2 * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <sys/types.h>
23 #include <cynara_test_client.h>
24 #include <dpl/test/test_runner.h>
26 #include <sm_commons.h>
27 #include <sm_request.h>
28 #include <tests_common.h>
29 #include <tzplatform.h>
30 #include <app_install_helper.h>
31 #include <scoped_installer.h>
33 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
35 using namespace SecurityManagerTest;
37 RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
39 const Privilege privilege(
40 "http://tizen.org/untrusted/devstudio/statistic",
41 Privilege::UNTRUSTED);
42 const std::string providerAppId = "app_def_01_provider";
43 const std::string clientAppId = "app_def_01_client";
44 const std::string ownerId = "5001";
45 const std::string session = "S0M3S3SSI0N";
47 AppInstallHelper provider(providerAppId);
48 AppInstallHelper client(clientAppId);
50 std::string clientLabel = client.generateAppLabel();
52 provider.addAppDefinedPrivilege(privilege);
53 client.addPrivilege(privilege);
55 ScopedInstaller req1(provider);
56 ScopedInstaller req2(client);
58 CynaraTestClient::Client cynara;
59 cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
64 cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
67 RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
69 const Privilege providerPrivilegeLicense(
70 "http://tizen.org/licensed/abcsoftware/calendar",
71 "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
72 const Privilege clientPrivilegeLicense(
73 "http://tizen.org/licensed/abcsoftware/calendar",
74 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
75 const std::string providerAppId = "app_def_provider_01";
76 const std::string clientAppId = "app_def_client_01";
77 const std::string ownerId = "5001";
78 const std::string session = "S0M33S3SSI0N";
80 AppInstallHelper provider(providerAppId);
81 AppInstallHelper client(clientAppId);
83 std::string clientLabel = client.generateAppLabel();
85 provider.addAppDefinedPrivilege(providerPrivilegeLicense);
86 client.addPrivilege(clientPrivilegeLicense);
88 ScopedInstaller req1(provider);
89 ScopedInstaller req2(client);
91 CynaraTestClient::Client cynara;
92 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_ALLOWED);
97 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
100 RUNNER_CHILD_TEST(app_defined_03_database_update)
102 const Privilege privilegeA(
103 "http://tizen.org/untrusted/devstudio/statistic", Privilege::UNTRUSTED);
104 const Privilege privilegeB(
105 "http://tizen.org/untrusted/gamestudio/football", Privilege::UNTRUSTED);
107 const std::string providerAppIdA = "app_def_provider_01";
108 const std::string providerAppIdB = "app_def_provider_02";
109 const std::string clientAppId = "app_def_client_01";
110 const std::string ownerId = "5001";
111 const std::string session = "S0M33S3SSI0N";
113 AppInstallHelper providerA(providerAppIdA);
114 AppInstallHelper providerB(providerAppIdB);
115 AppInstallHelper client(clientAppId);
117 std::string clientLabel = client.generateAppLabel();
119 providerA.addAppDefinedPrivilege(privilegeA);
120 providerB.addAppDefinedPrivilege(privilegeB);
121 client.addPrivilege(privilegeA);
122 client.addPrivilege(privilegeB);
124 ScopedInstaller req1(providerA);
125 ScopedInstaller req2(providerB);
126 ScopedInstaller req3(client);
128 CynaraTestClient::Client cynara;
129 cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
130 cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
132 // uninstall providerA
135 cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
136 cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
138 // uninstall providerB
141 cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
142 cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
145 RUNNER_CHILD_TEST(app_defined_04_app_update)
147 const Privilege providerPrivilegeLicenseA(
148 "http://tizen.org/licensed/abcsoftware/calendar",
149 "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
150 const Privilege clientPrivilegeLicenseA(
151 "http://tizen.org/licensed/abcsoftware/calendar",
152 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
153 const Privilege privilegeB(
154 "http://tizen.org/untrusted/devstudio/statistic",
155 Privilege::UNTRUSTED);
156 const Privilege providerPrivilegeLicenseC(
157 "http://tizen.org/licensed/xyzsoftware/camera",
