2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
21 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
23 * @brief libprivilege-control test runner
36 #include <sys/types.h>
39 #include <sys/socket.h>
41 #include <sys/smack.h>
43 #include <privilege-control.h>
44 #include <dpl/test/test_runner.h>
45 #include <dpl/test/test_runner_child.h>
46 #include <dpl/test/test_runner_multiprocess.h>
47 #include <dpl/log/log.h>
48 #include <tests_common.h>
49 #include <libprivilege-control_test_common.h>
50 #include "common/duplicates.h"
51 #include "common/db.h"
53 #define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules"
55 #define EARLY_RULE_SUBJECT "livebox.web-provider"
56 #define EARLY_RULE_RIGHTS "rwx---"
58 #define SMACK_ACC_LEN 6
60 // Error codes for test_libprivilege_strerror
61 const std::vector<int> error_codes {
62 PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
63 PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
64 PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
65 PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
70 std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
72 std::vector<std::string> names;
73 for(size_t i = 0; i < size; ++i) {
74 names.push_back(prefix + "_" + std::to_string(i) + suffix);
79 const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
80 const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
81 const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
82 const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
83 const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
84 const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
85 const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
87 int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb,
88 int /*typeflag*/, struct FTW* /*ftwbuf*/)
94 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
95 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
96 RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set");
97 result = strcmp(APPID_SHARED_DIR, label);
98 RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect");
100 result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
101 RUNNER_ASSERT_MSG_BT(result == 1,
102 "Error rwxatl access was not given shared dir. Subject: " <<
103 APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
105 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
106 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
107 RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
110 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
111 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
112 if (S_ISDIR(sb->st_mode)) {
113 RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
114 result = strcmp("TRUE", label);
115 RUNNER_ASSERT_MSG_BT(result == 0, "TRANSMUTE label on " << fpath << " is not set");
117 RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set");
122 int check_labels_dir(const char *fpath, const struct stat *sb,
123 const char *labels_db_path, const char *dir_db_path,
129 char *scanf_label_format;
130 char label_temp[SMACK_LABEL_LEN + 1];
134 result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
135 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
136 RUNNER_ASSERT_MSG_BT(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
139 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
142 RUNNER_ASSERT_MSG_BT(false, "Could not get label for the path");
147 RUNNER_ASSERT_MSG_BT(false, "EXEC label on " << fpath << " is set.");
151 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
155 RUNNER_ASSERT_MSG_BT(false, "Could not get label for the path");
157 if (S_ISDIR(sb->st_mode)) {
161 RUNNER_ASSERT_MSG_BT(false, "TRANSMUTE label on " << fpath << " is not set");
163 result = strcmp("TRUE", label);
167 RUNNER_ASSERT_MSG_BT(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
169 } else if (label != NULL) {
172 RUNNER_ASSERT_MSG_BT(false, "TRANSMUTE label on " << fpath << " is set");
177 if (0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)) {
179 RUNNER_ASSERT_MSG_BT(false, "asprintf failed");
182 file_db = fopen(labels_db_path, "r");
183 if (file_db == NULL) {
185 free(scanf_label_format);
186 RUNNER_ASSERT_MSG_BT(false, "Can not open database for apps");
188 while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
189 result = smack_have_access(label_temp, label_gen, access);
193 free(scanf_label_format);
194 RUNNER_ASSERT_MSG_BT(false,
195 "Error " << access << " access was not given for subject: "
196 << label_temp << ". Result: " << result);
201 file_db = fopen(dir_db_path, "r");
202 if (file_db == NULL) {
204 free(scanf_label_format);
205 RUNNER_ASSERT_MSG_BT(false, "Can not open database for dirs");
208 free(scanf_label_format);
215 void osp_blahblah_check(int line_no, const std::vector<std::string> &rules)
217 std::ifstream smack_file(OSP_BLAHBLAH);
218 RUNNER_ASSERT_MSG_BT(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
220 auto it = rules.begin();
222 while (std::getline(smack_file,line)) {
223 RUNNER_ASSERT_MSG_BT(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
224 RUNNER_ASSERT_MSG_BT(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
228 RUNNER_ASSERT_MSG_BT(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it);
233 void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
235 std::ifstream dac_file(dac_file_path);
236 RUNNER_ASSERT_MSG_BT(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
238 auto it = gids.begin();
240 while (std::getline(dac_file,line)) {
241 std::istringstream is(line);
244 RUNNER_ASSERT_MSG_BT(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
245 RUNNER_ASSERT_MSG_BT(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
249 RUNNER_ASSERT_MSG_BT(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
254 void remove_smack_files()
257 unlink(OSP_BLAHBLAH);
258 unlink(WRT_BLAHBLAH);
259 unlink(OTHER_BLAHBLAH);
260 unlink(WRT_BLAHBLAH_DAC);
261 unlink(OTHER_BLAHBLAH_DAC);
263 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
264 unlink(OSP_BLAHBLAH_DAC[i].c_str());
266 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
267 unlink(OSP_BLAHBLAH_DAC[i].c_str());
272 RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
275 * Test setting labels for all files and folders in given path.
277 RUNNER_TEST(privilege_control02_app_label_dir)
281 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
282 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
284 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
285 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
289 result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
290 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed");
294 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS);
295 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for app dir");
297 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
298 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir");
301 RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir)
307 result = perm_app_install(APP_ID);
308 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
310 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
311 RUNNER_ASSERT_MSG_BT(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
315 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
316 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
318 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
319 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
323 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
324 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed");
328 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS);
329 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for shared app dir");
331 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
332 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir");
336 result = perm_app_uninstall(APP_ID);
337 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
343 * Simple enabling EFL permissions;.
345 RUNNER_TEST_SMACK(privilege_control04_add_permissions)
350 result = perm_app_uninstall(APP_ID);
351 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
353 result = perm_app_install(APP_ID);
354 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
357 result = perm_app_setup_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL);
358 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
359 " perm_app_setup_permissions failed with result: " << result);
363 // Check if permission is assigned to app in db
364 check_app_has_permission(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
366 // Check if the accesses are realy applied..
