2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file libprivilege-control-test.cpp
18 * @author Jan Olszak (j.olszak@samsung.com)
19 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
21 * @brief Main file for libprivilege-control unit tests.
26 #include <libprivilege-control_test_common.h>
27 #include <tests_common.h>
28 #include <sys/smack.h>
30 #define CANARY_LABEL "tiny_yellow_canary"
32 const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
33 const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
34 const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
35 const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
36 const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
38 const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
39 const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
40 const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
42 const char* PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", NULL};
44 const char* PRIVS_AV[] = { "org.tizen.privilege.antivirus", NULL };
47 * Check if every rule is true.
48 * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
50 int test_have_all_accesses(const rules_t &rules)
53 for (uint i = 0; i < rules.size(); ++i) {
54 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
64 * Check if every rule is true.
65 * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
67 int test_have_any_accesses(const rules_t &rules)
70 for (uint i = 0; i < rules.size(); ++i) {
71 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
81 * NOSMACK version of test_have_accesses functions.
83 * This will be used in many tests. Checks if for every rule smack_have_access returns error.
84 * If for any of rules smack_have_access will return something different than error, this result
85 * is being returned to caller.
87 int test_have_nosmack_accesses(const rules_t &rules)
90 for (uint i = 0; i < rules.size(); ++i) {
91 result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
98 bool check_all_accesses(bool smack, const rules_t &rules)
101 return test_have_all_accesses(rules) == 1;
103 return test_have_nosmack_accesses(rules) == -1;
106 bool check_no_accesses(bool smack, const rules_t &rules)
109 return test_have_any_accesses(rules) == 0;
111 return test_have_nosmack_accesses(rules) == -1;
114 void read_gids(std::set<unsigned> &set, const char *file_path)
116 FILE *f = fopen(file_path, "r");
117 RUNNER_ASSERT_MSG_BT(f != NULL, "Unable to open file " << file_path);
119 while (fscanf(f, "%u\n", &gid) == 1) {
125 void check_groups(const char *dac_file)
127 std::set<unsigned> groups_check;
128 read_gids(groups_check, LIBPRIVILEGE_APP_GROUP_LIST);
129 read_gids(groups_check, dac_file);
131 int groups_cnt = getgroups(0, NULL);
132 RUNNER_ASSERT_MSG_BT(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
133 gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
134 RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed");
135 RUNNER_ASSERT_BT(-1 != getgroups(groups_cnt, groups_list));
137 for (int i = 0; i < groups_cnt; ++i) {
138 //getgroups() can return multiple number of the same group
139 //they are returned in sequence, so we will given number when last
140 //element of this number is reached
141 if ((i < groups_cnt - 1) && (groups_list[i + 1] == groups_list[i]))
143 if (groups_check.erase(groups_list[i]) == 0) {
144 // getgroups() may also return process' main group
145 if (groups_list[i] != getgid())
146 RUNNER_ASSERT_MSG_BT(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
150 std::string groups_left;
151 for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
152 groups_left.append(std::to_string(*it)).append(" ");
154 RUNNER_ASSERT_MSG_BT(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
157 int file_exists(const char *path)
159 FILE *file = fopen(path, "r");
167 void check_app_installed(int line_no, const char *app_path)
169 RUNNER_ASSERT_MSG_BT(file_exists(app_path) == 0, "Line: " << line_no <<
170 " App not installed: " << app_path);
173 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
174 int /*typeflag*/, struct FTW* /*ftwbuf*/)
176 smack_lsetlabel(fpath, NULL, SMACK_LABEL_ACCESS);
177 smack_lsetlabel(fpath, NULL, SMACK_LABEL_EXEC);
178 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
183 int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
184 int /*typeflag*/, struct FTW* /*ftwbuf*/)
191 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
192 labelPtr.reset(label);
193 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
194 RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set");
195 result = strcmp(APPID_DIR, labelPtr.get());
196 RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect");
199 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
200 labelPtr.reset(label);
201 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
202 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
203 RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
204 result = strcmp(APPID_DIR, labelPtr.get());
205 RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
206 } else if (S_ISLNK(sb->st_mode)) {
208 char *target = realpath(fpath, NULL);
209 RUNNER_ASSERT_MSG_BT(0 == stat(target, &buf),"Stat failed for " << fpath);
211 if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
212 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
214 RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
215 result = strcmp(APPID_DIR, labelPtr.get());
216 RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
219 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
222 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
223 labelPtr.reset(label);
224 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
225 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
230 int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
231 int /*typeflag*/, struct FTW* /*ftwbuf*/)
233 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
234 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
235 smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
240 int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
241 int /*typeflag*/, struct FTW* /*ftwbuf*/)
248 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
249 labelPtr.reset(label);
250 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
251 result = strcmp(CANARY_LABEL, labelPtr.get());
252 RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is overwritten");
255 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
