projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SM: Code cleanup - separate dyntransition tests
[platform/core/test/security-tests.git] / src / security-manager-tests / test_cases_privacy_manager.cpp
1 /*
2  * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 #include <cstdlib>
18 #include <map>
19 #include <set>
20 #include <string>
21 #include <sys/types.h>
22 #include <unistd.h>
23 #include <unordered_set>
24 #include <utility>
25 #include <vector>
26
27 #include <cynara_test_admin.h>
28 #include <dpl/test/test_runner.h>
29 #include <memory.h>
30 #include <passwd_access.h>
31 #include <scoped_label.h>
32 #include <sm_api.h>
33 #include <sm_commons.h>
34 #include <sm_policy_request.h>
35 #include <sm_request.h>
36 #include <synchronization_pipe.h>
37 #include <temp_test_user.h>
38 #include <tests_common.h>
39
40 using namespace SecurityManagerTest;
41
42 static const std::vector<std::string> PM_MANY_APPS = {
43     "security_manager_pm_app_1",
44     "security_manager_pm_app_2",
45     "security_manager_pm_app_3",
46     "security_manager_pm_app_4",
47     "security_manager_pm_app_5"
48 };
49
50 const std::string PRIVILEGE_MANAGER_APP = "privilege_manager";
51 const std::string PRIVILEGE_MANAGER_PKG = "privilege_manager";
52 const std::string PRIVILEGE_MANAGER_SELF_PRIVILEGE = "http://tizen.org/privilege/notexist";
53 const std::string PRIVILEGE_MANAGER_ADMIN_PRIVILEGE = "http://tizen.org/privilege/internal/usermanagement";
54
55 static const std::map<std::string, struct app_attributes> PM_MANY_APPS_PKGS = {
56     {"security_manager_pm_app_1", {"security_manager_pm_pkg_1", "2.1"}},
57     {"security_manager_pm_app_2", {"security_manager_pm_pkg_2", "3.0"}},
58     {"security_manager_pm_app_3", {"security_manager_pm_pkg_3", "2.1.1"}},
59     {"security_manager_pm_app_4", {"security_manager_pm_pkg_4", "3.1"}},
60     {"security_manager_pm_app_5", {"security_manager_pm_pkg_5", "2.2"}},
61     {PRIVILEGE_MANAGER_APP, {PRIVILEGE_MANAGER_PKG, "3.0"}}
62 };
63
64 static const std::vector<privileges_t> PM_MANY_APPS_PRIVILEGES = {
65     {
66         "http://tizen.org/privilege/internet",
67         "http://tizen.org/privilege/display"
68     },
69     {
70         "http://tizen.org/privilege/telephony",
71         "http://tizen.org/privilege/datasharing"
72     },
73     {
74         "http://tizen.org/privilege/content.write",
75         "http://tizen.org/privilege/led",
76         "http://tizen.org/privilege/email"
77     },
78     {
79         "http://tizen.org/privilege/led",
80         "http://tizen.org/privilege/email",
81         "http://tizen.org/privilege/telephony",
82         "http://tizen.org/privilege/datasharing"
83     },
84     {
85         "http://tizen.org/privilege/internet",
86         "http://tizen.org/privilege/display",
87         "http://tizen.org/privilege/led",
88         "http://tizen.org/privilege/email"
89     }
90 };
91
92 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PRIVACY_MANAGER)
93
94 static inline void register_current_process_as_privilege_manager(uid_t uid, bool forAdmin = false)
95 {
96     InstallRequest request;
97     request.setAppId(PRIVILEGE_MANAGER_APP.c_str());
98     request.setPkgId(PRIVILEGE_MANAGER_PKG.c_str());
99     request.setUid(uid);
100     request.addPrivilege(PRIVILEGE_MANAGER_SELF_PRIVILEGE.c_str());
101     if (forAdmin)
102         request.addPrivilege(PRIVILEGE_MANAGER_ADMIN_PRIVILEGE.c_str());
103     Api::install(request);
104     Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
105 };
106
107 RUNNER_CHILD_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_self)
108 {
109     //TEST DATA
110     const std::string username("sm_test_10_user_name");
111     unsigned int privileges_count = 0;
112
113     std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
114     std::map<std::string, std::set<std::string>> apps2PrivsMap;
115
116     for (unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
117         apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
118             PM_MANY_APPS.at(i), std::set<std::string>(
119                 PM_MANY_APPS_PRIVILEGES.at(i).begin(),
120                 PM_MANY_APPS_PRIVILEGES.at(i).end())));
121         privileges_count += PM_MANY_APPS_PRIVILEGES.at(i).size();
122     };
123
124     apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
125         PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
126     ++privileges_count;
127     users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
128     //TEST DATA END
129
130     SynchronizationPipe pipe;
131     pid_t pid = fork();
132
133     if (pid != 0) { //parent process
134         pipe.claimParentEp();
135         TemporaryTestUser tmpUser(username, GUM_USERTYPE_NORMAL, false);
136         tmpUser.create();
137
138         for(const auto &user : users2AppsMap) {
139             for(const auto &app : user.second) {
140                 InstallRequest requestInst;
141                 requestInst.setAppId(app.first.c_str());
142                 try {
143                     requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str());
144                 } catch (const std::out_of_range &e) {
145                     RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
146                 };
147                 requestInst.setUid(tmpUser.getUid());
148
149                 for (const auto &privilege : app.second) {
150                     requestInst.addPrivilege(privilege.c_str());
151                 };
152
153                 Api::install(requestInst);
154             };
155
156             //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str());
157         };
158
159         //Start child process
