/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <tzplatform.h>
#include <app_install_helper.h>
#include <scoped_installer.h>
+#include <privilege_names.h>
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
using namespace SecurityManagerTest;
+using namespace PrivilegeNames;
RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
{
- const std::string privilege = "http://tizen.org/applicationDefinedPrivilege/app_defined_01";
- const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED;
- const std::string providerAppId = "app_def_01_provider_appid";
- const std::string consumerAppId = "app_def_01_client_appid";
+ const Privilege privilege(
+ "http://tizen.org/untrusted/devstudio/statistic",
+ Privilege::UNTRUSTED);
+ const std::string providerAppId = "app_def_01_provider";
+ const std::string clientAppId = "app_def_01_client";
const std::string ownerId = "5001";
const std::string session = "S0M3S3SSI0N";
AppInstallHelper provider(providerAppId);
- AppInstallHelper consumer(consumerAppId);
+ AppInstallHelper client(clientAppId);
- std::string consumerLabel = consumer.generateAppLabel();
+ std::string clientLabel = client.generateAppLabel();
- provider.addAppDefinedPrivilege(std::make_tuple(privilege, type, ""));
- consumer.addClientPrivilege(std::make_pair(privilege, ""));
+ provider.addAppDefinedPrivilege(privilege);
+ client.addPrivilege(privilege);
ScopedInstaller req1(provider);
- ScopedInstaller req2(consumer);
+ ScopedInstaller req2(client);
CynaraTestClient::Client cynara;
- cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
// uninstall provider
req1.uninstallApp();
- cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
}
RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
{
- const std::string privilege = "http://tizen.org/licensedPrivilege/app_defined_02";
- const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED;
- const std::string license = "/opt/data/app_defined_02/res/license";
- const std::string providerAppId = "app_def_02_provider_appid";
- const std::string consumerAppId = "app_def_02_client_appid";
+ const Privilege providerPrivilegeLicense(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
+ const Privilege clientPrivilegeLicense(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
+ const std::string providerAppId = "app_def_provider_01";
+ const std::string clientAppId = "app_def_client_01";
const std::string ownerId = "5001";
const std::string session = "S0M33S3SSI0N";
AppInstallHelper provider(providerAppId);
- AppInstallHelper consumer(consumerAppId);
+ AppInstallHelper client(clientAppId);
- std::string consumerLabel = consumer.generateAppLabel();
+ std::string clientLabel = client.generateAppLabel();
- provider.addAppDefinedPrivilege(std::make_tuple(privilege, type, license));
- consumer.addClientPrivilege(std::make_pair(privilege, license));
+ provider.addAppDefinedPrivilege(providerPrivilegeLicense);
+ client.addPrivilege(clientPrivilegeLicense);
ScopedInstaller req1(provider);
- ScopedInstaller req2(consumer);
+ ScopedInstaller req2(client);
CynaraTestClient::Client cynara;
- cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_ALLOWED);
// uninstall provider
req1.uninstallApp();
- cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
}
RUNNER_CHILD_TEST(app_defined_03_database_update)
{
- // Because of a bug in implementation during installation of
- // providerB privileges of providerA were deleted from cynara
- // database. This test should check if bug was fixed.
