2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Zofia Abramowska (z.abramowska@samsung.com)
20 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
22 * @brief libprivilege-control tests commons
25 #ifndef LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
26 #define LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
33 #include <privilege-control.h>
34 #include <tests_common.h>
37 // How many open file descriptors should ftw() function use?
38 #define FTW_MAX_FDS 16
40 #define SOCK_PATH "/tmp/test-smack-socket"
42 #define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
43 #define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
45 #define APP_ID "test_APP"
46 #define APPID_DIR "test_APP_ID_dir"
47 #define APPID_SHARED_DIR "test_APP_ID_shared_dir"
50 #define APP_1_DIR "/tmp/app_1"
53 #define APP_2_DIR "/tmp/app_2"
55 #define APP_TEST "app_test"
57 #define EFL_APP_ID "EFL_APP_ID"
59 #define APP_FRIEND_1 "app_friend_1"
60 #define APP_FRIEND_2 "app_friend_2"
62 #define LIBPRIVILEGE_APP_GROUP_LIST "/usr/share/privilege-control/app_group_list"
63 #define LIBPRIVILEGE_TEST_DAC_FILE "/usr/share/privilege-control/test_privilege_control_rules.dac"
64 #define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac"
65 #define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac"
67 #define APP_TEST_APP_1 "test-application1"
68 #define APP_TEST_APP_2 "test-application_2"
69 #define APP_TEST_APP_3 "test-app-3"
70 #define APP_TEST_AV_1 "test-antivirus1"
71 #define APP_TEST_AV_2 "test-antivirus_2"
72 #define APP_TEST_AV_3 "test-av-3"
73 #define APP_TEST_APP_1_DIR "/tmp/test-application1/"
74 #define APP_TEST_APP_2_DIR "/tmp/test-application2/"
75 #define APP_TEST_APP_3_DIR "/tmp/test-application3/"
76 #define APP_TEST_APP_1_SHARED_LABEL "test-application1-shared"
77 #define APP_TEST_APP_2_SHARED_LABEL "test-application2-shared"
78 #define APP_TEST_APP_3_SHARED_LABEL "test-application3-shared"
80 #define WGT_PARTNER_APP_ID "7btsV1Y0sX"
81 #define WGT_PLATFORM_APP_ID "G4DE3U2vmW"
83 #define OSP_APP_ID "uqNfgEjqc7"
84 #define OSP_PARTNER_APP_ID "j4RuPsZrNt"
85 #define OSP_PLATFORM_APP_ID "V5LKqDFBXm"
87 #define WGT_APP_PATH "/opt/usr/apps/QwCqJ0ttyS/bin/QwCqJ0ttyS.TestMisiuPysiu123"
88 #define WGT_PARTNER_APP_PATH "/opt/usr/apps/7btsV1Y0sX/bin/7btsV1Y0sX.MisiuPysiu123Partner"
89 #define WGT_PLATFORM_APP_PATH "/opt/usr/apps/G4DE3U2vmW/bin/G4DE3U2vmW.MisiuPysiu123Platform"
91 #define OSP_APP_PATH "/opt/usr/apps/uqNfgEjqc7/bin/PysiuMisiu123Osp"
92 #define OSP_PARTNER_APP_PATH "/opt/usr/apps/j4RuPsZrNt/bin/PysiuMisiu123OspPartner"
93 #define OSP_PLATFORM_APP_PATH "/opt/usr/apps/V5LKqDFBXm/bin/PysiuMisiu123OspPlatform"
95 #define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
97 #define APP_NPRUNTIME "app_np_test"
98 #define APP_NPRUNTIME_FILE "/etc/smack/test_privilege_control_DIR/app_dir/exec"
100 const std::string RDB_PATH("/opt/dbspace/.rules-db.db3");
101 const std::string RDB_PATH_BACKUP("/opt/dbspace/.rules-db.db3.backup");
103 //correct and incorrect PID used in incorrect params test
104 const pid_t PID_CORRECT = 0;
105 const pid_t PID_INCORRECT = -1;
