2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
22 * @brief libprivilege-control test runner
27 #include <dpl/test/test_runner.h>
28 #include <privilege-control.h>
29 #include <libprivilege-control_test_common.h>
30 #include <tests_common.h>
31 #include <sys/smack.h>
33 // ---- Macros and arrays used in stress tests ----
34 #define TEST_OSP_FEATURE_APP_ID "test-osp-feature-app"
35 #define TEST_WGT_FEATURE_APP_ID "test-wgt-feature-app"
36 #define TEST_OSP_FEATURE "OSP_test-feature.osp_rxl"
37 #define TEST_WGT_FEATURE "WGT_test-feature.wgt_rxl"
39 #define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1"
40 // OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also!
41 const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl",
42 "~APP~ " TEST_WGT_FEATURE_APP_ID " rl",
44 const char *TEST_OSP_FEATURE_PRIVS[] = { TEST_OSP_FEATURE, NULL };
45 // WGT Api Feature Test data - rwx access only to WGT app
46 const char *test_wgt_feature_rule_set[] = { "~APP~ " TEST_WGT_FEATURE_APP_ID " rwx",
48 const char *TEST_WGT_FEATURE_PRIVS[] = { TEST_WGT_FEATURE, NULL };
50 rules_t rules_to_test_any_access1 = {
51 { TEST_OSP_FEATURE_APP_ID, APP_ID, "r" },
52 { TEST_OSP_FEATURE_APP_ID, APP_ID, "w" },
53 { TEST_OSP_FEATURE_APP_ID, APP_ID, "x" },
54 { TEST_OSP_FEATURE_APP_ID, APP_ID, "a" },
55 { TEST_OSP_FEATURE_APP_ID, APP_ID, "t" },
56 { TEST_OSP_FEATURE_APP_ID, APP_ID, "l" }
59 rules_t rules_to_test_any_access2 = {
60 { APP_ID, TEST_OSP_FEATURE_APP_ID, "r" },
61 { APP_ID, TEST_OSP_FEATURE_APP_ID, "x" },
62 { APP_ID, TEST_OSP_FEATURE_APP_ID, "l" },
63 { APP_ID, TEST_WGT_FEATURE_APP_ID, "r" },
64 { APP_ID, TEST_WGT_FEATURE_APP_ID, "w" },
65 { APP_ID, TEST_WGT_FEATURE_APP_ID, "x" },
66 { APP_ID, TEST_WGT_FEATURE_APP_ID, "l" }
69 #define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \
78 RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress)
81 * Test - Simulation of 100 installations and uninstallations of one application.
82 * Installed application will have various kind of permissions from api
83 * features and shared folders.
85 void privilege_control22_app_installation_1x100(bool smack)
88 const int expected_smack_result = smack ? 1:-1;
89 std::string shared_dir_auto_label;
91 // Clear any previously created apps, files, labels and permissions
92 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
93 RUNNER_ASSERT_MSG_BT(result == 0,
94 "Unable to clean up Smack labels in: " << TEST_APP_DIR
95 << ". Result: " << result);
97 result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
98 RUNNER_ASSERT_MSG_BT(result == 0,
99 "Unable to clean up Smack labels in: " << TEST_NON_APP_DIR
100 << ". Result: " << result);
104 result = perm_app_revoke_permissions(APP_ID);
105 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
106 "Error in perm_app_revoke_permissions. Result: " << result);
108 result = perm_app_uninstall(APP_ID);
109 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
110 "Error in perm_app_uninstall. Result: " << result);
112 // Install setting app and give it app-setting permissions
113 result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
114 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
115 "Error in perm_app_revoke_permissions. Result: " << result);
116 result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
117 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
118 "Error in perm_app_uninstall. Result: " << result);
119 result = perm_app_install(APP_TEST_SETTINGS_ASP1);
120 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
121 "Error in perm_app_install. Result: " << result);
123 // Register appsettings feature
124 result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, NULL, 0);
125 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
126 " Error while registering api feature. Result: " << result);
128 result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
129 APP_TYPE_OSP, PRIV_APPSETTING, true);
130 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
131 "Error enabling App-Setting permissions. Result: " << result);
133 // Install one additional app (used to check perm to shared directories)
134 result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
135 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
136 "Error in perm_app_revoke_permissions. Result: " << result);
137 result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
138 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
139 "Error in perm_app_uninstall. Result: " << result);
140 result = perm_app_install(TEST_OSP_FEATURE_APP_ID);
141 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
142 "Error in perm_app_install. Result: " << result);
143 const char *test1[] = { NULL };
144 result = perm_app_enable_permissions(TEST_OSP_FEATURE_APP_ID,
145 APP_TYPE_OSP, test1, true);
146 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
147 "Error enabling permissions. Result: " << result);
149 // Register two valid api features