160         pipe.post();
161         waitPid(pid);
162
163         tmpUser.remove();
164     } else { //child process
165         pipe.claimChildEp();
166         pipe.wait();
167
168         uid_t uid; gid_t gid;
169         PasswdAccess::allUser(username, uid, gid);
170         std::string uidStr = std::to_string(uid);
171         register_current_process_as_privilege_manager(uid);
172         int result = drop_root_privileges(uid, gid);
173         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
174
175         std::vector<PolicyEntry> policyEntries;
176         PolicyEntry filter;
177         Api::getPolicy(filter, policyEntries);
178
179         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
180         RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
181
182         for (const auto &policyEntry : policyEntries) {
183             std::string user = policyEntry.getUser();
184             std::string app = policyEntry.getAppId();
185             std::string privilege = policyEntry.getPrivilege();
186
187             RUNNER_ASSERT_MSG(user == uidStr, "Unexpected user: " << user);
188
189             try {
190                 std::set<std::string>::iterator tmp = users2AppsMap.at(username).at(app).find(privilege);
191                 if (tmp == users2AppsMap.at(username).at(app).end())
192                     RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
193             } catch (const std::out_of_range &e) {
194                 RUNNER_FAIL_MSG("Unexpected policy entry: unexpected app: " << policyEntry << ". Exception: " << e.what());
195             };
196         };
197         exit(0);
198     };
199 }
200
201 RUNNER_CHILD_TEST(security_manager_11_privacy_manager_fetch_whole_policy_for_admin_unprivileged)
202 {
203     //TEST DATA
204     const std::vector<std::string> usernames = {"sm_test_11_user_name_1", "sm_test_11_user_name_2"};
205     unsigned int privileges_count = 0;
206
207     std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
208     std::map<std::string, std::set<std::string>> apps2PrivsMap;
209
210     for (const auto &username : usernames) {
211         //Only entries for one of the users will be listed
212         privileges_count = 0;
213
214         for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
215             apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
216                 PM_MANY_APPS.at(i), std::set<std::string>(
217                     PM_MANY_APPS_PRIVILEGES.at(i).begin(),
218                     PM_MANY_APPS_PRIVILEGES.at(i).end())));
219             privileges_count+=PM_MANY_APPS_PRIVILEGES.at(i).size();
220         };
221
222         users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
223     };
224
225     users2AppsMap.at(usernames.at(0)).insert(std::pair<std::string, std::set<std::string>>(
226         PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
227
228     ++privileges_count;
229     //TEST DATA END
230
231     SynchronizationPipe pipe;
232     pid_t pid = fork();
233
234     if (pid != 0) { //parent process
235         pipe.claimParentEp();
236         std::vector<TemporaryTestUser> users = {
237             TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
238             TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
239             };
240
241         users.at(0).create();
242         users.at(1).create();
243
244         //Install apps for both users
245         for(const auto &user : users) {
246             for(const auto &app : users2AppsMap.at(user.getUserName())) {
247                 InstallRequest requestInst;
248                 requestInst.setAppId(app.first.c_str());
249                 try {
250                     requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str());
251                 } catch (const std::out_of_range &e) {
252                     RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
253                 };
254                 requestInst.setUid(user.getUid());
255
256                 for (const auto &privilege : app.second) {
257                     requestInst.addPrivilege(privilege.c_str());
258                 };
259
260                 Api::install(requestInst);
261             };
262
263             //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str());
264         };
265
266         //Start child
267         pipe.post();
268         waitPid(pid);
269
270         for (auto &user : users)
271             user.remove();
272
273     } else { //child process
274         pipe.claimChildEp();
275         pipe.wait();
276
277         uid_t uid; gid_t gid;
278         PasswdAccess::allUser(usernames.at(0), uid, gid);
279         std::string uidStr = std::to_string(uid);
280         register_current_process_as_privilege_manager(uid);
281
282         //change uid to normal user
283         errno = 0;
284         int result = drop_root_privileges(uid, gid);
285         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
286
287         std::vector<PolicyEntry> policyEntries;
288         PolicyEntry filter;
289
290         //this call should only return privileges belonging to the current uid
291         Api::getPolicy(filter, policyEntries);
292
293         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
294         RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
295
296         for (const auto &policyEntry : policyEntries) {
297             std::string user = policyEntry.getUser();
298             std::string app = policyEntry.getAppId();
299             std::string privilege = policyEntry.getPrivilege();
300
301             RUNNER_ASSERT_MSG(uidStr == user, "Unexpected user: " << user);
302
