projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
security-manager: test security_manager_set_process_groups_from_appid
[platform/core/test/security-tests.git] / tests / security-manager-tests / security_manager_tests.cpp
1 #include <dpl/test/test_runner.h>
2 #include <fcntl.h>
3 #include <stdio.h>
4 #include <memory.h>
5 #include <summary_collector.h>
6 #include <string>
7 #include <unordered_set>
8
9 #include <grp.h>
10
11 #include <libprivilege-control_test_common.h>
12 #include <tests_common.h>
13
14 #include <security-manager.h>
15 #include <sm_db.h>
16 #include <cynara_test_client.h>
17
18 DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
19
20 static const char *const LABELLED_BINARY_PATH = "/usr/bin/test-app-efl";
21
22 static const char *const SM_APP_ID1 = "sm_test_app_id_double";
23 static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
24
25 static const char *const SM_APP_ID2 = "sm_test_app_id_full";
26 static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
27
28 static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
29 static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
30
31 static const privileges_t SM_ALLOWED_PRIVILEGES = {
32     "security_manager_test_rules2_r",
33     "security_manager_test_rules2_no_r"
34 };
35
36 static const privileges_t SM_DENIED_PRIVILEGES  = {
37     "security_manager_test_rules1",
38     "security_manager_test_rules2"
39 };
40
41 static const privileges_t SM_NO_PRIVILEGES  = {
42 };
43
44 static const std::vector<gid_t> SM_ALLOWED_GIDS = {6001, 6002};
45
46 static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir";
47 static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public";
48 static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
49 static const char *const SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
50 static const char *const SM_PRIVATE_PATH_FOR_USER_5000 = "/home/app/securitytests/test_DIR";
51 static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
52
53 static void generateAppLabel(const std::string &pkgId, std::string &label)
54 {
55     (void) pkgId;
56     label = "User";
57 }
58
59 static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
60                               const char* correctLabel, bool transmute_test, bool exec_test)
61 {
62     int result;
63     CStringPtr labelPtr;
64     char* label = nullptr;
65
66     /* ACCESS */
67     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
68     RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
69     labelPtr.reset(label);
70     RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
71     result = strcmp(correctLabel, label);
72     RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
73             " (should be '" << correctLabel << "' and is '" << label << "')");
74
75
76     /* EXEC */
77     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
78     RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
79     labelPtr.reset(label);
80
81     if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
82         RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
83         result = strcmp(correctLabel, label);
84         RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
85     } else
86         RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
87
88
89     /* TRANSMUTE */
90     result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
91     RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
92     labelPtr.reset(label);
93
94     if (S_ISDIR(sb->st_mode) && transmute_test == true) {
95         RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
96         RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
97                 "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
98     } else {
99         RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
100     }
101
102     return 0;
103 }
104
105
106 static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
107                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
108 {
109     return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
110 }
111
112 static int nftw_check_sm_labels_app_public_dir(const char *fpath, const struct stat *sb,
113                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
114 {
115
116     return nftw_check_sm_labels_app_dir(fpath, sb, "User", true, false);
117 }
118
119 static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
120                                int /*typeflag*/, struct FTW* /*ftwbuf*/)
121 {
122
123     return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
124 }
125
126 static app_inst_req* do_app_inst_req_new()
127 {
128     int result;
129     app_inst_req *req = nullptr;
130
131     result = security_manager_app_inst_req_new(&req);
132     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
133             "creation of new request failed. Result: " << result);
134     RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory");
135     return req;
136 }
137
138 static void prepare_app_path()
139 {
140     int result;
141
142     result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
143     RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
144
145     result = nftw(SM_PUBLIC_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
146     RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_PATH);
147
148     result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
149     RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
150
151     result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
152     RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
153 }
154
155 static void prepare_app_env()
156 {
157     prepare_app_path();
158 }
159
160 /* TODO: add parameters to this function */
161 static void check_app_path_after_install()
162 {
163     int result;
164
165     result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
