2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
22 * @brief libprivilege-control test runner
35 #include <sys/types.h>
38 #include <sys/socket.h>
40 #include <sys/smack.h>
42 #include <privilege-control.h>
43 #include <dpl/test/test_runner.h>
44 #include <dpl/test/test_runner_child.h>
45 #include <dpl/test/test_runner_multiprocess.h>
46 #include <dpl/log/log.h>
47 #include <tests_common.h>
48 #include <libprivilege-control_test_common.h>
52 #define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules"
54 #define EFL_APP_ID "EFL_APP_ID"
56 #define EARLY_RULE_SUBJECT "livebox.web-provider"
57 #define EARLY_RULE_RIGHTS "rwx---"
59 #define SMACK_ACC_LEN 6
62 #define APP_1_DIR "/tmp/app_1"
65 #define APP_2_DIR "/tmp/app_2"
67 #define APP_TEST "app_test"
71 const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
72 const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
73 const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
74 const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
76 std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
78 std::vector<std::string> names;
79 for(size_t i = 0; i < size; ++i) {
80 names.push_back(prefix + "_" + std::to_string(i) + suffix);
85 const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
86 const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
87 const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
88 const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
89 const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
90 const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
91 const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
93 int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb,
94 int /*typeflag*/, struct FTW* /*ftwbuf*/)
100 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
101 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
102 RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
103 result = strcmp(APPID_SHARED_DIR, label);
104 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
106 result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
107 RUNNER_ASSERT_MSG(result == 1,
108 "Error rwxatl access was not given shared dir. Subject: " <<
109 APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
111 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
112 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
113 RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
116 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
117 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
118 if (S_ISDIR(sb->st_mode)) {
119 RUNNER_ASSERT_MSG(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
120 result = strcmp("TRUE", label);
121 RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
123 RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
128 int check_labels_dir(const char *fpath, const struct stat *sb,
129 const char *labels_db_path, const char *dir_db_path,
135 char *scanf_label_format;
136 char label_temp[SMACK_LABEL_LEN + 1];
140 result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
141 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
142 RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
145 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
148 RUNNER_ASSERT_MSG(false, "Could not get label for the path");
153 RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
157 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
161 RUNNER_ASSERT_MSG(false, "Could not get label for the path");
163 if (S_ISDIR(sb->st_mode)) {
167 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
169 result = strcmp("TRUE", label);
173 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
175 } else if (label != NULL) {
178 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
183 if (0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)) {
185 RUNNER_ASSERT_MSG(false, "asprintf failed");
188 file_db = fopen(labels_db_path, "r");
189 if (file_db == NULL) {
191 free(scanf_label_format);
192 RUNNER_ASSERT_MSG(false, "Can not open database for apps");
194 while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
195 result = smack_have_access(label_temp, label_gen, access);
199 free(scanf_label_format);
200 RUNNER_ASSERT_MSG(false,
201 "Error " << access << " access was not given for subject: "
202 << label_temp << ". Result: " << result);
207 file_db = fopen(dir_db_path, "r");
208 if (file_db == NULL) {
210 free(scanf_label_format);
211 RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
214 free(scanf_label_format);
221 int file_exists(const char *path)
223 FILE *file = fopen(path, "r");
231 void osp_blahblah_check(int line_no, const std::vector<std::string> &rules)
233 std::ifstream smack_file(OSP_BLAHBLAH);
234 RUNNER_ASSERT_MSG(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
236 auto it = rules.begin();
238 while (std::getline(smack_file,line)) {
239 RUNNER_ASSERT_MSG(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
240 RUNNER_ASSERT_MSG(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
244 RUNNER_ASSERT_MSG(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it);
249 void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
251 std::ifstream dac_file(dac_file_path);
252 RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
254 auto it = gids.begin();
256 while (std::getline(dac_file,line)) {
257 std::istringstream is(line);
260 RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
261 RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
265 RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
270 void remove_smack_files()
273 unlink(OSP_BLAHBLAH);
274 unlink(WRT_BLAHBLAH);
275 unlink(OTHER_BLAHBLAH);
276 unlink(WRT_BLAHBLAH_DAC);
277 unlink(OTHER_BLAHBLAH_DAC);
279 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
280 unlink(OSP_BLAHBLAH_DAC[i].c_str());
282 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
283 unlink(OSP_BLAHBLAH_DAC[i].c_str());
288 RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
291 * Test setting labels for all files and folders in given path.
293 RUNNER_TEST(privilege_control02_app_label_dir)
297 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
298 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
300 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
301 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
303 result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
304 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
306 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS);
307 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
309 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
310 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
313 RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir)
316 result = perm_app_install(APP_ID);
317 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
319 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
320 RUNNER_ASSERT_MSG(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
322 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
323 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
325 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
326 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
328 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
329 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
331 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS);
332 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
334 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
335 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
337 result = perm_app_uninstall(APP_ID);
338 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
342 * Simple enabling EFL permissions;.
