2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
21 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
23 * @brief libprivilege-control test runner
36 #include <sys/types.h>
39 #include <sys/socket.h>
41 #include <sys/smack.h>
43 #include <privilege-control.h>
44 #include <dpl/test/test_runner.h>
45 #include <dpl/test/test_runner_child.h>
46 #include <dpl/test/test_runner_multiprocess.h>
47 #include <dpl/log/log.h>
48 #include <tests_common.h>
49 #include <libprivilege-control_test_common.h>
51 #include "common/db.h"
55 #define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules"
57 #define EARLY_RULE_SUBJECT "livebox.web-provider"
58 #define EARLY_RULE_RIGHTS "rwx---"
60 #define SMACK_ACC_LEN 6
62 // Error codes for test_libprivilege_strerror
63 const std::vector<int> error_codes {
64 PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
65 PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
66 PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
67 PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
72 std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
74 std::vector<std::string> names;
75 for(size_t i = 0; i < size; ++i) {
76 names.push_back(prefix + "_" + std::to_string(i) + suffix);
81 const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
82 const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
83 const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
84 const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
85 const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
86 const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
87 const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
89 int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb,
90 int /*typeflag*/, struct FTW* /*ftwbuf*/)
96 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
97 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
98 RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
99 result = strcmp(APPID_SHARED_DIR, label);
100 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
102 result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
103 RUNNER_ASSERT_MSG(result == 1,
104 "Error rwxatl access was not given shared dir. Subject: " <<
105 APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
107 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
108 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
109 RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
112 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
113 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
114 if (S_ISDIR(sb->st_mode)) {
115 RUNNER_ASSERT_MSG(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
116 result = strcmp("TRUE", label);
117 RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
119 RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
124 int check_labels_dir(const char *fpath, const struct stat *sb,
125 const char *labels_db_path, const char *dir_db_path,
131 char *scanf_label_format;
132 char label_temp[SMACK_LABEL_LEN + 1];
136 result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
137 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
138 RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
141 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
144 RUNNER_ASSERT_MSG(false, "Could not get label for the path");
149 RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
153 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
157 RUNNER_ASSERT_MSG(false, "Could not get label for the path");
159 if (S_ISDIR(sb->st_mode)) {
163 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
165 result = strcmp("TRUE", label);
169 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
171 } else if (label != NULL) {
174 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
179 if (0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)) {
181 RUNNER_ASSERT_MSG(false, "asprintf failed");
184 file_db = fopen(labels_db_path, "r");
185 if (file_db == NULL) {
187 free(scanf_label_format);
188 RUNNER_ASSERT_MSG(false, "Can not open database for apps");
190 while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
191 result = smack_have_access(label_temp, label_gen, access);
195 free(scanf_label_format);
196 RUNNER_ASSERT_MSG(false,
197 "Error " << access << " access was not given for subject: "
198 << label_temp << ". Result: " << result);
203 file_db = fopen(dir_db_path, "r");
204 if (file_db == NULL) {
206 free(scanf_label_format);
207 RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
210 free(scanf_label_format);
217 void osp_blahblah_check(int line_no, const std::vector<std::string> &rules)
219 std::ifstream smack_file(OSP_BLAHBLAH);
220 RUNNER_ASSERT_MSG(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
222 auto it = rules.begin();
224 while (std::getline(smack_file,line)) {
225 RUNNER_ASSERT_MSG(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
226 RUNNER_ASSERT_MSG(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
230 RUNNER_ASSERT_MSG(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it);
235 void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
237 std::ifstream dac_file(dac_file_path);
238 RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
240 auto it = gids.begin();
242 while (std::getline(dac_file,line)) {
243 std::istringstream is(line);
246 RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
247 RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
251 RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
256 void remove_smack_files()
259 unlink(OSP_BLAHBLAH);
260 unlink(WRT_BLAHBLAH);
261 unlink(OTHER_BLAHBLAH);
262 unlink(WRT_BLAHBLAH_DAC);
263 unlink(OTHER_BLAHBLAH_DAC);
265 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
266 unlink(OSP_BLAHBLAH_DAC[i].c_str());
268 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
269 unlink(OSP_BLAHBLAH_DAC[i].c_str());
274 RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
277 * Test setting labels for all files and folders in given path.
279 RUNNER_TEST(privilege_control02_app_label_dir)
283 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
284 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
286 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
287 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
291 result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
292 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
296 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS);
297 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
299 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
300 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
303 RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir)
309 result = perm_app_install(APP_ID);
310 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
312 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
313 RUNNER_ASSERT_MSG(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
317 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
318 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
320 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
321 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
325 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
326 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
330 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS);
331 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
333 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
334 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
338 result = perm_app_uninstall(APP_ID);
339 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
345 * Simple enabling EFL permissions;.
