2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file libprivilege-control-test.cpp
18 * @author Jan Olszak (j.olszak@samsung.com)
19 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
21 * @brief Main file for libprivilege-control unit tests.
26 #include <libprivilege-control_test_common.h>
27 #include <tests_common.h>
28 #include <sys/smack.h>
29 #include <dpl/test/test_runner.h>
31 #define CANARY_LABEL "tiny_yellow_canary"
33 const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
34 const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
35 const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
36 const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
37 const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
39 const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
40 const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
41 const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
43 const char* PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", NULL};
45 const char* PRIVS_AV[] = { "org.tizen.privilege.antivirus", NULL };
48 * Check if every rule is true.
49 * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
51 int test_have_all_accesses(const rules_t &rules)
54 for (uint i = 0; i < rules.size(); ++i) {
55 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
65 * Check if every rule is true.
66 * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
68 int test_have_any_accesses(const rules_t &rules)
71 for (uint i = 0; i < rules.size(); ++i) {
72 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
82 * NOSMACK version of test_have_accesses functions.
84 * This will be used in many tests. Checks if for every rule smack_have_access returns error.
85 * If for any of rules smack_have_access will return something different than error, this result
86 * is being returned to caller.
88 int test_have_nosmack_accesses(const rules_t &rules)
91 for (uint i = 0; i < rules.size(); ++i) {
92 result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
99 bool check_all_accesses(bool smack, const rules_t &rules)
102 return test_have_all_accesses(rules) == 1;
104 return test_have_nosmack_accesses(rules) == -1;
107 bool check_no_accesses(bool smack, const rules_t &rules)
110 return test_have_any_accesses(rules) == 0;
112 return test_have_nosmack_accesses(rules) == -1;
115 void read_gids(std::set<unsigned> &set, const char *file_path)
117 FILE *f = fopen(file_path, "r");
118 RUNNER_ASSERT_MSG(f != NULL, "Unable to open file " << file_path);
120 while (fscanf(f, "%u\n", &gid) == 1) {
126 void check_groups(const char *dac_file)
128 std::set<unsigned> groups_check;
129 read_gids(groups_check, LIBPRIVILEGE_APP_GROUP_LIST);
130 read_gids(groups_check, dac_file);
132 int groups_cnt = getgroups(0, NULL);
133 RUNNER_ASSERT_MSG(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
134 gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
135 RUNNER_ASSERT_MSG(groups_list != NULL, "Memory allocation failed");
136 RUNNER_ASSERT(-1 != getgroups(groups_cnt, groups_list));
138 for (int i = 0; i < groups_cnt; ++i) {
139 //getgroups() can return multiple number of the same group
140 //they are returned in sequence, so we will given number when last
141 //element of this number is reached
142 if ((i < groups_cnt - 1) && (groups_list[i + 1] == groups_list[i]))
144 if (groups_check.erase(groups_list[i]) == 0) {
145 // getgroups() may also return process' main group
146 if (groups_list[i] != getgid())
147 RUNNER_ASSERT_MSG(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
151 std::string groups_left;
152 for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
153 groups_left.append(std::to_string(*it)).append(" ");
155 RUNNER_ASSERT_MSG(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
158 int file_exists(const char *path)
160 FILE *file = fopen(path, "r");
168 void check_app_installed(int line_no, const char *app_path)
170 RUNNER_ASSERT_MSG(file_exists(app_path) == 0, "Line: " << line_no <<
171 " App not installed: " << app_path);
174 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
175 int /*typeflag*/, struct FTW* /*ftwbuf*/)
177 smack_lsetlabel(fpath, NULL, SMACK_LABEL_ACCESS);
178 smack_lsetlabel(fpath, NULL, SMACK_LABEL_EXEC);
179 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
184 int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
185 int /*typeflag*/, struct FTW* /*ftwbuf*/)
192 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
193 labelPtr.reset(label);
194 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
195 RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set");
196 result = strcmp(APPID_DIR, labelPtr.get());
197 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
200 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
201 labelPtr.reset(label);
202 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
203 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
204 RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
205 result = strcmp(APPID_DIR, labelPtr.get());
206 RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
207 } else if (S_ISLNK(sb->st_mode)) {
209 char *target = realpath(fpath, NULL);
210 RUNNER_ASSERT_MSG(0 == stat(target, &buf),"Stat failed for " << fpath);
212 if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
213 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
215 RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
216 result = strcmp(APPID_DIR, labelPtr.get());
217 RUNNER_ASSERT_MSG(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
220 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
223 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
224 labelPtr.reset(label);
225 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
226 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
231 int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
232 int /*typeflag*/, struct FTW* /*ftwbuf*/)
234 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
235 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
236 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
241 int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
242 int /*typeflag*/, struct FTW* /*ftwbuf*/)
249 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
250 labelPtr.reset(label);
251 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
252 result = strcmp(CANARY_LABEL, labelPtr.get());
253 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
