* limitations under the License.
*/
#include <cstdint>
+#include <fcntl.h>
#include <unordered_map>
#include <string>
#include <sys/smack.h>
using namespace SecurityManagerTest;
namespace {
-const int ACCESS_SUCCESS = 0;
-const int ACCESS_ERROR = -1;
-
-const std::vector<std::pair<std::string, std::string>> versionCombinations {
- std::make_pair("2.4", "2.4"),
- std::make_pair("2.4", "3.0"),
- std::make_pair("3.0", "3.0"),
- std::make_pair("3.0", "2.4")
+
+const uid_t OWNER_UID = 5001;
+
+const std::vector<std::string> versions = {
+ "2.4",
+ "3.0"
};
+typedef std::vector<std::pair<std::string, std::string>> VersionCombinations;
+
+VersionCombinations makeVersionCombinations(const std::vector<std::string> &versions) {
+ VersionCombinations verCombs;
+ for (const auto &version1 : versions)
+ for (const auto &version2: versions)
+ verCombs.push_back({version1, version2});
+ return verCombs;
+}
+
+const VersionCombinations versionCombinations = makeVersionCombinations(versions);
+
const std::unordered_map<int, const char* const> accessTypeToString {
std::make_pair(0, "F_OK"),
std::make_pair(1, "X_OK"),
std::make_pair(7, "R_OK|W_OK|X_OK")
};
-void changeSecurityContext(const std::string &label, uid_t uid, gid_t gid)
-{
- RUNNER_ASSERT_ERRNO_MSG(0 == smack_set_label_for_self(label.c_str()),
- "Error in smack_set_label_for_self(" << label << ")");
-
- RUNNER_ASSERT_ERRNO_MSG(0 == setgid(gid), "Error in setgid.");
- RUNNER_ASSERT_ERRNO_MSG(0 == setuid(uid), "Error in setuid.");
+int oppositeAccess(int accessType) {
+ return accessType ^ (R_OK | W_OK | X_OK);
}
-AppInstallHelper prepAIH(const std::string &appName,
- const std::string &pkgName,
- std::string version,
- bool isSharedRO)
-{
- const uid_t OWNER_UID = 5001;
- bool appIsLocal = true;
- AppInstallHelper appInstallHelper(appName, pkgName, appIsLocal, OWNER_UID, version);
- if (isSharedRO)
- appInstallHelper.createSharedRODir();
-
- return appInstallHelper;
+void accessCheck(const std::string &appId, const std::string &path, int accessType, int expected) {
+ RUNNER_ASSERT_MSG(::access(path.c_str(), accessType) == expected,
+ "access from app " << appId << " to path " << path
+ << (expected == 0 ? "not granted" : "unnecessarily granted")
+ << " (" << accessTypeToString.at(accessType) << ")");
}
void runAccessTest(const AppInstallHelper &appFrom, const std::string &testPath,
- const int accessType, const int accessResult) {
+ int accessType) {
auto fun = [&](){
- changeSecurityContext(appFrom.generateAppLabel(), appFrom.getUID(), appFrom.getGID());
- RUNNER_ASSERT_ERRNO_MSG(::access(testPath.c_str(), accessType) == accessResult,
- "access from app " << appFrom.getAppId() << " to path " << testPath
- << " (" << accessTypeToString.at(accessType) << "): ");
+ int oppositeAccessType = oppositeAccess(accessType);
+ Api::setProcessLabel(appFrom.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(0 == drop_root_privileges(appFrom.getUID(), appFrom.getGID()),
+ "drop_root_privileges failed.");
+ if (accessType != 0)
+ accessCheck(appFrom.getAppId(), testPath, accessType, 0);
+ if (oppositeAccessType != 0) {
+ std::vector<int> singleAccessTypes = {R_OK, W_OK, X_OK};
+ for (auto singleAccessType : singleAccessTypes)
+ if (oppositeAccessType & singleAccessType)
+ accessCheck(appFrom.getAppId(), testPath, singleAccessType, -1);
+ }
};
runInChildParentWait(fun);
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_SHARED_RO)
/**
- * Test 76 : Check whether owner app
- * have access to own sharedRO dir
+ * Check whether owner app have access to own sharedRO dir
*/
-RUNNER_CHILD_TEST(security_manager_76_owner_shared_ro_have_rw_access_to_own_shared_ro_dir)
+RUNNER_CHILD_TEST(security_manager_76_owner_access)
{
- std::string sharedROAppName = "sm_test_76_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_76_pkg1_sharedRO";
- auto run_test = [&](std::string ver) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver, true));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
-
- runAccessTest(sharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS);
- };
+ for (const auto &version : versions) {