367 result = test_have_all_accesses(rules_efl);
368 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
372 result = perm_app_uninstall(APP_ID);
373 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
379 * Revoke permissions from the list. Should be executed as privileged user.
381 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
383 test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, true);
387 * Revoke permissions from the list. Should be executed as privileged user.
389 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt_partner)
391 test_revoke_permissions(__LINE__, WGT_PARTNER_APP_ID, rules_wgt_partner, true);
395 * Revoke permissions from the list. Should be executed as privileged user.
397 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt_platform)
399 test_revoke_permissions(__LINE__, WGT_PLATFORM_APP_ID, rules_wgt_platform, true);
403 * Revoke permissions from the list. Should be executed as privileged user.
405 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
407 test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, true);
411 * Revoke permissions from the list. Should be executed as privileged user.
413 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp_partner)
415 test_revoke_permissions(__LINE__, OSP_PARTNER_APP_ID, rules_osp_partner, true);
419 * Revoke permissions from the list. Should be executed as privileged user.
421 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp_platform)
423 test_revoke_permissions(__LINE__, OSP_PLATFORM_APP_ID, rules_osp_platform, true);
427 void set_app_privilege(int line_no,
428 const char* app_id, app_type_t APP_TYPE,
429 const char** privileges, const char* type,
430 const char* app_path, const char* dac_file,
431 const rules_t &rules) {
432 check_app_installed(line_no, app_path);
438 result = perm_app_uninstall(app_id);
439 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
440 " perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
442 result = perm_app_install(app_id);
443 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
444 " perm_app_install returned " << result << ". Errno: " << strerror(errno));
447 result = perm_app_setup_permissions(app_id, APP_TYPE, privileges);
448 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
449 " Error registering app permissions. Result: " << result);
453 result = test_have_all_accesses(rules);
454 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
456 result = perm_app_set_privilege(app_id, type, app_path);
457 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
458 " Error in perm_app_set_privilege. Error: " << result);
460 // Check if SMACK label really set
462 result = smack_new_label_from_self(&label);
463 RUNNER_ASSERT_MSG_BT(result >= 0, "Line: " << line_no <<
464 " Error getting current process label");
465 RUNNER_ASSERT_MSG_BT(label != NULL, "Line: " << line_no <<
466 " Process label is not set");
467 result = strcmp(app_id, label);
468 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
469 " Process label " << label << " is incorrect");
471 check_groups(dac_file);
475 * Set APP privileges. wgt.
477 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
479 set_app_privilege(__LINE__,WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
480 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
484 * Set APP privileges. wgt_partner.
486 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_partner)
488 set_app_privilege(__LINE__, WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT,
489 "wgt_partner", WGT_PARTNER_APP_PATH,
490 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_partner);
494 * Set APP privileges. wgt_platform.
496 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_platform)
498 set_app_privilege(__LINE__, WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT,
499 "wgt_platform", WGT_PLATFORM_APP_PATH,
500 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_platform);
504 * Set APP privileges. osp app.
506 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
508 set_app_privilege(__LINE__, OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, NULL, OSP_APP_PATH,
509 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
513 * Set APP privileges. partner osp app.
515 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_partner)
517 set_app_privilege(__LINE__, OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP,
518 NULL, OSP_PARTNER_APP_PATH, LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_partner);
522 * Set APP privileges. platform osp app.
524 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_platform)
526 set_app_privilege(__LINE__, OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP,
527 NULL, OSP_PLATFORM_APP_PATH,
528 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_platform);
532 * Add new API feature
534 RUNNER_TEST(privilege_control11_add_api_feature)
538 remove_smack_files();
542 // argument validation
543 result = perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0);
544 RUNNER_ASSERT_BT(result == PC_ERR_INVALID_PARAM);
546 result = perm_add_api_feature(APP_TYPE_OSP,"", NULL, NULL, 0);
547 RUNNER_ASSERT_BT(result == PC_ERR_INVALID_PARAM);
550 // Already existing feature:
551 // TODO: Database will be malformed. (Rules for these features will be removed.)
552 result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0);
553 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
555 result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0);
556 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
559 result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0);
560 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
562 result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0);
563 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
566 const char *test1[] = { NULL };
567 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, NULL, 0);
568 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
570 const char *test2[] = { "", NULL };
571 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, NULL, 0);
572 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
574 const char *test3[] = { " \t\n", "\t \n", "\n\t ", NULL };
575 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, NULL, 0);
576 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
579 const char *test4[] = { "malformed", NULL };
580 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, NULL, 0);
581 RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
583 const char *test5[] = { "malformed malformed", NULL };
584 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, NULL, 0);
585 RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
587 const char *test6[] = { "-malformed malformed rwxat", NULL };
588 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, NULL, 0);
589 RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
591 const char *test7[] = { "~/\"\\ malformed rwxat", NULL };
592 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, NULL, 0);
593 RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
595 const char *test8[] = { "subject object rwxat something else", NULL };
596 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, NULL, 0);
597 RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
601 const char *test9[] = {
602 "~APP~ object\t rwxatl",
604 "subject2\t~APP~ ltxarw",
608 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, NULL, 0);
609 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
611 const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", NULL };
612 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, NULL, 0);
613 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
615 const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", NULL }; // TODO This fails.
616 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, NULL, 0);
617 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
620 // TODO For now identical/complementary rules are not merged.
