1 #include <dpl/test/test_runner.h>
6 #include <unordered_set>
7 #include <sys/capability.h>
9 #include <sys/socket.h>
11 #include <attr/xattr.h>
12 #include <linux/xattr.h>
17 #include <libprivilege-control_test_common.h>
18 #include <tests_common.h>
20 #include <security-manager.h>
23 #include <sm_request.h>
24 #include <sm_user_request.h>
25 #include <temp_test_user.h>
26 #include <cynara_test_client.h>
27 #include <dbus_access.h>
29 using namespace SecurityManagerTest;
31 DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
33 static const privileges_t SM_ALLOWED_PRIVILEGES = {
34 "security_manager_test_rules2_r",
35 "security_manager_test_rules2_no_r"
38 static const privileges_t SM_DENIED_PRIVILEGES = {
39 "security_manager_test_rules1",
40 "security_manager_test_rules2"
43 static const privileges_t SM_NO_PRIVILEGES = {
46 static const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
48 static const char *const SM_PRIVATE_PATH = "/usr/apps/test_DIR/app_dir";
49 static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro";
50 static const char *const SM_DENIED_PATH = "/usr/apps/test_DIR/non_app_dir";
51 static const char *const SM_PRIVATE_PATH_FOR_USER = "/home/" APP_USER "/test_DIR";
52 static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
54 static void generateAppLabel(const std::string &pkgId, std::string &label)
60 static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
61 const char* correctLabel, bool transmute_test, bool exec_test)
65 char* label = nullptr;
68 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
69 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
70 labelPtr.reset(label);
71 RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
72 result = strcmp(correctLabel, label);
73 RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
74 " (should be '" << correctLabel << "' and is '" << label << "')");
78 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
79 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
80 labelPtr.reset(label);
82 if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
83 RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
84 result = strcmp(correctLabel, label);
85 RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
87 RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
91 result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
92 RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
93 labelPtr.reset(label);
95 if (S_ISDIR(sb->st_mode) && transmute_test == true) {
96 RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
97 RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
98 "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
100 RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
107 static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
108 int /*typeflag*/, struct FTW* /*ftwbuf*/)
110 return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
113 static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
114 int /*typeflag*/, struct FTW* /*ftwbuf*/)
117 return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
120 static void prepare_app_path()
124 result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
125 RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
127 result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
128 RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
130 result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
131 RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
134 static void prepare_app_env()
139 /* TODO: add parameters to this function */
140 static void check_app_path_after_install()
144 result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
145 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
147 result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
148 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
150 result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
151 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
155 static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
156 const privileges_t &allowed_privs, const privileges_t &denied_privs)
159 std::string smackLabel;
160 generateAppLabel(pkg_id, smackLabel);
162 CynaraTestClient ctc;
164 for (auto &priv : allowed_privs) {
165 ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_ALLOWED);
168 for (auto &priv : denied_privs) {
169 ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
173 static void check_app_gids(const char *const app_id, const std::vector<gid_t> &allowed_gids)
176 gid_t main_gid = getgid();
177 std::unordered_set<gid_t> reference_gids(allowed_gids.begin(), allowed_gids.end());
179 // Reset supplementary groups
180 ret = setgroups(0, NULL);
181 RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
183 Api::setProcessGroups(app_id);
185 ret = getgroups(0, nullptr);
186 RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
188 std::vector<gid_t> actual_gids(ret);
189 ret = getgroups(ret, actual_gids.data());
190 RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
192 for (const auto &gid : actual_gids) {