158 "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
159 const Privilege clientPrivilegeLicenseC(
160 "http://tizen.org/licensed/xyzsoftware/camera",
161 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
163 const std::string providerAppId = "app_def_provider_01";
164 const std::string clientAppId = "app_def_client_01";
165 const std::string ownerId = "5001";
166 const std::string session = "S0M33S3SSI0N";
168 AppInstallHelper providerV1(providerAppId);
169 AppInstallHelper providerV2(providerAppId);
170 AppInstallHelper client(clientAppId);
172 std::string clientLabel = client.generateAppLabel();
174 providerV1.addAppDefinedPrivilege(providerPrivilegeLicenseA);
175 providerV1.addAppDefinedPrivilege(privilegeB);
176 client.addPrivilege(clientPrivilegeLicenseA);
177 client.addPrivilege(privilegeB);
178 client.addPrivilege(clientPrivilegeLicenseC);
180 ScopedInstaller req1(providerV1);
181 ScopedInstaller req2(client);
183 CynaraTestClient::Client cynara;
184 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED);
185 cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
186 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_DENIED);
188 // update provider version, remove privilegeA, add privilegeC
189 providerV2.addAppDefinedPrivilege(privilegeB);
190 providerV2.addAppDefinedPrivilege(providerPrivilegeLicenseC);
192 ScopedInstaller req3(providerV2);
194 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
195 cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
196 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_ALLOWED);
199 RUNNER_CHILD_TEST(app_defined_05_global_local_install)
201 const Privilege privilegeA(
202 "http://tizen.org/untrusted/devstudio/statistic",
203 Privilege::UNTRUSTED);
204 const Privilege providerLocalPrivilegeLicenseB(
205 "http://tizen.org/licensed/abcsoftware/calendar",
206 "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
207 const Privilege clientGlobalPrivilegeLicenseB(
208 "http://tizen.org/licensed/abcsoftware/calendar",
209 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
210 const Privilege clientLocalPrivilegeLicenseB(
211 "http://tizen.org/licensed/abcsoftware/calendar",
212 "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
213 const Privilege privilegeC(
214 "http://tizen.org/untrusted/gamestudio/football",
215 Privilege::UNTRUSTED);
217 const std::string providerAppId = "app_def_provider_01";
218 const std::string clientAppId = "app_def_client_01";
219 const std::string ownerId = "5001";
220 const std::string bobId = "5002";
221 const std::string session = "S0M33S3SSI0N";
223 AppInstallHelper providerGlobal(providerAppId);
224 AppInstallHelper providerLocal(providerAppId, 5002);
225 AppInstallHelper clientGlobal(clientAppId);
226 AppInstallHelper clientLocal(clientAppId, 5002);
228 std::string clientGlobalLabel = clientGlobal.generateAppLabel();
229 std::string clientLocalLabel = clientLocal.generateAppLabel();
231 providerGlobal.addAppDefinedPrivilege(privilegeA);
232 providerGlobal.addAppDefinedPrivilege(privilegeC);
233 providerLocal.addAppDefinedPrivilege(privilegeA);
234 providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseB);
236 clientGlobal.addPrivilege(privilegeA);
237 clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
238 clientGlobal.addPrivilege(privilegeC);
239 clientLocal.addPrivilege(clientLocalPrivilegeLicenseB);
240 clientLocal.addPrivilege(privilegeC);
242 CynaraTestClient::Client cynara;
244 // local provider only and global consumer only
245 ScopedInstaller req1(providerLocal);
246 ScopedInstaller req2(clientGlobal);
247 cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
248 cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
249 cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
250 cynara.check(clientGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
251 cynara.check(clientGlobalLabel, session, bobId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
252 cynara.check(clientGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
254 // local provider only and global/local consumer
255 ScopedInstaller req3(clientLocal);
256 cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
257 cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
258 cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