150 result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
151 test_osp_feature_rule_set, NULL, 0);
152 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
153 "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
154 << TEST_OSP_FEATURE << ". Result: " << result);
156 result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
157 test_wgt_feature_rule_set, NULL, 0);
158 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
159 "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
160 << TEST_WGT_FEATURE << ". Result: " << result);
166 for (int i = 0; i < 100; ++i)
171 result = perm_app_install(APP_ID);
172 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
173 "Error in perm_app_install. Loop index: " << i
174 << ". Result: " << result);
176 // Add persistent permissions
177 result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP,
178 TEST_OSP_FEATURE_PRIVS, true);
179 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
180 "Error in perm_app_enable_permissions from OSP Feature. Loop index: "
181 << i << ". Result: " << result);
183 result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT,
184 TEST_WGT_FEATURE_PRIVS, true);
185 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
186 "Error in perm_app_enable_permissions from WGT Feature. Loop index: "
187 << i << ". Result: " << result);
192 switch (i%2) // separate odd and even loop runs
194 case 0: // Shared dirs: APP_PATH_PRIVATE & APP_PATH_PUBLIC_RO
198 // Add app shared dir - APP_PATH_PRIVATE
199 result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
201 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
202 "Error in perm_app_setup_path. Loop index: " << i
203 << ". Result: " << result);
205 // Add app shared dir - APP_PATH_PUBLIC_RO
206 result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
208 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
209 "Error in perm_app_setup_path. Loop index: " << i
210 << ". Result: " << result);
214 // Verify that some previously installed app does not have any access
215 // to APP_ID private label
216 result = check_no_accesses(smack, rules_to_test_any_access1);
217 RUNNER_ASSERT_MSG_BT(result == 1,
218 "Error - other app has access to private label. Loop index: "
221 // Get autogenerated Public RO label
223 result = smack_getlabel(TEST_NON_APP_DIR, &label,
224 SMACK_LABEL_ACCESS );
225 RUNNER_ASSERT_MSG_BT(result == 0,
226 "Cannot get access label from Public RO shared dir. Loop index: "
227 << i << ". Result: " << result);
228 shared_dir_auto_label = label;
231 // Verify that all permissions to public dir have been added
232 // correctly, also to other app
233 result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
235 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
236 "Not all accesses to Public RO dir are granted. Loop index: "
239 result = smack_have_access(TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" );
240 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
241 "Not all accesses to Public RO dir are granted. Loop index: "
246 case 1: // Shared dirs: APP_PATH_APPSETTING_RW & APP_PATH_GROUP_RW
250 // Add app shared dir - APP_PATH_SETTINGS_RW
251 result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
252 APP_PATH_SETTINGS_RW);
253 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
254 "Error in perm_app_setup_path. Loop index: " << i
255 << ". Result: " << result);
257 // Add app shared dir - APP_PATH_GROUP_RW
258 result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
259 APP_PATH_GROUP_RW, APPID_SHARED_DIR);
260 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
261 "Error in perm_app_setup_path. Loop index: " << i
262 << ". Result: " << result);
266 // Get autogenerated App-Setting label
268 result = smack_getlabel(TEST_APP_DIR, &label,
269 SMACK_LABEL_ACCESS );
270 RUNNER_ASSERT_MSG_BT(result == 0,
271 "Cannot get access label from App-Setting shared dir. Loop index: "
272 << i << ". Result: " << result);
273 shared_dir_auto_label = label;
276 // Verify that setting app has rwx permission to app dir
277 // and rx permissions to app
278 result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
279 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
280 "Not all accesses to App-Setting dir are granted. "
281 << APP_ID << " "<< shared_dir_auto_label << " rwxatl "
282 << "Loop index: " << i);
284 result = smack_have_access(APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx");
285 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
286 "Not all accesses to App-Setting dir are granted. "
287 << APP_TEST_SETTINGS_ASP1 << " " << shared_dir_auto_label << " rwx. "
288 << "Loop index: " << i);
290 result = smack_have_access(APP_TEST_SETTINGS_ASP1, APP_ID, "rx");
291 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
292 "Not all accesses to App-Setting dir are granted. "
293 << APP_TEST_SETTINGS_ASP1 << " " << APP_ID << " rx"
294 << "Loop index: " << i);
