* @brief Main file for libprivilege-control unit tests.
*/
-#include <string>
+#include <fcntl.h>
+#include <fstream>
+#include <iostream>
#include <set>
+#include <string>
+#include <string.h>
+#include <sys/sendfile.h>
+#include <sys/smack.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <vector>
+#include <grp.h>
+#include <pwd.h>
+
#include <libprivilege-control_test_common.h>
#include <tests_common.h>
-#include <sys/smack.h>
-#include <dpl/test/test_runner.h>
+#include "common/duplicates.h"
#define CANARY_LABEL "tiny_yellow_canary"
-const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
+const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", NULL };
const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
-const char* PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", NULL};
-
-const char* PRIVS_AV[] = { "org.tizen.privilege.antivirus", NULL };
-
+const char *PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", NULL};
+const char *PRIV_APPSETTING_RULES[] = { "~APP~ ~SETTINGS_PATH~ rwx",
+ "~APP~ ~ALL_APPS~ rx",
+ NULL};
/**
* Check if every rule is true.
* @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
void read_gids(std::set<unsigned> &set, const char *file_path)
{
FILE *f = fopen(file_path, "r");
- RUNNER_ASSERT_MSG(f != NULL, "Unable to open file " << file_path);
+ RUNNER_ASSERT_MSG_BT(f != NULL, "Unable to open file " << file_path);
unsigned gid;
while (fscanf(f, "%u\n", &gid) == 1) {
set.insert(gid);
fclose(f);
}
-void check_groups(const char *dac_file)
+void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
{
- std::set<unsigned> groups_check;
- read_gids(groups_check, LIBPRIVILEGE_APP_GROUP_LIST);
- read_gids(groups_check, dac_file);
+ int ret;
+
+ struct passwd *pw = getpwuid(user_id);
+ RUNNER_ASSERT_MSG_BT(pw != NULL, "getpwuid() failed.");
+
+ int groups_cnt = 0;
+ gid_t *groups_list = NULL;
+ ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
+ RUNNER_ASSERT_MSG_BT(ret == -1, "getgrouplist() failed.");
+ if (groups_cnt == 0)
+ return;
+ groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
+ RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed.");
+
+ ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
+ if (ret == -1) {
+ free(groups_list);
+ RUNNER_ASSERT_MSG_BT(false, "getgrouplist() failed.");
+ }
+ for (int i = 0; i < groups_cnt; ++i) {
+ set.insert(groups_list[i]);
+ }
+ free(groups_list);
+}
+
+void read_current_gids(std::set<unsigned> &set)
+{
int groups_cnt = getgroups(0, NULL);
- RUNNER_ASSERT_MSG(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
+ RUNNER_ASSERT_MSG_BT(groups_cnt > 0, "Wrong number of supplementary groups.");
gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != NULL, "Memory allocation failed");
- RUNNER_ASSERT(-1 != getgroups(groups_cnt, groups_list));
+ RUNNER_ASSERT_MSG_BT(groups_list != NULL, "Memory allocation failed.");
+ if (getgroups(groups_cnt, groups_list) == -1){
+ free(groups_list);
+ RUNNER_ASSERT_MSG_BT(false, "getgroups failed.");
+ }
for (int i = 0; i < groups_cnt; ++i) {
- //getgroups() can return multiple number of the same group
- //they are returned in sequence, so we will given number when last
- //element of this number is reached
- if ((i < groups_cnt - 1) && (groups_list[i + 1] == groups_list[i]))
- continue;
- if (groups_check.erase(groups_list[i]) == 0) {
- // getgroups() may also return process' main group
- if (groups_list[i] != getgid())
- RUNNER_ASSERT_MSG(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
- }
+ set.insert(groups_list[i]);
}
free(groups_list);
+}
+
+void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
+{
+ std::set<unsigned> groups_check;
+ std::set<unsigned> groups_current;
+ if(dac_file != NULL)
+ read_gids(groups_check, dac_file);
+ read_current_gids(groups_current);
+
std::string groups_left;
- for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
+ for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
+ {
+ (void)groups_check.erase(*it);
+ if(groups_current.erase(*it) == 0)
+ groups_left.append(std::to_string(*it)).append(" ");
+ }
+ RUNNER_ASSERT_MSG_BT(groups_left.empty(),
+ "Application lost some groups: " << groups_left);
+
+ for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
+ {
+ if(groups_current.erase(*it) == 0)
+ groups_left.append(std::to_string(*it)).append(" ");
+ }
+ RUNNER_ASSERT_MSG_BT(groups_left.empty(),
+ "Application doesn't belong to some required groups: " << groups_left);
+
+ for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
+ {
groups_left.append(std::to_string(*it)).append(" ");
}
- RUNNER_ASSERT_MSG(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
+ RUNNER_ASSERT_MSG_BT(groups_left.empty(),
+ "Application belongs to groups it should't belong to: " << groups_left);
}
int file_exists(const char *path)
return -1;
}
-void check_app_installed(int line_no, const char *app_path)
+void check_app_installed(const char *app_path)
{
- RUNNER_ASSERT_MSG(file_exists(app_path) == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(file_exists(app_path) == 0,
" App not installed: " << app_path);
}
/* ACCESS */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set");
result = strcmp(APPID_DIR, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
+ RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect");
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
- RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
result = strcmp(APPID_DIR, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
+ RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
} else if (S_ISLNK(sb->st_mode)) {
struct stat buf;
char *target = realpath(fpath, NULL);
- RUNNER_ASSERT_MSG(0 == stat(target, &buf),"Stat failed for " << fpath);
+ RUNNER_ASSERT_MSG_BT(0 == stat(target, &buf),"Stat failed for " << fpath);
free(target);
if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
- RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
} else {
- RUNNER_ASSERT_MSG(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
result = strcmp(APPID_DIR, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
+ RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
}
