-}
-
-/**
- * Next three functions are defined only because of NOSMACK environment.
- *
- * Inside check_labels_dir_nosmack, smack_have_access should expect error, not access granted.
- */
-int check_labels_dir_nosmack(const char *fpath, const struct stat *sb,
- const char *labels_db_path, const char *dir_db_path,
- const char *access)
-{
- int result;
- char* label;
- char* label_gen;
- char label_temp[SMACK_LABEL_LEN + 1];
- std::fstream fs_db;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path. Result: " << result);
- RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- if (result != 0) {
- free(label_gen);
- RUNNER_ASSERT_MSG(false, "Could not get label for the path. Result: " << result);
- }
- if (label != NULL) {
- free(label_gen);
- free(label);
- RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
- }
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- if (result != 0) {
- free(label_gen);
- free(label);
- RUNNER_ASSERT_MSG(false, "Could not get label for the path. Result: " << result);
- }
- if (S_ISDIR(sb->st_mode)) {
- if (label == NULL) {
- free(label_gen);
- free(label);
- RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
- }
- result = strcmp("TRUE", label);
- if (result != 0) {
- free(label_gen);
- free(label);
- RUNNER_ASSERT_MSG(false,
- "TRANSMUTE label on " << fpath << " is not set to TRUE Result: " << result);
- }
- } else if (label != NULL) {
- free(label_gen);
- free(label);
- RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
- }
-
- free(label);
-
- fs_db.open(labels_db_path, std::ios_base::in);
- if (!(fs_db.good())) {
- free(label_gen);
- RUNNER_ASSERT_MSG(false, "Can not open database for apps");
- }
-
- while(!fs_db.eof()) {
- fs_db.getline(label_temp, 255);
- result = smack_have_access(label_temp, label_gen, access);
- if (result != -1) { //expect error, not access granted
- free(label_gen);
- RUNNER_ASSERT_MSG(false, "smack_have_access should fail. Result: " << result);
- }
- }
-
- fs_db.close();
-
- fs_db.open(dir_db_path, std::ios_base::in);
- if (!fs_db.good()) {
- free(label_gen);
- RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
- }
-
- bool is_dir = false;
- while(!fs_db.eof()) {
- fs_db.getline(label_temp, 255);
- if (strcmp(label_gen, label_temp) == 0) {
- is_dir = true;
- break;
- }
- }
-
- free(label_gen);
-
- RUNNER_ASSERT_MSG(is_dir, "Error autogenerated label is not in dirs db.");
-
- return 0;
-}
-
-int nftw_check_labels_app_public_dir_nosmack(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return check_labels_dir_nosmack(fpath, sb,
- SMACK_APPS_LABELS_DATABASE,
- SMACK_PUBLIC_DIRS_DATABASE, "rx");
-}
-
-int nftw_check_labels_app_settings_dir_nosmack(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return check_labels_dir_nosmack(fpath, sb,
- SMACK_APPS_SETTINGS_LABELS_DATABASE,
- SMACK_SETTINGS_DIRS_DATABASE, "rwx");
-}
-
-/**
- * NOSMACK version of privilege_control18 test.
- *
- * Uses NOSMACK version of nftw_check_labels_app_public_dir.
- */
-RUNNER_TEST_NOSMACK(privilege_control18_app_setup_path_public_nosmack)
-{
- int result;
-
- cleaning_smack_database_files();
- add_lables_to_db();
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_APP_DIR << ". Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR << ". Result: " << result);
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed. Result: " << result);
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_dir_nosmack, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to check Smack labels for shared app dir. Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to check Smack labels for non-app dir. Result: " << result);
-
- cleaning_smack_database_files();
-}
-
-/**
- * NOSMACK version of privilege_control19 test.
- *
- * Uses NOSMACK version of nftw_check_labels_app_settings_dir.
- */
-RUNNER_TEST_NOSMACK(privilege_control19_app_setup_path_settings_nosmack)
-{
- int result;
-
- cleaning_smack_database_files();
- add_lables_to_db();
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_APP_DIR << ". Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR << ". Result: " << result);
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed. Result: " << result);
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_settings_dir_nosmack, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to check Smack labels for shared app dir. Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to check Smack labels for non-app dir. Result: " << result);
-
- cleaning_smack_database_files();
-}
-
-/**
- * NOSMACK version of privielge_control21b test.
- *
- * Instead of error caused by incorrect params expect access granted, becuase SMACK is off.
