projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Adjust security-manager tests
[platform/core/test/security-tests.git] / tests / security-manager-tests / security_manager_tests.cpp
1 #include <dpl/test/test_runner.h>
2 #include <fcntl.h>
3 #include <stdio.h>
4 #include <memory.h>
5 #include <summary_collector.h>
6 #include <string>
7
8 #include <sys/types.h>
9 #include <sys/stat.h>
10 #include <sys/xattr.h>
11 #include <linux/xattr.h>
12
13 #include <libprivilege-control_test_common.h>
14 #include <tests_common.h>
15
16 #include <security-manager.h>
17 #include <sm_db.h>
18 #include <cynara_test_client.h>
19
20 DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
21
22 static const char *const LABELLED_BINARY_PATH = "/usr/bin/test-app-efl";
23
24 static const char *const SM_APP_ID1 = "sm_test_app_id_double";
25 static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
26
27 static const char *const SM_APP_ID2 = "sm_test_app_id_full";
28 static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
29
30 static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
31 static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
32
33 static const privileges_t SM_ALLOWED_PRIVILEGES = {
34     "security_manager_test_rules2_r",
35     "security_manager_test_rules2_no_r"
36 };
37
38 static const privileges_t SM_DENIED_PRIVILEGES  = {
39     "security_manager_test_rules1",
40     "security_manager_test_rules2"
41 };
42
43 static const privileges_t SM_NO_PRIVILEGES  = {
44 };
45
46 static const char *const XATTR_NAME_TIZENEXEC =  XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
47
48 static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir";
49 static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public";
50 static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
51 static const char *const SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
52 static const char *const SM_PRIVATE_PATH_FOR_USER_5000 = "/home/app/securitytests/test_DIR";
53 static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
54
55
56
57 static bool isLinkToExec(const char *fpath, const struct stat *sb)
58 {
59
60     struct stat buf;
61     char *target;
62     int ret;
63
64     // check if it's a link
65     if ( !S_ISLNK(sb->st_mode))
66         return false;
67
68     target = realpath(fpath, NULL);
69     RUNNER_ASSERT_MSG_BT(target != 0, "Could not obtain real path from link.");
70
71     ret = stat(target, &buf);
72     RUNNER_ASSERT_MSG_BT(ret == 0, "Could not obtain real path's stat from link.");
73
74     if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG))
75         return false;
76
77
78     return true;
79 }
80
81 static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
82                               const char* correctLabel, bool transmute_test, bool exec_test)
83 {
84     int result;
85     CStringPtr labelPtr;
86     char* label = NULL;
87
88     /* ACCESS */
89     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
90     RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
91     labelPtr.reset(label);
92     RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set");
93     result = strcmp(correctLabel, label);
94     RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"
95             " (should be '" << correctLabel << "' and is '" << label << "')");
96
97
98     /* EXEC */
99     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
100     RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
101     labelPtr.reset(label);
102
103     if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
104         RUNNER_ASSERT_MSG_BT(label != NULL, "EXEC label on " << fpath << " is not set");
105         result = strcmp(correctLabel, label);
106         RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect EXEC label on executable file " << fpath);
107     } else
108         RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
109
110
111     /* LINK TO EXEC */
112     if (isLinkToExec(fpath, sb) && exec_test) {
113         char buf[SMACK_LABEL_LEN+1];
114         result = lgetxattr(fpath, XATTR_NAME_TIZENEXEC, buf, sizeof(buf));
115         RUNNER_ASSERT_MSG_BT(result != -1, "Could not get label for the path "
116                 << fpath << "("<<strerror(errno)<<")");
117         buf[result]='\0';
118         result = strcmp(correctLabel, buf);
119         RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect TIZEN_EXEC_LABEL attribute"
120                 " on link to executable " << fpath);
121     }
122
123
124
125     /* TRANSMUTE */
126     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
127     RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
128     labelPtr.reset(label);
129
130     if (S_ISDIR(sb->st_mode) && transmute_test == true) {
131         RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set at all");
132         RUNNER_ASSERT_MSG_BT(strcmp(label,"TRUE") == 0,
133                 "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
134     } else {
135         RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set");
136     }
137
138     return 0;
139 }
140
141
142 static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
143                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
144 {
145     return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
146 }
147
148 static int nftw_check_sm_labels_app_public_dir(const char *fpath, const struct stat *sb,
149                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
150 {
151
152     return nftw_check_sm_labels_app_dir(fpath, sb, "User", true, false);
153 }
154
155 static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
156                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
157 {
158
159     return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
