Update path setup tests

* Add dependency to libacl.
* Modify access checks to verify ownership and ACLs in no-smack mode.
* Add AGID getter.
* Add ACL helper.
* Rename test app dir to work with AppInstallHelper.
* Make runAccessTest() prepare and cleanup the app.
* Add system_access supplementary group for tests in no-smack mode.
* Update the tests.
* Skip access checks expecting rule removal in no-smack (paths will be
  removed by the installer anyway).
* Make AppInstallHelper use global user id when installing as root (the
  app is installed as a global user in such case).
* Fix AppInstallHelper::createFile().
* Make AppInstallHelper::create*() methods chown files for global
  installations too.
* Update no-smack tests script.
* Minor refactoring.

Change-Id: I7c6b302767ef1122439ea79b3eb2bb4785316120

diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec
index aa5b7d91a667e40f54f9f477c285078a26659cdb..b8d0c3ad1716d02388d32a9edcc3780dfbd1ebe9 100644 (file)
--- a/packaging/security-tests.spec
+++ b/packaging/security-tests.spec
@@ -37,6 +37,7 @@ BuildRequires: pkgconfig(libgum) >= 1.0.5
 BuildRequires: pkgconfig(security-privilege-manager)
 BuildRequires: pkgconfig(libsystemd)
 BuildRequires: openssl1.1
+BuildRequires: pkgconfig(libacl)
 Requires: gdb
 Requires: diffutils
 Requires: iproute2

diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
index 1519ecffb59618bbb740b45d9d267064cc62a496..c39e7c3b97ac066f31c29ee306cfd4db4ced9062 100644 (file)
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -50,6 +50,7 @@ SET(COMMON_TARGET_TEST_SOURCES
     ${PROJECT_SOURCE_DIR}/src/common/privilege_manager.cpp
     ${PROJECT_SOURCE_DIR}/src/common/scoped_process_label.cpp
     ${PROJECT_SOURCE_DIR}/src/common/ckm_helpers.cpp
+    ${PROJECT_SOURCE_DIR}/src/common/dac.cpp
     )
 
 #system and local includes

diff --git a/src/common/app_install_helper.cpp b/src/common/app_install_helper.cpp
index 0c55eaf6d3f9be77728888eef3ac662e6dfc7a5c..cee8488eba42aeb77f4a845947a2a948ed2a678c 100644 (file)
--- a/src/common/app_install_helper.cpp
+++ b/src/common/app_install_helper.cpp
@@ -14,17 +14,10 @@
  *    limitations under the License.
  */
 
-#include <fcntl.h>
-#include <map>
-#include <string>
 #include <sys/mman.h>
 #include <sys/stat.h>
-#include <sys/types.h>
 #include <sys/smack.h>
-#include <unistd.h>
-#include <utility>
-
-#include <security-manager-types.h>
+#include <sstream>
 
 #include <dpl/test/test_runner.h>
 #include <sm_api.h>
@@ -39,27 +32,46 @@ namespace {
 
 const gid_t FILE_GROUP = 100;
 
-    std::string genSkelPath() {
-        static std::string skelPkgDir;
-        if (!skelPkgDir.empty())
-            return skelPkgDir;
-        std::string app = TzPlatformConfig::getEnv(TZ_USER_APP);
+std::string genSkelPath() {
+    static std::string skelPkgDir = []{
+        std::string ret = TzPlatformConfig::getEnv(TZ_USER_APP);
         std::string home = TzPlatformConfig::getEnv(TZ_USER_HOME);
         std::string skelDir = "/etc/skel";
 
