2 * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
21 #include <sys/inotify.h>
22 #include <sys/ioctl.h>
23 #include <sys/prctl.h>
24 #include <sys/smack.h>
25 #include <sys/socket.h>
26 #include <sys/types.h>
35 #include <unordered_set>
41 #include <access_provider.h>
42 #include <app_install_helper.h>
43 #include <cynara_test_admin.h>
44 #include <cynara_test_client.h>
45 #include <dpl/log/log.h>
46 #include <dpl/test/test_runner.h>
48 #include <passwd_access.h>
49 #include <service_manager.h>
51 #include <sm_commons.h>
53 #include <sm_request.h>
54 #include <sm_user_request.h>
55 #include <synchronization_pipe.h>
56 #include <temp_test_user.h>
57 #include <tests_common.h>
58 #include <tzplatform.h>
61 using namespace SecurityManagerTest;
63 void changeSecurityContext(const std::string& label, uid_t uid, gid_t gid)
65 RUNNER_ASSERT_ERRNO_MSG(0 == smack_set_label_for_self(label.c_str()),
66 "Error in smack_set_label_for_self(" << label << ")");
68 RUNNER_ASSERT_ERRNO_MSG(0 == setgid(gid), "Error in setgid.");
69 RUNNER_ASSERT_ERRNO_MSG(0 == setuid(uid), "Error in setuid.");
72 static const std::map<std::string, struct app_attributes> MANY_APPS_PKGS = {
73 {"security_manager_10_app_1", {"security_manager_10_pkg_1", "2.1"}},
74 {"security_manager_10_app_2", {"security_manager_10_pkg_2", "3.0"}},
75 {"security_manager_10_app_3", {"security_manager_10_pkg_3", "2.1.1"}},
76 {"security_manager_10_app_4", {"security_manager_10_pkg_4", "3.1"}},
77 {"security_manager_10_app_5", {"security_manager_10_pkg_5", "2.2"}}
81 RUNNER_TEST_GROUP_INIT(SECRUTIY_MANAGER_POLICY)
83 RUNNER_TEST(security_manager_18_user_cynara_policy)
85 const char *const MAIN_BUCKET = "MAIN";
86 const char *const MANIFESTS_BUCKET = "MANIFESTS";
87 const char *const ADMIN_BUCKET = "ADMIN";
88 const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL";
89 const std::string username("sm_test_10_user_cynara_policy");
90 CynaraTestAdmin::Admin admin;
91 std::string uid_string;
92 TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
94 user.getUidString(uid_string);
96 CynaraTestAdmin::CynaraPoliciesContainer nonemptyContainer;
97 nonemptyContainer.add(MAIN_BUCKET,CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, CYNARA_ADMIN_BUCKET, USER_TYPE_NORMAL_BUCKET);
98 admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, nonemptyContainer,CYNARA_API_SUCCESS);
101 CynaraTestAdmin::CynaraPoliciesContainer emptyContainer;
103 admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
104 admin.listPolicies(MANIFESTS_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
105 admin.listPolicies(CYNARA_ADMIN_DEFAULT_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
106 admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
109 RUNNER_CHILD_TEST(security_manager_21_security_manager_admin_deny_user_priv)
111 const int BUFFER_SIZE = 128;
115 char buf[BUFFER_SIZE];
118 privileges_t admin_required_privs = {
119 "http://tizen.org/privilege/notexist",
120 "http://tizen.org/privilege/internal/usermanagement"};
121 privileges_t manifest_privs = {
122 "http://tizen.org/privilege/internet",
123 "http://tizen.org/privilege/datasharing"};
124 privileges_t real_privs_allow = {"http://tizen.org/privilege/datasharing"};
125 privileges_t real_privs_deny = {"http://tizen.org/privilege/internet"};
127 const std::string pirivman_id = "sm_test_13_ADMIN_APP";
128 const std::string pirivman_pkg_id = "sm_test_13_ADMIN_PKG";
129 const std::string app_id = "sm_test_13_SOME_APP";
130 const std::string pkg_id = "sm_test_13_SOME_PKG";
136 RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
138 RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
139 if (pid != 0)//parent process
141 std::string childuidstr;
142 TemporaryTestUser admin("sm_test_13_ADMIN_USER", GUM_USERTYPE_ADMIN, false);
143 TemporaryTestUser child("sm_test_13_NORMAL_USER", GUM_USERTYPE_NORMAL, false);
145 InstallRequest request,request2;
146 FdUniquePtr pipeptr(pipefd+1);
151 child.getUidString(childuidstr);
153 //install privacy manager for admin
154 request.setAppId(pirivman_id.c_str());
155 request.setPkgId(pirivman_pkg_id.c_str());
156 request.setUid(admin.getUid());
157 for (auto &priv: admin_required_privs)
158 request.addPrivilege(priv.c_str());
159 Api::install(request);
161 //install app for child that has internet privilege
162 request2.setAppId(app_id.c_str());
163 request2.setPkgId(pkg_id.c_str());
164 request2.setUid(child.getUid());
165 for (auto &priv: manifest_privs)
166 request2.addPrivilege(priv.c_str());
167 Api::install(request2);
169 check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
170 manifest_privs, SM_NO_PRIVILEGES);
173 msg.uid = admin.getUid();
174 msg.gid = admin.getGid();
175 strncpy (msg.buf, childuidstr.c_str(), BUFFER_SIZE);
177 ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
178 RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
182 check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
183 real_privs_allow, real_privs_deny);
187 FdUniquePtr pipeptr(pipefd);
190 ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
191 RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
193 //become admin privacy manager manager
194 Api::setProcessLabel(pirivman_id.c_str());
195 result = drop_root_privileges(msg.uid, msg.gid);
196 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
197 PolicyRequest addPolicyReq;
199 for (auto &denypriv:real_privs_deny) {
200 /*this entry will deny some privileges for user whose uid (as c string)
201 was sent in message's buf field.
