src/security-manager-tests/test_cases_app_policy.cpp

   1 /*
   2  * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *    Licensed under the Apache License, Version 2.0 (the "License");
   5  *    you may not use this file except in compliance with the License.
   6  *    You may obtain a copy of the License at
   7  *
   8  *        http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *    Unless required by applicable law or agreed to in writing, software
  11  *    distributed under the License is distributed on an "AS IS" BASIS,
  12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *    See the License for the specific language governing permissions and
  14  *    limitations under the License.
  15  */
  16
  17 #include <string>
  18 #include <vector>
  19
  20 #include <app_install_helper.h>
  21 #include <scoped_installer.h>
  22 #include <sm_api.h>
  23 #include <temp_test_user.h>
  24 #include <tests_common.h>
  25
  26 #include <dpl/test/test_runner.h>
  27 #include <dpl/test/test_runner_child.h>
  28
  29 const std::vector<std::string> TEST_PRIVACY_PRIVILEGES = {
  30         "http://tizen.org/privilege/callhistory.read",
  31         "http://tizen.org/privilege/account.read",
  32         "http://tizen.org/privilege/healthinfo" };
  33
  34 using namespace SecurityManagerTest;
  35
  36 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_POLICY)
  37
  38 RUNNER_CHILD_TEST(security_manager_ap1_app_policy_fetch_for_self) {
  39     TemporaryTestUser tmpUser("sm_test_ap1_user_name", GUM_USERTYPE_NORMAL, false);
  40     tmpUser.create();
  41
  42     unsigned expectedPolicyCount = 1;
  43
  44     AppInstallHelper app("sm_test_ap1", tmpUser.getUid());
  45     app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
  46
  47     ScopedInstaller appInstall(app);
  48
  49     pid_t pid = fork();
  50     RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
  51     if (pid != 0) { //parent process
  52         waitPid(pid);
  53     } else { //child process
  54         Api::setProcessLabel(app.getAppId());
  55         RUNNER_ASSERT_ERRNO_MSG(
  56                 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
  57                 "drop_root_privileges failed");
  58
  59         std::string uidStr = tmpUser.getUidString();
  60         for (const auto &appPrivilege : app.getPrivileges()) {
  61             PolicyEntry filter(app.getAppId(), uidStr, appPrivilege);
  62
  63             std::vector<PolicyEntry> policyEntries;
  64             Api::getPolicyForSelf(filter, policyEntries);
  65
  66             RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
  67             RUNNER_ASSERT_MSG(policyEntries.size() == 1,
  68                     "Number of policies doesn't match - should be: " << expectedPolicyCount << " and is " << policyEntries.size());
  69
  70             for (const auto &policyEntry : policyEntries) {
  71                 std::string user = policyEntry.getUser();
  72                 std::string appId = policyEntry.getAppId();
  73                 std::string privilege = policyEntry.getPrivilege();
  74
  75                 RUNNER_ASSERT_MSG(appId == app.getAppId(),
  76                         "Policy returned for wrong appId," " expected : " << app.getAppId() << ", got : " << appId);
  77                 RUNNER_ASSERT_MSG(user == uidStr,
  78                         "Policy returned for wrong user," " expected : " << uidStr << ", got : " << user);
  79                 RUNNER_ASSERT_MSG(privilege == appPrivilege.getName(),
  80                         "Policy returned for wrong privilege," " expected : " << appPrivilege << ", got : " << privilege);
  81
  82             }
  83         }
  84         exit(0);
  85     }
  86 }
  87
  88 RUNNER_CHILD_TEST(security_manager_ap2_app_policy_fetch_for_self_different_user) {
  89     TemporaryTestUser tmpUser("sm_test_ap2_1_user_name", GUM_USERTYPE_NORMAL, false);
  90     tmpUser.create();
