projects / platform / core / test / security-tests.git / blob
? search:


eac5194e10de4dafe7f5caf555706db55ebba3a7
[platform/core/test/security-tests.git] / tests / security-manager-tests / security_manager_tests.cpp
1 #include <dpl/test/test_runner.h>
2 #include <fcntl.h>
3 #include <stdio.h>
4 #include <memory.h>
5 #include <summary_collector.h>
6 #include <string>
7
8 #include <sys/types.h>
9 #include <sys/stat.h>
10 #include <sys/xattr.h>
11 #include <linux/xattr.h>
12
13 #include <libprivilege-control_test_common.h>
14 #include <tests_common.h>
15
16 #include <security-manager.h>
17 #include <sm_db.h>
18 #include <cynara_test_client.h>
19
20 DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
21
22 static const char *const LABELLED_BINARY_PATH = "/usr/bin/test-app-efl";
23
24 static const char *const SM_APP_ID1 = "sm_test_app_id_double";
25 static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
26
27 static const char *const SM_APP_ID2 = "sm_test_app_id_full";
28 static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
29
30 static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
31 static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
32
33 static const privileges_t SM_ALLOWED_PRIVILEGES = {
34     "security_manager_test_rules2_r",
35     "security_manager_test_rules2_no_r"
36 };
37
38 static const privileges_t SM_DENIED_PRIVILEGES  = {
39     "security_manager_test_rules1",
40     "security_manager_test_rules2"
41 };
42
43 static const privileges_t SM_NO_PRIVILEGES  = {
44 };
45
46 static const char *const XATTR_NAME_TIZENEXEC =  XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
47
48 static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir";
49 static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public";
50 static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
51 static const char *const SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
52 static const char *const SM_PRIVATE_PATH_FOR_USER_5000 = "/home/app/securitytests/test_DIR";
53 static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
54
55
56
57 static bool isLinkToExec(const char *fpath, const struct stat *sb)
58 {
59
60     struct stat buf;
61     char *target;
62     int ret;
63
64     // check if it's a link
65     if ( !S_ISLNK(sb->st_mode))
66         return false;
67
68     target = realpath(fpath, nullptr);
69     RUNNER_ASSERT_ERRNO_MSG(target != 0, "Could not obtain real path from link");
70
71     ret = stat(target, &buf);
72     RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Could not obtain real path's stat from link");
73
74     if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG))
75         return false;
76
77
78     return true;
79 }
80
81 static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
82                               const char* correctLabel, bool transmute_test, bool exec_test)
83 {
84     int result;
85     CStringPtr labelPtr;
86     char* label = nullptr;
87
88     /* ACCESS */
89     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
90     RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
91     labelPtr.reset(label);
92     RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
93     result = strcmp(correctLabel, label);
94     RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
95             " (should be '" << correctLabel << "' and is '" << label << "')");
96
97
98     /* EXEC */
99     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
100     RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
101     labelPtr.reset(label);
102
103     if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
104         RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
105         result = strcmp(correctLabel, label);
106         RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
107     } else
108         RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
109
110
111     /* LINK TO EXEC */
112     if (isLinkToExec(fpath, sb) && exec_test) {
113         char buf[SMACK_LABEL_LEN+1];
114         result = lgetxattr(fpath, XATTR_NAME_TIZENEXEC, buf, sizeof(buf));
115         RUNNER_ASSERT_ERRNO_MSG(result != -1, "Could not get label for the path " << fpath);
116         buf[result]='\0';
117         result = strcmp(correctLabel, buf);
118         RUNNER_ASSERT_MSG(result == 0, "Incorrect TIZEN_EXEC_LABEL attribute"
119                 " on link to executable " << fpath);
120     }
121
122
123
124     /* TRANSMUTE */
125     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
126     RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
127     labelPtr.reset(label);
128
129     if (S_ISDIR(sb->st_mode) && transmute_test == true) {
130         RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
131         RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
132                 "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
133     } else {
134         RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
135     }
136
137     return 0;
138 }
139
140
141 static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
142                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
143 {
144     return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
145 }
146
147 static int nftw_check_sm_labels_app_public_dir(const char *fpath, const struct stat *sb,
148                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
149 {
150
151     return nftw_check_sm_labels_app_dir(fpath, sb, "User", true, false);
152 }
153
154 static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
155                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
156 {
157
158     return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
159 }
160
