src/security-manager-tests/test_cases_app_defined_privilege.cpp

   1 /*
   2  * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *    Licensed under the Apache License, Version 2.0 (the "License");
   5  *    you may not use this file except in compliance with the License.
   6  *    You may obtain a copy of the License at
   7  *
   8  *        http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *    Unless required by applicable law or agreed to in writing, software
  11  *    distributed under the License is distributed on an "AS IS" BASIS,
  12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *    See the License for the specific language governing permissions and
  14  *    limitations under the License.
  15  */
  16
  17 #include <functional>
  18 #include <string>
  19 #include <sys/types.h>
  20 #include <sys/un.h>
  21 #include <unistd.h>
  22
  23 #include <cynara_test_client.h>
  24 #include <dpl/test/test_runner.h>
  25 #include <sm_api.h>
  26 #include <sm_commons.h>
  27 #include <sm_request.h>
  28 #include <tests_common.h>
  29 #include <tzplatform.h>
  30 #include <app_install_helper.h>
  31 #include <scoped_installer.h>
  32
  33 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
  34
  35 using namespace SecurityManagerTest;
  36
  37 RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
  38 {
  39     const Privilege privilege(
  40         "http://tizen.org/untrusted/devstudio/statistic",
  41         Privilege::UNTRUSTED);
  42     const std::string providerAppId = "app_def_01_provider";
  43     const std::string clientAppId = "app_def_01_client";
  44     const std::string ownerId = "5001";
  45     const std::string session = "S0M3S3SSI0N";
  46
  47     AppInstallHelper provider(providerAppId);
  48     AppInstallHelper client(clientAppId);
  49
  50     std::string clientLabel = client.generateAppLabel();
  51
  52     provider.addAppDefinedPrivilege(privilege);
  53     client.addPrivilege(privilege);
  54
  55     ScopedInstaller req1(provider);
  56     ScopedInstaller req2(client);
  57
  58     CynaraTestClient::Client cynara;
  59     cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
  60
  61     // uninstall provider
  62     req1.uninstallApp();
  63
  64     cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
  65 }
  66
  67 RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
  68 {
  69     const Privilege providerPrivilegeLicense(
  70         "http://tizen.org/licensed/abcsoftware/calendar",
  71         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
  72     const Privilege clientPrivilegeLicense(
  73         "http://tizen.org/licensed/abcsoftware/calendar",
  74         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
  75     const std::string providerAppId = "app_def_provider_01";
  76     const std::string clientAppId = "app_def_client_01";
  77     const std::string ownerId = "5001";
  78     const std::string session = "S0M33S3SSI0N";
  79
  80     AppInstallHelper provider(providerAppId);
  81     AppInstallHelper client(clientAppId);
  82
  83     std::string clientLabel = client.generateAppLabel();
  84
  85     provider.addAppDefinedPrivilege(providerPrivilegeLicense);
  86     client.addPrivilege(clientPrivilegeLicense);
  87
  88     ScopedInstaller req1(provider);
  89     ScopedInstaller req2(client);
  90
  91     CynaraTestClient::Client cynara;
  92     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_ALLOWED);
  93
  94     // uninstall provider
  95     req1.uninstallApp();
  96
  97     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
  98 }
  99
 100 RUNNER_CHILD_TEST(app_defined_03_database_update)
 101 {
 102     const Privilege providerPrivilegeLicenseA(
 103         "http://tizen.org/licensed/abcsoftware/calendar",
 104         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
 105     const Privilege clientPrivilegeLicenseA(
 106         "http://tizen.org/licensed/abcsoftware/calendar",
 107         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
 108     const Privilege providerPrivilegeLicenseB(
 109         "http://tizen.org/licensed/xyzsoftware/camera",
 110         "/opt/usr/globalapps/app_def_provider_02_pkg_id/cert/xyzsoftware.pem");
 111     const Privilege clientPrivilegeLicenseB(
 112         "http://tizen.org/licensed/xyzsoftware/camera",
 113         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
 114
 115     const std::string providerAppIdA = "app_def_provider_01";
 116     const std::string providerAppIdB = "app_def_provider_02";
 117     const std::string clientAppId = "app_def_client_01";
 118     const std::string ownerId = "5001";
 119     const std::string session = "S0M33S3SSI0N";
 120
 121     AppInstallHelper providerA(providerAppIdA);
 122     AppInstallHelper providerB(providerAppIdB);
 123     AppInstallHelper client(clientAppId);
 124     client.setHybrid();
 125     std::string clientLabel = client.generateAppLabel();
 126
 127     providerA.addAppDefinedPrivilege(providerPrivilegeLicenseA);
 128     providerB.addAppDefinedPrivilege(providerPrivilegeLicenseB);
