2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 // This has to be before xattr header, because it uses size_t and ssize_t and does not include this
19 #include <sys/types.h>
20 #include <attr/xattr.h>
23 #include <sys/smack.h>
28 #include <app_install_helper.h>
29 #include <dpl/test/test_runner.h>
32 #include <sm_commons.h>
33 #include <sm_request.h>
34 #include <sm_sharing_request.h>
35 #include <tests_common.h>
37 using namespace SecurityManagerTest;
39 const char *const owner_access = "rwxat";
40 const char *const target_path_access = "rxl";
41 const char *const target_dir_access = "x";
42 const char *const no_access = "";
44 void check_system_access(const std::string pathLabel, bool apply = true) {
45 check_exact_smack_accesses("User", pathLabel, (apply ? owner_access : no_access));
46 check_exact_smack_accesses("System", pathLabel, (apply ? owner_access : no_access));
49 void check_owner_access(const std::string &ownerLabel, const std::string &pathLabel, bool apply = true) {
50 check_exact_smack_accesses(ownerLabel, pathLabel, (apply ? owner_access : no_access));
53 void check_target_access(const std::string &ownerPkgLabel, const std::string &targetLabel,
54 const std::string &pathLabel, bool pathShared = true, bool anyPathShared = true) {
55 check_exact_smack_accesses(targetLabel, pathLabel, (pathShared ? target_path_access : no_access));
56 check_exact_smack_accesses(targetLabel, ownerPkgLabel, (anyPathShared ? target_dir_access : no_access));
59 void check_path_label(const std::string &path, const std::string &expectedLabel) {
60 char *label = nullptr;
61 int ret = smack_new_label_from_path(path.c_str(), XATTR_NAME_SMACK, 0, &label);
62 RUNNER_ASSERT_MSG(ret > 0, "smack_new_label_from_path failed for " << path);
63 SmackLabelPtr realLabel(label);
64 RUNNER_ASSERT_MSG(realLabel.get() == expectedLabel, "Fetched label from " << path << " different"
65 " than expected, is : " << realLabel.get() << " should be " << expectedLabel);
68 void createFile(const std::string &filePath)
70 //create temporary file and set label for it
73 unlink(filePath.c_str());
74 //allow to create file with 777 rights
75 systemMask = umask(0000);
76 int fd = open(filePath.c_str(), O_RDWR | O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO);
79 RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests");
81 //for descriptor protection
82 FdUniquePtr fd_ptr(&fd);
84 //change owner and group to user APP
85 int ret = chown(filePath.c_str(), APP_UID, APP_GID);
86 RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
90 const std::string &path;
91 app_install_path_type path_type;
94 InstallRequest createInstallReq(const std::string &appName, const std::string &pkgName,
95 const std::vector<PathInfo> &paths){
97 req.setAppId(appName);
98 req.setPkgId(pkgName);
99 for (const auto &pathInfo : paths) {
100 req.addPath(pathInfo.path, pathInfo.path_type);
105 InstallRequest createInstallReq(const AppInstallHelper &info,
106 const std::vector<PathInfo> &paths = std::vector<PathInfo>()){
107 return createInstallReq(info.getAppId(), info.getPkgId(), paths);
110 void clearLabels(const std::string &path) {
111 int result = nftw(path.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
112 RUNNER_ASSERT_MSG(result == 0, "Unable to remove Smack labels in " << path);
117 RUNNER_TEST_GROUP_INIT(SECURIT_MANAGER_PRIVATE_SHARING)
119 RUNNER_TEST(security_manager_30a_send_incomplete_req1)
121 SharingRequest request;
122 Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
123 request.setOwnerAppId("someOwner");
124 Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
125 request.setTargetAppId("someTarget");
126 Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
129 RUNNER_TEST(security_manager_30b_send_incomplete_req2)
131 SharingRequest request;
132 request.setTargetAppId("someTarget");
133 Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
134 request.setOwnerAppId("someOwner");
135 Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
138 RUNNER_TEST(security_manager_30c_send_incomplete_req3)
140 SharingRequest request;
141 const char *somePaths[] = {"path1", "path2"};
142 request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
143 Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
144 request.setOwnerAppId("someOwner");
145 Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
148 RUNNER_TEST(security_manager_30d_unknown_owner)
150 // This test depends on order of checks in security-manager service implementation
151 SharingRequest request;
152 request.setOwnerAppId("ImPrettySureIDontExist");
153 request.setTargetAppId("IDontMatter");
154 const char *somePaths[] = {"path1", "path2"};
