#include <tests_common.h>
#include <security-manager.h>
+#include <sm_api.h>
#include <sm_db.h>
+#include <sm_request.h>
+#include <sm_user_request.h>
+#include <temp_test_user.h>
#include <cynara_test_client.h>
+#include <service_manager.h>
-DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
-DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
-
-static const char *const SM_APP_ID1 = "sm_test_app_id_double";
-static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
+using namespace SecurityManagerTest;
-static const char *const SM_APP_ID2 = "sm_test_app_id_full";
-static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
-
-static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
-static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
+DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
static const privileges_t SM_ALLOWED_PRIVILEGES = {
"security_manager_test_rules2_r",
return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
}
-static app_inst_req* do_app_inst_req_new()
-{
- int result;
- app_inst_req *req = nullptr;
-
- result = security_manager_app_inst_req_new(&req);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new request failed. Result: " << result);
- RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory");
- return req;
-}
-
static void prepare_app_path()
{
int result;
ret = setgroups(0, NULL);
RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
- ret = security_manager_set_process_groups_from_appid(app_id);
- RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_groups_from_appid(" <<
- app_id << ") failed. Result: " << ret);
+ Api::setProcessGroups(app_id);
ret = getgroups(0, nullptr);
RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
}
-static void install_app(const char *app_id, const char *pkg_id)
+static void install_app(const char *app_id, const char *pkg_id, uid_t uid = 0)
{
- int result;
- AppInstReqUniquePtr request;
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ InstallRequest request;
+ request.setAppId(app_id);
+ request.setPkgId(pkg_id);
+ request.setUid(uid);
+ Api::install(request);
check_app_after_install(app_id, pkg_id);
}
-static void uninstall_app(const char *app_id, const char *pkg_id,
- bool expect_installed, bool expect_pkg_removed)
+static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed)
{
- int result;
- AppInstReqUniquePtr request;
- request.reset(do_app_inst_req_new());
+ InstallRequest request;
+ request.setAppId(app_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ Api::uninstall(request);
check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
}
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
-RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
+RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall)
{
- int result;
- AppInstReqUniquePtr request;
+ const char *const sm_app_id = "sm_test_01a_app_id_double";
+ const char *const sm_pkg_id = "sm_test_01a_pkg_id_double";
- request.reset(do_app_inst_req_new());
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ Api::install(requestInst);
+ Api::install(requestInst);
- result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
+ /* Check records in the security-manager database */
+ check_app_after_install(sm_app_id, sm_pkg_id);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing already installed app failed. Result: " << result);
+ Api::uninstall(requestUninst);
+ Api::uninstall(requestUninst);
/* Check records in the security-manager database */
- check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+}
+
+
+RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id)
+{
+ const char *const sm_app_id = "sm_test_01b_app";
+ const char *const sm_pkg_id = "sm_test_01b_pkg";
+ const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD";
- request.reset(do_app_inst_req_new());
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ Api::install(requestInst);
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ InstallRequest requestInst2;
+ requestInst2.setAppId(sm_app_id);
+ requestInst2.setPkgId(sm_pkg_id_wrong);
+
+ Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM);
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling already uninstalled app failed. Result: " << result);
/* Check records in the security-manager database */
- check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
+ check_app_after_install(sm_app_id, sm_pkg_id);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+
+
+ /* Check records in the security-manager database */
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+
}
-RUNNER_TEST(security_manager_02_app_install_uninstall_full)
+RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored)
{
- int result;
- AppInstReqUniquePtr request;
+ const char * const sm_app_id = "SM_TEST_01c_APPID";
+ const char * const sm_pkg_id = "SM_TEST_01c_PKGID";
+ const char * const sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong";
- prepare_app_env();
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+
+ Api::install(requestInst);
+
+ /* Check records in the security-manager database */
+ check_app_after_install(sm_app_id, sm_pkg_id);
+
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+ requestUninst.setPkgId(sm_pkg_id_wrong);
- request.reset(do_app_inst_req_new());
+ Api::uninstall(requestUninst);
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
- result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
+}
