projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
security-manager: drop testing of obsolete TIZENEXEC label on symlinks
[platform/core/test/security-tests.git] / tests / security-manager-tests / security_manager_tests.cpp
1 #include <dpl/test/test_runner.h>
2 #include <fcntl.h>
3 #include <stdio.h>
4 #include <memory.h>
5 #include <summary_collector.h>
6 #include <string>
7
8 #include <libprivilege-control_test_common.h>
9 #include <tests_common.h>
10
11 #include <security-manager.h>
12 #include <sm_db.h>
13 #include <cynara_test_client.h>
14
15 DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
16
17 static const char *const LABELLED_BINARY_PATH = "/usr/bin/test-app-efl";
18
19 static const char *const SM_APP_ID1 = "sm_test_app_id_double";
20 static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
21
22 static const char *const SM_APP_ID2 = "sm_test_app_id_full";
23 static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
24
25 static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
26 static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
27
28 static const privileges_t SM_ALLOWED_PRIVILEGES = {
29     "security_manager_test_rules2_r",
30     "security_manager_test_rules2_no_r"
31 };
32
33 static const privileges_t SM_DENIED_PRIVILEGES  = {
34     "security_manager_test_rules1",
35     "security_manager_test_rules2"
36 };
37
38 static const privileges_t SM_NO_PRIVILEGES  = {
39 };
40
41 static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir";
42 static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public";
43 static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
44 static const char *const SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
45 static const char *const SM_PRIVATE_PATH_FOR_USER_5000 = "/home/app/securitytests/test_DIR";
46 static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
47
48 static void generateAppLabel(const std::string &pkgId, std::string &label)
49 {
50     (void) pkgId;
51     label = "User";
52 }
53
54 static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
55                               const char* correctLabel, bool transmute_test, bool exec_test)
56 {
57     int result;
58     CStringPtr labelPtr;
59     char* label = nullptr;
60
61     /* ACCESS */
62     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
63     RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
64     labelPtr.reset(label);
65     RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
66     result = strcmp(correctLabel, label);
67     RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
68             " (should be '" << correctLabel << "' and is '" << label << "')");
69
70
71     /* EXEC */
72     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
73     RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
74     labelPtr.reset(label);
75
76     if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
77         RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
78         result = strcmp(correctLabel, label);
79         RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
80     } else
81         RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
82
83
84     /* TRANSMUTE */
85     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
86     RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
87     labelPtr.reset(label);
88
89     if (S_ISDIR(sb->st_mode) && transmute_test == true) {
90         RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
91         RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
92                 "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
93     } else {
94         RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
95     }
96
97     return 0;
98 }
99
100
101 static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
102                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
103 {
104     return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
105 }
106
107 static int nftw_check_sm_labels_app_public_dir(const char *fpath, const struct stat *sb,
108                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
109 {
110
111     return nftw_check_sm_labels_app_dir(fpath, sb, "User", true, false);
112 }
113
114 static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
115                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
116 {
117
118     return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
119 }
120
121 static app_inst_req* do_app_inst_req_new()
122 {
123     int result;
124     app_inst_req *req = nullptr;
125
126     result = security_manager_app_inst_req_new(&req);
127     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
128             "creation of new request failed. Result: " << result);
129     RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory");
130     return req;
131 }
132
133 static void prepare_app_path()
134 {
135     int result;
136
137     result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
138     RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
139
140     result = nftw(SM_PUBLIC_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
141     RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_PATH);
142
143     result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
144     RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
145
146     result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
147     RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
148 }
149
150 static void prepare_app_env()
151 {
152     prepare_app_path();
153 }
154
155 /* TODO: add parameters to this function */
156 static void check_app_path_after_install()
157 {
158     int result;
159
160     result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
161     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
162
163     result = nftw(SM_PUBLIC_PATH, &nftw_check_sm_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
164     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_PATH);
165
166     result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
167     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
168
169     result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
170     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
171 }
172
173
174 static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
175                                   const privileges_t &allowed_privs, const privileges_t &denied_privs)
176 {
177     (void) app_id;
178     std::string smackLabel;
179     generateAppLabel(pkg_id, smackLabel);
180
181     CynaraTestClient ctc;
182
183     for (auto &priv : allowed_privs) {
184         ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_SUCCESS);
185     }
186
187     for (auto &priv : denied_privs) {
188         ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
189     }
190 }
191
192 static void check_app_after_install(const char *const app_id, const char *const pkg_id,
193                                     const privileges_t &allowed_privs,
194                                     const privileges_t &denied_privs)
195 {
196     TestSecurityManagerDatabase dbtest;
197     dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
198     dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
