projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'tizen' into yaca
[platform/core/test/security-tests.git] / src / security-manager-tests / test_cases_public_sharing.cpp
1 /*
2  * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16 #include <cstdint>
17 #include <fcntl.h>
18 #include <unordered_map>
19 #include <string>
20 #include <sys/smack.h>
21 #include <sys/types.h>
22 #include <unistd.h>
23
24 #include <dpl/test/test_runner.h>
25 #include <sm_commons.h>
26 #include <tests_common.h>
27 #include <scoped_installer.h>
28 #include <scoped_path_remover.h>
29
30 using namespace SecurityManagerTest;
31
32 namespace {
33
34 const uid_t OWNER_UID = 5001;
35
36 const std::vector<std::string> versions = {
37         "2.4",
38         "3.0"
39 };
40
41 typedef std::vector<std::pair<std::string, std::string>> VersionCombinations;
42
43 VersionCombinations makeVersionCombinations(const std::vector<std::string> &versions) {
44     VersionCombinations verCombs;
45     for (const auto &version1 : versions)
46         for (const auto &version2: versions)
47             verCombs.push_back({version1, version2});
48     return verCombs;
49 }
50
51 const VersionCombinations versionCombinations = makeVersionCombinations(versions);
52
53 } //anonymous namespace
54
55 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_SHARED_RO)
56
57 /**
58  * Check whether owner app have access to own sharedRO dir
59  */
60 RUNNER_CHILD_TEST(security_manager_76_owner_access)
61 {
62     for (const auto &version : versions) {
63         AppInstallHelper app("sm_test_76a", OWNER_UID, version);
64         app.createSharedRODir();
65         ScopedInstaller sharedROPkgApp(app);
66
67         runAccessTest(app, app.getSharedRODir(), R_OK|W_OK|X_OK);
68     }
69 }
70
71 /**
72  * Check whether app without shared RO path has access to shared RO dir and
73  * no access to private directories of application from different package between
74  * different version combinations
75  */
76 RUNNER_CHILD_TEST(security_manager_77_owner_other_access_version_combinations)
77 {
78     for (const auto &version : versionCombinations) {
79         AppInstallHelper sharedApp("sm_test_77_shared", OWNER_UID, version.first);
80         sharedApp.createSharedRODir();
81         sharedApp.createPrivateDir();
82         ScopedInstaller sharedAppInstall(sharedApp);
83
84         AppInstallHelper nonSharedApp("sm_test_77_nonshared", OWNER_UID, version.second);
85         ScopedInstaller nonSharedAppInstall(nonSharedApp);
86
87         runAccessTest(sharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
88         runAccessTest(nonSharedApp, sharedApp.getPrivateDir(), 0);
89         runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|X_OK);
90     }
91 }
92
93 /**
94  * Check whether app with shared RO dir has access to shared RO dir and no access to
95  * private paths of an application from different package between different version
96  * combinations
97  */
98 RUNNER_CHILD_TEST(security_manager_78_another_pkg_shared_ro_have_ro_access_to_shared_ro)
99 {
100     for (const auto &version : versionCombinations) {
101         AppInstallHelper sharedApp1("sm_test_78_shared1", OWNER_UID, version.first);
102         sharedApp1.createSharedRODir();
103         sharedApp1.createPrivateDir();
104         ScopedInstaller sharedAppInstall1(sharedApp1);
105
106         AppInstallHelper sharedApp2("sm_test_78_shared2", OWNER_UID, version.second);
107         sharedApp2.createSharedRODir();
108         sharedApp2.createPrivateDir();
109         ScopedInstaller sharedApp2Install(sharedApp2);
110
111         runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), R_OK|X_OK);
112         runAccessTest(sharedApp1, sharedApp2.getSharedRODir(), R_OK|X_OK);
113         runAccessTest(sharedApp1, sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
114         runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
115         runAccessTest(sharedApp2, sharedApp1.getPrivateDir(), 0);
116         runAccessTest(sharedApp1, sharedApp2.getPrivateDir(), 0);
117     }
118 }
119
120 /**
121  * Install two apps with shared RO dirs from one package and check accesses
122  * to shared RO dirs with different versions
123  */
124 RUNNER_CHILD_TEST(security_manager_79a_same_pkg_shared_ro_have_ro_access_to_shared_ro)
125 {
126     const std::string sharedPkgName = "sm_test_79a";
127
128     for (const auto &version : versions) {
129         AppInstallHelper sharedApp1("sm_test_79a_shared1", sharedPkgName, OWNER_UID, version);
130         sharedApp1.createSharedRODir();
131         ScopedInstaller sharedAppInstall1(sharedApp1);
132
133         AppInstallHelper sharedApp2("sm_test_79a_shared2", sharedPkgName, OWNER_UID, version);
