projects / platform / core / test / security-tests.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1b95768)
SM : Cleanup - simple test cases 18/91818/12
authorZofia Abramowska <z.abramowska@samsung.com>
Tue, 4 Oct 2016 15:13:02 +0000 (17:13 +0200)
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Mon, 28 Nov 2016 15:36:21 +0000 (16:36 +0100)
Change-Id: Ia96f74c14eb772c34ec084f58fbe9f7845fc7576

58 files changed:
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/.level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/.level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_rw_others_ro/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/.level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/.level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/link_to_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/link_to_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/.level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/.level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/level_2/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/level_2/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/exec [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/.level_2/exec with 100% similarity] patch | blob | history
src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_rw_others_ro/normal [moved from src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/.level_2/normal with 100% similarity] patch | blob | history
src/security-manager-tests/common/sm_commons.cpp patch | blob | history
src/security-manager-tests/common/sm_commons.h patch | blob | history
src/security-manager-tests/test_cases.cpp patch | blob | history

diff --git a/src/security-manager-tests/common/sm_commons.cpp b/src/security-manager-tests/common/sm_commons.cpp
index f7ae106..d0e48a2 100644 (file)
--- a/src/security-manager-tests/common/sm_commons.cpp
+++ b/src/security-manager-tests/common/sm_commons.cpp
@@ -252,6 +252,18 @@ void check_app_permissions(const std::string &app_id, const std::string &pkg_id,
     }
 }
 
+void sm_app_has_privileges(const AppInstallHelper &app,
+                           const std::vector<std::string> &privileges,
+                           int expectedResult)
+{
+    for (auto const &privilege : privileges) {
+        int result;
+        Api::appHasPrivilege(app.getAppId(), privilege, app.getUID(), result);
+        RUNNER_ASSERT_MSG(result == expectedResult, "Application " << app.getAppId()
+                          << " has unexpected access to " << privilege << ", is : "
+                          << " should be : " << expectedResult );
+    }
+}
 
 void check_app_after_install(const std::string &app_id, const std::string &pkg_id)
 {
diff --git a/src/security-manager-tests/common/sm_commons.h b/src/security-manager-tests/common/sm_commons.h
index 8560c4d..a5edc68 100644 (file)
--- a/src/security-manager-tests/common/sm_commons.h
+++ b/src/security-manager-tests/common/sm_commons.h
@@ -27,6 +27,7 @@
 
 #include <security-manager-types.h>
 
+#include <app_install_helper.h>
 #include <memory.h>
 #include <sm_db.h>
 #include <temp_test_user.h>
@@ -65,6 +66,9 @@ int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
 void check_app_permissions(const std::string &app_id, const std::string &pkg_id,
                            const std::string &user, const privileges_t &allowed_privs,
                            const privileges_t &denied_privs, bool isHybrid = false);
+void sm_app_has_privileges(const AppInstallHelper &app,
+                           const std::vector<std::string> &privileges,
+                           int result);
 void check_app_after_install(const std::string &app_id, const std::string &pkg_id);
 void check_app_after_install(const std::string &app_id, const std::string &pkg_id,
                              const privileges_t &allowed_privs,
diff --git a/src/security-manager-tests/test_cases.cpp b/src/security-manager-tests/test_cases.cpp
index 37e89f0..fdfc5cb 100644 (file)
--- a/src/security-manager-tests/test_cases.cpp
+++ b/src/security-manager-tests/test_cases.cpp
@@ -14,13 +14,13 @@
  *    limitations under the License.
  */
 
+// cstdlibg has to be included before attr/xattr
 #include <cstdlib>
 #include <attr/xattr.h>
 #include <fstream>
+#include <memory>
 #include <regex>
 #include <string>
-#include <unordered_set>
-
 #include <sys/capability.h>
 #include <sys/smack.h>
 #include <sys/types.h>
@@ -28,9 +28,12 @@
 
 #include <cynara-admin.h>
 
+#include <app_install_helper.h>
 #include <cynara_test_admin.h>
 #include <dpl/test/test_runner.h>
-#include <memory>
+#include <message_pipe.h>
+#include <policy_configuration.h>
+#include <scoped_installer.h>
 #include <scoped_label.h>
 #include <service_manager.h>
 #include <sm_api.h>
@@ -44,176 +47,188 @@
 
 using namespace SecurityManagerTest;
 
+namespace {
+std::vector<std::string> merge(const std::vector<std::string> &one, const std::vector<std::string> &two) {
+    std::vector<std::string> sum;
+    sum.reserve(one.size() + two.size());
+    sum.insert(sum.end(), one.begin(), one.end());
+    sum.insert(sum.end(), two.begin(), two.end());
+    return sum;
+}
+}
+
 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
 
 RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall)
 {
-    const char *const sm_app_id = "sm_test_01a_app_id_double";
-    const char *const sm_pkg_id = "sm_test_01a_pkg_id_double";
-
-    InstallRequest requestInst;
-    requestInst.setAppId(sm_app_id);
-    requestInst.setPkgId(sm_pkg_id);
-
-    Api::install(requestInst);
-    Api::install(requestInst);
-
-    // Check records in the security-manager database
-    check_app_after_install(sm_app_id, sm_pkg_id);
-
-    InstallRequest requestUninst;
-    requestUninst.setAppId(sm_app_id);
-
-    Api::uninstall(requestUninst);
-    Api::uninstall(requestUninst);
-
-    // Check records in the security-manager database
-    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+    AppInstallHelper app("sm_test_01a_app");
+    {
+        ScopedInstaller appInstall(app);
+        // FIXME - whitebox - db
+        check_app_after_install(app.getAppId(), app.getPkgId());
+        {
+            ScopedInstaller appInstall2(app);
+            // FIXME - whitebox - db
+            check_app_after_install(app.getAppId(), app.getPkgId());
+        }
+        // FIXME - whitebox - db
+        check_app_after_uninstall(app.getAppId(), app.getPkgId(), TestSecurityManagerDatabase::REMOVED);
+    }
 }
 
 RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id)
 {
-    const char *const sm_app_id = "sm_test_01b_app";
-    const char *const sm_pkg_id = "sm_test_01b_pkg";
-    const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD";
-
-    InstallRequest requestInst;
-    requestInst.setAppId(sm_app_id);
-    requestInst.setPkgId(sm_pkg_id);
+    AppInstallHelper app("sm_test_01b");
+    {
+        ScopedInstaller appInstall(app);
 
-    Api::install(requestInst);
+        InstallRequest requestInst2;
+        requestInst2.setAppId(app.getAppId());
+        requestInst2.setPkgId(app.getPkgId() + "_wrong");
 
-    InstallRequest requestInst2;
-    requestInst2.setAppId(sm_app_id);
-    requestInst2.setPkgId(sm_pkg_id_wrong);
+        Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM);
 
-    Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM);
+        // FIXME - whitebox - db
+        check_app_after_install(app.getAppId(), app.getPkgId());
+    }
+    // FIXME - whitebox - db
+    check_app_after_uninstall(app.getAppId(), app.getPkgId(), TestSecurityManagerDatabase::REMOVED);
+}
 
+RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored)
+{
+    AppInstallHelper app("sm_test_01c");
+    ScopedInstaller appInstall(app);
 
-    /* Check records in the security-manager database */
-    check_app_after_install(sm_app_id, sm_pkg_id);
+    // FIXME - whitebox - db
+    check_app_after_install(app.getAppId(), app.getPkgId());
 
     InstallRequest requestUninst;
-    requestUninst.setAppId(sm_app_id);
+    requestUninst.setAppId(app.getAppId());
+    requestUninst.setPkgId(app.getPkgId() + "_ignored"); // pkg_id param is ignored in uninstall request
 