155 request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
156 Api::applySharing(request, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
159 RUNNER_TEST(security_manager_30e_unknown_target)
161 // This test depends on order of checks in security-manager service implementation
162 AppInstallHelper owner("installedApp");
164 owner.createInstallDir();
165 InstallRequest ownerInst;
166 ownerInst.setAppId(owner.getAppId());
167 ownerInst.setPkgId(owner.getPkgId());
168 Api::install(ownerInst);
170 SharingRequest request;
171 request.setOwnerAppId(owner.getAppId());
172 request.setTargetAppId("NowImPrettySureIDontExist");
173 const char *somePaths[] = {"path1", "path2"};
174 request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
175 Api::applySharing(request, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
177 Api::uninstall(ownerInst);
180 RUNNER_TEST(security_manager_30f_bad_paths)
182 // This test depends on order of checks in security-manager service implementation
183 AppInstallHelper owner("installedApp");
185 owner.createInstallDir();
186 InstallRequest ownerInst = createInstallReq(owner);
187 Api::install(ownerInst);
189 AppInstallHelper target("secondInstalledApp");
190 target.revokeRules();
191 target.createInstallDir();
192 InstallRequest targetInst = createInstallReq(target);
193 Api::install(targetInst);
195 SharingRequest request;
196 request.setOwnerAppId(owner.getAppId());
197 request.setTargetAppId(target.getAppId());
199 const char *somePath = "/tmp/somePath";
200 createFile(somePath);
201 const char *somePaths[] = {somePath};
202 request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
203 Api::applySharing(request, SECURITY_MANAGER_ERROR_APP_NOT_PATH_OWNER);
205 Api::uninstall(ownerInst);
206 Api::uninstall(targetInst);
209 RUNNER_TEST(security_manager_31_simple_share)
211 std::vector<AppInstallHelper> helper {{"app31a"}, {"app31b"}};
212 auto &owner = helper[0];
213 auto &target = helper[1];
215 for (auto &e : helper) {
217 e.createInstallDir();
220 owner.createPrivateDir();
221 owner.createSharedFile();
222 clearLabels(owner.getInstallDir());
223 InstallRequest ownerReq = createInstallReq(owner,
224 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
225 Api::install(ownerReq);
227 InstallRequest targetReq = createInstallReq(target);
228 Api::install(targetReq);
230 SharingRequest share1;
231 std::string sharedPath = owner.getSharedPath();
232 share1.setOwnerAppId(owner.getAppId());
233 share1.setTargetAppId(target.getAppId());
234 const char *path[] = {sharedPath.c_str()};
235 share1.addPaths(path, 1);
236 Api::applySharing(share1);
238 TestSecurityManagerDatabase db;
239 std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
240 RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
242 check_system_access(pathLabel1);
243 check_owner_access(owner.generateAppLabel(), pathLabel1);
244 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
245 check_path_label(sharedPath, pathLabel1);
247 Api::dropSharing(share1);
248 check_system_access(pathLabel1, false);
249 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
250 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
251 check_path_label(sharedPath, owner.generatePkgLabel());
253 Api::uninstall(ownerReq);
254 Api::uninstall(targetReq);
257 RUNNER_TEST(security_manager_32_double_share)
259 std::vector<AppInstallHelper> helper {{"app32a"}, {"app32b"}};
260 auto &owner = helper[0];
261 auto &target = helper[1];
264 for (auto &e : helper) {
266 e.createInstallDir();
268 owner.createPrivateDir();
269 owner.createSharedFile();
270 clearLabels(owner.getInstallDir());
272 InstallRequest ownerReq = createInstallReq(owner,
273 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
274 Api::install(ownerReq);
276 InstallRequest targetReq = createInstallReq(target);
277 Api::install(targetReq);
279 SharingRequest share1;
280 std::string sharedPath = owner.getSharedPath(0);
281 share1.setOwnerAppId(owner.getAppId());
282 share1.setTargetAppId(target.getAppId());
283 const char *path[] = {sharedPath.c_str()};
284 share1.addPaths(path, 1);
285 Api::applySharing(share1);
287 TestSecurityManagerDatabase db;
288 std::string pathLabel = db.get_path_label(sharedPath.c_str());
289 RUNNER_ASSERT_MSG(!pathLabel.empty(), "Couldn't fetch path label from database for file " << sharedPath);
291 check_system_access(pathLabel);
292 check_owner_access(owner.generateAppLabel(), pathLabel);
293 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel);
294 check_path_label(sharedPath, pathLabel);
296 Api::applySharing(share1);
297 check_system_access(pathLabel);
298 check_owner_access(owner.generateAppLabel(), pathLabel);
