* limitations under the License.
*/
+#include <filesystem>
+#include <system_error>
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/smack.h>
auto ret = fchown(fd, m_uidGid, FILE_GROUP);
close(fd);
- m_fileTypeMap[smType].push_back(path);
+ m_fileTypeMap[smType].insert(path);
return ret == 0;
}
mktreeSafe(path, 0777);
// Dont pass base pkg dirs to SM, because transmute will be forced on RO subdirs
if (!isBasePath)
- m_dirTypeMap[smType].push_back(path);
+ m_dirTypeMap[smType].insert(path);
if (chown(path.c_str(), m_uidGid, FILE_GROUP) == 0)
return true;
createInstallDir(rType);
std::string linkPath = getPath(smType, PathType::DIR, i, rType);
if (symlink(dest.c_str(), linkPath.c_str()) == 0) {
- m_fileTypeMap[smType].push_back(linkPath);
+ m_fileTypeMap[smType].insert(linkPath);
chown(linkPath.c_str(), m_uidGid, FILE_GROUP);
}
}
}
void AppInstallHelper::removePaths() {
- for (const auto &oneTypePaths : m_dirTypeMap)
- for (const auto& path : oneTypePaths.second)
- rmdir(path.c_str());
-
- m_dirTypeMap.clear();
-
- for (const auto &oneTypePaths : m_fileTypeMap)
- for (const auto& path : oneTypePaths.second)
- unlink(path.c_str());
-
- m_fileTypeMap.clear();
-
- for (auto& rootInfo : m_rootPaths) {
- if (rootInfo.second.isCreated)
- rmdir(rootInfo.second.path.c_str());
+ for (auto &rootInfo : m_rootPaths) {
+ if (rootInfo.second.isCreated) {
+ std::error_code ec;
+ std::filesystem::remove_all(rootInfo.second.path, ec);
+ RUNNER_ASSERT_ERRNO_MSG(!ec, "Failed to remove root paths of app");
+ }
rootInfo.second.isCreated = false;
}
}
#include <optional>
#include <string>
#include <utility>
-#include <vector>
+#include <unordered_set>
#include <security-manager-types.h>
#include <app_def_privilege.h>
+#include <dpl/test/safe_cleanup.h>
#include "dac.h"
struct Access {
struct AppInstallHelper {
- using TypePathsMap = std::map<app_install_path_type, std::vector<std::string>>;
+ using TypePathsMap = std::map<app_install_path_type, std::unordered_set<std::string>>;
using TypePathMap = std::map<app_install_path_type, std::string>;
AppInstallHelper(const std::string &appNamePrefix,
void revokeRules() const;
virtual ~AppInstallHelper() {
if (m_creatorPid == getpid())
- removePaths();
+ SafeCleanup::run([this] { removePaths(); });
}
#ifndef SMACK_ENABLED
app.setInstallType(SM_APP_INSTALL_LOCAL);
app.addPrivileges(allowedPrivs);
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
- "drop_root_privileges failed");
- {
- ScopedInstaller appInstall(app);
- app.checkAfterInstall();
- app.checkDeniedPrivileges(someDeniedPrivs);
- }
- app.checkAfterUninstall();
+ runInChildParentWait([&] {
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+ "drop_root_privileges failed");
+ {
+ ScopedInstaller appInstall(app);
+ app.checkAfterInstall();
+ app.checkDeniedPrivileges(someDeniedPrivs);
+ }
+ app.checkAfterUninstall();
+ });
}
RUNNER_CHILD_TEST(security_manager_25h_local_path_global_install)
AppInstallHelper appGlobal("sm_test_25");
appGlobal.createPrivateDir();
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
- "drop_root_privileges failed");
+ runInChildParentWait([&] {
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+ "drop_root_privileges failed");
- InstallRequest invalidReq;
- invalidReq.setAppId(appLocal.getAppId());
- invalidReq.setPkgId(appLocal.getPkgId());
- invalidReq.addPath(appGlobal.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
- invalidReq.setInstallType(SM_APP_INSTALL_LOCAL);
+ InstallRequest invalidReq;
+ invalidReq.setAppId(appLocal.getAppId());
+ invalidReq.setPkgId(appLocal.getPkgId());
+ invalidReq.addPath(appGlobal.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
+ invalidReq.setInstallType(SM_APP_INSTALL_LOCAL);
- Api::install(invalidReq, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
+ Api::install(invalidReq, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
+ });
}
RUNNER_CHILD_TEST(security_manager_26_hybrid_pkg_uninstall_artifacts_check)
AppInstallHelper app("sm_test_60", user.getUid());
ScopedInstaller appInstall(app);
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
- "drop_root_privileges failed");
- app.createPrivateDir();
- PathsRequest preq;
- preq.setPkgId(app.getPkgId());
- preq.setUid(user.getUid());
- preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
+ runInChildParentWait([&] {
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
+ app.createPrivateDir();
+ PathsRequest preq;
+ preq.setPkgId(app.getPkgId());
+ preq.setUid(user.getUid());
+ preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
- Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+ });
}
RUNNER_CHILD_TEST(security_manager_60a_path_req_as_user_positive_realpath_check)
AppInstallHelper app("sm_test_60a", user.getUid());
ScopedInstaller appInstall(app);
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
- "drop_root_privileges failed");
+ runInChildParentWait([&] {
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
- app.createPrivateDir();
- PathsRequest preq;
- preq.setPkgId(app.getPkgId());
- preq.setUid(user.getUid());
- std::string privPath = "/opt/.././" + app.getPrivateDir();
- size_t pos = privPath.find_last_of("/");
- std::string lastElem = privPath.substr(pos + 1);
+ app.createPrivateDir();
+ PathsRequest preq;
+ preq.setPkgId(app.getPkgId());
+ preq.setUid(user.getUid());
+ std::string privPath = "/opt/.././" + app.getPrivateDir();
+ size_t pos = privPath.find_last_of("/");
+ std::string lastElem = privPath.substr(pos + 1);
- preq.addPath(privPath + "/../" + lastElem, SECURITY_MANAGER_PATH_RW);
+ preq.addPath(privPath + "/../" + lastElem, SECURITY_MANAGER_PATH_RW);
- Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+ });
}
RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
app.createPrivateDir();
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(TzPlatformConfig::getGlobalUserId(),
- TzPlatformConfig::getGlobalGroupId()) == 0,
- "drop_root_privileges failed");
+ runInChildParentWait([&] {
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(TzPlatformConfig::getGlobalUserId(),
+ TzPlatformConfig::getGlobalGroupId()) == 0,
+ "drop_root_privileges failed");
- PathsRequest preq;
- preq.setPkgId(app.getPkgId());
- preq.setUid(app.getUID());
- preq.setInstallType(SM_APP_INSTALL_LOCAL);
- preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
+ PathsRequest preq;
+ preq.setPkgId(app.getPkgId());
+ preq.setUid(app.getUID());
+ preq.setInstallType(SM_APP_INSTALL_LOCAL);
+ preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
- Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+ });
}
RUNNER_TEST(security_manager_66_path_req_check_labels)
projects / platform / core / test / security-tests.git / commitdiff