344 RUNNER_TEST_SMACK(privilege_control04_add_permissions)
346 int result = perm_app_uninstall(APP_ID);
347 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
349 result = perm_app_install(APP_ID);
350 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
353 result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, TRUE);
354 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
355 " perm_app_enable_permissions failed with result: " << result);
357 // Check if the accesses are realy applied..
358 result = test_have_all_accesses(rules_efl);
359 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
361 result = perm_app_uninstall(APP_ID);
362 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
366 * Revoke permissions from the list. Should be executed as privileged user.
368 RUNNER_CHILD_TEST(privilege_control06_revoke_permissions)
373 result = perm_app_uninstall(WGT_APP_ID);
374 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
375 result = perm_app_uninstall(WGT_PARTNER_APP_ID);
376 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
377 result = perm_app_uninstall(WGT_PLATFORM_APP_ID);
378 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
379 result = perm_app_uninstall(OSP_APP_ID);
380 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
381 result = perm_app_uninstall(OSP_PARTNER_APP_ID);
382 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
383 result = perm_app_uninstall(OSP_PLATFORM_APP_ID);
384 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
387 result = perm_app_install(WGT_APP_ID);
388 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
389 result = perm_app_install(WGT_PARTNER_APP_ID);
390 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
391 result = perm_app_install(WGT_PLATFORM_APP_ID);
392 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
393 result = perm_app_install(OSP_APP_ID);
394 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
395 result = perm_app_install(OSP_PARTNER_APP_ID);
396 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
397 result = perm_app_install(OSP_PLATFORM_APP_ID);
398 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
402 // Revoke permissions
403 result = perm_app_revoke_permissions(WGT_APP_ID);
404 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
405 "Error revoking app permissions. Result: " << result);
406 result = perm_app_revoke_permissions(WGT_PARTNER_APP_ID);
407 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
408 "Error revoking app permissions. Result: " << result);
409 result = perm_app_revoke_permissions(WGT_PLATFORM_APP_ID);
410 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
411 "Error revoking app permissions. Result: " << result);
412 result = perm_app_revoke_permissions(OSP_APP_ID);
413 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
414 "Error revoking app permissions. Result: " << result);
415 result = perm_app_revoke_permissions(OSP_PARTNER_APP_ID);
416 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
417 "Error revoking app permissions. Result: " << result);
418 result = perm_app_revoke_permissions(OSP_PLATFORM_APP_ID);
419 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
420 "Error revoking app permissions. Result: " << result);
422 // Are all the permissions revoked?
423 result = test_have_any_accesses(rules_wgt);
424 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
425 result = test_have_any_accesses(rules_wgt_partner);
426 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
427 result = test_have_any_accesses(rules_wgt_platform);
428 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
429 result = test_have_any_accesses(rules_osp);
430 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
431 result = test_have_any_accesses(rules_osp_partner);
432 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
433 result = test_have_any_accesses(rules_osp_platform);
434 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
436 // Cleanup - uninstall test apps
437 result = perm_app_uninstall(WGT_APP_ID);
438 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
439 result = perm_app_uninstall(WGT_PARTNER_APP_ID);
440 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
441 result = perm_app_uninstall(WGT_PLATFORM_APP_ID);
442 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
443 result = perm_app_uninstall(OSP_APP_ID);
444 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
445 result = perm_app_uninstall(OSP_PARTNER_APP_ID);
446 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
447 result = perm_app_uninstall(OSP_PLATFORM_APP_ID);
448 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
452 void set_app_privilege(int line_no,
453 const char* app_id, app_type_t APP_TYPE,
454 const char** privileges, const char* type,
455 const char* app_path, const char* dac_file,
456 const std::vector< std::vector<std::string> > &rules) {
457 int result = perm_app_uninstall(app_id);
458 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
459 " perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
460 result = perm_app_install(app_id);
461 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
462 " perm_app_install returned " << result << ". Errno: " << strerror(errno));
465 result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, 1);
466 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
467 " Error enabling app permissions. Result: " << result);
469 result = test_have_all_accesses(rules);
470 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
472 result = perm_app_set_privilege(app_id, type, app_path);
473 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
474 " Error in perm_app_set_privilege. Error: " << result);
476 // Check if SMACK label really set
478 result = smack_new_label_from_self(&label);
479 RUNNER_ASSERT_MSG(result >= 0, "Line: " << line_no <<
480 " Error getting current process label");
481 RUNNER_ASSERT_MSG(label != NULL, "Line: " << line_no <<
482 " Process label is not set");
483 result = strcmp(app_id, label);
484 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
485 " Process label " << label << " is incorrect");
487 check_groups(dac_file);
491 * Set APP privileges. wgt.