199
200     /*Privileges should be granted to all users if root installs app*/
201     check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
202 }
203
204 static void check_app_after_install(const char *const app_id, const char *const pkg_id)
205 {
206     TestSecurityManagerDatabase dbtest;
207     dbtest.test_db_after__app_install(app_id, pkg_id);
208 }
209
210 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
211                                       const privileges_t &privileges, const bool is_pkg_removed)
212 {
213     TestSecurityManagerDatabase dbtest;
214     dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
215
216
217     /*Privileges should not be granted anymore to any user*/
218     check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
219 }
220
221 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
222                                       const bool is_pkg_removed)
223 {
224     TestSecurityManagerDatabase dbtest;
225     dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
226 }
227
228 static void install_app(const char *app_id, const char *pkg_id)
229 {
230     int result;
231     AppInstReqUniquePtr request;
232     request.reset(do_app_inst_req_new());
233
234     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
235     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
236             "setting app id failed. Result: " << result);
237
238     result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
239     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
240             "setting pkg id failed. Result: " << result);
241
242     result = security_manager_app_install(request.get());
243     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
244             "installing app failed. Result: " << result);
245
246     check_app_after_install(app_id, pkg_id);
247
248 }
249
250 static void uninstall_app(const char *app_id, const char *pkg_id,
251         bool expect_installed, bool expect_pkg_removed)
252 {
253     int result;
254     AppInstReqUniquePtr request;
255     request.reset(do_app_inst_req_new());
256
257     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
258     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
259           "setting app id failed. Result: " << result);
260
261     result = security_manager_app_uninstall(request.get());
262     RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
263           "uninstalling app failed. Result: " << result);
264
265     check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
266 }
267
268
269 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
270
271
272 RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
273 {
274     int result;
275     AppInstReqUniquePtr request;
276
277     request.reset(do_app_inst_req_new());
278
279     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
280     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
281             "setting app id failed. Result: " << result);
282
283     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
284     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
285             "setting pkg id failed. Result: " << result);
286
287     result = security_manager_app_install(request.get());
288     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
289             "installing app failed. Result: " << result);
290
291     result = security_manager_app_install(request.get());
292     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
293             "installing already installed app failed. Result: " << result);
294
295     /* Check records in the security-manager database */
296     check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
297
298     request.reset(do_app_inst_req_new());
299
300     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
301     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
302             "setting app id failed. Result: " << result);
303
304     result = security_manager_app_uninstall(request.get());
305     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
306             "uninstalling app failed. Result: " << result);
307
308     result = security_manager_app_uninstall(request.get());
309     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
310             "uninstalling already uninstalled app failed. Result: " << result);
311
312     /* Check records in the security-manager database */
313     check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
314 }
315
316 RUNNER_TEST(security_manager_02_app_install_uninstall_full)
317 {
318     int result;
319     AppInstReqUniquePtr request;
320
321     prepare_app_env();
322
323     request.reset(do_app_inst_req_new());
324
325     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
326     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
327             "setting app id failed. Result: " << result);
328
329     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
330     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
331             "setting pkg id failed. Result: " << result);
332
333     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
334     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
335             "setting allowed permission failed. Result: " << result);
336     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
337     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
338             "setting allowed permission failed. Result: " << result);
339
340     result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
341                                                     SECURITY_MANAGER_PATH_PRIVATE);
342     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
343             "setting allowed path failed. Result: " << result);
344
345     result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_PATH,
346                                                     SECURITY_MANAGER_PATH_PUBLIC);
347     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
348             "setting allowed path failed. Result: " << result);
349
350     result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
351                                                     SECURITY_MANAGER_PATH_PUBLIC_RO);
352     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
353             "setting allowed path failed. Result: " << result);
354
355     result = security_manager_app_install(request.get());
356     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
357             "installing app failed. Result: " << result);
358
359     /* Check records in the security-manager database */
360     check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
361                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
362
363     /* TODO: add parameters to this function */
364     check_app_path_after_install();
365
366     request.reset(do_app_inst_req_new());
367
368     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
369     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
370             "setting app id failed. Result: " << result);
371
372     result = security_manager_app_uninstall(request.get());
373     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
374             "uninstalling app failed. Result: " << result);
