* @file test_cases.cpp
* @author Jan Olszak (j.olszak@samsung.com)
* @author Rafal Krypa (r.krypa@samsung.com)
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
* @version 1.0
* @brief libprivilege-control test runner
*/
#include <dpl/log/log.h>
#include <tests_common.h>
#include <libprivilege-control_test_common.h>
-
-#include <iostream>
+#include "common/duplicates.h"
+#include "common/db.h"
#define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules"
#define SMACK_ACC_LEN 6
+// Error codes for test_libprivilege_strerror
+const std::vector<int> error_codes {
+ PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
+ PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
+ PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
+ PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
+};
+
namespace {
std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
/* ACCESS */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set");
result = strcmp(APPID_SHARED_DIR, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
+ RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect");
result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
- RUNNER_ASSERT_MSG(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == 1,
"Error rwxatl access was not given shared dir. Subject: " <<
APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
/* TRANSMUTE */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
if (S_ISDIR(sb->st_mode)) {
- RUNNER_ASSERT_MSG(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
result = strcmp("TRUE", label);
- RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "TRANSMUTE label on " << fpath << " is not set");
} else
- RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set");
return 0;
}
/* ACCESS */
result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
if (result != 0) {
free(label_gen);
- RUNNER_ASSERT_MSG(false, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(false, "Could not get label for the path");
}
if (label != NULL) {
free(label_gen);
free(label);
- RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
+ RUNNER_ASSERT_MSG_BT(false, "EXEC label on " << fpath << " is set.");
}
/* TRANSMUTE */
if (result != 0) {
free(label_gen);
free(label);
- RUNNER_ASSERT_MSG(false, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(false, "Could not get label for the path");
}
if (S_ISDIR(sb->st_mode)) {
if (label == NULL) {
free(label_gen);
free(label);
- RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(false, "TRANSMUTE label on " << fpath << " is not set");
}
result = strcmp("TRUE", label);
if (result != 0) {
free(label_gen);
free(label);
- RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
+ RUNNER_ASSERT_MSG_BT(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
}
} else if (label != NULL) {
free(label_gen);
free(label);
- RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG_BT(false, "TRANSMUTE label on " << fpath << " is set");
}
free(label);
if (0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)) {
free(label_gen);
- RUNNER_ASSERT_MSG(false, "asprintf failed");
+ RUNNER_ASSERT_MSG_BT(false, "asprintf failed");
}
file_db = fopen(labels_db_path, "r");
if (file_db == NULL) {
free(label_gen);
free(scanf_label_format);
- RUNNER_ASSERT_MSG(false, "Can not open database for apps");
+ RUNNER_ASSERT_MSG_BT(false, "Can not open database for apps");
}
while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
result = smack_have_access(label_temp, label_gen, access);
fclose(file_db);
free(label_gen);
free(scanf_label_format);
- RUNNER_ASSERT_MSG(false,
+ RUNNER_ASSERT_MSG_BT(false,
"Error " << access << " access was not given for subject: "
<< label_temp << ". Result: " << result);
}
if (file_db == NULL) {
free(label_gen);
free(scanf_label_format);
- RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
+ RUNNER_ASSERT_MSG_BT(false, "Can not open database for dirs");
}
free(scanf_label_format);
void osp_blahblah_check(int line_no, const std::vector<std::string> &rules)
{
std::ifstream smack_file(OSP_BLAHBLAH);
- RUNNER_ASSERT_MSG(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
+ RUNNER_ASSERT_MSG_BT(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
auto it = rules.begin();
std::string line;
while (std::getline(smack_file,line)) {
- RUNNER_ASSERT_MSG(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
- RUNNER_ASSERT_MSG(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
+ RUNNER_ASSERT_MSG_BT(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
+ RUNNER_ASSERT_MSG_BT(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
it++;
}
- RUNNER_ASSERT_MSG(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it);
+ RUNNER_ASSERT_MSG_BT(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it);
smack_file.close();
}
void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
{
std::ifstream dac_file(dac_file_path);
- RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
+ RUNNER_ASSERT_MSG_BT(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
auto it = gids.begin();
std::string line;
std::istringstream is(line);
unsigned gid;
is >> gid;
- RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
- RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
+ RUNNER_ASSERT_MSG_BT(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
+ RUNNER_ASSERT_MSG_BT(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
it++;
}
- RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
+ RUNNER_ASSERT_MSG_BT(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
dac_file.close();
}
int result;
result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
DB_BEGIN
result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed");
