projects / platform / core / test / security-tests.git / blob
? search:


a09d294f57c7303637e87aa31ff57e4f43a9a276
[platform/core/test/security-tests.git] / src / security-manager-tests / test_cases_privacy_manager.cpp
1 /*
2  * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 #include <cstdlib>
18 #include <map>
19 #include <set>
20 #include <string>
21 #include <sys/types.h>
22 #include <unistd.h>
23 #include <unordered_set>
24 #include <utility>
25 #include <vector>
26
27 #include <cynara_test_admin.h>
28 #include <dpl/test/test_runner.h>
29 #include <memory.h>
30 #include <passwd_access.h>
31 #include <scoped_label.h>
32 #include <sm_api.h>
33 #include <sm_commons.h>
34 #include <sm_policy_request.h>
35 #include <sm_request.h>
36 #include <synchronization_pipe.h>
37 #include <temp_test_user.h>
38 #include <tests_common.h>
39
40 using namespace SecurityManagerTest;
41
42 static const std::vector<std::string> PM_MANY_APPS = {
43     "security_manager_pm_app_1",
44     "security_manager_pm_app_2",
45     "security_manager_pm_app_3",
46     "security_manager_pm_app_4",
47     "security_manager_pm_app_5"
48 };
49
50 const std::string PRIVILEGE_MANAGER_APP = "privilege_manager";
51 const std::string PRIVILEGE_MANAGER_PKG = "privilege_manager";
52 const std::string PRIVILEGE_MANAGER_SELF_PRIVILEGE = "http://tizen.org/privilege/notexist";
53 const std::string PRIVILEGE_MANAGER_ADMIN_PRIVILEGE = "http://tizen.org/privilege/internal/usermanagement";
54
55 static const std::map<std::string, struct app_attributes> PM_MANY_APPS_PKGS = {
56     {"security_manager_pm_app_1", {"security_manager_pm_pkg_1", "2.1"}},
57     {"security_manager_pm_app_2", {"security_manager_pm_pkg_2", "3.0"}},
58     {"security_manager_pm_app_3", {"security_manager_pm_pkg_3", "2.1.1"}},
59     {"security_manager_pm_app_4", {"security_manager_pm_pkg_4", "3.1"}},
60     {"security_manager_pm_app_5", {"security_manager_pm_pkg_5", "2.2"}},
61     {PRIVILEGE_MANAGER_APP, {PRIVILEGE_MANAGER_PKG, "3.0"}}
62 };
63
64 static const std::vector<privileges_t> PM_MANY_APPS_PRIVILEGES = {
65     {
66         "http://tizen.org/privilege/internet",
67         "http://tizen.org/privilege/display"
68     },
69     {
70         "http://tizen.org/privilege/telephony",
71         "http://tizen.org/privilege/datasharing"
72     },
73     {
74         "http://tizen.org/privilege/content.write",
75         "http://tizen.org/privilege/led",
76         "http://tizen.org/privilege/email"
77     },
78     {
79         "http://tizen.org/privilege/led",
80         "http://tizen.org/privilege/email",
81         "http://tizen.org/privilege/telephony",
82         "http://tizen.org/privilege/datasharing"
83     },
84     {
85         "http://tizen.org/privilege/internet",
86         "http://tizen.org/privilege/display",
87         "http://tizen.org/privilege/led",
88         "http://tizen.org/privilege/email"
89     }
90 };
91
92 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PRIVACY_MANAGER)
93
94 static inline void register_current_process_as_privilege_manager(uid_t uid, bool forAdmin = false)
95 {
96     InstallRequest request;
97     request.setAppId(PRIVILEGE_MANAGER_APP.c_str());
98     request.setPkgId(PRIVILEGE_MANAGER_PKG.c_str());
99     request.setUid(uid);
100     request.addPrivilege(PRIVILEGE_MANAGER_SELF_PRIVILEGE.c_str());
101     if (forAdmin)
102         request.addPrivilege(PRIVILEGE_MANAGER_ADMIN_PRIVILEGE.c_str());
103     Api::install(request);
104     Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
105 };
106
107 RUNNER_CHILD_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_self)
108 {
109     //TEST DATA
110     const std::string username("sm_test_10_user_name");
111     unsigned int privileges_count = 0;
112
113     std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
114     std::map<std::string, std::set<std::string>> apps2PrivsMap;
115
116     for (unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
117         apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
118             PM_MANY_APPS.at(i), std::set<std::string>(
119                 PM_MANY_APPS_PRIVILEGES.at(i).begin(),
120                 PM_MANY_APPS_PRIVILEGES.at(i).end())));
121         privileges_count += PM_MANY_APPS_PRIVILEGES.at(i).size();
122     };
123
124     apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
125         PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
126     ++privileges_count;
127     users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
128     //TEST DATA END
129
130     SynchronizationPipe pipe;
131     pid_t pid = fork();
132
133     if (pid != 0) { //parent process
134         pipe.claimParentEp();
135         TemporaryTestUser tmpUser(username, GUM_USERTYPE_NORMAL, false);
136         tmpUser.create();
137
138         for(const auto &user : users2AppsMap) {
139             for(const auto &app : user.second) {
140                 InstallRequest requestInst;
141                 requestInst.setAppId(app.first.c_str());
142                 try {
143                     requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str());
144                 } catch (const std::out_of_range &e) {
145                     RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
146                 };
147                 requestInst.setUid(tmpUser.getUid());
148
149                 for (const auto &privilege : app.second) {
150                     requestInst.addPrivilege(privilege.c_str());
151                 };
152
153                 Api::install(requestInst);
154             };
155
156             //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str());
157         };
158
159         //Start child process
160         pipe.post();
