* @file test_cases.cpp
* @author Jan Olszak (j.olszak@samsung.com)
* @author Rafal Krypa (r.krypa@samsung.com)
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
* @version 1.0
- * @brief libprivilege-control test runer
+ * @brief libprivilege-control test runner
*/
#include <string>
-#include <stdio.h>
-#include <fcntl.h>
-#include <stdio.h>
#include <vector>
-#include <errno.h>
#include <memory>
-#include <ftw.h>
+#include <fstream>
+#include <sstream>
+
+#include <fcntl.h>
+#include <errno.h>
#include <unistd.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/log/log.h>
+
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/mman.h>
-#include <sys/xattr.h>
-#include <sys/smack.h>
-#include <sys/types.h>
+
#include <sys/socket.h>
#include <sys/un.h>
-#include <sys/wait.h>
+#include <sys/smack.h>
+
#include <privilege-control.h>
-#include <fstream>
-#include <sstream>
-#include <sys/stat.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <dpl/log/log.h>
#include <tests_common.h>
+#include <libprivilege-control_test_common.h>
+#include "common/duplicates.h"
+#include "common/db.h"
-#define SMACK_RULES_DIR "/opt/etc/smack-app/accesses.d/"
#define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules"
-#define SMACK_LOAD2 "/smack/load2"
-#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
-#define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
-#define APPID_DIR "test_APP_ID_dir"
-#define APPID_SHARED_DIR "test_APP_ID_shared_dir"
-#define CANARY_LABEL "tiny_yellow_canary"
-
-#define APP_ID "test_APP"
-#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
-#define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
-
-#define WGT_APP_ID "QwCqJ0ttyS"
-#define WGT_PARTNER_APP_ID "7btsV1Y0sX"
-#define WGT_PLATFORM_APP_ID "G4DE3U2vmW"
-#define WGT_APP_PATH "/opt/usr/apps/QwCqJ0ttyS/bin/QwCqJ0ttyS.TestMisiuPysiu123"
-#define WGT_PARTNER_APP_PATH "/opt/usr/apps/7btsV1Y0sX/bin/7btsV1Y0sX.MisiuPysiu123Partner"
-#define WGT_PLATFORM_APP_PATH "/opt/usr/apps/G4DE3U2vmW/bin/G4DE3U2vmW.MisiuPysiu123Platform"
-#define OSP_APP_ID "uqNfgEjqc7"
-#define OSP_PARTNER_APP_ID "j4RuPsZrNt"
-#define OSP_PLATFORM_APP_ID "V5LKqDFBXm"
-#define OSP_APP_PATH "/opt/usr/apps/uqNfgEjqc7/bin/PysiuMisiu123Osp"
-#define OSP_PARTNER_APP_PATH "/opt/usr/apps/j4RuPsZrNt/bin/PysiuMisiu123OspPartner"
-#define OSP_PLATFORM_APP_PATH "/opt/usr/apps/V5LKqDFBXm/bin/PysiuMisiu123OspPlatform"
+
#define EARLY_RULE_SUBJECT "livebox.web-provider"
#define EARLY_RULE_RIGHTS "rwx---"
-const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
-const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
-const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
-const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
-const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
-const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
-const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
-
-#define LIBPRIVILEGE_APP_GROUP_LIST "/usr/share/privilege-control/app_group_list"
-#define LIBPRIVILEGE_TEST_DAC_FILE "/usr/share/privilege-control/test_privilege_control_rules.dac"
-#define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac"
-#define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac"
-
-#define APP_TEST_APP_1 "test-application1"
-#define APP_TEST_APP_2 "test-application_2"
-#define APP_TEST_APP_3 "test-app-3"
-#define APP_TEST_AV_1 "test-antivirus1"
-#define APP_TEST_AV_2 "test-antivirus_2"
-#define APP_TEST_AV_3 "test-av-3"
-
-#define SMACK_APPS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_apps_id.db"
-#define SMACK_AVS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_avs_id.db"
-#define SMACK_PUBLIC_DIRS_DATABASE "/opt/dbspace/.privilege_control_public_dirs.db"
-#define SMACK_APPS_SETTINGS_LABELS_DATABASE "/opt/dbspace/.privilege_control_app_setting.db"
-#define SMACK_SETTINGS_DIRS_DATABASE "/opt/dbspace/.privilege_control_setting_dir.db"
-
-#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1"
-#define APP_TEST_SETTINGS_ASP2 "test-app-settings-asp2"
-#define APP_TEST_AV_ASP1 "test-app-av-asp1"
-#define APP_TEST_AV_ASP2 "test-app-av-asp2"
-
-#define SOCK_PATH "/tmp/test-smack-socket"
-
-#define APP_GID 5000
-#define APP_UID 5000
-#define APP_USER_NAME "app"
-#define APP_HOME_DIR "/opt/home/app"
-
-#define APP_FRIEND_1 "app_friend_1"
-#define APP_FRIEND_2 "app_friend_2"
-
#define SMACK_ACC_LEN 6
-// How many open file descriptors should ftw() function use?
-#define FTW_MAX_FDS 16
-
-// ---- Macros and arrays used in stress tests ----
-#define TEST_OSP_FEATURE_APP_ID "test-osp-feature-app"
-#define TEST_WGT_FEATURE_APP_ID "test-wgt-feature-app"
-#define TEST_OSP_FEATURE "http://test-feature/osp_rxl"
-#define TEST_WGT_FEATURE "http://test-feature/wgt_rwx"
-// OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also!
-const char *FILE_PATH_TEST_OSP_FEATURE = "/usr/share/privilege-control/OSP_test-feature.osp_rxl.smack";
-const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl",
- "~APP~ " TEST_WGT_FEATURE_APP_ID " rl",
- NULL };
-const char *TEST_OSP_FEATURE_PRIVS[] = { TEST_OSP_FEATURE, NULL };
-// WGT Api Feature Test data - rwx access only to WGT app
-const char *FILE_PATH_TEST_WGT_FEATURE = "/usr/share/privilege-control/WRT_test-feature.wgt_rwx.smack";
-const char *test_wgt_feature_rule_set[] = { "~APP~ " TEST_WGT_FEATURE_APP_ID " rwx",
- NULL };
-const char *TEST_WGT_FEATURE_PRIVS[] = { TEST_WGT_FEATURE, NULL };
-
-const std::vector< std::vector<std::string> > rules_to_test_any_access1 = {
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "r" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "w" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "x" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "a" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "t" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "l" }
-};
-
-const std::vector< std::vector<std::string> > rules_to_test_any_access2 = {
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "r" },
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "x" },
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "l" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "r" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "w" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "x" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "l" }
-};
-
-#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \
- (const std::vector< std::vector<std::string> >) { \
- { sub, obj, "r" }, \
- { sub, obj, "w" }, \
- { sub, obj, "x" }, \
- { sub, obj, "a" }, \
- { sub, obj, "t" }, \
- { sub, obj, "l" } }
-
-// Rules from test_privilege_control_rules.smack
-const std::vector< std::vector<std::string> > rules = {
- { APP_ID, "test_book_1", "r" },
- { APP_ID, "test_book_2", "w" },
- { APP_ID, "test_book_3", "x" },
- { APP_ID, "test_book_4", "rw" },
- { APP_ID, "test_book_5", "rx" },
- { APP_ID, "test_book_6", "wx" },
- { APP_ID, "test_book_7", "rwx" },
- { "test_subject_1", APP_ID, "r" },
- { "test_subject_2", APP_ID, "w" },
- { "test_subject_3", APP_ID, "x" },
- { "test_subject_4", APP_ID, "rw" },
- { "test_subject_5", APP_ID, "rx" },
- { "test_subject_6", APP_ID, "wx" },
- { "test_subject_7", APP_ID, "rwx" },
- { APP_ID, APPID_SHARED_DIR, "rwxat"}
-};
-
-// Rules from test_privilege_control_rules2.smack
-const std::vector< std::vector<std::string> > rules2 = {
- { APP_ID, "test_book_8", "r" },
- { APP_ID, "test_book_9", "w" },
- { APP_ID, "test_book_10", "x" },
- { APP_ID, "test_book_11", "rw" },
- { APP_ID, "test_book_12", "rx" },
- { APP_ID, "test_book_13", "wx" },
- { APP_ID, "test_book_14", "rwx" },
- { APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", APP_ID, "r" },
- { "test_subject_9", APP_ID, "w" },
- { "test_subject_10", APP_ID, "x" },
- { "test_subject_11", APP_ID, "rw" },
- { "test_subject_12", APP_ID, "rx" },
- { "test_subject_13", APP_ID, "wx" },
- { "test_subject_14", APP_ID, "rwx" },
- { "test_subject_15", APP_ID, "rwxat" }
-};
-
-// Rules from test_privilege_control_rules_no_r.smack
-const std::vector< std::vector<std::string> > rules2_no_r = {
- { APP_ID, "test_book_9", "w" },
- { APP_ID, "test_book_10", "x" },
- { APP_ID, "test_book_11", "w" },
- { APP_ID, "test_book_12", "x" },
- { APP_ID, "test_book_13", "wx" },
- { APP_ID, "test_book_14", "wx" },
- { APP_ID, "test_book_15", "wxat" },
- { "test_subject_9", APP_ID, "w" },
- { "test_subject_10", APP_ID, "x" },
- { "test_subject_11", APP_ID, "w" },
- { "test_subject_12", APP_ID, "x" },
- { "test_subject_13", APP_ID, "wx" },
- { "test_subject_14", APP_ID, "wx" },
- { "test_subject_15", APP_ID, "wxat" }
-};
-
-// Rules from test_privilege_control_rules.smack
-// minus test_privilege_control_rules_no_r.smack
-const std::vector< std::vector<std::string> > rules2_r = {
- { APP_ID, "test_book_8", "r" },
- { APP_ID, "test_book_11", "r" },
- { APP_ID, "test_book_12", "r" },
- { APP_ID, "test_book_14", "r" },
- { APP_ID, "test_book_15", "r" },
- { "test_subject_8", APP_ID, "r" },
- { "test_subject_11", APP_ID, "r" },
- { "test_subject_12", APP_ID, "r" },
- { "test_subject_14", APP_ID, "r" },
- { "test_subject_15", APP_ID, "r" }
-};
-
-// Rules from test_privilege_control_rules_wgt.smack for wgt
-const std::vector< std::vector<std::string> > rules_wgt = {
- { WGT_APP_ID, "test_book_8", "r" },
- { WGT_APP_ID, "test_book_9", "w" },
- { WGT_APP_ID, "test_book_10", "x" },
- { WGT_APP_ID, "test_book_11", "rw" },
- { WGT_APP_ID, "test_book_12", "rx" },
- { WGT_APP_ID, "test_book_13", "wx" },
- { WGT_APP_ID, "test_book_14", "rwx" },
- { WGT_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", WGT_APP_ID, "r" },
- { "test_subject_9", WGT_APP_ID, "w" },
- { "test_subject_10", WGT_APP_ID, "x" },
- { "test_subject_11", WGT_APP_ID, "rw" },
- { "test_subject_12", WGT_APP_ID, "rx" },
- { "test_subject_13", WGT_APP_ID, "wx" },
- { "test_subject_14", WGT_APP_ID, "rwx" },
- { "test_subject_15", WGT_APP_ID, "rwxat" }
-};
-
-// Rules from test_privilege_control_rules_wgt.smack for wgt_partner
-const std::vector< std::vector<std::string> > rules_wgt_partner = {
- { WGT_PARTNER_APP_ID, "test_book_8", "r" },
- { WGT_PARTNER_APP_ID, "test_book_9", "w" },
- { WGT_PARTNER_APP_ID, "test_book_10", "x" },
- { WGT_PARTNER_APP_ID, "test_book_11", "rw" },
- { WGT_PARTNER_APP_ID, "test_book_12", "rx" },
- { WGT_PARTNER_APP_ID, "test_book_13", "wx" },
- { WGT_PARTNER_APP_ID, "test_book_14", "rwx" },
- { WGT_PARTNER_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", WGT_PARTNER_APP_ID, "r" },
- { "test_subject_9", WGT_PARTNER_APP_ID, "w" },
- { "test_subject_10", WGT_PARTNER_APP_ID, "x" },
- { "test_subject_11", WGT_PARTNER_APP_ID, "rw" },
- { "test_subject_12", WGT_PARTNER_APP_ID, "rx" },
- { "test_subject_13", WGT_PARTNER_APP_ID, "wx" },
- { "test_subject_14", WGT_PARTNER_APP_ID, "rwx" },
- { "test_subject_15", WGT_PARTNER_APP_ID, "rwxat" }
-};
-
-// Rules from test_privilege_control_rules_wgt.smack for wgt_platform
-const std::vector< std::vector<std::string> > rules_wgt_platform = {
- { WGT_PLATFORM_APP_ID, "test_book_8", "r" },
- { WGT_PLATFORM_APP_ID, "test_book_9", "w" },
- { WGT_PLATFORM_APP_ID, "test_book_10", "x" },
- { WGT_PLATFORM_APP_ID, "test_book_11", "rw" },
- { WGT_PLATFORM_APP_ID, "test_book_12", "rx" },
- { WGT_PLATFORM_APP_ID, "test_book_13", "wx" },
- { WGT_PLATFORM_APP_ID, "test_book_14", "rwx" },
- { WGT_PLATFORM_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", WGT_PLATFORM_APP_ID, "r" },
- { "test_subject_9", WGT_PLATFORM_APP_ID, "w" },
- { "test_subject_10", WGT_PLATFORM_APP_ID, "x" },
- { "test_subject_11", WGT_PLATFORM_APP_ID, "rw" },
- { "test_subject_12", WGT_PLATFORM_APP_ID, "rx" },
- { "test_subject_13", WGT_PLATFORM_APP_ID, "wx" },
- { "test_subject_14", WGT_PLATFORM_APP_ID, "rwx" },
- { "test_subject_15", WGT_PLATFORM_APP_ID, "rwxat" }
-};
-
-// Rules from test_privilege_control_rules_osp.smack for osp
-const std::vector< std::vector<std::string> > rules_osp = {
- { OSP_APP_ID, "test_book_8", "r" },
- { OSP_APP_ID, "test_book_9", "w" },
- { OSP_APP_ID, "test_book_10", "x" },
- { OSP_APP_ID, "test_book_11", "rw" },
- { OSP_APP_ID, "test_book_12", "rx" },
- { OSP_APP_ID, "test_book_13", "wx" },
- { OSP_APP_ID, "test_book_14", "rwx" },
- { OSP_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", OSP_APP_ID, "r" },
- { "test_subject_9", OSP_APP_ID, "w" },
- { "test_subject_10", OSP_APP_ID, "x" },
- { "test_subject_11", OSP_APP_ID, "rw" },
- { "test_subject_12", OSP_APP_ID, "rx" },
- { "test_subject_13", OSP_APP_ID, "wx" },
- { "test_subject_14", OSP_APP_ID, "rwx" },
- { "test_subject_15", OSP_APP_ID, "rwxat" }
-};
-
-// Rules from test_privilege_control_rules_osp.smack for osp_partner
-const std::vector< std::vector<std::string> > rules_osp_partner = {
- { OSP_PARTNER_APP_ID, "test_book_8", "r" },
- { OSP_PARTNER_APP_ID, "test_book_9", "w" },
- { OSP_PARTNER_APP_ID, "test_book_10", "x" },
- { OSP_PARTNER_APP_ID, "test_book_11", "rw" },
- { OSP_PARTNER_APP_ID, "test_book_12", "rx" },
- { OSP_PARTNER_APP_ID, "test_book_13", "wx" },
- { OSP_PARTNER_APP_ID, "test_book_14", "rwx" },
- { OSP_PARTNER_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", OSP_PARTNER_APP_ID, "r" },
- { "test_subject_9", OSP_PARTNER_APP_ID, "w" },
- { "test_subject_10", OSP_PARTNER_APP_ID, "x" },
- { "test_subject_11", OSP_PARTNER_APP_ID, "rw" },
- { "test_subject_12", OSP_PARTNER_APP_ID, "rx" },
- { "test_subject_13", OSP_PARTNER_APP_ID, "wx" },
- { "test_subject_14", OSP_PARTNER_APP_ID, "rwx" },
- { "test_subject_15", OSP_PARTNER_APP_ID, "rwxat" }
-};
-
-// Rules from test_privilege_control_rules_osp.smack for osp_platform
-const std::vector< std::vector<std::string> > rules_osp_platform = {
- { OSP_PLATFORM_APP_ID, "test_book_8", "r" },
- { OSP_PLATFORM_APP_ID, "test_book_9", "w" },
- { OSP_PLATFORM_APP_ID, "test_book_10", "x" },
- { OSP_PLATFORM_APP_ID, "test_book_11", "rw" },
- { OSP_PLATFORM_APP_ID, "test_book_12", "rx" },
- { OSP_PLATFORM_APP_ID, "test_book_13", "wx" },
- { OSP_PLATFORM_APP_ID, "test_book_14", "rwx" },
- { OSP_PLATFORM_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", OSP_PLATFORM_APP_ID, "r" },
- { "test_subject_9", OSP_PLATFORM_APP_ID, "w" },
- { "test_subject_10", OSP_PLATFORM_APP_ID, "x" },
- { "test_subject_11", OSP_PLATFORM_APP_ID, "rw" },
- { "test_subject_12", OSP_PLATFORM_APP_ID, "rx" },
- { "test_subject_13", OSP_PLATFORM_APP_ID, "wx" },
- { "test_subject_14", OSP_PLATFORM_APP_ID, "rwx" },
- { "test_subject_15", OSP_PLATFORM_APP_ID, "rwxat" }
+// Error codes for test_libprivilege_strerror
+const std::vector<int> error_codes {
+ PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
+ PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
+ PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
+ PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
};
namespace {
-typedef std::unique_ptr<smack_accesses,std::function<void (smack_accesses*)> > SmackUniquePtr;
-
-void closefdptr(int* fd) { close(*fd); }
-typedef std::unique_ptr<int, std::function<void (int*)> > FDUniquePtr;
-
-const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
-const char *WRT_BLAHBLAH = "/usr/share/privilege-control/WGT_blahblah.smack";
-const char *OTHER_BLAHBLAH = "/usr/share/privilege-control/blahblah.smack";
-const char *OSP_BLAHBLAH_DAC = "/usr/share/privilege-control/OSP_feature.blah.blahblah.dac";
-const char *WRT_BLAHBLAH_DAC = "/usr/share/privilege-control/WGT_blahblah.dac";
-const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
-const char *BLAHBLAH_FEATURE = "http://feature/blah/blahblah";
-
-//correct and incorrect PID used in incorrect params test
-const pid_t PID_CORRECT = 0;
-const pid_t PID_INCORRECT = -1;
-
-/**
- * Check if every rule is true.
- * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't
- */
-int test_have_all_accesses(const std::vector< std::vector<std::string> > &rules)
-{
- int result;
- for (uint i = 0; i < rules.size(); ++i) {
- result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result != 1)
- return result;
- }
- return 1;
-}
-/**
- * Check if every rule is true.
- * @return 1 if ANY rule in SMACK, 0 if
- */
-int test_have_any_accesses(const std::vector< std::vector<std::string> > &rules)
+std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
{
- int result;
- for (uint i = 0; i < rules.size(); ++i) {
- result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result == 1)
- return 1;
+ std::vector<std::string> names;
+ for(size_t i = 0; i < size; ++i) {
+ names.push_back(prefix + "_" + std::to_string(i) + suffix);
}
- return 0;
-}
-
-int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, NULL, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, NULL, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
-int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, NULL, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
-int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- char *label;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, label);
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
+ return names;
}
-int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- char *label;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
- result = strcmp(APPID_DIR, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
- RUNNER_ASSERT_MSG(label != NULL, "EXEC label on " << fpath << " is not set");
- result = strcmp(APPID_DIR, label);
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
- } else if (S_ISLNK(sb->st_mode)) {
- struct stat buf;
- char *target = realpath(fpath, NULL);
- RUNNER_ASSERT_MSG(0 == stat(target, &buf),"Stat failed for " << fpath);
- free(target);
- if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
- RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
- } else {
- RUNNER_ASSERT_MSG(label != NULL, "EXEC label on " << fpath << " is not set");
- result = strcmp(APPID_DIR, label);
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
- }
- } else
- RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
+const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
+const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
+const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
+const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
+const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
+const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
+const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb,
int /*typeflag*/, struct FTW* /*ftwbuf*/)
/* ACCESS */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set");
result = strcmp(APPID_SHARED_DIR, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
+ RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect");
- result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- "Error rwxat access was not given shared dir. Subject: " <<
+ result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
+ RUNNER_ASSERT_MSG_BT(result == 1,
+ "Error rwxatl access was not given shared dir. Subject: " <<
APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
/* TRANSMUTE */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
if (S_ISDIR(sb->st_mode)) {
- RUNNER_ASSERT_MSG(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
result = strcmp("TRUE", label);
- RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "TRANSMUTE label on " << fpath << " is not set");
} else
- RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set");
return 0;
}
/* ACCESS */
result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
if (result != 0) {
free(label_gen);
- RUNNER_ASSERT_MSG(false, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(false, "Could not get label for the path");
}
if (label != NULL) {
free(label_gen);
free(label);
- RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
+ RUNNER_ASSERT_MSG_BT(false, "EXEC label on " << fpath << " is set.");
}
/* TRANSMUTE */
if (result != 0) {
free(label_gen);
free(label);
- RUNNER_ASSERT_MSG(false, "Could not get label for the path");
+ RUNNER_ASSERT_MSG_BT(false, "Could not get label for the path");
}
if (S_ISDIR(sb->st_mode)) {
if (label == NULL) {
free(label_gen);
free(label);
- RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG_BT(false, "TRANSMUTE label on " << fpath << " is not set");
}
result = strcmp("TRUE", label);
if (result != 0) {
free(label_gen);
free(label);
- RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
+ RUNNER_ASSERT_MSG_BT(false, "TRANSMUTE label on " << fpath << " is not set to TRUE");
}
} else if (label != NULL) {
free(label_gen);
free(label);
- RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG_BT(false, "TRANSMUTE label on " << fpath << " is set");
}
free(label);
if (0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)) {
free(label_gen);
- RUNNER_ASSERT_MSG(false, "asprintf failed");
+ RUNNER_ASSERT_MSG_BT(false, "asprintf failed");
}
file_db = fopen(labels_db_path, "r");
if (file_db == NULL) {
free(label_gen);
free(scanf_label_format);
- RUNNER_ASSERT_MSG(false, "Can not open database for apps");
+ RUNNER_ASSERT_MSG_BT(false, "Can not open database for apps");
}
while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
result = smack_have_access(label_temp, label_gen, access);
fclose(file_db);
free(label_gen);
free(scanf_label_format);
- RUNNER_ASSERT_MSG(false,
+ RUNNER_ASSERT_MSG_BT(false,
"Error " << access << " access was not given for subject: "
<< label_temp << ". Result: " << result);
}
if (file_db == NULL) {
free(label_gen);
free(scanf_label_format);
- RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
- }
- bool is_dir = false;
- while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
- if (strcmp(label_gen, label_temp) == 0) {
- is_dir = true;
- break;
- }
+ RUNNER_ASSERT_MSG_BT(false, "Can not open database for dirs");
}
+
free(scanf_label_format);
free(label_gen);
fclose(file_db);
- RUNNER_ASSERT_MSG(is_dir, "Error autogenerated label is not in dirs db.");
-
return 0;
}
-int nftw_check_labels_app_public_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return check_labels_dir(fpath, sb,
- SMACK_APPS_LABELS_DATABASE,
- SMACK_PUBLIC_DIRS_DATABASE, "rx");
-}
-
-int nftw_check_labels_app_settings_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return check_labels_dir(fpath, sb,
- SMACK_APPS_SETTINGS_LABELS_DATABASE,
- SMACK_SETTINGS_DIRS_DATABASE, "rwx");
-}
-
-int file_exists(const char *path)
-{
- FILE *file = fopen(path, "r");
- if (file) {
- fclose(file);
- return 0;
- }
- return -1;
-}
-
void osp_blahblah_check(int line_no, const std::vector<std::string> &rules)
{
std::ifstream smack_file(OSP_BLAHBLAH);
- RUNNER_ASSERT_MSG(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
+ RUNNER_ASSERT_MSG_BT(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH);
auto it = rules.begin();
std::string line;
while (std::getline(smack_file,line)) {
- RUNNER_ASSERT_MSG(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
- RUNNER_ASSERT_MSG(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
+ RUNNER_ASSERT_MSG_BT(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line);
+ RUNNER_ASSERT_MSG_BT(*it == line, "Line: " << line_no << " " << *it << "!=" << line);
it++;
}
- RUNNER_ASSERT_MSG(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it);
+ RUNNER_ASSERT_MSG_BT(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it);
smack_file.close();
}
-void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids)
+void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
{
- std::ifstream dac_file(OSP_BLAHBLAH_DAC);
- RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH_DAC);
+ std::ifstream dac_file(dac_file_path);
+ RUNNER_ASSERT_MSG_BT(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
auto it = gids.begin();
std::string line;
std::istringstream is(line);
unsigned gid;
is >> gid;
- RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
- RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
+ RUNNER_ASSERT_MSG_BT(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
+ RUNNER_ASSERT_MSG_BT(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
it++;
}
- RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
+ RUNNER_ASSERT_MSG_BT(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
dac_file.close();
}
unlink(OSP_BLAHBLAH);
unlink(WRT_BLAHBLAH);
unlink(OTHER_BLAHBLAH);
- unlink(OSP_BLAHBLAH_DAC);
unlink(WRT_BLAHBLAH_DAC);
unlink(OTHER_BLAHBLAH_DAC);
-}
-
-int cleaning_smack_app_files (void)
-{
- unlink(SMACK_RULES_DIR APP_TEST_APP_1);
-
- unlink(SMACK_RULES_DIR APP_TEST_APP_2);
-
- unlink(SMACK_RULES_DIR APP_TEST_APP_3);
- unlink(SMACK_RULES_DIR APP_TEST_AV_1);
+ for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
+ unlink(OSP_BLAHBLAH_DAC[i].c_str());
- unlink(SMACK_RULES_DIR APP_TEST_AV_2);
-
- unlink(SMACK_RULES_DIR APP_TEST_AV_3);
-
- return 0;
-}
-
-int cleaning_smack_database_files (void)
-{
- int fd = -1;
-
- //clean app database
- unlink(SMACK_APPS_LABELS_DATABASE);
- fd = open(SMACK_APPS_LABELS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
- if (fd == -1) {
- return -1;
- }
-
- //clean av database
- unlink(SMACK_AVS_LABELS_DATABASE);
- fd = open(SMACK_AVS_LABELS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
- if (fd == -1) {
- return -1;
- }
-
- //clean app settings database
- unlink(SMACK_APPS_SETTINGS_LABELS_DATABASE);
- fd = open(SMACK_APPS_SETTINGS_LABELS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
- if (fd == -1) {
- return -1;
- }
-
- //clean public dirs database
- unlink(SMACK_PUBLIC_DIRS_DATABASE);
- fd = open(SMACK_PUBLIC_DIRS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
- if (fd == -1) {
- return -1;
- }
-
- //clean settings dirs database
- unlink(SMACK_SETTINGS_DIRS_DATABASE);
- fd = open(SMACK_SETTINGS_DIRS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
- if (fd == -1) {
- return -1;
- }
-
- return 0;
+ for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
+ unlink(OSP_BLAHBLAH_DAC[i].c_str());
}
-void add_lables_to_db()
-{
- FILE *file_db;
-
- file_db = fopen(SMACK_AVS_LABELS_DATABASE, "a");
- RUNNER_ASSERT_MSG(file_db != NULL, "Error database file "
- << SMACK_AVS_LABELS_DATABASE << " can not be opened to apend!");
- if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP1)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP2)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- fclose(file_db);
-
- file_db = fopen(SMACK_APPS_SETTINGS_LABELS_DATABASE, "a");
- RUNNER_ASSERT_MSG(file_db != NULL, "Error database file "
- << SMACK_APPS_SETTINGS_LABELS_DATABASE << " can not be opened to apend!");
- if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP1)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP2)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- fclose(file_db);
-
- file_db = fopen(SMACK_APPS_LABELS_DATABASE, "a");
- RUNNER_ASSERT_MSG(file_db != NULL, "Error database file "
- << SMACK_APPS_LABELS_DATABASE << " can not be opened to apend!");
- if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP1)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP2)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP1)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP2)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- fclose(file_db);
-}
} // namespace
RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
int result;
result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
+
+ DB_BEGIN
result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed");
+
+ DB_END
result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for app dir");
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir");
}
RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir)
{
int result;
+ DB_BEGIN
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
- RUNNER_ASSERT_MSG(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
+ RUNNER_ASSERT_MSG_BT(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
+
+ DB_END
result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
+
+ DB_BEGIN
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed");
+
+ DB_END
result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for shared app dir");
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir");
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ DB_END
}
/**
- * Add permisions from test_privilege_control_rules template
+ * Simple enabling EFL permissions;.
*/
RUNNER_TEST_SMACK(privilege_control04_add_permissions)
{
- int result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
+ int result = 0;
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+
+ result = perm_app_setup_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " perm_app_setup_permissions failed with result: " << result);
+
+ DB_END
+
+ // Check if permission is assigned to app in db
+ check_app_has_permission(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
// Check if the accesses are realy applied..
- result = test_have_all_accesses(rules);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+ result = test_have_all_accesses(rules_efl);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
- //// File exists?
- FILE *pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ DB_BEGIN
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- int smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length > 0,
- "SMACK file empty, but privileges list was not empty.. Errno: " << errno);
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
- if (pFile != NULL)
- fclose(pFile);
+ DB_END
}
/**
* Revoke permissions from the list. Should be executed as privileged user.
*/
-RUNNER_CHILD_TEST(privilege_control06_revoke_permissions)
+RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
{
- int result;
-
- // Revoke permissions
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(WGT_PARTNER_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(WGT_PLATFORM_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- result = perm_app_revoke_permissions(OSP_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(OSP_PARTNER_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(OSP_PLATFORM_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- // Are all the permissions revoked?
- result = test_have_any_accesses(rules);
- RUNNER_ASSERT_MSG(result != 1, "Not all permisions revoked.");
- result = test_have_any_accesses(rules_wgt);
- RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
- result = test_have_any_accesses(rules_wgt_partner);
- RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
- result = test_have_any_accesses(rules_wgt_platform);
- RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
-
- result = test_have_any_accesses(rules);
- RUNNER_ASSERT_MSG(result != 1, "Not all permisions revoked.");
- result = test_have_any_accesses(rules_osp);
- RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
- result = test_have_any_accesses(rules_osp_partner);
- RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
- result = test_have_any_accesses(rules_osp_platform);
- RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
-
- FILE *pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- int smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR WGT_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR WGT_PARTNER_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR WGT_PLATFORM_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR OSP_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR OSP_PARTNER_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR OSP_PLATFORM_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
+ test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, true);
}
-static void read_gids(std::set<unsigned> &set, const char *file_path)
+/**
+ * Revoke permissions from the list. Should be executed as privileged user.
+ */
+RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt_partner)
{
- FILE *f = fopen(file_path, "r");
- RUNNER_ASSERT_MSG(f != NULL, "Unable to open file " << file_path);
- unsigned gid;
- while (fscanf(f, "%u\n", &gid) == 1) {
- set.insert(gid);
- }
+ test_revoke_permissions(__LINE__, WGT_PARTNER_APP_ID, rules_wgt_partner, true);
}
-//Functions add_shared_dir_readers and app_register_av are deprecated and
-//have no replacement. Until those functions are deleted warnings for
-//tests using those functions are supressed.
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-RUNNER_TEST_SMACK(privilege_control05_add_shared_dir_readers)
+/**
+ * Revoke permissions from the list. Should be executed as privileged user.