-        skelPkgDir.assign(app);
-        skelPkgDir.replace(0, home.length(), skelDir);
-
-        return skelPkgDir;
-    }
-
-    const AppInstallHelper::TypePathMap typeToPath = {
-            {SECURITY_MANAGER_PATH_RW, "app_rw"},
-            {SECURITY_MANAGER_PATH_RO, "app_ro"},
-            {SECURITY_MANAGER_PATH_PUBLIC_RO, "public_ro"},
-            {SECURITY_MANAGER_PATH_TRUSTED_RW, "trusted_rw"},
-            {SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, "shared_ro"}
-    };
+        ret.replace(0, home.length(), skelDir);
+        return ret;
+    }();
+
+    return skelPkgDir;
+}
+
+const AppInstallHelper::TypePathMap typeToPath = {
+        {SECURITY_MANAGER_PATH_RW, "app_rw"},
+        {SECURITY_MANAGER_PATH_RO, "app_ro"},
+        {SECURITY_MANAGER_PATH_PUBLIC_RO, "public_ro"},
+        {SECURITY_MANAGER_PATH_TRUSTED_RW, "trusted_rw"},
+        {SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, "shared_ro"}
+};
+
+} // namespace
+
+AppInstallHelper::AppInstallHelper(const std::string &appNamePrefix,
+                                   const std::string &pkgNamePrefix,
+                                   bool isLocal,
+                                   uid_t uid,
+                                   std::string version) :
+        m_appName(appNamePrefix + "_app_id"),
+        m_pkgName(pkgNamePrefix + "_pkg_id"),
+        m_isLocal(isLocal),
+        m_uidGid(uid),
+        m_version(version),
+        m_installType(SM_APP_INSTALL_NONE),
+        m_isHybrid(false),
+        m_creatorPid(getpid())
+{
+    // When app is installed with UID=0 it becomes a global user app (see setRequestDefaultValues())
+    if (m_installType == SM_APP_INSTALL_NONE && m_uidGid == 0)
+        setUidGid(TzPlatformConfig::getGlobalUserId());
 }
 
 AppInstallHelper::AppInstallHelper(AppInstallHelper &&other)
@@ -177,26 +189,27 @@ std::string AppInstallHelper::getVersion() const {
     return m_version;
 }
 
-void AppInstallHelper::setUidGid(int uidGid) {
+void AppInstallHelper::setUidGid(unsigned uidGid) {
     m_uidGid = uidGid;
 }
 
-int AppInstallHelper::getUID() const {
+unsigned AppInstallHelper::getUID() const {
     return m_uidGid;
 }
 
-int AppInstallHelper::getGID() const {
+unsigned AppInstallHelper::getGID() const {
     return m_uidGid;
 }
 
 bool AppInstallHelper::createFile(app_install_path_type smType, const std::string &path) {
-    if (creat(path.c_str(), 0751) == 0) {
-        // Local paths need user change
-        m_fileTypeMap[smType].push_back(path);
-        if (!m_isLocal || chown(path.c_str(), m_uidGid, FILE_GROUP) == 0)
-            return true;
-    }
-    return false;
+    auto fd = creat(path.c_str(), 0751);
+    if (fd == -1)
+        return false;
+
+    auto ret = fchown(fd, m_uidGid, FILE_GROUP);
+    close(fd);
+    m_fileTypeMap[smType].push_back(path);
+    return ret == 0;
 }
 
 bool AppInstallHelper::createDir(app_install_path_type smType, const std::string &path, bool isBasePath) {
@@ -204,7 +217,7 @@ bool AppInstallHelper::createDir(app_install_path_type smType, const std::string
     // Dont pass base pkg dirs to SM, because transmute will be forced on RO subdirs
     if (!isBasePath)
         m_dirTypeMap[smType].push_back(path);
-    if (!m_isLocal || chown(path.c_str(), m_uidGid, FILE_GROUP) == 0)
+    if (chown(path.c_str(), m_uidGid, FILE_GROUP) == 0)
         return true;
 
     return false;
@@ -240,9 +253,7 @@ void AppInstallHelper::createDirLink(app_install_path_type smType, const std::st
     std::string linkPath = getPath(smType, PathType::DIR, i, rType);
     if (symlink(dest.c_str(), linkPath.c_str()) == 0) {
         m_fileTypeMap[smType].push_back(linkPath);
-        if (m_isLocal) {
-            chown(linkPath.c_str(), m_uidGid, FILE_GROUP);
-        }
+        chown(linkPath.c_str(), m_uidGid, FILE_GROUP);
     }
 }
 