     Api::uninstall(requestUninst);
 
-
-    /* Check records in the security-manager database */
-    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+    // FIXME - whitebox - db
+    check_app_after_uninstall(app.getAppId(), app.getPkgId(), TestSecurityManagerDatabase::REMOVED);
+    // ScopedInstaller destructor (app second uninstallation) won't have any effect
 }
 
-RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored)
+/*
+ * This test uses files installed with security-tests package
+ */
+RUNNER_TEST(security_manager_01d_app_install_complicated_dir_tree)
 {
-    const char * const  sm_app_id = "SM_TEST_01c_APPID";
-    const char * const  sm_pkg_id = "SM_TEST_01c_PKGID";
-    const char * const  sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong";
-
-    InstallRequest requestInst;
-    requestInst.setAppId(sm_app_id);
-    requestInst.setPkgId(sm_pkg_id);
+    const std::string appId = "sm_test_01d_app_id_full";
+    const std::string pkgId = "sm_test_01d_pkg_id_full";
 
-    Api::install(requestInst);
+    const std::string rootDir = TzPlatformConfig::globalAppDir() + "/" + pkgId + "/";
+    const std::string privateDir = rootDir + "app_dir/";
+    const std::string privateRODir = rootDir + "app_dir_ro/";
+    const std::string publicRODir = rootDir + "app_dir_public_ro/";
+    const std::string sharedRODir = rootDir + "app_dir_rw_others_ro/";
 
-    /* Check records in the security-manager database */
-    check_app_after_install(sm_app_id, sm_pkg_id);
+    int result = nftw(rootDir.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+    RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << rootDir);
 
-    InstallRequest requestUninst;
-    requestUninst.setAppId(sm_app_id);
-    requestUninst.setPkgId(sm_pkg_id_wrong);
+    InstallRequest requestInst;
+    requestInst.setAppId(appId);
+    requestInst.setPkgId(pkgId);
+    requestInst.addPath(privateDir, SECURITY_MANAGER_PATH_RW);
+    requestInst.addPath(privateRODir, SECURITY_MANAGER_PATH_RO);
+    requestInst.addPath(publicRODir, SECURITY_MANAGER_PATH_PUBLIC_RO);
+    requestInst.addPath(sharedRODir, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
+    Api::install(requestInst);
 
-    Api::uninstall(requestUninst);
+    std::unique_ptr<InstallRequest, std::function<void(InstallRequest*)>> appCleanup(&requestInst,
+            [](InstallRequest *req) {
+                Api::uninstall(*req);
+    });
 
-    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+    check_path(privateDir, generatePathRWLabel(pkgId));
+    check_path(privateRODir, generatePathROLabel(pkgId), false);
+    check_path(publicRODir, getPublicPathLabel());
+    check_path(sharedRODir, generatePathSharedROLabel(pkgId));
 }
 
 RUNNER_TEST(security_manager_02_app_install_uninstall_full)
 {
-    std::string SM_RW_PATH = genRWPath(2);
-    std::string SM_RO_PATH = genROPath(2);
-    std::string SM_PUBLIC_RO_PATH = genPublicROPath(2);
-
-    const char *const sm_app_id = "sm_test_02_app_id_full";
-    const char *const sm_pkg_id = "sm_test_02_pkg_id_full";
-
-    prepare_app_env(2);
-
-    InstallRequest requestInst;
-    requestInst.setAppId(sm_app_id);
-    requestInst.setPkgId(sm_pkg_id);
-    requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
-    requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
-    requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
-    requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
-    requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
-
-    Api::install(requestInst);
+    const privileges_t allowedPrivs = {
+        "http://tizen.org/privilege/display",
+        "http://tizen.org/privilege/nfc"
+    };
 
-    /* Check records in the security-manager database */
-    check_app_after_install(sm_app_id, sm_pkg_id,
-                            SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
+    const privileges_t someDeniedPrivs = {
+        "http://tizen.org/privilege/bluetooth",
+        "http://tizen.org/privilege/power"
+    };
 
-    /* TODO: add parameters to this function */
-    check_app_path_after_install(2, sm_pkg_id, false);
+    AppInstallHelper app("sm_test_02");
+    app.createInstallDir();
+    app.createPrivateDir();
+    app.createPrivateRODir();
+    app.createPublicDir();
+    app.createSharedRODir();
+    app.addPrivileges(allowedPrivs);
+    {
+        ScopedInstaller appInstall(app);
 
-    InstallRequest requestUninst;
-    requestUninst.setAppId(sm_app_id);
+        // FIXME - whitebox - db, groups
+        check_app_after_install(app.getAppId(), app.getPkgId(),
+                                app.getPrivileges(), someDeniedPrivs, SM_ALLOWED_GROUPS);
 
-    Api::uninstall(requestUninst);
+        check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
+        check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
+        check_path(app.getPublicDir(), getPublicPathLabel());
+        check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
+    }
 
-    /* Check records in the security-manager database,
-     * all previously allowed privileges should be removed */
-    check_app_after_uninstall(sm_app_id, sm_pkg_id,
-                              SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
+    // FIXME - whitebox - db
+    check_app_after_uninstall(app.getAppId(), app.getPkgId(),
+                              app.getPrivileges(), TestSecurityManagerDatabase::REMOVED);
 }
 
 RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
 {
-    const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
-    const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
-    const char *const socketLabel = "not_expected_label";
-    std::string expected_label = generateProcessLabel(app_id, pkg_id);
-    std::string expected_socket_label = socketLabel;
-    char *label = nullptr;
-    CStringPtr labelPtr;
-    int result;
+    std::string expectedSockLabel = "labelExpectedOnlyFromSocket";
 
-    uninstall_app(app_id, pkg_id, true);
-    install_app(app_id, pkg_id);
+    AppInstallHelper app("sm_test_03a");
+    std::string expectedProcLabel = generateProcessLabel(app.getAppId(), app.getPkgId());
 
-    const auto sockaddr = UDSHelpers::makeAbstractAddress("sm_test_03.socket");
+    const auto sockaddr = UDSHelpers::makeAbstractAddress("sm_test_03a.socket");
     int sock = UDSHelpers::createServer(&sockaddr);
     SockUniquePtr sockPtr(&sock);
 
-    //Set socket label to something different than expecedLabel
-    result = smack_set_label_for_file(*sockPtr, XATTR_NAME_SMACKIPIN, socketLabel);
+    //Set socket label to something different than expeced process label
+    int result = smack_set_label_for_file(*sockPtr, XATTR_NAME_SMACKIPIN, expectedSockLabel.c_str());
     RUNNER_ASSERT_ERRNO_MSG(result == 0,
         "Can't set socket label. Result: " << result);
-    result = smack_set_label_for_file(*sockPtr, XATTR_NAME_SMACKIPOUT, socketLabel);
+    result = smack_set_label_for_file(*sockPtr, XATTR_NAME_SMACKIPOUT, expectedSockLabel.c_str());
     RUNNER_ASSERT_ERRNO_MSG(result == 0,
         "Can't set socket label. Result: " << result);
 
+    ScopedInstaller appInstall(app);
 
-    SynchronizationPipe pipe;
     pid_t pid = fork();
+    RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+    if (pid == 0) { // child
+        Api::setProcessLabel(app.getAppId());
 
