2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <app_install_helper.h>
20 #include <dpl/test/test_runner.h>
21 #include <scoped_installer.h>
23 #include <sm_commons.h>
24 #include <temp_test_user.h>
25 #include <tests_common.h>
26 #include <tzplatform.h>
28 using namespace SecurityManagerTest;
30 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_REGISTER_PATH)
32 RUNNER_TEST(security_manager_54_path_req_no_pkg)
34 TemporaryTestUser user("sm_test_54_user_name", GUM_USERTYPE_NORMAL, false);
37 AppInstallHelper app("sm_test_54", user.getUid());
38 app.createPrivateDir();
41 req.setPkgId("non-existing-pkg-id");
42 req.setUid(user.getUid());
43 req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
45 Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
48 RUNNER_TEST(security_manager_55_path_req_empty_pkg)
50 TemporaryTestUser user("sm_test_55_user_name", GUM_USERTYPE_NORMAL, false);
52 AppInstallHelper app("sm_test_55", user.getUid());
53 app.createPrivateDir();
57 req.setUid(user.getUid());
58 req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
60 Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
63 RUNNER_TEST(security_manager_56_path_req_wrong_type)
66 req.setInstallType(SM_APP_INSTALL_END,
67 (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
68 req.setInstallType((app_install_type)(SM_APP_INSTALL_NONE-1),
69 (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
72 RUNNER_TEST(security_manager_57_path_req_wrong_uid)
74 TemporaryTestUser user("sm_test_57_user_name", GUM_USERTYPE_NORMAL, false);
77 AppInstallHelper app("sm_test_57", user.getUid());
78 ScopedInstaller appInstall(app);
80 app.createPrivateDir();
82 preq.setPkgId(app.getPkgId());
84 preq.setInstallType(SM_APP_INSTALL_LOCAL);
85 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
87 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
90 RUNNER_TEST(security_manager_58_path_req_empty_paths)
92 TemporaryTestUser user("sm_test_58_user_name", GUM_USERTYPE_NORMAL, false);
94 AppInstallHelper app("sm_test_58", user.getUid());
97 req.setPkgId(app.getPkgId());
98 req.setUid(user.getUid());
99 Api::registerPaths(req);
102 RUNNER_TEST(security_manager_59_path_req_as_root_positive)
104 TemporaryTestUser user("sm_test_59_user_name", GUM_USERTYPE_NORMAL, false);
107 AppInstallHelper app("sm_test_59", user.getUid());
108 ScopedInstaller appInstall(app);
110 app.createPrivateDir();
112 preq.setPkgId(app.getPkgId());
113 preq.setUid(user.getUid());
114 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
116 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
119 RUNNER_CHILD_TEST(security_manager_60_path_req_as_user_positive)
121 TemporaryTestUser user("sm_test_60_user_name", GUM_USERTYPE_NORMAL, false);
124 AppInstallHelper app("sm_test_60", user.getUid());
125 ScopedInstaller appInstall(app);
127 RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
128 "drop_root_privileges failed");
129 app.createPrivateDir();
131 preq.setPkgId(app.getPkgId());
132 preq.setUid(user.getUid());
133 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
135 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
138 RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
140 TemporaryTestUser user1("sm_test_61_1_user_name", GUM_USERTYPE_NORMAL, false);
142 TemporaryTestUser user2("sm_test_61_2_user_name", GUM_USERTYPE_NORMAL, false);
145 AppInstallHelper app("sm_test_61", user2.getUid());
146 ScopedInstaller appInstall(app);
148 app.createPrivateDir();
151 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
152 if (pid == 0) { // child
153 RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user1.getUid(), user1.getGid()) == 0,
154 "drop_root_privileges failed");
157 preq.setPkgId(app.getPkgId());
158 preq.setUid(user2.getUid());
159 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
161 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
167 static void checkOutsidePath(const std::string& pkgId, uid_t uid, const std::string& path)
170 preq.setPkgId(pkgId);
172 preq.addPath(path, SECURITY_MANAGER_PATH_RW);
174 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
177 RUNNER_TEST(security_manager_62_path_req_path_outside)
179 TemporaryTestUser user1("sm_test_62_1_user_name", GUM_USERTYPE_NORMAL, false);
181 TemporaryTestUser user2("sm_test_62_2_user_name", GUM_USERTYPE_NORMAL, false);
184 AppInstallHelper app("sm_test_62", user1.getUid());
185 AppInstallHelper differentUserApp("sm_test_62", user2.getUid());
186 AppInstallHelper unknownApp("sm_test_62_unknown", user1.getUid());
188 ScopedInstaller appInstall(app);
190 checkOutsidePath(app.getPkgId(), app.getUID(), unknownApp.getPrivateDir());
191 checkOutsidePath(app.getPkgId(), app.getUID(), differentUserApp.getPrivateDir());
192 checkOutsidePath(app.getPkgId(), app.getUID(), std::string("/home/") + user1.getUserName());
195 RUNNER_CHILD_TEST(security_manager_63a_path_req_as_user)
197 TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
200 AppInstallHelper app("sm_test_63", user.getUid());
201 ScopedInstaller appInstall(app);
203 app.createPrivateDir();
