[platform/core/test/security-tests.git] / tests / libprivilege-control-tests / test_cases_perm_add_additional_rules.cpp

/*
 * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
*/

/*
 * @file        test_cases_perm_add_additional_rules.cpp
 * @author      Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
 * @version     1.0
 * @brief       libprivilege-control test_cases_perm_add_additional_rules tests
 */

#include <string>
#include <vector>
#include <functional>
#include <memory>
#include <sys/smack.h>

#include <privilege-control.h>
#include <dpl/test/test_runner.h>
#include <tests_common.h>
#include <libprivilege-control_test_common.h>
#include "common/duplicates.h"
#include "common/db.h"

const char* additional_rules_empty[] = {
    NULL };

const char* additional_rules_rollback[] = {
    "app1 ~PUBLIC_PATH~ rw",
    "~PUBLIC_PATH~ app2 rw",
    "app3 ~GROUP_PATH~ rw",
    "~GROUP_PATH~ app4 rw",
    "app5 ~SETTINGS_PATH~ rw",
    "~SETTINGS_PATH~ app6 rw",
    "app7 ~NPRUNTIME_PATH~ rw",
    "~NPRUNTIME_PATH~ app8 rw",
    NULL };


const char* additional_rules_test_case_bad_01[] = {
    "AAA  BBB",
    NULL };

const char* additional_rules_test_case_bad_02[] = {
    "AAA BBB 1234567890123456789012345678901234567890123456789012345678901234567890",
    NULL };

const char* additional_rules_test_case_bad_03[] = {
    "~PUBLIC_PATH~ ~PUBLIC_PATH~ rw",
    NULL };

const char* additional_rules_test_case_bad_04[] = {
    "~ALL_APPS~ ~ALL_APPS~ wax",
    NULL };

const char* additional_rules_test_case_bad_05[] = {
    "~ALL_APPS~ ~costam r",
    NULL };

const char* additional_rules_test_case_bad_06[] = {
    "~AAA ~BBB tlw",
    NULL };

const char* additional_rules_test_case_good_01[] = {
    "AAA BBB CCC",
    NULL };

const char* additional_rules_test_case_good_02[] = {
    "qazapp1 ~PUBLIC_PATH~ r",
    "~PUBLIC_PATH~ wsxapp2 w",
    "qazapp3 ~GROUP_PATH~ x",
    "~GROUP_PATH~ wsxapp4 t",
    "qazapp5 ~SETTINGS_PATH~ a",
    "~SETTINGS_PATH~ wsxapp6 l",
    "qazapp7 ~NPRUNTIME_PATH~ rwxatl",
    "~NPRUNTIME_PATH~ wsxapp8 ------",
    "qazapp9 ~ALL_APPS~ rwx",
    "~ALL_APPS~ wsxapp10 rwx",
    "qazapp11 ~ALL_APPS_WITH_SAME_PERMISSION~ rwxt",
    "~ALL_APPS_WITH_SAME_PERMISSION~ wsxapp12 rwxt",
    NULL };

const char* additional_rules_test_case_good_03[] = {
    "~ALL_APPS~ costam wata",
    NULL };

void test_one_additional_rules_set(const char** rules)
{
    int result = -1;
    additional_rules parsed_rules;

// Parse rules and check if they are valid
    bool correct_rules = additional_rules_parse(rules, parsed_rules);

// Apply known set of additional rules and close db transaction to apply them to smack
    DB_BEGIN
    result = perm_add_additional_rules(additional_rules_rollback);
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
                         "Failed on applying rollback additional rules with result = " << result);
    DB_END

// Try setting test set
    DB_BEGIN
    result = perm_add_additional_rules(rules);
    DB_END

    if (correct_rules) {
// If rules are correct test set should be applied succesfully
        RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
                             "perm_add_additional_rules failed. result = " << result);

        //testing database
        TestLibPrivilegeControlDatabase db_test;
        db_test.test_db_after__perm_add_additional_rules(parsed_rules);
    } else {
// If rules are not valid test set should not be applied and db should rollback to known set
        RUNNER_ASSERT_MSG_BT(result != PC_OPERATION_SUCCESS,
                             "perm_add_additional_rules succeeded, but shouldn't.");

        //testing rollback
        additional_rules parsed_rollback_rules;
        additional_rules_parse(additional_rules_rollback, parsed_rollback_rules);
        TestLibPrivilegeControlDatabase db_test;
        db_test.test_db_after__perm_add_additional_rules(parsed_rollback_rules);
    }
}

RUNNER_TEST(privilege_control26_perm_add_additional_rules_database)
{
    UNUSED RestoreAdditionalRulesGuard guard;
    test_one_additional_rules_set(additional_rules_empty);
    test_one_additional_rules_set(additional_rules_rollback);

    test_one_additional_rules_set(additional_rules_test_case_bad_01);
    test_one_additional_rules_set(additional_rules_test_case_bad_02);
    test_one_additional_rules_set(additional_rules_test_case_bad_03);
    test_one_additional_rules_set(additional_rules_test_case_bad_04);
    test_one_additional_rules_set(additional_rules_test_case_bad_05);
    test_one_additional_rules_set(additional_rules_test_case_bad_06);

    test_one_additional_rules_set(additional_rules_test_case_good_01);
    test_one_additional_rules_set(additional_rules_test_case_good_02);
    test_one_additional_rules_set(additional_rules_test_case_good_03);
}

