2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
21 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
23 * @brief libprivilege-control test runner
36 #include <sys/types.h>
39 #include <sys/socket.h>
41 #include <sys/smack.h>
43 #include <privilege-control.h>
44 #include <dpl/test/test_runner.h>
45 #include <dpl/test/test_runner_child.h>
46 #include <dpl/test/test_runner_multiprocess.h>
47 #include <dpl/log/log.h>
48 #include <tests_common.h>
49 #include <libprivilege-control_test_common.h>
50 #include "common/duplicates.h"
51 #include "common/db.h"
53 // Error codes for test_libprivilege_strerror
54 const std::vector<int> error_codes {
55 PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
56 PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
57 PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
58 PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
63 std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
65 std::vector<std::string> names;
66 for(size_t i = 0; i < size; ++i) {
67 names.push_back(prefix + "_" + std::to_string(i) + suffix);
72 const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
73 const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
74 const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
75 const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
76 const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
77 const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
78 const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
80 int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb,
81 int /*typeflag*/, struct FTW* /*ftwbuf*/)
87 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
88 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
89 RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set");
90 result = strcmp(APPID_SHARED_DIR, label);
91 RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect");
93 result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
94 RUNNER_ASSERT_MSG_BT(result == 1,
95 "Error rwxatl access was not given shared dir. Subject: " <<
96 APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
98 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
99 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
100 RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
103 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
104 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
105 if (S_ISDIR(sb->st_mode)) {
106 RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
107 result = strcmp("TRUE", label);
108 RUNNER_ASSERT_MSG_BT(result == 0, "TRANSMUTE label on " << fpath << " is not set");
110 RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set");
115 void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
117 std::ifstream dac_file(dac_file_path);
118 RUNNER_ASSERT_MSG_BT(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
120 auto it = gids.begin();
122 while (std::getline(dac_file,line)) {
123 std::istringstream is(line);
126 RUNNER_ASSERT_MSG_BT(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
127 RUNNER_ASSERT_MSG_BT(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
131 RUNNER_ASSERT_MSG_BT(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
136 void remove_smack_files()
139 unlink(OSP_BLAHBLAH);
140 unlink(WRT_BLAHBLAH);
141 unlink(OTHER_BLAHBLAH);
142 unlink(WRT_BLAHBLAH_DAC);
143 unlink(OTHER_BLAHBLAH_DAC);
145 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
146 unlink(OSP_BLAHBLAH_DAC[i].c_str());
148 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
149 unlink(OSP_BLAHBLAH_DAC[i].c_str());
154 RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
157 * Test setting labels for all files and folders in given path.
159 RUNNER_TEST(privilege_control02_app_label_dir)
163 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
164 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
166 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
167 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
171 result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
172 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed");
176 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS);
177 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for app dir");
179 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
180 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir");
183 RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir)
189 result = perm_app_install(APP_ID);
190 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
192 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
193 RUNNER_ASSERT_MSG_BT(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
197 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
198 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
200 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
201 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
205 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
206 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed");
210 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS);
211 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for shared app dir");
213 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
214 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir");
218 result = perm_app_uninstall(APP_ID);
219 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
225 * Revoke permissions from the list. Should be executed as privileged user.
227 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
229 test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, true);
233 * Revoke permissions from the list. Should be executed as privileged user.
235 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
237 test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, true);
240 void test_set_app_privilege(
241 const char* app_id, app_type_t APP_TYPE,
242 const char** privileges, const char* type,
243 const char* app_path, const char* dac_file,
244 const rules_t &rules) {
245 check_app_installed(app_path);
251 result = perm_app_uninstall(app_id);
252 RUNNER_ASSERT_MSG_BT(result == 0,
253 " perm_app_uninstall returned " << result << ". "
254 "Errno: " << strerror(errno));
256 result = perm_app_install(app_id);
257 RUNNER_ASSERT_MSG_BT(result == 0,
258 " perm_app_install returned " << result << ". "
259 "Errno: " << strerror(errno));
262 result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, true);
263 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
264 " Error registering app permissions. Result: " << result);
268 result = test_have_all_accesses(rules);
269 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
271 result = perm_app_set_privilege(app_id, type, app_path);
272 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
273 " Error in perm_app_set_privilege. Error: " << result);
275 // Check if SMACK label really set
277 result = smack_new_label_from_self(&label);
278 RUNNER_ASSERT_MSG_BT(result >= 0,
279 " Error getting current process label");
280 RUNNER_ASSERT_MSG_BT(label != NULL,
281 " Process label is not set");
282 result = strcmp(app_id, label);
283 RUNNER_ASSERT_MSG_BT(result == 0,
284 " Process label " << label << " is incorrect");
286 check_groups(dac_file);
290 * Set APP privileges. wgt.