DB_END
result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for app dir");
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir");
}
RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir)
DB_BEGIN
result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
- RUNNER_ASSERT_MSG(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
+ RUNNER_ASSERT_MSG_BT(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
DB_END
result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
DB_BEGIN
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed");
DB_END
result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for shared app dir");
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir");
DB_BEGIN
result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
DB_END
}
DB_BEGIN
result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, TRUE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " perm_app_enable_permissions failed with result: " << result);
+ result = perm_app_setup_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " perm_app_setup_permissions failed with result: " << result);
DB_END
+ // Check if permission is assigned to app in db
+ check_app_has_permission(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
+
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules_efl);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
DB_BEGIN
result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
DB_END
}
DB_BEGIN
result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
" perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
" perm_app_install returned " << result << ". Errno: " << strerror(errno));
// TEST:
- result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
- " Error enabling app permissions. Result: " << result);
+ result = perm_app_setup_permissions(app_id, APP_TYPE, privileges);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ " Error registering app permissions. Result: " << result);
DB_END
result = test_have_all_accesses(rules);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
result = perm_app_set_privilege(app_id, type, app_path);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
" Error in perm_app_set_privilege. Error: " << result);
- DB_END
-
// Check if SMACK label really set
char *label;
result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result >= 0, "Line: " << line_no <<
" Error getting current process label");
- RUNNER_ASSERT_MSG(label != NULL, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(label != NULL, "Line: " << line_no <<
" Process label is not set");
result = strcmp(app_id, label);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
" Process label " << label << " is incorrect");
check_groups(dac_file);
// argument validation
result = perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
+ RUNNER_ASSERT_BT(result == PC_ERR_INVALID_PARAM);
result = perm_add_api_feature(APP_TYPE_OSP,"", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
+ RUNNER_ASSERT_BT(result == PC_ERR_INVALID_PARAM);
// Already existing feature:
// TODO: Database will be malformed. (Rules for these features will be removed.)
result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// empty features
result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// empty rules
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), { NULL }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ const char *test1[] = { NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), (const char*[]) { "", NULL }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ const char *test2[] = { "", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), (const char*[]) { " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ const char *test3[] = { " \t\n", "\t \n", "\n\t ", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// malformed rules
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), (const char*[]) { "malformed", NULL }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
+ const char *test4[] = { "malformed", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), (const char*[]) { "malformed malformed", NULL }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
+ const char *test5[] = { "malformed malformed", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), (const char*[]) { "-malformed malformed rwxat", NULL }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
+ const char *test6[] = { "-malformed malformed rwxat", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), (const char*[]) { "~/\"\\ malformed rwxat", NULL }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
+ const char *test7[] = { "~/\"\\ malformed rwxat", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), (const char*[]) { "subject object rwxat something else", NULL }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
+ const char *test8[] = { "subject object rwxat something else", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
// correct rules
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), (const char*[]) {
+ const char *test9[] = {
"~APP~ object\t rwxatl",
" \t \n",
"subject2\t~APP~ ltxarw",
"",
- NULL
- }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ NULL};
+
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), (const char*[]) {
- "Sub::jE,ct ~APP~ a-rwxl",
- NULL
- }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), (const char*[]) {
- "Sub::sjE,ct ~APP~ a-RwXL", // TODO This fails.
- NULL
- }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", NULL }; // TODO This fails.
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// TODO For now identical/complementary rules are not merged.