- const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_03a";
- const std::string privilegeB = "http://tizen.org/licensedPrivilege/app_defined_03b";
- const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED;
- const std::string licenseA = "/opt/data/app_defined_03a/res/license";
- const std::string licenseB = "/opt/data/app_defined_03b/res/license";
- const std::string providerAppIdA = "app_def_03a_provider_appid";
- const std::string providerAppIdB = "app_def_03b_provider_appid";
- const std::string consumerAppId = "app_def_03_client_appid";
+ const Privilege privilegeA(
+ "http://tizen.org/untrusted/devstudio/statistic", Privilege::UNTRUSTED);
+ const Privilege privilegeB(
+ "http://tizen.org/untrusted/gamestudio/football", Privilege::UNTRUSTED);
+
+ const std::string providerAppIdA = "app_def_provider_01";
+ const std::string providerAppIdB = "app_def_provider_02";
+ const std::string clientAppId = "app_def_client_01";
const std::string ownerId = "5001";
const std::string session = "S0M33S3SSI0N";
AppInstallHelper providerA(providerAppIdA);
AppInstallHelper providerB(providerAppIdB);
- AppInstallHelper consumer(consumerAppId);
+ AppInstallHelper client(clientAppId);
+ client.setHybrid();
+ std::string clientLabel = client.generateAppLabel();
- std::string consumerLabel = consumer.generateAppLabel();
-
- providerA.addAppDefinedPrivilege(std::make_tuple(privilegeA, type, licenseA));
- providerB.addAppDefinedPrivilege(std::make_tuple(privilegeB, type, licenseB));
- consumer.addClientPrivilege(std::make_pair(privilegeA, licenseA));
- consumer.addClientPrivilege(std::make_pair(privilegeB, licenseB));
+ providerA.addAppDefinedPrivilege(privilegeA);
+ providerB.addAppDefinedPrivilege(privilegeB);
+ client.addPrivilege(privilegeA);
+ client.addPrivilege(privilegeB);
ScopedInstaller req1(providerA);
ScopedInstaller req2(providerB);
- ScopedInstaller req3(consumer);
+ ScopedInstaller req3(client);
CynaraTestClient::Client cynara;
- cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
// uninstall providerA
req1.uninstallApp();
- cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
// uninstall providerB
req2.uninstallApp();
- cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
}
RUNNER_CHILD_TEST(app_defined_04_app_update)
{
- const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_04a";
- const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_04b";
- const std::string privilegeC = "http://tizen.org/licensedPrivilege/app_defined_04c";
- const std::string licenseA = "/opt/data/app_defined_04a/res/license";
- const std::string licenseC = "/opt/data/app_defined_04c/res/license";
- const std::string providerAppId = "app_def_04_provider_appid";
- const std::string consumerAppId = "app_def_04_client_appid";
+ const Privilege providerPrivilegeLicenseA(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
+ const Privilege clientPrivilegeLicenseA(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
+ const Privilege privilegeB(
+ "http://tizen.org/untrusted/devstudio/statistic",
+ Privilege::UNTRUSTED);
+ const Privilege providerPrivilegeLicenseC(
+ "http://tizen.org/licensed/xyzsoftware/camera",
+ "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
+ const Privilege clientPrivilegeLicenseC(
+ "http://tizen.org/licensed/xyzsoftware/camera",
+ "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
+
+ const std::string providerAppId = "app_def_provider_01";
+ const std::string clientAppId = "app_def_client_01";
const std::string ownerId = "5001";
const std::string session = "S0M33S3SSI0N";
AppInstallHelper providerV1(providerAppId);
AppInstallHelper providerV2(providerAppId);
- AppInstallHelper consumer(consumerAppId);
+ AppInstallHelper client(clientAppId);
- std::string consumerLabel = consumer.generateAppLabel();
+ std::string clientLabel = client.generateAppLabel();
- providerV1.addAppDefinedPrivilege(std::make_tuple(privilegeA,
- SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED,
- licenseA));
- providerV1.addAppDefinedPrivilege(std::make_tuple(privilegeB,
- SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED,
- ""));
- consumer.addClientPrivilege(std::make_pair(privilegeA, licenseA));
- consumer.addClientPrivilege(std::make_pair(privilegeB, ""));
- consumer.addClientPrivilege(std::make_pair(privilegeC, licenseC));
+ providerV1.addAppDefinedPrivilege(providerPrivilegeLicenseA);
