Add smack-privilege checkers to AppInstallHelperExt

[platform/core/test/security-tests.git] / src / security-manager-tests / common / app_install_helper_ext.cpp

diff --git a/src/security-manager-tests/common/app_install_helper_ext.cpp b/src/security-manager-tests/common/app_install_helper_ext.cpp
index 2f4e0ee..cec5434 100644 (file)
--- a/src/security-manager-tests/common/app_install_helper_ext.cpp
+++ b/src/security-manager-tests/common/app_install_helper_ext.cpp
@@ -140,6 +140,27 @@ void AppInstallHelperExt::checkPrivilegeGroups(const PrivilegeVector &allowedPri
     checkGids(allowed_gids);
 }
 
+void AppInstallHelperExt:: checkSmackPrivileges(const PrivilegeVector &allowedPrivs,
+                                                const PrivilegeVector &deniedPrivs) const
+{
+    auto& smackPrivilegeRules = PolicyConfiguration::getSmackPrivRulesMap();
+
+    auto getPrivilegeRules = [&](const PrivilegeVector &privs) {
+        std::vector<AccessRequest> rules;
+
+        for (auto &priv : privs) {
+            auto it = smackPrivilegeRules.find(priv);
+            RUNNER_ASSERT_MSG(it != smackPrivilegeRules.end(), priv << " is not a smack privilege");
+
+            rules.insert(rules.end(), it->second.begin(), it->second.end());
+        }
+        return rules;
+    };
+
+    checkSmackAccesses(getPrivilegeRules(allowedPrivs));
+    checkSmackAccesses(getPrivilegeRules(deniedPrivs), false);
+}
+
 void AppInstallHelperExt::checkAfterInstall() const
 {
     static const std::vector<AccessRequest> staticRules[] =