} else
- RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
/* TRANSMUTE */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
return 0;
}
/* ACCESS */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
result = strcmp(CANARY_LABEL, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
+ RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is overwritten");
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
result = strcmp(CANARY_LABEL, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
+ RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on " << fpath << " is overwritten");
/* TRANSMUTE */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "TRANSMUTE label on " << fpath << " is set");
return 0;
}
-void check_app_has_permission(const char* app_id, const app_type_t app_type,
- const char *perm_list[], const int expected_result)
-{
- int result = PC_OPERATION_SUCCESS;
- bool has_permission = false;
-
- for (int i = 0; perm_list[i] != NULL; i++) {
- result = perm_app_has_permission(app_id, app_type, perm_list[i], &has_permission);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_has_permission failed with result: " << result);
- RUNNER_ASSERT_MSG(has_permission == expected_result,
- "Unexpected result, perm_app_has_permission returned: " << has_permission
- << ", expected: " << expected_result);
- }
-}
-void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
-{
- int result;
- result = smack_have_access(av_id, app_id, "rwx");
- RUNNER_ASSERT_MSG(result == 1,
- "Error while checking " << av_id << " rwx access to "
- << app_id << " " << comment << " Result: " << result);
- result = smack_have_access(av_id, app_id, "a");
- RUNNER_ASSERT_MSG(result == 0,
- "Error while checking " << av_id << " a access to "
- << app_id << " " << comment << " Result: " << result);
- result = smack_have_access(av_id, app_id, "t");
- RUNNER_ASSERT_MSG(result == 0,
- "Error while checking " << av_id << " t access to "
- << app_id << " " << comment << " Result: " << result);
-}
-
-/**
- * NOSMACK version of checkOnlyAvAccess function.
- *
- * Expects error instead of access granted/forbidden from smack_have_access.
- */
-void checkOnlyAvAccessNosmack(const char *av_id, const char *app_id, const char *comment)
-{
- int result;
- result = smack_have_access(av_id, app_id, "rwx");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result
- << " when testing " << comment);
- result = smack_have_access(av_id, app_id, "a");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result
- << " when testing " << comment);
- result = smack_have_access(av_id, app_id, "t");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result
- << " when testing " << comment);
-}
-
void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack)
{
int result;
DB_BEGIN
result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
"perm_app_uninstall returned " << result);
// Close transaction to commit uninstallation before further actions
// Install test apps
result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
"perm_app_install returned " << result);
// Close transaction to commit installation before further actions
// TEST:
// Revoke permissions
result = perm_app_revoke_permissions(app_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
"Error revoking app permissions. Result: " << result);
DB_END
// Are all the permissions revoked?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules), "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules), "Line: " << line_no <<
"Not all permisions revoked.");
DB_BEGIN
// Cleanup - uninstall test apps
result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
"perm_app_uninstall returned " << result);
DB_END
// Prepare
result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_uninstall failed: " << result);
result = perm_app_install(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_install failed: " << result);
- // Enable a permission:
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling app permissions. Result: " << result);
+ // Register a permission:
+ result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "Error registering app permissions. Result: " << result);
DB_END
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
"SMACK accesses not granted for EFL_APP");
- // Check if permission is assigned to app in db
- check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
-
DB_BEGIN
// Cleanup
result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_uninstall failed: " << result);
DB_END
-
- // Check if permission is disabled in db
- check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
}
void test_app_disable_permissions_efl(bool smack)
// Prepare
result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_uninstall failed: " << result);
result = perm_app_install(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_install failed: " << result);
- // Enable a permission
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling app permissions. Result: " << result);
+ // Register a permission
+ result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "Error registering app permissions. Result: " << result);
DB_END
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
"SMACK accesses not granted for EFL_APP");
- // Check if permission is assigned to app in db
- check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
-
DB_BEGIN
// Disable a permission
result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error disabling app permissions. Result: " << result);
DB_END
- RUNNER_ASSERT_MSG(check_no_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
"SMACK accesses not disabled for EFL_APP");
- // Check if permission is disabled in db
- check_app_has_permission(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
-
DB_BEGIN
// Cleanup
result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_uninstall failed: " << result);
DB_END
// Prepare
result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_uninstall failed: " << result);
result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_install failed: " << result);
/**
* Test - disable all granted permissions.