493 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
495 set_app_privilege(__LINE__,WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
496 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
500 * Set APP privileges. wgt_partner.
502 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_partner)
504 set_app_privilege(__LINE__, WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT,
505 "wgt_partner", WGT_PARTNER_APP_PATH,
506 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_partner);
510 * Set APP privileges. wgt_platform.
512 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_platform)
514 set_app_privilege(__LINE__, WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT,
515 "wgt_platform", WGT_PLATFORM_APP_PATH,
516 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_platform);
520 * Set APP privileges. osp app.
522 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
524 set_app_privilege(__LINE__, OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, NULL, OSP_APP_PATH,
525 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
529 * Set APP privileges. partner osp app.
531 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_partner)
533 set_app_privilege(__LINE__, OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP,
534 NULL, OSP_PARTNER_APP_PATH, LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_partner);
538 * Set APP privileges. platform osp app.
540 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_platform)
542 set_app_privilege(__LINE__, OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP,
543 NULL, OSP_PLATFORM_APP_PATH,
544 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_platform);
548 * Add new API feature
550 RUNNER_TEST(privilege_control11_add_api_feature)
554 remove_smack_files();
557 // argument validation
558 result = perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0);
559 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
561 result = perm_add_api_feature(APP_TYPE_OSP,"", NULL, NULL, 0);
562 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
565 // Already existing feature:
566 // TODO: Database will be malformed. (Rules for these features will be removed.)
567 result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0);
568 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
570 result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0);
571 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
574 result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0);
575 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
577 result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0);
578 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
582 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), { NULL }, NULL, 0);
583 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
585 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), (const char*[]) { "", NULL }, NULL, 0);
586 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
588 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), (const char*[]) { " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0);
589 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
592 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), (const char*[]) { "malformed", NULL }, NULL, 0);
593 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
595 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), (const char*[]) { "malformed malformed", NULL }, NULL, 0);
596 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
598 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), (const char*[]) { "-malformed malformed rwxat", NULL }, NULL, 0);
599 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
601 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), (const char*[]) { "~/\"\\ malformed rwxat", NULL }, NULL, 0);
602 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
604 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), (const char*[]) { "subject object rwxat something else", NULL }, NULL, 0);
605 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
609 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), (const char*[]) {
610 "~APP~ object\t rwxatl",
612 "subject2\t~APP~ ltxarw",
616 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
618 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), (const char*[]) {
619 "Sub::jE,ct ~APP~ a-rwxl",
622 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
624 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), (const char*[]) {
625 "Sub::sjE,ct ~APP~ a-RwXL", // TODO This fails.
628 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
631 // TODO For now identical/complementary rules are not merged.
632 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), (const char*[]) {
633 "subject1 ~APP~ rwxatl",
635 "subject2 ~APP~ ltxarw",
639 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
643 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},0);
644 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
645 result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
646 RUNNER_ASSERT(result == -1);
647 remove_smack_files();
651 result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},3);
652 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
653 osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
654 remove_smack_files();
656 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},1);
657 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
658 osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
659 remove_smack_files();
661 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {1,1,1},3);
662 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
663 osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
664 remove_smack_files();
668 * Check perm_app_install function
670 RUNNER_TEST(privilege_control01_app_install)
675 perm_app_uninstall(APP_ID);
677 result = perm_app_install(APP_ID);
678 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
680 // try install second time app with the same ID - it should pass.
681 result = perm_app_install(APP_ID);
682 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
686 * Check perm_app_install function
688 RUNNER_TEST(privilege_control07_app_uninstall)
693 result = perm_app_uninstall(APP_ID);
694 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
696 // checking if file really exists
697 fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
698 RUNNER_ASSERT_MSG(fd == -1, "SMACK file NOT deleted after perm_app_uninstall");
702 void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
705 result = smack_have_access(av_id, app_id, "rwx");
706 RUNNER_ASSERT_MSG(result == 1,
707 "Error while checking " << av_id << " rwx access to "
708 << app_id << " " << comment << " Result: " << result);
709 result = smack_have_access(av_id, app_id, "a");
710 RUNNER_ASSERT_MSG(result == 0,
711 "Error while checking " << av_id << " a access to "
712 << app_id << " " << comment << " Result: " << result);
713 result = smack_have_access(av_id, app_id, "t");
714 RUNNER_ASSERT_MSG(result == 0,
715 "Error while checking " << av_id << " t access to "
716 << app_id << " " << comment << " Result: " << result);
720 * Check app_register_av function
721 * Notice that this test case may have no sense if previous would fail (privilege_control06_app_install)
723 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
724 RUNNER_TEST_SMACK(privilege_control10_app_register_av)
726 RUNNER_IGNORED_MSG("app_register_av is not implemented");
730 smack_revoke_subject(APP_TEST_AV_1);
731 smack_revoke_subject(APP_TEST_AV_2);
733 cleaning_smack_app_files();
735 // Adding two apps before antivir
736 result = perm_app_install(APP_TEST_APP_1);
737 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
739 result = perm_app_install(APP_TEST_APP_2);
740 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
743 result = app_register_av(APP_TEST_AV_1);
744 RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
746 // Checking added apps accesses
747 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
748 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
751 result = perm_app_install(APP_TEST_APP_3);
752 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
754 // Checking app accesses
755 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
756 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)");
757 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)");
759 // Adding second antivir
760 result = app_register_av(APP_TEST_AV_2);
761 RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
763 // Checking app accesses
764 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
765 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
766 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
767 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
768 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
769 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
772 smack_revoke_subject(APP_TEST_AV_1);
773 smack_revoke_subject(APP_TEST_AV_2);
775 cleaning_smack_app_files();
777 #pragma GCC diagnostic warning "-Wdeprecated-declarations"
780 * Grant SMACK permissions based on permissions list.
