2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
22 * @brief libprivilege-control test runner
35 #include <sys/types.h>
38 #include <sys/socket.h>
40 #include <sys/smack.h>
42 #include <privilege-control.h>
43 #include <dpl/test/test_runner.h>
44 #include <dpl/test/test_runner_child.h>
45 #include <dpl/test/test_runner_multiprocess.h>
46 #include <dpl/log/log.h>
47 #include <tests_common.h>
48 #include <libprivilege-control_test_common.h>
52 #define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules"
54 #define EARLY_RULE_SUBJECT "livebox.web-provider"
55 #define EARLY_RULE_RIGHTS "rwx---"
57 #define SMACK_ACC_LEN 6
61 std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
63 std::vector<std::string> names;
64 for(size_t i = 0; i < size; ++i) {
65 names.push_back(prefix + "_" + std::to_string(i) + suffix);
70 const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
71 const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
72 const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
73 const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
74 const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
75 const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
76 const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
78 int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb,
79 int /*typeflag*/, struct FTW* /*ftwbuf*/)
85 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
86 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
87 RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
88 result = strcmp(APPID_SHARED_DIR, label);
89 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
91 result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
92 RUNNER_ASSERT_MSG(result == 1,
93 "Error rwxatl access was not given shared dir. Subject: " <<
94 APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
96 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
97 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
98 RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
101 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
102 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
103 if (S_ISDIR(sb->st_mode)) {
104 RUNNER_ASSERT_MSG(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
105 result = strcmp("TRUE", label);
106 RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
108 RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
113 int check_labels_dir(const char *fpath, const struct stat *sb,
114 const char *labels_db_path, const char *dir_db_path,
120 char *scanf_label_format;
121 char label_temp[SMACK_LABEL_LEN + 1];
125 result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
126 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
127 RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
130 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
133 RUNNER_ASSERT_MSG(false, "Could not get label for the path");
138 RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
142 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
146 RUNNER_ASSERT_MSG(false, "Could not get label for the path");
148 if (S_ISDIR(sb->st_mode)) {
152 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
154 result = strcmp("TRUE", label);
158 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
160 } else if (label != NULL) {
163 RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
168 if (0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)) {
170 RUNNER_ASSERT_MSG(false, "asprintf failed");
173 file_db = fopen(labels_db_path, "r");
174 if (file_db == NULL) {
176 free(scanf_label_format);
177 RUNNER_ASSERT_MSG(false, "Can not open database for apps");
179 while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
180 result = smack_have_access(label_temp, label_gen, access);
184 free(scanf_label_format);
185 RUNNER_ASSERT_MSG(false,
186 "Error " << access << " access was not given for subject: "
187 << label_temp << ". Result: " << result);
192 file_db = fopen(dir_db_path, "r");
193 if (file_db == NULL) {
195 free(scanf_label_format);
196 RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
199 free(scanf_label_format);
206 void osp_blahblah_check(int line_no, const std::vector<std::string> &rules)
208 std::ifstream smack_file(OSP_BLAHBLAH);
209 RUNNER_ASSERT_MSG(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
211 auto it = rules.begin();
213 while (std::getline(smack_file,line)) {
214 RUNNER_ASSERT_MSG(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
215 RUNNER_ASSERT_MSG(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
219 RUNNER_ASSERT_MSG(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it);
224 void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
226 std::ifstream dac_file(dac_file_path);
227 RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
229 auto it = gids.begin();
231 while (std::getline(dac_file,line)) {
232 std::istringstream is(line);
235 RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
236 RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
240 RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
245 void remove_smack_files()
248 unlink(OSP_BLAHBLAH);
249 unlink(WRT_BLAHBLAH);
250 unlink(OTHER_BLAHBLAH);
251 unlink(WRT_BLAHBLAH_DAC);
252 unlink(OTHER_BLAHBLAH_DAC);
254 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
255 unlink(OSP_BLAHBLAH_DAC[i].c_str());
257 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
258 unlink(OSP_BLAHBLAH_DAC[i].c_str());
263 RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
266 * Test setting labels for all files and folders in given path.
268 RUNNER_TEST(privilege_control02_app_label_dir)
272 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
273 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
275 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
276 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
280 result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
281 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
285 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS);
286 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
288 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
289 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
292 RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir)
298 result = perm_app_install(APP_ID);
299 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
301 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
302 RUNNER_ASSERT_MSG(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
306 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
307 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
309 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
310 RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
314 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
315 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
319 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS);
320 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
322 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
323 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
327 result = perm_app_uninstall(APP_ID);
328 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
334 * Simple enabling EFL permissions;.