107 extern const char *PRIVS[];
108 extern const char *PRIVS2[];
109 extern const char *PRIVS2_NO_R[];
110 extern const char *PRIVS2_R[];
111 extern const char *PRIVS2_R_AND_NO_R[];
113 extern const char *PRIVS_WGT[];
114 extern const char *PRIVS_OSP[];
115 extern const char *PRIVS_EFL[];
117 extern const char* PRIV_APPSETTING[];
118 extern const char* PRIVS_AV[];
120 typedef std::vector< std::vector<std::string> > rules_t;
122 struct free_deleter {
123 void operator()(void* p) {
127 typedef std::unique_ptr<char, free_deleter> CStringPtr;
129 template<typename T> struct list_deleter {
130 void operator()(void* p) {
133 for (int i = 0; list[i] != NULL; ++i) {
140 typedef std::unique_ptr<char*, list_deleter<char> > CStringListPtr;
142 typedef struct perm_app_status_list {
143 perm_app_status_t *status;
145 } perm_app_status_list_t;
146 typedef std::unique_ptr<perm_app_status_list_t, void (*)(perm_app_status_list_t*)> ListAppStatusPtr;
150 bool backupfile(const std::string& src, const std::string& dst);
151 bool restorefile(const std::string& src, const std::string& dst);
160 Directory(std::string path, mode_t mode) : m_errorCode(0), m_path(path)
162 if (mkdir(path.c_str(), mode) != 0) {
167 Directory(const Directory& directory) = delete;
169 Directory(Directory&& directory)
170 : m_errorCode(std::move(directory.m_errorCode)), m_path(std::move(directory.m_path))
172 directory.m_path = "";
175 const Directory& operator=(const Directory& directory) = delete;
177 const Directory& operator=(Directory&& directory)
179 m_errorCode = directory.m_errorCode;
180 m_path = std::move(directory.m_path);
181 directory.m_path = "";
188 if (m_errorCode == 0 && !m_path.empty()) {
189 rmdir(m_path.c_str());
193 bool isCreated() const
195 return m_errorCode == 0;
198 int errorCode() const
203 const std::string& path() const
214 // Rules from test_privilege_control_rules.smack
215 const rules_t rules = {
216 { APP_ID, "test_book_1", "r" },
217 { APP_ID, "test_book_2", "w" },
218 { APP_ID, "test_book_3", "x" },
219 { APP_ID, "test_book_4", "rw" },
220 { APP_ID, "test_book_5", "rx" },
221 { APP_ID, "test_book_6", "wx" },
222 { APP_ID, "test_book_7", "rwx" },
223 { "test_subject_1", APP_ID, "r" },
224 { "test_subject_2", APP_ID, "w" },
225 { "test_subject_3", APP_ID, "x" },
226 { "test_subject_4", APP_ID, "rw" },
227 { "test_subject_5", APP_ID, "rx" },
228 { "test_subject_6", APP_ID, "wx" },
229 { "test_subject_7", APP_ID, "rwx" },
230 { APP_ID, APPID_SHARED_DIR, "rwxat"}
233 // Rules from WRT_test_privilege_control_rules2.smack
234 const rules_t rules2 = {
235 { WGT_APP_ID, "test_book_8", "r" },
236 { WGT_APP_ID, "test_book_9", "w" },
237 { WGT_APP_ID, "test_book_10", "x" },
238 { WGT_APP_ID, "test_book_11", "rw" },
239 { WGT_APP_ID, "test_book_12", "rx" },
240 { WGT_APP_ID, "test_book_13", "wx" },
241 { WGT_APP_ID, "test_book_14", "rwx" },
242 { WGT_APP_ID, "test_book_15", "rwxat" },
243 { "test_subject_8", WGT_APP_ID, "r" },
244 { "test_subject_9", WGT_APP_ID, "w" },
245 { "test_subject_10", WGT_APP_ID, "x" },
246 { "test_subject_11", WGT_APP_ID, "rw" },
247 { "test_subject_12", WGT_APP_ID, "rx" },
248 { "test_subject_13", WGT_APP_ID, "wx" },
