1 #include <dpl/test/test_runner.h>
5 #include <summary_collector.h>
7 #include <unordered_set>
12 #include <libprivilege-control_test_common.h>
13 #include <tests_common.h>
15 #include <security-manager.h>
17 #include <cynara_test_client.h>
19 DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
21 static const char *const LABELLED_BINARY_PATH = "/usr/bin/test-app-efl";
23 static const char *const SM_APP_ID1 = "sm_test_app_id_double";
24 static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
26 static const char *const SM_APP_ID2 = "sm_test_app_id_full";
27 static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
29 static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
30 static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
32 static const privileges_t SM_ALLOWED_PRIVILEGES = {
33 "security_manager_test_rules2_r",
34 "security_manager_test_rules2_no_r"
37 static const privileges_t SM_DENIED_PRIVILEGES = {
38 "security_manager_test_rules1",
39 "security_manager_test_rules2"
42 static const privileges_t SM_NO_PRIVILEGES = {
45 static const std::vector<gid_t> SM_ALLOWED_GIDS = {6001, 6002};
47 static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir";
48 static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public";
49 static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
50 static const char *const SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
51 static const char *const SM_PRIVATE_PATH_FOR_USER = "/home/" APP_USER "/test_DIR";
52 static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
54 static void generateAppLabel(const std::string &pkgId, std::string &label)
60 static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
61 const char* correctLabel, bool transmute_test, bool exec_test)
65 char* label = nullptr;
68 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
69 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
70 labelPtr.reset(label);
71 RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
72 result = strcmp(correctLabel, label);
73 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
74 " (should be '" << correctLabel << "' and is '" << label << "')");
78 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
79 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
80 labelPtr.reset(label);
82 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
83 RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
84 result = strcmp(correctLabel, label);
85 RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
87 RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
91 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
92 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
93 labelPtr.reset(label);
95 if (S_ISDIR(sb->st_mode) && transmute_test == true) {
96 RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
97 RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
98 "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
100 RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
107 static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
108 int /*typeflag*/, struct FTW* /*ftwbuf*/)
110 return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
113 static int nftw_check_sm_labels_app_public_dir(const char *fpath, const struct stat *sb,
114 int /*typeflag*/, struct FTW* /*ftwbuf*/)
117 return nftw_check_sm_labels_app_dir(fpath, sb, "User", true, false);
120 static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
121 int /*typeflag*/, struct FTW* /*ftwbuf*/)
124 return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
127 static app_inst_req* do_app_inst_req_new()
130 app_inst_req *req = nullptr;
132 result = security_manager_app_inst_req_new(&req);
133 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
134 "creation of new request failed. Result: " << result);
135 RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory");
139 static void prepare_app_path()
143 result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
144 RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
146 result = nftw(SM_PUBLIC_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
147 RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_PATH);
149 result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
150 RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
152 result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
153 RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
156 static void prepare_app_env()
161 /* TODO: add parameters to this function */
162 static void check_app_path_after_install()
166 result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
167 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
169 result = nftw(SM_PUBLIC_PATH, &nftw_check_sm_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
170 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_PATH);
172 result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
173 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
175 result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
176 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
180 static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
181 const privileges_t &allowed_privs, const privileges_t &denied_privs)
184 std::string smackLabel;
185 generateAppLabel(pkg_id, smackLabel);
187 CynaraTestClient ctc;
189 for (auto &priv : allowed_privs) {
190 ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_ALLOWED);
193 for (auto &priv : denied_privs) {
194 ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
198 static void check_app_gids(const char *const app_id, const std::vector<gid_t> &allowed_gids)
201 gid_t main_gid = getgid();
202 std::unordered_set<gid_t> reference_gids(allowed_gids.begin(), allowed_gids.end());
204 // Reset supplementary groups
205 ret = setgroups(0, NULL);
206 RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
208 ret = security_manager_set_process_groups_from_appid(app_id);
209 RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS,
210 "security_manager_set_process_groups_from_appid(" <<
211 app_id << ") failed. Result: " << ret);
213 ret = getgroups(0, nullptr);
214 RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
216 std::vector<gid_t> actual_gids(ret);
217 ret = getgroups(ret, actual_gids.data());
218 RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
220 for (const auto &gid : actual_gids) {
221 RUNNER_ASSERT_MSG(gid == main_gid || reference_gids.count(gid) > 0,
222 "Application shouldn't get access to group " << gid);
223 reference_gids.erase(gid);