292 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
294 test_set_app_privilege(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
295 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
299 * Set APP privileges. osp app.
301 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
303 test_set_app_privilege(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
304 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
307 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_efl)
309 test_set_app_privilege(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
311 LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
315 * Add new API feature
317 RUNNER_TEST(privilege_control11_add_api_feature)
321 remove_smack_files();
325 // argument validation
326 result = perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0);
327 RUNNER_ASSERT_BT(result == PC_ERR_INVALID_PARAM);
329 result = perm_add_api_feature(APP_TYPE_OSP,"", NULL, NULL, 0);
330 RUNNER_ASSERT_BT(result == PC_ERR_INVALID_PARAM);
333 // Already existing feature:
334 // TODO: Database will be malformed. (Rules for these features will be removed.)
335 result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0);
336 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
338 result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0);
339 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
342 result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0);
343 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
345 result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0);
346 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
349 const char *test1[] = { NULL };
350 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, NULL, 0);
351 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
353 const char *test2[] = { "", NULL };
354 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, NULL, 0);
355 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
357 const char *test3[] = { " \t\n", "\t \n", "\n\t ", NULL };
358 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, NULL, 0);
359 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
362 const char *test4[] = { "malformed", NULL };
363 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, NULL, 0);
364 RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
366 const char *test5[] = { "malformed malformed", NULL };
367 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, NULL, 0);
368 RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
370 const char *test6[] = { "-malformed malformed rwxat", NULL };
371 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, NULL, 0);
372 RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
374 const char *test7[] = { "~/\"\\ malformed rwxat", NULL };
375 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, NULL, 0);
376 RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
378 const char *test8[] = { "subject object rwxat something else", NULL };
379 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, NULL, 0);
380 RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
384 const char *test9[] = {
385 "~APP~ object\t rwxatl",
387 "subject2\t~APP~ ltxarw",
391 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, NULL, 0);
392 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
394 const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", NULL };
395 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, NULL, 0);
396 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
398 const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", NULL }; // TODO This fails.
399 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, NULL, 0);
400 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
403 // TODO For now identical/complementary rules are not merged.
404 const char *test12[] = {
405 "subject1 ~APP~ rwxatl",
407 "subject2 ~APP~ ltxarw",
410 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, NULL, 0);
411 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
414 const char *test13[] = { "~APP~ b a", NULL};
415 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
416 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
417 result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
418 RUNNER_ASSERT_BT(result == -1);
419 remove_smack_files();
423 result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
424 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
425 osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
426 remove_smack_files();
428 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
429 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
430 osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
431 remove_smack_files();
433 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
434 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
435 osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
436 remove_smack_files();
442 * Check perm_app_uninstall function
444 void check_perm_app_uninstall(const char* pkg_id)
450 result = perm_app_uninstall(pkg_id);
451 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned: " << perm_strerror(result));
455 TestLibPrivilegeControlDatabase db_test;
456 db_test.test_db_after__perm_app_uninstall(pkg_id);
459 RUNNER_TEST(privilege_control07_app_uninstall)
461 check_perm_app_uninstall(APP_ID);
465 * Check perm_app_install function
467 void check_perm_app_install(const char* pkg_id)
473 result = perm_app_install(pkg_id);
474 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result));
478 TestLibPrivilegeControlDatabase db_test;
479 db_test.test_db_after__perm_app_install(pkg_id);
482 RUNNER_TEST(privilege_control01_app_install)
484 check_perm_app_uninstall(APP_ID);
485 check_perm_app_install(APP_ID);
486 // try install second time app with the same ID - it should pass.