336 RUNNER_TEST_SMACK(privilege_control04_add_permissions)
341 result = perm_app_uninstall(APP_ID);
342 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
344 result = perm_app_install(APP_ID);
345 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
348 result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, TRUE);
349 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
350 " perm_app_enable_permissions failed with result: " << result);
354 // Check if the accesses are realy applied..
355 result = test_have_all_accesses(rules_efl);
356 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
360 result = perm_app_uninstall(APP_ID);
361 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
367 * Revoke permissions from the list. Should be executed as privileged user.
369 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
371 test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, true);
375 * Revoke permissions from the list. Should be executed as privileged user.
377 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt_partner)
379 test_revoke_permissions(__LINE__, WGT_PARTNER_APP_ID, rules_wgt_partner, true);
383 * Revoke permissions from the list. Should be executed as privileged user.
385 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt_platform)
387 test_revoke_permissions(__LINE__, WGT_PLATFORM_APP_ID, rules_wgt_platform, true);
391 * Revoke permissions from the list. Should be executed as privileged user.
393 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
395 test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, true);
399 * Revoke permissions from the list. Should be executed as privileged user.
401 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp_partner)
403 test_revoke_permissions(__LINE__, OSP_PARTNER_APP_ID, rules_osp_partner, true);
407 * Revoke permissions from the list. Should be executed as privileged user.
409 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp_platform)
411 test_revoke_permissions(__LINE__, OSP_PLATFORM_APP_ID, rules_osp_platform, true);
415 void set_app_privilege(int line_no,
416 const char* app_id, app_type_t APP_TYPE,
417 const char** privileges, const char* type,
418 const char* app_path, const char* dac_file,
419 const rules_t &rules) {
420 check_app_installed(line_no, app_path);
426 result = perm_app_uninstall(app_id);
427 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
428 " perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
430 result = perm_app_install(app_id);
431 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
432 " perm_app_install returned " << result << ". Errno: " << strerror(errno));
435 result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, 1);
436 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
437 " Error enabling app permissions. Result: " << result);
441 result = test_have_all_accesses(rules);
442 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
446 result = perm_app_set_privilege(app_id, type, app_path);
447 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
448 " Error in perm_app_set_privilege. Error: " << result);
452 // Check if SMACK label really set
454 result = smack_new_label_from_self(&label);
455 RUNNER_ASSERT_MSG(result >= 0, "Line: " << line_no <<
456 " Error getting current process label");
457 RUNNER_ASSERT_MSG(label != NULL, "Line: " << line_no <<
458 " Process label is not set");
459 result = strcmp(app_id, label);
460 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
461 " Process label " << label << " is incorrect");
463 check_groups(dac_file);
467 * Set APP privileges. wgt.
469 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
471 set_app_privilege(__LINE__,WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
472 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
476 * Set APP privileges. wgt_partner.
478 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_partner)
480 set_app_privilege(__LINE__, WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT,
481 "wgt_partner", WGT_PARTNER_APP_PATH,
482 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_partner);
486 * Set APP privileges. wgt_platform.
488 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_platform)
490 set_app_privilege(__LINE__, WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT,
491 "wgt_platform", WGT_PLATFORM_APP_PATH,
492 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_platform);
496 * Set APP privileges. osp app.
498 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
500 set_app_privilege(__LINE__, OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, NULL, OSP_APP_PATH,
501 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
505 * Set APP privileges. partner osp app.
507 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_partner)
509 set_app_privilege(__LINE__, OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP,
510 NULL, OSP_PARTNER_APP_PATH, LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_partner);
514 * Set APP privileges. platform osp app.
516 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_platform)
518 set_app_privilege(__LINE__, OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP,
519 NULL, OSP_PLATFORM_APP_PATH,
520 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_platform);
524 * Add new API feature
526 RUNNER_TEST(privilege_control11_add_api_feature)
530 remove_smack_files();
534 // argument validation
535 result = perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0);
536 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
538 result = perm_add_api_feature(APP_TYPE_OSP,"", NULL, NULL, 0);
539 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
542 // Already existing feature:
543 // TODO: Database will be malformed. (Rules for these features will be removed.)
