/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* limitations under the License.
*/
#include <cstdint>
-#include <map>
+#include <fcntl.h>
+#include <functional>
+#include <unordered_map>
#include <string>
#include <sys/smack.h>
#include <sys/types.h>
#include <unistd.h>
#include <dpl/test/test_runner.h>
-#include <sm_api.h>
#include <sm_commons.h>
-#include <sm_request.h>
#include <tests_common.h>
+#include <scoped_installer.h>
+#include <scoped_path_remover.h>
using namespace SecurityManagerTest;
namespace {
-const int sm_app_shared_test_id = 27;
-const char *const sm_app_shared_id = "sm_test_27_app_id_full";
-const char *const sm_app_shared_another_in_package_id = "sm_test_27_app_2_id_full";
-const char *const sm_pkg_shared_id = "sm_test_27_pkg_id_full";
-
-static const std::map<std::string, struct app_attributes> MANY_APPS_PKGS = {
- {"security_manager_10_app_1", {"security_manager_10_pkg_1", "2.1"}},
- {"security_manager_10_app_2", {"security_manager_10_pkg_2", "3.0"}},
- {"security_manager_10_app_3", {"security_manager_10_pkg_3", "2.1.1"}},
- {"security_manager_10_app_4", {"security_manager_10_pkg_4", "3.1"}},
- {"security_manager_10_app_5", {"security_manager_10_pkg_5", "2.2"}}
-};
-
-void changeSecurityContext(const std::string& label, uid_t uid, gid_t gid)
-{
- RUNNER_ASSERT_ERRNO_MSG(0 == smack_set_label_for_self(label.c_str()),
- "Error in smack_set_label_for_self(" << label << ")");
- RUNNER_ASSERT_ERRNO_MSG(0 == setgid(gid), "Error in setgid.");
- RUNNER_ASSERT_ERRNO_MSG(0 == setuid(uid), "Error in setuid.");
-}
+const uid_t OWNER_UID = 5001;
+const uid_t OWNER_GID = 100;
-void test_success_worker(const std::string &appName, const std::string &pkgName, int test_num)
-{
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
+const std::vector<std::string> versions = {
+ "2.4",
+ "3.0"
+};
- changeSecurityContext(generateProcessLabel(appName, pkgName), APP_UID, APP_GID);
+typedef std::vector<std::pair<std::string, std::string>> VersionCombinations;
- RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1,
- "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH );
+VersionCombinations makeVersionCombinations(const std::vector<std::string> &versions) {
+ VersionCombinations verCombs;
+ for (const auto &version1 : versions)
+ for (const auto &version2: versions)
+ verCombs.push_back({version1, version2});
+ return verCombs;
}
-void test_fail_worker(const std::string &appName, const std::string &pkgName, int test_num)
-{
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
+const VersionCombinations versionCombinations = makeVersionCombinations(versions);
- changeSecurityContext(generateProcessLabel(appName, pkgName), APP_UID, APP_GID);
+} //anonymous namespace
- RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1,
- "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName
- << " surprisingly succeeded, while expecting fail");
-}
-}
-
-RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PUBLIC_SHARING)
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_SHARED_RO)
-RUNNER_TEST(security_manager_27a_API2X_app_install)
+static void runAccessTest(uid_t uid, gid_t gid, const std::string &appId,
+ std::function<void(void)> f)
{
- std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
- std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
- prepare_app_env(sm_app_shared_test_id, true);
-
- // install other apps
- for(const auto &app : MANY_APPS_PKGS) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- requestInst.setPkgId(app.second.package.c_str());
- requestInst.setAppTizenVersion(app.second.Tizen_ver.c_str());
-
- Api::install(requestInst);
- };
-
- // install
- {
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_shared_id);
- requestInst.setPkgId(sm_pkg_shared_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
- requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
- requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
- requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
- requestInst.setAppTizenVersion("2.4");
- Api::install(requestInst);
+ pid_t pid = fork();
+
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid == 0) {
+ setLauncherSecurityAttributes(uid, gid);
+ Api::prepareAppCandidate();
+ Api::prepareApp(appId);
+ f();
+ exit(0);
+ } else {
+
+ waitPid(pid);
+ Api::cleanupApp(appId, uid, pid);
}
-
- // another app in package
- {
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_shared_another_in_package_id);
- requestInst.setPkgId(sm_pkg_shared_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
- requestInst.setAppTizenVersion("2.4");
- Api::install(requestInst);
- }
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
-
- /* TODO: add parameters to this function */
- check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
-
- RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
-}
-
-RUNNER_CHILD_TEST(security_manager_27b_owner_1_have_access)
-{
- test_success_worker(sm_app_shared_id, sm_pkg_shared_id, sm_app_shared_test_id);
}
-RUNNER_CHILD_TEST(security_manager_27c_owner_2_have_access)
+/**
+ * Check whether owner app have access to own sharedRO dir
+ */
+RUNNER_CHILD_TEST(security_manager_76_owner_access)
{
- test_success_worker(sm_app_shared_another_in_package_id, sm_pkg_shared_id, sm_app_shared_test_id);
+ for (const auto &version : versions) {
+ AppInstallHelper app("sm_test_76a", OWNER_UID, version);
+ app.createSharedRODir();
+ ScopedInstaller sharedROPkgApp(app);
+
+ runAccessTest(OWNER_UID, OWNER_GID, app.getAppId(), [&]() {
+ accessTest(app.getAppId(), app.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
+ }
}
-RUNNER_CHILD_TEST(security_manager_27d_API2X_apps_have_access_app_1)
+RUNNER_CHILD_TEST(security_manager_7x_test)
{
- test_success_worker("security_manager_10_app_1", "security_manager_10_pkg_1", sm_app_shared_test_id);
+ AppInstallHelper ownerApp("owner_7x", OWNER_UID);
+ ownerApp.createSharedRODir();
+ ScopedInstaller ownerAppInstall(ownerApp);
+
+ AppInstallHelper otherApp("other_7x", OWNER_UID);
+ otherApp.createSharedRODir();
+ ScopedInstaller otherAppInstall(otherApp);
+
+ runAccessTest(OWNER_UID, OWNER_GID, ownerApp.getAppId(), [&]() {
+ accessTest(ownerApp.getAppId(), ownerApp.getSharedRODir(), R_OK | W_OK | X_OK);
+ accessTest(ownerApp.getAppId(), otherApp.getSharedRODir(), R_OK | X_OK);
+ exit(0);
+ });
}
-RUNNER_CHILD_TEST(security_manager_27e_API2X_apps_dont_have_access_app_2)
+/**
+ * Check whether app without shared RO path has access to shared RO dir and
+ * no access to private directories of application from different package between
+ * different version combinations
+ */
+RUNNER_CHILD_TEST(security_manager_77_owner_other_access_version_combinations)
{
- test_fail_worker("security_manager_10_app_2", "security_manager_10_pkg_2", sm_app_shared_test_id);
+ for (const auto &version : versionCombinations) {
+ AppInstallHelper sharedApp("sm_test_77_shared", OWNER_UID, version.first);
+ sharedApp.createSharedRODir();
+ sharedApp.createPrivateDir();
+ ScopedInstaller sharedAppInstall(sharedApp);
+
+ AppInstallHelper nonSharedApp("sm_test_77_nonshared", OWNER_UID, version.second);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp.getAppId(), [&]() {
+ accessTest(sharedApp.getAppId(), sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp.getPrivateDir(), 0);
+ accessTest(nonSharedApp.getAppId(), sharedApp.getSharedRODir(), R_OK|X_OK);
+ });
+ }
}
-RUNNER_CHILD_TEST(security_manager_27f_API2X_apps_have_access_app_3)
+/**
+ * Check whether app with shared RO dir has access to shared RO dir and no access to
+ * private paths of an application from different package between different version
+ * combinations
+ */
