#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1"
// OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also!
-const char *FILE_PATH_TEST_OSP_FEATURE = "/usr/share/privilege-control/OSP_test-feature.osp_rxl.smack";
const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl",
"~APP~ " TEST_WGT_FEATURE_APP_ID " rl",
NULL };
const char *TEST_OSP_FEATURE_PRIVS[] = { TEST_OSP_FEATURE, NULL };
// WGT Api Feature Test data - rwx access only to WGT app
-const char *FILE_PATH_TEST_WGT_FEATURE = "/usr/share/privilege-control/WRT_test-feature.wgt_rwx.smack";
const char *test_wgt_feature_rule_set[] = { "~APP~ " TEST_WGT_FEATURE_APP_ID " rwx",
NULL };
const char *TEST_WGT_FEATURE_PRIVS[] = { TEST_WGT_FEATURE, NULL };
-const std::vector< std::vector<std::string> > rules_to_test_any_access1 = {
+rules_t rules_to_test_any_access1 = {
{ TEST_OSP_FEATURE_APP_ID, APP_ID, "r" },
{ TEST_OSP_FEATURE_APP_ID, APP_ID, "w" },
{ TEST_OSP_FEATURE_APP_ID, APP_ID, "x" },
{ TEST_OSP_FEATURE_APP_ID, APP_ID, "l" }
};
-const std::vector< std::vector<std::string> > rules_to_test_any_access2 = {
+rules_t rules_to_test_any_access2 = {
{ APP_ID, TEST_OSP_FEATURE_APP_ID, "r" },
{ APP_ID, TEST_OSP_FEATURE_APP_ID, "x" },
{ APP_ID, TEST_OSP_FEATURE_APP_ID, "l" },
{ APP_ID, TEST_WGT_FEATURE_APP_ID, "l" }
};
-#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \
- (const std::vector< std::vector<std::string> >) { \
- { sub, obj, "r" }, \
- { sub, obj, "w" }, \
- { sub, obj, "x" }, \
- { sub, obj, "a" }, \
- { sub, obj, "t" }, \
+#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \
+ (const rules_t) { \
+ { sub, obj, "r" }, \
+ { sub, obj, "w" }, \
+ { sub, obj, "x" }, \
+ { sub, obj, "a" }, \
+ { sub, obj, "t" }, \
{ sub, obj, "l" } }
+RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress)
+
/**
* Test - Simulation of 100 installations and uninstallations of one application.
* Installed application will have various kind of permissions from api
* features and shared folders.
*/
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress)
-
-RUNNER_TEST(privilege_control22_app_installation_1x100)
+void privilege_control22_app_installation_1x100(bool smack)
{
int result;
+ const int expected_smack_result = smack ? 1:-1;
std::string shared_dir_auto_label;
// Clear any previously created apps, files, labels and permissions
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error in perm_app_uninstall. Result: " << result);
- // remove api features by deleting files
- // TODO: Rewrite deleting features
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
-
// Install setting app and give it app-setting permissions
result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
// Verify that some previously installed app does not have any access
// to APP_ID private label
- result = test_have_any_accesses(rules_to_test_any_access1);
- RUNNER_ASSERT_MSG_BT(result == 0,
+ result = check_no_accesses(smack, rules_to_test_any_access1);
+ RUNNER_ASSERT_MSG_BT(result == 1,
"Error - other app has access to private label. Loop index: "
<< i);
// Verify that all permissions to public dir have been added
// correctly, also to other app
result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG_BT(result == 1,
+
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to Public RO dir are granted. Loop index: "
<< i);
result = smack_have_access(TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" );
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to Public RO dir are granted. Loop index: "
<< i);
// Verify that setting app has rwx permission to app dir
// and rx permissions to app
result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to App-Setting dir are granted. "
<< APP_ID << " "<< shared_dir_auto_label << " rwxatl "
<< "Loop index: " << i);
result = smack_have_access(APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to App-Setting dir are granted. "
<< APP_TEST_SETTINGS_ASP1 << " " << shared_dir_auto_label << " rwx. "
<< "Loop index: " << i);
result = smack_have_access(APP_TEST_SETTINGS_ASP1, APP_ID, "rx");
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to App-Setting dir are granted. "
<< APP_TEST_SETTINGS_ASP1 << " " << APP_ID << " rx"
<< "Loop index: " << i);
// Verify that all permissions to public dir have been added