296 // Verify that all permissions to public dir have been added
297 // correctly, also to other app
298 result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
299 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
300 "Not all accesses to Group RW dir are granted. Loop index: "
307 // check if api-features permissions are added properly
308 result = check_all_accesses(smack,
310 { APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" },
311 { APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } );
312 RUNNER_ASSERT_MSG_BT(result == 1,
313 "Not all permisions from api features added. Loop index: "
316 // revoke permissions
317 result = perm_app_revoke_permissions(APP_ID);
318 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
319 "Error in perm_app_revoke_permissions. Loop index: " << i
320 << ". Result: " << result);
322 // check if api-features permissions are removed properly
323 result = check_no_accesses(smack, rules_to_test_any_access2);
324 RUNNER_ASSERT_MSG_BT(result == 1,
325 "Not all permisions revoked. Loop index: " << i);
327 // remove labels from app folder
328 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
329 RUNNER_ASSERT_MSG_BT(result == 0,
330 "Unable to clean up Smack labels in " << TEST_APP_DIR
331 << " . Loop index: " << i << ". Result: " << result);
332 // remove labels from shared folder
333 result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels,
334 FTW_MAX_FDS, FTW_PHYS);
335 RUNNER_ASSERT_MSG_BT(result == 0,
336 "Unable to clean up Smack labels in " << TEST_NON_APP_DIR
337 << " . Loop index: " << i << ". Result: " << result);
340 result = perm_app_uninstall(APP_ID);
341 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
342 "Error in perm_app_uninstall. Loop index: " << i
343 << ". Result: " << result);
344 } // END Install app loop
348 // Uninstall setting app and additional app
349 result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
350 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
351 "Error in perm_app_uninstall. Result: " << result);
352 result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
353 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
354 "Error in perm_app_uninstall. Result: " << result);
360 * Test - Simulation of 10 installations and uninstallations of set of 10 applications.
361 * Installed applications will have various kind of permissions to each other
362 * from api-features and shared folders.
364 * APP_TEST_SETTINGS_ASP1 ("test-app-settings-asp1") - registered as setting app
367 * test_APP0-4 - receive test_osp_feature_rule_set2
368 * test_APP5-9 - receive test_wgt_feature_rule_set2
370 * During this test there is one directory created for each app for each loop run,
371 * dir name syntax is: /tmp/<app_name>_<i-loop_run>
373 * test_APP0 & test_APP5 register their directories as APP_PATH_PRIVATE
374 * test_APP1, test_APP2 & test_APP6 register their directories as
375 * APP_PATH_GROUP_RW using the same label
376 * APPID_SHARED_DIR = "test_APP_ID_shared_dir"
377 * test_APP3, test_APP7 & test_APP8 register their directories as
379 * test_APP4 & test_APP9 register their directories as
380 * APP_PATH_SETTINGS_RW
382 void privilege_control23_app_installation2_10x10(bool smack)
385 const int expected_smack_result = smack ? 1:-1;
386 const int app_count = 10;
387 std::string shared_dir3_auto_label;
388 std::string shared_dir7_auto_label;
389 std::string shared_dir8_auto_label;
390 std::string setting_dir4_auto_label;
391 std::string setting_dir9_auto_label;
392 char app_ids[app_count][strlen(APP_ID) + 3];
393 char app_dirs[app_count][strlen(APP_ID) + 12];
394 const char *test_osp_feature_rule_set2[] = { "~APP~ " APP_ID "6 r",
395 "~APP~ " APP_ID "7 rxl",
396 "~APP~ " APP_ID "8 rwxal",
397 "~APP~ " APP_ID "9 rwxatl",
399 const char *test_wgt_feature_rule_set2[] = { "~APP~ " APP_ID "1 r",
400 "~APP~ " APP_ID "2 rxl",
401 "~APP~ " APP_ID "3 rwxal",
402 "~APP~ " APP_ID "4 rwxatl",
406 // generate app ids: test_APP0, test_APP1, test_APP2 etc.:
407 for (int i = 0; i < app_count; ++i)
409 result = sprintf(app_ids[i], APP_ID "%d", i);
410 RUNNER_ASSERT_MSG_BT(result > 0, "Cannot generate name for app nr: " << i);
415 // Clear any previously created apps, files, labels and permissions
416 for (int i = 0; i < app_count; ++i)
418 result = perm_app_revoke_permissions(app_ids[i]);
419 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
420 "Error in perm_app_revoke_permissions for app: "
421 << app_ids[i] << ". Result: " << result);
423 result = perm_app_uninstall(app_ids[i]);
424 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
425 "Error in perm_app_uninstall for app: "
426 << app_ids[i] << ". Result: " << result);
429 // Install setting app and give it app-setting permissions
430 result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
431 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
432 "Error in perm_app_revoke_permissions."
