2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file libprivilege-control-test.cpp
18 * @author Jan Olszak (j.olszak@samsung.com)
19 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
21 * @brief Main file for libprivilege-control unit tests.
30 #include <sys/sendfile.h>
31 #include <sys/smack.h>
33 #include <sys/types.h>
38 #include <libprivilege-control_test_common.h>
39 #include <tests_common.h>
40 #include "common/duplicates.h"
43 #define CANARY_LABEL "tiny_yellow_canary"
45 const char *USER_APP_ID = "User";
47 const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", nullptr };
48 const char *PRIVS2[] = { "test_privilege_control_rules2", nullptr };
49 const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", nullptr };
50 const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", nullptr };
51 const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", nullptr };
53 const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", nullptr };
54 const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", nullptr };
55 const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", nullptr };
57 const char *PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", nullptr};
58 const char *PRIV_APPSETTING_RULES[] = { "~APP~ ~SETTINGS_PATH~ rwx",
59 "~APP~ ~ALL_APPS~ rx",
62 * Check if every rule is true.
63 * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
65 int test_have_all_accesses(const rules_t &rules)
67 for (size_t i = 0; i < rules.size(); ++i) {
68 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
76 * Check if every rule is true.
77 * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
79 int test_have_any_accesses(const rules_t &rules)
81 for (size_t i = 0; i < rules.size(); ++i) {
82 int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
90 * NOSMACK version of test_have_accesses functions.
92 * This will be used in many tests. Checks if for every rule smack_have_access returns error.
93 * If for any of rules smack_have_access will return something different than error, this result
94 * is being returned to caller.
96 int test_have_nosmack_accesses(const rules_t &rules)
99 for (uint i = 0; i < rules.size(); ++i) {
100 result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
107 bool check_all_accesses(bool smack, const rules_t &rules)
110 return test_have_all_accesses(rules) == 1;
112 return test_have_nosmack_accesses(rules) == -1;
115 bool check_no_accesses(bool smack, const rules_t &rules)
118 return test_have_any_accesses(rules) == 0;
120 return test_have_nosmack_accesses(rules) == -1;
123 void read_gids(std::set<unsigned> &set, const char *file_path)
125 FILE *f = fopen(file_path, "r");
126 RUNNER_ASSERT_ERRNO_MSG(f != nullptr, "Unable to open file " << file_path);
128 while (fscanf(f, "%u\n", &gid) == 1) {
134 void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
139 struct passwd *pw = getpwuid(user_id);
140 RUNNER_ASSERT_ERRNO_MSG(pw != nullptr, "getpwuid() failed");
143 gid_t *groups_list = nullptr;
144 ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
145 RUNNER_ASSERT_MSG(ret == -1, "getgrouplist() failed.");
148 groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
149 RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
151 ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
154 RUNNER_FAIL_MSG("getgrouplist() failed.");
157 for (int i = 0; i < groups_cnt; ++i) {
158 set.insert(groups_list[i]);
163 void read_current_gids(std::set<unsigned> &set)
165 int groups_cnt = getgroups(0, nullptr);
166 RUNNER_ASSERT_ERRNO_MSG(groups_cnt > 0, "Wrong number of supplementary groups");
167 gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
168 RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
169 if (getgroups(groups_cnt, groups_list) == -1){
171 RUNNER_FAIL_MSG("getgroups failed.");
174 for (int i = 0; i < groups_cnt; ++i) {
175 set.insert(groups_list[i]);
180 void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
182 std::set<unsigned> groups_check;
183 std::set<unsigned> groups_current;
184 if(dac_file != nullptr)
185 read_gids(groups_check, dac_file);
186 read_current_gids(groups_current);
188 std::string groups_left;
189 for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
191 (void)groups_check.erase(*it);
192 if(groups_current.erase(*it) == 0)
193 groups_left.append(std::to_string(*it)).append(" ");
195 RUNNER_ASSERT_MSG(groups_left.empty(),
196 "Application lost some groups: " << groups_left);
198 for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
200 if(groups_current.erase(*it) == 0)
201 groups_left.append(std::to_string(*it)).append(" ");
203 RUNNER_ASSERT_MSG(groups_left.empty(),
204 "Application doesn't belong to some required groups: " << groups_left);
206 for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
208 groups_left.append(std::to_string(*it)).append(" ");
210 RUNNER_ASSERT_MSG(groups_left.empty(),
211 "Application belongs to groups it should't belong to: " << groups_left);
214 int file_exists(const char *path)
216 FILE *file = fopen(path, "r");
224 void check_app_installed(const char *app_path)
226 RUNNER_ASSERT_MSG(file_exists(app_path) == 0,
227 " App not installed: " << app_path);
230 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
231 int /*typeflag*/, struct FTW* /*ftwbuf*/)
233 smack_lsetlabel(fpath, nullptr, SMACK_LABEL_ACCESS);
234 smack_lsetlabel(fpath, nullptr, SMACK_LABEL_EXEC);
235 smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
240 void check_perm_app_has_permission(const char *app_label,
241 const char *permission,
242 bool is_enabled_expected)
245 bool is_enabled_result;
247 result = perm_app_has_permission(app_label, APP_TYPE_WGT, permission, &is_enabled_result);
248 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
249 " Error calling perm_app_has_permission. Result: " << result);
251 RUNNER_ASSERT_MSG(is_enabled_result == is_enabled_expected,
252 " Result of perm_app_has_permission should be: " << is_enabled_expected);
255 int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
256 const char* correctLabel)
260 char* label = nullptr;
