#include <app_install_helper.h>
#include <dpl/test/test_runner.h>
#include <memory.h>
+#include <scoped_installer.h>
#include <sm_api.h>
#include <sm_commons.h>
#include <sm_request.h>
#include <tests_common.h>
using namespace SecurityManagerTest;
-namespace {
-const char *const owner_access = "rwxat";
-const char *const target_path_access = "rxl";
-const char *const target_dir_access = "x";
-const char *const no_access = "";
-
-void check_system_access(const std::string pathLabel, bool apply = true) {
- check_exact_smack_accesses("User", pathLabel, (apply ? owner_access : no_access));
- check_exact_smack_accesses("System", pathLabel, (apply ? owner_access : no_access));
-}
-
-void check_owner_access(const std::string &ownerLabel, const std::string &pathLabel, bool apply = true) {
- check_exact_smack_accesses(ownerLabel, pathLabel, (apply ? owner_access : no_access));
-}
-
-void check_target_access(const std::string &ownerPkgLabel, const std::string &targetLabel,
- const std::string &pathLabel, bool pathShared = true, bool anyPathShared = true) {
- check_exact_smack_accesses(targetLabel, pathLabel, (pathShared ? target_path_access : no_access));
- check_exact_smack_accesses(targetLabel, ownerPkgLabel, (anyPathShared ? target_dir_access : no_access));
-}
-
-void check_path_label(const std::string &path, const std::string &expectedLabel) {
- char *label = nullptr;
- int ret = smack_new_label_from_path(path.c_str(), XATTR_NAME_SMACK, 0, &label);
- RUNNER_ASSERT_MSG(ret > 0, "smack_new_label_from_path failed for " << path);
- SmackLabelPtr realLabel(label);
- RUNNER_ASSERT_MSG(realLabel.get() == expectedLabel, "Fetched label from " << path << " different"
- " than expected, is : " << realLabel.get() << " should be " << expectedLabel);
-}
-
-void createFile(const std::string &filePath)
-{
- //create temporary file and set label for it
- mode_t systemMask;
-
- unlink(filePath.c_str());
- //allow to create file with 777 rights
- systemMask = umask(0000);
- int fd = open(filePath.c_str(), O_RDWR | O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO);
- //restore system mask
- umask(systemMask);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests");
-
- //for descriptor protection
- FdUniquePtr fd_ptr(&fd);
-
- //change owner and group to user APP
- int ret = chown(filePath.c_str(), APP_UID, APP_GID);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
-}
-
-struct PathInfo {
- const std::string &path;
- app_install_path_type path_type;
-};
-
-InstallRequest createInstallReq(const std::string &appName, const std::string &pkgName,
- const std::vector<PathInfo> &paths){
- InstallRequest req;
- req.setAppId(appName);
- req.setPkgId(pkgName);
- for (const auto &pathInfo : paths) {
- req.addPath(pathInfo.path, pathInfo.path_type);
- }
- return req;
-}
-
-InstallRequest createInstallReq(const AppInstallHelper &info,
- const std::vector<PathInfo> &paths = std::vector<PathInfo>()){
- return createInstallReq(info.getAppId(), info.getPkgId(), paths);
-}
-
-void clearLabels(const std::string &path) {
- int result = nftw(path.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to remove Smack labels in " << path);
-}
-
-}
RUNNER_TEST_GROUP_INIT(SECURIT_MANAGER_PRIVATE_SHARING)
+/*
+ * Check if request is rejected when incomplete
+ */
RUNNER_TEST(security_manager_30a_send_incomplete_req1)
{
SharingRequest request;
Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- request.setOwnerAppId("someOwner");
+ request.setOwnerAppId("sm_test_30a_owner_app_id");
Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- request.setTargetAppId("someTarget");
+ request.setTargetAppId("sm_test_30a_target_app_id");
Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
}
RUNNER_TEST(security_manager_30b_send_incomplete_req2)
{
SharingRequest request;
- request.setTargetAppId("someTarget");
+ request.setTargetAppId("sm_test_30b_target_app_id");
Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- request.setOwnerAppId("someOwner");
+ request.setOwnerAppId("sm_test_30b_owner_app_id");
Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
}
const char *somePaths[] = {"path1", "path2"};
request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- request.setOwnerAppId("someOwner");
+ request.setOwnerAppId("sm_test_30_b_owner_app_id");
Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
}
+/*
+ * Check if sharing request for unknown owner app is rejected
+ */
+
RUNNER_TEST(security_manager_30d_unknown_owner)
{
- // This test depends on order of checks in security-manager service implementation
+ AppInstallHelper target("sm_test_30d_target");
+ ScopedInstaller targetInstall(target);
+
+ AppInstallHelper notInstalledOwner("sm_test_30d_notinstalled_owner");
+ notInstalledOwner.createPrivateFile();
+
SharingRequest request;
- request.setOwnerAppId("ImPrettySureIDontExist");
- request.setTargetAppId("IDontMatter");
- const char *somePaths[] = {"path1", "path2"};
- request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
+ request.setOwnerAppId(notInstalledOwner.getAppId());
+ request.setTargetAppId(target.getAppId());
+
+ std::string sharedPath = notInstalledOwner.getPrivatePath();
+ const char *paths[] = {sharedPath.c_str()};
+ request.addPaths(paths, 1);
Api::applySharing(request, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
}
+/*
+ * Check if sharing request for unknown target app is rejected
+ */
RUNNER_TEST(security_manager_30e_unknown_target)
{
- // This test depends on order of checks in security-manager service implementation
- AppInstallHelper owner("installedApp");
- owner.revokeRules();
- InstallRequest ownerInst;
- ownerInst.setAppId(owner.getAppId());
- ownerInst.setPkgId(owner.getPkgId());
- Api::install(ownerInst);
+ AppInstallHelper owner("sm_test_30e_owner");
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
SharingRequest request;
request.setOwnerAppId(owner.getAppId());
- request.setTargetAppId("NowImPrettySureIDontExist");
