#define WGT_APP_PATH "/opt/usr/apps/QwCqJ0ttyS/bin/QwCqJ0ttyS.TestMisiuPysiu123"
#define WGT_PARTNER_APP_PATH "/opt/usr/apps/7btsV1Y0sX/bin/7btsV1Y0sX.MisiuPysiu123Partner"
#define WGT_PLATFORM_APP_PATH "/opt/usr/apps/G4DE3U2vmW/bin/G4DE3U2vmW.MisiuPysiu123Platform"
+#define OSP_APP_ID "uqNfgEjqc7"
+#define OSP_PARTNER_APP_ID "j4RuPsZrNt"
+#define OSP_PLATFORM_APP_ID "V5LKqDFBXm"
+#define OSP_APP_PATH "/opt/usr/apps/uqNfgEjqc7/bin/PysiuMisiu123Osp"
+#define OSP_PARTNER_APP_PATH "/opt/usr/apps/j4RuPsZrNt/bin/PysiuMisiu123OspPartner"
+#define OSP_PLATFORM_APP_PATH "/opt/usr/apps/V5LKqDFBXm/bin/PysiuMisiu123OspPlatform"
const char *PRIVS[] = { "WRT", "test_privilege_control_rules", NULL };
const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", NULL };
const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
+const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
#define LIBPRIVILEGE_APP_GROUP_LIST "/usr/share/privilege-control/app_group_list"
#define LIBPRIVILEGE_TEST_DAC_FILE "/usr/share/privilege-control/test_privilege_control_rules.dac"
#define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac"
+#define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac"
#define APP_TEST_APP_1 "test-application1"
#define APP_TEST_APP_2 "test-application_2"
{ "test_subject_14", WGT_PLATFORM_APP_ID, "rwx" },
{ "test_subject_15", WGT_PLATFORM_APP_ID, "rwxat" }};
+// Rules from test_privilege_control_rules_osp.smack for osp
+const std::vector< std::vector<std::string> > rules_osp = {
+ { OSP_APP_ID, "test_book_8", "r" },
+ { OSP_APP_ID, "test_book_9", "w" },
+ { OSP_APP_ID, "test_book_10", "x" },
+ { OSP_APP_ID, "test_book_11", "rw" },
+ { OSP_APP_ID, "test_book_12", "rx" },
+ { OSP_APP_ID, "test_book_13", "wx" },
+ { OSP_APP_ID, "test_book_14", "rwx" },
+ { OSP_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", OSP_APP_ID, "r" },
+ { "test_subject_9", OSP_APP_ID, "w" },
+ { "test_subject_10", OSP_APP_ID, "x" },
+ { "test_subject_11", OSP_APP_ID, "rw" },
+ { "test_subject_12", OSP_APP_ID, "rx" },
+ { "test_subject_13", OSP_APP_ID, "wx" },
+ { "test_subject_14", OSP_APP_ID, "rwx" },
+ { "test_subject_15", OSP_APP_ID, "rwxat" }};
+
+// Rules from test_privilege_control_rules_osp.smack for osp_partner
+const std::vector< std::vector<std::string> > rules_osp_partner = {
+ { OSP_PARTNER_APP_ID, "test_book_8", "r" },
+ { OSP_PARTNER_APP_ID, "test_book_9", "w" },
+ { OSP_PARTNER_APP_ID, "test_book_10", "x" },
+ { OSP_PARTNER_APP_ID, "test_book_11", "rw" },
+ { OSP_PARTNER_APP_ID, "test_book_12", "rx" },
+ { OSP_PARTNER_APP_ID, "test_book_13", "wx" },
+ { OSP_PARTNER_APP_ID, "test_book_14", "rwx" },
+ { OSP_PARTNER_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", OSP_PARTNER_APP_ID, "r" },
+ { "test_subject_9", OSP_PARTNER_APP_ID, "w" },
+ { "test_subject_10", OSP_PARTNER_APP_ID, "x" },
+ { "test_subject_11", OSP_PARTNER_APP_ID, "rw" },
+ { "test_subject_12", OSP_PARTNER_APP_ID, "rx" },
+ { "test_subject_13", OSP_PARTNER_APP_ID, "wx" },
+ { "test_subject_14", OSP_PARTNER_APP_ID, "rwx" },
+ { "test_subject_15", OSP_PARTNER_APP_ID, "rwxat" }};
+
+// Rules from test_privilege_control_rules_osp.smack for osp_platform
+const std::vector< std::vector<std::string> > rules_osp_platform = {
+ { OSP_PLATFORM_APP_ID, "test_book_8", "r" },