621 const char *test12[] = {
622 "subject1 ~APP~ rwxatl",
624 "subject2 ~APP~ ltxarw",
627 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, NULL, 0);
628 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
631 const char *test13[] = { "~APP~ b a", NULL};
632 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
633 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
634 result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
635 RUNNER_ASSERT_BT(result == -1);
636 remove_smack_files();
640 result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
641 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
642 osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
643 remove_smack_files();
645 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
646 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
647 osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
648 remove_smack_files();
650 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
651 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
652 osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
653 remove_smack_files();
659 * Check perm_app_uninstall function
661 void check_perm_app_uninstall(const char* pkg_id)
667 result = perm_app_uninstall(pkg_id);
668 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned: " << perm_strerror(result));
672 TestLibPrivilegeControlDatabase db_test;
673 db_test.test_db_after__perm_app_uninstall(pkg_id);
676 RUNNER_TEST(privilege_control07_app_uninstall)
678 check_perm_app_uninstall(APP_ID);
682 * Check perm_app_install function
684 void check_perm_app_install(const char* pkg_id)
690 result = perm_app_install(pkg_id);
691 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result));
695 TestLibPrivilegeControlDatabase db_test;
696 db_test.test_db_after__perm_app_install(pkg_id);
699 RUNNER_TEST(privilege_control01_app_install)
701 check_perm_app_uninstall(APP_ID);
702 check_perm_app_install(APP_ID);
703 // try install second time app with the same ID - it should pass.
704 check_perm_app_install(APP_ID);
708 * Check perm_rollback function
710 RUNNER_TEST(privilege_control07_app_rollback)
712 check_perm_app_uninstall(APP_ID);
718 result = perm_app_install(APP_ID);
719 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result));
721 // transaction rollback
722 result = perm_rollback();
723 RUNNER_ASSERT_MSG_BT(result == 0, "perm_rollback returned: " << perm_strerror(result));
727 TestLibPrivilegeControlDatabase db_test;
728 db_test.test_db_after__perm_app_uninstall(APP_ID);
732 RUNNER_TEST(privilege_control07_app_rollback_2)
734 check_perm_app_uninstall(APP_ID);
740 result = perm_app_install(APP_ID);
741 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result));
743 // transaction rollback
744 result = perm_rollback();
745 RUNNER_ASSERT_MSG_BT(result == 0, "perm_rollback returned: " << perm_strerror(result));
747 // install once again after the rollback
748 result = perm_app_install(APP_ID);
749 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result));
753 TestLibPrivilegeControlDatabase db_test;
754 db_test.test_db_after__perm_app_install(APP_ID);
757 * Check app_register_av function
758 * Notice that this test case may have no sense if previous would fail (privilege_control06_app_install)
760 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
761 RUNNER_TEST_SMACK(privilege_control10_app_register_av)
763 RUNNER_IGNORED_MSG("app_register_av is not implemented");
767 smack_revoke_subject(APP_TEST_AV_1);
768 smack_revoke_subject(APP_TEST_AV_2);
772 // Adding two apps before antivir
773 result = perm_app_install(APP_TEST_APP_1);
774 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
776 result = perm_app_install(APP_TEST_APP_2);
777 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
780 result = app_register_av(APP_TEST_AV_1);
781 RUNNER_ASSERT_MSG_BT(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
785 // Checking added apps accesses
786 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
787 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
792 result = perm_app_install(APP_TEST_APP_3);
793 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
797 // Checking app accesses
798 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
799 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)");
800 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)");
802 // Adding second antivir
803 result = app_register_av(APP_TEST_AV_2);
804 RUNNER_ASSERT_MSG_BT(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
806 // Checking app accesses
807 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
808 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
809 checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
810 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
811 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
812 checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
815 smack_revoke_subject(APP_TEST_AV_1);
816 smack_revoke_subject(APP_TEST_AV_2);
818 #pragma GCC diagnostic warning "-Wdeprecated-declarations"
821 * Grant SMACK permissions based on permissions list.
823 RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
827 // Clean up after test:
830 result = perm_app_uninstall(WGT_APP_ID);
831 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
832 result = perm_app_install(WGT_APP_ID);
833 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
836 * Test - Enabling all permissions with persistant mode enabled
838 result = perm_app_revoke_permissions(WGT_APP_ID);
839 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
840 "Error revoking app permissions. Result: " << result);
842 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
843 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
844 " Error registering app permissions. Result: " << result);
848 // Check if the accesses are realy applied..
849 result = test_have_all_accesses(rules2);
850 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
852 // Check if permission is assigned to app in db
853 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
858 result = perm_app_revoke_permissions(WGT_APP_ID);
859 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
860 "Error revoking app permissions. Result: " << result);
864 // Check if permission is disabled in db
865 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
868 * Test - Enabling all permissions with persistant mode disabled
872 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
873 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
874 " Error registering app permissions. Result: " << result);
876 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0);
877 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
878 " Error enabling app permissions. Result: " << result);
882 // Check if the accesses are realy applied..
883 result = test_have_all_accesses(rules2);
884 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
886 // Check if permission is assigned to app in db
887 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
892 result = perm_app_revoke_permissions(WGT_APP_ID);
893 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
894 "Error revoking app permissions. Result: " << result);
898 // Check if permission is disabled in db
899 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
902 * Test - Registering new permissions in two complementary files
907 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R);
908 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
909 " Error registering app permissions. Result: " << result);
913 // Check if the accesses are realy applied..
914 result = test_have_all_accesses(rules2_no_r);
915 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
917 // Check if permissions are assigned to app in db
918 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, true);
923 result = perm_app_revoke_permissions(WGT_APP_ID);
924 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
925 "Error revoking app permissions. Result: " << result);
929 // Check if permissions are disabled in db
930 check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
933 * Test - Enabling some permissions and then enabling complementary permissions
938 // Register permission for rules 2 no r
939 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
940 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
941 " Error registering app permissions without r. Result: " << result);
945 // Check if the accesses are realy applied..
946 result = test_have_all_accesses(rules2_no_r);
947 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions without r not added.");
951 // Register permission for rules 2
952 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
953 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
954 " Error registering app all permissions. Result: " << result);
958 // Check if the accesses are realy applied..
959 result = test_have_all_accesses(rules2);
960 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions all not added.");
965 result = perm_app_revoke_permissions(WGT_APP_ID);
966 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
967 "Error revoking app permissions. Result: " << result);
970 * Test - Enabling some permissions and then enabling all permissions
973 // Enable permission for rules 2 no r
974 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
975 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
976 " Error registering app permissions without r. Result: " << result);
980 // Check if the accesses are realy applied..