161         waitPid(pid);
162
163         tmpUser.remove();
164     } else { //child process
165         pipe.claimChildEp();
166         pipe.wait();
167
168         uid_t uid; gid_t gid;
169         PasswdAccess::allUser(username, uid, gid);
170         std::string uidStr = std::to_string(uid);
171         register_current_process_as_privilege_manager(uid);
172         int result = drop_root_privileges(uid, gid);
173         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
174
175         std::vector<PolicyEntry> policyEntries;
176         PolicyEntry filter;
177         Api::getPolicy(filter, policyEntries);
178
179         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
180         RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
181
182         for (const auto &policyEntry : policyEntries) {
183             std::string user = policyEntry.getUser();
184             std::string app = policyEntry.getAppId();
185             std::string privilege = policyEntry.getPrivilege();
186
187             RUNNER_ASSERT_MSG(user == uidStr, "Unexpected user: " << user);
188
189             try {
190                 std::set<std::string>::iterator tmp = users2AppsMap.at(username).at(app).find(privilege);
191                 if (tmp == users2AppsMap.at(username).at(app).end())
192                     RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
193             } catch (const std::out_of_range &e) {
194                 RUNNER_FAIL_MSG("Unexpected policy entry: unexpected app: " << policyEntry << ". Exception: " << e.what());
195             };
196         };
197         exit(0);
198     };
199 }
200
201 RUNNER_CHILD_TEST(security_manager_11_privacy_manager_fetch_whole_policy_for_admin_unprivileged)
202 {
203     //TEST DATA
204     const std::vector<std::string> usernames = {"sm_test_11_user_name_1", "sm_test_11_user_name_2"};
205     unsigned int privileges_count = 0;
206
207     std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
208     std::map<std::string, std::set<std::string>> apps2PrivsMap;
209
210     for (const auto &username : usernames) {
211         //Only entries for one of the users will be listed
212         privileges_count = 0;
213
214         for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
215             apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
216                 PM_MANY_APPS.at(i), std::set<std::string>(
217                     PM_MANY_APPS_PRIVILEGES.at(i).begin(),
218                     PM_MANY_APPS_PRIVILEGES.at(i).end())));
219             privileges_count+=PM_MANY_APPS_PRIVILEGES.at(i).size();
220         };
221
222         users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
223     };
224
225     users2AppsMap.at(usernames.at(0)).insert(std::pair<std::string, std::set<std::string>>(
226         PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
227
228     ++privileges_count;
229     //TEST DATA END
230
231     SynchronizationPipe pipe;
232     pid_t pid = fork();
233
234     if (pid != 0) { //parent process
235         pipe.claimParentEp();
236         std::vector<TemporaryTestUser> users = {
237             TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
238             TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
239             };
240
241         users.at(0).create();
242         users.at(1).create();
243
244         //Install apps for both users
245         for(const auto &user : users) {
246             for(const auto &app : users2AppsMap.at(user.getUserName())) {
247                 InstallRequest requestInst;
248                 requestInst.setAppId(app.first.c_str());
249                 try {
250                     requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str());
251                 } catch (const std::out_of_range &e) {
252                     RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
253                 };
254                 requestInst.setUid(user.getUid());
255
256                 for (const auto &privilege : app.second) {
257                     requestInst.addPrivilege(privilege.c_str());
258                 };
259
260                 Api::install(requestInst);
261             };
262
263             //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str());
264         };
265
266         //Start child
267         pipe.post();
268         waitPid(pid);
269
270         for (auto &user : users)
271             user.remove();
272
273     } else { //child process
274         pipe.claimChildEp();
275         pipe.wait();
276
277         uid_t uid; gid_t gid;
278         PasswdAccess::allUser(usernames.at(0), uid, gid);
279         std::string uidStr = std::to_string(uid);
280         register_current_process_as_privilege_manager(uid);
281
282         //change uid to normal user
283         errno = 0;
284         int result = drop_root_privileges(uid, gid);
285         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
286
287         std::vector<PolicyEntry> policyEntries;
288         PolicyEntry filter;
289
290         //this call should only return privileges belonging to the current uid
291         Api::getPolicy(filter, policyEntries);
292
293         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
294         RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
295
296         for (const auto &policyEntry : policyEntries) {
297             std::string user = policyEntry.getUser();
298             std::string app = policyEntry.getAppId();
299             std::string privilege = policyEntry.getPrivilege();
300
301             RUNNER_ASSERT_MSG(uidStr == user, "Unexpected user: " << user);
302
303             try {
304                 std::set<std::string>::iterator tmp = users2AppsMap.at(usernames.at(0)).at(app).find(privilege);