/**************************************************************************************************/

struct smack_rule
{
    std::string subject;
    std::string object;
    std::string access;
};

typedef std::vector<smack_rule> smack_rules_vector;

void test_one_smack_rule(const smack_rule& rule)
{
    int result;
    bool pass;
    const std::vector<std::string> access = {"r", "w", "x" ,"a", "t", "l"};
    for (auto a = access.begin(); a != access.end(); ++a) {
        result = smack_have_access(rule.subject.c_str(), rule.object.c_str(), a->c_str());

        if (rule.access.find(*a) != std::string::npos)
            pass = (result == 1);
        else
            pass = (result <= 0);

        RUNNER_ASSERT_MSG_BT(pass, "rule = {" << rule.subject << "; " << rule.object << "; " <<
                             rule.access << "}" << std::endl <<
                             "access = " << *a << std::endl <<
                             "result = " << result << std::endl);
    }
}

void test_smack_rules_vector(const smack_rules_vector& rules)
{
    for (auto rule = rules.begin(); rule != rules.end(); ++rule)
        test_one_smack_rule(*rule);
}

const std::string APP27_A = "APP27_A";
const std::string APP27_B = "APP27_B";
const std::string APP27_C = "APP27_C";
const std::string APP27_D = "APP27_D";
const std::string APP27_E = "APP27_E";
const std::string APP27_F = "APP27_F";

const std::string APP27_A_PUB = "/etc/smack/test_privilege_control_DIR/A_PUBLIC";
const std::string APP27_D_PUB = "/etc/smack/test_privilege_control_DIR/D_PUBLIC";
const std::string APP27_E_PUB = "/etc/smack/test_privilege_control_DIR/E_PUBLIC";

const std::string APP27_A_PUB_ID = smack_label_for_path(APP27_A, APP27_A_PUB);
const std::string APP27_D_PUB_ID = smack_label_for_path(APP27_D, APP27_D_PUB);
const std::string APP27_E_PUB_ID = smack_label_for_path(APP27_E, APP27_E_PUB);

const std::string APP27_B_SET = "/etc/smack/test_privilege_control_DIR/B_SETTINGS";
const std::string APP27_C_SET = "/etc/smack/test_privilege_control_DIR/C_SETTINGS";
const std::string APP27_E_SET = "/etc/smack/test_privilege_control_DIR/E_SETTINGS";

const std::string APP27_B_SET_ID = smack_label_for_path(APP27_B, APP27_B_SET);
const std::string APP27_C_SET_ID = smack_label_for_path(APP27_C, APP27_C_SET);
const std::string APP27_E_SET_ID = smack_label_for_path(APP27_E, APP27_E_SET);

const std::string APP27_A_GRP = "/etc/smack/test_privilege_control_DIR/A_GROUP";
const std::string APP27_B_GRP = "/etc/smack/test_privilege_control_DIR/B_GROUP";
const std::string APP27_F_GRP = "/etc/smack/test_privilege_control_DIR/F_GROUP";

const std::string APP27_A_GRP_ID = "A";
const std::string APP27_B_GRP_ID = "B";
const std::string APP27_F_GRP_ID = "F";

const smack_rules_vector initial_state = {
    { APP27_A, APP27_A_PUB_ID, "rwxatl" },
    { APP27_B, APP27_A_PUB_ID, "rx" },
    { APP27_C, APP27_A_PUB_ID, "rx" },
    { APP27_D, APP27_A_PUB_ID, "rx" },
    { APP27_E, APP27_A_PUB_ID, "rx" },
    { APP27_F, APP27_A_PUB_ID, "" },

    { APP27_A, APP27_D_PUB_ID, "rx" },
    { APP27_B, APP27_D_PUB_ID, "rx" },
    { APP27_C, APP27_D_PUB_ID, "rx" },
    { APP27_D, APP27_D_PUB_ID, "rwxatl" },
    { APP27_E, APP27_D_PUB_ID, "rx" },
    { APP27_F, APP27_D_PUB_ID, "" },

    { APP27_A, APP27_E_PUB_ID, "" },
    { APP27_B, APP27_E_PUB_ID, "" },
    { APP27_C, APP27_E_PUB_ID, "" },
    { APP27_D, APP27_E_PUB_ID, "" },
    { APP27_E, APP27_E_PUB_ID, "" },
    { APP27_F, APP27_E_PUB_ID, "" },

    { APP27_A, APP27_A_GRP_ID, "rwxatl" },
    { APP27_B, APP27_A_GRP_ID, "rwxatl" },
    { APP27_C, APP27_A_GRP_ID, "" },
    { APP27_D, APP27_A_GRP_ID, "" },
    { APP27_E, APP27_A_GRP_ID, "" },
    { APP27_F, APP27_A_GRP_ID, "" },

    { APP27_A, APP27_B_GRP_ID, "" },
    { APP27_B, APP27_B_GRP_ID, "rwxatl" },
    { APP27_C, APP27_B_GRP_ID, "rwxatl" },
    { APP27_D, APP27_B_GRP_ID, "" },
    { APP27_E, APP27_B_GRP_ID, "" },
    { APP27_F, APP27_B_GRP_ID, "" },

    { APP27_A, APP27_F_GRP_ID, "" },
    { APP27_B, APP27_F_GRP_ID, "" },
    { APP27_C, APP27_F_GRP_ID, "" },
    { APP27_D, APP27_F_GRP_ID, "" },
    { APP27_E, APP27_F_GRP_ID, "" },
    { APP27_F, APP27_F_GRP_ID, "" },