@@ -314,15 +325,22 @@ void AppInstallHelper::revokeRules() const {
 }
 
 #ifndef SMACK_ENABLED
-uid_t AppInstallHelper::getPUID() const {
+
+void AppInstallHelper::getPUIDAndAGID() const {
+    static constexpr gid_t MIN_AUTHOR_GID = 20000;
     if (m_puid)
-        return *m_puid;
+        return;
+
+    struct {
+        uid_t uid = 0;
+        gid_t gid = 0;
+    } id;
 
-    static constexpr auto MMAP_SIZE = sizeof(uid_t);
+    static constexpr auto MMAP_SIZE = sizeof(id);
     auto deleter = [&](void* addr) {
         RUNNER_ASSERT_ERRNO_MSG(munmap(addr, MMAP_SIZE) == 0, "munmap() failed");
     };
-    auto shmem = std::unique_ptr<void, decltype(deleter)>{mmap(nullptr, sizeof(uid_t),
+    auto shmem = std::unique_ptr<void, decltype(deleter)>{mmap(nullptr, MMAP_SIZE,
                                                                PROT_READ | PROT_WRITE,
                                                                MAP_SHARED | MAP_ANONYMOUS, -1, 0),
                                                           std::move(deleter)};
@@ -331,24 +349,98 @@ uid_t AppInstallHelper::getPUID() const {
     RUNNER_ASSERT_MSG(pid >= 0, "Fork failed");
     if (pid == 0) {
         SecurityManagerTest::Api::setAppProcessIdentity(m_appName);
-        uid_t uid = getuid();
-        std::memcpy(shmem.get(), &uid, sizeof(uid));
+        id.uid = getuid();
+
+        // get current process groups
+        int ret = getgroups(0, nullptr);
+        RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
+
+        std::vector<gid_t> actualGids(ret);
+        ret = getgroups(ret, actualGids.data());
+        RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
+
+        for (const auto& gid : actualGids) {
+            if (gid >= MIN_AUTHOR_GID) {
+                RUNNER_ASSERT(id.gid == 0);
+                id.gid = gid;
+            }
+        }
+
+        std::memcpy(shmem.get(), &id, sizeof(id));
         _exit(0);
     }
     waitPid(pid);
-    uid_t uid;
-    std::memcpy(&uid, shmem.get(), sizeof(uid));
-    m_puid = uid;
-    return uid;
+    std::memcpy(&id, shmem.get(), sizeof(id));
+    m_puid = id.uid;
+    if (id.gid != 0)
+        m_agid = id.gid;
+}
+
+uid_t AppInstallHelper::getPUID() const {
+    getPUIDAndAGID();
+    return *m_puid;
 }
+
+std::optional<gid_t> AppInstallHelper::getAGID() const {
+    getPUIDAndAGID();
+    return m_agid;
+}
+#endif
+
+Access AppInstallHelper::pathOwnerRWAccess() const
+{
+    Access ret;
+    ret.label = generateOwnerRWPathLabel(getPkgId());
+#ifndef SMACK_ENABLED
+    std::ostringstream os;
+    os << "u::rwx,g::rwx,o::-,m::rwx,u:" << getPUID() << ":rwx";
+    ret.dac = Dac{os.str(), getUID(), checkedGetSystemAccessGid()};
+#endif
+    return ret;
+}
+
+Access AppInstallHelper::pathOwnerROAccess() const
+{
+    Access ret;
+    ret.label = generateOwnerROPathLabel(getPkgId());
+#ifndef SMACK_ENABLED
+    std::ostringstream os;
+    os << "u::rwx,g::rwx,o::-,m::rwx,u:" << getPUID() << ":rx";
+    ret.dac = Dac{os.str(), getUID(), checkedGetSystemAccessGid()};
 #endif
+    return ret;
+}
+
+Access AppInstallHelper::pathOwnerROOtherROAccess() const
+{
+    Access ret;
+    ret.label = getOwnerROOtherROPathLabel();
+#ifndef SMACK_ENABLED
+    std::ostringstream os;
+    os << "u::rwx,g::rwx,o::rx,m::rwx,u:" << getPUID() << ":rx";
+    ret.dac = Dac{os.str(), getUID(), checkedGetSystemAccessGid()};
+#endif
+    return ret;
+}
+
+Access AppInstallHelper::pathOwnerRWOtherROAccess() const
+{
+    Access ret;
+    ret.label = getOwnerRWOtherROPathLabel();
+#ifndef SMACK_ENABLED
+    std::ostringstream os;
+    os << "u::rwx,g::rwx,o::rx,m::rwx,u:" << getPUID() << ":rwx";
+    ret.dac = Dac{os.str(), getUID(), checkedGetSystemAccessGid()};
+#endif
+    return ret;
+}
 