// correctly, also to other app
result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to Group RW dir are granted. Loop index: "
<< i);
} // END switch
// check if api-features permissions are added properly
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } );
+ result = check_all_accesses(smack,
+ (const rules_t) {
+ { APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" },
+ { APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } );
RUNNER_ASSERT_MSG_BT(result == 1,
"Not all permisions from api features added. Loop index: "
<< i);
<< ". Result: " << result);
// check if api-features permissions are removed properly
- result = test_have_any_accesses(rules_to_test_any_access2);
- RUNNER_ASSERT_MSG_BT(result == 0,
+ result = check_no_accesses(smack, rules_to_test_any_access2);
+ RUNNER_ASSERT_MSG_BT(result == 1,
"Not all permisions revoked. Loop index: " << i);
// remove labels from app folder
"Error in perm_app_uninstall. Result: " << result);
DB_END
-
- // Remove api features
- // TODO: Rewrite removing features
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
-
}
/**
* test_APP4 & test_APP9 register their directories as
* APP_PATH_SETTINGS_RW
*/
-RUNNER_TEST(privilege_control23_app_installation2_10x10)
+void privilege_control23_app_installation2_10x10(bool smack)
{
int result;
+ const int expected_smack_result = smack ? 1:-1;
const int app_count = 10;
std::string shared_dir3_auto_label;
std::string shared_dir7_auto_label;
// Apps 1-9 should not have any access to app 0
if (j != 0)
{
- result = test_have_any_accesses(
+ result = check_no_accesses(smack,
FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0])
);
- RUNNER_ASSERT_MSG_BT(result == 0,
+ RUNNER_ASSERT_MSG_BT(result == 1,
"Other app (app id: " << app_ids[j] <<
") has access to private label of: " << app_ids[0] <<
". It may not be shared. Loop index: " << i << ".");
// Apps 0-4 and 6-9 should not have any access to app 5
if (j != 5)
{
- result = test_have_any_accesses(
+ result = check_no_accesses(smack,
FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5])
);
- RUNNER_ASSERT_MSG_BT(result == 0,
+ RUNNER_ASSERT_MSG_BT(result == 1,
"Other app (app id: " << app_ids[j] <<
") has access to private label of: " << app_ids[5] <<
". It may not be shared. Loop index: " << i << ".");
} // End for Verify PRIVATE
// Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
+ result = check_all_accesses(smack,
+ (const rules_t) {
{ app_ids[1], APPID_SHARED_DIR, "rwxatl" },
{ app_ids[2], APPID_SHARED_DIR, "rwxatl" },
{ app_ids[6], APPID_SHARED_DIR, "rwxatl" } } );
{
if (j == 3)
{
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
+ result = check_all_accesses(smack,
+ (const rules_t) {
{ app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } );
RUNNER_ASSERT_MSG_BT(result == 1,
"Not all accesses to owned Public RO dir are granted. App id: "
<< app_ids[j] << " Loop index: " << i);
// Verify that there are no extra permissions to public dirs
- result = test_have_any_accesses(
- (const std::vector< std::vector<std::string> >) {
+ result = check_no_accesses(smack,
+ (const rules_t) {
{ app_ids[j], shared_dir7_auto_label.c_str(), "w" },
{ app_ids[j], shared_dir7_auto_label.c_str(), "t" },
{ app_ids[j], shared_dir8_auto_label.c_str(), "w" },
{ app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG_BT(result == 0,
+ RUNNER_ASSERT_MSG_BT(result == 1,
"Unexpected extra permissions added for app:" << app_ids[j]
<< ". Loop index: " << i);
}
if (j == 7)
{
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
+ result = check_all_accesses(smack,
+ (const rules_t) {
{ app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } );
RUNNER_ASSERT_MSG_BT(result == 1,
"Not all accesses to owned Public RO dir are granted. App id: "
<< app_ids[j] << " Loop index: " << i);
// Verify that there are no extra permissions to public dirs
- result = test_have_any_accesses(
- (const std::vector< std::vector<std::string> >) {
+ result = check_no_accesses(smack,
+ (const rules_t) {
{ app_ids[j], shared_dir3_auto_label.c_str(), "w" },
{ app_ids[j], shared_dir3_auto_label.c_str(), "t" },
{ app_ids[j], shared_dir8_auto_label.c_str(), "w" },
{ app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG_BT(result == 0,