+ AppInstallHelper app("sm_test_76a", OWNER_UID, version);
+ app.createSharedRODir();
+ ScopedInstaller sharedROPkgApp(app);
- run_test("2.4");
- run_test("3.0");
+ runAccessTest(app, app.getSharedRODir(), R_OK|W_OK|X_OK);
+ }
}
/**
- * Test 77 : Check whether app from non_sharedRO pkg
- * have access to sharedRO dir of an application
+ * Check whether app without shared RO path has access to shared RO dir and
+ * no access to private directories of application from different package between
+ * different version combinations
*/
-RUNNER_CHILD_TEST(security_manager_77_no_shared_ro_have_ro_access_to_shared_ro)
+RUNNER_CHILD_TEST(security_manager_77_owner_other_access_version_combinations)
{
- std::string sharedROAppName = "sm_test_77_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_77_pkg1_sharedRO";
- std::string nonSharedROAppName = "sm_test_77_app2";
- std::string nonSharedROPkgName = "sm_test_77_pkg2";
-
- auto run_test = [&](std::string ver1, std::string ver2) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
- ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver2, false));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
-
- runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
- runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
- };
-
for (const auto &version : versionCombinations) {
- run_test(version.first, version.second);
+ AppInstallHelper sharedApp("sm_test_77_shared", OWNER_UID, version.first);
+ sharedApp.createSharedRODir();
+ sharedApp.createPrivateDir();
+ ScopedInstaller sharedAppInstall(sharedApp);
+
+ AppInstallHelper nonSharedApp("sm_test_77_nonshared", OWNER_UID, version.second);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
+
+ runAccessTest(sharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
+ runAccessTest(nonSharedApp, sharedApp.getPrivateDir(), 0);
+ runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|X_OK);
}
}
/**
- * Test 78 : Check whether app from another sharedRO pkg
- * have access to sharedRO dir of an application
+ * Check whether app with shared RO dir has access to shared RO dir and no access to
+ * private paths of an application from different package between different version
+ * combinations
*/
RUNNER_CHILD_TEST(security_manager_78_another_pkg_shared_ro_have_ro_access_to_shared_ro)
{
- std::string sharedROAppName = "sm_test_78_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_78_pkg1_sharedRO";
- std::string sharedROAppName2 = "sm_test_78_app2_sharedRO";
- std::string sharedROPkgName2 = "sm_test_78_pkg2_sharedRO";
-
- auto run_test = [&](std::string ver1, std::string ver2) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
- ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName2, ver2, true));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(),
- sharedROPkgApp2.getAIH().getSharedRODir()});
-
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
- };
-
- for (const auto &version : versionCombinations)
- run_test(version.first, version.second);
+ for (const auto &version : versionCombinations) {
+ AppInstallHelper sharedApp1("sm_test_78_shared1", OWNER_UID, version.first);
+ sharedApp1.createSharedRODir();
+ sharedApp1.createPrivateDir();
+ ScopedInstaller sharedAppInstall1(sharedApp1);
+
+ AppInstallHelper sharedApp2("sm_test_78_shared2", OWNER_UID, version.second);
+ sharedApp2.createSharedRODir();
+ sharedApp2.createPrivateDir();
+ ScopedInstaller sharedApp2Install(sharedApp2);
+
+ runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), R_OK|X_OK);
+ runAccessTest(sharedApp1, sharedApp2.getSharedRODir(), R_OK|X_OK);
+ runAccessTest(sharedApp1, sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
+ runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ runAccessTest(sharedApp2, sharedApp1.getPrivateDir(), 0);
+ runAccessTest(sharedApp1, sharedApp2.getPrivateDir(), 0);
+ }
}
/**
- * Test 79 : Install two sharedRO apps in one package
- * and check access to sharedRO dir
+ * Install two apps with shared RO dirs from one package and check accesses
+ * to shared RO dirs with different versions
*/