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
+RUNNER_TEST(security_manager_02_app_install_uninstall_full)
+{
+ const char *const sm_app_id = "sm_test_02_app_id_full";
+ const char *const sm_pkg_id = "sm_test_02_pkg_id_full";
- result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
- SECURITY_MANAGER_PATH_PRIVATE);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
+ prepare_app_env();
- result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
- SECURITY_MANAGER_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+ requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
+ requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
+ requestInst.addPath(SM_PRIVATE_PATH, SECURITY_MANAGER_PATH_PRIVATE);
+ requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ Api::install(requestInst);
/* Check records in the security-manager database */
- check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
+ check_app_after_install(sm_app_id, sm_pkg_id,
SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
/* TODO: add parameters to this function */
check_app_path_after_install();
- request.reset(do_app_inst_req_new());
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ Api::uninstall(requestUninst);
/* Check records in the security-manager database,
* all previously allowed privileges should be removed */
- check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
+ check_app_after_uninstall(sm_app_id, sm_pkg_id,
SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
}
RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
{
- const char *const app_id = "sm_test_app_id_set_label_from_appid";
- const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
+ const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
+ const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
const char *const expected_label = USER_APP_ID;
const char *const socketLabel = "not_expected_label";
char *label = nullptr;
CStringPtr labelPtr;
int result;
- uninstall_app(app_id, pkg_id, false, true);
+ uninstall_app(app_id, pkg_id, true);
install_app(app_id, pkg_id);
struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
RUNNER_ASSERT_ERRNO_MSG(result == 0,
"Can't set socket label. Result: " << result);
- result = security_manager_set_process_label_from_appid(app_id);
- RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_label_from_appid(" <<
- app_id << ") failed. Result: " << result);
+ Api::setProcessLabel(app_id);
char value[SMACK_LABEL_LEN + 1];
ssize_t size;
" Process label is incorrect. Expected: \"" << expected_label <<
"\" Actual: \"" << label << "\"");
- uninstall_app(app_id, pkg_id, true, true);
+ uninstall_app(app_id, pkg_id, true);
}
RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
{
- const char *const app_id = "sm_test_app_id_set_label_from_appid";
- const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
- int result;
+ const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack";
+ const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack";
- uninstall_app(app_id, pkg_id, false, true);
+ uninstall_app(app_id, pkg_id, true);
install_app(app_id, pkg_id);
- result = security_manager_set_process_label_from_appid(app_id);
- RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_label_from_appid(" <<
- app_id << ") failed. Result: " << result);
+ Api::setProcessLabel(app_id);
- uninstall_app(app_id, pkg_id, true, true);
+ uninstall_app(app_id, pkg_id, true);
}
-static void prepare_request(AppInstReqUniquePtr &request,
+static void prepare_request(InstallRequest &request,
const char *const app_id,
const char *const pkg_id,
app_install_path_type pathType,
- const char *const path)
+ const char *const path,
+ uid_t uid)
{
- int result;
- request.reset(do_app_inst_req_new());
+ request.setAppId(app_id);
+ request.setPkgId(pkg_id);
+ request.addPath(path, pathType);
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
-
- result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
+ if (uid != 0)
+ request.setUid(uid);
}
return pw;
}
-RUNNER_CHILD_TEST(security_manager_04_app_install_uninstall_by_app_user)
+
+static void install_and_check(const char *const sm_app_id,
+ const char *const sm_pkg_id,
+ const std::string &user, uid_t uid,
+ const std::string &user_path = SM_PRIVATE_PATH_FOR_USER)
+{
+ InstallRequest requestPublic;
+
+ //install app for non-root user and try to register public path (should fail)
+ prepare_request(requestPublic, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PUBLIC, user_path.c_str(), uid);
+
+ Api::install(requestPublic, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+
+ InstallRequest requestPrivate;
+
+ //install app for non-root user
+ //should fail (users may only register folders inside their home)
+ prepare_request(requestPrivate, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid);
+
+ Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+
+ InstallRequest requestPrivateUser;
+
+ //install app for non-root user
+ //should succeed - this time i register folder inside user's home dir
+ prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, user_path.c_str(), uid);
+
+ for (auto &privilege : SM_ALLOWED_PRIVILEGES)
+ requestPrivateUser.addPrivilege(privilege.c_str());
+
+ Api::install(requestPrivateUser);
+
+ check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+}
+
+RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
{
int result;
- AppInstReqUniquePtr request;
+ const char *const sm_app_id = "sm_test_04a_app_id_uid";
