2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file libprivilege-control-test.cpp
18 * @author Jan Olszak (j.olszak@samsung.com)
19 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
21 * @brief Main file for libprivilege-control unit tests.
30 #include <sys/sendfile.h>
31 #include <sys/smack.h>
33 #include <sys/types.h>
38 #include <libprivilege-control_test_common.h>
39 #include <tests_common.h>
40 #include "common/duplicates.h"
42 #define CANARY_LABEL "tiny_yellow_canary"
44 const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", NULL };
45 const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
46 const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
47 const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
48 const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
50 const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
51 const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
52 const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
54 const char *PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", NULL};
55 const char *PRIV_APPSETTING_RULES[] = { "~APP~ ~SETTINGS_PATH~ rwx",
56 "~APP~ ~ALL_APPS~ rx",
59 * Check if every rule is true.
60 * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
62 int test_have_all_accesses(const rules_t &rules)
65 for (uint i = 0; i < rules.size(); ++i) {
66 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
76 * Check if every rule is true.
77 * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
79 int test_have_any_accesses(const rules_t &rules)
82 for (uint i = 0; i < rules.size(); ++i) {
83 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
93 * NOSMACK version of test_have_accesses functions.
95 * This will be used in many tests. Checks if for every rule smack_have_access returns error.
96 * If for any of rules smack_have_access will return something different than error, this result
97 * is being returned to caller.
99 int test_have_nosmack_accesses(const rules_t &rules)
102 for (uint i = 0; i < rules.size(); ++i) {
103 result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
110 bool check_all_accesses(bool smack, const rules_t &rules)
113 return test_have_all_accesses(rules) == 1;
115 return test_have_nosmack_accesses(rules) == -1;
118 bool check_no_accesses(bool smack, const rules_t &rules)
121 return test_have_any_accesses(rules) == 0;
123 return test_have_nosmack_accesses(rules) == -1;
126 void read_gids(std::set<unsigned> &set, const char *file_path)
128 FILE *f = fopen(file_path, "r");
129 RUNNER_ASSERT_MSG_BT(f != NULL, "Unable to open file " << file_path);
131 while (fscanf(f, "%u\n", &gid) == 1) {
137 void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
141 struct passwd *pw = getpwuid(user_id);
142 RUNNER_ASSERT_MSG_BT(pw != NULL, "getpwuid() failed.");
145 gid_t *groups_list = NULL;
146 ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
147 RUNNER_ASSERT_MSG_BT(ret == -1, "getgrouplist() failed.");
150 groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
151 RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed.");
153 ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
156 RUNNER_ASSERT_MSG_BT(false, "getgrouplist() failed.");
159 for (int i = 0; i < groups_cnt; ++i) {
160 set.insert(groups_list[i]);
165 void read_current_gids(std::set<unsigned> &set)
167 int groups_cnt = getgroups(0, NULL);
168 RUNNER_ASSERT_MSG_BT(groups_cnt > 0, "Wrong number of supplementary groups.");
169 gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
170 RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed.");
171 if (getgroups(groups_cnt, groups_list) == -1){
173 RUNNER_ASSERT_MSG_BT(false, "getgroups failed.");
176 for (int i = 0; i < groups_cnt; ++i) {
177 set.insert(groups_list[i]);
182 void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
184 std::set<unsigned> groups_check;
185 std::set<unsigned> groups_current;
187 read_gids(groups_check, dac_file);
188 read_current_gids(groups_current);
190 std::string groups_left;
191 for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
193 (void)groups_check.erase(*it);
194 if(groups_current.erase(*it) == 0)
195 groups_left.append(std::to_string(*it)).append(" ");
197 RUNNER_ASSERT_MSG_BT(groups_left.empty(),
198 "Application lost some groups: " << groups_left);
200 for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
202 if(groups_current.erase(*it) == 0)
203 groups_left.append(std::to_string(*it)).append(" ");
205 RUNNER_ASSERT_MSG_BT(groups_left.empty(),
206 "Application doesn't belong to some required groups: " << groups_left);
208 for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
210 groups_left.append(std::to_string(*it)).append(" ");
212 RUNNER_ASSERT_MSG_BT(groups_left.empty(),
213 "Application belongs to groups it should't belong to: " << groups_left);
216 int file_exists(const char *path)
218 FILE *file = fopen(path, "r");
226 void check_app_installed(const char *app_path)
228 RUNNER_ASSERT_MSG_BT(file_exists(app_path) == 0,
229 " App not installed: " << app_path);
232 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
233 int /*typeflag*/, struct FTW* /*ftwbuf*/)
235 smack_lsetlabel(fpath, NULL, SMACK_LABEL_ACCESS);
236 smack_lsetlabel(fpath, NULL, SMACK_LABEL_EXEC);
237 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
242 int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
243 int /*typeflag*/, struct FTW* /*ftwbuf*/)
250 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
251 labelPtr.reset(label);
252 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
253 RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set");
254 result = strcmp(APPID_DIR, labelPtr.get());
