/**
* @file libprivilege-control-test.cpp
* @author Jan Olszak (j.olszak@samsung.com)
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
* @version 1.0
* @brief Main file for libprivilege-control unit tests.
*/
#include <string>
#include <set>
#include <libprivilege-control_test_common.h>
+#include <tests_common.h>
#include <sys/smack.h>
#include <dpl/test/test_runner.h>
const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
+const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
+const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
+const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
+const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
const char* PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", NULL};
const char* PRIVS_AV[] = { "org.tizen.privilege.antivirus", NULL };
-void cleaning_smack_app_files (void)
+/**
+ * Check if every rule is true.
+ * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
+ */
+int test_have_all_accesses(const rules_t &rules)
{
- unlink(SMACK_RULES_DIR APP_TEST_APP_1);
- unlink(SMACK_RULES_DIR APP_TEST_APP_2);
- unlink(SMACK_RULES_DIR APP_TEST_APP_3);
- unlink(SMACK_RULES_DIR APP_TEST_AV_1);
- unlink(SMACK_RULES_DIR APP_TEST_AV_2);
- unlink(SMACK_RULES_DIR APP_TEST_AV_3);
+ int result = 1;
+ for (uint i = 0; i < rules.size(); ++i) {
+ int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
+ if (access < 0)
+ return -1;
+ if (access == 0)
+ result = 0;
+ }
+ return result;
}
/**
* Check if every rule is true.
- * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't
+ * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
*/
-int test_have_all_accesses(const std::vector< std::vector<std::string> > &rules)
+int test_have_any_accesses(const rules_t &rules)
{
- int result;
+ int result = 0;
for (uint i = 0; i < rules.size(); ++i) {
- result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result != 1)
- return result;
+ int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
+ if (access < 0)
+ return -1;
+ if (access > 0)
+ result = 1;
}
- return 1;
+ return result;
}
/**
- * Check if every rule is true.
- * @return 1 if ANY rule in SMACK, 0 if
+ * NOSMACK version of test_have_accesses functions.
+ *
+ * This will be used in many tests. Checks if for every rule smack_have_access returns error.
+ * If for any of rules smack_have_access will return something different than error, this result
+ * is being returned to caller.
*/
-int test_have_any_accesses(const std::vector< std::vector<std::string> > &rules)
+int test_have_nosmack_accesses(const rules_t &rules)
{
int result;
for (uint i = 0; i < rules.size(); ++i) {
result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result == 1)
- return 1;
+ if (result != -1)
+ return result;
}
- return 0;
+ return -1;
+}
+
+bool check_all_accesses(bool smack, const rules_t &rules)
+{
+ if (smack)
+ return test_have_all_accesses(rules) == 1;
+ else
+ return test_have_nosmack_accesses(rules) == -1;
+}
+
+bool check_no_accesses(bool smack, const rules_t &rules)
+{
+ if (smack)
+ return test_have_any_accesses(rules) == 0;
+ else
+ return test_have_nosmack_accesses(rules) == -1;
}
void read_gids(std::set<unsigned> &set, const char *file_path)
while (fscanf(f, "%u\n", &gid) == 1) {
set.insert(gid);
}
+ fclose(f);
}
void check_groups(const char *dac_file)
int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
int result;
- char *label;
+ CStringPtr labelPtr;
+ char* label = NULL;
/* ACCESS */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
+ labelPtr.reset(label);
RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
- result = strcmp(APPID_DIR, label);
+ RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set");
+ result = strcmp(APPID_DIR, labelPtr.get());
RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
+ labelPtr.reset(label);
RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
- RUNNER_ASSERT_MSG(label != NULL, "EXEC label on " << fpath << " is not set");
- result = strcmp(APPID_DIR, label);
+ RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
+ result = strcmp(APPID_DIR, labelPtr.get());
RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
} else if (S_ISLNK(sb->st_mode)) {
struct stat buf;
RUNNER_ASSERT_MSG(0 == stat(target, &buf),"Stat failed for " << fpath);
free(target);
if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
- RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
} else {
- RUNNER_ASSERT_MSG(label != NULL, "EXEC label on " << fpath << " is not set");
- result = strcmp(APPID_DIR, label);
+ RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
+ result = strcmp(APPID_DIR, labelPtr.get());
RUNNER_ASSERT_MSG(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
}
} else
- RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
