#include <memory.h>
#include <summary_collector.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/xattr.h>
+#include <linux/xattr.h>
+
#include <libprivilege-control_test_common.h>
#include <tests_common.h>
#include <security-manager.h>
+#include <sm_db.h>
DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
-static const char* SM_APP_ID = "sm_test_app_id";
-static const char* SM_PKG_ID = "sm_test_pkg_id";
+static const char *const LABELLED_BINARY_PATH = "/usr/bin/test-app-efl";
+
+static const char *const SM_APP_ID1 = "sm_test_app_id_double";
+static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
+
+static const char *const SM_APP_ID2 = "sm_test_app_id_full";
+static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
+
+static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
+static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
-static uid_t SM_ALLOWED_UID1 = 6666;
-static uid_t SM_ALLOWED_UID2 = 7777;
+static const privileges_t SM_ALLOWED_PRIVILEGES = {
+ "security_manager_test_rules2_r",
+ "security_manager_test_rules2_no_r"
+};
+
+static const privileges_t SM_DENIED_PRIVILEGES = {
+ "security_manager_test_rules1",
+ "security_manager_test_rules2"
+};
-static const char* SM_ALLOWED_PERMISSION1 = "security_manager_test_rules2_r";
-static const char* SM_ALLOWED_PERMISSION2 = "security_manager_test_rules2_no_r";
+static const char *const XATTR_NAME_TIZENEXEC = XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
static const rules_t SM_ALLOWED_RULES = {
{ USER_APP_ID, "test_sm_book_8", "r" },
{ "test_sm_subject_7", USER_APP_ID, "rwx" }
};
-static const char* SM_DENIED_PERMISSION1 = "security_manager_test_rules1";
-static const char* SM_DENIED_PERMISSION2 = "security_manager_test_rules2";
+static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir";
+static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public";
+static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
+static const char *const SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
+static const char *const SM_PRIVATE_PATH_FOR_USER_5000 = "/home/app/securitytests/test_DIR";
-static const char* SM_ALLOWED_PATH = TEST_APP_DIR;
-static const char* SM_DENIED_PATH = TEST_NON_APP_DIR;
-RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
+static bool isLinkToExec(const char *fpath, const struct stat *sb)
+{
+
+ struct stat buf;
+ char *target;
+ int ret;
+
+ // check if it's a link
+ if ( !S_ISLNK(sb->st_mode))
+ return false;
+
+ target = realpath(fpath, NULL);
+ RUNNER_ASSERT_MSG_BT(target != 0, "Could not obtain real path from link.");
+
+ ret = stat(target, &buf);
+ RUNNER_ASSERT_MSG_BT(ret == 0, "Could not obtain real path's stat from link.");
+
+ if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG))
+ return false;
+
+
+ return true;
+}
+
+static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
+ const char* correctLabel, bool transmute_test, bool exec_test)
+{
+ int result;
+ CStringPtr labelPtr;
+ char* label = NULL;
+
+ /* ACCESS */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set");
+ result = strcmp(correctLabel, label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"
+ " (should be '" << correctLabel << "' and is '" << label << "')");
+
+
+ /* EXEC */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+
+ if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
+ RUNNER_ASSERT_MSG_BT(label != NULL, "EXEC label on " << fpath << " is not set");
+ result = strcmp(correctLabel, label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect EXEC label on executable file " << fpath);
+ } else
+ RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
+
+
+ /* LINK TO EXEC */
+ if (isLinkToExec(fpath, sb) && exec_test) {
+ char buf[SMACK_LABEL_LEN+1];
+ result = lgetxattr(fpath, XATTR_NAME_TIZENEXEC, buf, sizeof(buf));
+ RUNNER_ASSERT_MSG_BT(result != -1, "Could not get label for the path "
+ << fpath << "("<<strerror(errno)<<")");
+ buf[result]='\0';
+ result = strcmp(correctLabel, buf);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect TIZEN_EXEC_LABEL attribute"
+ " on link to executable " << fpath);
+ }
+
+
+
+ /* TRANSMUTE */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+
+ if (S_ISDIR(sb->st_mode) && transmute_test == true) {
+ RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set at all");
+ RUNNER_ASSERT_MSG_BT(strcmp(label,"TRUE") == 0,
+ "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
+ } else {
+ RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set");
+ }
+
+ return 0;
+}
+
+
+static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
+}
+
+static int nftw_check_sm_labels_app_public_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+
+ return nftw_check_sm_labels_app_dir(fpath, sb, "User", true, false);
+}
+
+static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+
+ return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
+}
static app_inst_req* do_app_inst_req_new()
{
{
int result;
- result = nftw(SM_ALLOWED_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_ALLOWED_PATH);
+ result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
+
+ result = nftw(SM_PUBLIC_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_PATH);
+
+ result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
}
+static void prepare_app_env()
+{
+ prepare_app_path();
+}
+
+/* TODO: add parameters to this function */
static void check_app_path_after_install()
{
int result;
- result = nftw(SM_ALLOWED_PATH, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_ALLOWED_PATH);
+ result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
+
+ result = nftw(SM_PUBLIC_PATH, &nftw_check_sm_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_PATH);
+
+ result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
}
-static void check_app_permission_after_install()
+static void check_app_permissions(const char *const app_id, const char *const pkg_id,