166     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
167
168     result = nftw(SM_PUBLIC_PATH, &nftw_check_sm_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
169     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_PATH);
170
171     result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
172     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
173
174     result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
175     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
176 }
177
178
179 static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
180                                   const privileges_t &allowed_privs, const privileges_t &denied_privs)
181 {
182     (void) app_id;
183     std::string smackLabel;
184     generateAppLabel(pkg_id, smackLabel);
185
186     CynaraTestClient ctc;
187
188     for (auto &priv : allowed_privs) {
189         ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_SUCCESS);
190     }
191
192     for (auto &priv : denied_privs) {
193         ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
194     }
195 }
196
197 static void check_app_gids(const char *const app_id, const std::vector<gid_t> &allowed_gids)
198 {
199     int ret;
200     gid_t main_gid = getgid();
201     std::unordered_set<gid_t> reference_gids(allowed_gids.begin(), allowed_gids.end());
202
203     // Reset supplementary groups
204     ret = setgroups(0, NULL);
205     RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
206
207     ret = security_manager_set_process_groups_from_appid(app_id);
208     RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS,
209             "security_manager_set_process_groups_from_appid(" <<
210             app_id << ") failed. Result: " << ret);
211
212     ret = getgroups(0, nullptr);
213     RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
214
215     std::vector<gid_t> actual_gids(ret);
216     ret = getgroups(ret, actual_gids.data());
217     RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
218
219     for (const auto &gid : actual_gids) {
220         RUNNER_ASSERT_MSG(gid == main_gid || reference_gids.count(gid) > 0,
221             "Application shouldn't get access to group " << gid);
222         reference_gids.erase(gid);
223     }
224
225     RUNNER_ASSERT_MSG(reference_gids.empty(), "Application didn't get access to some groups");
226 }
227
228 static void check_app_after_install(const char *const app_id, const char *const pkg_id,
229                                     const privileges_t &allowed_privs,
230                                     const privileges_t &denied_privs,
231                                     const std::vector<gid_t> &allowed_gids)
232 {
233     TestSecurityManagerDatabase dbtest;
234     dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
235     dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
236
237     /*Privileges should be granted to all users if root installs app*/
238     check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
239
240     /* Setup mapping of gids to privileges */
241     /* Do this for each privilege for extra check */
242     for (const auto &privilege : allowed_privs) {
243         dbtest.setup_privilege_gids(privilege, allowed_gids);
244     }
245
246     check_app_gids(app_id, allowed_gids);
247 }
248
249 static void check_app_after_install(const char *const app_id, const char *const pkg_id)
250 {
251     TestSecurityManagerDatabase dbtest;
252     dbtest.test_db_after__app_install(app_id, pkg_id);
253 }
254
255 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
256                                       const privileges_t &privileges, const bool is_pkg_removed)
257 {
258     TestSecurityManagerDatabase dbtest;
259     dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
260
261
262     /*Privileges should not be granted anymore to any user*/
263     check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
264 }
265
266 static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
267                                       const bool is_pkg_removed)
268 {
269     TestSecurityManagerDatabase dbtest;
270     dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
271 }
272
273 static void install_app(const char *app_id, const char *pkg_id)
274 {
275     int result;
276     AppInstReqUniquePtr request;
277     request.reset(do_app_inst_req_new());
278
279     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
280     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
281             "setting app id failed. Result: " << result);
282
283     result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
284     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
285             "setting pkg id failed. Result: " << result);
286
287     result = security_manager_app_install(request.get());
288     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
289             "installing app failed. Result: " << result);
290
291     check_app_after_install(app_id, pkg_id);
292
293 }
294
295 static void uninstall_app(const char *app_id, const char *pkg_id,
296         bool expect_installed, bool expect_pkg_removed)
297 {
298     int result;
299     AppInstReqUniquePtr request;
300     request.reset(do_app_inst_req_new());
301
302     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
303     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
304           "setting app id failed. Result: " << result);
305
306     result = security_manager_app_uninstall(request.get());
307     RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
308           "uninstalling app failed. Result: " << result);
309
310     check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
311 }
312
313
314 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
315
316
317 RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
318 {
319     int result;
320     AppInstReqUniquePtr request;
321