487 check_perm_app_install(APP_ID);
491 * Check perm_rollback function
493 RUNNER_TEST(privilege_control07_app_rollback)
495 check_perm_app_uninstall(APP_ID);
501 result = perm_app_install(APP_ID);
502 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result));
504 // transaction rollback
505 result = perm_rollback();
506 RUNNER_ASSERT_MSG_BT(result == 0, "perm_rollback returned: " << perm_strerror(result));
510 TestLibPrivilegeControlDatabase db_test;
511 db_test.test_db_after__perm_app_uninstall(APP_ID);
515 RUNNER_TEST(privilege_control07_app_rollback_2)
517 check_perm_app_uninstall(APP_ID);
523 result = perm_app_install(APP_ID);
524 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result));
526 // transaction rollback
527 result = perm_rollback();
528 RUNNER_ASSERT_MSG_BT(result == 0, "perm_rollback returned: " << perm_strerror(result));
530 // install once again after the rollback
531 result = perm_app_install(APP_ID);
532 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result));
536 TestLibPrivilegeControlDatabase db_test;
537 db_test.test_db_after__perm_app_install(APP_ID);
540 * Check app_register_av function
541 * Notice that this test case may have no sense if previous would fail (privilege_control06_app_install)
543 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
544 RUNNER_TEST_SMACK(privilege_control10_app_register_av)
546 RUNNER_IGNORED_MSG("app_register_av is deprecated");
550 smack_revoke_subject(APP_TEST_AV_1);
551 smack_revoke_subject(APP_TEST_AV_2);
555 // Adding two apps before antivir
556 result = perm_app_install(APP_TEST_APP_1);
557 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
559 result = perm_app_install(APP_TEST_APP_2);
560 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
563 result = app_register_av(APP_TEST_AV_1);
564 RUNNER_ASSERT_MSG_BT(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
568 // Checking added apps accesses
569 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
570 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
575 result = perm_app_install(APP_TEST_APP_3);
576 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
580 // Checking app accesses
581 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
582 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)");
583 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)");
585 // Adding second antivir
586 result = app_register_av(APP_TEST_AV_2);
587 RUNNER_ASSERT_MSG_BT(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
589 // Checking app accesses
590 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
591 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
592 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
593 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
594 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
595 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
598 smack_revoke_subject(APP_TEST_AV_1);
599 smack_revoke_subject(APP_TEST_AV_2);
601 #pragma GCC diagnostic warning "-Wdeprecated-declarations"
604 * Grant SMACK permissions based on permissions list.
606 RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
610 // Clean up after test:
613 result = perm_app_uninstall(WGT_APP_ID);
614 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
615 result = perm_app_install(WGT_APP_ID);
616 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
619 * Test - Enabling all permissions with persistant mode enabled
621 result = perm_app_revoke_permissions(WGT_APP_ID);
622 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
623 "Error revoking app permissions. Result: " << result);
625 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
626 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
627 " Error registering app permissions. Result: " << result);
631 // Check if the accesses are realy applied..
632 result = test_have_all_accesses(rules2);
633 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
638 result = perm_app_revoke_permissions(WGT_APP_ID);
639 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
640 "Error revoking app permissions. Result: " << result);
645 * Test - Enabling all permissions with persistant mode disabled
649 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
650 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
651 " Error registering app permissions. Result: " << result);
653 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0);
654 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
655 " Error enabling app permissions. Result: " << result);
659 // Check if the accesses are realy applied..
660 result = test_have_all_accesses(rules2);
661 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
666 result = perm_app_revoke_permissions(WGT_APP_ID);
667 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
668 "Error revoking app permissions. Result: " << result);
673 * Test - Registering new permissions in two complementary files
678 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, true);
679 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
680 " Error registering app permissions. Result: " << result);
684 // Check if the accesses are realy applied..