161 static app_inst_req* do_app_inst_req_new()
162 {
163     int result;
164     app_inst_req *req = nullptr;
165
166     result = security_manager_app_inst_req_new(&req);
167     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
168             "creation of new request failed. Result: " << result);
169     RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory");
170     return req;
171 }
172
173 static void prepare_app_path()
174 {
175     int result;
176
177     result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
178     RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
179
180     result = nftw(SM_PUBLIC_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
181     RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_PATH);
182
183     result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
184     RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
185
186     result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
187     RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
188 }
189
190 static void prepare_app_env()
191 {
192     prepare_app_path();
193 }
194
195 /* TODO: add parameters to this function */
196 static void check_app_path_after_install()
197 {
198     int result;
199
200     result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
201     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
202
203     result = nftw(SM_PUBLIC_PATH, &nftw_check_sm_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
204     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_PATH);
205
206     result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
207     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
208
209     result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
210     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
211 }
212
213
214 static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
215                                   const privileges_t &allowed_privs, const privileges_t &denied_privs)
216 {
217     (void) app_id;
218
219     CynaraTestClient ctc;
220
221     for (auto &priv : allowed_privs) {
222         ctc.check(pkg_id, "", user, priv.c_str(), CYNARA_API_SUCCESS);
223     }
224
225     for (auto &priv : denied_privs) {
226         ctc.check(pkg_id, "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
227     }
228 }
229
230 static void check_app_after_install(const char *const app_id, const char *const pkg_id,
231                                     const privileges_t &allowed_privs,
232                                     const privileges_t &denied_privs)
233 {
234     TestSecurityManagerDatabase dbtest;
235     dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
236     dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
237
238     /*Privileges should be granted to all users if root installs app*/
239     check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
240 }
241
242 static void check_app_after_install(const char *const app_id, const char *const pkg_id)
243 {
244     TestSecurityManagerDatabase dbtest;
245     dbtest.test_db_after__app_install(app_id, pkg_id);
246 }
247
248 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
249                                       const privileges_t &privileges, const bool is_pkg_removed)
250 {
251     TestSecurityManagerDatabase dbtest;
252     dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
253
254
255     /*Privileges should not be granted anymore to any user*/
256     check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
257 }
258
259 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
260                                       const bool is_pkg_removed)
261 {
262     TestSecurityManagerDatabase dbtest;
263     dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
264 }
265
266 static void install_app(const char *app_id, const char *pkg_id)
267 {
268     int result;
269     AppInstReqUniquePtr request;
270     request.reset(do_app_inst_req_new());
271
272     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
273     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
274             "setting app id failed. Result: " << result);
275
276     result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
277     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
278             "setting pkg id failed. Result: " << result);
279
280     result = security_manager_app_install(request.get());
281     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
282             "installing app failed. Result: " << result);
283
284     check_app_after_install(app_id, pkg_id);
285
286 }
287
288 static void uninstall_app(const char *app_id, const char *pkg_id,
289         bool expect_installed, bool expect_pkg_removed)
290 {
291     int result;
292     AppInstReqUniquePtr request;
293     request.reset(do_app_inst_req_new());
294
295     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
296     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
297           "setting app id failed. Result: " << result);
298
299     result = security_manager_app_uninstall(request.get());
300     RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
301           "uninstalling app failed. Result: " << result);
302
303     check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
304 }
305
306
307 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
308
309
310 RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
311 {
312     int result;
313     AppInstReqUniquePtr request;
314
315     request.reset(do_app_inst_req_new());
316
317     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
318     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
319             "setting app id failed. Result: " << result);
320