322     request.reset(do_app_inst_req_new());
323
324     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
325     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
326             "setting app id failed. Result: " << result);
327
328     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
329     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
330             "setting pkg id failed. Result: " << result);
331
332     result = security_manager_app_install(request.get());
333     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
334             "installing app failed. Result: " << result);
335
336     result = security_manager_app_install(request.get());
337     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
338             "installing already installed app failed. Result: " << result);
339
340     /* Check records in the security-manager database */
341     check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
342
343     request.reset(do_app_inst_req_new());
344
345     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
346     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
347             "setting app id failed. Result: " << result);
348
349     result = security_manager_app_uninstall(request.get());
350     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
351             "uninstalling app failed. Result: " << result);
352
353     result = security_manager_app_uninstall(request.get());
354     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
355             "uninstalling already uninstalled app failed. Result: " << result);
356
357     /* Check records in the security-manager database */
358     check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
359 }
360
361 RUNNER_TEST(security_manager_02_app_install_uninstall_full)
362 {
363     int result;
364     AppInstReqUniquePtr request;
365
366     prepare_app_env();
367
368     request.reset(do_app_inst_req_new());
369
370     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
371     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
372             "setting app id failed. Result: " << result);
373
374     result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
375     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
376             "setting pkg id failed. Result: " << result);
377
378     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
379     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
380             "setting allowed permission failed. Result: " << result);
381     result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
382     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
383             "setting allowed permission failed. Result: " << result);
384
385     result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
386                                                     SECURITY_MANAGER_PATH_PRIVATE);
387     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
388             "setting allowed path failed. Result: " << result);
389
390     result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_PATH,
391                                                     SECURITY_MANAGER_PATH_PUBLIC);
392     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
393             "setting allowed path failed. Result: " << result);
394
395     result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
396                                                     SECURITY_MANAGER_PATH_PUBLIC_RO);
397     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
398             "setting allowed path failed. Result: " << result);
399
400     result = security_manager_app_install(request.get());
401     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
402             "installing app failed. Result: " << result);
403
404     /* Check records in the security-manager database */
405     check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
406                             SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GIDS);
407
408     /* TODO: add parameters to this function */
409     check_app_path_after_install();
410
411     request.reset(do_app_inst_req_new());
412
413     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
414     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
415             "setting app id failed. Result: " << result);
416
417     result = security_manager_app_uninstall(request.get());
418     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
419             "uninstalling app failed. Result: " << result);
420
421     /* Check records in the security-manager database,
422      * all previously allowed privileges should be removed */
423     check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
424                               SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
425 }
426
427 RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_binary)
428 {
429     const char *const testBinaryPath    = LABELLED_BINARY_PATH;
430     const char *const expectedLabel     = USER_APP_ID;
431     int result;
432     char *label = nullptr;
433     CStringPtr labelPtr;
434
435     result = security_manager_set_process_label_from_binary(testBinaryPath);
436     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
437             "security_manager_set_process_label_from_binary(" <<
438             testBinaryPath << ") failed. Result: " << result);
439
440     result = smack_new_label_from_self(&label);
441     RUNNER_ASSERT_MSG(result >= 0,
442             " Error getting current process label");
443     RUNNER_ASSERT_MSG(label != nullptr,
444             " Process label is not set");
445     labelPtr.reset(label);
446
447     result = strcmp(expectedLabel, label);
448     RUNNER_ASSERT_MSG(result == 0,
449             " Process label is incorrect. Expected: \"" << expectedLabel << "\" Actual: \""
450             << label << "\"");
451 }
452