+ { OSP_PLATFORM_APP_ID, "test_book_9", "w" },
+ { OSP_PLATFORM_APP_ID, "test_book_10", "x" },
+ { OSP_PLATFORM_APP_ID, "test_book_11", "rw" },
+ { OSP_PLATFORM_APP_ID, "test_book_12", "rx" },
+ { OSP_PLATFORM_APP_ID, "test_book_13", "wx" },
+ { OSP_PLATFORM_APP_ID, "test_book_14", "rwx" },
+ { OSP_PLATFORM_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", OSP_PLATFORM_APP_ID, "r" },
+ { "test_subject_9", OSP_PLATFORM_APP_ID, "w" },
+ { "test_subject_10", OSP_PLATFORM_APP_ID, "x" },
+ { "test_subject_11", OSP_PLATFORM_APP_ID, "rw" },
+ { "test_subject_12", OSP_PLATFORM_APP_ID, "rx" },
+ { "test_subject_13", OSP_PLATFORM_APP_ID, "wx" },
+ { "test_subject_14", OSP_PLATFORM_APP_ID, "rwx" },
+ { "test_subject_15", OSP_PLATFORM_APP_ID, "rwxat" }};
+
namespace {
typedef std::unique_ptr<smack_accesses,std::function<void(smack_accesses*)>> SmackUniquePtr;
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
+ result = app_revoke_permissions(OSP_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+ result = app_revoke_permissions(OSP_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+ result = app_revoke_permissions(OSP_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+
// Are all the permissions revoked?
result = test_have_any_accesses(rules);
RUNNER_ASSERT_MSG(result!=1, "Not all permisions revoked.");
result = test_have_any_accesses(rules_wgt_platform);
RUNNER_ASSERT_MSG(result==0, "Not all permisions revoked.");
+ result = test_have_any_accesses(rules);
+ RUNNER_ASSERT_MSG(result!=1, "Not all permisions revoked.");
+ result = test_have_any_accesses(rules_osp);
+ RUNNER_ASSERT_MSG(result==0, "Not all permisions revoked.");
+ result = test_have_any_accesses(rules_osp_partner);
+ RUNNER_ASSERT_MSG(result==0, "Not all permisions revoked.");
+ result = test_have_any_accesses(rules_osp_platform);
+ RUNNER_ASSERT_MSG(result==0, "Not all permisions revoked.");
+
FILE *pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
"SMACK file removed!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
int smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length==0,
- "SMACK file not empty.. Errno: " << errno);
if (pFile != NULL)
fclose(pFile);
+ RUNNER_ASSERT_MSG(smack_file_length==0,
+ "SMACK file not empty.. Errno: " << errno);
pFile = fopen(SMACK_RULES_DIR WGT_APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
+ if (pFile != NULL)
+ fclose(pFile);
RUNNER_ASSERT_MSG(smack_file_length==0,
"SMACK file not empty.. Errno: " << errno);
+
+ pFile = fopen(SMACK_RULES_DIR WGT_PARTNER_APP_ID, "rb");
+ RUNNER_ASSERT_MSG(pFile != NULL,
+ "SMACK file removed!. Errno: " << errno);
+ //// Is it empty?
+ fseek(pFile, 0L, SEEK_END);
+ smack_file_length = ftell(pFile);
if (pFile != NULL)
fclose(pFile);
+ RUNNER_ASSERT_MSG(smack_file_length==0,
+ "SMACK file not empty.. Errno: " << errno);
- pFile = fopen(SMACK_RULES_DIR WGT_PARTNER_APP_ID, "rb");
+ pFile = fopen(SMACK_RULES_DIR WGT_PLATFORM_APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
"SMACK file removed!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
+ if (pFile != NULL)
+ fclose(pFile);
RUNNER_ASSERT_MSG(smack_file_length==0,
"SMACK file not empty.. Errno: " << errno);
+
+ pFile = fopen(SMACK_RULES_DIR OSP_APP_ID, "rb");
+ RUNNER_ASSERT_MSG(pFile != NULL,
+ "SMACK file removed!. Errno: " << errno);
+ //// Is it empty?