347 RUNNER_TEST_SMACK(privilege_control04_add_permissions)
352 result = perm_app_uninstall(APP_ID);
353 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
355 result = perm_app_install(APP_ID);
356 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
359 result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, TRUE);
360 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
361 " perm_app_enable_permissions failed with result: " << result);
365 // Check if permission is assigned to app in db
366 check_app_has_permission(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
368 // Check if the accesses are realy applied..
369 result = test_have_all_accesses(rules_efl);
370 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
374 result = perm_app_uninstall(APP_ID);
375 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
381 * Revoke permissions from the list. Should be executed as privileged user.
383 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
385 test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, true);
389 * Revoke permissions from the list. Should be executed as privileged user.
391 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt_partner)
393 test_revoke_permissions(__LINE__, WGT_PARTNER_APP_ID, rules_wgt_partner, true);
397 * Revoke permissions from the list. Should be executed as privileged user.
399 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt_platform)
401 test_revoke_permissions(__LINE__, WGT_PLATFORM_APP_ID, rules_wgt_platform, true);
405 * Revoke permissions from the list. Should be executed as privileged user.
407 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
409 test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, true);
413 * Revoke permissions from the list. Should be executed as privileged user.
415 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp_partner)
417 test_revoke_permissions(__LINE__, OSP_PARTNER_APP_ID, rules_osp_partner, true);
421 * Revoke permissions from the list. Should be executed as privileged user.
423 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp_platform)
425 test_revoke_permissions(__LINE__, OSP_PLATFORM_APP_ID, rules_osp_platform, true);
429 void set_app_privilege(int line_no,
430 const char* app_id, app_type_t APP_TYPE,
431 const char** privileges, const char* type,
432 const char* app_path, const char* dac_file,
433 const rules_t &rules) {
434 check_app_installed(line_no, app_path);
440 result = perm_app_uninstall(app_id);
441 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
442 " perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
444 result = perm_app_install(app_id);
445 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
446 " perm_app_install returned " << result << ". Errno: " << strerror(errno));
449 result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, 1);
450 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
451 " Error enabling app permissions. Result: " << result);
455 result = test_have_all_accesses(rules);
456 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
458 result = perm_app_set_privilege(app_id, type, app_path);
459 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
460 " Error in perm_app_set_privilege. Error: " << result);
462 // Check if SMACK label really set
464 result = smack_new_label_from_self(&label);
465 RUNNER_ASSERT_MSG(result >= 0, "Line: " << line_no <<
466 " Error getting current process label");
467 RUNNER_ASSERT_MSG(label != NULL, "Line: " << line_no <<
468 " Process label is not set");
469 result = strcmp(app_id, label);
470 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
471 " Process label " << label << " is incorrect");
473 check_groups(dac_file);
477 * Set APP privileges. wgt.
479 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
481 set_app_privilege(__LINE__,WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
482 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
486 * Set APP privileges. wgt_partner.
488 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_partner)
490 set_app_privilege(__LINE__, WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT,
491 "wgt_partner", WGT_PARTNER_APP_PATH,
492 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_partner);
496 * Set APP privileges. wgt_platform.
498 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_platform)
500 set_app_privilege(__LINE__, WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT,
501 "wgt_platform", WGT_PLATFORM_APP_PATH,
502 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_platform);
506 * Set APP privileges. osp app.
508 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
510 set_app_privilege(__LINE__, OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, NULL, OSP_APP_PATH,
511 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
515 * Set APP privileges. partner osp app.
517 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_partner)
519 set_app_privilege(__LINE__, OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP,
520 NULL, OSP_PARTNER_APP_PATH, LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_partner);
524 * Set APP privileges. platform osp app.
526 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_platform)
528 set_app_privilege(__LINE__, OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP,
529 NULL, OSP_PLATFORM_APP_PATH,
530 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_platform);
534 * Add new API feature
536 RUNNER_TEST(privilege_control11_add_api_feature)
540 remove_smack_files();
544 // argument validation
545 result = perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0);
546 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
548 result = perm_add_api_feature(APP_TYPE_OSP,"", NULL, NULL, 0);
549 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
552 // Already existing feature:
553 // TODO: Database will be malformed. (Rules for these features will be removed.)