+RUNNER_CHILD_TEST(security_manager_78_another_pkg_shared_ro_have_ro_access_to_shared_ro)
{
- test_success_worker("security_manager_10_app_3", "security_manager_10_pkg_3", sm_app_shared_test_id);
+ for (const auto &version : versionCombinations) {
+ AppInstallHelper sharedApp1("sm_test_78_shared1", OWNER_UID, version.first);
+ sharedApp1.createSharedRODir();
+ sharedApp1.createPrivateDir();
+ ScopedInstaller sharedAppInstall1(sharedApp1);
+
+ AppInstallHelper sharedApp2("sm_test_78_shared2", OWNER_UID, version.second);
+ sharedApp2.createSharedRODir();
+ sharedApp2.createPrivateDir();
+ ScopedInstaller sharedApp2Install(sharedApp2);
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp1.getAppId(), [&]() {
+ accessTest(sharedApp1.getAppId(), sharedApp2.getSharedRODir(), R_OK|X_OK);
+ accessTest(sharedApp1.getAppId(), sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
+ accessTest(sharedApp1.getAppId(), sharedApp2.getPrivateDir(), 0);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp1.getSharedRODir(), R_OK|X_OK);
+ accessTest(sharedApp2.getAppId(), sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ accessTest(sharedApp2.getAppId(), sharedApp1.getPrivateDir(), 0);
+ });
+ }
}
-RUNNER_CHILD_TEST(security_manager_27g_API2X_apps_dont_have_access_app_4)
+/**
+ * Install two apps with shared RO dirs from one package and check accesses
+ * to shared RO dirs with different versions
+ */
+RUNNER_CHILD_TEST(security_manager_79a_same_pkg_shared_ro_have_ro_access_to_shared_ro)
{
- test_fail_worker("security_manager_10_app_4", "security_manager_10_pkg_4", sm_app_shared_test_id);
+ const std::string sharedPkgName = "sm_test_79a";
+
+ for (const auto &version : versions) {
+ AppInstallHelper sharedApp1("sm_test_79a_shared1", sharedPkgName, OWNER_UID, version);
+ sharedApp1.createSharedRODir();
+ ScopedInstaller sharedAppInstall1(sharedApp1);
+
+ AppInstallHelper sharedApp2("sm_test_79a_shared2", sharedPkgName, OWNER_UID, version);
+ sharedApp2.createSharedRODir();
+ ScopedInstaller sharedAppInstall2(sharedApp2);
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp1.getAppId(), [&]() {
+ accessTest(sharedApp1.getAppId(), sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
+ }
}
-RUNNER_CHILD_TEST(security_manager_27h_API2X_apps_have_access_app_5)
+/**
+ * Install two apps with and without shared RO dirs from one package and check accesses
+ * to shared RO dir with different versions
+ */
+RUNNER_CHILD_TEST(security_manager_79b_same_pkg_shared_ro_have_ro_access_to_shared_ro)
{
- test_success_worker("security_manager_10_app_5", "security_manager_10_pkg_5", sm_app_shared_test_id);
-}
+ const std::string sharedPkgName = "sm_test_79b";
+ for (const auto &version : versions) {
+ AppInstallHelper sharedApp("sm_test_79b_shared1", sharedPkgName, OWNER_UID, version);
+ sharedApp.createSharedRODir();
+ ScopedInstaller sharedAppInstall(sharedApp);
-RUNNER_TEST(security_manager_27i_API2X_app_uninstall)
-{
- {
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_shared_id);
- Api::uninstall(requestUninst);
- }
- {
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_shared_another_in_package_id);
- Api::uninstall(requestUninst);
- }
+ AppInstallHelper nonSharedApp("sm_test_79b_shared2", sharedPkgName, OWNER_UID, version);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
- /* Check records in the security-manager database,
- * all previously allowed privileges should be removed */
- check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
- check_app_after_uninstall(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
+ };
}
-RUNNER_TEST(security_manager_27j_API30_app_install)
+/**
+ * Check whether sharedRO application from same pkg have proper access to private dir
+ * of other sharedRO app, then uninstall first app of sharedRO pkg application and check
+ * if access to second sharedRO remains.