193 RUNNER_ASSERT_MSG(gid == main_gid || reference_gids.count(gid) > 0,
194 "Application shouldn't get access to group " << gid);
195 reference_gids.erase(gid);
198 RUNNER_ASSERT_MSG(reference_gids.empty(), "Application didn't get access to some groups");
201 static void check_app_after_install(const char *const app_id, const char *const pkg_id,
202 const privileges_t &allowed_privs,
203 const privileges_t &denied_privs,
204 const std::vector<std::string> &allowed_groups)
206 TestSecurityManagerDatabase dbtest;
207 dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
208 dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
210 /*Privileges should be granted to all users if root installs app*/
211 check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
213 /* Setup mapping of gids to privileges */
214 /* Do this for each privilege for extra check */
215 for (const auto &privilege : allowed_privs) {
216 dbtest.setup_privilege_groups(privilege, allowed_groups);
219 std::vector<gid_t> allowed_gids;
221 for (const auto &groupName : allowed_groups) {
223 struct group* grp = getgrnam(groupName.c_str());
224 RUNNER_ASSERT_ERRNO_MSG(grp, "Group: " << groupName << " not found");
225 allowed_gids.push_back(grp->gr_gid);
228 check_app_gids(app_id, allowed_gids);
231 static void check_app_after_install(const char *const app_id, const char *const pkg_id)
233 TestSecurityManagerDatabase dbtest;
234 dbtest.test_db_after__app_install(app_id, pkg_id);
237 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
238 const privileges_t &privileges, const bool is_pkg_removed)
240 TestSecurityManagerDatabase dbtest;
241 dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
244 /*Privileges should not be granted anymore to any user*/
245 check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
248 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
249 const bool is_pkg_removed)
251 TestSecurityManagerDatabase dbtest;
252 dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
255 static void install_app(const char *app_id, const char *pkg_id, uid_t uid = 0)
257 InstallRequest request;
258 request.setAppId(app_id);
259 request.setPkgId(pkg_id);
261 Api::install(request);
263 check_app_after_install(app_id, pkg_id);
267 static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed)
269 InstallRequest request;
270 request.setAppId(app_id);
272 Api::uninstall(request);
274 check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
278 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
281 RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall)
283 const char *const sm_app_id = "sm_test_01a_app_id_double";
284 const char *const sm_pkg_id = "sm_test_01a_pkg_id_double";
286 InstallRequest requestInst;
287 requestInst.setAppId(sm_app_id);
288 requestInst.setPkgId(sm_pkg_id);
290 Api::install(requestInst);
291 Api::install(requestInst);
293 /* Check records in the security-manager database */
294 check_app_after_install(sm_app_id, sm_pkg_id);
296 InstallRequest requestUninst;
297 requestUninst.setAppId(sm_app_id);
299 Api::uninstall(requestUninst);
300 Api::uninstall(requestUninst);
302 /* Check records in the security-manager database */
303 check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
307 RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id)
309 const char *const sm_app_id = "sm_test_01b_app";
310 const char *const sm_pkg_id = "sm_test_01b_pkg";
311 const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD";
313 InstallRequest requestInst;
314 requestInst.setAppId(sm_app_id);
315 requestInst.setPkgId(sm_pkg_id);
317 Api::install(requestInst);
319 InstallRequest requestInst2;
320 requestInst2.setAppId(sm_app_id);
321 requestInst2.setPkgId(sm_pkg_id_wrong);
323 Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM);
326 /* Check records in the security-manager database */
327 check_app_after_install(sm_app_id, sm_pkg_id);
329 InstallRequest requestUninst;
330 requestUninst.setAppId(sm_app_id);
332 Api::uninstall(requestUninst);
335 /* Check records in the security-manager database */
336 check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
340 RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored)
342 const char * const sm_app_id = "SM_TEST_01c_APPID";
343 const char * const sm_pkg_id = "SM_TEST_01c_PKGID";
344 const char * const sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong";
346 InstallRequest requestInst;
347 requestInst.setAppId(sm_app_id);
348 requestInst.setPkgId(sm_pkg_id);
350 Api::install(requestInst);
352 /* Check records in the security-manager database */
353 check_app_after_install(sm_app_id, sm_pkg_id);
355 InstallRequest requestUninst;
356 requestUninst.setAppId(sm_app_id);
357 requestUninst.setPkgId(sm_pkg_id_wrong);
359 Api::uninstall(requestUninst);
361 check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
365 RUNNER_TEST(security_manager_02_app_install_uninstall_full)
367 const char *const sm_app_id = "sm_test_02_app_id_full";
368 const char *const sm_pkg_id = "sm_test_02_pkg_id_full";
372 InstallRequest requestInst;
373 requestInst.setAppId(sm_app_id);