554 result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0);
555 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
557 result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0);
558 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
561 result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0);
562 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
564 result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0);
565 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
569 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), { NULL }, NULL, 0);
570 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
572 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), (const char*[]) { "", NULL }, NULL, 0);
573 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
575 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), (const char*[]) { " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0);
576 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
579 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), (const char*[]) { "malformed", NULL }, NULL, 0);
580 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
582 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), (const char*[]) { "malformed malformed", NULL }, NULL, 0);
583 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
585 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), (const char*[]) { "-malformed malformed rwxat", NULL }, NULL, 0);
586 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
588 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), (const char*[]) { "~/\"\\ malformed rwxat", NULL }, NULL, 0);
589 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
591 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), (const char*[]) { "subject object rwxat something else", NULL }, NULL, 0);
592 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
596 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), (const char*[]) {
597 "~APP~ object\t rwxatl",
599 "subject2\t~APP~ ltxarw",
603 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
605 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), (const char*[]) {
606 "Sub::jE,ct ~APP~ a-rwxl",
609 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
611 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), (const char*[]) {
612 "Sub::sjE,ct ~APP~ a-RwXL", // TODO This fails.
615 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
618 // TODO For now identical/complementary rules are not merged.
619 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), (const char*[]) {
620 "subject1 ~APP~ rwxatl",
622 "subject2 ~APP~ ltxarw",
626 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
629 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},0);
630 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
631 result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
632 RUNNER_ASSERT(result == -1);
633 remove_smack_files();
637 result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},3);
638 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
639 osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
640 remove_smack_files();
642 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},1);
643 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
644 osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
645 remove_smack_files();
647 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {1,1,1},3);
648 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
649 osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
650 remove_smack_files();
656 * Check perm_app_install function
658 RUNNER_TEST(privilege_control01_app_install)
664 perm_app_uninstall(APP_ID);
666 result = perm_app_install(APP_ID);
667 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
669 // try install second time app with the same ID - it should pass.
670 result = perm_app_install(APP_ID);
671 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
677 * Check perm_app_uninstall function
679 RUNNER_TEST(privilege_control07_app_uninstall)
685 result = perm_app_uninstall(APP_ID);
686 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
690 TestLibPrivilegeControlDatabase db_test;
691 db_test.test_db_after__perm_app_uninstall(TRACE_FROM_HERE, APP_ID);
695 * Check app_register_av function
696 * Notice that this test case may have no sense if previous would fail (privilege_control06_app_install)
698 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
699 RUNNER_TEST_SMACK(privilege_control10_app_register_av)
701 RUNNER_IGNORED_MSG("app_register_av is not implemented");
705 smack_revoke_subject(APP_TEST_AV_1);
706 smack_revoke_subject(APP_TEST_AV_2);
710 // Adding two apps before antivir
711 result = perm_app_install(APP_TEST_APP_1);
712 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
714 result = perm_app_install(APP_TEST_APP_2);
715 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
718 result = app_register_av(APP_TEST_AV_1);
719 RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
723 // Checking added apps accesses
724 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
725 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
730 result = perm_app_install(APP_TEST_APP_3);
731 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
735 // Checking app accesses
736 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
737 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)");
738 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)");
740 // Adding second antivir
741 result = app_register_av(APP_TEST_AV_2);
742 RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
744 // Checking app accesses
745 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
746 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
747 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
748 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
749 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
750 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
753 smack_revoke_subject(APP_TEST_AV_1);
754 smack_revoke_subject(APP_TEST_AV_2);
756 #pragma GCC diagnostic warning "-Wdeprecated-declarations"
759 * Grant SMACK permissions based on permissions list.
761 RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
765 // Clean up after test:
768 result = perm_app_uninstall(WGT_APP_ID);
769 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
770 result = perm_app_install(WGT_APP_ID);
771 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
774 * Test - Enabling all permissions with persistant mode enabled
776 result = perm_app_revoke_permissions(WGT_APP_ID);
777 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
778 "Error revoking app permissions. Result: " << result);
780 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
781 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
782 " Error enabling app permissions. Result: " << result);
786 // Check if the accesses are realy applied..
787 result = test_have_all_accesses(rules2);
788 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
790 // Check if permission is assigned to app in db
791 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
796 result = perm_app_revoke_permissions(WGT_APP_ID);
797 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
798 "Error revoking app permissions. Result: " << result);
802 // Check if permission is disabled in db
803 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
806 * Test - Enabling all permissions with persistant mode disabled
811 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0);
812 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
813 " Error enabling app permissions. Result: " << result);
817 // Check if the accesses are realy applied..
818 result = test_have_all_accesses(rules2);
819 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
821 // Check if permission is assigned to app in db
822 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
827 result = perm_app_revoke_permissions(WGT_APP_ID);
828 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
829 "Error revoking app permissions. Result: " << result);
833 // Check if permission is disabled in db
834 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
837 * Test - Enabling all permissions in two complementary files
842 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, 1);
843 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
844 " Error enabling app permissions. Result: " << result);
848 // Check if the accesses are realy applied..