226 RUNNER_ASSERT_MSG(reference_gids.empty(), "Application didn't get access to some groups");
229 static void check_app_after_install(const char *const app_id, const char *const pkg_id,
230 const privileges_t &allowed_privs,
231 const privileges_t &denied_privs,
232 const std::vector<gid_t> &allowed_gids)
234 TestSecurityManagerDatabase dbtest;
235 dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
236 dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
238 /*Privileges should be granted to all users if root installs app*/
239 check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
241 /* Setup mapping of gids to privileges */
242 /* Do this for each privilege for extra check */
243 for (const auto &privilege : allowed_privs) {
244 dbtest.setup_privilege_gids(privilege, allowed_gids);
247 check_app_gids(app_id, allowed_gids);
250 static void check_app_after_install(const char *const app_id, const char *const pkg_id)
252 TestSecurityManagerDatabase dbtest;
253 dbtest.test_db_after__app_install(app_id, pkg_id);
256 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
257 const privileges_t &privileges, const bool is_pkg_removed)
259 TestSecurityManagerDatabase dbtest;
260 dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
263 /*Privileges should not be granted anymore to any user*/
264 check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
267 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
268 const bool is_pkg_removed)
270 TestSecurityManagerDatabase dbtest;
271 dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
274 static void install_app(const char *app_id, const char *pkg_id)
277 AppInstReqUniquePtr request;
278 request.reset(do_app_inst_req_new());
280 result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
281 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
282 "setting app id failed. Result: " << result);
284 result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
285 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
286 "setting pkg id failed. Result: " << result);
288 result = security_manager_app_install(request.get());
289 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
290 "installing app failed. Result: " << result);
292 check_app_after_install(app_id, pkg_id);
296 static void uninstall_app(const char *app_id, const char *pkg_id,
297 bool expect_installed, bool expect_pkg_removed)
300 AppInstReqUniquePtr request;
301 request.reset(do_app_inst_req_new());
303 result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
304 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
305 "setting app id failed. Result: " << result);
307 result = security_manager_app_uninstall(request.get());
308 RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
309 "uninstalling app failed. Result: " << result);
311 check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
315 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
318 RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
321 AppInstReqUniquePtr request;
323 request.reset(do_app_inst_req_new());
325 result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
326 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
327 "setting app id failed. Result: " << result);
329 result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
330 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
331 "setting pkg id failed. Result: " << result);
333 result = security_manager_app_install(request.get());
334 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
335 "installing app failed. Result: " << result);
337 result = security_manager_app_install(request.get());
338 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
339 "installing already installed app failed. Result: " << result);
341 /* Check records in the security-manager database */
342 check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
344 request.reset(do_app_inst_req_new());
346 result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
347 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
348 "setting app id failed. Result: " << result);
350 result = security_manager_app_uninstall(request.get());
351 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
352 "uninstalling app failed. Result: " << result);
354 result = security_manager_app_uninstall(request.get());
355 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
356 "uninstalling already uninstalled app failed. Result: " << result);
358 /* Check records in the security-manager database */
359 check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
362 RUNNER_TEST(security_manager_02_app_install_uninstall_full)
365 AppInstReqUniquePtr request;
369 request.reset(do_app_inst_req_new());
371 result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
372 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
373 "setting app id failed. Result: " << result);
375 result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
376 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
377 "setting pkg id failed. Result: " << result);
379 result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
380 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
381 "setting allowed permission failed. Result: " << result);
382 result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
383 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
384 "setting allowed permission failed. Result: " << result);
386 result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
387 SECURITY_MANAGER_PATH_PRIVATE);
388 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
389 "setting allowed path failed. Result: " << result);
391 result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_PATH,
392 SECURITY_MANAGER_PATH_PUBLIC);
393 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
394 "setting allowed path failed. Result: " << result);
396 result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
397 SECURITY_MANAGER_PATH_PUBLIC_RO);
398 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
399 "setting allowed path failed. Result: " << result);
401 result = security_manager_app_install(request.get());
402 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
403 "installing app failed. Result: " << result);
405 /* Check records in the security-manager database */
406 check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
407 SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GIDS);
409 /* TODO: add parameters to this function */
410 check_app_path_after_install();
412 request.reset(do_app_inst_req_new());
414 result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