685 result = test_have_all_accesses(rules2_no_r);
686 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
691 result = perm_app_revoke_permissions(WGT_APP_ID);
692 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
693 "Error revoking app permissions. Result: " << result);
698 * Test - Enabling some permissions and then enabling complementary permissions
703 // Register permission for rules 2 no r
704 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true);
705 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
706 " Error registering app permissions without r. Result: " << result);
710 // Check if the accesses are realy applied..
711 result = test_have_all_accesses(rules2_no_r);
712 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions without r not added.");
716 // Register permission for rules 2
717 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
718 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
719 " Error registering app all permissions. Result: " << result);
723 // Check if the accesses are realy applied..
724 result = test_have_all_accesses(rules2);
725 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions all not added.");
730 result = perm_app_revoke_permissions(WGT_APP_ID);
731 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
732 "Error revoking app permissions. Result: " << result);
735 * Test - Enabling some permissions and then enabling all permissions
738 // Enable permission for rules 2 no r
739 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true);
740 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
741 " Error registering app permissions without r. Result: " << result);
745 // Check if the accesses are realy applied..
746 result = test_have_all_accesses(rules2_no_r);
747 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions without r not added.");
751 // Enable permission for rules 2
752 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
753 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
754 " Error registering app permissions with only r. Result: " << result);
758 // Check if the accesses are realy applied..
759 result = test_have_all_accesses(rules2_r);
760 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions with only r not added.");
765 result = perm_app_revoke_permissions(WGT_APP_ID);
766 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
767 "Error revoking app permissions. Result: " << result);
771 // Clean up after test:
772 result = perm_app_uninstall(WGT_APP_ID);
773 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
778 RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
780 test_app_enable_permissions_efl(true);
784 * Check perm_app_install function
786 RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
788 test_app_disable_permissions_efl(true);
793 * Remove previously granted SMACK permissions based on permissions list.
795 RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
797 test_app_disable_permissions(true);
801 * Reset SMACK permissions for an application by revoking all previously
802 * granted rules and enabling them again from a rules file from disk.
804 // TODO: This test is incomplete.
805 RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
810 * Test - doing reset and checking if rules exist again.
815 result = perm_app_install(WGT_APP_ID);
816 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
818 // Prepare permissions to reset
819 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
820 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
821 " Error registering app permissions. Result: " << result);
824 result = perm_app_reset_permissions(WGT_APP_ID);
825 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
826 "Error reseting app permissions. Result: " << result);
830 // Are all second permissions not disabled?
831 result = test_have_all_accesses(rules2);
832 RUNNER_ASSERT_MSG_BT(result == 1, "Not all permissions added.");
836 // Disable permissions
837 result = perm_app_revoke_permissions(WGT_APP_ID);
838 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
839 "Error disabling app permissions. Result: " << result);
841 result = perm_app_uninstall(WGT_APP_ID);
842 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
848 * Make two applications "friends", by giving them both full permissions on
851 RUNNER_TEST_SMACK(privilege_control14_app_add_friend)
853 RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
858 * Test - making friends with no permissions on each other
863 result = perm_app_revoke_permissions(APP_FRIEND_1);
864 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
865 "Error revoking app permissions. Result: " << result);
866 result = perm_app_revoke_permissions(APP_FRIEND_2);
867 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
868 "Error revoking app permissions. Result: " << result);
870 perm_app_uninstall(APP_FRIEND_1);
871 perm_app_uninstall(APP_FRIEND_2);
873 // Installing friends to be
874 result = perm_app_install(APP_FRIEND_1);
875 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
876 " Error installing first app. Result: " << result);
877 result = perm_app_install(APP_FRIEND_2);
878 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