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), (const char*[]) {
+ const char *test12[] = {
"subject1 ~APP~ rwxatl",
" \t \n",
"subject2 ~APP~ ltxarw",
"",
- NULL
- }, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ NULL};
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// empty group ids
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ const char *test13[] = { "~APP~ b a", NULL};
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
- RUNNER_ASSERT(result == -1);
+ RUNNER_ASSERT_BT(result == -1);
remove_smack_files();
// valid group ids
- result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},3);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
remove_smack_files();
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
remove_smack_files();
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {1,1,1},3);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
remove_smack_files();
perm_app_uninstall(APP_ID);
result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
// try install second time app with the same ID - it should pass.
result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
DB_END
}
RUNNER_TEST(privilege_control07_app_uninstall)
{
int result;
- int fd = -1;
DB_BEGIN
result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
DB_END
- // checking if file really exists
- fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
- RUNNER_ASSERT_MSG(fd == -1, "SMACK file NOT deleted after perm_app_uninstall");
- close(fd);
+ TestLibPrivilegeControlDatabase db_test;
+ db_test.test_db_after__perm_app_uninstall(APP_ID);
}
/*
smack_revoke_subject(APP_TEST_AV_1);
smack_revoke_subject(APP_TEST_AV_2);
- cleaning_smack_app_files();
-
DB_BEGIN
// Adding two apps before antivir
result = perm_app_install(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
result = perm_app_install(APP_TEST_APP_2);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
// Adding antivir
result = app_register_av(APP_TEST_AV_1);
- RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
DB_END
// Adding third app
result = perm_app_install(APP_TEST_APP_3);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
DB_END
// Adding second antivir
result = app_register_av(APP_TEST_AV_2);
- RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
// Checking app accesses
checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
// cleaning
smack_revoke_subject(APP_TEST_AV_1);
smack_revoke_subject(APP_TEST_AV_2);
-
- cleaning_smack_app_files();
}
#pragma GCC diagnostic warning "-Wdeprecated-declarations"
DB_BEGIN
result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
/**
* Test - Enabling all permissions with persistant mode enabled
*/
result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
+
+ // Check if permission is assigned to app in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
DB_BEGIN
// Clean up
result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
+ DB_END
+
+ // Check if permission is disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+
/**
* Test - Enabling all permissions with persistant mode disabled
*/
+ DB_BEGIN
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
+
result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
+
+ // Check if permission is assigned to app in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
DB_BEGIN
// Clean up
result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
+ DB_END
+
+ // Check if permission is disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+
/**
- * Test - Enabling all permissions in two complementary files
+ * Test - Registering new permissions in two complementary files
*/
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ DB_BEGIN
+
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
+
+ // Check if permissions are assigned to app in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, true);
DB_BEGIN
// Clean up
result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
+ DB_END
+
+ // Check if permissions are disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
+
/**
* Test - Enabling some permissions and then enabling complementary permissions
*/
- // Enable permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions without r. Result: " << result);
+ DB_BEGIN
+
+ // Register permission for rules 2 no r
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions without r. Result: " << result);
DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions without r not added.");
DB_BEGIN
- // Enable permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app all permissions. Result: " << result);
+ // Register permission for rules 2
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app all permissions. Result: " << result);
DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions all not added.");
DB_BEGIN
// Clean up
result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
/**
*/
// Enable permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions without r. Result: " << result);
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions without r. Result: " << result);
DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions without r not added.");
DB_BEGIN
// Enable permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions with only r. Result: " << result);
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions with only r. Result: " << result);
DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions with only r not added.");
DB_BEGIN
// Clean up
result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
// Clean up after test:
result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
DB_END
}
DB_BEGIN
result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
// Prepare permissions to reset
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
// Reset permissions
result = perm_app_reset_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error reseting app permissions. Result: " << result);
DB_END
// Are all second permissions not disabled?