453 RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_binary_nosmack)
454 {
455     const char *const testBinaryPath = LABELLED_BINARY_PATH;
456     int result;
457
458     result = security_manager_set_process_label_from_binary(testBinaryPath);
459     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
460             "security_manager_set_process_label_from_binary(" <<
461             testBinaryPath << ") failed. Result: " << result);
462 }
463
464 RUNNER_CHILD_TEST_SMACK(security_manager_04_set_label_from_appid)
465 {
466     const char *const app_id = "sm_test_app_id_set_label_from_appid";
467     const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
468     const char *const expected_label = USER_APP_ID;
469     char *label = nullptr;
470     CStringPtr labelPtr;
471     int result;
472
473     uninstall_app(app_id, pkg_id, false, true);
474     install_app(app_id, pkg_id);
475
476     result = security_manager_set_process_label_from_appid(app_id);
477     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
478             "security_manager_set_process_label_from_appid(" <<
479             app_id << ") failed. Result: " << result);
480
481     result = smack_new_label_from_self(&label);
482     RUNNER_ASSERT_MSG(result >= 0,
483             " Error getting current process label");
484     RUNNER_ASSERT_MSG(label != nullptr,
485             " Process label is not set");
486     labelPtr.reset(label);
487
488     result = strcmp(expected_label, label);
489     RUNNER_ASSERT_MSG(result == 0,
490             " Process label is incorrect. Expected: \"" << expected_label <<
491             "\" Actual: \"" << label << "\"");
492
493     uninstall_app(app_id, pkg_id, true, true);
494 }
495
496 RUNNER_CHILD_TEST_NOSMACK(security_manager_04_set_label_from_appid_nosmack)
497 {
498     const char *const app_id = "sm_test_app_id_set_label_from_appid";
499     const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
500     int result;
501
502     uninstall_app(app_id, pkg_id, false, true);
503     install_app(app_id, pkg_id);
504
505     result = security_manager_set_process_label_from_appid(app_id);
506     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
507             "security_manager_set_process_label_from_appid(" <<
508             app_id << ") failed. Result: " << result);
509
510     uninstall_app(app_id, pkg_id, true, true);
511 }
512
513
514
515 static void prepare_request(AppInstReqUniquePtr &request,
516               const char *const app_id,
517               const char *const pkg_id,
518               app_install_path_type pathType,
519               const char *const path)
520 {
521     int result;
522     request.reset(do_app_inst_req_new());
523
524     result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
525     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
526             "setting app id failed. Result: " << result);
527
528     result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
529     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
530             "setting pkg id failed. Result: " << result);
531
532     result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
533     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
534             "setting allowed path failed. Result: " << result);
535 }
536
537
538
539 RUNNER_CHILD_TEST(security_manager_05_app_install_uninstall_by_uid_5000)
540 {
541     int result;
542     AppInstReqUniquePtr request;
543     const std::string user =  std::to_string(static_cast<unsigned int>(APP_UID));
544
545
546     //switch user to non-root
547     result = drop_root_privileges();
548     RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
549
550     //install app as non-root user and try to register public path (should fail)
551     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER_5000);
552
553     result = security_manager_app_install(request.get());
554     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
555             "installing app not failed. Result: " << result);
556
557     //install app as non-root user
558     //should fail (non-root users may only register folders inside their home)
559     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
560
561     result = security_manager_app_install(request.get());
562     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
563             "installing app not failed. Result: " << result);
564
565     //install app as non-root user
566     //should succeed - this time i register folder inside user's home dir
567     prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER_5000);
568
569     for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
570         result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
571         RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
572             "setting allowed permission failed. Result: " << result);
573     }
574
575     result = security_manager_app_install(request.get());
576     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
577             "installing app failed. Result: " << result);
578
579     check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
580
581     //uninstall app as non-root user
582     request.reset(do_app_inst_req_new());
583
584     result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
585     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
586             "setting app id failed. Result: " << result);
587
588     result = security_manager_app_uninstall(request.get());
589     RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
590             "uninstalling app failed. Result: " << result);
591
592     check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
593 }
594
595
596 int main(int argc, char *argv[])
597 {
598     SummaryCollector::Register();
599     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
600 }
Domain: Security / Uncategorized;