+ fseek(pFile, 0L, SEEK_END);
+ smack_file_length = ftell(pFile);
if (pFile != NULL)
fclose(pFile);
+ RUNNER_ASSERT_MSG(smack_file_length==0,
+ "SMACK file not empty.. Errno: " << errno);
- pFile = fopen(SMACK_RULES_DIR WGT_PLATFORM_APP_ID, "rb");
+ pFile = fopen(SMACK_RULES_DIR OSP_PARTNER_APP_ID, "rb");
RUNNER_ASSERT_MSG(pFile != NULL,
"SMACK file removed!. Errno: " << errno);
//// Is it empty?
fseek(pFile, 0L, SEEK_END);
smack_file_length = ftell(pFile);
+ if (pFile != NULL)
+ fclose(pFile);
RUNNER_ASSERT_MSG(smack_file_length==0,
"SMACK file not empty.. Errno: " << errno);
+
+ pFile = fopen(SMACK_RULES_DIR OSP_PLATFORM_APP_ID, "rb");
+ RUNNER_ASSERT_MSG(pFile != NULL,
+ "SMACK file removed!. Errno: " << errno);
+ //// Is it empty?
+ fseek(pFile, 0L, SEEK_END);
+ smack_file_length = ftell(pFile);
if (pFile != NULL)
fclose(pFile);
+ RUNNER_ASSERT_MSG(smack_file_length==0,
+ "SMACK file not empty.. Errno: " << errno);
}
static void read_gids(std::set<unsigned> &set, const char* file_path)
check_groups(LIBPRIVILEGE_TEST_DAC_FILE_WGT);
}
+/**
+ * Set APP privileges. osp app.
+ */
+RUNNER_CHILD_TEST(privilege_control05_set_app_privilege_osp)
+{
+ int result;
+
+ result = app_enable_permissions(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error enabling app permissions. Result: " << result);
+
+ result = test_have_all_accesses(rules_osp);
+ RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+
+ result = set_app_privilege(OSP_APP_ID, NULL, OSP_APP_PATH);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
+
+ // Check if SMACK label really set
+ char * label;
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
+ RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
+ result = strcmp(OSP_APP_ID, label);
+ RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
+
+ check_groups(LIBPRIVILEGE_TEST_DAC_FILE_OSP);
+}
+
+/**
+ * Set APP privileges. partner osp app.
+ */
+RUNNER_CHILD_TEST(privilege_control05_set_app_privilege_osp_partner)
+{
+ int result;
+
+ result = app_enable_permissions(OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error enabling app permissions. Result: " << result);
+
+ result = test_have_all_accesses(rules_osp_partner);
+ RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+
+ result = set_app_privilege(OSP_PARTNER_APP_ID, NULL, OSP_PARTNER_APP_PATH);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
+
+ // Check if SMACK label really set
+ char * label;
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
+ RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
+ result = strcmp(OSP_PARTNER_APP_ID, label);
+ RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
+
+ check_groups(LIBPRIVILEGE_TEST_DAC_FILE_OSP);
+}
+
+/**
+ * Set APP privileges. platform osp app.
+ */
+RUNNER_CHILD_TEST(privilege_control05_set_app_privilege_osp_platform)
+{
+ int result;
+
+ result = app_enable_permissions(OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error enabling app permissions. Result: " << result);
+
+ result = test_have_all_accesses(rules_osp_platform);
+ RUNNER_ASSERT_MSG(result==1, "Permissions not added.");
+
+ result = set_app_privilege(OSP_PLATFORM_APP_ID, NULL, OSP_PLATFORM_APP_PATH);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in set_app_privilege. Error: " << result);
+
+ // Check if SMACK label really set
+ char * label;
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result == 0, "Error getting current process label");
+ RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
+ result = strcmp(OSP_PLATFORM_APP_ID, label);
+ RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
+
+ check_groups(LIBPRIVILEGE_TEST_DAC_FILE_OSP);
+}
+
RUNNER_TEST(privilege_control08_app_give_access)
{
const char *subject = "lkjq345v34sfa";