202 That user would be denying internet for child in this case*/
203 PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, denypriv);
204 entry.setMaxLevel("Deny");
205 addPolicyReq.addEntry(entry);
207 Api::sendPolicy(addPolicyReq);
213 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_CMD)
215 RUNNER_TEST(security_manager_19_security_manager_cmd_install)
218 const int SUCCESS = 0;
219 const int FAILURE = 256;
220 const std::string app_id = "security_manager_10_app";
221 const std::string pkg_id = "security_manager_10_pkg";
222 const std::string username("sm_test_10_user_name");
223 std::string uid_string;
224 TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
226 user.getUidString(uid_string);
227 const std::string path1 = TzPlatformConfig::appDirPath(user, app_id, pkg_id) + "/p1";
228 const std::string path2 = TzPlatformConfig::appDirPath(user, app_id, pkg_id) + "/p2";
229 const std::string pkgopt = " --pkg=" + pkg_id;
230 const std::string appopt = " --app=" + app_id;
231 const std::string uidopt = " --uid=" + uid_string;
233 mktreeSafe(path1.c_str(), 0);
234 mktreeSafe(path2.c_str(), 0);
236 const std::string installcmd = "security-manager-cmd --install " + appopt + pkgopt + uidopt;
242 std::vector<struct operation> operations = {
243 {"security-manager-cmd", FAILURE},//no option
244 {"security-manager-cmd --blah", FAILURE},//blah option is not known
245 {"security-manager-cmd --help", SUCCESS},
246 {"security-manager-cmd --install", FAILURE},//no params
247 {"security-manager-cmd -i", FAILURE},//no params
248 {"security-manager-cmd --i --app=app_id_10 --pkg=pkg_id_10", FAILURE},//no uid
249 {installcmd, SUCCESS},
250 {"security-manager-cmd -i -a" + app_id + " -g" + pkg_id + uidopt, SUCCESS},
251 {installcmd + " --path " + path1 + " rw", SUCCESS},
252 {installcmd + " --path " + path1, FAILURE},//no path type
253 {installcmd + " --path " + path1 + " rw" + " --path " + path2 + " ro", SUCCESS},
254 {installcmd + " --path " + path1 + " prie" + " --path " + path2 + " ro", FAILURE},//wrong path type
255 {installcmd + " --path " + path1 + " rw" + " --privilege somepriv --privilege somepriv2" , SUCCESS},
258 for (auto &op : operations) {
259 ret = system((op.command + " 1>/dev/null 2>&1").c_str());
260 RUNNER_ASSERT_MSG(ret == op.expected_result,
261 "Unexpected result for command '" << op.command <<"': "
262 << ret << " Expected was: "<< op.expected_result);
266 RUNNER_TEST(security_manager_20_security_manager_cmd_users)
269 const int SUCCESS = 0;
270 const int FAILURE = 256;
271 const std::string username("sm_test_11_user_name");
272 std::string uid_string;
273 TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
275 user.getUidString(uid_string);
276 const std::string uidopt = " --uid=" + uid_string;
282 std::vector<struct operation> operations = {
283 {"security-manager-cmd --manage-users=remove", FAILURE},//no params
284 {"security-manager-cmd -m", FAILURE},//no params
285 {"security-manager-cmd -mr", FAILURE},//no uid
286 {"security-manager-cmd -mr --uid" + uidopt, FAILURE},//no uid
287 {"security-manager-cmd -mr --sdfj" + uidopt, FAILURE},//sdfj?
288 {"security-manager-cmd --msdf -u2004" , FAILURE},//sdf?