249 { "test_subject_14", WGT_APP_ID, "rwx" },
250 { "test_subject_15", WGT_APP_ID, "rwxat" }
253 // Rules from WRT_test_privilege_control_rules_no_r.smack
254 const rules_t rules2_no_r = {
255 { WGT_APP_ID, "test_book_9", "w" },
256 { WGT_APP_ID, "test_book_10", "x" },
257 { WGT_APP_ID, "test_book_11", "w" },
258 { WGT_APP_ID, "test_book_12", "x" },
259 { WGT_APP_ID, "test_book_13", "x" },
260 { WGT_APP_ID, "test_book_14", "wx" },
261 { WGT_APP_ID, "test_book_15", "wxat" },
262 { "test_subject_9", WGT_APP_ID, "w" },
263 { "test_subject_10", WGT_APP_ID, "x" },
264 { "test_subject_11", WGT_APP_ID, "w" },
265 { "test_subject_12", WGT_APP_ID, "x" },
266 { "test_subject_13", WGT_APP_ID, "x" },
267 { "test_subject_14", WGT_APP_ID, "wx" },
268 { "test_subject_15", WGT_APP_ID, "wxat" }
271 // Rules from test_privilege_control_rules.smack
272 // minus WRT_test_privilege_control_rules_no_r.smack
273 const rules_t rules2_r = {
274 { WGT_APP_ID, "test_book_8", "r" },
275 { WGT_APP_ID, "test_book_11", "r" },
276 { WGT_APP_ID, "test_book_12", "r" },
277 { WGT_APP_ID, "test_book_14", "r" },
278 { WGT_APP_ID, "test_book_15", "r" },
279 { "test_subject_8", WGT_APP_ID, "r" },
280 { "test_subject_11", WGT_APP_ID, "r" },
281 { "test_subject_12", WGT_APP_ID, "r" },
282 { "test_subject_14", WGT_APP_ID, "r" },
283 { "test_subject_15", WGT_APP_ID, "r" }
286 // Rules from EFL_test_privilege_control_rules_osp.smack for osp_platform
287 const rules_t rules_efl = {
288 { APP_ID, "test_book_efl", "r" }
291 // Rules from WRT_test_privilege_control_rules_wgt.smack for wgt
292 const rules_t rules_wgt = {
293 { WGT_APP_ID, "test_book_8", "r" },
294 { WGT_APP_ID, "test_book_9", "w" },
295 { WGT_APP_ID, "test_book_10", "x" },
296 { WGT_APP_ID, "test_book_11", "rw" },
297 { WGT_APP_ID, "test_book_12", "rx" },
298 { WGT_APP_ID, "test_book_13", "wx" },
299 { WGT_APP_ID, "test_book_14", "rwx" },
300 { WGT_APP_ID, "test_book_15", "rwxat" },
301 { "test_subject_8", WGT_APP_ID, "r" },
302 { "test_subject_9", WGT_APP_ID, "w" },
303 { "test_subject_10", WGT_APP_ID, "x" },
304 { "test_subject_11", WGT_APP_ID, "rw" },
305 { "test_subject_12", WGT_APP_ID, "rx" },
306 { "test_subject_13", WGT_APP_ID, "wx" },
307 { "test_subject_14", WGT_APP_ID, "rwx" },
308 { "test_subject_15", WGT_APP_ID, "rwxat" }
311 // Rules from WRT_test_privilege_control_rules.smack for wgt
312 const rules_t rules_wgt2 = {
313 { WGT_APP_ID, "test_book_1", "r" },
314 { WGT_APP_ID, "test_book_2", "w" },
315 { WGT_APP_ID, "test_book_3", "x" },
316 { WGT_APP_ID, "test_book_4", "rw" },
317 { WGT_APP_ID, "test_book_5", "rx" },
318 { WGT_APP_ID, "test_book_6", "wx" },
319 { WGT_APP_ID, "test_book_7", "rwx" },
320 { "test_subject_1", WGT_APP_ID, "r" },
321 { "test_subject_2", WGT_APP_ID, "w" },
322 { "test_subject_3", WGT_APP_ID, "x" },
323 { "test_subject_4", WGT_APP_ID, "rw" },
324 { "test_subject_5", WGT_APP_ID, "rx" },
325 { "test_subject_6", WGT_APP_ID, "wx" },
326 { "test_subject_7", WGT_APP_ID, "rwx" }
329 // Rules from WRT_test_privilege_control_rules_wgt.smack for wgt_partner
330 const rules_t rules_wgt_partner = {