849 result = test_have_all_accesses(rules2_no_r);
850 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
852 // Check if permissions are assigned to app in db
853 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, true);
858 result = perm_app_revoke_permissions(WGT_APP_ID);
859 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
860 "Error revoking app permissions. Result: " << result);
864 // Check if permissions are disabled in db
865 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
868 * Test - Enabling some permissions and then enabling complementary permissions
873 // Enable permission for rules 2 no r
874 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
875 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
876 " Error enabling app permissions without r. Result: " << result);
880 // Check if the accesses are realy applied..
881 result = test_have_all_accesses(rules2_no_r);
882 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
886 // Enable permission for rules 2
887 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
888 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
889 " Error enabling app all permissions. Result: " << result);
893 // Check if the accesses are realy applied..
894 result = test_have_all_accesses(rules2);
895 RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
900 result = perm_app_revoke_permissions(WGT_APP_ID);
901 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
902 "Error revoking app permissions. Result: " << result);
905 * Test - Enabling some permissions and then enabling all permissions
908 // Enable permission for rules 2 no r
909 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
910 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
911 " Error enabling app permissions without r. Result: " << result);
915 // Check if the accesses are realy applied..
916 result = test_have_all_accesses(rules2_no_r);
917 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
921 // Enable permission for rules 2
922 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
923 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
924 " Error enabling app permissions with only r. Result: " << result);
928 // Check if the accesses are realy applied..
929 result = test_have_all_accesses(rules2_r);
930 RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
935 result = perm_app_revoke_permissions(WGT_APP_ID);
936 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
937 "Error revoking app permissions. Result: " << result);
941 // Clean up after test:
942 result = perm_app_uninstall(WGT_APP_ID);
943 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
948 RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
950 test_app_enable_permissions_efl(true);
954 * Check perm_app_install function
956 RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
958 test_app_disable_permissions_efl(true);
963 * Remove previously granted SMACK permissions based on permissions list.
965 RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
967 test_app_disable_permissions(true);
971 * Reset SMACK permissions for an application by revoking all previously
972 * granted rules and enabling them again from a rules file from disk.
974 // TODO: This test is incomplete.
975 RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
980 * Test - doing reset and checking if rules exist again.
985 result = perm_app_install(WGT_APP_ID);
986 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
988 // Prepare permissions to reset
989 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
990 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
991 " Error adding app permissions. Result: " << result);
994 result = perm_app_reset_permissions(WGT_APP_ID);
995 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
996 "Error reseting app permissions. Result: " << result);
1000 // Are all second permissions not disabled?
1001 result = test_have_all_accesses(rules2);
1002 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
1006 // Disable permissions
1007 result = perm_app_revoke_permissions(WGT_APP_ID);
1008 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1009 "Error disabling app permissions. Result: " << result);
1011 result = perm_app_uninstall(WGT_APP_ID);
1012 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1018 * Make two applications "friends", by giving them both full permissions on
1021 RUNNER_TEST_SMACK(privilege_control14_app_add_friend)
1023 RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
1028 * Test - making friends with no permissions on each other
1033 result = perm_app_revoke_permissions(APP_FRIEND_1);
1034 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1035 "Error revoking app permissions. Result: " << result);
1036 result = perm_app_revoke_permissions(APP_FRIEND_2);
1037 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1038 "Error revoking app permissions. Result: " << result);
1040 perm_app_uninstall(APP_FRIEND_1);
1041 perm_app_uninstall(APP_FRIEND_2);
1043 // Installing friends to be
1044 result = perm_app_install(APP_FRIEND_1);
1045 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1046 " Error installing first app. Result: " << result);
1047 result = perm_app_install(APP_FRIEND_2);
1048 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1049 " Error installing second app. Result: " << result);
1052 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1053 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1054 " Error making friends. Errno: " << result);
1058 // Checking if friends were made
1059 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1060 RUNNER_ASSERT_MSG(result == 1,
1061 " Error first one sided friednship failed. Result: " << result);
1062 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1063 RUNNER_ASSERT_MSG(result == 1,
1064 " Error second one sided friednship failed. Result: " << result);