-    if (pid != 0) { // parent process
-        pipe.claimParentEp();
-        Api::setProcessLabel(app_id);
-
+        char *label = nullptr;
+        CStringPtr labelPtr;
         result = smack_new_label_from_file(*sockPtr, XATTR_NAME_SMACKIPIN, &label);
         RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
         labelPtr.reset(label);
-        result = expected_socket_label.compare(label);
+        result = expectedSockLabel.compare(label);
         RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
-            expected_label << " Actual: " << label);
+            expectedProcLabel << " Actual: " << label);
 
         result = smack_new_label_from_file(*sockPtr, XATTR_NAME_SMACKIPOUT, &label);
         RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
         labelPtr.reset(label);
-        result = expected_socket_label.compare(label);
+        result = expectedSockLabel.compare(label);
         RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
-            expected_label << " Actual: " << label);
+            expectedProcLabel << " Actual: " << label);
 
         result = smack_new_label_from_self(&label);
         RUNNER_ASSERT_MSG(result >= 0,
@@ -222,131 +237,69 @@ RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
                 " Process label is not set");
         labelPtr.reset(label);
 
-        result = expected_label.compare(label);
+        result = expectedProcLabel.compare(label);
         RUNNER_ASSERT_MSG(result == 0,
-                " Process label is incorrect. Expected: \"" << expected_label <<
+                " Process label is incorrect. Expected: \"" << expectedProcLabel <<
                 "\" Actual: \"" << label << "\"");
-        pipe.post();
+    } else { // parent
         waitPid(pid);
-    } else { // child process
-        pipe.claimChildEp();
-        pipe.wait();
-        uninstall_app(app_id, pkg_id, true);
-        exit(0);
     }
 }
 
-RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
-{
-    const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack";
-    const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack";
-
-    uninstall_app(app_id, pkg_id, true);
-    install_app(app_id, pkg_id);
-
-    {
-        ScopedProcessLabel keepLabel;
-        Api::setProcessLabel(app_id);
-    }
-
-    uninstall_app(app_id, pkg_id, true);
-}
-
-static void install_and_check(const char *const sm_app_id,
-                              const char *const sm_pkg_id,
-                              const TemporaryTestUser& user,
-                              const std::string &appDir,
-                              bool requestUid)
-{
-    InstallRequest requestPrivate;
-
-    //install app for non-root user
-    //should fail (users may only register folders inside their home)
-    prepare_request(requestPrivate, sm_app_id, sm_pkg_id,
-                    SECURITY_MANAGER_PATH_RW, SM_RW_PATH,
-                    requestUid ? user.getUid() : 0);
-
-    Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
-
-    InstallRequest requestPrivateUser;
-
-    //install app for non-root user
-    //should succeed - this time i register folder inside user's home dir
-    prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
-                    SECURITY_MANAGER_PATH_RW, appDir.c_str(),
-                    requestUid ? user.getUid() : 0);
-
-    for (auto &privilege : SM_ALLOWED_PRIVILEGES)
-        requestPrivateUser.addPrivilege(privilege.c_str());
-
-    Api::install(requestPrivateUser);
-
-    check_app_permissions(sm_app_id, sm_pkg_id,
-                          user.getUidString().c_str(),
-                          SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
-}
-
 RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
 {
-    int result;
-    const char *const sm_app_id = "sm_test_04a_app_id_uid";
-    const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
-    const std::string new_user_name = "sm_test_04a_user_name";
+    const std::vector<std::string> allowedPrivs = {
+        "http://tizen.org/privilege/bluetooth",
+        "http://tizen.org/privilege/power"
+    };
+    const std::vector<std::string> someDeniedPrivs = {
+        "http://tizen.org/privilege/display",
+        "http://tizen.org/privilege/nfc"
+    };
 
-    TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
+    TemporaryTestUser testUser("sm_test_04a_user_name", GUM_USERTYPE_NORMAL);
     testUser.create();
 
-    removeTestDirs(testUser, sm_app_id, sm_pkg_id);
-    createTestDirs(testUser, sm_app_id, sm_pkg_id);
-
-    const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id);
-
-    //switch user to non-root
-    result = drop_root_privileges(testUser.getUid(), testUser.getGid());
-    RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+    AppInstallHelper app("sm_test_04a", testUser.getUid());
+    app.addPrivileges(allowedPrivs);
 
-    install_and_check(sm_app_id, sm_pkg_id, testUser, userAppDirPath, false);
-
-    //uninstall app as non-root user
-    InstallRequest request;
-    request.setAppId(sm_app_id);
-
-    Api::uninstall(request);
-
-    check_app_permissions(sm_app_id, sm_pkg_id,
-                          testUser.getUidString().c_str(),
-                          SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+    RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+                            "drop_root_privileges failed");
+    {
+        ScopedInstaller appInstall(app, false);
+        check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(),
+                              allowedPrivs, someDeniedPrivs);
+    }
+    check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(),
+                          {}, merge(allowedPrivs, someDeniedPrivs));
 }
 
-RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
-{
-    int result;
-    const char *const sm_app_id = "sm_test_04b_app_id_uid";
-    const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
-    const std::string new_user_name = "sm_test_04b_user_name";
+RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user) {
+    const std::vector<std::string> allowedPrivs = {
+        "http://tizen.org/privilege/internet",
+        "http://tizen.org/privilege/led"
+    };
+    const std::vector<std::string> someDeniedPrivs = {
+        "http://tizen.org/privilege/location",
+        "http://tizen.org/privilege/notification"
+    };
 
-    TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
+    TemporaryTestUser testUser("sm_test_04b_user_name", GUM_USERTYPE_NORMAL);
     testUser.create();
 
-    removeTestDirs(testUser, sm_app_id, sm_pkg_id);
-    createTestDirs(testUser, sm_app_id, sm_pkg_id);
-
-    install_and_check(sm_app_id, sm_pkg_id, testUser,
-                      TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id), true);
-
-    //switch user to non-root - root may not uninstall apps for specified users
-    result = drop_root_privileges(testUser.getUid(), testUser.getGid());
-    RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+    AppInstallHelper app("sm_test_04b", testUser.getUid());
+    app.addPrivileges(allowedPrivs);
 
-    //uninstall app as non-root user
-    InstallRequest request;
-    request.setAppId(sm_app_id);
-
-    Api::uninstall(request);
+    {
+        ScopedInstaller appInstall(app);
+        check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(),
+                              allowedPrivs, someDeniedPrivs);
 
-    check_app_permissions(sm_app_id, sm_pkg_id,
-                          testUser.getUidString().c_str(),
-                          SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+        RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+                                "drop_root_privileges failed");
+    }
+    check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(),
+                          {}, merge(allowedPrivs, someDeniedPrivs));
 }
 
 RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
@@ -364,123 +317,124 @@ RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
         "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
 }
 
-RUNNER_CHILD_TEST(security_manager_06_install_app_offline)
+RUNNER_TEST(security_manager_06_install_app_offline)
 {
-    const char *const app_id = "sm_test_06_app_id_install_app_offline";
-    const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline";
-
-    // Uninstall app on-line, off-line mode doesn't support it
-    uninstall_app(app_id, pkg_id, true);
-
     ServiceManager("security-manager.service").stopService();
 
     ServiceManager serviceManager("security-manager.socket");
     serviceManager.stopService();
 
-    install_app(app_id, pkg_id);
-
+    AppInstallHelper app("sm_test_06");
+    ScopedInstaller appInstall(app);
+    // TODO - check if app is installed properly
+    // start service before uninstall, offline mode doesn't support uninstall
     serviceManager.startService();
-
-    uninstall_app(app_id, pkg_id, true);
+    appInstall.uninstallApp();
+    // TODO - check if app is uninstalled properly
 }
 