*/
// Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
DB_END
// Are all the permissions enabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
-
- // Check if permissions are enabled in db
- check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2), "Not all permisions enabled.");
DB_BEGIN
// Disable permissions
result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error disabling app permissions. Result: " << result);
DB_END
// Are all the permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
-
- // Check if permission is disabled in db
- check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2), "Not all permisions disabled.");
/**
* Test - disable some granted permissions leaving non complementary and then disabling those too.
DB_BEGIN
// Prepare permissions that will not be disabled
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, true);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error adding app first permissions. Result: " << result);
// Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error adding app second permissions. Result: " << result);
// Disable second permissions
result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error disabling app second permissions. Result: " << result);
DB_END
// Are all second permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
// Are all first permissions not disabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules_wgt2), "Some of second permissions disabled.");
-
- // Check if second permission is disabled in db
- check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- // Check if first permission is enabled in db
- check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, true);
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules1), "Some of second permissions disabled.");
DB_BEGIN
// Disable first permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error disabling app first permissions. Result: " << result);
DB_END
// Are all second permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules_wgt2), "Not all second permisions disabled.");
-
- // Check if permission is disabled in db
- check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS, false);
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules1), "Not all second permisions disabled.");
/**
* Test - disable only no r granted permissions.
DB_BEGIN
// Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app r permissions. Result: " << result);
+
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app no r permissions. Result: " << result);
// Disable same permissions without r
result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error disabling app no r permissions. Result: " << result);
DB_END
// Is any r permissions disabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
// Are all no r permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
-
- // Check if second permission is enabled in db
- check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
- // Check if permission is disabled in db
- check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
DB_BEGIN
// Prepare permissions
result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error adding app no r permissions. Result: " << result);
DB_END
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
DB_BEGIN
// Disable all permissions
result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error disabling app permissions. Result: " << result);
DB_END
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
-
- // Check if permission is disabled in db
- check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
DB_BEGIN
// Clean up after test:
result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
DB_END
}
//install some app 1
ret = perm_app_install(APP_1);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
+ RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
//register settings folder for app 1
ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
//install "app_test" and give it appsettings privilege
ret = perm_app_install(APP_TEST);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
+ RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
+ //register appsettings feature
+ ret = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,
+ " Error registering api feature. Result: " << ret);
ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << ret);
DB_END
//check if "app_test" has an RX access to the app "app_1"
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, APP_1, "rx"}}), "access denied");
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, APP_1, "rx"}}), "access denied");
//check if "app_test" has an RWX access to a folder registered by "app_1"
ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS );
app1DirLabelPtr.reset(label);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
+ RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
DB_BEGIN
//intstall another app: "app_2"
ret = perm_app_install(APP_2);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
+ RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
//register settings folder for that "app_2"
ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
DB_END
//check if "app_test" has an RX access to the app "app_2"
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, APP_2, "rx"}}), "access denied");
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, APP_2, "rx"}}), "access denied");
//check if "app_test" has an RWX access to a folder registered by "app_2"
ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS );
app2DirLabelPtr.reset(label);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{APP_TEST, app2DirLabelPtr.get(), "rwx"}}), "access denies");
+ RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, app2DirLabelPtr.get(), "rwx"}}), "access denies");
rmdir(APP_1_DIR);
rmdir(APP_2_DIR);
projects / platform / core / test / security-tests.git / blobdiff