2 * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
21 #include <boost/filesystem.hpp>
23 #include <tzplatform_config.h>
25 #include <dpl/test/test_runner.h>
26 #include <dpl/test/test_runner_child.h>
28 #include <scoped_installer.h>
29 #include <scoped_app_launcher.h>
30 #include <temp_test_user.h>
31 #include <app_install_helper_ext.h>
32 #include <sm_policy_request.h>
33 #include <privilege_names.h>
34 #include <sm_commons.h>
35 #include <service_manager.h>
37 using namespace SecurityManagerTest;
38 using namespace PrivilegeNames;
42 namespace fs = boost::filesystem;
44 const uid_t OWNER_ID = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
46 const fs::path TEST_SETUP_PATH = SM_TEST_DIR "/smack-privileges";
47 const fs::path BACKUP_SETUP_PATH = TEST_SETUP_PATH / "backup";
49 constexpr char SM_POLICY_PATH[] = "/usr/share/security-manager/policy";
50 constexpr char SM_SMACK_PRIV_MAPPING_SUBDIR[] = "/privilege-mapping";
51 constexpr char SM_SMACK_PRIV_CONFIG[] = "privilege-smack.list";
53 void changePolicy(const AppInstallHelper& app, const std::string& priv, const std::string &level) {
54 PolicyRequest policyRequest;
55 PolicyEntry entry(app.getAppId(), std::to_string(app.getUID()), priv);
56 entry.setLevel(level);
57 policyRequest.addEntry(entry);
58 Api::sendPolicy(policyRequest);
61 const std::vector<AccessRequest> INTERNET_RULES = {
62 {"~PROCESS~", "System::Privilege::Internet", "w"},
63 {"System::Privilege::Internet", "~PROCESS~", "w"}
65 const std::vector<AccessRequest> CAMERA_RULES = {
66 {"~PROCESS~", "System::Privilege::Camera", "w"},
67 {"System::Privilege::Camera", "~PROCESS~", "w"}
69 const std::vector<AccessRequest> CAMERA_IGNORED_RULES = {
70 {"~PROCESS~", "System::TEF", "r"}
73 enum class SmackPrivSetup {
81 // This is to ensure that original security-manager policy is restored after the group is finished
82 class SmackPrivGroupEnv final : public DPL::Test::TestGroup {
84 class SmackPrivSetupMgr final {
87 m_currentSetup(SmackPrivSetup::ORIGINAL),
88 m_serviceManager("security-manager.service"),
89 m_setupMap({{ SmackPrivSetup::EMPTY, "empty" },
90 { SmackPrivSetup::INTERNET_ONLY, "internet-only" },
91 { SmackPrivSetup::MULTIPLE_PRIVS, "multiple-privs" },
92 { SmackPrivSetup::MALFORMED, "malformed" }})
95 SmackPrivSetupMgr(const SmackPrivSetupMgr&) = delete;
96 SmackPrivSetupMgr& operator=(const SmackPrivSetupMgr&) = delete;
100 if (m_currentSetup != SmackPrivSetup::ORIGINAL) {
102 copySetup(BACKUP_SETUP_PATH, SM_POLICY_PATH);
104 m_serviceManager.restartService();
106 RUNNER_ERROR_MSG("Unknown exception occurred during backup restore.");
111 void install(SmackPrivSetup setup)
113 if (setup == m_currentSetup)
117 if (m_currentSetup == SmackPrivSetup::ORIGINAL)
118 copySetup(SM_POLICY_PATH, BACKUP_SETUP_PATH);
120 copySetup(TEST_SETUP_PATH / m_setupMap.at(setup), SM_POLICY_PATH);
121 m_currentSetup = setup;
124 m_serviceManager.restartService();
128 void copySetup(const boost::filesystem::path& src, const boost::filesystem::path& dst)
130 const auto srcConfig = src / SM_SMACK_PRIV_CONFIG;
131 const auto dstConfig = dst / SM_SMACK_PRIV_CONFIG;
132 const auto srcMappingSubdir = src / SM_SMACK_PRIV_MAPPING_SUBDIR;
133 const auto dstMappingSubdir = dst / SM_SMACK_PRIV_MAPPING_SUBDIR;
136 fs::remove(dstConfig);
137 fs::remove_all(dstMappingSubdir);
140 if (fs::exists(srcConfig))
141 fs::copy_file(srcConfig, dstConfig);
143 if (fs::exists(srcMappingSubdir)) {
144 fs::create_directory(dstMappingSubdir);
145 for (const auto& e: fs::recursive_directory_iterator(srcMappingSubdir))