255 RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect");
258 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
259 labelPtr.reset(label);
260 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
261 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
262 RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
263 result = strcmp(APPID_DIR, labelPtr.get());
264 RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
265 } else if (S_ISLNK(sb->st_mode)) {
267 char *target = realpath(fpath, NULL);
268 RUNNER_ASSERT_MSG_BT(0 == stat(target, &buf),"Stat failed for " << fpath);
270 if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
271 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
273 RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
274 result = strcmp(APPID_DIR, labelPtr.get());
275 RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
278 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
281 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
282 labelPtr.reset(label);
283 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
284 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
289 int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
290 int /*typeflag*/, struct FTW* /*ftwbuf*/)
292 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
293 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
294 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
299 int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
300 int /*typeflag*/, struct FTW* /*ftwbuf*/)
307 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
308 labelPtr.reset(label);
309 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
310 result = strcmp(CANARY_LABEL, labelPtr.get());
311 RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is overwritten");
314 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
315 labelPtr.reset(label);
316 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
317 result = strcmp(CANARY_LABEL, labelPtr.get());
318 RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on " << fpath << " is overwritten");
321 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
322 labelPtr.reset(label);
323 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
324 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
329 void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack)
336 result = perm_app_uninstall(app_id);
337 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
338 "perm_app_uninstall returned " << result);
340 // Close transaction to commit uninstallation before further actions
346 result = perm_app_install(app_id);
347 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
348 "perm_app_install returned " << result);
350 // Close transaction to commit installation before further actions
356 // Revoke permissions
357 result = perm_app_revoke_permissions(app_id);
358 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
359 "Error revoking app permissions. Result: " << result);
363 // Are all the permissions revoked?
364 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules), "Line: " << line_no <<
365 "Not all permisions revoked.");
369 // Cleanup - uninstall test apps
370 result = perm_app_uninstall(app_id);
371 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
372 "perm_app_uninstall returned " << result);
377 void test_app_enable_permissions_efl(bool smack)
384 result = perm_app_uninstall(EFL_APP_ID);
385 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
386 "perm_app_uninstall failed: " << result);
387 result = perm_app_install(EFL_APP_ID);
388 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
389 "perm_app_install failed: " << result);
391 // Register a permission:
392 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
393 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
394 "Error registering app permissions. Result: " << result);
398 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
399 "SMACK accesses not granted for EFL_APP");
404 result = perm_app_uninstall(EFL_APP_ID);
405 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
406 "perm_app_uninstall failed: " << result);
411 void test_app_disable_permissions_efl(bool smack)
418 result = perm_app_uninstall(EFL_APP_ID);
419 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
420 "perm_app_uninstall failed: " << result);
422 result = perm_app_install(EFL_APP_ID);
423 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
424 "perm_app_install failed: " << result);
426 // Register a permission
427 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
428 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
429 "Error registering app permissions. Result: " << result);
433 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
434 "SMACK accesses not granted for EFL_APP");
438 // Disable a permission
439 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
440 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
441 "Error disabling app permissions. Result: " << result);
445 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
446 "SMACK accesses not disabled for EFL_APP");
451 result = perm_app_uninstall(EFL_APP_ID);
452 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
453 "perm_app_uninstall failed: " << result);
458 void test_app_disable_permissions(bool smack)
465 result = perm_app_uninstall(WGT_APP_ID);
466 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
467 "perm_app_uninstall failed: " << result);
469 result = perm_app_install(WGT_APP_ID);
470 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
471 "perm_app_install failed: " << result);
473 * Test - disable all granted permissions.