-RUNNER_CHILD_TEST(security_manager_07_user_add_app_install)
+RUNNER_TEST(security_manager_07a_user_add_app_install)
 {
-    const char *const sm_app_id = "sm_test_07_app_id_user";
-    const char *const sm_pkg_id = "sm_test_07_pkg_id_user";
-    const std::string new_user_name = "sm_test_07_user_name";
-
-    TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
-    test_user.create();
-    std::string uid_string = test_user.getUidString();
+    const std::vector<std::string> allowedPrivs = {
+        "http://tizen.org/privilege/internet",
+        "http://tizen.org/privilege/led"
+    };
+    const std::vector<std::string> someDeniedPrivs = {
+        "http://tizen.org/privilege/location",
+        "http://tizen.org/privilege/notification"
+    };
 
-    removeTestDirs(test_user, sm_app_id, sm_pkg_id);
-    createTestDirs(test_user, sm_app_id, sm_pkg_id);
+    TemporaryTestUser testUser("sm_test_07a_user_name", GUM_USERTYPE_NORMAL);
+    testUser.create();
 
-    install_app(sm_app_id, sm_pkg_id, test_user.getUid());
+    AppInstallHelper app("sm_test_07a", testUser.getUid());
+    app.addPrivileges(allowedPrivs);
 
-    check_app_after_install(sm_app_id, sm_pkg_id);
+    InstallRequest req;
+    req.setAppId(app.getAppId());
+    req.setPkgId(app.getPkgId());
+    req.setUid(app.getUID());
+    for (const auto &priv: app.getPrivileges()) {
+        req.addPrivilege(priv);
+    }
+    Api::install(req);
 
-    test_user.remove();
+    check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(),
+                          allowedPrivs, someDeniedPrivs);
 
-    check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+    testUser.remove();
 
-    check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
+    check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(),
+                          {}, merge(allowedPrivs, someDeniedPrivs));
+    // TODO - check if app is uninstalled
 }
 
-RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove)
+RUNNER_TEST(security_manager_07b_user_add_offline)
 {
-    UserRequest addUserRequest;
-
-    const char *const sm_app_id = "sm_test_08_app_id_user";
-    const char *const sm_pkg_id = "sm_test_08_pkg_id_user";
-    const std::string new_user_name = "sm_test_08_user_name";
-
-    // gumd user add
-    TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
-    test_user.create();
-    std::string uid_string = test_user.getUidString();
-
-    removeTestDirs(test_user, sm_app_id, sm_pkg_id);
-    createTestDirs(test_user, sm_app_id, sm_pkg_id);
-
-    addUserRequest.setUid(test_user.getUid());
-    addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
-
-    //sm user add
-    Api::addUser(addUserRequest);
-
-    install_app(sm_app_id, sm_pkg_id, test_user.getUid());
-
-    check_app_after_install(sm_app_id, sm_pkg_id);
+    ServiceManager("security-manager.service").stopService();
 
-    test_user.remove();
+    ServiceManager serviceManager("security-manager.socket");
+    serviceManager.stopService();
 
-    UserRequest deleteUserRequest;
-    deleteUserRequest.setUid(test_user.getUid());
+    TemporaryTestUser testUser("sm_test_07b_user_name", GUM_USERTYPE_NORMAL, true);
+    testUser.create();
 
-    Api::deleteUser(deleteUserRequest);
+    AppInstallHelper app("sm_test_07b", testUser.getUid());
+    ScopedInstaller appInstall(app);
 
-    check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+    // FIXME - whitebox - db
+    check_app_after_install(app.getAppId(), app.getPkgId());
 
-    check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
+    serviceManager.startService();
+    testUser.remove();
+    // FIXME - whitebox - db
+    check_app_after_uninstall(app.getAppId(), app.getPkgId(), true);
 }
 
-RUNNER_CHILD_TEST(security_manager_09_add_user_offline)
+RUNNER_TEST(security_manager_08_user_double_add_double_remove)
 {
-    const char *const app_id = "security_manager_09_add_user_offline_app";
-    const char *const pkg_id = "security_manager_09_add_user_offline_pkg";
-    const std::string new_user_name("sm_test_09_user_name");
-
-    ServiceManager("security-manager.service").stopService();
-
-    ServiceManager serviceManager("security-manager.socket");
-    serviceManager.stopService();
-
-    TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, true);
-    test_user.create();
-
-    removeTestDirs(test_user, app_id, pkg_id);
-    createTestDirs(test_user, app_id, pkg_id);
+    std::vector<std::string> somePrivs = {
+        "http://tizen.org/privilege/internet", "http://tizen.org/privilege/led",
+        "http://tizen.org/privilege/location", "http://tizen.org/privilege/notification"
+    };
+    // gumd
+    TemporaryTestUser testUser("sm_test_08_user_name", GUM_USERTYPE_NORMAL);
+    testUser.create();
 
-    install_app(app_id, pkg_id, test_user.getUid());
+    // security-manager
+    UserRequest addUserRequest;
+    addUserRequest.setUid(testUser.getUid());
+    addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
+    Api::addUser(addUserRequest);
 
-    check_app_after_install(app_id, pkg_id);
+    AppInstallHelper app("sm_test_08", testUser.getUid());
+    ScopedInstaller appInstall(app);
 
-    serviceManager.startService();
+    // FIXME - whitebox - db
+    check_app_after_install(app.getAppId(), app.getPkgId());
+    check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), {}, somePrivs);
 
-    test_user.remove();
+    // gumd
+    testUser.remove();
+    
+    // FIXME - whitebox - db
+    check_app_after_uninstall(app.getAppId(), app.getPkgId(), true);
+    check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), {}, somePrivs);
 
-    check_app_after_uninstall(app_id, pkg_id, true);
+    // security-manager
+    UserRequest deleteUserRequest;
+    deleteUserRequest.setUid(testUser.getUid());
+    Api::deleteUser(deleteUserRequest);
 }
 
-RUNNER_TEST(security_manager_50_app_install_constraint_check)
+RUNNER_TEST(security_manager_09_app_install_constraint_check)
 {
     auto install = [](const TemporaryTestUser& user,
                       const char *pkgId,
                       const char *appId,
                       const char *version,
                       const char *author,
+                      bool isHybrid,
                       enum lib_retcode expected,
                       bool uninstall = true)
     {
@@ -490,97 +444,86 @@ RUNNER_TEST(security_manager_50_app_install_constraint_check)
         request.setAppTizenVersion(version);
         request.setAuthorId(author);
         request.setUid(user.getUid());
-
+        if (isHybrid)
+            request.setHybrid();
         Api::install(request, expected);
 
-        if(expected == SECURITY_MANAGER_SUCCESS) {
-            // TODO add verification once check_app_after_install() supports uid
-            // check_app_after_install(appId, pkgId);
-            if(uninstall)
-                Api::uninstall(request);
+        if(expected == SECURITY_MANAGER_SUCCESS && uninstall) {
+            Api::uninstall(request);
         }
     };
 
     std::vector<TemporaryTestUser> users = {
-            {"sm_test_50_user_name_0", GUM_USERTYPE_NORMAL, false},
-            {"sm_test_50_user_name_1", GUM_USERTYPE_NORMAL, false}
+            {"sm_test_09_user_name_0", GUM_USERTYPE_NORMAL, false},
+            {"sm_test_09_user_name_1", GUM_USERTYPE_NORMAL, false}
     };
 
     for(auto& gu : users)
         gu.create();
 
