#include <fcntl.h>
#include <stdio.h>
#include <memory.h>
-#include <summary_collector.h>
+#include <string>
+#include <unordered_set>
+#include <sys/capability.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/xattr.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <attr/xattr.h>
#include <linux/xattr.h>
+#include <grp.h>
+#include <pwd.h>
+
#include <libprivilege-control_test_common.h>
#include <tests_common.h>
#include <security-manager.h>
+#include <sm_api.h>
#include <sm_db.h>
+#include <sm_request.h>
+#include <sm_user_request.h>
+#include <temp_test_user.h>
+#include <cynara_test_client.h>
+#include <dbus_access.h>
-DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
-
-static const char *const LABELLED_BINARY_PATH = "/usr/bin/test-app-efl";
-
-static const char *const SM_APP_ID1 = "sm_test_app_id_double";
-static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
+using namespace SecurityManagerTest;
-static const char *const SM_APP_ID2 = "sm_test_app_id_full";
-static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
-
-static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
-static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
+DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
static const privileges_t SM_ALLOWED_PRIVILEGES = {
"security_manager_test_rules2_r",
"security_manager_test_rules2"
};
-static const char *const XATTR_NAME_TIZENEXEC = XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
-
-static const rules_t SM_ALLOWED_RULES = {
- { USER_APP_ID, "test_sm_book_8", "r" },
- { USER_APP_ID, "test_sm_book_9", "w" },
- { USER_APP_ID, "test_sm_book_10", "x" },
- { USER_APP_ID, "test_sm_book_11", "rw" },
- { USER_APP_ID, "test_sm_book_12", "rx" },
- { USER_APP_ID, "test_sm_book_13", "wx" },
- { USER_APP_ID, "test_sm_book_14", "rwx" },
- { USER_APP_ID, "test_sm_book_15", "rwxat" },
- { "test_sm_subject_8", USER_APP_ID, "r" },
- { "test_sm_subject_9", USER_APP_ID, "w" },
- { "test_sm_subject_10", USER_APP_ID, "x" },
- { "test_sm_subject_11", USER_APP_ID, "rw" },
- { "test_sm_subject_12", USER_APP_ID, "rx" },
- { "test_sm_subject_13", USER_APP_ID, "wx" },
- { "test_sm_subject_14", USER_APP_ID, "rwx" },
- { "test_sm_subject_15", USER_APP_ID, "rwxat" }
-};
-static const rules_t SM_DENIED_RULES = {
- { USER_APP_ID, "test_sm_book_1", "r" },
- { USER_APP_ID, "test_sm_book_2", "w" },
- { USER_APP_ID, "test_sm_book_3", "x" },
- { USER_APP_ID, "test_sm_book_4", "rw" },
- { USER_APP_ID, "test_sm_book_5", "rx" },
- { USER_APP_ID, "test_sm_book_6", "wx" },
- { USER_APP_ID, "test_sm_book_7", "rwx" },
- { "test_sm_subject_1", USER_APP_ID, "r" },
- { "test_sm_subject_2", USER_APP_ID, "w" },
- { "test_sm_subject_3", USER_APP_ID, "x" },
- { "test_sm_subject_4", USER_APP_ID, "rw" },
- { "test_sm_subject_5", USER_APP_ID, "rx" },
- { "test_sm_subject_6", USER_APP_ID, "wx" },
- { "test_sm_subject_7", USER_APP_ID, "rwx" }
+static const privileges_t SM_NO_PRIVILEGES = {
};
-static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir";
-static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public";
-static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
-static const char *const SM_DENIED_PATH = "/etc/smack/test_DIR/non_app_dir";
-static const char *const SM_PRIVATE_PATH_FOR_USER_5000 = "/home/app/securitytests/test_DIR";
+static const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
+static const char *const SM_PRIVATE_PATH = "/usr/apps/test_DIR/app_dir";
+static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro";
+static const char *const SM_DENIED_PATH = "/usr/apps/test_DIR/non_app_dir";
+static const char *const SM_PRIVATE_PATH_FOR_USER = "/home/" APP_USER "/test_DIR";
+static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
-static bool isLinkToExec(const char *fpath, const struct stat *sb)
+static void generateAppLabel(const std::string &pkgId, std::string &label)
{
-
- struct stat buf;
- char *target;
- int ret;
-
- // check if it's a link
- if ( !S_ISLNK(sb->st_mode))
- return false;
-
- target = realpath(fpath, NULL);
- RUNNER_ASSERT_MSG_BT(target != 0, "Could not obtain real path from link.");
-
- ret = stat(target, &buf);
- RUNNER_ASSERT_MSG_BT(ret == 0, "Could not obtain real path's stat from link.");
-
- if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG))