146 fs::copy(e.path(), dstMappingSubdir / fs::relative(e.path(), srcMappingSubdir));
150 SmackPrivSetup m_currentSetup;
151 ServiceManager m_serviceManager;
152 const std::map<SmackPrivSetup, std::string> m_setupMap;
155 static SmackPrivSetupMgr* m_setupMgr;
158 void Init() override {
161 m_setupMgr = new SmackPrivSetupMgr();
164 static void Install(SmackPrivSetup setup)
168 m_setupMgr->install(setup);
171 void Finish() override {
175 m_setupMgr = nullptr;
179 SmackPrivGroupEnv::SmackPrivSetupMgr* SmackPrivGroupEnv::m_setupMgr = nullptr;
181 template<SmackPrivSetup T>
185 void init(const std::string &) {
186 SmackPrivGroupEnv::Install(T);
191 typedef TestSetup<SmackPrivSetup::EMPTY> EmptySetup;
192 typedef TestSetup<SmackPrivSetup::INTERNET_ONLY> InternetOnlySetup;
193 typedef TestSetup<SmackPrivSetup::MULTIPLE_PRIVS> MultiplePrivsSetup;
194 typedef TestSetup<SmackPrivSetup::MALFORMED> MalformedSetup;
196 } // namespace anonymous
198 RUNNER_TEST_GROUP_INIT_ENV(SECURITY_MANAGER_SMACK_PRIVILEGES, SmackPrivGroupEnv)
200 RUNNER_CHILD_TEST(smack_privileges_10_no_privileges, InternetOnlySetup)
202 AppInstallHelperExt app("sm_test_sp_10_app");
204 ScopedInstaller appInstall(app);
205 app.checkAfterInstall();
206 app.checkDeniedPrivileges({PRIV_INTERNET});
207 app.checkSmackPrivileges({}, {PRIV_INTERNET});
208 app.checkSmackAccesses(CAMERA_RULES, false);
210 ScopedAppLauncher appLaunch(app);
211 app.checkSmackPrivileges({}, {PRIV_INTERNET});
212 app.checkSmackAccesses(CAMERA_RULES, false);
215 app.checkAfterUninstall();
218 RUNNER_CHILD_TEST(smack_privileges_20_internet_privilege, InternetOnlySetup)
220 AppInstallHelperExt app("sm_test_sp_20_app");
221 app.addPrivileges({PRIV_INTERNET, PRIV_CAMERA});
223 ScopedInstaller appInstall(app);
224 app.checkAfterInstall();
226 // rules absent before app is launched
227 app.checkSmackPrivileges({}, {PRIV_INTERNET});
228 app.checkSmackAccesses(CAMERA_RULES, false);
230 ScopedAppLauncher appLaunch(app);
231 app.checkSmackPrivileges({PRIV_INTERNET}, {});
232 app.checkSmackAccesses(CAMERA_RULES, false);
234 // rules present after app is terminated
235 app.checkSmackPrivileges({PRIV_INTERNET}, {});
237 app.checkAfterUninstall();
238 // rules removed after app uninstallation
239 app.checkSmackPrivileges({}, {PRIV_INTERNET});
242 RUNNER_CHILD_TEST(smack_privileges_30_one_after_another, InternetOnlySetup)
244 AppInstallHelperExt app("sm_test_sp_30_app");
245 app.addPrivileges({PRIV_INTERNET});
247 ScopedInstaller appInstall(app);
248 app.checkAfterInstall();
250 // rules absent before app is launched
251 app.checkSmackPrivileges({}, {PRIV_INTERNET});
253 ScopedAppLauncher appLaunch(app);
254 app.checkSmackPrivileges({PRIV_INTERNET}, {});
256 // rules present after app is terminated
257 app.checkSmackPrivileges({PRIV_INTERNET}, {});
260 ScopedAppLauncher appLaunch(app);
261 app.checkSmackPrivileges({PRIV_INTERNET}, {});
263 // rules present after app is terminated
264 app.checkSmackPrivileges({PRIV_INTERNET}, {});
266 app.checkAfterUninstall();
267 // rules removed after app uninstallation
268 app.checkSmackPrivileges({}, {PRIV_INTERNET});
271 RUNNER_CHILD_TEST(smack_privileges_40_different_users_one_after_another, InternetOnlySetup)
273 TemporaryTestUser testUser("sm_test_40_user_name", GUM_USERTYPE_NORMAL, true);
276 AppInstallHelperExt app("sm_test_sp_40_app");
277 app.addPrivileges({PRIV_INTERNET});
280 ScopedInstaller appInstall(app);
281 app.checkAfterInstall();
283 app.checkSmackPrivileges({}, {PRIV_INTERNET});
287 app.setUidGid(OWNER_ID);