-RUNNER_CHILD_TEST(security_manager_79_same_pkg_shared_ro_have_ro_access_to_shared_ro)
+RUNNER_CHILD_TEST(security_manager_79a_same_pkg_shared_ro_have_ro_access_to_shared_ro)
{
- std::string sharedROAppName = "sm_test_79_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_79_pkg1_sharedRO";
- std::string sharedROAppName2 = "sm_test_79_app2_sharedRO";
+ const std::string sharedPkgName = "sm_test_79a";
- auto run_test = [&](std::string ver1, std::string ver2) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
- ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName, ver2, true));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
+ for (const auto &version : versions) {
+ AppInstallHelper sharedApp1("sm_test_79a_shared1", sharedPkgName, OWNER_UID, version);
+ sharedApp1.createSharedRODir();
+ ScopedInstaller sharedAppInstall1(sharedApp1);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS);
- };
+ AppInstallHelper sharedApp2("sm_test_79a_shared2", sharedPkgName, OWNER_UID, version);
+ sharedApp2.createSharedRODir();
+ ScopedInstaller sharedAppInstall2(sharedApp2);
- for (const auto &version : versionCombinations)
- run_test(version.first, version.second);
+ runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
+ runAccessTest(sharedApp1, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ };
}
/**
- * Test 80 : Check whether application from non-sharedRO pkg
- * have proper access to RO dir of an sharedRO application.
+ * Install two apps with and without shared RO dirs from one package and check accesses
+ * to shared RO dir with different versions
*/
-RUNNER_CHILD_TEST(security_manager_80_no_shared_ro_have_no_access_to_shared_ro_app_ro_dir)
+RUNNER_CHILD_TEST(security_manager_79b_same_pkg_shared_ro_have_ro_access_to_shared_ro)
{
- std::string sharedROAppName = "sm_test_80_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_80_pkg1_sharedRO";
- std::string nonSharedROAppName = "sm_test_80_app2";
- std::string nonSharedROPkgName = "sm_test_80_pkg2";
-
- auto run_test = [&](std::string ver1, std::string ver2) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
- ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver2, false));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
-
- runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|X_OK, ACCESS_ERROR);
- runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|W_OK, ACCESS_ERROR);
- };
+ const std::string sharedPkgName = "sm_test_79b";
- for (const auto &version : versionCombinations)
- run_test(version.first, version.second);
-}
+ for (const auto &version : versions) {
+ AppInstallHelper sharedApp("sm_test_79b_shared1", sharedPkgName, OWNER_UID, version);
+ sharedApp.createSharedRODir();
+ ScopedInstaller sharedAppInstall(sharedApp);
-/**
- * Test 81 : Check whether sharedRO application from another pkg
- * have proper access to RO dir of other sharedRO app.
- */
-RUNNER_CHILD_TEST(security_manager_81_another_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir)
-{
- std::string sharedROAppName = "sm_test_81_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_81_pkg1_sharedRO";
- std::string sharedROAppName2 = "sm_test_81_app2_sharedRO";
- std::string sharedROPkgName2 = "sm_test_81_pkg2_sharedRO";
-
- auto run_test = [&](std::string ver1, std::string ver2) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
- ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName2, ver2, true));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(),
- sharedROPkgApp2.getAIH().getSharedRODir()});
-
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|X_OK, ACCESS_ERROR);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|W_OK, ACCESS_ERROR);
- };
+ AppInstallHelper nonSharedApp("sm_test_79b_shared2", sharedPkgName, OWNER_UID, version);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
- for (const auto &version : versionCombinations)
- run_test(version.first, version.second);
+ runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
+ };
}
/**
- * Test 82 : Check whether sharedRO application from same pkg
- * have proper access to RO dir of other sharedRO app.
