2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file libprivilege-control-test.cpp
18 * @author Jan Olszak (j.olszak@samsung.com)
20 * @brief Main file for libprivilege-control unit tests.
25 #include <libprivilege-control_test_common.h>
26 #include <tests_common.h>
27 #include <sys/smack.h>
28 #include <dpl/test/test_runner.h>
30 #define CANARY_LABEL "tiny_yellow_canary"
32 const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
33 const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
34 const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
35 const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
36 const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
38 const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
39 const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
40 const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
42 const char* PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", NULL};
44 const char* PRIVS_AV[] = { "org.tizen.privilege.antivirus", NULL };
46 void cleaning_smack_app_files (void)
48 unlink(SMACK_RULES_DIR APP_TEST_APP_1);
49 unlink(SMACK_RULES_DIR APP_TEST_APP_2);
50 unlink(SMACK_RULES_DIR APP_TEST_APP_3);
51 unlink(SMACK_RULES_DIR APP_TEST_AV_1);
52 unlink(SMACK_RULES_DIR APP_TEST_AV_2);
53 unlink(SMACK_RULES_DIR APP_TEST_AV_3);
57 * Check if every rule is true.
58 * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
60 int test_have_all_accesses(const rules_t &rules)
63 for (uint i = 0; i < rules.size(); ++i) {
64 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
74 * Check if every rule is true.
75 * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
77 int test_have_any_accesses(const rules_t &rules)
80 for (uint i = 0; i < rules.size(); ++i) {
81 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
91 * NOSMACK version of test_have_accesses functions.
93 * This will be used in many tests. Checks if for every rule smack_have_access returns error.
94 * If for any of rules smack_have_access will return something different than error, this result
95 * is being returned to caller.
97 int test_have_nosmack_accesses(const rules_t &rules)
100 for (uint i = 0; i < rules.size(); ++i) {
101 result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
108 bool check_all_accesses(bool smack, const rules_t &rules)
111 return test_have_all_accesses(rules) == 1;
113 return test_have_nosmack_accesses(rules) == -1;
116 bool check_no_accesses(bool smack, const rules_t &rules)
119 return test_have_any_accesses(rules) == 0;
121 return test_have_nosmack_accesses(rules) == -1;
124 void read_gids(std::set<unsigned> &set, const char *file_path)
126 FILE *f = fopen(file_path, "r");
127 RUNNER_ASSERT_MSG(f != NULL, "Unable to open file " << file_path);
129 while (fscanf(f, "%u\n", &gid) == 1) {
135 void check_groups(const char *dac_file)
137 std::set<unsigned> groups_check;
138 read_gids(groups_check, LIBPRIVILEGE_APP_GROUP_LIST);
139 read_gids(groups_check, dac_file);
141 int groups_cnt = getgroups(0, NULL);
142 RUNNER_ASSERT_MSG(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
143 gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
144 RUNNER_ASSERT_MSG(groups_list != NULL, "Memory allocation failed");
145 RUNNER_ASSERT(-1 != getgroups(groups_cnt, groups_list));
147 for (int i = 0; i < groups_cnt; ++i) {
148 //getgroups() can return multiple number of the same group
149 //they are returned in sequence, so we will given number when last
150 //element of this number is reached
151 if ((i < groups_cnt - 1) && (groups_list[i + 1] == groups_list[i]))
153 if (groups_check.erase(groups_list[i]) == 0) {
154 // getgroups() may also return process' main group
155 if (groups_list[i] != getgid())
156 RUNNER_ASSERT_MSG(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
160 std::string groups_left;
161 for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
162 groups_left.append(std::to_string(*it)).append(" ");
164 RUNNER_ASSERT_MSG(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
167 int file_exists(const char *path)
169 FILE *file = fopen(path, "r");
177 void check_app_installed(int line_no, const char *app_path)
179 RUNNER_ASSERT_MSG(file_exists(app_path) == 0, "Line: " << line_no <<
180 " App not installed: " << app_path);
183 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
184 int /*typeflag*/, struct FTW* /*ftwbuf*/)
186 smack_lsetlabel(fpath, NULL, SMACK_LABEL_ACCESS);
187 smack_lsetlabel(fpath, NULL, SMACK_LABEL_EXEC);
188 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
193 int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
194 int /*typeflag*/, struct FTW* /*ftwbuf*/)
201 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
202 labelPtr.reset(label);
203 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
204 RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set");
205 result = strcmp(APPID_DIR, labelPtr.get());
206 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
209 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
210 labelPtr.reset(label);
211 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
212 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
213 RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
214 result = strcmp(APPID_DIR, labelPtr.get());
215 RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
216 } else if (S_ISLNK(sb->st_mode)) {
218 char *target = realpath(fpath, NULL);
219 RUNNER_ASSERT_MSG(0 == stat(target, &buf),"Stat failed for " << fpath);
221 if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
222 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
224 RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
225 result = strcmp(APPID_DIR, labelPtr.get());
226 RUNNER_ASSERT_MSG(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
229 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
232 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
233 labelPtr.reset(label);
234 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
235 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
240 int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
241 int /*typeflag*/, struct FTW* /*ftwbuf*/)
243 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
244 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
245 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
250 int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
251 int /*typeflag*/, struct FTW* /*ftwbuf*/)
258 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
259 labelPtr.reset(label);
260 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