263 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
264 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
265 labelPtr.reset(label);
266 RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
267 result = strcmp(correctLabel, label);
268 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
271 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
272 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
273 labelPtr.reset(label);
274 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
275 RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
276 result = strcmp(correctLabel, label);
277 RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
279 RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
282 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
283 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
284 labelPtr.reset(label);
285 RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
291 int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
292 int /*typeflag*/, struct FTW* /*ftwbuf*/)
294 return nftw_check_labels_app_dir(fpath, sb, USER_APP_ID);
297 int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
298 int /*typeflag*/, struct FTW* /*ftwbuf*/)
300 return nftw_check_labels_app_dir(fpath, sb, "_");
303 int nftw_check_labels_app_public_ro_dir(const char *fpath, const struct stat *sb,
304 int /*typeflag*/, struct FTW* /*ftwbuf*/)
311 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
312 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
313 labelPtr.reset(label);
314 RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
315 result = strcmp(LABEL_FOR_PUBLIC_SHARED_DIRS, label);
316 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
319 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
320 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
321 labelPtr.reset(label);
322 RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
325 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
326 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
327 labelPtr.reset(label);
328 if (S_ISDIR(sb->st_mode)) {
329 RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set");
330 result = strcmp("TRUE", label);
331 RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
333 RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
338 int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
339 int /*typeflag*/, struct FTW* /*ftwbuf*/)
341 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
342 smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
343 smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
348 int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
349 int /*typeflag*/, struct FTW* /*ftwbuf*/)
353 char* label = nullptr;
356 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
357 labelPtr.reset(label);
358 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
359 result = strcmp(CANARY_LABEL, labelPtr.get());
360 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
363 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
364 labelPtr.reset(label);
365 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
366 result = strcmp(CANARY_LABEL, labelPtr.get());
367 RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
370 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
371 labelPtr.reset(label);
372 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
373 RUNNER_ASSERT_MSG(labelPtr.get() == nullptr, "TRANSMUTE label on " << fpath << " is set");
378 void test_perm_app_setup_path_PUBLIC_RO(bool smack)
382 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
383 RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
385 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
386 RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
390 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
391 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
395 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_ro_dir, FTW_MAX_FDS, FTW_PHYS);
396 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
398 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
399 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
401 RUNNER_ASSERT(check_all_accesses(smack, {{ USER_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "r"}}));
404 void test_revoke_permissions(int line_no, const char* app_id)
411 result = perm_app_uninstall(app_id);
412 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
413 "perm_app_uninstall returned " << result);
415 // Close transaction to commit uninstallation before further actions
421 result = perm_app_install(app_id);
422 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
423 "perm_app_install returned " << result);
425 // Close transaction to commit installation before further actions
431 // Revoke permissions
432 result = perm_app_revoke_permissions(app_id);
433 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
434 "Error revoking app permissions. Result: " << result);
440 // Cleanup - uninstall test apps
441 result = perm_app_uninstall(app_id);
442 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
443 "perm_app_uninstall returned " << result);
448 void test_app_enable_permissions_efl(bool smack)
455 result = perm_app_uninstall(EFL_APP_ID);
456 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
457 "perm_app_uninstall failed: " << result);
458 result = perm_app_install(EFL_APP_ID);
459 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
460 "perm_app_install failed: " << result);
462 // Register a permission:
463 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
464 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
465 "Error registering app permissions. Result: " << result);
469 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
470 "SMACK accesses not granted for EFL_APP");
475 result = perm_app_uninstall(EFL_APP_ID);
476 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
477 "perm_app_uninstall failed: " << result);
482 void test_app_disable_permissions_efl(bool smack)
489 result = perm_app_uninstall(EFL_APP_ID);
490 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
