/*
- * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <synchronization_pipe.h>
#include <temp_test_user.h>
#include <tests_common.h>
+#include <privilege_names.h>
+#include <app_def_privilege.h>
using namespace SecurityManagerTest;
+using namespace PrivilegeNames;
namespace {
struct UserInfo {
std::string userName;
};
// Privileges required for having permission to self/admin get/set policies.
-const std::string SELF_PRIVILEGE = "http://tizen.org/privilege/notexist";
-const std::string ADMIN_PRIVILEGE = "http://tizen.org/privilege/internal/usermanagement";
-
-typedef std::vector<std::string> Privileges;
-const std::vector<Privileges> TEST_PRIVILEGES = {
- {
- "http://tizen.org/privilege/internet",
- "http://tizen.org/privilege/display"
- },
- {
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/datasharing"
- },
- {
- "http://tizen.org/privilege/content.write",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email"
- },
- {
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email",
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/datasharing"
- },
- {
- "http://tizen.org/privilege/internet",
- "http://tizen.org/privilege/display",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email"
- }
+const std::string& SELF_PRIVILEGE = PRIV_NOTEXIST;
+const std::string& ADMIN_PRIVILEGE = PRIV_INTERNAL_USERMANAGEMENT;
+
+const std::vector<PrivilegeVector> TEST_PRIVILEGES = {
+ {PRIV_INTERNET, PRIV_DISPLAY},
+ {PRIV_TELEPHONY, PRIV_DATASHARING},
+ {PRIV_CONTENT_WRITE, PRIV_LED, PRIV_EMAIL},
+ {PRIV_LED, PRIV_EMAIL, PRIV_TELEPHONY, PRIV_DATASHARING},
+ {PRIV_INTERNET, PRIV_DISPLAY, PRIV_LED, PRIV_EMAIL}
};
const PrivilegeVector TEST_PRIVACY_PRIVILEGES[] = {
{
- Privilege("http://tizen.org/privilege/telephony"),
- Privilege("http://tizen.org/privilege/led"),
- Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
- Privilege("http://tizen.org/privilege/account.read", Privilege::PRIVACY),
- Privilege("http://tizen.org/privilege/healthinfo", Privilege::PRIVACY),
+ Privilege(PRIV_TELEPHONY),
+ Privilege(PRIV_LED),
+ Privilege(PRIV_CALLHISTORY_READ, Privilege::PRIVACY),
+ Privilege(PRIV_ACCOUNT_READ, Privilege::PRIVACY),
+ Privilege(PRIV_HEALTHINFO, Privilege::PRIVACY),
},
{
- Privilege("http://tizen.org/privilege/telephony"),
- Privilege("http://tizen.org/privilege/led"),
- Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
+ Privilege(PRIV_TELEPHONY),
+ Privilege(PRIV_LED),
+ Privilege(PRIV_CALLHISTORY_READ, Privilege::PRIVACY),
}
};
RUNNER_ASSERT_MSG(appIt != appIdToAIH.end(), "Policy returned unexpected app: " << app);
AppInstallHelper &aih = appIt->second;
- auto appPrivileges = aih.getPrivilegesNames();
+ auto& appPrivileges = aih.getPrivileges();
auto privIt = std::find(appPrivileges.begin(), appPrivileges.end(), privilege);
RUNNER_ASSERT_MSG(privIt != appPrivileges.end(),
"Unexpected privilege " << privilege << " for app " << app);
AppInstallHelper &aih = userAppIdToAIHIt->second;
auto privs = aih.getPrivileges();
- auto appPrivileges = aih.getPrivilegesNames();
+ auto& appPrivileges = aih.getPrivileges();
auto privIt = std::find(appPrivileges.begin(), appPrivileges.end(), privilege);
RUNNER_ASSERT_MSG(privIt != appPrivileges.end(),
"Unexpected privilege " << privilege << " for app " << app);
AppInstallHelper &aih = userAppIdToAIHIt->second;
auto privs = aih.getPrivileges();
- auto appPrivileges = aih.getPrivilegesNames();
+ auto& appPrivileges = aih.getPrivileges();
auto privIt = std::find(appPrivileges.begin(), appPrivileges.end(), privilege);
RUNNER_ASSERT_MSG(privIt != appPrivileges.end(),
"Unexpected privilege " << privilege << " for app " << app);
normalUser.getUidString(),
app1.getPrivileges()[0]
);
- policyEntry.setLevel("Deny");
+ policyEntry.setLevel(PolicyEntry::LEVEL_DENY);
policyRequest.addEntry(policyEntry);
policyEntry = PolicyEntry(
normalUser.getUidString(),
app1.getPrivileges()[1]
);
- policyEntry.setLevel("Deny");
+ policyEntry.setLevel(PolicyEntry::LEVEL_DENY);
policyRequest.addEntry(policyEntry);
Api::sendPolicy(policyRequest);
PolicyRequest setPolicyRequest;
std::vector<PolicyEntry> policyEntries;
- const std::string internetPriv = "http://tizen.org/privilege/internet";
- const std::string displayPriv = "http://tizen.org/privilege/display";
-
- PolicyEntry internetPolicyEntry(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, internetPriv);