160 }
161
162 static app_inst_req* do_app_inst_req_new()
163 {
164     int result;
165     app_inst_req *req = NULL;
166
167     result = security_manager_app_inst_req_new(&req);
168     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
169             "creation of new request failed. Result: " << result);
170     RUNNER_ASSERT_MSG_BT(req != NULL, "creation of new request did not allocate memory");
171     return req;
172 }
173
174 static void prepare_app_path()
175 {
176     int result;
177
178     result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
179     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
180
181     result = nftw(SM_PUBLIC_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
182     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_PATH);
183
184     result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
185     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
186
187     result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
188     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
189 }
190
191 static void prepare_app_env()
192 {
193     prepare_app_path();
194 }
195
196 /* TODO: add parameters to this function */
197 static void check_app_path_after_install()
198 {
199     int result;
200
201     result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
202     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
203
204     result = nftw(SM_PUBLIC_PATH, &nftw_check_sm_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
205     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_PATH);
206
207     result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
208     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
209
210     result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
211     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
212 }
213
214
215 static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
216                                   const privileges_t &allowed_privs, const privileges_t &denied_privs)
217 {
218     (void) app_id;
219
220     CynaraTestClient ctc;
221
222     for (auto &priv : allowed_privs) {
223         ctc.check(pkg_id, "", user, priv.c_str(), CYNARA_API_SUCCESS);
224     }
225
226     for (auto &priv : denied_privs) {
227         ctc.check(pkg_id, "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
228     }
229 }
230
231 static void check_app_after_install(const char *const app_id, const char *const pkg_id,
232                                     const privileges_t &allowed_privs,
233                                     const privileges_t &denied_privs)
234 {
235     TestSecurityManagerDatabase dbtest;
236     dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
237     dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
238
239     /*Privileges should be granted to all users if root installs app*/
240     check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
241 }
242
243 static void check_app_after_install(const char *const app_id, const char *const pkg_id)
244 {
245     TestSecurityManagerDatabase dbtest;
246     dbtest.test_db_after__app_install(app_id, pkg_id);
247 }
248
249 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
250                                       const privileges_t &privileges, const bool is_pkg_removed)
251 {
252     TestSecurityManagerDatabase dbtest;
253     dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
254
255
256     /*Privileges should not be granted anymore to any user*/
257     check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
258 }
259
260 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
261                                       const bool is_pkg_removed)
262 {
263     TestSecurityManagerDatabase dbtest;
264     dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
265 }
266
267 static void install_app(const char *app_id, const char *pkg_id)
268 {
269     int result;
270     AppInstReqUniquePtr request;
271     request.reset(do_app_inst_req_new());
272
273     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
274     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
275             "setting app id failed. Result: " << result);
276
277     result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
278     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
279             "setting pkg id failed. Result: " << result);
280
281     result = security_manager_app_install(request.get());
282     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
283             "installing app failed. Result: " << result);
284
285     check_app_after_install(app_id, pkg_id);
286
287 }
288
289 static void uninstall_app(const char *app_id, const char *pkg_id,
290         bool expect_installed, bool expect_pkg_removed)
291 {
292     int result;
293     AppInstReqUniquePtr request;
294     request.reset(do_app_inst_req_new());
295
296     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
297     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
298           "setting app id failed. Result: " << result);
299
300     result = security_manager_app_uninstall(request.get());
301     RUNNER_ASSERT_MSG_BT(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
302           "uninstalling app failed. Result: " << result);
303
304     check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
305 }
306
307
308 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
309
310
311 RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
312 {
313     int result;
314     AppInstReqUniquePtr request;
315
316     request.reset(do_app_inst_req_new());
317
318     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
319     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
320             "setting app id failed. Result: " << result);