782 RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
786 // Clean up after test:
787 result = perm_app_uninstall(WGT_APP_ID);
788 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
789 result = perm_app_install(WGT_APP_ID);
790 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
793 * Test - Enabling all permissions with persistant mode enabled
795 result = perm_app_revoke_permissions(WGT_APP_ID);
796 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
797 "Error revoking app permissions. Result: " << result);
799 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
800 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
801 " Error enabling app permissions. Result: " << result);
803 // Check if the accesses are realy applied..
804 result = test_have_all_accesses(rules2);
805 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
808 result = perm_app_revoke_permissions(WGT_APP_ID);
809 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
810 "Error revoking app permissions. Result: " << result);
813 * Test - Enabling all permissions with persistant mode disabled
816 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0);
817 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
818 " Error enabling app permissions. Result: " << result);
820 // Check if the accesses are realy applied..
821 result = test_have_all_accesses(rules2);
822 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
825 result = perm_app_revoke_permissions(WGT_APP_ID);
826 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
827 "Error revoking app permissions. Result: " << result);
830 * Test - Enabling all permissions in two complementary files
833 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, 1);
834 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
835 " Error enabling app permissions. Result: " << result);
837 // Check if the accesses are realy applied..
838 result = test_have_all_accesses(rules2_no_r);
839 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
842 result = perm_app_revoke_permissions(WGT_APP_ID);
843 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
844 "Error revoking app permissions. Result: " << result);
847 * Test - Enabling some permissions and then enabling complementary permissions
850 // Enable permission for rules 2 no r
851 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
852 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
853 " Error enabling app permissions without r. Result: " << result);
855 // Check if the accesses are realy applied..
856 result = test_have_all_accesses(rules2_no_r);
857 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
859 // Enable permission for rules 2
860 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
861 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
862 " Error enabling app all permissions. Result: " << result);
864 // Check if the accesses are realy applied..
865 result = test_have_all_accesses(rules2);
866 RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
869 result = perm_app_revoke_permissions(WGT_APP_ID);
870 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
871 "Error revoking app permissions. Result: " << result);
874 * Test - Enabling some permissions and then enabling all permissions
877 // Enable permission for rules 2 no r
878 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
879 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
880 " Error enabling app permissions without r. Result: " << result);
882 // Check if the accesses are realy applied..
883 result = test_have_all_accesses(rules2_no_r);
884 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
886 // Enable permission for rules 2
887 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
888 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
889 " Error enabling app permissions with only r. Result: " << result);
891 // Check if the accesses are realy applied..
892 result = test_have_all_accesses(rules2_r);
893 RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
896 result = perm_app_revoke_permissions(WGT_APP_ID);
897 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
898 "Error revoking app permissions. Result: " << result);
902 // Clean up after test:
903 result = perm_app_uninstall(WGT_APP_ID);
904 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
908 RUNNER_CHILD_TEST(privilege_control11_app_enable_permissions_efl)
913 result = perm_app_uninstall(EFL_APP_ID);
914 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
915 "perm_app_uninstall failed: " << result);
916 result = perm_app_install(EFL_APP_ID);
917 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
918 "perm_app_install failed: " << result);
920 // Enable a permission:
921 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
922 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
923 "Error enabling app permissions. Result: " << result);
925 RUNNER_ASSERT_MSG(smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
926 "SMACK accesses not granted for EFL_APP");
929 result = perm_app_uninstall(EFL_APP_ID);
930 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
931 "perm_app_uninstall failed: " << result);
935 * Check perm_app_install function
937 RUNNER_CHILD_TEST(privilege_control12_app_disable_permissions_efl)
942 result = perm_app_uninstall(EFL_APP_ID);
943 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
944 "perm_app_uninstall failed: " << result);
946 result = perm_app_install(EFL_APP_ID);
947 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
948 "perm_app_install failed: " << result);
950 // Enable a permission
951 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
952 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
953 "Error enabling app permissions. Result: " << result);
955 RUNNER_ASSERT_MSG(smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
956 "SMACK accesses not granted for EFL_APP");
958 // Disable a permission
959 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
960 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
961 "Error disabling app permissions. Result: " << result);
963 RUNNER_ASSERT_MSG(!smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
964 "SMACK accesses not granted for EFL_APP");
967 result = perm_app_uninstall(EFL_APP_ID);
968 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
969 "perm_app_uninstall failed: " << result);
974 * Remove previously granted SMACK permissions based on permissions list.