+ const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
+
struct passwd *pw = get_app_pw();
const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- //install app as non-root user and try to register public path (should fail)
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER);
+ install_and_check(sm_app_id, sm_pkg_id, user, 0);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- "installing app not failed. Result: " << result);
+ //uninstall app as non-root user
+ InstallRequest request;
+ request.setAppId(sm_app_id);
- //install app as non-root user
- //should fail (non-root users may only register folders inside their home)
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
+ Api::uninstall(request);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- "installing app not failed. Result: " << result);
+ check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+}
- //install app as non-root user
- //should succeed - this time i register folder inside user's home dir
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER);
+RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
+{
+ int result;
+ const char *const sm_app_id = "sm_test_04b_app_id_uid";
+ const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
- for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
- result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
- }
+ struct passwd *pw = get_app_pw();
+ const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ install_and_check(sm_app_id, sm_pkg_id, user, pw->pw_uid);
- check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+ //switch user to non-root - root may not uninstall apps for specified users
+ result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
//uninstall app as non-root user
- request.reset(do_app_inst_req_new());
+ InstallRequest request;
+ request.setAppId(sm_app_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ Api::uninstall(request);
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
-
- check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+ check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
}
+
RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
{
int result;
RUNNER_ASSERT_MSG(result == 0,
"can't set capabilities. Result: " << result);
- result = security_manager_drop_process_privileges();
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "dropping caps failed. Result: " << result);
+ Api::dropProcessPrivileges();
caps.reset(cap_get_proc());
RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
"capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
}
+RUNNER_CHILD_TEST(security_manager_06_install_app_offline)
+{
+ const char *const app_id = "sm_test_06_app_id_install_app_offline";
+ const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline";
+ ServiceManager serviceManager("security-manager.service");
+
+ uninstall_app(app_id, pkg_id, true);
+ serviceManager.maskService();
+ serviceManager.stopService();
+
+ install_app(app_id, pkg_id);
+
+ serviceManager.unmaskService();
+ serviceManager.startService();
+
+ uninstall_app(app_id, pkg_id, true);
+}
+
+RUNNER_CHILD_TEST(security_manager_07_user_add_app_install)
+{
+ const char *const sm_app_id = "sm_test_07_app_id_user";
+ const char *const sm_pkg_id = "sm_test_07_pkg_id_user";
+ const std::string new_user_name = "sm_test_07_user_name";
+ std::string uid_string;
+ TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
+ uid_string = std::to_string(static_cast<unsigned int>(test_user.getUid()));
+
+ install_app(sm_app_id, sm_pkg_id, test_user.getUid());
+
+ check_app_after_install(sm_app_id, sm_pkg_id);
+
+ test_user.remove();
+
+ check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
+}
+
+RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove)
+{
+ UserRequest addUserRequest;
+
+ const char *const sm_app_id = "sm_test_08_app_id_user";
+ const char *const sm_pkg_id = "sm_test_08_pkg_id_user";
+ const char *const new_user_name = "sm_test_08_user_name";
+ std::string uid_string;
+
+ // gumd user add
+ TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
+ uid_string = std::to_string(static_cast<unsigned int>(test_user.getUid()));
+
+ addUserRequest.setUid(test_user.getUid());
+ addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
+
+ //sm user add
+ Api::addUser(addUserRequest);
+
+ install_app(sm_app_id, sm_pkg_id, test_user.getUid());
+
+ check_app_after_install(sm_app_id, sm_pkg_id);
+
+ test_user.remove();
+
+ UserRequest deleteUserRequest;
+ deleteUserRequest.setUid(test_user.getUid());
+
+ Api::deleteUser(deleteUserRequest);
+
+ check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
+}
+
+RUNNER_CHILD_TEST(security_manager_09_add_user_offline)
+{
+ const char *const app_id = "security_manager_09_add_user_offline_app";
+ const char *const pkg_id = "security_manager_09_add_user_offline_pkg";
+ const std::string username("sm_test_09_user_name");
+ ServiceManager serviceManager("security-manager.service");
+ serviceManager.maskService();
+ serviceManager.stopService();
+
+ TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
+
+ install_app(app_id, pkg_id, user.getUid());
+
+ check_app_after_install(app_id, pkg_id);
+
+ serviceManager.unmaskService();
+ serviceManager.startService();
+
+ user.remove();
+
+ check_app_after_uninstall(app_id, pkg_id, true);
+}
+
int main(int argc, char *argv[])
{
return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);