-    const char *const pkgId[] =   {"sm_test_50_pkg_id_0",  "sm_test_50_pkg_id_1"};
-    const char *const appId[] =   {"sm_test_50_app_id_0",  "sm_test_50_app_id_1"};
-    const char *const version[] = {"sm_test_50_version_0", "sm_test_50_version_1"};
-    const char *const author[] =  {"sm_test_50_author_0",  "sm_test_50_author_1"};
-
-    // uid_0, pkg_0, app_0, version_0, author_0
-    install(users[0], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS, false);
-
-    // uid_1, pkg_0, app_0, version_0, author_0 -> ok (different uid)
-    install(users[1], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS);
-    // uid_1, pkg_0, app_0, version_0, author_1 -> fail (author of app_0 must be the same)
-    install(users[1], pkgId[0], appId[0], version[0], author[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
-    // uid_1, pkg_0, app_0, version_1, author_0 -> fail (version of app_0 must be the same)
-    install(users[1], pkgId[0], appId[0], version[1], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
-    // uid_1, pkg_1, app_0, version_0, author_0 -> fail (pkg of app_0 must be the same)
-    install(users[1], pkgId[1], appId[0], version[0], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
-    // uid_0, pkg_0, app_0, version_0, author_0 -> ok (the same app again)
-    install(users[0], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS, false);
-    // uid_0, pkg_1, app_0, version_0, author_0 -> fail (app_name + uid must be unique)
-    install(users[0], pkgId[1], appId[0], version[0], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
-    // uid_0, pkg_0, app_0, version_1, author_0 -> fail (app_name + uid must be unique)
-    install(users[0], pkgId[0], appId[0], version[1], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
-    // uid_0, pkg_0, app_0, version_0, author_1 -> fail (app_name + uid must be unique)
-    install(users[0], pkgId[0], appId[0], version[0], author[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
-}
-
-RUNNER_CHILD_TEST(security_manager_53_app_has_privilege)
-{
-    const char *const sm_app_id = "sm_test_53_app";
-    const char *const sm_pkg_id = "sm_test_53_pkg";
-    const std::string new_user_name = "sm_test_47_user_name";
-
-    InstallRequest requestInst;
-    requestInst.setAppId(sm_app_id);
-    requestInst.setPkgId(sm_pkg_id);
-    for (auto const &privilege : SM_ALLOWED_PRIVILEGES)
-        requestInst.addPrivilege(privilege.c_str());
-    Api::install(requestInst);
-
-    for (auto const &privilege : SM_ALLOWED_PRIVILEGES) {
-        int result;
-        Api::appHasPrivilege(sm_app_id, privilege.c_str(), TzPlatformConfig::getGlobalUserId(),
-                             result);
-        RUNNER_ASSERT_MSG(result == 1, "Application " << sm_app_id <<
-            " should have access to privilege " << privilege);
-    }
+    const char *const pkgId[] =   {"sm_test_09_pkg_id_0",  "sm_test_09_pkg_id_1"};
+    const char *const appId[] =   {"sm_test_09_app_id_0",  "sm_test_09_app_id_1"};
+    const char *const version[] = {"sm_test_09_version_0", "sm_test_09_version_1"};
+    const char *const author[] =  {"sm_test_09_author_0",  "sm_test_09_author_1"};
+    bool hybrid[] = {false, true};
+
+    // uid_0, pkg_0, app_0, version_0, author_0, not hybrid
+    install(users[0], pkgId[0], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_SUCCESS, false);
+    // uid_1, pkg_0, app_0, version_0, author_0, not hybrid -> ok (different uid)
+    install(users[1], pkgId[0], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_SUCCESS);
+    // uid_0, pkg_0, app_0, version_0, author_0, hybrid -> fail (different hybrid setting)
+    install(users[0], pkgId[0], appId[0], version[0], author[0], hybrid[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
+    // uid_0, pkg_0, app_1, version_0, author_0, hybrid -> fail (different hybrid setting)
+    install(users[0], pkgId[0], appId[1], version[0], author[0], hybrid[1],  SECURITY_MANAGER_ERROR_INPUT_PARAM);
+    // uid_1, pkg_0, app_0, version_0, author_0, hybrid -> fail (different hybrid setting)
+    install(users[1], pkgId[0], appId[0], version[0], author[0], hybrid[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
+    // uid_1, pkg_0, app_0, version_0, author_1, not hybrid -> fail (author of app_0 must be the same)
+    install(users[1], pkgId[0], appId[0], version[0], author[1], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
+    // uid_1, pkg_0, app_0, version_1, author_0, not hybrid -> fail (version of app_0 must be the same)
+    install(users[1], pkgId[0], appId[0], version[1], author[0], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
+    // uid_1, pkg_1, app_0, version_0, author_0, not hybrid -> fail (pkg of app_0 must be the same)
+    install(users[1], pkgId[1], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
+    // uid_0, pkg_0, app_0, version_0, author_0, not hybrid -> ok (the same app again)
+    install(users[0], pkgId[0], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_SUCCESS, false);
+    // uid_0, pkg_1, app_0, version_0, author_0, not hybrid -> fail (app_name + uid must be unique)
+    install(users[0], pkgId[1], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
+    // uid_0, pkg_0, app_0, version_1, author_0, not hybrid -> fail (app_name + uid must be unique)
+    install(users[0], pkgId[0], appId[0], version[1], author[0], hybrid[0],  SECURITY_MANAGER_ERROR_INPUT_PARAM);
+    // uid_0, pkg_0, app_0, version_0, author_1, not hybrid -> fail (app_name + uid must be unique)
+    install(users[0], pkgId[0], appId[0], version[0], author[1], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
+}
 
-    for (auto const &privilege : SM_DENIED_PRIVILEGES) {
-        int result;
-        Api::appHasPrivilege(sm_app_id, privilege.c_str(), TzPlatformConfig::getGlobalUserId(),
-                result);
-        RUNNER_ASSERT_MSG(result == 0, "Application " << sm_app_id <<
-            " should not have access to privilege " << privilege);
-    }
+RUNNER_CHILD_TEST(security_manager_10_app_has_privilege)
+{
+    const std::vector<std::string> allowedPrivs = {
+        "http://tizen.org/privilege/wifidirect",
+        "http://tizen.org/privilege/telephony"
+    };
+    const std::vector<std::string> someDeniedPrivs = {
+        "http://tizen.org/privilege/vpnservice",
+        "http://tizen.org/privilege/notification"
+    };
+    AppInstallHelper app("sm_test_10");
+    app.addPrivileges(allowedPrivs);
+    ScopedInstaller appInstall(app);
 
-    InstallRequest requestUninst;
-    requestUninst.setAppId(sm_app_id);
-    Api::uninstall(requestUninst);
+    sm_app_has_privileges(app, allowedPrivs, 1);
+    // FIXME - all other existing privileges should be checked
+    sm_app_has_privileges(app, someDeniedPrivs, 0);
 }
 
-RUNNER_TEST_GROUP_INIT(SECRUTIY_MANAGER_POLICY)
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_POLICY)
 
-RUNNER_TEST(security_manager_18_user_cynara_policy)
+RUNNER_TEST(security_manager_20_user_cynara_policy)
 {
+    // FIXME - whitebox - cynara
     const char *const MAIN_BUCKET = "MAIN";
     const char *const MANIFESTS_BUCKET = "MANIFESTS";
     const char *const ADMIN_BUCKET = "ADMIN";
     const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL";
-    const std::string username("sm_test_10_user_cynara_policy");
     CynaraTestAdmin::Admin admin;
 
-    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+    TemporaryTestUser user("sm_test_20_user_name", GUM_USERTYPE_NORMAL, false);
     user.create();
     std::string uid_string = user.getUidString();
 
@@ -606,91 +549,67 @@ RUNNER_CHILD_TEST(security_manager_21_security_manager_admin_deny_user_priv)
         char buf[BUFFER_SIZE];
     } msg;
 
