2 * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <app_install_helper.h>
20 #include <dpl/test/test_runner.h>
21 #include <label_generator.h>
22 #include <scoped_installer.h>
24 #include <sm_commons.h>
25 #include <temp_test_user.h>
26 #include <tests_common.h>
27 #include <tzplatform.h>
29 using namespace SecurityManagerTest;
31 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_REGISTER_PATH)
33 RUNNER_TEST(security_manager_54_path_req_no_pkg)
35 TemporaryTestUser user("sm_test_54_user_name", GUM_USERTYPE_NORMAL, false);
38 AppInstallHelper app("sm_test_54", user.getUid());
39 app.createPrivateDir();
42 req.setPkgId("non-existing-pkg-id");
43 req.setUid(user.getUid());
44 req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
46 Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
49 RUNNER_TEST(security_manager_55_path_req_empty_pkg)
51 TemporaryTestUser user("sm_test_55_user_name", GUM_USERTYPE_NORMAL, false);
53 AppInstallHelper app("sm_test_55", user.getUid());
54 app.createPrivateDir();
58 req.setUid(user.getUid());
59 req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
61 Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
64 RUNNER_TEST(security_manager_56_path_req_wrong_type)
67 req.setInstallType(SM_APP_INSTALL_END,
68 (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
69 req.setInstallType((app_install_type)(SM_APP_INSTALL_NONE-1),
70 (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
73 RUNNER_TEST(security_manager_57_path_req_wrong_uid)
75 TemporaryTestUser user("sm_test_57_user_name", GUM_USERTYPE_NORMAL, false);
78 AppInstallHelper app("sm_test_57", user.getUid());
79 ScopedInstaller appInstall(app);
81 app.createPrivateDir();
83 preq.setPkgId(app.getPkgId());
85 preq.setInstallType(SM_APP_INSTALL_LOCAL);
86 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
88 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
91 RUNNER_TEST(security_manager_58_path_req_empty_paths)
93 TemporaryTestUser user("sm_test_58_user_name", GUM_USERTYPE_NORMAL, false);
95 AppInstallHelper app("sm_test_58", user.getUid());
98 req.setPkgId(app.getPkgId());
99 req.setUid(user.getUid());
100 Api::registerPaths(req);
103 RUNNER_TEST(security_manager_59_path_req_as_root_positive)
105 TemporaryTestUser user("sm_test_59_user_name", GUM_USERTYPE_NORMAL, false);
108 AppInstallHelper app("sm_test_59", user.getUid());
109 ScopedInstaller appInstall(app);
111 app.createPrivateDir();
113 preq.setPkgId(app.getPkgId());
114 preq.setUid(user.getUid());
115 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
117 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
120 RUNNER_CHILD_TEST(security_manager_60_path_req_as_user_positive)
122 TemporaryTestUser user("sm_test_60_user_name", GUM_USERTYPE_NORMAL, false);
125 AppInstallHelper app("sm_test_60", user.getUid());
126 ScopedInstaller appInstall(app);
128 RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
129 "drop_root_privileges failed");
130 app.createPrivateDir();
132 preq.setPkgId(app.getPkgId());
133 preq.setUid(user.getUid());
134 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
136 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
139 RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
141 TemporaryTestUser user1("sm_test_61_1_user_name", GUM_USERTYPE_NORMAL, false);
143 TemporaryTestUser user2("sm_test_61_2_user_name", GUM_USERTYPE_NORMAL, false);
146 AppInstallHelper app("sm_test_61", user2.getUid());
147 ScopedInstaller appInstall(app);
149 app.createPrivateDir();
152 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
153 if (pid == 0) { // child
154 RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user1.getUid(), user1.getGid()) == 0,
155 "drop_root_privileges failed");
158 preq.setPkgId(app.getPkgId());
159 preq.setUid(user2.getUid());
160 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
162 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
168 static void checkOutsidePath(const std::string& pkgId, uid_t uid, const std::string& path)
171 preq.setPkgId(pkgId);
173 preq.addPath(path, SECURITY_MANAGER_PATH_RW);
175 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
178 RUNNER_TEST(security_manager_62_path_req_path_outside)
180 TemporaryTestUser user1("sm_test_62_1_user_name", GUM_USERTYPE_NORMAL, false);
182 TemporaryTestUser user2("sm_test_62_2_user_name", GUM_USERTYPE_NORMAL, false);
185 AppInstallHelper app("sm_test_62", user1.getUid());
186 AppInstallHelper differentUserApp("sm_test_62", user2.getUid());
187 AppInstallHelper unknownApp("sm_test_62_unknown", user1.getUid());
189 ScopedInstaller appInstall(app);
191 checkOutsidePath(app.getPkgId(), app.getUID(), unknownApp.getPrivateDir());
192 checkOutsidePath(app.getPkgId(), app.getUID(), differentUserApp.getPrivateDir());
193 checkOutsidePath(app.getPkgId(), app.getUID(), std::string("/home/") + user1.getUserName());
196 RUNNER_CHILD_TEST(security_manager_63a_path_req_as_user)
198 TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
201 AppInstallHelper app("sm_test_63", user.getUid());
202 ScopedInstaller appInstall(app);
