tests/security-manager-tests/security_manager_tests.cpp

   1 #include <dpl/test/test_runner.h>
   2 #include <fcntl.h>
   3 #include <stdio.h>
   4 #include <memory.h>
   5 #include <summary_collector.h>
   6
   7 #include <sys/types.h>
   8 #include <sys/stat.h>
   9 #include <sys/xattr.h>
  10 #include <linux/xattr.h>
  11
  12 #include <libprivilege-control_test_common.h>
  13 #include <tests_common.h>
  14
  15 #include <security-manager.h>
  16 #include <sm_db.h>
  17
  18 DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
  19
  20 static const char *const LABELLED_BINARY_PATH = "/usr/bin/test-app-efl";
  21
  22 static const char *const SM_APP_ID1 = "sm_test_app_id_double";
  23 static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
  24
  25 static const char *const SM_APP_ID2 = "sm_test_app_id_full";
  26 static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
  27
  28 static const privileges_t SM_ALLOWED_PRIVILEGES = {
  29     "security_manager_test_rules2_r",
  30     "security_manager_test_rules2_no_r"
  31 };
  32
  33 static const privileges_t SM_DENIED_PRIVILEGES  = {
  34     "security_manager_test_rules1",
  35     "security_manager_test_rules2"
  36 };
  37
  38 static const char *const XATTR_NAME_TIZENEXEC =  XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
  39
  40 static const rules_t SM_ALLOWED_RULES = {
  41     { USER_APP_ID, "test_sm_book_8", "r" },
  42     { USER_APP_ID, "test_sm_book_9", "w" },
  43     { USER_APP_ID, "test_sm_book_10", "x" },
  44     { USER_APP_ID, "test_sm_book_11", "rw" },
  45     { USER_APP_ID, "test_sm_book_12", "rx" },
  46     { USER_APP_ID, "test_sm_book_13", "wx" },
  47     { USER_APP_ID, "test_sm_book_14", "rwx" },
  48     { USER_APP_ID, "test_sm_book_15", "rwxat" },
  49     { "test_sm_subject_8", USER_APP_ID, "r" },
  50     { "test_sm_subject_9", USER_APP_ID, "w" },
  51     { "test_sm_subject_10", USER_APP_ID, "x" },
  52     { "test_sm_subject_11", USER_APP_ID, "rw" },
  53     { "test_sm_subject_12", USER_APP_ID, "rx" },
  54     { "test_sm_subject_13", USER_APP_ID, "wx" },
  55     { "test_sm_subject_14", USER_APP_ID, "rwx" },
  56     { "test_sm_subject_15", USER_APP_ID, "rwxat" }
  57 };
  58 static const rules_t SM_DENIED_RULES = {
  59     { USER_APP_ID, "test_sm_book_1", "r" },
  60     { USER_APP_ID, "test_sm_book_2", "w" },
  61     { USER_APP_ID, "test_sm_book_3", "x" },
  62     { USER_APP_ID, "test_sm_book_4", "rw" },
  63     { USER_APP_ID, "test_sm_book_5", "rx" },
  64     { USER_APP_ID, "test_sm_book_6", "wx" },
  65     { USER_APP_ID, "test_sm_book_7", "rwx" },
  66     { "test_sm_subject_1", USER_APP_ID, "r" },
  67     { "test_sm_subject_2", USER_APP_ID, "w" },
  68     { "test_sm_subject_3", USER_APP_ID, "x" },
  69     { "test_sm_subject_4", USER_APP_ID, "rw" },
  70     { "test_sm_subject_5", USER_APP_ID, "rx" },
  71     { "test_sm_subject_6", USER_APP_ID, "wx" },
  72     { "test_sm_subject_7", USER_APP_ID, "rwx" }
  73 };
  74
  75 static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir";
  76 static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public";
  77 static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
  78 static const char *const SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
  79
  80
  81 static bool isLinkToExec(const char *fpath, const struct stat *sb)
  82 {
  83
  84     struct stat buf;
  85     char *target;
  86     int ret;
  87
  88     // check if it's a link
  89     if ( !S_ISLNK(sb->st_mode))
  90         return false;
  91
  92     target = realpath(fpath, NULL);
  93     RUNNER_ASSERT_MSG_BT(target != 0, "Could not obtain real path from link.");
  94
  95     ret = stat(target, &buf);
  96     RUNNER_ASSERT_MSG_BT(ret == 0, "Could not obtain real path's stat from link.");
  97
  98     if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG))
  99         return false;
 100
 101
 102     return true;
 103 }
 104
 105 static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
 106                               const char* correctLabel, bool transmute_test, bool exec_test)
 107 {
 108     int result;
 109     CStringPtr labelPtr;
 110     char* label = NULL;
 111
 112     /* ACCESS */
 113     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
 114     RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
 115     labelPtr.reset(label);
 116     RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set");
 117     result = strcmp(correctLabel, label);
 118     RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"
 119             " (should be '" << correctLabel << "' and is '" << label << "')");
 120
 121
 122     /* EXEC */
 123     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
 124     RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
 125     labelPtr.reset(label);
 126
 127     if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
 128         RUNNER_ASSERT_MSG_BT(label != NULL, "EXEC label on " << fpath << " is not set");
 129         result = strcmp(correctLabel, label);
 130         RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect EXEC label on executable file " << fpath);
 131     } else
 132         RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
 133
 134
 135     /* LINK TO EXEC */
 136     if (isLinkToExec(fpath, sb) && exec_test) {
 137         char buf[SMACK_LABEL_LEN+1];
 138         result = lgetxattr(fpath, XATTR_NAME_TIZENEXEC, buf, sizeof(buf));
 139         RUNNER_ASSERT_MSG_BT(result != -1, "Could not get label for the path "