- internetPolicyEntry.setMaxLevel("Deny");
+ PolicyEntry internetPolicyEntry(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, PRIV_INTERNET);
+ internetPolicyEntry.setMaxLevel(PolicyEntry::LEVEL_DENY);
setPolicyRequest.addEntry(internetPolicyEntry);
- PolicyEntry displayPolicyEntry(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, displayPriv);
- displayPolicyEntry.setMaxLevel("Deny");
+ PolicyEntry displayPolicyEntry(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, PRIV_DISPLAY);
+ displayPolicyEntry.setMaxLevel(PolicyEntry::LEVEL_DENY);
setPolicyRequest.addEntry(displayPolicyEntry);
Api::sendPolicy(setPolicyRequest);
RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin)
{
- const std::string updatePriv = "http://tizen.org/privilege/led";
+ const std::string& updatePriv = PRIV_LED;
TemporaryTestUser adminUser("sm_test_15_username", GUM_USERTYPE_ADMIN);
adminUser.create();
"drop_root_privileges failed");
PolicyEntry entry(updatedApp.getAppId(), adminUser.getUidString(), updatePriv);
- entry.setMaxLevel("Allow");
+ entry.setMaxLevel(PolicyEntry::LEVEL_ALLOW);
PolicyRequest addPolicyRequest;
addPolicyRequest.addEntry(entry);
Api::sendPolicy(addPolicyRequest);
RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard)
{
- const std::string updatePriv = "http://tizen.org/privilege/led";
+ const std::string& updatePriv = PRIV_LED;
TemporaryTestUser adminUser("sm_test_15_username", GUM_USERTYPE_ADMIN);
adminUser.create();
"drop_root_privileges failed");
PolicyEntry entry(SECURITY_MANAGER_ANY, adminUser.getUidString(), updatePriv);
- entry.setMaxLevel("Allow");
+ entry.setMaxLevel(PolicyEntry::LEVEL_ALLOW);
PolicyRequest addPolicyRequest;
addPolicyRequest.addEntry(entry);
RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_self)
{
- const std::string updatePriv = "http://tizen.org/privilege/led";
+ const std::string& updatePriv = PRIV_LED;
TemporaryTestUser user("sm_test_15_username", GUM_USERTYPE_NORMAL);
user.create();
"drop_root_privileges failed");
PolicyEntry entry(app.getAppId(), user.getUidString(), updatePriv);
- entry.setLevel("Allow");
+ entry.setLevel(PolicyEntry::LEVEL_ALLOW);
PolicyRequest addPolicyRequest;
addPolicyRequest.addEntry(entry);
std::string allowPolicy = std::string(levels[count-1]);
// first should always be Deny
- RUNNER_ASSERT_MSG(denyPolicy.compare("Deny") == 0,
+ RUNNER_ASSERT_MSG(denyPolicy.compare(PolicyEntry::LEVEL_DENY) == 0,
"Invalid first policy level. Should be Deny, instead there is: " << levels[0]);
// last should always be Allow
- RUNNER_ASSERT_MSG(allowPolicy.compare("Allow") == 0,
+ RUNNER_ASSERT_MSG(allowPolicy.compare(PolicyEntry::LEVEL_ALLOW) == 0,
"Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]);
exit(0);
}
RUNNER_CHILD_TEST(security_manager_17a_privacy_manager_delete_policy_for_self)
{
- const std::string updatePriv = "http://tizen.org/privilege/led";
+ const std::string& updatePriv = PRIV_LED;
TemporaryTestUser user("sm_test_17a_username", GUM_USERTYPE_NORMAL);
user.create();
"drop_root_privileges failed");
PolicyEntry entry(app.getAppId(), user.getUidString(), updatePriv);
- entry.setLevel("Allow");
+ entry.setLevel(PolicyEntry::LEVEL_ALLOW);
PolicyRequest addPolicyRequest;
addPolicyRequest.addEntry(entry);
Api::sendPolicy(addPolicyRequest);
RUNNER_CHILD_TEST(security_manager_17b_privacy_manager_delete_policy_for_self)
{
- const std::string updatePriv = "http://tizen.org/privilege/led";
+ const std::string& updatePriv = PRIV_LED;
TemporaryTestUser user("sm_test_17b_username", GUM_USERTYPE_NORMAL);
user.create();
"drop_root_privileges failed");
PolicyEntry entry(app.getAppId(), user.getUidString(), updatePriv);
- entry.setLevel("Allow");
+ entry.setLevel(PolicyEntry::LEVEL_ALLOW);
PolicyRequest addPolicyRequest;
addPolicyRequest.addEntry(entry);
Api::sendPolicy(addPolicyRequest);
RUNNER_CHILD_TEST(security_manager_18_privacy_manager_privacy_related_privileges_policy_install_remove)
{
- const std::string askUserDescription = "Ask user";
TemporaryTestUser user("sm_test_18_username", GUM_USERTYPE_NORMAL);
user.create();
unsigned int privacyActNum = 0;
for (auto &entry : policyEntries)
if (isPrivilegePrivacy(entry.getPrivilege())) {
- RUNNER_ASSERT_MSG(entry.getCurrentLevel() == askUserDescription,
+ RUNNER_ASSERT_MSG(entry.getCurrentLevel() == PolicyEntry::LEVEL_ASK_USER,