204 app.createPrivateDir();
206 int result = drop_root_privileges(user.getUid(), user.getGid());
207 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
210 preq.setPkgId(app.getPkgId());
211 preq.setUid(app.getUID());
212 preq.setInstallType(SM_APP_INSTALL_GLOBAL);
213 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
215 Api::registerPaths(preq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
218 RUNNER_CHILD_TEST(security_manager_63b_path_req_preloaded_as_user)
220 TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
223 AppInstallHelper app("sm_test_63", user.getUid());
224 ScopedInstaller appInstall(app);
226 app.createPrivateDir();
228 int result = drop_root_privileges(user.getUid(), user.getGid());
229 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
232 preq.setPkgId(app.getPkgId());
233 preq.setUid(app.getUID());
234 preq.setInstallType(SM_APP_INSTALL_PRELOADED);
235 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
237 Api::registerPaths(preq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
240 RUNNER_TEST(security_manager_64a_path_req_as_local_as_root)
242 TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
245 AppInstallHelper app("sm_test_64", user.getUid());
246 ScopedInstaller appInstall(app);
248 app.createPrivateDir();
251 preq.setPkgId(app.getPkgId());
252 preq.setUid(app.getUID());
253 preq.setInstallType(SM_APP_INSTALL_LOCAL);
254 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
256 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
259 RUNNER_CHILD_TEST(security_manager_64b_path_req_as_local_as_global_user)
261 TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
264 AppInstallHelper app("sm_test_64", user.getUid());
265 ScopedInstaller appInstall(app);
267 app.createPrivateDir();
269 RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(TzPlatformConfig::getGlobalUserId(),
270 TzPlatformConfig::getGlobalGroupId()) == 0,
271 "drop_root_privileges failed");
274 preq.setPkgId(app.getPkgId());
275 preq.setUid(app.getUID());
276 preq.setInstallType(SM_APP_INSTALL_LOCAL);
277 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
279 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
282 RUNNER_TEST(security_manager_66_path_req_check_labels)
284 AppInstallHelper app("sm_test_66");
286 ScopedInstaller appInstall(app);
288 app.createPrivateDir();
289 app.createPrivateRODir();
290 app.createPublicDir();
291 app.createSharedRODir();
294 preq.setPkgId(app.getPkgId());
295 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
296 preq.addPath(app.getPrivateRODir(), SECURITY_MANAGER_PATH_RO);
297 preq.addPath(app.getPublicDir(), SECURITY_MANAGER_PATH_PUBLIC_RO);
298 preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
299 Api::registerPaths(preq);
301 check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
302 check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
303 check_path(app.getPublicDir(), getPublicPathLabel());
304 check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
307 RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
309 TemporaryTestUser user("sm_test_67_user_name", GUM_USERTYPE_NORMAL, false);
312 AppInstallHelper app("sm_test_67", user.getUid());
313 app.setVersion("3.0");
314 ScopedInstaller appInstall(app);
316 app.createSharedRODir();
319 preq.setPkgId(app.getPkgId());
320 preq.setUid(app.getUID());
321 preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
323 Api::registerPaths(preq);
324 check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
327 RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
329 TemporaryTestUser user("sm_test_68_user_name", GUM_USERTYPE_NORMAL, false);
332 AppInstallHelper app("sm_test_68", user.getUid());
333 app.setVersion("2.4");
334 ScopedInstaller appInstall(app);
336 app.createSharedRODir();
339 preq.setPkgId(app.getPkgId());
340 preq.setUid(app.getUID());
341 preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
343 Api::registerPaths(preq);
344 check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
347 RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)
349 TemporaryTestUser user("sm_test_69_user_name", GUM_USERTYPE_NORMAL, false);
352 AppInstallHelper app("sm_test_69", user.getUid());
353 ScopedInstaller appInstall(app);
355 app.createTrustedDir();
358 preq.setPkgId(app.getPkgId());
359 preq.setUid(app.getUID());
360 preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
362 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
365 RUNNER_TEST(security_manager_70_path_req_trusted_rw_positive)
367 TemporaryTestUser user("sm_test_70_user_name", GUM_USERTYPE_NORMAL, false);
370 AppInstallHelper app("sm_test_70", user.getUid());
371 app.setAuthor("sm_test_70_author");
372 ScopedInstaller appInstall(app);
374 app.createTrustedDir();
377 preq.setPkgId(app.getPkgId());
378 preq.setUid(app.getUID());
379 preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
381 Api::registerPaths(preq);
383 // TODO: check labels, e.g. install second label with same author and compare them
384 //check_path(app.getTrustedDir(), generatePathTrustedLabel(authorDb));