- const char *somePaths[] = {"path1", "path2"};
- request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
- Api::applySharing(request, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
+ request.setTargetAppId("sm_test_30e_notinstalled_target");
- Api::uninstall(ownerInst);
+ std::string sharedPath = owner.getPrivatePath();
+ const char *paths[] = {sharedPath.c_str()};
+ request.addPaths(paths, 1);
+ Api::applySharing(request, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
}
+/*
+ * Check if sharing not owned path is rejected
+ */
RUNNER_TEST(security_manager_30f_bad_paths)
{
- // This test depends on order of checks in security-manager service implementation
- AppInstallHelper owner("installedApp");
- owner.revokeRules();
- InstallRequest ownerInst = createInstallReq(owner);
- Api::install(ownerInst);
+ AppInstallHelper owner("sm_test_30f_owner");
+ ScopedInstaller ownerInstall(owner);
- AppInstallHelper target("secondInstalledApp");
- target.revokeRules();
- InstallRequest targetInst = createInstallReq(target);
- Api::install(targetInst);
-
- SharingRequest request;
- request.setOwnerAppId(owner.getAppId());
- request.setTargetAppId(target.getAppId());
+ AppInstallHelper target("sm_test_30f_target");
+ target.createPrivateFile();
+ ScopedInstaller targetInstall(target);
- const char *somePath = "/tmp/somePath";
- createFile(somePath);
- const char *somePaths[] = {somePath};
- request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
- Api::applySharing(request, SECURITY_MANAGER_ERROR_APP_NOT_PATH_OWNER);
+ SharingRequest share;
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
- Api::uninstall(ownerInst);
- Api::uninstall(targetInst);
+ std::string sharedPath = target.getPrivatePath();
+ const char *paths[] = {sharedPath.c_str()};
+ share.addPaths(paths, 1);
+ Api::applySharing(share, SECURITY_MANAGER_ERROR_APP_NOT_PATH_OWNER);
}
-RUNNER_TEST(security_manager_31_simple_share)
+/*
+ * Check proper access for sharing one path between applications from different packages
+ */
+RUNNER_CHILD_TEST(security_manager_31_simple_share)
{
- std::vector<AppInstallHelper> helper {{"app31a"}, {"app31b"}};
- auto &owner = helper[0];
- auto &target = helper[1];
-
- for (auto &e : helper) {
- e.revokeRules();
- }
-
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
- InstallRequest targetReq = createInstallReq(target);
- Api::install(targetReq);
-
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath();
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
-
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
-
- Api::dropSharing(share1);
- check_system_access(pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
-
- Api::uninstall(ownerReq);
- Api::uninstall(targetReq);
+ AppInstallHelper owner("sm_test_31_owner");
+ owner.createPrivateFile(0);
+ owner.createPrivateFile(1);
+ ScopedInstaller ownerInstall(owner);
+
+ AppInstallHelper target("sm_test_31_target");
+ ScopedInstaller targetInstall(target);
+
+ SharingRequest share;
+ std::string sharedPath = owner.getPrivatePath(0);
+ std::string privatePath = owner.getPrivatePath(1);
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
+ const char *paths[] = {sharedPath.c_str()};
+ share.addPaths(paths, 1);
+ Api::applySharing(share);
+
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ //execute access is given to directory containing file. files have the same label as directories.
+ runAccessTest(target, privatePath, X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ Api::dropSharing(share);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, 0);
+ runAccessTest(target, privatePath, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
}
-
-RUNNER_TEST(security_manager_32_double_share)
+/*
+ * Private sharing can be applied multiple times. Check if double private path sharing applying
+ * between two applications from different package is accepted and if access is properly set after
+ * fist and second apply and if is properly revoked only after second drop.
+ *
+ */
+RUNNER_CHILD_TEST(security_manager_32_double_share)
{
- std::vector<AppInstallHelper> helper {{"app32a"}, {"app32b"}};
- auto &owner = helper[0];
- auto &target = helper[1];
-
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- }
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
-
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
- InstallRequest targetReq = createInstallReq(target);
- Api::install(targetReq);
-
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath(0);
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
-
- TestSecurityManagerDatabase db;
- std::string pathLabel = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- Api::applySharing(share1);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- Api::dropSharing(share1);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- Api::dropSharing(share1);
- check_system_access(pathLabel, false);
- check_owner_access(owner.generateAppLabel(), pathLabel, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
-
- Api::uninstall(ownerReq);
- Api::uninstall(targetReq);
+ AppInstallHelper owner("sm_test_32_owner");
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
+
+ AppInstallHelper target("sm_test_32_target");
+ ScopedInstaller targetInstall(target);
+
+ SharingRequest share;
+ std::string sharedPath = owner.getPrivatePath();
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
+ const char *paths[] = {sharedPath.c_str()};
+ share.addPaths(paths, 1);
+
+ Api::applySharing(share);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ Api::applySharing(share);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ Api::dropSharing(share);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ Api::dropSharing(share);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
}
-RUNNER_TEST(security_manager_33_share_two_with_one)
+
+/*
+ * Check access after sharing separate private paths with one application in two separate
+ * sharing requests.