+ */
+RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt_platform)
{
-#define TEST_OBJ "TEST_OBJECT"
-#define TEST_OBJ_SOME_OTHER "TEST_OBJA"
-#define test_string_01 "TEST_raz TEST_OBJECT r-x--- ------"
-#define test_string_21 "TEST_trzy TEST_OBJA -wx---\n"
-#define test_string_22 "TEST_trzy TEST_OBJECT r-x--- ------\n"
-
- int result;
- int i;
- int fd = -1;
- char *path;
-
- const char *app_labels_wrong[] = {"-TEST_raz", NULL};
- const char *app_labels[] = {"TEST_raz", "TEST_dwa", "TEST_trzy", NULL};
- const int READ_BUF_SIZE = 1000;
- char buf[READ_BUF_SIZE];
- FILE *file = NULL;
- struct smack_accesses *rules = NULL;
-
- //test environment cleaning
- cleaning_smack_app_files();
- cleaning_smack_database_files();
-
- //test what happens when the label is not correct SMACK label
- result = add_shared_dir_readers(TEST_OBJ,app_labels_wrong);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "add_shared_dir_readers should fail here");
-
- result = smack_have_access(app_labels_wrong[0],TEST_OBJ,"rx");
- RUNNER_ASSERT_MSG(result != 1, "add_shared_dir_readers should not grant permission here");
-
- //ok, now the correct list of apps
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in smack_accesses_new.");
-
- for (i = 0; i < 3; i++) {
-
- result = perm_app_revoke_permissions(app_labels[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_revoke_permissions.");
- result = perm_app_uninstall(app_labels[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall.");
- result = perm_app_install(app_labels[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
-
- RUNNER_ASSERT(0 <= asprintf(&path, SMACK_RULES_DIR "/%s", app_labels[i]));
- fd = open(path, O_WRONLY, 0644);
- RUNNER_ASSERT_MSG(fd != -1, "Error in opening file " << path);
-
- if (i == 1) {
- result = smack_accesses_add(rules,app_labels[i],TEST_OBJ,"wt");
- RUNNER_ASSERT_MSG(result == 0, "smack_accesses_add failed");
- }
- if (i == 2) {
- smack_accesses_free(rules);
- result = smack_accesses_new(&rules);
- result = smack_accesses_add(rules,app_labels[i],TEST_OBJ_SOME_OTHER,"wx");
- RUNNER_ASSERT_MSG(result == 0, "smack_accesses_add failed");
- }
- result = smack_accesses_apply(rules);
- RUNNER_ASSERT_MSG(fd != -1, "smack_accesses_apply failed");
-
- result = smack_accesses_save(rules, fd);
- RUNNER_ASSERT_MSG(fd != -1, "smack_accesses_apply failed");
-
- free(path);
- close(fd);
- }
-
- smack_accesses_free(rules);
-
- // THE TEST - accesses
-
- result = add_shared_dir_readers(TEST_OBJ,app_labels);
- RUNNER_ASSERT_MSG(result == 0, "add_shared_dir_readers failed");
+ test_revoke_permissions(__LINE__, WGT_PLATFORM_APP_ID, rules_wgt_platform, true);
+}
- result = smack_have_access(app_labels[0],TEST_OBJ,"rx");
- RUNNER_ASSERT_MSG(result == 1, "add_shared_dir_readers ERROR");
+/**
+ * Revoke permissions from the list. Should be executed as privileged user.
+ */
+RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
+{
+ test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, true);
+}
- result = smack_have_access(app_labels[1],TEST_OBJ,"rx");
- RUNNER_ASSERT_MSG(result == 1, "add_shared_dir_readers ERROR");
+/**
+ * Revoke permissions from the list. Should be executed as privileged user.
+ */
+RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp_partner)
+{
+ test_revoke_permissions(__LINE__, OSP_PARTNER_APP_ID, rules_osp_partner, true);
+}
- result = smack_have_access(app_labels[2],TEST_OBJ,"rx");
- RUNNER_ASSERT_MSG(result == 1, "add_shared_dir_readers ERROR");
+/**
+ * Revoke permissions from the list. Should be executed as privileged user.
+ */
+RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp_platform)
+{
+ test_revoke_permissions(__LINE__, OSP_PLATFORM_APP_ID, rules_osp_platform, true);
+}
- result = smack_have_access(app_labels[1],TEST_OBJ,"rwxt");
- RUNNER_ASSERT_MSG(result == 1, "add_shared_dir_readers ERROR");
- result = smack_have_access(app_labels[2],TEST_OBJ_SOME_OTHER,"wx");
- RUNNER_ASSERT_MSG(result == 1, "add_shared_dir_readers ERROR");
+void set_app_privilege(int line_no,
+ const char* app_id, app_type_t APP_TYPE,
+ const char** privileges, const char* type,
+ const char* app_path, const char* dac_file,
+ const rules_t &rules) {
+ check_app_installed(line_no, app_path);
+ int result;
- //TEST the operations on empty files
+ DB_BEGIN
- RUNNER_ASSERT(0 <= asprintf(&path, SMACK_RULES_DIR "/%s", app_labels[0]));
- file = fopen(path, "r");
+ result = perm_app_uninstall(app_id);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
+ " perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
- RUNNER_ASSERT_MSG(file, "fopen failed, errno:" << errno);
+ result = perm_app_install(app_id);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
+ " perm_app_install returned " << result << ". Errno: " << strerror(errno));
- RUNNER_ASSERT(NULL != fgets(buf, READ_BUF_SIZE, file));
- result = strcmp(buf, test_string_01);
- RUNNER_ASSERT_MSG( result != 0, "add_shared_dir_readers ERROR, file not formatted" << path);
+ // TEST:
+ result = perm_app_setup_permissions(app_id, APP_TYPE, privileges);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ " Error registering app permissions. Result: " << result);
- free(path);
- fclose(file);
+ DB_END
- //TEST the operations on non empty files
- RUNNER_ASSERT(0 <= asprintf(&path, SMACK_RULES_DIR "/%s", app_labels[2]));
- file = NULL;
- file = fopen(path, "r");
- RUNNER_ASSERT_MSG(file, "fopen failed, errno:" << errno);
+ result = test_have_all_accesses(rules);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
- RUNNER_ASSERT(NULL != fgets(buf, READ_BUF_SIZE, file));
- result = strcmp(buf, test_string_21);
- RUNNER_ASSERT_MSG( result == 0, "add_shared_dir_readers ERROR, file not formatted" << path);
+ result = perm_app_set_privilege(app_id, type, app_path);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ " Error in perm_app_set_privilege. Error: " << result);
- RUNNER_ASSERT(NULL != fgets(buf, READ_BUF_SIZE, file));
- result = strcmp(buf, test_string_22);
- RUNNER_ASSERT_MSG( result == 0, "add_shared_dir_readers ERROR, file not formatted" << path);
+ // Check if SMACK label really set
+ char *label;
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG_BT(result >= 0, "Line: " << line_no <<
+ " Error getting current process label");
+ RUNNER_ASSERT_MSG_BT(label != NULL, "Line: " << line_no <<
+ " Process label is not set");
+ result = strcmp(app_id, label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
+ " Process label " << label << " is incorrect");
- free(path);
- fclose(file);
+ check_groups(dac_file);
}
-#pragma GCC diagnostic warning "-Wdeprecated-declarations"
/**
- * Set APP privileges.
+ * Set APP privileges. wgt.
*/
-
-void check_groups(const char *dac_file)
+RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
{
- std::set<unsigned> groups_check;
- read_gids(groups_check, LIBPRIVILEGE_APP_GROUP_LIST);
- read_gids(groups_check, dac_file);
-
- int groups_cnt = getgroups(0, NULL);
- RUNNER_ASSERT_MSG(groups_cnt > 0, "Wrong number of supplementary groupsCnt");
- gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != NULL, "Memory allocation failed");
- RUNNER_ASSERT(-1 != getgroups(groups_cnt, groups_list));
-
- for (int i = 0; i < groups_cnt; ++i) {
- //getgroups() can return multiple number of the same group
- //they are returned in sequence, so we will given number when last
- //element of this number is reached
- if ((i < groups_cnt - 1) && (groups_list[i + 1] == groups_list[i]))
- continue;
- if (groups_check.erase(groups_list[i]) == 0) {
- // getgroups() may also return process' main group
- if (groups_list[i] != getgid())
- RUNNER_ASSERT_MSG(false, "Application belongs to unknown group (GID=" << groups_list[i] << ")");
- }
- }
- free(groups_list);
- std::string groups_left;
- for (std::set<unsigned>::iterator it = groups_check.begin(); it != groups_check.end(); it++) {
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
-}
-
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege)
-{
- int result;
-
- // Preset exec label
- smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
- smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
-
- /**
- * TODO This test should also verify perm_app_set_privilege behavior for OSP and
- * WRT apps. To do that we'll have to install real apps on device as a
- * precondition.
- */
-
- // Set APP privileges
- result = perm_app_set_privilege(APP_ID, NULL, APP_SET_PRIV_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error getting current process label");
- RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
- result = strcmp(APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
-
- // Check if DAC privileges really set
- RUNNER_ASSERT_MSG(getuid() == APP_UID, "Wrong UID");
- RUNNER_ASSERT_MSG(getgid() == APP_GID, "Wrong GID");
-
- result = strcmp(getenv("HOME"), APP_HOME_DIR);
- RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR");
-
- result = strcmp(getenv("USER"), APP_USER_NAME);
- RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME");
-
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE);
-}
-
-/**
- * Set APP privileges. wgt.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
-{
- int result;
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- result = test_have_all_accesses(rules_wgt);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- result = perm_app_set_privilege(WGT_APP_ID, "wgt", WGT_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error getting current process label");
- RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
- result = strcmp(WGT_APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
-
-
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_WGT);
+ set_app_privilege(__LINE__,WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
}
/**
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_partner)
{
- int result;
-
- result = perm_app_enable_permissions(WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- result = test_have_all_accesses(rules_wgt_partner);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- result = perm_app_set_privilege(WGT_PARTNER_APP_ID, "wgt_partner", WGT_PARTNER_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error getting current process label");
- RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
- result = strcmp(WGT_PARTNER_APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
-
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_WGT);
+ set_app_privilege(__LINE__, WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT,
+ "wgt_partner", WGT_PARTNER_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_partner);
}
/**
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_platform)
{
- int result;
-
- result = perm_app_enable_permissions(WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- result = test_have_all_accesses(rules_wgt_platform);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- result = perm_app_set_privilege(WGT_PLATFORM_APP_ID, "wgt_platform", WGT_PLATFORM_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error getting current process label");
- RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
- result = strcmp(WGT_PLATFORM_APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
-
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_WGT);
+ set_app_privilege(__LINE__, WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT,
+ "wgt_platform", WGT_PLATFORM_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_platform);
}
/**
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
{
- int result;
-
- result = perm_app_enable_permissions(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- result = test_have_all_accesses(rules_osp);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- result = perm_app_set_privilege(OSP_APP_ID, NULL, OSP_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error getting current process label");
- RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
- result = strcmp(OSP_APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
-
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_OSP);
+ set_app_privilege(__LINE__, OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, NULL, OSP_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
}
/**
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_partner)
{
- int result;
-
- result = perm_app_enable_permissions(OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- result = test_have_all_accesses(rules_osp_partner);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- result = perm_app_set_privilege(OSP_PARTNER_APP_ID, NULL, OSP_PARTNER_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error getting current process label");
- RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
- result = strcmp(OSP_PARTNER_APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
-
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_OSP);
+ set_app_privilege(__LINE__, OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP,
+ NULL, OSP_PARTNER_APP_PATH, LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_partner);
}
/**
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_platform)
{
- int result;
-
- result = perm_app_enable_permissions(OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- result = test_have_all_accesses(rules_osp_platform);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- result = perm_app_set_privilege(OSP_PLATFORM_APP_ID, NULL, OSP_PLATFORM_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error getting current process label");
- RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
- result = strcmp(OSP_PLATFORM_APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
-
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_OSP);
+ set_app_privilege(__LINE__, OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP,
+ NULL, OSP_PLATFORM_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_platform);
}
/**
remove_smack_files();
+ DB_BEGIN
// argument validation
result = perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
+ RUNNER_ASSERT_BT(result == PC_ERR_INVALID_PARAM);
result = perm_add_api_feature(APP_TYPE_OSP,"", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
+ RUNNER_ASSERT_BT(result == PC_ERR_INVALID_PARAM);
- // already existing features
+ // Already existing feature:
+ // TODO: Database will be malformed. (Rules for these features will be removed.)
result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
-
- result = perm_add_api_feature(APP_TYPE_OTHER,"http://tizen.org/privilege/messaging", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
- result = perm_add_api_feature(APP_TYPE_OTHER,"http://tizen.org/messaging", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
- result = perm_add_api_feature(APP_TYPE_OTHER,"http://messaging", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
- result = perm_add_api_feature(APP_TYPE_OTHER,"messaging.read", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// empty features
result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
- result = perm_add_api_feature(APP_TYPE_OTHER,"blahblah", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
-
- // smack files existence
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
-
- result = file_exists(WRT_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
-
- result = file_exists(OTHER_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
-
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// empty rules
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, { NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == 0);
- remove_smack_files();
+ const char *test1[] = { NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == 0);
- remove_smack_files();
+ const char *test2[] = { "", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ const char *test3[] = { " \t\n", "\t \n", "\n\t ", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// malformed rules
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "malformed", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ const char *test4[] = { "malformed", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "malformed malformed", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ const char *test5[] = { "malformed malformed", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "-malformed malformed rwxat", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ const char *test6[] = { "-malformed malformed rwxat", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "~/\"\\ malformed rwxat", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ const char *test7[] = { "~/\"\\ malformed rwxat", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "subject object rwxat something else", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ const char *test8[] = { "subject object rwxat something else", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
// correct rules
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "malformed malformed maaaaaalformed", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "malformed malformed r--a-l" });
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "subject object foo", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "subject object ------" });
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {
- "subject object\t rwxatl",
+ const char *test9[] = {
+ "~APP~ object\t rwxatl",
" \t \n",
- "subject2\tobject2 ltxarw",
+ "subject2\t~APP~ ltxarw",
"",
- NULL
- }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "subject object rwxatl", "subject2 object2 rwxatl"});
- remove_smack_files();
+ NULL};
+
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", NULL };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", NULL }; // TODO This fails.
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {
- "Sub::jE,ct object a-RwXL",
- NULL
- }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "Sub::jE,ct object rwxa-l"});
- remove_smack_files();
// TODO For now identical/complementary rules are not merged.
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {
- "subject object rwxatl",
+ const char *test12[] = {
+ "subject1 ~APP~ rwxatl",
" \t \n",
- "subject object ltxarw",
+ "subject2 ~APP~ ltxarw",
"",
- NULL
- }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "subject object rwxatl", "subject object rwxatl"});
- remove_smack_files();
-
+ NULL};
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// empty group ids
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "a a ---a--"});
- result = file_exists(OSP_BLAHBLAH_DAC);
- RUNNER_ASSERT(result == -1);
+ const char *test13[] = { "~APP~ b a", NULL};
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
+ RUNNER_ASSERT_BT(result == -1);
remove_smack_files();
// valid group ids
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},3);
- printf("%d \n", result);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "a a ---a--"});
- osp_blahblah_dac_check(__LINE__, {0,1,2});
+ result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
remove_smack_files();
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},1);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "a a ---a--"});
- osp_blahblah_dac_check(__LINE__, {0});
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
remove_smack_files();
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {1,1,1},3);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "a a ---a--"});
- osp_blahblah_dac_check(__LINE__, {1,1,1});
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
remove_smack_files();
+
+ DB_END
}
/*
RUNNER_TEST(privilege_control01_app_install)
{
int result;
- int fd = -1;
- unlink(SMACK_RULES_DIR APP_ID);
+ DB_BEGIN
perm_app_uninstall(APP_ID);
result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // checking if file really exists
- fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
- RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno));
- close(fd);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
// try install second time app with the same ID - it should pass.
result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+ DB_END
}
/*
- * Check perm_app_install function
+ * Check perm_app_uninstall function
*/
RUNNER_TEST(privilege_control07_app_uninstall)
{
int result;
- int fd = -1;
+
+ DB_BEGIN
result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
- // checking if file really exists
- fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
- RUNNER_ASSERT_MSG(fd == -1, "SMACK file NOT deleted after perm_app_uninstall");
- close(fd);
-}
+ DB_END
-void checkOnlyAvAccess(const char *av_id, const char *app_id, const char *comment)
-{
- int result;
- result = smack_have_access(av_id, app_id, "rwx");
- RUNNER_ASSERT_MSG(result == 1,
- "Error while checking " << av_id << " rwx access to "
- << app_id << " " << comment << " Result: " << result);
- result = smack_have_access(av_id, app_id, "a");
- RUNNER_ASSERT_MSG(result == 0,
- "Error while checking " << av_id << " a access to "
- << app_id << " " << comment << " Result: " << result);
- result = smack_have_access(av_id, app_id, "t");
- RUNNER_ASSERT_MSG(result == 0,
- "Error while checking " << av_id << " t access to "
- << app_id << " " << comment << " Result: " << result);
+ TestLibPrivilegeControlDatabase db_test;
+ db_test.test_db_after__perm_app_uninstall(APP_ID);
}
/*
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
RUNNER_TEST_SMACK(privilege_control10_app_register_av)
{
+ RUNNER_IGNORED_MSG("app_register_av is not implemented");
int result;
// cleaning
smack_revoke_subject(APP_TEST_AV_1);
smack_revoke_subject(APP_TEST_AV_2);
- cleaning_smack_app_files();
- cleaning_smack_database_files();
+ DB_BEGIN
// Adding two apps before antivir
result = perm_app_install(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
result = perm_app_install(APP_TEST_APP_2);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
// Adding antivir
result = app_register_av(APP_TEST_AV_1);
- RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
+
+ DB_END
// Checking added apps accesses
checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
+ DB_BEGIN
+
// Adding third app
result = perm_app_install(APP_TEST_APP_3);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+ DB_END
// Checking app accesses
checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
// Adding second antivir
result = app_register_av(APP_TEST_AV_2);
- RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
// Checking app accesses
checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
// cleaning
smack_revoke_subject(APP_TEST_AV_1);
smack_revoke_subject(APP_TEST_AV_2);
-
- cleaning_smack_app_files();
- cleaning_smack_database_files();
}
#pragma GCC diagnostic warning "-Wdeprecated-declarations"
RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
{
int result;
- int smack_file_length;
- FILE *pFile;
+
+ // Clean up after test:
+ DB_BEGIN
+
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
/**
* Test - Enabling all permissions with persistant mode enabled
*/
-
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
+
+ DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- //// File exists?
- pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length > 0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
+ // Check if permission is assigned to app in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
- if (pFile != NULL)
- fclose(pFile);
+ DB_BEGIN
// Clean up
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
+ DB_END
+
+ // Check if permission is disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+
/**
* Test - Enabling all permissions with persistant mode disabled
*/
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ DB_BEGIN
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
+
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
+ DB_END
+
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- //// File exists?
- pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty with persistant mode 0. Errno: " << errno);
+ // Check if permission is assigned to app in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
- if (pFile != NULL)
- fclose(pFile);
+ DB_BEGIN
// Clean up
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
+ DB_END
+
+ // Check if permission is disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+
/**
- * Test - Enabling all permissions in two complementary files
+ * Test - Registering new permissions in two complementary files
*/
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_R_AND_NO_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ DB_BEGIN
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
- //// File exists?
- pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ DB_END
+
+ // Check if the accesses are realy applied..
+ result = test_have_all_accesses(rules2_no_r);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added.");
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length > 0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
+ // Check if permissions are assigned to app in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, true);
- if (pFile != NULL)
- fclose(pFile);
+ DB_BEGIN
// Clean up
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
+ DB_END
+
+ // Check if permissions are disabled in db
+ check_app_has_permission(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
+
/**
* Test - Enabling some permissions and then enabling complementary permissions
*/
- // Enable permission for rules 2 no r
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_NO_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions without r. Result: " << result);
+ DB_BEGIN
+
+ // Register permission for rules 2 no r
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions without r. Result: " << result);
+
+ DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
-
- //// File exists?
- pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions without r not added.");
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length > 0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
+ DB_BEGIN
- if (pFile != NULL)
- fclose(pFile);
+ // Register permission for rules 2
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app all permissions. Result: " << result);
- // Enable permission for rules 2
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app all permissions. Result: " << result);
+ DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions all not added.");
+
+ DB_BEGIN
// Clean up
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
/**
*/
// Enable permission for rules 2 no r
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_NO_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions without r. Result: " << result);
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions without r. Result: " << result);
+
+ DB_END
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions without r not added.");
- //// File exists?
- pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
-
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length > 0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
-
- if (pFile != NULL)
- fclose(pFile);
+ DB_BEGIN
// Enable permission for rules 2
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions with only r. Result: " << result);
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions with only r. Result: " << result);
+
+ DB_END
// Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
+ result = test_have_all_accesses(rules2_r);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Permissions with only r not added.");
+
+ DB_BEGIN
// Clean up
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
-}
-RUNNER_CHILD_TEST(privilege_control11_app_enable_permissions_efl)
-{
- int result;
- const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
- result = perm_app_install("EFL_APP");
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
- result = perm_app_enable_permissions("EFL_APP", APP_TYPE_EFL, PRIVS_EFL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling app permissions. Result: " << result);
+ // Clean up after test:
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
- RUNNER_ASSERT_MSG( smack_have_access("EFL_APP","test_book_efl", "r"),
- "SMACK accesses not granted for EFL_APP");
-
- (void)perm_app_uninstall("EFL_APP");
+ DB_END
}
+RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
+{
+ test_app_enable_permissions_efl(true);
+}
/*
- * Until perm_app_disable_permissions is not fixed this test should remain
- * commented
- */
-/**
- * Remove previously granted SMACK permissions based on permissions list.
+ * Check perm_app_install function
*/
-/*RUNNER_TEST(privilege_control12_app_disable_permissions)
+RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
{
-*/
-/**
- * Test - disable all granted permissions.
- */
-/* int result;
-
- // Prepare permissions that we want to disable
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- // Disable permissions
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- // Are all the permissions disabled?
- result = test_have_any_accesses(rules2);
- RUNNER_ASSERT_MSG(result!=1, "Not all permisions disabled.");
-*/
-/**
- * Test - disable some granted permissions leaving non complementary and then disabling those too.
- */
-/*
- // Prepare permissions that will not be disabled
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app first permissions. Result: " << result);
-
- // Prepare permissions that we want to disable
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app second permissions. Result: " << result);
-
- // Disable second permissions
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app second permissions. Result: " << result);
-
- // Are all second permissions disabled?
- result = test_have_any_accesses(rules2);
- RUNNER_ASSERT_MSG(result!=1, "Not all first permisions disabled.");
-
- // Are all first permissions not disabled?
- result = test_have_all_accesses(rules);
- RUNNER_ASSERT_MSG(result==1, "Some of second permissions disabled.");
+ test_app_disable_permissions_efl(true);
+}
- // Disable first permissions
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app first permissions. Result: " << result);
- // Are all second permissions disabled?
- result = test_have_any_accesses(rules);
- RUNNER_ASSERT_MSG(result!=1, "Not all second permisions disabled.");
-*/
/**
- * Test - disable only no r granted permissions.
+ * Remove previously granted SMACK permissions based on permissions list.
*/
-/*
- // Prepare permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
-
- // Disable same permissions without r
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app no r permissions. Result: " << result);
-
- // Is any r permissions disabled?
- result = test_have_all_accesses(rules2_r);
- RUNNER_ASSERT_MSG(result==1, "Some of r permissions disabled.");
- // Are all no r permissions disabled?
- result = test_have_any_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result!=1, "Not all no r permissions disabled.");
-
- // Prepare permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_NO_R, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app no r permissions. Result: " << result);
-
- // Disable all permissions
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
+RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
+{
+ test_app_disable_permissions(true);
}
-*/
+
/**
* Reset SMACK permissions for an application by revoking all previously
* granted rules and enabling them again from a rules file from disk.
*/
-
+// TODO: This test is incomplete.
RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
{
int result;
* Test - doing reset and checking if rules exist again.
*/
+ DB_BEGIN
+
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
// Prepare permissions to reset
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
+ result = perm_app_setup_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
// Reset permissions
- result = perm_app_reset_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_reset_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error reseting app permissions. Result: " << result);
+ DB_END
+
// Are all second permissions not disabled?
result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
+ RUNNER_ASSERT_MSG_BT(result == 1, "Not all permissions added.");
+
+ DB_BEGIN
// Disable permissions
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error disabling app permissions. Result: " << result);
+
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ DB_END
}
/**
*/
RUNNER_TEST_SMACK(privilege_control14_app_add_friend)
{
+ RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
+
int result;
/**
* Test - making friends with no permissions on each other
*/
+ DB_BEGIN
+
result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
perm_app_uninstall(APP_FRIEND_1);
// Installing friends to be
result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error installing first app. Result: " << result);
result = perm_app_install(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error installing second app. Result: " << result);
// Making friends
result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error making friends. Errno: " << result);
+ DB_END
+
// Checking if friends were made
result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
- RUNNER_ASSERT_MSG(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == 1,
" Error first one sided friednship failed. Result: " << result);
result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
- RUNNER_ASSERT_MSG(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == 1,
" Error second one sided friednship failed. Result: " << result);
+ DB_BEGIN
+
// Clean up
result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
perm_app_uninstall(APP_FRIEND_1);
perm_app_uninstall(APP_FRIEND_2);
+ DB_END
+
/**
- * Test - making friends with nonexisting friend
+ * Test - making friends with nonexistent friend
*/
+ DB_BEGIN
+
// Installing one friend
result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error installing first app. Errno: " << result);
- // Adding imaginairy friend as second
+ // Adding imaginary friend as second
result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error making friends (first) with imaginairy friend failed. Result: "
<< result);
- // Adding imaginairy friend as first
+ // Adding imaginary friend as first
result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error making friends (second) with imaginairy friend failed. Result: "
<< result);
// Clean up
result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
perm_app_uninstall(APP_FRIEND_1);
perm_app_uninstall(APP_FRIEND_2);
+ DB_END
+
/**
* Test - making friends with some permissions already added
*/
std::vector<std::string> accessesFriend =
{ "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" };
+ DB_BEGIN
+
// Installing friends to be
result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error installing first app. Result: " << result);
result = perm_app_install(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error installing second app. Result: " << result);
+ DB_END
+
for (i = 0; i < accessesFriend.size(); ++i)
{
for (j = 0; j < accessesFriend.size(); ++j)
{
// Adding rules before making friends
result = smack_accesses_new(&rulesFriend);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error in smack_accesses_new. Result: " << result);
result = smack_accesses_add(rulesFriend,
APP_FRIEND_1, APP_FRIEND_2, accessesFriend[i].c_str());
- RUNNER_ASSERT_MSG(result == 0,
+ RUNNER_ASSERT_MSG_BT(result == 0,
"Unable to add modify rulesFirend (first). Result: " << result);
result = smack_accesses_add(rulesFriend, APP_FRIEND_2,
APP_FRIEND_1, accessesFriend[j].c_str());
- RUNNER_ASSERT_MSG(result == 0,
+ RUNNER_ASSERT_MSG_BT(result == 0,
"Unable to add modify rulesFirend (second). Result: " << result);
result = smack_accesses_apply(rulesFriend);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error in smack_accesses_apply. Result: " << result);
+ DB_BEGIN
+
// Adding friends
result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error making friends. Result: " << result);
+ DB_END
+
// Checking if friends were made
result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat");
- RUNNER_ASSERT_MSG(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == 1,
" Error first one sided friednship failed. Result: " << result);
result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat");
- RUNNER_ASSERT_MSG(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == 1,
" Error second one sided friednship failed. Result: " << result);
// Deleting all rules between friends
}
}
+ DB_BEGIN
+
// Clean up
result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
perm_app_uninstall(APP_FRIEND_1);
perm_app_uninstall(APP_FRIEND_2);
+
+ DB_END
}
static void smack_set_random_label_based_on_pid_on_self(void)
ss << "s-" << getpid() << "-" << getppid();
result = smack_set_label_for_self(ss.str().c_str());
- RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
+ RUNNER_ASSERT_MSG_BT(result == 0, "smack_set_label_for_self("
<< ss.str().c_str() << ") failed");
}
close(fd);
close(sock);
free(smack_label);
- RUNNER_ASSERT_MSG(0, "smack_new_label_from_self() failed");
+ RUNNER_ASSERT_MSG_BT(0, "smack_new_label_from_self() failed");
}
result = write(fd, smack_label, strlen(smack_label));
if (result != (int)strlen(smack_label)) {
close(fd);
close(sock);
free(smack_label);
- RUNNER_ASSERT_MSG(0, "write() failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(0, "write() failed: " << strerror(errno));
}
close(fd);
free(smack_label);
}
-RUNNER_TEST_SMACK(privilege_control15_app_id_from_socket)
+RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
{
int pid;
struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
unlink(SOCK_PATH);
pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
+ RUNNER_ASSERT_MSG_BT(pid >= 0, "Fork failed");
smack_set_random_label_based_on_pid_on_self();
/* Set the process label before creating a socket */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno));
result = bind(sock,
(struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
if (result != 0) {
close(sock);
- RUNNER_ASSERT_MSG(0, "bind failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(0, "bind failed: " << strerror(errno));
}
result = listen(sock, 1);
if (result != 0) {
close(sock);
- RUNNER_ASSERT_MSG(0, "listen failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(0, "listen failed: " << strerror(errno));
}
smack_unix_sock_server(sock);
smack_unix_sock_server(sock);
pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
+ RUNNER_ASSERT_MSG_BT(pid >= 0, "Fork failed");
/* Now running two concurrent servers.
