1 #include <dpl/test/test_runner.h>
5 #include <summary_collector.h>
10 #include <linux/xattr.h>
12 #include <libprivilege-control_test_common.h>
13 #include <tests_common.h>
15 #include <security-manager.h>
18 DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
20 static const char *const LABELLED_BINARY_PATH = "/usr/bin/test-app-efl";
22 static const char *const SM_APP_ID1 = "sm_test_app_id_double";
23 static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
25 static const char *const SM_APP_ID2 = "sm_test_app_id_full";
26 static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
28 static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
29 static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
31 static const privileges_t SM_ALLOWED_PRIVILEGES = {
32 "security_manager_test_rules2_r",
33 "security_manager_test_rules2_no_r"
36 static const privileges_t SM_DENIED_PRIVILEGES = {
37 "security_manager_test_rules1",
38 "security_manager_test_rules2"
41 static const char *const XATTR_NAME_TIZENEXEC = XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
43 static const rules_t SM_ALLOWED_RULES = {
44 { USER_APP_ID, "test_sm_book_8", "r" },
45 { USER_APP_ID, "test_sm_book_9", "w" },
46 { USER_APP_ID, "test_sm_book_10", "x" },
47 { USER_APP_ID, "test_sm_book_11", "rw" },
48 { USER_APP_ID, "test_sm_book_12", "rx" },
49 { USER_APP_ID, "test_sm_book_13", "wx" },
50 { USER_APP_ID, "test_sm_book_14", "rwx" },
51 { USER_APP_ID, "test_sm_book_15", "rwxat" },
52 { "test_sm_subject_8", USER_APP_ID, "r" },
53 { "test_sm_subject_9", USER_APP_ID, "w" },
54 { "test_sm_subject_10", USER_APP_ID, "x" },
55 { "test_sm_subject_11", USER_APP_ID, "rw" },
56 { "test_sm_subject_12", USER_APP_ID, "rx" },
57 { "test_sm_subject_13", USER_APP_ID, "wx" },
58 { "test_sm_subject_14", USER_APP_ID, "rwx" },
59 { "test_sm_subject_15", USER_APP_ID, "rwxat" }
61 static const rules_t SM_DENIED_RULES = {
62 { USER_APP_ID, "test_sm_book_1", "r" },
63 { USER_APP_ID, "test_sm_book_2", "w" },
64 { USER_APP_ID, "test_sm_book_3", "x" },
65 { USER_APP_ID, "test_sm_book_4", "rw" },
66 { USER_APP_ID, "test_sm_book_5", "rx" },
67 { USER_APP_ID, "test_sm_book_6", "wx" },
68 { USER_APP_ID, "test_sm_book_7", "rwx" },
69 { "test_sm_subject_1", USER_APP_ID, "r" },
70 { "test_sm_subject_2", USER_APP_ID, "w" },
71 { "test_sm_subject_3", USER_APP_ID, "x" },
72 { "test_sm_subject_4", USER_APP_ID, "rw" },
73 { "test_sm_subject_5", USER_APP_ID, "rx" },
74 { "test_sm_subject_6", USER_APP_ID, "wx" },
75 { "test_sm_subject_7", USER_APP_ID, "rwx" }
78 static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir";
79 static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public";
80 static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
81 static const char *const SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
82 static const char *const SM_PRIVATE_PATH_FOR_USER_5000 = "/home/app/securitytests/test_DIR";
85 static bool isLinkToExec(const char *fpath, const struct stat *sb)
92 // check if it's a link
93 if ( !S_ISLNK(sb->st_mode))
96 target = realpath(fpath, NULL);
97 RUNNER_ASSERT_MSG_BT(target != 0, "Could not obtain real path from link.");
99 ret = stat(target, &buf);
100 RUNNER_ASSERT_MSG_BT(ret == 0, "Could not obtain real path's stat from link.");
102 if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG))
109 static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
110 const char* correctLabel, bool transmute_test, bool exec_test)
117 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
118 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
119 labelPtr.reset(label);
120 RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set");
121 result = strcmp(correctLabel, label);
122 RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"
123 " (should be '" << correctLabel << "' and is '" << label << "')");
127 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
128 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
129 labelPtr.reset(label);
131 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
132 RUNNER_ASSERT_MSG_BT(label != NULL, "EXEC label on " << fpath << " is not set");
133 result = strcmp(correctLabel, label);
134 RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect EXEC label on executable file " << fpath);
136 RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
140 if (isLinkToExec(fpath, sb) && exec_test) {
141 char buf[SMACK_LABEL_LEN+1];
142 result = lgetxattr(fpath, XATTR_NAME_TIZENEXEC, buf, sizeof(buf));
143 RUNNER_ASSERT_MSG_BT(result != -1, "Could not get label for the path "
144 << fpath << "("<<strerror(errno)<<")");
146 result = strcmp(correctLabel, buf);
147 RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect TIZEN_EXEC_LABEL attribute"
148 " on link to executable " << fpath);
154 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
155 RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
156 labelPtr.reset(label);
158 if (S_ISDIR(sb->st_mode) && transmute_test == true) {
159 RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set at all");
160 RUNNER_ASSERT_MSG_BT(strcmp(label,"TRUE") == 0,