299 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel);
300 check_path_label(sharedPath, pathLabel);
302 Api::dropSharing(share1);
303 check_system_access(pathLabel);
304 check_owner_access(owner.generateAppLabel(), pathLabel);
305 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel);
306 check_path_label(sharedPath, pathLabel);
308 Api::dropSharing(share1);
309 check_system_access(pathLabel, false);
310 check_owner_access(owner.generateAppLabel(), pathLabel, false);
311 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel, false, false);
312 check_path_label(sharedPath, owner.generatePkgLabel());
314 Api::uninstall(ownerReq);
315 Api::uninstall(targetReq);
317 RUNNER_TEST(security_manager_33_share_two_with_one)
319 std::vector<AppInstallHelper> helper {{"app33a"}, {"app33b"}};
320 auto &owner = helper[0];
321 auto &target = helper[1];
324 for (auto &e : helper) {
326 e.createInstallDir();
328 owner.createPrivateDir();
329 owner.createSharedFile(0);
330 owner.createSharedFile(1);
331 clearLabels(owner.getInstallDir());
332 InstallRequest ownerReq = createInstallReq(owner,
333 {PathInfo{owner.getSharedPath(0), SECURITY_MANAGER_PATH_RW},
334 PathInfo{owner.getSharedPath(1), SECURITY_MANAGER_PATH_RW}});
335 Api::install(ownerReq);
337 InstallRequest targetReq = createInstallReq(target);
338 Api::install(targetReq);
340 SharingRequest share1, share2;
341 std::string sharedPath1 = owner.getSharedPath(0);
342 std::string sharedPath2 = owner.getSharedPath(1);
343 share1.setOwnerAppId(owner.getAppId());
344 share2.setOwnerAppId(owner.getAppId());
345 share1.setTargetAppId(target.getAppId());
346 share2.setTargetAppId(target.getAppId());
347 const char *path1[] = {sharedPath1.c_str()};
348 const char *path2[] = {sharedPath2.c_str()};
349 share1.addPaths(path1, 1);
350 share2.addPaths(path2, 1);
352 Api::applySharing(share1);
353 TestSecurityManagerDatabase db;
354 std::string pathLabel1 = db.get_path_label(sharedPath1.c_str());
355 RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath1);
357 check_system_access(pathLabel1);
358 check_owner_access(owner.generateAppLabel(), pathLabel1);
359 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
360 check_path_label(sharedPath1, pathLabel1);
362 Api::applySharing(share2);
363 std::string pathLabel2 = db.get_path_label(sharedPath2.c_str());
364 RUNNER_ASSERT_MSG(!pathLabel2.empty(), "Couldn't fetch path label from database for file " << sharedPath2);
365 RUNNER_ASSERT_MSG(pathLabel1 != pathLabel2, "Labels for private shared paths should be unique!");
367 check_system_access(pathLabel1);
368 check_system_access(pathLabel2);
369 check_owner_access(owner.generateAppLabel(), pathLabel1);
370 check_owner_access(owner.generateAppLabel(), pathLabel2);
371 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
372 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel2);
373 check_path_label(sharedPath1, pathLabel1);
374 check_path_label(sharedPath2, pathLabel2);
376 Api::dropSharing(share1);
377 check_system_access(pathLabel1, false);
378 check_system_access(pathLabel2);
379 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
380 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false);
381 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel2);
382 check_path_label(sharedPath1, owner.generatePkgLabel());
383 check_path_label(sharedPath2, pathLabel2);
385 Api::dropSharing(share2);
386 check_system_access(pathLabel1, false);
387 check_system_access(pathLabel2, false);
388 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
389 check_owner_access(owner.generateAppLabel(), pathLabel2, false);
390 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
391 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel2, false, false);
392 check_path_label(sharedPath1, owner.generatePkgLabel());
393 check_path_label(sharedPath2, owner.generatePkgLabel());
395 Api::uninstall(ownerReq);
396 Api::uninstall(targetReq);
399 RUNNER_TEST(security_manager_34_share_one_with_two)
401 std::vector<AppInstallHelper> helper {{"app34a"}, {"app34b"}, {"app34c"}};
402 auto &owner = helper[0];
403 auto &target1 = helper[1];
404 auto &target2 = helper[2];
407 for (auto &e : helper) {
409 e.createInstallDir();
411 owner.createPrivateDir();
412 owner.createSharedFile();
413 clearLabels(owner.getInstallDir());
415 InstallRequest ownerReq = createInstallReq(owner,
416 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
417 Api::install(ownerReq);
419 for (size_t i = 1; i < helper.size(); i++) {
420 InstallRequest targetReq = createInstallReq(helper[i]);
421 Api::install(targetReq);
424 SharingRequest share1, share2;