544 result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0);
545 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
547 result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0);
548 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
551 result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0);
552 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
554 result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0);
555 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
559 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), { NULL }, NULL, 0);
560 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
562 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), (const char*[]) { "", NULL }, NULL, 0);
563 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
565 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), (const char*[]) { " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0);
566 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
569 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), (const char*[]) { "malformed", NULL }, NULL, 0);
570 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
572 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), (const char*[]) { "malformed malformed", NULL }, NULL, 0);
573 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
575 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), (const char*[]) { "-malformed malformed rwxat", NULL }, NULL, 0);
576 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
578 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), (const char*[]) { "~/\"\\ malformed rwxat", NULL }, NULL, 0);
579 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
581 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), (const char*[]) { "subject object rwxat something else", NULL }, NULL, 0);
582 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
586 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), (const char*[]) {
587 "~APP~ object\t rwxatl",
589 "subject2\t~APP~ ltxarw",
593 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
595 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), (const char*[]) {
596 "Sub::jE,ct ~APP~ a-rwxl",
599 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
601 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), (const char*[]) {
602 "Sub::sjE,ct ~APP~ a-RwXL", // TODO This fails.
605 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
608 // TODO For now identical/complementary rules are not merged.
609 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), (const char*[]) {
610 "subject1 ~APP~ rwxatl",
612 "subject2 ~APP~ ltxarw",
616 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
619 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},0);
620 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
621 result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
622 RUNNER_ASSERT(result == -1);
623 remove_smack_files();
627 result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},3);
628 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
629 osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
630 remove_smack_files();
632 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},1);
633 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
634 osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
635 remove_smack_files();
637 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {1,1,1},3);
638 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
639 osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
640 remove_smack_files();
646 * Check perm_app_install function
648 RUNNER_TEST(privilege_control01_app_install)
654 perm_app_uninstall(APP_ID);
656 result = perm_app_install(APP_ID);
657 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
659 // try install second time app with the same ID - it should pass.
660 result = perm_app_install(APP_ID);
661 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
667 * Check perm_app_uninstall function
669 RUNNER_TEST(privilege_control07_app_uninstall)
676 result = perm_app_uninstall(APP_ID);
677 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
681 // checking if file really exists
682 fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
683 RUNNER_ASSERT_MSG(fd == -1, "SMACK file NOT deleted after perm_app_uninstall");
688 * Check app_register_av function
689 * Notice that this test case may have no sense if previous would fail (privilege_control06_app_install)
691 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
692 RUNNER_TEST_SMACK(privilege_control10_app_register_av)
694 RUNNER_IGNORED_MSG("app_register_av is not implemented");
698 smack_revoke_subject(APP_TEST_AV_1);
699 smack_revoke_subject(APP_TEST_AV_2);
701 cleaning_smack_app_files();
705 // Adding two apps before antivir
706 result = perm_app_install(APP_TEST_APP_1);
707 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
709 result = perm_app_install(APP_TEST_APP_2);
710 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
713 result = app_register_av(APP_TEST_AV_1);
714 RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
718 // Checking added apps accesses
719 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
720 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
725 result = perm_app_install(APP_TEST_APP_3);
726 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
730 // Checking app accesses
731 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
732 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)");
733 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)");
735 // Adding second antivir
736 result = app_register_av(APP_TEST_AV_2);
737 RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
739 // Checking app accesses
740 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
741 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
742 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
743 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
744 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
745 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
748 smack_revoke_subject(APP_TEST_AV_1);
749 smack_revoke_subject(APP_TEST_AV_2);
751 cleaning_smack_app_files();
753 #pragma GCC diagnostic warning "-Wdeprecated-declarations"
756 * Grant SMACK permissions based on permissions list.
758 RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
762 // Clean up after test:
765 result = perm_app_uninstall(WGT_APP_ID);
766 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
767 result = perm_app_install(WGT_APP_ID);
768 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
771 * Test - Enabling all permissions with persistant mode enabled
773 result = perm_app_revoke_permissions(WGT_APP_ID);
774 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
775 "Error revoking app permissions. Result: " << result);
777 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
778 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
779 " Error enabling app permissions. Result: " << result);
783 // Check if the accesses are realy applied..
784 result = test_have_all_accesses(rules2);
785 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
790 result = perm_app_revoke_permissions(WGT_APP_ID);
791 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
792 "Error revoking app permissions. Result: " << result);
795 * Test - Enabling all permissions with persistant mode disabled
798 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0);
799 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
800 " Error enabling app permissions. Result: " << result);
804 // Check if the accesses are realy applied..
805 result = test_have_all_accesses(rules2);
806 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
811 result = perm_app_revoke_permissions(WGT_APP_ID);
812 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
813 "Error revoking app permissions. Result: " << result);
816 * Test - Enabling all permissions in two complementary files
819 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, 1);
820 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
821 " Error enabling app permissions. Result: " << result);
825 // Check if the accesses are realy applied..