331 { WGT_PARTNER_APP_ID, "test_book_8", "r" },
332 { WGT_PARTNER_APP_ID, "test_book_9", "w" },
333 { WGT_PARTNER_APP_ID, "test_book_10", "x" },
334 { WGT_PARTNER_APP_ID, "test_book_11", "rw" },
335 { WGT_PARTNER_APP_ID, "test_book_12", "rx" },
336 { WGT_PARTNER_APP_ID, "test_book_13", "wx" },
337 { WGT_PARTNER_APP_ID, "test_book_14", "rwx" },
338 { WGT_PARTNER_APP_ID, "test_book_15", "rwxat" },
339 { "test_subject_8", WGT_PARTNER_APP_ID, "r" },
340 { "test_subject_9", WGT_PARTNER_APP_ID, "w" },
341 { "test_subject_10", WGT_PARTNER_APP_ID, "x" },
342 { "test_subject_11", WGT_PARTNER_APP_ID, "rw" },
343 { "test_subject_12", WGT_PARTNER_APP_ID, "rx" },
344 { "test_subject_13", WGT_PARTNER_APP_ID, "wx" },
345 { "test_subject_14", WGT_PARTNER_APP_ID, "rwx" },
346 { "test_subject_15", WGT_PARTNER_APP_ID, "rwxat" }
349 // Rules from WRT_test_privilege_control_rules_wgt.smack for wgt_platform
350 const rules_t rules_wgt_platform = {
351 { WGT_PLATFORM_APP_ID, "test_book_8", "r" },
352 { WGT_PLATFORM_APP_ID, "test_book_9", "w" },
353 { WGT_PLATFORM_APP_ID, "test_book_10", "x" },
354 { WGT_PLATFORM_APP_ID, "test_book_11", "rw" },
355 { WGT_PLATFORM_APP_ID, "test_book_12", "rx" },
356 { WGT_PLATFORM_APP_ID, "test_book_13", "wx" },
357 { WGT_PLATFORM_APP_ID, "test_book_14", "rwx" },
358 { WGT_PLATFORM_APP_ID, "test_book_15", "rwxat" },
359 { "test_subject_8", WGT_PLATFORM_APP_ID, "r" },
360 { "test_subject_9", WGT_PLATFORM_APP_ID, "w" },
361 { "test_subject_10", WGT_PLATFORM_APP_ID, "x" },
362 { "test_subject_11", WGT_PLATFORM_APP_ID, "rw" },
363 { "test_subject_12", WGT_PLATFORM_APP_ID, "rx" },
364 { "test_subject_13", WGT_PLATFORM_APP_ID, "wx" },
365 { "test_subject_14", WGT_PLATFORM_APP_ID, "rwx" },
366 { "test_subject_15", WGT_PLATFORM_APP_ID, "rwxat" }
369 // Rules from OSP_test_privilege_control_rules_osp.smack for osp
370 const rules_t rules_osp = {
371 { OSP_APP_ID, "test_book_8", "r" },
372 { OSP_APP_ID, "test_book_9", "w" },
373 { OSP_APP_ID, "test_book_10", "x" },
374 { OSP_APP_ID, "test_book_11", "rw" },
375 { OSP_APP_ID, "test_book_12", "rx" },
376 { OSP_APP_ID, "test_book_13", "wx" },
377 { OSP_APP_ID, "test_book_14", "rwx" },
378 { OSP_APP_ID, "test_book_15", "rwxat" },
379 { "test_subject_8", OSP_APP_ID, "r" },
380 { "test_subject_9", OSP_APP_ID, "w" },
381 { "test_subject_10", OSP_APP_ID, "x" },
382 { "test_subject_11", OSP_APP_ID, "rw" },
383 { "test_subject_12", OSP_APP_ID, "rx" },
384 { "test_subject_13", OSP_APP_ID, "wx" },
385 { "test_subject_14", OSP_APP_ID, "rwx" },
386 { "test_subject_15", OSP_APP_ID, "rwxat" }
389 // Rules from OSP_test_privilege_control_rules_osp.smack for osp_partner
390 const rules_t rules_osp_partner = {
391 { OSP_PARTNER_APP_ID, "test_book_8", "r" },
392 { OSP_PARTNER_APP_ID, "test_book_9", "w" },
393 { OSP_PARTNER_APP_ID, "test_book_10", "x" },
394 { OSP_PARTNER_APP_ID, "test_book_11", "rw" },
395 { OSP_PARTNER_APP_ID, "test_book_12", "rx" },
396 { OSP_PARTNER_APP_ID, "test_book_13", "wx" },
397 { OSP_PARTNER_APP_ID, "test_book_14", "rwx" },
398 { OSP_PARTNER_APP_ID, "test_book_15", "rwxat" },
399 { "test_subject_8", OSP_PARTNER_APP_ID, "r" },