+ */
+RUNNER_CHILD_TEST(security_manager_33a_share_two_with_one)
{
- std::vector<AppInstallHelper> helper {{"app33a"}, {"app33b"}};
- auto &owner = helper[0];
- auto &target = helper[1];
-
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- }
- owner.createPrivateDir();
- owner.createSharedFile(0);
- owner.createSharedFile(1);
- clearLabels(owner.getInstallDir());
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(0), SECURITY_MANAGER_PATH_RW},
- PathInfo{owner.getSharedPath(1), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
- InstallRequest targetReq = createInstallReq(target);
- Api::install(targetReq);
+ AppInstallHelper owner("sm_test_33a_owner");
+ owner.createPrivateFile(0);
+ owner.createPrivateFile(1);
+ ScopedInstaller ownerInstall(owner);
+
+ AppInstallHelper target("sm_test_33a_target");
+ ScopedInstaller targetInstall(target);
SharingRequest share1, share2;
- std::string sharedPath1 = owner.getSharedPath(0);
- std::string sharedPath2 = owner.getSharedPath(1);
+ std::string sharedPath1 = owner.getPrivatePath(0);
+ std::string sharedPath2 = owner.getPrivatePath(1);
share1.setOwnerAppId(owner.getAppId());
share2.setOwnerAppId(owner.getAppId());
share1.setTargetAppId(target.getAppId());
share2.setTargetAppId(target.getAppId());
- const char *path1[] = {sharedPath1.c_str()};
- const char *path2[] = {sharedPath2.c_str()};
- share1.addPaths(path1, 1);
- share2.addPaths(path2, 1);
+ const char *paths1[] = {sharedPath1.c_str()};
+ share1.addPaths(paths1, 1);
+ const char *paths2[] = {sharedPath2.c_str()};
+ share2.addPaths(paths2, 1);
Api::applySharing(share1);
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath1.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath1);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath1, pathLabel1);
+ runAccessTest(owner, sharedPath1, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath1, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath1, R_OK|W_OK|X_OK);
Api::applySharing(share2);
- std::string pathLabel2 = db.get_path_label(sharedPath2.c_str());
- RUNNER_ASSERT_MSG(!pathLabel2.empty(), "Couldn't fetch path label from database for file " << sharedPath2);
- RUNNER_ASSERT_MSG(pathLabel1 != pathLabel2, "Labels for private shared paths should be unique!");
-
- check_system_access(pathLabel1);
- check_system_access(pathLabel2);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel2);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel2);
- check_path_label(sharedPath1, pathLabel1);
- check_path_label(sharedPath2, pathLabel2);
+ runAccessTest(owner, sharedPath2, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath2, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath2, R_OK|W_OK|X_OK);
Api::dropSharing(share1);
- check_system_access(pathLabel1, false);
- check_system_access(pathLabel2);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel2);
- check_path_label(sharedPath1, owner.generatePkgLabel());
- check_path_label(sharedPath2, pathLabel2);
+ runAccessTest(owner, sharedPath1, R_OK|W_OK|X_OK);
+ //execute access is given to directory containing file. files have the same label as directories.
+ runAccessTest(target, sharedPath1, X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath1, R_OK|W_OK|X_OK);
+ runAccessTest(owner, sharedPath2, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath2, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath2, R_OK|W_OK|X_OK);
Api::dropSharing(share2);
- check_system_access(pathLabel1, false);
- check_system_access(pathLabel2, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel2, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel2, false, false);
- check_path_label(sharedPath1, owner.generatePkgLabel());
- check_path_label(sharedPath2, owner.generatePkgLabel());
-
- Api::uninstall(ownerReq);
- Api::uninstall(targetReq);
+ runAccessTest(owner, sharedPath2, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath2, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath1, R_OK|W_OK|X_OK);
}
-RUNNER_TEST(security_manager_34_share_one_with_two)
+/*
+ * Check access after sharing separate private paths with one application in one sharing requests.
+ */
+RUNNER_CHILD_TEST(security_manager_33b_share_two_with_one)
+{
+ AppInstallHelper owner("sm_test_33b_owner");
+ owner.createPrivateFile(0);
+ owner.createPrivateFile(1);
+ ScopedInstaller ownerInstall(owner);
+
+ AppInstallHelper target("sm_test_33b_target");
+ ScopedInstaller targetInstall(target);
+
+ SharingRequest share;
+ std::string sharedPath1 = owner.getPrivatePath(0);
+ std::string sharedPath2 = owner.getPrivatePath(1);
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
+ const char *paths[] = {sharedPath1.c_str(), sharedPath2.c_str()};
+
+ share.addPaths(paths, 2);
+
+ Api::applySharing(share);
+ runAccessTest(owner, sharedPath1, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath1, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath1, R_OK|W_OK|X_OK);
+ runAccessTest(owner, sharedPath2, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath2, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath2, R_OK|W_OK|X_OK);
+
+ Api::dropSharing(share);
+ runAccessTest(owner, sharedPath1, R_OK|W_OK|X_OK);
+ runAccessTest(owner, sharedPath2, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath1, 0);
+ runAccessTest(target, sharedPath2, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath1, R_OK|W_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath2, R_OK|W_OK|X_OK);
+}
+
+/*
+ * Check access when sharing one private path with two separate applications.