 140                 << fpath << "("<<strerror(errno)<<")");
 141         buf[result]='\0';
 142         result = strcmp(correctLabel, buf);
 143         RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect TIZEN_EXEC_LABEL attribute"
 144                 " on link to executable " << fpath);
 145     }
 146
 147
 148
 149     /* TRANSMUTE */
 150     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
 151     RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
 152     labelPtr.reset(label);
 153
 154     if (S_ISDIR(sb->st_mode) && transmute_test == true) {
 155         RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set at all");
 156         RUNNER_ASSERT_MSG_BT(strcmp(label,"TRUE") == 0,
 157                 "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
 158     } else {
 159         RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set");
 160     }
 161
 162     return 0;
 163 }
 164
 165
 166 static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
 167                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
 168 {
 169     return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
 170 }
 171
 172 static int nftw_check_sm_labels_app_public_dir(const char *fpath, const struct stat *sb,
 173                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
 174 {
 175
 176     return nftw_check_sm_labels_app_dir(fpath, sb, "User", true, false);
 177 }
 178
 179 static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
 180                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
 181 {
 182
 183     return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
 184 }
 185
 186 static app_inst_req* do_app_inst_req_new()
 187 {
 188     int result;
 189     app_inst_req *req = NULL;
 190
 191     result = security_manager_app_inst_req_new(&req);
 192     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 193             "creation of new request failed. Result: " << result);
 194     RUNNER_ASSERT_MSG_BT(req != NULL, "creation of new request did not allocate memory");
 195     return req;
 196 }
 197
 198 static void prepare_app_path()
 199 {
 200     int result;
 201
 202     result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
 203     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
 204
 205     result = nftw(SM_PUBLIC_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
 206     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_PATH);
 207
 208     result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
 209     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
 210
 211     result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
 212     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
 213 }
 214
 215 static void prepare_app_env()
 216 {
 217     prepare_app_path();
 218 }
 219
 220 /* TODO: add parameters to this function */
 221 static void check_app_path_after_install()
 222 {
 223     int result;
 224
 225     result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
 226     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
 227
 228     result = nftw(SM_PUBLIC_PATH, &nftw_check_sm_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
 229     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_PATH);
 230
 231     result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
 232     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
 233
 234     result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
 235     RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
 236 }
 237
 238 static void check_app_permissions(const char *const app_id, const char *const pkg_id,
 239                                   const privileges_t &allowed_privs, const privileges_t &denied_privs,
 240                                   const rules_t &allowed_rules, const rules_t &denied_rules)
 241 {
 242     bool result;
 243
 244     result = check_all_accesses(smack_check(), allowed_rules);
 245     RUNNER_ASSERT_MSG_BT(result, "Permissions not added.");
 246     result = check_no_accesses(smack_check(), denied_rules);
 247     RUNNER_ASSERT_MSG_BT(result, "Permissions added.");
 248
 249     /* TODO: USER_APP_ID is hardcoded in the following checks, because libprivilege always generate
 250      *       label "User" for all installed apps. Adjust it when libprivilege is upgraded. */
 251     (void)app_id; // unused parameter
 252     (void)pkg_id; // unused parameter
 253
 254     for (auto it = allowed_privs.begin(); it != allowed_privs.end(); ++it)
 255         check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), true);
 256
 257     for (auto it = denied_privs.begin(); it != denied_privs.end(); ++it)
 258         check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), false);
 259 }
 260
 261 static void check_app_after_install(const char *const app_id, const char *const pkg_id,
 262                                     const privileges_t &allowed_privs, const privileges_t &denied_privs,
 263                                     const rules_t &allowed_rules, const rules_t &denied_rules)
 264 {
 265     TestSecurityManagerDatabase dbtest;
 266     dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
 267     dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
 268
 269     check_app_permissions(app_id, pkg_id,
 270                           allowed_privs, denied_privs,
 271                           allowed_rules, denied_rules);
 272 }
 273
 274 static void check_app_after_install(const char *const app_id, const char *const pkg_id)
 275 {