826 result = test_have_all_accesses(rules2_no_r);
827 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
832 result = perm_app_revoke_permissions(WGT_APP_ID);
833 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
834 "Error revoking app permissions. Result: " << result);
837 * Test - Enabling some permissions and then enabling complementary permissions
840 // Enable permission for rules 2 no r
841 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
842 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
843 " Error enabling app permissions without r. Result: " << result);
847 // Check if the accesses are realy applied..
848 result = test_have_all_accesses(rules2_no_r);
849 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
853 // Enable permission for rules 2
854 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
855 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
856 " Error enabling app all permissions. Result: " << result);
860 // Check if the accesses are realy applied..
861 result = test_have_all_accesses(rules2);
862 RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
867 result = perm_app_revoke_permissions(WGT_APP_ID);
868 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
869 "Error revoking app permissions. Result: " << result);
872 * Test - Enabling some permissions and then enabling all permissions
875 // Enable permission for rules 2 no r
876 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
877 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
878 " Error enabling app permissions without r. Result: " << result);
882 // Check if the accesses are realy applied..
883 result = test_have_all_accesses(rules2_no_r);
884 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
888 // Enable permission for rules 2
889 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
890 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
891 " Error enabling app permissions with only r. Result: " << result);
895 // Check if the accesses are realy applied..
896 result = test_have_all_accesses(rules2_r);
897 RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
902 result = perm_app_revoke_permissions(WGT_APP_ID);
903 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
904 "Error revoking app permissions. Result: " << result);
908 // Clean up after test:
909 result = perm_app_uninstall(WGT_APP_ID);
910 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
915 RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
917 test_app_enable_permissions_efl(true);
921 * Check perm_app_install function
923 RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
925 test_app_disable_permissions_efl(true);
930 * Remove previously granted SMACK permissions based on permissions list.
932 RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
934 test_app_disable_permissions(true);
938 * Reset SMACK permissions for an application by revoking all previously
939 * granted rules and enabling them again from a rules file from disk.
941 // TODO: This test is incomplete.
942 RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
947 * Test - doing reset and checking if rules exist again.
952 result = perm_app_install(WGT_APP_ID);
953 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
955 // Prepare permissions to reset
956 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
957 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
958 " Error adding app permissions. Result: " << result);
961 result = perm_app_reset_permissions(WGT_APP_ID);
962 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
963 "Error reseting app permissions. Result: " << result);
967 // Are all second permissions not disabled?
968 result = test_have_all_accesses(rules2);
969 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
973 // Disable permissions
974 result = perm_app_revoke_permissions(WGT_APP_ID);
975 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
976 "Error disabling app permissions. Result: " << result);
978 result = perm_app_uninstall(WGT_APP_ID);
979 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
985 * Make two applications "friends", by giving them both full permissions on
988 RUNNER_TEST_SMACK(privilege_control14_app_add_friend)
990 RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
995 * Test - making friends with no permissions on each other
1000 result = perm_app_revoke_permissions(APP_FRIEND_1);
1001 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1002 "Error revoking app permissions. Result: " << result);
1003 result = perm_app_revoke_permissions(APP_FRIEND_2);
1004 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1005 "Error revoking app permissions. Result: " << result);
1007 perm_app_uninstall(APP_FRIEND_1);
1008 perm_app_uninstall(APP_FRIEND_2);
1010 // Installing friends to be
1011 result = perm_app_install(APP_FRIEND_1);
1012 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1013 " Error installing first app. Result: " << result);
1014 result = perm_app_install(APP_FRIEND_2);
1015 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1016 " Error installing second app. Result: " << result);
1019 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1020 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1021 " Error making friends. Errno: " << result);
1025 // Checking if friends were made
1026 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1027 RUNNER_ASSERT_MSG(result == 1,
1028 " Error first one sided friednship failed. Result: " << result);
1029 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1030 RUNNER_ASSERT_MSG(result == 1,
1031 " Error second one sided friednship failed. Result: " << result);
1036 result = perm_app_revoke_permissions(APP_FRIEND_1);
1037 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1038 "Error revoking app permissions. Result: " << result);