415 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
416 "setting app id failed. Result: " << result);
418 result = security_manager_app_uninstall(request.get());
419 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
420 "uninstalling app failed. Result: " << result);
422 /* Check records in the security-manager database,
423 * all previously allowed privileges should be removed */
424 check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
425 SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
428 RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_binary)
430 const char *const testBinaryPath = LABELLED_BINARY_PATH;
431 const char *const expectedLabel = USER_APP_ID;
433 char *label = nullptr;
436 result = security_manager_set_process_label_from_binary(testBinaryPath);
437 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
438 "security_manager_set_process_label_from_binary(" <<
439 testBinaryPath << ") failed. Result: " << result);
441 result = smack_new_label_from_self(&label);
442 RUNNER_ASSERT_MSG(result >= 0,
443 " Error getting current process label");
444 RUNNER_ASSERT_MSG(label != nullptr,
445 " Process label is not set");
446 labelPtr.reset(label);
448 result = strcmp(expectedLabel, label);
449 RUNNER_ASSERT_MSG(result == 0,
450 " Process label is incorrect. Expected: \"" << expectedLabel << "\" Actual: \""
454 RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_binary_nosmack)
456 const char *const testBinaryPath = LABELLED_BINARY_PATH;
459 result = security_manager_set_process_label_from_binary(testBinaryPath);
460 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
461 "security_manager_set_process_label_from_binary(" <<
462 testBinaryPath << ") failed. Result: " << result);
465 RUNNER_CHILD_TEST_SMACK(security_manager_04_set_label_from_appid)
467 const char *const app_id = "sm_test_app_id_set_label_from_appid";
468 const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
469 const char *const expected_label = USER_APP_ID;
470 char *label = nullptr;
474 uninstall_app(app_id, pkg_id, false, true);
475 install_app(app_id, pkg_id);
477 result = security_manager_set_process_label_from_appid(app_id);
478 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
479 "security_manager_set_process_label_from_appid(" <<
480 app_id << ") failed. Result: " << result);
482 result = smack_new_label_from_self(&label);
483 RUNNER_ASSERT_MSG(result >= 0,
484 " Error getting current process label");
485 RUNNER_ASSERT_MSG(label != nullptr,
486 " Process label is not set");
487 labelPtr.reset(label);
489 result = strcmp(expected_label, label);
490 RUNNER_ASSERT_MSG(result == 0,
491 " Process label is incorrect. Expected: \"" << expected_label <<
492 "\" Actual: \"" << label << "\"");
494 uninstall_app(app_id, pkg_id, true, true);
497 RUNNER_CHILD_TEST_NOSMACK(security_manager_04_set_label_from_appid_nosmack)
499 const char *const app_id = "sm_test_app_id_set_label_from_appid";
500 const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
503 uninstall_app(app_id, pkg_id, false, true);
504 install_app(app_id, pkg_id);
506 result = security_manager_set_process_label_from_appid(app_id);
507 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
508 "security_manager_set_process_label_from_appid(" <<
509 app_id << ") failed. Result: " << result);
511 uninstall_app(app_id, pkg_id, true, true);
516 static void prepare_request(AppInstReqUniquePtr &request,
517 const char *const app_id,
518 const char *const pkg_id,
519 app_install_path_type pathType,
520 const char *const path)
523 request.reset(do_app_inst_req_new());
525 result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
526 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
527 "setting app id failed. Result: " << result);
529 result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
530 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
531 "setting pkg id failed. Result: " << result);
533 result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
534 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
535 "setting allowed path failed. Result: " << result);
539 static struct passwd* get_app_pw()
541 struct passwd *pw = nullptr;
543 while(!(pw = getpwnam(APP_USER))) {
544 RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
549 RUNNER_CHILD_TEST(security_manager_05_app_install_uninstall_by_app_user)
552 AppInstReqUniquePtr request;
553 struct passwd *pw = get_app_pw();
554 const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
556 //switch user to non-root
557 result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
558 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
560 //install app as non-root user and try to register public path (should fail)
561 prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER);
563 result = security_manager_app_install(request.get());
564 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
565 "installing app not failed. Result: " << result);
567 //install app as non-root user
568 //should fail (non-root users may only register folders inside their home)
569 prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
571 result = security_manager_app_install(request.get());
572 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
573 "installing app not failed. Result: " << result);
575 //install app as non-root user
576 //should succeed - this time i register folder inside user's home dir
577 prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER);
579 for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
580 result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
581 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
582 "setting allowed permission failed. Result: " << result);
585 result = security_manager_app_install(request.get());
586 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
587 "installing app failed. Result: " << result);
589 check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
591 //uninstall app as non-root user
592 request.reset(do_app_inst_req_new());
594 result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
595 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
596 "setting app id failed. Result: " << result);
598 result = security_manager_app_uninstall(request.get());
599 RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
600 "uninstalling app failed. Result: " << result);
602 check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
606 int main(int argc, char *argv[])
608 SummaryCollector::Register();
609 return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);