256 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
257 labelPtr.reset(label);
258 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
259 result = strcmp(CANARY_LABEL, labelPtr.get());
260 RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
263 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
264 labelPtr.reset(label);
265 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
266 RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
271 void check_app_has_permission(const char* app_id, const app_type_t app_type,
272 const char *perm_list[], const int expected_result)
274 int result = PC_OPERATION_SUCCESS;
275 bool has_permission = false;
277 for (int i = 0; perm_list[i] != NULL; i++) {
278 result = perm_app_has_permission(app_id, app_type, perm_list[i], &has_permission);
279 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
280 "perm_app_has_permission failed with result: " << result);
281 RUNNER_ASSERT_MSG(has_permission == expected_result,
282 "Unexpected result, perm_app_has_permission returned: " << has_permission
283 << ", expected: " << expected_result);
286 void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
289 result = smack_have_access(av_id, app_id, "rwx");
290 RUNNER_ASSERT_MSG(result == 1,
291 "Error while checking " << av_id << " rwx access to "
292 << app_id << " " << comment << " Result: " << result);
293 result = smack_have_access(av_id, app_id, "a");
294 RUNNER_ASSERT_MSG(result == 0,
295 "Error while checking " << av_id << " a access to "
296 << app_id << " " << comment << " Result: " << result);
297 result = smack_have_access(av_id, app_id, "t");
298 RUNNER_ASSERT_MSG(result == 0,
299 "Error while checking " << av_id << " t access to "
300 << app_id << " " << comment << " Result: " << result);
304 * NOSMACK version of checkOnlyAvAccess function.
306 * Expects error instead of access granted/forbidden from smack_have_access.
308 void checkOnlyAvAccessNosmack(const char *av_id, const char *app_id, const char *comment)
311 result = smack_have_access(av_id, app_id, "rwx");
312 RUNNER_ASSERT_MSG(result == -1,
313 "smack_have_access should return error (SMACK is off). Result: " << result
314 << " when testing " << comment);
315 result = smack_have_access(av_id, app_id, "a");
316 RUNNER_ASSERT_MSG(result == -1,
317 "smack_have_access should return error (SMACK is off). Result: " << result
318 << " when testing " << comment);
319 result = smack_have_access(av_id, app_id, "t");
320 RUNNER_ASSERT_MSG(result == -1,
321 "smack_have_access should return error (SMACK is off). Result: " << result
322 << " when testing " << comment);
325 void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack)
332 result = perm_app_uninstall(app_id);
333 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
334 "perm_app_uninstall returned " << result);
336 // Close transaction to commit uninstallation before further actions
342 result = perm_app_install(app_id);
343 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
344 "perm_app_install returned " << result);
346 // Close transaction to commit installation before further actions
352 // Revoke permissions
353 result = perm_app_revoke_permissions(app_id);
354 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
355 "Error revoking app permissions. Result: " << result);
359 // Are all the permissions revoked?
360 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules), "Line: " << line_no <<
361 "Not all permisions revoked.");
365 // Cleanup - uninstall test apps
366 result = perm_app_uninstall(app_id);
367 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
368 "perm_app_uninstall returned " << result);
373 void test_app_enable_permissions_efl(bool smack)
380 result = perm_app_uninstall(EFL_APP_ID);
381 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
382 "perm_app_uninstall failed: " << result);
383 result = perm_app_install(EFL_APP_ID);
384 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
385 "perm_app_install failed: " << result);
387 // Register a permission:
388 result = perm_app_setup_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
389 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
390 "Error registering app permissions. Result: " << result);
394 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
395 "SMACK accesses not granted for EFL_APP");
397 // Check if permission is assigned to app in db
398 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
403 result = perm_app_uninstall(EFL_APP_ID);
404 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
405 "perm_app_uninstall failed: " << result);
409 // Check if permission is disabled in db
410 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
413 void test_app_disable_permissions_efl(bool smack)
420 result = perm_app_uninstall(EFL_APP_ID);
421 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
422 "perm_app_uninstall failed: " << result);
424 result = perm_app_install(EFL_APP_ID);
425 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
426 "perm_app_install failed: " << result);
428 // Register a permission
429 result = perm_app_setup_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
430 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
431 "Error registering app permissions. Result: " << result);
435 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
436 "SMACK accesses not granted for EFL_APP");
438 // Check if permission is assigned to app in db
439 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
443 // Disable a permission
444 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
445 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
446 "Error disabling app permissions. Result: " << result);
450 RUNNER_ASSERT_MSG(check_no_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
451 "SMACK accesses not disabled for EFL_APP");
453 // Check if permission is disabled in db
454 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
459 result = perm_app_uninstall(EFL_APP_ID);
460 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
461 "perm_app_uninstall failed: " << result);
466 void test_app_disable_permissions(bool smack)
473 result = perm_app_uninstall(WGT_APP_ID);
474 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
475 "perm_app_uninstall failed: " << result);
477 result = perm_app_install(WGT_APP_ID);
478 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
479 "perm_app_install failed: " << result);
481 * Test - disable all granted permissions.