303             try {
304                 std::set<std::string>::iterator tmp = users2AppsMap.at(usernames.at(0)).at(app).find(privilege);
305                 if (tmp == users2AppsMap.at(usernames.at(0)).at(app).end())
306                     RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
307             } catch (const std::out_of_range &e) {
308                 RUNNER_FAIL_MSG("Unexpected policy entry: app: " << policyEntry << ". Exception: " << e.what());
309             };
310         };
311         exit(0);
312     };
313 }
314
315 RUNNER_CHILD_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_admin_privileged)
316 {
317     std::vector<PolicyEntry> oldPolicyVec;
318     Api::getPolicy(PolicyEntry(), oldPolicyVec);
319     std::unordered_set<PolicyEntry> oldPolicySet(oldPolicyVec.begin(), oldPolicyVec.end());
320
321     //TEST DATA
322     const std::vector<std::string> usernames = {"sm_test_12_user_name_1", "sm_test_12_user_name_2"};
323     unsigned int privileges_count = oldPolicyVec.size();
324
325     std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
326     std::map<std::string, std::set<std::string>> apps2PrivsMap;
327
328     for (const auto &username : usernames) {
329         for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
330             apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
331                 PM_MANY_APPS.at(i), std::set<std::string>(
332                     PM_MANY_APPS_PRIVILEGES.at(i).begin(),
333                     PM_MANY_APPS_PRIVILEGES.at(i).end())));
334             privileges_count+=PM_MANY_APPS_PRIVILEGES.at(i).size();
335         };
336
337         users2AppsMap.insert(std::make_pair(username, apps2PrivsMap));
338     };
339
340     users2AppsMap.at(usernames.at(1)).insert(std::make_pair(PRIVILEGE_MANAGER_APP,
341         std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE, PRIVILEGE_MANAGER_ADMIN_PRIVILEGE}));
342
343     privileges_count += 2;
344     //TEST DATA END
345
346     SynchronizationPipe pipe;
347     pid_t pid = fork();
348
349     if (pid != 0) { //parent process
350         pipe.claimParentEp();
351         std::vector<TemporaryTestUser> users = {
352             TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
353             TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
354             };
355
356         users.at(0).create();
357         users.at(1).create();
358         //Install apps for both users
359         for(const auto &user : users) {
360             for(const auto &app : users2AppsMap.at(user.getUserName())) {
361                 InstallRequest requestInst;
362                 requestInst.setAppId(app.first.c_str());
363                 try {
364                     requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str());
365                 } catch (const std::out_of_range &e) {
366                     RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
367                 };
368                 requestInst.setUid(user.getUid());
369
370                 for (const auto &privilege : app.second) {
371                     requestInst.addPrivilege(privilege.c_str());
372                 };
373
374                 Api::install(requestInst);
375             };
376
377             //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str());
378         };
379
380         //Start child process
381         pipe.post();
382         waitPid(pid);
383
384         for (auto &user : users)
385             user.remove();
386
387     } else { //child process
388         pipe.claimChildEp();
389         pipe.wait();
390
391         uid_t adminUid;
392         gid_t adminGid;
393         PasswdAccess::allUser(usernames.at(1), adminUid, adminGid);
394         std::string adminUidStr = std::to_string(adminUid);
395         uid_t normalUid = PasswdAccess::uid(usernames.at(0));
396         std::string normalUidStr = std::to_string(normalUid);
397         register_current_process_as_privilege_manager(adminUid, true);
398
399         //change uid to normal user
400         int result = drop_root_privileges(adminUid, adminGid);
401         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
402
403
404         std::vector<PolicyEntry> policyEntries;
405         //this call should succeed as the calling user is privileged
406         Api::getPolicy(PolicyEntry(), policyEntries);
407
408         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
409         RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
410
411         for (const auto &policyEntry : policyEntries) {
412             if (oldPolicySet.count(policyEntry))
413                 continue;
414
415             std::string user = policyEntry.getUser();
416             std::string app = policyEntry.getAppId();
417             std::string privilege = policyEntry.getPrivilege();
418
419             RUNNER_ASSERT_MSG(user == normalUidStr || user == adminUidStr, "Unexpected user: " << user);
420
421             std::string uidStrToLook = user == normalUidStr ? usernames.at(0) : usernames.at(1);
422
423             try {
424                 std::set<std::string>::iterator tmp = users2AppsMap.at(uidStrToLook).at(app).find(privilege);
425                 if (tmp == users2AppsMap.at(uidStrToLook).at(app).end())
426                     RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
427             } catch (const std::out_of_range &e) {
428                 RUNNER_FAIL_MSG("Unexpected policy entry: unexpected app: " << policyEntry << ". Exception: " << e.what());
429             } catch (const std::invalid_argument& e) {
430                 RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
431             };
432         };