976 RUNNER_TEST(privilege_control12_app_disable_permissions)
981 result = perm_app_uninstall(WGT_APP_ID);
982 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
983 "perm_app_uninstall failed: " << result);
985 result = perm_app_install(WGT_APP_ID);
986 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
987 "perm_app_install failed: " << result);
989 * Test - disable all granted permissions.
992 // Prepare permissions that we want to disable
993 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
994 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
995 " Error enabling app permissions. Result: " << result);
997 // Are all the permissions enabled?
998 result = test_have_any_accesses(rules2);
999 RUNNER_ASSERT_MSG(result==1, "Not all permisions enabled.");
1001 // Disable permissions
1002 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
1003 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1004 "Error disabling app permissions. Result: " << result);
1006 // Are all the permissions disabled?
1007 result = test_have_any_accesses(rules2);
1008 RUNNER_ASSERT_MSG(result!=1, "Not all permisions disabled.");
1011 * Test - disable some granted permissions leaving non complementary and then disabling those too.
1014 // Prepare permissions that will not be disabled
1015 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS, 1);
1016 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1017 " Error adding app first permissions. Result: " << result);
1019 // Prepare permissions that we want to disable
1020 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
1021 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1022 " Error adding app second permissions. Result: " << result);
1024 // Disable second permissions
1025 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
1026 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1027 "Error disabling app second permissions. Result: " << result);
1029 // Are all second permissions disabled?
1030 result = test_have_any_accesses(rules2);
1031 RUNNER_ASSERT_MSG(result!=1, "Not all first permisions disabled.");
1033 // Are all first permissions not disabled?
1034 result = test_have_all_accesses(rules_wgt2);
1035 RUNNER_ASSERT_MSG(result==1, "Some of second permissions disabled.");
1037 // Disable first permissions
1038 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
1039 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1040 "Error disabling app first permissions. Result: " << result);
1042 // Are all second permissions disabled?
1043 result = test_have_any_accesses(rules_wgt2);
1044 RUNNER_ASSERT_MSG(result!=1, "Not all second permisions disabled.");
1047 * Test - disable only no r granted permissions.
1050 // Prepare permissions
1051 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
1052 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1053 " Error adding app permissions. Result: " << result);
1055 // Disable same permissions without r
1056 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
1057 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1058 "Error disabling app no r permissions. Result: " << result);
1060 // Is any r permissions disabled?
1061 result = test_have_all_accesses(rules2_r);
1062 RUNNER_ASSERT_MSG(result==1, "Some of r permissions disabled.");
1063 // Are all no r permissions disabled?
1064 result = test_have_any_accesses(rules2_no_r);
1065 RUNNER_ASSERT_MSG(result!=1, "Not all no r permissions disabled.");
1067 // Prepare permissions
1068 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
1069 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1070 " Error adding app no r permissions. Result: " << result);
1071 result = test_have_any_accesses(rules2_no_r);
1072 RUNNER_ASSERT_MSG(result=1, "Not all no r permissions enabled.");
1074 // Disable all permissions
1075 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
1076 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1077 "Error disabling app permissions. Result: " << result);
1078 result = test_have_any_accesses(rules2_r);
1079 RUNNER_ASSERT_MSG(result!=1, "Not all r permissions disabled.");
1083 // Clean up after test:
1084 result = perm_app_uninstall(WGT_APP_ID);
1085 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1089 * Reset SMACK permissions for an application by revoking all previously
1090 * granted rules and enabling them again from a rules file from disk.
1092 // TODO: This test is incomplete.
1093 RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
1098 * Test - doing reset and checking if rules exist again.
1101 result = perm_app_install(WGT_APP_ID);
1102 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1104 // Prepare permissions to reset
1105 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
1106 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1107 " Error adding app permissions. Result: " << result);
1109 // Reset permissions
1110 result = perm_app_reset_permissions(WGT_APP_ID);
1111 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1112 "Error reseting app permissions. Result: " << result);
1114 // Are all second permissions not disabled?
