2 * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <sys/types.h>
23 #include <cynara_test_client.h>
24 #include <dpl/test/test_runner.h>
26 #include <sm_commons.h>
27 #include <sm_request.h>
28 #include <tests_common.h>
29 #include <tzplatform.h>
30 #include <app_install_helper.h>
31 #include <scoped_installer.h>
33 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
35 using namespace SecurityManagerTest;
37 RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
39 const std::string privilege = "http://tizen.org/applicationDefinedPrivilege/app_defined_01";
40 const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED;
41 const std::string providerAppId = "app_def_01_provider_appid";
42 const std::string consumerAppId = "app_def_01_client_appid";
43 const std::string ownerId = "5001";
44 const std::string session = "S0M3S3SSI0N";
46 AppInstallHelper provider(providerAppId);
47 AppInstallHelper consumer(consumerAppId);
49 std::string consumerLabel = consumer.generateAppLabel();
51 provider.addAppDefinedPrivilege(std::make_pair(privilege, type));
52 consumer.addPrivilege(privilege);
54 ScopedInstaller req1(provider);
55 ScopedInstaller req2(consumer);
57 CynaraTestClient::Client cynara;
58 cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
63 cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
66 RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
68 const std::string privilege = "http://tizen.org/licensedPrivilege/app_defined_02";
69 const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED;
70 const std::string providerAppId = "app_def_02_provider_appid";
71 const std::string consumerAppId = "app_def_02_client_appid";
72 const std::string ownerId = "5001";
73 const std::string session = "S0M33S3SSI0N";
75 AppInstallHelper provider(providerAppId);
76 AppInstallHelper consumer(consumerAppId);
78 std::string consumerLabel = consumer.generateAppLabel();
80 provider.addAppDefinedPrivilege(std::make_pair(privilege, type));
81 consumer.addPrivilege(privilege);
83 ScopedInstaller req1(provider);
84 ScopedInstaller req2(consumer);
86 CynaraTestClient::Client cynara;
87 cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
92 cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
95 RUNNER_CHILD_TEST(app_defined_03_database_update)
97 // Because of a bug in implementation during installation of
98 // providerB privileges of providerA were deleted from cynara
99 // database. This test should check if bug was fixed.
100 const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_03a";
101 const std::string privilegeB = "http://tizen.org/licensedPrivilege/app_defined_03b";
102 const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED;
103 const std::string providerAppIdA = "app_def_03a_provider_appid";
104 const std::string providerAppIdB = "app_def_03b_provider_appid";
105 const std::string consumerAppId = "app_def_03_client_appid";
106 const std::string ownerId = "5001";
107 const std::string session = "S0M33S3SSI0N";
109 AppInstallHelper providerA(providerAppIdA);
110 AppInstallHelper providerB(providerAppIdB);
111 AppInstallHelper consumer(consumerAppId);
113 std::string consumerLabel = consumer.generateAppLabel();
115 providerA.addAppDefinedPrivilege(std::make_pair(privilegeA, type));
116 providerB.addAppDefinedPrivilege(std::make_pair(privilegeB, type));
117 consumer.addPrivilege(privilegeA);
118 consumer.addPrivilege(privilegeB);
120 ScopedInstaller req1(providerA);
121 ScopedInstaller req2(providerB);
122 ScopedInstaller req3(consumer);
124 CynaraTestClient::Client cynara;
125 cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
126 cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
128 // uninstall providerA
131 cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
132 cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
134 // uninstall providerB
137 cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
138 cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
141 RUNNER_CHILD_TEST(app_defined_04_app_update)
143 const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_04a";
144 const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_04b";
145 const std::string privilegeC = "http://tizen.org/licensedPrivilege/app_defined_04c";
146 const std::string providerAppId = "app_def_04_provider_appid";
147 const std::string consumerAppId = "app_def_04_client_appid";
148 const std::string ownerId = "5001";
149 const std::string session = "S0M33S3SSI0N";
151 AppInstallHelper providerV1(providerAppId);
152 AppInstallHelper providerV2(providerAppId);
153 AppInstallHelper consumer(consumerAppId);
155 std::string consumerLabel = consumer.generateAppLabel();
157 providerV1.addAppDefinedPrivilege(std::make_pair(privilegeA, SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED));
158 providerV1.addAppDefinedPrivilege(std::make_pair(privilegeB, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
159 consumer.addPrivilege(privilegeA);
160 consumer.addPrivilege(privilegeB);
161 consumer.addPrivilege(privilegeC);
163 ScopedInstaller req1(providerV1);
164 ScopedInstaller req2(consumer);
166 CynaraTestClient::Client cynara;
167 cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
168 cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
169 cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
171 // update provider version, remove privilegeA, add privilegeC
172 providerV2.addAppDefinedPrivilege(std::make_pair(privilegeB, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
173 providerV2.addAppDefinedPrivilege(std::make_pair(privilegeC, SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED));
174 ScopedInstaller req3(providerV2);