433
434         exit(0);
435     };
436 }
437
438 RUNNER_CHILD_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_unprivileged)
439 {
440     //TEST DATA
441     const std::vector<std::string> usernames = {"sm_test_13_user_name_1", "sm_test_13_user_name_2"};
442
443     std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
444     std::map<std::string, std::set<std::string>> apps2PrivsMap;
445
446     for (const auto &username : usernames) {
447
448         for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
449             apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
450                 PM_MANY_APPS.at(i), std::set<std::string>(
451                     PM_MANY_APPS_PRIVILEGES.at(i).begin(),
452                     PM_MANY_APPS_PRIVILEGES.at(i).end())));
453         };
454
455         users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
456     };
457
458     users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
459         PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
460
461     //TEST DATA END
462
463     pid_t pid[2];
464     SynchronizationPipe sync[2];
465     std::vector<PolicyEntry> policyEntries;
466
467     pid[0] = fork();
468
469     if (pid[0] == 0) { //child #1 process
470         sync[0].claimChildEp();
471         sync[0].wait();
472
473         uid_t uid; gid_t gid;
474         PasswdAccess::allUser(usernames.at(0), uid, gid);
475         register_current_process_as_privilege_manager(uid);
476
477         //change uid to normal user
478         int result = drop_root_privileges(uid, gid);
479         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
480
481         PolicyEntry filter;
482         PolicyRequest policyRequest;
483
484         PolicyEntry policyEntry(
485                 PM_MANY_APPS[0],
486                 std::to_string(uid),
487                 "http://tizen.org/privilege/internet"
488                 );
489         policyEntry.setLevel("Deny");
490
491         policyRequest.addEntry(policyEntry);
492         policyEntry = PolicyEntry(
493                 PM_MANY_APPS[1],
494                 std::to_string(uid),
495                 "http://tizen.org/privilege/display"
496                 );
497         policyEntry.setLevel("Deny");
498
499         policyRequest.addEntry(policyEntry);
500         Api::sendPolicy(policyRequest);
501
502         exit(0);
503     } else { //parent process
504         sync[0].claimParentEp();
505         pid[1] = fork();
506
507         if (pid[1] == 0) { //child #2 process
508             sync[1].claimChildEp();
509             sync[1].wait();
510
511             uid_t target_uid = PasswdAccess::uid(usernames.at(0));
512             uid_t my_uid;
513             gid_t my_gid;
514             PasswdAccess::allUser(usernames.at(1), my_uid, my_gid);
515
516             register_current_process_as_privilege_manager(my_uid);
517
518             //change uid to normal user
519             int result = drop_root_privileges(my_uid, my_gid);
520             RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
521
522             PolicyEntry filter = PolicyEntry(
523                         SECURITY_MANAGER_ANY,
524                         std::to_string(target_uid),
525                         SECURITY_MANAGER_ANY
526                         );
527
528             //U2 requests contents of U1 privacy manager - should fail
529             Api::getPolicyForSelf(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED);
530             RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty, but is " << policyEntries.size());
531
532             filter = PolicyEntry(
533                         SECURITY_MANAGER_ANY,
534                         SECURITY_MANAGER_ANY,
535                         SECURITY_MANAGER_ANY
536                         );
537
538             policyEntries.clear();
539
540             //U2 requests contents of ADMIN bucket - should fail
541             Api::getPolicyForAdmin(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED);
542             RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty, but is " << policyEntries.size());
543             exit(0);
544         } else { //parent
545             sync[1].claimParentEp();
546             std::vector<TemporaryTestUser> users = {
547                 TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
548                 TemporaryTestUser(usernames.at(1), GUM_USERTYPE_NORMAL, false)
549                 };
550
551             users.at(0).create();
552             users.at(1).create();
553
554             //Install apps for both users
555             for(const auto &user : users2AppsMap) {
556
557                 for(const auto &app : user.second) {
558                     InstallRequest requestInst;
559                     requestInst.setAppId(app.first.c_str());
560                     try {
561                         requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str());
562                     } catch (const std::out_of_range &e) {
563                         RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
564                     };
565                     requestInst.setUid(users.at(0).getUid());
566
567                     for (const auto &privilege : app.second) {
568                         requestInst.addPrivilege(privilege.c_str());
569                     };
570
571                     Api::install(requestInst);
572                 };
573
574                 //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str());
575             };
576
577             //Start child #1
578             sync[0].post();
579             waitPid(pid[0]);
580
581             //Start child #2