134         sharedApp2.createSharedRODir();
135         ScopedInstaller sharedAppInstall2(sharedApp2);
136
137         runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
138         runAccessTest(sharedApp1, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
139     };
140 }
141
142 /**
143  * Install two apps with and without shared RO dirs from one package and check accesses
144  * to shared RO dir with different versions
145  */
146 RUNNER_CHILD_TEST(security_manager_79b_same_pkg_shared_ro_have_ro_access_to_shared_ro)
147 {
148     const std::string sharedPkgName = "sm_test_79b";
149
150     for (const auto &version : versions) {
151         AppInstallHelper sharedApp("sm_test_79b_shared1", sharedPkgName, OWNER_UID, version);
152         sharedApp.createSharedRODir();
153         ScopedInstaller sharedAppInstall(sharedApp);
154
155         AppInstallHelper nonSharedApp("sm_test_79b_shared2", sharedPkgName, OWNER_UID, version);
156         ScopedInstaller nonSharedAppInstall(nonSharedApp);
157
158         runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
159     };
160 }
161
162 /**
163  * Check whether sharedRO application from same pkg have proper access to private dir
164  * of other sharedRO app, then uninstall first app of sharedRO pkg application and check
165  * if access to second sharedRO remains.
166  */
167 RUNNER_CHILD_TEST(security_manager_80_same_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir)
168 {
169     std::string sharedPkgName = "sm_test_80";
170     for (const auto &version : versions) {
171         AppInstallHelper sharedApp1("sm_test_80_shared1", sharedPkgName, OWNER_UID, version);
172         sharedApp1.createPrivateDir(1);
173         sharedApp1.createSharedRODir(1);
174         ScopedInstaller sharedAppInstall1(sharedApp1);
175
176         AppInstallHelper sharedApp2("sm_test_80_shared2", sharedPkgName, OWNER_UID, version);
177         sharedApp2.createPrivateDir(2);
178         sharedApp2.createSharedRODir(2);
179         ScopedInstaller sharedAppInstall2(sharedApp2);
180
181         AppInstallHelper nonSharedApp("sm_test_80_nonshared", sharedPkgName, OWNER_UID, version);
182         ScopedInstaller nonSharedAppInstall(nonSharedApp);
183
184         runAccessTest(sharedApp2, sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
185         runAccessTest(sharedApp1, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
186         runAccessTest(nonSharedApp, sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
187         runAccessTest(nonSharedApp, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
188
189         sharedAppInstall1.uninstallApp();
190
191         runAccessTest(nonSharedApp, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
192     }
193 }
194
195 /**
196  * Try to add valid sharedRO dir to an app and check all possible accesses to to it.
197  */
198 RUNNER_CHILD_TEST(security_manager_81_add_path_to_app_and_check_all)
199 {
200     for (const auto &version : versionCombinations) {
201         AppInstallHelper sharedApp("sm_test_83_shared1", OWNER_UID, version.first);
202         sharedApp.createPrivateDir();
203         sharedApp.createSharedRODir();
204         ScopedInstaller sharedAppInstall(sharedApp);
205
206         AppInstallHelper nonSharedApp("sm_test_83_nonshared", OWNER_UID, version.first);
207         ScopedInstaller nonSharedAppInstall(nonSharedApp);
208
209         AppInstallHelper sharedApp2("sm_test_83_shared2", OWNER_UID, version.second);
210         ScopedInstaller nonSharedAppInstall2(sharedApp2);
211
212         //Post install
213         sharedApp2.createSharedRODir();
214
215         PathsRequest sharedRORequest;
216         sharedRORequest.setPkgId(sharedApp2.getPkgId());
217         sharedRORequest.addPath(sharedApp2.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
218         sharedRORequest.setUid(sharedApp2.getUID());
219         Api::registerPaths(sharedRORequest);
220
221         runAccessTest(sharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
222         runAccessTest(sharedApp, sharedApp.getPrivateDir(), R_OK|W_OK|X_OK);
223
224         runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
225         runAccessTest(sharedApp2, sharedApp.getSharedRODir(), R_OK|X_OK);
226         runAccessTest(sharedApp2, sharedApp.getPrivateDir(), 0);
227
228         runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|X_OK);
229         runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(), R_OK|X_OK);
230         runAccessTest(nonSharedApp, sharedApp.getPrivateDir(), 0);
231     }
232 }
233
234 /**
235  * Try to add path which does not belong to an app and check if operation fails.