374 requestInst.setPkgId(sm_pkg_id);
375 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
376 requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
377 requestInst.addPath(SM_PRIVATE_PATH, SECURITY_MANAGER_PATH_PRIVATE);
378 requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
380 Api::install(requestInst);
382 /* Check records in the security-manager database */
383 check_app_after_install(sm_app_id, sm_pkg_id,
384 SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
386 /* TODO: add parameters to this function */
387 check_app_path_after_install();
389 InstallRequest requestUninst;
390 requestUninst.setAppId(sm_app_id);
392 Api::uninstall(requestUninst);
394 /* Check records in the security-manager database,
395 * all previously allowed privileges should be removed */
396 check_app_after_uninstall(sm_app_id, sm_pkg_id,
397 SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
400 RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
402 const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
403 const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
404 const char *const expected_label = USER_APP_ID;
405 const char *const socketLabel = "not_expected_label";
406 char *label = nullptr;
410 uninstall_app(app_id, pkg_id, true);
411 install_app(app_id, pkg_id);
413 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
414 //Clean up before creating socket
416 int sock = socket(AF_UNIX, SOCK_STREAM, 0);
417 RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
418 SockUniquePtr sockPtr(&sock);
419 //Bind socket to address
420 result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
421 RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
422 //Set socket label to something different than expecedLabel
423 result = fsetxattr(sock, XATTR_NAME_SMACKIPIN, socketLabel,
424 strlen(socketLabel), 0);
425 RUNNER_ASSERT_ERRNO_MSG(result == 0,
426 "Can't set socket label. Result: " << result);
427 result = fsetxattr(sock, XATTR_NAME_SMACKIPOUT, socketLabel,
428 strlen(socketLabel), 0);
429 RUNNER_ASSERT_ERRNO_MSG(result == 0,
430 "Can't set socket label. Result: " << result);
432 Api::setProcessLabel(app_id);
434 char value[SMACK_LABEL_LEN + 1];
436 size = fgetxattr(sock, XATTR_NAME_SMACKIPIN, value, sizeof(value));
437 RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
438 result = strcmp(expected_label, value);
439 RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
440 expected_label << " Actual: " << value);
442 size = fgetxattr(sock, XATTR_NAME_SMACKIPOUT, value, sizeof(value));
443 RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
444 result = strcmp(expected_label, value);
445 RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
446 expected_label << " Actual: " << value);
448 result = smack_new_label_from_self(&label);
449 RUNNER_ASSERT_MSG(result >= 0,
450 " Error getting current process label");
451 RUNNER_ASSERT_MSG(label != nullptr,
452 " Process label is not set");
453 labelPtr.reset(label);
455 result = strcmp(expected_label, label);
456 RUNNER_ASSERT_MSG(result == 0,
457 " Process label is incorrect. Expected: \"" << expected_label <<
458 "\" Actual: \"" << label << "\"");
460 uninstall_app(app_id, pkg_id, true);
463 RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
465 const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack";
466 const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack";
468 uninstall_app(app_id, pkg_id, true);
469 install_app(app_id, pkg_id);
471 Api::setProcessLabel(app_id);
473 uninstall_app(app_id, pkg_id, true);
478 static void prepare_request(InstallRequest &request,
479 const char *const app_id,
480 const char *const pkg_id,
481 app_install_path_type pathType,
482 const char *const path,
485 request.setAppId(app_id);
486 request.setPkgId(pkg_id);
487 request.addPath(path, pathType);
494 static struct passwd* get_app_pw()
496 struct passwd *pw = nullptr;
498 while(!(pw = getpwnam(APP_USER))) {
499 RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
505 static void install_and_check(const char *const sm_app_id,
506 const char *const sm_pkg_id,
507 const std::string &user, uid_t uid,
508 const std::string &user_path = SM_PRIVATE_PATH_FOR_USER)
510 InstallRequest requestPublic;
512 //install app for non-root user and try to register public path (should fail)
513 prepare_request(requestPublic, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PUBLIC, user_path.c_str(), uid);
515 Api::install(requestPublic, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
517 InstallRequest requestPrivate;
519 //install app for non-root user
520 //should fail (users may only register folders inside their home)
521 prepare_request(requestPrivate, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid);
523 Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
525 InstallRequest requestPrivateUser;
527 //install app for non-root user
528 //should succeed - this time i register folder inside user's home dir
529 prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, user_path.c_str(), uid);