+ */
+RUNNER_CHILD_TEST(security_manager_34_share_one_with_two)
{
- std::vector<AppInstallHelper> helper {{"app34a"}, {"app34b"}, {"app34c"}};
- auto &owner = helper[0];
- auto &target1 = helper[1];
- auto &target2 = helper[2];
-
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- }
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
-
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
- for (size_t i = 1; i < helper.size(); i++) {
- InstallRequest targetReq = createInstallReq(helper[i]);
- Api::install(targetReq);
- }
+ AppInstallHelper owner("sm_test_34_owner");
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
+
+ AppInstallHelper target1("sm_test_34_target1");
+ ScopedInstaller targetInstall1(target1);
+
+ AppInstallHelper target2("sm_test_34_target2");
+ ScopedInstaller targetInstall2(target2);
SharingRequest share1, share2;
- std::string sharedPath = owner.getSharedPath(0).c_str();
+ std::string sharedPath = owner.getPrivatePath(0).c_str();
share1.setOwnerAppId(owner.getAppId());
share2.setOwnerAppId(owner.getAppId());
share1.setTargetAppId(target1.getAppId());
share2.setTargetAppId(target2.getAppId());
-
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- share2.addPaths(path, 1);
+ const char *paths[] = {sharedPath.c_str()};
+ share1.addPaths(paths, 1);
+ share2.addPaths(paths, 1);
Api::applySharing(share1);
- TestSecurityManagerDatabase db;
- std::string pathLabel = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target1, sharedPath, R_OK|X_OK);
+ runAccessTest(target2, sharedPath, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
Api::applySharing(share2);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target2, sharedPath, R_OK|X_OK);
+ runAccessTest(target1, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
Api::dropSharing(share1);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target1, sharedPath, 0);
+ runAccessTest(target2, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
Api::dropSharing(share2);
- check_system_access(pathLabel, false);
- check_owner_access(owner.generateAppLabel(), pathLabel, false);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
-
- Api::uninstall(ownerReq);
- for (size_t i = 1; i < helper.size(); i++) {
- InstallRequest targetReq = createInstallReq(helper[i]);
- Api::uninstall(targetReq);
- }
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target1, sharedPath, 0);
+ runAccessTest(target2, sharedPath, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
}
-RUNNER_TEST(security_manager_35_share_two_with_two)
+/*
+ * Check access when sharing two separate private paths with two separate applications.
+ */
+RUNNER_CHILD_TEST(security_manager_35_share_two_with_two)
{
- std::vector<AppInstallHelper> helper {{"app35a"}, {"app35b"}, {"app35c"}};
- auto &owner = helper[0];
- auto &target1 = helper[1];
- auto &target2 = helper[2];
-
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- }
- owner.createPrivateDir();
- owner.createSharedFile(0);
- owner.createSharedFile(1);
- clearLabels(owner.getInstallDir());
-
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(0), SECURITY_MANAGER_PATH_RW},
- PathInfo{owner.getSharedPath(1), SECURITY_MANAGER_PATH_RW}});
-
- Api::install(ownerReq);
-
- for (size_t i = 1; i < helper.size(); i++) {
- InstallRequest targetReq = createInstallReq(helper[i]);
- Api::install(targetReq);
- }
+ AppInstallHelper owner("sm_test_35_owner");
+ owner.createPrivateFile(0);
+ owner.createPrivateFile(1);
+ ScopedInstaller ownerInstall(owner);
+
+ AppInstallHelper target1("sm_test_35_target1");
+ ScopedInstaller targetInstall1(target1);
+
+ AppInstallHelper target2("sm_test_35_target2");
+ ScopedInstaller targetInstall2(target2);
SharingRequest share1, share2;
- std::string sharedPath1 = owner.getSharedPath(0).c_str();
- std::string sharedPath2 = owner.getSharedPath(1).c_str();
+ std::string sharedPath1 = owner.getPrivatePath(0).c_str();
+ std::string sharedPath2 = owner.getPrivatePath(1).c_str();
share1.setOwnerAppId(owner.getAppId());
share2.setOwnerAppId(owner.getAppId());
share1.setTargetAppId(target1.getAppId());
share2.setTargetAppId(target2.getAppId());
-
- const char *path1[] = {sharedPath1.c_str()};
- const char *path2[] = {sharedPath2.c_str()};
- share1.addPaths(path1, 1);
- share2.addPaths(path2, 1);
+ const char *paths1[] = {sharedPath1.c_str()};
+ share1.addPaths(paths1, 1);
+ const char *paths2[] = {sharedPath2.c_str()};
+ share2.addPaths(paths2, 1);
Api::applySharing(share1);
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath1.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath1);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath1, pathLabel1);
+ runAccessTest(owner, sharedPath1, R_OK|W_OK|X_OK);