433 << " Result: " << result);
434 result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
435 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
436 "Error in perm_app_uninstall."
437 << " Result: " << result);
438 result = perm_app_install(APP_TEST_SETTINGS_ASP1);
439 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
440 "Error in perm_app_install."
441 << " Result: " << result);
443 // Register appsettings feature
444 result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, NULL, 0);
445 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
446 " Error while registering api feature. Result: " << result);
448 result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
449 APP_TYPE_OSP, PRIV_APPSETTING, true);
450 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
451 "Error registering App-Setting permissions."
452 << " Result: " << result);
454 // Register two valid api features
455 result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
456 test_osp_feature_rule_set2, NULL, 0);
457 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
458 "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
459 << TEST_OSP_FEATURE << ". Result: " << result);
461 result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
462 test_wgt_feature_rule_set2, NULL, 0);
463 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
464 "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
465 << TEST_WGT_FEATURE << ". Result: " << result);
471 for (int i = 0; i < 10; ++i)
476 for (int j = 0; j < app_count; ++j)
478 result = perm_app_install(app_ids[j]);
479 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
480 "Error in perm_app_install. App id: "
482 << " Loop index: " << i
483 << ". Result: " << result);
485 // Create 10 directories
486 result = sprintf(app_dirs[j],"/tmp/" APP_ID "%d_%d", j, i);
487 RUNNER_ASSERT_MSG_BT(result > 0,
488 "Cannot generate directory name for app nr: " << j
489 << " Loop index: " << i);
490 result = mkdir(app_dirs[j], S_IRWXU | S_IRGRP | S_IXGRP);
491 RUNNER_ASSERT_MSG_BT(result == 0 || errno == EEXIST,
492 "Cannot create directory: " << app_dirs[j]);
493 result = nftw(app_dirs[j], &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
494 RUNNER_ASSERT_MSG_BT(result == 0,
495 "Unable to clean up Smack labels in: " << app_dirs[j]
496 << ". Result: " << result);
499 // Give permissions from api-features
500 for (int j = 0; j < (app_count/2); ++j)
502 // add persistent api feature permissions
503 result = perm_app_enable_permissions(app_ids[j], APP_TYPE_OSP,
504 TEST_OSP_FEATURE_PRIVS, true);
505 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
506 "Error in perm_app__permissions from OSP Feature. App id: "
507 << app_ids[j] << " Loop index: " << i << ". Result: " << result);
509 result = perm_app_enable_permissions(app_ids[j+5], APP_TYPE_WGT,
510 TEST_WGT_FEATURE_PRIVS, true);
511 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
512 "Error in perm_app_enable_permissions from WGT Feature. App id: "
513 << app_ids[j+5] << " Loop index: " << i << ". Result: " << result);
516 // Add app shared dirs - APP_PATH_PRIVATE (apps 0, 5)
517 result = perm_app_setup_path(app_ids[0], app_dirs[0], APP_PATH_PRIVATE);
518 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
519 "Error in perm_app_setup_path. App id: " << app_ids[0]
520 << " Loop index: " << i << ". Result: " << result);
521 result = perm_app_setup_path(app_ids[5], app_dirs[5], APP_PATH_PRIVATE);
522 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
523 "Error in perm_app_setup_path. App id: " << app_ids[5]
524 << " Loop index: " << i << ". Result: " << result);
526 // Add app shared dir - APP_PATH_GROUP_RW (apps 1, 2, 6)
527 result = perm_app_setup_path(app_ids[1], app_dirs[1],
528 APP_PATH_GROUP_RW, APPID_SHARED_DIR);
529 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
530 "Error in perm_app_setup_path. App id: " << app_ids[1]
531 << " Loop index: " << i << ". Result: " << result);
532 result = perm_app_setup_path(app_ids[2], app_dirs[2],
533 APP_PATH_GROUP_RW, APPID_SHARED_DIR);