 276     TestSecurityManagerDatabase dbtest;
 277     dbtest.test_db_after__app_install(app_id, pkg_id);
 278 }
 279
 280 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
 281                                       const privileges_t &privileges, const bool is_pkg_removed)
 282 {
 283     TestSecurityManagerDatabase dbtest;
 284     dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
 285 }
 286
 287 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
 288                                       const bool is_pkg_removed)
 289 {
 290     TestSecurityManagerDatabase dbtest;
 291     dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
 292 }
 293
 294 static void install_app(const char *app_id, const char *pkg_id)
 295 {
 296     int result;
 297     AppInstReqUniquePtr request;
 298     request.reset(do_app_inst_req_new());
 299
 300     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
 301     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 302             "setting app id failed. Result: " << result);
 303
 304     result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
 305     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 306             "setting pkg id failed. Result: " << result);
 307
 308     result = security_manager_app_install(request.get());
 309     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 310             "installing app failed. Result: " << result);
 311
 312     check_app_after_install(app_id, pkg_id);
 313
 314 }
 315
 316 static void uninstall_app(const char *app_id, const char *pkg_id,
 317         bool expect_installed, bool expect_pkg_removed)
 318 {
 319     int result;
 320     AppInstReqUniquePtr request;
 321     request.reset(do_app_inst_req_new());
 322
 323     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
 324     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 325           "setting app id failed. Result: " << result);
 326
 327     result = security_manager_app_uninstall(request.get());
 328     RUNNER_ASSERT_MSG_BT(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 329           "uninstalling app failed. Result: " << result);
 330
 331     check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
 332 }
 333
 334
 335 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
 336
 337
 338 RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
 339 {
 340     int result;
 341     AppInstReqUniquePtr request;
 342
 343     request.reset(do_app_inst_req_new());
 344
 345     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
 346     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 347             "setting app id failed. Result: " << result);
 348
 349     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
 350     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 351             "setting pkg id failed. Result: " << result);
 352
 353     result = security_manager_app_install(request.get());
 354     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 355             "installing app failed. Result: " << result);
 356
 357     result = security_manager_app_install(request.get());
 358     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 359             "installing already installed app failed. Result: " << result);
 360
 361     /* Check records in the security-manager database */
 362     check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
 363
 364     request.reset(do_app_inst_req_new());
 365
 366     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
 367     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 368             "setting app id failed. Result: " << result);
 369
 370     result = security_manager_app_uninstall(request.get());
 371     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 372             "uninstalling app failed. Result: " << result);
 373
 374     result = security_manager_app_uninstall(request.get());
 375     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 376             "uninstalling already uninstalled app failed. Result: " << result);
 377
 378     /* Check records in the security-manager database */
 379     check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
 380 }
 381
 382 RUNNER_TEST(security_manager_02_app_install_uninstall_full)
 383 {
 384     int result;
 385     AppInstReqUniquePtr request;
 386
 387     prepare_app_env();
 388
 389     request.reset(do_app_inst_req_new());
 390
 391     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
 392     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 393             "setting app id failed. Result: " << result);
 394
 395     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
 396     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 397             "setting pkg id failed. Result: " << result);
 398
 399     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
 400     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 401             "setting allowed permission failed. Result: " << result);
 402     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
 403     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 404             "setting allowed permission failed. Result: " << result);
 405
 406     result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
 407                                                     SECURITY_MANAGER_PATH_PRIVATE);
 408     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 409             "setting allowed path failed. Result: " << result);
 410
 411     result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_PATH,