-    privileges_t admin_required_privs = {
-            "http://tizen.org/privilege/notexist",
-            "http://tizen.org/privilege/internal/usermanagement"};
-    privileges_t manifest_privs = {
-            "http://tizen.org/privilege/internet",
-            "http://tizen.org/privilege/datasharing"};
-    privileges_t real_privs_allow = {"http://tizen.org/privilege/datasharing"};
-    privileges_t real_privs_deny = {"http://tizen.org/privilege/internet"};
-
-    const std::string pirivman_id = "sm_test_13_ADMIN_APP";
-    const std::string pirivman_pkg_id = "sm_test_13_ADMIN_PKG";
-    const std::string app_id = "sm_test_13_SOME_APP";
-    const std::string pkg_id = "sm_test_13_SOME_PKG";
-
-    int pipefd[2];
-    pid_t pid;
-    int result = 0;
-
-    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-    pid = fork();
+    const privileges_t adminRequiredPrivs = {
+        "http://tizen.org/privilege/notexist",
+        "http://tizen.org/privilege/internal/usermanagement"
+    };
+    const privileges_t manifestPrivs = {
+         "http://tizen.org/privilege/internet",
+         "http://tizen.org/privilege/datasharing"
+    };
+    const privileges_t allowedPrivsAfterChange = {"http://tizen.org/privilege/datasharing"};
+    const privileges_t deniedPrivsAfterChange = {"http://tizen.org/privilege/internet"};
+
+    MessagePipe msgPipe;
+
+    pid_t pid = fork();
     RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
     if (pid != 0)//parent process
     {
-        TemporaryTestUser admin("sm_test_13_ADMIN_USER", GUM_USERTYPE_ADMIN, false);
-        TemporaryTestUser child("sm_test_13_NORMAL_USER", GUM_USERTYPE_NORMAL, false);
-
-        InstallRequest request,request2;
-        FdUniquePtr pipeptr(pipefd+1);
-        close(pipefd[0]);
-
-        admin.create();
-        child.create();
-        std::string childuidstr = child.getUidString();
-
-        //install privacy manager for admin
-        request.setAppId(pirivman_id.c_str());
-        request.setPkgId(pirivman_pkg_id.c_str());
-        request.setUid(admin.getUid());
-        for (auto &priv: admin_required_privs)
-            request.addPrivilege(priv.c_str());
-        Api::install(request);
-
-        //install app for child that has internet privilege
-        request2.setAppId(app_id.c_str());
-        request2.setPkgId(pkg_id.c_str());
-        request2.setUid(child.getUid());
-        for (auto &priv: manifest_privs)
-            request2.addPrivilege(priv.c_str());
-        Api::install(request2);
-
-        check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
-                              manifest_privs, SM_NO_PRIVILEGES);
+        msgPipe.claimParentEp();
+        TemporaryTestUser adminUser("sm_test_21_admin_user_name", GUM_USERTYPE_ADMIN, false);
+        TemporaryTestUser normalUser("sm_test_21_normal_user_name", GUM_USERTYPE_NORMAL, false);
 
-        //send info to child
-        msg.uid = admin.getUid();
-        msg.gid = admin.getGid();
-        strncpy (msg.buf, childuidstr.c_str(), BUFFER_SIZE);
+        adminUser.create();
+        normalUser.create();
+        std::string childUidStr = normalUser.getUidString();
+
+        AppInstallHelper adminApp("sm_test_21_admin", adminUser.getUid());
+        adminApp.createInstallDir();
+        adminApp.addPrivileges(adminRequiredPrivs);
+        ScopedInstaller adminAppInstall(adminApp);
 
-        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
-        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+        AppInstallHelper normalApp("sm_test_21_normal", normalUser.getUid());
+        normalApp.createInstallDir();
+        normalApp.addPrivileges(manifestPrivs);
+
+        ScopedInstaller normalAppInstall(normalApp);
+        check_app_permissions(normalApp.getAppId(), normalApp.getPkgId(), childUidStr,
+                              manifestPrivs, {});
+
+        //send info to child
+        msg.uid = adminUser.getUid();
+        msg.gid = adminUser.getGid();
+        strncpy (msg.buf, childUidStr.c_str(), BUFFER_SIZE);
+        msgPipe.write(msg);
 
         waitPid(pid);
 
-        check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
-                              real_privs_allow, real_privs_deny);
+        check_app_permissions(normalApp.getAppId(), normalApp.getPkgId(), childUidStr,
+                              allowedPrivsAfterChange, deniedPrivsAfterChange);
     }
-    if (pid == 0)//child
-    {
-        FdUniquePtr pipeptr(pipefd);
-        close(pipefd[1]);
+    if (pid == 0) {
+        msgPipe.claimChildEp();
+        // Get created user credentials
+        msgPipe.read(msg);
 
-        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
-        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+        AppInstallHelper adminApp("sm_test_21_admin");
+        Api::setProcessLabel(adminApp.getAppId());
+        RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(msg.uid, msg.gid) == 0, "drop_root_privileges failed");
 
-        //become admin privacy manager manager
-        Api::setProcessLabel(pirivman_id.c_str());
-        result = drop_root_privileges(msg.uid, msg.gid);
-        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
         PolicyRequest addPolicyReq;
-        //change rights
-        for (auto &denypriv:real_privs_deny) {
-            /*this entry will deny some privileges for user whose uid (as c string)
-              was sent in message's buf field.
-              That user would be denying internet for child in this case*/
-            PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, denypriv);
+        for (auto &deniedPriv : deniedPrivsAfterChange) {
+            PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, deniedPriv);
             entry.setMaxLevel("Deny");
             addPolicyReq.addEntry(entry);
         }
@@ -701,23 +620,23 @@ RUNNER_CHILD_TEST(security_manager_21_security_manager_admin_deny_user_priv)
 
 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_CMD)
 
-RUNNER_TEST(security_manager_19_security_manager_cmd_install)
+RUNNER_TEST(security_manager_22_security_manager_cmd_install)
 {
     int ret;
     const int SUCCESS = 0;
     const int FAILURE = 256;
-    const std::string app_id = "security_manager_10_app";
-    const std::string pkg_id = "security_manager_10_pkg";
-    const std::string username("sm_test_10_user_name");
+    const std::string app_id = "sm_test_22_app_id";
+    const std::string pkg_id = "sm_test_22_pkg_id";
+    const std::string username("sm_test_22_user_name");
 
-    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL);
     user.create();
-    std::string uid_string = user.getUidString();
+
     const std::string path1 = TzPlatformConfig::appDirPath(user, app_id, pkg_id) + "/p1";
     const std::string path2 = TzPlatformConfig::appDirPath(user, app_id, pkg_id) + "/p2";
     const std::string pkgopt = " --pkg=" + pkg_id;
     const std::string appopt = " --app=" + app_id;
-    const std::string uidopt = " --uid=" + uid_string;
+    const std::string uidopt = " --uid=" + user.getUidString();
 
     mktreeSafe(path1.c_str(), 0);
     mktreeSafe(path2.c_str(), 0);
@@ -752,16 +671,13 @@ RUNNER_TEST(security_manager_19_security_manager_cmd_install)
     }
 }
 
-RUNNER_TEST(security_manager_20_security_manager_cmd_users)
+RUNNER_TEST(security_manager_23_security_manager_cmd_users)
 {
-    int ret;
     const int SUCCESS = 0;
     const int FAILURE = 256;
-    const std::string username("sm_test_11_user_name");
-    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+    TemporaryTestUser user("sm_test_23_user_name", GUM_USERTYPE_NORMAL, false);
     user.create();
-    std::string uid_string = user.getUidString();
-    const std::string uidopt = " --uid=" + uid_string;
+    const std::string uidopt = " --uid=" + user.getUidString();
 
     struct operation {
         std::string command;
@@ -782,49 +698,31 @@ RUNNER_TEST(security_manager_20_security_manager_cmd_users)
     };
 
     for (auto &op : operations) {
-        ret = system((op.command + " 1>/dev/null 2>&1").c_str());
+        int ret = system((op.command + " 1>/dev/null 2>&1").c_str());
         RUNNER_ASSERT_MSG(ret == op.expected_result,
                 "Unexpected result for command '" << op.command <<"': "
                 << ret << " Expected was: "<< op.expected_result);
     }
 }
 
