2 * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <app_install_helper.h>
20 #include <dpl/test/test_runner.h>
21 #include <label_generator.h>
22 #include <scoped_installer.h>
24 #include <sm_commons.h>
25 #include <temp_test_user.h>
26 #include <tests_common.h>
27 #include <tzplatform.h>
29 using namespace SecurityManagerTest;
31 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_REGISTER_PATH)
33 RUNNER_TEST(security_manager_54_path_req_no_pkg)
35 TemporaryTestUser user("sm_test_54_user_name", GUM_USERTYPE_NORMAL, false);
38 AppInstallHelper app("sm_test_54", user.getUid());
39 app.createPrivateDir();
42 req.setPkgId("non-existing-pkg-id");
43 req.setUid(user.getUid());
44 req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
46 Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
49 RUNNER_TEST(security_manager_55_path_req_empty_pkg)
51 TemporaryTestUser user("sm_test_55_user_name", GUM_USERTYPE_NORMAL, false);
53 AppInstallHelper app("sm_test_55", user.getUid());
54 app.createPrivateDir();
58 req.setUid(user.getUid());
59 req.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
61 Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
64 RUNNER_TEST(security_manager_56_path_req_wrong_type)
67 req.setInstallType(SM_APP_INSTALL_END,
68 (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
69 req.setInstallType((app_install_type)(SM_APP_INSTALL_NONE-1),
70 (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
73 RUNNER_TEST(security_manager_57_path_req_wrong_uid)
75 TemporaryTestUser user("sm_test_57_user_name", GUM_USERTYPE_NORMAL, false);
78 AppInstallHelper app("sm_test_57", user.getUid());
79 ScopedInstaller appInstall(app);
81 app.createPrivateDir();
83 preq.setPkgId(app.getPkgId());
85 preq.setInstallType(SM_APP_INSTALL_LOCAL);
86 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
88 // Not sure why this shouldn't be invalid param
89 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_UNKNOWN);
92 RUNNER_TEST(security_manager_58_path_req_empty_paths)
94 TemporaryTestUser user("sm_test_58_user_name", GUM_USERTYPE_NORMAL, false);
96 AppInstallHelper app("sm_test_58", user.getUid());
99 req.setPkgId(app.getPkgId());
100 req.setUid(user.getUid());
101 Api::registerPaths(req);
104 RUNNER_TEST(security_manager_59_path_req_as_root_positive)
106 TemporaryTestUser user("sm_test_59_user_name", GUM_USERTYPE_NORMAL, false);
109 AppInstallHelper app("sm_test_59", user.getUid());
110 ScopedInstaller appInstall(app);
112 app.createPrivateDir();
114 preq.setPkgId(app.getPkgId());
115 preq.setUid(user.getUid());
116 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
118 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
121 RUNNER_TEST(security_manager_59a_path_req_as_root_positive_realpath_check)
123 TemporaryTestUser user("sm_test_59a_user_name", GUM_USERTYPE_NORMAL);
126 AppInstallHelper app("sm_test_59a", user.getUid());
127 ScopedInstaller appInstall(app);
129 app.createPrivateDir();
131 preq.setPkgId(app.getPkgId());
132 preq.setUid(user.getUid());
133 std::string privPath = "/opt/.././" + app.getPrivateDir();
134 size_t pos = privPath.find_last_of("/");
135 std::string lastElem = privPath.substr(pos + 1);
137 preq.addPath(privPath + "/../" + lastElem, SECURITY_MANAGER_PATH_RW);
139 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
142 RUNNER_CHILD_TEST(security_manager_60_path_req_as_user_positive)
144 TemporaryTestUser user("sm_test_60_user_name", GUM_USERTYPE_NORMAL, false);
147 AppInstallHelper app("sm_test_60", user.getUid());
148 ScopedInstaller appInstall(app);
150 RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
151 "drop_root_privileges failed");
152 app.createPrivateDir();
154 preq.setPkgId(app.getPkgId());
155 preq.setUid(user.getUid());
156 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
158 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
161 RUNNER_CHILD_TEST(security_manager_60a_path_req_as_user_positive_realpath_check)
163 TemporaryTestUser user("sm_test_60a_user_name", GUM_USERTYPE_NORMAL);
166 AppInstallHelper app("sm_test_60a", user.getUid());
167 ScopedInstaller appInstall(app);
169 RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
170 "drop_root_privileges failed");
172 app.createPrivateDir();
174 preq.setPkgId(app.getPkgId());
175 preq.setUid(user.getUid());
176 std::string privPath = "/opt/.././" + app.getPrivateDir();
177 size_t pos = privPath.find_last_of("/");
178 std::string lastElem = privPath.substr(pos + 1);
180 preq.addPath(privPath + "/../" + lastElem, SECURITY_MANAGER_PATH_RW);
182 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
185 RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
187 TemporaryTestUser user1("sm_test_61_1_user_name", GUM_USERTYPE_NORMAL, false);
189 TemporaryTestUser user2("sm_test_61_2_user_name", GUM_USERTYPE_NORMAL, false);
192 AppInstallHelper app("sm_test_61", user2.getUid());
193 ScopedInstaller appInstall(app);
195 app.createPrivateDir();
198 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
199 if (pid == 0) { // child
200 RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user1.getUid(), user1.getGid()) == 0,
201 "drop_root_privileges failed");
204 preq.setPkgId(app.getPkgId());
205 preq.setUid(user2.getUid());
206 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
208 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
214 static void checkOutsidePath(const std::string& pkgId, uid_t uid, const std::string& path)
217 preq.setPkgId(pkgId);
219 preq.addPath(path, SECURITY_MANAGER_PATH_RW);
221 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
224 RUNNER_TEST(security_manager_62_path_req_path_outside)
226 TemporaryTestUser user1("sm_test_62_1_user_name", GUM_USERTYPE_NORMAL, false);
228 TemporaryTestUser user2("sm_test_62_2_user_name", GUM_USERTYPE_NORMAL, false);