- */
-RUNNER_TEST_NOSMACK(privilege_control21b_incorrect_params_smack_pid_have_access_nosmack)
-{
- int result = smack_pid_have_access(PID_CORRECT, "some_object", NULL);
- RUNNER_ASSERT_MSG(result == 1,
- "smack_pid_have_access should return access granted. Result: " << result);
-
- result = smack_pid_have_access(PID_CORRECT, NULL, "rw");
- RUNNER_ASSERT_MSG(result == 1,
- "smack_pid_have_access should return access granted. Result: " << result);
-
- result = smack_pid_have_access(PID_CORRECT, NULL, "rw");
- RUNNER_ASSERT_MSG(result == 1,
- "smack_pid_have_access should return access granted. Result: " << result);
-
- result = smack_pid_have_access(PID_INCORRECT, "some_object", "rw");
- RUNNER_ASSERT_MSG(result == 1,
- "smack_pid_have_access should return access granted. Result: " << result);
-}
-
-/**
- * Test - Simulation of 100 installations and uninstallations of one application.
- * Installed application will have various kind of permissions from api
- * features and shared folders.
- */
-RUNNER_TEST(privilege_control22_app_installation_1x100)
-{
- int result;
- std::string shared_dir_auto_label;
-
- // Clear any previously created apps, files, labels and permissions
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_APP_DIR
- << ". Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_NON_APP_DIR
- << ". Result: " << result);
-
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
-
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
- // remove api features by deleting files
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
-
- cleaning_smack_database_files();
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling App-Setting permissions. Result: " << result);
-
- // Install one additional app (used to check perm to shared directories)
- result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
-
- // Check whether api-feature's smack files are created
-// TODO Remove this check when new database is introduced
- result = file_exists(FILE_PATH_TEST_OSP_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test OSP Api Feature file is not created.");
- result = file_exists(FILE_PATH_TEST_WGT_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test WGT API Feature file is not created.");
-
- // Install app loop
- for (int i = 0; i < 100; ++i)
- {
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Loop index: " << i
- << ". Result: " << result);
-
- // add persistent api feature permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from OSP Feature. Loop index: "
- << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. Loop index: "
- << i << ". Result: " << result);
-
- // add shared dirs
- switch (i%2) // separate odd and even loop runs
- {
- case 0: // Shared dirs: APP_PATH_PRIVATE & APP_PATH_PUBLIC_RO
- {
- // Add app shared dir - APP_PATH_PRIVATE
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Verify that some previously installed app does not have any acces
- // to APP_ID private label
- result = test_have_any_accesses(rules_to_test_any_access1);
- RUNNER_ASSERT_MSG(result == 0,
- "Error - other app has access to private label. Loop index: "
- << i);
-
- // Get autogenerated Public RO label
- char *label;
- result = smack_getlabel(TEST_NON_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, shared_dir_auto_label.c_str(), "rwxatl" },
- { TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Public RO dir are granted. Loop index: "
- << i);
-
- break;
- }
- case 1: // Shared dirs: APP_PATH_APPSETTING_RW & APP_PATH_GROUP_RW
- {
- // Add app shared dir - APP_PATH_SETTINGS_RW
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Get autogenerated App-Setting label
- char *label;
- result = smack_getlabel(TEST_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app dir
- // and rx permissions to app
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, shared_dir_auto_label.c_str(), "rwxatl" },
- { APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx" },
- { APP_TEST_SETTINGS_ASP1, APP_ID, "rx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to App-Setting dir are granted. Loop index: "
- << i);
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, APPID_SHARED_DIR, "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- break;
- }
- } // END switch
-
- // check if api-features permissions are added properly
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added. Loop index: "
- << i);
-
- // revoke permissions
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
- result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
-
- // check if api-features permissions are removed properly
- result = test_have_any_accesses(rules_to_test_any_access2);
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions revoked. Loop index: " << i);
-
- // check if shared dir and app-setting permissions are removed properly
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(APP_ID, shared_dir_auto_label.c_str()));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(APP_ID, APPID_SHARED_DIR));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(TEST_OSP_FEATURE_APP_ID,
- shared_dir_auto_label.c_str()));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(APP_TEST_SETTINGS_ASP1,
- shared_dir_auto_label.c_str()));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
-
- // remove labels from app folder
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
- // remove labels from shared folder
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
-
- // uninstall app
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Loop index: " << i
- << ". Result: " << result);
- } // END Install app loop
-
- // Uninstall setting app and additional app
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- // Remove api features
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
-
- cleaning_smack_database_files();
-}
-
-/**
- * Test - Simulation of 10 installations and uninstallations of set of 10 applications.
- * Installed applications will have various kind of permissions to each other
- * from api-features and shared folders.
