2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
22 * @brief libprivilege-control test runner
35 #include <sys/types.h>
38 #include <sys/socket.h>
40 #include <sys/smack.h>
42 #include <privilege-control.h>
43 #include <dpl/test/test_runner.h>
44 #include <dpl/test/test_runner_child.h>
45 #include <dpl/test/test_runner_multiprocess.h>
46 #include <dpl/log/log.h>
47 #include <tests_common.h>
48 #include <libprivilege-control_test_common.h>
52 #define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules"
54 #define EFL_APP_ID "EFL_APP_ID"
56 #define EARLY_RULE_SUBJECT "livebox.web-provider"
57 #define EARLY_RULE_RIGHTS "rwx---"
59 #define SMACK_ACC_LEN 6
62 #define APP_1_DIR "/tmp/app_1"
65 #define APP_2_DIR "/tmp/app_2"
67 #define APP_TEST "app_test"
71 const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
72 const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
73 const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
74 const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
76 std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
78 std::vector<std::string> names;
79 for(size_t i = 0; i < size; ++i) {
80 names.push_back(prefix + "_" + std::to_string(i) + suffix);
85 const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
86 const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
87 const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
88 const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
89 const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
90 const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
91 const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
93 int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb,
94 int /*typeflag*/, struct FTW* /*ftwbuf*/)
100 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
101 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
102 RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
103 result = strcmp(APPID_SHARED_DIR, label);
104 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
106 result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
107 RUNNER_ASSERT_MSG(result == 1,
108 "Error rwxatl access was not given shared dir. Subject: " <<
109 APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
111 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
112 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
113 RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
116 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
117 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
118 if (S_ISDIR(sb->st_mode)) {
119 RUNNER_ASSERT_MSG(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
120 result = strcmp("TRUE", label);
121 RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
123 RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
128 int check_labels_dir(const char *fpath, const struct stat *sb,
129 const char *labels_db_path, const char *dir_db_path,
135 char *scanf_label_format;
136 char label_temp[SMACK_LABEL_LEN + 1];
140 result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
141 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
142 RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
145 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
148 RUNNER_ASSERT_MSG(false, "Could not get label for the path");
153 RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
157 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
161 RUNNER_ASSERT_MSG(false, "Could not get label for the path");
163 if (S_ISDIR(sb->st_mode)) {
167 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
169 result = strcmp("TRUE", label);
173 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
175 } else if (label != NULL) {
178 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
183 if (0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)) {
185 RUNNER_ASSERT_MSG(false, "asprintf failed");
188 file_db = fopen(labels_db_path, "r");
189 if (file_db == NULL) {
191 free(scanf_label_format);
192 RUNNER_ASSERT_MSG(false, "Can not open database for apps");
194 while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
195 result = smack_have_access(label_temp, label_gen, access);
199 free(scanf_label_format);
200 RUNNER_ASSERT_MSG(false,
201 "Error " << access << " access was not given for subject: "
202 << label_temp << ". Result: " << result);
207 file_db = fopen(dir_db_path, "r");
208 if (file_db == NULL) {
210 free(scanf_label_format);
211 RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
214 free(scanf_label_format);
221 void osp_blahblah_check(int line_no, const std::vector<std::string> &rules)
223 std::ifstream smack_file(OSP_BLAHBLAH);
224 RUNNER_ASSERT_MSG(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
226 auto it = rules.begin();
228 while (std::getline(smack_file,line)) {
229 RUNNER_ASSERT_MSG(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
230 RUNNER_ASSERT_MSG(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
234 RUNNER_ASSERT_MSG(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it);
239 void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
241 std::ifstream dac_file(dac_file_path);
242 RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
244 auto it = gids.begin();
246 while (std::getline(dac_file,line)) {
247 std::istringstream is(line);
250 RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
251 RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
255 RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
260 void remove_smack_files()
263 unlink(OSP_BLAHBLAH);
264 unlink(WRT_BLAHBLAH);
265 unlink(OTHER_BLAHBLAH);
266 unlink(WRT_BLAHBLAH_DAC);
267 unlink(OTHER_BLAHBLAH_DAC);
269 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
270 unlink(OSP_BLAHBLAH_DAC[i].c_str());
272 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
273 unlink(OSP_BLAHBLAH_DAC[i].c_str());
278 RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
281 * Test setting labels for all files and folders in given path.
283 RUNNER_TEST(privilege_control02_app_label_dir)
287 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
288 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
290 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
291 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
293 result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
294 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
296 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS);
297 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
299 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
300 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
303 RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir)
309 result = perm_app_install(APP_ID);
310 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
312 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
313 RUNNER_ASSERT_MSG(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
315 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
316 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
318 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
319 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
321 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
322 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
326 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS);
327 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
329 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
330 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
332 result = perm_app_uninstall(APP_ID);
333 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
337 * Simple enabling EFL permissions;.
339 RUNNER_TEST_SMACK(privilege_control04_add_permissions)
344 result = perm_app_uninstall(APP_ID);
345 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
347 result = perm_app_install(APP_ID);
348 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
351 result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, TRUE);
352 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
353 " perm_app_enable_permissions failed with result: " << result);
357 // Check if the accesses are realy applied..
358 result = test_have_all_accesses(rules_efl);
359 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
361 result = perm_app_uninstall(APP_ID);
362 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
366 * Revoke permissions from the list. Should be executed as privileged user.