- return false;
-
-
- return true;
+ (void) pkgId;
+ label = "User";
}
static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
{
int result;
CStringPtr labelPtr;
- char* label = NULL;
+ char* label = nullptr;
/* ACCESS */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
labelPtr.reset(label);
- RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"
+ RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
" (should be '" << correctLabel << "' and is '" << label << "')");
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
labelPtr.reset(label);
if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
- RUNNER_ASSERT_MSG_BT(label != NULL, "EXEC label on " << fpath << " is not set");
+ RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect EXEC label on executable file " << fpath);
+ RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
} else
- RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set");
-
-
- /* LINK TO EXEC */
- if (isLinkToExec(fpath, sb) && exec_test) {
- char buf[SMACK_LABEL_LEN+1];
- result = lgetxattr(fpath, XATTR_NAME_TIZENEXEC, buf, sizeof(buf));
- RUNNER_ASSERT_MSG_BT(result != -1, "Could not get label for the path "
- << fpath << "("<<strerror(errno)<<")");
- buf[result]='\0';
- result = strcmp(correctLabel, buf);
- RUNNER_ASSERT_MSG_BT(result == 0, "Incorrect TIZEN_EXEC_LABEL attribute"
- " on link to executable " << fpath);
- }
-
+ RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
/* TRANSMUTE */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
labelPtr.reset(label);
if (S_ISDIR(sb->st_mode) && transmute_test == true) {
- RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set at all");
- RUNNER_ASSERT_MSG_BT(strcmp(label,"TRUE") == 0,
+ RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
+ RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
"TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
} else {
- RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set");
+ RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
}
return 0;
return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
}
-static int nftw_check_sm_labels_app_public_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
-
- return nftw_check_sm_labels_app_dir(fpath, sb, "User", true, false);
-}
-
static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
}
-static app_inst_req* do_app_inst_req_new()
-{
- int result;
- app_inst_req *req = NULL;
-
- result = security_manager_app_inst_req_new(&req);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new request failed. Result: " << result);
- RUNNER_ASSERT_MSG_BT(req != NULL, "creation of new request did not allocate memory");
- return req;
-}
-
static void prepare_app_path()
{
int result;
result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
-
- result = nftw(SM_PUBLIC_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_PATH);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
}
static void prepare_app_env()
int result;
result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
-
- result = nftw(SM_PUBLIC_PATH, &nftw_check_sm_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_PATH);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
}
-static void check_app_permissions(const char *const app_id, const char *const pkg_id,
- const privileges_t &allowed_privs, const privileges_t &denied_privs,
- const rules_t &allowed_rules, const rules_t &denied_rules)
+
+static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
+ const privileges_t &allowed_privs, const privileges_t &denied_privs)
{
- bool result;
+ (void) app_id;
+ std::string smackLabel;
+ generateAppLabel(pkg_id, smackLabel);
- result = check_all_accesses(smack_check(), allowed_rules);
- RUNNER_ASSERT_MSG_BT(result, "Permissions not added.");
- result = check_no_accesses(smack_check(), denied_rules);
- RUNNER_ASSERT_MSG_BT(result, "Permissions added.");
+ CynaraTestClient ctc;
- /* TODO: USER_APP_ID is hardcoded in the following checks, because libprivilege always generate
- * label "User" for all installed apps. Adjust it when libprivilege is upgraded. */
- (void)app_id; // unused parameter
- (void)pkg_id; // unused parameter
+ for (auto &priv : allowed_privs) {
+ ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_ALLOWED);
+ }