425 std::string sharedPath = owner.getSharedPath(0).c_str();
426 share1.setOwnerAppId(owner.getAppId());
427 share2.setOwnerAppId(owner.getAppId());
428 share1.setTargetAppId(target1.getAppId());
429 share2.setTargetAppId(target2.getAppId());
431 const char *path[] = {sharedPath.c_str()};
432 share1.addPaths(path, 1);
433 share2.addPaths(path, 1);
435 Api::applySharing(share1);
436 TestSecurityManagerDatabase db;
437 std::string pathLabel = db.get_path_label(sharedPath.c_str());
438 RUNNER_ASSERT_MSG(!pathLabel.empty(), "Couldn't fetch path label from database for file " << sharedPath);
440 check_system_access(pathLabel);
441 check_owner_access(owner.generateAppLabel(), pathLabel);
442 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
443 check_path_label(sharedPath, pathLabel);
445 Api::applySharing(share2);
446 check_system_access(pathLabel);
447 check_owner_access(owner.generateAppLabel(), pathLabel);
448 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
449 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
450 check_path_label(sharedPath, pathLabel);
452 Api::dropSharing(share1);
453 check_system_access(pathLabel);
454 check_owner_access(owner.generateAppLabel(), pathLabel);
455 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
456 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
457 check_path_label(sharedPath, pathLabel);
459 Api::dropSharing(share2);
460 check_system_access(pathLabel, false);
461 check_owner_access(owner.generateAppLabel(), pathLabel, false);
462 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
463 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel, false, false);
464 check_path_label(sharedPath, owner.generatePkgLabel());
466 Api::uninstall(ownerReq);
467 for (size_t i = 1; i < helper.size(); i++) {
468 InstallRequest targetReq = createInstallReq(helper[i]);
469 Api::uninstall(targetReq);
473 RUNNER_TEST(security_manager_35_share_two_with_two)
475 std::vector<AppInstallHelper> helper {{"app35a"}, {"app35b"}, {"app35c"}};
476 auto &owner = helper[0];
477 auto &target1 = helper[1];
478 auto &target2 = helper[2];
481 for (auto &e : helper) {
483 e.createInstallDir();
485 owner.createPrivateDir();
486 owner.createSharedFile(0);
487 owner.createSharedFile(1);
488 clearLabels(owner.getInstallDir());
490 InstallRequest ownerReq = createInstallReq(owner,
491 {PathInfo{owner.getSharedPath(0), SECURITY_MANAGER_PATH_RW},
492 PathInfo{owner.getSharedPath(1), SECURITY_MANAGER_PATH_RW}});
494 Api::install(ownerReq);
496 for (size_t i = 1; i < helper.size(); i++) {
497 InstallRequest targetReq = createInstallReq(helper[i]);
498 Api::install(targetReq);
501 SharingRequest share1, share2;
502 std::string sharedPath1 = owner.getSharedPath(0).c_str();
503 std::string sharedPath2 = owner.getSharedPath(1).c_str();
504 share1.setOwnerAppId(owner.getAppId());
505 share2.setOwnerAppId(owner.getAppId());
506 share1.setTargetAppId(target1.getAppId());
507 share2.setTargetAppId(target2.getAppId());
509 const char *path1[] = {sharedPath1.c_str()};
510 const char *path2[] = {sharedPath2.c_str()};
511 share1.addPaths(path1, 1);
512 share2.addPaths(path2, 1);
514 Api::applySharing(share1);
515 TestSecurityManagerDatabase db;
516 std::string pathLabel1 = db.get_path_label(sharedPath1.c_str());
517 RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath1);
519 check_system_access(pathLabel1);
520 check_owner_access(owner.generateAppLabel(), pathLabel1);
521 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1);
522 check_path_label(sharedPath1, pathLabel1);
524 Api::applySharing(share2);
525 std::string pathLabel2 = db.get_path_label(sharedPath2.c_str());
526 RUNNER_ASSERT_MSG(!pathLabel2.empty(), "Couldn't fetch path label from database for file " << sharedPath2);
527 RUNNER_ASSERT_MSG(pathLabel1 != pathLabel2, "Labels for shared files should be unique!");
529 check_system_access(pathLabel1);
530 check_system_access(pathLabel2);
531 check_owner_access(owner.generateAppLabel(), pathLabel1);
532 check_owner_access(owner.generateAppLabel(), pathLabel2);
533 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1);
534 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel2);
535 check_path_label(sharedPath1, pathLabel1);
536 check_path_label(sharedPath2, pathLabel2);
538 Api::dropSharing(share2);
539 check_system_access(pathLabel1);
540 check_system_access(pathLabel2, false);
541 check_owner_access(owner.generateAppLabel(), pathLabel1);
542 check_owner_access(owner.generateAppLabel(), pathLabel2, false);
543 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1);
544 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel2, false, false);
545 check_path_label(sharedPath1, pathLabel1);