 129     client.addPrivilege(clientPrivilegeLicenseA);
 130     client.addPrivilege(clientPrivilegeLicenseB);
 131
 132     ScopedInstaller req1(providerA);
 133     ScopedInstaller req2(providerB);
 134     ScopedInstaller req3(client);
 135
 136     CynaraTestClient::Client cynara;
 137     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED);
 138     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
 139
 140     // uninstall providerA
 141     req1.uninstallApp();
 142
 143     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
 144     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
 145
 146     // uninstall providerB
 147     req2.uninstallApp();
 148
 149     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
 150     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 151 }
 152
 153 RUNNER_CHILD_TEST(app_defined_04_app_update)
 154 {
 155     const Privilege providerPrivilegeLicenseA(
 156         "http://tizen.org/licensed/abcsoftware/calendar",
 157         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
 158     const Privilege clientPrivilegeLicenseA(
 159         "http://tizen.org/licensed/abcsoftware/calendar",
 160         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
 161     const Privilege privilegeB(
 162         "http://tizen.org/untrusted/devstudio/statistic",
 163         Privilege::UNTRUSTED);
 164     const Privilege providerPrivilegeLicenseC(
 165         "http://tizen.org/licensed/xyzsoftware/camera",
 166         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
 167     const Privilege clientPrivilegeLicenseC(
 168         "http://tizen.org/licensed/xyzsoftware/camera",
 169         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
 170
 171     const std::string providerAppId = "app_def_provider_01";
 172     const std::string clientAppId = "app_def_client_01";
 173     const std::string ownerId = "5001";
 174     const std::string session = "S0M33S3SSI0N";
 175
 176     AppInstallHelper providerV1(providerAppId);
 177     AppInstallHelper providerV2(providerAppId);
 178     AppInstallHelper client(clientAppId);
 179
 180     std::string clientLabel = client.generateAppLabel();
 181
 182     providerV1.addAppDefinedPrivilege(providerPrivilegeLicenseA);
 183     providerV1.addAppDefinedPrivilege(privilegeB);
 184     client.addPrivilege(clientPrivilegeLicenseA);
 185     client.addPrivilege(privilegeB);
 186     client.addPrivilege(clientPrivilegeLicenseC);
 187
 188     ScopedInstaller req1(providerV1);
 189     ScopedInstaller req2(client);
 190
 191     CynaraTestClient::Client cynara;
 192     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED);
 193     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
 194     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_DENIED);
 195
 196     // update provider version, remove privilegeA, add privilegeC
 197     providerV2.addAppDefinedPrivilege(privilegeB);
 198     providerV2.addAppDefinedPrivilege(providerPrivilegeLicenseC);
 199
 200     ScopedInstaller req3(providerV2);
 201
 202     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
 203     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
 204     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_ALLOWED);
 205 }
 206
 207 RUNNER_CHILD_TEST(app_defined_05_global_local_install)
 208 {
 209     const Privilege privilegeA(
 210         "http://tizen.org/untrusted/devstudio/statistic",
 211         Privilege::UNTRUSTED);
 212     const Privilege providerLocalPrivilegeLicenseB(
 213         "http://tizen.org/licensed/abcsoftware/calendar",
 214         "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
 215     const Privilege clientGlobalPrivilegeLicenseB(
 216         "http://tizen.org/licensed/abcsoftware/calendar",
 217         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
 218     const Privilege clientLocalPrivilegeLicenseB(
 219         "http://tizen.org/licensed/abcsoftware/calendar",
 220         "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
 221     const Privilege privilegeC(
 222         "http://tizen.org/untrusted/gamestudio/football",
 223         Privilege::UNTRUSTED);
 224
 225     const std::string providerAppId = "app_def_provider_01";
 226     const std::string clientAppId = "app_def_client_01";
 227     const std::string ownerId = "5001";
 228     const std::string bobId = "5002";
 229     const std::string session = "S0M33S3SSI0N";
 230
 231     AppInstallHelper providerGlobal(providerAppId);
 232     AppInstallHelper providerLocal(providerAppId, 5002);
 233     AppInstallHelper clientGlobal(clientAppId);
 234     AppInstallHelper clientLocal(clientAppId, 5002);
 235
 236     std::string clientGlobalLabel = clientGlobal.generateAppLabel();
 237     std::string clientLocalLabel = clientLocal.generateAppLabel();
 238
 239     providerGlobal.addAppDefinedPrivilege(privilegeA);
 240     providerGlobal.addAppDefinedPrivilege(privilegeC);
 241     providerLocal.addAppDefinedPrivilege(privilegeA);
 242     providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseB);
 243
 244     clientGlobal.addPrivilege(privilegeA);