"Invalid policy setup; policy should be \"Ask user\" but is "
<< entry.getCurrentLevel());
++privacyActNum;
}
void test_privacy_related_privileges(bool isHybrid) {
- const std::string askUserDescription = "Ask user";
TemporaryTestUser user("sm_test_19_username", GUM_USERTYPE_NORMAL);
user.create();
"Invalid appId: should be either " << app1.getAppId() << " or "
<< app2.getAppId() << " but is " << entry.getAppId());
if (PolicyConfiguration::getIsAskuserEnabled() && isPrivilegePrivacy(entry.getPrivilege())) {
- RUNNER_ASSERT_MSG(entry.getCurrentLevel() == askUserDescription,
+ RUNNER_ASSERT_MSG(entry.getCurrentLevel() == PolicyEntry::LEVEL_ASK_USER,
"Invalid policy setup; policy should be \"Ask user\" but is "
<< entry.getCurrentLevel());
if (entry.getAppId() == app1.getAppId())
RUNNER_CHILD_TEST(security_manager_20_privacy_manager_privacy_related_privileges_policy_admin_check)
{
- const std::string askUserDescription = "Ask user";
TemporaryTestUser user("sm_test_20_username", GUM_USERTYPE_NORMAL);
user.create();
int policyType = CYNARA_ADMIN_ALLOW;
int privacyPolicyType = -1;
if (PolicyConfiguration::getIsAskuserEnabled())
- admin.getPolicyTypeForDescription(askUserDescription, privacyPolicyType);
+ admin.getPolicyTypeForDescription(PolicyEntry::LEVEL_ASK_USER, privacyPolicyType);
for (auto &priv : app.getPrivileges()) {
if (PolicyConfiguration::getIsAskuserEnabled() && isPrivilegePrivacy(priv)) {
static void check_privileges_from_manifest(const AppInstallHelper &aih, char **privileges, size_t nPrivs)
{
- std::vector<std::string> aihPrivs = aih.getPrivilegesNames();
+ auto& aihPrivs = aih.getPrivileges();
RUNNER_ASSERT_MSG(nPrivs == aihPrivs.size(), "Expected privileges number: " << aihPrivs.size() << ", got " << nPrivs);
for (size_t i = 0; i < nPrivs; ++i) {
RUNNER_ASSERT_MSG(std::find(aihPrivs.begin(), aihPrivs.end(), std::string(privileges[i])) != aihPrivs.end(),
AppInstallHelper app("security_manager_24_fetch");
app.setInstallType(SM_APP_INSTALL_GLOBAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
char **privileges;
AppInstallHelper app("security_manager_25_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
char **privileges;
AppInstallHelper appGlobal("security_manager_26_fetch");
appGlobal.setInstallType(SM_APP_INSTALL_GLOBAL);
- appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
- appGlobal.addPrivilege(std::string("http://tizen.org/privielge/contacts.read"));
+ appGlobal.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE, PRIV_CONTACTS_READ});
ScopedInstaller appGlobalInstall(appGlobal);
AppInstallHelper appLocal("security_manager_26_fetch", user.getUid());
appLocal.setInstallType(SM_APP_INSTALL_LOCAL);
- appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ appLocal.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appLocalInstall(appLocal);
AppInstallHelper app("security_manager_27_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
pid_t pid = fork();
AppInstallHelper app("security_manager_28_fetch");
app.setInstallType(SM_APP_INSTALL_GLOBAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
pid_t pid = fork();
AppInstallHelper app("security_manager_29_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
AppInstallHelper app1("security_manager_29_fetch", user1.getUid());
app1.setInstallType(SM_APP_INSTALL_LOCAL);
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
+ app1.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE, PRIV_CONTACTS_READ});
ScopedInstaller appInstall1(app1);
AppInstallHelper app("security_manager_30_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
AppInstallHelper app1("security_manager_30_fetch_1", user.getUid());
app1.setInstallType(SM_APP_INSTALL_LOCAL);
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
+ app1.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE, PRIV_CONTACTS_READ});
ScopedInstaller appInstall1(app1);
AppInstallHelper app("security_manager_31_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
AppInstallHelper app1("security_manager_31_fetch_1", user.getUid());
app1.setInstallType(SM_APP_INSTALL_LOCAL);
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/internal/usermanagement"));
+ app1.addPrivileges({PRIV_CALENDAR_READ,
+ PRIV_CALENDAR_WRITE,
+ PRIV_CONTACTS_READ,
+ PRIV_INTERNAL_USERMANAGEMENT});
ScopedInstaller appInstall1(app1);