projects / platform / core / test / security-tests.git / blob
? search:


fe2a8119dbd18d2fffcb56aa1f05d9d82c0751f7
[platform/core/test/security-tests.git] / src / security-manager-tests / test_cases_app_defined_privilege.cpp
1 /*
2  * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 #include <functional>
18 #include <string>
19 #include <sys/types.h>
20 #include <sys/un.h>
21 #include <unistd.h>
22
23 #include <cynara_test_client.h>
24 #include <dpl/test/test_runner.h>
25 #include <sm_api.h>
26 #include <sm_commons.h>
27 #include <sm_request.h>
28 #include <tests_common.h>
29 #include <tzplatform.h>
30 #include <app_install_helper.h>
31 #include <scoped_installer.h>
32
33 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
34
35 using namespace SecurityManagerTest;
36
37 RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
38 {
39     const std::string privilege = "http://tizen.org/applicationDefinedPrivilege/app_defined_01";
40     const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED;
41     const std::string providerAppId = "app_def_01_provider_appid";
42     const std::string consumerAppId = "app_def_01_client_appid";
43     const std::string ownerId = "5001";
44     const std::string session = "S0M3S3SSI0N";
45
46     AppInstallHelper provider(providerAppId);
47     AppInstallHelper consumer(consumerAppId);
48
49     std::string consumerLabel = consumer.generateAppLabel();
50
51     provider.addAppDefinedPrivilege(std::make_pair(privilege, type));
52     consumer.addPrivilege(privilege);
53
54     ScopedInstaller req1(provider);
55     ScopedInstaller req2(consumer);
56
57     CynaraTestClient::Client cynara;
58     cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
59
60     // uninstall provider
61     req1.uninstallApp();
62
63     cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
64 }
65
66 RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
67 {
68     const std::string privilege = "http://tizen.org/licensedPrivilege/app_defined_02";
69     const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED;
70     const std::string providerAppId = "app_def_02_provider_appid";
71     const std::string consumerAppId = "app_def_02_client_appid";
72     const std::string ownerId = "5001";
73     const std::string session = "S0M33S3SSI0N";
74
75     AppInstallHelper provider(providerAppId);
76     AppInstallHelper consumer(consumerAppId);
77
78     std::string consumerLabel = consumer.generateAppLabel();
79
80     provider.addAppDefinedPrivilege(std::make_pair(privilege, type));
81     consumer.addPrivilege(privilege);
82
83     ScopedInstaller req1(provider);
84     ScopedInstaller req2(consumer);
85
86     CynaraTestClient::Client cynara;
87     cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
88
89     // uninstall provider
90     req1.uninstallApp();
91
92     cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
93 }
94
95 RUNNER_CHILD_TEST(app_defined_03_database_update)
96 {
97     // Because of a bug in implementation during installation of
98     // providerB privileges of providerA were deleted from cynara
99     // database. This test should check if bug was fixed.
100     const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_03a";
101     const std::string privilegeB = "http://tizen.org/licensedPrivilege/app_defined_03b";
102     const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED;
103     const std::string providerAppIdA = "app_def_03a_provider_appid";
104     const std::string providerAppIdB = "app_def_03b_provider_appid";
105     const std::string consumerAppId = "app_def_03_client_appid";
106     const std::string ownerId = "5001";
107     const std::string session = "S0M33S3SSI0N";
108
109     AppInstallHelper providerA(providerAppIdA);
110     AppInstallHelper providerB(providerAppIdB);
111     AppInstallHelper consumer(consumerAppId);
112
113     std::string consumerLabel = consumer.generateAppLabel();
114
115     providerA.addAppDefinedPrivilege(std::make_pair(privilegeA, type));
116     providerB.addAppDefinedPrivilege(std::make_pair(privilegeB, type));
117     consumer.addPrivilege(privilegeA);
118     consumer.addPrivilege(privilegeB);
119
120     ScopedInstaller req1(providerA);
121     ScopedInstaller req2(providerB);
122     ScopedInstaller req3(consumer);
123
124     CynaraTestClient::Client cynara;
125     cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
126     cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
127
128     // uninstall providerA
129     req1.uninstallApp();
130
131     cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
132     cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
133
134     // uninstall providerB
135     req2.uninstallApp();
136
137     cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
138     cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
139 }
140
141 RUNNER_CHILD_TEST(app_defined_04_app_update)
142 {
143     const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_04a";
144     const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_04b";
145     const std::string privilegeC = "http://tizen.org/licensedPrivilege/app_defined_04c";
146     const std::string providerAppId = "app_def_04_provider_appid";
147     const std::string consumerAppId = "app_def_04_client_appid";
148     const std::string ownerId = "5001";
149     const std::string session = "S0M33S3SSI0N";
150
151     AppInstallHelper providerV1(providerAppId);
152     AppInstallHelper providerV2(providerAppId);
153     AppInstallHelper consumer(consumerAppId);
154
155     std::string consumerLabel = consumer.generateAppLabel();
156
157     providerV1.addAppDefinedPrivilege(std::make_pair(privilegeA, SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED));
158     providerV1.addAppDefinedPrivilege(std::make_pair(privilegeB, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
159     consumer.addPrivilege(privilegeA);
160     consumer.addPrivilege(privilegeB);
161     consumer.addPrivilege(privilegeC);
162
163     ScopedInstaller req1(providerV1);
164     ScopedInstaller req2(consumer);
165
166     CynaraTestClient::Client cynara;
167     cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
168     cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
169     cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
170
171     // update provider version, remove privilegeA, add privilegeC
172     providerV2.addAppDefinedPrivilege(std::make_pair(privilegeB, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