Test if socket label was unaffected by fork() */
smack_unix_sock_server(sock);
/* Let's give the two servers different labels */
smack_unix_sock_server(sock);
close(sock);
- waitpid(pid, NULL, 0);
+
exit(0);
} else { /* parent process, client */
sleep(1); /* Give server some time to setup listening socket */
char *smack_label2;
sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_MSG(sock >= 0,
+ RUNNER_ASSERT_MSG_BT(sock >= 0,
"socket failed: " << strerror(errno));
result = connect(sock,
(struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
if (result != 0) {
close(sock);
- RUNNER_ASSERT_MSG(0, "connect failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(0, "connect failed: " << strerror(errno));
}
alarm(2);
alarm(0);
if (result < 0) {
close(sock);
- RUNNER_ASSERT_MSG(0, "read failed: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(0, "read failed: " << strerror(errno));
}
smack_label1[result] = '\0';
smack_label2 = perm_app_id_from_socket(sock);
if (smack_label2 == NULL) {
close(sock);
- RUNNER_ASSERT_MSG(0, "perm_app_id_from_socket failed");
+ RUNNER_ASSERT_MSG_BT(0, "perm_app_id_from_socket failed");
}
result = strcmp(smack_label1, smack_label2);
if (result != 0) {
close(sock);
- RUNNER_ASSERT_MSG(0, "smack labels differ: '" << smack_label1
+ RUNNER_ASSERT_MSG_BT(0, "smack labels differ: '" << smack_label1
<< "' != '" << smack_label2 << "-" << random() << "'");
}
close(sock);
}
- waitpid(pid, NULL, 0);
}
}
const char *label1 = "qwert123456za";
const char *label2 = "trewq654123az";
- std::unique_ptr<char, std::function<void(void*)> > labelPtr(NULL,free);
+ CStringPtr labelPtr;
mkdir(path1,0);
mkdir(path2,0);
char *label = NULL;
- RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1));
- RUNNER_ASSERT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS));
+ DB_BEGIN
+
+ RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1));
+
+ DB_END
+
+ RUNNER_ASSERT_BT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS));
labelPtr.reset(label);
label = NULL;
- RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label1));
+ RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label1));
- RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2));
- RUNNER_ASSERT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC));
+ DB_BEGIN
+
+ RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2));
+
+ DB_END
+
+ RUNNER_ASSERT_BT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC));
labelPtr.reset(label);
label = NULL;
- RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label2));
+ RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label2));
- RUNNER_ASSERT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC));
+ RUNNER_ASSERT_BT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC));
labelPtr.reset(label);
label = NULL;
- RUNNER_ASSERT(labelPtr.get() == NULL);
+ RUNNER_ASSERT_BT(labelPtr.get() == NULL);
}
-RUNNER_TEST(privilege_control17_appsettings_privilege)
+RUNNER_TEST_SMACK(privilege_control17_appsettings_privilege)
{
-#define APP_1 "app_1"
-#define APP_1_DIR "/tmp/app_1"
-
-#define APP_2 "app_2"
-#define APP_2_DIR "/tmp/app_2"
-
-#define APP_TEST "app_test"
+ test_appsettings_privilege(true);
+}
-#define PRIV_APPSETTING (const char*[]) {"http://tizen.org/privilege/appsetting", NULL}
+void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) {
+ int result;
- int ret;
- char *app1_dir_label;
- char *app2_dir_label;
- //prepare test
+ DB_BEGIN
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ " Error in perm_app_uninstall." << result);
- (void)perm_app_uninstall(APP_TEST);
- (void)perm_app_uninstall(APP_1);
- (void)perm_app_uninstall(APP_2);
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ " Error in perm_app_install." << result);
- //install some app 1
- ret = perm_app_install(APP_1);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
+ DB_END
- mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
+ result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
+ " Unable to clean up Smack labels in " << TEST_APP_DIR);
- //register settings folder for app 1
- ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW );
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
+ result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
+ " Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
- //install "app_test" and give it appsettings privilege
- ret = perm_app_install(APP_TEST);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
+ DB_BEGIN
+ result = perm_app_setup_path(APP_ID, TEST_APP_DIR, PATH_TYPE);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
+ " perm_app_setup_path() failed");
- ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
+ DB_END
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << ret);
+ result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no <<
+ " Unable to check Smack labels for non-app dir");
- //check if "app_test" has an RX access to the app "app_1"
- ret = smack_have_access(APP_TEST, APP_1, "rx");
- RUNNER_ASSERT_MSG(ret,"access denies");
+ DB_BEGIN
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ " Error in perm_app_uninstall." << result);
- //check if "app_test" has an RWX access to a folder registered by "app_1"
- ret = smack_getlabel(APP_1_DIR, &app1_dir_label, SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
- ret = smack_have_access(APP_TEST, app1_dir_label, "rwx");
- RUNNER_ASSERT_MSG(ret,"access denies");
+ DB_END
+}
+RUNNER_TEST_SMACK(privilege_control18_app_setup_path_public)
+{
+ test_app_setup_path(__LINE__, APP_PATH_PUBLIC_RO);
+}
- //intstall another app: "app_2"
- ret = perm_app_install(APP_2);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
+RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings)
+{
+ test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW);
+}
- mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP);
- //register settings folder for that "app_2"
- ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
+RUNNER_TEST_SMACK(privilege_control20_app_setup_path_npruntime)
+{
+ int result = 0;
+ CStringPtr labelPtr;
+ std::string nptargetlabel = std::string(APP_NPRUNTIME) + ".npruntime";
+ char *label = NULL;
- //check if "app_test" has an RX access to the app "app_2"
- ret = smack_have_access(APP_TEST, APP_2, "rx");
- RUNNER_ASSERT_MSG(ret,"access denies");
+ restore_original_additional_rules();
- //check if "app_test" has an RWX access to a folder registered by "app_2"
- ret = smack_getlabel(APP_2_DIR, &app2_dir_label, SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
- ret = smack_have_access(APP_TEST, app2_dir_label, "rwx");
- RUNNER_ASSERT_MSG(ret,"access denies");
+ DB_BEGIN
- free (app1_dir_label);
- free (app2_dir_label);
- rmdir(APP_1_DIR);
- rmdir(APP_2_DIR);
+ result = perm_app_uninstall(APP_NPRUNTIME);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
- (void)perm_app_uninstall(APP_TEST);
- (void)perm_app_uninstall(APP_1);
- (void)perm_app_uninstall(APP_2);
-}
+ result = perm_app_install(APP_NPRUNTIME);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_install. " << result);
-RUNNER_TEST_SMACK(privilege_control18_app_setup_path_public)
-{
- int result;
+ result = perm_app_setup_path(APP_NPRUNTIME, APP_NPRUNTIME_FILE, PERM_APP_PATH_NPRUNTIME);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. " << result);
- cleaning_smack_database_files();
- add_lables_to_db();
+ DB_END
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
+ RUNNER_ASSERT_BT(0 == smack_lgetlabel(APP_NPRUNTIME_FILE, &label, SMACK_LABEL_EXEC));
+ labelPtr.reset(label);
+ label = NULL;
+ RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), nptargetlabel.c_str()));
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
+ // Rules to test
+ const std::vector< std::vector<std::string> > np_rules = {
+ { APP_NPRUNTIME, nptargetlabel, "rw" },
+ { nptargetlabel, APP_NPRUNTIME, "rxat" },
+ { nptargetlabel, "system::homedir", "rxat" },
+ { nptargetlabel, "xorg", "rw" },
+ { nptargetlabel, "crash-worker", "rwxa" },
+ { nptargetlabel, "sys-assert::core", "rwxat" },
+ { nptargetlabel, "syslogd", "rw" },
+ };
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
+ // Test smack accesses
+ result = test_have_all_accesses(np_rules);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Not all permissions added.");
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
+ DB_BEGIN
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
+ result = perm_app_uninstall(APP_NPRUNTIME);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result);
- cleaning_smack_database_files();
+ DB_END
}
-RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings)
+RUNNER_TEST(privilege_control21_early_rules)
{
- int result;
-
- cleaning_smack_database_files();
- add_lables_to_db();
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
+ RUNNER_IGNORED_MSG("early rules are not implemented");
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_settings_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-
- cleaning_smack_database_files();
-}
-
-RUNNER_TEST(privilege_control20_early_rules)
-{
int result;
- int fd = -1;
int pass_1 = 0;
int pass_2 = 0;
char *single_line_format = NULL;
char *perm = NULL;
FILE *file = NULL;
- char subject[SMACK_LABEL_LEN + 1];
- char object[SMACK_LABEL_LEN + 1];
- char rule_add[SMACK_ACC_LEN + 1];
- char rule_remove[SMACK_ACC_LEN + 1];
- subject[SMACK_LABEL_LEN] = '\0';
- object[SMACK_LABEL_LEN] = '\0';
- rule_add[SMACK_ACC_LEN] = '\0';
- rule_remove[SMACK_ACC_LEN] = '\0';
+ char subject[SMACK_LABEL_LEN + 1] = {0};
+ char object[SMACK_LABEL_LEN + 1] = {0};
+ char rule_add[SMACK_ACC_LEN + 1] = {0};
+ char rule_remove[SMACK_ACC_LEN + 1] = {0};
- unlink(SMACK_RULES_DIR APP_ID);
+ DB_BEGIN
perm_app_uninstall(APP_ID);
result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
result = perm_app_install(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
- // checking if file really exists
- fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
- close(fd);
- RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno));
- fd = -1;
+ DB_END
+
+ TestLibPrivilegeControlDatabase db_test;
+ db_test.test_db_after__perm_app_install(APP_ID);
+ db_test.test_db_after__perm_app_install(APP_TEST_APP_1);
+
+ DB_BEGIN
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm, 1);
- RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
- result = perm_app_enable_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm, 1);
- RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
+ result = perm_app_setup_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm);
+ RUNNER_ASSERT_MSG_BT(result == 0, "app_register_permissions failed: " << result);
+ result = perm_app_setup_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm);
+ RUNNER_ASSERT_MSG_BT(result == 0, "app_register_permissions failed: " << result);
+
+ DB_END
file = fopen(SMACK_STARTUP_RULES_FILE, "r");
- RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
result = asprintf(&single_line_format, "%%%ds %%%ds %%%ds %%%ds\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN, SMACK_ACC_LEN, SMACK_ACC_LEN);
fclose(file);
file = NULL;
- RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
- RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
+ RUNNER_ASSERT_MSG_BT(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found");
+ RUNNER_ASSERT_MSG_BT(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
// Checking if "early rule" for APP_ID was really removed
// We also should make sure that "early rules" for other apps wasn't removed
+ DB_BEGIN
result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ DB_END
pass_1 = 1;
pass_2 = 0;
file = fopen(SMACK_STARTUP_RULES_FILE, "r");
- RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
fclose(file);
file = NULL;
- RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
- RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
+ RUNNER_ASSERT_MSG_BT(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
+ RUNNER_ASSERT_MSG_BT(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found");
// Removing and checking "early rule" for APP_TEST_APP_1
+ DB_BEGIN
result = perm_app_uninstall(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ DB_END
pass_1 = 1;
pass_2 = 1;
file = fopen(SMACK_STARTUP_RULES_FILE, "r");
- RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
+ RUNNER_ASSERT_MSG_BT(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) {
if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) {
free(single_line_format);
fclose(file);
- RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
- RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");
-}
-
-
-//////////////////////////////////////////////////////
-//TEST FOR INCORRECT PARAMS CHECK IN LIBPRIVILEGE APIS
-//////////////////////////////////////////////////////
-
-RUNNER_TEST(privilege_control21a_incorrect_params_get_smack_label_from_process)
-{
- RUNNER_ASSERT_MSG(get_smack_label_from_process(PID_CORRECT, NULL) == PC_ERR_INVALID_PARAM, "get_smack_label_from_process didn't check if smack_label isn't NULL.");
-
- char aquired_smack_label[SMACK_LABEL_LEN+1];
- RUNNER_ASSERT_MSG(get_smack_label_from_process(PID_INCORRECT, aquired_smack_label) == PC_ERR_INVALID_PARAM, "get_smack_label_from_process didn't check for correct pid.");
-}
-
-RUNNER_TEST_SMACK(privilege_control21b_incorrect_params_smack_pid_have_access)
-{
- RUNNER_ASSERT_MSG(smack_pid_have_access(PID_CORRECT, "some_object", NULL) == -1, "smack_pid_have_access didn't check if access_type isn't NULL.");
- RUNNER_ASSERT_MSG(smack_pid_have_access(PID_CORRECT, NULL, "rw") == -1, "smack_pid_have_access didn't check if object isn't NULL.");
- RUNNER_ASSERT_MSG(smack_pid_have_access(PID_CORRECT, "", "rw") == -1, "smack_pid_have_access didn't check if object isn't empty.");
- RUNNER_ASSERT_MSG(smack_pid_have_access(PID_INCORRECT, "some_object", "rw") == -1, "smack_pid_have_access didn't check for correct pid.");
-}
-
-RUNNER_TEST(privilege_control21c_incorrect_params_perm_app_set_privilege)
-{
- RUNNER_ASSERT_MSG(perm_app_set_privilege(NULL, NULL, APP_SET_PRIV_PATH) == PC_ERR_INVALID_PARAM, "perm_app_set_privilege didn't check if package name isn't NULL.");
-}
-
-RUNNER_TEST(privilege_control21d_incorrect_params_perm_app_install)
-{
- RUNNER_ASSERT_MSG(perm_app_install(NULL) == PC_ERR_INVALID_PARAM, "perm_app_install didn't check if pkg_id isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_install("") == PC_ERR_INVALID_PARAM, "perm_app_install didn't check if pkg_id isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21e_incorrect_params_perm_app_uninstall)
-{
- RUNNER_ASSERT_MSG(perm_app_uninstall(NULL) == PC_ERR_INVALID_PARAM, "perm_app_uninstall didn't check if pkg_id isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_uninstall("") == PC_ERR_INVALID_PARAM, "perm_app_uninstall didn't check if pkg_id isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21f_incorrect_params_perm_app_enable_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, NULL, 1) == PC_ERR_INVALID_PARAM, "perm_app_enable_permissions didn't check if perm_list isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions(NULL, APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM, "perm_app_enable_permissions didn't check if pkg_id isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions("", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM, "perm_app_enable_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM, "perm_app_enable_permissions didn't check if pkg_id is valid");
-}
-
-RUNNER_TEST(privilege_control21g_incorrect_params_app_revoke_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions(NULL) == PC_ERR_INVALID_PARAM, "perm_app_revoke_permissions didn't check if pkg_id isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions("") == PC_ERR_INVALID_PARAM, "perm_app_revoke_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions("~APP~") == PC_ERR_INVALID_PARAM, "perm_app_revoke_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21h_incorrect_params_app_reset_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_reset_permissions(NULL) == PC_ERR_INVALID_PARAM, "perm_app_reset_permissions didn't check if pkg_id isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_reset_permissions("") == PC_ERR_INVALID_PARAM, "perm_app_reset_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_reset_permissions("~APP~") == PC_ERR_INVALID_PARAM, "perm_app_reset_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21i_incorrect_params_app_setup_path)
-{
- RUNNER_ASSERT_MSG(perm_app_setup_path(APPID_DIR, NULL, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM, "perm_app_setup_path didn't check if path isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_setup_path(NULL, TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM, "perm_app_setup_path didn't check if pkg_id isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_setup_path("", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM, "perm_app_setup_path didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_setup_path("~APP~", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM, "perm_app_setup_path didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21j_incorrect_params_app_add_friend)
-{
- RUNNER_ASSERT_MSG(perm_app_add_friend(NULL, APP_FRIEND_2) == PC_ERR_INVALID_PARAM, "perm_app_add_friend didin't check if pkg_id1 isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_add_friend("", APP_FRIEND_2) == PC_ERR_INVALID_PARAM, "perm_app_add_friend didin't check if pkg_id1 isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_add_friend(APP_FRIEND_1, NULL) == PC_ERR_INVALID_PARAM, "perm_app_add_friend didin't check if pkg_id2 isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_add_friend(APP_FRIEND_1, "") == PC_ERR_INVALID_PARAM, "perm_app_add_friend didin't check if pkg_id2 isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_add_friend("~APP~", APP_FRIEND_2) == PC_ERR_INVALID_PARAM, "perm_app_add_friend didin't check if pkg_id1 is valid.");
- RUNNER_ASSERT_MSG(perm_app_add_friend(APP_FRIEND_1, "~APP~") == PC_ERR_INVALID_PARAM, "perm_app_add_friend didin't check if pkg_id2 is valid.");
-}
-
-RUNNER_TEST(privilege_control21k_incorrect_params_add_api_feature)
-{
- RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0) == PC_ERR_INVALID_PARAM, "perm_add_api_feature didn't check if api_feature_name isn't NULL.");
- RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, "", NULL, NULL, 0) == PC_ERR_INVALID_PARAM, "perm_add_api_feature didn't check if api_feature_name isn't empty.");
-}
-
-//A test for incompleted app_disable_permissions function
-RUNNER_TEST(privilege_control21l_incorrect_params_ignored_disable_permissions)
-{
- //perm_app_disable_permissions is only a stub for now. When this function will be completed,
- //un-ignore this test.
- RUNNER_IGNORED_MSG("A test for perm_app_disable_permissions. Check comment.");
-
- //perm_app_disable_permissions - since this func is only a stub, no tests are performed
- RUNNER_ASSERT_MSG(perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, NULL) == PC_ERR_INVALID_PARAM, "perm_app_disable_permissions didn't check if perm_list isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions(NULL, APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM, "perm_app_disable_permissions didn't check if pkg_id isn't NULL.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions("", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM, "perm_app_disable_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM, "perm_app_disable_permissions didn't check if pkg_id is valid.");
+ RUNNER_ASSERT_MSG_BT(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found");
+ RUNNER_ASSERT_MSG_BT(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found");
}
-
-/////////////////////////////////////////
-//////NOSMACK ENVIRONMENT TESTS//////////
-/////////////////////////////////////////
-
/**
- * NOSMACK version of nftw_check_labels_app_shared_dir function.
+ * AV Privilege test cases.
*
- * This function used with nftw should expect -1 result from smack_have_access instead of 1.
+ * Each privilege_control24* test case tests antivirus privileges for each app_type_t, except for
+ * deprecated APP_TYPE_OTHER type.
*/
-int nftw_check_labels_app_shared_dir_nosmack(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- char* label;
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path. Result: " << result);
- RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set");
-
- result = strcmp(APPID_SHARED_DIR, label);
- RUNNER_ASSERT_MSG(result == 0,
- "ACCESS label on " << fpath << " is incorrect. Result: " << result);
+int nftw_remove_dir(const char* filename, const struct stat* /*statptr*/, int /*fileflags*/,
+ struct FTW* /*pfwt*/)
+{
+ int result = -1;
- //The only exception in nftw_check_labels_app_shared_dir
- //smack_have_access returns -1 because of no SMACK.