1069 result = perm_app_revoke_permissions(APP_FRIEND_1);
1070 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1071 "Error revoking app permissions. Result: " << result);
1072 result = perm_app_revoke_permissions(APP_FRIEND_2);
1073 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1074 "Error revoking app permissions. Result: " << result);
1076 perm_app_uninstall(APP_FRIEND_1);
1077 perm_app_uninstall(APP_FRIEND_2);
1082 * Test - making friends with nonexistent friend
1087 // Installing one friend
1088 result = perm_app_install(APP_FRIEND_1);
1089 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1090 " Error installing first app. Errno: " << result);
1092 // Adding imaginary friend as second
1093 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1094 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1095 " Error making friends (first) with imaginairy friend failed. Result: "
1097 // Adding imaginary friend as first
1098 result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1);
1099 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1100 " Error making friends (second) with imaginairy friend failed. Result: "
1103 result = perm_app_revoke_permissions(APP_FRIEND_1);
1104 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1105 "Error revoking app permissions. Result: " << result);
1106 result = perm_app_revoke_permissions(APP_FRIEND_2);
1107 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1108 "Error revoking app permissions. Result: " << result);
1110 perm_app_uninstall(APP_FRIEND_1);
1111 perm_app_uninstall(APP_FRIEND_2);
1116 * Test - making friends with some permissions already added
1121 struct smack_accesses *rulesFriend = NULL;
1123 std::vector<std::string> accessesFriend =
1124 { "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" };
1128 // Installing friends to be
1129 result = perm_app_install(APP_FRIEND_1);
1130 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1131 " Error installing first app. Result: " << result);
1132 result = perm_app_install(APP_FRIEND_2);
1133 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1134 " Error installing second app. Result: " << result);
1138 for (i = 0; i < accessesFriend.size(); ++i)
1140 for (j = 0; j < accessesFriend.size(); ++j)
1142 // Adding rules before making friends
1143 result = smack_accesses_new(&rulesFriend);
1144 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1145 "Error in smack_accesses_new. Result: " << result);
1147 result = smack_accesses_add(rulesFriend,
1148 APP_FRIEND_1, APP_FRIEND_2, accessesFriend[i].c_str());
1149 RUNNER_ASSERT_MSG(result == 0,
1150 "Unable to add modify rulesFirend (first). Result: " << result);
1151 result = smack_accesses_add(rulesFriend, APP_FRIEND_2,
1152 APP_FRIEND_1, accessesFriend[j].c_str());
1153 RUNNER_ASSERT_MSG(result == 0,
1154 "Unable to add modify rulesFirend (second). Result: " << result);
1156 result = smack_accesses_apply(rulesFriend);
1157 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1158 "Error in smack_accesses_apply. Result: " << result);
1163 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1164 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1165 " Error making friends. Result: " << result);
1169 // Checking if friends were made
1170 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1171 RUNNER_ASSERT_MSG(result == 1,
1172 " Error first one sided friednship failed. Result: " << result);
1173 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1174 RUNNER_ASSERT_MSG(result == 1,
1175 " Error second one sided friednship failed. Result: " << result);
1177 // Deleting all rules between friends
1178 smack_accesses_add_modify(rulesFriend,
1179 APP_FRIEND_1, APP_FRIEND_2,"","rwxat");
1180 smack_accesses_add_modify(rulesFriend,
1181 APP_FRIEND_2, APP_FRIEND_1,"","rwxat");
1183 result = smack_accesses_apply(rulesFriend);
1185 smack_accesses_free(rulesFriend);
1193 result = perm_app_revoke_permissions(APP_FRIEND_1);
1194 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1195 "Error revoking app permissions. Result: " << result);
1196 result = perm_app_revoke_permissions(APP_FRIEND_2);
1197 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1198 "Error revoking app permissions. Result: " << result);
1200 perm_app_uninstall(APP_FRIEND_1);
1201 perm_app_uninstall(APP_FRIEND_2);
1206 static void smack_set_random_label_based_on_pid_on_self(void)
1209 std::stringstream ss;
1211 ss << "s-" << getpid() << "-" << getppid();
1212 result = smack_set_label_for_self(ss.str().c_str());
1213 RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
1214 << ss.str().c_str() << ") failed");
1217 static void smack_unix_sock_server(int sock)
1223 fd = accept(sock, NULL, NULL);
1227 result = smack_new_label_from_self(&smack_label);
1232 RUNNER_ASSERT_MSG(0, "smack_new_label_from_self() failed");
1234 result = write(fd, smack_label, strlen(smack_label));
1235 if (result != (int)strlen(smack_label)) {
1239 RUNNER_ASSERT_MSG(0, "write() failed: " << strerror(errno));
1245 RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
1248 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
1252 RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
1254 smack_set_random_label_based_on_pid_on_self();
1256 if (!pid) { /* child process, server */
1259 /* Set the process label before creating a socket */
1260 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1261 RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
1263 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1266 RUNNER_ASSERT_MSG(0, "bind failed: " << strerror(errno));
1268 result = listen(sock, 1);
1271 RUNNER_ASSERT_MSG(0, "listen failed: " << strerror(errno));
1273 smack_unix_sock_server(sock);
1275 /* Change the process label with listening socket */
1276 smack_unix_sock_server(sock);
1279 RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
1280 /* Now running two concurrent servers.