+ providerV1.addAppDefinedPrivilege(privilegeB);
+ client.addPrivilege(clientPrivilegeLicenseA);
+ client.addPrivilege(privilegeB);
+ client.addPrivilege(clientPrivilegeLicenseC);
ScopedInstaller req1(providerV1);
- ScopedInstaller req2(consumer);
+ ScopedInstaller req2(client);
CynaraTestClient::Client cynara;
- cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_DENIED);
// update provider version, remove privilegeA, add privilegeC
- providerV2.addAppDefinedPrivilege(std::make_tuple(privilegeB,
- SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED,
- ""));
- providerV2.addAppDefinedPrivilege(std::make_tuple(privilegeC,
- SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED,
- licenseC));
+ providerV2.addAppDefinedPrivilege(privilegeB);
+ providerV2.addAppDefinedPrivilege(providerPrivilegeLicenseC);
+
ScopedInstaller req3(providerV2);
- cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_ALLOWED);
}
RUNNER_CHILD_TEST(app_defined_05_global_local_install)
{
- const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_05a";
- const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_05b";
- const std::string privilegeC = "http://tizen.org/applicationDefinedPrivilege/app_defined_05c";
- const std::string licenseB = "/opt/data/app_defined_05b/res/license";
- const std::string providerAppId = "app_def_05_provider_appid";
- const std::string consumerAppId = "app_def_05_client_appid";
+ const Privilege privilegeA(
+ "http://tizen.org/untrusted/devstudio/statistic",
+ Privilege::UNTRUSTED);
+ const Privilege providerLocalPrivilegeLicenseB(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
+ const Privilege clientGlobalPrivilegeLicenseB(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
+ const Privilege clientLocalPrivilegeLicenseB(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
+ const Privilege privilegeC(
+ "http://tizen.org/untrusted/gamestudio/football",
+ Privilege::UNTRUSTED);
+
+ const std::string providerAppId = "app_def_provider_01";
+ const std::string clientAppId = "app_def_client_01";
const std::string ownerId = "5001";
const std::string bobId = "5002";
const std::string session = "S0M33S3SSI0N";
AppInstallHelper providerGlobal(providerAppId);
AppInstallHelper providerLocal(providerAppId, 5002);
- AppInstallHelper consumerGlobal(consumerAppId);
- AppInstallHelper consumerLocal(consumerAppId, 5002);
-
- std::string consumerGlobalLabel = consumerGlobal.generateAppLabel();
- std::string consumerLocalLabel = consumerLocal.generateAppLabel();
+ AppInstallHelper clientGlobal(clientAppId);
+ AppInstallHelper clientLocal(clientAppId, 5002);
- providerGlobal.addAppDefinedPrivilege(std::make_tuple(privilegeA,
- SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED,
- ""));
- providerGlobal.addAppDefinedPrivilege(std::make_tuple(privilegeC,
- SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED,
- ""));
+ std::string clientGlobalLabel = clientGlobal.generateAppLabel();
+ std::string clientLocalLabel = clientLocal.generateAppLabel();
- providerLocal.addAppDefinedPrivilege(std::make_tuple(privilegeA,
- SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED,
- ""));
- providerLocal.addAppDefinedPrivilege(std::make_tuple(privilegeB,
- SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED,
- licenseB));
+ providerGlobal.addAppDefinedPrivilege(privilegeA);
+ providerGlobal.addAppDefinedPrivilege(privilegeC);
+ providerLocal.addAppDefinedPrivilege(privilegeA);
+ providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseB);
- consumerGlobal.addClientPrivilege(std::make_pair(privilegeA, ""));
- consumerGlobal.addClientPrivilege(std::make_pair(privilegeB, licenseB));
- consumerGlobal.addClientPrivilege(std::make_pair(privilegeC, ""));
-
- consumerLocal.addClientPrivilege(std::make_pair(privilegeB, licenseB));
- consumerLocal.addClientPrivilege(std::make_pair(privilegeC, ""));
+ clientGlobal.addPrivilege(privilegeA);
+ clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
+ clientGlobal.addPrivilege(privilegeC);
+ clientLocal.addPrivilege(clientLocalPrivilegeLicenseB);
+ clientLocal.addPrivilege(privilegeC);
CynaraTestClient::Client cynara;
// local provider only and global consumer only
ScopedInstaller req1(providerLocal);
- ScopedInstaller req2(consumerGlobal);
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerGlobalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