534 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
535 "Error in perm_app_setup_path. App id: " << app_ids[2]
536 << " Loop index: " << i << ". Result: " << result);
537 result = perm_app_setup_path(app_ids[6], app_dirs[6],
538 APP_PATH_GROUP_RW, APPID_SHARED_DIR);
539 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
540 "Error in perm_app_setup_path. App id: " << app_ids[6]
541 << " Loop index: " << i << ". Result: " << result);
543 // Add app shared dir - APP_PATH_PUBLIC_RO (apps 3, 7, 8)
544 result = perm_app_setup_path(app_ids[3], app_dirs[3],
546 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
547 "Error in perm_app_setup_path. App id: " << app_ids[1]
548 << " Loop index: " << i << ". Result: " << result);
549 result = perm_app_setup_path(app_ids[7], app_dirs[7],
551 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
552 "Error in perm_app_setup_path. App id: " << app_ids[7]
553 << " Loop index: " << i << ". Result: " << result);
554 result = perm_app_setup_path(app_ids[8], app_dirs[8],
556 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
557 "Error in perm_app_setup_path. App id: " << app_ids[8]
558 << " Loop index: " << i << ". Result: " << result);
560 // Add app shared dir - APP_PATH_SETTINGS_RW (apps ,4, 9)
561 result = perm_app_setup_path(app_ids[4], app_dirs[4],
562 APP_PATH_SETTINGS_RW);
563 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
564 "Error in perm_app_setup_path. App id: " << app_ids[4]
565 << " Loop index: " << i << ". Result: " << result);
566 result = perm_app_setup_path(app_ids[9], app_dirs[9],
567 APP_PATH_SETTINGS_RW);
568 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
569 "Error in perm_app_setup_path. App id: " << app_ids[9]
570 << " Loop index: " << i << ". Result: " << result);
574 // Verify that some previously installed app does not have
575 // any acces to app 0 and app 5 PRIVATE folders
576 for (int j = 0; j < app_count; ++j)
578 // Apps 1-9 should not have any access to app 0
581 result = check_no_accesses(smack,
582 FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0])
584 RUNNER_ASSERT_MSG_BT(result == 1,
585 "Other app (app id: " << app_ids[j] <<
586 ") has access to private label of: " << app_ids[0] <<
587 ". It may not be shared. Loop index: " << i << ".");
590 // Apps 0-4 and 6-9 should not have any access to app 5
593 result = check_no_accesses(smack,
594 FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5])
596 RUNNER_ASSERT_MSG_BT(result == 1,
597 "Other app (app id: " << app_ids[j] <<
598 ") has access to private label of: " << app_ids[5] <<
599 ". It may not be shared. Loop index: " << i << ".");
601 } // End for Verify PRIVATE
603 // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders
604 result = check_all_accesses(smack,
606 { app_ids[1], APPID_SHARED_DIR, "rwxatl" },
607 { app_ids[2], APPID_SHARED_DIR, "rwxatl" },
608 { app_ids[6], APPID_SHARED_DIR, "rwxatl" } } );
609 RUNNER_ASSERT_MSG_BT(result == 1,
610 "Not all accesses to Group RW dir are granted. Loop index: "
613 // Get autogenerated Public_RO labels
615 result = smack_getlabel(app_dirs[3], &label,
616 SMACK_LABEL_ACCESS );
617 RUNNER_ASSERT_MSG_BT(result == 0,
618 "Cannot get access label from Public RO shared dir: " << app_dirs[3]
619 << " . Loop index: " << i << ". Result: " << result);
620 shared_dir3_auto_label = label;
623 result = smack_getlabel(app_dirs[7], &label,
624 SMACK_LABEL_ACCESS );
625 RUNNER_ASSERT_MSG_BT(result == 0,
626 "Cannot get access label from Public RO shared dir: " << app_dirs[7]
627 << " . Loop index: " << i << ". Result: " << result);
628 shared_dir7_auto_label = label;
631 result = smack_getlabel(app_dirs[8], &label,
632 SMACK_LABEL_ACCESS );
633 RUNNER_ASSERT_MSG_BT(result == 0,
634 "Cannot get access label from Public RO shared dir: " << app_dirs[8]
635 << " . Loop index: " << i << ". Result: " << result);
636 shared_dir8_auto_label = label;
639 // Verify that all apps have ro permissions to public folders of apps 3, 7 and 8
640 // Also apps 3, 7 and 8 should have all permisisons to their own PUBLIC_RO dirs
641 for (int j = 0; j < app_count; ++j)