+ RUNNER_ASSERT_MSG_BT(result == 1,
"Unexpected extra permissions added for app:" << app_ids[j]
<< ". Loop index: " << i);
}
if (j == 8)
{
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
+ result = check_all_accesses(smack,
+ (const rules_t) {
{ app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } );
RUNNER_ASSERT_MSG_BT(result == 1,
"Not all accesses to owned Public RO dir are granted. App id: "
<< app_ids[j] << " Loop index: " << i);
// Verify that there are no extra permissions to other public dirs
- result = test_have_any_accesses(
- (const std::vector< std::vector<std::string> >) {
+ result = check_no_accesses(smack,
+ (const rules_t) {
{ app_ids[j], shared_dir3_auto_label.c_str(), "w" },
{ app_ids[j], shared_dir3_auto_label.c_str(), "t" },
{ app_ids[j], shared_dir7_auto_label.c_str(), "w" },
{ app_ids[j], shared_dir7_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG_BT(result == 0,
+ RUNNER_ASSERT_MSG_BT(result == 1,
"Unexpected extra permissions added for app:" << app_ids[j]
<< ". Loop index: " << i);
}
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
+ result = check_all_accesses(smack,
+ (const rules_t) {
{ app_ids[j], shared_dir3_auto_label.c_str(), "rx" },
{ app_ids[j], shared_dir7_auto_label.c_str(), "rx" },
{ app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } );
// Verify that setting app has rwx permission to app-settings dirs and rx to apps
result = smack_have_access(app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to App-Setting dir are granted."
<< app_ids[4] << " " << setting_dir4_auto_label
<< " Loop index: " << i);
result = smack_have_access(app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to App-Setting dir are granted."
<< app_ids[9] << " " << setting_dir9_auto_label
<< " Loop index: " << i);
result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[4], "rx");
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to App-Setting dir are granted."
<< APP_TEST_SETTINGS_ASP1 << " " << app_ids[4]
<< " Loop index: " << i);
result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[9], "rx");
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to App-Setting dir are granted."
<< APP_TEST_SETTINGS_ASP1 << " " << app_ids[9]
<< " Loop index: " << i);
result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to App-Setting dir are granted."
<< APP_TEST_SETTINGS_ASP1 << " " << setting_dir4_auto_label
<< " Loop index: " << i);
result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG_BT(result == 1,
+ RUNNER_ASSERT_MSG_BT(result == expected_smack_result,
"Not all accesses to App-Setting dir are granted."
<< APP_TEST_SETTINGS_ASP1 << " " << setting_dir9_auto_label
<< " Loop index: " << i);
// Check if api-features permissions are added properly
for (int j = 0; j < 5; ++j)
{
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
+ result = check_all_accesses(smack,
+ (const rules_t) {
{ app_ids[j], app_ids[6], "r" },
{ app_ids[j], app_ids[7], "rxl" },
{ app_ids[j], app_ids[8], "rwxal" },
for (int j = 5; j < app_count; ++j)
{
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
+ result = check_all_accesses(smack,
+ (const rules_t) {
{ app_ids[j], app_ids[1], "r" },
{ app_ids[j], app_ids[2], "rxl" },
{ app_ids[j], app_ids[3], "rwxal" },
for (int k = 0; k < app_count; ++k)
if (j != k)
{
- result = test_have_any_accesses(
+ result = check_no_accesses(smack,
FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k])
);
- RUNNER_ASSERT_MSG_BT(result == 0,
+ RUNNER_ASSERT_MSG_BT(result == 1,
"Not all permisions revoked. Subject: " << app_ids[j]
<< " Object: " << app_ids[k] << " Loop index: " << i);
}
"Error in perm_app_uninstall. Result: " << result);
}
+
+RUNNER_TEST_SMACK(privilege_control22_app_installation_1x100_smack)
+{
+ privilege_control22_app_installation_1x100(true);
+}
+
+RUNNER_TEST_NOSMACK(privilege_control22_app_installation_1x100_nosmack)
+{
+ privilege_control22_app_installation_1x100(false);
+}
+
+RUNNER_TEST_SMACK(privilege_control23_app_installation2_10x10_smack)
+{
+ privilege_control23_app_installation2_10x10(true);
+}
+
+RUNNER_TEST_NOSMACK(privilege_control23_app_installation2_10x10_nosmack)
+{
+ privilege_control23_app_installation2_10x10(false);
+}
projects / platform / core / test / security-tests.git / commitdiff