261 result = strcmp(CANARY_LABEL, labelPtr.get());
262 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
265 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
266 labelPtr.reset(label);
267 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
268 result = strcmp(CANARY_LABEL, labelPtr.get());
269 RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
272 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
273 labelPtr.reset(label);
274 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
275 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
280 void check_app_has_permission(const char* app_id, const app_type_t app_type,
281 const char *perm_list[], const int expected_result)
283 int result = PC_OPERATION_SUCCESS;
284 bool has_permission = false;
286 for (int i = 0; perm_list[i] != NULL; i++) {
287 result = perm_app_has_permission(app_id, app_type, perm_list[i], &has_permission);
288 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
289 "perm_app_has_permission failed with result: " << result);
290 RUNNER_ASSERT_MSG(has_permission == expected_result,
291 "Unexpected result, perm_app_has_permission returned: " << has_permission
292 << ", expected: " << expected_result);
295 void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
298 result = smack_have_access(av_id, app_id, "rwx");
299 RUNNER_ASSERT_MSG(result == 1,
300 "Error while checking " << av_id << " rwx access to "
301 << app_id << " " << comment << " Result: " << result);
302 result = smack_have_access(av_id, app_id, "a");
303 RUNNER_ASSERT_MSG(result == 0,
304 "Error while checking " << av_id << " a access to "
305 << app_id << " " << comment << " Result: " << result);
306 result = smack_have_access(av_id, app_id, "t");
307 RUNNER_ASSERT_MSG(result == 0,
308 "Error while checking " << av_id << " t access to "
309 << app_id << " " << comment << " Result: " << result);
313 * NOSMACK version of checkOnlyAvAccess function.
315 * Expects error instead of access granted/forbidden from smack_have_access.
317 void checkOnlyAvAccessNosmack(const char *av_id, const char *app_id, const char *comment)
320 result = smack_have_access(av_id, app_id, "rwx");
321 RUNNER_ASSERT_MSG(result == -1,
322 "smack_have_access should return error (SMACK is off). Result: " << result
323 << " when testing " << comment);
324 result = smack_have_access(av_id, app_id, "a");
325 RUNNER_ASSERT_MSG(result == -1,
326 "smack_have_access should return error (SMACK is off). Result: " << result
327 << " when testing " << comment);
328 result = smack_have_access(av_id, app_id, "t");
329 RUNNER_ASSERT_MSG(result == -1,
330 "smack_have_access should return error (SMACK is off). Result: " << result
331 << " when testing " << comment);
334 void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack)
341 result = perm_app_uninstall(app_id);
342 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
343 "perm_app_uninstall returned " << result);
345 // Close transaction to commit uninstallation before further actions
351 result = perm_app_install(app_id);
352 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
353 "perm_app_install returned " << result);
355 // Close transaction to commit installation before further actions
361 // Revoke permissions
362 result = perm_app_revoke_permissions(app_id);
363 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
364 "Error revoking app permissions. Result: " << result);
368 // Are all the permissions revoked?
369 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules), "Line: " << line_no <<
370 "Not all permisions revoked.");
374 // Cleanup - uninstall test apps
375 result = perm_app_uninstall(app_id);
376 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
377 "perm_app_uninstall returned " << result);
382 void test_app_enable_permissions_efl(bool smack)
389 result = perm_app_uninstall(EFL_APP_ID);
390 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
391 "perm_app_uninstall failed: " << result);
392 result = perm_app_install(EFL_APP_ID);
393 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
394 "perm_app_install failed: " << result);
396 // Enable a permission:
397 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
398 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
399 "Error enabling app permissions. Result: " << result);
403 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
404 "SMACK accesses not granted for EFL_APP");
406 // Check if permission is assigned to app in db
407 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
412 result = perm_app_uninstall(EFL_APP_ID);
413 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
414 "perm_app_uninstall failed: " << result);
418 // Check if permission is disabled in db
419 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
422 void test_app_disable_permissions_efl(bool smack)
429 result = perm_app_uninstall(EFL_APP_ID);
430 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
431 "perm_app_uninstall failed: " << result);
433 result = perm_app_install(EFL_APP_ID);
434 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
435 "perm_app_install failed: " << result);
437 // Enable a permission
438 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
439 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
440 "Error enabling app permissions. Result: " << result);
444 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
445 "SMACK accesses not granted for EFL_APP");
447 // Check if permission is assigned to app in db
448 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
452 // Disable a permission
453 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
454 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
455 "Error disabling app permissions. Result: " << result);
459 RUNNER_ASSERT_MSG(check_no_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
460 "SMACK accesses not disabled for EFL_APP");
462 // Check if permission is disabled in db
463 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
468 result = perm_app_uninstall(EFL_APP_ID);
469 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
470 "perm_app_uninstall failed: " << result);
475 void test_app_disable_permissions(bool smack)
482 result = perm_app_uninstall(WGT_APP_ID);
483 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
484 "perm_app_uninstall failed: " << result);
486 result = perm_app_install(WGT_APP_ID);
487 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
488 "perm_app_install failed: " << result);
490 * Test - disable all granted permissions.