305                 if (tmp == users2AppsMap.at(usernames.at(0)).at(app).end())
306                     RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
307             } catch (const std::out_of_range &e) {
308                 RUNNER_FAIL_MSG("Unexpected policy entry: app: " << policyEntry << ". Exception: " << e.what());
309             };
310         };
311         exit(0);
312     };
313 }
314
315 RUNNER_CHILD_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_admin_privileged)
316 {
317     std::vector<PolicyEntry> oldPolicyVec;
318     Api::getPolicy(PolicyEntry(), oldPolicyVec);
319     std::unordered_set<PolicyEntry> oldPolicySet(oldPolicyVec.begin(), oldPolicyVec.end());
320
321     //TEST DATA
322     const std::vector<std::string> usernames = {"sm_test_12_user_name_1", "sm_test_12_user_name_2"};
323     unsigned int privileges_count = oldPolicyVec.size();
324
325     std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
326     std::map<std::string, std::set<std::string>> apps2PrivsMap;
327
328     for (const auto &username : usernames) {
329         for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
330             apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
331                 PM_MANY_APPS.at(i), std::set<std::string>(
332                     PM_MANY_APPS_PRIVILEGES.at(i).begin(),
333                     PM_MANY_APPS_PRIVILEGES.at(i).end())));
334             privileges_count+=PM_MANY_APPS_PRIVILEGES.at(i).size();
335         };
336
337         users2AppsMap.insert(std::make_pair(username, apps2PrivsMap));
338     };
339
340     users2AppsMap.at(usernames.at(1)).insert(std::make_pair(PRIVILEGE_MANAGER_APP,
341         std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE, PRIVILEGE_MANAGER_ADMIN_PRIVILEGE}));
342
343     privileges_count += 2;
344     //TEST DATA END
345
346     SynchronizationPipe pipe;
347     pid_t pid = fork();
348
349     if (pid != 0) { //parent process
350         pipe.claimParentEp();
351         std::vector<TemporaryTestUser> users = {
352             TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
353             TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
354             };
355
356         users.at(0).create();
357         users.at(1).create();
358         //Install apps for both users
359         for(const auto &user : users) {
360             for(const auto &app : users2AppsMap.at(user.getUserName())) {
361                 InstallRequest requestInst;
362                 requestInst.setAppId(app.first.c_str());
363                 try {
364                     requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str());
365                 } catch (const std::out_of_range &e) {
366                     RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
367                 };
368                 requestInst.setUid(user.getUid());
369
370                 for (const auto &privilege : app.second) {
371                     requestInst.addPrivilege(privilege.c_str());
372                 };
373
374                 Api::install(requestInst);
375             };
376
377             //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str());
378         };
379
380         //Start child process
381         pipe.post();
382         waitPid(pid);
383
384         for (auto &user : users)
385             user.remove();
386
387     } else { //child process
388         pipe.claimChildEp();
389         pipe.wait();
390
391         uid_t adminUid;
392         gid_t adminGid;
393         PasswdAccess::allUser(usernames.at(1), adminUid, adminGid);
394         std::string adminUidStr = std::to_string(adminUid);
395         uid_t normalUid = PasswdAccess::uid(usernames.at(0));
396         std::string normalUidStr = std::to_string(normalUid);
397         register_current_process_as_privilege_manager(adminUid, true);
398
399         //change uid to normal user
400         int result = drop_root_privileges(adminUid, adminGid);
401         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
402
403
404         std::vector<PolicyEntry> policyEntries;
405         //this call should succeed as the calling user is privileged
406         Api::getPolicy(PolicyEntry(), policyEntries);
407
408         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
409         RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
410
411         for (const auto &policyEntry : policyEntries) {
412             if (oldPolicySet.count(policyEntry))
413                 continue;
414
415             std::string user = policyEntry.getUser();
416             std::string app = policyEntry.getAppId();
417             std::string privilege = policyEntry.getPrivilege();
418
419             RUNNER_ASSERT_MSG(user == normalUidStr || user == adminUidStr, "Unexpected user: " << user);
420
421             std::string uidStrToLook = user == normalUidStr ? usernames.at(0) : usernames.at(1);
422
423             try {
424                 std::set<std::string>::iterator tmp = users2AppsMap.at(uidStrToLook).at(app).find(privilege);
425                 if (tmp == users2AppsMap.at(uidStrToLook).at(app).end())
426                     RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
427             } catch (const std::out_of_range &e) {
428                 RUNNER_FAIL_MSG("Unexpected policy entry: unexpected app: " << policyEntry << ". Exception: " << e.what());
429             } catch (const std::invalid_argument& e) {
430                 RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
431             };
432         };
433
434         exit(0);
435     };
436 }
437
438 RUNNER_CHILD_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_unprivileged)
439 {