368 RUNNER_CHILD_TEST(privilege_control06_revoke_permissions)
375 result = perm_app_uninstall(WGT_APP_ID);
376 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
377 result = perm_app_uninstall(WGT_PARTNER_APP_ID);
378 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
379 result = perm_app_uninstall(WGT_PLATFORM_APP_ID);
380 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
381 result = perm_app_uninstall(OSP_APP_ID);
382 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
383 result = perm_app_uninstall(OSP_PARTNER_APP_ID);
384 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
385 result = perm_app_uninstall(OSP_PLATFORM_APP_ID);
386 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
388 // Close transaction to commit uninstallation before further actions
394 result = perm_app_install(WGT_APP_ID);
395 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
396 result = perm_app_install(WGT_PARTNER_APP_ID);
397 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
398 result = perm_app_install(WGT_PLATFORM_APP_ID);
399 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
400 result = perm_app_install(OSP_APP_ID);
401 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
402 result = perm_app_install(OSP_PARTNER_APP_ID);
403 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
404 result = perm_app_install(OSP_PLATFORM_APP_ID);
405 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
407 // Close transaction to commit installation before further actions
413 // Revoke permissions
414 result = perm_app_revoke_permissions(WGT_APP_ID);
415 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
416 "Error revoking app permissions. Result: " << result);
417 result = perm_app_revoke_permissions(WGT_PARTNER_APP_ID);
418 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
419 "Error revoking app permissions. Result: " << result);
420 result = perm_app_revoke_permissions(WGT_PLATFORM_APP_ID);
421 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
422 "Error revoking app permissions. Result: " << result);
423 result = perm_app_revoke_permissions(OSP_APP_ID);
424 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
425 "Error revoking app permissions. Result: " << result);
426 result = perm_app_revoke_permissions(OSP_PARTNER_APP_ID);
427 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
428 "Error revoking app permissions. Result: " << result);
429 result = perm_app_revoke_permissions(OSP_PLATFORM_APP_ID);
430 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
431 "Error revoking app permissions. Result: " << result);
435 // Are all the permissions revoked?
436 result = test_have_any_accesses(rules_wgt);
437 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
438 result = test_have_any_accesses(rules_wgt_partner);
439 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
440 result = test_have_any_accesses(rules_wgt_platform);
441 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
442 result = test_have_any_accesses(rules_osp);
443 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
444 result = test_have_any_accesses(rules_osp_partner);
445 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
446 result = test_have_any_accesses(rules_osp_platform);
447 RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
451 // Cleanup - uninstall test apps
452 result = perm_app_uninstall(WGT_APP_ID);
453 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
454 result = perm_app_uninstall(WGT_PARTNER_APP_ID);
455 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
456 result = perm_app_uninstall(WGT_PLATFORM_APP_ID);
457 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
458 result = perm_app_uninstall(OSP_APP_ID);
459 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
460 result = perm_app_uninstall(OSP_PARTNER_APP_ID);
461 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
462 result = perm_app_uninstall(OSP_PLATFORM_APP_ID);
463 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
469 void set_app_privilege(int line_no,
470 const char* app_id, app_type_t APP_TYPE,
471 const char** privileges, const char* type,
472 const char* app_path, const char* dac_file,
473 const std::vector< std::vector<std::string> > &rules) {
474 check_app_installed(line_no, app_path);
476 int result = perm_app_uninstall(app_id);
477 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
478 " perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
482 result = perm_app_install(app_id);
483 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
484 " perm_app_install returned " << result << ". Errno: " << strerror(errno));
487 result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, 1);
488 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
489 " Error enabling app permissions. Result: " << result);
493 result = test_have_all_accesses(rules);
494 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
496 result = perm_app_set_privilege(app_id, type, app_path);
497 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
498 " Error in perm_app_set_privilege. Error: " << result);
500 // Check if SMACK label really set
502 result = smack_new_label_from_self(&label);
503 RUNNER_ASSERT_MSG(result >= 0, "Line: " << line_no <<
504 " Error getting current process label");
505 RUNNER_ASSERT_MSG(label != NULL, "Line: " << line_no <<
506 " Process label is not set");
507 result = strcmp(app_id, label);
508 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
509 " Process label " << label << " is incorrect");
511 check_groups(dac_file);
515 * Set APP privileges. wgt.
517 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
519 set_app_privilege(__LINE__,WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
520 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
524 * Set APP privileges. wgt_partner.
526 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_partner)
528 set_app_privilege(__LINE__, WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT,
529 "wgt_partner", WGT_PARTNER_APP_PATH,
530 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_partner);
534 * Set APP privileges. wgt_platform.
536 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_platform)
538 set_app_privilege(__LINE__, WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT,
539 "wgt_platform", WGT_PLATFORM_APP_PATH,
540 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_platform);
544 * Set APP privileges. osp app.
546 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
548 set_app_privilege(__LINE__, OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, NULL, OSP_APP_PATH,
549 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
553 * Set APP privileges. partner osp app.
555 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_partner)
557 set_app_privilege(__LINE__, OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP,
558 NULL, OSP_PARTNER_APP_PATH, LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_partner);
562 * Set APP privileges. platform osp app.
564 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_platform)
566 set_app_privilege(__LINE__, OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP,
567 NULL, OSP_PLATFORM_APP_PATH,
568 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_platform);
572 * Add new API feature
574 RUNNER_TEST(privilege_control11_add_api_feature)
578 remove_smack_files();
582 // argument validation
583 result = perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0);
584 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
586 result = perm_add_api_feature(APP_TYPE_OSP,"", NULL, NULL, 0);
587 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
590 // Already existing feature:
591 // TODO: Database will be malformed. (Rules for these features will be removed.)