- *
- * APP_TEST_SETTINGS_ASP1 ("test-app-settings-asp1") - registered as setting app
- *
- * Permissions:
- * test_APP0-4 - receive test_osp_feature_rule_set2
- * test_APP5-9 - receive test_wgt_feature_rule_set2
- *
- * During this test there is one directory created for each app for each loop run,
- * dir name syntax is: /tmp/<app_name>_<i-loop_run>
- *
- * test_APP0 & test_APP5 register their directories as APP_PATH_PRIVATE
- * test_APP1, test_APP2 & test_APP6 register their directories as
- * APP_PATH_GROUP_RW using the same label
- * APPID_SHARED_DIR = "test_APP_ID_shared_dir"
- * test_APP3, test_APP7 & test_APP8 register their directories as
- * APP_PATH_PUBLIC_RO
- * test_APP4 & test_APP9 register their directories as
- * APP_PATH_SETTINGS_RW
- */
-RUNNER_TEST(privilege_control23_app_installation2_10x10)
-{
- int result;
- const int app_count = 10;
- std::string shared_dir3_auto_label;
- std::string shared_dir7_auto_label;
- std::string shared_dir8_auto_label;
- std::string setting_dir4_auto_label;
- std::string setting_dir9_auto_label;
- char app_ids[app_count][strlen(APP_ID) + 3];
- char app_dirs[app_count][strlen(APP_ID) + 12];
- const char *test_osp_feature_rule_set2[] = { "~APP~ " APP_ID "6 r",
- "~APP~ " APP_ID "7 rxl",
- "~APP~ " APP_ID "8 rwxal",
- "~APP~ " APP_ID "9 rwxatl",
- NULL };
- const char *test_wgt_feature_rule_set2[] = { "~APP~ " APP_ID "1 r",
- "~APP~ " APP_ID "2 rxl",
- "~APP~ " APP_ID "3 rwxal",
- "~APP~ " APP_ID "4 rwxatl",
- NULL };
-
-
- // generate app ids: test_APP0, test_APP1, test_APP2 etc
- for (int i = 0; i < app_count; ++i)
- {
- result = sprintf(app_ids[i], APP_ID "%d", i);
- RUNNER_ASSERT_MSG(result > 0, "Cannot generate name for app nr: " << i);
- }
-
- // Clear any previously created apps, files, labels and permissions
- for (int i = 0; i < app_count; ++i)
- {
- result = perm_app_revoke_permissions(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions for app: "
- << app_ids[i] << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[i] << ". Result: " << result);
- }
-
- // remove api feature by deleting the file
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
-
- cleaning_smack_database_files();
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions."
- << " Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall."
- << " Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install."
- << " Result: " << result);
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling App-Setting permissions."
- << " Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set2, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set2, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
-
- // Check whether api-feature's smack files are created
-// TODO Remove this check when new database is introduced
- result = file_exists(FILE_PATH_TEST_OSP_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test OSP Api Feature file is not created.");
- result = file_exists(FILE_PATH_TEST_WGT_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test WGT API Feature file is not created.");
-
- // Install apps loop
- for (int i = 0; i < 10; ++i)
- {
- // Install 10 apps
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_install(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. App id: "
- << app_ids[j]
- << " Loop index: " << i
- << ". Result: " << result);
-
- // Create 10 directories
- result = sprintf(app_dirs[j],"/tmp/" APP_ID "%d_%d", j, i);
- RUNNER_ASSERT_MSG(result > 0,
- "Cannot generate directory name for app nr: " << j
- << " Loop index: " << i);
- result = mkdir(app_dirs[j], S_IRWXU | S_IRGRP | S_IXGRP);
- RUNNER_ASSERT_MSG(result == 0 || errno == EEXIST,
- "Cannot create directory: " << app_dirs[j]);
- result = nftw(app_dirs[j], &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << app_dirs[j]
- << ". Result: " << result);
- }
-
- // Give permissions from api-features
- for (int j = 0; j < (app_count/2); ++j)
- {
- // add persistent api feature permissions
- result = perm_app_enable_permissions(app_ids[j], APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from OSP Feature. App id: "
- << app_ids[j] << " Loop index: " << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(app_ids[j+5], APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. App id: "
- << app_ids[j] << " Loop index: " << i << ". Result: " << result);
- }
-
- // Add app shared dirs - APP_PATH_PRIVATE (apps 0, 5)
- result = perm_app_setup_path(app_ids[0], app_dirs[0], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[0]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[5], app_dirs[5], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[5]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW (apps 1, 2, 6)
- result = perm_app_setup_path(app_ids[1], app_dirs[1],
- APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[2], app_dirs[2],
- APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[2]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[6], app_dirs[6],
- APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[6]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO (apps 3, 7, 8)
- result = perm_app_setup_path(app_ids[3], app_dirs[3],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[7], app_dirs[7],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[7]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[8], app_dirs[8],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[8]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_SETTINGS_RW (apps ,4, 9)
- result = perm_app_setup_path(app_ids[4], app_dirs[4],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[4]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[9], app_dirs[9],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[9]
- << " Loop index: " << i << ". Result: " << result);
-
- // Verify that some previously installed app does not have
- // any acces to app 0 and app 5 PRIVATE folders