440     //TEST DATA
441     const std::vector<std::string> usernames = {"sm_test_13_user_name_1", "sm_test_13_user_name_2"};
442
443     std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
444     std::map<std::string, std::set<std::string>> apps2PrivsMap;
445
446     for (const auto &username : usernames) {
447
448         for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
449             apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
450                 PM_MANY_APPS.at(i), std::set<std::string>(
451                     PM_MANY_APPS_PRIVILEGES.at(i).begin(),
452                     PM_MANY_APPS_PRIVILEGES.at(i).end())));
453         };
454
455         users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
456     };
457
458     users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
459         PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
460
461     //TEST DATA END
462
463     pid_t pid[2];
464     SynchronizationPipe sync[2];
465     std::vector<PolicyEntry> policyEntries;
466
467     pid[0] = fork();
468
469     if (pid[0] == 0) { //child #1 process
470         sync[0].claimChildEp();
471         sync[0].wait();
472
473         uid_t uid; gid_t gid;
474         PasswdAccess::allUser(usernames.at(0), uid, gid);
475         register_current_process_as_privilege_manager(uid);
476
477         //change uid to normal user
478         int result = drop_root_privileges(uid, gid);
479         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
480
481         PolicyEntry filter;
482         PolicyRequest policyRequest;
483
484         PolicyEntry policyEntry(
485                 PM_MANY_APPS[0],
486                 std::to_string(uid),
487                 "http://tizen.org/privilege/internet"
488                 );
489         policyEntry.setLevel("Deny");
490
491         policyRequest.addEntry(policyEntry);
492         policyEntry = PolicyEntry(
493                 PM_MANY_APPS[1],
494                 std::to_string(uid),
495                 "http://tizen.org/privilege/display"
496                 );
497         policyEntry.setLevel("Deny");
498
499         policyRequest.addEntry(policyEntry);
500         Api::sendPolicy(policyRequest);
501
502         exit(0);
503     } else { //parent process
504         sync[0].claimParentEp();
505         pid[1] = fork();
506
507         if (pid[1] == 0) { //child #2 process
508             sync[1].claimChildEp();
509             sync[1].wait();
510
511             uid_t target_uid = PasswdAccess::uid(usernames.at(0));
512             uid_t my_uid;
513             gid_t my_gid;
514             PasswdAccess::allUser(usernames.at(1), my_uid, my_gid);
515
516             register_current_process_as_privilege_manager(my_uid);
517
518             //change uid to normal user
519             int result = drop_root_privileges(my_uid, my_gid);
520             RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
521
522             PolicyEntry filter = PolicyEntry(
523                         SECURITY_MANAGER_ANY,
524                         std::to_string(target_uid),
525                         SECURITY_MANAGER_ANY
526                         );
527
528             //U2 requests contents of U1 privacy manager - should fail
529             Api::getPolicyForSelf(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED);
530             RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty, but is " << policyEntries.size());
531
532             filter = PolicyEntry(
533                         SECURITY_MANAGER_ANY,
534                         SECURITY_MANAGER_ANY,
535                         SECURITY_MANAGER_ANY
536                         );
537
538             policyEntries.clear();
539
540             //U2 requests contents of ADMIN bucket - should fail
541             Api::getPolicyForAdmin(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED);
542             RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty, but is " << policyEntries.size());
543             exit(0);
544         } else { //parent
545             sync[1].claimParentEp();
546             std::vector<TemporaryTestUser> users = {
547                 TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
548                 TemporaryTestUser(usernames.at(1), GUM_USERTYPE_NORMAL, false)
549                 };
550
551             users.at(0).create();
552             users.at(1).create();
553
554             //Install apps for both users
555             for(const auto &user : users2AppsMap) {
556
557                 for(const auto &app : user.second) {
558                     InstallRequest requestInst;
559                     requestInst.setAppId(app.first.c_str());
560                     try {
561                         requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str());
562                     } catch (const std::out_of_range &e) {
563                         RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
564                     };
565                     requestInst.setUid(users.at(0).getUid());
566
567                     for (const auto &privilege : app.second) {
568                         requestInst.addPrivilege(privilege.c_str());
569                     };
570
571                     Api::install(requestInst);
572                 };
573
574                 //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str());
575             };
576
577             //Start child #1
578             sync[0].post();
579             waitPid(pid[0]);
580
581             //Start child #2
582             sync[1].post();
583             waitPid(pid[1]);
584
585             for (auto &user : users)
586                 user.remove();
587         };
588     };
589 }
590