321     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
322     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
323             "setting pkg id failed. Result: " << result);
324
325     result = security_manager_app_install(request.get());
326     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
327             "installing app failed. Result: " << result);
328
329     result = security_manager_app_install(request.get());
330     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
331             "installing already installed app failed. Result: " << result);
332
333     /* Check records in the security-manager database */
334     check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
335
336     request.reset(do_app_inst_req_new());
337
338     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
339     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
340             "setting app id failed. Result: " << result);
341
342     result = security_manager_app_uninstall(request.get());
343     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
344             "uninstalling app failed. Result: " << result);
345
346     result = security_manager_app_uninstall(request.get());
347     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
348             "uninstalling already uninstalled app failed. Result: " << result);
349
350     /* Check records in the security-manager database */
351     check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
352 }
353
354 RUNNER_TEST(security_manager_02_app_install_uninstall_full)
355 {
356     int result;
357     AppInstReqUniquePtr request;
358
359     prepare_app_env();
360
361     request.reset(do_app_inst_req_new());
362
363     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
364     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
365             "setting app id failed. Result: " << result);
366
367     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
368     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
369             "setting pkg id failed. Result: " << result);
370
371     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
372     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
373             "setting allowed permission failed. Result: " << result);
374     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
375     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
376             "setting allowed permission failed. Result: " << result);
377
378     result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
379                                                     SECURITY_MANAGER_PATH_PRIVATE);
380     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
381             "setting allowed path failed. Result: " << result);
382
383     result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_PATH,
384                                                     SECURITY_MANAGER_PATH_PUBLIC);
385     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
386             "setting allowed path failed. Result: " << result);
387
388     result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
389                                                     SECURITY_MANAGER_PATH_PUBLIC_RO);
390     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
391             "setting allowed path failed. Result: " << result);
392
393     result = security_manager_app_install(request.get());
394     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
395             "installing app failed. Result: " << result);
396
397     /* Check records in the security-manager database */
398     check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
399                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
400
401     /* TODO: add parameters to this function */
402     check_app_path_after_install();
403
404     request.reset(do_app_inst_req_new());
405
406     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
407     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
408             "setting app id failed. Result: " << result);
409
410     result = security_manager_app_uninstall(request.get());
411     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
412             "uninstalling app failed. Result: " << result);
413
414     /* Check records in the security-manager database,
415      * all previously allowed privileges should be removed */
416     check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
417                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
418 }
419
420 RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_binary)
421 {
422     const char *const testBinaryPath    = LABELLED_BINARY_PATH;
423     const char *const expectedLabel     = USER_APP_ID;
424     int result;
425     char *label = nullptr;
426     CStringPtr labelPtr;
427
428     result = security_manager_set_process_label_from_binary(testBinaryPath);
429     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
430             "security_manager_set_process_label_from_binary(" <<
431             testBinaryPath << ") failed. Result: " << result);
432
433     result = smack_new_label_from_self(&label);
434     RUNNER_ASSERT_MSG(result >= 0,
435             " Error getting current process label");
436     RUNNER_ASSERT_MSG(label != nullptr,
437             " Process label is not set");
438     labelPtr.reset(label);
439
440     result = strcmp(expectedLabel, label);
441     RUNNER_ASSERT_MSG(result == 0,
442             " Process label is incorrect. Expected: \"" << expectedLabel << "\" Actual: \""
443             << label << "\"");
444 }
445
446 RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_binary_nosmack)
447 {
448     const char *const testBinaryPath = LABELLED_BINARY_PATH;
