2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <sys/smack.h>
20 #include <sys/types.h>
23 #include <dpl/test/test_runner.h>
25 #include <sm_commons.h>
26 #include <sm_request.h>
27 #include <tests_common.h>
29 using namespace SecurityManagerTest;
32 const int sm_app_shared_test_id = 27;
33 const char *const sm_app_shared_id = "sm_test_27_app_id_full";
34 const char *const sm_app_shared_another_in_package_id = "sm_test_27_app_2_id_full";
35 const char *const sm_pkg_shared_id = "sm_test_27_pkg_id_full";
37 static const std::map<std::string, struct app_attributes> MANY_APPS_PKGS = {
38 {"security_manager_10_app_1", {"security_manager_10_pkg_1", "2.1"}},
39 {"security_manager_10_app_2", {"security_manager_10_pkg_2", "3.0"}},
40 {"security_manager_10_app_3", {"security_manager_10_pkg_3", "2.1.1"}},
41 {"security_manager_10_app_4", {"security_manager_10_pkg_4", "3.1"}},
42 {"security_manager_10_app_5", {"security_manager_10_pkg_5", "2.2"}}
45 void changeSecurityContext(const std::string& label, uid_t uid, gid_t gid)
47 RUNNER_ASSERT_ERRNO_MSG(0 == smack_set_label_for_self(label.c_str()),
48 "Error in smack_set_label_for_self(" << label << ")");
50 RUNNER_ASSERT_ERRNO_MSG(0 == setgid(gid), "Error in setgid.");
51 RUNNER_ASSERT_ERRNO_MSG(0 == setuid(uid), "Error in setuid.");
54 void test_success_worker(const std::string &appName, int test_num)
56 std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
58 changeSecurityContext(generateProcessLabel(appName), APP_UID, APP_GID);
60 RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1,
61 "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH );
64 void test_fail_worker(const std::string &appName, int test_num)
66 std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
68 changeSecurityContext(generateProcessLabel(appName), APP_UID, APP_GID);
70 RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1,
71 "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName
72 << " surprisingly succeeded, while expecting fail");
76 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PUBLIC_SHARING)
78 RUNNER_TEST(security_manager_27a_API2X_app_install)
80 std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
81 std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
82 std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
83 std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
84 prepare_app_env(sm_app_shared_test_id, true);
87 for(const auto &app : MANY_APPS_PKGS) {
88 InstallRequest requestInst;
89 requestInst.setAppId(app.first.c_str());
90 requestInst.setPkgId(app.second.package.c_str());
91 requestInst.setAppTizenVersion(app.second.Tizen_ver.c_str());
93 Api::install(requestInst);
98 InstallRequest requestInst;
99 requestInst.setAppId(sm_app_shared_id);
100 requestInst.setPkgId(sm_pkg_shared_id);
101 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
102 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
103 requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
104 requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
105 requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
106 requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
107 requestInst.setAppTizenVersion("2.4");
108 Api::install(requestInst);
111 // another app in package
113 InstallRequest requestInst;
114 requestInst.setAppId(sm_app_shared_another_in_package_id);
115 requestInst.setPkgId(sm_pkg_shared_id);
116 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
117 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
118 requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
119 requestInst.setAppTizenVersion("2.4");
120 Api::install(requestInst);
123 /* Check records in the security-manager database */
124 check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
125 SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
126 /* Check records in the security-manager database */
127 check_app_after_install(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
128 SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
130 /* TODO: add parameters to this function */
131 check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
133 RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
136 RUNNER_CHILD_TEST(security_manager_27b_owner_1_have_access)
138 test_success_worker(sm_app_shared_id, sm_app_shared_test_id);
141 RUNNER_CHILD_TEST(security_manager_27c_owner_2_have_access)
143 test_success_worker(sm_app_shared_another_in_package_id, sm_app_shared_test_id);
146 RUNNER_CHILD_TEST(security_manager_27d_API2X_apps_have_access_app_1)
148 test_success_worker("security_manager_10_app_1", sm_app_shared_test_id);
151 RUNNER_CHILD_TEST(security_manager_27e_API2X_apps_dont_have_access_app_2)
153 test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id);
156 RUNNER_CHILD_TEST(security_manager_27f_API2X_apps_have_access_app_3)
158 test_success_worker("security_manager_10_app_3", sm_app_shared_test_id);
161 RUNNER_CHILD_TEST(security_manager_27g_API2X_apps_dont_have_access_app_4)
163 test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id);
166 RUNNER_CHILD_TEST(security_manager_27h_API2X_apps_have_access_app_5)
168 test_success_worker("security_manager_10_app_5", sm_app_shared_test_id);
172 RUNNER_TEST(security_manager_27i_API2X_app_uninstall)
175 InstallRequest requestUninst;
176 requestUninst.setAppId(sm_app_shared_id);
177 Api::uninstall(requestUninst);
180 InstallRequest requestUninst;
181 requestUninst.setAppId(sm_app_shared_another_in_package_id);
182 Api::uninstall(requestUninst);
185 /* Check records in the security-manager database,
186 * all previously allowed privileges should be removed */
187 check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
188 SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
189 check_app_after_uninstall(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
190 SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
193 RUNNER_TEST(security_manager_27j_API30_app_install)
195 std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
196 std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
197 std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
198 std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
199 prepare_app_env(sm_app_shared_test_id, true);
202 InstallRequest requestInst;
203 requestInst.setAppId(sm_app_shared_id);
204 requestInst.setPkgId(sm_pkg_shared_id);
205 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
206 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
207 requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
208 requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
209 requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
210 requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
211 requestInst.setAppTizenVersion("3.0");
213 Api::install(requestInst);
215 /* Check records in the security-manager database */
216 check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
217 SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
219 /* TODO: add parameters to this function */
220 check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
222 RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
225 RUNNER_CHILD_TEST(security_manager_27k_API30_apps_dont_have_access_app_1)
227 test_fail_worker("security_manager_10_app_1", sm_app_shared_test_id);
230 RUNNER_CHILD_TEST(security_manager_27l_API30_apps_dont_have_access_app_2)
232 test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id);
235 RUNNER_CHILD_TEST(security_manager_27m_API30_apps_dont_have_access_app_3)
237 test_fail_worker("security_manager_10_app_3", sm_app_shared_test_id);
240 RUNNER_CHILD_TEST(security_manager_27n_API30_apps_dont_have_access_app_4)
242 test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id);
245 RUNNER_CHILD_TEST(security_manager_27o_API30_apps_dont_have_access_app_5)
247 test_fail_worker("security_manager_10_app_5", sm_app_shared_test_id);
250 RUNNER_TEST(security_manager_27p_API30_app_uninstall)
252 InstallRequest requestUninst;
253 requestUninst.setAppId(sm_app_shared_id);
255 Api::uninstall(requestUninst);
257 /* Check records in the security-manager database,
258 * all previously allowed privileges should be removed */
259 check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
260 SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
262 // install other apps
263 for(const auto &app : MANY_APPS_PKGS) {
264 InstallRequest requestUninst;
265 requestUninst.setAppId(app.first);
267 Api::uninstall(requestUninst);