582             sync[1].post();
583             waitPid(pid[1]);
584
585             for (auto &user : users)
586                 user.remove();
587         };
588     };
589 }
590
591 RUNNER_CHILD_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_for_admin)
592 {
593     //TEST DATA
594     const std::vector<std::string> usernames = {"sm_test_14_user_name_1", "sm_test_14_user_name_2"};
595     unsigned int privileges_count = 0;
596
597     std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
598     std::map<std::string, std::set<std::string>> apps2PrivsMap;
599
600     for (const auto &username : usernames) {
601
602         for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
603             apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
604                 PM_MANY_APPS.at(i), std::set<std::string>(
605                     PM_MANY_APPS_PRIVILEGES.at(i).begin(),
606                     PM_MANY_APPS_PRIVILEGES.at(i).end())));
607             privileges_count+=PM_MANY_APPS_PRIVILEGES.at(i).size();
608         };
609
610         users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
611     };
612
613     users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
614         PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
615
616     privileges_count += 2;
617     //TEST DATA END
618     SynchronizationPipe pipe;
619
620     pid_t pid = fork();
621     if (pid != 0) {
622         pipe.claimParentEp();
623         std::vector<TemporaryTestUser> users = {
624             TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
625             TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
626             };
627
628         users.at(0).create();
629         users.at(1).create();
630
631         //Install apps for both users
632         for(const auto &user : users) {
633
634             for(const auto &app : users2AppsMap.at(user.getUserName())) {
635                 InstallRequest requestInst;
636                 requestInst.setAppId(app.first.c_str());
637                 try {
638                     requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str());
639                 } catch (const std::out_of_range &e) {
640                     RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
641                 };
642                 requestInst.setUid(user.getUid());
643
644                 for (const auto &privilege : app.second) {
645                     requestInst.addPrivilege(privilege.c_str());
646                 };
647
648                 Api::install(requestInst);
649             };
650         };
651
652         //Start child process
653         pipe.post();
654         waitPid(pid);
655
656         //switch back to root
657         for (auto &user : users)
658             user.remove();
659
660     } else { //child process
661         pipe.claimChildEp();
662         pipe.wait();
663
664         uid_t uid; gid_t gid;
665         PasswdAccess::allUser(usernames.at(1), uid, gid);
666         register_current_process_as_privilege_manager(uid, true);
667
668         //change uid to normal user
669         int result = drop_root_privileges(uid, gid);
670         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
671
672         PolicyRequest *policyRequest = new PolicyRequest();
673         PolicyEntry filter;
674         std::vector<PolicyEntry> policyEntries;
675         //this call should succeed as the calling user is privileged
676         Api::getPolicyForSelf(filter, policyEntries);
677
678         unsigned int policyNum = policyEntries.size();
679
680         PolicyEntry policyEntry(
681                 SECURITY_MANAGER_ANY,
682                 SECURITY_MANAGER_ANY,
683                 "http://tizen.org/privilege/internet"
684                 );
685         policyEntry.setMaxLevel("Deny");
686
687         policyRequest->addEntry(policyEntry);
688         policyEntry = PolicyEntry(
689                 SECURITY_MANAGER_ANY,
690                 SECURITY_MANAGER_ANY,
691                 "http://tizen.org/privilege/display"
692                 );
693         policyEntry.setMaxLevel("Deny");
694
695         policyRequest->addEntry(policyEntry);
696         Api::sendPolicy(*policyRequest);
697         Api::getPolicyForAdmin(filter, policyEntries);
698
699         RUNNER_ASSERT_MSG(policyEntries.size() == policyNum + 2, "Number of policies doesn't match - should be: "
700                                     << policyNum + 2 << "  and is " << policyEntries.size());
701
702         delete policyRequest;
703         policyRequest = new PolicyRequest();
704         policyEntry = PolicyEntry(
705                 SECURITY_MANAGER_ANY,
706                 SECURITY_MANAGER_ANY,
707                 "http://tizen.org/privilege/internet"
708                 );
709         policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
710         policyRequest->addEntry(policyEntry);
711
712         policyEntry = PolicyEntry(
713                 SECURITY_MANAGER_ANY,
714                 SECURITY_MANAGER_ANY,
715                 "http://tizen.org/privilege/display"
716                 );
717         policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
718
719         policyRequest->addEntry(policyEntry);
720         Api::sendPolicy(*policyRequest);
721
722         policyEntries.clear();
723         Api::getPolicyForAdmin(filter, policyEntries);
724         RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Number of policies doesn't match - should be: 0 and is " << policyEntries.size());
725
726         delete policyRequest;
727
728         exit(0);
729     };
730
731 }
732
733 RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin)
734 {