256 labelPtr.reset(label);
257 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
258 result = strcmp(CANARY_LABEL, labelPtr.get());
259 RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on " << fpath << " is overwritten");
262 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
263 labelPtr.reset(label);
264 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
265 RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
270 void check_app_has_permission(const char* app_id, const app_type_t app_type,
271 const char *perm_list[], const int expected_result)
273 int result = PC_OPERATION_SUCCESS;
274 bool has_permission = false;
276 for (int i = 0; perm_list[i] != NULL; i++) {
277 result = perm_app_has_permission(app_id, app_type, perm_list[i], &has_permission);
278 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
279 "perm_app_has_permission failed with result: " << result);
280 RUNNER_ASSERT_MSG_BT(has_permission == expected_result,
281 "Unexpected result, perm_app_has_permission returned: " << has_permission
282 << ", expected: " << expected_result);
285 void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
288 result = smack_have_access(av_id, app_id, "rwx");
289 RUNNER_ASSERT_MSG_BT(result == 1,
290 "Error while checking " << av_id << " rwx access to "
291 << app_id << " " << comment << " Result: " << result);
292 result = smack_have_access(av_id, app_id, "a");
293 RUNNER_ASSERT_MSG_BT(result == 0,
294 "Error while checking " << av_id << " a access to "
295 << app_id << " " << comment << " Result: " << result);
296 result = smack_have_access(av_id, app_id, "t");
297 RUNNER_ASSERT_MSG_BT(result == 0,
298 "Error while checking " << av_id << " t access to "
299 << app_id << " " << comment << " Result: " << result);
303 * NOSMACK version of checkOnlyAvAccess function.
305 * Expects error instead of access granted/forbidden from smack_have_access.
307 void checkOnlyAvAccessNosmack(const char *av_id, const char *app_id, const char *comment)
310 result = smack_have_access(av_id, app_id, "rwx");
311 RUNNER_ASSERT_MSG_BT(result == -1,
312 "smack_have_access should return error (SMACK is off). Result: " << result
313 << " when testing " << comment);
314 result = smack_have_access(av_id, app_id, "a");
315 RUNNER_ASSERT_MSG_BT(result == -1,
316 "smack_have_access should return error (SMACK is off). Result: " << result
317 << " when testing " << comment);
318 result = smack_have_access(av_id, app_id, "t");
319 RUNNER_ASSERT_MSG_BT(result == -1,
320 "smack_have_access should return error (SMACK is off). Result: " << result
321 << " when testing " << comment);
324 void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack)
331 result = perm_app_uninstall(app_id);
332 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
333 "perm_app_uninstall returned " << result);
335 // Close transaction to commit uninstallation before further actions
341 result = perm_app_install(app_id);
342 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
343 "perm_app_install returned " << result);
345 // Close transaction to commit installation before further actions
351 // Revoke permissions
352 result = perm_app_revoke_permissions(app_id);
353 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
354 "Error revoking app permissions. Result: " << result);
358 // Are all the permissions revoked?
359 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules), "Line: " << line_no <<
360 "Not all permisions revoked.");
364 // Cleanup - uninstall test apps
365 result = perm_app_uninstall(app_id);
366 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
367 "perm_app_uninstall returned " << result);
372 void test_app_enable_permissions_efl(bool smack)
379 result = perm_app_uninstall(EFL_APP_ID);
380 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
381 "perm_app_uninstall failed: " << result);
382 result = perm_app_install(EFL_APP_ID);
383 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
384 "perm_app_install failed: " << result);
386 // Register a permission:
387 result = perm_app_setup_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
388 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
389 "Error registering app permissions. Result: " << result);
393 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
394 "SMACK accesses not granted for EFL_APP");
396 // Check if permission is assigned to app in db
397 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
402 result = perm_app_uninstall(EFL_APP_ID);
403 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
404 "perm_app_uninstall failed: " << result);
408 // Check if permission is disabled in db
409 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
412 void test_app_disable_permissions_efl(bool smack)
419 result = perm_app_uninstall(EFL_APP_ID);
420 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
421 "perm_app_uninstall failed: " << result);
423 result = perm_app_install(EFL_APP_ID);
424 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
425 "perm_app_install failed: " << result);
427 // Register a permission
428 result = perm_app_setup_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
429 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
430 "Error registering app permissions. Result: " << result);
434 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
435 "SMACK accesses not granted for EFL_APP");
437 // Check if permission is assigned to app in db
438 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
442 // Disable a permission
443 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
444 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
445 "Error disabling app permissions. Result: " << result);
449 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
450 "SMACK accesses not disabled for EFL_APP");
452 // Check if permission is disabled in db
453 check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
458 result = perm_app_uninstall(EFL_APP_ID);
459 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
460 "perm_app_uninstall failed: " << result);
465 void test_app_disable_permissions(bool smack)
472 result = perm_app_uninstall(WGT_APP_ID);
473 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
474 "perm_app_uninstall failed: " << result);
476 result = perm_app_install(WGT_APP_ID);
477 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
478 "perm_app_install failed: " << result);
480 * Test - disable all granted permissions.
