X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=tests%2Flibprivilege-control-tests%2Ftest_cases.cpp;h=1a885927bc998883e97f73ca0cef84fc8d90da06;hb=084f65d218c8e2bdcc43018c7f70fde533f15787;hp=66a1dae041a70ad3cb4f8777000315ceaa2c6f85;hpb=127b5ecb9f475cc8da7294d7bc78fac649807a26;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git diff --git a/tests/libprivilege-control-tests/test_cases.cpp b/tests/libprivilege-control-tests/test_cases.cpp index 66a1dae..1a88592 100644 --- a/tests/libprivilege-control-tests/test_cases.cpp +++ b/tests/libprivilege-control-tests/test_cases.cpp @@ -18,6 +18,7 @@ * @file test_cases.cpp * @author Jan Olszak (j.olszak@samsung.com) * @author Rafal Krypa (r.krypa@samsung.com) + * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) * @version 1.0 * @brief libprivilege-control test runner */ @@ -27,6 +28,7 @@ #include #include #include +#include #include #include @@ -46,36 +48,19 @@ #include #include #include +#include "common/duplicates.h" +#include "common/db.h" -#include - -#define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules" - -#define EFL_APP_ID "EFL_APP_ID" - -#define EARLY_RULE_SUBJECT "livebox.web-provider" -#define EARLY_RULE_RIGHTS "rwx---" - -#define SMACK_ACC_LEN 6 - -#define APP_1 "app_1" -#define APP_1_DIR "/tmp/app_1" - -#define APP_2 "app_2" -#define APP_2_DIR "/tmp/app_2" - -#define APP_TEST "app_test" - -#define APP_NPRUNTIME "app_np_test" -#define APP_NPRUNTIME_FILE "/etc/smack/test_privilege_control_DIR/app_dir/exec" +// Error codes for test_libprivilege_strerror +const std::vector error_codes { + PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED, + PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN, + PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION, + PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN +}; namespace { -const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL }; -const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL }; -const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL }; -const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL }; - std::vector gen_names(std::string prefix, std::string suffix, size_t size) { std::vector names; @@ -101,148 +86,37 @@ int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb, /* ACCESS */ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - RUNNER_ASSERT_MSG(label != NULL, "ACCESS label on " << fpath << " is not set"); + RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); + RUNNER_ASSERT_MSG_BT(label != NULL, "ACCESS label on " << fpath << " is not set"); result = strcmp(APPID_SHARED_DIR, label); - RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"); + RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"); result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl"); - RUNNER_ASSERT_MSG(result == 1, + RUNNER_ASSERT_MSG_BT(result == 1, "Error rwxatl access was not given shared dir. Subject: " << APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result); /* EXEC */ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - RUNNER_ASSERT_MSG(label == NULL, "EXEC label on " << fpath << " is set"); + RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); + RUNNER_ASSERT_MSG_BT(label == NULL, "EXEC label on " << fpath << " is set"); /* TRANSMUTE */ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); + RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); if (S_ISDIR(sb->st_mode)) { - RUNNER_ASSERT_MSG(label != NULL, "TRANSMUTE label on " << fpath << " is not set"); + RUNNER_ASSERT_MSG_BT(label != NULL, "TRANSMUTE label on " << fpath << " is not set"); result = strcmp("TRUE", label); - RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set"); + RUNNER_ASSERT_MSG_BT(result == 0, "TRANSMUTE label on " << fpath << " is not set"); } else - RUNNER_ASSERT_MSG(label == NULL, "TRANSMUTE label on " << fpath << " is set"); + RUNNER_ASSERT_MSG_BT(label == NULL, "TRANSMUTE label on " << fpath << " is set"); return 0; } -int check_labels_dir(const char *fpath, const struct stat *sb, - const char *labels_db_path, const char *dir_db_path, - const char *access) -{ - int result; - char *label; - char *label_gen; - char *scanf_label_format; - char label_temp[SMACK_LABEL_LEN + 1]; - FILE *file_db; - - /* ACCESS */ - result = smack_lgetlabel(fpath, &label_gen, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - RUNNER_ASSERT_MSG(label_gen != NULL, "ACCESS label on " << fpath << " is not set"); - - /* EXEC */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); - if (result != 0) { - free(label_gen); - RUNNER_ASSERT_MSG(false, "Could not get label for the path"); - } - if (label != NULL) { - free(label_gen); - free(label); - RUNNER_ASSERT_MSG(false, "EXEC label on " << fpath << " is set."); - } - - /* TRANSMUTE */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); - if (result != 0) { - free(label_gen); - free(label); - RUNNER_ASSERT_MSG(false, "Could not get label for the path"); - } - if (S_ISDIR(sb->st_mode)) { - if (label == NULL) { - free(label_gen); - free(label); - RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set"); - } - result = strcmp("TRUE", label); - if (result != 0) { - free(label_gen); - free(label); - RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is not set to TRUE"); - } - } else if (label != NULL) { - free(label_gen); - free(label); - RUNNER_ASSERT_MSG(false, "TRANSMUTE label on " << fpath << " is set"); - } - - free(label); - - if (0 > asprintf(&scanf_label_format, "%%%ds\\n", SMACK_LABEL_LEN)) { - free(label_gen); - RUNNER_ASSERT_MSG(false, "asprintf failed"); - } - - file_db = fopen(labels_db_path, "r"); - if (file_db == NULL) { - free(label_gen); - free(scanf_label_format); - RUNNER_ASSERT_MSG(false, "Can not open database for apps"); - } - while (fscanf(file_db, scanf_label_format, label_temp) == 1) { - result = smack_have_access(label_temp, label_gen, access); - if (result != 1) { - fclose(file_db); - free(label_gen); - free(scanf_label_format); - RUNNER_ASSERT_MSG(false, - "Error " << access << " access was not given for subject: " - << label_temp << ". Result: " << result); - } - } - fclose(file_db); - - file_db = fopen(dir_db_path, "r"); - if (file_db == NULL) { - free(label_gen); - free(scanf_label_format); - RUNNER_ASSERT_MSG(false, "Can not open database for dirs"); - } - - free(scanf_label_format); - free(label_gen); - fclose(file_db); - - return 0; -} - -void osp_blahblah_check(int line_no, const std::vector &rules) -{ - std::ifstream smack_file(OSP_BLAHBLAH); - RUNNER_ASSERT_MSG(smack_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH); - - auto it = rules.begin(); - std::string line; - while (std::getline(smack_file,line)) { - RUNNER_ASSERT_MSG(it != rules.end(), "Line: " << line_no << "Additional line in file: " << line); - RUNNER_ASSERT_MSG(*it == line, "Line: " << line_no << " " << *it << "!=" << line); - it++; - } - - RUNNER_ASSERT_MSG(it == rules.end(), "Line: " << line_no << " Missing line in file: " << *it); - - smack_file.close(); -} - void osp_blahblah_dac_check(int line_no, const std::vector &gids, std::string dac_file_path) { std::ifstream dac_file(dac_file_path); - RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path); + RUNNER_ASSERT_MSG_BT(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path); auto it = gids.begin(); std::string line; @@ -250,12 +124,12 @@ void osp_blahblah_dac_check(int line_no, const std::vector &gids, std: std::istringstream is(line); unsigned gid; is >> gid; - RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid); - RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid); + RUNNER_ASSERT_MSG_BT(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid); + RUNNER_ASSERT_MSG_BT(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid); it++; } - RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it); + RUNNER_ASSERT_MSG_BT(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it); dac_file.close(); } @@ -288,19 +162,23 @@ RUNNER_TEST(privilege_control02_app_label_dir) int result; result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR); result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR); + + DB_BEGIN result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE); - RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed"); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed"); + + DB_END result = nftw(TEST_APP_DIR, &nftw_check_labels_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir"); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for app