288 ScopedAppLauncher appLaunch(app);
289 app.checkSmackPrivileges({PRIV_INTERNET}, {});
292 app.checkSmackPrivileges({PRIV_INTERNET}, {});
296 app.setUidGid(testUser.getUid());
297 ScopedAppLauncher appLaunch(app);
298 app.checkSmackPrivileges({PRIV_INTERNET}, {});
301 app.checkSmackPrivileges({PRIV_INTERNET}, {});
303 app.checkAfterUninstall();
304 app.checkSmackPrivileges({}, {PRIV_INTERNET});
307 RUNNER_CHILD_TEST(smack_privileges_50_same_user_simultaneously, InternetOnlySetup)
309 AppInstallHelperExt app("sm_test_sp_50_app", OWNER_ID);
310 app.addPrivileges({PRIV_INTERNET});
312 ScopedInstaller appInstall(app);
313 app.checkAfterInstall();
315 app.checkSmackPrivileges({}, {PRIV_INTERNET});
317 ScopedAppLauncher appLaunch1(app);
318 app.checkSmackPrivileges({PRIV_INTERNET}, {});
320 ScopedAppLauncher appLaunch2(app);
321 app.checkSmackPrivileges({PRIV_INTERNET}, {});
323 app.checkSmackPrivileges({PRIV_INTERNET}, {});
325 app.checkSmackPrivileges({PRIV_INTERNET}, {});
327 app.checkAfterUninstall();
328 app.checkSmackPrivileges({}, {PRIV_INTERNET});
331 RUNNER_CHILD_TEST(smack_privileges_60_same_user_interchangeably, InternetOnlySetup)
333 AppInstallHelperExt app("sm_test_sp_60_app", OWNER_ID);
334 app.addPrivileges({PRIV_INTERNET});
337 ScopedInstaller appInstall(app);
338 app.checkAfterInstall();
340 app.checkSmackPrivileges({}, {PRIV_INTERNET});
343 auto appLaunch1 = std::make_unique<ScopedAppLauncher>(app);
345 app.checkSmackPrivileges({PRIV_INTERNET}, {});
348 auto appLaunch2 = std::make_unique<ScopedAppLauncher>(app);
350 app.checkSmackPrivileges({PRIV_INTERNET}, {});
355 app.checkSmackPrivileges({PRIV_INTERNET}, {});
360 app.checkAfterUninstall();
361 app.checkSmackPrivileges({}, {PRIV_INTERNET});
364 RUNNER_CHILD_TEST(smack_privileges_70_different_users_simultaneously, InternetOnlySetup)
366 TemporaryTestUser testUser("sm_test_70_user_name", GUM_USERTYPE_NORMAL, true);
369 AppInstallHelperExt app("sm_test_sp_70_app");
370 app.addPrivileges({PRIV_INTERNET});
373 ScopedInstaller appInstall(app);
374 app.checkAfterInstall();
376 app.checkSmackPrivileges({}, {PRIV_INTERNET});
380 app.setUidGid(OWNER_ID);
381 ScopedAppLauncher appLaunch(app);
382 app.checkSmackPrivileges({PRIV_INTERNET}, {});
386 app.setUidGid(testUser.getUid());
387 ScopedAppLauncher appLaunch(app);
389 // multiuser detected -> rules removed
390 app.checkSmackPrivileges({}, {PRIV_INTERNET});
392 app.checkSmackPrivileges({}, {PRIV_INTERNET});
394 app.checkSmackPrivileges({}, {PRIV_INTERNET});
398 app.setUidGid(OWNER_ID);
399 ScopedAppLauncher appLaunch(app);
402 app.checkSmackPrivileges({PRIV_INTERNET}, {});
405 app.checkAfterUninstall();
406 app.checkSmackPrivileges({}, {PRIV_INTERNET});
409 RUNNER_CHILD_TEST(smack_privileges_80_uninstall_local_while_running, InternetOnlySetup)
411 AppInstallHelperExt app("sm_test_sp_80_app");
412 app.addPrivileges({PRIV_INTERNET});
415 ScopedInstaller appInstall1(app);
416 app.checkAfterInstall();
418 app.checkSmackPrivileges({}, {PRIV_INTERNET});
421 AppInstallHelperExt app2("sm_test_sp_80_app", OWNER_ID);
422 auto appInstall2 = std::make_unique<ScopedInstaller>(app2);
423 app2.checkAfterInstall();
426 ScopedAppLauncher appLaunch(app);
427 app.checkSmackPrivileges({PRIV_INTERNET}, {});
432 app.checkSmackPrivileges({PRIV_INTERNET}, {});
434 app.checkAfterUninstall();
435 app.checkSmackPrivileges({}, {PRIV_INTERNET});
438 RUNNER_CHILD_TEST(smack_privileges_90_user_removal, InternetOnlySetup)
440 TemporaryTestUser testUser("sm_test_90_user_name", GUM_USERTYPE_NORMAL, true);