375
376     /* Check records in the security-manager database,
377      * all previously allowed privileges should be removed */
378     check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
379                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
380 }
381
382 RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_binary)
383 {
384     const char *const testBinaryPath    = LABELLED_BINARY_PATH;
385     const char *const expectedLabel     = USER_APP_ID;
386     int result;
387     char *label = nullptr;
388     CStringPtr labelPtr;
389
390     result = security_manager_set_process_label_from_binary(testBinaryPath);
391     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
392             "security_manager_set_process_label_from_binary(" <<
393             testBinaryPath << ") failed. Result: " << result);
394
395     result = smack_new_label_from_self(&label);
396     RUNNER_ASSERT_MSG(result >= 0,
397             " Error getting current process label");
398     RUNNER_ASSERT_MSG(label != nullptr,
399             " Process label is not set");
400     labelPtr.reset(label);
401
402     result = strcmp(expectedLabel, label);
403     RUNNER_ASSERT_MSG(result == 0,
404             " Process label is incorrect. Expected: \"" << expectedLabel << "\" Actual: \""
405             << label << "\"");
406 }
407
408 RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_binary_nosmack)
409 {
410     const char *const testBinaryPath = LABELLED_BINARY_PATH;
411     int result;
412
413     result = security_manager_set_process_label_from_binary(testBinaryPath);
414     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
415             "security_manager_set_process_label_from_binary(" <<
416             testBinaryPath << ") failed. Result: " << result);
417 }
418
419 RUNNER_CHILD_TEST_SMACK(security_manager_04_set_label_from_appid)
420 {
421     const char *const app_id = "sm_test_app_id_set_label_from_appid";
422     const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
423     const char *const expected_label = USER_APP_ID;
424     char *label = nullptr;
425     CStringPtr labelPtr;
426     int result;
427
428     uninstall_app(app_id, pkg_id, false, true);
429     install_app(app_id, pkg_id);
430
431     result = security_manager_set_process_label_from_appid(app_id);
432     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
433             "security_manager_set_process_label_from_appid(" <<
434             app_id << ") failed. Result: " << result);
435
436     result = smack_new_label_from_self(&label);
437     RUNNER_ASSERT_MSG(result >= 0,
438             " Error getting current process label");
439     RUNNER_ASSERT_MSG(label != nullptr,
440             " Process label is not set");
441     labelPtr.reset(label);
442
443     result = strcmp(expected_label, label);
444     RUNNER_ASSERT_MSG(result == 0,
445             " Process label is incorrect. Expected: \"" << expected_label <<
446             "\" Actual: \"" << label << "\"");
447
448     uninstall_app(app_id, pkg_id, true, true);
449 }
450
451 RUNNER_CHILD_TEST_NOSMACK(security_manager_04_set_label_from_appid_nosmack)
452 {
453     const char *const app_id = "sm_test_app_id_set_label_from_appid";
454     const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
455     int result;
456
457     uninstall_app(app_id, pkg_id, false, true);
458     install_app(app_id, pkg_id);
459
460     result = security_manager_set_process_label_from_appid(app_id);
461     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
462             "security_manager_set_process_label_from_appid(" <<
463             app_id << ") failed. Result: " << result);
464
465     uninstall_app(app_id, pkg_id, true, true);
466 }
467
468
469
470 static void prepare_request(AppInstReqUniquePtr &request,
471               const char *const app_id,
472               const char *const pkg_id,
473               app_install_path_type pathType,
474               const char *const path)
475 {
476     int result;
477     request.reset(do_app_inst_req_new());
478
479     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
480     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
481             "setting app id failed. Result: " << result);
482
483     result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
484     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
485             "setting pkg id failed. Result: " << result);
486
487     result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
488     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
489             "setting allowed path failed. Result: " << result);
490 }
491
492
493
494 RUNNER_CHILD_TEST(security_manager_05_app_install_uninstall_by_uid_5000)
495 {
496     int result;
497     AppInstReqUniquePtr request;
498     const std::string user =  std::to_string(static_cast<unsigned int>(APP_UID));
499
500
501     //switch user to non-root
502     result = drop_root_privileges();
503     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
504
505     //install app as non-root user and try to register public path (should fail)
506     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER_5000);
507
508     result = security_manager_app_install(request.get());
509     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
510             "installing app not failed. Result: " << result);
511
512     //install app as non-root user
513     //should fail (non-root users may only register folders inside their home)
514     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
515
516     result = security_manager_app_install(request.get());
517     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
518             "installing app not failed. Result: " << result);
519
520     //install app as non-root user
521     //should succeed - this time i register folder inside user's home dir
522     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER_5000);
523
524     for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
525         result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
526         RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
527             "setting allowed permission failed. Result: " << result);
528     }
529
530     result = security_manager_app_install(request.get());
531     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
532             "installing app failed. Result: " << result);
533
534     check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
535
536     //uninstall app as non-root user
537     request.reset(do_app_inst_req_new());
538
539     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
540     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
541             "setting app id failed. Result: " << result);
542
543     result = security_manager_app_uninstall(request.get());
544     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
545             "uninstalling app failed. Result: " << result);
546
547     check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
548 }
549
550
551 int main(int argc, char *argv[])
552 {
553     SummaryCollector::Register();
554     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
555 }
Domain: Security / Uncategorized;