289 {"security-manager-cmd -mr" + uidopt, SUCCESS},//ok, removed
290 {"security-manager-cmd -mr --blah" + uidopt, FAILURE},//blah
291 {"security-manager-cmd -ma" + uidopt, SUCCESS},//ok, added
292 {"security-manager-cmd -ma --usertype=normal" + uidopt, SUCCESS},//ok, added
293 {"security-manager-cmd -ma --usertype=mal" + uidopt, FAILURE},//ok, added
296 for (auto &op : operations) {
297 ret = system((op.command + " 1>/dev/null 2>&1").c_str());
298 RUNNER_ASSERT_MSG(ret == op.expected_result,
299 "Unexpected result for command '" << op.command <<"': "
300 << ret << " Expected was: "<< op.expected_result);
304 void setupPrivilegeGroups(const privileges_t &privileges, const std::vector<std::string> &groups)
306 TestSecurityManagerDatabase db;
307 for (const auto &privilege : privileges) {
308 db.setup_privilege_groups(privilege, groups);
312 std::vector<std::string> readPrivilegeGroups()
314 std::vector<std::string> groups;
315 const static std::string privilegeGroupMappingPath("/usr/share/security-manager/policy/privilege-group.list");
316 std::ifstream mappingFile(privilegeGroupMappingPath);
318 RUNNER_ASSERT_MSG(mappingFile.is_open(),
319 "Unable to read group mapping file " << privilegeGroupMappingPath);
322 std::regex r("^[^ #]+ +(.*)");
323 while (std::getline(mappingFile, line)) {
325 if (std::regex_search(line, m, r))
326 groups.push_back(m[1]);
332 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_GROUPS)
334 RUNNER_TEST(security_manager_22_groups_get)
336 setupPrivilegeGroups(SM_ALLOWED_PRIVILEGES, SM_ALLOWED_GROUPS);
338 std::unordered_set<std::string> groups;
339 auto tmp = readPrivilegeGroups();
340 groups.insert(tmp.begin(), tmp.end());
341 groups.insert(SM_ALLOWED_GROUPS.begin(), SM_ALLOWED_GROUPS.end());
346 Api::getSecurityManagerGroups(&c_groups, &count);
347 RUNNER_ASSERT_MSG(count == groups.size(), "security_manager_groups_get should set count to: "
348 << groups.size() << " but count is: " << count);
350 for (const auto &group : groups) {
352 for (size_t i = 0; i < count; ++i) {
353 if (group == c_groups[i]) {
358 RUNNER_ASSERT_MSG(found, "PrivilegeGroup: " << group << " was not found");
360 security_manager_groups_free(c_groups, count);
364 const int sm_app_shared_test_id = 27;
365 const char *const sm_app_shared_id = "sm_test_27_app_id_full";
366 const char *const sm_app_shared_another_in_package_id = "sm_test_27_app_2_id_full";
367 const char *const sm_pkg_shared_id = "sm_test_27_pkg_id_full";
369 void test_success_worker(const std::string &appName, int test_num)
371 std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
373 changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID);
375 RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1,
376 "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH );
379 void test_fail_worker(const std::string &appName, int test_num)
381 std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
383 changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID);
385 RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1,
386 "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName
387 << " surprisingly succeeded, while expecting fail");
391 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PUBLIC_SHARING)
393 RUNNER_TEST(security_manager_27a_API2X_app_install)
395 std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
396 std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
397 std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
398 std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
399 prepare_app_env(sm_app_shared_test_id, true);
401 // install other apps
402 for(const auto &app : MANY_APPS_PKGS) {
403 InstallRequest requestInst;
404 requestInst.setAppId(app.first.c_str());
405 requestInst.setPkgId(app.second.package.c_str());
406 requestInst.setAppTizenVersion(app.second.Tizen_ver.c_str());
408 Api::install(requestInst);
413 InstallRequest requestInst;
414 requestInst.setAppId(sm_app_shared_id);
415 requestInst.setPkgId(sm_pkg_shared_id);
416 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
417 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
418 requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
419 requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
420 requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
421 requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
422 requestInst.setAppTizenVersion("2.4");
423 Api::install(requestInst);
426 // another app in package
428 InstallRequest requestInst;
429 requestInst.setAppId(sm_app_shared_another_in_package_id);
430 requestInst.setPkgId(sm_pkg_shared_id);
431 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
432 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
433 requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
434 requestInst.setAppTizenVersion("2.4");
435 Api::install(requestInst);
438 /* Check records in the security-manager database */
439 check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
440 SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
441 /* Check records in the security-manager database */
442 check_app_after_install(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
443 SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
445 /* TODO: add parameters to this function */
446 check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