/* TRANSMUTE */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
+ labelPtr.reset(label);
RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
return 0;
}
int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
int result;
- char *label;
+ CStringPtr labelPtr;
+ char* label = NULL;
/* ACCESS */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
+ labelPtr.reset(label);
RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, label);
+ result = strcmp(CANARY_LABEL, labelPtr.get());
RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
+ labelPtr.reset(label);
RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, label);
+ result = strcmp(CANARY_LABEL, labelPtr.get());
RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
/* TRANSMUTE */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
+ labelPtr.reset(label);
RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
return 0;
}
+void check_app_has_permission(const char* app_id, const app_type_t app_type,
+ const char *perm_list[], const int expected_result)
+{
+ int result = PC_OPERATION_SUCCESS;
+ bool has_permission = false;
+
+ for (int i = 0; perm_list[i] != NULL; i++) {
+ result = perm_app_has_permission(app_id, app_type, perm_list[i], &has_permission);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_has_permission failed with result: " << result);
+ RUNNER_ASSERT_MSG(has_permission == expected_result,
+ "Unexpected result, perm_app_has_permission returned: " << has_permission
+ << ", expected: " << expected_result);
+ }
+}
void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
{
int result;
"smack_have_access should return error (SMACK is off). Result: " << result
<< " when testing " << comment);
}
+
+void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack)
+{
+ int result;
+
+ // Cleanup
+ DB_BEGIN
+
+ result = perm_app_uninstall(app_id);
+ RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ "perm_app_uninstall returned " << result);
+
+ // Close transaction to commit uninstallation before further actions
+ DB_END
+
+ DB_BEGIN
+
+ // Install test apps
+ result = perm_app_install(app_id);
+ RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ "perm_app_install returned " << result);
+
+ // Close transaction to commit installation before further actions
+ DB_END
+
+ DB_BEGIN
+
+ // TEST:
+ // Revoke permissions
+ result = perm_app_revoke_permissions(app_id);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ "Error revoking app permissions. Result: " << result);
+
+ DB_END
+
+ // Are all the permissions revoked?
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules), "Line: " << line_no <<
+ "Not all permisions revoked.");
+
+ DB_BEGIN
+
+ // Cleanup - uninstall test apps
+ result = perm_app_uninstall(app_id);
+ RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ "perm_app_uninstall returned " << result);
+
+ DB_END
+}
+
+void test_app_enable_permissions_efl(bool smack)
+{
+ int result;
+
+ DB_BEGIN
+
+ // Prepare
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+ result = perm_app_install(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << result);
+
+ // Enable a permission:
+ result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error enabling app permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
+ "SMACK accesses not granted for EFL_APP");
+
+ // Check if permission is assigned to app in db
+ check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
+
+ DB_BEGIN
+
+ // Cleanup
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+
+ DB_END
+
+ // Check if permission is disabled in db
+ check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
+}
+
+void test_app_disable_permissions_efl(bool smack)
+{
+ int result;
+
+ DB_BEGIN
+
+ // Prepare
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+
+ result = perm_app_install(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << result);
+
+ // Enable a permission
+ result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error enabling app permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
+ "SMACK accesses not granted for EFL_APP");
+
+ // Check if permission is assigned to app in db
+ check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
+
+ DB_BEGIN
+
+ // Disable a permission
+ result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
+ "SMACK accesses not disabled for EFL_APP");
+
+ // Check if permission is disabled in db
+ check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
+
+ DB_BEGIN
+
+ // Cleanup
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+
+ DB_END
+}
+
+void test_app_disable_permissions(bool smack)
+{
+ int result;
+
+ DB_BEGIN
+
+ // Prepare
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << result);
+/**
+ * Test - disable all granted permissions.