161 "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
163 RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set");
170 static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
171 int /*typeflag*/, struct FTW* /*ftwbuf*/)
173 return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
176 static int nftw_check_sm_labels_app_public_dir(const char *fpath, const struct stat *sb,
177 int /*typeflag*/, struct FTW* /*ftwbuf*/)
180 return nftw_check_sm_labels_app_dir(fpath, sb, "User", true, false);
183 static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
184 int /*typeflag*/, struct FTW* /*ftwbuf*/)
187 return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
190 static app_inst_req* do_app_inst_req_new()
193 app_inst_req *req = NULL;
195 result = security_manager_app_inst_req_new(&req);
196 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
197 "creation of new request failed. Result: " << result);
198 RUNNER_ASSERT_MSG_BT(req != NULL, "creation of new request did not allocate memory");
202 static void prepare_app_path()
206 result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
207 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
209 result = nftw(SM_PUBLIC_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
210 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_PATH);
212 result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
213 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
215 result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
216 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
219 static void prepare_app_env()
224 /* TODO: add parameters to this function */
225 static void check_app_path_after_install()
229 result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
230 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
232 result = nftw(SM_PUBLIC_PATH, &nftw_check_sm_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
233 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_PATH);
235 result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
236 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
238 result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
239 RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
242 static void check_app_permissions(const char *const app_id, const char *const pkg_id,
243 const privileges_t &allowed_privs, const privileges_t &denied_privs,
244 const rules_t &allowed_rules, const rules_t &denied_rules)
248 result = check_all_accesses(smack_check(), allowed_rules);
249 RUNNER_ASSERT_MSG_BT(result, "Permissions not added.");
250 result = check_no_accesses(smack_check(), denied_rules);
251 RUNNER_ASSERT_MSG_BT(result, "Permissions added.");
253 /* TODO: USER_APP_ID is hardcoded in the following checks, because libprivilege always generate
254 * label "User" for all installed apps. Adjust it when libprivilege is upgraded. */
255 (void)app_id; // unused parameter
256 (void)pkg_id; // unused parameter
258 for (auto it = allowed_privs.begin(); it != allowed_privs.end(); ++it)
259 check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), true);
261 for (auto it = denied_privs.begin(); it != denied_privs.end(); ++it)
262 check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), false);
265 static void check_app_after_install(const char *const app_id, const char *const pkg_id,
266 const privileges_t &allowed_privs, const privileges_t &denied_privs,
267 const rules_t &allowed_rules, const rules_t &denied_rules)
269 TestSecurityManagerDatabase dbtest;
270 dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
271 dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
273 check_app_permissions(app_id, pkg_id,
274 allowed_privs, denied_privs,
275 allowed_rules, denied_rules);
278 static void check_app_after_install(const char *const app_id, const char *const pkg_id)
280 TestSecurityManagerDatabase dbtest;
281 dbtest.test_db_after__app_install(app_id, pkg_id);
284 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
285 const privileges_t &privileges, const bool is_pkg_removed)
287 TestSecurityManagerDatabase dbtest;
288 dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
291 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
292 const bool is_pkg_removed)
294 TestSecurityManagerDatabase dbtest;
295 dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
298 static void install_app(const char *app_id, const char *pkg_id)
301 AppInstReqUniquePtr request;
302 request.reset(do_app_inst_req_new());
304 result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
305 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
306 "setting app id failed. Result: " << result);
308 result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
309 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
310 "setting pkg id failed. Result: " << result);
312 result = security_manager_app_install(request.get());
313 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
314 "installing app failed. Result: " << result);
316 check_app_after_install(app_id, pkg_id);
320 static void uninstall_app(const char *app_id, const char *pkg_id,