dir"); result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir"); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir"); } RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir) @@ -310,208 +188,106 @@ RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir) DB_BEGIN result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID); - RUNNER_ASSERT_MSG(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail"); + RUNNER_ASSERT_MSG_BT(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail"); + + DB_END result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR); result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean up Smack labels in " << TEST_NON_APP_DIR); + + DB_BEGIN result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR); - RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed"); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path() failed"); DB_END result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir"); + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for shared app dir"); result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir"); - - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); -} + RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for non-app dir"); -/** - * Simple enabling EFL permissions;. - */ -RUNNER_TEST_SMACK(privilege_control04_add_permissions) -{ - int result = 0; DB_BEGIN result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - - - result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, TRUE); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " perm_app_enable_permissions failed with result: " << result); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); DB_END - - // Check if the accesses are realy applied.. - result = test_have_all_accesses(rules_efl); - RUNNER_ASSERT_MSG(result == 1, "Permissions not added."); - - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); } /** * Revoke permissions from the list. Should be executed as privileged user. */ -RUNNER_CHILD_TEST(privilege_control06_revoke_permissions) +RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt) { - int result; - - // Cleanup - DB_BEGIN - - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_uninstall(WGT_PARTNER_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_uninstall(WGT_PLATFORM_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_uninstall(OSP_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_uninstall(OSP_PARTNER_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_uninstall(OSP_PLATFORM_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - - // Close transaction to commit uninstallation before further actions - DB_END - - DB_BEGIN - - // Install test apps - result = perm_app_install(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_install(WGT_PARTNER_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_install(WGT_PLATFORM_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_install(OSP_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_install(OSP_PARTNER_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_install(OSP_PLATFORM_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - - // Close transaction to commit installation before further actions - DB_END - - DB_BEGIN - - // TEST: - // Revoke permissions - result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - result = perm_app_revoke_permissions(WGT_PARTNER_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - result = perm_app_revoke_permissions(WGT_PLATFORM_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - result = perm_app_revoke_permissions(OSP_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - result = perm_app_revoke_permissions(OSP_PARTNER_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - result = perm_app_revoke_permissions(OSP_PLATFORM_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - DB_END - - // Are all the permissions revoked? - result = test_have_any_accesses(rules_wgt); - RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked."); - result = test_have_any_accesses(rules_wgt_partner); - RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked."); - result = test_have_any_accesses(rules_wgt_platform); - RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked."); - result = test_have_any_accesses(rules_osp); - RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked."); - result = test_have_any_accesses(rules_osp_partner); - RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked."); - result = test_have_any_accesses(rules_osp_platform); - RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked."); - - DB_BEGIN - - // Cleanup - uninstall test apps - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_uninstall(WGT_PARTNER_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_uninstall(WGT_PLATFORM_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_uninstall(OSP_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_uninstall(OSP_PARTNER_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_uninstall(OSP_PLATFORM_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - - DB_END + test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, true); } +/** + * Revoke permissions from the list. Should be executed as privileged user. + */ +RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp) +{ + test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, true); +} -void set_app_privilege(int line_no, +void test_set_app_privilege( const char* app_id, app_type_t APP_TYPE, const char** privileges, const char* type, const char* app_path, const char* dac_file, - const std::vector< std::vector > &rules) { - check_app_installed(line_no, app_path); + const rules_t &rules) { + check_app_installed(app_path); - int result = perm_app_uninstall(app_id); - RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no << - " perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); + int result; DB_BEGIN + result = perm_app_uninstall(app_id); + RUNNER_ASSERT_MSG_BT(result == 0, + " perm_app_uninstall returned " << result << ". " + "Errno: " << strerror(errno)); + result = perm_app_install(app_id); - RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no << - " perm_app_install returned " << result << ". Errno: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(result == 0, + " perm_app_install returned " << result << ". " + "Errno: " << strerror(errno)); // TEST: - result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no << - " Error enabling app permissions. Result: " << result); + result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, true); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + " Error registering app permissions. Result: " << result); DB_END result = test_have_all_accesses(rules); - RUNNER_ASSERT_MSG(result == 1, "Permissions not added."); + RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added."); + + std::set groups_before; + read_user_gids(groups_before, APP_UID); result = perm_app_set_privilege(app_id, type, app_path); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error in perm_app_set_privilege. Error: " << result); // Check if SMACK label really set char *label; result = smack_new_label_from_self(&label); - RUNNER_ASSERT_MSG(result >= 0, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(result >= 0, " Error getting current process label"); - RUNNER_ASSERT_MSG(label != NULL, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(label != NULL, " Process label is not set"); result = strcmp(app_id, label); - RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(result == 0, " Process label " << label << " is incorrect"); - check_groups(dac_file); + check_groups(groups_before, dac_file); } /** @@ -519,56 +295,24 @@ void set_app_privilege(int line_no, */ RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt) { - set_app_privilege(__LINE__,WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH, + test_set_app_privilege(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH, LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt); } /** - * Set APP privileges. wgt_partner. - */ -RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_partner) -{ - set_app_privilege(__LINE__, WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT, - "wgt_partner", WGT_PARTNER_APP_PATH, - LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_partner); -} - -/** - * Set APP privileges. wgt_platform. - */ -RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_platform) -{ - set_app_privilege(__LINE__, WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT, - "wgt_platform", WGT_PLATFORM_APP_PATH, - LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt_platform); -} - -/** * Set