260 // global/local provider and global/local consumer
261 ScopedInstaller req4(providerGlobal);
262 cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
263 cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
264 cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
265 cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
266 cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
267 //cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
269 // global provider only and global/local consumer
271 cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
272 cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
273 cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
274 cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
275 cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
276 cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
278 // global provider only and global consumer only
280 cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
281 cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
282 cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
285 RUNNER_CHILD_TEST(app_defined_06_get_provider)
288 char *pkgId = nullptr;
289 char *appId = nullptr;
290 const Privilege privilegeA(
291 "http://tizen.org/untrusted/devstudio/statistic",
292 Privilege::UNTRUSTED);
293 const Privilege privilegeB(
294 "http://tizen.org/untrusted/gamestudio/running",
295 Privilege::UNTRUSTED);
296 const std::string providerAppId = "app_def_06_provider";
299 AppInstallHelper providerGlobal(providerAppId);
300 AppInstallHelper providerLocal(providerAppId, uid);
301 providerGlobal.addAppDefinedPrivilege(privilegeB);
302 providerLocal.addAppDefinedPrivilege(privilegeA);
303 ScopedInstaller req1(providerGlobal);
304 ScopedInstaller req2(providerLocal);
306 result = security_manager_get_app_defined_privilege_provider("noExistingPrivilege",
307 uid, &pkgId, &appId);
308 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
309 RUNNER_ASSERT(appId == nullptr);
310 RUNNER_ASSERT(pkgId == nullptr);
312 result = security_manager_get_app_defined_privilege_provider(privilegeA,
313 uid+1, &pkgId, &appId);
314 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
315 RUNNER_ASSERT(appId == nullptr);
316 RUNNER_ASSERT(pkgId == nullptr);
318 result = security_manager_get_app_defined_privilege_provider(privilegeA,
319 uid, nullptr, nullptr);
320 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
322 result = security_manager_get_app_defined_privilege_provider(privilegeA,
323 uid, &pkgId, nullptr);
324 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
325 RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
329 result = security_manager_get_app_defined_privilege_provider(privilegeA,
330 uid, nullptr, &appId);
331 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
332 RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
336 result = security_manager_get_app_defined_privilege_provider(privilegeA,
337 uid, &pkgId, &appId);
338 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
339 RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
340 RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
346 result = security_manager_get_app_defined_privilege_provider(privilegeB,
347 uid, &pkgId, &appId);
348 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT,
349 "Local installation of application should 'hide' this privilege. Provider should not be found.");
350 RUNNER_ASSERT(appId == nullptr);
351 RUNNER_ASSERT(pkgId == nullptr);
354 RUNNER_CHILD_TEST(app_defined_07_get_provider_license)
357 char *license = nullptr;
358 const Privilege providerLocalPrivilegeLicenseA(
359 "http://tizen.org/licensed/abcsoftware/calendar",
360 "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
361 const Privilege providerGlobalPrivilegeLicenseB(
362 "http://tizen.org/licensed/xyzsoftware/camera",
363 "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
364 const Privilege privilegeBuntrusted(
365 providerGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
367 const std::string providerAppId = "app_def_provider_01";
370 AppInstallHelper providerGlobal(providerAppId);
371 AppInstallHelper providerLocal(providerAppId, uid);
372 providerGlobal.addAppDefinedPrivilege(providerGlobalPrivilegeLicenseB);