+ * Check whether sharedRO application from same pkg have proper access to private dir
+ * of other sharedRO app, then uninstall first app of sharedRO pkg application and check
+ * if access to second sharedRO remains.
*/
-RUNNER_CHILD_TEST(security_manager_82_same_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir)
+RUNNER_CHILD_TEST(security_manager_80_same_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir)
{
- std::string sharedROAppName = "sm_test_82_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_82_pkg1_sharedRO";
- std::string sharedROAppName2 = "sm_test_82_app2_sharedRO";
+ std::string sharedPkgName = "sm_test_80";
+ for (const auto &version : versions) {
+ AppInstallHelper sharedApp1("sm_test_80_shared1", sharedPkgName, OWNER_UID, version);
+ sharedApp1.createPrivateDir(1);
+ sharedApp1.createSharedRODir(1);
+ ScopedInstaller sharedAppInstall1(sharedApp1);
- auto run_test = [&](std::string ver1, std::string ver2) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
- ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName, ver2, true));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
+ AppInstallHelper sharedApp2("sm_test_80_shared2", sharedPkgName, OWNER_UID, version);
+ sharedApp2.createPrivateDir(2);
+ sharedApp2.createSharedRODir(2);
+ ScopedInstaller sharedAppInstall2(sharedApp2);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|X_OK, ACCESS_ERROR);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|W_OK, ACCESS_ERROR);
- };
+ AppInstallHelper nonSharedApp("sm_test_80_nonshared", sharedPkgName, OWNER_UID, version);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
+
+ runAccessTest(sharedApp2, sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
+ runAccessTest(sharedApp1, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+ runAccessTest(nonSharedApp, sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
+ runAccessTest(nonSharedApp, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+
+ sharedAppInstall1.uninstallApp();
- for (const auto &version : versionCombinations)
- run_test(version.first, version.second);
+ runAccessTest(nonSharedApp, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+ }
}
/**
- * Test 83 : Try to add valid sharedRO dir to an app
- * and check all possible accesses to to it.
+ * Try to add valid sharedRO dir to an app and check all possible accesses to to it.
*/
-RUNNER_CHILD_TEST(security_manager_83_add_path_to_app_and_check_all)
+RUNNER_CHILD_TEST(security_manager_81_add_path_to_app_and_check_all)
{
- std::string sharedROAppName = "sm_test_83_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_83_pkg1_sharedRO";
- std::string nonSharedROAppName = "sm_test_83_app2";
- std::string nonSharedROPkgName = "sm_test_83_pkg2";
- std::string nonSharedROAppName2 = "sm_test_83_app3_will_be_sharedRO";
- std::string nonSharedROPkgName2 = "sm_test_83_pkg3_will_be_sharedRO";
-
- auto run_test = [&](std::string ver1, std::string ver2) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
- ScopedInstaller anotherNonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver1, false));
- ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName2, nonSharedROPkgName2, ver2, false));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(),
- anotherNonSharedROPkgApp.getAIH().getSharedRODir(),
- nonSharedROPkgApp.getAIH().getSharedRODir()});
-
- nonSharedROPkgApp.getAIH().createSharedRODir();
+ for (const auto &version : versionCombinations) {
+ AppInstallHelper sharedApp("sm_test_83_shared1", OWNER_UID, version.first);
+ sharedApp.createPrivateDir();
+ sharedApp.createSharedRODir();
+ ScopedInstaller sharedAppInstall(sharedApp);
+
+ AppInstallHelper nonSharedApp("sm_test_83_nonshared", OWNER_UID, version.first);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
+
+ AppInstallHelper sharedApp2("sm_test_83_shared2", OWNER_UID, version.second);
+ ScopedInstaller nonSharedAppInstall2(sharedApp2);