491 "perm_app_uninstall failed: " << result);
493 result = perm_app_install(EFL_APP_ID);
494 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
495 "perm_app_install failed: " << result);
497 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
498 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
499 "Error disabling app permissions. Result: " << result);
503 RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
504 "SMACK accesses not disabled for EFL_APP");
508 // Register a permission
509 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
510 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
511 "Error registering app permissions. Result: " << result);
515 RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
516 "SMACK accesses not granted for EFL_APP");
520 // Disable a permission
521 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
522 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
523 "Error disabling app permissions. Result: " << result);
527 RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
528 "SMACK accesses not disabled for EFL_APP");
533 result = perm_app_uninstall(EFL_APP_ID);
534 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
535 "perm_app_uninstall failed: " << result);
540 void test_app_disable_permissions(bool smack)
547 result = perm_app_uninstall(WGT_APP_ID);
548 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
549 "perm_app_uninstall failed: " << result);
551 result = perm_app_install(WGT_APP_ID);
552 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
553 "perm_app_install failed: " << result);
555 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
556 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
557 "Error disabling app first permissions. Result: " << result);
559 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
560 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
561 "Error disabling app permissions. Result: " << result);
563 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
564 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
565 "Error disabling app no r permissions. Result: " << result);
567 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
568 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
569 "Error disabling app r permissions. Result: " << result);
573 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2),
574 "SMACK accesses not disabled.");
576 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1),
577 "SMACK accesses not disabled.");
582 * Test - disable all granted permissions.
585 // Prepare permissions that we want to disable
586 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
587 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
588 " Error registering app permissions. Result: " << result);
592 // Are all the permissions enabled?
593 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
597 // Disable permissions
598 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
599 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
600 "Error disabling app permissions. Result: " << result);
604 // Are all the permissions disabled?
605 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
608 * Test - disable some granted permissions leaving non complementary and then disabling those too.
613 // Prepare permissions that will not be disabled
614 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, false);
615 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
616 " Error adding app first permissions. Result: " << result);
618 // Prepare permissions that we want to disable
619 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
620 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
621 " Error adding app second permissions. Result: " << result);
623 // Disable second permissions
624 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
625 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
626 "Error disabling app second permissions. Result: " << result);
630 // Are all second permissions disabled?
631 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
633 // Are all first permissions not disabled?
634 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules1), "Some of second permissions disabled.");
638 // Disable first permissions
639 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
640 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
641 "Error disabling app first permissions. Result: " << result);
645 // Are all second permissions disabled?
646 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1), "Not all second permisions disabled.");
649 * Test - disable only no r granted permissions.
654 // Prepare permissions
655 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
656 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
657 " Error registering app r permissions. Result: " << result);
659 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
660 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
661 " Error registering app no r permissions. Result: " << result);
663 // Disable same permissions without r
664 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
665 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
666 "Error disabling app no r permissions. Result: " << result);
670 // Is any r permissions disabled?
671 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
672 // Are all no r permissions disabled?
673 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
677 // Prepare permissions
678 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
679 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
680 " Error adding app no r permissions. Result: " << result);
684 RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
688 // Disable all permissions
689 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
690 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
691 "Error disabling app permissions. Result: " << result);
695 RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
699 // Clean up after test:
700 result = perm_app_uninstall(WGT_APP_ID);
701 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));