1115 result = test_have_all_accesses(rules2);
1116 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
1118 // Disable permissions
1119 result = perm_app_revoke_permissions(WGT_APP_ID);
1120 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1121 "Error disabling app permissions. Result: " << result);
1123 result = perm_app_uninstall(WGT_APP_ID);
1124 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1129 * Make two applications "friends", by giving them both full permissions on
1132 RUNNER_TEST_SMACK(privilege_control14_app_add_friend)
1134 RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
1139 * Test - making friends with no permissions on each other
1142 result = perm_app_revoke_permissions(APP_FRIEND_1);
1143 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1144 "Error revoking app permissions. Result: " << result);
1145 result = perm_app_revoke_permissions(APP_FRIEND_2);
1146 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1147 "Error revoking app permissions. Result: " << result);
1149 perm_app_uninstall(APP_FRIEND_1);
1150 perm_app_uninstall(APP_FRIEND_2);
1152 // Installing friends to be
1153 result = perm_app_install(APP_FRIEND_1);
1154 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1155 " Error installing first app. Result: " << result);
1156 result = perm_app_install(APP_FRIEND_2);
1157 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1158 " Error installing second app. Result: " << result);
1161 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1162 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1163 " Error making friends. Errno: " << result);
1165 // Checking if friends were made
1166 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1167 RUNNER_ASSERT_MSG(result == 1,
1168 " Error first one sided friednship failed. Result: " << result);
1169 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1170 RUNNER_ASSERT_MSG(result == 1,
1171 " Error second one sided friednship failed. Result: " << result);
1174 result = perm_app_revoke_permissions(APP_FRIEND_1);
1175 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1176 "Error revoking app permissions. Result: " << result);
1177 result = perm_app_revoke_permissions(APP_FRIEND_2);
1178 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1179 "Error revoking app permissions. Result: " << result);
1181 perm_app_uninstall(APP_FRIEND_1);
1182 perm_app_uninstall(APP_FRIEND_2);
1185 * Test - making friends with nonexistent friend
1188 // Installing one friend
1189 result = perm_app_install(APP_FRIEND_1);
1190 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1191 " Error installing first app. Errno: " << result);
1193 // Adding imaginary friend as second
1194 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1195 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1196 " Error making friends (first) with imaginairy friend failed. Result: "
1198 // Adding imaginary friend as first
1199 result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1);
1200 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1201 " Error making friends (second) with imaginairy friend failed. Result: "
1204 result = perm_app_revoke_permissions(APP_FRIEND_1);
1205 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1206 "Error revoking app permissions. Result: " << result);
1207 result = perm_app_revoke_permissions(APP_FRIEND_2);
1208 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1209 "Error revoking app permissions. Result: " << result);
1211 perm_app_uninstall(APP_FRIEND_1);
1212 perm_app_uninstall(APP_FRIEND_2);
1215 * Test - making friends with some permissions already added
1220 struct smack_accesses *rulesFriend = NULL;
1222 std::vector<std::string> accessesFriend =
1223 { "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" };
1225 // Installing friends to be
1226 result = perm_app_install(APP_FRIEND_1);
1227 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1228 " Error installing first app. Result: " << result);
1229 result = perm_app_install(APP_FRIEND_2);
1230 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1231 " Error installing second app. Result: " << result);
1233 for (i = 0; i < accessesFriend.size(); ++i)
1235 for (j = 0; j < accessesFriend.size(); ++j)
1237 // Adding rules before making friends
1238 result = smack_accesses_new(&rulesFriend);
1239 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1240 "Error in smack_accesses_new. Result: " << result);
1242 result = smack_accesses_add(rulesFriend,
1243 APP_FRIEND_1, APP_FRIEND_2, accessesFriend[i].c_str());
1244 RUNNER_ASSERT_MSG(result == 0,
1245 "Unable to add modify rulesFirend (first). Result: " << result);
1246 result = smack_accesses_add(rulesFriend, APP_FRIEND_2,
1247 APP_FRIEND_1, accessesFriend[j].c_str());
1248 RUNNER_ASSERT_MSG(result == 0,
1249 "Unable to add modify rulesFirend (second). Result: " << result);
1251 result = smack_accesses_apply(rulesFriend);
1252 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1253 "Error in smack_accesses_apply. Result: " << result);
1256 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1257 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1258 " Error making friends. Result: " << result);
1260 // Checking if friends were made
1261 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1262 RUNNER_ASSERT_MSG(result == 1,
1263 " Error first one sided friednship failed. Result: " << result);
1264 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1265 RUNNER_ASSERT_MSG(result == 1,
1266 " Error second one sided friednship failed. Result: " << result);
1268 // Deleting all rules between friends
1269 smack_accesses_add_modify(rulesFriend,
1270 APP_FRIEND_1, APP_FRIEND_2,"","rwxat");
1271 smack_accesses_add_modify(rulesFriend,
1272 APP_FRIEND_2, APP_FRIEND_1,"","rwxat");
