+
+/**
+ * AV Privilege test cases.
+ *
+ * Each privilege_control24* test case tests antivirus privileges for each app_type_t, except for
+ * deprecated APP_TYPE_OTHER type.
+ */
+
+int nftw_remove_dir(const char* filename, const struct stat* /*statptr*/, int /*fileflags*/,
+ struct FTW* /*pfwt*/)
+{
+ int result = -1;
+
+ struct stat filestat;
+
+ result = stat(filename, &filestat);
+ RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to get file statistics. Result: "
+ << result << ", error: " << strerror(errno) << ", file: " << filename);
+
+ if(S_ISREG(filestat.st_mode)) {
+ result = unlink(filename);
+ RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to unlink file. Result: "
+ << result << ", error: " << strerror(errno) << ", file: " << filename);
+ } else if(S_ISDIR(filestat.st_mode)) {
+ result = rmdir(filename);
+ RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to remove dir. Result: "
+ << result << ", error: " << strerror(errno) << ", file: " << filename);
+ }
+
+ return 0;
+}
+
+void InstallApp(const char* pkg_id, const char* path, app_path_type_t app_path_type,
+ const char* shared_label)
+{
+ int result = -1;
+
+ result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP);
+ RUNNER_ASSERT_MSG(result == 0, "Can't create dir for tests. Result: " << result <<
+ ", error: " << strerror(errno) << ", app_path_type: " << app_path_type);
+
+ DB_BEGIN
+
+ result = perm_app_revoke_permissions(pkg_id);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
+ << result << ", app_path_type: " << app_path_type);
+ result = perm_app_uninstall(pkg_id);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
+ << result << ", app_path_type: " << app_path_type);
+
+ result = perm_app_install(pkg_id);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
+ << result << ", app_path_type: " << app_path_type);
+ result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
+ << result << ", app_path_type: " << app_path_type);
+
+ DB_END
+}
+
+void InstallAV(const char* av_id, app_type_t av_type)
+{
+ int result = -1;
+
+ DB_BEGIN
+
+ result = perm_app_revoke_permissions(av_id);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
+ << result << ", av_type: " << av_type);
+ result = perm_app_uninstall(av_id);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
+ << result << ", av_type: " << av_type);
+
+ result = perm_app_install(av_id);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
+ << result << ", av_type: " << av_type);
+ result = perm_app_enable_permissions(av_id, av_type, PRIVS_AV, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "enable_permissions failed. Result: "
+ << result << ", av_type: " << av_type);
+
+ DB_END
+}
+
+void CheckAVPrivilege(app_type_t av_type, app_path_type_t app_path_type)
+{
+ int result = -1;
+
+ //clean before test
+ result = nftw(APP_TEST_APP_1_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
+ ", error " << strerror(errno));
+
+ result = nftw(APP_TEST_APP_2_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
+ ", error " << strerror(errno));
+
+ result = nftw(APP_TEST_APP_3_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
+ ", error " << strerror(errno));
+
+ InstallApp(APP_TEST_APP_1, APP_TEST_APP_1_DIR, app_path_type, APP_TEST_APP_1_SHARED_LABEL);
+ InstallAV(APP_TEST_AV_1, av_type);
+ InstallApp(APP_TEST_APP_2, APP_TEST_APP_2_DIR, app_path_type, APP_TEST_APP_2_SHARED_LABEL);
+ InstallAV(APP_TEST_AV_2, av_type);
+ InstallApp(APP_TEST_APP_3, APP_TEST_APP_3_DIR, app_path_type, APP_TEST_APP_3_SHARED_LABEL);
+
+ //test - get ACCESS label and check AV privilege
+
+ char* tmp;
+
+ //get labels
+ result = smack_lgetlabel(APP_TEST_APP_1_DIR, &tmp, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
+ << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+ std::string label1(tmp);
+ free(tmp);
+
+ result = smack_lgetlabel(APP_TEST_APP_2_DIR, &tmp, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
+ << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+ std::string label2(tmp);
+ free(tmp);
+
+ result = smack_lgetlabel(APP_TEST_APP_3_DIR, &tmp, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
+ << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+ std::string label3(tmp);
+ free(tmp);
+
+ if(app_path_type == APP_PATH_GROUP_RW)
+ {
+ result = label1.compare(APP_TEST_APP_1_SHARED_LABEL);
+ RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
+ ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+
+ result = label2.compare(APP_TEST_APP_2_SHARED_LABEL);
+ RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
+ ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+
+ result = label3.compare(APP_TEST_APP_3_SHARED_LABEL);
+ RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
+ ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+ }
+
+ std::stringstream ss;
+
+ //check AV accesses
+ if(smack_check())
+ {
+ ss << "APP_TEST_APP_1, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
+ ss.str(std::string());
+
+ ss << "APP_TEST_APP_2, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
+ ss.str(std::string());
+
+ ss << "APP_TEST_APP_3, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
+
+ ss << "APP_TEST_APP_1, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
+ ss.str(std::string());
+
+ ss << "APP_TEST_APP_2, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
+ ss.str(std::string());
+
+ ss << "APP_TEST_APP_3, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
+ }
+ else
+ {
+ ss << "APP_TEST_APP_1, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
+
+ ss.str(std::string());
+ ss << "APP_TEST_APP_2, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
+
+ ss.str(std::string());
+ ss << "APP_TEST_APP_3, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
+
+ ss << "APP_TEST_APP_1, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
+
+ ss.str(std::string());
+ ss << "APP_TEST_APP_2, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
+
+ ss.str(std::string());
+ ss << "APP_TEST_APP_3, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
+ }
+
+ DB_BEGIN
+
+ //Clean up
+ perm_app_revoke_permissions(APP_TEST_AV_1);
+ perm_app_revoke_permissions(APP_TEST_AV_2);
+ perm_app_uninstall(APP_TEST_AV_1);
+ perm_app_uninstall(APP_TEST_AV_2);
+ perm_app_uninstall(APP_TEST_APP_1);
+ perm_app_uninstall(APP_TEST_APP_2);
+ perm_app_uninstall(APP_TEST_APP_3);
+
+ DB_END
+}
+
+RUNNER_TEST(privilege_control24a_av_privilege_group_rw)
+{
+ CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_GROUP_RW);
+ CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_GROUP_RW);
+ CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_GROUP_RW);
+}
+
+RUNNER_TEST(privilege_control24b_av_privilege_settings_rw)
+{
+ CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_SETTINGS_RW);
+ CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_SETTINGS_RW);
+ CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_SETTINGS_RW);
+}
+
+RUNNER_TEST(privilege_control24c_av_privilege_public_ro)
+{
+ CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_PUBLIC_RO);
+ CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_PUBLIC_RO);
+ CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_PUBLIC_RO);
+}
+
+RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
+ int POSITIVE_ERROR_CODE = 1;
+ int NONEXISTING_ERROR_CODE = -239042;
+ const char *result;
+
+ for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
+ RUNNER_ASSERT_MSG(strcmp(perm_strerror(*itr), "Unknown error") != 0,
+ "Returned invalid error code description.");
+ }
+
+ result = perm_strerror(POSITIVE_ERROR_CODE);
+ RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
+ "Bad message returned for invalid error code: \"" << result << "\"");
+
+ result = perm_strerror(NONEXISTING_ERROR_CODE);
+ RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
+ "Bad message returned for invalid error code: \"" << result << "\"");
+}