645 result = check_all_accesses(smack,
647 { app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } );
648 RUNNER_ASSERT_MSG_BT(result == 1,
649 "Not all accesses to owned Public RO dir are granted. App id: "
650 << app_ids[j] << " Loop index: " << i);
651 // Verify that there are no extra permissions to public dirs
652 result = check_no_accesses(smack,
654 { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
655 { app_ids[j], shared_dir7_auto_label.c_str(), "t" },
656 { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
657 { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
658 RUNNER_ASSERT_MSG_BT(result == 1,
659 "Unexpected extra permissions added for app:" << app_ids[j]
660 << ". Loop index: " << i);
664 result = check_all_accesses(smack,
666 { app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } );
667 RUNNER_ASSERT_MSG_BT(result == 1,
668 "Not all accesses to owned Public RO dir are granted. App id: "
669 << app_ids[j] << " Loop index: " << i);
670 // Verify that there are no extra permissions to public dirs
671 result = check_no_accesses(smack,
673 { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
674 { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
675 { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
676 { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
677 RUNNER_ASSERT_MSG_BT(result == 1,
678 "Unexpected extra permissions added for app:" << app_ids[j]
679 << ". Loop index: " << i);
683 result = check_all_accesses(smack,
685 { app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } );
686 RUNNER_ASSERT_MSG_BT(result == 1,
687 "Not all accesses to owned Public RO dir are granted. App id: "
688 << app_ids[j] << " Loop index: " << i);
689 // Verify that there are no extra permissions to other public dirs
690 result = check_no_accesses(smack,
692 { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
693 { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
694 { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
695 { app_ids[j], shared_dir7_auto_label.c_str(), "t" } } );
696 RUNNER_ASSERT_MSG_BT(result == 1,
697 "Unexpected extra permissions added for app:" << app_ids[j]
698 << ". Loop index: " << i);
701 result = check_all_accesses(smack,
703 { app_ids[j], shared_dir3_auto_label.c_str(), "rx" },
704 { app_ids[j], shared_dir7_auto_label.c_str(), "rx" },
705 { app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } );
706 RUNNER_ASSERT_MSG_BT(result == 1,
707 "Not all accesses to Public RO dirs are granted. App id: "
708 << app_ids[j] << ". Loop index: " << i);
709 } // End for Verify PUBLIC_RO
711 // Get autogenerated SETTING_RW labels
712 result = smack_getlabel(app_dirs[4], &label,
713 SMACK_LABEL_ACCESS );
714 RUNNER_ASSERT_MSG_BT(result == 0,
715 "Cannot get access label from App-Setting shared dir: "
716 << app_dirs[4] << " . Loop index: " << i
717 << ". Result: " << result);
718 setting_dir4_auto_label = label;
721 result = smack_getlabel(app_dirs[9], &label,
722 SMACK_LABEL_ACCESS );
723 RUNNER_ASSERT_MSG_BT(result == 0,
724 "Cannot get access label from App-Setting shared dir: "
725 << app_dirs[9] << " . Loop index: " << i
726 << ". Result: " << result);
727 setting_dir9_auto_label = label;
730 // Verify that setting app has rwx permission to app-settings dirs and rx to apps
731 result = smack_have_access(app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl");
732 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
733 "Not all accesses to App-Setting dir are granted."
734 << app_ids[4] << " " << setting_dir4_auto_label
735 << " Loop index: " << i);
736 result = smack_have_access(app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl");
737 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
738 "Not all accesses to App-Setting dir are granted."
739 << app_ids[9] << " " << setting_dir9_auto_label
740 << " Loop index: " << i);
741 result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[4], "rx");
742 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
743 "Not all accesses to App-Setting dir are granted."