321
322     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
323     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
324             "setting pkg id failed. Result: " << result);
325
326     result = security_manager_app_install(request.get());
327     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
328             "installing app failed. Result: " << result);
329
330     result = security_manager_app_install(request.get());
331     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
332             "installing already installed app failed. Result: " << result);
333
334     /* Check records in the security-manager database */
335     check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
336
337     request.reset(do_app_inst_req_new());
338
339     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
340     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
341             "setting app id failed. Result: " << result);
342
343     result = security_manager_app_uninstall(request.get());
344     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
345             "uninstalling app failed. Result: " << result);
346
347     result = security_manager_app_uninstall(request.get());
348     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
349             "uninstalling already uninstalled app failed. Result: " << result);
350
351     /* Check records in the security-manager database */
352     check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
353 }
354
355 RUNNER_TEST(security_manager_02_app_install_uninstall_full)
356 {
357     int result;
358     AppInstReqUniquePtr request;
359
360     prepare_app_env();
361
362     request.reset(do_app_inst_req_new());
363
364     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
365     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
366             "setting app id failed. Result: " << result);
367
368     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
369     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
370             "setting pkg id failed. Result: " << result);
371
372     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
373     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
374             "setting allowed permission failed. Result: " << result);
375     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
376     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
377             "setting allowed permission failed. Result: " << result);
378
379     result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
380                                                     SECURITY_MANAGER_PATH_PRIVATE);
381     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
382             "setting allowed path failed. Result: " << result);
383
384     result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_PATH,
385                                                     SECURITY_MANAGER_PATH_PUBLIC);
386     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
387             "setting allowed path failed. Result: " << result);
388
389     result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
390                                                     SECURITY_MANAGER_PATH_PUBLIC_RO);
391     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
392             "setting allowed path failed. Result: " << result);
393
394     result = security_manager_app_install(request.get());
395     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
396             "installing app failed. Result: " << result);
397
398     /* Check records in the security-manager database */
399     check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
400                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
401
402     /* TODO: add parameters to this function */
403     check_app_path_after_install();
404
405     request.reset(do_app_inst_req_new());
406
407     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
408     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
409             "setting app id failed. Result: " << result);
410
411     result = security_manager_app_uninstall(request.get());
412     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
413             "uninstalling app failed. Result: " << result);
414
415     /* Check records in the security-manager database,
416      * all previously allowed privileges should be removed */
417     check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
418                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
419 }
420
421 RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_binary)
422 {
423     const char *const testBinaryPath    = LABELLED_BINARY_PATH;
424     const char *const expectedLabel     = USER_APP_ID;
425     int result;
426     char *label = NULL;
427     CStringPtr labelPtr;
428
429     result = security_manager_set_process_label_from_binary(testBinaryPath);
430     RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
431             "security_manager_set_process_label_from_binary(" <<
432             testBinaryPath << ") failed. Result: " << result);
433
434     result = smack_new_label_from_self(&label);
435     RUNNER_ASSERT_MSG_BT(result >= 0,
436             " Error getting current process label");
437     RUNNER_ASSERT_MSG_BT(label != NULL,
438             " Process label is not set");
439     labelPtr.reset(label);
440
441     result = strcmp(expectedLabel, label);
442     RUNNER_ASSERT_MSG_BT(result == 0,
443             " Process label is incorrect. Expected: \"" << expectedLabel << "\" Actual: \""
444             << label << "\"");
445 }
446
447 RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_binary_nosmack)
448 {
449     const char *const testBinaryPath = LABELLED_BINARY_PATH;