443 AppInstallHelperExt app("sm_test_sp_90_app", testUser.getUid());
444 app.addPrivileges({PRIV_INTERNET});
447 ScopedInstaller appInstall(app);
448 app.checkAfterInstall();
450 app.checkSmackPrivileges({}, {PRIV_INTERNET});
454 ScopedAppLauncher appLaunch(app);
455 app.checkSmackPrivileges({PRIV_INTERNET}, {});
458 app.checkSmackPrivileges({PRIV_INTERNET}, {});
463 app.checkAfterUninstall();
464 app.checkSmackPrivileges({}, {PRIV_INTERNET});
468 RUNNER_CHILD_TEST(smack_privileges_100_hybrid_app, InternetOnlySetup)
470 AppInstallHelperExt app("sm_test_sp_100_app");
471 app.addPrivileges({PRIV_INTERNET});
474 ScopedInstaller appInstall(app);
475 app.checkAfterInstall();
477 app.checkSmackPrivileges({}, {PRIV_INTERNET});
481 ScopedAppLauncher appLaunch(app);
482 app.checkSmackPrivileges({PRIV_INTERNET}, {});
485 app.checkSmackPrivileges({PRIV_INTERNET}, {});
487 app.checkAfterUninstall();
488 app.checkSmackPrivileges({}, {PRIV_INTERNET});
491 RUNNER_CHILD_TEST(smack_privileges_110_hybridity_change, InternetOnlySetup)
493 AppInstallHelperExt app("sm_test_sp_110_app");
494 app.addPrivileges({PRIV_INTERNET});
496 ScopedInstaller appInstall(app);
497 app.checkAfterInstall();
499 app.checkSmackPrivileges({}, {PRIV_INTERNET});
503 ScopedAppLauncher appLaunch(app);
504 app.checkSmackPrivileges({PRIV_INTERNET}, {});
507 app.checkSmackPrivileges({PRIV_INTERNET}, {});
512 InstallRequest request;
513 request.setAppId(app.getAppId());
514 request.setPkgId(app.getPkgId());
515 request.setUid(app.getUID());
517 for (const auto &priv: app.getPrivileges()) {
518 request.addPrivilege(priv);
520 Api::update(request);
522 app.checkSmackPrivileges({}, {PRIV_INTERNET});
526 ScopedAppLauncher appLaunch(app);
527 app.checkSmackPrivileges({PRIV_INTERNET}, {});
530 app.checkSmackPrivileges({PRIV_INTERNET}, {});
532 app.checkAfterUninstall();
533 app.checkSmackPrivileges({}, {PRIV_INTERNET});
536 RUNNER_CHILD_TEST(smack_privileges_120_policy_change_while_running, InternetOnlySetup)
538 TemporaryTestUser testUser("sm_test_120_user_name", GUM_USERTYPE_NORMAL, true);
541 AppInstallHelperExt app("sm_test_sp_120_app", testUser.getUid());
542 app.addPrivileges({PRIV_INTERNET});
544 ScopedInstaller appInstall(app);
545 app.checkAfterInstall();
547 app.checkSmackPrivileges({}, {PRIV_INTERNET});
551 ScopedAppLauncher appLaunch(app);
552 app.checkSmackPrivileges({PRIV_INTERNET}, {});
555 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
557 app.checkSmackPrivileges({}, {PRIV_INTERNET});
560 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
562 app.checkSmackPrivileges({PRIV_INTERNET}, {});
564 app.checkSmackPrivileges({PRIV_INTERNET}, {});
566 app.checkAfterUninstall();
567 app.checkSmackPrivileges({}, {PRIV_INTERNET});
570 RUNNER_CHILD_TEST(smack_privileges_130_different_users_and_policies, InternetOnlySetup)
572 TemporaryTestUser testUser("sm_test_130_user_name", GUM_USERTYPE_NORMAL, true);
575 AppInstallHelperExt app("sm_test_sp_130_app");
576 app.addPrivileges({PRIV_INTERNET});
579 ScopedInstaller appInstall(app);
580 app.checkAfterInstall();
582 app.checkSmackPrivileges({}, {PRIV_INTERNET});
584 // test user launch with denied policy
586 app.setUidGid(testUser.getUid());
587 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
588 ScopedAppLauncher appLaunch(app);
589 app.checkSmackPrivileges({}, {PRIV_INTERNET});
592 app.checkSmackPrivileges({}, {PRIV_INTERNET});
596 app.setUidGid(OWNER_ID);
597 ScopedAppLauncher appLaunch(app);
598 app.checkSmackPrivileges({PRIV_INTERNET}, {});