+ ScopedInstaller req2(clientGlobal);
+ cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientGlobalLabel, session, bobId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
// local provider only and global/local consumer
- ScopedInstaller req3(consumerLocal);
- cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
+ ScopedInstaller req3(clientLocal);
+ cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
// global/local provider and global/local consumer
ScopedInstaller req4(providerGlobal);
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
- //cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
+ //cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
// global provider only and global/local consumer
req1.uninstallApp();
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
// global provider only and global consumer only
req3.uninstallApp();
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
- cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
+ cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
}
RUNNER_CHILD_TEST(app_defined_06_get_provider)
int result;
char *pkgId = nullptr;
char *appId = nullptr;
- const std::string privilegeA = "http://tizen.org/applicationDefinedPrivilege/app_defined_06a";
- const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_06b";
- const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED;
- const std::string providerId = "app_def_06_provider";
+ const Privilege privilegeA(
+ "http://tizen.org/untrusted/devstudio/statistic",
+ Privilege::UNTRUSTED);
+ const Privilege privilegeB(
+ "http://tizen.org/untrusted/gamestudio/running",
+ Privilege::UNTRUSTED);
+ const std::string providerAppId = "app_def_06_provider";
uid_t uid = 5001;
- AppInstallHelper providerGlobal(providerId);
- AppInstallHelper providerLocal(providerId, uid);
- providerGlobal.addAppDefinedPrivilege(std::make_tuple(privilegeB, type, ""));
- providerLocal.addAppDefinedPrivilege(std::make_tuple(privilegeA, type, ""));
+ AppInstallHelper providerGlobal(providerAppId);
+ AppInstallHelper providerLocal(providerAppId, uid);
+ providerGlobal.addAppDefinedPrivilege(privilegeB);
+ providerLocal.addAppDefinedPrivilege(privilegeA);
ScopedInstaller req1(providerGlobal);
ScopedInstaller req2(providerLocal);
RUNNER_ASSERT(appId == nullptr);
RUNNER_ASSERT(pkgId == nullptr);
- result = security_manager_get_app_defined_privilege_provider(privilegeA.c_str(),
+ result = security_manager_get_app_defined_privilege_provider(privilegeA,
uid+1, &pkgId, &appId);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
RUNNER_ASSERT(appId == nullptr);
RUNNER_ASSERT(pkgId == nullptr);
- result = security_manager_get_app_defined_privilege_provider(privilegeA.c_str(),
+ result = security_manager_get_app_defined_privilege_provider(privilegeA,
uid, nullptr, nullptr);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
- result = security_manager_get_app_defined_privilege_provider(privilegeA.c_str(),
+ result = security_manager_get_app_defined_privilege_provider(privilegeA,
uid, &pkgId, nullptr);
RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
free(pkgId);
pkgId = nullptr;
- result = security_manager_get_app_defined_privilege_provider(privilegeA.c_str(),
+ result = security_manager_get_app_defined_privilege_provider(privilegeA,
uid, nullptr, &appId);
RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
free(appId);
appId = nullptr;
- result = security_manager_get_app_defined_privilege_provider(privilegeA.c_str(),
+ result = security_manager_get_app_defined_privilege_provider(privilegeA,
uid, &pkgId, &appId);
RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
appId = nullptr;
pkgId = nullptr;
- result = security_manager_get_app_defined_privilege_provider(privilegeB.c_str(),
+ result = security_manager_get_app_defined_privilege_provider(privilegeB,
uid, &pkgId, &appId);
- RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
- RUNNER_ASSERT(appId && std::string(appId) == providerGlobal.getAppId());
- RUNNER_ASSERT(pkgId && std::string(pkgId) == providerGlobal.getPkgId());
- free(appId);
- free(pkgId);
- appId = nullptr;
- pkgId = nullptr;
+ RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT,
+ "Local installation of application should 'hide' this privilege. Provider should not be found.");
+ RUNNER_ASSERT(appId == nullptr);