1274 result = smack_accesses_apply(rulesFriend);
1276 smack_accesses_free(rulesFriend);
1282 result = perm_app_revoke_permissions(APP_FRIEND_1);
1283 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1284 "Error revoking app permissions. Result: " << result);
1285 result = perm_app_revoke_permissions(APP_FRIEND_2);
1286 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1287 "Error revoking app permissions. Result: " << result);
1289 perm_app_uninstall(APP_FRIEND_1);
1290 perm_app_uninstall(APP_FRIEND_2);
1293 static void smack_set_random_label_based_on_pid_on_self(void)
1296 std::stringstream ss;
1298 ss << "s-" << getpid() << "-" << getppid();
1299 result = smack_set_label_for_self(ss.str().c_str());
1300 RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
1301 << ss.str().c_str() << ") failed");
1304 static void smack_unix_sock_server(int sock)
1310 fd = accept(sock, NULL, NULL);
1314 result = smack_new_label_from_self(&smack_label);
1319 RUNNER_ASSERT_MSG(0, "smack_new_label_from_self() failed");
1321 result = write(fd, smack_label, strlen(smack_label));
1322 if (result != (int)strlen(smack_label)) {
1326 RUNNER_ASSERT_MSG(0, "write() failed: " << strerror(errno));
1332 RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
1335 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
1339 RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
1341 smack_set_random_label_based_on_pid_on_self();
1343 if (!pid) { /* child process, server */
1346 /* Set the process label before creating a socket */
1347 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1348 RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
1350 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1353 RUNNER_ASSERT_MSG(0, "bind failed: " << strerror(errno));
1355 result = listen(sock, 1);
1358 RUNNER_ASSERT_MSG(0, "listen failed: " << strerror(errno));
1360 smack_unix_sock_server(sock);
1362 /* Change the process label with listening socket */
1363 smack_unix_sock_server(sock);
1366 RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
1367 /* Now running two concurrent servers.
1368 Test if socket label was unaffected by fork() */
1369 smack_unix_sock_server(sock);
1370 /* Let's give the two servers different labels */
1371 smack_unix_sock_server(sock);
1375 } else { /* parent process, client */
1376 sleep(1); /* Give server some time to setup listening socket */
1378 for (i = 0; i < 4; ++i) {
1381 char smack_label1[SMACK_LABEL_LEN + 1];
1384 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1385 RUNNER_ASSERT_MSG(sock >= 0,
1386 "socket failed: " << strerror(errno));
1387 result = connect(sock,
1388 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1391 RUNNER_ASSERT_MSG(0, "connect failed: " << strerror(errno));
1395 result = read(sock, smack_label1, SMACK_LABEL_LEN);
1399 RUNNER_ASSERT_MSG(0, "read failed: " << strerror(errno));
1401 smack_label1[result] = '\0';
1402 smack_label2 = perm_app_id_from_socket(sock);
1403 if (smack_label2 == NULL) {
1405 RUNNER_ASSERT_MSG(0, "perm_app_id_from_socket failed");
1407 result = strcmp(smack_label1, smack_label2);
1410 RUNNER_ASSERT_MSG(0, "smack labels differ: '" << smack_label1
1411 << "' != '" << smack_label2 << "-" << random() << "'");
1418 RUNNER_TEST(privilege_control16_app_setup_path){
1419 const char *path1 = "/usr/share/privilege-control/app_setup_access_test";
1420 const char *path2 = "/usr/share/privilege-control/app_setup_access_test/directory";
1421 const char *path3 = "/usr/share/privilege-control/app_setup_access_test/one";
1422 const char *path4 = "/usr/share/privilege-control/app_setup_access_test/directory/two";
1423 const char *label1 = "qwert123456za";
1424 const char *label2 = "trewq654123az";
1426 std::unique_ptr<char, std::function<void(void*)> > labelPtr(NULL,free);
1431 int fd = creat(path3, S_IRWXU);
1434 fd = creat(path4, S_IRWXU);
1440 RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1));
1441 RUNNER_ASSERT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS));
1442 labelPtr.reset(label);
1444 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label1));
1446 RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2));
1447 RUNNER_ASSERT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC));
1448 labelPtr.reset(label);
1450 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label2));
1452 RUNNER_ASSERT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC));
1453 labelPtr.reset(label);
1455 RUNNER_ASSERT(labelPtr.get() == NULL);
1458 RUNNER_TEST(privilege_control17_appsettings_privilege)
1461 char *app1_dir_label;
1462 char *app2_dir_label;
1465 (void)perm_app_uninstall(APP_TEST);
1466 (void)perm_app_uninstall(APP_1);
1467 (void)perm_app_uninstall(APP_2);
1469 //install some app 1
1470 ret = perm_app_install(APP_1);
1471 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
1473 mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
1475 //register settings folder for app 1
1476 ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
1477 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
1479 //install "app_test" and give it appsettings privilege
1480 ret = perm_app_install(APP_TEST);
1481 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
1484 ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
1485 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
1486 " Error enabling app permissions. Result: " << ret);
1488 //check if "app_test" has an RX access to the app "app_1"
1489 ret = smack_have_access(APP_TEST, APP_1, "rx");
1490 RUNNER_ASSERT_MSG(ret,"access denied");
1492 //check if "app_test" has an RWX access to a folder registered by "app_1"
1493 ret = smack_getlabel(APP_1_DIR, &app1_dir_label, SMACK_LABEL_ACCESS );
1494 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
1495 ret = smack_have_access(APP_TEST, app1_dir_label, "rwx");