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Not all permissions added.");
DB_BEGIN
// Disable permissions
result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error disabling app permissions. Result: " << result);
result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
DB_END
}
DB_BEGIN
result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
perm_app_uninstall(APP_FRIEND_1);
// Installing friends to be
result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error installing first app. Result: " << result);
result = perm_app_install(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error installing second app. Result: " << result);
// Making friends
result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error making friends. Errno: " << result);
DB_END
// Checking if friends were made
result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
- RUNNER_ASSERT_MSG(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == 1,
" Error first one sided friednship failed. Result: " << result);
result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
- RUNNER_ASSERT_MSG(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == 1,
" Error second one sided friednship failed. Result: " << result);
DB_BEGIN
// Clean up
result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
perm_app_uninstall(APP_FRIEND_1);
// Installing one friend
result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error installing first app. Errno: " << result);
// Adding imaginary friend as second
result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error making friends (first) with imaginairy friend failed. Result: "
<< result);
// Adding imaginary friend as first
result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error making friends (second) with imaginairy friend failed. Result: "
<< result);
// Clean up
result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
perm_app_uninstall(APP_FRIEND_1);
// Installing friends to be
result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error installing first app. Result: " << result);
result = perm_app_install(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error installing second app. Result: " << result);
DB_END
{
// Adding rules before making friends
result = smack_accesses_new(&rulesFriend);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error in smack_accesses_new. Result: " << result);
result = smack_accesses_add(rulesFriend,
APP_FRIEND_1, APP_FRIEND_2, accessesFriend[i].c_str());
- RUNNER_ASSERT_MSG(result == 0,
+ RUNNER_ASSERT_MSG_BT(result == 0,
"Unable to add modify rulesFirend (first). Result: " << result);
result = smack_accesses_add(rulesFriend, APP_FRIEND_2,
APP_FRIEND_1, accessesFriend[j].c_str());
- RUNNER_ASSERT_MSG(result == 0,
+ RUNNER_ASSERT_MSG_BT(result == 0,
"Unable to add modify rulesFirend (second). Result: " << result);
result = smack_accesses_apply(rulesFriend);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error in smack_accesses_apply. Result: " << result);
DB_BEGIN
// Adding friends
result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error making friends. Result: " << result);
DB_END
// Checking if friends were made
result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
- RUNNER_ASSERT_MSG(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == 1,
" Error first one sided friednship failed. Result: " << result);
result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
- RUNNER_ASSERT_MSG(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == 1,
" Error second one sided friednship failed. Result: " << result);
// Deleting all rules between friends
// Clean up
result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
perm_app_uninstall(APP_FRIEND_1);
ss << "s-" << getpid() << "-" << getppid();
result = smack_set_label_for_self(ss.str().c_str());
- RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
+ RUNNER_ASSERT_MSG_BT(result == 0, "smack_set_label_for_self("
<< ss.str().c_str() << ") failed");
}
close(fd);
close(sock);
free(smack_label);
- RUNNER_ASSERT_MSG(0, "smack_new_label_from_self() failed");
+ RUNNER_ASSERT_MSG_BT(0, "smack_new_label_from_self() failed");
}
result = write(fd, smack_label, strlen(smack_label));
if (result != (int)strlen(smack_label)) {
close(fd);
close(sock);
free(smack_label);
- RUNNER_ASSERT_MSG(0, "write() failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(0, "write() failed: " << strerror(errno));
}
close(fd);
free(smack_label);
unlink(SOCK_PATH);
pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
+ RUNNER_ASSERT_MSG_BT(pid >= 0, "Fork failed");
smack_set_random_label_based_on_pid_on_self();
/* Set the process label before creating a socket */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno));
result = bind(sock,
(struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
if (result != 0) {
close(sock);
- RUNNER_ASSERT_MSG(0, "bind failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(0, "bind failed: " << strerror(errno));
}
result = listen(sock, 1);
if (result != 0) {
close(sock);
- RUNNER_ASSERT_MSG(0, "listen failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(0, "listen failed: " << strerror(errno));
}
smack_unix_sock_server(sock);
smack_unix_sock_server(sock);
pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
+ RUNNER_ASSERT_MSG_BT(pid >= 0, "Fork failed");
/* Now running two concurrent servers.