592 result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0);
593 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
595 result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0);
596 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
599 result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0);
600 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
602 result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0);
603 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
607 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), { NULL }, NULL, 0);
608 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
610 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), (const char*[]) { "", NULL }, NULL, 0);
611 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
613 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), (const char*[]) { " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0);
614 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
617 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), (const char*[]) { "malformed", NULL }, NULL, 0);
618 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
620 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), (const char*[]) { "malformed malformed", NULL }, NULL, 0);
621 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
623 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), (const char*[]) { "-malformed malformed rwxat", NULL }, NULL, 0);
624 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
626 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), (const char*[]) { "~/\"\\ malformed rwxat", NULL }, NULL, 0);
627 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
629 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), (const char*[]) { "subject object rwxat something else", NULL }, NULL, 0);
630 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
634 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), (const char*[]) {
635 "~APP~ object\t rwxatl",
637 "subject2\t~APP~ ltxarw",
641 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
643 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), (const char*[]) {
644 "Sub::jE,ct ~APP~ a-rwxl",
647 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
649 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), (const char*[]) {
650 "Sub::sjE,ct ~APP~ a-RwXL", // TODO This fails.
653 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
656 // TODO For now identical/complementary rules are not merged.
657 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), (const char*[]) {
658 "subject1 ~APP~ rwxatl",
660 "subject2 ~APP~ ltxarw",
664 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
669 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},0);
670 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
671 result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
672 RUNNER_ASSERT(result == -1);
673 remove_smack_files();
677 result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},3);
678 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
679 osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
680 remove_smack_files();
682 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},1);
683 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
684 osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
685 remove_smack_files();
687 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {1,1,1},3);
688 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
689 osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
690 remove_smack_files();
694 * Check perm_app_install function
696 RUNNER_TEST(privilege_control01_app_install)
701 perm_app_uninstall(APP_ID);
703 result = perm_app_install(APP_ID);
704 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
706 // try install second time app with the same ID - it should pass.
707 result = perm_app_install(APP_ID);
708 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
712 * Check perm_app_uninstall function
714 RUNNER_TEST(privilege_control07_app_uninstall)
719 result = perm_app_uninstall(APP_ID);
720 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
722 // checking if file really exists
723 fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
724 RUNNER_ASSERT_MSG(fd == -1, "SMACK file NOT deleted after perm_app_uninstall");
729 * Check app_register_av function
730 * Notice that this test case may have no sense if previous would fail (privilege_control06_app_install)
732 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
733 RUNNER_TEST_SMACK(privilege_control10_app_register_av)
735 RUNNER_IGNORED_MSG("app_register_av is not implemented");
739 smack_revoke_subject(APP_TEST_AV_1);
740 smack_revoke_subject(APP_TEST_AV_2);
742 cleaning_smack_app_files();
746 // Adding two apps before antivir
747 result = perm_app_install(APP_TEST_APP_1);
748 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
750 result = perm_app_install(APP_TEST_APP_2);
751 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
754 result = app_register_av(APP_TEST_AV_1);
755 RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
759 // Checking added apps accesses
760 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
761 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
764 result = perm_app_install(APP_TEST_APP_3);
765 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
767 // Checking app accesses
768 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
769 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)");
770 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)");
772 // Adding second antivir
773 result = app_register_av(APP_TEST_AV_2);
774 RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
776 // Checking app accesses
777 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
778 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
779 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
780 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
781 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
782 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
785 smack_revoke_subject(APP_TEST_AV_1);
786 smack_revoke_subject(APP_TEST_AV_2);
788 cleaning_smack_app_files();
790 #pragma GCC diagnostic warning "-Wdeprecated-declarations"
793 * Grant SMACK permissions based on permissions list.
795 RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
799 // Clean up after test:
802 result = perm_app_uninstall(WGT_APP_ID);
803 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
804 result = perm_app_install(WGT_APP_ID);
805 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
808 * Test - Enabling all permissions with persistant mode enabled
810 result = perm_app_revoke_permissions(WGT_APP_ID);
811 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
812 "Error revoking app permissions. Result: " << result);
814 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
815 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
816 " Error enabling app permissions. Result: " << result);
820 // Check if the accesses are realy applied..
821 result = test_have_all_accesses(rules2);
822 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
827 result = perm_app_revoke_permissions(WGT_APP_ID);
828 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
829 "Error revoking app permissions. Result: " << result);
832 * Test - Enabling all permissions with persistant mode disabled
835 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0);
836 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
837 " Error enabling app permissions. Result: " << result);
841 // Check if the accesses are realy applied..
842 result = test_have_all_accesses(rules2);
843 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
848 result = perm_app_revoke_permissions(WGT_APP_ID);
849 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
850 "Error revoking app permissions. Result: " << result);
853 * Test - Enabling all permissions in two complementary files
856 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, 1);
857 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
858 " Error enabling app permissions. Result: " << result);
862 // Check if the accesses are realy applied..
863 result = test_have_all_accesses(rules2_no_r);
864 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
869 result = perm_app_revoke_permissions(WGT_APP_ID);
870 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
871 "Error revoking app permissions. Result: " << result);
874 * Test - Enabling some permissions and then enabling complementary permissions
877 // Enable permission for rules 2 no r
878 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
879 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
880 " Error enabling app permissions without r. Result: " << result);
884 // Check if the accesses are realy applied..
885 result = test_have_all_accesses(rules2_no_r);
886 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
888 // Enable permission for rules 2
889 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
890 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
891 " Error enabling app all permissions. Result: " << result);
893 // Check if the accesses are realy applied..