448 RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
451 RUNNER_CHILD_TEST(security_manager_27b_owner_1_have_access)
453 test_success_worker(sm_app_shared_id, sm_app_shared_test_id);
456 RUNNER_CHILD_TEST(security_manager_27c_owner_2_have_access)
458 test_success_worker(sm_app_shared_another_in_package_id, sm_app_shared_test_id);
461 RUNNER_CHILD_TEST(security_manager_27d_API2X_apps_have_access_app_1)
463 test_success_worker("security_manager_10_app_1", sm_app_shared_test_id);
466 RUNNER_CHILD_TEST(security_manager_27e_API2X_apps_dont_have_access_app_2)
468 test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id);
471 RUNNER_CHILD_TEST(security_manager_27f_API2X_apps_have_access_app_3)
473 test_success_worker("security_manager_10_app_3", sm_app_shared_test_id);
476 RUNNER_CHILD_TEST(security_manager_27g_API2X_apps_dont_have_access_app_4)
478 test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id);
481 RUNNER_CHILD_TEST(security_manager_27h_API2X_apps_have_access_app_5)
483 test_success_worker("security_manager_10_app_5", sm_app_shared_test_id);
487 RUNNER_TEST(security_manager_27i_API2X_app_uninstall)
490 InstallRequest requestUninst;
491 requestUninst.setAppId(sm_app_shared_id);
492 Api::uninstall(requestUninst);
495 InstallRequest requestUninst;
496 requestUninst.setAppId(sm_app_shared_another_in_package_id);
497 Api::uninstall(requestUninst);
500 /* Check records in the security-manager database,
501 * all previously allowed privileges should be removed */
502 check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
503 SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
504 check_app_after_uninstall(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
505 SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
508 RUNNER_TEST(security_manager_27j_API30_app_install)
510 std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
511 std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
512 std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
513 std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
514 prepare_app_env(sm_app_shared_test_id, true);
517 InstallRequest requestInst;
518 requestInst.setAppId(sm_app_shared_id);
519 requestInst.setPkgId(sm_pkg_shared_id);
520 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
521 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
522 requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
523 requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
524 requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
525 requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
526 requestInst.setAppTizenVersion("3.0");
528 Api::install(requestInst);
530 /* Check records in the security-manager database */
531 check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
532 SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
534 /* TODO: add parameters to this function */
535 check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
537 RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
540 RUNNER_CHILD_TEST(security_manager_27k_API30_apps_dont_have_access_app_1)
542 test_fail_worker("security_manager_10_app_1", sm_app_shared_test_id);
545 RUNNER_CHILD_TEST(security_manager_27l_API30_apps_dont_have_access_app_2)
547 test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id);
550 RUNNER_CHILD_TEST(security_manager_27m_API30_apps_dont_have_access_app_3)
552 test_fail_worker("security_manager_10_app_3", sm_app_shared_test_id);
555 RUNNER_CHILD_TEST(security_manager_27n_API30_apps_dont_have_access_app_4)
557 test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id);
560 RUNNER_CHILD_TEST(security_manager_27o_API30_apps_dont_have_access_app_5)
562 test_fail_worker("security_manager_10_app_5", sm_app_shared_test_id);
565 RUNNER_TEST(security_manager_27p_API30_app_uninstall)
567 InstallRequest requestUninst;
568 requestUninst.setAppId(sm_app_shared_id);
570 Api::uninstall(requestUninst);
572 /* Check records in the security-manager database,
573 * all previously allowed privileges should be removed */
574 check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
575 SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
577 // install other apps
578 for(const auto &app : MANY_APPS_PKGS) {
579 InstallRequest requestUninst;
580 requestUninst.setAppId(app.first);
582 Api::uninstall(requestUninst);
587 RUNNER_CHILD_TEST(security_manager_53_app_has_privilege)
589 const char *const sm_app_id = "sm_test_53_app";
590 const char *const sm_pkg_id = "sm_test_53_pkg";
591 const std::string new_user_name = "sm_test_47_user_name";
593 InstallRequest requestInst;
594 requestInst.setAppId(sm_app_id);
595 requestInst.setPkgId(sm_pkg_id);
596 for (auto const &privilege : SM_ALLOWED_PRIVILEGES)
597 requestInst.addPrivilege(privilege.c_str());
598 Api::install(requestInst);
600 for (auto const &privilege : SM_ALLOWED_PRIVILEGES) {
602 Api::appHasPrivilege(sm_app_id, privilege.c_str(), TzPlatformConfig::getGlobalUserId(),
604 RUNNER_ASSERT_MSG(result == 1, "Application " << sm_app_id <<
605 " should have access to privilege " << privilege);
608 for (auto const &privilege : SM_DENIED_PRIVILEGES) {
610 Api::appHasPrivilege(sm_app_id, privilege.c_str(), TzPlatformConfig::getGlobalUserId(),
612 RUNNER_ASSERT_MSG(result == 0, "Application " << sm_app_id <<
613 " should not have access to privilege " << privilege);
