/*
- * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <message_pipe.h>
#include <policy_configuration.h>
#include <scoped_installer.h>
-#include <scoped_label.h>
#include <service_manager.h>
#include <sm_api.h>
#include <sm_commons.h>
#include <tests_common.h>
#include <tzplatform.h>
#include <uds.h>
+#include <scoped_process_label.h>
using namespace SecurityManagerTest;
check_path(privateDir, generatePathRWLabel(pkgId));
check_path(privateRODir, generatePathROLabel(pkgId), false);
check_path(publicRODir, getPublicPathLabel());
- check_path(sharedRODir, generatePathSharedROLabel(pkgId));
+ check_path(sharedRODir, getSharedROPathLabel());
}
RUNNER_TEST(security_manager_02_app_install_uninstall_full)
{
- PolicyConfiguration policy;
- PolicyConfiguration::PrivGroupMap privGroupMap = policy.getPrivGroupMap();
-
- RUNNER_ASSERT_MSG(privGroupMap.size() >= 4, "Failed to get policy of a suitable size");
-
- privileges_t allowedPrivs;
- privileges_t someDeniedPrivs;
+ privileges_t defaultPrivs = {
+ "http://tizen.org/privilege/internal/device/audio",
+ "http://tizen.org/privilege/internal/device/display",
+ "http://tizen.org/privilege/internal/device/video"
+ };
+ privileges_t allowedPrivs = {
+ "http://tizen.org/privilege/camera",
+ "http://tizen.org/privilege/mediastorage"
+ };
+ privileges_t someDeniedPrivs = {
+ "http://tizen.org/privilege/internet",
+ "http://tizen.org/privilege/externalstorage"
+ };
- int counter = 0;
- for (auto const &it: privGroupMap) {
- if (counter < 2)
- allowedPrivs.push_back(it.first);
- else if (counter < 4)
- someDeniedPrivs.push_back(it.first);
- else
- break;
- ++counter;
- }
+ privileges_t defaultAllowedPrivs = defaultPrivs;
+ defaultAllowedPrivs.insert(defaultAllowedPrivs.end(), allowedPrivs.begin(), allowedPrivs.end());
AppInstallHelper app("sm_test_02");
app.createPrivateDir();
ScopedInstaller appInstall(app);
check_app_after_install(app.getAppId(), app.getPkgId(),
- app.getPrivilegesNames(), someDeniedPrivs);
+ defaultAllowedPrivs, someDeniedPrivs);
check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
check_path(app.getPublicDir(), getPublicPathLabel());
- check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
+ check_path(app.getSharedRODir(), getSharedROPathLabel());
}
check_app_after_uninstall(app.getAppId(), app.getPkgId(), app.getPrivilegesNames());
}
};
- std::vector<TemporaryTestUser> users = {
- {"sm_test_09_user_name_0", GUM_USERTYPE_NORMAL, false},
- {"sm_test_09_user_name_1", GUM_USERTYPE_NORMAL, false}
+ std::array<TemporaryTestUser, 2> users{
+ TemporaryTestUser{"sm_test_09_user_name_0", GUM_USERTYPE_NORMAL, false},
+ TemporaryTestUser{"sm_test_09_user_name_1", GUM_USERTYPE_NORMAL, false}
};
for(auto& gu : users)
install(users[0], pkgId[0], appId[0], version[0], author[1], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
}
+RUNNER_TEST(security_manager_09a_install_many_apps_in_single_request)
+{
+ const std::string pkgId = "sm_test_09a_pkg_id_0";
+ const std::vector<std::string> appIds = {"sm_test_09a_app_id_0", "sm_test_09a_app_id_1", "sm_test_09a_app_id_2"};
+
+ {
+ ScopedInstaller appsInstall(appIds, pkgId);
+ // Installing many applications in single request
+ for (const auto &appId : appIds) {
+ check_app_after_install(appId, pkgId);
+ }
+ }
+
+ for (const auto &appId : appIds) {
+ check_app_after_uninstall(appId, pkgId);
+ }
+}
+
+RUNNER_TEST(security_manager_09b_install_many_apps_in_single_request_duplicated_ids)
+{
+ const std::string pkgId = "sm_test_09b_pkg_id_0";
+ const std::string appId = "sm_test_09b_app_id_0";
+
+ {
+ ScopedInstaller appsInstall({appId, appId}, pkgId);
+ check_app_after_install(appId, pkgId);
+ }
+
+ check_app_after_uninstall(appId, pkgId);
+}
+
+RUNNER_TEST(security_manager_09c_update_many_apps_in_single_request_hybrid_package)
+{
+ const std::vector<std::string> appIds = {"sm_test_09c_app_id_0", "sm_test_09c_app_id_1", "sm_test_09c_app_id_2"};
+ const std::string pkgId = "sm_test_09c_pkg_id_0";
+
+ {
+ ScopedInstaller appsInstall(appIds, pkgId);
+ // Package is not hybrid, every app has same policy.