449     int result;
450
451     result = security_manager_set_process_label_from_binary(testBinaryPath);
452     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
453             "security_manager_set_process_label_from_binary(" <<
454             testBinaryPath << ") failed. Result: " << result);
455 }
456
457 RUNNER_CHILD_TEST_SMACK(security_manager_04_set_label_from_appid)
458 {
459     const char *const app_id = "sm_test_app_id_set_label_from_appid";
460     const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
461     const char *const expected_label = USER_APP_ID;
462     char *label = nullptr;
463     CStringPtr labelPtr;
464     int result;
465
466     uninstall_app(app_id, pkg_id, false, true);
467     install_app(app_id, pkg_id);
468
469     result = security_manager_set_process_label_from_appid(app_id);
470     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
471             "security_manager_set_process_label_from_appid(" <<
472             app_id << ") failed. Result: " << result);
473
474     result = smack_new_label_from_self(&label);
475     RUNNER_ASSERT_MSG(result >= 0,
476             " Error getting current process label");
477     RUNNER_ASSERT_MSG(label != nullptr,
478             " Process label is not set");
479     labelPtr.reset(label);
480
481     result = strcmp(expected_label, label);
482     RUNNER_ASSERT_MSG(result == 0,
483             " Process label is incorrect. Expected: \"" << expected_label <<
484             "\" Actual: \"" << label << "\"");
485
486     uninstall_app(app_id, pkg_id, true, true);
487 }
488
489 RUNNER_CHILD_TEST_NOSMACK(security_manager_04_set_label_from_appid_nosmack)
490 {
491     const char *const app_id = "sm_test_app_id_set_label_from_appid";
492     const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
493     int result;
494
495     uninstall_app(app_id, pkg_id, false, true);
496     install_app(app_id, pkg_id);
497
498     result = security_manager_set_process_label_from_appid(app_id);
499     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
500             "security_manager_set_process_label_from_appid(" <<
501             app_id << ") failed. Result: " << result);
502
503     uninstall_app(app_id, pkg_id, true, true);
504 }
505
506
507
508 static void prepare_request(AppInstReqUniquePtr &request,
509               const char *const app_id,
510               const char *const pkg_id,
511               app_install_path_type pathType,
512               const char *const path)
513 {
514     int result;
515     request.reset(do_app_inst_req_new());
516
517     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
518     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
519             "setting app id failed. Result: " << result);
520
521     result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
522     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
523             "setting pkg id failed. Result: " << result);
524
525     result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
526     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
527             "setting allowed path failed. Result: " << result);
528 }
529
530
531
532 RUNNER_CHILD_TEST(security_manager_05_app_install_uninstall_by_uid_5000)
533 {
534     int result;
535     AppInstReqUniquePtr request;
536     const std::string user =  std::to_string(static_cast<unsigned int>(APP_UID));
537
538
539     //switch user to non-root
540     result = drop_root_privileges();
541     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
542
543     //install app as non-root user and try to register public path (should fail)
544     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER_5000);
545
546     result = security_manager_app_install(request.get());
547     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
548             "installing app not failed. Result: " << result);
549
550     //install app as non-root user
551     //should fail (non-root users may only register folders inside their home)
552     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
553
554     result = security_manager_app_install(request.get());
555     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
556             "installing app not failed. Result: " << result);
557
558     //install app as non-root user
559     //should succeed - this time i register folder inside user's home dir
560     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER_5000);
561
562     for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
563         result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
564         RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
565             "setting allowed permission failed. Result: " << result);
566     }
567
568     result = security_manager_app_install(request.get());
569     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
570             "installing app failed. Result: " << result);
571
572     check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
573
574     //uninstall app as non-root user
575     request.reset(do_app_inst_req_new());
576
577     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
578     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
579             "setting app id failed. Result: " << result);
580
581     result = security_manager_app_uninstall(request.get());
582     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
583             "uninstalling app failed. Result: " << result);
584
585     check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
586 }
587
588
589 int main(int argc, char *argv[])
590 {
591     SummaryCollector::Register();
592     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
593 }
Domain: Security / Uncategorized;