981 result = test_have_all_accesses(rules2_no_r);
982 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions without r not added.");
986 // Enable permission for rules 2
987 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
988 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
989 " Error registering app permissions with only r. Result: " << result);
993 // Check if the accesses are realy applied..
994 result = test_have_all_accesses(rules2_r);
995 RUNNER_ASSERT_MSG_BT(result == 1, "Permissions with only r not added.");
1000 result = perm_app_revoke_permissions(WGT_APP_ID);
1001 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1002 "Error revoking app permissions. Result: " << result);
1006 // Clean up after test:
1007 result = perm_app_uninstall(WGT_APP_ID);
1008 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1013 RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
1015 test_app_enable_permissions_efl(true);
1019 * Check perm_app_install function
1021 RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
1023 test_app_disable_permissions_efl(true);
1028 * Remove previously granted SMACK permissions based on permissions list.
1030 RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
1032 test_app_disable_permissions(true);
1036 * Reset SMACK permissions for an application by revoking all previously
1037 * granted rules and enabling them again from a rules file from disk.
1039 // TODO: This test is incomplete.
1040 RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
1045 * Test - doing reset and checking if rules exist again.
1050 result = perm_app_install(WGT_APP_ID);
1051 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1053 // Prepare permissions to reset
1054 result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
1055 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1056 " Error registering app permissions. Result: " << result);
1058 // Reset permissions
1059 result = perm_app_reset_permissions(WGT_APP_ID);
1060 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1061 "Error reseting app permissions. Result: " << result);
1065 // Are all second permissions not disabled?
1066 result = test_have_all_accesses(rules2);
1067 RUNNER_ASSERT_MSG_BT(result == 1, "Not all permissions added.");
1071 // Disable permissions
1072 result = perm_app_revoke_permissions(WGT_APP_ID);
1073 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1074 "Error disabling app permissions. Result: " << result);
1076 result = perm_app_uninstall(WGT_APP_ID);
1077 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1083 * Make two applications "friends", by giving them both full permissions on
1086 RUNNER_TEST_SMACK(privilege_control14_app_add_friend)
1088 RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
1093 * Test - making friends with no permissions on each other
1098 result = perm_app_revoke_permissions(APP_FRIEND_1);
1099 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1100 "Error revoking app permissions. Result: " << result);
1101 result = perm_app_revoke_permissions(APP_FRIEND_2);
1102 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1103 "Error revoking app permissions. Result: " << result);
1105 perm_app_uninstall(APP_FRIEND_1);
1106 perm_app_uninstall(APP_FRIEND_2);
1108 // Installing friends to be
1109 result = perm_app_install(APP_FRIEND_1);
1110 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1111 " Error installing first app. Result: " << result);
1112 result = perm_app_install(APP_FRIEND_2);
1113 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1114 " Error installing second app. Result: " << result);
1117 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1118 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1119 " Error making friends. Errno: " << result);
1123 // Checking if friends were made
1124 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1125 RUNNER_ASSERT_MSG_BT(result == 1,
1126 " Error first one sided friednship failed. Result: " << result);
1127 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1128 RUNNER_ASSERT_MSG_BT(result == 1,
1129 " Error second one sided friednship failed. Result: " << result);
1134 result = perm_app_revoke_permissions(APP_FRIEND_1);
1135 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1136 "Error revoking app permissions. Result: " << result);
1137 result = perm_app_revoke_permissions(APP_FRIEND_2);
1138 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1139 "Error revoking app permissions. Result: " << result);
1141 perm_app_uninstall(APP_FRIEND_1);
1142 perm_app_uninstall(APP_FRIEND_2);
1147 * Test - making friends with nonexistent friend
1152 // Installing one friend
1153 result = perm_app_install(APP_FRIEND_1);
1154 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1155 " Error installing first app. Errno: " << result);
1157 // Adding imaginary friend as second
1158 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1159 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1160 " Error making friends (first) with imaginairy friend failed. Result: "
1162 // Adding imaginary friend as first
1163 result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1);
1164 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1165 " Error making friends (second) with imaginairy friend failed. Result: "
1168 result = perm_app_revoke_permissions(APP_FRIEND_1);
1169 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1170 "Error revoking app permissions. Result: " << result);
1171 result = perm_app_revoke_permissions(APP_FRIEND_2);
1172 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1173 "Error revoking app permissions. Result: " << result);
1175 perm_app_uninstall(APP_FRIEND_1);
1176 perm_app_uninstall(APP_FRIEND_2);
1181 * Test - making friends with some permissions already added
1186 struct smack_accesses *rulesFriend = NULL;
1188 std::vector<std::string> accessesFriend =
1189 { "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" };
1193 // Installing friends to be
1194 result = perm_app_install(APP_FRIEND_1);
1195 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1196 " Error installing first app. Result: " << result);
1197 result = perm_app_install(APP_FRIEND_2);
1198 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1199 " Error installing second app. Result: " << result);
1203 for (i = 0; i < accessesFriend.size(); ++i)