879 " Error installing second app. Result: " << result);
882 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
883 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
884 " Error making friends. Errno: " << result);
888 // Checking if friends were made
889 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
890 RUNNER_ASSERT_MSG_BT(result == 1,
891 " Error first one sided friednship failed. Result: " << result);
892 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
893 RUNNER_ASSERT_MSG_BT(result == 1,
894 " Error second one sided friednship failed. Result: " << result);
899 result = perm_app_revoke_permissions(APP_FRIEND_1);
900 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
901 "Error revoking app permissions. Result: " << result);
902 result = perm_app_revoke_permissions(APP_FRIEND_2);
903 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
904 "Error revoking app permissions. Result: " << result);
906 perm_app_uninstall(APP_FRIEND_1);
907 perm_app_uninstall(APP_FRIEND_2);
912 * Test - making friends with nonexistent friend
917 // Installing one friend
918 result = perm_app_install(APP_FRIEND_1);
919 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
920 " Error installing first app. Errno: " << result);
922 // Adding imaginary friend as second
923 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
924 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
925 " Error making friends (first) with imaginairy friend failed. Result: "
927 // Adding imaginary friend as first
928 result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1);
929 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
930 " Error making friends (second) with imaginairy friend failed. Result: "
933 result = perm_app_revoke_permissions(APP_FRIEND_1);
934 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
935 "Error revoking app permissions. Result: " << result);
936 result = perm_app_revoke_permissions(APP_FRIEND_2);
937 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
938 "Error revoking app permissions. Result: " << result);
940 perm_app_uninstall(APP_FRIEND_1);
941 perm_app_uninstall(APP_FRIEND_2);
946 * Test - making friends with some permissions already added
951 struct smack_accesses *rulesFriend = NULL;
953 std::vector<std::string> accessesFriend =
954 { "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" };
958 // Installing friends to be
959 result = perm_app_install(APP_FRIEND_1);
960 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
961 " Error installing first app. Result: " << result);
962 result = perm_app_install(APP_FRIEND_2);
963 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
964 " Error installing second app. Result: " << result);
968 for (i = 0; i < accessesFriend.size(); ++i)
970 for (j = 0; j < accessesFriend.size(); ++j)
972 // Adding rules before making friends
973 result = smack_accesses_new(&rulesFriend);
974 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
975 "Error in smack_accesses_new. Result: " << result);
977 result = smack_accesses_add(rulesFriend,
978 APP_FRIEND_1, APP_FRIEND_2, accessesFriend[i].c_str());
979 RUNNER_ASSERT_MSG_BT(result == 0,
980 "Unable to add modify rulesFirend (first). Result: " << result);
981 result = smack_accesses_add(rulesFriend, APP_FRIEND_2,
982 APP_FRIEND_1, accessesFriend[j].c_str());
983 RUNNER_ASSERT_MSG_BT(result == 0,
984 "Unable to add modify rulesFirend (second). Result: " << result);
986 result = smack_accesses_apply(rulesFriend);
987 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
988 "Error in smack_accesses_apply. Result: " << result);
993 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
994 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
995 " Error making friends. Result: " << result);
999 // Checking if friends were made
1000 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1001 RUNNER_ASSERT_MSG_BT(result == 1,
1002 " Error first one sided friednship failed. Result: " << result);
1003 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1004 RUNNER_ASSERT_MSG_BT(result == 1,
1005 " Error second one sided friednship failed. Result: " << result);
1007 // Deleting all rules between friends
1008 smack_accesses_add_modify(rulesFriend,
1009 APP_FRIEND_1, APP_FRIEND_2,"","rwxat");
1010 smack_accesses_add_modify(rulesFriend,
1011 APP_FRIEND_2, APP_FRIEND_1,"","rwxat");
1013 result = smack_accesses_apply(rulesFriend);
1015 smack_accesses_free(rulesFriend);
1023 result = perm_app_revoke_permissions(APP_FRIEND_1);
1024 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1025 "Error revoking app permissions. Result: " << result);
1026 result = perm_app_revoke_permissions(APP_FRIEND_2);
1027 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1028 "Error revoking app permissions. Result: " << result);
1030 perm_app_uninstall(APP_FRIEND_1);
1031 perm_app_uninstall(APP_FRIEND_2);
1036 static void smack_set_random_label_based_on_pid_on_self(void)
1039 std::stringstream ss;
1041 ss << "s-" << getpid() << "-" << getppid();
1042 result = smack_set_label_for_self(ss.str().c_str());
1043 RUNNER_ASSERT_MSG_BT(result == 0, "smack_set_label_for_self("
1044 << ss.str().c_str() << ") failed");