373 providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseA);
374 providerLocal.addAppDefinedPrivilege(privilegeBuntrusted);
376 ScopedInstaller req1(providerGlobal);
377 ScopedInstaller req2(providerLocal);
379 result = security_manager_get_app_defined_privilege_license(nullptr, uid, &license);
380 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
381 RUNNER_ASSERT(license == nullptr);
383 result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, nullptr);
384 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
386 result = security_manager_get_app_defined_privilege_license("noExistingPrivilege", uid, &license);
387 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
388 RUNNER_ASSERT(license == nullptr);
390 result = security_manager_get_app_defined_privilege_license(privilegeBuntrusted, uid, &license);
391 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
392 RUNNER_ASSERT(license == nullptr);
394 result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid+1, &license);
395 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
396 RUNNER_ASSERT(license == nullptr);
398 result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, &license);
399 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
400 RUNNER_ASSERT(license && providerLocalPrivilegeLicenseA.getLicense() == license);
405 result = security_manager_get_app_defined_privilege_license(providerGlobalPrivilegeLicenseB, uid, &license);
406 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
407 RUNNER_ASSERT(license && providerGlobalPrivilegeLicenseB.getLicense() == license);
412 RUNNER_CHILD_TEST(app_defined_08_add_get_license_with_untrusted_priv)
415 char *license = nullptr;
416 char *appId = nullptr;
417 char *pkgId = nullptr;
419 const Privilege privilegeUntrusted(
420 "http://tizen.org/licensed/abcsoftware/calendar",
421 Privilege::UNTRUSTED);
423 const std::string providerAppId = "app_def_provider_07";
424 const std::string clientAppId = "app_def_client_07";
427 AppInstallHelper providerGlobal(providerAppId);
428 providerGlobal.addAppDefinedPrivilege(privilegeUntrusted);
430 AppInstallHelper clientLocal(clientAppId, uid);
431 clientLocal.addPrivilege(privilegeUntrusted);
433 ScopedInstaller req1(providerGlobal);
434 ScopedInstaller req2(clientLocal);
436 result = security_manager_get_client_privilege_license(privilegeUntrusted,
437 clientLocal.getPkgId().c_str(),
438 clientLocal.getAppId().c_str(),
440 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
441 RUNNER_ASSERT(license == nullptr);
443 result = security_manager_get_app_defined_privilege_license(privilegeUntrusted, uid, &license);
444 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT, "getting privilege provider license failed");
445 RUNNER_ASSERT(license == nullptr);
447 result = security_manager_get_app_defined_privilege_provider(privilegeUntrusted,
448 uid, &pkgId, &appId);
449 RUNNER_ASSERT(result == SECURITY_MANAGER_SUCCESS);
450 RUNNER_ASSERT(appId != nullptr && providerGlobal.getAppId() == appId);
451 RUNNER_ASSERT(pkgId != nullptr && providerGlobal.getPkgId() == pkgId);
456 RUNNER_CHILD_TEST(app_defined_09_add_get_client_license)
459 char *license = nullptr;
460 const Privilege clientLocalPrivilegeLicenseA(
461 "http://tizen.org/licensed/abcsoftware/calendar",
462 "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
463 const Privilege clientGlobalPrivilegeLicenseB(
464 "http://tizen.org/licensed/xyzsoftware/camera",
465 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
466 const Privilege privilegeBuntrusted(
467 clientGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
469 const std::string clientAppId = "app_def_client_01";
472 AppInstallHelper clientGlobal(clientAppId);
473 AppInstallHelper clientLocal(clientAppId, uid);
474 clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
475 clientLocal.addPrivilege(clientLocalPrivilegeLicenseA);
476 clientLocal.addPrivilege(privilegeBuntrusted);
477 ScopedInstaller req1(clientGlobal);
478 ScopedInstaller req2(clientLocal);
480 result = security_manager_get_client_privilege_license(nullptr,
481 clientLocal.getPkgId().c_str(),
482 clientLocal.getAppId().c_str(),
484 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
485 RUNNER_ASSERT(license == nullptr);
487 result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, nullptr, nullptr,