- result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxat");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result);
+ struct stat filestat;
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path. Result: " << result);
- RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set");
+ result = stat(filename, &filestat);
+ RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to get file statistics. Result: "
+ << result << ", error: " << strerror(errno) << ", file: " << filename);
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path. Result: " << result);
- if (S_ISDIR(sb->st_mode)) {
- RUNNER_ASSERT_MSG(label != NULL, "TRANSMUTE label on " << fpath << " is not set");
- result = strcmp("TRUE", label);
- RUNNER_ASSERT_MSG(result == 0,
- "TRANSMUTE label on " << fpath << " is not set. Result: " << result);
- } else
- RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set");
+ if(S_ISREG(filestat.st_mode)) {
+ result = unlink(filename);
+ RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to unlink file. Result: "
+ << result << ", error: " << strerror(errno) << ", file: " << filename);
+ } else if(S_ISDIR(filestat.st_mode)) {
+ result = rmdir(filename);
+ RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to remove dir. Result: "
+ << result << ", error: " << strerror(errno) << ", file: " << filename);
+ }
return 0;
}
-/**
- * NOSMACK version of privilege_control03 test.
- *
- * Uses nosmack version of nftw_check_labels_app_shared_dir (defined above).
- */
-RUNNER_TEST_NOSMACK(privilege_control03_app_label_shared_dir_nosmack)
+void InstallApp(const char* pkg_id, const char* path, app_path_type_t app_path_type,
+ const char* shared_label)
{
- int result;
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
- RUNNER_ASSERT_MSG(result != PC_OPERATION_SUCCESS,
- "perm_app_setup_path should fail here. Result: " << result);
+ int result = -1;
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Unable to clean up Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR);
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_setup_path() failed. Result: " << result);
+ result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Can't create dir for tests. Result: " << result <<
+ ", error: " << strerror(errno) << ", app_path_type: " << app_path_type);
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir_nosmack, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Unable to check Smack labels for shared app dir");
+ DB_BEGIN
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Unable to check Smack labels for non-app dir");
-}
+ result = perm_app_revoke_permissions(pkg_id);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
+ << result << ", app_path_type: " << app_path_type);
+ result = perm_app_uninstall(pkg_id);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
+ << result << ", app_path_type: " << app_path_type);
-/**
- * NOSMACK version of test_have_accesses functions.
- *
- * This will be used in many tests. Checks if for every rule smack_have_access returns error.
- * If for any of rules smack_have_access will return something different than error, this result
- * is being returned to caller.
- */
-int test_have_nosmack_accesses(const std::vector< std::vector<std::string> > &rules)
-{
- int result;
- for (uint i = 0; i < rules.size(); ++i) {
- result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result != -1)
- return result;
- }
- return -1;
-}
+ result = perm_app_install(pkg_id);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
+ << result << ", app_path_type: " << app_path_type);
+ result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
+ << result << ", app_path_type: " << app_path_type);
-/**
- * NOSMACK version of privilege_control04 test.
- *
- * Tries to add permisions from test_privilege_control_rules template and checks if
- * smack_have_access returns -1 on check between every rule.
- */
-RUNNER_TEST_NOSMACK(privilege_control04_add_permissions_nosmack)
-{
- //Add permissions
- auto result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error adding app permissions. Result: " << result);
-
- //Check if smack_have_access always fails on every rule
- result = test_have_nosmack_accesses(rules);
- RUNNER_ASSERT_MSG(result == -1,
- "Despite SMACK being off some accesses were added. Result: " << result);
-
- //Does file exist?
- std::fstream fs(SMACK_RULES_DIR APP_ID, std::ios_base::in | std::ios_base::binary);
- RUNNER_ASSERT_MSG(fs.good(), "SMACK file NOT created!. Errno: " << strerror(errno));
-
- fs.seekg(0, std::ifstream::end);
- RUNNER_ASSERT_MSG(fs.tellg() > 0, "SMACK file empty, but privileges list was not empty.");
+ DB_END
}
-/**
- * NOSMACK version of privilege_control05_add_shared_dir_readers test.
- *
- * This test is very similar to it's SMACK version - only difference is different result expected
- * from smack_have_access.
- */
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-RUNNER_TEST_NOSMACK(privilege_control05_add_shared_dir_readers_nosmack)
+void InstallAV(const char* av_id, app_type_t av_type)
{
- const char* test_obj = "TEST_OBJECT";
- const char* test_obj_some_other = "TEST_OBJA";
- const char* test_str_01 = "TEST_raz TEST_OBJECT r-x--- ------";
- const char* test_str_21 = "TEST_trzy TEST_OBJA -wx---";
- const char* test_str_22 = "TEST_trzy TEST_OBJECT r-x--- ------";
-
- int result;
- int i;
- int fd = -1;
-
- const char* app_labels_wrong[] = {"-TEST_raz", NULL};
- const char* app_labels[] = {"TEST_raz", "TEST_dwa", "TEST_trzy", NULL};
- const int READ_BUF_SIZE = 1000;
- char buf[READ_BUF_SIZE];
- smack_accesses* tmp = NULL;
-
- //test environment cleaning
- cleaning_smack_app_files();
- cleaning_smack_database_files();
-
- //test what happens when the label is not correct SMACK label
- result = add_shared_dir_readers(test_obj,app_labels_wrong);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM,
- "add_shared_dir_readers should fail here. Result: " << result);
- result = smack_have_access(app_labels_wrong[0],test_obj,"rx");
- RUNNER_ASSERT_MSG(result != 1,
- "add_shared_dir_readers should not grant permission here. Result: " << result);
-
- //install new apps
- result = smack_accesses_new(&tmp);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in smack_accesses_new. Result: " << result);
-
- //Wrap rules and fd into unique_ptrs for garbage collection
- SmackUniquePtr rules(tmp, smack_accesses_free);
- FDUniquePtr fd_ptr(&fd, closefdptr);
-
- std::stringstream path;
- for (i = 0; i < 3; i++) {
- result = perm_app_revoke_permissions(app_labels[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(app_labels[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
- result = perm_app_install(app_labels[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
-
- path << SMACK_RULES_DIR << app_labels[i];
-
- fd = open(path.str().c_str(), O_WRONLY, 0644);
- RUNNER_ASSERT_MSG(fd != -1, "Error in opening file");
-
- if (i == 1) {
- result = smack_accesses_add(rules.get(), app_labels[i], test_obj, "wt");
- RUNNER_ASSERT_MSG(result == 0,
- "smack_accesses_add failed. Result: " << result);
- }
-
- if (i == 2) {
- result = smack_accesses_new(&tmp);
- RUNNER_ASSERT_MSG(result == 0,
- "Failed to allocate memory for rules.");
-
- rules.reset(tmp);
-
- result = smack_accesses_add(rules.get(), app_labels[i],
- test_obj_some_other, "wx");
- RUNNER_ASSERT_MSG(result == 0,
- "smack_accesses_add failed. Result: " << result);
- }
-
- result = smack_accesses_apply(rules.get());
- RUNNER_ASSERT_MSG(result == -1,
- "smack_accesses_apply should fail (SMACK is off). Result: " << result);
-
- result = smack_accesses_save(rules.get(), fd);
- RUNNER_ASSERT_MSG(result == 0,
- "smack_accesses_save failed. Result: " << result);
-
- //cleanup
- path.str(std::string());
- }
-
- //Use add_shared_dir_readers and check if smack_have_access still fails
- result = add_shared_dir_readers(test_obj,app_labels);
- RUNNER_ASSERT_MSG(result == 0, "add_shared_dir_readers failed. Result: " << result);
-
- result = smack_have_access(app_labels[0],test_obj,"rx");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result);
-
- result = smack_have_access(app_labels[1],test_obj,"rx");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result);
-
- result = smack_have_access(app_labels[2],test_obj,"rx");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result);
-
- result = smack_have_access(app_labels[1],test_obj,"rwxt");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result);
-
- result = smack_have_access(app_labels[2],test_obj_some_other,"wx");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result);
-
- //Test if files are properly formatted
- path << SMACK_RULES_DIR << app_labels[0];
- RUNNER_ASSERT_MSG(path.good(), "Failed to create file path. Error: " << strerror(errno));
+ int result = -1;
- std::fstream fs(path.str().c_str(), std::ios_base::in);
- RUNNER_ASSERT_MSG(fs.good(), "Opening file stream failed. Error: " << strerror(errno));
+ DB_BEGIN
- fs.get(buf, READ_BUF_SIZE);
- result = strcmp(buf, test_str_01);
- RUNNER_ASSERT_MSG(result == 0,
- "add_shared_dir_readers ERROR, file not formatted " << path.str().c_str() <<
- ". Result: " << result);
+ result = perm_app_revoke_permissions(av_id);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
+ << result << ", av_type: " << av_type);
+ result = perm_app_uninstall(av_id);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
+ << result << ", av_type: " << av_type);
- //Clean up before another test
- path.str(std::string());
- fs.close();
+ result = perm_app_install(av_id);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
+ << result << ", av_type: " << av_type);
+ result = perm_app_setup_permissions(av_id, av_type, PRIVS_AV);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "register_permissions failed. Result: "
+ << result << ", av_type: " << av_type);
- path << SMACK_RULES_DIR << app_labels[2];
- RUNNER_ASSERT_MSG(path.good(), "Failed to create file path. Error: " << strerror(errno));
-
- fs.open(path.str().c_str(), std::ios_base::in);
- RUNNER_ASSERT_MSG(fs.good(), "fopen failed, errno:" << strerror(errno));
-
- fs.getline(buf, READ_BUF_SIZE);
- result = strcmp(buf, test_str_21);
- RUNNER_ASSERT_MSG( result == 0,
- "add_shared_dir_readers ERROR, file not formatted " << path.str().c_str()
- << ". Result: " << result);
-
- fs.getline(buf, READ_BUF_SIZE);
- result = strcmp(buf, test_str_22);
- RUNNER_ASSERT_MSG( result == 0,
- "add_shared_dir_readers ERROR, file not formatted " << path.str().c_str()
- << ". Result: " << result);
+ DB_END
}
-#pragma GCC diagnostic warning "-Wdeprecated-declarations"
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege test.
- *
- * Another very similar test to it's SMACK version, this time smack_new_label_from_self is
- * expected to return different result.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_nosmack)
+void CheckAVPrivilege(app_type_t av_type, app_path_type_t app_path_type)
{
- int result;
-
- //Preset exec label
- smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
- smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
-
- //Set app privileges
- result = perm_app_set_privilege(APP_ID, NULL, APP_SET_PRIV_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Result: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = NULL;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == NULL, "new_label_from_self shouldn't allocate memory for label.");
-
- //Check if DAC privileges really set
- RUNNER_ASSERT_MSG(getuid() == APP_UID, "Wrong UID");
- RUNNER_ASSERT_MSG(getgid() == APP_GID, "Wrong GID");
+ int result = -1;
- result = strcmp(getenv("HOME"), APP_HOME_DIR);
- RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR. Result: " << result);
+ //clean before test
+ result = nftw(APP_TEST_APP_1_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
+ ", error " << strerror(errno));
- result = strcmp(getenv("USER"), APP_USER_NAME);
- RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME. Result: " << result);
+ result = nftw(APP_TEST_APP_2_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
+ ", error " << strerror(errno));
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE);
-}
+ result = nftw(APP_TEST_APP_3_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
+ ", error " << strerror(errno));
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_wgt test.
- *
- * Same as the above, plus uses test_have_nosmack_accesses instead of test_have_all_accesses.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_nosmack)
-{
- int result;
+ InstallApp(APP_TEST_APP_1, APP_TEST_APP_1_DIR, app_path_type, APP_TEST_APP_1_SHARED_LABEL);
+ InstallAV(APP_TEST_AV_1, av_type);
+ InstallApp(APP_TEST_APP_2, APP_TEST_APP_2_DIR, app_path_type, APP_TEST_APP_2_SHARED_LABEL);
+ InstallAV(APP_TEST_AV_2, av_type);
+ InstallApp(APP_TEST_APP_3, APP_TEST_APP_3_DIR, app_path_type, APP_TEST_APP_3_SHARED_LABEL);
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ //test - get ACCESS label and check AV privilege
- result = test_have_nosmack_accesses(rules_wgt);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
+ char* tmp;
- result = perm_app_set_privilege(WGT_APP_ID, "wgt", WGT_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Result: " << result);
+ //get labels
+ result = smack_lgetlabel(APP_TEST_APP_1_DIR, &tmp, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
+ << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+ std::string label1(tmp);
+ free(tmp);
- //Even though app privileges are set, no smack label should be extracted.
- char* label = NULL;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == NULL, "new_label_from_self shouldn't allocate memory for label.");
+ result = smack_lgetlabel(APP_TEST_APP_2_DIR, &tmp, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
+ << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+ std::string label2(tmp);
+ free(tmp);
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_WGT);
-}
+ result = smack_lgetlabel(APP_TEST_APP_3_DIR, &tmp, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
+ << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+ std::string label3(tmp);
+ free(tmp);
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_wgt_partner test.
- *
- * Same as the above.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_partner_nosmack)
-{
- int result;
+ if(app_path_type == APP_PATH_GROUP_RW)
+ {
+ result = label1.compare(APP_TEST_APP_1_SHARED_LABEL);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
+ ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+
+ result = label2.compare(APP_TEST_APP_2_SHARED_LABEL);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
+ ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+
+ result = label3.compare(APP_TEST_APP_3_SHARED_LABEL);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
+ ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type);
+ }
- result = perm_app_enable_permissions(WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ std::stringstream ss;
- result = test_have_nosmack_accesses(rules_wgt_partner);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
+ //check AV accesses
+ if(smack_check())
+ {
+ ss << "APP_TEST_APP_1, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
+ ss.str(std::string());
+
+ ss << "APP_TEST_APP_2, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
+ ss.str(std::string());
+
+ ss << "APP_TEST_APP_3, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
+
+ ss << "APP_TEST_APP_1, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
+ ss.str(std::string());
+
+ ss << "APP_TEST_APP_2, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
+ ss.str(std::string());
+
+ ss << "APP_TEST_APP_3, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccess(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
+ }
+ else
+ {
+ ss << "APP_TEST_APP_1, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
+
+ ss.str(std::string());
+ ss << "APP_TEST_APP_2, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
+
+ ss.str(std::string());
+ ss << "APP_TEST_APP_3, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
+
+ ss << "APP_TEST_APP_1, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
+
+ ss.str(std::string());
+ ss << "APP_TEST_APP_2, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
+
+ ss.str(std::string());
+ ss << "APP_TEST_APP_3, line " << __LINE__ <<
+ ", av_type: " << av_type << ", app_path_type: " << app_path_type;
+ checkOnlyAvAccessNosmack(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
+ }
- result = perm_app_set_privilege(WGT_PARTNER_APP_ID, "wgt_partner", WGT_PARTNER_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Result: " << result);
+ DB_BEGIN
- //Even though app privileges are set, no smack label should be extracted.
- char* label = NULL;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == NULL, "new_label_from_self shouldn't allocate memory for label.");
+ //Clean up
+ perm_app_revoke_permissions(APP_TEST_AV_1);
+ perm_app_revoke_permissions(APP_TEST_AV_2);
+ perm_app_uninstall(APP_TEST_AV_1);
+ perm_app_uninstall(APP_TEST_AV_2);
+ perm_app_uninstall(APP_TEST_APP_1);
+ perm_app_uninstall(APP_TEST_APP_2);
+ perm_app_uninstall(APP_TEST_APP_3);
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_WGT);
+ DB_END
}
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_wgt_platform test.
- *
- * Same as the above.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_platform_nosmack)
+RUNNER_TEST(privilege_control24a_av_privilege_group_rw)
{
- int result;
-
- result = perm_app_enable_permissions(WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- result = test_have_nosmack_accesses(rules_wgt_platform);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
-
- result = perm_app_set_privilege(WGT_PLATFORM_APP_ID, "wgt_platform", WGT_PLATFORM_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Result: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = NULL;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == NULL, "new_label_from_self shouldn't allocate memory for label.");
-
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_WGT);
+ CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_GROUP_RW);
+ CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_GROUP_RW);
+ CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_GROUP_RW);
}
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_osp test.
- *
- * Same as the above.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_nosmack)
+RUNNER_TEST(privilege_control24b_av_privilege_settings_rw)
{
- int result;
-
- result = perm_app_enable_permissions(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- result = test_have_nosmack_accesses(rules_osp);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
-
- result = perm_app_set_privilege(OSP_APP_ID, NULL, OSP_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Result: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = NULL;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == NULL, "new_label_from_self shouldn't allocate memory for label.");
-
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_OSP);
+ CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_SETTINGS_RW);
+ CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_SETTINGS_RW);
+ CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_SETTINGS_RW);
}
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_osp_partner test.