601 app.checkSmackPrivileges({PRIV_INTERNET}, {});
603 app.checkAfterUninstall();
604 app.checkSmackPrivileges({}, {PRIV_INTERNET});
607 RUNNER_CHILD_TEST(smack_privileges_140_two_users_sequence, InternetOnlySetup)
609 TemporaryTestUser testUser("sm_test_140_user_name", GUM_USERTYPE_NORMAL, true);
612 AppInstallHelperExt app("sm_test_sp_140_app");
613 app.addPrivileges({PRIV_INTERNET});
616 ScopedInstaller appInstall(app);
617 app.checkAfterInstall();
618 app.checkSmackPrivileges({}, {PRIV_INTERNET});
620 // owner launch -> allowed
621 app.setUidGid(OWNER_ID);
622 ScopedAppLauncher appLaunch1(app);
623 app.checkSmackPrivileges({PRIV_INTERNET}, {});
625 // test user launch -> denied
626 app.setUidGid(testUser.getUid());
627 ScopedAppLauncher appLaunch2(app);
628 app.checkSmackPrivileges({}, {PRIV_INTERNET});
630 // owner launch -> denied
631 app.setUidGid(OWNER_ID);
632 ScopedAppLauncher appLaunch3(app);
633 app.checkSmackPrivileges({}, {PRIV_INTERNET});
635 // test user launch -> still denied
636 app.setUidGid(testUser.getUid());
637 ScopedAppLauncher appLaunch4(app);
638 app.checkSmackPrivileges({}, {PRIV_INTERNET});
641 // test user launch -> allowed
642 app.setUidGid(testUser.getUid());
643 ScopedAppLauncher appLaunch5(app);
644 app.checkSmackPrivileges({PRIV_INTERNET}, {});
646 app.checkAfterUninstall();
647 app.checkSmackPrivileges({}, {PRIV_INTERNET});
650 RUNNER_CHILD_TEST(smack_privileges_150_independent_apps, InternetOnlySetup)
652 TemporaryTestUser testUser("sm_test_150_user_name", GUM_USERTYPE_NORMAL, true);
655 AppInstallHelperExt app1("sm_test_sp_150_app1", testUser.getUid());
656 AppInstallHelperExt app2("sm_test_sp_150_app2", testUser.getUid());
657 app1.addPrivileges({PRIV_INTERNET});
659 ScopedInstaller appInstall1(app1);
660 ScopedInstaller appInstall2(app2);
662 app1.checkAfterInstall();
663 app2.checkAfterInstall();
665 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
666 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
670 ScopedAppLauncher appLaunch1(app1);
671 ScopedAppLauncher appLaunch2(app2);
673 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
674 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
677 app1.checkAfterUninstall();
678 app2.checkAfterUninstall();
679 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
680 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
683 RUNNER_CHILD_TEST(smack_privileges_160_nonhybrid_package, InternetOnlySetup)
685 TemporaryTestUser testUser("sm_test_160_user_name", GUM_USERTYPE_NORMAL, true);
688 constexpr char pkgPrefix[] = "sm_test_sp_160_pkg";
690 AppInstallHelperExt app1("sm_test_sp_160_app1", pkgPrefix, testUser.getUid());
691 app1.addPrivileges({PRIV_INTERNET});
693 AppInstallHelperExt app2("sm_test_sp_160_app2", pkgPrefix, testUser.getUid());
694 app2.addPrivileges({PRIV_INTERNET});
696 ScopedInstaller appInstall1(app1);
697 ScopedInstaller appInstall2(app2);
699 app1.checkAfterInstall();
700 app2.checkAfterInstall();
702 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
703 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
707 ScopedAppLauncher appLaunch1(app1);
708 ScopedAppLauncher appLaunch2(app2);
710 // both have access in non-hybrid package
711 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
712 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
714 // change policy of single app
715 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
717 // both should lose the access
718 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
719 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