 std::string AppInstallHelper::generateAppLabel() const {
     return generateProcessLabel(getAppId(), getPkgId(), getIsHybrid());
 }
 
 std::string AppInstallHelper::generatePkgLabel() const {
-    return generatePathRWLabel(getPkgId());
+    return generateOwnerRWPathLabel(getPkgId());
 }
 
 const AppInstallHelper::TypePathsMap& AppInstallHelper::getDirsMap() const {

diff --git a/src/common/app_install_helper.h b/src/common/app_install_helper.h
index 4293523c37d57c5970ca3d5149b1d9788b7ef48f..2f74d5ee5b1ba9117a64a7db4183c803ee79bae4 100644 (file)
--- a/src/common/app_install_helper.h
+++ b/src/common/app_install_helper.h
@@ -28,6 +28,12 @@
 
 #include <security-manager-types.h>
 #include <app_def_privilege.h>
+#include "dac.h"
+
+struct Access {
+    std::optional<Dac> dac;
+    std::string label;
+};
 
 struct AppInstallHelper {
 
@@ -38,10 +44,7 @@ struct AppInstallHelper {
                      const std::string &pkgNamePrefix,
                      bool isLocal,
                      uid_t uid,
-                     std::string version = std::string())
-      : m_appName(appNamePrefix + "_app_id"), m_pkgName(pkgNamePrefix + "_pkg_id"), m_isLocal(isLocal), m_uidGid(uid), m_version(version),
-        m_installType(SM_APP_INSTALL_NONE), m_isHybrid(false), m_creatorPid(getpid())
-    {}
+                     std::string version = std::string());
 
     AppInstallHelper(const std::string &appNamePrefix,
                      const std::string &pkgNamePrefix,
@@ -77,9 +80,9 @@ struct AppInstallHelper {
     // App info getters and setters
     const std::string& getAppId() const;
     const std::string& getPkgId() const;
-    void setUidGid(int uidGid);
-    int getUID() const;
-    int getGID() const;
+    void setUidGid(unsigned uidGid);
+    unsigned getUID() const;
+    unsigned getGID() const;
     void setVersion(const std::string &version);
     std::string getVersion() const;
     void setAuthor(const std::string &author);
@@ -150,11 +153,19 @@ struct AppInstallHelper {
 #ifndef SMACK_ENABLED
 private:
     mutable std::optional<uid_t> m_puid;
+    mutable std::optional<gid_t> m_agid;
 
+    void getPUIDAndAGID() const;
 public:
     uid_t getPUID() const;
+    std::optional<gid_t> getAGID() const;
 #endif
 
+    Access pathOwnerRWAccess() const;
+    Access pathOwnerROAccess() const;
+    Access pathOwnerROOtherROAccess() const;
+    Access pathOwnerRWOtherROAccess() const;
+
 protected:
     struct RootInfo {
         RootInfo() : isCreated(false) {}
@@ -174,7 +185,7 @@ protected:
     const std::string m_appName;
     const std::string m_pkgName;
     bool m_isLocal;
-    int m_uidGid;
+    unsigned m_uidGid;
     std::string m_version;
     app_install_type m_installType;
     bool m_isHybrid;

