--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <string>
+#include <vector>
+
+#include <app_install_helper.h>
+#include <scoped_installer.h>
+#include <sm_api.h>
+#include <temp_test_user.h>
+#include <tests_common.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+const std::vector<std::string> TEST_PRIVACY_PRIVILEGES = {
+ "http://tizen.org/privilege/callhistory.read",
+ "http://tizen.org/privilege/account.read",
+ "http://tizen.org/privilege/healthinfo" };
+
+using namespace SecurityManagerTest;
+
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_POLICY)
+
+RUNNER_CHILD_TEST(security_manager_ap1_app_policy_fetch_for_self) {
+ TemporaryTestUser tmpUser("sm_test_ap1_user_name", GUM_USERTYPE_NORMAL, false);
+ tmpUser.create();
+
+ unsigned expectedPolicyCount = 1;
+
+ AppInstallHelper app("sm_test_ap1", tmpUser.getUid());
+ app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+
+ ScopedInstaller appInstall(app);
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
+ "drop_root_privileges failed");
+
+ std::string uidStr = tmpUser.getUidString();
+ for (const auto &appPrivilege : app.getPrivileges()) {
+ PolicyEntry filter(app.getAppId(), uidStr, appPrivilege);
+
+ std::vector<PolicyEntry> policyEntries;
+ Api::getPolicyForSelf(filter, policyEntries);
+
+ RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+ RUNNER_ASSERT_MSG(policyEntries.size() == 1,
+ "Number of policies doesn't match - should be: " << expectedPolicyCount << " and is " << policyEntries.size());
+
+ for (const auto &policyEntry : policyEntries) {
+ std::string user = policyEntry.getUser();
+ std::string appId = policyEntry.getAppId();
+ std::string privilege = policyEntry.getPrivilege();
+
+ RUNNER_ASSERT_MSG(appId == app.getAppId(),
+ "Policy returned for wrong appId," " expected : " << app.getAppId() << ", got : " << appId);
+ RUNNER_ASSERT_MSG(user == uidStr,
+ "Policy returned for wrong user," " expected : " << uidStr << ", got : " << user);
+ RUNNER_ASSERT_MSG(privilege == appPrivilege.getName(),
+ "Policy returned for wrong privilege," " expected : " << appPrivilege << ", got : " << privilege);
+
+ }
+ }
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_ap2_app_policy_fetch_for_self_different_user) {
+ TemporaryTestUser tmpUser("sm_test_ap2_1_user_name", GUM_USERTYPE_NORMAL, false);
+ tmpUser.create();
+ TemporaryTestUser tmpUser2("sm_test_ap2_2_user_name", GUM_USERTYPE_NORMAL, false);
+ tmpUser2.create();
+
+ AppInstallHelper app("sm_test_ap2", tmpUser.getUid());
+ app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+
+ ScopedInstaller appInstall(app);
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
+ "drop_root_privileges failed");
+
+ std::string wrongUidStr = tmpUser2.getUidString();
+ for (const auto &appPrivilege : app.getPrivileges()) {
+ PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege);
+
+ std::vector<PolicyEntry> policyEntries;
+ Api::getPolicyForSelf(filter, policyEntries,
+ SECURITY_MANAGER_ERROR_ACCESS_DENIED);
+ }
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_ap3_app_policy_fetch_for_self_different_user_global) {
+ TemporaryTestUser tmpUser("sm_test_ap3_1_user_name", GUM_USERTYPE_NORMAL, false);
+ tmpUser.create();
+ TemporaryTestUser tmpUser2("sm_test_ap3_2_user_name", GUM_USERTYPE_NORMAL, false);
+ tmpUser2.create();
+
+ AppInstallHelper app("sm_test_ap3");
+ app.setInstallType(SM_APP_INSTALL_GLOBAL);
+ app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+
+ ScopedInstaller appInstall(app);
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
+ "drop_root_privileges failed");
+
+ std::string wrongUidStr = tmpUser2.getUidString();
+ for (const auto &appPrivilege : app.getPrivileges()) {
+ PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege);
+
+ std::vector<PolicyEntry> policyEntries;
+ Api::getPolicyForSelf(filter, policyEntries,
+ SECURITY_MANAGER_ERROR_ACCESS_DENIED);
+ }
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_ap3_app_policy_fetch_for_self_different_app) {
+ TemporaryTestUser tmpUser("sm_test_ap3_user_name", GUM_USERTYPE_NORMAL, false);
+ tmpUser.create();
+
+ AppInstallHelper app1("sm_test_ap3_1", tmpUser.getUid());
+ app1.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+
+ AppInstallHelper app2("sm_test_ap3_2", tmpUser.getUid());
+ app2.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+
+ ScopedInstaller appInstall1(app1);
+ ScopedInstaller appInstall2(app2);
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app1.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
+ "drop_root_privileges failed");
+
+ std::string uidStr = tmpUser.getUidString();
+ for (const auto &appPrivilege : app1.getPrivileges()) {
+ PolicyEntry filter(app2.getAppId(), uidStr, appPrivilege);
+
+ std::vector<PolicyEntry> policyEntries;
+ Api::getPolicyForSelf(filter, policyEntries,
+ SECURITY_MANAGER_ERROR_ACCESS_DENIED);
+ }
+ exit(0);
+ }
+}