231 AppInstallHelper app("sm_test_62", user1.getUid());
232 AppInstallHelper differentUserApp("sm_test_62", user2.getUid());
233 AppInstallHelper unknownApp("sm_test_62_unknown", user1.getUid());
235 ScopedInstaller appInstall(app);
237 checkOutsidePath(app.getPkgId(), app.getUID(), unknownApp.getPrivateDir());
238 checkOutsidePath(app.getPkgId(), app.getUID(), differentUserApp.getPrivateDir());
239 checkOutsidePath(app.getPkgId(), app.getUID(), std::string("/home/") + user1.getUserName());
242 RUNNER_CHILD_TEST(security_manager_63a_path_req_as_user)
244 TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
247 AppInstallHelper app("sm_test_63", user.getUid());
248 ScopedInstaller appInstall(app);
250 app.createPrivateDir();
252 int result = drop_root_privileges(user.getUid(), user.getGid());
253 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
256 preq.setPkgId(app.getPkgId());
257 preq.setUid(app.getUID());
258 preq.setInstallType(SM_APP_INSTALL_GLOBAL);
259 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
261 Api::registerPaths(preq, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
264 RUNNER_CHILD_TEST(security_manager_63b_path_req_preloaded_as_user)
266 TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
269 AppInstallHelper app("sm_test_63", user.getUid());
270 ScopedInstaller appInstall(app);
272 app.createPrivateDir();
274 int result = drop_root_privileges(user.getUid(), user.getGid());
275 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
278 preq.setPkgId(app.getPkgId());
279 preq.setUid(app.getUID());
280 preq.setInstallType(SM_APP_INSTALL_PRELOADED);
281 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
283 Api::registerPaths(preq, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
286 RUNNER_TEST(security_manager_64a_path_req_as_local_as_root)
288 TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
291 AppInstallHelper app("sm_test_64", user.getUid());
292 ScopedInstaller appInstall(app);
294 app.createPrivateDir();
297 preq.setPkgId(app.getPkgId());
298 preq.setUid(app.getUID());
299 preq.setInstallType(SM_APP_INSTALL_LOCAL);
300 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
302 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
305 RUNNER_CHILD_TEST(security_manager_64b_path_req_as_local_as_global_user)
307 TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
310 AppInstallHelper app("sm_test_64", user.getUid());
311 ScopedInstaller appInstall(app);
313 app.createPrivateDir();
315 RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(TzPlatformConfig::getGlobalUserId(),
316 TzPlatformConfig::getGlobalGroupId()) == 0,
317 "drop_root_privileges failed");
320 preq.setPkgId(app.getPkgId());
321 preq.setUid(app.getUID());
322 preq.setInstallType(SM_APP_INSTALL_LOCAL);
323 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
325 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
328 RUNNER_TEST(security_manager_66_path_req_check_labels)
330 AppInstallHelper app("sm_test_66");
332 ScopedInstaller appInstall(app);
334 app.createPrivateDir();
335 app.createPrivateRODir();
336 app.createPublicDir();
337 app.createSharedRODir();
340 preq.setPkgId(app.getPkgId());
341 preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
342 preq.addPath(app.getPrivateRODir(), SECURITY_MANAGER_PATH_RO);
343 preq.addPath(app.getPublicDir(), SECURITY_MANAGER_PATH_PUBLIC_RO);
344 preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
345 Api::registerPaths(preq);
347 check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
348 check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
349 check_path(app.getPublicDir(), getPublicPathLabel());
350 check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
353 RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
355 TemporaryTestUser user("sm_test_67_user_name", GUM_USERTYPE_NORMAL, false);
358 AppInstallHelper app("sm_test_67", user.getUid());
359 app.setVersion("3.0");
360 ScopedInstaller appInstall(app);
362 app.createSharedRODir();
365 preq.setPkgId(app.getPkgId());
366 preq.setUid(app.getUID());
367 preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
369 Api::registerPaths(preq);
370 check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
373 RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
375 TemporaryTestUser user("sm_test_68_user_name", GUM_USERTYPE_NORMAL, false);
378 AppInstallHelper app("sm_test_68", user.getUid());
379 app.setVersion("2.4");
380 ScopedInstaller appInstall(app);
382 app.createSharedRODir();
385 preq.setPkgId(app.getPkgId());
386 preq.setUid(app.getUID());
387 preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
389 Api::registerPaths(preq);
390 check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
393 RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)
395 TemporaryTestUser user("sm_test_69_user_name", GUM_USERTYPE_NORMAL, false);
398 AppInstallHelper app("sm_test_69", user.getUid());
399 ScopedInstaller appInstall(app);
401 app.createTrustedDir();
404 preq.setPkgId(app.getPkgId());
405 preq.setUid(app.getUID());
406 preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
408 Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
411 RUNNER_TEST(security_manager_70_path_req_trusted_rw_positive)
413 TemporaryTestUser user("sm_test_70_user_name", GUM_USERTYPE_NORMAL, false);
416 AppInstallHelper app("sm_test_70", user.getUid());
417 app.setAuthor("sm_test_70_author");
418 ScopedInstaller appInstall(app);
420 app.createTrustedDir();
423 preq.setPkgId(app.getPkgId());
424 preq.setUid(app.getUID());
425 preq.addPath(app.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
427 Api::registerPaths(preq);
429 // TODO: check labels, e.g. install second label with same author and compare them
430 //check_path(app.getTrustedDir(), generatePathTrustedLabel(authorDb));