Test if socket label was unaffected by fork() */
smack_unix_sock_server(sock);
char *smack_label2;
sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_MSG(sock >= 0,
+ RUNNER_ASSERT_MSG_BT(sock >= 0,
"socket failed: " << strerror(errno));
result = connect(sock,
(struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
if (result != 0) {
close(sock);
- RUNNER_ASSERT_MSG(0, "connect failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(0, "connect failed: " << strerror(errno));
}
alarm(2);
alarm(0);
if (result < 0) {
close(sock);
- RUNNER_ASSERT_MSG(0, "read failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(0, "read failed: " << strerror(errno));
}
smack_label1[result] = '\0';
smack_label2 = perm_app_id_from_socket(sock);
if (smack_label2 == NULL) {
close(sock);
- RUNNER_ASSERT_MSG(0, "perm_app_id_from_socket failed");
+ RUNNER_ASSERT_MSG_BT(0, "perm_app_id_from_socket failed");
}
result = strcmp(smack_label1, smack_label2);
if (result != 0) {
close(sock);
- RUNNER_ASSERT_MSG(0, "smack labels differ: '" << smack_label1
+ RUNNER_ASSERT_MSG_BT(0, "smack labels differ: '" << smack_label1
<< "' != '" << smack_label2 << "-" << random() << "'");
}
close(sock);
DB_BEGIN
- RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1));
+ RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1));
DB_END
- RUNNER_ASSERT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS));
+ RUNNER_ASSERT_BT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS));
labelPtr.reset(label);
label = NULL;
- RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label1));
+ RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label1));
DB_BEGIN
- RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2));
+ RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2));
DB_END
- RUNNER_ASSERT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC));
+ RUNNER_ASSERT_BT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC));
labelPtr.reset(label);
label = NULL;
- RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label2));
+ RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label2));
- RUNNER_ASSERT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC));
+ RUNNER_ASSERT_BT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC));
labelPtr.reset(label);
label = NULL;
- RUNNER_ASSERT(labelPtr.get() == NULL);
+ RUNNER_ASSERT_BT(labelPtr.get() == NULL);
}
RUNNER_TEST_SMACK(privilege_control17_appsettings_privilege)
DB_BEGIN
result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
" Error in perm_app_uninstall." << result);
result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
" Error in perm_app_install." << result);
DB_END
result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
" Unable to clean up Smack labels in " << TEST_APP_DIR);
result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
" Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
DB_BEGIN
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, PATH_TYPE);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
" perm_app_setup_path() failed");
DB_END
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
" Unable to check Smack labels for non-app dir");
DB_BEGIN
result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
" Error in perm_app_uninstall." << result);
DB_END
std::string nptargetlabel = std::string(APP_NPRUNTIME) + ".npruntime";
char *label = NULL;
+ restore_original_additional_rules();
+
DB_BEGIN
result = perm_app_uninstall(APP_NPRUNTIME);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
result = perm_app_install(APP_NPRUNTIME);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install. " << result);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_install. " << result);
result = perm_app_setup_path(APP_NPRUNTIME, APP_NPRUNTIME_FILE, PERM_APP_PATH_NPRUNTIME);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. " << result);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. " << result);
DB_END
- RUNNER_ASSERT(0 == smack_lgetlabel(APP_NPRUNTIME_FILE, &label, SMACK_LABEL_EXEC));
+ RUNNER_ASSERT_BT(0 == smack_lgetlabel(APP_NPRUNTIME_FILE, &label, SMACK_LABEL_EXEC));
labelPtr.reset(label);
label = NULL;
- RUNNER_ASSERT(0 == strcmp(labelPtr.get(), nptargetlabel.c_str()));
+ RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), nptargetlabel.c_str()));
// Rules to test
const std::vector< std::vector<std::string> > np_rules = {
// Test smack accesses
result = test_have_all_accesses(np_rules);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Not all permissions added.");