+ for (const auto &appId : appIds) {
+ check_app_after_install(appId, pkgId);
+ }
+
+ // Updating package -- changing set of apps in package and setting hybrid mode
+ InstallRequest updateRequest;
+ updateRequest.setPkgId(pkgId);
+ updateRequest.setAppId(appIds[0]);
+ updateRequest.nextApp();
+ updateRequest.setAppId(appIds[1]);
+ updateRequest.setHybrid();
+
+ Api::update(updateRequest);
+ // Package became hybrid, so every app has its own Smack label
+ check_app_after_install(appIds[0], pkgId, true);
+ check_app_after_install(appIds[1], pkgId, true);
+ // Package became hybrid properly,
+ // so app not included in updated version of package was uninstalled.
+ check_app_after_uninstall(appIds[2], pkgId);
+ }
+
+ for (const auto &appId : appIds) {
+ check_app_after_uninstall(appId, pkgId, true, true);
+ }
+}
+
+RUNNER_TEST(security_manager_09d_uninstall_app_from_hybrid_package)
+{
+ const std::vector<std::string> appIds = {"sm_test_09d_app_id_0", "sm_test_09d_app_id_1", "sm_test_09d_app_id_2"};
+ const std::string pkgId = "sm_test_09d_pkg_id_0";
+ {
+ ScopedInstaller appsInstall(appIds, pkgId);
+
+ InstallRequest updateRequest;
+ updateRequest.setPkgId(pkgId);
+ for (unsigned int i = 0; i < appIds.size(); i++) {
+ if (i > 0) {
+ updateRequest.nextApp();
+ }
+ updateRequest.setAppId(appIds[i]);
+ }
+ updateRequest.setHybrid();
+ Api::update(updateRequest);
+
+ InstallRequest uninstRequest;
+ uninstRequest.setPkgId(pkgId);
+ uninstRequest.setAppId(appIds[0]);
+ Api::uninstall(uninstRequest);
+
+ check_app_after_uninstall(appIds[0], pkgId, true);
+ }
+}
+
RUNNER_CHILD_TEST(security_manager_10_app_has_privilege)
{
const std::vector<std::string> allowedPrivs = {
PolicyRequest addPolicyReq;
for (auto &deniedPriv : deniedPrivsAfterChange) {
PolicyEntry entry(SECURITY_MANAGER_ANY, normalUser.getUidString(), deniedPriv);
- entry.setMaxLevel("Deny");
+ entry.setMaxLevel(PolicyEntry::LEVEL_DENY);
addPolicyReq.addEntry(entry);
}
Api::sendPolicy(addPolicyReq);
*/
RUNNER_CHILD_TEST(security_manager_25e_unprivileged_install_type_global)
{
+ RUNNER_IGNORED_MSG("This test is turned off because multiuser feature is not supported by platform correctly");
+
TemporaryTestUser testUser("sm_test_25e_user_name", GUM_USERTYPE_NORMAL);
testUser.create();
AppInstallHelper app("sm_test_25e");
- change_label("_");
+ ScopedProcessLabel spl("_", false);
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
"drop_root_privileges failed");
RUNNER_CHILD_TEST(security_manager_25f_unprivileged_install_type_preloaded)
{
+ RUNNER_IGNORED_MSG("This test is turned off because multiuser feature is not supported by platform correctly");
+
TemporaryTestUser testUser("sm_test_25f_user_name", GUM_USERTYPE_NORMAL);
testUser.create();
AppInstallHelper app("sm_test_25f");
- change_label("_");
+ ScopedProcessLabel spl("_", false);
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
"drop_root_privileges failed");
InstallRequest invalidReq;
Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
}
-
RUNNER_CHILD_TEST(security_manager_25g_local_user_set_install_type_local)
{
std::vector<std::string> allowedPrivs = {
projects / platform / core / test / security-tests.git / blobdiff