- for (auto it = allowed_privs.begin(); it != allowed_privs.end(); ++it)
- check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), true);
+ for (auto &priv : denied_privs) {
+ ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
+ }
+}
- for (auto it = denied_privs.begin(); it != denied_privs.end(); ++it)
- check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), false);
+static void check_app_gids(const char *const app_id, const std::vector<gid_t> &allowed_gids)
+{
+ int ret;
+ gid_t main_gid = getgid();
+ std::unordered_set<gid_t> reference_gids(allowed_gids.begin(), allowed_gids.end());
+
+ // Reset supplementary groups
+ ret = setgroups(0, NULL);
+ RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
+
+ Api::setProcessGroups(app_id);
+
+ ret = getgroups(0, nullptr);
+ RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
+
+ std::vector<gid_t> actual_gids(ret);
+ ret = getgroups(ret, actual_gids.data());
+ RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
+
+ for (const auto &gid : actual_gids) {
+ RUNNER_ASSERT_MSG(gid == main_gid || reference_gids.count(gid) > 0,
+ "Application shouldn't get access to group " << gid);
+ reference_gids.erase(gid);
+ }
+
+ RUNNER_ASSERT_MSG(reference_gids.empty(), "Application didn't get access to some groups");
}
static void check_app_after_install(const char *const app_id, const char *const pkg_id,
- const privileges_t &allowed_privs, const privileges_t &denied_privs,
- const rules_t &allowed_rules, const rules_t &denied_rules)
+ const privileges_t &allowed_privs,
+ const privileges_t &denied_privs,
+ const std::vector<std::string> &allowed_groups)
{
TestSecurityManagerDatabase dbtest;
dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
- check_app_permissions(app_id, pkg_id,
- allowed_privs, denied_privs,
- allowed_rules, denied_rules);
+ /*Privileges should be granted to all users if root installs app*/
+ check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
+
+ /* Setup mapping of gids to privileges */
+ /* Do this for each privilege for extra check */
+ for (const auto &privilege : allowed_privs) {
+ dbtest.setup_privilege_groups(privilege, allowed_groups);
+ }
+
+ std::vector<gid_t> allowed_gids;
+
+ for (const auto &groupName : allowed_groups) {
+ errno = 0;
+ struct group* grp = getgrnam(groupName.c_str());
+ RUNNER_ASSERT_ERRNO_MSG(grp, "Group: " << groupName << " not found");
+ allowed_gids.push_back(grp->gr_gid);
+ }
+
+ check_app_gids(app_id, allowed_gids);
}
static void check_app_after_install(const char *const app_id, const char *const pkg_id)
{
TestSecurityManagerDatabase dbtest;
dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
+
+
+ /*Privileges should not be granted anymore to any user*/
+ check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
}
static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
}
-static void install_app(const char *app_id, const char *pkg_id)
+static void install_app(const char *app_id, const char *pkg_id, uid_t uid = 0)
{
- int result;
- AppInstReqUniquePtr request;
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ InstallRequest request;
+ request.setAppId(app_id);
+ request.setPkgId(pkg_id);
+ request.setUid(uid);
+ Api::install(request);
check_app_after_install(app_id, pkg_id);
}
-static void uninstall_app(const char *app_id, const char *pkg_id,
- bool expect_installed, bool expect_pkg_removed)
+static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed)
{
- int result;
- AppInstReqUniquePtr request;
- request.reset(do_app_inst_req_new());
+ InstallRequest request;
+ request.setAppId(app_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG_BT(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ Api::uninstall(request);
check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
}
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
-RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
+RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall)
{
- int result;
- AppInstReqUniquePtr request;
+ const char *const sm_app_id = "sm_test_01a_app_id_double";
+ const char *const sm_pkg_id = "sm_test_01a_pkg_id_double";
- request.reset(do_app_inst_req_new());
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ Api::install(requestInst);
+ Api::install(requestInst);
- result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