400 { "test_subject_9", OSP_PARTNER_APP_ID, "w" },
401 { "test_subject_10", OSP_PARTNER_APP_ID, "x" },
402 { "test_subject_11", OSP_PARTNER_APP_ID, "rw" },
403 { "test_subject_12", OSP_PARTNER_APP_ID, "rx" },
404 { "test_subject_13", OSP_PARTNER_APP_ID, "wx" },
405 { "test_subject_14", OSP_PARTNER_APP_ID, "rwx" },
406 { "test_subject_15", OSP_PARTNER_APP_ID, "rwxat" }
409 // Rules from OSP_test_privilege_control_rules_osp.smack for osp_platform
410 const rules_t rules_osp_platform = {
411 { OSP_PLATFORM_APP_ID, "test_book_8", "r" },
412 { OSP_PLATFORM_APP_ID, "test_book_9", "w" },
413 { OSP_PLATFORM_APP_ID, "test_book_10", "x" },
414 { OSP_PLATFORM_APP_ID, "test_book_11", "rw" },
415 { OSP_PLATFORM_APP_ID, "test_book_12", "rx" },
416 { OSP_PLATFORM_APP_ID, "test_book_13", "wx" },
417 { OSP_PLATFORM_APP_ID, "test_book_14", "rwx" },
418 { OSP_PLATFORM_APP_ID, "test_book_15", "rwxat" },
419 { "test_subject_8", OSP_PLATFORM_APP_ID, "r" },
420 { "test_subject_9", OSP_PLATFORM_APP_ID, "w" },
421 { "test_subject_10", OSP_PLATFORM_APP_ID, "x" },
422 { "test_subject_11", OSP_PLATFORM_APP_ID, "rw" },
423 { "test_subject_12", OSP_PLATFORM_APP_ID, "rx" },
424 { "test_subject_13", OSP_PLATFORM_APP_ID, "wx" },
425 { "test_subject_14", OSP_PLATFORM_APP_ID, "rwx" },
426 { "test_subject_15", OSP_PLATFORM_APP_ID, "rwxat" }
429 int test_have_all_accesses(const rules_t &rules);
430 int test_have_any_accesses(const rules_t &rules);
431 int test_have_nosmack_accesses(const rules_t &rules);
433 void read_gids(std::set<unsigned> &set, const char *file_path);
434 void check_groups(const char *dac_file);
436 int file_exists(const char *path);
437 void check_app_installed(int line_no, const char *app_path);
439 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
440 int /*typeflag*/, struct FTW* /*ftwbuf*/);
441 int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
442 int /*typeflag*/, struct FTW* /*ftwbuf*/);
443 int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
444 int /*typeflag*/, struct FTW* /*ftwbuf*/);
445 int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
446 int /*typeflag*/, struct FTW* /*ftwbuf*/);
448 void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment);
449 void checkOnlyAvAccessNosmack(const char *av_id, const char *app_id, const char *comment);
450 void check_app_has_permission(const char* app_id, const app_type_t app_type,
451 const char *perm_list[], const int expected_result);
453 void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack);
454 void test_app_enable_permissions_efl(bool smack);
455 void test_app_disable_permissions_efl(bool smack);
456 void test_app_disable_permissions(bool smack);
457 void test_appsettings_privilege(bool smack);
459 // Parsed form of single libprivilege additional rule.
460 struct additional_rule
468 typedef std::vector<additional_rule> additional_rules;
470 bool additional_rules_parse(const char** smack_rules, additional_rules& rules);
472 void restore_original_additional_rules(void);
474 class RestoreAdditionalRulesGuard
477 ~RestoreAdditionalRulesGuard() {
478 restore_original_additional_rules();
482 #endif /* LIBPRIVILEGE_CONTROL_TEST_COMMON_H_ */