616 InstallRequest requestUninst;
617 requestUninst.setAppId(sm_app_id);
618 Api::uninstall(requestUninst);
621 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_INSTALL_TYPE)
623 RUNNER_TEST(security_manager_49a_global_user_set_install_type_global)
625 const char *const sm_app_id = "sm_test_49a_app_id_global";
626 const char *const sm_pkg_id = "sm_test_49a_pkg_id_global";
628 InstallRequest requestInst;
629 requestInst.setAppId(sm_app_id);
630 requestInst.setPkgId(sm_pkg_id);
631 requestInst.setInstallType(SM_APP_INSTALL_GLOBAL);
633 Api::install(requestInst);
635 // Check records in the security-manager database
636 check_app_after_install(sm_app_id, sm_pkg_id);
638 InstallRequest requestUninst;
639 requestUninst.setAppId(sm_app_id);
641 Api::uninstall(requestUninst);
643 // Check records in the security-manager database
644 check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
647 RUNNER_TEST(security_manager_49b_global_user_set_install_type_local)
649 const char *const sm_app_id = "sm_test_49b_app_id_local";
650 const char *const sm_pkg_id = "sm_test_49b_pkg_id_local";
652 InstallRequest requestInst;
653 requestInst.setAppId(sm_app_id);
654 requestInst.setPkgId(sm_pkg_id);
655 requestInst.setInstallType(SM_APP_INSTALL_LOCAL);
657 Api::install(requestInst, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
660 RUNNER_TEST(security_manager_49c_global_user_set_install_type_preloaded)
662 const char *const sm_app_id = "sm_test_49c_app_id_preloaded";
663 const char *const sm_pkg_id = "sm_test_49c_pkg_id_preloaded";
665 InstallRequest requestInst;
666 requestInst.setAppId(sm_app_id);
667 requestInst.setPkgId(sm_pkg_id);
668 requestInst.setInstallType(SM_APP_INSTALL_PRELOADED);
670 Api::install(requestInst);
672 // Check records in the security-manager database
673 check_app_after_install(sm_app_id, sm_pkg_id);
675 InstallRequest requestUninst;
676 requestUninst.setAppId(sm_app_id);
678 Api::uninstall(requestUninst);
680 // Check records in the security-manager database
681 check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
684 RUNNER_CHILD_TEST(security_manager_49d_local_user_set_install_type_global)
687 const char *const sm_app_id = "sm_test_49d_app_id_global";
688 const char *const sm_pkg_id = "sm_test_49d_pkg_id_global";
689 const std::string new_user_name = "sm_test_49d_user_name";
691 TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
694 removeTestDirs(testUser, sm_app_id, sm_pkg_id);
695 createTestDirs(testUser, sm_app_id, sm_pkg_id);
697 const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id);
699 //switch user to non-root
700 result = drop_root_privileges(testUser.getUid(), testUser.getGid());
701 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
703 InstallRequest requestPrivateUser;
704 prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
705 SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(),
708 requestPrivateUser.setInstallType((app_install_type)0, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
709 requestPrivateUser.setInstallType((app_install_type)22, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
710 requestPrivateUser.setInstallType(SM_APP_INSTALL_GLOBAL);
712 for (auto &privilege : SM_ALLOWED_PRIVILEGES)
713 requestPrivateUser.addPrivilege(privilege.c_str());
716 * It is possible for local user to install global application but one needs app_install privileges
717 * By default only global user or root can install global apps
719 Api::install(requestPrivateUser, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
722 RUNNER_CHILD_TEST(security_manager_49e_local_user_set_install_type_local)
725 const char *const sm_app_id = "sm_test_49e_app_id_local";
726 const char *const sm_pkg_id = "sm_test_49e_pkg_id_local";
727 const std::string new_user_name = "sm_test_49e_user_name";
729 TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
732 removeTestDirs(testUser, sm_app_id, sm_pkg_id);
733 createTestDirs(testUser, sm_app_id, sm_pkg_id);
735 const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id);
737 //switch user to non-root
738 result = drop_root_privileges(testUser.getUid(), testUser.getGid());
739 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
741 InstallRequest requestPrivateUser;
742 prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
743 SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(),
746 requestPrivateUser.setInstallType(SM_APP_INSTALL_LOCAL);
748 for (auto &privilege : SM_ALLOWED_PRIVILEGES)
749 requestPrivateUser.addPrivilege(privilege.c_str());
751 Api::install(requestPrivateUser);
753 check_app_permissions(sm_app_id, sm_pkg_id,
754 uidToStr(testUser.getUid()).c_str(),
755 SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
757 //uninstall app as non-root user
758 InstallRequest request;
759 request.setAppId(sm_app_id);
761 Api::uninstall(request);
763 check_app_permissions(sm_app_id, sm_pkg_id,
764 uidToStr(testUser.getUid()).c_str(),
765 SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
768 RUNNER_CHILD_TEST(security_manager_49f_local_user_set_install_type_preloaded)
771 const char *const sm_app_id = "sm_test_49f_app_id_preloaded";
772 const char *const sm_pkg_id = "sm_test_49f_pkg_id_preloaded";
773 const std::string new_user_name = "sm_test_49f_user_name";
775 TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