894 result = test_have_all_accesses(rules2);
895 RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
900 result = perm_app_revoke_permissions(WGT_APP_ID);
901 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
902 "Error revoking app permissions. Result: " << result);
905 * Test - Enabling some permissions and then enabling all permissions
908 // Enable permission for rules 2 no r
909 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
910 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
911 " Error enabling app permissions without r. Result: " << result);
915 // Check if the accesses are realy applied..
916 result = test_have_all_accesses(rules2_no_r);
917 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
919 // Enable permission for rules 2
920 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
921 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
922 " Error enabling app permissions with only r. Result: " << result);
924 // Check if the accesses are realy applied..
925 result = test_have_all_accesses(rules2_r);
926 RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
931 result = perm_app_revoke_permissions(WGT_APP_ID);
932 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
933 "Error revoking app permissions. Result: " << result);
937 // Clean up after test:
938 result = perm_app_uninstall(WGT_APP_ID);
939 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
944 RUNNER_CHILD_TEST(privilege_control11_app_enable_permissions_efl)
951 result = perm_app_uninstall(EFL_APP_ID);
952 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
953 "perm_app_uninstall failed: " << result);
954 result = perm_app_install(EFL_APP_ID);
955 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
956 "perm_app_install failed: " << result);
958 // Enable a permission:
959 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
960 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
961 "Error enabling app permissions. Result: " << result);
965 RUNNER_ASSERT_MSG(smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
966 "SMACK accesses not granted for EFL_APP");
969 result = perm_app_uninstall(EFL_APP_ID);
970 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
971 "perm_app_uninstall failed: " << result);
975 * Check perm_app_install function
977 RUNNER_CHILD_TEST(privilege_control12_app_disable_permissions_efl)
984 result = perm_app_uninstall(EFL_APP_ID);
985 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
986 "perm_app_uninstall failed: " << result);
988 result = perm_app_install(EFL_APP_ID);
989 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
990 "perm_app_install failed: " << result);
992 // Enable a permission
993 result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
994 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
995 "Error enabling app permissions. Result: " << result);
999 RUNNER_ASSERT_MSG(smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
1000 "SMACK accesses not granted for EFL_APP");
1002 // Disable a permission
1003 result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
1004 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1005 "Error disabling app permissions. Result: " << result);
1007 RUNNER_ASSERT_MSG(!smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
1008 "SMACK accesses not granted for EFL_APP");
1011 result = perm_app_uninstall(EFL_APP_ID);
1012 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1013 "perm_app_uninstall failed: " << result);
1018 * Remove previously granted SMACK permissions based on permissions list.
1020 RUNNER_TEST(privilege_control12_app_disable_permissions)
1027 result = perm_app_uninstall(WGT_APP_ID);
1028 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1029 "perm_app_uninstall failed: " << result);
1031 result = perm_app_install(WGT_APP_ID);
1032 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1033 "perm_app_install failed: " << result);
1035 * Test - disable all granted permissions.
1038 // Prepare permissions that we want to disable
1039 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
1040 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1041 " Error enabling app permissions. Result: " << result);
1045 // Are all the permissions enabled?
1046 result = test_have_any_accesses(rules2);
1047 RUNNER_ASSERT_MSG(result==1, "Not all permisions enabled.");
1049 // Disable permissions
1050 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
1051 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1052 "Error disabling app permissions. Result: " << result);
1054 // Are all the permissions disabled?
1055 result = test_have_any_accesses(rules2);
1056 RUNNER_ASSERT_MSG(result!=1, "Not all permisions disabled.");
1059 * Test - disable some granted permissions leaving non complementary and then disabling those too.
1064 // Prepare permissions that will not be disabled
1065 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS, 1);
1066 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1067 " Error adding app first permissions. Result: " << result);
1069 // Prepare permissions that we want to disable
1070 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
1071 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1072 " Error adding app second permissions. Result: " << result);
1074 // Disable second permissions
1075 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
1076 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1077 "Error disabling app second permissions. Result: " << result);
1081 // Are all second permissions disabled?
1082 result = test_have_any_accesses(rules2);
1083 RUNNER_ASSERT_MSG(result!=1, "Not all first permisions disabled.");
1085 // Are all first permissions not disabled?
1086 result = test_have_all_accesses(rules_wgt2);
1087 RUNNER_ASSERT_MSG(result==1, "Some of second permissions disabled.");
1089 // Disable first permissions
1090 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
1091 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1092 "Error disabling app first permissions. Result: " << result);
1094 // Are all second permissions disabled?
1095 result = test_have_any_accesses(rules_wgt2);
1096 RUNNER_ASSERT_MSG(result!=1, "Not all second permisions disabled.");
1099 * Test - disable only no r granted permissions.
1104 // Prepare permissions
1105 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
1106 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1107 " Error adding app permissions. Result: " << result);
1109 // Disable same permissions without r
1110 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
1111 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1112 "Error disabling app no r permissions. Result: " << result);
1116 // Is any r permissions disabled?
1117 result = test_have_all_accesses(rules2_r);
1118 RUNNER_ASSERT_MSG(result==1, "Some of r permissions disabled.");
1119 // Are all no r permissions disabled?