450     int result;
451
452     result = security_manager_set_process_label_from_binary(testBinaryPath);
453     RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
454             "security_manager_set_process_label_from_binary(" <<
455             testBinaryPath << ") failed. Result: " << result);
456 }
457
458 RUNNER_CHILD_TEST_SMACK(security_manager_04_set_label_from_appid)
459 {
460     const char *const app_id = "sm_test_app_id_set_label_from_appid";
461     const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
462     const char *const expected_label = USER_APP_ID;
463     char *label = NULL;
464     CStringPtr labelPtr;
465     int result;
466
467     uninstall_app(app_id, pkg_id, false, true);
468     install_app(app_id, pkg_id);
469
470     result = security_manager_set_process_label_from_appid(app_id);
471     RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
472             "security_manager_set_process_label_from_appid(" <<
473             app_id << ") failed. Result: " << result);
474
475     result = smack_new_label_from_self(&label);
476     RUNNER_ASSERT_MSG_BT(result >= 0,
477             " Error getting current process label");
478     RUNNER_ASSERT_MSG_BT(label != NULL,
479             " Process label is not set");
480     labelPtr.reset(label);
481
482     result = strcmp(expected_label, label);
483     RUNNER_ASSERT_MSG_BT(result == 0,
484             " Process label is incorrect. Expected: \"" << expected_label <<
485             "\" Actual: \"" << label << "\"");
486
487     uninstall_app(app_id, pkg_id, true, true);
488 }
489
490 RUNNER_CHILD_TEST_NOSMACK(security_manager_04_set_label_from_appid_nosmack)
491 {
492     const char *const app_id = "sm_test_app_id_set_label_from_appid";
493     const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
494     int result;
495
496     uninstall_app(app_id, pkg_id, false, true);
497     install_app(app_id, pkg_id);
498
499     result = security_manager_set_process_label_from_appid(app_id);
500     RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
501             "security_manager_set_process_label_from_appid(" <<
502             app_id << ") failed. Result: " << result);
503
504     uninstall_app(app_id, pkg_id, true, true);
505 }
506
507
508
509 static void prepare_request(AppInstReqUniquePtr &request,
510               const char *const app_id,
511               const char *const pkg_id,
512               app_install_path_type pathType,
513               const char *const path)
514 {
515     int result;
516     request.reset(do_app_inst_req_new());
517
518     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
519     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
520             "setting app id failed. Result: " << result);
521
522     result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
523     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
524             "setting pkg id failed. Result: " << result);
525
526     result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
527     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
528             "setting allowed path failed. Result: " << result);
529 }
530
531
532
533 RUNNER_CHILD_TEST(security_manager_05_app_install_uninstall_by_uid_5000)
534 {
535     int result;
536     AppInstReqUniquePtr request;
537     const std::string user =  std::to_string(static_cast<unsigned int>(APP_UID));
538
539
540     //switch user to non-root
541     result = drop_root_privileges();
542     RUNNER_ASSERT_MSG_BT(result == 0, "drop_root_privileges failed");
543
544     //install app as non-root user and try to register public path (should fail)
545     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER_5000);
546
547     result = security_manager_app_install(request.get());
548     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
549             "installing app not failed. Result: " << result);
550
551     //install app as non-root user
552     //should fail (non-root users may only register folders inside their home)
553     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
554
555     result = security_manager_app_install(request.get());
556     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
557             "installing app not failed. Result: " << result);
558
559     //install app as non-root user
560     //should succeed - this time i register folder inside user's home dir
561     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER_5000);
562
563     for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
564         result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
565         RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
566             "setting allowed permission failed. Result: " << result);
567     }
568
569     result = security_manager_app_install(request.get());
570     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
571             "installing app failed. Result: " << result);
572
573     check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
574
575     //uninstall app as non-root user
576     request.reset(do_app_inst_req_new());
577
578     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
579     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
580             "setting app id failed. Result: " << result);
581
582     result = security_manager_app_uninstall(request.get());
583     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
584             "uninstalling app failed. Result: " << result);
585
586     check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
587 }
588
589
590 int main(int argc, char *argv[])
591 {
592     SummaryCollector::Register();
593     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
594 }
Domain: Security / Uncategorized;