+ runAccessTest(target1, sharedPath1, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath1, R_OK|W_OK|X_OK);
Api::applySharing(share2);
- std::string pathLabel2 = db.get_path_label(sharedPath2.c_str());
- RUNNER_ASSERT_MSG(!pathLabel2.empty(), "Couldn't fetch path label from database for file " << sharedPath2);
- RUNNER_ASSERT_MSG(pathLabel1 != pathLabel2, "Labels for shared files should be unique!");
-
- check_system_access(pathLabel1);
- check_system_access(pathLabel2);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel2);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel2);
- check_path_label(sharedPath1, pathLabel1);
- check_path_label(sharedPath2, pathLabel2);
+ runAccessTest(owner, sharedPath2, R_OK|W_OK|X_OK);
+ runAccessTest(target1, sharedPath1, R_OK|X_OK);
+ runAccessTest(target1, sharedPath2, 0);
+ runAccessTest(target2, sharedPath2, R_OK|X_OK);
+ runAccessTest(target2, sharedPath1, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath2, R_OK|W_OK|X_OK);
Api::dropSharing(share2);
- check_system_access(pathLabel1);
- check_system_access(pathLabel2, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel2, false);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel2, false, false);
- check_path_label(sharedPath1, pathLabel1);
- check_path_label(sharedPath2, owner.generatePkgLabel());
+ runAccessTest(owner, sharedPath1, R_OK|W_OK|X_OK);
+ runAccessTest(owner, sharedPath2, R_OK|W_OK|X_OK);
+ runAccessTest(target1, sharedPath1, R_OK|X_OK);
+ runAccessTest(target2, sharedPath2, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath2, R_OK|W_OK|X_OK);
Api::dropSharing(share1);
- check_system_access(pathLabel1, false);
- check_system_access(pathLabel2, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel2, false);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1, false, false);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel2, false, false);
- check_path_label(sharedPath1, owner.generatePkgLabel());
- check_path_label(sharedPath2, owner.generatePkgLabel());
- Api::uninstall(ownerReq);
- for (size_t i = 1; i < helper.size(); i++) {
- InstallRequest targetReq;
- targetReq.setAppId(helper[i].getAppId());
- targetReq.setPkgId(helper[i].getAppId());
- Api::uninstall(targetReq);
- }
+ runAccessTest(owner, sharedPath1, R_OK|W_OK|X_OK);
+ runAccessTest(owner, sharedPath2, R_OK|W_OK|X_OK);
+ runAccessTest(target1, sharedPath1, 0);
+ runAccessTest(target2, sharedPath2, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath1, R_OK|W_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath2, R_OK|W_OK|X_OK);
}
-RUNNER_TEST(security_manager_35_share_uninstall_target) {
- std::vector<AppInstallHelper> helper {{"app35aa"}, {"app35bb"}};
- auto &owner = helper[0];
- auto &target = helper[1];
-
- for (auto &e : helper) {
- e.revokeRules();
- }
-
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
-
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
- InstallRequest targetReq = createInstallReq(target);
- Api::install(targetReq);
-
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath();
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
-
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
-
- Api::uninstall(targetReq);
-
- check_system_access(pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
-
- Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
- Api::uninstall(ownerReq);
+/*
+ * Check access after sharing one private path with one application and after uninstalling target
+ * application.
+ */
+RUNNER_CHILD_TEST(security_manager_35_share_uninstall_target) {
+ AppInstallHelper owner("sm_test_35_owner");
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
+
+ AppInstallHelper target("sm_test_35_target");
+ ScopedInstaller targetInstall(target);
+
+ SharingRequest share;
+ std::string sharedPath = owner.getPrivatePath();
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
+ const char *paths[] = {sharedPath.c_str()};
+ share.addPaths(paths, 1);
+ Api::applySharing(share);
+
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ targetInstall.uninstallApp();
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ // Reinstall, so we can change context to same app_id
+ ScopedInstaller targetInstall2(target);
+ runAccessTest(target, sharedPath, 0);
+
+ Api::dropSharing(share, SECURITY_MANAGER_ERROR_INPUT_PARAM);
}
-RUNNER_TEST(security_manager_35_share_uninstall_owner) {
- std::vector<AppInstallHelper> helper {{"app35aaa"}, {"app35bbb"}};
- auto &owner = helper[0];
- auto &target = helper[1];
-
- for (auto &e : helper) {
- e.revokeRules();
- }
+/*
+ * Check access after sharing one private path with one application and after uninstalling owner
+ * application.