744 << APP_TEST_SETTINGS_ASP1 << " " << app_ids[4]
745 << " Loop index: " << i);
746 result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[9], "rx");
747 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
748 "Not all accesses to App-Setting dir are granted."
749 << APP_TEST_SETTINGS_ASP1 << " " << app_ids[9]
750 << " Loop index: " << i);
751 result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx");
752 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
753 "Not all accesses to App-Setting dir are granted."
754 << APP_TEST_SETTINGS_ASP1 << " " << setting_dir4_auto_label
755 << " Loop index: " << i);
756 result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx");
757 RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
758 "Not all accesses to App-Setting dir are granted."
759 << APP_TEST_SETTINGS_ASP1 << " " << setting_dir9_auto_label
760 << " Loop index: " << i);
764 // Check if api-features permissions are added properly
765 for (int j = 0; j < 5; ++j)
767 result = check_all_accesses(smack,
769 { app_ids[j], app_ids[6], "r" },
770 { app_ids[j], app_ids[7], "rxl" },
771 { app_ids[j], app_ids[8], "rwxal" },
772 { app_ids[j], app_ids[9], "rwxatl" } } );
773 RUNNER_ASSERT_MSG_BT(result == 1,
774 "Not all permisions from api features added for app id: "
775 << app_ids[j] << ". Loop index: " << i);
778 for (int j = 5; j < app_count; ++j)
780 result = check_all_accesses(smack,
782 { app_ids[j], app_ids[1], "r" },
783 { app_ids[j], app_ids[2], "rxl" },
784 { app_ids[j], app_ids[3], "rwxal" },
785 { app_ids[j], app_ids[4], "rwxatl" } } );
786 RUNNER_ASSERT_MSG_BT(result == 1,
787 "Not all permisions from api features added for app id: "
788 << app_ids[j] << ". Loop index: " << i);
793 // Revoke permissions
794 for (int j = 0; j < app_count; ++j)
796 result = perm_app_revoke_permissions(app_ids[j]);
797 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
798 "Error in perm_app_revoke_permissions. App id: "
799 << app_ids[j] << " Loop index: " << i
800 << ". Result: " << result);
805 // Check if permissions are removed properly
806 for (int j = 0; j < app_count; ++j)
809 for (int k = 0; k < app_count; ++k)
812 result = check_no_accesses(smack,
813 FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k])
815 RUNNER_ASSERT_MSG_BT(result == 1,
816 "Not all permisions revoked. Subject: " << app_ids[j]
817 << " Object: " << app_ids[k] << " Loop index: " << i);
823 // Remove labels from folders and uninstall all apps
824 for (int j = 0; j < app_count; ++j)
826 result = nftw(app_dirs[j], &nftw_remove_labels,
827 FTW_MAX_FDS, FTW_PHYS); // rm labels from app folder
828 RUNNER_ASSERT_MSG_BT(result == 0,
829 "Unable to clean up Smack labels in: "
830 << app_dirs[j] << " . Loop index: " << i
831 << ". Result: " << result);
833 result = perm_app_uninstall(app_ids[j]);
834 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
835 "Error in perm_app_uninstall for app: "
836 << app_ids[j] << " . Loop index: " << i
837 << ". Result: " << result);
842 // Remove created dirs
843 for (int j = 0; j < app_count; ++j)
845 result = rmdir(app_dirs[j]);
846 RUNNER_ASSERT_MSG_BT(result == 0,
847 "Cannot remove directory: " << app_dirs[j]);
849 } // END Install app loop
851 // Uninstall setting app
852 result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
853 RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
854 "Error in perm_app_uninstall. Result: " << result);
858 RUNNER_TEST_SMACK(privilege_control22_app_installation_1x100_smack)
860 privilege_control22_app_installation_1x100(true);
863 RUNNER_TEST_NOSMACK(privilege_control22_app_installation_1x100_nosmack)
865 privilege_control22_app_installation_1x100(false);
868 RUNNER_TEST_SMACK(privilege_control23_app_installation2_10x10_smack)
870 privilege_control23_app_installation2_10x10(true);
873 RUNNER_TEST_NOSMACK(privilege_control23_app_installation2_10x10_nosmack)
875 privilege_control23_app_installation2_10x10(false);