493 // Prepare permissions that we want to disable
494 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
495 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
496 " Error enabling app permissions. Result: " << result);
500 // Are all the permissions enabled?
501 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
503 // Check if permissions are enabled in db
504 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
508 // Disable permissions
509 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
510 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
511 "Error disabling app permissions. Result: " << result);
515 // Are all the permissions disabled?
516 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
518 // Check if permission is disabled in db
519 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
522 * Test - disable some granted permissions leaving non complementary and then disabling those too.
527 // Prepare permissions that will not be disabled
528 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS, 1);
529 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
530 " Error adding app first permissions. Result: " << result);
532 // Prepare permissions that we want to disable
533 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
534 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
535 " Error adding app second permissions. Result: " << result);
537 // Disable second permissions
538 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
539 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
540 "Error disabling app second permissions. Result: " << result);
544 // Are all second permissions disabled?
545 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
547 // Are all first permissions not disabled?
548 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules_wgt2), "Some of second permissions disabled.");
550 // Check if second permission is disabled in db
551 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
552 // Check if first permission is enabled in db
553 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, true);
557 // Disable first permissions
558 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
559 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
560 "Error disabling app first permissions. Result: " << result);
564 // Are all second permissions disabled?
565 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules_wgt2), "Not all second permisions disabled.");
567 // Check if permission is disabled in db
568 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, false);
571 * Test - disable only no r granted permissions.
576 // Prepare permissions
577 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
578 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
579 " Error adding app permissions. Result: " << result);
581 // Disable same permissions without r
582 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
583 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
584 "Error disabling app no r permissions. Result: " << result);
588 // Is any r permissions disabled?
589 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
590 // Are all no r permissions disabled?
591 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
593 // Check if second permission is enabled in db
594 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
595 // Check if permission is disabled in db
596 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
600 // Prepare permissions
601 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
602 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
603 " Error adding app no r permissions. Result: " << result);
607 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
611 // Disable all permissions
612 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
613 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
614 "Error disabling app permissions. Result: " << result);
618 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
620 // Check if permission is disabled in db
621 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
625 // Clean up after test:
626 result = perm_app_uninstall(WGT_APP_ID);
627 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
632 void test_appsettings_privilege(bool smack)
635 CStringPtr app1DirLabelPtr;
636 CStringPtr app2DirLabelPtr;
641 (void)perm_app_uninstall(APP_TEST);
642 (void)perm_app_uninstall(APP_1);
643 (void)perm_app_uninstall(APP_2);
646 ret = perm_app_install(APP_1);
647 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
649 mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
651 //register settings folder for app 1
652 ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
653 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
655 //install "app_test" and give it appsettings privilege
656 ret = perm_app_install(APP_TEST);
657 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
660 ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
661 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
662 " Error enabling app permissions. Result: " << ret);
666 //check if "app_test" has an RX access to the app "app_1"
667 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, APP_1, "rx"}}), "access denied");
669 //check if "app_test" has an RWX access to a folder registered by "app_1"
670 ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS );
671 app1DirLabelPtr.reset(label);
672 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
673 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
678 //intstall another app: "app_2"
679 ret = perm_app_install(APP_2);
680 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
682 mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
683 //register settings folder for that "app_2"
684 ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
685 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
689 //check if "app_test" has an RX access to the app "app_2"
690 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, APP_2, "rx"}}), "access denied");
692 //check if "app_test" has an RWX access to a folder registered by "app_2"
693 ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS );
694 app2DirLabelPtr.reset(label);
695 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
696 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, app2DirLabelPtr.get(), "rwx"}}), "access denies");
703 (void)perm_app_uninstall(APP_TEST);
704 (void)perm_app_uninstall(APP_1);
705 (void)perm_app_uninstall(APP_2);