+
+ //Post install
+ sharedApp2.createSharedRODir();
PathsRequest sharedRORequest;
- sharedRORequest.setPkgId(nonSharedROPkgApp.getAIH().getPkgId());
- sharedRORequest.addPath(nonSharedROPkgApp.getAIH().getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
- sharedRORequest.setUid(nonSharedROPkgApp.getAIH().getUID());
+ sharedRORequest.setPkgId(sharedApp2.getPkgId());
+ sharedRORequest.addPath(sharedApp2.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
+ sharedRORequest.setUid(sharedApp2.getUID());
Api::registerPaths(sharedRORequest);
- runAccessTest(nonSharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS);
+ runAccessTest(sharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
+ runAccessTest(sharedApp, sharedApp.getPrivateDir(), R_OK|W_OK|X_OK);
- runAccessTest(sharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
- runAccessTest(sharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
-
- runAccessTest(anotherNonSharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
- runAccessTest(anotherNonSharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
- };
+ runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ runAccessTest(sharedApp2, sharedApp.getSharedRODir(), R_OK|X_OK);
+ runAccessTest(sharedApp2, sharedApp.getPrivateDir(), 0);
- for (const auto &version : versionCombinations)
- run_test(version.first, version.second);
+ runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|X_OK);
+ runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(), R_OK|X_OK);
+ runAccessTest(nonSharedApp, sharedApp.getPrivateDir(), 0);
+ }
}
/**
- * Test 84 : Try to add path which does not belong
- * to an app and check if operation succeeds.
+ * Try to add path which does not belong to an app and check if operation fails.
*/
-RUNNER_CHILD_TEST(security_manager_84_add_invalid_path_to_app_and_check_all)
+RUNNER_CHILD_TEST(security_manager_82_add_invalid_path_to_app_and_check_all)
{
- std::string sharedROAppName = "sm_test_84_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_84_pkg1_sharedRO";
- std::string nonSharedROAppName = "sm_test_84_app2";
- std::string nonSharedROPkgName = "sm_test_84_pkg2";
- std::string nonSharedROAppName2 = "sm_test_84_app3_wont_be_sharedRO";
- std::string nonSharedROPkgName2 = "sm_test_84_pkg3_wont_be_sharedRO";
-
- auto run_test = [&](std::string ver1, std::string ver2) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
- ScopedInstaller anotherNonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver1, false));
- ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName2, nonSharedROPkgName2, ver2 ,false));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(), anotherNonSharedROPkgApp.getAIH().getSharedRODir()});
+ for (const auto &version : versionCombinations) {
+ AppInstallHelper sharedApp("sm_test_84_shared", OWNER_UID, version.first);
+ sharedApp.createSharedRODir();
+ ScopedInstaller sharedAppInstall(sharedApp);
+
+ AppInstallHelper nonSharedApp("sm_test_84_nonshared", OWNER_UID, version.second);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
PathsRequest sharedRORequest;
- sharedRORequest.setPkgId(nonSharedROPkgApp.getAIH().getPkgId());
- sharedRORequest.addPath(sharedROPkgApp.getAIH().getPrivateRODir(), SECURITY_MANAGER_PATH_RO);
- sharedRORequest.setUid(nonSharedROPkgApp.getAIH().getUID());
+ sharedRORequest.setPkgId(nonSharedApp.getPkgId());
+ sharedRORequest.addPath(sharedApp.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
+ sharedRORequest.setUid(nonSharedApp.getUID());
Api::registerPaths(sharedRORequest, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
- };
-
- for (const auto &version : versionCombinations)
- run_test(version.first, version.second);
+ }
}
/**
- * Test 85 : Install and uninstall app and check accesses to
- * uninstalled paths from other packages.
+ * Install and uninstall app and check accesses to uninstalled paths from other packages.