721 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
723 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
724 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
727 app1.checkAfterUninstall();
728 app2.checkAfterUninstall();
729 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
730 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
734 RUNNER_CHILD_TEST(smack_privileges_170_hybrid_package, InternetOnlySetup)
736 TemporaryTestUser testUser("sm_test_170_user_name", GUM_USERTYPE_NORMAL, true);
739 constexpr char pkgPrefix[] = "sm_test_sp_170_pkg";
741 AppInstallHelperExt app1("sm_test_sp_170_app1", pkgPrefix, testUser.getUid());
742 app1.addPrivileges({PRIV_INTERNET});
745 AppInstallHelperExt app2("sm_test_sp_170_app2", pkgPrefix, testUser.getUid());
748 ScopedInstaller appInstall1(app1);
749 ScopedInstaller appInstall2(app2);
751 app1.checkAfterInstall();
752 app2.checkAfterInstall();
754 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
755 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
759 ScopedAppLauncher appLaunch1(app1);
760 ScopedAppLauncher appLaunch2(app2);
762 // only one have access in a hybrid package
763 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
764 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
766 // change policy of single app
767 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
769 // both should have no access
770 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
771 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
773 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
775 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
776 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
779 app1.checkAfterUninstall();
780 app2.checkAfterUninstall();
781 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
782 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
785 RUNNER_CHILD_TEST(smack_privileges_180_hybrid_package_both_apps_privileged, InternetOnlySetup)
787 TemporaryTestUser testUser("sm_test_180_user_name", GUM_USERTYPE_NORMAL, true);
790 constexpr char pkgPrefix[] = "sm_test_sp_180_pkg";
792 AppInstallHelperExt app1("sm_test_sp_180_app1", pkgPrefix, testUser.getUid());
793 app1.addPrivileges({PRIV_INTERNET});
796 AppInstallHelperExt app2("sm_test_sp_180_app2", pkgPrefix, testUser.getUid());
797 app2.addPrivileges({PRIV_INTERNET});
800 ScopedInstaller appInstall1(app1);
801 ScopedInstaller appInstall2(app2);
803 app1.checkAfterInstall();
804 app2.checkAfterInstall();
806 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
807 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
811 ScopedAppLauncher appLaunch1(app1);
812 ScopedAppLauncher appLaunch2(app2);
814 // only one have access in a hybrid package
815 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
816 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
818 // change policy of single app
819 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
821 // both should have no access
822 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
823 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
825 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
827 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
828 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
831 app1.checkAfterUninstall();
832 app2.checkAfterUninstall();
833 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
834 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
837 RUNNER_CHILD_TEST(smack_privileges_200_empty_policy, EmptySetup)