591 RUNNER_CHILD_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_for_admin)
592 {
593     //TEST DATA
594     const std::vector<std::string> usernames = {"sm_test_14_user_name_1", "sm_test_14_user_name_2"};
595     unsigned int privileges_count = 0;
596
597     std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
598     std::map<std::string, std::set<std::string>> apps2PrivsMap;
599
600     for (const auto &username : usernames) {
601
602         for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
603             apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
604                 PM_MANY_APPS.at(i), std::set<std::string>(
605                     PM_MANY_APPS_PRIVILEGES.at(i).begin(),
606                     PM_MANY_APPS_PRIVILEGES.at(i).end())));
607             privileges_count+=PM_MANY_APPS_PRIVILEGES.at(i).size();
608         };
609
610         users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
611     };
612
613     users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
614         PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
615
616     privileges_count += 2;
617     //TEST DATA END
618     SynchronizationPipe pipe;
619
620     pid_t pid = fork();
621     if (pid != 0) {
622         pipe.claimParentEp();
623         std::vector<TemporaryTestUser> users = {
624             TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
625             TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
626             };
627
628         users.at(0).create();
629         users.at(1).create();
630
631         //Install apps for both users
632         for(const auto &user : users) {
633
634             for(const auto &app : users2AppsMap.at(user.getUserName())) {
635                 InstallRequest requestInst;
636                 requestInst.setAppId(app.first.c_str());
637                 try {
638                     requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str());
639                 } catch (const std::out_of_range &e) {
640                     RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
641                 };
642                 requestInst.setUid(user.getUid());
643
644                 for (const auto &privilege : app.second) {
645                     requestInst.addPrivilege(privilege.c_str());
646                 };
647
648                 Api::install(requestInst);
649             };
650         };
651
652         //Start child process
653         pipe.post();
654         waitPid(pid);
655
656         //switch back to root
657         for (auto &user : users)
658             user.remove();
659
660     } else { //child process
661         pipe.claimChildEp();
662         pipe.wait();
663
664         uid_t uid; gid_t gid;
665         PasswdAccess::allUser(usernames.at(1), uid, gid);
666         register_current_process_as_privilege_manager(uid, true);
667
668         //change uid to normal user
669         int result = drop_root_privileges(uid, gid);
670         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
671
672         PolicyRequest *policyRequest = new PolicyRequest();
673         PolicyEntry filter;
674         std::vector<PolicyEntry> policyEntries;
675         //this call should succeed as the calling user is privileged
676         Api::getPolicyForSelf(filter, policyEntries);
677
678         unsigned int policyNum = policyEntries.size();
679
680         PolicyEntry policyEntry(
681                 SECURITY_MANAGER_ANY,
682                 SECURITY_MANAGER_ANY,
683                 "http://tizen.org/privilege/internet"
684                 );
685         policyEntry.setMaxLevel("Deny");
686
687         policyRequest->addEntry(policyEntry);
688         policyEntry = PolicyEntry(
689                 SECURITY_MANAGER_ANY,
690                 SECURITY_MANAGER_ANY,
691                 "http://tizen.org/privilege/display"
692                 );
693         policyEntry.setMaxLevel("Deny");
694
695         policyRequest->addEntry(policyEntry);
696         Api::sendPolicy(*policyRequest);
697         Api::getPolicyForAdmin(filter, policyEntries);
698
699         RUNNER_ASSERT_MSG(policyEntries.size() == policyNum + 2, "Number of policies doesn't match - should be: "
700                                     << policyNum + 2 << "  and is " << policyEntries.size());
701
702         delete policyRequest;
703         policyRequest = new PolicyRequest();
704         policyEntry = PolicyEntry(
705                 SECURITY_MANAGER_ANY,
706                 SECURITY_MANAGER_ANY,
707                 "http://tizen.org/privilege/internet"
708                 );
709         policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
710         policyRequest->addEntry(policyEntry);
711
712         policyEntry = PolicyEntry(
713                 SECURITY_MANAGER_ANY,
714                 SECURITY_MANAGER_ANY,
715                 "http://tizen.org/privilege/display"
716                 );
717         policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
718
719         policyRequest->addEntry(policyEntry);
720         Api::sendPolicy(*policyRequest);
721
722         policyEntries.clear();
723         Api::getPolicyForAdmin(filter, policyEntries);
724         RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Number of policies doesn't match - should be: 0 and is " << policyEntries.size());
725
726         delete policyRequest;
727
728         exit(0);
729     };
730
731 }
732
733 RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin)
734 {
735     const char *const update_app_id = "security_manager_15_update_app_id";
736     const char *const update_privilege = "http://tizen.org/privilege/led";
737     const char *const check_start_bucket = "ADMIN";
738     const std::string username("sm_test_15_username");