+ */
+RUNNER_CHILD_TEST(security_manager_35_share_uninstall_owner) {
+ AppInstallHelper owner("sm_test_35_owner");
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
- owner.createPrivateDir();
- owner.createSharedFile();
+ AppInstallHelper target("sm_test_35_target");
+ ScopedInstaller targetInstall(target);
- clearLabels(owner.getInstallDir());
+ SharingRequest share;
+ std::string sharedPath = owner.getPrivatePath();
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
+ const char *paths[] = {sharedPath.c_str()};
+ share.addPaths(paths, 1);
+ Api::applySharing(share);
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
- InstallRequest targetReq = createInstallReq(target);
- Api::install(targetReq);
+ ownerInstall.uninstallApp();
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath();
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
+ runAccessTest(target, sharedPath, 0);
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
+ Api::dropSharing(share, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
-
- owner.removePaths();
- Api::uninstall(ownerReq);
-
- check_system_access(pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
-
- Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
- Api::uninstall(targetReq);
}
-RUNNER_TEST(security_manager_36_share_pkg_owner_uninstall) {
- std::vector<AppInstallHelper> helper {{"app36a", "pkg1"}, {"app36b", "pkg1"}, {"app36c", "pkg2"}};
- auto &owner = helper[0];
- auto &pkgApp = helper[1];
- auto &target = helper[2];
-
- for (auto &e : helper) {
- e.revokeRules();
- }
-
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
+/*
+ * Check access after sharing one private path with one application and after uninstalling owner
+ * application from package with two applications.
+ */
+RUNNER_CHILD_TEST(security_manager_36_share_pkg_owner_uninstall) {
+ std::string pkgName = "sm_test_36";
+ AppInstallHelper owner("sm_test_36_owner", pkgName);
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
+ AppInstallHelper samePkgAsOwnerApp("sm_test_36", pkgName);
+ ScopedInstaller samePkgAsOwnerInstall(samePkgAsOwnerApp);
- InstallRequest pkgAppReq = createInstallReq(pkgApp);
- Api::install(pkgAppReq);
- InstallRequest targetReq = createInstallReq(target);
- Api::install(targetReq);
+ AppInstallHelper target("sm_test_36_target");
+ ScopedInstaller targetInstall(target);
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath();
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
-
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
+ SharingRequest share;
+ std::string sharedPath = owner.getPrivatePath();
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
+ const char *paths[] = {sharedPath.c_str()};
+ share.addPaths(paths, 1);
+ Api::applySharing(share);
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(samePkgAsOwnerApp, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
- owner.removePaths();
- Api::uninstall(ownerReq);
+ ownerInstall.uninstallApp();
- check_system_access(pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
+ runAccessTest(target, sharedPath, 0);
- Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
- Api::uninstall(pkgAppReq);
- Api::uninstall(targetReq);
+ Api::dropSharing(share, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
}
-RUNNER_TEST(security_manager_36_share_pkg_owner_drop) {
- std::vector<AppInstallHelper> helper {{"app36aa", "pkg1"}, {"app36bb", "pkg1"}, {"app36cc", "pkg2"}};
- auto &owner = helper[0];
- auto &pkgApp = helper[1];
- auto &target = helper[2];
-
- for (auto &e : helper) {
- e.revokeRules();
- }
-
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
-
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
- InstallRequest pkgAppReq = createInstallReq(pkgApp);
- Api::install(pkgAppReq);
- InstallRequest targetReq = createInstallReq(target);
- Api::install(targetReq);
-
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath();
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
-
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
-
- Api::dropSharing(share1);
-
- check_system_access(pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
-
- Api::uninstall(ownerReq);
- Api::uninstall(pkgAppReq);
- Api::uninstall(targetReq);
+/*
+ * Check access after sharing one private path with one application when owner application is from
+ * package with two applications.
+ */
+RUNNER_CHILD_TEST(security_manager_36_share_pkg_owner_drop) {
+ std::string pkgName = "sm_test_36";
+ AppInstallHelper owner("sm_test_36_owner", pkgName);
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
+
+ AppInstallHelper samePkgAsOwnerApp("sm_test_36", pkgName);
+ ScopedInstaller samePkgAsOwnerInstall(samePkgAsOwnerApp);
+
+ AppInstallHelper target("sm_test_36_target");
+ ScopedInstaller targetInstall(target);
+
+ SharingRequest share;
+ std::string sharedPath = owner.getPrivatePath();
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
+ const char *paths[] = {sharedPath.c_str()};
+ share.addPaths(paths, 1);
+ Api::applySharing(share);
+
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(samePkgAsOwnerApp, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ Api::dropSharing(share);
+
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(samePkgAsOwnerApp, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
}
-RUNNER_TEST(security_manager_36_share_pkg_target_uninstall) {
- std::vector<AppInstallHelper> helper {{"app36aaa", "pkg1"}, {"app36bbb", "pkg1"}, {"app36ccc", "pkg2"}};
- auto &owner = helper[0];
- auto &pkgApp = helper[1];
- auto &target = helper[2];
-
- for (auto &e : helper) {
- e.revokeRules();
- }
-
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
-
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
- InstallRequest pkgAppReq = createInstallReq(pkgApp);
- Api::install(pkgAppReq);
- InstallRequest targetReq = createInstallReq(target);
- Api::install(targetReq);
-
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath();
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
-
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
-
- Api::uninstall(targetReq);
-
- check_system_access(pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
-
- Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
-
- Api::uninstall(ownerReq);
- Api::uninstall(pkgAppReq);
+/*
+ * Check access after sharing one private path with one application and after uninstalling target
+ * application when owner application is from package with two applications.