    { APP27_A, APP27_B_SET_ID, "" },
    { APP27_B, APP27_B_SET_ID, "rwxatl" },
    { APP27_C, APP27_B_SET_ID, "" },
    { APP27_D, APP27_B_SET_ID, "" },
    { APP27_E, APP27_B_SET_ID, "" },
    { APP27_F, APP27_B_SET_ID, "" },

    { APP27_A, APP27_C_SET_ID, "" },
    { APP27_B, APP27_C_SET_ID, "" },
    { APP27_C, APP27_C_SET_ID, "" },
    { APP27_D, APP27_C_SET_ID, "" },
    { APP27_E, APP27_C_SET_ID, "" },
    { APP27_F, APP27_C_SET_ID, "" },

    { APP27_A, APP27_E_SET_ID, "" },
    { APP27_B, APP27_E_SET_ID, "" },
    { APP27_C, APP27_E_SET_ID, "" },
    { APP27_D, APP27_E_SET_ID, "" },
    { APP27_E, APP27_E_SET_ID, "rwxatl" },
    { APP27_F, APP27_E_SET_ID, "" }
};

const smack_rules_vector rules_1_state = {
    { APP27_A, APP27_A_PUB_ID, "rwxatl" },
    { APP27_B, APP27_A_PUB_ID, "rx" },
    { APP27_C, APP27_A_PUB_ID, "rx" },
    { APP27_D, APP27_A_PUB_ID, "rxl" },
    { APP27_E, APP27_A_PUB_ID, "rwxatl" },
    { APP27_F, APP27_A_PUB_ID, "rwxatl" },

    { APP27_A, APP27_D_PUB_ID, "rx" },
    { APP27_B, APP27_D_PUB_ID, "rx" },
    { APP27_C, APP27_D_PUB_ID, "rx" },
    { APP27_D, APP27_D_PUB_ID, "rwxatl" },
    { APP27_E, APP27_D_PUB_ID, "rwxatl" },
    { APP27_F, APP27_D_PUB_ID, "rwxatl" },

    { APP27_A, APP27_E_PUB_ID, "" },
    { APP27_B, APP27_E_PUB_ID, "" },
    { APP27_C, APP27_E_PUB_ID, "" },
    { APP27_D, APP27_E_PUB_ID, "" },
    { APP27_E, APP27_E_PUB_ID, "" },
    { APP27_F, APP27_E_PUB_ID, "" },

    { APP27_A, APP27_A_GRP_ID, "rwxatl" },
    { APP27_B, APP27_A_GRP_ID, "rwxatl" },
    { APP27_C, APP27_A_GRP_ID, "" },
    { APP27_D, APP27_A_GRP_ID, "ra" },
    { APP27_E, APP27_A_GRP_ID, "" },
    { APP27_F, APP27_A_GRP_ID, "" },

    { APP27_A, APP27_B_GRP_ID, "" },
    { APP27_B, APP27_B_GRP_ID, "rwxatl" },
    { APP27_C, APP27_B_GRP_ID, "rwxatl" },
    { APP27_D, APP27_B_GRP_ID, "ra" },
    { APP27_E, APP27_B_GRP_ID, "" },
    { APP27_F, APP27_B_GRP_ID, "" },

    { APP27_A, APP27_F_GRP_ID, "" },
    { APP27_B, APP27_F_GRP_ID, "" },
    { APP27_C, APP27_F_GRP_ID, "" },
    { APP27_D, APP27_F_GRP_ID, "" },
    { APP27_E, APP27_F_GRP_ID, "" },
    { APP27_F, APP27_F_GRP_ID, "" },

    { APP27_A, APP27_B_SET_ID, "ra" },
    { APP27_B, APP27_B_SET_ID, "rwxatl" },
    { APP27_C, APP27_B_SET_ID, "" },
    { APP27_D, APP27_B_SET_ID, "" },
    { APP27_E, APP27_B_SET_ID, "xl" },
    { APP27_F, APP27_B_SET_ID, "" },

    { APP27_A, APP27_C_SET_ID, "" },
    { APP27_B, APP27_C_SET_ID, "" },
    { APP27_C, APP27_C_SET_ID, "" },
    { APP27_D, APP27_C_SET_ID, "" },
    { APP27_E, APP27_C_SET_ID, "" },
    { APP27_F, APP27_C_SET_ID, "" },

    { APP27_A, APP27_E_SET_ID, "ra" },
    { APP27_B, APP27_E_SET_ID, "" },
    { APP27_C, APP27_E_SET_ID, "" },
    { APP27_D, APP27_E_SET_ID, "" },
    { APP27_E, APP27_E_SET_ID, "rwxatl" },
    { APP27_F, APP27_E_SET_ID, "" }
};

const smack_rules_vector add_app_state = {
    { APP27_A, APP27_A_PUB_ID, "rwxatl" },
    { APP27_B, APP27_A_PUB_ID, "rx" },
    { APP27_C, APP27_A_PUB_ID, "rx" },
    { APP27_D, APP27_A_PUB_ID, "rxl" },
    { APP27_E, APP27_A_PUB_ID, "rwxatl" },
    { APP27_F, APP27_A_PUB_ID, "rwxatl" },