739     PolicyRequest addPolicyRequest;
740     CynaraTestAdmin::Admin admin;
741     ScopedProcessLabel keepLabel;
742
743     struct message {
744         uid_t uid;
745         gid_t gid;
746     } msg;
747
748     int pipefd[2];
749     pid_t pid;
750     int result = 0;
751
752     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
753
754     TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
755     user.create();
756
757     pid = fork();
758     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
759     if (pid != 0)//parent process
760     {
761         FdUniquePtr pipeptr(pipefd+1);
762         close(pipefd[0]);
763
764         register_current_process_as_privilege_manager(user.getUid(), true);
765
766         //send info to child
767         msg.uid = user.getUid();
768         msg.gid = user.getGid();
769
770         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
771         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
772
773         waitPid(pid);
774
775         admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id, "").c_str(),
776                 std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
777     }
778     if(pid == 0)
779     {
780         FdUniquePtr pipeptr(pipefd);
781         close(pipefd[1]);
782
783         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
784         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
785
786         //become admin privacy manager manager
787         Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
788         result = drop_root_privileges(msg.uid, msg.gid);
789         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
790
791         // FIXME - Application has to be installed for it to have policy set in SM
792         PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
793         entry.setMaxLevel("Allow");
794
795         addPolicyRequest.addEntry(entry);
796         Api::sendPolicy(addPolicyRequest);
797         exit(0);
798     }
799 }
800
801 RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard)
802 {
803     const char *const update_other_app_id = "security_manager_15_update_other_app_id";
804     const char *const update_privilege = "http://tizen.org/privilege/led";
805     const char *const check_start_bucket = "ADMIN";
806     const std::string username("sm_test_15_username");
807     PolicyRequest addPolicyRequest;
808     CynaraTestAdmin::Admin admin;
809     ScopedProcessLabel keepLabel;
810
811     struct message {
812         uid_t uid;
813         gid_t gid;
814     } msg;
815
816     int pipefd[2];
817     pid_t pid;
818     int result = 0;
819
820     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
821
822     TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
823     user.create();
824
825     pid = fork();
826     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
827     if (pid != 0)//parent process
828     {
829         FdUniquePtr pipeptr(pipefd+1);
830         close(pipefd[0]);
831
832         register_current_process_as_privilege_manager(user.getUid(), true);
833
834         //send info to child
835         msg.uid = user.getUid();
836         msg.gid = user.getGid();
837
838         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
839         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
840
841         waitPid(pid);
842
843         admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_other_app_id, "").c_str(),
844                 std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
845     }
846     if(pid == 0)
847     {
848         FdUniquePtr pipeptr(pipefd);
849         close(pipefd[1]);
850
851         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
852         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
853
854         //become admin privacy manager manager
855         Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
856         result = drop_root_privileges(msg.uid, msg.gid);
857         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
858
859         // use wildcard as appId
860         PolicyEntry entry(SECURITY_MANAGER_ANY, std::to_string(static_cast<int>(msg.uid)), update_privilege);
861         entry.setMaxLevel("Allow");
862
863         addPolicyRequest.addEntry(entry);
864         Api::sendPolicy(addPolicyRequest);
865         exit(0);
866     }
867 }
868
869 RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_self)
870 {
871     const char *const update_app_id = "security_manager_15_update_app_id";
872     const char *const update_privilege = "http://tizen.org/privilege/led";
873     const char *const check_start_bucket = "";
874     const std::string username("sm_test_15_username");
875     PolicyRequest addPolicyRequest;
876     CynaraTestAdmin::Admin admin;
877     ScopedProcessLabel keepLabel;
878
879     struct message {
880         uid_t uid;
881         gid_t gid;
882     } msg;
883
884     int pipefd[2];
885     pid_t pid;
886     int result = 0;
887
888     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
889
890     TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
891     user.create();
892
893     pid = fork();
894     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
895     if (pid != 0)//parent process
896     {
897         FdUniquePtr pipeptr(pipefd+1);
898         close(pipefd[0]);
899
900         register_current_process_as_privilege_manager(user.getUid(), false);
901
902         //send info to child
903         msg.uid = user.getUid();
904         msg.gid = user.getGid();
905
906         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
907         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
908
909         waitPid(pid);
910