APP privileges. osp app. */ RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp) { - set_app_privilege(__LINE__, OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, NULL, OSP_APP_PATH, + test_set_app_privilege(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH, LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp); } -/** - * Set APP privileges. partner osp app. - */ -RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_partner) -{ - set_app_privilege(__LINE__, OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP, - NULL, OSP_PARTNER_APP_PATH, LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_partner); -} - -/** - * Set APP privileges. platform osp app. - */ -RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_platform) +RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_efl) { - set_app_privilege(__LINE__, OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP, - NULL, OSP_PLATFORM_APP_PATH, - LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp_platform); + test_set_app_privilege(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, + "rpm", EFL_APP_PATH, + LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl); } /** @@ -584,213 +328,218 @@ RUNNER_TEST(privilege_control11_add_api_feature) // argument validation result = perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0); - RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM); + RUNNER_ASSERT_BT(result == PC_ERR_INVALID_PARAM); result = perm_add_api_feature(APP_TYPE_OSP,"", NULL, NULL, 0); - RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM); + RUNNER_ASSERT_BT(result == PC_ERR_INVALID_PARAM); // Already existing feature: // TODO: Database will be malformed. (Rules for these features will be removed.) result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); // empty features result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); // empty rules - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), { NULL }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + const char *test1[] = { NULL }; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), (const char*[]) { "", NULL }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + const char *test2[] = { "", NULL }; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), (const char*[]) { " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + const char *test3[] = { " \t\n", "\t \n", "\n\t ", NULL }; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); // malformed rules - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), (const char*[]) { "malformed", NULL }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); + const char *test4[] = { "malformed", NULL }; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), (const char*[]) { "malformed malformed", NULL }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); + const char *test5[] = { "malformed malformed", NULL }; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), (const char*[]) { "-malformed malformed rwxat", NULL }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); + const char *test6[] = { "-malformed malformed rwxat", NULL }; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), (const char*[]) { "~/\"\\ malformed rwxat", NULL }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); + const char *test7[] = { "~/\"\\ malformed rwxat", NULL }; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), (const char*[]) { "subject object rwxat something else", NULL }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); + const char *test8[] = { "subject object rwxat something else", NULL }; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); // correct rules - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), (const char*[]) { + const char *test9[] = { "~APP~ object\t rwxatl", " \t \n", "subject2\t~APP~ ltxarw", "", - NULL - }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + NULL}; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), (const char*[]) { - "Sub::jE,ct ~APP~ a-rwxl", - NULL - }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), (const char*[]) { - "Sub::sjE,ct ~APP~ a-RwXL", // TODO This fails. - NULL - }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", NULL }; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + + const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", NULL }; // TODO This fails. + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); // TODO For now identical/complementary rules are not merged. - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), (const char*[]) { + const char *test12[] = { "subject1 ~APP~ rwxatl", " \t \n", "subject2 ~APP~ ltxarw", "", - NULL - }, NULL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - DB_END + NULL}; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, NULL, 0); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); // empty group ids - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + const char *test13[] = { "~APP~ b a", NULL}; + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); result = file_exists(OSP_BLAHBLAH_DAC[12].c_str()); - RUNNER_ASSERT(result == -1); + RUNNER_ASSERT_BT(result == -1); remove_smack_files(); // valid group ids - result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},3); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]); remove_smack_files(); - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]); remove_smack_files(); - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {1,1,1},3); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); + result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]); remove_smack_files(); + + DB_END } /* - * Check perm_app_install function + * Check perm_app_uninstall function */ -RUNNER_TEST(privilege_control01_app_install) +void check_perm_app_uninstall(const char* pkg_id) { int result; + DB_BEGIN - perm_app_uninstall(APP_ID); + result = perm_app_uninstall(pkg_id); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned: " << perm_strerror(result)); - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); + DB_END - // try install second time app with the same ID - it should pass. - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); + TestLibPrivilegeControlDatabase db_test; + db_test.test_db_after__perm_app_uninstall(pkg_id); +} + +RUNNER_TEST(privilege_control07_app_uninstall) +{ + check_perm_app_uninstall(APP_ID); } /* - * Check perm_app_uninstall function + * Check perm_app_install function */ -RUNNER_TEST(privilege_control07_app_uninstall) +void check_perm_app_install(const char* pkg_id) { int result; - int fd = -1; - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); + DB_BEGIN - // checking if file really exists - fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY); - RUNNER_ASSERT_MSG(fd == -1, "SMACK file NOT deleted after perm_app_uninstall"); - close(fd); + result = perm_app_install(pkg_id); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result)); + + DB_END + + TestLibPrivilegeControlDatabase db_test; + db_test.test_db_after__perm_app_install(pkg_id); +} + +RUNNER_TEST(privilege_control01_app_install) +{ + check_perm_app_uninstall(APP_ID); + check_perm_app_install(APP_ID); + // try install second time app with the same ID - it should pass. + check_perm_app_install(APP_ID); } /* - * Check app_register_av function - * Notice that this test case may have no sense if previous would fail (privilege_control06_app_install) + * Check perm_rollback function */ -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -RUNNER_TEST_SMACK(privilege_control10_app_register_av) +RUNNER_TEST(privilege_control07_app_rollback) { - RUNNER_IGNORED_MSG("app_register_av is not implemented"); + check_perm_app_uninstall(APP_ID); + int result; - // cleaning - smack_revoke_subject(APP_TEST_AV_1); - smack_revoke_subject(APP_TEST_AV_2); + DB_BEGIN - cleaning_smack_app_files(); + result = perm_app_install(APP_ID); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result)); - DB_BEGIN + // transaction rollback + result = perm_rollback(); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_rollback returned: " << perm_strerror(result)); - // Adding two apps before antivir - result = perm_app_install(APP_TEST_APP_1); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); + DB_END - result = perm_app_install(APP_TEST_APP_2); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); + TestLibPrivilegeControlDatabase db_test; + db_test.test_db_after__perm_app_uninstall(APP_ID); - // Adding