  91     TemporaryTestUser tmpUser2("sm_test_ap2_2_user_name", GUM_USERTYPE_NORMAL, false);
  92     tmpUser2.create();
  93
  94     AppInstallHelper app("sm_test_ap2", tmpUser.getUid());
  95     app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
  96
  97     ScopedInstaller appInstall(app);
  98
  99     pid_t pid = fork();
 100     RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
 101     if (pid != 0) { //parent process
 102         waitPid(pid);
 103     } else { //child process
 104         Api::setProcessLabel(app.getAppId());
 105         RUNNER_ASSERT_ERRNO_MSG(
 106                 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
 107                 "drop_root_privileges failed");
 108
 109         std::string wrongUidStr = tmpUser2.getUidString();
 110         for (const auto &appPrivilege : app.getPrivileges()) {
 111             PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege);
 112
 113             std::vector<PolicyEntry> policyEntries;
 114             Api::getPolicyForSelf(filter, policyEntries,
 115                     SECURITY_MANAGER_ERROR_ACCESS_DENIED);
 116         }
 117         exit(0);
 118     }
 119 }
 120
 121 RUNNER_CHILD_TEST(security_manager_ap3_app_policy_fetch_for_self_different_user_global) {
 122     TemporaryTestUser tmpUser("sm_test_ap3_1_user_name", GUM_USERTYPE_NORMAL, false);
 123     tmpUser.create();
 124     TemporaryTestUser tmpUser2("sm_test_ap3_2_user_name", GUM_USERTYPE_NORMAL, false);
 125     tmpUser2.create();
 126
 127     AppInstallHelper app("sm_test_ap3");
 128     app.setInstallType(SM_APP_INSTALL_GLOBAL);
 129     app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
 130
 131     ScopedInstaller appInstall(app);
 132
 133     pid_t pid = fork();
 134     RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
 135     if (pid != 0) { //parent process
 136         waitPid(pid);
 137     } else { //child process
 138         Api::setProcessLabel(app.getAppId());
 139         RUNNER_ASSERT_ERRNO_MSG(
 140                 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
 141                 "drop_root_privileges failed");
 142
 143         std::string wrongUidStr = tmpUser2.getUidString();
 144         for (const auto &appPrivilege : app.getPrivileges()) {
 145             PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege);
 146
 147             std::vector<PolicyEntry> policyEntries;
 148             Api::getPolicyForSelf(filter, policyEntries,
 149                     SECURITY_MANAGER_ERROR_ACCESS_DENIED);
 150         }
 151         exit(0);
 152     }
 153 }
 154
 155 RUNNER_CHILD_TEST(security_manager_ap3_app_policy_fetch_for_self_different_app) {
 156     TemporaryTestUser tmpUser("sm_test_ap3_user_name", GUM_USERTYPE_NORMAL, false);
 157     tmpUser.create();
 158
 159     AppInstallHelper app1("sm_test_ap3_1", tmpUser.getUid());
 160     app1.addPrivileges(TEST_PRIVACY_PRIVILEGES);
 161
 162     AppInstallHelper app2("sm_test_ap3_2", tmpUser.getUid());
 163     app2.addPrivileges(TEST_PRIVACY_PRIVILEGES);
 164
 165     ScopedInstaller appInstall1(app1);
 166     ScopedInstaller appInstall2(app2);
 167
 168     pid_t pid = fork();
 169     RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
 170     if (pid != 0) { //parent process
 171         waitPid(pid);
 172     } else { //child process
 173         Api::setProcessLabel(app1.getAppId());
 174         RUNNER_ASSERT_ERRNO_MSG(
 175                 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
 176                 "drop_root_privileges failed");
 177
 178         std::string uidStr = tmpUser.getUidString();
 179         for (const auto &appPrivilege : app1.getPrivileges()) {
 180             PolicyEntry filter(app2.getAppId(), uidStr, appPrivilege);
 181
 182             std::vector<PolicyEntry> policyEntries;
 183             Api::getPolicyForSelf(filter, policyEntries,
 184                     SECURITY_MANAGER_ERROR_ACCESS_DENIED);
 185         }
 186         exit(0);
 187     }
 188 }