+ RUNNER_ASSERT(pkgId == nullptr);
}
RUNNER_CHILD_TEST(app_defined_07_get_provider_license)
{
int result;
char *license = nullptr;
- const std::string privilegeA = "http://tizen.org/applicationDefinedPrivilege/app_defined_07a";
- const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_07b";
- const std::string privilegeC = "http://tizen.org/applicationDefinedPrivilege/app_defined_07c";
- const std::string licenseA = "/opt/data/app_defined_07a/res/license";
- const std::string licenseB = "/opt/data/app_defined_07b/res/license";
- const std::string licenseC = "/opt/data/app_defined_07c/res/license";
- const app_defined_privilege_type licensed = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED;
- const app_defined_privilege_type untrusted = SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED;
- const std::string providerId = "app_def_07_provider";
- uid_t uid = 5001;
+ const Privilege providerLocalPrivilegeLicenseA(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
+ const Privilege providerGlobalPrivilegeLicenseB(
+ "http://tizen.org/licensed/xyzsoftware/camera",
+ "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
+ const Privilege privilegeBuntrusted(
+ providerGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
+
+ const std::string providerAppId = "app_def_provider_01";
+ uid_t uid = 5002;
+
+ AppInstallHelper providerGlobal(providerAppId);
+ AppInstallHelper providerLocal(providerAppId, uid);
+ providerGlobal.addAppDefinedPrivilege(providerGlobalPrivilegeLicenseB);
+ providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseA);
+ providerLocal.addAppDefinedPrivilege(privilegeBuntrusted);
- AppInstallHelper providerGlobal(providerId);
- AppInstallHelper providerLocal(providerId, uid);
- providerGlobal.addAppDefinedPrivilege(std::make_tuple(privilegeB, licensed, licenseB));
- providerGlobal.addAppDefinedPrivilege(std::make_tuple(privilegeC, licensed, licenseC));
- providerLocal.addAppDefinedPrivilege(std::make_tuple(privilegeA, licensed, licenseA));
- providerLocal.addAppDefinedPrivilege(std::make_tuple(privilegeC, untrusted, ""));
ScopedInstaller req1(providerGlobal);
ScopedInstaller req2(providerLocal);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
RUNNER_ASSERT(license == nullptr);
- result = security_manager_get_app_defined_privilege_license(privilegeA.c_str(), uid, nullptr);
+ result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, nullptr);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
result = security_manager_get_app_defined_privilege_license("noExistingPrivilege", uid, &license);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
RUNNER_ASSERT(license == nullptr);
- result = security_manager_get_app_defined_privilege_license(privilegeC.c_str(), uid, &license);
+ result = security_manager_get_app_defined_privilege_license(privilegeBuntrusted, uid, &license);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
RUNNER_ASSERT(license == nullptr);
- result = security_manager_get_app_defined_privilege_license(privilegeA.c_str(), uid+1, &license);
+ result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid+1, &license);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
RUNNER_ASSERT(license == nullptr);
- result = security_manager_get_app_defined_privilege_license(privilegeB.c_str(), uid, &license);
- RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
- RUNNER_ASSERT(license && std::string(license) == licenseB);
- free(license);
- license = nullptr;
-
- result = security_manager_get_app_defined_privilege_license(privilegeA.c_str(), uid, &license);
+ result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, &license);
RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
- RUNNER_ASSERT(license && std::string(license) == licenseA);
+ RUNNER_ASSERT(license && providerLocalPrivilegeLicenseA.getLicense() == license);
free(license);
license = nullptr;
req2.uninstallApp();
- result = security_manager_get_app_defined_privilege_license(privilegeC.c_str(), uid, &license);
+ result = security_manager_get_app_defined_privilege_license(providerGlobalPrivilegeLicenseB, uid, &license);
RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
- RUNNER_ASSERT(license && std::string(license) == licenseC);
+ RUNNER_ASSERT(license && providerGlobalPrivilegeLicenseB.getLicense() == license);
free(license);
license = nullptr;