546 check_path_label(sharedPath2, owner.generatePkgLabel());
548 Api::dropSharing(share1);
549 check_system_access(pathLabel1, false);
550 check_system_access(pathLabel2, false);
551 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
552 check_owner_access(owner.generateAppLabel(), pathLabel2, false);
553 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1, false, false);
554 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel2, false, false);
555 check_path_label(sharedPath1, owner.generatePkgLabel());
556 check_path_label(sharedPath2, owner.generatePkgLabel());
557 Api::uninstall(ownerReq);
558 for (size_t i = 1; i < helper.size(); i++) {
559 InstallRequest targetReq;
560 targetReq.setAppId(helper[i].getAppId());
561 targetReq.setPkgId(helper[i].getAppId());
562 Api::uninstall(targetReq);
566 RUNNER_TEST(security_manager_35_share_uninstall_target) {
567 std::vector<AppInstallHelper> helper {{"app35aa"}, {"app35bb"}};
568 auto &owner = helper[0];
569 auto &target = helper[1];
571 for (auto &e : helper) {
573 e.createInstallDir();
576 owner.createPrivateDir();
577 owner.createSharedFile();
578 clearLabels(owner.getInstallDir());
580 InstallRequest ownerReq = createInstallReq(owner,
581 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
582 Api::install(ownerReq);
584 InstallRequest targetReq = createInstallReq(target);
585 Api::install(targetReq);
587 SharingRequest share1;
588 std::string sharedPath = owner.getSharedPath();
589 share1.setOwnerAppId(owner.getAppId());
590 share1.setTargetAppId(target.getAppId());
591 const char *path[] = {sharedPath.c_str()};
592 share1.addPaths(path, 1);
593 Api::applySharing(share1);
595 TestSecurityManagerDatabase db;
596 std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
597 RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
599 check_system_access(pathLabel1);
600 check_owner_access(owner.generateAppLabel(), pathLabel1);
601 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
602 check_path_label(sharedPath, pathLabel1);
604 Api::uninstall(targetReq);
606 check_system_access(pathLabel1, false);
607 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
608 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
609 check_path_label(sharedPath, owner.generatePkgLabel());
611 Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
612 Api::uninstall(ownerReq);
615 RUNNER_TEST(security_manager_35_share_uninstall_owner) {
616 std::vector<AppInstallHelper> helper {{"app35aaa"}, {"app35bbb"}};
617 auto &owner = helper[0];
618 auto &target = helper[1];
620 for (auto &e : helper) {
622 e.createInstallDir();
625 owner.createPrivateDir();
626 owner.createSharedFile();
628 clearLabels(owner.getInstallDir());
630 InstallRequest ownerReq = createInstallReq(owner,
631 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
632 Api::install(ownerReq);
634 InstallRequest targetReq = createInstallReq(target);
635 Api::install(targetReq);
637 SharingRequest share1;
638 std::string sharedPath = owner.getSharedPath();
639 share1.setOwnerAppId(owner.getAppId());
640 share1.setTargetAppId(target.getAppId());
641 const char *path[] = {sharedPath.c_str()};
642 share1.addPaths(path, 1);
643 Api::applySharing(share1);
645 TestSecurityManagerDatabase db;
646 std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
647 RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
649 check_system_access(pathLabel1);
650 check_owner_access(owner.generateAppLabel(), pathLabel1);
651 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
652 check_path_label(sharedPath, pathLabel1);
655 Api::uninstall(ownerReq);
657 check_system_access(pathLabel1, false);
658 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
659 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
661 Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
662 Api::uninstall(targetReq);
665 RUNNER_TEST(security_manager_36_share_pkg_owner_uninstall) {
666 std::vector<AppInstallHelper> helper {{"app36a", "pkg1"}, {"app36b", "pkg1"}, {"app36c", "pkg2"}};
667 auto &owner = helper[0];
668 auto &pkgApp = helper[1];
669 auto &target = helper[2];
671 for (auto &e : helper) {
673 e.createInstallDir();
676 owner.createPrivateDir();
677 owner.createSharedFile();
678 clearLabels(owner.getInstallDir());
680 InstallRequest ownerReq = createInstallReq(owner,
681 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
682 Api::install(ownerReq);
684 InstallRequest pkgAppReq = createInstallReq(pkgApp);
685 Api::install(pkgAppReq);
686 InstallRequest targetReq = createInstallReq(target);
687 Api::install(targetReq);
689 SharingRequest share1;
690 std::string sharedPath = owner.getSharedPath();