1047 static void smack_unix_sock_server(int sock)
1053 fd = accept(sock, NULL, NULL);
1057 result = smack_new_label_from_self(&smack_label);
1062 RUNNER_ASSERT_MSG_BT(0, "smack_new_label_from_self() failed");
1064 result = write(fd, smack_label, strlen(smack_label));
1065 if (result != (int)strlen(smack_label)) {
1069 RUNNER_ASSERT_MSG_BT(0, "write() failed: " << strerror(errno));
1075 RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
1078 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
1082 RUNNER_ASSERT_MSG_BT(pid >= 0, "Fork failed");
1084 smack_set_random_label_based_on_pid_on_self();
1086 if (!pid) { /* child process, server */
1089 /* Set the process label before creating a socket */
1090 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1091 RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno));
1093 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1096 RUNNER_ASSERT_MSG_BT(0, "bind failed: " << strerror(errno));
1098 result = listen(sock, 1);
1101 RUNNER_ASSERT_MSG_BT(0, "listen failed: " << strerror(errno));
1103 smack_unix_sock_server(sock);
1105 /* Change the process label with listening socket */
1106 smack_unix_sock_server(sock);
1109 RUNNER_ASSERT_MSG_BT(pid >= 0, "Fork failed");
1110 /* Now running two concurrent servers.
1111 Test if socket label was unaffected by fork() */
1112 smack_unix_sock_server(sock);
1113 /* Let's give the two servers different labels */
1114 smack_unix_sock_server(sock);
1118 } else { /* parent process, client */
1119 sleep(1); /* Give server some time to setup listening socket */
1121 for (i = 0; i < 4; ++i) {
1124 char smack_label1[SMACK_LABEL_LEN + 1];
1127 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1128 RUNNER_ASSERT_MSG_BT(sock >= 0,
1129 "socket failed: " << strerror(errno));
1130 result = connect(sock,
1131 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1134 RUNNER_ASSERT_MSG_BT(0, "connect failed: " << strerror(errno));
1138 result = read(sock, smack_label1, SMACK_LABEL_LEN);
1142 RUNNER_ASSERT_MSG_BT(0, "read failed: " << strerror(errno));
1144 smack_label1[result] = '\0';
1145 smack_label2 = perm_app_id_from_socket(sock);
1146 if (smack_label2 == NULL) {
1148 RUNNER_ASSERT_MSG_BT(0, "perm_app_id_from_socket failed");
1150 result = strcmp(smack_label1, smack_label2);
1153 RUNNER_ASSERT_MSG_BT(0, "smack labels differ: '" << smack_label1
1154 << "' != '" << smack_label2 << "-" << random() << "'");
1161 RUNNER_TEST(privilege_control16_app_setup_path){
1162 const char *path1 = "/usr/share/privilege-control/app_setup_access_test";
1163 const char *path2 = "/usr/share/privilege-control/app_setup_access_test/directory";
1164 const char *path3 = "/usr/share/privilege-control/app_setup_access_test/one";
1165 const char *path4 = "/usr/share/privilege-control/app_setup_access_test/directory/two";
1166 const char *label1 = "qwert123456za";
1167 const char *label2 = "trewq654123az";
1169 CStringPtr labelPtr;
1174 int fd = creat(path3, S_IRWXU);
1177 fd = creat(path4, S_IRWXU);
1185 RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1));
1189 RUNNER_ASSERT_BT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS));
1190 labelPtr.reset(label);
1192 RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label1));
1196 RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2));
1200 RUNNER_ASSERT_BT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC));
1201 labelPtr.reset(label);
1203 RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label2));
1205 RUNNER_ASSERT_BT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC));
1206 labelPtr.reset(label);
1208 RUNNER_ASSERT_BT(labelPtr.get() == NULL);
1211 RUNNER_TEST_SMACK(privilege_control17_appsettings_privilege)
1213 test_appsettings_privilege(true);
1216 void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) {
1221 result = perm_app_uninstall(APP_ID);
1222 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1223 " Error in perm_app_uninstall." << result);
1225 result = perm_app_install(APP_ID);
1226 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1227 " Error in perm_app_install." << result);
1231 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
1232 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
1233 " Unable to clean up Smack labels in " << TEST_APP_DIR);
1235 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1236 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
1237 " Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
1241 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, PATH_TYPE);
1242 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
1243 " perm_app_setup_path() failed");
1247 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1248 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
1249 " Unable to check Smack labels for non-app dir");
1253 result = perm_app_uninstall(APP_ID);
1254 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1255 " Error in perm_app_uninstall." << result);
1260 RUNNER_TEST_SMACK(privilege_control18_app_setup_path_public)
1262 test_app_setup_path(__LINE__, APP_PATH_PUBLIC_RO);
1265 RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings)
1267 test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW);
1271 * AV Privilege test cases.