antivir - result = app_register_av(APP_TEST_AV_1); - RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno)); +} - DB_END +RUNNER_TEST(privilege_control07_app_rollback_2) +{ + check_perm_app_uninstall(APP_ID); - // Checking added apps accesses - checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)"); - checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)"); + int result; - // Adding third app - result = perm_app_install(APP_TEST_APP_3); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); + DB_BEGIN - // Checking app accesses - checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "perm_app_install(APP_TEST_APP_3)"); - checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "perm_app_install(APP_TEST_APP_3)"); - checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "perm_app_install(APP_TEST_APP_3)"); + result = perm_app_install(APP_ID); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result)); - // Adding second antivir - result = app_register_av(APP_TEST_AV_2); - RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno)); + // transaction rollback + result = perm_rollback(); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_rollback returned: " << perm_strerror(result)); - // Checking app accesses - checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)"); - checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)"); - checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)"); - checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_2)"); - checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_2)"); - checkOnlyAvAccess(APP_TEST_AV_2, APP_TEST_APP_3, "app_register_av(APP_TEST_AV_2)"); + // install once again after the rollback + result = perm_app_install(APP_ID); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned: " << perm_strerror(result)); - // cleaning - smack_revoke_subject(APP_TEST_AV_1); - smack_revoke_subject(APP_TEST_AV_2); + DB_END - cleaning_smack_app_files(); + TestLibPrivilegeControlDatabase db_test; + db_test.test_db_after__perm_app_install(APP_ID); } -#pragma GCC diagnostic warning "-Wdeprecated-declarations" /** * Grant SMACK permissions based on permissions list. @@ -803,105 +552,124 @@ RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions) DB_BEGIN result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); result = perm_app_install(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); /** * Test - Enabling all permissions with persistant mode enabled */ result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error revoking app permissions. Result: " << result); - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error enabling app permissions. Result: " << result); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + " Error registering app permissions. Result: " << result); DB_END // Check if the accesses are realy applied.. result = test_have_all_accesses(rules2); - RUNNER_ASSERT_MSG(result == 1, "Permissions not added."); + RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added."); DB_BEGIN // Clean up result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error revoking app permissions. Result: " << result); + DB_END + /** * Test - Enabling all permissions with persistant mode disabled */ + DB_BEGIN + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + " Error registering app permissions. Result: " << result); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error enabling app permissions. Result: " << result); DB_END // Check if the accesses are realy applied.. result = test_have_all_accesses(rules2); - RUNNER_ASSERT_MSG(result == 1, "Permissions not added."); + RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added."); DB_BEGIN // Clean up result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error revoking app permissions. Result: " << result); + DB_END + /** - * Test - Enabling all permissions in two complementary files + * Test - Registering new permissions in two complementary files */ - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error enabling app permissions. Result: " << result); + DB_BEGIN + + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, true); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + " Error registering app permissions. Result: " << result); DB_END // Check if the accesses are realy applied.. result = test_have_all_accesses(rules2_no_r); - RUNNER_ASSERT_MSG(result == 1, "Permissions not added."); + RUNNER_ASSERT_MSG_BT(result == 1, "Permissions not added."); DB_BEGIN // Clean up result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error revoking app permissions. Result: " << result); + DB_END + /** * Test - Enabling some permissions and then enabling complementary permissions */ - // Enable permission for rules 2 no r - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error enabling app permissions without r. Result: " << result); + DB_BEGIN + + // Register permission for rules 2 no r + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + " Error registering app permissions without r. Result: " << result); DB_END // Check if the accesses are realy applied.. result = test_have_all_accesses(rules2_no_r); - RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added."); + RUNNER_ASSERT_MSG_BT(result == 1, "Permissions without r not added."); - // Enable permission for rules 2 - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error enabling app all permissions. Result: " << result); + DB_BEGIN + + // Register permission for rules 2 + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + " Error registering app all permissions. Result: " << result); + + DB_END // Check if the accesses are realy applied.. result = test_have_all_accesses(rules2); - RUNNER_ASSERT_MSG(result == 1, "Permissions all not added."); + RUNNER_ASSERT_MSG_BT(result == 1, "Permissions all not added."); DB_BEGIN // Clean up result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error revoking app permissions. Result: " << result); /** @@ -909,239 +677,65 @@ RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions) */ // Enable permission for rules 2 no r - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error enabling app permissions without r. Result: " << result); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + " Error registering app permissions without r. Result: " << result); DB_END // Check if the accesses are realy applied.. result = test_have_all_accesses(rules2_no_r); - RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added."); + RUNNER_ASSERT_MSG_BT(result == 1, "Permissions without r not added."); + + DB_BEGIN // Enable permission for rules 2 - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error enabling app permissions with only r. Result: " << result); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + " Error registering app permissions with only r. Result: " << result); + + DB_END // Check if the accesses are realy applied.. result = test_have_all_accesses(rules2_r); - RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added."); + RUNNER_ASSERT_MSG_BT(result == 1, "Permissions with only r not added."); DB_BEGIN // Clean up result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error revoking app permissions. Result: " << result); // Clean up after test: result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); DB_END } -RUNNER_CHILD_TEST(privilege_control11_app_enable_permissions_efl) +RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl) { - int result; - - DB_BEGIN - - // Prepare - result = perm_app_uninstall(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << result); - result = perm_app_install(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_install failed: " << result); - - // Enable a permission: - result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error enabling app permissions. Result: " << result); - - DB_END - - RUNNER_ASSERT_MSG(smack_have_access(EFL_APP_ID,"test_book_efl", "r"), - "SMACK accesses not granted for EFL_APP"); - - // Cleanup - result = perm_app_uninstall(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << result); + test_app_enable_permissions_efl(true); } /* * Check perm_app_install function */ -RUNNER_CHILD_TEST(privilege_control12_app_disable_permissions_efl) +RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl) { - int result; - - DB_BEGIN - - // Prepare - result = perm_app_uninstall(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << result); - - result = perm_app_install(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_install