2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file libprivilege-control-test.cpp
18 * @author Jan Olszak (j.olszak@samsung.com)
19 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
21 * @brief Main file for libprivilege-control unit tests.
30 #include <sys/sendfile.h>
31 #include <sys/smack.h>
33 #include <sys/types.h>
38 #include <libprivilege-control_test_common.h>
39 #include <tests_common.h>
40 #include "common/duplicates.h"
43 #define CANARY_LABEL "tiny_yellow_canary"
45 const char *USER_APP_ID = "User";
47 const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", NULL };
48 const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
49 const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
50 const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
51 const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
53 const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
54 const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
55 const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
57 const char *PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", NULL};
58 const char *PRIV_APPSETTING_RULES[] = { "~APP~ ~SETTINGS_PATH~ rwx",
59 "~APP~ ~ALL_APPS~ rx",
62 * Check if every rule is true.
63 * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
65 int test_have_all_accesses(const rules_t &rules)
68 for (uint i = 0; i < rules.size(); ++i) {
69 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
79 * Check if every rule is true.
80 * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
82 int test_have_any_accesses(const rules_t &rules)
85 for (uint i = 0; i < rules.size(); ++i) {
86 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
96 * NOSMACK version of test_have_accesses functions.
98 * This will be used in many tests. Checks if for every rule smack_have_access returns error.
99 * If for any of rules smack_have_access will return something different than error, this result
100 * is being returned to caller.
102 int test_have_nosmack_accesses(const rules_t &rules)
105 for (uint i = 0; i < rules.size(); ++i) {
106 result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
113 bool check_all_accesses(bool smack, const rules_t &rules)
116 return test_have_all_accesses(rules) == 1;
118 return test_have_nosmack_accesses(rules) == -1;
121 bool check_no_accesses(bool smack, const rules_t &rules)
124 return test_have_any_accesses(rules) == 0;
126 return test_have_nosmack_accesses(rules) == -1;
129 void read_gids(std::set<unsigned> &set, const char *file_path)
131 FILE *f = fopen(file_path, "r");
132 RUNNER_ASSERT_MSG_BT(f != NULL, "Unable to open file " << file_path);
134 while (fscanf(f, "%u\n", &gid) == 1) {
140 void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
144 struct passwd *pw = getpwuid(user_id);
145 RUNNER_ASSERT_MSG_BT(pw != NULL, "getpwuid() failed.");
148 gid_t *groups_list = NULL;
149 ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
150 RUNNER_ASSERT_MSG_BT(ret == -1, "getgrouplist() failed.");
153 groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
154 RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed.");
156 ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
159 RUNNER_ASSERT_MSG_BT(false, "getgrouplist() failed.");
162 for (int i = 0; i < groups_cnt; ++i) {
163 set.insert(groups_list[i]);
168 void read_current_gids(std::set<unsigned> &set)
170 int groups_cnt = getgroups(0, NULL);
171 RUNNER_ASSERT_MSG_BT(groups_cnt > 0, "Wrong number of supplementary groups.");
172 gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
173 RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed.");
174 if (getgroups(groups_cnt, groups_list) == -1){
176 RUNNER_ASSERT_MSG_BT(false, "getgroups failed.");
179 for (int i = 0; i < groups_cnt; ++i) {
180 set.insert(groups_list[i]);
185 void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
187 std::set<unsigned> groups_check;
188 std::set<unsigned> groups_current;
190 read_gids(groups_check, dac_file);
191 read_current_gids(groups_current);
193 std::string groups_left;
194 for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
196 (void)groups_check.erase(*it);
197 if(groups_current.erase(*it) == 0)
198 groups_left.append(std::to_string(*it)).append(" ");
200 RUNNER_ASSERT_MSG_BT(groups_left.empty(),
201 "Application lost some groups: " << groups_left);
203 for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
205 if(groups_current.erase(*it) == 0)
206 groups_left.append(std::to_string(*it)).append(" ");
208 RUNNER_ASSERT_MSG_BT(groups_left.empty(),
209 "Application doesn't belong to some required groups: " << groups_left);
211 for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
213 groups_left.append(std::to_string(*it)).append(" ");
215 RUNNER_ASSERT_MSG_BT(groups_left.empty(),
216 "Application belongs to groups it should't belong to: " << groups_left);
219 int file_exists(const char *path)
221 FILE *file = fopen(path, "r");
229 void check_app_installed(const char *app_path)
231 RUNNER_ASSERT_MSG_BT(file_exists(app_path) == 0,
232 " App not installed: " << app_path);
235 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
236 int /*typeflag*/, struct FTW* /*ftwbuf*/)
238 smack_lsetlabel(fpath, NULL, SMACK_LABEL_ACCESS);
239 smack_lsetlabel(fpath, NULL, SMACK_LABEL_EXEC);
240 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
245 int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
246 int /*typeflag*/, struct FTW* /*ftwbuf*/)
253 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
254 labelPtr.reset(label);
255 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
256 RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set");
257 result = strcmp(USER_APP_ID, labelPtr.get());
258 RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect");
261 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
262 labelPtr.reset(label);
263 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
264 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
265 RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
266 result = strcmp(USER_APP_ID, labelPtr.get());
267 RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
268 } else if (S_ISLNK(sb->st_mode)) {