+ */
+RUNNER_CHILD_TEST(security_manager_36_share_pkg_target_uninstall) {
+ std::string pkgName = "sm_test_36";
+ AppInstallHelper owner("sm_test_36_owner", pkgName);
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
+
+ AppInstallHelper samePkgAsOwnerApp("sm_test_36", pkgName);
+ ScopedInstaller samePkgAsOwnerInstall(samePkgAsOwnerApp);
+
+ AppInstallHelper target("sm_test_36_target");
+ ScopedInstaller targetInstall(target);
+
+ SharingRequest share;
+ std::string sharedPath = owner.getPrivatePath();
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
+ const char *paths[] = {sharedPath.c_str()};
+ share.addPaths(paths, 1);
+ Api::applySharing(share);
+
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(samePkgAsOwnerApp, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ targetInstall.uninstallApp();
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(samePkgAsOwnerApp, sharedPath, R_OK|W_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ // Reinstall, so we can change context to same app_id
+ ScopedInstaller targetInstall2(target);
+ runAccessTest(target, sharedPath, 0);
+
+ Api::dropSharing(share, SECURITY_MANAGER_ERROR_INPUT_PARAM);
}
-RUNNER_TEST(security_manager_37_pkg_double_share_target_uninstall) {
- std::vector<AppInstallHelper> helper {{"app37a", "pkg1"}, {"app37b", "pkg1"}, {"app37c", "pkg2"}};
- auto &owner = helper[0];
- auto &pkgApp = helper[1];
- auto &target = helper[2];
-
- for (auto &e : helper) {
- e.revokeRules();
- }
-
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
-
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
- InstallRequest pkgAppReq = createInstallReq(pkgApp);
- Api::install(pkgAppReq);
- InstallRequest targetReq = createInstallReq(target);
- Api::install(targetReq);
-
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath();
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
-
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
-
- Api::applySharing(share1);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
-
- Api::uninstall(targetReq);
-
- check_system_access(pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
-
- Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
-
- Api::uninstall(ownerReq);
- Api::uninstall(pkgAppReq);
+/*
+ * Check access after double sharing one private path with one application and after uninstalling
+ * target application when owner application is from package with two applications.
+ */
+RUNNER_CHILD_TEST(security_manager_37_pkg_double_share_target_uninstall) {
+ std::string pkgName = "sm_test_37";
+ AppInstallHelper owner("sm_test_37_owner", pkgName);
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
+
+ AppInstallHelper samePkgAsOwnerApp("sm_test_37", pkgName);
+ ScopedInstaller samePkgAsOwnerInstall(samePkgAsOwnerApp);
+
+ AppInstallHelper target("sm_test_37_target");
+ ScopedInstaller targetInstall(target);
+
+ SharingRequest share;
+ std::string sharedPath = owner.getPrivatePath();
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
+ const char *paths[] = {sharedPath.c_str()};
+ share.addPaths(paths, 1);
+ Api::applySharing(share);
+ Api::applySharing(share);
+
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(samePkgAsOwnerApp, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ targetInstall.uninstallApp();
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(samePkgAsOwnerApp, sharedPath, R_OK|W_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ // Reinstall, so we can change context to same app_id
+ ScopedInstaller targetInstall2(target);
+ runAccessTest(target, sharedPath, 0);
+
+ Api::dropSharing(share, SECURITY_MANAGER_ERROR_INPUT_PARAM);
}
-RUNNER_TEST(security_manager_37_pkg_double_share_owner_uninstall) {
- std::vector<AppInstallHelper> helper {{"app37aa", "pkg1"}, {"app37bb", "pkg1"}, {"app37cc", "pkg2"}};
- auto &owner = helper[0];
- auto &pkgApp = helper[1];
- auto &target = helper[2];
-
- for (auto &e : helper) {
- e.revokeRules();
- }
-
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
-
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
- InstallRequest pkgAppReq = createInstallReq(pkgApp);
- Api::install(pkgAppReq);
- InstallRequest targetReq = createInstallReq(target);
- Api::install(targetReq);
-
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath();
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
+/*
+ * Check access after double sharing one private path with one application and after uninstalling
+ * owner application from package with two applications.
+ */
+RUNNER_CHILD_TEST(security_manager_37_pkg_double_share_owner_uninstall) {
+ std::string pkgName = "sm_test_37";
+ AppInstallHelper owner("sm_test_37_owner", pkgName);
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
+ AppInstallHelper samePkgAsOwnerApp("sm_test_37", pkgName);
+ ScopedInstaller samePkgAsOwnerInstall(samePkgAsOwnerApp);
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
+ AppInstallHelper target("sm_test_37_target");
+ ScopedInstaller targetInstall(target);
- Api::applySharing(share1);
+ SharingRequest share;
+ std::string sharedPath = owner.getPrivatePath();
+ share.setOwnerAppId(owner.getAppId());
+ share.setTargetAppId(target.getAppId());
+ const char *paths[] = {sharedPath.c_str()};
+ share.addPaths(paths, 1);
+ Api::applySharing(share);
+ Api::applySharing(share);
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(samePkgAsOwnerApp, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
- owner.removePaths();
- Api::uninstall(ownerReq);
+ ownerInstall.uninstallApp();
- check_system_access(pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_owner_access(pkgApp.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
+ runAccessTest(target, sharedPath, 0);
- Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
-
- Api::uninstall(targetReq);
- Api::uninstall(pkgAppReq);
+ Api::dropSharing(share, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
}
-RUNNER_TEST(security_manager_38_share_one_with_two_uninstall_target)
+/*
+ * Check access after sharing one private path with two applications from different packages and
+ * after uninstalling one of them and dropping second sharing.