DB_BEGIN
result = perm_app_uninstall(APP_NPRUNTIME);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
DB_END
}
RUNNER_IGNORED_MSG("early rules are not implemented");
int result;
- int fd = -1;
int pass_1 = 0;
int pass_2 = 0;
char *single_line_format = NULL;
char rule_add[SMACK_ACC_LEN + 1] = {0};
char rule_remove[SMACK_ACC_LEN + 1] = {0};
- unlink(SMACK_RULES_DIR APP_ID);
-
DB_BEGIN
perm_app_uninstall(APP_ID);
result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
result = perm_app_install(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
DB_END
- // checking if file really exists
- fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
- close(fd);
- RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno));
- fd = -1;
+ TestLibPrivilegeControlDatabase db_test;
+ db_test.test_db_after__perm_app_install(APP_ID);
+ db_test.test_db_after__perm_app_install(APP_TEST_APP_1);
DB_BEGIN
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm, 1);
- RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
- result = perm_app_enable_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm, 1);
- RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
+ result = perm_app_setup_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm);
+ RUNNER_ASSERT_MSG_BT(result == 0, "app_register_permissions failed: " << result);
+ result = perm_app_setup_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm);
+ RUNNER_ASSERT_MSG_BT(result == 0, "app_register_permissions failed: " << result);
DB_END
file = fopen(SMACK_STARTUP_RULES_FILE, "r");
- RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
result = asprintf(&single_line_format, "%%%ds %%%ds %%%ds %%%ds\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN, SMACK_ACC_LEN, SMACK_ACC_LEN);
fclose(file);
file = NULL;
- RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
- RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
+ RUNNER_ASSERT_MSG_BT(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
+ RUNNER_ASSERT_MSG_BT(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
// Checking if "early rule" for APP_ID was really removed
// We also should make sure that "early rules" for other apps wasn't removed
DB_BEGIN
result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
DB_END
pass_1 = 1;
pass_2 = 0;
file = fopen(SMACK_STARTUP_RULES_FILE, "r");
- RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
fclose(file);
file = NULL;
- RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
- RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
+ RUNNER_ASSERT_MSG_BT(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
+ RUNNER_ASSERT_MSG_BT(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
// Removing and checking "early rule" for APP_TEST_APP_1
DB_BEGIN
result = perm_app_uninstall(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
DB_END
pass_1 = 1;
pass_2 = 1;
file = fopen(SMACK_STARTUP_RULES_FILE, "r");
- RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
free(single_line_format);
fclose(file);
- RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
- RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");
+ RUNNER_ASSERT_MSG_BT(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
+ RUNNER_ASSERT_MSG_BT(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");
}
/**
struct stat filestat;
result = stat(filename, &filestat);
- RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to get file statistics. Result: "
+ RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to get file statistics. Result: "
<< result << ", error: " << strerror(errno) << ", file: " << filename);
if(S_ISREG(filestat.st_mode)) {
result = unlink(filename);
- RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to unlink file. Result: "
+ RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to unlink file. Result: "
<< result << ", error: " << strerror(errno) << ", file: " << filename);
} else if(S_ISDIR(filestat.st_mode)) {
result = rmdir(filename);
- RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to remove dir. Result: "
+ RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to remove dir. Result: "
<< result << ", error: " << strerror(errno) << ", file: " << filename);
}
int result = -1;
result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP);
- RUNNER_ASSERT_MSG(result == 0, "Can't create dir for tests. Result: " << result <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Can't create dir for tests. Result: " << result <<
