2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file libprivilege-control-test.cpp
18 * @author Jan Olszak (j.olszak@samsung.com)
19 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
21 * @brief Main file for libprivilege-control unit tests.
26 #include <libprivilege-control_test_common.h>
27 #include <tests_common.h>
28 #include <sys/smack.h>
29 #include <dpl/test/test_runner.h>
31 #define CANARY_LABEL "tiny_yellow_canary"
33 const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
34 const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
35 const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
36 const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
37 const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
39 const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
40 const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
41 const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
43 const char* PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", NULL};
45 const char* PRIVS_AV[] = { "org.tizen.privilege.antivirus", NULL };
48 * Check if every rule is true.
49 * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
51 int test_have_all_accesses(const rules_t &rules)
54 for (uint i = 0; i < rules.size(); ++i) {
55 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
65 * Check if every rule is true.
66 * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
68 int test_have_any_accesses(const rules_t &rules)
71 for (uint i = 0; i < rules.size(); ++i) {
72 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
82 * NOSMACK version of test_have_accesses functions.
84 * This will be used in many tests. Checks if for every rule smack_have_access returns error.
85 * If for any of rules smack_have_access will return something different than error, this result
86 * is being returned to caller.
88 int test_have_nosmack_accesses(const rules_t &rules)
91 for (uint i = 0; i < rules.size(); ++i) {
92 result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
99 bool check_all_accesses(bool smack, const rules_t &rules)
102 return test_have_all_accesses(rules) == 1;
104 return test_have_nosmack_accesses(rules) == -1;
107 bool check_no_accesses(bool smack, const rules_t &rules)
110 return test_have_any_accesses(rules) == 0;
112 return test_have_nosmack_accesses(rules) == -1;
115 void read_gids(std::set<unsigned> &set, const char *file_path)
117 FILE *f = fopen(file_path, "r");
118 RUNNER_ASSERT_MSG(f != NULL, "Unable to open file " << file_path);
120 while (fscanf(f, "%u\n", &gid) == 1) {
126 void check_groups(const char *dac_file)
128 std::set<unsigned> groups_check;
129 read_gids(groups_check, LIBPRIVILEGE_APP_GROUP_LIST);
130 read_gids(groups_check, dac_file);
132 int groups_cnt = getgroups(0, NULL);
133 RUNNER_ASSERT_MSG(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
134 gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
135 RUNNER_ASSERT_MSG(groups_list != NULL, "Memory allocation failed");
136 RUNNER_ASSERT(-1 != getgroups(groups_cnt, groups_list));
138 for (int i = 0; i < groups_cnt; ++i) {
139 //getgroups() can return multiple number of the same group
140 //they are returned in sequence, so we will given number when last
141 //element of this number is reached
142 if ((i < groups_cnt - 1) && (groups_list[i + 1] == groups_list[i]))
144 if (groups_check.erase(groups_list[i]) == 0) {
145 // getgroups() may also return process' main group
146 if (groups_list[i] != getgid())
147 RUNNER_ASSERT_MSG(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
151 std::string groups_left;
152 for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
153 groups_left.append(std::to_string(*it)).append(" ");
155 RUNNER_ASSERT_MSG(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
158 int file_exists(const char *path)
160 FILE *file = fopen(path, "r");
168 void check_app_installed(int line_no, const char *app_path)
170 RUNNER_ASSERT_MSG(file_exists(app_path) == 0, "Line: " << line_no <<
171 " App not installed: " << app_path);
174 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
175 int /*typeflag*/, struct FTW* /*ftwbuf*/)
177 smack_lsetlabel(fpath, NULL, SMACK_LABEL_ACCESS);
178 smack_lsetlabel(fpath, NULL, SMACK_LABEL_EXEC);
179 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
184 int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
185 int /*typeflag*/, struct FTW* /*ftwbuf*/)
192 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
193 labelPtr.reset(label);
194 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
195 RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set");
196 result = strcmp(APPID_DIR, labelPtr.get());
197 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
200 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
201 labelPtr.reset(label);
202 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
203 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
204 RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
205 result = strcmp(APPID_DIR, labelPtr.get());
206 RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
207 } else if (S_ISLNK(sb->st_mode)) {
209 char *target = realpath(fpath, NULL);
210 RUNNER_ASSERT_MSG(0 == stat(target, &buf),"Stat failed for " << fpath);
212 if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
213 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
215 RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
216 result = strcmp(APPID_DIR, labelPtr.get());
217 RUNNER_ASSERT_MSG(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
220 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
223 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
224 labelPtr.reset(label);
225 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
226 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
231 int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
232 int /*typeflag*/, struct FTW* /*ftwbuf*/)
234 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
235 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
236 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
241 int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
242 int /*typeflag*/, struct FTW* /*ftwbuf*/)
249 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
250 labelPtr.reset(label);
251 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
252 result = strcmp(CANARY_LABEL, labelPtr.get());
253 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