1205 for (j = 0; j < accessesFriend.size(); ++j)
1207 // Adding rules before making friends
1208 result = smack_accesses_new(&rulesFriend);
1209 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1210 "Error in smack_accesses_new. Result: " << result);
1212 result = smack_accesses_add(rulesFriend,
1213 APP_FRIEND_1, APP_FRIEND_2, accessesFriend[i].c_str());
1214 RUNNER_ASSERT_MSG_BT(result == 0,
1215 "Unable to add modify rulesFirend (first). Result: " << result);
1216 result = smack_accesses_add(rulesFriend, APP_FRIEND_2,
1217 APP_FRIEND_1, accessesFriend[j].c_str());
1218 RUNNER_ASSERT_MSG_BT(result == 0,
1219 "Unable to add modify rulesFirend (second). Result: " << result);
1221 result = smack_accesses_apply(rulesFriend);
1222 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1223 "Error in smack_accesses_apply. Result: " << result);
1228 result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
1229 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1230 " Error making friends. Result: " << result);
1234 // Checking if friends were made
1235 result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
1236 RUNNER_ASSERT_MSG_BT(result == 1,
1237 " Error first one sided friednship failed. Result: " << result);
1238 result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
1239 RUNNER_ASSERT_MSG_BT(result == 1,
1240 " Error second one sided friednship failed. Result: " << result);
1242 // Deleting all rules between friends
1243 smack_accesses_add_modify(rulesFriend,
1244 APP_FRIEND_1, APP_FRIEND_2,"","rwxat");
1245 smack_accesses_add_modify(rulesFriend,
1246 APP_FRIEND_2, APP_FRIEND_1,"","rwxat");
1248 result = smack_accesses_apply(rulesFriend);
1250 smack_accesses_free(rulesFriend);
1258 result = perm_app_revoke_permissions(APP_FRIEND_1);
1259 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1260 "Error revoking app permissions. Result: " << result);
1261 result = perm_app_revoke_permissions(APP_FRIEND_2);
1262 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1263 "Error revoking app permissions. Result: " << result);
1265 perm_app_uninstall(APP_FRIEND_1);
1266 perm_app_uninstall(APP_FRIEND_2);
1271 static void smack_set_random_label_based_on_pid_on_self(void)
1274 std::stringstream ss;
1276 ss << "s-" << getpid() << "-" << getppid();
1277 result = smack_set_label_for_self(ss.str().c_str());
1278 RUNNER_ASSERT_MSG_BT(result == 0, "smack_set_label_for_self("
1279 << ss.str().c_str() << ") failed");
1282 static void smack_unix_sock_server(int sock)
1288 fd = accept(sock, NULL, NULL);
1292 result = smack_new_label_from_self(&smack_label);
1297 RUNNER_ASSERT_MSG_BT(0, "smack_new_label_from_self() failed");
1299 result = write(fd, smack_label, strlen(smack_label));
1300 if (result != (int)strlen(smack_label)) {
1304 RUNNER_ASSERT_MSG_BT(0, "write() failed: " << strerror(errno));
1310 RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
1313 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
1317 RUNNER_ASSERT_MSG_BT(pid >= 0, "Fork failed");
1319 smack_set_random_label_based_on_pid_on_self();
1321 if (!pid) { /* child process, server */
1324 /* Set the process label before creating a socket */
1325 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1326 RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno));
1328 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1331 RUNNER_ASSERT_MSG_BT(0, "bind failed: " << strerror(errno));
1333 result = listen(sock, 1);
1336 RUNNER_ASSERT_MSG_BT(0, "listen failed: " << strerror(errno));
1338 smack_unix_sock_server(sock);
1340 /* Change the process label with listening socket */
1341 smack_unix_sock_server(sock);
1344 RUNNER_ASSERT_MSG_BT(pid >= 0, "Fork failed");
1345 /* Now running two concurrent servers.
1346 Test if socket label was unaffected by fork() */
1347 smack_unix_sock_server(sock);
1348 /* Let's give the two servers different labels */
1349 smack_unix_sock_server(sock);
1353 } else { /* parent process, client */
1354 sleep(1); /* Give server some time to setup listening socket */
1356 for (i = 0; i < 4; ++i) {
1359 char smack_label1[SMACK_LABEL_LEN + 1];
1362 sock = socket(AF_UNIX, SOCK_STREAM, 0);
1363 RUNNER_ASSERT_MSG_BT(sock >= 0,
1364 "socket failed: " << strerror(errno));
1365 result = connect(sock,
1366 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
1369 RUNNER_ASSERT_MSG_BT(0, "connect failed: " << strerror(errno));
1373 result = read(sock, smack_label1, SMACK_LABEL_LEN);
1377 RUNNER_ASSERT_MSG_BT(0, "read failed: " << strerror(errno));
1379 smack_label1[result] = '\0';
1380 smack_label2 = perm_app_id_from_socket(sock);
1381 if (smack_label2 == NULL) {
1383 RUNNER_ASSERT_MSG_BT(0, "perm_app_id_from_socket failed");
1385 result = strcmp(smack_label1, smack_label2);
1388 RUNNER_ASSERT_MSG_BT(0, "smack labels differ: '" << smack_label1
1389 << "' != '" << smack_label2 << "-" << random() << "'");
1396 RUNNER_TEST(privilege_control16_app_setup_path){
1397 const char *path1 = "/usr/share/privilege-control/app_setup_access_test";
1398 const char *path2 = "/usr/share/privilege-control/app_setup_access_test/directory";
1399 const char *path3 = "/usr/share/privilege-control/app_setup_access_test/one";
1400 const char *path4 = "/usr/share/privilege-control/app_setup_access_test/directory/two";
1401 const char *label1 = "qwert123456za";
1402 const char *label2 = "trewq654123az";
1404 CStringPtr labelPtr;
1409 int fd = creat(path3, S_IRWXU);
1412 fd = creat(path4, S_IRWXU);
1420 RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1));
1424 RUNNER_ASSERT_BT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS));
1425 labelPtr.reset(label);
1427 RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label1));
1431 RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2));
1435 RUNNER_ASSERT_BT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC));
1436 labelPtr.reset(label);
1438 RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label2));
1440 RUNNER_ASSERT_BT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC));
1441 labelPtr.reset(label);
1443 RUNNER_ASSERT_BT(labelPtr.get() == NULL);
1446 RUNNER_TEST_SMACK(privilege_control17_appsettings_privilege)
1448 test_appsettings_privilege(true);
1451 void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) {
1456 result = perm_app_uninstall(APP_ID);
1457 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1458 " Error in perm_app_uninstall." << result);