270 char *target = realpath(fpath, NULL);
271 RUNNER_ASSERT_MSG_BT(0 == stat(target, &buf),"Stat failed for " << fpath);
273 if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
274 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
276 RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
277 result = strcmp(USER_APP_ID, labelPtr.get());
278 RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
281 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
284 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
285 labelPtr.reset(label);
286 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
287 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
292 int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
293 int /*typeflag*/, struct FTW* /*ftwbuf*/)
295 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
296 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
297 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
302 int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
303 int /*typeflag*/, struct FTW* /*ftwbuf*/)
310 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
311 labelPtr.reset(label);
312 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
313 result = strcmp(CANARY_LABEL, labelPtr.get());
314 RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is overwritten");
317 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
318 labelPtr.reset(label);
319 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
320 result = strcmp(CANARY_LABEL, labelPtr.get());
321 RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on " << fpath << " is overwritten");
324 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
325 labelPtr.reset(label);
326 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
327 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
332 void test_revoke_permissions(int line_no, const char* app_id)
339 result = perm_app_uninstall(app_id);
340 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
341 "perm_app_uninstall returned " << result);
343 // Close transaction to commit uninstallation before further actions
349 result = perm_app_install(app_id);
350 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
351 "perm_app_install returned " << result);
353 // Close transaction to commit installation before further actions
359 // Revoke permissions
360 result = perm_app_revoke_permissions(app_id);
361 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
362 "Error revoking app permissions. Result: " << result);
368 // Cleanup - uninstall test apps
369 result = perm_app_uninstall(app_id);
370 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
371 "perm_app_uninstall returned " << result);
376 void test_app_enable_permissions_efl(bool smack)
383 result = perm_app_uninstall(EFL_APP_ID);
384 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
385 "perm_app_uninstall failed: " << result);
386 result = perm_app_install(EFL_APP_ID);
387 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
388 "perm_app_install failed: " << result);
390 // Register a permission:
391 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
392 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
393 "Error registering app permissions. Result: " << result);
397 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
398 "SMACK accesses not granted for EFL_APP");
403 result = perm_app_uninstall(EFL_APP_ID);
404 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
405 "perm_app_uninstall failed: " << result);
410 void test_app_disable_permissions_efl(bool smack)
417 result = perm_app_uninstall(EFL_APP_ID);
418 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
419 "perm_app_uninstall failed: " << result);
421 result = perm_app_install(EFL_APP_ID);
422 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
423 "perm_app_install failed: " << result);
425 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
426 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
427 "Error disabling app permissions. Result: " << result);
431 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
432 "SMACK accesses not disabled for EFL_APP");
436 // Register a permission
437 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
438 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
439 "Error registering app permissions. Result: " << result);
443 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
444 "SMACK accesses not granted for EFL_APP");
448 // Disable a permission
449 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
450 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
451 "Error disabling app permissions. Result: " << result);
455 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
456 "SMACK accesses not disabled for EFL_APP");
461 result = perm_app_uninstall(EFL_APP_ID);
462 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
463 "perm_app_uninstall failed: " << result);
468 void test_app_disable_permissions(bool smack)
475 result = perm_app_uninstall(WGT_APP_ID);
476 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
477 "perm_app_uninstall failed: " << result);
479 result = perm_app_install(WGT_APP_ID);
480 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
481 "perm_app_install failed: " << result);
483 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
484 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
485 "Error disabling app first permissions. Result: " << result);
487 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
488 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
489 "Error disabling app permissions. Result: " << result);
491 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
492 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
493 "Error disabling app no r permissions. Result: " << result);
495 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
496 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
497 "Error disabling app r permissions. Result: " << result);
501 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2),
502 "SMACK accesses not disabled.");
504 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules1),
505 "SMACK accesses not disabled.");
510 * Test - disable all granted permissions.