1496 RUNNER_ASSERT_MSG(ret,"access denied to smack label: " << app1_dir_label);
1499 //intstall another app: "app_2"
1500 ret = perm_app_install(APP_2);
1501 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
1503 mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
1504 //register settings folder for that "app_2"
1505 ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
1506 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
1508 //check if "app_test" has an RX access to the app "app_2"
1509 ret = smack_have_access(APP_TEST, APP_2, "rx");
1510 RUNNER_ASSERT_MSG(ret,"access denies");
1512 //check if "app_test" has an RWX access to a folder registered by "app_2"
1513 ret = smack_getlabel(APP_2_DIR, &app2_dir_label, SMACK_LABEL_ACCESS );
1514 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
1515 ret = smack_have_access(APP_TEST, app2_dir_label, "rwx");
1516 RUNNER_ASSERT_MSG(ret,"access denies");
1518 free (app1_dir_label);
1519 free (app2_dir_label);
1523 (void)perm_app_uninstall(APP_TEST);
1524 (void)perm_app_uninstall(APP_1);
1525 (void)perm_app_uninstall(APP_2);
1528 void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) {
1531 result = perm_app_uninstall(APP_ID);
1532 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1533 " Error in perm_app_uninstall." << result);
1535 result = perm_app_install(APP_ID);
1536 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1537 " Error in perm_app_install." << result);
1539 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
1540 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1541 " Unable to clean up Smack labels in " << TEST_APP_DIR);
1543 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1544 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1545 " Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
1547 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, PATH_TYPE);
1548 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1549 " perm_app_setup_path() failed");
1551 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1552 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1553 " Unable to check Smack labels for non-app dir");
1555 result = perm_app_uninstall(APP_ID);
1556 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1557 " Error in perm_app_uninstall." << result);
1560 RUNNER_TEST_SMACK(privilege_control18_app_setup_path_public)
1562 test_app_setup_path(__LINE__, APP_PATH_PUBLIC_RO);
1565 RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings)
1567 test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW);
1570 RUNNER_TEST(privilege_control20_early_rules)
1572 RUNNER_IGNORED_MSG("early rules are not implemented");
1578 char *single_line_format = NULL;
1582 char subject[SMACK_LABEL_LEN + 1] = {0};
1583 char object[SMACK_LABEL_LEN + 1] = {0};
1584 char rule_add[SMACK_ACC_LEN + 1] = {0};
1585 char rule_remove[SMACK_ACC_LEN + 1] = {0};
1587 unlink(SMACK_RULES_DIR APP_ID);
1589 perm_app_uninstall(APP_ID);
1591 result = perm_app_install(APP_ID);
1592 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1593 result = perm_app_install(APP_TEST_APP_1);
1594 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1596 // checking if file really exists
1597 fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
1599 RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno));
1602 result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm, 1);
1603 RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
1604 result = perm_app_enable_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm, 1);
1605 RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
1607 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1608 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1610 result = asprintf(&single_line_format, "%%%ds %%%ds %%%ds %%%ds\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN, SMACK_ACC_LEN, SMACK_ACC_LEN);
1612 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1613 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1614 pass_1 = 1; // Found rule for APP_ID
1617 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1618 pass_2 = 1; // Found rule for APP_TEST_APP_1
1625 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
1626 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
1628 // Checking if "early rule" for APP_ID was really removed
1629 // We also should make sure that "early rules" for other apps wasn't removed
1630 result = perm_app_uninstall(APP_ID);
1631 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1635 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1636 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1638 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1639 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1640 pass_1 = 0; // Found rule for APP_ID - it should NOT be here
1643 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1644 pass_2 = 1; // Found rule for APP_TEST_APP_1
1651 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
1652 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
1654 // Removing and checking "early rule" for APP_TEST_APP_1
1655 result = perm_app_uninstall(APP_TEST_APP_1);
1656 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1660 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1661 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1663 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1664 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1665 pass_1 = 0; // Found rule for APP_ID - it should NOT be here
1668 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1669 pass_2 = 0; // Found rule for APP_TEST_APP_1 - it should NOT be here
1673 free(single_line_format);
1676 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
1677 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");