691 share1.setOwnerAppId(owner.getAppId());
692 share1.setTargetAppId(target.getAppId());
693 const char *path[] = {sharedPath.c_str()};
694 share1.addPaths(path, 1);
695 Api::applySharing(share1);
697 TestSecurityManagerDatabase db;
698 std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
699 RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
701 check_system_access(pathLabel1);
702 check_owner_access(owner.generateAppLabel(), pathLabel1);
703 check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
704 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
705 check_path_label(sharedPath, pathLabel1);
708 Api::uninstall(ownerReq);
710 check_system_access(pathLabel1, false);
711 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
712 check_owner_access(pkgApp.generateAppLabel(), pathLabel1, false);
713 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
715 Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
716 Api::uninstall(pkgAppReq);
717 Api::uninstall(targetReq);
720 RUNNER_TEST(security_manager_36_share_pkg_owner_drop) {
721 std::vector<AppInstallHelper> helper {{"app36aa", "pkg1"}, {"app36bb", "pkg1"}, {"app36cc", "pkg2"}};
722 auto &owner = helper[0];
723 auto &pkgApp = helper[1];
724 auto &target = helper[2];
726 for (auto &e : helper) {
728 e.createInstallDir();
731 owner.createPrivateDir();
732 owner.createSharedFile();
733 clearLabels(owner.getInstallDir());
735 InstallRequest ownerReq = createInstallReq(owner,
736 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
737 Api::install(ownerReq);
739 InstallRequest pkgAppReq = createInstallReq(pkgApp);
740 Api::install(pkgAppReq);
741 InstallRequest targetReq = createInstallReq(target);
742 Api::install(targetReq);
744 SharingRequest share1;
745 std::string sharedPath = owner.getSharedPath();
746 share1.setOwnerAppId(owner.getAppId());
747 share1.setTargetAppId(target.getAppId());
748 const char *path[] = {sharedPath.c_str()};
749 share1.addPaths(path, 1);
750 Api::applySharing(share1);
752 TestSecurityManagerDatabase db;
753 std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
754 RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
756 check_system_access(pathLabel1);
757 check_owner_access(owner.generateAppLabel(), pathLabel1);
758 check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
759 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
760 check_path_label(sharedPath, pathLabel1);
762 Api::dropSharing(share1);
764 check_system_access(pathLabel1, false);
765 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
766 check_owner_access(pkgApp.generateAppLabel(), pathLabel1, false);
767 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
768 check_path_label(sharedPath, owner.generatePkgLabel());
770 Api::uninstall(ownerReq);
771 Api::uninstall(pkgAppReq);
772 Api::uninstall(targetReq);
775 RUNNER_TEST(security_manager_36_share_pkg_target_uninstall) {
776 std::vector<AppInstallHelper> helper {{"app36aaa", "pkg1"}, {"app36bbb", "pkg1"}, {"app36ccc", "pkg2"}};
777 auto &owner = helper[0];
778 auto &pkgApp = helper[1];
779 auto &target = helper[2];
781 for (auto &e : helper) {
783 e.createInstallDir();
786 owner.createPrivateDir();
787 owner.createSharedFile();
788 clearLabels(owner.getInstallDir());
790 InstallRequest ownerReq = createInstallReq(owner,
791 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
792 Api::install(ownerReq);
794 InstallRequest pkgAppReq = createInstallReq(pkgApp);
795 Api::install(pkgAppReq);
796 InstallRequest targetReq = createInstallReq(target);
797 Api::install(targetReq);
799 SharingRequest share1;
800 std::string sharedPath = owner.getSharedPath();
801 share1.setOwnerAppId(owner.getAppId());
802 share1.setTargetAppId(target.getAppId());
803 const char *path[] = {sharedPath.c_str()};
804 share1.addPaths(path, 1);
805 Api::applySharing(share1);
807 TestSecurityManagerDatabase db;
808 std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
809 RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
811 check_system_access(pathLabel1);
812 check_owner_access(owner.generateAppLabel(), pathLabel1);
813 check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
814 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
815 check_path_label(sharedPath, pathLabel1);
817 Api::uninstall(targetReq);
819 check_system_access(pathLabel1, false);
820 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
821 check_owner_access(pkgApp.generateAppLabel(), pathLabel1, false);
822 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
823 check_path_label(sharedPath, owner.generatePkgLabel());
825 Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
827 Api::uninstall(ownerReq);
