#include <sm_commons.h>
#include <memory.h>
#include <tests_common.h>
+#include <privilege_names.h>
using namespace SecurityManagerTest;
+using namespace PrivilegeNames;
namespace {
bool finish = false;
const std::string APP_TEST_USER = "app_test_user";
-const std::string EXTERNAL_STORAGE_PRIVILEGE = "http://tizen.org/privilege/externalstorage";
-const std::string MEDIA_STORAGE_PRIVILEGE = "http://tizen.org/privilege/mediastorage";
-
const std::string ACCESS_DENIED_DIR_PATH = "/usr/share/security-manager/dummy";
const std::string EXTERNAL_STORAGE_DIR_PATH = "/opt/media";
const std::string MEDIA_STORAGE_RW_DIR_PATH = "/opt/usr/media";
synchPipe.claimChildEp();
synchPipe.wait();
- std::string appBindPath = std::string("/var/run/user/") + std::to_string(tmpUser.getUid())
+ std::string appBindPath = std::string("/var/run/user/") + tmpUser.getUidString()
+ "/apps/" + app.generateAppLabel() + "/" + std::to_string(pid);
std::string appProcPath = std::string("/proc/") + std::to_string(pid) + "/ns/mnt";
std::string launcherProcPath = std::string("/proc/") + std::to_string(getpid()) + "/ns/mnt";
tmpUser.create();
AppInstallHelper app("app103", tmpUser.getUid());
- app.addPrivilege(EXTERNAL_STORAGE_PRIVILEGE);
- app.addPrivilege(MEDIA_STORAGE_PRIVILEGE);
+ app.addPrivileges({PRIV_EXTERNALSTORAGE, PRIV_MEDIASTORAGE});
ScopedInstaller appInstall(app);
SynchronizationPipe synchPipe;
RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
PolicyRequest policyRequest;
- PolicyEntry policyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), EXTERNAL_STORAGE_PRIVILEGE);
- policyEntry.setLevel("Deny");
+ PolicyEntry policyEntry(app.getAppId(), tmpUser.getUidString(), PRIV_EXTERNALSTORAGE);
+ policyEntry.setLevel(PolicyEntry::LEVEL_DENY);
policyRequest.addEntry(policyEntry);
- policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), MEDIA_STORAGE_PRIVILEGE);
- policyEntry.setLevel("Deny");
+ policyEntry = PolicyEntry(app.getAppId(), tmpUser.getUidString(), PRIV_MEDIASTORAGE);
+ policyEntry.setLevel(PolicyEntry::LEVEL_DENY);
policyRequest.addEntry(policyEntry);
Api::sendPolicy(policyRequest);
result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RO_DIR_PATH, pid);
RUNNER_ASSERT_ERRNO_MSG(result == true, "path is not bound");
- policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), EXTERNAL_STORAGE_PRIVILEGE);
- policyEntry.setLevel("Allow");
+ policyEntry = PolicyEntry(app.getAppId(), tmpUser.getUidString(), PRIV_EXTERNALSTORAGE);
+ policyEntry.setLevel(PolicyEntry::LEVEL_ALLOW);
policyRequest.addEntry(policyEntry);
- policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), MEDIA_STORAGE_PRIVILEGE);
- policyEntry.setLevel("Allow");
+ policyEntry = PolicyEntry(app.getAppId(), tmpUser.getUidString(), PRIV_MEDIASTORAGE);
+ policyEntry.setLevel(PolicyEntry::LEVEL_ALLOW);
policyRequest.addEntry(policyEntry);
Api::sendPolicy(policyRequest);
}
}
+RUNNER_CHILD_TEST(security_manager_104_policy_change_kill_app_test)
+{
+ TemporaryTestUser tmpUser(APP_TEST_USER, GUM_USERTYPE_NORMAL, false);
+ tmpUser.create();
+
+ AppInstallHelper app("app104", tmpUser.getUid());
+ app.addPrivileges({PRIV_EXTERNALSTORAGE, PRIV_MEDIASTORAGE});
+ ScopedInstaller appInstall(app);
+
+ SynchronizationPipe synchPipe;
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid == 0) {
+ synchPipe.claimParentEp();
+ try {
+ RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(tmpUser) == 0, "launcher failed");
+ Api::prepareAppCandidate();
+ Api::prepareApp(app.getAppId());
+ } catch (...) {
+ synchPipe.post();
+ throw;
+ }
+ synchPipe.post();
+ exit(0);
+ } else {
+ synchPipe.claimChildEp();
+ synchPipe.wait();
+
+ PolicyRequest policyRequest;
+ PolicyEntry policyEntry(app.getAppId(), tmpUser.getUidString(), PRIV_EXTERNALSTORAGE);
+ policyEntry.setLevel(PolicyEntry::LEVEL_DENY);
+ policyRequest.addEntry(policyEntry);
+ Api::sendPolicy(policyRequest);
+
+ waitPid(pid);
+ Api::cleanupApp(app.getAppId(), tmpUser.getUid(), pid);
+ }
+}
+
namespace {
class Timestamp {
uint64_t _;
for (int i = 0; i < nAppsMax; i++) {
apps.emplace_back(App{AppInstallHelper("app200_" + std::to_string(i), uid), 0});
auto &hlp = apps.back().hlp;
- for (const auto &p : { EXTERNAL_STORAGE_PRIVILEGE, MEDIA_STORAGE_PRIVILEGE,
- std::string("http://tizen.org/privilege/camera"),
- std::string("http://tizen.org/privilege/internet") })
- hlp.addPrivilege(p);
+ hlp.addPrivileges({PRIV_EXTERNALSTORAGE, PRIV_MEDIASTORAGE, PRIV_CAMERA, PRIV_INTERNET});
hlp.createSharedRODir();
appInstalls.emplace_back(ScopedInstaller(hlp));
}