735     const char *const update_app_id = "security_manager_15_update_app_id";
736     const char *const update_privilege = "http://tizen.org/privilege/led";
737     const char *const check_start_bucket = "ADMIN";
738     const std::string username("sm_test_15_username");
739     PolicyRequest addPolicyRequest;
740     CynaraTestAdmin::Admin admin;
741     ScopedProcessLabel keepLabel;
742
743     struct message {
744         uid_t uid;
745         gid_t gid;
746     } msg;
747
748     int pipefd[2];
749     pid_t pid;
750     int result = 0;
751
752     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
753
754     TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
755     user.create();
756
757     pid = fork();
758     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
759     if (pid != 0)//parent process
760     {
761         FdUniquePtr pipeptr(pipefd+1);
762         close(pipefd[0]);
763
764         register_current_process_as_privilege_manager(user.getUid(), true);
765
766         //send info to child
767         msg.uid = user.getUid();
768         msg.gid = user.getGid();
769
770         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
771         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
772
773         waitPid(pid);
774
775         admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
776                 std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
777     }
778     if(pid == 0)
779     {
780         FdUniquePtr pipeptr(pipefd);
781         close(pipefd[1]);
782
783         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
784         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
785
786         //become admin privacy manager manager
787         Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
788         result = drop_root_privileges(msg.uid, msg.gid);
789         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
790
791         PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
792         entry.setMaxLevel("Allow");
793
794         addPolicyRequest.addEntry(entry);
795         Api::sendPolicy(addPolicyRequest);
796         exit(0);
797     }
798 }
799
800 RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard)
801 {
802     const char *const update_other_app_id = "security_manager_15_update_other_app_id";
803     const char *const update_privilege = "http://tizen.org/privilege/led";
804     const char *const check_start_bucket = "ADMIN";
805     const std::string username("sm_test_15_username");
806     PolicyRequest addPolicyRequest;
807     CynaraTestAdmin::Admin admin;
808     ScopedProcessLabel keepLabel;
809
810     struct message {
811         uid_t uid;
812         gid_t gid;
813     } msg;
814
815     int pipefd[2];
816     pid_t pid;
817     int result = 0;
818
819     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
820
821     TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
822     user.create();
823
824     pid = fork();
825     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
826     if (pid != 0)//parent process
827     {
828         FdUniquePtr pipeptr(pipefd+1);
829         close(pipefd[0]);
830
831         register_current_process_as_privilege_manager(user.getUid(), true);
832
833         //send info to child
834         msg.uid = user.getUid();
835         msg.gid = user.getGid();
836
837         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
838         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
839
840         waitPid(pid);
841
842         admin.adminCheck(check_start_bucket, false, generateAppLabel(update_other_app_id).c_str(),
843                 std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
844     }
845     if(pid == 0)
846     {
847         FdUniquePtr pipeptr(pipefd);
848         close(pipefd[1]);
849
850         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
851         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
852
853         //become admin privacy manager manager
854         Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
855         result = drop_root_privileges(msg.uid, msg.gid);
856         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
857
858         // use wildcard as appId
859         PolicyEntry entry(SECURITY_MANAGER_ANY, std::to_string(static_cast<int>(msg.uid)), update_privilege);
860         entry.setMaxLevel("Allow");
861
862         addPolicyRequest.addEntry(entry);
863         Api::sendPolicy(addPolicyRequest);
864         exit(0);
865     }
866 }
867
868 RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_self)
869 {
870     const char *const update_app_id = "security_manager_15_update_app_id";
871     const char *const update_privilege = "http://tizen.org/privilege/led";
872     const char *const check_start_bucket = "";
873     const std::string username("sm_test_15_username");
874     PolicyRequest addPolicyRequest;
875     CynaraTestAdmin::Admin admin;
876     ScopedProcessLabel keepLabel;
877
878     struct message {
879         uid_t uid;
880         gid_t gid;
881     } msg;
882
883     int pipefd[2];
884     pid_t pid;
885     int result = 0;
886
887     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
888
889     TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
890     user.create();
891
892     pid = fork();
893     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
894     if (pid != 0)//parent process
895     {
896         FdUniquePtr pipeptr(pipefd+1);
897         close(pipefd[0]);
898
899         register_current_process_as_privilege_manager(user.getUid(), false);
900
901         //send info to child
902         msg.uid = user.getUid();