", error: " << strerror(errno) << ", app_path_type: " << app_path_type);
DB_BEGIN
result = perm_app_revoke_permissions(pkg_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
<< result << ", app_path_type: " << app_path_type);
result = perm_app_uninstall(pkg_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
<< result << ", app_path_type: " << app_path_type);
result = perm_app_install(pkg_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
<< result << ", app_path_type: " << app_path_type);
result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
<< result << ", app_path_type: " << app_path_type);
DB_END
DB_BEGIN
result = perm_app_revoke_permissions(av_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
<< result << ", av_type: " << av_type);
result = perm_app_uninstall(av_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
<< result << ", av_type: " << av_type);
result = perm_app_install(av_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
<< result << ", av_type: " << av_type);
- result = perm_app_enable_permissions(av_id, av_type, PRIVS_AV, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "enable_permissions failed. Result: "
+ result = perm_app_setup_permissions(av_id, av_type, PRIVS_AV);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "register_permissions failed. Result: "
<< result << ", av_type: " << av_type);
DB_END
//clean before test
result = nftw(APP_TEST_APP_1_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
+ RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
", error " << strerror(errno));
result = nftw(APP_TEST_APP_2_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
+ RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
", error " << strerror(errno));
result = nftw(APP_TEST_APP_3_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
+ RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
", error " << strerror(errno));
InstallApp(APP_TEST_APP_1, APP_TEST_APP_1_DIR, app_path_type, APP_TEST_APP_1_SHARED_LABEL);
//get labels
result = smack_lgetlabel(APP_TEST_APP_1_DIR, &tmp, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
+ RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
<< ", av_type: " << av_type << ", app_path_type: " << app_path_type);
std::string label1(tmp);
free(tmp);
result = smack_lgetlabel(APP_TEST_APP_2_DIR, &tmp, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
+ RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
<< ", av_type: " << av_type << ", app_path_type: " << app_path_type);
std::string label2(tmp);
free(tmp);
result = smack_lgetlabel(APP_TEST_APP_3_DIR, &tmp, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result
+ RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
<< ", av_type: " << av_type << ", app_path_type: " << app_path_type);
std::string label3(tmp);
free(tmp);
if(app_path_type == APP_PATH_GROUP_RW)
{
result = label1.compare(APP_TEST_APP_1_SHARED_LABEL);
- RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
", av_type: " << av_type << ", app_path_type: " << app_path_type);
result = label2.compare(APP_TEST_APP_2_SHARED_LABEL);
- RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
", av_type: " << av_type << ", app_path_type: " << app_path_type);
result = label3.compare(APP_TEST_APP_3_SHARED_LABEL);
- RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 <<
+ RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
", av_type: " << av_type << ", app_path_type: " << app_path_type);
}
CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_PUBLIC_RO);
CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_PUBLIC_RO);
}
+
+RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
+ int POSITIVE_ERROR_CODE = 1;
+ int NONEXISTING_ERROR_CODE = -239042;
+ const char *result;
+
+ for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
+ RUNNER_ASSERT_MSG_BT(strcmp(perm_strerror(*itr), "Unknown error") != 0,
+ "Returned invalid error code description.");
+ }
+
+ result = perm_strerror(POSITIVE_ERROR_CODE);
+ RUNNER_ASSERT_MSG_BT(strcmp(result, "Unknown error") == 0,
+ "Bad message returned for invalid error code: \"" << result << "\"");
+
+ result = perm_strerror(NONEXISTING_ERROR_CODE);
+ RUNNER_ASSERT_MSG_BT(strcmp(result, "Unknown error") == 0,
+ "Bad message returned for invalid error code: \"" << result << "\"");
+}
+
+RUNNER_TEST(privilege_control27_perm_app_get_privileges_empty)
+{
+ char** pp_privileges = NULL;
+ int result;
+ CStringListPtr privileges;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << perm_strerror(result));
+
+ result = perm_app_install(APP_ID);