483 // Prepare permissions that we want to disable
484 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
485 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
486 " Error registering app permissions. Result: " << result);
490 // Are all the permissions enabled?
491 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2), "Not all permisions enabled.");
493 // Check if permissions are enabled in db
494 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
498 // Disable permissions
499 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
500 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
501 "Error disabling app permissions. Result: " << result);
505 // Are all the permissions disabled?
506 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2), "Not all permisions disabled.");
508 // Check if permission is disabled in db
509 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
512 * Test - disable some granted permissions leaving non complementary and then disabling those too.
517 // Prepare permissions that will not be disabled
518 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
519 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
520 " Error adding app first permissions. Result: " << result);
522 // Prepare permissions that we want to disable
523 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
524 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
525 " Error adding app second permissions. Result: " << result);
527 // Disable second permissions
528 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
529 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
530 "Error disabling app second permissions. Result: " << result);
534 // Are all second permissions disabled?
535 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
537 // Are all first permissions not disabled?
538 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules_wgt2), "Some of second permissions disabled.");
540 // Check if second permission is disabled in db
541 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
542 // Check if first permission is enabled in db
543 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, true);
547 // Disable first permissions
548 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
549 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
550 "Error disabling app first permissions. Result: " << result);
554 // Are all second permissions disabled?
555 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules_wgt2), "Not all second permisions disabled.");
557 // Check if permission is disabled in db
558 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, false);
561 * Test - disable only no r granted permissions.
566 // Prepare permissions
567 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
568 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
569 " Error registering app r permissions. Result: " << result);
571 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
572 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
573 " Error registering app no r permissions. Result: " << result);
575 // Disable same permissions without r
576 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
577 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
578 "Error disabling app no r permissions. Result: " << result);
582 // Is any r permissions disabled?
583 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
584 // Are all no r permissions disabled?
585 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
587 // Check if second permission is enabled in db
588 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
589 // Check if permission is disabled in db
590 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
594 // Prepare permissions
595 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
596 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
597 " Error adding app no r permissions. Result: " << result);
601 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
605 // Disable all permissions
606 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
607 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
608 "Error disabling app permissions. Result: " << result);
612 RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
614 // Check if permission is disabled in db
615 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
619 // Clean up after test:
620 result = perm_app_uninstall(WGT_APP_ID);
621 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
626 void test_appsettings_privilege(bool smack)
629 CStringPtr app1DirLabelPtr;
630 CStringPtr app2DirLabelPtr;
635 (void)perm_app_uninstall(APP_TEST);
636 (void)perm_app_uninstall(APP_1);
637 (void)perm_app_uninstall(APP_2);
640 ret = perm_app_install(APP_1);
641 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
643 mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
645 //register settings folder for app 1
646 ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
647 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
649 //install "app_test" and give it appsettings privilege
650 ret = perm_app_install(APP_TEST);
651 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
654 ret = perm_app_setup_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING);
655 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,
656 " Error registering app permissions. Result: " << ret);
660 //check if "app_test" has an RX access to the app "app_1"
661 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, APP_1, "rx"}}), "access denied");
663 //check if "app_test" has an RWX access to a folder registered by "app_1"
664 ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS );
665 app1DirLabelPtr.reset(label);
666 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
667 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
672 //intstall another app: "app_2"
673 ret = perm_app_install(APP_2);
674 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
676 mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
677 //register settings folder for that "app_2"
678 ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
679 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
683 //check if "app_test" has an RX access to the app "app_2"
684 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, APP_2, "rx"}}), "access denied");
686 //check if "app_test" has an RWX access to a folder registered by "app_2"
687 ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS );
688 app2DirLabelPtr.reset(label);
689 RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
690 RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, app2DirLabelPtr.get(), "rwx"}}), "access denies");
697 (void)perm_app_uninstall(APP_TEST);
698 (void)perm_app_uninstall(APP_1);
699 (void)perm_app_uninstall(APP_2);