903         msg.gid = user.getGid();
904
905         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
906         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
907
908         waitPid(pid);
909
910         admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
911                 std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
912     }
913     if(pid == 0)
914     {
915         FdUniquePtr pipeptr(pipefd);
916         close(pipefd[1]);
917
918         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
919         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
920
921         //become admin privacy manager manager
922         Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
923         result = drop_root_privileges(msg.uid, msg.gid);
924         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
925
926         PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
927         entry.setLevel("Allow");
928
929         addPolicyRequest.addEntry(entry);
930         Api::sendPolicy(addPolicyRequest);
931         exit(0);
932     }
933 }
934
935 RUNNER_CHILD_TEST(security_manager_16_policy_levels_get)
936 {
937     const std::string username("sm_test_16_user_cynara_policy");
938     CynaraTestAdmin::Admin admin;
939     int pipefd[2];
940     pid_t pid;
941     int result = 0;
942
943     struct message {
944         uid_t uid;
945         gid_t gid;
946     } msg;
947
948     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
949
950     TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
951     user.create();
952
953     pid = fork();
954     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
955     if (pid != 0)//parent process
956     {
957         FdUniquePtr pipeptr(pipefd+1);
958         close(pipefd[0]);
959
960         //send info to child
961         msg.uid = user.getUid();
962         msg.gid = user.getGid();
963
964         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
965         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
966
967         waitPid(pid);
968     }
969     if(pid == 0)
970     {
971         int ret;
972         char** levels;
973         std::string allow_policy, deny_policy;
974         size_t count;
975         FdUniquePtr pipeptr(pipefd);
976         close(pipefd[1]);
977
978         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
979         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
980
981         //become admin privacy manager manager
982         result = drop_root_privileges(msg.uid, msg.gid);
983         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
984
985         // 3 should be there when ask-user is installed
986         ret = security_manager_policy_levels_get(&levels, &count);
987
988         RUNNER_ASSERT_MSG((lib_retcode)ret == SECURITY_MANAGER_SUCCESS,
989                 "Invlid return code: " << ret);
990
991         RUNNER_ASSERT_MSG(count == 3, "Invalid number of policy levels. Should be 3, instead there is: " << static_cast<int>(count));
992
993         deny_policy = std::string(levels[0]);
994         allow_policy = std::string(levels[count-1]);
995
996         // first should always be Deny
997         RUNNER_ASSERT_MSG(deny_policy.compare("Deny") == 0,
998                 "Invalid first policy level. Should be Deny, instead there is: " << levels[0]);
999
1000         // last should always be Allow
1001         RUNNER_ASSERT_MSG(allow_policy.compare("Allow") == 0,
1002                 "Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]);
1003
1004         security_manager_policy_levels_free(levels, count);
1005         exit(0);
1006     }
1007 }
1008
1009 RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self)
1010 {
1011     const char *const update_app_id = "security_manager_17_update_app_id";
1012     const char *const update_privilege = "http://tizen.org/privilege/led";
1013     const char *const check_start_bucket = "";
1014     const std::string username("sm_test_17_username");
1015     PolicyRequest addPolicyRequest;
1016     CynaraTestAdmin::Admin admin;
1017
1018     struct message {
1019         uid_t uid;
1020         gid_t gid;
1021     } msg;
1022
1023     int pipefd[2];
1024     int pipefd2[2];
1025     pid_t pid[2];
1026     int result = 0;
1027     ScopedProcessLabel keepLabel;
1028
1029     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
1030     RUNNER_ASSERT_MSG((pipe(pipefd2) != -1),"second pipe failed");
1031
1032     TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
1033     user.create();
1034
1035     pid[0] = fork();
1036     RUNNER_ASSERT_MSG(pid[0] >= 0, "fork failed");
1037     if (pid[0] != 0)//parent process
1038     {
1039         FdUniquePtr pipeptr(pipefd+1);
1040         close(pipefd[0]);
1041
1042         register_current_process_as_privilege_manager(user.getUid(), false);
1043
1044         //send info to child
1045         msg.uid = user.getUid();
1046         msg.gid = user.getGid();
1047
1048         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
1049         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
1050
1051         waitPid(pid[0]);
1052
1053         admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
1054                 std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
1055
1056         pid[1] = fork();
1057         if (pid[1] != 0)//parent process
1058         {
1059             FdUniquePtr pipeptr(pipefd2+1);
1060             close(pipefd2[0]);
1061
1062             //send info to child
1063             msg.uid = user.getUid();
1064             msg.gid = user.getGid();
1065
1066             ssize_t written = TEMP_FAILURE_RETRY(write(pipefd2[1], &msg, sizeof(struct message)));