1039 result = perm_app_revoke_permissions(APP_FRIEND_2);
1040 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1041 "Error revoking app permissions. Result: " << result);
1043 perm_app_uninstall(APP_FRIEND_1);
1044 perm_app_uninstall(APP_FRIEND_2);
1049 * Test - making friends with nonexistent friend
1054 // Installing one friend
1055 result = perm_app_install(APP_FRIEND_1);
1056 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1057 " Error installing first app. Errno: " << result);
1059 // Adding imaginary friend as second
1060 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1061 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1062 " Error making friends (first) with imaginairy friend failed. Result: "
1064 // Adding imaginary friend as first
1065 result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1);
1066 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1067 " Error making friends (second) with imaginairy friend failed. Result: "
1070 result = perm_app_revoke_permissions(APP_FRIEND_1);
1071 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1072 "Error revoking app permissions. Result: " << result);
1073 result = perm_app_revoke_permissions(APP_FRIEND_2);
1074 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1075 "Error revoking app permissions. Result: " << result);
1077 perm_app_uninstall(APP_FRIEND_1);
1078 perm_app_uninstall(APP_FRIEND_2);
1083 * Test - making friends with some permissions already added
1088 struct smack_accesses *rulesFriend = NULL;
1090 std::vector<std::string> accessesFriend =
1091 { "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" };
1095 // Installing friends to be
1096 result = perm_app_install(APP_FRIEND_1);
1097 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1098 " Error installing first app. Result: " << result);
1099 result = perm_app_install(APP_FRIEND_2);
1100 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1101 " Error installing second app. Result: " << result);
1105 for (i = 0; i < accessesFriend.size(); ++i)
1107 for (j = 0; j < accessesFriend.size(); ++j)
1109 // Adding rules before making friends
1110 result = smack_accesses_new(&rulesFriend);
1111 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1112 "Error in smack_accesses_new. Result: " << result);
1114 result = smack_accesses_add(rulesFriend,
1115 APP_FRIEND_1, APP_FRIEND_2, accessesFriend[i].c_str());
1116 RUNNER_ASSERT_MSG(result == 0,
1117 "Unable to add modify rulesFirend (first). Result: " << result);
1118 result = smack_accesses_add(rulesFriend, APP_FRIEND_2,
1119 APP_FRIEND_1, accessesFriend[j].c_str());
1120 RUNNER_ASSERT_MSG(result == 0,
1121 "Unable to add modify rulesFirend (second). Result: " << result);
1123 result = smack_accesses_apply(rulesFriend);
1124 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1125 "Error in smack_accesses_apply. Result: " << result);
1130 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1131 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1132 " Error making friends. Result: " << result);
1136 // Checking if friends were made
1137 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1138 RUNNER_ASSERT_MSG(result == 1,
1139 " Error first one sided friednship failed. Result: " << result);
1140 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1141 RUNNER_ASSERT_MSG(result == 1,
1142 " Error second one sided friednship failed. Result: " << result);
1144 // Deleting all rules between friends
1145 smack_accesses_add_modify(rulesFriend,
1146 APP_FRIEND_1, APP_FRIEND_2,"","rwxat");
1147 smack_accesses_add_modify(rulesFriend,
1148 APP_FRIEND_2, APP_FRIEND_1,"","rwxat");
1150 result = smack_accesses_apply(rulesFriend);
1152 smack_accesses_free(rulesFriend);
1160 result = perm_app_revoke_permissions(APP_FRIEND_1);
1161 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1162 "Error revoking app permissions. Result: " << result);
1163 result = perm_app_revoke_permissions(APP_FRIEND_2);
1164 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1165 "Error revoking app permissions. Result: " << result);
1167 perm_app_uninstall(APP_FRIEND_1);
1168 perm_app_uninstall(APP_FRIEND_2);
1173 static void smack_set_random_label_based_on_pid_on_self(void)
1176 std::stringstream ss;
1178 ss << "s-" << getpid() << "-" << getppid();
1179 result = smack_set_label_for_self(ss.str().c_str());
1180 RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
1181 << ss.str().c_str() << ") failed");
1184 static void smack_unix_sock_server(int sock)
1190 fd = accept(sock, NULL, NULL);
1194 result = smack_new_label_from_self(&smack_label);
1199 RUNNER_ASSERT_MSG(0, "smack_new_label_from_self() failed");
1201 result = write(fd, smack_label, strlen(smack_label));
1202 if (result != (int)strlen(smack_label)) {
1206 RUNNER_ASSERT_MSG(0, "write() failed: " << strerror(errno));
1212 RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
1215 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
1219 RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
1221 smack_set_random_label_based_on_pid_on_self();
1223 if (!pid) { /* child process, server */
1226 /* Set the process label before creating a socket */
1227 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1228 RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
1230 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1233 RUNNER_ASSERT_MSG(0, "bind failed: " << strerror(errno));
1235 result = listen(sock, 1);
1238 RUNNER_ASSERT_MSG(0, "listen failed: " << strerror(errno));
1240 smack_unix_sock_server(sock);
1242 /* Change the process label with listening socket */
1243 smack_unix_sock_server(sock);
1246 RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
1247 /* Now running two concurrent servers.