+ /* Check records in the security-manager database */
+ check_app_after_install(sm_app_id, sm_pkg_id);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing already installed app failed. Result: " << result);
+ Api::uninstall(requestUninst);
+ Api::uninstall(requestUninst);
/* Check records in the security-manager database */
- check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+}
- request.reset(do_app_inst_req_new());
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id)
+{
+ const char *const sm_app_id = "sm_test_01b_app";
+ const char *const sm_pkg_id = "sm_test_01b_pkg";
+ const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD";
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling already uninstalled app failed. Result: " << result);
+ Api::install(requestInst);
- /* Check records in the security-manager database */
- check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
-}
+ InstallRequest requestInst2;
+ requestInst2.setAppId(sm_app_id);
+ requestInst2.setPkgId(sm_pkg_id_wrong);
-RUNNER_TEST(security_manager_02_app_install_uninstall_full)
-{
- int result;
- AppInstReqUniquePtr request;
+ Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM);
- prepare_app_env();
- request.reset(do_app_inst_req_new());
+ /* Check records in the security-manager database */
+ check_app_after_install(sm_app_id, sm_pkg_id);
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
- result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
+ Api::uninstall(requestUninst);
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
- result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
- SECURITY_MANAGER_PATH_PRIVATE);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
+ /* Check records in the security-manager database */
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
- result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_PATH,
- SECURITY_MANAGER_PATH_PUBLIC);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
+}
- result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
- SECURITY_MANAGER_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
+RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored)
+{
+ const char * const sm_app_id = "SM_TEST_01c_APPID";
+ const char * const sm_pkg_id = "SM_TEST_01c_PKGID";
+ const char * const sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong";
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
- /* Check records in the security-manager database */
- check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES,
- SM_ALLOWED_RULES, SM_DENIED_RULES);
+ Api::install(requestInst);
- /* TODO: add parameters to this function */
- check_app_path_after_install();
+ /* Check records in the security-manager database */
+ check_app_after_install(sm_app_id, sm_pkg_id);
- request.reset(do_app_inst_req_new());
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+ requestUninst.setPkgId(sm_pkg_id_wrong);
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ Api::uninstall(requestUninst);
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
- /* Check records in the security-manager database,
- * all previously allowed privileges should be removed */
- check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
}
-RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_binary)
+RUNNER_TEST(security_manager_02_app_install_uninstall_full)
{
- const char *const testBinaryPath = LABELLED_BINARY_PATH;
- const char *const expectedLabel = USER_APP_ID;
- int result;
- char *label = NULL;
- CStringPtr labelPtr;
+ const char *const sm_app_id = "sm_test_02_app_id_full";
+ const char *const sm_pkg_id = "sm_test_02_pkg_id_full";
- result = security_manager_set_process_label_from_binary(testBinaryPath);
- RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_label_from_binary(" <<
- testBinaryPath << ") failed. Result: " << result);
+ prepare_app_env();
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG_BT(result >= 0,
- " Error getting current process label");
- RUNNER_ASSERT_MSG_BT(label != NULL,
- " Process label is not set");
- labelPtr.reset(label);
+ InstallRequest requestInst;
+ requestInst.setAppId(sm_app_id);
+ requestInst.setPkgId(sm_pkg_id);
+ requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
+ requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
+ requestInst.addPath(SM_PRIVATE_PATH, SECURITY_MANAGER_PATH_PRIVATE);
+ requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
- result = strcmp(expectedLabel, label);
- RUNNER_ASSERT_MSG_BT(result == 0,
- " Process label is incorrect. Expected: \"" << expectedLabel << "\" Actual: \""
- << label << "\"");
-}
+ Api::install(requestInst);
-RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_binary_nosmack)
-{
- const char *const testBinaryPath = LABELLED_BINARY_PATH;
- int result;
+ /* Check records in the security-manager database */
+ check_app_after_install(sm_app_id, sm_pkg_id,
+ SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
+
+ /* TODO: add parameters to this function */
+ check_app_path_after_install();
- result = security_manager_set_process_label_from_binary(testBinaryPath);
- RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_label_from_binary(" <<
- testBinaryPath << ") failed. Result: " << result);
+ InstallRequest requestUninst;
+ requestUninst.setAppId(sm_app_id);
+
+ Api::uninstall(requestUninst);
+
+ /* Check records in the security-manager database,
+ * all previously allowed privileges should be removed */
+ check_app_after_uninstall(sm_app_id, sm_pkg_id,
+ SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
}
-RUNNER_CHILD_TEST_SMACK(security_manager_04_set_label_from_appid)
+RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
{
- const char *const app_id = "sm_test_app_id_set_label_from_appid";
- const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
+ const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
+ const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
const char *const expected_label = USER_APP_ID;
- char *label = NULL;
+ const char *const socketLabel = "not_expected_label";
+ char *label = nullptr;
CStringPtr labelPtr;
int result;
- uninstall_app(app_id, pkg_id, false, true);
+ uninstall_app(app_id, pkg_id, true);
install_app(app_id, pkg_id);
- result = security_manager_set_process_label_from_appid(app_id);
- RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_label_from_appid(" <<
- app_id << ") failed. Result: " << result);
+ struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
+ //Clean up before creating socket
+ unlink(SOCK_PATH);
+ int sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ SockUniquePtr sockPtr(&sock);
+ //Bind socket to address
+ result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
+ //Set socket label to something different than expecedLabel
+ result = fsetxattr(sock, XATTR_NAME_SMACKIPIN, socketLabel,
+ strlen(socketLabel), 0);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0,
+ "Can't set socket label. Result: " << result);
+ result = fsetxattr(sock, XATTR_NAME_SMACKIPOUT, socketLabel,
+ strlen(socketLabel), 0);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0,
+ "Can't set socket label. Result: " << result);
+
+ Api::setProcessLabel(app_id);
+
+ char value[SMACK_LABEL_LEN + 1];
+ ssize_t size;
+ size = fgetxattr(sock, XATTR_NAME_SMACKIPIN, value, sizeof(value));
+ RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
+ result = strcmp(expected_label, value);
+ RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
+ expected_label << " Actual: " << value);
+
+ size = fgetxattr(sock, XATTR_NAME_SMACKIPOUT, value, sizeof(value));
+ RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
+ result = strcmp(expected_label, value);
+ RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
+ expected_label << " Actual: " << value);
result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG_BT(result >= 0,
+ RUNNER_ASSERT_MSG(result >= 0,
" Error getting current process label");
- RUNNER_ASSERT_MSG_BT(label != NULL,
+ RUNNER_ASSERT_MSG(label != nullptr,
" Process label is not set");
labelPtr.reset(label);
result = strcmp(expected_label, label);
- RUNNER_ASSERT_MSG_BT(result == 0,
+ RUNNER_ASSERT_MSG(result == 0,
" Process label is incorrect. Expected: \"" << expected_label <<
"\" Actual: \"" << label << "\"");
- uninstall_app(app_id, pkg_id, true, true);
+ uninstall_app(app_id, pkg_id, true);
}
-RUNNER_CHILD_TEST_NOSMACK(security_manager_04_set_label_from_appid_nosmack)
+RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
{