205 int result = drop_root_privileges(user.getUid(), user.getGid());
206 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
209 preq.setPkgId(app.getPkgId());
210 preq.setUid(app.getUID());
211 preq.setInstallType(SM_APP_INSTALL_GLOBAL);
212 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
214 Api::registerPaths(preq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
217 RUNNER_CHILD_TEST(security_manager_63b_path_req_preloaded_as_user)
219 TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
222 AppInstallHelper app("sm_test_63", user.getUid());
223 ScopedInstaller appInstall(app);
225 app.createPrivateDir();
227 int result = drop_root_privileges(user.getUid(), user.getGid());
228 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
231 preq.setPkgId(app.getPkgId());
232 preq.setUid(app.getUID());
233 preq.setInstallType(SM_APP_INSTALL_PRELOADED);
234 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
236 Api::registerPaths(preq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
239 RUNNER_TEST(security_manager_64a_path_req_as_local_as_root)
241 TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
244 AppInstallHelper app("sm_test_64", user.getUid());
245 ScopedInstaller appInstall(app);
247 app.createPrivateDir();
250 preq.setPkgId(app.getPkgId());
251 preq.setUid(app.getUID());
252 preq.setInstallType(SM_APP_INSTALL_LOCAL);
253 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
255 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
258 RUNNER_CHILD_TEST(security_manager_64b_path_req_as_local_as_global_user)
260 TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
263 AppInstallHelper app("sm_test_64", user.getUid());
264 ScopedInstaller appInstall(app);
266 app.createPrivateDir();
268 RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(TzPlatformConfig::getGlobalUserId(),
269 TzPlatformConfig::getGlobalGroupId()) == 0,
270 "drop_root_privileges failed");
273 preq.setPkgId(app.getPkgId());
274 preq.setUid(app.getUID());
275 preq.setInstallType(SM_APP_INSTALL_LOCAL);
276 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
278 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
281 RUNNER_TEST(security_manager_66_path_req_check_labels)
283 AppInstallHelper app("sm_test_66");
285 ScopedInstaller appInstall(app);
287 app.createPrivateDir();
288 app.createPrivateRODir();
289 app.createPublicDir();
290 app.createSharedRODir();
293 preq.setPkgId(app.getPkgId());
294 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
295 preq.addPath(app.getPrivateRODir(), SECURITY_MANAGER_PATH_RO);
296 preq.addPath(app.getPublicDir(), SECURITY_MANAGER_PATH_PUBLIC_RO);
297 preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
298 Api::registerPaths(preq);
300 check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
301 check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
302 check_path(app.getPublicDir(), getPublicPathLabel());
303 check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
306 RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
308 TemporaryTestUser user("sm_test_67_user_name", GUM_USERTYPE_NORMAL, false);
311 AppInstallHelper app("sm_test_67", user.getUid());
312 app.setVersion("3.0");
313 ScopedInstaller appInstall(app);
315 app.createSharedRODir();
318 preq.setPkgId(app.getPkgId());
319 preq.setUid(app.getUID());
320 preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
322 Api::registerPaths(preq);
323 check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
326 RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
328 TemporaryTestUser user("sm_test_68_user_name", GUM_USERTYPE_NORMAL, false);
331 AppInstallHelper app("sm_test_68", user.getUid());
332 app.setVersion("2.4");
333 ScopedInstaller appInstall(app);
335 app.createSharedRODir();
338 preq.setPkgId(app.getPkgId());
339 preq.setUid(app.getUID());
340 preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
342 Api::registerPaths(preq);
343 check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
346 RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)
348 TemporaryTestUser user("sm_test_69_user_name", GUM_USERTYPE_NORMAL, false);
351 AppInstallHelper app("sm_test_69", user.getUid());
352 ScopedInstaller appInstall(app);
354 app.createTrustedDir();
357 preq.setPkgId(app.getPkgId());
358 preq.setUid(app.getUID());
359 preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
361 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
364 RUNNER_TEST(security_manager_70_path_req_trusted_rw_positive)
366 TemporaryTestUser user("sm_test_70_user_name", GUM_USERTYPE_NORMAL, false);
369 AppInstallHelper app("sm_test_70", user.getUid());
370 app.setAuthor("sm_test_70_author");
371 ScopedInstaller appInstall(app);
373 app.createTrustedDir();
376 preq.setPkgId(app.getPkgId());
377 preq.setUid(app.getUID());
378 preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
380 Api::registerPaths(preq);
382 // TODO: check labels, e.g. install second label with same author and compare them
383 //check_path(app.getTrustedDir(), generatePathTrustedLabel(authorDb));