1248 Test if socket label was unaffected by fork() */
1249 smack_unix_sock_server(sock);
1250 /* Let's give the two servers different labels */
1251 smack_unix_sock_server(sock);
1255 } else { /* parent process, client */
1256 sleep(1); /* Give server some time to setup listening socket */
1258 for (i = 0; i < 4; ++i) {
1261 char smack_label1[SMACK_LABEL_LEN + 1];
1264 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1265 RUNNER_ASSERT_MSG(sock >= 0,
1266 "socket failed: " << strerror(errno));
1267 result = connect(sock,
1268 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1271 RUNNER_ASSERT_MSG(0, "connect failed: " << strerror(errno));
1275 result = read(sock, smack_label1, SMACK_LABEL_LEN);
1279 RUNNER_ASSERT_MSG(0, "read failed: " << strerror(errno));
1281 smack_label1[result] = '\0';
1282 smack_label2 = perm_app_id_from_socket(sock);
1283 if (smack_label2 == NULL) {
1285 RUNNER_ASSERT_MSG(0, "perm_app_id_from_socket failed");
1287 result = strcmp(smack_label1, smack_label2);
1290 RUNNER_ASSERT_MSG(0, "smack labels differ: '" << smack_label1
1291 << "' != '" << smack_label2 << "-" << random() << "'");
1298 RUNNER_TEST(privilege_control16_app_setup_path){
1299 const char *path1 = "/usr/share/privilege-control/app_setup_access_test";
1300 const char *path2 = "/usr/share/privilege-control/app_setup_access_test/directory";
1301 const char *path3 = "/usr/share/privilege-control/app_setup_access_test/one";
1302 const char *path4 = "/usr/share/privilege-control/app_setup_access_test/directory/two";
1303 const char *label1 = "qwert123456za";
1304 const char *label2 = "trewq654123az";
1306 CStringPtr labelPtr;
1311 int fd = creat(path3, S_IRWXU);
1314 fd = creat(path4, S_IRWXU);
1322 RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1));
1326 RUNNER_ASSERT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS));
1327 labelPtr.reset(label);
1329 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label1));
1333 RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2));
1337 RUNNER_ASSERT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC));
1338 labelPtr.reset(label);
1340 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label2));
1342 RUNNER_ASSERT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC));
1343 labelPtr.reset(label);
1345 RUNNER_ASSERT(labelPtr.get() == NULL);
1348 RUNNER_TEST_SMACK(privilege_control17_appsettings_privilege)
1350 test_appsettings_privilege(true);
1353 void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) {
1358 result = perm_app_uninstall(APP_ID);
1359 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1360 " Error in perm_app_uninstall." << result);
1362 result = perm_app_install(APP_ID);
1363 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1364 " Error in perm_app_install." << result);
1368 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
1369 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1370 " Unable to clean up Smack labels in " << TEST_APP_DIR);
1372 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1373 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1374 " Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
1378 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, PATH_TYPE);
1379 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1380 " perm_app_setup_path() failed");
1384 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1385 RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
1386 " Unable to check Smack labels for non-app dir");
1390 result = perm_app_uninstall(APP_ID);
1391 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1392 " Error in perm_app_uninstall." << result);
1397 RUNNER_TEST_SMACK(privilege_control18_app_setup_path_public)
1399 test_app_setup_path(__LINE__, APP_PATH_PUBLIC_RO);
1402 RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings)
1404 test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW);
1407 RUNNER_TEST_SMACK(privilege_control20_app_setup_path_npruntime)
1410 CStringPtr labelPtr;
1411 std::string nptargetlabel = std::string(APP_NPRUNTIME) + ".npruntime";
1416 result = perm_app_uninstall(APP_NPRUNTIME);
1417 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
1419 result = perm_app_install(APP_NPRUNTIME);
1420 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install. " << result);
1422 result = perm_app_setup_path(APP_NPRUNTIME, APP_NPRUNTIME_FILE, PERM_APP_PATH_NPRUNTIME);
1423 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. " << result);
1427 RUNNER_ASSERT(0 == smack_lgetlabel(APP_NPRUNTIME_FILE, &label, SMACK_LABEL_EXEC));
1428 labelPtr.reset(label);
1430 RUNNER_ASSERT(0 == strcmp(labelPtr.get(), nptargetlabel.c_str()));
1433 const std::vector< std::vector<std::string> > np_rules = {
1434 { APP_NPRUNTIME, nptargetlabel, "rw" },
1435 { nptargetlabel, APP_NPRUNTIME, "rxat" },
1436 { nptargetlabel, "system::homedir", "rxat" },
1437 { nptargetlabel, "xorg", "rw" },
1438 { nptargetlabel, "crash-worker", "rwxa" },
1439 { nptargetlabel, "sys-assert::core", "rwxat" },
1440 { nptargetlabel, "syslogd", "rw" },
1443 // Test smack accesses
1444 result = test_have_all_accesses(np_rules);
1445 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
1449 result = perm_app_uninstall(APP_NPRUNTIME);
1450 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
1455 RUNNER_TEST(privilege_control21_early_rules)
1457 RUNNER_IGNORED_MSG("early rules are not implemented");
1463 char *single_line_format = NULL;
1467 char subject[SMACK_LABEL_LEN + 1] = {0};
1468 char object[SMACK_LABEL_LEN + 1] = {0};
1469 char rule_add[SMACK_ACC_LEN + 1] = {0};
1470 char rule_remove[SMACK_ACC_LEN + 1] = {0};
1472 unlink(SMACK_RULES_DIR APP_ID);
1476 perm_app_uninstall(APP_ID);
1478 result = perm_app_install(APP_ID);
