2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 #include <unordered_map>
20 #include <sys/smack.h>
21 #include <sys/types.h>
24 #include <dpl/test/test_runner.h>
25 #include <sm_commons.h>
26 #include <tests_common.h>
27 #include <scoped_installer.h>
28 #include <scoped_path_remover.h>
30 using namespace SecurityManagerTest;
34 const uid_t OWNER_UID = 5001;
36 const std::vector<std::string> versions = {
41 typedef std::vector<std::pair<std::string, std::string>> VersionCombinations;
43 VersionCombinations makeVersionCombinations(const std::vector<std::string> &versions) {
44 VersionCombinations verCombs;
45 for (const auto &version1 : versions)
46 for (const auto &version2: versions)
47 verCombs.push_back({version1, version2});
51 const VersionCombinations versionCombinations = makeVersionCombinations(versions);
53 } //anonymous namespace
55 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_SHARED_RO)
58 * Check whether owner app have access to own sharedRO dir
60 RUNNER_CHILD_TEST(security_manager_76_owner_access)
62 for (const auto &version : versions) {
63 AppInstallHelper app("sm_test_76a", OWNER_UID, version);
64 app.createSharedRODir();
65 ScopedInstaller sharedROPkgApp(app);
67 runAccessTest(app, app.getSharedRODir(), R_OK|W_OK|X_OK);
72 * Check whether app without shared RO path has access to shared RO dir and
73 * no access to private directories of application from different package between
74 * different version combinations
76 RUNNER_CHILD_TEST(security_manager_77_owner_other_access_version_combinations)
78 for (const auto &version : versionCombinations) {
79 AppInstallHelper sharedApp("sm_test_77_shared", OWNER_UID, version.first);
80 sharedApp.createSharedRODir();
81 sharedApp.createPrivateDir();
82 ScopedInstaller sharedAppInstall(sharedApp);
84 AppInstallHelper nonSharedApp("sm_test_77_nonshared", OWNER_UID, version.second);
85 ScopedInstaller nonSharedAppInstall(nonSharedApp);
87 runAccessTest(sharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
88 runAccessTest(nonSharedApp, sharedApp.getPrivateDir(), 0);
89 runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|X_OK);
94 * Check whether app with shared RO dir has access to shared RO dir and no access to
95 * private paths of an application from different package between different version
98 RUNNER_CHILD_TEST(security_manager_78_another_pkg_shared_ro_have_ro_access_to_shared_ro)
100 for (const auto &version : versionCombinations) {
101 AppInstallHelper sharedApp1("sm_test_78_shared1", OWNER_UID, version.first);
102 sharedApp1.createSharedRODir();
103 sharedApp1.createPrivateDir();
104 ScopedInstaller sharedAppInstall1(sharedApp1);
106 AppInstallHelper sharedApp2("sm_test_78_shared2", OWNER_UID, version.second);
107 sharedApp2.createSharedRODir();
108 sharedApp2.createPrivateDir();
109 ScopedInstaller sharedApp2Install(sharedApp2);
111 runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), R_OK|X_OK);
112 runAccessTest(sharedApp1, sharedApp2.getSharedRODir(), R_OK|X_OK);
113 runAccessTest(sharedApp1, sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
114 runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
115 runAccessTest(sharedApp2, sharedApp1.getPrivateDir(), 0);
116 runAccessTest(sharedApp1, sharedApp2.getPrivateDir(), 0);
121 * Install two apps with shared RO dirs from one package and check accesses
122 * to shared RO dirs with different versions
124 RUNNER_CHILD_TEST(security_manager_79a_same_pkg_shared_ro_have_ro_access_to_shared_ro)
126 const std::string sharedPkgName = "sm_test_79a";
128 for (const auto &version : versions) {
129 AppInstallHelper sharedApp1("sm_test_79a_shared1", sharedPkgName, OWNER_UID, version);
130 sharedApp1.createSharedRODir();
131 ScopedInstaller sharedAppInstall1(sharedApp1);
133 AppInstallHelper sharedApp2("sm_test_79a_shared2", sharedPkgName, OWNER_UID, version);
134 sharedApp2.createSharedRODir();
135 ScopedInstaller sharedAppInstall2(sharedApp2);
137 runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
138 runAccessTest(sharedApp1, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
143 * Install two apps with and without shared RO dirs from one package and check accesses
144 * to shared RO dir with different versions
146 RUNNER_CHILD_TEST(security_manager_79b_same_pkg_shared_ro_have_ro_access_to_shared_ro)
148 const std::string sharedPkgName = "sm_test_79b";
150 for (const auto &version : versions) {
151 AppInstallHelper sharedApp("sm_test_79b_shared1", sharedPkgName, OWNER_UID, version);
152 sharedApp.createSharedRODir();
153 ScopedInstaller sharedAppInstall(sharedApp);
155 AppInstallHelper nonSharedApp("sm_test_79b_shared2", sharedPkgName, OWNER_UID, version);
156 ScopedInstaller nonSharedAppInstall(nonSharedApp);
158 runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
163 * Check whether sharedRO application from same pkg have proper access to private dir
164 * of other sharedRO app, then uninstall first app of sharedRO pkg application and check
165 * if access to second sharedRO remains.