173     providerV2.addAppDefinedPrivilege(std::make_pair(privilegeC, SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED));
174     ScopedInstaller req3(providerV2);
175
176     cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
177     cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
178     cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
179 }
180
181 RUNNER_CHILD_TEST(app_defined_05_global_local_install)
182 {
183     const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_05a";
184     const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_05b";
185     const std::string privilegeC = "http://tizen.org/applicationDefinedPrivilege/app_defined_05c";
186     const std::string providerAppId = "app_def_05_provider_appid";
187     const std::string consumerAppId = "app_def_05_client_appid";
188     const std::string ownerId = "5001";
189     const std::string bobId = "5002";
190     const std::string session = "S0M33S3SSI0N";
191
192     AppInstallHelper providerGlobal(providerAppId);
193     AppInstallHelper providerLocal(providerAppId, 5002);
194     AppInstallHelper consumerGlobal(consumerAppId);
195     AppInstallHelper consumerLocal(consumerAppId, 5002);
196
197     std::string consumerGlobalLabel = consumerGlobal.generateAppLabel();
198     std::string consumerLocalLabel = consumerLocal.generateAppLabel();
199
200     providerGlobal.addAppDefinedPrivilege(std::make_pair(privilegeA, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
201     providerGlobal.addAppDefinedPrivilege(std::make_pair(privilegeC, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
202
203     providerLocal.addAppDefinedPrivilege(std::make_pair(privilegeA, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
204     providerLocal.addAppDefinedPrivilege(std::make_pair(privilegeB, SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED));
205
206     consumerGlobal.addPrivilege(privilegeA);
207     consumerGlobal.addPrivilege(privilegeB);
208     consumerGlobal.addPrivilege(privilegeC);
209
210     consumerLocal.addPrivilege(privilegeB);
211     consumerLocal.addPrivilege(privilegeC);
212
213     CynaraTestClient::Client cynara;
214
215     // local provider only and global consumer only
216     ScopedInstaller req1(providerLocal);
217     ScopedInstaller req2(consumerGlobal);
218     cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
219     cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
220     cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
221     cynara.check(consumerGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
222     cynara.check(consumerGlobalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
223     cynara.check(consumerGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
224
225     // local provider only and global/local consumer
226     ScopedInstaller req3(consumerLocal);
227     cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
228     cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
229     cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
230
231     // global/local provider and global/local consumer
232     ScopedInstaller req4(providerGlobal);
233     cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
234     cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
235     cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
236     cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
237     cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
238     //cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
239
240     // global provider only and global/local consumer
241     req1.uninstallApp();
242     cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
243     cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
244     cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
245     cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
246     cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_DENIED);
247     cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
248
249     // global provider only and global consumer only
250     req3.uninstallApp();
251     cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
252     cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
253     cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
254 }
255
256 RUNNER_CHILD_TEST(app_defined_06_get_provider)
257 {
258     int result;
259     char *pkgId = nullptr;
260     char *appId = nullptr;
261     const std::string privilege = "http://tizen.org/applicationDefinedPrivilege/app_defined_06";
262     const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED;
263     const std::string providerId = "app_def_06_provider";
264     uid_t uid = 5001;
265
266     AppInstallHelper provider(providerId, uid);
267     provider.addAppDefinedPrivilege(std::make_pair(privilege, type));
268     ScopedInstaller req1(provider);
269
270     result = security_manager_identify_privilege_provider("noExistingPrivilege", uid, &pkgId, &appId);
271     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
272     RUNNER_ASSERT(appId == nullptr);
273     RUNNER_ASSERT(pkgId == nullptr);
274
275     result = security_manager_identify_privilege_provider(privilege.c_str(), uid+1, &pkgId, &appId);
276     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
277     RUNNER_ASSERT(appId == nullptr);
278     RUNNER_ASSERT(pkgId == nullptr);
279
280     result = security_manager_identify_privilege_provider(privilege.c_str(), uid, nullptr, nullptr);
281     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
282
283     result = security_manager_identify_privilege_provider(privilege.c_str(), uid, &pkgId, nullptr);
284     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
285     RUNNER_ASSERT(pkgId && std::string(pkgId) == provider.getPkgId());
286     free(pkgId);
287     pkgId = nullptr;
288
289     result = security_manager_identify_privilege_provider(privilege.c_str(), uid, nullptr, &appId);
290     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
291     RUNNER_ASSERT(appId && std::string(appId) == provider.getAppId());
292     free(appId);
293     appId = nullptr;
294
295     result = security_manager_identify_privilege_provider(privilege.c_str(), uid, &pkgId, &appId);
296     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
297     RUNNER_ASSERT(appId && std::string(appId) == provider.getAppId());
298     RUNNER_ASSERT(pkgId && std::string(pkgId) == provider.getPkgId());
299     free(appId);
300     free(pkgId);
301 }
Domain: Security / Uncategorized;