256 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
257 labelPtr.reset(label);
258 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
259 result = strcmp(CANARY_LABEL, labelPtr.get());
260 RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
263 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
264 labelPtr.reset(label);
265 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
266 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
271 void check_app_has_permission(const char* app_id, const app_type_t app_type,
272 const char *perm_list[], const int expected_result)
274 int result = PC_OPERATION_SUCCESS;
275 bool has_permission = false;
277 for (int i = 0; perm_list[i] != NULL; i++) {
278 result = perm_app_has_permission(app_id, app_type, perm_list[i], &has_permission);
279 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
280 "perm_app_has_permission failed with result: " << result);
281 RUNNER_ASSERT_MSG(has_permission == expected_result,
282 "Unexpected result, perm_app_has_permission returned: " << has_permission
283 << ", expected: " << expected_result);
286 void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
289 result = smack_have_access(av_id, app_id, "rwx");
290 RUNNER_ASSERT_MSG(result == 1,
291 "Error while checking " << av_id << " rwx access to "
292 << app_id << " " << comment << " Result: " << result);
293 result = smack_have_access(av_id, app_id, "a");
294 RUNNER_ASSERT_MSG(result == 0,
295 "Error while checking " << av_id << " a access to "
296 << app_id << " " << comment << " Result: " << result);
297 result = smack_have_access(av_id, app_id, "t");
298 RUNNER_ASSERT_MSG(result == 0,
299 "Error while checking " << av_id << " t access to "
300 << app_id << " " << comment << " Result: " << result);
304 * NOSMACK version of checkOnlyAvAccess function.
306 * Expects error instead of access granted/forbidden from smack_have_access.
308 void checkOnlyAvAccessNosmack(const char *av_id, const char *app_id, const char *comment)
311 result = smack_have_access(av_id, app_id, "rwx");
312 RUNNER_ASSERT_MSG(result == -1,
313 "smack_have_access should return error (SMACK is off). Result: " << result
314 << " when testing " << comment);
315 result = smack_have_access(av_id, app_id, "a");
316 RUNNER_ASSERT_MSG(result == -1,
317 "smack_have_access should return error (SMACK is off). Result: " << result
318 << " when testing " << comment);
319 result = smack_have_access(av_id, app_id, "t");
320 RUNNER_ASSERT_MSG(result == -1,
321 "smack_have_access should return error (SMACK is off). Result: " << result
322 << " when testing " << comment);
325 void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack)
332 result = perm_app_uninstall(app_id);
333 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
334 "perm_app_uninstall returned " << result);
336 // Close transaction to commit uninstallation before further actions
342 result = perm_app_install(app_id);
343 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
344 "perm_app_install returned " << result);
346 // Close transaction to commit installation before further actions
352 // Revoke permissions
353 result = perm_app_revoke_permissions(app_id);
354 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
355 "Error revoking app permissions. Result: " << result);
359 // Are all the permissions revoked?
360 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules), "Line: " << line_no <<
361 "Not all permisions revoked.");
365 // Cleanup - uninstall test apps
366 result = perm_app_uninstall(app_id);
367 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
368 "perm_app_uninstall returned " << result);
373 void test_app_enable_permissions_efl(bool smack)
380 result = perm_app_uninstall(EFL_APP_ID);
381 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
382 "perm_app_uninstall failed: " << result);
383 result = perm_app_install(EFL_APP_ID);
384 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
385 "perm_app_install failed: " << result);
387 // Enable a permission:
388 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
389 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
390 "Error enabling app permissions. Result: " << result);
394 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
395 "SMACK accesses not granted for EFL_APP");
397 // Check if permission is assigned to app in db
398 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
403 result = perm_app_uninstall(EFL_APP_ID);
404 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
405 "perm_app_uninstall failed: " << result);
409 // Check if permission is disabled in db
410 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
413 void test_app_disable_permissions_efl(bool smack)
420 result = perm_app_uninstall(EFL_APP_ID);
421 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
422 "perm_app_uninstall failed: " << result);
424 result = perm_app_install(EFL_APP_ID);
425 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
426 "perm_app_install failed: " << result);
428 // Enable a permission
429 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
430 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
431 "Error enabling app permissions. Result: " << result);
435 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
436 "SMACK accesses not granted for EFL_APP");
438 // Check if permission is assigned to app in db
439 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
443 // Disable a permission
444 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
445 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
446 "Error disabling app permissions. Result: " << result);
450 RUNNER_ASSERT_MSG(check_no_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
451 "SMACK accesses not disabled for EFL_APP");
453 // Check if permission is disabled in db
454 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
459 result = perm_app_uninstall(EFL_APP_ID);
460 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
461 "perm_app_uninstall failed: " << result);
466 void test_app_disable_permissions(bool smack)
473 result = perm_app_uninstall(WGT_APP_ID);
474 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
475 "perm_app_uninstall failed: " << result);
477 result = perm_app_install(WGT_APP_ID);
478 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
479 "perm_app_install failed: " << result);
481 * Test - disable all granted permissions.