1460 result = perm_app_install(APP_ID);
1461 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1462 " Error in perm_app_install." << result);
1466 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
1467 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
1468 " Unable to clean up Smack labels in " << TEST_APP_DIR);
1470 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1471 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
1472 " Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
1476 result = perm_app_setup_path(APP_ID, TEST_APP_DIR, PATH_TYPE);
1477 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
1478 " perm_app_setup_path() failed");
1482 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
1483 RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
1484 " Unable to check Smack labels for non-app dir");
1488 result = perm_app_uninstall(APP_ID);
1489 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
1490 " Error in perm_app_uninstall." << result);
1495 RUNNER_TEST_SMACK(privilege_control18_app_setup_path_public)
1497 test_app_setup_path(__LINE__, APP_PATH_PUBLIC_RO);
1500 RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings)
1502 test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW);
1505 RUNNER_TEST_SMACK(privilege_control20_app_setup_path_npruntime)
1508 CStringPtr labelPtr;
1509 std::string nptargetlabel = std::string(APP_NPRUNTIME) + ".npruntime";
1512 restore_original_additional_rules();
1516 result = perm_app_uninstall(APP_NPRUNTIME);
1517 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
1519 result = perm_app_install(APP_NPRUNTIME);
1520 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_install. " << result);
1522 result = perm_app_setup_path(APP_NPRUNTIME, APP_NPRUNTIME_FILE, PERM_APP_PATH_NPRUNTIME);
1523 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. " << result);
1527 RUNNER_ASSERT_BT(0 == smack_lgetlabel(APP_NPRUNTIME_FILE, &label, SMACK_LABEL_EXEC));
1528 labelPtr.reset(label);
1530 RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), nptargetlabel.c_str()));
1533 const std::vector< std::vector<std::string> > np_rules = {
1534 { APP_NPRUNTIME, nptargetlabel, "rw" },
1535 { nptargetlabel, APP_NPRUNTIME, "rxat" },
1536 { nptargetlabel, "system::homedir", "rxat" },
1537 { nptargetlabel, "xorg", "rw" },
1538 { nptargetlabel, "crash-worker", "rwxa" },
1539 { nptargetlabel, "sys-assert::core", "rwxat" },
1540 { nptargetlabel, "syslogd", "rw" },
1543 // Test smack accesses
1544 result = test_have_all_accesses(np_rules);
1545 RUNNER_ASSERT_MSG_BT(result == 1, "Not all permissions added.");
1549 result = perm_app_uninstall(APP_NPRUNTIME);
1550 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
1555 RUNNER_TEST(privilege_control21_early_rules)
1557 RUNNER_IGNORED_MSG("early rules are not implemented");
1562 char *single_line_format = NULL;
1566 char subject[SMACK_LABEL_LEN + 1] = {0};
1567 char object[SMACK_LABEL_LEN + 1] = {0};
1568 char rule_add[SMACK_ACC_LEN + 1] = {0};
1569 char rule_remove[SMACK_ACC_LEN + 1] = {0};
1573 perm_app_uninstall(APP_ID);
1575 result = perm_app_install(APP_ID);
1576 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1577 result = perm_app_install(APP_TEST_APP_1);
1578 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
1582 TestLibPrivilegeControlDatabase db_test;
1583 db_test.test_db_after__perm_app_install(APP_ID);
1584 db_test.test_db_after__perm_app_install(APP_TEST_APP_1);
1588 result = perm_app_setup_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm);
1589 RUNNER_ASSERT_MSG_BT(result == 0, "app_register_permissions failed: " << result);
1590 result = perm_app_setup_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm);
1591 RUNNER_ASSERT_MSG_BT(result == 0, "app_register_permissions failed: " << result);
1595 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1596 RUNNER_ASSERT_MSG_BT(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1598 result = asprintf(&single_line_format, "%%%ds %%%ds %%%ds %%%ds\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN, SMACK_ACC_LEN, SMACK_ACC_LEN);
1600 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1601 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1602 pass_1 = 1; // Found rule for APP_ID
1605 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1606 pass_2 = 1; // Found rule for APP_TEST_APP_1
1613 RUNNER_ASSERT_MSG_BT(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
1614 RUNNER_ASSERT_MSG_BT(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
1616 // Checking if "early rule" for APP_ID was really removed
1617 // We also should make sure that "early rules" for other apps wasn't removed
1619 result = perm_app_uninstall(APP_ID);
1620 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1625 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1626 RUNNER_ASSERT_MSG_BT(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1628 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1629 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1630 pass_1 = 0; // Found rule for APP_ID - it should NOT be here
1633 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1634 pass_2 = 1; // Found rule for APP_TEST_APP_1
1641 RUNNER_ASSERT_MSG_BT(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
1642 RUNNER_ASSERT_MSG_BT(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
1644 // Removing and checking "early rule" for APP_TEST_APP_1
1646 result = perm_app_uninstall(APP_TEST_APP_1);
1647 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
1652 file = fopen(SMACK_STARTUP_RULES_FILE, "r");
1653 RUNNER_ASSERT_MSG_BT(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
1655 while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
1656 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
1657 pass_1 = 0; // Found rule for APP_ID - it should NOT be here
1660 if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) {
1661 pass_2 = 0; // Found rule for APP_TEST_APP_1 - it should NOT be here
1665 free(single_line_format);
1668 RUNNER_ASSERT_MSG_BT(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
1669 RUNNER_ASSERT_MSG_BT(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");
1673 * AV Privilege test cases.
1675 * Each privilege_control24* test case tests antivirus privileges for each app_type_t, except for
1676 * deprecated APP_TYPE_OTHER type.