236  */
237 RUNNER_CHILD_TEST(security_manager_82_add_invalid_path_to_app_and_check_all)
238 {
239     for (const auto &version : versionCombinations) {
240         AppInstallHelper sharedApp("sm_test_84_shared", OWNER_UID, version.first);
241         sharedApp.createSharedRODir();
242         ScopedInstaller sharedAppInstall(sharedApp);
243
244         AppInstallHelper nonSharedApp("sm_test_84_nonshared", OWNER_UID, version.second);
245         ScopedInstaller nonSharedAppInstall(nonSharedApp);
246
247         PathsRequest sharedRORequest;
248         sharedRORequest.setPkgId(nonSharedApp.getPkgId());
249         sharedRORequest.addPath(sharedApp.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
250         sharedRORequest.setUid(nonSharedApp.getUID());
251         Api::registerPaths(sharedRORequest, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
252     }
253 }
254
255 /**
256  * Install and uninstall app and check accesses to uninstalled paths from other packages.
257  */
258 RUNNER_CHILD_TEST(security_manager_83_install_uninstall_shared_ro_app_and_check_cleaning)
259 {
260     for (const auto &verComb : versionCombinations) {
261         AppInstallHelper sharedApp1("sm_test_85_shared1", OWNER_UID, verComb.first);
262         sharedApp1.createSharedRODir();
263         ScopedInstaller sharedAppInstall1(sharedApp1);
264
265         AppInstallHelper sharedApp2("sm_test_85_shared2", OWNER_UID, verComb.second);
266         sharedApp2.createSharedRODir();
267         ScopedInstaller sharedAppInstall2(sharedApp2);
268
269         AppInstallHelper nonSharedApp("sm_test_85_nonshared", OWNER_UID, verComb.second);
270         ScopedInstaller nonSharedAppInstall(nonSharedApp);
271
272         sharedAppInstall1.uninstallApp();
273
274         runAccessTest(nonSharedApp, sharedApp1.getSharedRODir(), 0);
275         runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), 0);
276
277         runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(), R_OK|X_OK);
278         runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
279     }
280 }
281
282 /**
283  * Install multiple SharedRO apps, uninstall one of them and check accesses
284  * to sharedRO path within one package.
285  */
286 RUNNER_CHILD_TEST(security_manager_84_install_uninstall_shared_ro_two_apps_in_one_pkg)
287 {
288     std::string sharedPkgName = "sm_test_86";
289
290     for (const auto &version : versionCombinations) {
291         AppInstallHelper nonSharedApp("sm_test_86_nonshared", OWNER_UID, version.first);
292         ScopedInstaller nonSharedAppInstall(nonSharedApp);
293
294         // Apps from the same package
295         AppInstallHelper sharedApp1("sm_test_86_shared1", sharedPkgName, OWNER_UID, version.second);
296         sharedApp1.createSharedRODir(1);
297         ScopedInstaller sharedAppInstall1(sharedApp1);
298
299         AppInstallHelper sharedApp2("sm_test_86_shared2", sharedPkgName, OWNER_UID, version.second);
300         sharedApp2.createSharedRODir(2);
301         ScopedInstaller sharedAppInstall2(sharedApp2);
302
303         sharedAppInstall1.uninstallApp();
304
305         runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(2), R_OK|X_OK);
306         runAccessTest(sharedApp2, sharedApp2.getSharedRODir(2), R_OK|W_OK|X_OK);
307     }
308 }
Domain: Security / Uncategorized;