- const char *const app_id = "sm_test_app_id_set_label_from_appid";
- const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
- int result;
+ const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack";
+ const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack";
- uninstall_app(app_id, pkg_id, false, true);
+ uninstall_app(app_id, pkg_id, true);
install_app(app_id, pkg_id);
- result = security_manager_set_process_label_from_appid(app_id);
- RUNNER_ASSERT_MSG_BT(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_label_from_appid(" <<
- app_id << ") failed. Result: " << result);
+ Api::setProcessLabel(app_id);
- uninstall_app(app_id, pkg_id, true, true);
+ uninstall_app(app_id, pkg_id, true);
}
-static void prepare_request(AppInstReqUniquePtr &request,
+static void prepare_request(InstallRequest &request,
const char *const app_id,
const char *const pkg_id,
app_install_path_type pathType,
- const char *const path)
+ const char *const path,
+ uid_t uid)
{
- int result;
- request.reset(do_app_inst_req_new());
+ request.setAppId(app_id);
+ request.setPkgId(pkg_id);
+ request.addPath(path, pathType);
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ if (uid != 0)
+ request.setUid(uid);
+}
- result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
- result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
+static struct passwd* get_app_pw()
+{
+ struct passwd *pw = nullptr;
+ errno = 0;
+ while(!(pw = getpwnam(APP_USER))) {
+ RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
+ }
+ return pw;
}
+static void install_and_check(const char *const sm_app_id,
+ const char *const sm_pkg_id,
+ const std::string &user, uid_t uid,
+ const std::string &user_path = SM_PRIVATE_PATH_FOR_USER)
+{
+ InstallRequest requestPublic;
+
+ //install app for non-root user and try to register public path (should fail)
+ prepare_request(requestPublic, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PUBLIC, user_path.c_str(), uid);
+
+ Api::install(requestPublic, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+
+ InstallRequest requestPrivate;
+
+ //install app for non-root user
+ //should fail (users may only register folders inside their home)
+ prepare_request(requestPrivate, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid);
-RUNNER_CHILD_TEST(security_manager_05_app_install_uninstall_by_uid_5000)
+ Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+
+ InstallRequest requestPrivateUser;
+
+ //install app for non-root user
+ //should succeed - this time i register folder inside user's home dir
+ prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, user_path.c_str(), uid);
+
+ for (auto &privilege : SM_ALLOWED_PRIVILEGES)
+ requestPrivateUser.addPrivilege(privilege.c_str());
+
+ Api::install(requestPrivateUser);
+
+ check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+}
+
+RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
{
int result;
- AppInstReqUniquePtr request;
+ const char *const sm_app_id = "sm_test_04a_app_id_uid";
+ const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
+ struct passwd *pw = get_app_pw();
+ const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
//switch user to non-root
- result = drop_root_privileges();
- RUNNER_ASSERT_MSG_BT(result == 0, "drop_root_privileges failed");
+ result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- //install app as non-root user and try to register public path (should fail)
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER_5000);
+ install_and_check(sm_app_id, sm_pkg_id, user, 0);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- "installing app not failed. Result: " << result);
+ //uninstall app as non-root user
+ InstallRequest request;
+ request.setAppId(sm_app_id);
- //install app as non-root user
- //should fail (non-root users may only register folders inside their home)
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
+ Api::uninstall(request);
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- "installing app not failed. Result: " << result);
+ check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+}
- //install app as non-root user
- //should succeed - this time i register folder inside user's home dir
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER_5000);
+RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