    { APP27_A, APP27_D_PUB_ID, "rx" },
    { APP27_B, APP27_D_PUB_ID, "rx" },
    { APP27_C, APP27_D_PUB_ID, "rx" },
    { APP27_D, APP27_D_PUB_ID, "rwxatl" },
    { APP27_E, APP27_D_PUB_ID, "rwxatl" },
    { APP27_F, APP27_D_PUB_ID, "rwxatl" },

    { APP27_A, APP27_E_PUB_ID, "" },
    { APP27_B, APP27_E_PUB_ID, "" },
    { APP27_C, APP27_E_PUB_ID, "" },
    { APP27_D, APP27_E_PUB_ID, "" },
    { APP27_E, APP27_E_PUB_ID, "" },
    { APP27_F, APP27_E_PUB_ID, "" },

    { APP27_A, APP27_A_GRP_ID, "rwxatl" },
    { APP27_B, APP27_A_GRP_ID, "rwxatl" },
    { APP27_C, APP27_A_GRP_ID, "" },
    { APP27_D, APP27_A_GRP_ID, "ra" },
    { APP27_E, APP27_A_GRP_ID, "" },
    { APP27_F, APP27_A_GRP_ID, "" },

    { APP27_A, APP27_B_GRP_ID, "" },
    { APP27_B, APP27_B_GRP_ID, "rwxatl" },
    { APP27_C, APP27_B_GRP_ID, "rwxatl" },
    { APP27_D, APP27_B_GRP_ID, "ra" },
    { APP27_E, APP27_B_GRP_ID, "" },
    { APP27_F, APP27_B_GRP_ID, "" },

    { APP27_A, APP27_F_GRP_ID, "rwxatl" },
    { APP27_B, APP27_F_GRP_ID, "" },
    { APP27_C, APP27_F_GRP_ID, "" },
    { APP27_D, APP27_F_GRP_ID, "ra" },
    { APP27_E, APP27_F_GRP_ID, "" },
    { APP27_F, APP27_F_GRP_ID, "rwxatl" },

    { APP27_A, APP27_B_SET_ID, "ra" },
    { APP27_B, APP27_B_SET_ID, "rwxatl" },
    { APP27_C, APP27_B_SET_ID, "" },
    { APP27_D, APP27_B_SET_ID, "" },
    { APP27_E, APP27_B_SET_ID, "xl" },
    { APP27_F, APP27_B_SET_ID, "" },

    { APP27_A, APP27_C_SET_ID, "" },
    { APP27_B, APP27_C_SET_ID, "" },
    { APP27_C, APP27_C_SET_ID, "" },
    { APP27_D, APP27_C_SET_ID, "" },
    { APP27_E, APP27_C_SET_ID, "" },
    { APP27_F, APP27_C_SET_ID, "" },

    { APP27_A, APP27_E_SET_ID, "ra" },
    { APP27_B, APP27_E_SET_ID, "" },
    { APP27_C, APP27_E_SET_ID, "" },
    { APP27_D, APP27_E_SET_ID, "" },
    { APP27_E, APP27_E_SET_ID, "rwxatl" },
    { APP27_F, APP27_E_SET_ID, "" }
};

const smack_rules_vector add_dir_state = {
    { APP27_A, APP27_A_PUB_ID, "rwxatl" },
    { APP27_B, APP27_A_PUB_ID, "rx" },
    { APP27_C, APP27_A_PUB_ID, "rx" },
    { APP27_D, APP27_A_PUB_ID, "rxl" },
    { APP27_E, APP27_A_PUB_ID, "rwxatl" },
    { APP27_F, APP27_A_PUB_ID, "rwxatl" },

    { APP27_A, APP27_D_PUB_ID, "rx" },
    { APP27_B, APP27_D_PUB_ID, "rx" },
    { APP27_C, APP27_D_PUB_ID, "rx" },
    { APP27_D, APP27_D_PUB_ID, "rwxatl" },
    { APP27_E, APP27_D_PUB_ID, "rwxatl" },
    { APP27_F, APP27_D_PUB_ID, "rwxatl" },

    { APP27_A, APP27_E_PUB_ID, "rx" },
    { APP27_B, APP27_E_PUB_ID, "rx" },
    { APP27_C, APP27_E_PUB_ID, "rx" },
    { APP27_D, APP27_E_PUB_ID, "rxl" },
    { APP27_E, APP27_E_PUB_ID, "rwxatl" },
    { APP27_F, APP27_E_PUB_ID, "rwxatl" },

    { APP27_A, APP27_A_GRP_ID, "rwxatl" },
    { APP27_B, APP27_A_GRP_ID, "rwxatl" },
    { APP27_C, APP27_A_GRP_ID, "" },
    { APP27_D, APP27_A_GRP_ID, "rwxatl" },
    { APP27_E, APP27_A_GRP_ID, "" },
    { APP27_F, APP27_A_GRP_ID, "" },

    { APP27_A, APP27_B_GRP_ID, "rwxatl" },
    { APP27_B, APP27_B_GRP_ID, "rwxatl" },
    { APP27_C, APP27_B_GRP_ID, "rwxatl" },
    { APP27_D, APP27_B_GRP_ID, "ra" },
    { APP27_E, APP27_B_GRP_ID, "" },
    { APP27_F, APP27_B_GRP_ID, "" },

