const char *const app_id,
const char *const pkg_id,
app_install_path_type pathType,
- const char *const path)
+ const char *const path,
+ uid_t uid)
{
int result;
request.reset(do_app_inst_req_new());
result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting allowed path failed. Result: " << result);
+
+ if (uid != 0) {
+ result = security_manager_app_inst_req_set_uid(request.get(), uid);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "security_manager_app_inst_req_set_uid failed. Result: " << result);
+ }
}
return pw;
}
-RUNNER_CHILD_TEST(security_manager_04_app_install_uninstall_by_app_user)
+
+static void install_and_check(AppInstReqUniquePtr &request, const std::string &user, uid_t uid)
{
int result;
- AppInstReqUniquePtr request;
- struct passwd *pw = get_app_pw();
- const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
-
- //switch user to non-root
- result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- //install app as non-root user and try to register public path (should fail)
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER);
+ //install app for non-root user and try to register public path (should fail)
+ prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER, uid);
result = security_manager_app_install(request.get());
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
"installing app not failed. Result: " << result);
- //install app as non-root user
- //should fail (non-root users may only register folders inside their home)
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
+ //install app for non-root user
+ //should fail (users may only register folders inside their home)
+ prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid);
result = security_manager_app_install(request.get());
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
"installing app not failed. Result: " << result);
-
- //install app as non-root user
+ //install app for non-root user
//should succeed - this time i register folder inside user's home dir
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER);
+ prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER, uid);
for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting allowed permission failed. Result: " << result);
}
-
result = security_manager_app_install(request.get());
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"installing app failed. Result: " << result);
check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+}
+
+RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
+{
+ int result;
+ AppInstReqUniquePtr request;
+ struct passwd *pw = get_app_pw();
+ const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
+
+ //switch user to non-root
+ result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+ install_and_check(request, user, 0);
//uninstall app as non-root user
request.reset(do_app_inst_req_new());
check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
}
+RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
+{
+ int result;
+ AppInstReqUniquePtr request;
+ struct passwd *pw = get_app_pw();
+ const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
+
+ install_and_check(request, user, pw->pw_uid);
+
+ //switch user to non-root - root may not uninstall apps for specified users
+ result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+ //uninstall app as non-root user
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling app failed. Result: " << result);
+
+ check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+}
+
+
RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
{
int result;