828 Api::uninstall(pkgAppReq);
831 RUNNER_TEST(security_manager_37_pkg_double_share_target_uninstall) {
832 std::vector<AppInstallHelper> helper {{"app37a", "pkg1"}, {"app37b", "pkg1"}, {"app37c", "pkg2"}};
833 auto &owner = helper[0];
834 auto &pkgApp = helper[1];
835 auto &target = helper[2];
837 for (auto &e : helper) {
839 e.createInstallDir();
842 owner.createPrivateDir();
843 owner.createSharedFile();
844 clearLabels(owner.getInstallDir());
846 InstallRequest ownerReq = createInstallReq(owner,
847 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
848 Api::install(ownerReq);
850 InstallRequest pkgAppReq = createInstallReq(pkgApp);
851 Api::install(pkgAppReq);
852 InstallRequest targetReq = createInstallReq(target);
853 Api::install(targetReq);
855 SharingRequest share1;
856 std::string sharedPath = owner.getSharedPath();
857 share1.setOwnerAppId(owner.getAppId());
858 share1.setTargetAppId(target.getAppId());
859 const char *path[] = {sharedPath.c_str()};
860 share1.addPaths(path, 1);
861 Api::applySharing(share1);
863 TestSecurityManagerDatabase db;
864 std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
865 RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
867 check_system_access(pathLabel1);
868 check_owner_access(owner.generateAppLabel(), pathLabel1);
869 check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
870 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
871 check_path_label(sharedPath, pathLabel1);
873 Api::applySharing(share1);
875 check_system_access(pathLabel1);
876 check_owner_access(owner.generateAppLabel(), pathLabel1);
877 check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
878 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
879 check_path_label(sharedPath, pathLabel1);
881 Api::uninstall(targetReq);
883 check_system_access(pathLabel1, false);
884 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
885 check_owner_access(pkgApp.generateAppLabel(), pathLabel1, false);
886 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
887 check_path_label(sharedPath, owner.generatePkgLabel());
889 Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
891 Api::uninstall(ownerReq);
892 Api::uninstall(pkgAppReq);
895 RUNNER_TEST(security_manager_37_pkg_double_share_owner_uninstall) {
896 std::vector<AppInstallHelper> helper {{"app37aa", "pkg1"}, {"app37bb", "pkg1"}, {"app37cc", "pkg2"}};
897 auto &owner = helper[0];
898 auto &pkgApp = helper[1];
899 auto &target = helper[2];
901 for (auto &e : helper) {
903 e.createInstallDir();
906 owner.createPrivateDir();
907 owner.createSharedFile();
908 clearLabels(owner.getInstallDir());
910 InstallRequest ownerReq = createInstallReq(owner,
911 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
912 Api::install(ownerReq);
914 InstallRequest pkgAppReq = createInstallReq(pkgApp);
915 Api::install(pkgAppReq);
916 InstallRequest targetReq = createInstallReq(target);
917 Api::install(targetReq);
919 SharingRequest share1;
920 std::string sharedPath = owner.getSharedPath();
921 share1.setOwnerAppId(owner.getAppId());
922 share1.setTargetAppId(target.getAppId());
923 const char *path[] = {sharedPath.c_str()};
924 share1.addPaths(path, 1);
925 Api::applySharing(share1);
927 TestSecurityManagerDatabase db;
928 std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
929 RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
931 check_system_access(pathLabel1);
932 check_owner_access(owner.generateAppLabel(), pathLabel1);
933 check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
934 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
935 check_path_label(sharedPath, pathLabel1);
937 Api::applySharing(share1);
939 check_system_access(pathLabel1);
940 check_owner_access(owner.generateAppLabel(), pathLabel1);
941 check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
942 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
943 check_path_label(sharedPath, pathLabel1);
946 Api::uninstall(ownerReq);
948 check_system_access(pathLabel1, false);
949 check_owner_access(owner.generateAppLabel(), pathLabel1, false);
950 check_owner_access(pkgApp.generateAppLabel(), pathLabel1, false);
951 check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
953 Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
955 Api::uninstall(targetReq);
956 Api::uninstall(pkgAppReq);
959 RUNNER_TEST(security_manager_38_share_one_with_two_uninstall_target)
961 std::vector<AppInstallHelper> helper {{"app38a"}, {"app38b"}, {"app38c"}};
962 auto &owner = helper[0];
963 auto &target1 = helper[1];
964 auto &target2 = helper[2];
967 for (auto &e : helper) {
969 e.createInstallDir();
971 owner.createPrivateDir();