1273 * Each privilege_control24* test case tests antivirus privileges for each app_type_t, except for
1274 * deprecated APP_TYPE_OTHER type.
1277 int nftw_remove_dir(const char* filename, const struct stat* /*statptr*/, int /*fileflags*/,
1278 struct FTW* /*pfwt*/)
1282 struct stat filestat;
1284 result = stat(filename, &filestat);
1285 RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to get file statistics. Result: "
1286 << result << ", error: " << strerror(errno) << ", file: " << filename);
1288 if(S_ISREG(filestat.st_mode)) {
1289 result = unlink(filename);
1290 RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to unlink file. Result: "
1291 << result << ", error: " << strerror(errno) << ", file: " << filename);
1292 } else if(S_ISDIR(filestat.st_mode)) {
1293 result = rmdir(filename);
1294 RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to remove dir. Result: "
1295 << result << ", error: " << strerror(errno) << ", file: " << filename);
1301 void InstallApp(const char* pkg_id, const char* path, app_path_type_t app_path_type,
1302 const char* shared_label)
1306 result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP);
1307 RUNNER_ASSERT_MSG_BT(result == 0, "Can't create dir for tests. Result: " << result <<
1308 ", error: " << strerror(errno) << ", app_path_type: " << app_path_type);
1312 result = perm_app_revoke_permissions(pkg_id);
1313 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
1314 << result << ", app_path_type: " << app_path_type);
1315 result = perm_app_uninstall(pkg_id);
1316 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
1317 << result << ", app_path_type: " << app_path_type);
1319 result = perm_app_install(pkg_id);
1320 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
1321 << result << ", app_path_type: " << app_path_type);
1322 result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label);
1323 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
1324 << result << ", app_path_type: " << app_path_type);
1329 void InstallAV(const char* av_id, app_type_t av_type)
1335 result = perm_app_revoke_permissions(av_id);
1336 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
1337 << result << ", av_type: " << av_type);
1338 result = perm_app_uninstall(av_id);
1339 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
1340 << result << ", av_type: " << av_type);
1342 result = perm_app_install(av_id);
1343 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
1344 << result << ", av_type: " << av_type);
1345 result = perm_app_enable_permissions(av_id, av_type, PRIVS_AV, true);
1346 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "register_permissions failed. Result: "
1347 << result << ", av_type: " << av_type);
1352 void CheckAVPrivilege(app_type_t av_type, app_path_type_t app_path_type)
1357 result = nftw(APP_TEST_APP_1_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1358 RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1359 ", error " << strerror(errno));
1361 result = nftw(APP_TEST_APP_2_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1362 RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1363 ", error " << strerror(errno));
1365 result = nftw(APP_TEST_APP_3_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1366 RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1367 ", error " << strerror(errno));
1369 InstallApp(APP_TEST_APP_1, APP_TEST_APP_1_DIR, app_path_type, APP_TEST_APP_1_SHARED_LABEL);
1370 InstallAV(APP_TEST_AV_1, av_type);
1371 InstallApp(APP_TEST_APP_2, APP_TEST_APP_2_DIR, app_path_type, APP_TEST_APP_2_SHARED_LABEL);
1372 InstallAV(APP_TEST_AV_2, av_type);
1373 InstallApp(APP_TEST_APP_3, APP_TEST_APP_3_DIR, app_path_type, APP_TEST_APP_3_SHARED_LABEL);
1375 //test - get ACCESS label and check AV privilege
1380 result = smack_lgetlabel(APP_TEST_APP_1_DIR, &tmp, SMACK_LABEL_ACCESS);
1381 RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
1382 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1383 std::string label1(tmp);
1386 result = smack_lgetlabel(APP_TEST_APP_2_DIR, &tmp, SMACK_LABEL_ACCESS);
1387 RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
1388 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1389 std::string label2(tmp);
1392 result = smack_lgetlabel(APP_TEST_APP_3_DIR, &tmp, SMACK_LABEL_ACCESS);
1393 RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
1394 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1395 std::string label3(tmp);
1398 if(app_path_type == APP_PATH_GROUP_RW)
1400 result = label1.compare(APP_TEST_APP_1_SHARED_LABEL);
1401 RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
1402 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1403 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1405 result = label2.compare(APP_TEST_APP_2_SHARED_LABEL);