}
-RUNNER_CHILD_TEST(app_defined_08_add_get_client_license)
+RUNNER_CHILD_TEST(app_defined_08_add_get_license_with_untrusted_priv)
{
int result;
char *license = nullptr;
- const std::string privilegeA = "http://tizen.org/applicationDefinedPrivilege/app_defined_08a";
- const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_08b";
- const std::string privilegeC = "http://tizen.org/applicationDefinedPrivilege/app_defined_08c";
- const std::string licenseA = "/opt/data/app_defined_08a/res/license";
- const std::string licenseB = "/opt/data/app_defined_08b/res/license";
- const std::string licenseC = "/opt/data/app_defined_08c/res/license";
- const std::string clientId = "app_def_08_client";
- uid_t uid = 5001;
+ char *appId = nullptr;
+ char *pkgId = nullptr;
+
+ const Privilege privilegeUntrusted(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ Privilege::UNTRUSTED);
+
+ const std::string providerAppId = "app_def_provider_07";
+ const std::string clientAppId = "app_def_client_07";
+ uid_t uid = 5002;
+
+ AppInstallHelper providerGlobal(providerAppId);
+ providerGlobal.addAppDefinedPrivilege(privilegeUntrusted);
+
+ AppInstallHelper clientLocal(clientAppId, uid);
+ clientLocal.addPrivilege(privilegeUntrusted);
+
+ ScopedInstaller req1(providerGlobal);
+ ScopedInstaller req2(clientLocal);
+
+ result = security_manager_get_client_privilege_license(privilegeUntrusted,
+ clientLocal.getPkgId().c_str(),
+ clientLocal.getAppId().c_str(),
+ uid, &license);
+ RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
+ RUNNER_ASSERT(license == nullptr);
+
+ result = security_manager_get_app_defined_privilege_license(privilegeUntrusted, uid, &license);
+ RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT, "getting privilege provider license failed");
+ RUNNER_ASSERT(license == nullptr);
- AppInstallHelper clientGlobal(clientId);
- AppInstallHelper clientLocal(clientId, uid);
- clientGlobal.addClientPrivilege(std::make_pair(privilegeB, licenseB));
- clientGlobal.addClientPrivilege(std::make_pair(privilegeC, licenseC));
- clientLocal.addClientPrivilege(std::make_pair(privilegeA, licenseA));
- clientLocal.addClientPrivilege(std::make_pair(privilegeC, ""));
+ result = security_manager_get_app_defined_privilege_provider(privilegeUntrusted,
+ uid, &pkgId, &appId);
+ RUNNER_ASSERT(result == SECURITY_MANAGER_SUCCESS);
+ RUNNER_ASSERT(appId != nullptr && providerGlobal.getAppId() == appId);
+ RUNNER_ASSERT(pkgId != nullptr && providerGlobal.getPkgId() == pkgId);
+ free(appId);
+ free(pkgId);
+}
+
+RUNNER_CHILD_TEST(app_defined_09_add_get_client_license)
+{
+ int result;
+ char *license = nullptr;
+ const Privilege clientLocalPrivilegeLicenseA(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
+ const Privilege clientGlobalPrivilegeLicenseB(
+ "http://tizen.org/licensed/xyzsoftware/camera",
+ "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
+ const Privilege privilegeBuntrusted(
+ clientGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
+
+ const std::string clientAppId = "app_def_client_01";
+ uid_t uid = 5002;
+
+ AppInstallHelper clientGlobal(clientAppId);
+ AppInstallHelper clientLocal(clientAppId, uid);
+ clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
+ clientLocal.addPrivilege(clientLocalPrivilegeLicenseA);
+ clientLocal.addPrivilege(privilegeBuntrusted);
ScopedInstaller req1(clientGlobal);
ScopedInstaller req2(clientLocal);
result = security_manager_get_client_privilege_license(nullptr,
+ clientLocal.getPkgId().c_str(),
clientLocal.getAppId().c_str(),
uid, &license);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
RUNNER_ASSERT(license == nullptr);
- result = security_manager_get_client_privilege_license(privilegeA.c_str(), nullptr,
+ result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, nullptr, nullptr,
uid, &license);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
RUNNER_ASSERT(license == nullptr);
- result = security_manager_get_client_privilege_license(privilegeA.c_str(),
+ result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
+ clientLocal.getPkgId().c_str(),
clientLocal.getAppId().c_str(),
uid, nullptr);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
result = security_manager_get_client_privilege_license("noExistingPrivilege",
+ clientLocal.getPkgId().c_str(),
clientLocal.getAppId().c_str(),
uid, &license);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