484 // Prepare permissions that we want to disable
485 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
486 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
487 " Error enabling app permissions. Result: " << result);
491 // Are all the permissions enabled?
492 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
494 // Check if permissions are enabled in db
495 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
499 // Disable permissions
500 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
501 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
502 "Error disabling app permissions. Result: " << result);
506 // Are all the permissions disabled?
507 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
509 // Check if permission is disabled in db
510 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
513 * Test - disable some granted permissions leaving non complementary and then disabling those too.
518 // Prepare permissions that will not be disabled
519 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS, 1);
520 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
521 " Error adding app first permissions. Result: " << result);
523 // Prepare permissions that we want to disable
524 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
525 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
526 " Error adding app second permissions. Result: " << result);
528 // Disable second permissions
529 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
530 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
531 "Error disabling app second permissions. Result: " << result);
535 // Are all second permissions disabled?
536 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
538 // Are all first permissions not disabled?
539 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules_wgt2), "Some of second permissions disabled.");
541 // Check if second permission is disabled in db
542 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
543 // Check if first permission is enabled in db
544 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, true);
548 // Disable first permissions
549 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
550 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
551 "Error disabling app first permissions. Result: " << result);
555 // Are all second permissions disabled?
556 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules_wgt2), "Not all second permisions disabled.");
558 // Check if permission is disabled in db
559 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, false);
562 * Test - disable only no r granted permissions.
567 // Prepare permissions
568 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
569 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
570 " Error adding app permissions. Result: " << result);
572 // Disable same permissions without r
573 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
574 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
575 "Error disabling app no r permissions. Result: " << result);
579 // Is any r permissions disabled?
580 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
581 // Are all no r permissions disabled?
582 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
584 // Check if second permission is enabled in db
585 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
586 // Check if permission is disabled in db
587 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
591 // Prepare permissions
592 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
593 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
594 " Error adding app no r permissions. Result: " << result);
598 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
602 // Disable all permissions
603 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
604 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
605 "Error disabling app permissions. Result: " << result);
609 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
611 // Check if permission is disabled in db
612 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
616 // Clean up after test:
617 result = perm_app_uninstall(WGT_APP_ID);
618 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
623 void test_appsettings_privilege(bool smack)
626 CStringPtr app1DirLabelPtr;
627 CStringPtr app2DirLabelPtr;
632 (void)perm_app_uninstall(APP_TEST);
633 (void)perm_app_uninstall(APP_1);
634 (void)perm_app_uninstall(APP_2);
637 ret = perm_app_install(APP_1);
638 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
640 mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
642 //register settings folder for app 1
643 ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
644 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
646 //install "app_test" and give it appsettings privilege
647 ret = perm_app_install(APP_TEST);
648 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
651 ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
652 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
653 " Error enabling app permissions. Result: " << ret);
657 //check if "app_test" has an RX access to the app "app_1"
658 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, APP_1, "rx"}}), "access denied");
660 //check if "app_test" has an RWX access to a folder registered by "app_1"
661 ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS );
662 app1DirLabelPtr.reset(label);
663 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
664 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
669 //intstall another app: "app_2"
670 ret = perm_app_install(APP_2);
671 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
673 mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
674 //register settings folder for that "app_2"
675 ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
676 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
680 //check if "app_test" has an RX access to the app "app_2"
681 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, APP_2, "rx"}}), "access denied");
683 //check if "app_test" has an RWX access to a folder registered by "app_2"
684 ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS );
685 app2DirLabelPtr.reset(label);
686 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
687 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, app2DirLabelPtr.get(), "rwx"}}), "access denies");
694 (void)perm_app_uninstall(APP_TEST);
695 (void)perm_app_uninstall(APP_1);
696 (void)perm_app_uninstall(APP_2);