failed: " << result); - - // Enable a permission - result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error enabling app permissions. Result: " << result); - - DB_END - - RUNNER_ASSERT_MSG(smack_have_access(EFL_APP_ID,"test_book_efl", "r"), - "SMACK accesses not granted for EFL_APP"); - - // Disable a permission - result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - RUNNER_ASSERT_MSG(!smack_have_access(EFL_APP_ID,"test_book_efl", "r"), - "SMACK accesses not granted for EFL_APP"); - - // Cleanup - result = perm_app_uninstall(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << result); + test_app_disable_permissions_efl(true); } /** * Remove previously granted SMACK permissions based on permissions list. */ -RUNNER_TEST(privilege_control12_app_disable_permissions) +RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions) { - int result; - - DB_BEGIN - - // Prepare - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << result); - - result = perm_app_install(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_install failed: " << result); -/** - * Test - disable all granted permissions. - */ - - // Prepare permissions that we want to disable - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error enabling app permissions. Result: " << result); - - DB_END - - // Are all the permissions enabled? - result = test_have_any_accesses(rules2); - RUNNER_ASSERT_MSG(result==1, "Not all permisions enabled."); - - // Disable permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - // Are all the permissions disabled? - result = test_have_any_accesses(rules2); - RUNNER_ASSERT_MSG(result!=1, "Not all permisions disabled."); - -/** - * Test - disable some granted permissions leaving non complementary and then disabling those too. - */ - - DB_BEGIN - - // Prepare permissions that will not be disabled - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error adding app first permissions. Result: " << result); - - // Prepare permissions that we want to disable - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error adding app second permissions. Result: " << result); - - // Disable second permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app second permissions. Result: " << result); - - DB_END - - // Are all second permissions disabled? - result = test_have_any_accesses(rules2); - RUNNER_ASSERT_MSG(result!=1, "Not all first permisions disabled."); - - // Are all first permissions not disabled? - result = test_have_all_accesses(rules_wgt2); - RUNNER_ASSERT_MSG(result==1, "Some of second permissions disabled."); - - // Disable first permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app first permissions. Result: " << result); - - // Are all second permissions disabled? - result = test_have_any_accesses(rules_wgt2); - RUNNER_ASSERT_MSG(result!=1, "Not all second permisions disabled."); - -/** - * Test - disable only no r granted permissions. - */ - - DB_BEGIN - - // Prepare permissions - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error adding app permissions. Result: " << result); - - // Disable same permissions without r - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app no r permissions. Result: " << result); - - DB_END - - // Is any r permissions disabled? - result = test_have_all_accesses(rules2_r); - RUNNER_ASSERT_MSG(result==1, "Some of r permissions disabled."); - // Are all no r permissions disabled? - result = test_have_any_accesses(rules2_no_r); - RUNNER_ASSERT_MSG(result!=1, "Not all no r permissions disabled."); - - // Prepare permissions - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error adding app no r permissions. Result: " << result); - result = test_have_any_accesses(rules2_no_r); - RUNNER_ASSERT_MSG(result=1, "Not all no r permissions enabled."); - - // Disable all permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - result = test_have_any_accesses(rules2_r); - RUNNER_ASSERT_MSG(result!=1, "Not all r permissions disabled."); - - - - // Clean up after test: - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); + test_app_disable_permissions(true); } /** @@ -1160,202 +754,37 @@ RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions) DB_BEGIN result = perm_app_install(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); // Prepare permissions to reset - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error adding app permissions. Result: " << result); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + " Error registering app permissions. Result: " << result); // Reset permissions result = perm_app_reset_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error reseting app permissions. Result: " << result); DB_END // Are all second permissions not disabled? result = test_have_all_accesses(rules2); - RUNNER_ASSERT_MSG(result == 1, "Not all permissions added."); + RUNNER_ASSERT_MSG_BT(result == 1, "Not all permissions added."); DB_BEGIN // Disable permissions result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error disabling app permissions. Result: " << result); result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); DB_END } -/** - * Make two applications "friends", by giving them both full permissions on - * each other. - */ -RUNNER_TEST_SMACK(privilege_control14_app_add_friend) -{ - RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented"); - - int result; - -/** - * Test - making friends with no permissions on each other - */ - - result = perm_app_revoke_permissions(APP_FRIEND_1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - result = perm_app_revoke_permissions(APP_FRIEND_2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - perm_app_uninstall(APP_FRIEND_1); - perm_app_uninstall(APP_FRIEND_2); - - // Installing friends to be - result = perm_app_install(APP_FRIEND_1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error installing first app. Result: " << result); - result = perm_app_install(APP_FRIEND_2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error installing second app. Result: " << result); - - // Making friends - result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error making friends. Errno: " << result); - - // Checking if friends were made - result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error first one sided friednship failed. Result: " << result); - result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error second one sided friednship failed. Result: " << result); - - // Clean up - result = perm_app_revoke_permissions(APP_FRIEND_1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - result = perm_app_revoke_permissions(APP_FRIEND_2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - perm_app_uninstall(APP_FRIEND_1); - perm_app_uninstall(APP_FRIEND_2); - -/** - * Test - making friends with nonexistent friend - */ - - // Installing one friend - result = perm_app_install(APP_FRIEND_1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error installing first app. Errno: " << result); - - // Adding imaginary friend as second - result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error making friends (first) with imaginairy friend failed. Result: " - << result); - // Adding imaginary friend as first - result = perm_app_add_friend(APP_FRIEND_2, APP_FRIEND_1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error making friends (second) with imaginairy friend failed. Result: " - << result); - // Clean up - result = perm_app_revoke_permissions(APP_FRIEND_1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - result = perm_app_revoke_permissions(APP_FRIEND_2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - perm_app_uninstall(APP_FRIEND_1); - perm_app_uninstall(APP_FRIEND_2); - -/** - * Test - making friends with some permissions already added - */ - unsigned int i; - unsigned int j; - - struct smack_accesses *rulesFriend = NULL; - - std::vector accessesFriend = - { "r", "w", "x", "rw", "rx", "wx", "rwx", "rwxat" }; - - // Installing friends to be - result = perm_app_install(APP_FRIEND_1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error installing first app. Result: " << result); - result = perm_app_install(APP_FRIEND_2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error installing second app. Result: " << result); - - for (i = 0; i < accessesFriend.size(); ++i) - { - for (j = 0; j < accessesFriend.size(); ++j) - { - // Adding rules before making friends - result = smack_accesses_new(&rulesFriend); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in smack_accesses_new. Result: " << result); - - result = smack_accesses_add(rulesFriend, - APP_FRIEND_1, APP_FRIEND_2, accessesFriend[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, - "Unable to add modify rulesFirend (first). Result: " << result); - result = smack_accesses_add(rulesFriend, APP_FRIEND_2, - APP_FRIEND_1, accessesFriend[j].c_str()); - RUNNER_ASSERT_MSG(result == 0, - "Unable to add modify rulesFirend (second). Result: " << result); - - result = smack_accesses_apply(rulesFriend); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in smack_accesses_apply. Result: " << result); - - // Adding friends - result = perm_app_add_friend(APP_FRIEND_1, APP_FRIEND_2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error making friends. Result: " << result); - - // Checking if friends were made - result = smack_have_access(APP_FRIEND_1, APP_FRIEND_2, "wrxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error first one sided friednship failed. Result: " << result); - result = smack_have_access(APP_FRIEND_2, APP_FRIEND_1, "wrxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error second one sided friednship failed. Result: " << result); - - // Deleting all rules between friends - smack_accesses_add_modify(rulesFriend, - APP_FRIEND_1, APP_FRIEND_2,"","rwxat"); - smack_accesses_add_modify(rulesFriend, - APP_FRIEND_2, APP_FRIEND_1,"","rwxat"); - - result = smack_accesses_apply(rulesFriend); - - smack_accesses_free(rulesFriend); - rulesFriend = NULL; - } - } - - // Clean up - result = perm_app_revoke_permissions(APP_FRIEND_1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - result = perm_app_revoke_permissions(APP_FRIEND_2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - perm_app_uninstall(APP_FRIEND_1); - perm_app_uninstall(APP_FRIEND_2); -} - static void smack_set_random_label_based_on_pid_on_self(void) { int result; @@ -1363,7 +792,7 @@ static void smack_set_random_label_based_on_pid_on_self(void) ss << "s-" << getpid() << "-" << getppid(); result = smack_set_label_for_self(ss.str().c_str()); - RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self(" + RUNNER_ASSERT_MSG_BT(result == 0, "smack_set_label_for_self(" << ss.str().c_str() << ") failed"); } @@ -1382,14 +811,14 @@ static void smack_unix_sock_server(int sock) close(fd); close(sock); free(smack_label); - RUNNER_ASSERT_MSG(0, "smack_new_label_from_self() failed"); + RUNNER_ASSERT_MSG_BT(0, "smack_new_label_from_self() failed"); } result = write(fd, smack_label, strlen(smack_label)); if (result != (int)strlen(smack_label)) { close(fd); close(sock); free(smack_label); - RUNNER_ASSERT_MSG(0, "write() failed: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(0, "write() failed: " << strerror(errno)); } close(fd); free(smack_label); @@ -1402,7 +831,7 @@ RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket) unlink(SOCK_PATH); pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "Fork failed"); + RUNNER_ASSERT_MSG_BT(pid >= 0, "Fork failed"); smack_set_random_label_based_on_pid_on_self(); @@ -1411,17 +840,17 @@ RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket) /* Set the process label before creating a socket */ sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_MSG(sock >= 0, "socket failed: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno)); result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); if (result != 0) { close(sock); - RUNNER_ASSERT_MSG(0, "bind failed: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(0, "bind failed: " << strerror(errno)); } result = listen(sock, 1); if (result != 0) { close(sock); - RUNNER_ASSERT_MSG(0, "listen failed: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(0, "listen failed: " << strerror(errno)); } smack_unix_sock_server(sock); @@ -1429,7 +858,7 @@ RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket) smack_unix_sock_server(sock); pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "Fork failed"); + RUNNER_ASSERT_MSG_BT(pid >= 0, "Fork failed"); /* Now running two concurrent servers. Test if socket label was unaffected by fork() */ smack_unix_sock_server(sock); @@ -1448,13 +877,13 @@ RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket) char *smack_label2; sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_MSG(sock >= 0, + RUNNER_ASSERT_MSG_BT(sock >= 0, "socket failed: " << strerror(errno)); result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); if (result != 0) { close(sock); - RUNNER_ASSERT_MSG(0, "connect failed: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(0, "connect failed: " << strerror(errno)); } alarm(2); @@ -1462,18 +891,18 @@ RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket) alarm(0); if (result < 0) { close(sock); - RUNNER_ASSERT_MSG(0, "read failed: " << strerror(errno)); + RUNNER_ASSERT_MSG_BT(0, "read failed: " << strerror(errno)); } smack_label1[result] = '\0'; smack_label2 = perm_app_id_from_socket(sock); if (smack_label2 == NULL) { close(sock); - RUNNER_ASSERT_MSG(0, "perm_app_id_from_socket failed"); + RUNNER_ASSERT_MSG_BT(0, "perm_app_id_from_socket failed"); } result = strcmp(smack_label1, smack_label2); if (result != 0) { close(sock); - RUNNER_ASSERT_MSG(0, "smack labels differ: '" << smack_label1 + RUNNER_ASSERT_MSG_BT(0, "smack labels differ: '" << smack_label1 << "' != '" << smack_label2 << "-" << random() << "'"); } close(sock); @@ -1489,7 +918,7 @@ RUNNER_TEST(privilege_control16_app_setup_path){ const char *label1 = "qwert123456za"; const char *label2 = "trewq654123az"; - std::unique_ptr > labelPtr(NULL,free); + CStringPtr labelPtr; mkdir(path1,0); mkdir(path2,0); @@ -1503,104 +932,37 @@ RUNNER_TEST(privilege_control16_app_setup_path){ char *label = NULL; - RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1)); - RUNNER_ASSERT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS)); - labelPtr.reset(label); - label = NULL; - RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label1)); - - RUNNER_ASSERT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2)); - RUNNER_ASSERT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC)); - labelPtr.reset(label); - label = NULL; - RUNNER_ASSERT(0 == strcmp(labelPtr.get(), label2)); - - RUNNER_ASSERT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC)); - labelPtr.reset(label); - label = NULL; - RUNNER_ASSERT(labelPtr.get() == NULL); -} - -RUNNER_TEST(privilege_control17_appsettings_privilege) -{ - int ret; - char *app1_dir_label; - char *app2_dir_label; - //prepare test - - (void)perm_app_uninstall(APP_TEST); - (void)perm_app_uninstall(APP_1); - (void)perm_app_uninstall(APP_2); - DB_BEGIN - //install some app 1 - ret = perm_app_install(APP_1); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret); - - mkdir(APP_1_DIR, S_IRWXU | S_IRGRP | S_IXGRP); - - //register settings folder for app 1 - ret = perm_app_setup_path(APP_1, APP_1_DIR, APP_PATH_SETTINGS_RW ); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret); - - //install "app_test" and give it appsettings privilege - ret = perm_app_install(APP_TEST); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install."); - - - ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, - " Error enabling app permissions. Result: " << ret); + RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label1)); DB_END - //check if "app_test" has an RX access to the app "app_1" - ret = smack_have_access(APP_TEST, APP_1, "rx"); - RUNNER_ASSERT_MSG(ret,"access denied"); - - //check if "app_test" has an RWX access to a folder registered by "app_1" - ret = smack_getlabel(APP_1_DIR, &app1_dir_label, SMACK_LABEL_ACCESS ); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed"); - ret = smack_have_access(APP_TEST, app1_dir_label, "rwx"); - RUNNER_ASSERT_MSG(ret,"access denied to smack label: " << app1_dir_label); - + RUNNER_ASSERT_BT(0 == smack_lgetlabel(path3, &label, SMACK_LABEL_ACCESS)); + labelPtr.reset(label); + label = NULL; + RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label1)); DB_BEGIN - //intstall another app: "app_2" - ret = perm_app_install(APP_2); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install."); - - mkdir(APP_2_DIR, S_IRWXU | S_IRGRP | S_IXGRP); - //register settings folder for that "app_2" - ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW ); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret); + RUNNER_ASSERT_BT(PC_OPERATION_SUCCESS == perm_app_setup_path("somepackageid", path1, APP_PATH_ANY_LABEL, label2)); DB_END - //check if "app_test" has an RX access to the app "app_2" - ret = smack_have_access(APP_TEST, APP_2, "rx"); - RUNNER_ASSERT_MSG(ret,"access