1120 result = test_have_any_accesses(rules2_no_r);
1121 RUNNER_ASSERT_MSG(result!=1, "Not all no r permissions disabled.");
1123 // Prepare permissions
1124 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
1125 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1126 " Error adding app no r permissions. Result: " << result);
1127 result = test_have_any_accesses(rules2_no_r);
1128 RUNNER_ASSERT_MSG(result=1, "Not all no r permissions enabled.");
1130 // Disable all permissions
1131 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
1132 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1133 "Error disabling app permissions. Result: " << result);
1134 result = test_have_any_accesses(rules2_r);
1135 RUNNER_ASSERT_MSG(result!=1, "Not all r permissions disabled.");
1139 // Clean up after test:
1140 result = perm_app_uninstall(WGT_APP_ID);
1141 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1145 * Reset SMACK permissions for an application by revoking all previously
1146 * granted rules and enabling them again from a rules file from disk.
1148 // TODO: This test is incomplete.
1149 RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
1154 * Test - doing reset and checking if rules exist again.
1159 result = perm_app_install(WGT_APP_ID);
1160 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1162 // Prepare permissions to reset
1163 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
1164 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1165 " Error adding app permissions. Result: " << result);
1167 // Reset permissions
1168 result = perm_app_reset_permissions(WGT_APP_ID);
1169 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1170 "Error reseting app permissions. Result: " << result);
1174 // Are all second permissions not disabled?
1175 result = test_have_all_accesses(rules2);
1176 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
1180 // Disable permissions
1181 result = perm_app_revoke_permissions(WGT_APP_ID);
1182 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1183 "Error disabling app permissions. Result: " << result);
1185 result = perm_app_uninstall(WGT_APP_ID);
1186 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1192 * Make two applications "friends", by giving them both full permissions on
1195 RUNNER_TEST_SMACK(privilege_control14_app_add_friend)
1197 RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
1202 * Test - making friends with no permissions on each other
1205 result = perm_app_revoke_permissions(APP_FRIEND_1);
1206 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1207 "Error revoking app permissions. Result: " << result);
1208 result = perm_app_revoke_permissions(APP_FRIEND_2);
1209 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1210 "Error revoking app permissions. Result: " << result);
1212 perm_app_uninstall(APP_FRIEND_1);
1213 perm_app_uninstall(APP_FRIEND_2);
1215 // Installing friends to be
1216 result = perm_app_install(APP_FRIEND_1);
1217 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1218 " Error installing first app. Result: " << result);
1219 result = perm_app_install(APP_FRIEND_2);
1220 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1221 " Error installing second app. Result: " << result);
1224 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1225 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1226 " Error making friends. Errno: " << result);
1228 // Checking if friends were made
1229 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1230 RUNNER_ASSERT_MSG(result == 1,
1231 " Error first one sided friednship failed. Result: " << result);
1232 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1233 RUNNER_ASSERT_MSG(result == 1,
1234 " Error second one sided friednship failed. Result: " << result);
1237 result = perm_app_revoke_permissions(APP_FRIEND_1);
1238 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1239 "Error revoking app permissions. Result: " << result);
1240 result = perm_app_revoke_permissions(APP_FRIEND_2);
1241 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1242 "Error revoking app permissions. Result: " << result);
1244 perm_app_uninstall(APP_FRIEND_1);
1245 perm_app_uninstall(APP_FRIEND_2);
1248 * Test - making friends with nonexistent friend
1251 // Installing one friend
1252 result = perm_app_install(APP_FRIEND_1);
1253 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1254 " Error installing first app. Errno: " << result);
1256 // Adding imaginary friend as second
1257 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1258 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1259 " Error making friends (first) with imaginairy friend failed. Result: "
1261 // Adding imaginary friend as first
1262 result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1);
1263 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1264 " Error making friends (second) with imaginairy friend failed. Result: "
1267 result = perm_app_revoke_permissions(APP_FRIEND_1);
1268 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1269 "Error revoking app permissions. Result: " << result);
1270 result = perm_app_revoke_permissions(APP_FRIEND_2);
1271 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1272 "Error revoking app permissions. Result: " << result);
1274 perm_app_uninstall(APP_FRIEND_1);
1275 perm_app_uninstall(APP_FRIEND_2);
1278 * Test - making friends with some permissions already added
1283 struct smack_accesses *rulesFriend = NULL;
1285 std::vector<std::string> accessesFriend =
1286 { "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" };
1288 // Installing friends to be
1289 result = perm_app_install(APP_FRIEND_1);
1290 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1291 " Error installing first app. Result: " << result);
1292 result = perm_app_install(APP_FRIEND_2);
1293 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1294 " Error installing second app. Result: " << result);
1296 for (i = 0; i < accessesFriend.size(); ++i)
1298 for (j = 0; j < accessesFriend.size(); ++j)
1300 // Adding rules before making friends
1301 result = smack_accesses_new(&rulesFriend);
1302 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1303 "Error in smack_accesses_new. Result: " << result);
1305 result = smack_accesses_add(rulesFriend,
1306 APP_FRIEND_1, APP_FRIEND_2, accessesFriend[i].c_str());
1307 RUNNER_ASSERT_MSG(result == 0,
1308 "Unable to add modify rulesFirend (first). Result: " << result);