-std::vector<std::string> readPrivilegeGroups()
-{
-    std::vector<std::string> groups;
-    const static std::string privilegeGroupMappingPath("/usr/share/security-manager/policy/privilege-group.list");
-    std::ifstream mappingFile(privilegeGroupMappingPath);
-
-    RUNNER_ASSERT_MSG(mappingFile.is_open(),
-        "Unable to read group mapping file " << privilegeGroupMappingPath);
-
-    std::string line;
-    std::regex r("^[^ #]+ +(.*)");
-    while (std::getline(mappingFile, line)) {
-        std::smatch m;
-        if (std::regex_search(line, m, r))
-            groups.push_back(m[1]);
-    }
-
-    return groups;
-}
-
 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_GROUPS)
 
-RUNNER_TEST(security_manager_22_groups_get)
+RUNNER_TEST(security_manager_24_groups_get)
 {
-    std::unordered_set<std::string> groups;
-    auto tmp = readPrivilegeGroups();
-    groups.insert(tmp.begin(), tmp.end());
-
+    PolicyConfiguration pc;
     char ** c_groups;
     size_t count = 0;
 
     Api::getSecurityManagerGroups(&c_groups, &count);
-    RUNNER_ASSERT_MSG(count == groups.size(), "security_manager_groups_get should set count to: "
-                      << groups.size() << " but count is: " << count);
+    std::unique_ptr<char *, std::function<void(char **)>> groupsPtr(c_groups, [count] (char ** groups) {
+        security_manager_groups_free(groups, count);
+    });
+
+    auto policyGroups = pc.getGroup();
+    RUNNER_ASSERT_MSG(count == policyGroups.size(), "security_manager_groups_get should set count to: "
+                      << policyGroups.size() << " but count is: " << count);
 
-    for (const auto &group : groups) {
+    for (const auto &group : policyGroups) {
         bool found = false;
         for (size_t i = 0; i < count; ++i) {
             if (group == c_groups[i]) {
@@ -834,190 +732,188 @@ RUNNER_TEST(security_manager_22_groups_get)
         }
         RUNNER_ASSERT_MSG(found, "PrivilegeGroup: " << group << " was not found");
     }
-    security_manager_groups_free(c_groups, count);
 }
 
 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_INSTALL_TYPE)
 
-RUNNER_TEST(security_manager_49a_global_user_set_install_type_global)
+RUNNER_TEST(security_manager_25a_global_user_set_install_type_global)
 {
-    const char *const sm_app_id = "sm_test_49a_app_id_global";
-    const char *const sm_pkg_id = "sm_test_49a_pkg_id_global";
-
-    InstallRequest requestInst;
-    requestInst.setAppId(sm_app_id);
-    requestInst.setPkgId(sm_pkg_id);
-    requestInst.setInstallType(SM_APP_INSTALL_GLOBAL);
-
-    Api::install(requestInst);
-
-    // Check records in the security-manager database
-    check_app_after_install(sm_app_id, sm_pkg_id);
-
-    InstallRequest requestUninst;
-    requestUninst.setAppId(sm_app_id);
+    AppInstallHelper app("sm_test_25a");
+    app.setInstallType(SM_APP_INSTALL_GLOBAL);
+    {
+        ScopedInstaller appInstall(app);
 
-    Api::uninstall(requestUninst);
+        // FIXME - whitebox - db
+        check_app_after_install(app.getAppId(), app.getPkgId());
+    }
 
     // Check records in the security-manager database
-    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+    check_app_after_uninstall(app.getAppId(), app.getPkgId(), TestSecurityManagerDatabase::REMOVED);
 }
 
-RUNNER_TEST(security_manager_49b_global_user_set_install_type_local)
+RUNNER_TEST(security_manager_25b_global_user_set_install_type_local)
 {
-    const char *const sm_app_id = "sm_test_49b_app_id_local";
-    const char *const sm_pkg_id = "sm_test_49b_pkg_id_local";
+    AppInstallHelper app("sm_test_25b");
 
     InstallRequest requestInst;
-    requestInst.setAppId(sm_app_id);
-    requestInst.setPkgId(sm_pkg_id);
+    requestInst.setAppId(app.getAppId());
+    requestInst.setPkgId(app.getPkgId());
     requestInst.setInstallType(SM_APP_INSTALL_LOCAL);
 
     Api::install(requestInst, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
 }
 
-RUNNER_TEST(security_manager_49c_global_user_set_install_type_preloaded)
+RUNNER_TEST(security_manager_25c_global_user_set_install_type_preloaded)
 {
-    const char *const sm_app_id = "sm_test_49c_app_id_preloaded";
-    const char *const sm_pkg_id = "sm_test_49c_pkg_id_preloaded";
+    AppInstallHelper app("sm_test_25c");
+    app.setInstallType(SM_APP_INSTALL_PRELOADED);
+    {
+        ScopedInstaller appInstall(app);
+        // FIXME - whitebox - db
+        check_app_after_install(app.getAppId(), app.getPkgId());
+    }
+    // FIXME - whitebox - db
+    check_app_after_uninstall(app.getAppId(), app.getPkgId(), TestSecurityManagerDatabase::REMOVED);
+}
 
-    InstallRequest requestInst;
-    requestInst.setAppId(sm_app_id);
-    requestInst.setPkgId(sm_pkg_id);
-    requestInst.setInstallType(SM_APP_INSTALL_PRELOADED);
+RUNNER_TEST(security_manager_25d_local_user_set_install_type_invalid)
+{
+    InstallRequest requestPrivateUser;
+    requestPrivateUser.setInstallType((app_install_type)0, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
+    requestPrivateUser.setInstallType((app_install_type)22, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
+}
 
-    Api::install(requestInst);
+/*
+ * It is possible for local user to install global application but one needs app_install privileges
+ * By default only global user or root can install global apps (or "User", "System", "System::Privileged"...)
+ */
+RUNNER_CHILD_TEST(security_manager_25e_unprivileged_install_type_global)
+{
+    TemporaryTestUser testUser("sm_test_25e_user_name", GUM_USERTYPE_NORMAL);
+    testUser.create();
 
-    // Check records in the security-manager database
-    check_app_after_install(sm_app_id, sm_pkg_id);
+    AppInstallHelper app("sm_test_25e");
+    app.createInstallDir();
 
-    InstallRequest requestUninst;
-    requestUninst.setAppId(sm_app_id);
+    change_label("_");
+    RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+                            "drop_root_privileges failed");
 
-    Api::uninstall(requestUninst);
+    InstallRequest invalidReq;
+    invalidReq.setAppId(app.getAppId());
+    invalidReq.setPkgId(app.getPkgId());
+    invalidReq.setInstallType(SM_APP_INSTALL_GLOBAL);
 
-    // Check records in the security-manager database
-    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+    Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
 }
 
-RUNNER_CHILD_TEST(security_manager_49d_local_user_set_install_type_global)
+RUNNER_CHILD_TEST(security_manager_25f_unprivileged_install_type_preloaded)
 {
-    int result;
-    const char *const sm_app_id = "sm_test_49d_app_id_global";
-    const char *const sm_pkg_id = "sm_test_49d_pkg_id_global";
-    const std::string new_user_name = "sm_test_49d_user_name";
-
-    TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
+    TemporaryTestUser testUser("sm_test_25f_user_name", GUM_USERTYPE_NORMAL);
     testUser.create();
 