*/
-RUNNER_CHILD_TEST(security_manager_85_install_uninstall_shared_ro_app_and_check_cleaning)
+RUNNER_CHILD_TEST(security_manager_83_install_uninstall_shared_ro_app_and_check_cleaning)
{
- std::string sharedROAppName = "sm_test_85_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_85_pkg1_sharedRO";
- std::string sharedROAppName2 = "sm_test_85_app2_sharedRO";
- std::string sharedROPkgName2 = "sm_test_85_pkg2_sharedRO";
- std::string nonSharedROAppName = "sm_test_85_app3";
- std::string nonSharedROPkgName = "sm_test_85_pkg3";
-
- auto run_test = [&](std::string ver1, std::string ver2) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
- ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName2, ver2, true));
- ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver2, false));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(), sharedROPkgApp2.getAIH().getSharedRODir()});
+ for (const auto &verComb : versionCombinations) {
+ AppInstallHelper sharedApp1("sm_test_85_shared1", OWNER_UID, verComb.first);
+ sharedApp1.createSharedRODir();
+ ScopedInstaller sharedAppInstall1(sharedApp1);
- sharedROPkgApp.uninstallApp();
+ AppInstallHelper sharedApp2("sm_test_85_shared2", OWNER_UID, verComb.second);
+ sharedApp2.createSharedRODir();
+ ScopedInstaller sharedAppInstall2(sharedApp2);
- runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_ERROR);
- runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
+ AppInstallHelper nonSharedApp("sm_test_85_nonshared", OWNER_UID, verComb.second);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_ERROR);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
+ sharedAppInstall1.uninstallApp();
- /**
- * After Deinstallation of an app, sharedRO dir
- * still exists, but only owner app have an access (sharedRO rules are revoked)
- */
+ runAccessTest(nonSharedApp, sharedApp1.getSharedRODir(), 0);
+ runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), 0);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), F_OK, ACCESS_SUCCESS);
- };
-
- for (const auto &version : versionCombinations)
- run_test(version.first, version.second);
+ runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(), R_OK|X_OK);
+ runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ }
}
/**
- * Test 86 : Install multiple SharedRO apps,
- * uninstall one of them and check accesses to sharedRO path
- * within one package.
+ * Install multiple SharedRO apps, uninstall one of them and check accesses
+ * to sharedRO path within one package.
*/
-RUNNER_CHILD_TEST(security_manager_86_install_uninstall_shared_ro_two_apps_in_one_pkg)
+RUNNER_CHILD_TEST(security_manager_84_install_uninstall_shared_ro_two_apps_in_one_pkg)
{
- std::string sharedROAppName = "sm_test_86_app1_sharedRO";
- std::string sharedROPkgName = "sm_test_86_pkg1_sharedRO";
- std::string sharedROAppName2 = "sm_test_86_app2_sharedRO";
- std::string nonSharedROAppName = "sm_test_86_app3";
-
- auto run_test = [&](std::string ver1, std::string ver2) {
- ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, false));
- ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName, ver2, true));
- ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, sharedROPkgName, ver2, false));
- ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
-
- sharedROPkgApp.uninstallApp();
-
- runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), F_OK, ACCESS_SUCCESS);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
- runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS);
- };
+ std::string sharedPkgName = "sm_test_86";
+
+ for (const auto &version : versionCombinations) {
+ AppInstallHelper nonSharedApp("sm_test_86_nonshared", OWNER_UID, version.first);
+ ScopedInstaller nonSharedAppInstall(nonSharedApp);
+
+ // Apps from the same package
+ AppInstallHelper sharedApp1("sm_test_86_shared1", sharedPkgName, OWNER_UID, version.second);
+ sharedApp1.createSharedRODir(1);
+ ScopedInstaller sharedAppInstall1(sharedApp1);
- for (const auto &version : versionCombinations)
- run_test(version.first, version.second);
+ AppInstallHelper sharedApp2("sm_test_86_shared2", sharedPkgName, OWNER_UID, version.second);
+ sharedApp2.createSharedRODir(2);
+ ScopedInstaller sharedAppInstall2(sharedApp2);
+
+ sharedAppInstall1.uninstallApp();
+
+ runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(2), R_OK|X_OK);
+ runAccessTest(sharedApp2, sharedApp2.getSharedRODir(2), R_OK|W_OK|X_OK);
+ }
}
projects / platform / core / test / security-tests.git / commitdiff