167 RUNNER_CHILD_TEST(security_manager_80_same_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir)
169 std::string sharedPkgName = "sm_test_80";
170 for (const auto &version : versions) {
171 AppInstallHelper sharedApp1("sm_test_80_shared1", sharedPkgName, OWNER_UID, version);
172 sharedApp1.createPrivateDir(1);
173 sharedApp1.createSharedRODir(1);
174 ScopedInstaller sharedAppInstall1(sharedApp1);
176 AppInstallHelper sharedApp2("sm_test_80_shared2", sharedPkgName, OWNER_UID, version);
177 sharedApp2.createPrivateDir(2);
178 sharedApp2.createSharedRODir(2);
179 ScopedInstaller sharedAppInstall2(sharedApp2);
181 AppInstallHelper nonSharedApp("sm_test_80_nonshared", sharedPkgName, OWNER_UID, version);
182 ScopedInstaller nonSharedAppInstall(nonSharedApp);
184 runAccessTest(sharedApp2, sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
185 runAccessTest(sharedApp1, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
186 runAccessTest(nonSharedApp, sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
187 runAccessTest(nonSharedApp, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
189 sharedAppInstall1.uninstallApp();
191 runAccessTest(nonSharedApp, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
196 * Try to add valid sharedRO dir to an app and check all possible accesses to to it.
198 RUNNER_CHILD_TEST(security_manager_81_add_path_to_app_and_check_all)
200 for (const auto &version : versionCombinations) {
201 AppInstallHelper sharedApp("sm_test_83_shared1", OWNER_UID, version.first);
202 sharedApp.createPrivateDir();
203 sharedApp.createSharedRODir();
204 ScopedInstaller sharedAppInstall(sharedApp);
206 AppInstallHelper nonSharedApp("sm_test_83_nonshared", OWNER_UID, version.first);
207 ScopedInstaller nonSharedAppInstall(nonSharedApp);
209 AppInstallHelper sharedApp2("sm_test_83_shared2", OWNER_UID, version.second);
210 ScopedInstaller nonSharedAppInstall2(sharedApp2);
213 sharedApp2.createSharedRODir();
215 PathsRequest sharedRORequest;
216 sharedRORequest.setPkgId(sharedApp2.getPkgId());
217 sharedRORequest.addPath(sharedApp2.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
218 sharedRORequest.setUid(sharedApp2.getUID());
219 Api::registerPaths(sharedRORequest);
221 runAccessTest(sharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
222 runAccessTest(sharedApp, sharedApp.getPrivateDir(), R_OK|W_OK|X_OK);
224 runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
225 runAccessTest(sharedApp2, sharedApp.getSharedRODir(), R_OK|X_OK);
226 runAccessTest(sharedApp2, sharedApp.getPrivateDir(), 0);
228 runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|X_OK);
229 runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(), R_OK|X_OK);
230 runAccessTest(nonSharedApp, sharedApp.getPrivateDir(), 0);
235 * Try to add path which does not belong to an app and check if operation fails.
237 RUNNER_CHILD_TEST(security_manager_82_add_invalid_path_to_app_and_check_all)
239 for (const auto &version : versionCombinations) {
240 AppInstallHelper sharedApp("sm_test_84_shared", OWNER_UID, version.first);
241 sharedApp.createSharedRODir();
242 ScopedInstaller sharedAppInstall(sharedApp);
244 AppInstallHelper nonSharedApp("sm_test_84_nonshared", OWNER_UID, version.second);
245 ScopedInstaller nonSharedAppInstall(nonSharedApp);
247 PathsRequest sharedRORequest;
248 sharedRORequest.setPkgId(nonSharedApp.getPkgId());
249 sharedRORequest.addPath(sharedApp.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
250 sharedRORequest.setUid(nonSharedApp.getUID());
251 Api::registerPaths(sharedRORequest, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
256 * Install and uninstall app and check accesses to uninstalled paths from other packages.
258 RUNNER_CHILD_TEST(security_manager_83_install_uninstall_shared_ro_app_and_check_cleaning)
260 for (const auto &verComb : versionCombinations) {
261 AppInstallHelper sharedApp1("sm_test_85_shared1", OWNER_UID, verComb.first);
262 sharedApp1.createSharedRODir();
263 ScopedInstaller sharedAppInstall1(sharedApp1);
265 AppInstallHelper sharedApp2("sm_test_85_shared2", OWNER_UID, verComb.second);
266 sharedApp2.createSharedRODir();
267 ScopedInstaller sharedAppInstall2(sharedApp2);
269 AppInstallHelper nonSharedApp("sm_test_85_nonshared", OWNER_UID, verComb.second);
270 ScopedInstaller nonSharedAppInstall(nonSharedApp);
272 sharedAppInstall1.uninstallApp();
274 runAccessTest(nonSharedApp, sharedApp1.getSharedRODir(), 0);
275 runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), 0);
277 runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(), R_OK|X_OK);
278 runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
283 * Install multiple SharedRO apps, uninstall one of them and check accesses
284 * to sharedRO path within one package.
286 RUNNER_CHILD_TEST(security_manager_84_install_uninstall_shared_ro_two_apps_in_one_pkg)
288 std::string sharedPkgName = "sm_test_86";
290 for (const auto &version : versionCombinations) {
291 AppInstallHelper nonSharedApp("sm_test_86_nonshared", OWNER_UID, version.first);
292 ScopedInstaller nonSharedAppInstall(nonSharedApp);
294 // Apps from the same package
295 AppInstallHelper sharedApp1("sm_test_86_shared1", sharedPkgName, OWNER_UID, version.second);
296 sharedApp1.createSharedRODir(1);
297 ScopedInstaller sharedAppInstall1(sharedApp1);
299 AppInstallHelper sharedApp2("sm_test_86_shared2", sharedPkgName, OWNER_UID, version.second);
300 sharedApp2.createSharedRODir(2);
301 ScopedInstaller sharedAppInstall2(sharedApp2);
303 sharedAppInstall1.uninstallApp();
305 runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(2), R_OK|X_OK);
306 runAccessTest(sharedApp2, sharedApp2.getSharedRODir(2), R_OK|W_OK|X_OK);