diff --git a/src/common/dac.cpp b/src/common/dac.cpp
new file mode 100644 (file)
index 0000000..77868a1
--- /dev/null
+++ b/src/common/dac.cpp
@@ -0,0 +1,234 @@
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <cstdint>
+#include <sstream>
+#include <iostream>
+#include <unordered_set>
+#include <optional>
+#include <acl/libacl.h>
+
+#include "dac.h"
+#include "dpl/test/test_runner.h"
+
+namespace {
+
+template<size_t N>
+inline constexpr uint8_t bitsNeeded = [] {
+    uint8_t res = 0;
+    auto n = N;
+    while (n > 0) {
+        ++res;
+        n >>= 1;
+    }
+    return res;
+}();
+
+template<auto... N>
+inline constexpr auto max = [] {
+    auto vals = {N...};
+    auto res = *vals.begin();
+    for (auto x : vals)
+        if (x > res)
+            res = x;
+    return res;
+}();
+
+inline constexpr size_t MAX_TAG =
+    max<ACL_USER_OBJ, ACL_USER, ACL_GROUP_OBJ, ACL_GROUP, ACL_MASK, ACL_OTHER>;
+inline constexpr size_t MAX_PERM = ACL_READ | ACL_WRITE | ACL_EXECUTE;
+
+class AclHelper
+{
+public:
+    struct AclEntry
+    {
+        acl_tag_t tag = ACL_UNDEFINED_TAG;
+        std::optional<unsigned int> qualifier = std::nullopt;
+        acl_perm_t perms = 0;
+    };
+
+    struct Hash
+    {
+        size_t operator()(const AclEntry &entry) const;
+    };
+
+    explicit AclHelper(acl_t&& acl);
+
+    friend bool operator==(const AclHelper &first, const AclHelper &second) noexcept;
+
+    friend bool operator!=(const AclHelper &first, const AclHelper &second) noexcept
+    {
+        return !(first == second);
+    }
+
+    friend std::ostream& operator<<(std::ostream &os, const AclHelper &acl);
+
+private:
+    std::unordered_set<AclEntry, Hash> m_entries;
+};
+
+constexpr bool operator==(const AclHelper::AclEntry &first, const AclHelper::AclEntry &second) noexcept
+{
+    return first.tag == second.tag && first.perms == second.perms &&
+           first.qualifier == second.qualifier;
+}
+
+bool operator==(const AclHelper &first, const AclHelper &second) noexcept
+{
+    return first.m_entries == second.m_entries;
+}
+
+std::ostream& operator<<(std::ostream &os, const AclHelper::AclEntry &entry);
+
+size_t AclHelper::Hash::operator()(const AclEntry &entry) const
+{
+    static constexpr auto TAG_BITS = bitsNeeded<MAX_TAG>;
+    static constexpr auto PERM_BITS = bitsNeeded<MAX_PERM>;
+    size_t hash = 0;
+    RUNNER_ASSERT(entry.tag >= 0);
+    RUNNER_ASSERT(static_cast<size_t>(entry.tag) <= MAX_TAG);
+    hash |= static_cast<size_t>(entry.tag);
+    RUNNER_ASSERT(entry.perms <= MAX_PERM);
+    hash |= static_cast<size_t>(entry.perms << TAG_BITS);
+    if (entry.qualifier.has_value()) {
+        RUNNER_ASSERT(*entry.qualifier <= std::numeric_limits<decltype(hash)>::max() >> (TAG_BITS + PERM_BITS));
+        hash |= *entry.qualifier << (TAG_BITS + PERM_BITS);
+    }
+    return hash;
+}
+
+AclHelper::AclHelper(acl_t&& acl)
+{
+    RUNNER_ASSERT(acl != nullptr);
+
+    acl_entry_t entry;
+    int ret = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
+    RUNNER_ASSERT(ret >= 0);
+    while (ret == 1) {
+        AclEntry aclEntry;
+        RUNNER_ASSERT(0 == acl_get_tag_type(entry, &aclEntry.tag));
+        if (aclEntry.tag == ACL_USER || aclEntry.tag == ACL_GROUP) {
+            auto q = acl_get_qualifier(entry);
+            RUNNER_ASSERT(q != nullptr);
+            static_assert(std::is_same_v<uid_t, unsigned int>);
+            static_assert(std::is_same_v<gid_t, unsigned int>);
+            aclEntry.qualifier = *static_cast<unsigned int*>(q);