839 AppInstallHelperExt app("sm_test_sp_200_app");
840 app.addPrivileges({PRIV_INTERNET, PRIV_CAMERA});
842 ScopedInstaller appInstall(app);
844 app.checkAfterInstall();
846 app.checkSmackAccesses(INTERNET_RULES, false);
847 app.checkSmackAccesses(CAMERA_RULES, false);
849 ScopedAppLauncher appLaunch(app);
851 // no config -> no access
852 app.checkSmackAccesses(INTERNET_RULES, false);
853 app.checkSmackAccesses(CAMERA_RULES, false);
856 app.checkAfterUninstall();
857 app.checkSmackAccesses(INTERNET_RULES, false);
858 app.checkSmackAccesses(CAMERA_RULES, false);
861 RUNNER_CHILD_TEST(smack_privileges_300_multi_policy_no_privs, MultiplePrivsSetup)
863 AppInstallHelperExt app("sm_test_sp_300_app");
865 ScopedInstaller appInstall(app);
867 app.checkAfterInstall();
868 app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
869 app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
871 ScopedAppLauncher appLaunch(app);
873 app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
874 app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
877 app.checkAfterUninstall();
878 app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
881 RUNNER_CHILD_TEST(smack_privileges_310_multi_policy_single_priv, MultiplePrivsSetup)
883 AppInstallHelperExt app("sm_test_sp_310_app");
884 app.addPrivilege(PRIV_CAMERA);
886 ScopedInstaller appInstall(app);
888 app.checkAfterInstall();
889 app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
890 app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
892 ScopedAppLauncher appLaunch(app);
894 app.checkSmackPrivileges({PRIV_CAMERA}, {PRIV_INTERNET});
895 app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
898 app.checkAfterUninstall();
899 app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
902 RUNNER_CHILD_TEST(smack_privileges_320_multi_policy_all_privs, MultiplePrivsSetup)
904 TemporaryTestUser testUser("sm_test_320_user_name", GUM_USERTYPE_NORMAL, true);
907 AppInstallHelperExt app("sm_test_sp_320_app", testUser.getUid());
908 app.addPrivileges({PRIV_CAMERA, PRIV_INTERNET});
910 ScopedInstaller appInstall(app);
912 app.checkAfterInstall();
913 app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
914 app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
916 ScopedAppLauncher appLaunch(app);
918 app.checkSmackPrivileges({PRIV_CAMERA, PRIV_INTERNET}, {});
919 app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
922 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
924 app.checkSmackPrivileges({PRIV_CAMERA}, {PRIV_INTERNET});
925 app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
928 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
929 changePolicy(app, PRIV_CAMERA, PolicyEntry::LEVEL_DENY);
931 app.checkSmackPrivileges({PRIV_INTERNET}, {PRIV_CAMERA});
932 app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
935 app.checkAfterUninstall();
936 app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
939 RUNNER_CHILD_TEST(smack_privileges_400_malformed, MalformedSetup)
941 AppInstallHelperExt app("sm_test_sp_400_app");
942 app.addPrivileges({PRIV_INTERNET, PRIV_CAMERA});
944 ScopedInstaller appInstall(app);
946 app.checkAfterInstall();
948 app.checkSmackAccesses(INTERNET_RULES, false);
949 app.checkSmackAccesses(CAMERA_RULES, false);
951 ScopedAppLauncher appLaunch(app);
953 // malformed config -> no access
954 app.checkSmackAccesses(INTERNET_RULES, false);
955 app.checkSmackAccesses(CAMERA_RULES, false);
958 app.checkAfterUninstall();
959 app.checkSmackAccesses(INTERNET_RULES, false);
960 app.checkSmackAccesses(CAMERA_RULES, false);