1679 int nftw_remove_dir(const char* filename, const struct stat* /*statptr*/, int /*fileflags*/,
1680 struct FTW* /*pfwt*/)
1684 struct stat filestat;
1686 result = stat(filename, &filestat);
1687 RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to get file statistics. Result: "
1688 << result << ", error: " << strerror(errno) << ", file: " << filename);
1690 if(S_ISREG(filestat.st_mode)) {
1691 result = unlink(filename);
1692 RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to unlink file. Result: "
1693 << result << ", error: " << strerror(errno) << ", file: " << filename);
1694 } else if(S_ISDIR(filestat.st_mode)) {
1695 result = rmdir(filename);
1696 RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to remove dir. Result: "
1697 << result << ", error: " << strerror(errno) << ", file: " << filename);
1703 void InstallApp(const char* pkg_id, const char* path, app_path_type_t app_path_type,
1704 const char* shared_label)
1708 result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP);
1709 RUNNER_ASSERT_MSG_BT(result == 0, "Can't create dir for tests. Result: " << result <<
1710 ", error: " << strerror(errno) << ", app_path_type: " << app_path_type);
1714 result = perm_app_revoke_permissions(pkg_id);
1715 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
1716 << result << ", app_path_type: " << app_path_type);
1717 result = perm_app_uninstall(pkg_id);
1718 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
1719 << result << ", app_path_type: " << app_path_type);
1721 result = perm_app_install(pkg_id);
1722 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
1723 << result << ", app_path_type: " << app_path_type);
1724 result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label);
1725 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
1726 << result << ", app_path_type: " << app_path_type);
1731 void InstallAV(const char* av_id, app_type_t av_type)
1737 result = perm_app_revoke_permissions(av_id);
1738 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
1739 << result << ", av_type: " << av_type);
1740 result = perm_app_uninstall(av_id);
1741 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
1742 << result << ", av_type: " << av_type);
1744 result = perm_app_install(av_id);
1745 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
1746 << result << ", av_type: " << av_type);
1747 result = perm_app_setup_permissions(av_id, av_type, PRIVS_AV);
1748 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "register_permissions failed. Result: "
1749 << result << ", av_type: " << av_type);
1754 void CheckAVPrivilege(app_type_t av_type, app_path_type_t app_path_type)
1759 result = nftw(APP_TEST_APP_1_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1760 RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1761 ", error " << strerror(errno));
1763 result = nftw(APP_TEST_APP_2_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1764 RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1765 ", error " << strerror(errno));
1767 result = nftw(APP_TEST_APP_3_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
1768 RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
1769 ", error " << strerror(errno));
1771 InstallApp(APP_TEST_APP_1, APP_TEST_APP_1_DIR, app_path_type, APP_TEST_APP_1_SHARED_LABEL);
1772 InstallAV(APP_TEST_AV_1, av_type);
1773 InstallApp(APP_TEST_APP_2, APP_TEST_APP_2_DIR, app_path_type, APP_TEST_APP_2_SHARED_LABEL);
1774 InstallAV(APP_TEST_AV_2, av_type);
1775 InstallApp(APP_TEST_APP_3, APP_TEST_APP_3_DIR, app_path_type, APP_TEST_APP_3_SHARED_LABEL);
1777 //test - get ACCESS label and check AV privilege
1782 result = smack_lgetlabel(APP_TEST_APP_1_DIR, &tmp, SMACK_LABEL_ACCESS);
1783 RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
1784 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1785 std::string label1(tmp);
1788 result = smack_lgetlabel(APP_TEST_APP_2_DIR, &tmp, SMACK_LABEL_ACCESS);
1789 RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
1790 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1791 std::string label2(tmp);
1794 result = smack_lgetlabel(APP_TEST_APP_3_DIR, &tmp, SMACK_LABEL_ACCESS);
1795 RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
1796 << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1797 std::string label3(tmp);
1800 if(app_path_type == APP_PATH_GROUP_RW)
1802 result = label1.compare(APP_TEST_APP_1_SHARED_LABEL);
1803 RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
1804 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1805 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1807 result = label2.compare(APP_TEST_APP_2_SHARED_LABEL);
1808 RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
1809 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1810 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1812 result = label3.compare(APP_TEST_APP_3_SHARED_LABEL);
1813 RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
1814 ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
1815 ", av_type: " << av_type << ", app_path_type: " << app_path_type);
1818 std::stringstream ss;
1823 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1824 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1825 checkOnlyAvAccess(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
1826 ss.str(std::string());
1828 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1829 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1830 checkOnlyAvAccess(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
1831 ss.str(std::string());
1833 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1834 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1835 checkOnlyAvAccess(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
1837 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1838 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1839 checkOnlyAvAccess(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
1840 ss.str(std::string());
1842 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1843 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1844 checkOnlyAvAccess(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
1845 ss.str(std::string());
1847 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1848 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1849 checkOnlyAvAccess(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
1853 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1854 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1855 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
1857 ss.str(std::string());
1858 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1859 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1860 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
1862 ss.str(std::string());
1863 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1864 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1865 checkOnlyAvAccessNosmack(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
1867 ss << "APP_TEST_APP_1, line " << __LINE__ <<
1868 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1869 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
1871 ss.str(std::string());
1872 ss << "APP_TEST_APP_2, line " << __LINE__ <<
1873 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1874 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
1876 ss.str(std::string());