476 // Prepare permissions that we want to disable
477 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
478 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
479 " Error registering app permissions. Result: " << result);
483 // Are all the permissions enabled?
484 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2), "Not all permisions enabled.");
488 // Disable permissions
489 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
490 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
491 "Error disabling app permissions. Result: " << result);
495 // Are all the permissions disabled?
496 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2), "Not all permisions disabled.");
499 * Test - disable some granted permissions leaving non complementary and then disabling those too.
504 // Prepare permissions that will not be disabled
505 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, true);
506 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
507 " Error adding app first permissions. Result: " << result);
509 // Prepare permissions that we want to disable
510 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
511 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
512 " Error adding app second permissions. Result: " << result);
514 // Disable second permissions
515 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
516 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
517 "Error disabling app second permissions. Result: " << result);
521 // Are all second permissions disabled?
522 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
524 // Are all first permissions not disabled?
525 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules1), "Some of second permissions disabled.");
529 // Disable first permissions
530 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
531 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
532 "Error disabling app first permissions. Result: " << result);
536 // Are all second permissions disabled?
537 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules1), "Not all second permisions disabled.");
540 * Test - disable only no r granted permissions.
545 // Prepare permissions
546 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
547 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
548 " Error registering app r permissions. Result: " << result);
550 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true);
551 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
552 " Error registering app no r permissions. Result: " << result);
554 // Disable same permissions without r
555 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
556 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
557 "Error disabling app no r permissions. Result: " << result);
561 // Is any r permissions disabled?
562 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
563 // Are all no r permissions disabled?
564 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
568 // Prepare permissions
569 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
570 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
571 " Error adding app no r permissions. Result: " << result);
575 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
579 // Disable all permissions
580 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
581 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
582 "Error disabling app permissions. Result: " << result);
586 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
590 // Clean up after test:
591 result = perm_app_uninstall(WGT_APP_ID);
592 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
597 void test_appsettings_privilege(bool smack)
600 CStringPtr app1DirLabelPtr;
601 CStringPtr app2DirLabelPtr;
606 (void)perm_app_uninstall(APP_TEST);
607 (void)perm_app_uninstall(APP_1);
608 (void)perm_app_uninstall(APP_2);
611 ret = perm_app_install(APP_1);
612 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
614 mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
616 //register settings folder for app 1
617 ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
618 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
620 //install "app_test" and give it appsettings privilege
621 ret = perm_app_install(APP_TEST);
622 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
624 //register appsettings feature
625 ret = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, NULL, 0);
626 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,
627 " Error registering api feature. Result: " << ret);
629 ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
630 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,
631 " Error registering app permissions. Result: " << ret);
635 //check if "app_test" has an RX access to the app "app_1"
636 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, APP_1, "rx"}}), "access denied");
638 //check if "app_test" has an RWX access to a folder registered by "app_1"
639 ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS );
640 app1DirLabelPtr.reset(label);
641 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
642 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
647 //intstall another app: "app_2"
648 ret = perm_app_install(APP_2);
649 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
651 mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
652 //register settings folder for that "app_2"
653 ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
654 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
658 //check if "app_test" has an RX access to the app "app_2"
659 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, APP_2, "rx"}}), "access denied");
661 //check if "app_test" has an RWX access to a folder registered by "app_2"
662 ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS );
663 app2DirLabelPtr.reset(label);
664 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
665 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, app2DirLabelPtr.get(), "rwx"}}), "access denies");
672 (void)perm_app_uninstall(APP_TEST);
673 (void)perm_app_uninstall(APP_1);
674 (void)perm_app_uninstall(APP_2);