+{
+ int result;
+ const char *const sm_app_id = "sm_test_04b_app_id_uid";
+ const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
+
+ struct passwd *pw = get_app_pw();
+ const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
+ install_and_check(sm_app_id, sm_pkg_id, user, pw->pw_uid);
+
+ //switch user to non-root - root may not uninstall apps for specified users
+ result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
//uninstall app as non-root user
- request.reset(do_app_inst_req_new());
+ InstallRequest request;
+ request.setAppId(sm_app_id);
+
+ Api::uninstall(request);
+
+ check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+}
+
+
+RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
+{
+ int result;
+ CapsSetsUniquePtr caps, caps_empty(cap_init());
+
+ caps.reset(cap_from_text("all=eip"));
+ RUNNER_ASSERT_MSG(caps, "can't convert capabilities from text");
+ result = cap_set_proc(caps.get());
+ RUNNER_ASSERT_MSG(result == 0,
+ "can't set capabilities. Result: " << result);
+
+ Api::dropProcessPrivileges();
+
+ caps.reset(cap_get_proc());
+ RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
+
+ result = cap_compare(caps.get(), caps_empty.get());
+ RUNNER_ASSERT_MSG(result == 0,
+ "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
+}
+
+RUNNER_CHILD_TEST(security_manager_06_install_app_offline)
+{
+ const char *const app_id = "sm_test_06_app_id_install_app_offline";
+ const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline";
+ DBusAccess dbusAccess("security-manager.service");
+
+ uninstall_app(app_id, pkg_id, true);
+ dbusAccess.maskService();
+ dbusAccess.stopService();
+
+ install_app(app_id, pkg_id);
+
+ dbusAccess.unmaskService();
+ dbusAccess.startService();
+
+ uninstall_app(app_id, pkg_id, true);
+}
+
+RUNNER_CHILD_TEST(security_manager_07_user_add_app_install)
+{
+ const char *const sm_app_id = "sm_test_07_app_id_user";
+ const char *const sm_pkg_id = "sm_test_07_pkg_id_user";
+ const std::string new_user_name = "sm_test_07_user_name";
+ std::string uid_string;
+ TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
+ uid_string = std::to_string(static_cast<unsigned int>(test_user.getUid()));
+
+ install_app(sm_app_id, sm_pkg_id, test_user.getUid());
+
+ check_app_after_install(sm_app_id, sm_pkg_id);
+
+ test_user.remove();
+
+ check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
+}
+
+RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove)
+{
+ UserRequest addUserRequest;
+
+ const char *const sm_app_id = "sm_test_08_app_id_user";
+ const char *const sm_pkg_id = "sm_test_08_pkg_id_user";
+ const char *const new_user_name = "sm_test_08_user_name";
+ std::string uid_string;
+
+ // gumd user add
+ TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
+ uid_string = std::to_string(static_cast<unsigned int>(test_user.getUid()));
+
+ addUserRequest.setUid(test_user.getUid());
+ addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
+
+ //sm user add
+ Api::addUser(addUserRequest);
+
+ install_app(sm_app_id, sm_pkg_id, test_user.getUid());
+
+ check_app_after_install(sm_app_id, sm_pkg_id);
+
+ test_user.remove();
+
+ UserRequest deleteUserRequest;
+ deleteUserRequest.setUid(test_user.getUid());
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
+ Api::deleteUser(deleteUserRequest);
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
+ check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
}
+RUNNER_CHILD_TEST(security_manager_09_add_user_offline)
+{
+ const char *const app_id = "security_manager_09_add_user_offline_app";
+ const char *const pkg_id = "security_manager_09_add_user_offline_pkg";
+ const std::string username("sm_test_09_user_name");
+ DBusAccess dbusAccess("security-manager.service");
+ dbusAccess.maskService();
+ dbusAccess.stopService();
+
+ TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
+
+ install_app(app_id, pkg_id, user.getUid());
+
+ check_app_after_install(app_id, pkg_id);
+
+ dbusAccess.unmaskService();
+ dbusAccess.startService();
+
+ user.remove();
+
+ check_app_after_uninstall(app_id, pkg_id, true);
+}
int main(int argc, char *argv[])
{
- SummaryCollector::Register();
return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
}
projects / platform / core / test / security-tests.git / blobdiff