 412                                                     SECURITY_MANAGER_PATH_PUBLIC);
 413     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 414             "setting allowed path failed. Result: " << result);
 415
 416     result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
 417                                                     SECURITY_MANAGER_PATH_PUBLIC_RO);
 418     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 419             "setting allowed path failed. Result: " << result);
 420
 421     result = security_manager_app_install(request.get());
 422     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 423             "installing app failed. Result: " << result);
 424
 425     /* Check records in the security-manager database */
 426     check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
 427                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES,
 428                             SM_ALLOWED_RULES, SM_DENIED_RULES);
 429
 430     /* TODO: add parameters to this function */
 431     check_app_path_after_install();
 432
 433     request.reset(do_app_inst_req_new());
 434
 435     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
 436     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 437             "setting app id failed. Result: " << result);
 438
 439     result = security_manager_app_uninstall(request.get());
 440     RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
 441             "uninstalling app failed. Result: " << result);
 442
 443     /* Check records in the security-manager database,
 444      * all previously allowed privileges should be removed */
 445     check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
 446                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
 447 }
 448
 449 RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_binary)
 450 {
 451     const char *const testBinaryPath    = LABELLED_BINARY_PATH;
 452     const char *const expectedLabel     = USER_APP_ID;
 453     int result;
 454     char *label = NULL;
 455     CStringPtr labelPtr;
 456
 457     result = security_manager_set_process_label_from_binary(testBinaryPath);
 458     RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
 459             "security_manager_set_process_label_from_binary(" <<
 460             testBinaryPath << ") failed. Result: " << result);
 461
 462     result = smack_new_label_from_self(&label);
 463     RUNNER_ASSERT_MSG_BT(result >= 0,
 464             " Error getting current process label");
 465     RUNNER_ASSERT_MSG_BT(label != NULL,
 466             " Process label is not set");
 467     labelPtr.reset(label);
 468
 469     result = strcmp(expectedLabel, label);
 470     RUNNER_ASSERT_MSG_BT(result == 0,
 471             " Process label is incorrect. Expected: \"" << expectedLabel << "\" Actual: \""
 472             << label << "\"");
 473 }
 474
 475 RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_binary_nosmack)
 476 {
 477     const char *const testBinaryPath = LABELLED_BINARY_PATH;
 478     int result;
 479
 480     result = security_manager_set_process_label_from_binary(testBinaryPath);
 481     RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
 482             "security_manager_set_process_label_from_binary(" <<
 483             testBinaryPath << ") failed. Result: " << result);
 484 }
 485
 486 RUNNER_CHILD_TEST_SMACK(security_manager_04_set_label_from_appid)
 487 {
 488     const char *const app_id = "sm_test_app_id_set_label_from_appid";
 489     const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
 490     const char *const expected_label = USER_APP_ID;
 491     char *label = NULL;
 492     CStringPtr labelPtr;
 493     int result;
 494
 495     uninstall_app(app_id, pkg_id, false, true);
 496     install_app(app_id, pkg_id);
 497
 498     result = security_manager_set_process_label_from_appid(app_id);
 499     RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
 500             "security_manager_set_process_label_from_appid(" <<
 501             app_id << ") failed. Result: " << result);
 502
 503     result = smack_new_label_from_self(&label);
 504     RUNNER_ASSERT_MSG_BT(result >= 0,
 505             " Error getting current process label");
 506     RUNNER_ASSERT_MSG_BT(label != NULL,
 507             " Process label is not set");
 508     labelPtr.reset(label);
 509
 510     result = strcmp(expected_label, label);
 511     RUNNER_ASSERT_MSG_BT(result == 0,
 512             " Process label is incorrect. Expected: \"" << expected_label <<
 513             "\" Actual: \"" << label << "\"");
 514
 515     uninstall_app(app_id, pkg_id, true, true);
 516 }
 517
 518 RUNNER_CHILD_TEST_NOSMACK(security_manager_04_set_label_from_appid_nosmack)
 519 {
 520     const char *const app_id = "sm_test_app_id_set_label_from_appid";
 521     const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
 522     int result;
 523
 524     uninstall_app(app_id, pkg_id, false, true);
 525     install_app(app_id, pkg_id);
 526
 527     result = security_manager_set_process_label_from_appid(app_id);
 528     RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
 529             "security_manager_set_process_label_from_appid(" <<
 530             app_id << ") failed. Result: " << result);
 531
 532     uninstall_app(app_id, pkg_id, true, true);
 533 }
 534
 535 int main(int argc, char *argv[])
 536 {
 537     SummaryCollector::Register();
 538     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
 539 }