531 for (auto &privilege : SM_ALLOWED_PRIVILEGES)
532 requestPrivateUser.addPrivilege(privilege.c_str());
534 Api::install(requestPrivateUser);
536 check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
539 RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
542 const char *const sm_app_id = "sm_test_04a_app_id_uid";
543 const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
545 struct passwd *pw = get_app_pw();
546 const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
548 //switch user to non-root
549 result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
550 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
552 install_and_check(sm_app_id, sm_pkg_id, user, 0);
554 //uninstall app as non-root user
555 InstallRequest request;
556 request.setAppId(sm_app_id);
558 Api::uninstall(request);
560 check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
563 RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
566 const char *const sm_app_id = "sm_test_04b_app_id_uid";
567 const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
569 struct passwd *pw = get_app_pw();
570 const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
572 install_and_check(sm_app_id, sm_pkg_id, user, pw->pw_uid);
574 //switch user to non-root - root may not uninstall apps for specified users
575 result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
576 RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
578 //uninstall app as non-root user
579 InstallRequest request;
580 request.setAppId(sm_app_id);
582 Api::uninstall(request);
584 check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
588 RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
591 CapsSetsUniquePtr caps, caps_empty(cap_init());
593 caps.reset(cap_from_text("all=eip"));
594 RUNNER_ASSERT_MSG(caps, "can't convert capabilities from text");
595 result = cap_set_proc(caps.get());
596 RUNNER_ASSERT_MSG(result == 0,
597 "can't set capabilities. Result: " << result);
599 Api::dropProcessPrivileges();
601 caps.reset(cap_get_proc());
602 RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
604 result = cap_compare(caps.get(), caps_empty.get());
605 RUNNER_ASSERT_MSG(result == 0,
606 "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
609 RUNNER_CHILD_TEST(security_manager_06_install_app_offline)
611 const char *const app_id = "sm_test_06_app_id_install_app_offline";
612 const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline";
613 DBusAccess dbusAccess("security-manager.service");
615 uninstall_app(app_id, pkg_id, true);
616 dbusAccess.maskService();
617 dbusAccess.stopService();
619 install_app(app_id, pkg_id);
621 dbusAccess.unmaskService();
622 dbusAccess.startService();
624 uninstall_app(app_id, pkg_id, true);
627 RUNNER_CHILD_TEST(security_manager_07_user_add_app_install)
629 const char *const sm_app_id = "sm_test_07_app_id_user";
630 const char *const sm_pkg_id = "sm_test_07_pkg_id_user";
631 const std::string new_user_name = "sm_test_07_user_name";
632 std::string uid_string;
633 TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
634 uid_string = std::to_string(static_cast<unsigned int>(test_user.getUid()));
636 install_app(sm_app_id, sm_pkg_id, test_user.getUid());
638 check_app_after_install(sm_app_id, sm_pkg_id);
642 check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
644 check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
647 RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove)
649 UserRequest addUserRequest;
651 const char *const sm_app_id = "sm_test_08_app_id_user";
652 const char *const sm_pkg_id = "sm_test_08_pkg_id_user";
653 const char *const new_user_name = "sm_test_08_user_name";
654 std::string uid_string;
657 TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
658 uid_string = std::to_string(static_cast<unsigned int>(test_user.getUid()));
660 addUserRequest.setUid(test_user.getUid());
661 addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
664 Api::addUser(addUserRequest);
666 install_app(sm_app_id, sm_pkg_id, test_user.getUid());
668 check_app_after_install(sm_app_id, sm_pkg_id);
672 UserRequest deleteUserRequest;
673 deleteUserRequest.setUid(test_user.getUid());
675 Api::deleteUser(deleteUserRequest);
677 check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
679 check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
682 RUNNER_CHILD_TEST(security_manager_09_add_user_offline)
684 const char *const app_id = "security_manager_09_add_user_offline_app";
685 const char *const pkg_id = "security_manager_09_add_user_offline_pkg";
686 const std::string username("sm_test_09_user_name");
687 DBusAccess dbusAccess("security-manager.service");
688 dbusAccess.maskService();
689 dbusAccess.stopService();
691 TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
693 install_app(app_id, pkg_id, user.getUid());
695 check_app_after_install(app_id, pkg_id);
697 dbusAccess.unmaskService();
698 dbusAccess.startService();
702 check_app_after_uninstall(app_id, pkg_id, true);
705 int main(int argc, char *argv[])
707 return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);