321 bool expect_installed, bool expect_pkg_removed)
324 AppInstReqUniquePtr request;
325 request.reset(do_app_inst_req_new());
327 result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
328 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
329 "setting app id failed. Result: " << result);
331 result = security_manager_app_uninstall(request.get());
332 RUNNER_ASSERT_MSG_BT(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
333 "uninstalling app failed. Result: " << result);
335 check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
339 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
342 RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
345 AppInstReqUniquePtr request;
347 request.reset(do_app_inst_req_new());
349 result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
350 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
351 "setting app id failed. Result: " << result);
353 result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
354 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
355 "setting pkg id failed. Result: " << result);
357 result = security_manager_app_install(request.get());
358 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
359 "installing app failed. Result: " << result);
361 result = security_manager_app_install(request.get());
362 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
363 "installing already installed app failed. Result: " << result);
365 /* Check records in the security-manager database */
366 check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
368 request.reset(do_app_inst_req_new());
370 result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
371 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
372 "setting app id failed. Result: " << result);
374 result = security_manager_app_uninstall(request.get());
375 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
376 "uninstalling app failed. Result: " << result);
378 result = security_manager_app_uninstall(request.get());
379 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
380 "uninstalling already uninstalled app failed. Result: " << result);
382 /* Check records in the security-manager database */
383 check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
386 RUNNER_TEST(security_manager_02_app_install_uninstall_full)
389 AppInstReqUniquePtr request;
393 request.reset(do_app_inst_req_new());
395 result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
396 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
397 "setting app id failed. Result: " << result);
399 result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
400 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
401 "setting pkg id failed. Result: " << result);
403 result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
404 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
405 "setting allowed permission failed. Result: " << result);
406 result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
407 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
408 "setting allowed permission failed. Result: " << result);
410 result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
411 SECURITY_MANAGER_PATH_PRIVATE);
412 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
413 "setting allowed path failed. Result: " << result);
415 result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_PATH,
416 SECURITY_MANAGER_PATH_PUBLIC);
417 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
418 "setting allowed path failed. Result: " << result);
420 result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
421 SECURITY_MANAGER_PATH_PUBLIC_RO);
422 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
423 "setting allowed path failed. Result: " << result);
425 result = security_manager_app_install(request.get());
426 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
427 "installing app failed. Result: " << result);
429 /* Check records in the security-manager database */
430 check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
431 SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES,
432 SM_ALLOWED_RULES, SM_DENIED_RULES);
434 /* TODO: add parameters to this function */
435 check_app_path_after_install();
437 request.reset(do_app_inst_req_new());
439 result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
440 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
441 "setting app id failed. Result: " << result);
443 result = security_manager_app_uninstall(request.get());
444 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
445 "uninstalling app failed. Result: " << result);
447 /* Check records in the security-manager database,
448 * all previously allowed privileges should be removed */
449 check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
450 SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
453 RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_binary)
455 const char *const testBinaryPath = LABELLED_BINARY_PATH;
456 const char *const expectedLabel = USER_APP_ID;
461 result = security_manager_set_process_label_from_binary(testBinaryPath);