1479 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1480 result = perm_app_install(APP_TEST_APP_1);
1481 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1485 // checking if file really exists
1486 fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
1488 RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno));
1493 result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm, 1);
1494 RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
1495 result = perm_app_enable_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm, 1);
1496 RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
1500 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1501 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1503 result = asprintf(&single_line_format, "%%%ds %%%ds %%%ds %%%ds\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN, SMACK_ACC_LEN, SMACK_ACC_LEN);
1505 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1506 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1507 pass_1 = 1; // Found rule for APP_ID
1510 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1511 pass_2 = 1; // Found rule for APP_TEST_APP_1
1518 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
1519 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
1521 // Checking if "early rule" for APP_ID was really removed
1522 // We also should make sure that "early rules" for other apps wasn't removed
1524 result = perm_app_uninstall(APP_ID);
1525 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1530 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1531 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1533 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1534 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1535 pass_1 = 0; // Found rule for APP_ID - it should NOT be here
1538 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1539 pass_2 = 1; // Found rule for APP_TEST_APP_1
1546 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
1547 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
1549 // Removing and checking "early rule" for APP_TEST_APP_1
1551 result = perm_app_uninstall(APP_TEST_APP_1);
1552 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1557 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1558 RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1560 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1561 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1562 pass_1 = 0; // Found rule for APP_ID - it should NOT be here
1565 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1566 pass_2 = 0; // Found rule for APP_TEST_APP_1 - it should NOT be here
1570 free(single_line_format);
1573 RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
1574 RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");
1578 * AV Privilege test cases.
1580 * Each privilege_control24* test case tests antivirus privileges for each app_type_t, except for
1581 * deprecated APP_TYPE_OTHER type.
1584 int nftw_remove_dir(const char* filename, const struct stat* /*statptr*/, int /*fileflags*/,
1585 struct FTW* /*pfwt*/)
1589 struct stat filestat;
1591 result = stat(filename, &filestat);
1592 RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to get file statistics. Result: "
1593 << result << ", error: " << strerror(errno) << ", file: " << filename);
1595 if(S_ISREG(filestat.st_mode)) {
1596 result = unlink(filename);
1597 RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to unlink file. Result: "
1598 << result << ", error: " << strerror(errno) << ", file: " << filename);
1599 } else if(S_ISDIR(filestat.st_mode)) {
1600 result = rmdir(filename);
1601 RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to remove dir. Result: "
1602 << result << ", error: " << strerror(errno) << ", file: " << filename);
1608 void InstallApp(const char* pkg_id, const char* path, app_path_type_t app_path_type,
1609 const char* shared_label)
1613 result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP);
1614 RUNNER_ASSERT_MSG(result == 0, "Can't create dir for tests. Result: " << result <<
1615 ", error: " << strerror(errno) << ", app_path_type: " << app_path_type);
1619 result = perm_app_revoke_permissions(pkg_id);
1620 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
1621 << result << ", app_path_type: " << app_path_type);
1622 result = perm_app_uninstall(pkg_id);
1623 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
1624 << result << ", app_path_type: " << app_path_type);
1626 result = perm_app_install(pkg_id);
1627 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
1628 << result << ", app_path_type: " << app_path_type);
1629 result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label);
1630 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
1631 << result << ", app_path_type: " << app_path_type);
1636 void InstallAV(const char* av_id, app_type_t av_type)
1642 result = perm_app_revoke_permissions(av_id);
1643 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
1644 << result << ", av_type: " << av_type);
1645 result = perm_app_uninstall(av_id);
1646 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
1647 << result << ", av_type: " << av_type);
1649 result = perm_app_install(av_id);
1650 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
1651 << result << ", av_type: " << av_type);
1652 result = perm_app_enable_permissions(av_id, av_type, PRIVS_AV, 1);
1653 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "enable_permissions failed. Result: "
1654 << result << ", av_type: " << av_type);
1659 void CheckAVPrivilege(app_type_t av_type, app_path_type_t app_path_type)
1664 result = nftw(APP_TEST_APP_1_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1665 RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1666 ", error " << strerror(errno));