778 removeTestDirs(testUser, sm_app_id, sm_pkg_id);
779 createTestDirs(testUser, sm_app_id, sm_pkg_id);
781 const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id);
783 //switch user to non-root
784 result = drop_root_privileges(testUser.getUid(), testUser.getGid());
785 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
787 InstallRequest requestPrivateUser;
788 prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
789 SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(),
792 requestPrivateUser.setInstallType((app_install_type)0, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
793 requestPrivateUser.setInstallType((app_install_type)22, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
794 requestPrivateUser.setInstallType(SM_APP_INSTALL_PRELOADED);
796 for (auto &privilege : SM_ALLOWED_PRIVILEGES)
797 requestPrivateUser.addPrivilege(privilege.c_str());
800 * It is possible for local user to install preloaded application but one needs app_install privileges
801 * By default only global user or root can install preloaded apps
803 Api::install(requestPrivateUser, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
806 RUNNER_TEST(security_manager_50_app_install_constraint_check)
808 auto install = [](const TemporaryTestUser& user,
813 enum lib_retcode expected,
814 bool uninstall = true)
816 InstallRequest request;
817 request.setAppId(appId);
818 request.setPkgId(pkgId);
819 request.setAppTizenVersion(version);
820 request.setAuthorId(author);
821 request.setUid(user.getUid());
823 Api::install(request, expected);
825 if(expected == SECURITY_MANAGER_SUCCESS) {
826 // TODO add verification once check_app_after_install() supports uid
827 // check_app_after_install(appId, pkgId);
829 Api::uninstall(request);
833 std::vector<TemporaryTestUser> users = {
834 {"sm_test_50_user_name_0", GUM_USERTYPE_NORMAL, false},
835 {"sm_test_50_user_name_1", GUM_USERTYPE_NORMAL, false}
838 for(auto& gu : users)
841 const char *const pkgId[] = {"sm_test_50_pkg_id_0", "sm_test_50_pkg_id_1"};
842 const char *const appId[] = {"sm_test_50_app_id_0", "sm_test_50_app_id_1"};
843 const char *const version[] = {"sm_test_50_version_0", "sm_test_50_version_1"};
844 const char *const author[] = {"sm_test_50_author_0", "sm_test_50_author_1"};
846 // uid_0, pkg_0, app_0, version_0, author_0
847 install(users[0], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS, false);
849 // uid_1, pkg_0, app_0, version_0, author_0 -> ok (different uid)
850 install(users[1], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS);
851 // uid_1, pkg_0, app_0, version_0, author_1 -> fail (author of app_0 must be the same)
852 install(users[1], pkgId[0], appId[0], version[0], author[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
853 // uid_1, pkg_0, app_0, version_1, author_0 -> fail (version of app_0 must be the same)
854 install(users[1], pkgId[0], appId[0], version[1], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
855 // uid_1, pkg_1, app_0, version_0, author_0 -> fail (pkg of app_0 must be the same)
856 install(users[1], pkgId[1], appId[0], version[0], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
857 // uid_0, pkg_0, app_0, version_0, author_0 -> ok (the same app again)
858 install(users[0], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS, false);
859 // uid_0, pkg_1, app_0, version_0, author_0 -> fail (app_name + uid must be unique)
860 install(users[0], pkgId[1], appId[0], version[0], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
861 // uid_0, pkg_0, app_0, version_1, author_0 -> fail (app_name + uid must be unique)
862 install(users[0], pkgId[0], appId[0], version[1], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
863 // uid_0, pkg_0, app_0, version_0, author_1 -> fail (app_name + uid must be unique)
864 install(users[0], pkgId[0], appId[0], version[0], author[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
867 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_REGISTER_PATH)
869 RUNNER_TEST(security_manager_54_path_req_no_pkg)
871 const char *const sm_app_id = "sm_test_54_app_id";
872 const char *const sm_pkg_id = "sm_test_54_pkg_id";
874 TemporaryTestUser user("sm_test_54_user_name", GUM_USERTYPE_NORMAL, false);
876 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
878 removeTestDirs(user, sm_app_id, sm_pkg_id);
879 createTestDirs(user, sm_app_id, sm_pkg_id);
882 req.setPkgId("non-existing-pkg-id");
883 req.setUid(user.getUid());
884 req.addPath(path, SECURITY_MANAGER_PATH_RW);
886 Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
889 RUNNER_TEST(security_manager_55_path_req_empty_pkg)
891 const char *const sm_app_id = "sm_test_55_app_id";
892 const char *const sm_pkg_id = "sm_test_55_pkg_id";
894 TemporaryTestUser user("sm_test_55_user_name", GUM_USERTYPE_NORMAL, false);
896 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
898 removeTestDirs(user, sm_app_id, sm_pkg_id);
899 createTestDirs(user, sm_app_id, sm_pkg_id);
903 req.setUid(user.getUid());
904 req.addPath(path, SECURITY_MANAGER_PATH_RW);
906 Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
909 RUNNER_TEST(security_manager_56_path_req_wrong_type)
912 req.setInstallType(SM_APP_INSTALL_END,
913 (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
914 req.setInstallType((app_install_type)(SM_APP_INSTALL_NONE-1),