176 cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
177 cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
178 cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
181 RUNNER_CHILD_TEST(app_defined_05_global_local_install)
183 const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_05a";
184 const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_05b";
185 const std::string privilegeC = "http://tizen.org/applicationDefinedPrivilege/app_defined_05c";
186 const std::string providerAppId = "app_def_05_provider_appid";
187 const std::string consumerAppId = "app_def_05_client_appid";
188 const std::string ownerId = "5001";
189 const std::string bobId = "5002";
190 const std::string session = "S0M33S3SSI0N";
192 AppInstallHelper providerGlobal(providerAppId);
193 AppInstallHelper providerLocal(providerAppId, 5002);
194 AppInstallHelper consumerGlobal(consumerAppId);
195 AppInstallHelper consumerLocal(consumerAppId, 5002);
197 std::string consumerGlobalLabel = consumerGlobal.generateAppLabel();
198 std::string consumerLocalLabel = consumerLocal.generateAppLabel();
200 providerGlobal.addAppDefinedPrivilege(std::make_pair(privilegeA, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
201 providerGlobal.addAppDefinedPrivilege(std::make_pair(privilegeC, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
203 providerLocal.addAppDefinedPrivilege(std::make_pair(privilegeA, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
204 providerLocal.addAppDefinedPrivilege(std::make_pair(privilegeB, SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED));
206 consumerGlobal.addPrivilege(privilegeA);
207 consumerGlobal.addPrivilege(privilegeB);
208 consumerGlobal.addPrivilege(privilegeC);
210 consumerLocal.addPrivilege(privilegeB);
211 consumerLocal.addPrivilege(privilegeC);
213 CynaraTestClient::Client cynara;
215 // local provider only and global consumer only
216 ScopedInstaller req1(providerLocal);
217 ScopedInstaller req2(consumerGlobal);
218 cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
219 cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
220 cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
221 cynara.check(consumerGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
222 cynara.check(consumerGlobalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
223 cynara.check(consumerGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
225 // local provider only and global/local consumer
226 ScopedInstaller req3(consumerLocal);
227 cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
228 cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
229 cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
231 // global/local provider and global/local consumer
232 ScopedInstaller req4(providerGlobal);
233 cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
234 cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
235 cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
236 cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
237 cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
238 //cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
240 // global provider only and global/local consumer
242 cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
243 cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
244 cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
245 cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
246 cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_DENIED);
247 cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
249 // global provider only and global consumer only
251 cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
252 cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
253 cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
256 RUNNER_CHILD_TEST(app_defined_06_get_provider)
259 char *pkgId = nullptr;
260 char *appId = nullptr;
261 const std::string privilege = "http://tizen.org/applicationDefinedPrivilege/app_defined_06";
262 const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED;
263 const std::string providerId = "app_def_06_provider";
266 AppInstallHelper provider(providerId, uid);
267 provider.addAppDefinedPrivilege(std::make_pair(privilege, type));
268 ScopedInstaller req1(provider);
270 result = security_manager_identify_privilege_provider("noExistingPrivilege", uid, &pkgId, &appId);
271 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
272 RUNNER_ASSERT(appId == nullptr);
273 RUNNER_ASSERT(pkgId == nullptr);
275 result = security_manager_identify_privilege_provider(privilege.c_str(), uid+1, &pkgId, &appId);
276 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
277 RUNNER_ASSERT(appId == nullptr);
278 RUNNER_ASSERT(pkgId == nullptr);
280 result = security_manager_identify_privilege_provider(privilege.c_str(), uid, nullptr, nullptr);
281 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
283 result = security_manager_identify_privilege_provider(privilege.c_str(), uid, &pkgId, nullptr);
284 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
285 RUNNER_ASSERT(pkgId && std::string(pkgId) == provider.getPkgId());
289 result = security_manager_identify_privilege_provider(privilege.c_str(), uid, nullptr, &appId);
290 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
291 RUNNER_ASSERT(appId && std::string(appId) == provider.getAppId());
295 result = security_manager_identify_privilege_provider(privilege.c_str(), uid, &pkgId, &appId);
296 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
297 RUNNER_ASSERT(appId && std::string(appId) == provider.getAppId());
298 RUNNER_ASSERT(pkgId && std::string(pkgId) == provider.getPkgId());