    { APP27_A, APP27_F_GRP_ID, "" },
    { APP27_B, APP27_F_GRP_ID, "" },
    { APP27_C, APP27_F_GRP_ID, "rwxatl" },
    { APP27_D, APP27_F_GRP_ID, "ra" },
    { APP27_E, APP27_F_GRP_ID, "" },
    { APP27_F, APP27_F_GRP_ID, "" },

    { APP27_A, APP27_B_SET_ID, "ra" },
    { APP27_B, APP27_B_SET_ID, "rwxatl" },
    { APP27_C, APP27_B_SET_ID, "" },
    { APP27_D, APP27_B_SET_ID, "" },
    { APP27_E, APP27_B_SET_ID, "xl" },
    { APP27_F, APP27_B_SET_ID, "" },

    { APP27_A, APP27_C_SET_ID, "ra" },
    { APP27_B, APP27_C_SET_ID, "" },
    { APP27_C, APP27_C_SET_ID, "rwxatl" },
    { APP27_D, APP27_C_SET_ID, "" },
    { APP27_E, APP27_C_SET_ID, "xl" },
    { APP27_F, APP27_C_SET_ID, "" },

    { APP27_A, APP27_E_SET_ID, "ra" },
    { APP27_B, APP27_E_SET_ID, "" },
    { APP27_C, APP27_E_SET_ID, "" },
    { APP27_D, APP27_E_SET_ID, "" },
    { APP27_E, APP27_E_SET_ID, "rwxatl" },
    { APP27_F, APP27_E_SET_ID, "" }
};

const smack_rules_vector rules_2_state = {
    { APP27_A, APP27_A_PUB_ID, "rwxatl" },
    { APP27_B, APP27_A_PUB_ID, "rx" },
    { APP27_C, APP27_A_PUB_ID, "rxlt" },
    { APP27_D, APP27_A_PUB_ID, "rxa" },
    { APP27_E, APP27_A_PUB_ID, "rwxl" },
    { APP27_F, APP27_A_PUB_ID, "" },

    { APP27_A, APP27_D_PUB_ID, "rx" },
    { APP27_B, APP27_D_PUB_ID, "rx" },
    { APP27_C, APP27_D_PUB_ID, "rxlt" },
    { APP27_D, APP27_D_PUB_ID, "rwxatl" },
    { APP27_E, APP27_D_PUB_ID, "rwxl" },
    { APP27_F, APP27_D_PUB_ID, "" },

    { APP27_A, APP27_E_PUB_ID, "" },
    { APP27_B, APP27_E_PUB_ID, "" },
    { APP27_C, APP27_E_PUB_ID, "" },
    { APP27_D, APP27_E_PUB_ID, "" },
    { APP27_E, APP27_E_PUB_ID, "" },
    { APP27_F, APP27_E_PUB_ID, "" },

    { APP27_A, APP27_A_GRP_ID, "rwxatl" },
    { APP27_B, APP27_A_GRP_ID, "rwxatl" },
    { APP27_C, APP27_A_GRP_ID, "" },
    { APP27_D, APP27_A_GRP_ID, "" },
    { APP27_E, APP27_A_GRP_ID, "" },
    { APP27_F, APP27_A_GRP_ID, "" },

    { APP27_A, APP27_B_GRP_ID, "" },
    { APP27_B, APP27_B_GRP_ID, "rwxatl" },
    { APP27_C, APP27_B_GRP_ID, "rwxatl" },
    { APP27_D, APP27_B_GRP_ID, "" },
    { APP27_E, APP27_B_GRP_ID, "" },
    { APP27_F, APP27_B_GRP_ID, "" },

    { APP27_A, APP27_F_GRP_ID, "" },
    { APP27_B, APP27_F_GRP_ID, "" },
    { APP27_C, APP27_F_GRP_ID, "" },
    { APP27_D, APP27_F_GRP_ID, "" },
    { APP27_E, APP27_F_GRP_ID, "" },
    { APP27_F, APP27_F_GRP_ID, "" },

    { APP27_A, APP27_B_SET_ID, "" },
    { APP27_B, APP27_B_SET_ID, "rwxatl" },
    { APP27_C, APP27_B_SET_ID, "" },
    { APP27_D, APP27_B_SET_ID, "" },
    { APP27_E, APP27_B_SET_ID, "" },
    { APP27_F, APP27_B_SET_ID, "" },

    { APP27_A, APP27_C_SET_ID, "" },
    { APP27_B, APP27_C_SET_ID, "" },
    { APP27_C, APP27_C_SET_ID, "" },
    { APP27_D, APP27_C_SET_ID, "" },
    { APP27_E, APP27_C_SET_ID, "" },
    { APP27_F, APP27_C_SET_ID, "" },

    { APP27_A, APP27_E_SET_ID, "" },
    { APP27_B, APP27_E_SET_ID, "" },
    { APP27_C, APP27_E_SET_ID, "" },
    { APP27_D, APP27_E_SET_ID, "" },
    { APP27_E, APP27_E_SET_ID, "rwxatl" },
    { APP27_F, APP27_E_SET_ID, "" }
};

const smack_rules_vector rules_3_state = {
    { APP27_A, APP27_A_PUB_ID, "rwxatl" },
    { APP27_B, APP27_A_PUB_ID, "rx" },
    { APP27_C, APP27_A_PUB_ID, "rx" },
    { APP27_D, APP27_A_PUB_ID, "rx" },
    { APP27_E, APP27_A_PUB_ID, "rx" },
    { APP27_F, APP27_A_PUB_ID, "" },