462 RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
463 "security_manager_set_process_label_from_binary(" <<
464 testBinaryPath << ") failed. Result: " << result);
466 result = smack_new_label_from_self(&label);
467 RUNNER_ASSERT_MSG_BT(result >= 0,
468 " Error getting current process label");
469 RUNNER_ASSERT_MSG_BT(label != NULL,
470 " Process label is not set");
471 labelPtr.reset(label);
473 result = strcmp(expectedLabel, label);
474 RUNNER_ASSERT_MSG_BT(result == 0,
475 " Process label is incorrect. Expected: \"" << expectedLabel << "\" Actual: \""
479 RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_binary_nosmack)
481 const char *const testBinaryPath = LABELLED_BINARY_PATH;
484 result = security_manager_set_process_label_from_binary(testBinaryPath);
485 RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
486 "security_manager_set_process_label_from_binary(" <<
487 testBinaryPath << ") failed. Result: " << result);
490 RUNNER_CHILD_TEST_SMACK(security_manager_04_set_label_from_appid)
492 const char *const app_id = "sm_test_app_id_set_label_from_appid";
493 const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
494 const char *const expected_label = USER_APP_ID;
499 uninstall_app(app_id, pkg_id, false, true);
500 install_app(app_id, pkg_id);
502 result = security_manager_set_process_label_from_appid(app_id);
503 RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
504 "security_manager_set_process_label_from_appid(" <<
505 app_id << ") failed. Result: " << result);
507 result = smack_new_label_from_self(&label);
508 RUNNER_ASSERT_MSG_BT(result >= 0,
509 " Error getting current process label");
510 RUNNER_ASSERT_MSG_BT(label != NULL,
511 " Process label is not set");
512 labelPtr.reset(label);
514 result = strcmp(expected_label, label);
515 RUNNER_ASSERT_MSG_BT(result == 0,
516 " Process label is incorrect. Expected: \"" << expected_label <<
517 "\" Actual: \"" << label << "\"");
519 uninstall_app(app_id, pkg_id, true, true);
522 RUNNER_CHILD_TEST_NOSMACK(security_manager_04_set_label_from_appid_nosmack)
524 const char *const app_id = "sm_test_app_id_set_label_from_appid";
525 const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
528 uninstall_app(app_id, pkg_id, false, true);
529 install_app(app_id, pkg_id);
531 result = security_manager_set_process_label_from_appid(app_id);
532 RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
533 "security_manager_set_process_label_from_appid(" <<
534 app_id << ") failed. Result: " << result);
536 uninstall_app(app_id, pkg_id, true, true);
541 static void prepare_request(AppInstReqUniquePtr &request,
542 const char *const app_id,
543 const char *const pkg_id,
544 app_install_path_type pathType,
545 const char *const path)
548 request.reset(do_app_inst_req_new());
550 result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
551 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
552 "setting app id failed. Result: " << result);
554 result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
555 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
556 "setting pkg id failed. Result: " << result);
558 result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
559 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
560 "setting allowed path failed. Result: " << result);
565 RUNNER_CHILD_TEST(security_manager_05_app_install_uninstall_by_uid_5000)
568 AppInstReqUniquePtr request;
571 //switch user to non-root
572 result = drop_root_privileges();
573 RUNNER_ASSERT_MSG_BT(result == 0, "drop_root_privileges failed");
575 //install app as non-root user and try to register public path (should fail)
576 prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER_5000);
578 result = security_manager_app_install(request.get());
579 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
580 "installing app not failed. Result: " << result);
582 //install app as non-root user
583 //should fail (non-root users may only register folders inside their home)
584 prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
586 result = security_manager_app_install(request.get());
587 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
588 "installing app not failed. Result: " << result);
590 //install app as non-root user
591 //should succeed - this time i register folder inside user's home dir
592 prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER_5000);
594 result = security_manager_app_install(request.get());
595 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
596 "installing app failed. Result: " << result);
598 //uninstall app as non-root user
599 request.reset(do_app_inst_req_new());
601 result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
602 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
603 "setting app id failed. Result: " << result);
605 result = security_manager_app_uninstall(request.get());
606 RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
607 "uninstalling app failed. Result: " << result);
611 int main(int argc, char *argv[])
613 SummaryCollector::Register();
614 return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);