 245     clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
 246     clientGlobal.addPrivilege(privilegeC);
 247     clientLocal.addPrivilege(clientLocalPrivilegeLicenseB);
 248     clientLocal.addPrivilege(privilegeC);
 249
 250     CynaraTestClient::Client cynara;
 251
 252     // local provider only and global consumer only
 253     ScopedInstaller req1(providerLocal);
 254     ScopedInstaller req2(clientGlobal);
 255     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
 256     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 257     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
 258     cynara.check(clientGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
 259     cynara.check(clientGlobalLabel, session, bobId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
 260     cynara.check(clientGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
 261
 262     // local provider only and global/local consumer
 263     ScopedInstaller req3(clientLocal);
 264     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
 265     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
 266     cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
 267
 268     // global/local provider and global/local consumer
 269     ScopedInstaller req4(providerGlobal);
 270     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
 271     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 272     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
 273     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
 274     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
 275     //cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
 276
 277     // global provider only and global/local consumer
 278     req1.uninstallApp();
 279     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
 280     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 281     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
 282     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
 283     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 284     cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
 285
 286     // global provider only and global consumer only
 287     req3.uninstallApp();
 288     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
 289     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 290     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
 291 }
 292
 293 RUNNER_CHILD_TEST(app_defined_06_get_provider)
 294 {
 295     int result;
 296     char *pkgId = nullptr;
 297     char *appId = nullptr;
 298     const Privilege privilegeA(
 299         "http://tizen.org/untrusted/devstudio/statistic",
 300         Privilege::UNTRUSTED);
 301     const Privilege privilegeB(
 302         "http://tizen.org/untrusted/gamestudio/running",
 303         Privilege::UNTRUSTED);
 304     const std::string providerAppId = "app_def_06_provider";
 305     uid_t uid = 5001;
 306
 307     AppInstallHelper providerGlobal(providerAppId);
 308     AppInstallHelper providerLocal(providerAppId, uid);
 309     providerGlobal.addAppDefinedPrivilege(privilegeB);
 310     providerLocal.addAppDefinedPrivilege(privilegeA);
 311     ScopedInstaller req1(providerGlobal);
 312     ScopedInstaller req2(providerLocal);
 313
 314     result = security_manager_get_app_defined_privilege_provider("noExistingPrivilege",
 315                                                                  uid, &pkgId, &appId);
 316     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 317     RUNNER_ASSERT(appId == nullptr);
 318     RUNNER_ASSERT(pkgId == nullptr);
 319
 320     result = security_manager_get_app_defined_privilege_provider(privilegeA,
 321                                                                  uid+1, &pkgId, &appId);
 322     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 323     RUNNER_ASSERT(appId == nullptr);
 324     RUNNER_ASSERT(pkgId == nullptr);
 325
 326     result = security_manager_get_app_defined_privilege_provider(privilegeA,
 327                                                                  uid, nullptr, nullptr);
 328     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 329
 330     result = security_manager_get_app_defined_privilege_provider(privilegeA,
 331                                                                  uid, &pkgId, nullptr);
 332     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
 333     RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
 334     free(pkgId);
 335     pkgId = nullptr;
 336
 337     result = security_manager_get_app_defined_privilege_provider(privilegeA,
 338                                                                  uid, nullptr, &appId);
 339     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
 340     RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
 341     free(appId);
 342     appId = nullptr;
 343
 344     result = security_manager_get_app_defined_privilege_provider(privilegeA,
 345                                                                  uid, &pkgId, &appId);
 346     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