1281 Test if socket label was unaffected by fork() */
1282 smack_unix_sock_server(sock);
1283 /* Let's give the two servers different labels */
1284 smack_unix_sock_server(sock);
1288 } else { /* parent process, client */
1289 sleep(1); /* Give server some time to setup listening socket */
1291 for (i = 0; i < 4; ++i) {
1294 char smack_label1[SMACK_LABEL_LEN + 1];
1297 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1298 RUNNER_ASSERT_MSG(sock >= 0,
1299 "socket failed: " << strerror(errno));
1300 result = connect(sock,
1301 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1304 RUNNER_ASSERT_MSG(0, "connect failed: " << strerror(errno));
1308 result = read(sock, smack_label1, SMACK_LABEL_LEN);
1312 RUNNER_ASSERT_MSG(0, "read failed: " << strerror(errno));
1314 smack_label1[result] = '\0';
1315 smack_label2 = perm_app_id_from_socket(sock);
1316 if (smack_label2 == NULL) {
1318 RUNNER_ASSERT_MSG(0, "perm_app_id_from_socket failed");
1320 result = strcmp(smack_label1, smack_label2);
1323 RUNNER_ASSERT_MSG(0, "smack labels differ: '" << smack_label1
1324 << "' != '" << smack_label2 << "-" << random() << "'");
1331 RUNNER_TEST(privilege_control16_app_setup_path){
1332 const char *path1 = "/usr/share/privilege-control/app_setup_access_test";
1333 const char *path2 = "/usr/share/privilege-control/app_setup_access_test/directory";
1334 const char *path3 = "/usr/share/privilege-control/app_setup_access_test/one";
1335 const char *path4 = "/usr/share/privilege-control/app_setup_access_test/directory/two";
1336 const char *label1 = "qwert123456za";
1337 const char *label2 = "trewq654123az";
1339 CStringPtr labelPtr;
1344 int fd = creat(path3, S_IRWXU);
1347 fd = creat(path4, S_IRWXU);
1355 RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1));
1359 RUNNER_ASSERT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS));
1360 labelPtr.reset(label);
1362 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label1));
1366 RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2));
1370 RUNNER_ASSERT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC));
1371 labelPtr.reset(label);
1373 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label2));
1375 RUNNER_ASSERT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC));
1376 labelPtr.reset(label);
1378 RUNNER_ASSERT(labelPtr.get() == NULL);
1381 RUNNER_TEST_SMACK(privilege_control17_appsettings_privilege)
1383 test_appsettings_privilege(true);
1386 void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) {
1391 result = perm_app_uninstall(APP_ID);
1392 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1393 " Error in perm_app_uninstall." << result);
1395 result = perm_app_install(APP_ID);
1396 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1397 " Error in perm_app_install." << result);
1401 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
1402 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1403 " Unable to clean up Smack labels in " << TEST_APP_DIR);
1405 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1406 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1407 " Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
1411 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, PATH_TYPE);
1412 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1413 " perm_app_setup_path() failed");
1417 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1418 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1419 " Unable to check Smack labels for non-app dir");
1423 result = perm_app_uninstall(APP_ID);
1424 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1425 " Error in perm_app_uninstall." << result);
1430 RUNNER_TEST_SMACK(privilege_control18_app_setup_path_public)
1432 test_app_setup_path(__LINE__, APP_PATH_PUBLIC_RO);
1435 RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings)
1437 test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW);
1440 RUNNER_TEST_SMACK(privilege_control20_app_setup_path_npruntime)
1443 CStringPtr labelPtr;
1444 std::string nptargetlabel = std::string(APP_NPRUNTIME) + ".npruntime";
1449 result = perm_app_uninstall(APP_NPRUNTIME);
1450 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
1452 result = perm_app_install(APP_NPRUNTIME);
1453 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install. " << result);
1455 result = perm_app_setup_path(APP_NPRUNTIME, APP_NPRUNTIME_FILE, PERM_APP_PATH_NPRUNTIME);
1456 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. " << result);
1460 RUNNER_ASSERT(0 == smack_lgetlabel(APP_NPRUNTIME_FILE, &label, SMACK_LABEL_EXEC));
1461 labelPtr.reset(label);
1463 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), nptargetlabel.c_str()));
1466 const std::vector< std::vector<std::string> > np_rules = {
1467 { APP_NPRUNTIME, nptargetlabel, "rw" },
1468 { nptargetlabel, APP_NPRUNTIME, "rxat" },
1469 { nptargetlabel, "system::homedir", "rxat" },
1470 { nptargetlabel, "xorg", "rw" },
1471 { nptargetlabel, "crash-worker", "rwxa" },
1472 { nptargetlabel, "sys-assert::core", "rwxat" },
1473 { nptargetlabel, "syslogd", "rw" },
1476 // Test smack accesses
1477 result = test_have_all_accesses(np_rules);
1478 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
1482 result = perm_app_uninstall(APP_NPRUNTIME);
1483 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
1488 RUNNER_TEST(privilege_control21_early_rules)
1490 RUNNER_IGNORED_MSG("early rules are not implemented");
1495 char *single_line_format = NULL;
1499 char subject[SMACK_LABEL_LEN + 1] = {0};
1500 char object[SMACK_LABEL_LEN + 1] = {0};
1501 char rule_add[SMACK_ACC_LEN + 1] = {0};
1502 char rule_remove[SMACK_ACC_LEN + 1] = {0};
1506 perm_app_uninstall(APP_ID);
1508 result = perm_app_install(APP_ID);
1509 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1510 result = perm_app_install(APP_TEST_APP_1);
1511 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1515 TestLibPrivilegeControlDatabase db_test;
1516 db_test.test_db_after__perm_app_install(TRACE_FROM_HERE, APP_ID);