1309 result = smack_accesses_add(rulesFriend, APP_FRIEND_2,
1310 APP_FRIEND_1, accessesFriend[j].c_str());
1311 RUNNER_ASSERT_MSG(result == 0,
1312 "Unable to add modify rulesFirend (second). Result: " << result);
1314 result = smack_accesses_apply(rulesFriend);
1315 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1316 "Error in smack_accesses_apply. Result: " << result);
1319 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1320 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1321 " Error making friends. Result: " << result);
1323 // Checking if friends were made
1324 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1325 RUNNER_ASSERT_MSG(result == 1,
1326 " Error first one sided friednship failed. Result: " << result);
1327 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1328 RUNNER_ASSERT_MSG(result == 1,
1329 " Error second one sided friednship failed. Result: " << result);
1331 // Deleting all rules between friends
1332 smack_accesses_add_modify(rulesFriend,
1333 APP_FRIEND_1, APP_FRIEND_2,"","rwxat");
1334 smack_accesses_add_modify(rulesFriend,
1335 APP_FRIEND_2, APP_FRIEND_1,"","rwxat");
1337 result = smack_accesses_apply(rulesFriend);
1339 smack_accesses_free(rulesFriend);
1345 result = perm_app_revoke_permissions(APP_FRIEND_1);
1346 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1347 "Error revoking app permissions. Result: " << result);
1348 result = perm_app_revoke_permissions(APP_FRIEND_2);
1349 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1350 "Error revoking app permissions. Result: " << result);
1352 perm_app_uninstall(APP_FRIEND_1);
1353 perm_app_uninstall(APP_FRIEND_2);
1356 static void smack_set_random_label_based_on_pid_on_self(void)
1359 std::stringstream ss;
1361 ss << "s-" << getpid() << "-" << getppid();
1362 result = smack_set_label_for_self(ss.str().c_str());
1363 RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
1364 << ss.str().c_str() << ") failed");
1367 static void smack_unix_sock_server(int sock)
1373 fd = accept(sock, NULL, NULL);
1377 result = smack_new_label_from_self(&smack_label);
1382 RUNNER_ASSERT_MSG(0, "smack_new_label_from_self() failed");
1384 result = write(fd, smack_label, strlen(smack_label));
1385 if (result != (int)strlen(smack_label)) {
1389 RUNNER_ASSERT_MSG(0, "write() failed: " << strerror(errno));
1395 RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
1398 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
1402 RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
1404 smack_set_random_label_based_on_pid_on_self();
1406 if (!pid) { /* child process, server */
1409 /* Set the process label before creating a socket */
1410 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1411 RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
1413 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1416 RUNNER_ASSERT_MSG(0, "bind failed: " << strerror(errno));
1418 result = listen(sock, 1);
1421 RUNNER_ASSERT_MSG(0, "listen failed: " << strerror(errno));
1423 smack_unix_sock_server(sock);
1425 /* Change the process label with listening socket */
1426 smack_unix_sock_server(sock);
1429 RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
1430 /* Now running two concurrent servers.
1431 Test if socket label was unaffected by fork() */
1432 smack_unix_sock_server(sock);
1433 /* Let's give the two servers different labels */
1434 smack_unix_sock_server(sock);
1438 } else { /* parent process, client */
1439 sleep(1); /* Give server some time to setup listening socket */
1441 for (i = 0; i < 4; ++i) {
1444 char smack_label1[SMACK_LABEL_LEN + 1];
1447 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1448 RUNNER_ASSERT_MSG(sock >= 0,
1449 "socket failed: " << strerror(errno));
1450 result = connect(sock,
1451 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1454 RUNNER_ASSERT_MSG(0, "connect failed: " << strerror(errno));
1458 result = read(sock, smack_label1, SMACK_LABEL_LEN);
1462 RUNNER_ASSERT_MSG(0, "read failed: " << strerror(errno));
1464 smack_label1[result] = '\0';
1465 smack_label2 = perm_app_id_from_socket(sock);
1466 if (smack_label2 == NULL) {
1468 RUNNER_ASSERT_MSG(0, "perm_app_id_from_socket failed");
1470 result = strcmp(smack_label1, smack_label2);
1473 RUNNER_ASSERT_MSG(0, "smack labels differ: '" << smack_label1
1474 << "' != '" << smack_label2 << "-" << random() << "'");
1481 RUNNER_TEST(privilege_control16_app_setup_path){
1482 const char *path1 = "/usr/share/privilege-control/app_setup_access_test";
1483 const char *path2 = "/usr/share/privilege-control/app_setup_access_test/directory";
1484 const char *path3 = "/usr/share/privilege-control/app_setup_access_test/one";
1485 const char *path4 = "/usr/share/privilege-control/app_setup_access_test/directory/two";
1486 const char *label1 = "qwert123456za";
1487 const char *label2 = "trewq654123az";
1489 std::unique_ptr<char, std::function<void(void*)> > labelPtr(NULL,free);
1494 int fd = creat(path3, S_IRWXU);
1497 fd = creat(path4, S_IRWXU);
1503 RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1));
1504 RUNNER_ASSERT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS));
1505 labelPtr.reset(label);
1507 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label1));
1509 RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2));
1510 RUNNER_ASSERT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC));
1511 labelPtr.reset(label);
1513 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label2));
1515 RUNNER_ASSERT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC));
1516 labelPtr.reset(label);
1518 RUNNER_ASSERT(labelPtr.get() == NULL);
1521 RUNNER_TEST(privilege_control17_appsettings_privilege)
1524 char *app1_dir_label;
1525 char *app2_dir_label;
1528 (void)perm_app_uninstall(APP_TEST);
1529 (void)perm_app_uninstall(APP_1);
1530 (void)perm_app_uninstall(APP_2);
1534 //install some app 1
1535 ret = perm_app_install(APP_1);
1536 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
1538 mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
1540 //register settings folder for app 1
1541 ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
1542 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
1544 //install "app_test" and give it appsettings privilege
1545 ret = perm_app_install(APP_TEST);
1546 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
1549 ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
1550 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