1877 ss << "APP_TEST_APP_3, line " << __LINE__ <<
1878 ", av_type: " << av_type << ", app_path_type: " << app_path_type;
1879 checkOnlyAvAccessNosmack(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
1885 perm_app_revoke_permissions(APP_TEST_AV_1);
1886 perm_app_revoke_permissions(APP_TEST_AV_2);
1887 perm_app_uninstall(APP_TEST_AV_1);
1888 perm_app_uninstall(APP_TEST_AV_2);
1889 perm_app_uninstall(APP_TEST_APP_1);
1890 perm_app_uninstall(APP_TEST_APP_2);
1891 perm_app_uninstall(APP_TEST_APP_3);
1896 RUNNER_TEST(privilege_control24a_av_privilege_group_rw)
1898 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_GROUP_RW);
1899 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_GROUP_RW);
1900 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_GROUP_RW);
1903 RUNNER_TEST(privilege_control24b_av_privilege_settings_rw)
1905 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_SETTINGS_RW);
1906 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_SETTINGS_RW);
1907 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_SETTINGS_RW);
1910 RUNNER_TEST(privilege_control24c_av_privilege_public_ro)
1912 CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_PUBLIC_RO);
1913 CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_PUBLIC_RO);
1914 CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_PUBLIC_RO);
1917 RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
1918 int POSITIVE_ERROR_CODE = 1;
1919 int NONEXISTING_ERROR_CODE = -239042;
1922 for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
1923 RUNNER_ASSERT_MSG_BT(strcmp(perm_strerror(*itr), "Unknown error") != 0,
1924 "Returned invalid error code description.");
1927 result = perm_strerror(POSITIVE_ERROR_CODE);
1928 RUNNER_ASSERT_MSG_BT(strcmp(result, "Unknown error") == 0,
1929 "Bad message returned for invalid error code: \"" << result << "\"");
1931 result = perm_strerror(NONEXISTING_ERROR_CODE);
1932 RUNNER_ASSERT_MSG_BT(strcmp(result, "Unknown error") == 0,
1933 "Bad message returned for invalid error code: \"" << result << "\"");
1936 RUNNER_TEST(privilege_control27_perm_app_get_privileges_empty)
1938 char** pp_privileges = NULL;
1940 CStringListPtr privileges;
1944 result = perm_app_uninstall(APP_ID);
1945 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1946 "perm_app_uninstall failed: " << perm_strerror(result));
1948 result = perm_app_install(APP_ID);
1950 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1951 "perm_app_install failed: " << perm_strerror(result));
1955 result = perm_app_get_permissions(APP_ID, PERM_APP_TYPE_WGT, &pp_privileges);
1956 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1957 "perm_app_get_permissions failed: " << perm_strerror(result));
1958 privileges.reset(pp_privileges);
1960 RUNNER_ASSERT_MSG_BT(pp_privileges != NULL,
1961 "perm_app_get_permissions failed to set pointer to cstring array");
1962 RUNNER_ASSERT_MSG_BT(*pp_privileges == NULL,
1963 "perm_app_get_permissions found permissions when not supposed to");
1966 RUNNER_TEST(privilege_control27_perm_app_get_privileges)
1968 char** pp_privileges = NULL;
1971 CStringListPtr privileges;
1975 result = perm_app_uninstall(APP_ID);
1977 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1978 "perm_app_uninstall failed: " << perm_strerror(result));
1980 result = perm_app_install(APP_ID);
1981 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1982 "perm_app_install failed: " << perm_strerror(result));
1984 result = perm_app_setup_permissions(APP_ID, PERM_APP_TYPE_WGT, PRIVS);
1985 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1986 "perm_app_register_permissions failed: " << perm_strerror(result));
1988 result = perm_app_setup_permissions(APP_ID, PERM_APP_TYPE_WGT, PRIVS2);
1989 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1990 "perm_app_register_permissions failed: " << perm_strerror(result));
1992 result = perm_app_disable_permissions(APP_ID, PERM_APP_TYPE_WGT, PRIVS2);
1993 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1994 "perm_app_disable_permissions failed: " << perm_strerror(result));
1997 result = perm_app_get_permissions(APP_ID, PERM_APP_TYPE_WGT, &pp_privileges);
1998 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
1999 "perm_app_get_permissions returned " << result << ": " << perm_strerror(result));
2000 privileges.reset(pp_privileges);
2002 for(i = 0; pp_privileges[i] != NULL; ++i) {
2003 RUNNER_ASSERT_MSG_BT(PRIVS[i] != NULL,
2004 "perm_app_get_permissions returned too many permissions");
2005 RUNNER_ASSERT_MSG_BT(strcmp(pp_privileges[i], PRIVS[i]) == 0,
2006 "perm_app_get_permissions returned wrong permission, " << pp_privileges[i] <<
2007 " != " << PRIVS[i]);
2009 RUNNER_ASSERT_MSG_BT(PRIVS[i] == NULL,
2010 "perm_app_get_permissions returned too few enabled permissions");
2013 RUNNER_TEST(privilege_control28_perm_app_get_paths_empty)
2015 char **pp_paths = NULL;
2017 CStringListPtr paths;
2021 result = perm_app_uninstall(APP_ID);
2022 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
2023 "perm_app_uninstall failed: " << perm_strerror(result));
2025 result = perm_app_install(APP_ID);
2026 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " <<
2027 perm_strerror(result));
2031 result = perm_app_get_paths(APP_ID, PERM_APP_PATH_PUBLIC, &pp_paths);
2032 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_get_paths failed: " <<
2033 perm_strerror(result));
2034 paths.reset(pp_paths);
2036 RUNNER_ASSERT_MSG_BT(pp_paths != NULL,
2037 "perm_app_get_paths failed to set pointer to cstring array");
2038 RUNNER_ASSERT_MSG_BT(*pp_paths == NULL, "perm_app_get_paths found paths when not supposed to");
2041 RUNNER_TEST(privilege_control28_perm_app_get_paths)
2043 char **pp_paths = NULL;
2047 CStringListPtr paths;
2048 std::vector<Directory> test_paths;
2050 for (i = 0; i < DIR_NUM; ++i) {
2051 test_paths.push_back(Directory("/tmp/dir" + std::to_string(i), 0));
2052 RUNNER_ASSERT_MSG_BT(test_paths[i].isCreated(), "failed to create a directory " <<
2053 test_paths[i].path() << ": " << strerror(test_paths[i].errorCode()));
2058 result = perm_app_uninstall(APP_ID);
2059 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed: " <<
2060 perm_strerror(result));
2062 result = perm_app_install(APP_ID);
2063 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " <<
2064 perm_strerror(result));
2066 for (auto itr = test_paths.begin(); itr != test_paths.end(); ++itr) {
2067 result = perm_app_setup_path(APP_ID, itr->path().c_str(), PERM_APP_PATH_PUBLIC);
2068 RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path failed: " << perm_strerror(result));
2073 result = perm_app_get_paths(APP_ID, PERM_APP_PATH_PUBLIC, &pp_paths);
2074 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_get_paths failed: " <<
2075 perm_strerror(result));
2076 paths.reset(pp_paths);
2078 for(i = 0; pp_paths[i] != NULL; ++i) {
2079 RUNNER_ASSERT_MSG_BT(i < test_paths.size(), "perm_app_get_paths returned too many paths");
2080 RUNNER_ASSERT_MSG_BT(test_paths[i].path() == pp_paths[i],
2081 "perm_app_get_paths returned unexpected path, " << pp_paths[i] << " != " <<
2082 test_paths[i].path());
2084 RUNNER_ASSERT_MSG_BT(i == test_paths.size(), "perm_app_get_paths returned too few paths");
2088 result = perm_app_uninstall(APP_ID);
2089 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed: " <<
2090 perm_strerror(result));