denies"); - - //check if "app_test" has an RWX access to a folder registered by "app_2" - ret = smack_getlabel(APP_2_DIR, &app2_dir_label, SMACK_LABEL_ACCESS ); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed"); - ret = smack_have_access(APP_TEST, app2_dir_label, "rwx"); - RUNNER_ASSERT_MSG(ret,"access denies"); - - free (app1_dir_label); - free (app2_dir_label); - rmdir(APP_1_DIR); - rmdir(APP_2_DIR); - - DB_BEGIN + RUNNER_ASSERT_BT(0 == smack_lgetlabel(path4, &label, SMACK_LABEL_EXEC)); + labelPtr.reset(label); + label = NULL; + RUNNER_ASSERT_BT(0 == strcmp(labelPtr.get(), label2)); - (void)perm_app_uninstall(APP_TEST); - (void)perm_app_uninstall(APP_1); - (void)perm_app_uninstall(APP_2); + RUNNER_ASSERT_BT(0 == smack_lgetlabel(path1, &label, SMACK_LABEL_EXEC)); + labelPtr.reset(label); + label = NULL; + RUNNER_ASSERT_BT(labelPtr.get() == NULL); +} - DB_END +RUNNER_TEST_SMACK(privilege_control17_appsettings_privilege) +{ + test_appsettings_privilege(true); } void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) { @@ -1609,34 +971,42 @@ void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) { DB_BEGIN result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no << " Error in perm_app_uninstall." << result); result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no << " Error in perm_app_install." << result); + DB_END + result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no << " Unable to clean up Smack labels in " << TEST_APP_DIR); result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no << " Unable to clean up Smack labels in " << TEST_NON_APP_DIR); + DB_BEGIN + result = perm_app_setup_path(APP_ID, TEST_APP_DIR, PATH_TYPE); - RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no << " perm_app_setup_path() failed"); DB_END result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(result == 0, "Line: " << line_no << " Unable to check Smack labels for non-app dir"); + DB_BEGIN + result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no << + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Line: " << line_no << " Error in perm_app_uninstall." << result); + + DB_END } RUNNER_TEST_SMACK(privilege_control18_app_setup_path_public) @@ -1649,407 +1019,21 @@ RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings) test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW); } -RUNNER_TEST(privilege_control20_app_setup_path_npruntime) -{ - int result = 0; - std::unique_ptr > labelPtr(NULL,free); - std::string nptargetlabel = std::string(APP_NPRUNTIME) + ".npruntime"; - char *label = NULL; - - DB_BEGIN - - result = perm_app_uninstall(APP_NPRUNTIME); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result); - - result = perm_app_install(APP_NPRUNTIME); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install. " << result); - - result = perm_app_setup_path(APP_NPRUNTIME, APP_NPRUNTIME_FILE, PERM_APP_PATH_NPRUNTIME); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path. " << result); - - DB_END - - RUNNER_ASSERT(0 == smack_lgetlabel(APP_NPRUNTIME_FILE, &label, SMACK_LABEL_EXEC)); - labelPtr.reset(label); - label = NULL; - RUNNER_ASSERT(0 == strcmp(labelPtr.get(), nptargetlabel.c_str())); - - // test smack accesses - result = smack_have_access(APP_NPRUNTIME, nptargetlabel.c_str(), "rw"); - RUNNER_ASSERT_MSG(result == 1, - "Error: subject: " << APP_NPRUNTIME << " has not rw access to object: " - << nptargetlabel.c_str() << ". Result: " << result); - - result = smack_have_access(nptargetlabel.c_str(), APP_NPRUNTIME, "rxat"); - RUNNER_ASSERT_MSG(result == 1, - "Error: subject: " << nptargetlabel.c_str() << " has not rxat access to object: " - << APP_NPRUNTIME << ". Result: " << result); - - result = smack_have_access(nptargetlabel.c_str(), "system::homedir", "rxat"); - RUNNER_ASSERT_MSG(result == 1, - "Error: subject: " << nptargetlabel.c_str() << " has not rxat access to object: " - << "system::homedir. Result: " << result); - - result = smack_have_access(nptargetlabel.c_str(), "xorg", "rw"); - RUNNER_ASSERT_MSG(result == 1, - "Error: subject: " << nptargetlabel.c_str() << " has not rw access to object: " - << "xorg. Result: " << result); - - result = perm_app_uninstall(APP_NPRUNTIME); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall. " << result); -} - -RUNNER_TEST(privilege_control21_early_rules) -{ - RUNNER_IGNORED_MSG("early rules are not implemented"); - - int result; - int fd = -1; - int pass_1 = 0; - int pass_2 = 0; - char *single_line_format = NULL; - char *perm = NULL; - FILE *file = NULL; - - char subject[SMACK_LABEL_LEN + 1] = {0}; - char object[SMACK_LABEL_LEN + 1] = {0}; - char rule_add[SMACK_ACC_LEN + 1] = {0}; - char rule_remove[SMACK_ACC_LEN + 1] = {0}; - - unlink(SMACK_RULES_DIR APP_ID); - - DB_BEGIN - - perm_app_uninstall(APP_ID); - - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_install(APP_TEST_APP_1); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - - // checking if file really exists - fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY); - close(fd); - RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno)); - fd = -1; - - result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT, (const char**) &perm, 1); - RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result); - result = perm_app_enable_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm, 1); - RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result); - - DB_END - - file = fopen(SMACK_STARTUP_RULES_FILE, "r"); - RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno)); - - result = asprintf(&single_line_format, "%%%ds %%%ds %%%ds %%%ds\\n", SMACK_LABEL_LEN, SMACK_LABEL_LEN, SMACK_ACC_LEN, SMACK_ACC_LEN); - - while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) { - if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) { - pass_1 = 1; // Found rule for APP_ID - continue; - } - if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) { - pass_2 = 1; // Found rule for APP_TEST_APP_1 - continue; - } - } - fclose(file); - file = NULL; - - RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " not found"); - RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found"); - - // Checking if "early rule" for APP_ID was really removed - // We also should make sure that "early rules" for other apps wasn't removed - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - pass_1 = 1; - pass_2 = 0; - - file = fopen(SMACK_STARTUP_RULES_FILE, "r"); - RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno)); - - while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) { - if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) { - pass_1 = 0; // Found rule for APP_ID - it should NOT be here - continue; - } - if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) { - pass_2 = 1; // Found rule for APP_TEST_APP_1 - continue; - } - } - fclose(file); - file = NULL; - - RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found"); - RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " not found"); - - // Removing and checking "early rule" for APP_TEST_APP_1 - result = perm_app_uninstall(APP_TEST_APP_1); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - pass_1 = 1; - pass_2 = 1; - - file = fopen(SMACK_STARTUP_RULES_FILE, "r"); - RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno)); - - while(fscanf(file, single_line_format, subject, object, rule_add, rule_remove) == 4) { - if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_ID, SMACK_LABEL_LEN) == 0) { - pass_1 = 0; // Found rule for APP_ID - it should NOT be here - continue; - } - if(strncmp(subject, EARLY_RULE_SUBJECT, SMACK_LABEL_LEN) == 0 && strncmp(object, APP_TEST_APP_1, SMACK_LABEL_LEN) == 0) { - pass_2 = 0; // Found rule for APP_TEST_APP_1 - it should NOT be here - continue; - } - } - free(single_line_format); - fclose(file); - - RUNNER_ASSERT_MSG(pass_1 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_ID << " " << EARLY_RULE_RIGHTS << " found"); - RUNNER_ASSERT_MSG(pass_2 == 1, "Rule " << EARLY_RULE_SUBJECT << " " << APP_TEST_APP_1 << " " << EARLY_RULE_RIGHTS << " found"); -} - -/** - * AV Privilege test cases. - * - * Each privilege_control24* test case tests antivirus privileges for each app_type_t, except for - * deprecated APP_TYPE_OTHER type. - */ - -int nftw_remove_dir(const char* filename, const struct stat* /*statptr*/, int /*fileflags*/, - struct FTW* /*pfwt*/) -{ - int result = -1; - - struct stat filestat; - - result = stat(filename, &filestat); - RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to get file statistics. Result: " - << result << ", error: " << strerror(errno) << ", file: " << filename); - - if(S_ISREG(filestat.st_mode)) { - result = unlink(filename); - RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to unlink file. Result: " - << result << ", error: " << strerror(errno) << ", file: " << filename); - } else if(S_ISDIR(filestat.st_mode)) { - result = rmdir(filename); - RUNNER_ASSERT_MSG(result == 0, "NFTW error: Failed to remove dir. Result: " - << result << ", error: " << strerror(errno) << ", file: " << filename); - } - - return 0; -} - -void InstallApp(const char* pkg_id, const char* path, app_path_type_t app_path_type, - const char* shared_label) -{ - int result = -1; - - result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP); - RUNNER_ASSERT_MSG(result == 0, "Can't create dir for tests. Result: " << result << - ", error: " << strerror(errno) << ", app_path_type: " << app_path_type); - - DB_BEGIN - - result = perm_app_revoke_permissions(pkg_id); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: " - << result << ", app_path_type: " << app_path_type); - result = perm_app_uninstall(pkg_id); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: " - << result << ", app_path_type: " << app_path_type); - - result = perm_app_install(pkg_id); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: " - << result << ", app_path_type: " << app_path_type); - result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: " - << result << ", app_path_type: " << app_path_type); - - DB_END -} - -void InstallAV(const char* av_id, app_type_t av_type) -{ - int result = -1; - - DB_BEGIN - - result = perm_app_revoke_permissions(av_id); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: " - << result << ", av_type: " << av_type); - result = perm_app_uninstall(av_id); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: " - << result << ", av_type: " << av_type); +RUNNER_TEST(privilege_control25_test_libprivilege_strerror) { + int POSITIVE_ERROR_CODE = 1; + int NONEXISTING_ERROR_CODE = -239042; + const char *result; - result = perm_app_install(av_id); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: " - << result << ", av_type: " << av_type); - result = perm_app_enable_permissions(av_id, av_type, PRIVS_AV, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "enable_permissions failed. Result: " - << result << ", av_type: " << av_type); - - DB_END -} - -void CheckAVPrivilege(app_type_t av_type, app_path_type_t app_path_type) -{ - int result = -1; - - //clean before test - result = nftw(APP_TEST_APP_1_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result << - ", error " << strerror(errno)); - - result = nftw(APP_TEST_APP_2_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result << - ", error " << strerror(errno)); - - result = nftw(APP_TEST_APP_3_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result << - ", error " << strerror(errno)); - - InstallApp(APP_TEST_APP_1, APP_TEST_APP_1_DIR, app_path_type, APP_TEST_APP_1_SHARED_LABEL); - InstallAV(APP_TEST_AV_1, av_type); - InstallApp(APP_TEST_APP_2, APP_TEST_APP_2_DIR, app_path_type, APP_TEST_APP_2_SHARED_LABEL); - InstallAV(APP_TEST_AV_2, av_type); - InstallApp(APP_TEST_APP_3, APP_TEST_APP_3_DIR, app_path_type, APP_TEST_APP_3_SHARED_LABEL); - - //test - get ACCESS label and check AV privilege - - char* tmp; - - //get labels - result = smack_lgetlabel(APP_TEST_APP_1_DIR, &tmp, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result - << ", av_type: " << av_type << ", app_path_type: " << app_path_type); - std::string label1(tmp); - free(tmp); - - result = smack_lgetlabel(APP_TEST_APP_2_DIR, &tmp, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result - << ", av_type: " << av_type << ", app_path_type: " << app_path_type); - std::string label2(tmp); - free(tmp); - - result = smack_lgetlabel(APP_TEST_APP_3_DIR, &tmp, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(result == 0, "smack_lgetlabel failed. Result: " << result - << ", av_type: " << av_type << ", app_path_type: " << app_path_type); - std::string label3(tmp); - free(tmp); - - if(app_path_type == APP_PATH_GROUP_RW) - { - result = label1.compare(APP_TEST_APP_1_SHARED_LABEL); - RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 << - ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result << - ", av_type: " << av_type << ", app_path_type: " << app_path_type); - - result = label2.compare(APP_TEST_APP_2_SHARED_LABEL); - RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 << - ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result << - ", av_type: " << av_type << ", app_path_type: " << app_path_type); - - result = label3.compare(APP_TEST_APP_3_SHARED_LABEL); - RUNNER_ASSERT_MSG(result == 0, "Labels do not equal. Acquired " << label1 << - ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result << - ", av_type: " << av_type << ", app_path_type: " << app_path_type); + for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) { + RUNNER_ASSERT_MSG_BT(strcmp(perm_strerror(*itr), "Unknown error") != 0, + "Returned invalid error code description."); } - std::stringstream ss; - - //check AV accesses - if(smack_check()) - { - ss << "APP_TEST_APP_1, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccess(APP_TEST_AV_1, label1.c_str(), ss.str().c_str()); - ss.str(std::string()); - - ss << "APP_TEST_APP_2, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccess(APP_TEST_AV_1, label2.c_str(), ss.str().c_str()); - ss.str(std::string()); - - ss << "APP_TEST_APP_3, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccess(APP_TEST_AV_1, label3.c_str(), ss.str().c_str()); - - ss << "APP_TEST_APP_1, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccess(APP_TEST_AV_2, label1.c_str(), ss.str().c_str()); - ss.str(std::string()); - - ss << "APP_TEST_APP_2, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccess(APP_TEST_AV_2, label2.c_str(), ss.str().c_str()); - ss.str(std::string()); - - ss << "APP_TEST_APP_3, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccess(APP_TEST_AV_2, label3.c_str(), ss.str().c_str()); - } - else - { - ss << "APP_TEST_APP_1, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccessNosmack(APP_TEST_AV_1, label1.c_str(), ss.str().c_str()); - - ss.str(std::string()); - ss << "APP_TEST_APP_2, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccessNosmack(APP_TEST_AV_1, label2.c_str(), ss.str().c_str()); - - ss.str(std::string()); - ss << "APP_TEST_APP_3, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccessNosmack(APP_TEST_AV_1, label3.c_str(), ss.str().c_str()); - - ss << "APP_TEST_APP_1, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccessNosmack(APP_TEST_AV_2, label1.c_str(), ss.str().c_str()); - - ss.str(std::string()); - ss << "APP_TEST_APP_2, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccessNosmack(APP_TEST_AV_2, label2.c_str(), ss.str().c_str()); - - ss.str(std::string()); - ss << "APP_TEST_APP_3, line " << __LINE__ << - ", av_type: " << av_type << ", app_path_type: " << app_path_type; - checkOnlyAvAccessNosmack(APP_TEST_AV_2, label3.c_str(), ss.str().c_str()); - } + result = perm_strerror(POSITIVE_ERROR_CODE); + RUNNER_ASSERT_MSG_BT(strcmp(result, "Unknown error") == 0, + "Bad message returned for invalid error code: \"" << result << "\""); - //Clean up - perm_app_revoke_permissions(APP_TEST_AV_1); - perm_app_revoke_permissions(APP_TEST_AV_2); - perm_app_uninstall(APP_TEST_AV_1); - perm_app_uninstall(APP_TEST_AV_2); - perm_app_uninstall(APP_TEST_APP_1); - perm_app_uninstall(APP_TEST_APP_2); - perm_app_uninstall(APP_TEST_APP_3); -} - -RUNNER_TEST(privilege_control24a_av_privilege_group_rw) -{ - CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_GROUP_RW); - CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_GROUP_RW); - CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_GROUP_RW); -} - -RUNNER_TEST(privilege_control24b_av_privilege_settings_rw) -{ - CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_SETTINGS_RW); - CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_SETTINGS_RW); - CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_SETTINGS_RW); -} - -RUNNER_TEST(privilege_control24c_av_privilege_public_ro) -{ - CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_PUBLIC_RO); - CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_PUBLIC_RO); - CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_PUBLIC_RO); + result = perm_strerror(NONEXISTING_ERROR_CODE); + RUNNER_ASSERT_MSG_BT(strcmp(result, "Unknown error") == 0, + "Bad message returned for invalid error code: \"" << result << "\""); }