1551 " Error enabling app permissions. Result: " << ret);
1555 //check if "app_test" has an RX access to the app "app_1"
1556 ret = smack_have_access(APP_TEST, APP_1, "rx");
1557 RUNNER_ASSERT_MSG(ret,"access denied");
1559 //check if "app_test" has an RWX access to a folder registered by "app_1"
1560 ret = smack_getlabel(APP_1_DIR, &app1_dir_label, SMACK_LABEL_ACCESS );
1561 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
1562 ret = smack_have_access(APP_TEST, app1_dir_label, "rwx");
1563 RUNNER_ASSERT_MSG(ret,"access denied to smack label: " << app1_dir_label);
1568 //intstall another app: "app_2"
1569 ret = perm_app_install(APP_2);
1570 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
1572 mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
1573 //register settings folder for that "app_2"
1574 ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
1575 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
1579 //check if "app_test" has an RX access to the app "app_2"
1580 ret = smack_have_access(APP_TEST, APP_2, "rx");
1581 RUNNER_ASSERT_MSG(ret,"access denies");
1583 //check if "app_test" has an RWX access to a folder registered by "app_2"
1584 ret = smack_getlabel(APP_2_DIR, &app2_dir_label, SMACK_LABEL_ACCESS );
1585 RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
1586 ret = smack_have_access(APP_TEST, app2_dir_label, "rwx");
1587 RUNNER_ASSERT_MSG(ret,"access denies");
1589 free (app1_dir_label);
1590 free (app2_dir_label);
1596 (void)perm_app_uninstall(APP_TEST);
1597 (void)perm_app_uninstall(APP_1);
1598 (void)perm_app_uninstall(APP_2);
1603 void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) {
1608 result = perm_app_uninstall(APP_ID);
1609 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1610 " Error in perm_app_uninstall." << result);
1612 result = perm_app_install(APP_ID);
1613 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1614 " Error in perm_app_install." << result);
1616 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
1617 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1618 " Unable to clean up Smack labels in " << TEST_APP_DIR);
1620 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1621 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1622 " Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
1624 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, PATH_TYPE);
1625 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1626 " perm_app_setup_path() failed");
1630 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1631 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1632 " Unable to check Smack labels for non-app dir");
1634 result = perm_app_uninstall(APP_ID);
1635 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1636 " Error in perm_app_uninstall." << result);
1639 RUNNER_TEST_SMACK(privilege_control18_app_setup_path_public)
1641 test_app_setup_path(__LINE__, APP_PATH_PUBLIC_RO);
1644 RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings)
1646 test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW);
1649 RUNNER_TEST(privilege_control20_early_rules)
1651 RUNNER_IGNORED_MSG("early rules are not implemented");
1657 char *single_line_format = NULL;
1661 char subject[SMACK_LABEL_LEN + 1] = {0};
1662 char object[SMACK_LABEL_LEN + 1] = {0};
1663 char rule_add[SMACK_ACC_LEN + 1] = {0};
1664 char rule_remove[SMACK_ACC_LEN + 1] = {0};
1666 unlink(SMACK_RULES_DIR APP_ID);
1670 perm_app_uninstall(APP_ID);
1672 result = perm_app_install(APP_ID);
1673 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1674 result = perm_app_install(APP_TEST_APP_1);
1675 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1677 // checking if file really exists
1678 fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
1680 RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno));
1683 result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm, 1);
1684 RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
1685 result = perm_app_enable_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm, 1);
1686 RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
1690 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1691 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1693 result = asprintf(&single_line_format, "%%%ds %%%ds %%%ds %%%ds\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN, SMACK_ACC_LEN, SMACK_ACC_LEN);
1695 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1696 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1697 pass_1 = 1; // Found rule for APP_ID
1700 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1701 pass_2 = 1; // Found rule for APP_TEST_APP_1
1708 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
1709 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
1711 // Checking if "early rule" for APP_ID was really removed
1712 // We also should make sure that "early rules" for other apps wasn't removed
1713 result = perm_app_uninstall(APP_ID);
1714 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1718 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1719 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1721 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1722 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1723 pass_1 = 0; // Found rule for APP_ID - it should NOT be here
1726 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1727 pass_2 = 1; // Found rule for APP_TEST_APP_1
1734 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
1735 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
1737 // Removing and checking "early rule" for APP_TEST_APP_1
1738 result = perm_app_uninstall(APP_TEST_APP_1);
1739 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1743 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1744 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1746 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1747 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1748 pass_1 = 0; // Found rule for APP_ID - it should NOT be here
1751 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1752 pass_2 = 0; // Found rule for APP_TEST_APP_1 - it should NOT be here
1756 free(single_line_format);
1759 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
1760 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");
1764 * AV Privilege test cases.
1766 * Each privilege_control24* test case tests antivirus privileges for each app_type_t, except for
1767 * deprecated APP_TYPE_OTHER type.