513 // Prepare permissions that we want to disable
514 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
515 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
516 " Error registering app permissions. Result: " << result);
520 // Are all the permissions enabled?
521 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2), "Not all permisions enabled.");
525 // Disable permissions
526 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
527 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
528 "Error disabling app permissions. Result: " << result);
532 // Are all the permissions disabled?
533 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2), "Not all permisions disabled.");
536 * Test - disable some granted permissions leaving non complementary and then disabling those too.
541 // Prepare permissions that will not be disabled
542 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, false);
543 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
544 " Error adding app first permissions. Result: " << result);
546 // Prepare permissions that we want to disable
547 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
548 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
549 " Error adding app second permissions. Result: " << result);
551 // Disable second permissions
552 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
553 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
554 "Error disabling app second permissions. Result: " << result);
558 // Are all second permissions disabled?
559 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
561 // Are all first permissions not disabled?
562 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules1), "Some of second permissions disabled.");
566 // Disable first permissions
567 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
568 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
569 "Error disabling app first permissions. Result: " << result);
573 // Are all second permissions disabled?
574 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules1), "Not all second permisions disabled.");
577 * Test - disable only no r granted permissions.
582 // Prepare permissions
583 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
584 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
585 " Error registering app r permissions. Result: " << result);
587 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
588 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
589 " Error registering app no r permissions. Result: " << result);
591 // Disable same permissions without r
592 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
593 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
594 "Error disabling app no r permissions. Result: " << result);
598 // Is any r permissions disabled?
599 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
600 // Are all no r permissions disabled?
601 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
605 // Prepare permissions
606 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
607 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
608 " Error adding app no r permissions. Result: " << result);
612 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
616 // Disable all permissions
617 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
618 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
619 "Error disabling app permissions. Result: " << result);
623 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
627 // Clean up after test:
628 result = perm_app_uninstall(WGT_APP_ID);
629 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
634 void test_appsettings_privilege(bool smack)
637 CStringPtr app1DirLabelPtr;
638 CStringPtr app2DirLabelPtr;
643 (void)perm_app_uninstall(APP_TEST);
644 (void)perm_app_uninstall(APP_1);
645 (void)perm_app_uninstall(APP_2);
648 ret = perm_app_install(APP_1);
649 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
651 mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
653 //register settings folder for app 1
654 ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
655 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
657 //install "app_test" and give it appsettings privilege
658 ret = perm_app_install(APP_TEST);
659 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
661 //register appsettings feature
662 ret = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, NULL, 0);
663 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,
664 " Error registering api feature. Result: " << ret);
666 ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, false);
667 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,
668 " Error registering app permissions. Result: " << ret);
672 //check if "app_test" has an RWX access to a folder registered by "app_1"
673 ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS );
674 app1DirLabelPtr.reset(label);
675 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
676 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
681 //intstall another app: "app_2"
682 ret = perm_app_install(APP_2);
683 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
685 mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
686 //register settings folder for that "app_2"
687 ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
688 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
692 //check if "app_test" has an RWX access to a folder registered by "app_2"
693 ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS );
694 app2DirLabelPtr.reset(label);
695 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
696 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID, app2DirLabelPtr.get(), "rwx"}}), "access denies");
703 (void)perm_app_uninstall(APP_TEST);
704 (void)perm_app_uninstall(APP_1);
705 (void)perm_app_uninstall(APP_2);