972 owner.createSharedFile();
973 clearLabels(owner.getInstallDir());
975 InstallRequest ownerReq = createInstallReq(owner,
976 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
977 Api::install(ownerReq);
980 InstallRequest targetReq1 = createInstallReq(target1);
981 Api::install(targetReq1);
982 InstallRequest targetReq2 = createInstallReq(target2);
983 Api::install(targetReq2);
985 SharingRequest share1, share2;
986 std::string sharedPath = owner.getSharedPath(0).c_str();
987 share1.setOwnerAppId(owner.getAppId());
988 share2.setOwnerAppId(owner.getAppId());
989 share1.setTargetAppId(target1.getAppId());
990 share2.setTargetAppId(target2.getAppId());
992 const char *path[] = {sharedPath.c_str()};
993 share1.addPaths(path, 1);
994 share2.addPaths(path, 1);
996 Api::applySharing(share1);
997 TestSecurityManagerDatabase db;
998 std::string pathLabel = db.get_path_label(sharedPath.c_str());
999 RUNNER_ASSERT_MSG(!pathLabel.empty(), "Couldn't fetch path label from database for file " << sharedPath);
1001 check_system_access(pathLabel);
1002 check_owner_access(owner.generateAppLabel(), pathLabel);
1003 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
1004 check_path_label(sharedPath, pathLabel);
1006 Api::applySharing(share2);
1007 check_system_access(pathLabel);
1008 check_owner_access(owner.generateAppLabel(), pathLabel);
1009 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
1010 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
1011 check_path_label(sharedPath, pathLabel);
1013 Api::uninstall(targetReq1);
1014 check_system_access(pathLabel);
1015 check_owner_access(owner.generateAppLabel(), pathLabel);
1016 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
1017 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
1018 check_path_label(sharedPath, pathLabel);
1020 Api::dropSharing(share2);
1021 check_system_access(pathLabel, false);
1022 check_owner_access(owner.generateAppLabel(), pathLabel, false);
1023 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
1024 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel, false, false);
1025 check_path_label(sharedPath, owner.generatePkgLabel());
1027 Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
1028 Api::uninstall(ownerReq);
1029 Api::uninstall(targetReq2);
1032 RUNNER_TEST(security_manager_38_share_one_with_two_uninstall_owner)
1034 std::vector<AppInstallHelper> helper {{"app38aa"}, {"app38bb"}, {"app38cc"}};
1035 auto &owner = helper[0];
1036 auto &target1 = helper[1];
1037 auto &target2 = helper[2];
1040 for (auto &e : helper) {
1042 e.createInstallDir();
1044 owner.createPrivateDir();
1045 owner.createSharedFile();
1046 clearLabels(owner.getInstallDir());
1048 InstallRequest ownerReq = createInstallReq(owner,
1049 {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
1050 Api::install(ownerReq);
1053 InstallRequest targetReq1 = createInstallReq(target1);
1054 Api::install(targetReq1);
1055 InstallRequest targetReq2 = createInstallReq(target2);
1056 Api::install(targetReq2);
1058 SharingRequest share1, share2;
1059 std::string sharedPath = owner.getSharedPath(0).c_str();
1060 share1.setOwnerAppId(owner.getAppId());
1061 share2.setOwnerAppId(owner.getAppId());
1062 share1.setTargetAppId(target1.getAppId());
1063 share2.setTargetAppId(target2.getAppId());
1065 const char *path[] = {sharedPath.c_str()};
1066 share1.addPaths(path, 1);
1067 share2.addPaths(path, 1);
1069 Api::applySharing(share1);
1070 TestSecurityManagerDatabase db;
1071 std::string pathLabel = db.get_path_label(sharedPath.c_str());
1072 RUNNER_ASSERT_MSG(!pathLabel.empty(), "Couldn't fetch path label from database for file " << sharedPath);
1074 check_system_access(pathLabel);
1075 check_owner_access(owner.generateAppLabel(), pathLabel);
1076 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
1077 check_path_label(sharedPath, pathLabel);
1079 Api::applySharing(share2);
1080 check_system_access(pathLabel);
1081 check_owner_access(owner.generateAppLabel(), pathLabel);
1082 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
1083 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
1084 check_path_label(sharedPath, pathLabel);
1086 owner.removePaths();
1087 Api::uninstall(ownerReq);
1088 check_system_access(pathLabel, false);
1089 check_owner_access(owner.generateAppLabel(), pathLabel,false);
1090 check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
1091 check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel, false, false);
1093 Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
1094 Api::dropSharing(share2, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
1095 Api::uninstall(targetReq1);
1096 Api::uninstall(targetReq2);