+ const privileges_t &allowed_privs, const privileges_t &denied_privs,
+ const rules_t &allowed_rules, const rules_t &denied_rules)
{
bool result;
- result = check_all_accesses(smack_check(), SM_ALLOWED_RULES);
+ result = check_all_accesses(smack_check(), allowed_rules);
RUNNER_ASSERT_MSG_BT(result, "Permissions not added.");
- result = check_no_accesses(smack_check(), SM_DENIED_RULES);
+ result = check_no_accesses(smack_check(), denied_rules);
RUNNER_ASSERT_MSG_BT(result, "Permissions added.");
- check_perm_app_has_permission(USER_APP_ID, SM_ALLOWED_PERMISSION1, true);
- check_perm_app_has_permission(USER_APP_ID, SM_ALLOWED_PERMISSION2, true);
- check_perm_app_has_permission(USER_APP_ID, SM_DENIED_PERMISSION1, false);
- check_perm_app_has_permission(USER_APP_ID, SM_DENIED_PERMISSION2, false);
+ /* TODO: USER_APP_ID is hardcoded in the following checks, because libprivilege always generate
+ * label "User" for all installed apps. Adjust it when libprivilege is upgraded. */
+ (void)app_id; // unused parameter
+ (void)pkg_id; // unused parameter
+
+ for (auto it = allowed_privs.begin(); it != allowed_privs.end(); ++it)
+ check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), true);
+
+ for (auto it = denied_privs.begin(); it != denied_privs.end(); ++it)
+ check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), false);
}
-static void prepare_app_env()
+static void check_app_after_install(const char *const app_id, const char *const pkg_id,
+ const privileges_t &allowed_privs, const privileges_t &denied_privs,
+ const rules_t &allowed_rules, const rules_t &denied_rules)
{
- prepare_app_path();
+ TestSecurityManagerDatabase dbtest;
+ dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
+ dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
+
+ check_app_permissions(app_id, pkg_id,
+ allowed_privs, denied_privs,
+ allowed_rules, denied_rules);
}
-static void check_app_env_after_install()
+static void check_app_after_install(const char *const app_id, const char *const pkg_id)
{
- check_app_path_after_install();
- check_app_permission_after_install();
+ TestSecurityManagerDatabase dbtest;
+ dbtest.test_db_after__app_install(app_id, pkg_id);
+}
+
+static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
+ const privileges_t &privileges, const bool is_pkg_removed)
+{
+ TestSecurityManagerDatabase dbtest;
+ dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
+}
+
+static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
+ const bool is_pkg_removed)
+{
+ TestSecurityManagerDatabase dbtest;
+ dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
}
-RUNNER_TEST(security_manager_01_app_install_unsinstall)
+static void install_app(const char *app_id, const char *pkg_id)
{
int result;
AppInstReqUniquePtr request;
+ request.reset(do_app_inst_req_new());
- prepare_app_env();
+ result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting pkg id failed. Result: " << result);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing app failed. Result: " << result);
+
+ check_app_after_install(app_id, pkg_id);
+
+}
+
+static void uninstall_app(const char *app_id, const char *pkg_id,
+ bool expect_installed, bool expect_pkg_removed)
+{
+ int result;
+ AppInstReqUniquePtr request;
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG_BT(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling app failed. Result: " << result);
+
+ check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
+}
+
+
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
+
+
+RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
+{
+ int result;
+ AppInstReqUniquePtr request;
request.reset(do_app_inst_req_new());
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID);
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting app id failed. Result: " << result);
- result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID);
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting pkg id failed. Result: " << result);
- result = security_manager_app_inst_req_add_allowed_user(request.get(), SM_ALLOWED_UID1);
+ result = security_manager_app_install(request.get());
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed user failed. Result: " << result);
- result = security_manager_app_inst_req_add_allowed_user(request.get(), SM_ALLOWED_UID2);
+ "installing app failed. Result: " << result);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing already installed app failed. Result: " << result);
+
+ /* Check records in the security-manager database */
+ check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
+
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed user failed. Result: " << result);
+ "setting app id failed. Result: " << result);
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PERMISSION1);
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling app failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling already uninstalled app failed. Result: " << result);
+
+ /* Check records in the security-manager database */
+ check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
+}
+
+RUNNER_TEST(security_manager_02_app_install_uninstall_full)
+{
+ int result;
+ AppInstReqUniquePtr request;
+
+ prepare_app_env();
+
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting pkg id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting allowed permission failed. Result: " << result);
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PERMISSION2);
+ result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting allowed permission failed. Result: " << result);
- result = security_manager_app_inst_req_add_path(request.get(), SM_ALLOWED_PATH,
+ result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
SECURITY_MANAGER_PATH_PRIVATE);
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting allowed path failed. Result: " << result);