915 (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
918 RUNNER_TEST(security_manager_57_path_req_wrong_uid)
920 const char *const sm_app_id = "sm_test_57_app_id";
921 const char *const sm_pkg_id = "sm_test_57_pkg_id";
923 TemporaryTestUser user("sm_test_57_user_name", GUM_USERTYPE_NORMAL, false);
925 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
927 removeTestDirs(user, sm_app_id, sm_pkg_id);
928 createTestDirs(user, sm_app_id, sm_pkg_id);
930 install_app(sm_app_id, sm_pkg_id, user.getUid());
933 preq.setPkgId(sm_pkg_id);
935 preq.setInstallType(SM_APP_INSTALL_LOCAL);
936 preq.addPath(path, SECURITY_MANAGER_PATH_RW);
938 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
941 RUNNER_TEST(security_manager_58_path_req_empty_paths)
943 const char *const sm_app_id = "sm_test_58_app_id";
944 const char *const sm_pkg_id = "sm_test_58_pkg_id";
946 TemporaryTestUser user("sm_test_58_user_name", GUM_USERTYPE_NORMAL, false);
949 install_app(sm_app_id, sm_pkg_id, user.getUid());
952 req.setPkgId(sm_pkg_id);
953 req.setUid(user.getUid());
954 Api::registerPaths(req);
957 RUNNER_TEST(security_manager_59_path_req_as_root_positive)
959 const char *const sm_app_id = "sm_test_59_app_id";
960 const char *const sm_pkg_id = "sm_test_59_pkg_id";
962 TemporaryTestUser user("sm_test_59_user_name", GUM_USERTYPE_NORMAL, false);
964 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
966 removeTestDirs(user, sm_app_id, sm_pkg_id);
967 createTestDirs(user, sm_app_id, sm_pkg_id);
969 install_app(sm_app_id, sm_pkg_id, user.getUid());
972 preq.setPkgId(sm_pkg_id);
973 preq.setUid(user.getUid());
974 preq.addPath(path, SECURITY_MANAGER_PATH_RW);
976 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
979 RUNNER_CHILD_TEST(security_manager_60_path_req_as_user_positive)
981 const char *const sm_app_id = "sm_test_60_app_id";
982 const char *const sm_pkg_id = "sm_test_60_pkg_id";
984 TemporaryTestUser user("sm_test_60_user_name", GUM_USERTYPE_NORMAL, false);
986 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
988 removeTestDirs(user, sm_app_id, sm_pkg_id);
989 createTestDirs(user, sm_app_id, sm_pkg_id);
991 install_app(sm_app_id, sm_pkg_id, user.getUid());
993 int result = drop_root_privileges(user.getUid(), user.getGid());
994 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
997 preq.setPkgId(sm_pkg_id);
998 preq.setUid(user.getUid());
999 preq.addPath(path, SECURITY_MANAGER_PATH_RW);
1001 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
1004 RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
1006 const char *const sm_app_id = "sm_test_61_app_id";
1007 const char *const sm_pkg_id = "sm_test_61_pkg_id";
1009 TemporaryTestUser user1("sm_test_61_1_user_name", GUM_USERTYPE_NORMAL, false);
1011 TemporaryTestUser user2("sm_test_61_2_user_name", GUM_USERTYPE_NORMAL, false);
1014 std::string path = TzPlatformConfig::appDirPath(user2, sm_app_id, sm_pkg_id);
1016 removeTestDirs(user2, sm_app_id, sm_pkg_id);
1017 createTestDirs(user2, sm_app_id, sm_pkg_id);
1019 install_app(sm_app_id, sm_pkg_id, user2.getUid());
1021 int result = drop_root_privileges(user1.getUid(), user1.getGid());
1022 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1025 preq.setPkgId(sm_pkg_id);
1026 preq.setUid(user2.getUid());
1027 preq.addPath(path, SECURITY_MANAGER_PATH_RW);
1029 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
1032 void testPathOutside(const std::string& pkgId, uid_t uid, const std::string& path)
1035 preq.setPkgId(pkgId);
1037 preq.addPath(path, SECURITY_MANAGER_PATH_RW);
1039 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
1042 RUNNER_TEST(security_manager_62_path_req_path_outside)
1044 const char *const sm_app_id = "sm_test_62_app_id";
1045 const char *const sm_pkg_id = "sm_test_62_pkg_id";
1047 TemporaryTestUser user1("sm_test_62_1_user_name", GUM_USERTYPE_NORMAL, false);
1049 TemporaryTestUser user2("sm_test_62_2_user_name", GUM_USERTYPE_NORMAL, false);
1052 install_app(sm_app_id, sm_pkg_id, user1.getUid());
1054 removeTestDirs(user1, sm_app_id, sm_pkg_id);
1055 removeTestDirs(user2, sm_app_id, sm_pkg_id);
1056 createTestDirs(user1, sm_app_id, sm_pkg_id);
1057 createTestDirs(user2, sm_app_id, sm_pkg_id);
1059 testPathOutside(sm_pkg_id, user1.getUid(),
1060 TzPlatformConfig::appDirPath(user2, sm_app_id, sm_pkg_id));
1061 testPathOutside(sm_pkg_id, user1.getUid(),
1062 TzPlatformConfig::appDirPath(user1, sm_app_id, "sm_test_62_non_existing_pkg_id"));
1063 testPathOutside(sm_pkg_id, user1.getUid(), std::string("/home/") + user1.getUserName());
1066 void testPathsReqAsUser(const enum app_install_type &type, lib_retcode expectedResult) {
1067 const char *const sm_app_id = "sm_test_63_app_id";
1068 const char *const sm_pkg_id = "sm_test_63_pkg_id";
1070 TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
1072 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1074 removeTestDirs(user, sm_app_id, sm_pkg_id);
1075 createTestDirs(user, sm_app_id, sm_pkg_id);
1077 install_app(sm_app_id, sm_pkg_id, user.getUid());
1079 int result = drop_root_privileges(user.getUid(), user.getGid());
1080 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1083 preq.setPkgId(sm_pkg_id);
1084 preq.setUid(user.getUid());
1085 preq.setInstallType(type);
1086 preq.addPath(path, SECURITY_MANAGER_PATH_RW);
1088 Api::registerPaths(preq, expectedResult);
1091 RUNNER_CHILD_TEST(security_manager_63a_path_req_as_user)