911         admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id, "").c_str(),
912                 std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
913     }
914     if(pid == 0)
915     {
916         FdUniquePtr pipeptr(pipefd);
917         close(pipefd[1]);
918
919         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
920         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
921
922         //become admin privacy manager manager
923         Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
924         result = drop_root_privileges(msg.uid, msg.gid);
925         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
926
927         // FIXME - Application has to be installed for it to have policy set in SM
928         PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
929         entry.setLevel("Allow");
930
931         addPolicyRequest.addEntry(entry);
932         Api::sendPolicy(addPolicyRequest);
933         exit(0);
934     }
935 }
936
937 RUNNER_CHILD_TEST(security_manager_16_policy_levels_get)
938 {
939     const std::string username("sm_test_16_user_cynara_policy");
940     CynaraTestAdmin::Admin admin;
941     int pipefd[2];
942     pid_t pid;
943     int result = 0;
944
945     struct message {
946         uid_t uid;
947         gid_t gid;
948     } msg;
949
950     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
951
952     TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
953     user.create();
954
955     pid = fork();
956     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
957     if (pid != 0)//parent process
958     {
959         FdUniquePtr pipeptr(pipefd+1);
960         close(pipefd[0]);
961
962         //send info to child
963         msg.uid = user.getUid();
964         msg.gid = user.getGid();
965
966         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
967         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
968
969         waitPid(pid);
970     }
971     if(pid == 0)
972     {
973         int ret;
974         char** levels;
975         std::string allow_policy, deny_policy;
976         size_t count;
977         FdUniquePtr pipeptr(pipefd);
978         close(pipefd[1]);
979
980         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
981         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
982
983         //become admin privacy manager manager
984         result = drop_root_privileges(msg.uid, msg.gid);
985         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
986
987         // 3 should be there when ask-user is installed
988         ret = security_manager_policy_levels_get(&levels, &count);
989
990         RUNNER_ASSERT_MSG((lib_retcode)ret == SECURITY_MANAGER_SUCCESS,
991                 "Invlid return code: " << ret);
992
993         RUNNER_ASSERT_MSG(count == 3, "Invalid number of policy levels. Should be 3, instead there is: " << static_cast<int>(count));
994
995         deny_policy = std::string(levels[0]);
996         allow_policy = std::string(levels[count-1]);
997
998         // first should always be Deny
999         RUNNER_ASSERT_MSG(deny_policy.compare("Deny") == 0,
1000                 "Invalid first policy level. Should be Deny, instead there is: " << levels[0]);
1001
1002         // last should always be Allow
1003         RUNNER_ASSERT_MSG(allow_policy.compare("Allow") == 0,
1004                 "Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]);
1005
1006         security_manager_policy_levels_free(levels, count);
1007         exit(0);
1008     }
1009 }
1010
1011 RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self)
1012 {
1013     const char *const update_app_id = "security_manager_17_update_app_id";
1014     const char *const update_privilege = "http://tizen.org/privilege/led";
1015     const char *const check_start_bucket = "";
1016     const std::string username("sm_test_17_username");
1017     PolicyRequest addPolicyRequest;
1018     CynaraTestAdmin::Admin admin;
1019
1020     struct message {
1021         uid_t uid;
1022         gid_t gid;
1023     } msg;
1024
1025     int pipefd[2];
1026     int pipefd2[2];
1027     pid_t pid[2];
1028     int result = 0;
1029     ScopedProcessLabel keepLabel;
1030
1031     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
1032     RUNNER_ASSERT_MSG((pipe(pipefd2) != -1),"second pipe failed");
1033
1034     TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
1035     user.create();
1036
1037     pid[0] = fork();
1038     RUNNER_ASSERT_MSG(pid[0] >= 0, "fork failed");
1039     if (pid[0] != 0)//parent process
1040     {
1041         FdUniquePtr pipeptr(pipefd+1);
1042         close(pipefd[0]);
1043
1044         register_current_process_as_privilege_manager(user.getUid(), false);
1045
1046         //send info to child
1047         msg.uid = user.getUid();
1048         msg.gid = user.getGid();
1049
1050         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
1051         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
1052
1053         waitPid(pid[0]);
1054
1055         admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id, "").c_str(),
1056                 std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
1057
1058         pid[1] = fork();
1059         if (pid[1] != 0)//parent process
1060         {
1061             FdUniquePtr pipeptr(pipefd2+1);
1062             close(pipefd2[0]);
1063
1064             //send info to child
1065             msg.uid = user.getUid();
1066             msg.gid = user.getGid();
1067
1068             ssize_t written = TEMP_FAILURE_RETRY(write(pipefd2[1], &msg, sizeof(struct message)));
1069             RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
1070
1071             waitPid(pid[1]);
1072