RUNNER_ASSERT(license == nullptr);
- result = security_manager_get_client_privilege_license(privilegeA.c_str(), "noExistingApp",
+ result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, "noExistingPkg", "noExistingApp",
uid, &license);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
RUNNER_ASSERT(license == nullptr);
- result = security_manager_get_client_privilege_license(privilegeC.c_str(),
+ result = security_manager_get_client_privilege_license(privilegeBuntrusted,
+ clientLocal.getPkgId().c_str(),
clientLocal.getAppId().c_str(),
uid, &license);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
RUNNER_ASSERT(license == nullptr);
- result = security_manager_get_client_privilege_license(privilegeA.c_str(),
+ result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
+ clientLocal.getPkgId().c_str(),
clientLocal.getAppId().c_str(),
uid+1, &license);
RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
RUNNER_ASSERT(license == nullptr);
- result = security_manager_get_client_privilege_license(privilegeA.c_str(),
+ result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
+ clientLocal.getPkgId().c_str(),
clientLocal.getAppId().c_str(),
uid, &license);
RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
- RUNNER_ASSERT(license && std::string(license) == licenseA);
+ RUNNER_ASSERT(license && clientLocalPrivilegeLicenseA.getLicense() == license);
free(license);
license = nullptr;
req2.uninstallApp();
- result = security_manager_get_client_privilege_license(privilegeB.c_str(),
+ result = security_manager_get_client_privilege_license(clientGlobalPrivilegeLicenseB,
+ clientGlobal.getPkgId().c_str(),
clientGlobal.getAppId().c_str(),
uid, &license);
RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
- RUNNER_ASSERT(license && std::string(license) == licenseB);
+ RUNNER_ASSERT(license && clientGlobalPrivilegeLicenseB.getLicense() == license);
free(license);
license = nullptr;
}
+
+RUNNER_CHILD_TEST(app_defined_10_check_system_privileges)
+{
+ const std::string providerAppId = "app_def_09_provider";
+ const Privilege privilege(PRIV_INTERNET, Privilege::UNTRUSTED);
+
+ InstallRequest requestInst;
+ requestInst.setAppId(providerAppId);
+ requestInst.setPkgId(providerAppId);
+ requestInst.addAppDefinedPrivilege(privilege);
+ Api::install(requestInst, SECURITY_MANAGER_ERROR_INPUT_PARAM);
+ Api::uninstall(requestInst);
+}
+
+RUNNER_CHILD_TEST(app_defined_11_invalid_license)
+{
+ const Privilege providerPrivilegeLicense(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
+ const Privilege clientPrivilegeLicense(
+ "http://tizen.org/licensed/abcsoftware/calendar",
+ "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
+ const std::string providerAppId = "app_def_provider_01";
+ const std::string clientAppId = "app_def_client_01";
+ const std::string ownerId = "5001";
+ const std::string session = "S0M33S3SSI0N";
+
+ AppInstallHelper provider(providerAppId);
+ AppInstallHelper client(clientAppId);
+ client.setHybrid();
+ std::string clientLabel = client.generateAppLabel();
+
+ provider.addAppDefinedPrivilege(providerPrivilegeLicense);
+ client.addPrivilege(clientPrivilegeLicense);
+
+ ScopedInstaller req1(provider);
+ ScopedInstaller req2(client);
+
+ CynaraTestClient::Client cynara;
+ cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
+}
+
+RUNNER_CHILD_TEST(app_defined_12_invalid_common_name)
+{
+ const Privilege providerPrivilegeLicense(
+ "http://tizen.org/licensed/xyzsoftware/camera",
+ "/opt/usr/globalapps/app_def_provider_02_pkg_id/cert/xyzsoftware.pem");
+ const Privilege clientPrivilegeLicense(
+ "http://tizen.org/licensed/xyzsoftware/camera",
+ "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
+ const std::string providerAppId = "app_def_provider_02";
+ const std::string clientAppId = "app_def_client_01";
+ const std::string ownerId = "5001";
+ const std::string session = "S0M33S3SSI0N";
+
+ AppInstallHelper provider(providerAppId);
+ AppInstallHelper client(clientAppId);
+ client.setHybrid();
+ std::string clientLabel = client.generateAppLabel();
+
+ provider.addAppDefinedPrivilege(providerPrivilegeLicense);
+ client.addPrivilege(clientPrivilegeLicense);
+
+ ScopedInstaller req1(provider);
+ ScopedInstaller req2(client);
+
+ CynaraTestClient::Client cynara;
+ cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
+}