+ */
+
+ // Prepare permissions that we want to disable
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error enabling app permissions. Result: " << result);
+
+ DB_END
+
+ // Are all the permissions enabled?
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
+
+ // Check if permissions are enabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+
+ DB_BEGIN
+
+ // Disable permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ DB_END
+
+ // Are all the permissions disabled?
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
+
+ // Check if permission is disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+
+/**
+ * Test - disable some granted permissions leaving non complementary and then disabling those too.
+ */
+
+ DB_BEGIN
+
+ // Prepare permissions that will not be disabled
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error adding app first permissions. Result: " << result);
+
+ // Prepare permissions that we want to disable
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error adding app second permissions. Result: " << result);
+
+ // Disable second permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app second permissions. Result: " << result);
+
+ DB_END
+
+ // Are all second permissions disabled?
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
+
+ // Are all first permissions not disabled?
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, rules_wgt2), "Some of second permissions disabled.");
+
+ // Check if second permission is disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+ // Check if first permission is enabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, true);
+
+ DB_BEGIN
+
+ // Disable first permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app first permissions. Result: " << result);
+
+ DB_END
+
+ // Are all second permissions disabled?
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules_wgt2), "Not all second permisions disabled.");
+
+ // Check if permission is disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, false);
+
+/**
+ * Test - disable only no r granted permissions.
+ */
+
+ DB_BEGIN
+
+ // Prepare permissions
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error adding app permissions. Result: " << result);
+
+ // Disable same permissions without r
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app no r permissions. Result: " << result);
+
+ DB_END
+
+ // Is any r permissions disabled?
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
+ // Are all no r permissions disabled?
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
+
+ // Check if second permission is enabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
+ // Check if permission is disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
+
+ DB_BEGIN
+
+ // Prepare permissions
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error adding app no r permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
+
+ DB_BEGIN
+
+ // Disable all permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
+
+ // Check if permission is disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
+
+ DB_BEGIN
+
+ // Clean up after test:
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ DB_END
+}
+
+void test_appsettings_privilege(bool smack)
+{
+ int ret;
+ CStringPtr app1DirLabelPtr;
+ CStringPtr app2DirLabelPtr;
+ char* label = NULL;
+
+ DB_BEGIN
+
+ (void)perm_app_uninstall(APP_TEST);
+ (void)perm_app_uninstall(APP_1);
+ (void)perm_app_uninstall(APP_2);
+
+ //install some app 1
+ ret = perm_app_install(APP_1);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
+
+ mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
+
+ //register settings folder for app 1
+ ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
+
+ //install "app_test" and give it appsettings privilege
+ ret = perm_app_install(APP_TEST);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
+
+
+ ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
+ " Error enabling app permissions. Result: " << ret);
+
+ DB_END
+
+ //check if "app_test" has an RX access to the app "app_1"
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, APP_1, "rx"}}), "access denied");
+
+ //check if "app_test" has an RWX access to a folder registered by "app_1"
+ ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS );
+ app1DirLabelPtr.reset(label);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
+
+
+ DB_BEGIN
+
+ //intstall another app: "app_2"
+ ret = perm_app_install(APP_2);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
+
+ mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
+ //register settings folder for that "app_2"
+ ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
+
+ DB_END
+
+ //check if "app_test" has an RX access to the app "app_2"
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, APP_2, "rx"}}), "access denied");
+
+ //check if "app_test" has an RWX access to a folder registered by "app_2"
+ ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS );
+ app2DirLabelPtr.reset(label);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, app2DirLabelPtr.get(), "rwx"}}), "access denies");
+
+ rmdir(APP_1_DIR);
+ rmdir(APP_2_DIR);
+
+ DB_BEGIN
+
+ (void)perm_app_uninstall(APP_TEST);
+ (void)perm_app_uninstall(APP_1);
+ (void)perm_app_uninstall(APP_2);
+
+ DB_END
+}