1517 db_test.test_db_after__perm_app_install(TRACE_FROM_HERE, APP_TEST_APP_1);
1521 result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm, 1);
1522 RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
1523 result = perm_app_enable_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm, 1);
1524 RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
1528 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1529 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1531 result = asprintf(&single_line_format, "%%%ds %%%ds %%%ds %%%ds\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN, SMACK_ACC_LEN, SMACK_ACC_LEN);
1533 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1534 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1535 pass_1 = 1; // Found rule for APP_ID
1538 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1539 pass_2 = 1; // Found rule for APP_TEST_APP_1
1546 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
1547 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
1549 // Checking if "early rule" for APP_ID was really removed
1550 // We also should make sure that "early rules" for other apps wasn't removed
1552 result = perm_app_uninstall(APP_ID);
1553 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1558 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1559 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1561 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1562 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1563 pass_1 = 0; // Found rule for APP_ID - it should NOT be here
1566 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1567 pass_2 = 1; // Found rule for APP_TEST_APP_1
1574 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
1575 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
1577 // Removing and checking "early rule" for APP_TEST_APP_1
1579 result = perm_app_uninstall(APP_TEST_APP_1);
1580 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1585 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1586 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1588 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1589 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1590 pass_1 = 0; // Found rule for APP_ID - it should NOT be here
1593 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1594 pass_2 = 0; // Found rule for APP_TEST_APP_1 - it should NOT be here
1598 free(single_line_format);
1601 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
1602 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");
1606 * AV Privilege test cases.
1608 * Each privilege_control24* test case tests antivirus privileges for each app_type_t, except for
1609 * deprecated APP_TYPE_OTHER type.
1612 int nftw_remove_dir(const char* filename, const struct stat* /*statptr*/, int /*fileflags*/,
1613 struct FTW* /*pfwt*/)
1617 struct stat filestat;
1619 result = stat(filename, &filestat);
1620 RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to get file statistics. Result: "
1621 << result << ", error: " << strerror(errno) << ", file: " << filename);
1623 if(S_ISREG(filestat.st_mode)) {
1624 result = unlink(filename);
1625 RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to unlink file. Result: "
1626 << result << ", error: " << strerror(errno) << ", file: " << filename);
1627 } else if(S_ISDIR(filestat.st_mode)) {
1628 result = rmdir(filename);
1629 RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to remove dir. Result: "
1630 << result << ", error: " << strerror(errno) << ", file: " << filename);
1636 void InstallApp(const char* pkg_id, const char* path, app_path_type_t app_path_type,
1637 const char* shared_label)
1641 result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP);
1642 RUNNER_ASSERT_MSG(result == 0, "Can't create dir for tests. Result: " << result <<
1643 ", error: " << strerror(errno) << ", app_path_type: " << app_path_type);
1647 result = perm_app_revoke_permissions(pkg_id);
1648 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
1649 << result << ", app_path_type: " << app_path_type);
1650 result = perm_app_uninstall(pkg_id);
1651 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
1652 << result << ", app_path_type: " << app_path_type);
1654 result = perm_app_install(pkg_id);
1655 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
1656 << result << ", app_path_type: " << app_path_type);
1657 result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label);
1658 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
1659 << result << ", app_path_type: " << app_path_type);
1664 void InstallAV(const char* av_id, app_type_t av_type)
1670 result = perm_app_revoke_permissions(av_id);
1671 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
1672 << result << ", av_type: " << av_type);
1673 result = perm_app_uninstall(av_id);
1674 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
1675 << result << ", av_type: " << av_type);
1677 result = perm_app_install(av_id);
1678 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
1679 << result << ", av_type: " << av_type);
1680 result = perm_app_enable_permissions(av_id, av_type, PRIVS_AV, 1);
1681 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "enable_permissions failed. Result: "
1682 << result << ", av_type: " << av_type);
1687 void CheckAVPrivilege(app_type_t av_type, app_path_type_t app_path_type)
1692 result = nftw(APP_TEST_APP_1_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1693 RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1694 ", error " << strerror(errno));
1696 result = nftw(APP_TEST_APP_2_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1697 RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1698 ", error " << strerror(errno));
1700 result = nftw(APP_TEST_APP_3_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1701 RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1702 ", error " << strerror(errno));
1704 InstallApp(APP_TEST_APP_1, APP_TEST_APP_1_DIR, app_path_type, APP_TEST_APP_1_SHARED_LABEL);
1705 InstallAV(APP_TEST_AV_1, av_type);