-    removeTestDirs(testUser, sm_app_id, sm_pkg_id);
-    createTestDirs(testUser, sm_app_id, sm_pkg_id);
+    AppInstallHelper app("sm_test_25f");
+    app.createInstallDir();
+
+    change_label("_");
+    RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+                            "drop_root_privileges failed");
+    InstallRequest invalidReq;
+    invalidReq.setAppId(app.getAppId());
+    invalidReq.setPkgId(app.getPkgId());
+    invalidReq.setInstallType(SM_APP_INSTALL_PRELOADED);
+    Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+}
 
-    const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id);
 
-    //switch user to non-root
-    result = drop_root_privileges(testUser.getUid(), testUser.getGid());
-    RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+RUNNER_CHILD_TEST(security_manager_25g_local_user_set_install_type_local)
+{
+    std::vector<std::string> allowedPrivs = {
+        "http://tizen.org/privilege/volume.set",
+        "http://tizen.org/privilege/systemmonitor",
+        "http://tizen.org/privilege/recorder"
+    };
+    std::vector<std::string> someDeniedPrivs = {
+        "http://tizen.org/privilege/push",
+        "http://tizen.org/privilege/power",
+        "http://tizen.org/privilege/notification"
+    };
 
-    InstallRequest requestPrivateUser;
-    prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
-                    SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(),
-                    false);
+    TemporaryTestUser testUser("sm_test_25g_user_name", GUM_USERTYPE_NORMAL);
+    testUser.create();
 
-    requestPrivateUser.setInstallType((app_install_type)0, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
-    requestPrivateUser.setInstallType((app_install_type)22, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
-    requestPrivateUser.setInstallType(SM_APP_INSTALL_GLOBAL);
+    AppInstallHelper app("sm_test_25g", testUser.getUid());
+    app.createInstallDir();
+    app.createPrivateDir();
+    app.setInstallType(SM_APP_INSTALL_LOCAL);
+    app.addPrivileges(allowedPrivs);
 
-    for (auto &privilege : SM_ALLOWED_PRIVILEGES)
-        requestPrivateUser.addPrivilege(privilege.c_str());
+    RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+                            "drop_root_privileges failed");
+    {
+        ScopedInstaller appInstall(app);
+        check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(),
+                              allowedPrivs, someDeniedPrivs);
 
-    /*
-     * It is possible for local user to install global application but one needs app_install privileges
-     * By default only global user or root can install global apps
-     */
-    Api::install(requestPrivateUser, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+    }
+    check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(),
+                          {}, merge(allowedPrivs, someDeniedPrivs));
+    // TODO - check if app is properly uninstalled
 }
 
-RUNNER_CHILD_TEST(security_manager_49e_local_user_set_install_type_local)
+RUNNER_CHILD_TEST(security_manager_25h_local_path_global_install)
 {
-    int result;
-    const char *const sm_app_id = "sm_test_49e_app_id_local";
-    const char *const sm_pkg_id = "sm_test_49e_pkg_id_local";
-    const std::string new_user_name = "sm_test_49e_user_name";
-
-    TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
+    TemporaryTestUser testUser("sm_test_25h_user_name", GUM_USERTYPE_NORMAL);
     testUser.create();
 
-    removeTestDirs(testUser, sm_app_id, sm_pkg_id);
-    createTestDirs(testUser, sm_app_id, sm_pkg_id);
-
-    const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id);
-
-    //switch user to non-root
-    result = drop_root_privileges(testUser.getUid(), testUser.getGid());
-    RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
-    InstallRequest requestPrivateUser;
-    prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
-                    SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(),
-                    false);
+    AppInstallHelper app("sm_test_25h", testUser.getUid());
+    app.createInstallDir();
+    app.createPrivateDir();
 
-    requestPrivateUser.setInstallType(SM_APP_INSTALL_LOCAL);
-
-    for (auto &privilege : SM_ALLOWED_PRIVILEGES)
-        requestPrivateUser.addPrivilege(privilege.c_str());
-
-    Api::install(requestPrivateUser);
-
-    check_app_permissions(sm_app_id, sm_pkg_id,
-                          testUser.getUidString().c_str(),
-                          SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+    InstallRequest invalidReq;
+    invalidReq.setAppId(app.getAppId());
+    invalidReq.setPkgId(app.getPkgId());
+    invalidReq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
+    invalidReq.setInstallType(SM_APP_INSTALL_GLOBAL);
+    Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+}
 
-    //uninstall app as non-root user
-    InstallRequest request;
-    request.setAppId(sm_app_id);
+RUNNER_CHILD_TEST(security_manager_25i_local_path_preloaded_install)
+{
+    TemporaryTestUser testUser("sm_test_25i_user_name", GUM_USERTYPE_NORMAL);
+    testUser.create();
 
-    Api::uninstall(request);
+    AppInstallHelper app("sm_test_25i", testUser.getUid());
+    app.createInstallDir();
+    app.createPrivateDir();
 
-    check_app_permissions(sm_app_id, sm_pkg_id,
-                          testUser.getUidString().c_str(),
-                          SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+    InstallRequest invalidReq;
+    invalidReq.setAppId(app.getAppId());
+    invalidReq.setPkgId(app.getPkgId());
+    invalidReq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
+    invalidReq.setInstallType(SM_APP_INSTALL_PRELOADED);
+    Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
 }
 
-RUNNER_CHILD_TEST(security_manager_49f_local_user_set_install_type_preloaded)
+RUNNER_CHILD_TEST(security_manager_25j_global_path_local_install)
 {
-    int result;
-    const char *const sm_app_id = "sm_test_49f_app_id_preloaded";
-    const char *const sm_pkg_id = "sm_test_49f_pkg_id_preloaded";
-    const std::string new_user_name = "sm_test_49f_user_name";
-
-    TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
+    TemporaryTestUser testUser("sm_test_25j_user_name", GUM_USERTYPE_NORMAL);
     testUser.create();
 
-    removeTestDirs(testUser, sm_app_id, sm_pkg_id);
-    createTestDirs(testUser, sm_app_id, sm_pkg_id);
+    AppInstallHelper appLocal("sm_test_25j", testUser.getUid());
 
-    const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id);
+    AppInstallHelper appGlobal("sm_test_25");
+    appGlobal.createPrivateDir();
 
-    //switch user to non-root
-    result = drop_root_privileges(testUser.getUid(), testUser.getGid());
-    RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+    RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+                            "drop_root_privileges failed");
 
-    InstallRequest requestPrivateUser;
-    prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
-                    SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(),
-                    false);
+    InstallRequest invalidReq;
+    invalidReq.setAppId(appLocal.getAppId());
+    invalidReq.setPkgId(appLocal.getPkgId());
+    invalidReq.addPath(appGlobal.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
+    invalidReq.setInstallType(SM_APP_INSTALL_LOCAL);
 
-    requestPrivateUser.setInstallType((app_install_type)0, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
-    requestPrivateUser.setInstallType((app_install_type)22, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
-    requestPrivateUser.setInstallType(SM_APP_INSTALL_PRELOADED);
-
-    for (auto &privilege : SM_ALLOWED_PRIVILEGES)
-        requestPrivateUser.addPrivilege(privilege.c_str());
-
-    /*
-     * It is possible for local user to install preloaded application but one needs app_install privileges
-     * By default only global user or root can install preloaded apps
-     */
-    Api::install(requestPrivateUser, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+    Api::install(invalidReq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
 }
+
Domain: Security / Uncategorized;