- *
- * Same as the above.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_partner_nosmack)
+RUNNER_TEST(privilege_control24c_av_privilege_public_ro)
{
- int result;
-
- result = perm_app_enable_permissions(OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling app permissions. Result: " << result);
+ CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_PUBLIC_RO);
+ CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_PUBLIC_RO);
+ CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_PUBLIC_RO);
+}
- result = test_have_nosmack_accesses(rules_osp_partner);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added.");
+RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
+ int POSITIVE_ERROR_CODE = 1;
+ int NONEXISTING_ERROR_CODE = -239042;
+ const char *result;
- result = perm_app_set_privilege(OSP_PARTNER_APP_ID, NULL, OSP_PARTNER_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Result: " << result);
+ for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
+ RUNNER_ASSERT_MSG_BT(strcmp(perm_strerror(*itr), "Unknown error") != 0,
+ "Returned invalid error code description.");
+ }
- //Even though app privileges are set, no smack label should be extracted.
- char* label = NULL;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == NULL, "new_label_from_self shouldn't allocate memory for label.");
+ result = perm_strerror(POSITIVE_ERROR_CODE);
+ RUNNER_ASSERT_MSG_BT(strcmp(result, "Unknown error") == 0,
+ "Bad message returned for invalid error code: \"" << result << "\"");
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_OSP);
+ result = perm_strerror(NONEXISTING_ERROR_CODE);
+ RUNNER_ASSERT_MSG_BT(strcmp(result, "Unknown error") == 0,
+ "Bad message returned for invalid error code: \"" << result << "\"");
}
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_osp_platform test.
- *
- * Same as the above.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_platform_nosmack)
+RUNNER_TEST(privilege_control27_perm_app_get_privileges_empty)
{
+ char** pp_privileges = NULL;
int result;
+ CStringListPtr privileges;
- result = perm_app_enable_permissions(OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ DB_BEGIN
- result = test_have_nosmack_accesses(rules_osp_platform);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << perm_strerror(result));
- result = perm_app_set_privilege(OSP_PLATFORM_APP_ID, NULL, OSP_PLATFORM_APP_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Result: " << result);
+ result = perm_app_install(APP_ID);
- //Even though app privileges are set, no smack label should be extracted.
- char* label = NULL;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == NULL, "new_label_from_self shouldn't allocate memory for label.");
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << perm_strerror(result));
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE_OSP);
-}
+ DB_END
-/**
- * NOSMACK version of checkOnlyAvAccess function.
- *
- * Expects error instead of access granted/forbidden from smack_have_access.
- */
-void checkOnlyAvAccessNosmack(const char *av_id, const char *app_id, const char *comment)
-{
- int result;
- result = smack_have_access(av_id, app_id, "rwx");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result
- << " when testing " << comment);
- result = smack_have_access(av_id, app_id, "a");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result
- << " when testing " << comment);
- result = smack_have_access(av_id, app_id, "t");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result
- << " when testing " << comment);
+ result = perm_app_get_permissions(APP_ID, PERM_APP_TYPE_WGT, &pp_privileges);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_get_permissions failed: " << perm_strerror(result));
+ privileges.reset(pp_privileges);
+
+ RUNNER_ASSERT_MSG_BT(pp_privileges != NULL,
+ "perm_app_get_permissions failed to set pointer to cstring array");
+ RUNNER_ASSERT_MSG_BT(*pp_privileges == NULL,
+ "perm_app_get_permissions found permissions when not supposed to");
}
-/*
- * NOSMACK version of privilege_control10_app_register_av test.
- *
- * Uses NOSMACK version of checkOnlyAvAccess (mentioned above), rest of the test is identical to
- * it's SMACK version.
- */
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-RUNNER_TEST_NOSMACK(privilege_control10_app_register_av_nosmack)
+RUNNER_TEST(privilege_control27_perm_app_get_privileges)
{
+ char** pp_privileges = NULL;
int result;
+ size_t i;
+ CStringListPtr privileges;
- // cleaning
- smack_revoke_subject(APP_TEST_AV_1);
- smack_revoke_subject(APP_TEST_AV_2);
-
- cleaning_smack_app_files();
- cleaning_smack_database_files();
-
- // Adding two apps before antivir
- result = perm_app_install(APP_TEST_APP_1);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(APP_TEST_APP_2);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Adding antivir
- result = app_register_av(APP_TEST_AV_1);
- RUNNER_ASSERT_MSG(result == 0,
- "app_register_av returned " << result << ". Errno: " << strerror(errno));
-
- // Checking added apps accesses
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
-
- // Adding third app
- result = perm_app_install(APP_TEST_APP_3);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Checking app accesses
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)");
-
- // Adding second antivir
- result = app_register_av(APP_TEST_AV_2);
- RUNNER_ASSERT_MSG(result == 0,
- "app_register_av returned " << result << ". Errno: " << strerror(errno));
+ DB_BEGIN
- // Checking app accesses
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)");
- checkOnlyAvAccessNosmack(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)");
+ result = perm_app_uninstall(APP_ID);
- // cleaning
- smack_revoke_subject(APP_TEST_AV_1);
- smack_revoke_subject(APP_TEST_AV_2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << perm_strerror(result));
- cleaning_smack_app_files();
- cleaning_smack_database_files();
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << perm_strerror(result));
+
+ result = perm_app_setup_permissions(APP_ID, PERM_APP_TYPE_WGT, PRIVS);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_register_permissions failed: " << perm_strerror(result));
+
+ result = perm_app_setup_permissions(APP_ID, PERM_APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_register_permissions failed: " << perm_strerror(result));
+
+ result = perm_app_disable_permissions(APP_ID, PERM_APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_disable_permissions failed: " << perm_strerror(result));
+ DB_END
+
+ result = perm_app_get_permissions(APP_ID, PERM_APP_TYPE_WGT, &pp_privileges);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_get_permissions returned " << result << ": " << perm_strerror(result));
+ privileges.reset(pp_privileges);
+
+ for(i = 0; pp_privileges[i] != NULL; ++i) {
+ RUNNER_ASSERT_MSG_BT(PRIVS[i] != NULL,
+ "perm_app_get_permissions returned too many permissions");
+ RUNNER_ASSERT_MSG_BT(strcmp(pp_privileges[i], PRIVS[i]) == 0,
+ "perm_app_get_permissions returned wrong permission, " << pp_privileges[i] <<
+ " != " << PRIVS[i]);
+ }
+ RUNNER_ASSERT_MSG_BT(PRIVS[i] == NULL,
+ "perm_app_get_permissions returned too few enabled permissions");
}
-#pragma GCC diagnostic warning "-Wdeprecated-declarations"
-/**
- * NOSMACK version of privilege_control11_app_enable_permissions test.
- *
- * Since the original test did the same thing around five times, there is no need to redo the
- * same test for perm_app_enable_permissions. perm_app_enable_permissions will be called once,
- * test_have_nosmack_accesses will check if smack_have_access still returns error and then
- * we will check if SMACK file was correctly created.
- */
-RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack)
+RUNNER_TEST(privilege_control28_perm_app_get_paths_empty)
{
+ char **pp_paths = NULL;
int result;
- std::fstream fs;
+ CStringListPtr paths;
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ DB_BEGIN
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling app permissions. Result: " << result);
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << perm_strerror(result));
- //Check if accesses aren't added
- result = test_have_nosmack_accesses(rules2);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " <<
+ perm_strerror(result));
- //File exists?
- fs.open(SMACK_RULES_DIR APP_ID, std::ios_base::in | std::ios_base::binary);
- RUNNER_ASSERT_MSG(fs.good(), "Couldn't open SMACK file.");
+ DB_END
- //Is it empty?
- fs.seekg(0, std::ifstream::end);
- RUNNER_ASSERT_MSG(fs.tellg() > 0, "SMACK file empty with persistant mode 1.");
+ result = perm_app_get_paths(APP_ID, PERM_APP_PATH_PUBLIC, &pp_paths);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_get_paths failed: " <<
+ perm_strerror(result));
+ paths.reset(pp_paths);
- //Clean up
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ RUNNER_ASSERT_MSG_BT(pp_paths != NULL,
+ "perm_app_get_paths failed to set pointer to cstring array");
+ RUNNER_ASSERT_MSG_BT(*pp_paths == NULL, "perm_app_get_paths found paths when not supposed to");
}
-/**
- * NOSMACK version of privilege_control13 test.
- *
- * Uses perm_app_reset_permissions and checks with test_have_nosmack_accesses if nothing has
- * changed.
- */
-RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack)
+RUNNER_TEST(privilege_control28_perm_app_get_paths)
{
+ char **pp_paths = NULL;
int result;
+ size_t i;
+ size_t DIR_NUM = 3;
+ CStringListPtr paths;
+ std::vector<Directory> test_paths;
+
+ for (i = 0; i < DIR_NUM; ++i) {
+ test_paths.push_back(Directory("/tmp/dir" + std::to_string(i), 0));
+ RUNNER_ASSERT_MSG_BT(test_paths[i].isCreated(), "failed to create a directory " <<
+ test_paths[i].path() << ": " << strerror(test_paths[i].errorCode()));
+ }
- // Prepare permissions to reset
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
+ DB_BEGIN
- // Reset permissions
- result = perm_app_reset_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error reseting app permissions. Result: " << result);
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed: " <<
+ perm_strerror(result));
- result = test_have_nosmack_accesses(rules2);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be changed. Result: " << result);
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " <<
+ perm_strerror(result));
- // Disable permissions
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-}
+ for (auto itr = test_paths.begin(); itr != test_paths.end(); ++itr) {
+ result = perm_app_setup_path(APP_ID, itr->path().c_str(), PERM_APP_PATH_PUBLIC);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path failed: " << perm_strerror(result));
+ }
-/**
- * NOSMACK version of privilege_control14 test.
- *
- * Similarily as app_enable_permissions test. This time perm_app_add_friend is called twice, once
- * when both friends exist, and then when one of them doesn't exist. Other tests are not required -
- * results would be the same as earlier.
- */
-RUNNER_TEST_NOSMACK(privilege_control14_app_add_friend_nosmack)
-{
- int result;
+ DB_END
- result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ result = perm_app_get_paths(APP_ID, PERM_APP_PATH_PUBLIC, &pp_paths);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_get_paths failed: " <<
+ perm_strerror(result));
+ paths.reset(pp_paths);
- perm_app_uninstall(APP_FRIEND_1);
- perm_app_uninstall(APP_FRIEND_2);
+ for(i = 0; pp_paths[i] != NULL; ++i) {
+ RUNNER_ASSERT_MSG_BT(i < test_paths.size(), "perm_app_get_paths returned too many paths");
+ RUNNER_ASSERT_MSG_BT(test_paths[i].path() == pp_paths[i],
+ "perm_app_get_paths returned unexpected path, " << pp_paths[i] << " != " <<
+ test_paths[i].path());
+ }
+ RUNNER_ASSERT_MSG_BT(i == test_paths.size(), "perm_app_get_paths returned too few paths");
- //Regular test.
-
- //Installing friends to be
- result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error installing first app. Result: " << result);
- result = perm_app_install(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error installing second app. Result: " << result);
-
- //Making friends
- result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error during friend making. Result: " << result);
-
- //Same as previous tests, smack_have_access should error.
- result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "rwxat");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result);
- result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "rwxat");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result);
-
- //Clean up
- result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- perm_app_uninstall(APP_FRIEND_1);
- perm_app_uninstall(APP_FRIEND_2);
-
-
- //Befriending with imaginary friend.
-
- //Installing one friend
- result = perm_app_install(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error installing first app. Result: " << result);
-
- //Adding imaginairy friend as second
- result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error making friends (first) with imaginairy friend failed. Result: " << result);
- //Adding imaginairy friend as first
- result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error making friends (second) with imaginairy friend failed. Result: " << result);
-
- //Same as previous tests, smack_have_access should error.
- result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "rwxat");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result);
- result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "rwxat");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error (SMACK is off). Result: " << result);
-
- //Clean up
- result = perm_app_revoke_permissions(APP_FRIEND_1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
- result = perm_app_revoke_permissions(APP_FRIEND_2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- perm_app_uninstall(APP_FRIEND_1);
- perm_app_uninstall(APP_FRIEND_2);
-}
-
-/**
- * NOSMACK version of privilege_control15_app_id_from_socket.
- *
- * SMACK version of this test case utilised smack_new_label_from_self and smack_set_label_for_self.
- * Those functions rely on /proc/self/attr/current file, which is unreadable and has no contents on
- * NOSMACK environment. Functions mentioned above were tested during libsmack tests, so they are
- * assumed to react correctly and are not tested in this test case.
- *
- * This test works similarily to libsmack test smack09_new_label_from_socket. At first server and
- * client are created then sockets are set up and perm_app_id_from_socket is used. On NOSMACK env
- * correct behaviour for perm_app_id_from_socket would be returning NULL label.
- */
-RUNNER_TEST_NOSMACK(privilege_control15_app_id_from_socket_nosmack)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
-
- //Clean up before creating socket
- unlink(SOCK_PATH);
-
- //Create our server and client with fork
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
-
- if (!pid) { //child (server)
- int sock, result, fd;
-
- //Create a socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
-
- //Bind socket to address
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- if (result != 0) {
- close(sock);
- RUNNER_ASSERT_MSG(false, "bind failed: " << strerror(errno));
- }
-
- //Prepare for listening
- result = listen(sock, 1);
- if (result != 0) {
- close(sock);
- RUNNER_ASSERT_MSG(false, "listen failed: " << strerror(errno));
- }
-
- //Accept connection
- alarm(2);
- fd = accept(sock, NULL, NULL);
- alarm(0);
- RUNNER_ASSERT_MSG(fd >= 0, "accept failed: " << strerror(errno));
-
- //Wait a little bit for client to use perm_app_id_from_socket
- usleep(200);
-
- //cleanup
- close(sock);
- exit(0);
- } else { //parent (client)
- // Give server some time to setup listening socket
- sleep(1);
- int sock, result;
- char* smack_label = NULL;
-
- //Create socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno));
-
- //Try connecting to address
- result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- if (result != 0) {
- close(sock);
- RUNNER_ASSERT_MSG(0, "connect failed: " << strerror(errno));
- }
-
- //Use perm_app_id_from_socket. Should fail and return NULL smack_label.
- smack_label = perm_app_id_from_socket(sock);
- if (smack_label != NULL) {
- close(sock);
- RUNNER_ASSERT_MSG(0, "perm_app_id_from_socket should fail.");
- }
-
- //cleanup
- close(sock);
- waitpid(pid, NULL, 0);
- }
-}
-
-/**
- * Next three functions are defined only because of NOSMACK environment.
- *
- * Inside check_labels_dir_nosmack, smack_have_access should expect error, not access granted.
- */
-int check_labels_dir_nosmack(const char *fpath, const struct stat *sb,
- const char *labels_db_path, const char *dir_db_path,
- const char *access)
-{
- int result;
- char* label;
- char* label_gen;
- char label_temp[SMACK_LABEL_LEN + 1];
- std::fstream fs_db;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path. Result: " << result);
- RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- if (result != 0) {
- free(label_gen);
- RUNNER_ASSERT_MSG(false, "Could not get label for the path. Result: " << result);
- }
- if (label != NULL) {
- free(label_gen);
- free(label);
- RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set.");
- }
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- if (result != 0) {
- free(label_gen);
- free(label);
- RUNNER_ASSERT_MSG(false, "Could not get label for the path. Result: " << result);
- }
- if (S_ISDIR(sb->st_mode)) {
- if (label == NULL) {
- free(label_gen);
- free(label);
- RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set");
- }
- result = strcmp("TRUE", label);
- if (result != 0) {
- free(label_gen);
- free(label);
- RUNNER_ASSERT_MSG(false,
- "TRANSMUTE label on " << fpath << " is not set to TRUE Result: " << result);
- }
- } else if (label != NULL) {
- free(label_gen);
- free(label);
- RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set");
- }
-
- free(label);
-
- fs_db.open(labels_db_path, std::ios_base::in);
- if (!(fs_db.good())) {
- free(label_gen);
- RUNNER_ASSERT_MSG(false, "Can not open database for apps");
- }
-
- while(!fs_db.eof()) {
- fs_db.getline(label_temp, 255);
- result = smack_have_access(label_temp, label_gen, access);
- if (result != -1) { //expect error, not access granted
- free(label_gen);
- RUNNER_ASSERT_MSG(false, "smack_have_access should fail. Result: " << result);
- }
- }
-
- fs_db.close();
-
- fs_db.open(dir_db_path, std::ios_base::in);
- if (!fs_db.good()) {
- free(label_gen);
- RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
- }
-
- bool is_dir = false;
- while(!fs_db.eof()) {
- fs_db.getline(label_temp, 255);
- if (strcmp(label_gen, label_temp) == 0) {
- is_dir = true;
- break;
- }
- }
-
- free(label_gen);
-
- RUNNER_ASSERT_MSG(is_dir, "Error autogenerated label is not in dirs db.");
-
- return 0;
-}
-
-int nftw_check_labels_app_public_dir_nosmack(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return check_labels_dir_nosmack(fpath, sb,
- SMACK_APPS_LABELS_DATABASE,
- SMACK_PUBLIC_DIRS_DATABASE, "rx");
-}
-
-int nftw_check_labels_app_settings_dir_nosmack(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return check_labels_dir_nosmack(fpath, sb,
- SMACK_APPS_SETTINGS_LABELS_DATABASE,
- SMACK_SETTINGS_DIRS_DATABASE, "rwx");
-}
-
-/**
- * NOSMACK version of privilege_control18 test.