    { APP27_A, APP27_D_PUB_ID, "rx" },
    { APP27_B, APP27_D_PUB_ID, "rx" },
    { APP27_C, APP27_D_PUB_ID, "rx" },
    { APP27_D, APP27_D_PUB_ID, "rwxatl" },
    { APP27_E, APP27_D_PUB_ID, "rx" },
    { APP27_F, APP27_D_PUB_ID, "" },

    { APP27_A, APP27_E_PUB_ID, "" },
    { APP27_B, APP27_E_PUB_ID, "" },
    { APP27_C, APP27_E_PUB_ID, "" },
    { APP27_D, APP27_E_PUB_ID, "" },
    { APP27_E, APP27_E_PUB_ID, "" },
    { APP27_F, APP27_E_PUB_ID, "" },

    { APP27_A, APP27_A_GRP_ID, "rwxatl" },
    { APP27_B, APP27_A_GRP_ID, "rwxatl" },
    { APP27_C, APP27_A_GRP_ID, "xlt" },
    { APP27_D, APP27_A_GRP_ID, "" },
    { APP27_E, APP27_A_GRP_ID, "rwl" },
    { APP27_F, APP27_A_GRP_ID, "" },

    { APP27_A, APP27_B_GRP_ID, "" },
    { APP27_B, APP27_B_GRP_ID, "rwxatl" },
    { APP27_C, APP27_B_GRP_ID, "rwxatl" },
    { APP27_D, APP27_B_GRP_ID, "" },
    { APP27_E, APP27_B_GRP_ID, "rwl" },
    { APP27_F, APP27_B_GRP_ID, "" },

    { APP27_A, APP27_F_GRP_ID, "" },
    { APP27_B, APP27_F_GRP_ID, "" },
    { APP27_C, APP27_F_GRP_ID, "" },
    { APP27_D, APP27_F_GRP_ID, "" },
    { APP27_E, APP27_F_GRP_ID, "" },
    { APP27_F, APP27_F_GRP_ID, "" },

    { APP27_A, APP27_B_SET_ID, "" },
    { APP27_B, APP27_B_SET_ID, "rwxatl" },
    { APP27_C, APP27_B_SET_ID, "" },
    { APP27_D, APP27_B_SET_ID, "" },
    { APP27_E, APP27_B_SET_ID, "" },
    { APP27_F, APP27_B_SET_ID, "" },

    { APP27_A, APP27_C_SET_ID, "" },
    { APP27_B, APP27_C_SET_ID, "" },
    { APP27_C, APP27_C_SET_ID, "" },
    { APP27_D, APP27_C_SET_ID, "" },
    { APP27_E, APP27_C_SET_ID, "" },
    { APP27_F, APP27_C_SET_ID, "" },

    { APP27_A, APP27_E_SET_ID, "" },
    { APP27_B, APP27_E_SET_ID, "" },
    { APP27_C, APP27_E_SET_ID, "" },
    { APP27_D, APP27_E_SET_ID, "" },
    { APP27_E, APP27_E_SET_ID, "rwxatl" },
    { APP27_F, APP27_E_SET_ID, "" }
};

const smack_rules_vector rules_4_state = {
    { APP27_A, APP27_A_PUB_ID, "rwxatl" },
    { APP27_B, APP27_A_PUB_ID, "rx" },
    { APP27_C, APP27_A_PUB_ID, "rx" },
    { APP27_D, APP27_A_PUB_ID, "rx" },
    { APP27_E, APP27_A_PUB_ID, "rx" },
    { APP27_F, APP27_A_PUB_ID, "" },

    { APP27_A, APP27_D_PUB_ID, "rx" },
    { APP27_B, APP27_D_PUB_ID, "rx" },
    { APP27_C, APP27_D_PUB_ID, "rx" },
    { APP27_D, APP27_D_PUB_ID, "rwxatl" },
    { APP27_E, APP27_D_PUB_ID, "rx" },
    { APP27_F, APP27_D_PUB_ID, "" },

    { APP27_A, APP27_E_PUB_ID, "" },
    { APP27_B, APP27_E_PUB_ID, "" },
    { APP27_C, APP27_E_PUB_ID, "" },
    { APP27_D, APP27_E_PUB_ID, "" },
    { APP27_E, APP27_E_PUB_ID, "" },
    { APP27_F, APP27_E_PUB_ID, "" },

    { APP27_A, APP27_A_GRP_ID, "rwxatl" },
    { APP27_B, APP27_A_GRP_ID, "rwxatl" },
    { APP27_C, APP27_A_GRP_ID, "" },
    { APP27_D, APP27_A_GRP_ID, "" },
    { APP27_E, APP27_A_GRP_ID, "" },
    { APP27_F, APP27_A_GRP_ID, "" },

    { APP27_A, APP27_B_GRP_ID, "" },
    { APP27_B, APP27_B_GRP_ID, "rwxatl" },
    { APP27_C, APP27_B_GRP_ID, "rwxatl" },
    { APP27_D, APP27_B_GRP_ID, "" },
    { APP27_E, APP27_B_GRP_ID, "" },
    { APP27_F, APP27_B_GRP_ID, "" },