+ */
+RUNNER_CHILD_TEST(security_manager_80_same_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir)
{
- std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
- std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
- prepare_app_env(sm_app_shared_test_id, true);
-
- // install
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_shared_id);
- requestInst.setPkgId(sm_pkg_shared_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
- requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
- requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
- requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
- requestInst.setAppTizenVersion("3.0");
-
- Api::install(requestInst);
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
-
- /* TODO: add parameters to this function */
- check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
-
- RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
+ std::string sharedPkgName = "sm_test_80";
+ for (const auto &version : versions) {
+ AppInstallHelper sharedApp1("sm_test_80_shared1", sharedPkgName, OWNER_UID, version);
+ sharedApp1.createPrivateDir(1);
+ sharedApp1.createSharedRODir(1);
+ ScopedInstaller sharedAppInstall1(sharedApp1);
+
+ AppInstallHelper sharedApp2("sm_test_80_shared2", sharedPkgName, OWNER_UID, version);
+ sharedApp2.createPrivateDir(2);
+ sharedApp2.createSharedRODir(2);
+ ScopedInstaller sharedAppInstall2(sharedApp2);
+
+ AppInstallHelper nonSharedApp("sm_test_80_nonshared", sharedPkgName, OWNER_UID, version);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp1.getAppId(), [&]() {
+ accessTest(sharedApp1.getAppId(), sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+ });
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
+ accessTest(nonSharedApp.getAppId(), sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+ });
+
+ sharedAppInstall1.uninstallApp();
+
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+ });
+ }
}
-RUNNER_CHILD_TEST(security_manager_27k_API30_apps_dont_have_access_app_1)
+/**
+ * Try to add valid sharedRO dir to an app and check all possible accesses to to it.
+ */
+RUNNER_CHILD_TEST(security_manager_81_add_path_to_app_and_check_all)
{
- test_fail_worker("security_manager_10_app_1", "security_manager_10_pkg_1", sm_app_shared_test_id);
+ for (const auto &version : versionCombinations) {
+ AppInstallHelper sharedApp("sm_test_83_shared1", OWNER_UID, version.first);
+ sharedApp.createPrivateDir();
+ sharedApp.createSharedRODir();
+ ScopedInstaller sharedAppInstall(sharedApp);
+
+ AppInstallHelper nonSharedApp("sm_test_83_nonshared", OWNER_UID, version.first);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
+
+ AppInstallHelper sharedApp2("sm_test_83_shared2", OWNER_UID, version.second);
+ ScopedInstaller nonSharedAppInstall2(sharedApp2);
+
+ //Post install
+ sharedApp2.createSharedRODir();
+
+ PathsRequest sharedRORequest;
+ sharedRORequest.setPkgId(sharedApp2.getPkgId());
+ sharedRORequest.addPath(sharedApp2.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
+ sharedRORequest.setUid(sharedApp2.getUID());
+ Api::registerPaths(sharedRORequest);
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp.getAppId(), [&]() {
+ accessTest(sharedApp.getAppId(), sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
+ accessTest(sharedApp.getAppId(), sharedApp.getPrivateDir(), R_OK|W_OK|X_OK);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ accessTest(sharedApp2.getAppId(), sharedApp.getSharedRODir(), R_OK|X_OK);
+ accessTest(sharedApp2.getAppId(), sharedApp.getPrivateDir(), 0);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp.getSharedRODir(), R_OK|X_OK);
+ accessTest(nonSharedApp.getAppId(), sharedApp2.getSharedRODir(), R_OK|X_OK);
+ accessTest(nonSharedApp.getAppId(), sharedApp.getPrivateDir(), 0);
+ });
+ }
}
-RUNNER_CHILD_TEST(security_manager_27l_API30_apps_dont_have_access_app_2)
+/**
+ * Try to add path which does not belong to an app and check if operation fails.