1706 InstallApp(APP_TEST_APP_2, APP_TEST_APP_2_DIR, app_path_type, APP_TEST_APP_2_SHARED_LABEL);
1707 InstallAV(APP_TEST_AV_2, av_type);
1708 InstallApp(APP_TEST_APP_3, APP_TEST_APP_3_DIR, app_path_type, APP_TEST_APP_3_SHARED_LABEL);
1710 //test - get ACCESS label and check AV privilege
1715 result = smack_lgetlabel(APP_TEST_APP_1_DIR, &tmp, SMACK_LABEL_ACCESS);
1716 RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
1717 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1718 std::string label1(tmp);
1721 result = smack_lgetlabel(APP_TEST_APP_2_DIR, &tmp, SMACK_LABEL_ACCESS);
1722 RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
1723 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1724 std::string label2(tmp);
1727 result = smack_lgetlabel(APP_TEST_APP_3_DIR, &tmp, SMACK_LABEL_ACCESS);
1728 RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
1729 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1730 std::string label3(tmp);
1733 if(app_path_type == APP_PATH_GROUP_RW)
1735 result = label1.compare(APP_TEST_APP_1_SHARED_LABEL);
1736 RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
1737 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1738 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1740 result = label2.compare(APP_TEST_APP_2_SHARED_LABEL);
1741 RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
1742 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1743 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1745 result = label3.compare(APP_TEST_APP_3_SHARED_LABEL);
1746 RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
1747 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1748 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1751 std::stringstream ss;
1756 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1757 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1758 checkOnlyAvAccess(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
1759 ss.str(std::string());
1761 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1762 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1763 checkOnlyAvAccess(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
1764 ss.str(std::string());
1766 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1767 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1768 checkOnlyAvAccess(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
1770 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1771 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1772 checkOnlyAvAccess(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
1773 ss.str(std::string());
1775 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1776 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1777 checkOnlyAvAccess(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
1778 ss.str(std::string());
1780 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1781 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1782 checkOnlyAvAccess(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
1786 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1787 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1788 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
1790 ss.str(std::string());
1791 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1792 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1793 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
1795 ss.str(std::string());
1796 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1797 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1798 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
1800 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1801 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1802 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
1804 ss.str(std::string());
1805 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1806 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1807 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
1809 ss.str(std::string());
1810 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1811 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1812 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
1818 perm_app_revoke_permissions(APP_TEST_AV_1);
1819 perm_app_revoke_permissions(APP_TEST_AV_2);
1820 perm_app_uninstall(APP_TEST_AV_1);
1821 perm_app_uninstall(APP_TEST_AV_2);
1822 perm_app_uninstall(APP_TEST_APP_1);
1823 perm_app_uninstall(APP_TEST_APP_2);
1824 perm_app_uninstall(APP_TEST_APP_3);
1829 RUNNER_TEST(privilege_control24a_av_privilege_group_rw)
1831 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_GROUP_RW);
1832 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_GROUP_RW);
1833 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_GROUP_RW);
1836 RUNNER_TEST(privilege_control24b_av_privilege_settings_rw)
1838 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_SETTINGS_RW);
1839 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_SETTINGS_RW);
1840 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_SETTINGS_RW);
1843 RUNNER_TEST(privilege_control24c_av_privilege_public_ro)
1845 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_PUBLIC_RO);
1846 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_PUBLIC_RO);
1847 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_PUBLIC_RO);
1850 RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
1851 int POSITIVE_ERROR_CODE = 1;
1852 int NONEXISTING_ERROR_CODE = -239042;
1855 for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
1856 RUNNER_ASSERT_MSG(strcmp(perm_strerror(*itr), "Unknown error") != 0,
1857 "Returned invalid error code description.");
1860 result = perm_strerror(POSITIVE_ERROR_CODE);
1861 RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
1862 "Bad message returned for invalid error code: \"" << result << "\"");
1864 result = perm_strerror(NONEXISTING_ERROR_CODE);
1865 RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
1866 "Bad message returned for invalid error code: \"" << result << "\"");