489 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
490 RUNNER_ASSERT(license == nullptr);
492 result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
493 clientLocal.getPkgId().c_str(),
494 clientLocal.getAppId().c_str(),
496 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
498 result = security_manager_get_client_privilege_license("noExistingPrivilege",
499 clientLocal.getPkgId().c_str(),
500 clientLocal.getAppId().c_str(),
502 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
503 RUNNER_ASSERT(license == nullptr);
505 result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, "noExistingPkg", "noExistingApp",
507 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
508 RUNNER_ASSERT(license == nullptr);
510 result = security_manager_get_client_privilege_license(privilegeBuntrusted,
511 clientLocal.getPkgId().c_str(),
512 clientLocal.getAppId().c_str(),
514 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
515 RUNNER_ASSERT(license == nullptr);
517 result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
518 clientLocal.getPkgId().c_str(),
519 clientLocal.getAppId().c_str(),
521 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
522 RUNNER_ASSERT(license == nullptr);
524 result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
525 clientLocal.getPkgId().c_str(),
526 clientLocal.getAppId().c_str(),
528 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
529 RUNNER_ASSERT(license && clientLocalPrivilegeLicenseA.getLicense() == license);
534 result = security_manager_get_client_privilege_license(clientGlobalPrivilegeLicenseB,
535 clientGlobal.getPkgId().c_str(),
536 clientGlobal.getAppId().c_str(),
538 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
539 RUNNER_ASSERT(license && clientGlobalPrivilegeLicenseB.getLicense() == license);
544 RUNNER_CHILD_TEST(app_defined_10_check_system_privileges)
546 const std::string providerAppId = "app_def_09_provider";
547 const Privilege privilege("http://tizen.org/privilege/internet", Privilege::UNTRUSTED);
549 InstallRequest requestInst;
550 requestInst.setAppId(providerAppId);
551 requestInst.setPkgId(providerAppId);
552 requestInst.addAppDefinedPrivilege(privilege);
553 Api::install(requestInst, SECURITY_MANAGER_ERROR_INPUT_PARAM);
554 Api::uninstall(requestInst);
557 RUNNER_CHILD_TEST(app_defined_11_invalid_license)
559 const Privilege providerPrivilegeLicense(
560 "http://tizen.org/licensed/abcsoftware/calendar",
561 "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
562 const Privilege clientPrivilegeLicense(
563 "http://tizen.org/licensed/abcsoftware/calendar",
564 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
565 const std::string providerAppId = "app_def_provider_01";
566 const std::string clientAppId = "app_def_client_01";
567 const std::string ownerId = "5001";
568 const std::string session = "S0M33S3SSI0N";
570 AppInstallHelper provider(providerAppId);
571 AppInstallHelper client(clientAppId);
573 std::string clientLabel = client.generateAppLabel();
575 provider.addAppDefinedPrivilege(providerPrivilegeLicense);
576 client.addPrivilege(clientPrivilegeLicense);
578 ScopedInstaller req1(provider);
579 ScopedInstaller req2(client);
581 CynaraTestClient::Client cynara;
582 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
585 RUNNER_CHILD_TEST(app_defined_12_invalid_common_name)
587 const Privilege providerPrivilegeLicense(
588 "http://tizen.org/licensed/xyzsoftware/camera",
589 "/opt/usr/globalapps/app_def_provider_02_pkg_id/cert/xyzsoftware.pem");
590 const Privilege clientPrivilegeLicense(
591 "http://tizen.org/licensed/xyzsoftware/camera",
592 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
593 const std::string providerAppId = "app_def_provider_02";
594 const std::string clientAppId = "app_def_client_01";
595 const std::string ownerId = "5001";
596 const std::string session = "S0M33S3SSI0N";
598 AppInstallHelper provider(providerAppId);
599 AppInstallHelper client(clientAppId);
601 std::string clientLabel = client.generateAppLabel();
603 provider.addAppDefinedPrivilege(providerPrivilegeLicense);
604 client.addPrivilege(clientPrivilegeLicense);
606 ScopedInstaller req1(provider);
607 ScopedInstaller req2(client);
609 CynaraTestClient::Client cynara;
610 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);