1406 RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
1407 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1408 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1410 result = label3.compare(APP_TEST_APP_3_SHARED_LABEL);
1411 RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
1412 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1413 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1416 std::stringstream ss;
1421 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1422 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1423 checkOnlyAvAccess(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
1424 ss.str(std::string());
1426 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1427 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1428 checkOnlyAvAccess(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
1429 ss.str(std::string());
1431 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1432 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1433 checkOnlyAvAccess(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
1435 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1436 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1437 checkOnlyAvAccess(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
1438 ss.str(std::string());
1440 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1441 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1442 checkOnlyAvAccess(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
1443 ss.str(std::string());
1445 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1446 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1447 checkOnlyAvAccess(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
1451 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1452 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1453 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
1455 ss.str(std::string());
1456 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1457 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1458 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
1460 ss.str(std::string());
1461 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1462 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1463 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
1465 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1466 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1467 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
1469 ss.str(std::string());
1470 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1471 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1472 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
1474 ss.str(std::string());
1475 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1476 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1477 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
1483 perm_app_revoke_permissions(APP_TEST_AV_1);
1484 perm_app_revoke_permissions(APP_TEST_AV_2);
1485 perm_app_uninstall(APP_TEST_AV_1);
1486 perm_app_uninstall(APP_TEST_AV_2);
1487 perm_app_uninstall(APP_TEST_APP_1);
1488 perm_app_uninstall(APP_TEST_APP_2);
1489 perm_app_uninstall(APP_TEST_APP_3);
1494 RUNNER_TEST(privilege_control24a_av_privilege_group_rw)
1496 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_GROUP_RW);
1497 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_GROUP_RW);
1498 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_GROUP_RW);
1501 RUNNER_TEST(privilege_control24b_av_privilege_settings_rw)
1503 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_SETTINGS_RW);
1504 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_SETTINGS_RW);
1505 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_SETTINGS_RW);
1508 RUNNER_TEST(privilege_control24c_av_privilege_public_ro)
1510 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_PUBLIC_RO);
1511 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_PUBLIC_RO);
1512 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_PUBLIC_RO);
1515 RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
1516 int POSITIVE_ERROR_CODE = 1;
1517 int NONEXISTING_ERROR_CODE = -239042;
1520 for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
1521 RUNNER_ASSERT_MSG_BT(strcmp(perm_strerror(*itr), "Unknown error") != 0,
1522 "Returned invalid error code description.");
1525 result = perm_strerror(POSITIVE_ERROR_CODE);
1526 RUNNER_ASSERT_MSG_BT(strcmp(result, "Unknown error") == 0,
1527 "Bad message returned for invalid error code: \"" << result << "\"");
1529 result = perm_strerror(NONEXISTING_ERROR_CODE);
1530 RUNNER_ASSERT_MSG_BT(strcmp(result, "Unknown error") == 0,
1531 "Bad message returned for invalid error code: \"" << result << "\"");