- for (int j = 0; j < app_count; ++j)
- {
- // Apps 1-9 should not have any access to app 0
- if (j != 0)
- {
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0])
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[0] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
-
- // Apps 0-4 and 6-9 should not have any access to app 5
- if (j != 5)
- {
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5])
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[5] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
- } // End for Verify PRIVATE
-
- // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[1], APPID_SHARED_DIR, "rwxatl" },
- { app_ids[2], APPID_SHARED_DIR, "rwxatl" },
- { app_ids[6], APPID_SHARED_DIR, "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- // Get autogenerated Public_RO labels
- char *label;
- result = smack_getlabel(app_dirs[3], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[3]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir3_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[7], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[7]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir7_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[8], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[8]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir8_auto_label = label;
- free(label);
-
- // Verify that all apps have ro permissions to public folders of apps 3, 7 and 8
- // Also apps 3, 7 and 8 should have all permisisons to their own PUBLIC_RO dirs
- for (int j = 0; j < app_count; ++j)
- {
- if (j == 3)
- {
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // Verify that there are no extra permissions to public dirs
- result = test_have_any_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 0,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);
- }
- if (j == 7)
- {
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // Verify that there are no extra permissions to public dirs
- result = test_have_any_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 0,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);
- }
- if (j == 8)
- {
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // Verify that there are no extra permissions to other public dirs
- result = test_have_any_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 0,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);
- }
-
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Public RO dirs are granted. App id: "
- << app_ids[j] << ". Loop index: " << i);
- } // End for Verify PUBLIC_RO
-
- // Get autogenerated SETTING_RW labels
- result = smack_getlabel(app_dirs[4], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[4] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir4_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[9], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[9] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir9_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app-settings dirs and rx to apps
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl" },
- { app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl" },
- { APP_TEST_SETTINGS_ASP1, app_ids[4], "rx" },
- { APP_TEST_SETTINGS_ASP1, app_ids[9], "rx" },
- { APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx" },
- { APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to App-Setting dir are granted. Loop index: "
- << i);
-
-
-
- // Check if api-features permissions are added properly
- for (int j = 0; j < 5; ++j)
- {
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], app_ids[6], "r" },
- { app_ids[j], app_ids[7], "rxl" },
- { app_ids[j], app_ids[8], "rwxal" },
- { app_ids[j], app_ids[9], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- for (int j = 5; j < app_count; ++j)
- {
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], app_ids[1], "r" },
- { app_ids[j], app_ids[2], "rxl" },
- { app_ids[j], app_ids[3], "rwxal" },
- { app_ids[j], app_ids[4], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- // Revoke permissions
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_revoke_permissions(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. App id: "
- << app_ids[j] << " Loop index: " << i
- << ". Result: " << result);
- }
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions for setting app. Loop index: "
- << i << ". Result: " << result);
-
- // Check if permissions are removed properly
- for (int j = 0; j < app_count; ++j)
- {
- // To all other apps
- for (int k = 0; k < app_count; ++k)
- if (j != k)
- {
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k])
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions revoked. Subject: " << app_ids[j]
- << " Object: " << app_ids[k] << " Loop index: " << i);
- }
-
- // Check if permissions to shared dirs are removed properly
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- shared_dir3_auto_label.c_str())
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- shared_dir7_auto_label.c_str())
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- shared_dir8_auto_label.c_str())
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- APPID_SHARED_DIR)
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- }
-
- // Remove labels from folders and uninstall all apps
- for (int j = 0; j < app_count; ++j)
- {
- result = nftw(app_dirs[j], &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS); // rm labels from app folder
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: "
- << app_dirs[j] << " . Loop index: " << i
- << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[j] << " . Loop index: " << i
- << ". Result: " << result);
- }
-
- // Remove created dirs
- for (int j = 0; j < app_count; ++j)
- {
- result = rmdir(app_dirs[j]);
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot remove directory: " << app_dirs[j]);
- }
- } // END Install app loop