+ result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_PATH,
+ SECURITY_MANAGER_PATH_PUBLIC);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed path failed. Result: " << result);
+
+ result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
+ SECURITY_MANAGER_PATH_PUBLIC_RO);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed path failed. Result: " << result);
+
result = security_manager_app_install(request.get());
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"installing app failed. Result: " << result);
- check_app_env_after_install();
+ /* Check records in the security-manager database */
+ check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
+ SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES,
+ SM_ALLOWED_RULES, SM_DENIED_RULES);
+
+ /* TODO: add parameters to this function */
+ check_app_path_after_install();
request.reset(do_app_inst_req_new());
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID);
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting app id failed. Result: " << result);
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"uninstalling app failed. Result: " << result);
+ /* Check records in the security-manager database,
+ * all previously allowed privileges should be removed */
+ check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
+ SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
+}
+
+RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_binary)
+{
+ const char *const testBinaryPath = LABELLED_BINARY_PATH;
+ const char *const expectedLabel = USER_APP_ID;
+ int result;
+ char *label = NULL;
+ CStringPtr labelPtr;
+
+ result = security_manager_set_process_label_from_binary(testBinaryPath);
+ RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
+ "security_manager_set_process_label_from_binary(" <<
+ testBinaryPath << ") failed. Result: " << result);
+
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG_BT(result >= 0,
+ " Error getting current process label");
+ RUNNER_ASSERT_MSG_BT(label != NULL,
+ " Process label is not set");
+ labelPtr.reset(label);
+
+ result = strcmp(expectedLabel, label);
+ RUNNER_ASSERT_MSG_BT(result == 0,
+ " Process label is incorrect. Expected: \"" << expectedLabel << "\" Actual: \""
+ << label << "\"");
}
+RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_binary_nosmack)
+{
+ const char *const testBinaryPath = LABELLED_BINARY_PATH;
+ int result;
+
+ result = security_manager_set_process_label_from_binary(testBinaryPath);
+ RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
+ "security_manager_set_process_label_from_binary(" <<
+ testBinaryPath << ") failed. Result: " << result);
+}
+
+RUNNER_CHILD_TEST_SMACK(security_manager_04_set_label_from_appid)
+{
+ const char *const app_id = "sm_test_app_id_set_label_from_appid";
+ const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
+ const char *const expected_label = USER_APP_ID;
+ char *label = NULL;
+ CStringPtr labelPtr;
+ int result;
+
+ uninstall_app(app_id, pkg_id, false, true);
+ install_app(app_id, pkg_id);
+
+ result = security_manager_set_process_label_from_appid(app_id);
+ RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
+ "security_manager_set_process_label_from_appid(" <<
+ app_id << ") failed. Result: " << result);
+
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG_BT(result >= 0,
+ " Error getting current process label");
+ RUNNER_ASSERT_MSG_BT(label != NULL,
+ " Process label is not set");
+ labelPtr.reset(label);
+
+ result = strcmp(expected_label, label);
+ RUNNER_ASSERT_MSG_BT(result == 0,
+ " Process label is incorrect. Expected: \"" << expected_label <<
+ "\" Actual: \"" << label << "\"");
+
+ uninstall_app(app_id, pkg_id, true, true);
+}
+
+RUNNER_CHILD_TEST_NOSMACK(security_manager_04_set_label_from_appid_nosmack)
+{
+ const char *const app_id = "sm_test_app_id_set_label_from_appid";
+ const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
+ int result;
+
+ uninstall_app(app_id, pkg_id, false, true);
+ install_app(app_id, pkg_id);
+
+ result = security_manager_set_process_label_from_appid(app_id);
+ RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
+ "security_manager_set_process_label_from_appid(" <<
+ app_id << ") failed. Result: " << result);
+
+ uninstall_app(app_id, pkg_id, true, true);
+}
+
+
+
+static void prepare_request(AppInstReqUniquePtr &request,
+ const char *const app_id,
+ const char *const pkg_id,
+ app_install_path_type pathType,
+ const char *const path)
+{
+ int result;
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting pkg id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed path failed. Result: " << result);
+}
+
+
+
+RUNNER_CHILD_TEST(security_manager_05_app_install_uninstall_by_uid_5000)
+{
+ int result;
+ AppInstReqUniquePtr request;
+
+
+ //switch user to non-root
+ result = drop_root_privileges();
+ RUNNER_ASSERT_MSG_BT(result == 0, "drop_root_privileges failed");
+
+ //install app as non-root user and try to register public path (should fail)
+ prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER_5000);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
+ "installing app not failed. Result: " << result);
+
+ //install app as non-root user
+ //should fail (non-root users may only register folders inside their home)
+ prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
+ "installing app not failed. Result: " << result);
+
+ //install app as non-root user
+ //should succeed - this time i register folder inside user's home dir
+ prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER_5000);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing app failed. Result: " << result);
+
+ //uninstall app as non-root user
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling app failed. Result: " << result);
+}
+
+
int main(int argc, char *argv[])
{
SummaryCollector::Register();
projects / platform / core / test / security-tests.git / blobdiff