 347     RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
 348     RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
 349     free(appId);
 350     free(pkgId);
 351     appId = nullptr;
 352     pkgId = nullptr;
 353
 354     result = security_manager_get_app_defined_privilege_provider(privilegeB,
 355                                                                  uid, &pkgId, &appId);
 356     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
 357     RUNNER_ASSERT(appId && std::string(appId) == providerGlobal.getAppId());
 358     RUNNER_ASSERT(pkgId && std::string(pkgId) == providerGlobal.getPkgId());
 359     free(appId);
 360     free(pkgId);
 361     appId = nullptr;
 362     pkgId = nullptr;
 363 }
 364
 365 RUNNER_CHILD_TEST(app_defined_07_get_provider_license)
 366 {
 367     int result;
 368     char *license = nullptr;
 369     const Privilege providerLocalPrivilegeLicenseA(
 370         "http://tizen.org/licensed/abcsoftware/calendar",
 371         "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
 372     const Privilege providerGlobalPrivilegeLicenseB(
 373         "http://tizen.org/licensed/xyzsoftware/camera",
 374         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
 375     const Privilege privilegeBuntrusted(
 376         providerGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
 377
 378     const std::string providerAppId = "app_def_provider_01";
 379     uid_t uid = 5002;
 380
 381     AppInstallHelper providerGlobal(providerAppId);
 382     AppInstallHelper providerLocal(providerAppId, uid);
 383     providerGlobal.addAppDefinedPrivilege(providerGlobalPrivilegeLicenseB);
 384     providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseA);
 385     providerLocal.addAppDefinedPrivilege(privilegeBuntrusted);
 386
 387     ScopedInstaller req1(providerGlobal);
 388     ScopedInstaller req2(providerLocal);
 389
 390     result = security_manager_get_app_defined_privilege_license(nullptr, uid, &license);
 391     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 392     RUNNER_ASSERT(license == nullptr);
 393
 394     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, nullptr);
 395     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 396
 397     result = security_manager_get_app_defined_privilege_license("noExistingPrivilege", uid, &license);
 398     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 399     RUNNER_ASSERT(license == nullptr);
 400
 401     result = security_manager_get_app_defined_privilege_license(privilegeBuntrusted, uid, &license);
 402     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 403     RUNNER_ASSERT(license == nullptr);
 404
 405     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid+1, &license);
 406     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 407     RUNNER_ASSERT(license == nullptr);
 408
 409     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, &license);
 410     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
 411     RUNNER_ASSERT(license && providerLocalPrivilegeLicenseA.getLicense() == license);
 412     free(license);
 413     license = nullptr;
 414
 415     req2.uninstallApp();
 416     result = security_manager_get_app_defined_privilege_license(providerGlobalPrivilegeLicenseB, uid, &license);
 417     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
 418     RUNNER_ASSERT(license && providerGlobalPrivilegeLicenseB.getLicense() == license);
 419     free(license);
 420     license = nullptr;
 421 }
 422
 423 RUNNER_CHILD_TEST(app_defined_08_add_get_client_license)
 424 {
 425     int result;
 426     char *license = nullptr;
 427     const Privilege clientLocalPrivilegeLicenseA(
 428         "http://tizen.org/licensed/abcsoftware/calendar",
 429         "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
 430     const Privilege clientGlobalPrivilegeLicenseB(
 431         "http://tizen.org/licensed/xyzsoftware/camera",
 432         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
 433     const Privilege privilegeBuntrusted(
 434         clientGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
 435
 436     const std::string clientAppId = "app_def_client_01";
 437     uid_t uid = 5002;
 438
 439     AppInstallHelper clientGlobal(clientAppId);
 440     AppInstallHelper clientLocal(clientAppId, uid);
 441     clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
 442     clientLocal.addPrivilege(clientLocalPrivilegeLicenseA);
 443     clientLocal.addPrivilege(privilegeBuntrusted);
 444     ScopedInstaller req1(clientGlobal);
 445     ScopedInstaller req2(clientLocal);
 446
 447     result = security_manager_get_client_privilege_license(nullptr,
 448                                                            clientLocal.getPkgId().c_str(),
 449                                                            clientLocal.getAppId().c_str(),
 450                                                            uid, &license);
 451     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 452     RUNNER_ASSERT(license == nullptr);
 453
 454     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, nullptr, nullptr,