+
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << perm_strerror(result));
+
+ DB_END
+
+ result = perm_app_get_permissions(APP_ID, PERM_APP_TYPE_WGT, &pp_privileges);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_get_permissions failed: " << perm_strerror(result));
+ privileges.reset(pp_privileges);
+
+ RUNNER_ASSERT_MSG_BT(pp_privileges != NULL,
+ "perm_app_get_permissions failed to set pointer to cstring array");
+ RUNNER_ASSERT_MSG_BT(*pp_privileges == NULL,
+ "perm_app_get_permissions found permissions when not supposed to");
+}
+
+RUNNER_TEST(privilege_control27_perm_app_get_privileges)
+{
+ char** pp_privileges = NULL;
+ int result;
+ size_t i;
+ CStringListPtr privileges;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_ID);
+
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << perm_strerror(result));
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << perm_strerror(result));
+
+ result = perm_app_setup_permissions(APP_ID, PERM_APP_TYPE_WGT, PRIVS);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_register_permissions failed: " << perm_strerror(result));
+
+ result = perm_app_setup_permissions(APP_ID, PERM_APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_register_permissions failed: " << perm_strerror(result));
+
+ result = perm_app_disable_permissions(APP_ID, PERM_APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_disable_permissions failed: " << perm_strerror(result));
+ DB_END
+
+ result = perm_app_get_permissions(APP_ID, PERM_APP_TYPE_WGT, &pp_privileges);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_get_permissions returned " << result << ": " << perm_strerror(result));
+ privileges.reset(pp_privileges);
+
+ for(i = 0; pp_privileges[i] != NULL; ++i) {
+ RUNNER_ASSERT_MSG_BT(PRIVS[i] != NULL,
+ "perm_app_get_permissions returned too many permissions");
+ RUNNER_ASSERT_MSG_BT(strcmp(pp_privileges[i], PRIVS[i]) == 0,
+ "perm_app_get_permissions returned wrong permission, " << pp_privileges[i] <<
+ " != " << PRIVS[i]);
+ }
+ RUNNER_ASSERT_MSG_BT(PRIVS[i] == NULL,
+ "perm_app_get_permissions returned too few enabled permissions");
+}
+
+RUNNER_TEST(privilege_control28_perm_app_get_paths_empty)
+{
+ char **pp_paths = NULL;
+ int result;
+ CStringListPtr paths;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << perm_strerror(result));
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " <<
+ perm_strerror(result));
+
+ DB_END
+
+ result = perm_app_get_paths(APP_ID, PERM_APP_PATH_PUBLIC, &pp_paths);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_get_paths failed: " <<
+ perm_strerror(result));
+ paths.reset(pp_paths);
+
+ RUNNER_ASSERT_MSG_BT(pp_paths != NULL,
+ "perm_app_get_paths failed to set pointer to cstring array");
+ RUNNER_ASSERT_MSG_BT(*pp_paths == NULL, "perm_app_get_paths found paths when not supposed to");
+}
+
+RUNNER_TEST(privilege_control28_perm_app_get_paths)
+{
+ char **pp_paths = NULL;
+ int result;
+ size_t i;
+ size_t DIR_NUM = 3;
+ CStringListPtr paths;
+ std::vector<Directory> test_paths;
+
+ for (i = 0; i < DIR_NUM; ++i) {
+ test_paths.push_back(Directory("/tmp/dir" + std::to_string(i), 0));
+ RUNNER_ASSERT_MSG_BT(test_paths[i].isCreated(), "failed to create a directory " <<
+ test_paths[i].path() << ": " << strerror(test_paths[i].errorCode()));
+ }
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed: " <<
+ perm_strerror(result));
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " <<
+ perm_strerror(result));
+
+ for (auto itr = test_paths.begin(); itr != test_paths.end(); ++itr) {
+ result = perm_app_setup_path(APP_ID, itr->path().c_str(), PERM_APP_PATH_PUBLIC);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path failed: " << perm_strerror(result));
+ }
+
+ DB_END
+
+ result = perm_app_get_paths(APP_ID, PERM_APP_PATH_PUBLIC, &pp_paths);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_get_paths failed: " <<
+ perm_strerror(result));
+ paths.reset(pp_paths);
+
+ for(i = 0; pp_paths[i] != NULL; ++i) {
+ RUNNER_ASSERT_MSG_BT(i < test_paths.size(), "perm_app_get_paths returned too many paths");
+ RUNNER_ASSERT_MSG_BT(test_paths[i].path() == pp_paths[i],
+ "perm_app_get_paths returned unexpected path, " << pp_paths[i] << " != " <<
+ test_paths[i].path());
+ }
+ RUNNER_ASSERT_MSG_BT(i == test_paths.size(), "perm_app_get_paths returned too few paths");
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed: " <<
+ perm_strerror(result));
+
+ DB_END
+}
projects / platform / core / test / security-tests.git / blobdiff