    { APP27_A, APP27_F_GRP_ID, "" },
    { APP27_B, APP27_F_GRP_ID, "" },
    { APP27_C, APP27_F_GRP_ID, "" },
    { APP27_D, APP27_F_GRP_ID, "" },
    { APP27_E, APP27_F_GRP_ID, "" },
    { APP27_F, APP27_F_GRP_ID, "" },

    { APP27_A, APP27_B_SET_ID, "" },
    { APP27_B, APP27_B_SET_ID, "rwxatl" },
    { APP27_C, APP27_B_SET_ID, "xlt" },
    { APP27_D, APP27_B_SET_ID, "" },
    { APP27_E, APP27_B_SET_ID, "rwl" },
    { APP27_F, APP27_B_SET_ID, "" },

    { APP27_A, APP27_C_SET_ID, "" },
    { APP27_B, APP27_C_SET_ID, "" },
    { APP27_C, APP27_C_SET_ID, "" },
    { APP27_D, APP27_C_SET_ID, "" },
    { APP27_E, APP27_C_SET_ID, "" },
    { APP27_F, APP27_C_SET_ID, "" },

    { APP27_A, APP27_E_SET_ID, "" },
    { APP27_B, APP27_E_SET_ID, "ra" },
    { APP27_C, APP27_E_SET_ID, "xlt" },
    { APP27_D, APP27_E_SET_ID, "" },
    { APP27_E, APP27_E_SET_ID, "rwxatl" },
    { APP27_F, APP27_E_SET_ID, "" }
};

const std::vector<std::string> directories_27 = { APP27_A_PUB, APP27_D_PUB, APP27_E_PUB,
                                                  APP27_B_SET, APP27_C_SET, APP27_E_SET,
                                                  APP27_A_GRP, APP27_B_GRP, APP27_F_GRP};

void additional_rules_prepare_directories(void)
{
    for (auto dir = directories_27.begin(); dir != directories_27.end(); ++dir) {
        int result = mkdir(dir->c_str(), 0);
        RUNNER_ASSERT_MSG_BT(result == 0 || (result == -1 && errno == EEXIST), "directory = " <<
                             dir->c_str() << "; result = " << result << "; errno  = " << errno <<
                             "; error = " << strerror(errno));
    }
}

void additional_rules_set_initial_state(void)
{
    int result;

    DB_BEGIN
    result = perm_app_install(APP27_A.c_str());
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_A.c_str(), APP27_A_PUB.c_str(), PERM_APP_PATH_PUBLIC);
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_A.c_str(), APP27_A_GRP.c_str(), PERM_APP_PATH_GROUP, "A");
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);

    result = perm_app_install(APP27_B.c_str());
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_B.c_str(), APP27_A_GRP.c_str(), PERM_APP_PATH_GROUP, "A");
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_B.c_str(), APP27_B_GRP.c_str(), PERM_APP_PATH_GROUP, "B");
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_B.c_str(), APP27_B_SET.c_str(), PERM_APP_PATH_SETTINGS);
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);

    result = perm_app_install(APP27_C.c_str());
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_C.c_str(), APP27_B_GRP.c_str(), PERM_APP_PATH_GROUP, "B");
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);

    result = perm_app_install(APP27_D.c_str());
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_D.c_str(), APP27_D_PUB.c_str(), PERM_APP_PATH_PUBLIC);
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);

    result = perm_app_install(APP27_E.c_str());
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_E.c_str(), APP27_E_SET.c_str(), PERM_APP_PATH_SETTINGS);
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);

    DB_END
}

void additional_rules_set_add_app_state(void)
{
    int result;

    DB_BEGIN
    result = perm_app_setup_path(APP27_A.c_str(), APP27_F_GRP.c_str(), PERM_APP_PATH_GROUP, "F");
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);

    result = perm_app_install(APP27_F.c_str());
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_F.c_str(), APP27_F_GRP.c_str(), PERM_APP_PATH_GROUP, "F");
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    DB_END
}

void additional_rules_set_add_dir_state(void)
{
    int result;

    DB_BEGIN
    result = perm_app_setup_path(APP27_E.c_str(), APP27_E_PUB.c_str(), PERM_APP_PATH_PUBLIC);
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);

    result = perm_app_setup_path(APP27_A.c_str(), APP27_B_GRP.c_str(), PERM_APP_PATH_GROUP, "B");
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_C.c_str(), APP27_F_GRP.c_str(), PERM_APP_PATH_GROUP, "F");
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    result = perm_app_setup_path(APP27_D.c_str(), APP27_A_GRP.c_str(), PERM_APP_PATH_GROUP, "A");
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);

    result = perm_app_setup_path(APP27_C.c_str(), APP27_C_SET.c_str(), PERM_APP_PATH_SETTINGS);
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
    DB_END
}

void free_null_term_tab(char** tab)
{
    int i = 0;
    while(tab[i])
        free(tab[i++]);
}

void set_rules_1_state(void)
{
    int result, i = 0;
    const int count = 9;
    char* rules[count] = {};
    std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);

    result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), APP27_A_PUB_ID.c_str(), "rwx");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), APP27_D_PUB_ID.c_str(), "rwxa");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_D.c_str(), "~PUBLIC_PATH~", "rxl");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~PUBLIC_PATH~", "rwxat");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_F.c_str(), "~PUBLIC_PATH~", "rwxatl");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_D.c_str(), "~GROUP_PATH~", "ra");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_A.c_str(), "~SETTINGS_PATH~", "ra");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~SETTINGS_PATH~", "xl");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    rules[i] = NULL;