1073             admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id, "").c_str(),
1074                     std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr);
1075         }
1076         if(pid[1] == 0)
1077         {
1078             FdUniquePtr pipeptr(pipefd2);
1079             close(pipefd2[1]);
1080
1081             ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message)));
1082             RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
1083
1084             result = drop_root_privileges(msg.uid, msg.gid);
1085             RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1086
1087             // delete this entry
1088             PolicyRequest deletePolicyRequest;
1089             // FIXME - Application has to be installed for it to have policy set in SM
1090             PolicyEntry deleteEntry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
1091             deleteEntry.setLevel(SECURITY_MANAGER_DELETE);
1092
1093             deletePolicyRequest.addEntry(deleteEntry);
1094             Api::sendPolicy(deletePolicyRequest);
1095             exit(0);
1096         }
1097     }
1098     if(pid[0] == 0)
1099     {
1100         FdUniquePtr pipeptr(pipefd);
1101         close(pipefd[1]);
1102
1103         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
1104         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
1105
1106         //become admin privacy manager manager
1107         Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
1108         result = drop_root_privileges(msg.uid, msg.gid);
1109         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1110
1111         // FIXME - Application has to be installed for it to have policy set in SM
1112         PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
1113         entry.setLevel("Allow");
1114
1115         addPolicyRequest.addEntry(entry);
1116         Api::sendPolicy(addPolicyRequest);
1117         exit(0);
1118     }
1119 }
1120
1121 RUNNER_CHILD_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_self_filtered)
1122 {
1123     const std::string username("sm_test_17_user_name");
1124
1125     struct message {
1126         uid_t uid;
1127         gid_t gid;
1128         unsigned int privileges_count;
1129     } msg;
1130
1131     int pipefd[2];
1132     pid_t pid;
1133     int result = 0;
1134     ScopedProcessLabel keepLabel;
1135
1136     RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
1137
1138     pid = fork();
1139     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
1140     if (pid != 0)//parent process
1141     {
1142         FdUniquePtr pipeptr(pipefd+1);
1143         close(pipefd[0]);
1144
1145         TemporaryTestUser user(username, static_cast<GumUserType>(GUM_USERTYPE_NORMAL), false);
1146         user.create();
1147
1148         unsigned int privileges_count = 0;
1149
1150         for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) {
1151             InstallRequest requestInst;
1152             requestInst.setAppId(PM_MANY_APPS[i].c_str());
1153             requestInst.setPkgId(PM_MANY_APPS_PKGS.at(PM_MANY_APPS[i]).package.c_str());
1154             requestInst.setUid(user.getUid());
1155
1156             for (auto &priv : PM_MANY_APPS_PRIVILEGES.at(i)) {
1157                 requestInst.addPrivilege(priv.c_str());
1158             };
1159
1160             Api::install(requestInst);
1161             privileges_count += PM_MANY_APPS_PRIVILEGES.at(i).size();
1162         };
1163
1164         register_current_process_as_privilege_manager(user.getUid(), false);
1165         //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
1166         ++privileges_count;
1167
1168         //send info to child
1169         msg.uid = user.getUid();
1170         msg.gid = user.getGid();
1171         msg.privileges_count = privileges_count;
1172
1173         ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
1174         RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
1175
1176         waitPid(pid);
1177     }
1178     if(pid == 0)
1179     {
1180         FdUniquePtr pipeptr(pipefd);
1181         close(pipefd[1]);
1182
1183         ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
1184         RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
1185
1186         //become admin privacy manager manager
1187         Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
1188         result = drop_root_privileges(msg.uid, msg.gid);
1189         RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
1190
1191         // filter by privilege
1192         std::vector<PolicyEntry> policyEntries;
1193         PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/internet");
1194         Api::getPolicy(filter, policyEntries);
1195
1196         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
1197         RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
1198
1199         // filter by other privilege
1200         policyEntries.clear();
1201         PolicyEntry filter2(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/email");
1202         Api::getPolicy(filter2, policyEntries);
1203
1204         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
1205         RUNNER_ASSERT_MSG(policyEntries.size() == 3, "Number of policies doesn't match - should be: 3 and is " << policyEntries.size());
1206
1207         // filter by appId
1208         policyEntries.clear();
1209         PolicyEntry filter3(PM_MANY_APPS[4].c_str(), SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY);
1210         Api::getPolicy(filter3, policyEntries);
1211
1212         RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
1213         RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size());
1214     }
1215 }
Domain: Security / Uncategorized;