pkg_id";
1224
1225     TemporaryTestUser user("sm_test_69_user_name", GUM_USERTYPE_NORMAL, false);
1226     user.create();
1227     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1228
1229     removeTestDirs(user, sm_app_id, sm_pkg_id);
1230     createTestDirs(user, sm_app_id, sm_pkg_id);
1231
1232     install_app(sm_app_id, sm_pkg_id, user.getUid());
1233
1234     PathsRequest preq;
1235     preq.setPkgId(sm_pkg_id);
1236     preq.setUid(user.getUid());
1237     preq.addPath(path, SECURITY_MANAGER_PATH_TRUSTED_RW);
1238
1239     Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
1240 }
1241
1242 RUNNER_TEST(security_manager_70_path_req_trusted_rw_positive)
1243 {
1244     const char *const sm_app_id = "sm_test_70_app_id";
1245     const char *const sm_pkg_id = "sm_test_70_pkg_id";
1246     const char *const author_id = "sm_test_70_author_id";
1247
1248     TemporaryTestUser user("sm_test_70_user_name", GUM_USERTYPE_NORMAL, false);
1249     user.create();
1250     std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1251
1252     removeTestDirs(user, sm_app_id, sm_pkg_id);
1253     createTestDirs(user, sm_app_id, sm_pkg_id);
1254
1255     InstallRequest ireq;
1256     ireq.setAppId(sm_app_id);
1257     ireq.setPkgId(sm_pkg_id);
1258     ireq.setUid(user.getUid());
1259     ireq.setAuthorId(author_id);
1260     Api::install(ireq);
1261
1262     PathsRequest preq;
1263     preq.setPkgId(sm_pkg_id);
1264     preq.setUid(user.getUid());
1265     preq.addPath(path, SECURITY_MANAGER_PATH_TRUSTED_RW);
1266
1267     Api::registerPaths(preq);
1268
1269     // check labels
1270     TestSecurityManagerDatabase dbtest;
1271     int64_t authorDb = dbtest.get_author_id(author_id);
1272     check_path(path, std::string("User::Author::") + std::to_string(authorDb));
1273 }
1274
1275 int main(int argc, char *argv[])
1276 {
1277     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
1278 }
Domain: Security / Uncategorized;