 455                                                            uid, &license);
 456     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 457     RUNNER_ASSERT(license == nullptr);
 458
 459     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
 460                                                            clientLocal.getPkgId().c_str(),
 461                                                            clientLocal.getAppId().c_str(),
 462                                                            uid, nullptr);
 463     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 464
 465     result = security_manager_get_client_privilege_license("noExistingPrivilege",
 466                                                            clientLocal.getPkgId().c_str(),
 467                                                            clientLocal.getAppId().c_str(),
 468                                                            uid, &license);
 469     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 470     RUNNER_ASSERT(license == nullptr);
 471
 472     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, "noExistingPkg", "noExistingApp",
 473                                                            uid, &license);
 474     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 475     RUNNER_ASSERT(license == nullptr);
 476
 477     result = security_manager_get_client_privilege_license(privilegeBuntrusted,
 478                                                            clientLocal.getPkgId().c_str(),
 479                                                            clientLocal.getAppId().c_str(),
 480                                                            uid, &license);
 481     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 482     RUNNER_ASSERT(license == nullptr);
 483
 484     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
 485                                                            clientLocal.getPkgId().c_str(),
 486                                                            clientLocal.getAppId().c_str(),
 487                                                            uid+1, &license);
 488     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 489     RUNNER_ASSERT(license == nullptr);
 490
 491     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
 492                                                            clientLocal.getPkgId().c_str(),
 493                                                            clientLocal.getAppId().c_str(),
 494                                                            uid, &license);
 495     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
 496     RUNNER_ASSERT(license && clientLocalPrivilegeLicenseA.getLicense() == license);
 497     free(license);
 498     license = nullptr;
 499
 500     req2.uninstallApp();
 501     result = security_manager_get_client_privilege_license(clientGlobalPrivilegeLicenseB,
 502                                                            clientGlobal.getPkgId().c_str(),
 503                                                            clientGlobal.getAppId().c_str(),
 504                                                            uid, &license);
 505     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
 506     RUNNER_ASSERT(license && clientGlobalPrivilegeLicenseB.getLicense() == license);
 507     free(license);
 508     license = nullptr;
 509 }
 510
 511 RUNNER_CHILD_TEST(app_defined_09_check_system_privileges)
 512 {
 513     const std::string providerAppId = "app_def_09_provider";
 514     const Privilege privilege("http://tizen.org/privilege/internet", Privilege::UNTRUSTED);
 515
 516     InstallRequest requestInst;
 517     requestInst.setAppId(providerAppId);
 518     requestInst.setPkgId(providerAppId);
 519     requestInst.addAppDefinedPrivilege(privilege);
 520     Api::install(requestInst, SECURITY_MANAGER_ERROR_INPUT_PARAM);
 521     Api::uninstall(requestInst);
 522 }
 523
 524 RUNNER_CHILD_TEST(app_defined_10_invalid_license)
 525 {
 526     const Privilege providerPrivilegeLicense(
 527         "http://tizen.org/licensed/abcsoftware/calendar",
 528         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
 529     const Privilege clientPrivilegeLicense(
 530         "http://tizen.org/licensed/abcsoftware/calendar",
 531         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
 532     const std::string providerAppId = "app_def_provider_01";
 533     const std::string clientAppId = "app_def_client_01";
 534     const std::string ownerId = "5001";
 535     const std::string session = "S0M33S3SSI0N";
 536
 537     AppInstallHelper provider(providerAppId);
 538     AppInstallHelper client(clientAppId);
 539     client.setHybrid();
 540     std::string clientLabel = client.generateAppLabel();
 541
 542     provider.addAppDefinedPrivilege(providerPrivilegeLicense);
 543     client.addPrivilege(clientPrivilegeLicense);
 544
 545     ScopedInstaller req1(provider);
 546     ScopedInstaller req2(client);
 547
 548     CynaraTestClient::Client cynara;
 549     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
 550 }