    DB_BEGIN
    result = perm_add_additional_rules((const char**)rules);
    DB_END

    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
}

void set_rules_2_state(void)
{
    int result, i = 0;
    const int count = 5;
    char* rules[count] = {};
    std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);

    result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), "~PUBLIC_PATH~", "r");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), "~PUBLIC_PATH~", "lt");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_D.c_str(), "~PUBLIC_PATH~", "xa");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~PUBLIC_PATH~", "w");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    rules[i] = NULL;

    DB_BEGIN
    result = perm_add_additional_rules((const char**) rules);
    DB_END

    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
}

void set_rules_3_state(void)
{
    int result, i = 0;
    const int count = 4;
    char* rules[count] = {};
    std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);

    result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), "~GROUP_PATH~", "ra");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), "~GROUP_PATH~", "xlt");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~GROUP_PATH~", "rw");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    rules[i] = NULL;

    DB_BEGIN
    result = perm_add_additional_rules((const char**) rules);
    DB_END

    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
}

void set_rules_4_state(void)
{
    int result, i = 0;
    const int count = 4;
    char* rules[count] = {};
    std::unique_ptr<char*, std::function<void(char**)> > rules_pointer(rules, free_null_term_tab);

    result = asprintf(&rules[i++], "%s %s %s", APP27_B.c_str(), "~SETTINGS_PATH~", "ra");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_C.c_str(), "~SETTINGS_PATH~", "xlt");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    result = asprintf(&rules[i++], "%s %s %s", APP27_E.c_str(), "~SETTINGS_PATH~", "rw");
    RUNNER_ASSERT_MSG_BT(result > 0, "asprintf failed");
    rules[i] = NULL;

    DB_BEGIN
    result = perm_add_additional_rules((const char**) rules);
    DB_END

    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
}

void cleanup_additional_rules_apps(void)
{
    int result;
    const std::vector<std::string> apps = { APP27_A, APP27_B, APP27_C, APP27_D, APP27_E, APP27_F };

    DB_BEGIN
    for (auto a = apps.begin(); a != apps.end(); ++a) {
        result = perm_app_uninstall(a->c_str());
        RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "app = " << a->c_str() <<
                             "; result = " << result);
    }
    DB_END
}

void cleanup_additional_rules_rules(void)
{
    int result;
    const char* empty[] = { NULL };
    DB_BEGIN
    result = perm_add_additional_rules(empty);
    DB_END
    RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "result = " << result);
}

void cleanup_additional_rules_directories(void)
{
    for (auto dir = directories_27.begin(); dir != directories_27.end(); ++dir) {
        int result = rmdir(dir->c_str());
        RUNNER_ASSERT_MSG_BT(result == 0 || (result == -1 && errno == ENOENT),
                             "directory = " << dir->c_str() << "; result = " << result <<
                             "; errno  = " << errno << "; error = " << strerror(errno));
    }
}

void cleanup_additional_rules_all(void)
{
    cleanup_additional_rules_apps();
    cleanup_additional_rules_rules();
    additional_rules_prepare_directories();
}

RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_1_rollback)
{
    UNUSED RestoreAdditionalRulesGuard guard;
    cleanup_additional_rules_all();

    //initial state
    additional_rules_set_initial_state();
    test_smack_rules_vector(initial_state);

    //set state with some public additional rules
    set_rules_1_state();
    test_smack_rules_vector(rules_1_state);

    //rollback to initial state
    cleanup_additional_rules_rules();
    test_smack_rules_vector(initial_state);

    //cleanup
    cleanup_additional_rules_all();
}

RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_2_add_app)
{
    UNUSED RestoreAdditionalRulesGuard guard;
    cleanup_additional_rules_all();

    //initial state
    additional_rules_set_initial_state();
    test_smack_rules_vector(initial_state);

    //set state with some public additional rules
    set_rules_1_state();
    test_smack_rules_vector(rules_1_state);

    //add app F
    additional_rules_set_add_app_state();
    test_smack_rules_vector(add_app_state);

    //cleanup
    cleanup_additional_rules_all();
}

RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_3_add_dir)
{
    UNUSED RestoreAdditionalRulesGuard guard;
    cleanup_additional_rules_all();

    //initial state
    additional_rules_set_initial_state();
    test_smack_rules_vector(initial_state);

    //set state with some public additional rules
    set_rules_1_state();
    test_smack_rules_vector(rules_1_state);

    //add public dir E
    additional_rules_set_add_dir_state();
    test_smack_rules_vector(add_dir_state);

    //cleanup
    cleanup_additional_rules_all();
}

RUNNER_TEST(privilege_control27_perm_add_additional_rules_smack_access_4_update_rules)
{
    UNUSED RestoreAdditionalRulesGuard guard;
    cleanup_additional_rules_all();

    //initial state
    additional_rules_set_initial_state();
    test_smack_rules_vector(initial_state);

    //set state with some additional rules
    set_rules_1_state();
    test_smack_rules_vector(rules_1_state);

    //set state with some public additional rules
    set_rules_2_state();
    test_smack_rules_vector(rules_2_state);

    //set state with some group additional rules
    set_rules_3_state();
    test_smack_rules_vector(rules_3_state);

    //set state with some settings additional rules
    set_rules_4_state();
    test_smack_rules_vector(rules_4_state);

    //cleanup
    cleanup_additional_rules_all();
}