484 // Prepare permissions that we want to disable
485 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
486 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
487 " Error registering app permissions. Result: " << result);
491 // Are all the permissions enabled?
492 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
494 // Check if permissions are enabled in db
495 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
499 // Disable permissions
500 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
501 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
502 "Error disabling app permissions. Result: " << result);
506 // Are all the permissions disabled?
507 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
509 // Check if permission is disabled in db
510 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
513 * Test - disable some granted permissions leaving non complementary and then disabling those too.
518 // Prepare permissions that will not be disabled
519 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
520 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
521 " Error adding app first permissions. Result: " << result);
523 // Prepare permissions that we want to disable
524 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
525 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
526 " Error adding app second permissions. Result: " << result);
528 // Disable second permissions
529 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
530 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
531 "Error disabling app second permissions. Result: " << result);
535 // Are all second permissions disabled?
536 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
538 // Are all first permissions not disabled?
539 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules_wgt2), "Some of second permissions disabled.");
541 // Check if second permission is disabled in db
542 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
543 // Check if first permission is enabled in db
544 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, true);
548 // Disable first permissions
549 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
550 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
551 "Error disabling app first permissions. Result: " << result);
555 // Are all second permissions disabled?
556 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules_wgt2), "Not all second permisions disabled.");
558 // Check if permission is disabled in db
559 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, false);
562 * Test - disable only no r granted permissions.
567 // Prepare permissions
568 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
569 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
570 " Error registering app r permissions. Result: " << result);
572 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
573 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
574 " Error registering app no r permissions. Result: " << result);
576 // Disable same permissions without r
577 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
578 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
579 "Error disabling app no r permissions. Result: " << result);
583 // Is any r permissions disabled?
584 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
585 // Are all no r permissions disabled?
586 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
588 // Check if second permission is enabled in db
589 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
590 // Check if permission is disabled in db
591 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
595 // Prepare permissions
596 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
597 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
598 " Error adding app no r permissions. Result: " << result);
602 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
606 // Disable all permissions
607 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
608 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
609 "Error disabling app permissions. Result: " << result);
613 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
615 // Check if permission is disabled in db
616 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
620 // Clean up after test:
621 result = perm_app_uninstall(WGT_APP_ID);
622 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
627 void test_appsettings_privilege(bool smack)
630 CStringPtr app1DirLabelPtr;
631 CStringPtr app2DirLabelPtr;
636 (void)perm_app_uninstall(APP_TEST);
637 (void)perm_app_uninstall(APP_1);
638 (void)perm_app_uninstall(APP_2);
641 ret = perm_app_install(APP_1);
642 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
644 mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
646 //register settings folder for app 1
647 ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
648 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
650 //install "app_test" and give it appsettings privilege
651 ret = perm_app_install(APP_TEST);
652 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
655 ret = perm_app_setup_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING);
656 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
657 " Error registering app permissions. Result: " << ret);
661 //check if "app_test" has an RX access to the app "app_1"
662 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, APP_1, "rx"}}), "access denied");
664 //check if "app_test" has an RWX access to a folder registered by "app_1"
665 ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS );
666 app1DirLabelPtr.reset(label);
667 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
668 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
673 //intstall another app: "app_2"
674 ret = perm_app_install(APP_2);
675 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
677 mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
678 //register settings folder for that "app_2"
679 ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
680 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
684 //check if "app_test" has an RX access to the app "app_2"
685 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, APP_2, "rx"}}), "access denied");
687 //check if "app_test" has an RWX access to a folder registered by "app_2"
688 ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS );
689 app2DirLabelPtr.reset(label);
690 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
691 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, app2DirLabelPtr.get(), "rwx"}}), "access denies");
698 (void)perm_app_uninstall(APP_TEST);
699 (void)perm_app_uninstall(APP_1);
700 (void)perm_app_uninstall(APP_2);