1093 testPathsReqAsUser(SM_APP_INSTALL_GLOBAL,
1094 (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
1097 RUNNER_CHILD_TEST(security_manager_63b_path_req_preloaded_as_user)
1099 testPathsReqAsUser(SM_APP_INSTALL_PRELOADED,
1100 (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
1103 void testPathsReqLocal(uid_t uid, gid_t gid)
1105 const char *const sm_app_id = "sm_test_64_app_id";
1106 const char *const sm_pkg_id = "sm_test_64_pkg_id";
1108 TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
1110 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1112 removeTestDirs(user, sm_app_id, sm_pkg_id);
1113 createTestDirs(user, sm_app_id, sm_pkg_id);
1115 install_app(sm_app_id, sm_pkg_id, user.getUid());
1117 int result = drop_root_privileges(uid, gid);
1118 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1121 preq.setPkgId(sm_pkg_id);
1122 preq.setUid(user.getUid());
1123 preq.setInstallType(SM_APP_INSTALL_LOCAL);
1124 preq.addPath(path, SECURITY_MANAGER_PATH_RW);
1126 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
1130 RUNNER_CHILD_TEST(security_manager_64a_path_req_as_local_as_root)
1132 testPathsReqLocal(0, 0);
1135 RUNNER_CHILD_TEST(security_manager_64b_path_req_as_local_asuser)
1137 testPathsReqLocal(TzPlatformConfig::getGlobalUserId(), TzPlatformConfig::getGlobalGroupId());
1140 RUNNER_TEST(security_manager_66_path_req_check_labels)
1142 const char *const sm_app_id = "sm_test_66_app_id_full";
1143 const char *const sm_pkg_id = "sm_test_66_pkg_id_full";
1145 std::string SM_RW_PATH = genRWPath(66);
1146 std::string SM_RO_PATH = genROPath(66);
1147 std::string SM_PUBLIC_RO_PATH = genPublicROPath(66);
1149 prepare_app_env(66);
1151 install_app(sm_app_id, sm_pkg_id);
1154 preq.setPkgId(sm_pkg_id);
1155 preq.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
1156 preq.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
1157 preq.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
1158 Api::registerPaths(preq);
1160 uninstall_app(sm_app_id, sm_pkg_id, true);
1163 RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
1165 const char *const sm_app_id = "sm_test_67_app_id";
1166 const char *const sm_pkg_id = "sm_test_67_pkg_id";
1168 TemporaryTestUser user("sm_test_67_user_name", GUM_USERTYPE_NORMAL, false);
1170 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1172 removeTestDirs(user, sm_app_id, sm_pkg_id);
1173 createTestDirs(user, sm_app_id, sm_pkg_id);
1175 InstallRequest ireq;
1176 ireq.setAppId(sm_app_id);
1177 ireq.setPkgId(sm_pkg_id);
1178 ireq.setUid(user.getUid());
1179 ireq.setAppTizenVersion("3.0");
1183 preq.setPkgId(sm_pkg_id);
1184 preq.setUid(user.getUid());
1185 preq.addPath(path, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
1187 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
1190 RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
1192 const char *const sm_app_id = "sm_test_68_app_id";
1193 const char *const sm_pkg_id = "sm_test_68_pkg_id";
1195 TemporaryTestUser user("sm_test_68_user_name", GUM_USERTYPE_NORMAL, false);
1197 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1199 removeTestDirs(user, sm_app_id, sm_pkg_id);
1200 createTestDirs(user, sm_app_id, sm_pkg_id);
1202 InstallRequest ireq;
1203 ireq.setAppId(sm_app_id);
1204 ireq.setPkgId(sm_pkg_id);
1205 ireq.setUid(user.getUid());
1206 ireq.setAppTizenVersion("2.4");
1210 preq.setPkgId(sm_pkg_id);
1211 preq.setUid(user.getUid());
1212 preq.addPath(path, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
1214 Api::registerPaths(preq);
1217 check_path(path, generatePkgLabel(sm_pkg_id) + "::SharedRO");
1220 RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)
1222 const char *const sm_app_id = "sm_test_69_app_id";
1223 const char *const sm_pkg_id = "sm_test_69_pkg_id";
1225 TemporaryTestUser user("sm_test_69_user_name", GUM_USERTYPE_NORMAL, false);
1227 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1229 removeTestDirs(user, sm_app_id, sm_pkg_id);
1230 createTestDirs(user, sm_app_id, sm_pkg_id);
1232 install_app(sm_app_id, sm_pkg_id, user.getUid());
1235 preq.setPkgId(sm_pkg_id);
1236 preq.setUid(user.getUid());
1237 preq.addPath(path, SECURITY_MANAGER_PATH_TRUSTED_RW);
1239 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
1242 RUNNER_TEST(security_manager_70_path_req_trusted_rw_positive)
1244 const char *const sm_app_id = "sm_test_70_app_id";
1245 const char *const sm_pkg_id = "sm_test_70_pkg_id";
1246 const char *const author_id = "sm_test_70_author_id";
1248 TemporaryTestUser user("sm_test_70_user_name", GUM_USERTYPE_NORMAL, false);
1250 std::string path = TzPlatformConfig::appDirPath(user, sm_app_id, sm_pkg_id);
1252 removeTestDirs(user, sm_app_id, sm_pkg_id);
1253 createTestDirs(user, sm_app_id, sm_pkg_id);
1255 InstallRequest ireq;
1256 ireq.setAppId(sm_app_id);
1257 ireq.setPkgId(sm_pkg_id);
1258 ireq.setUid(user.getUid());
1259 ireq.setAuthorId(author_id);
1263 preq.setPkgId(sm_pkg_id);
1264 preq.setUid(user.getUid());
1265 preq.addPath(path, SECURITY_MANAGER_PATH_TRUSTED_RW);
1267 Api::registerPaths(preq);
1270 TestSecurityManagerDatabase dbtest;
1271 int64_t authorDb = dbtest.get_author_id(author_id);
1272 check_path(path, std::string("User::Author::") + std::to_string(authorDb));
1275 int main(int argc, char *argv[])
1277 return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);