1770 int nftw_remove_dir(const char* filename, const struct stat* /*statptr*/, int /*fileflags*/,
1771 struct FTW* /*pfwt*/)
1775 struct stat filestat;
1777 result = stat(filename, &filestat);
1778 RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to get file statistics. Result: "
1779 << result << ", error: " << strerror(errno) << ", file: " << filename);
1781 if(S_ISREG(filestat.st_mode)) {
1782 result = unlink(filename);
1783 RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to unlink file. Result: "
1784 << result << ", error: " << strerror(errno) << ", file: " << filename);
1785 } else if(S_ISDIR(filestat.st_mode)) {
1786 result = rmdir(filename);
1787 RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to remove dir. Result: "
1788 << result << ", error: " << strerror(errno) << ", file: " << filename);
1794 void InstallApp(const char* pkg_id, const char* path, app_path_type_t app_path_type,
1795 const char* shared_label)
1799 result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP);
1800 RUNNER_ASSERT_MSG(result == 0, "Can't create dir for tests. Result: " << result <<
1801 ", error: " << strerror(errno) << ", app_path_type: " << app_path_type);
1805 result = perm_app_revoke_permissions(pkg_id);
1806 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
1807 << result << ", app_path_type: " << app_path_type);
1808 result = perm_app_uninstall(pkg_id);
1809 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
1810 << result << ", app_path_type: " << app_path_type);
1812 result = perm_app_install(pkg_id);
1813 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
1814 << result << ", app_path_type: " << app_path_type);
1815 result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label);
1816 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
1817 << result << ", app_path_type: " << app_path_type);
1822 void InstallAV(const char* av_id, app_type_t av_type)
1828 result = perm_app_revoke_permissions(av_id);
1829 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
1830 << result << ", av_type: " << av_type);
1831 result = perm_app_uninstall(av_id);
1832 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
1833 << result << ", av_type: " << av_type);
1835 result = perm_app_install(av_id);
1836 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
1837 << result << ", av_type: " << av_type);
1838 result = perm_app_enable_permissions(av_id, av_type, PRIVS_AV, 1);
1839 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "enable_permissions failed. Result: "
1840 << result << ", av_type: " << av_type);
1845 void CheckAVPrivilege(app_type_t av_type, app_path_type_t app_path_type)
1850 result = nftw(APP_TEST_APP_1_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1851 RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1852 ", error " << strerror(errno));
1854 result = nftw(APP_TEST_APP_2_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1855 RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1856 ", error " << strerror(errno));
1858 result = nftw(APP_TEST_APP_3_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1859 RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1860 ", error " << strerror(errno));
1862 InstallApp(APP_TEST_APP_1, APP_TEST_APP_1_DIR, app_path_type, APP_TEST_APP_1_SHARED_LABEL);
1863 InstallAV(APP_TEST_AV_1, av_type);
1864 InstallApp(APP_TEST_APP_2, APP_TEST_APP_2_DIR, app_path_type, APP_TEST_APP_2_SHARED_LABEL);
1865 InstallAV(APP_TEST_AV_2, av_type);
1866 InstallApp(APP_TEST_APP_3, APP_TEST_APP_3_DIR, app_path_type, APP_TEST_APP_3_SHARED_LABEL);
1868 //test - get ACCESS label and check AV privilege
1873 result = smack_lgetlabel(APP_TEST_APP_1_DIR, &tmp, SMACK_LABEL_ACCESS);
1874 RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
1875 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1876 std::string label1(tmp);
1879 result = smack_lgetlabel(APP_TEST_APP_2_DIR, &tmp, SMACK_LABEL_ACCESS);
1880 RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
1881 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1882 std::string label2(tmp);
1885 result = smack_lgetlabel(APP_TEST_APP_3_DIR, &tmp, SMACK_LABEL_ACCESS);
1886 RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
1887 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1888 std::string label3(tmp);
1891 if(app_path_type == APP_PATH_GROUP_RW)
1893 result = label1.compare(APP_TEST_APP_1_SHARED_LABEL);
1894 RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
1895 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1896 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1898 result = label2.compare(APP_TEST_APP_2_SHARED_LABEL);
1899 RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
1900 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1901 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1903 result = label3.compare(APP_TEST_APP_3_SHARED_LABEL);
1904 RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
1905 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1906 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1909 std::stringstream ss;
1914 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1915 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1916 checkOnlyAvAccess(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
1917 ss.str(std::string());
1919 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1920 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1921 checkOnlyAvAccess(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
1922 ss.str(std::string());
1924 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1925 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1926 checkOnlyAvAccess(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
1928 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1929 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1930 checkOnlyAvAccess(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
1931 ss.str(std::string());
1933 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1934 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1935 checkOnlyAvAccess(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
1936 ss.str(std::string());
1938 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1939 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1940 checkOnlyAvAccess(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
1944 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1945 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1946 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
1948 ss.str(std::string());
1949 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1950 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1951 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
1953 ss.str(std::string());
1954 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1955 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1956 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
1958 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1959 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1960 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
1962 ss.str(std::string());
1963 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1964 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1965 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
1967 ss.str(std::string());
1968 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1969 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1970 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
1974 perm_app_revoke_permissions(APP_TEST_AV_1);
1975 perm_app_revoke_permissions(APP_TEST_AV_2);
1976 perm_app_uninstall(APP_TEST_AV_1);
1977 perm_app_uninstall(APP_TEST_AV_2);
1978 perm_app_uninstall(APP_TEST_APP_1);
1979 perm_app_uninstall(APP_TEST_APP_2);
1980 perm_app_uninstall(APP_TEST_APP_3);
1983 RUNNER_TEST(privilege_control24a_av_privilege_group_rw)
1985 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_GROUP_RW);
1986 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_GROUP_RW);
1987 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_GROUP_RW);
1990 RUNNER_TEST(privilege_control24b_av_privilege_settings_rw)
1992 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_SETTINGS_RW);
1993 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_SETTINGS_RW);
1994 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_SETTINGS_RW);
1997 RUNNER_TEST(privilege_control24c_av_privilege_public_ro)
1999 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_PUBLIC_RO);
2000 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_PUBLIC_RO);
2001 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_PUBLIC_RO);