1067             RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
1068
1069             waitPid(pid[1]);
1070
1071             admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
1072                     std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr);
1073         }
1074         if(pid[1] == 0)
1075         {
1076             FdUniquePtr pipeptr(pipefd2);
1077             close(pipefd2[1]);
1078
1079             ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message)));
1080             RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
1081
1082             result = drop_root_privileges(msg.uid, msg.gid);
1083             RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1084
1085             // delete this entry
1086             PolicyRequest deletePolicyRequest;
1087             PolicyEntry deleteEntry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
1088             deleteEntry.setLevel(SECURITY_MANAGER_DELETE);
1089
1090             deletePolicyRequest.addEntry(deleteEntry);
1091             Api::sendPolicy(deletePolicyRequest);
1092             exit(0);
1093         }
1094     }
1095     if(pid[0] == 0)
1096     {
1097         FdUniquePtr pipeptr(pipefd);
1098         close(pipefd[1]);
1099
1100         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
1101         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
1102
1103         //become admin privacy manager manager
1104         Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
1105         result = drop_root_privileges(msg.uid, msg.gid);
1106         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1107
1108         PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
1109         entry.setLevel("Allow");
1110
1111         addPolicyRequest.addEntry(entry);
1112         Api::sendPolicy(addPolicyRequest);
1113         exit(0);
1114     }
1115 }
1116
1117 RUNNER_CHILD_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_self_filtered)
1118 {
1119     const std::string username("sm_test_17_user_name");
1120
1121     struct message {
1122         uid_t uid;
1123         gid_t gid;
1124         unsigned int privileges_count;
1125     } msg;
1126
1127     int pipefd[2];
1128     pid_t pid;
1129     int result = 0;
1130     ScopedProcessLabel keepLabel;
1131
1132     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
1133
1134     pid = fork();
1135     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
1136     if (pid != 0)//parent process
1137     {
1138         FdUniquePtr pipeptr(pipefd+1);
1139         close(pipefd[0]);
1140
1141         TemporaryTestUser user(username, static_cast<GumUserType>(GUM_USERTYPE_NORMAL), false);
1142         user.create();
1143
1144         unsigned int privileges_count = 0;
1145
1146         for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
1147             InstallRequest requestInst;
1148             requestInst.setAppId(PM_MANY_APPS[i].c_str());
1149             requestInst.setPkgId(PM_MANY_APPS_PKGS.at(PM_MANY_APPS[i]).package.c_str());
1150             requestInst.setUid(user.getUid());
1151
1152             for (auto &priv : PM_MANY_APPS_PRIVILEGES.at(i)) {
1153                 requestInst.addPrivilege(priv.c_str());
1154             };
1155
1156             Api::install(requestInst);
1157             privileges_count += PM_MANY_APPS_PRIVILEGES.at(i).size();
1158         };
1159
1160         register_current_process_as_privilege_manager(user.getUid(), false);
1161         //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
1162         ++privileges_count;
1163
1164         //send info to child
1165         msg.uid = user.getUid();
1166         msg.gid = user.getGid();
1167         msg.privileges_count = privileges_count;
1168
1169         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
1170         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
1171
1172         waitPid(pid);
1173     }
1174     if(pid == 0)
1175     {
1176         FdUniquePtr pipeptr(pipefd);
1177         close(pipefd[1]);
1178
1179         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
1180         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
1181
1182         //become admin privacy manager manager
1183         Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
1184         result = drop_root_privileges(msg.uid, msg.gid);
1185         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1186
1187         // filter by privilege
1188         std::vector<PolicyEntry> policyEntries;
1189         PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/internet");
1190         Api::getPolicy(filter, policyEntries);
1191
1192         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
1193         RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
1194
1195         // filter by other privilege
1196         policyEntries.clear();
1197         PolicyEntry filter2(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/email");
1198         Api::getPolicy(filter2, policyEntries);
1199
1200         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
1201         RUNNER_ASSERT_MSG(policyEntries.size() == 3, "Number of policies doesn't match - should be: 3 and is " << policyEntries.size());
1202
1203         // filter by appId
1204         policyEntries.clear();
1205         PolicyEntry filter3(PM_MANY_APPS[4].c_str(), SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY);
1206         Api::getPolicy(filter3, policyEntries);
1207
1208         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
1209         RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size());
1210     }
1211 }
Domain: Security / Uncategorized;