+ */
+RUNNER_CHILD_TEST(security_manager_38_share_one_with_two_uninstall_target)
{
- std::vector<AppInstallHelper> helper {{"app38a"}, {"app38b"}, {"app38c"}};
- auto &owner = helper[0];
- auto &target1 = helper[1];
- auto &target2 = helper[2];
+ AppInstallHelper owner("sm_test_34_owner");
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- }
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
+ AppInstallHelper target1("sm_test_34_target1");
+ ScopedInstaller targetInstall1(target1);
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
-
- InstallRequest targetReq1 = createInstallReq(target1);
- Api::install(targetReq1);
- InstallRequest targetReq2 = createInstallReq(target2);
- Api::install(targetReq2);
+ AppInstallHelper target2("sm_test_34_target2");
+ ScopedInstaller targetInstall2(target2);
SharingRequest share1, share2;
- std::string sharedPath = owner.getSharedPath(0).c_str();
+ std::string sharedPath = owner.getPrivatePath(0).c_str();
share1.setOwnerAppId(owner.getAppId());
share2.setOwnerAppId(owner.getAppId());
share1.setTargetAppId(target1.getAppId());
share2.setTargetAppId(target2.getAppId());
-
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- share2.addPaths(path, 1);
+ const char *paths[] = {sharedPath.c_str()};
+ share1.addPaths(paths, 1);
+ share2.addPaths(paths, 1);
Api::applySharing(share1);
- TestSecurityManagerDatabase db;
- std::string pathLabel = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target1, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
Api::applySharing(share2);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- Api::uninstall(targetReq1);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target2, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ targetInstall1.uninstallApp();
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target2, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ // Reinstall, so we can change context to same app_id
+ ScopedInstaller targetInstall1_2(target1);
+ runAccessTest(target1, sharedPath, 0);
Api::dropSharing(share2);
- check_system_access(pathLabel, false);
- check_owner_access(owner.generateAppLabel(), pathLabel, false);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
- Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
- Api::uninstall(ownerReq);
- Api::uninstall(targetReq2);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target2, sharedPath, 0);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ Api::dropSharing(share1, SECURITY_MANAGER_ERROR_INPUT_PARAM);
}
-RUNNER_TEST(security_manager_38_share_one_with_two_uninstall_owner)
+/*
+ * Check access after sharing one private path with two applications from different packages and
+ * after uninstalling owner application.
+ */
+RUNNER_CHILD_TEST(security_manager_38_share_one_with_two_uninstall_owner)
{
- std::vector<AppInstallHelper> helper {{"app38aa"}, {"app38bb"}, {"app38cc"}};
- auto &owner = helper[0];
- auto &target1 = helper[1];
- auto &target2 = helper[2];
+ AppInstallHelper owner("sm_test_34_owner");
+ owner.createPrivateFile();
+ ScopedInstaller ownerInstall(owner);
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- }
- owner.createPrivateDir();
- owner.createSharedFile();
- clearLabels(owner.getInstallDir());
+ AppInstallHelper target1("sm_test_34_target1");
+ ScopedInstaller targetInstall1(target1);
- InstallRequest ownerReq = createInstallReq(owner,
- {PathInfo{owner.getSharedPath(), SECURITY_MANAGER_PATH_RW}});
- Api::install(ownerReq);
-
-
- InstallRequest targetReq1 = createInstallReq(target1);
- Api::install(targetReq1);
- InstallRequest targetReq2 = createInstallReq(target2);
- Api::install(targetReq2);
+ AppInstallHelper target2("sm_test_34_target2");
+ ScopedInstaller targetInstall2(target2);
SharingRequest share1, share2;
- std::string sharedPath = owner.getSharedPath(0).c_str();
+ std::string sharedPath = owner.getPrivatePath(0).c_str();
share1.setOwnerAppId(owner.getAppId());
share2.setOwnerAppId(owner.getAppId());
share1.setTargetAppId(target1.getAppId());
share2.setTargetAppId(target2.getAppId());
-
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- share2.addPaths(path, 1);
+ const char *paths[] = {sharedPath.c_str()};
+ share1.addPaths(paths, 1);
+ share2.addPaths(paths, 1);
Api::applySharing(share1);
- TestSecurityManagerDatabase db;
- std::string pathLabel = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target1, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
Api::applySharing(share2);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- owner.removePaths();
- Api::uninstall(ownerReq);
- check_system_access(pathLabel, false);
- check_owner_access(owner.generateAppLabel(), pathLabel,false);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel, false, false);
+ runAccessTest(owner, sharedPath, R_OK|W_OK|X_OK);
+ runAccessTest(target2, sharedPath, R_OK|X_OK);
+ runSystemAccessTest(geteuid(), getegid(), sharedPath, R_OK|W_OK|X_OK);
+
+ ownerInstall.uninstallApp();
+
+ runAccessTest(target2, sharedPath, 0);
Api::dropSharing(share1, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
Api::dropSharing(share2, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
- Api::uninstall(targetReq1);
- Api::uninstall(targetReq2);
}
projects / platform / core / test / security-tests.git / commitdiff