1668 result = nftw(APP_TEST_APP_2_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1669 RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1670 ", error " << strerror(errno));
1672 result = nftw(APP_TEST_APP_3_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1673 RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1674 ", error " << strerror(errno));
1676 InstallApp(APP_TEST_APP_1, APP_TEST_APP_1_DIR, app_path_type, APP_TEST_APP_1_SHARED_LABEL);
1677 InstallAV(APP_TEST_AV_1, av_type);
1678 InstallApp(APP_TEST_APP_2, APP_TEST_APP_2_DIR, app_path_type, APP_TEST_APP_2_SHARED_LABEL);
1679 InstallAV(APP_TEST_AV_2, av_type);
1680 InstallApp(APP_TEST_APP_3, APP_TEST_APP_3_DIR, app_path_type, APP_TEST_APP_3_SHARED_LABEL);
1682 //test - get ACCESS label and check AV privilege
1687 result = smack_lgetlabel(APP_TEST_APP_1_DIR, &tmp, SMACK_LABEL_ACCESS);
1688 RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
1689 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1690 std::string label1(tmp);
1693 result = smack_lgetlabel(APP_TEST_APP_2_DIR, &tmp, SMACK_LABEL_ACCESS);
1694 RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
1695 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1696 std::string label2(tmp);
1699 result = smack_lgetlabel(APP_TEST_APP_3_DIR, &tmp, SMACK_LABEL_ACCESS);
1700 RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
1701 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1702 std::string label3(tmp);
1705 if(app_path_type == APP_PATH_GROUP_RW)
1707 result = label1.compare(APP_TEST_APP_1_SHARED_LABEL);
1708 RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
1709 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1710 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1712 result = label2.compare(APP_TEST_APP_2_SHARED_LABEL);
1713 RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
1714 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1715 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1717 result = label3.compare(APP_TEST_APP_3_SHARED_LABEL);
1718 RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
1719 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1720 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1723 std::stringstream ss;
1728 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1729 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1730 checkOnlyAvAccess(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
1731 ss.str(std::string());
1733 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1734 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1735 checkOnlyAvAccess(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
1736 ss.str(std::string());
1738 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1739 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1740 checkOnlyAvAccess(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
1742 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1743 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1744 checkOnlyAvAccess(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
1745 ss.str(std::string());
1747 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1748 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1749 checkOnlyAvAccess(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
1750 ss.str(std::string());
1752 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1753 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1754 checkOnlyAvAccess(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
1758 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1759 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1760 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
1762 ss.str(std::string());
1763 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1764 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1765 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
1767 ss.str(std::string());
1768 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1769 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1770 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
1772 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1773 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1774 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
1776 ss.str(std::string());
1777 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1778 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1779 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
1781 ss.str(std::string());
1782 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1783 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1784 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
1790 perm_app_revoke_permissions(APP_TEST_AV_1);
1791 perm_app_revoke_permissions(APP_TEST_AV_2);
1792 perm_app_uninstall(APP_TEST_AV_1);
1793 perm_app_uninstall(APP_TEST_AV_2);
1794 perm_app_uninstall(APP_TEST_APP_1);
1795 perm_app_uninstall(APP_TEST_APP_2);
1796 perm_app_uninstall(APP_TEST_APP_3);
1801 RUNNER_TEST(privilege_control24a_av_privilege_group_rw)
1803 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_GROUP_RW);
1804 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_GROUP_RW);
1805 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_GROUP_RW);
1808 RUNNER_TEST(privilege_control24b_av_privilege_settings_rw)
1810 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_SETTINGS_RW);
1811 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_SETTINGS_RW);
1812 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_SETTINGS_RW);
1815 RUNNER_TEST(privilege_control24c_av_privilege_public_ro)
1817 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_PUBLIC_RO);
1818 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_PUBLIC_RO);
1819 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_PUBLIC_RO);