- *
- * Uses NOSMACK version of nftw_check_labels_app_public_dir.
- */
-RUNNER_TEST_NOSMACK(privilege_control18_app_setup_path_public_nosmack)
-{
- int result;
-
- cleaning_smack_database_files();
- add_lables_to_db();
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_APP_DIR << ". Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR << ". Result: " << result);
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed. Result: " << result);
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_dir_nosmack, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to check Smack labels for shared app dir. Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to check Smack labels for non-app dir. Result: " << result);
-
- cleaning_smack_database_files();
-}
-
-/**
- * NOSMACK version of privilege_control19 test.
- *
- * Uses NOSMACK version of nftw_check_labels_app_settings_dir.
- */
-RUNNER_TEST_NOSMACK(privilege_control19_app_setup_path_settings_nosmack)
-{
- int result;
-
- cleaning_smack_database_files();
- add_lables_to_db();
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_APP_DIR << ". Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR << ". Result: " << result);
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed. Result: " << result);
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_settings_dir_nosmack, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to check Smack labels for shared app dir. Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to check Smack labels for non-app dir. Result: " << result);
-
- cleaning_smack_database_files();
-}
-
-/**
- * NOSMACK version of privielge_control21b test.
- *
- * Instead of error caused by incorrect params expect access granted, becuase SMACK is off.
- */
-RUNNER_TEST_NOSMACK(privilege_control21b_incorrect_params_smack_pid_have_access_nosmack)
-{
- int result = smack_pid_have_access(PID_CORRECT, "some_object", NULL);
- RUNNER_ASSERT_MSG(result == 1,
- "smack_pid_have_access should return access granted. Result: " << result);
-
- result = smack_pid_have_access(PID_CORRECT, NULL, "rw");
- RUNNER_ASSERT_MSG(result == 1,
- "smack_pid_have_access should return access granted. Result: " << result);
-
- result = smack_pid_have_access(PID_CORRECT, NULL, "rw");
- RUNNER_ASSERT_MSG(result == 1,
- "smack_pid_have_access should return access granted. Result: " << result);
-
- result = smack_pid_have_access(PID_INCORRECT, "some_object", "rw");
- RUNNER_ASSERT_MSG(result == 1,
- "smack_pid_have_access should return access granted. Result: " << result);
-}
-
-/**
- * Test - Simulation of 100 installations and uninstallations of one application.
- * Installed application will have various kind of permissions from api
- * features and shared folders.
- */
-RUNNER_TEST(privilege_control22_app_installation_1x100)
-{
- int result;
- std::string shared_dir_auto_label;
-
- // Clear any previously created apps, files, labels and permissions
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_APP_DIR
- << ". Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_NON_APP_DIR
- << ". Result: " << result);
-
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
+ DB_BEGIN
result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
- // remove api features by deleting files
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
-
- cleaning_smack_database_files();
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling App-Setting permissions. Result: " << result);
-
- // Install one additional app (used to check perm to shared directories)
- result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
-
- // Check whether api-feature's smack files are created
-// TODO Remove this check when new database is introduced
- result = file_exists(FILE_PATH_TEST_OSP_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test OSP Api Feature file is not created.");
- result = file_exists(FILE_PATH_TEST_WGT_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test WGT API Feature file is not created.");
-
- // Install app loop
- for (int i = 0; i < 100; ++i)
- {
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Loop index: " << i
- << ". Result: " << result);
-
- // add persistent api feature permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from OSP Feature. Loop index: "
- << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. Loop index: "
- << i << ". Result: " << result);
-
- // add shared dirs
- switch (i%2) // separate odd and even loop runs
- {
- case 0: // Shared dirs: APP_PATH_PRIVATE & APP_PATH_PUBLIC_RO
- {
- // Add app shared dir - APP_PATH_PRIVATE
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Verify that some previously installed app does not have any acces
- // to APP_ID private label
- result = test_have_any_accesses(rules_to_test_any_access1);
- RUNNER_ASSERT_MSG(result == 0,
- "Error - other app has access to private label. Loop index: "
- << i);
-
- // Get autogenerated Public RO label
- char *label;
- result = smack_getlabel(TEST_NON_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, shared_dir_auto_label.c_str(), "rwxatl" },
- { TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Public RO dir are granted. Loop index: "
- << i);
-
- break;
- }
- case 1: // Shared dirs: APP_PATH_APPSETTING_RW & APP_PATH_GROUP_RW
- {
- // Add app shared dir - APP_PATH_SETTINGS_RW
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Get autogenerated App-Setting label
- char *label;
- result = smack_getlabel(TEST_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app dir
- // and rx permissions to app
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, shared_dir_auto_label.c_str(), "rwxatl" },
- { APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx" },
- { APP_TEST_SETTINGS_ASP1, APP_ID, "rx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to App-Setting dir are granted. Loop index: "
- << i);
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, APPID_SHARED_DIR, "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- break;
- }
- } // END switch
-
- // check if api-features permissions are added properly
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added. Loop index: "
- << i);
-
- // revoke permissions
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
- result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
-
- // check if api-features permissions are removed properly
- result = test_have_any_accesses(rules_to_test_any_access2);
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions revoked. Loop index: " << i);
-
- // check if shared dir and app-setting permissions are removed properly
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(APP_ID, shared_dir_auto_label.c_str()));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(APP_ID, APPID_SHARED_DIR));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(TEST_OSP_FEATURE_APP_ID,
- shared_dir_auto_label.c_str()));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(APP_TEST_SETTINGS_ASP1,
- shared_dir_auto_label.c_str()));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
-
- // remove labels from app folder
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
- // remove labels from shared folder
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
-
- // uninstall app
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Loop index: " << i
- << ". Result: " << result);
- } // END Install app loop
-
- // Uninstall setting app and additional app
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- // Remove api features
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
-
- cleaning_smack_database_files();
-}
-
-/**
- * Test - Simulation of 10 installations and uninstallations of set of 10 applications.
- * Installed applications will have various kind of permissions to each other
- * from api-features and shared folders.
- *
- * APP_TEST_SETTINGS_ASP1 ("test-app-settings-asp1") - registered as setting app
- *
- * Permissions:
- * test_APP0-4 - receive test_osp_feature_rule_set2
- * test_APP5-9 - receive test_wgt_feature_rule_set2
- *
- * During this test there is one directory created for each app for each loop run,
- * dir name syntax is: /tmp/<app_name>_<i-loop_run>
- *
- * test_APP0 & test_APP5 register their directories as APP_PATH_PRIVATE
- * test_APP1, test_APP2 & test_APP6 register their directories as
- * APP_PATH_GROUP_RW using the same label
- * APPID_SHARED_DIR = "test_APP_ID_shared_dir"
- * test_APP3, test_APP7 & test_APP8 register their directories as
- * APP_PATH_PUBLIC_RO
- * test_APP4 & test_APP9 register their directories as
- * APP_PATH_SETTINGS_RW
- */
-RUNNER_TEST(privilege_control23_app_installation2_10x10)
-{
- int result;
- const int app_count = 10;
- std::string shared_dir3_auto_label;
- std::string shared_dir7_auto_label;
- std::string shared_dir8_auto_label;
- std::string setting_dir4_auto_label;
- std::string setting_dir9_auto_label;
- char app_ids[app_count][strlen(APP_ID) + 3];
- char app_dirs[app_count][strlen(APP_ID) + 12];
- const char *test_osp_feature_rule_set2[] = { "~APP~ " APP_ID "6 r",
- "~APP~ " APP_ID "7 rxl",
- "~APP~ " APP_ID "8 rwxal",
- "~APP~ " APP_ID "9 rwxatl",
- NULL };
- const char *test_wgt_feature_rule_set2[] = { "~APP~ " APP_ID "1 r",
- "~APP~ " APP_ID "2 rxl",
- "~APP~ " APP_ID "3 rwxal",
- "~APP~ " APP_ID "4 rwxatl",
- NULL };
-
-
- // generate app ids: test_APP0, test_APP1, test_APP2 etc
- for (int i = 0; i < app_count; ++i)
- {
- result = sprintf(app_ids[i], APP_ID "%d", i);
- RUNNER_ASSERT_MSG(result > 0, "Cannot generate name for app nr: " << i);
- }
-
- // Clear any previously created apps, files, labels and permissions
- for (int i = 0; i < app_count; ++i)
- {
- result = perm_app_revoke_permissions(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions for app: "
- << app_ids[i] << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[i] << ". Result: " << result);
- }
-
- // remove api feature by deleting the file
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
-
- cleaning_smack_database_files();
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions."
- << " Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall."
- << " Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install."
- << " Result: " << result);
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling App-Setting permissions."
- << " Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set2, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set2, NULL, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
-
- // Check whether api-feature's smack files are created
-// TODO Remove this check when new database is introduced
- result = file_exists(FILE_PATH_TEST_OSP_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test OSP Api Feature file is not created.");
- result = file_exists(FILE_PATH_TEST_WGT_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test WGT API Feature file is not created.");
-
- // Install apps loop
- for (int i = 0; i < 10; ++i)
- {
- // Install 10 apps
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_install(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. App id: "
- << app_ids[j]
- << " Loop index: " << i
- << ". Result: " << result);
-
- // Create 10 directories
- result = sprintf(app_dirs[j],"/tmp/" APP_ID "%d_%d", j, i);
- RUNNER_ASSERT_MSG(result > 0,
- "Cannot generate directory name for app nr: " << j
- << " Loop index: " << i);
- result = mkdir(app_dirs[j], S_IRWXU | S_IRGRP | S_IXGRP);
- RUNNER_ASSERT_MSG(result == 0 || errno == EEXIST,
- "Cannot create directory: " << app_dirs[j]);
- result = nftw(app_dirs[j], &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << app_dirs[j]
- << ". Result: " << result);
- }
-
- // Give permissions from api-features
- for (int j = 0; j < (app_count/2); ++j)
- {
- // add persistent api feature permissions
- result = perm_app_enable_permissions(app_ids[j], APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from OSP Feature. App id: "
- << app_ids[j] << " Loop index: " << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(app_ids[j+5], APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. App id: "
- << app_ids[j] << " Loop index: " << i << ". Result: " << result);
- }
-
- // Add app shared dirs - APP_PATH_PRIVATE (apps 0, 5)
- result = perm_app_setup_path(app_ids[0], app_dirs[0], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[0]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[5], app_dirs[5], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[5]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW (apps 1, 2, 6)
- result = perm_app_setup_path(app_ids[1], app_dirs[1],
- APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[2], app_dirs[2],
- APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[2]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[6], app_dirs[6],
- APP_PATH_GROUP_RW, APPID_SHARED_DIR);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[6]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO (apps 3, 7, 8)
- result = perm_app_setup_path(app_ids[3], app_dirs[3],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[7], app_dirs[7],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[7]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[8], app_dirs[8],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[8]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_SETTINGS_RW (apps ,4, 9)
- result = perm_app_setup_path(app_ids[4], app_dirs[4],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[4]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[9], app_dirs[9],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[9]
- << " Loop index: " << i << ". Result: " << result);
-
- // Verify that some previously installed app does not have
- // any acces to app 0 and app 5 PRIVATE folders
- for (int j = 0; j < app_count; ++j)
- {
- // Apps 1-9 should not have any access to app 0
- if (j != 0)
- {
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0])
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[0] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
-
- // Apps 0-4 and 6-9 should not have any access to app 5
- if (j != 5)
- {
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5])
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[5] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
- } // End for Verify PRIVATE
-
- // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[1], APPID_SHARED_DIR, "rwxatl" },
- { app_ids[2], APPID_SHARED_DIR, "rwxatl" },
- { app_ids[6], APPID_SHARED_DIR, "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- // Get autogenerated Public_RO labels
- char *label;
- result = smack_getlabel(app_dirs[3], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[3]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir3_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[7], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[7]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir7_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[8], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[8]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir8_auto_label = label;
- free(label);
-
- // Verify that all apps have ro permissions to public folders of apps 3, 7 and 8
- // Also apps 3, 7 and 8 should have all permisisons to their own PUBLIC_RO dirs
- for (int j = 0; j < app_count; ++j)
- {
- if (j == 3)
- {
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // Verify that there are no extra permissions to public dirs
- result = test_have_any_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 0,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);
- }
- if (j == 7)
- {
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // Verify that there are no extra permissions to public dirs
- result = test_have_any_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 0,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);
- }
- if (j == 8)
- {
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // Verify that there are no extra permissions to other public dirs
- result = test_have_any_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 0,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);
- }
-
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Public RO dirs are granted. App id: "
- << app_ids[j] << ". Loop index: " << i);
- } // End for Verify PUBLIC_RO
-
- // Get autogenerated SETTING_RW labels
- result = smack_getlabel(app_dirs[4], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[4] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir4_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[9], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[9] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir9_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app-settings dirs and rx to apps
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl" },
- { app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl" },
- { APP_TEST_SETTINGS_ASP1, app_ids[4], "rx" },
- { APP_TEST_SETTINGS_ASP1, app_ids[9], "rx" },
- { APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx" },
- { APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to App-Setting dir are granted. Loop index: "
- << i);
-
-
-
- // Check if api-features permissions are added properly
- for (int j = 0; j < 5; ++j)
- {
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], app_ids[6], "r" },
- { app_ids[j], app_ids[7], "rxl" },
- { app_ids[j], app_ids[8], "rwxal" },
- { app_ids[j], app_ids[9], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- for (int j = 5; j < app_count; ++j)
- {
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[j], app_ids[1], "r" },
- { app_ids[j], app_ids[2], "rxl" },
- { app_ids[j], app_ids[3], "rwxal" },
- { app_ids[j], app_ids[4], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- // Revoke permissions
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_revoke_permissions(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. App id: "
- << app_ids[j] << " Loop index: " << i
- << ". Result: " << result);
- }
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions for setting app. Loop index: "
- << i << ". Result: " << result);
-
- // Check if permissions are removed properly
- for (int j = 0; j < app_count; ++j)
- {
- // To all other apps
- for (int k = 0; k < app_count; ++k)
- if (j != k)
- {
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k])
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions revoked. Subject: " << app_ids[j]
- << " Object: " << app_ids[k] << " Loop index: " << i);
- }
-
- // Check if permissions to shared dirs are removed properly
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- shared_dir3_auto_label.c_str())
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- shared_dir7_auto_label.c_str())
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- shared_dir8_auto_label.c_str())
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- APPID_SHARED_DIR)
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- }
-
- // Remove labels from folders and uninstall all apps
- for (int j = 0; j < app_count; ++j)
- {
- result = nftw(app_dirs[j], &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS); // rm labels from app folder
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: "
- << app_dirs[j] << " . Loop index: " << i
- << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[j] << " . Loop index: " << i
- << ". Result: " << result);
- }
-
- // Remove created dirs
- for (int j = 0; j < app_count; ++j)
- {
- result = rmdir(app_dirs[j]);
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot remove directory: " << app_dirs[j]);
- }
- } // END Install app loop
-
- // Uninstall setting app
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- // Remove api features
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed: " <<
+ perm_strerror(result));
- cleaning_smack_database_files();
+ DB_END
}
projects / platform / core / test / security-tests.git / blobdiff