+ */
+RUNNER_CHILD_TEST(security_manager_82_add_invalid_path_to_app_and_check_all)
{
- test_fail_worker("security_manager_10_app_2", "security_manager_10_pkg_2", sm_app_shared_test_id);
+ for (const auto &version : versionCombinations) {
+ AppInstallHelper sharedApp("sm_test_84_shared", OWNER_UID, version.first);
+ sharedApp.createSharedRODir();
+ ScopedInstaller sharedAppInstall(sharedApp);
+
+ AppInstallHelper nonSharedApp("sm_test_84_nonshared", OWNER_UID, version.second);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
+
+ PathsRequest sharedRORequest;
+ sharedRORequest.setPkgId(nonSharedApp.getPkgId());
+ sharedRORequest.addPath(sharedApp.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
+ sharedRORequest.setUid(nonSharedApp.getUID());
+ Api::registerPaths(sharedRORequest, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
+ }
}
-RUNNER_CHILD_TEST(security_manager_27m_API30_apps_dont_have_access_app_3)
+/**
+ * Install and uninstall app and check accesses to uninstalled paths from other packages.
+ */
+RUNNER_CHILD_TEST(security_manager_83_install_uninstall_shared_ro_app_and_check_cleaning)
{
- test_fail_worker("security_manager_10_app_3", "security_manager_10_pkg_3", sm_app_shared_test_id);
+ for (const auto &verComb : versionCombinations) {
+ AppInstallHelper sharedApp1("sm_test_85_shared1", OWNER_UID, verComb.first);
+ sharedApp1.createSharedRODir();
+ ScopedInstaller sharedAppInstall1(sharedApp1);
+
+ AppInstallHelper sharedApp2("sm_test_85_shared2", OWNER_UID, verComb.second);
+ sharedApp2.createSharedRODir();
+ ScopedInstaller sharedAppInstall2(sharedApp2);
+
+ AppInstallHelper nonSharedApp("sm_test_85_nonshared", OWNER_UID, verComb.second);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
+
+ sharedAppInstall1.uninstallApp();
+ sharedApp1.removePaths();
+
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp1.getSharedRODir(), 0);
+ accessTest(nonSharedApp.getAppId(), sharedApp2.getSharedRODir(), R_OK|X_OK);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp1.getSharedRODir(), 0);
+ accessTest(sharedApp2.getAppId(), sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
+ }
}
-RUNNER_CHILD_TEST(security_manager_27n_API30_apps_dont_have_access_app_4)
+/**
+ * Install multiple SharedRO apps, uninstall one of them and check accesses
+ * to sharedRO path within one package.
+ */
+RUNNER_CHILD_TEST(security_manager_84_install_uninstall_shared_ro_two_apps_in_one_pkg)
{
- test_fail_worker("security_manager_10_app_4", "security_manager_10_pkg_4", sm_app_shared_test_id);
-}
+ std::string sharedPkgName = "sm_test_86";
-RUNNER_CHILD_TEST(security_manager_27o_API30_apps_dont_have_access_app_5)
-{
- test_fail_worker("security_manager_10_app_5", "security_manager_10_pkg_5", sm_app_shared_test_id);
-}
+ for (const auto &version : versionCombinations) {
+ AppInstallHelper nonSharedApp("sm_test_86_nonshared", OWNER_UID, version.first);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
-RUNNER_TEST(security_manager_27p_API30_app_uninstall)
-{
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_shared_id);
+ // Apps from the same package
+ AppInstallHelper sharedApp1("sm_test_86_shared1", sharedPkgName, OWNER_UID, version.second);
+ sharedApp1.createSharedRODir(1);
+ ScopedInstaller sharedAppInstall1(sharedApp1);
- Api::uninstall(requestUninst);
+ AppInstallHelper sharedApp2("sm_test_86_shared2", sharedPkgName, OWNER_UID, version.second);
+ sharedApp2.createSharedRODir(2);
+ ScopedInstaller sharedAppInstall2(sharedApp2);
- /* Check records in the security-manager database,
- * all previously allowed privileges should be removed */
- check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
+ sharedAppInstall1.uninstallApp();
- // install other apps
- for(const auto &app : MANY_APPS_PKGS) {
- InstallRequest requestUninst;
- requestUninst.setAppId(app.first);
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp2.getSharedRODir(2), R_OK|X_OK);
+ });
- Api::uninstall(requestUninst);
- };
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp2.getSharedRODir(2), R_OK|W_OK|X_OK);
+ });
+ }
}