+        }
+        acl_permset_t permset;
+        RUNNER_ASSERT(0 == acl_get_permset(entry, &permset));
+
+        for (auto perm : { ACL_READ, ACL_WRITE, ACL_EXECUTE }) {
+            ret = acl_get_perm(permset, perm);
+            RUNNER_ASSERT(ret >= 0);
+
+            if (ret == 1)
+                aclEntry.perms |= perm;
+        }
+        m_entries.emplace(std::move(aclEntry));
+
+        ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
+        RUNNER_ASSERT(ret >= 0);
+    }
+    acl_free(acl);
+}
+
+std::ostream& operator<<(std::ostream &os, const AclHelper::AclEntry &entry)
+{
+    switch (entry.tag) {
+    case ACL_UNDEFINED_TAG:
+        os << "UNDEFINED_TAG|";
+        break;
+    case ACL_USER_OBJ:
+        os << "USER_OBJ|";
+        break;
+    case ACL_USER:
+        os << "USER|";
+        break;
+    case ACL_GROUP_OBJ:
+        os << "GROUP_OBJ|";
+        break;
+    case ACL_GROUP:
+        os << "GROUP|";
+        break;
+    case ACL_MASK:
+        os << "MASK|";
+        break;
+    case ACL_OTHER:
+        os << "OTHER|";
+        break;
+    default:
+        RUNNER_FAIL_MSG("Unknown tag");
+    }
+
+    if (entry.qualifier.has_value())
+        os << *entry.qualifier << "|";
+
+    if (entry.perms & ACL_READ)
+        os << "r";
+    else
+        os << "-";
+    if (entry.perms & ACL_WRITE)
+        os << "w";
+    else
+        os << "-";
+    if (entry.perms & ACL_EXECUTE)
+        os << "x";
+    else
+        os << "-";
+    return os;
+}
+
+std::ostream& operator<<(std::ostream &os, const AclHelper &acl)
+{
+    os << "{\n";
+    for (const auto &entry : acl.m_entries)
+        os << "  " << entry << "\n";
+    return os << "}";
+}
+
+template<typename T>
+void RUNNER_ASSERT_EQUAL_MSG(const T& expected, const T& actual, const std::string& msg)
+{
+    std::ostringstream os;
+    os << msg << " expected: " << expected << " != actual: " << actual;
+    RUNNER_ASSERT_MSG(expected == actual, os.str());
+}
+
+void CheckAcl(const std::string &path, const std::string &aclText, acl_type_t type)
+{
+    AclHelper actual(acl_get_file(path.c_str(), type));
+    AclHelper expected(acl_from_text(aclText.c_str()));
+    RUNNER_ASSERT_EQUAL_MSG(expected, actual,
+            std::string("Checking ") + (type == ACL_TYPE_ACCESS ? "access" : "default") +
+            " ACL for: " + path);
+}
+
+} // namespace
+
+void CheckDac(const std::string &path, const Dac &dac)
+{
+    CheckAcl(path, dac.acl, ACL_TYPE_ACCESS);
+
+    struct stat statbuf;
+    RUNNER_ASSERT(0 == stat(path.c_str(), &statbuf));
+
+    RUNNER_ASSERT(statbuf.st_uid == dac.owner);
+    RUNNER_ASSERT(statbuf.st_gid == dac.group);
+}

diff --git a/src/common/dac.h b/src/common/dac.h
new file mode 100644 (file)
index 0000000..e64323d
--- /dev/null
+++ b/src/common/dac.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * This file is licensed under the terms of MIT License or the Apache License
+ * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
+ * See the LICENSE file or the notice below for Apache License Version 2.0
+ * details.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <sys/types.h>
+
+struct Dac {
+    std::string acl;
+    uid_t owner;
+    gid_t group;
+};
+
+void CheckDac(const std::string &path, const Dac &dac);

diff --git a/src/common/label_generator.cpp b/src/common/label_generator.cpp
index fe492f1891a66be6dedb3bfd42a20e448b545a8f..83eda1f5c3f19f217850feff1c9e5fe7f091689a 100644 (file)
--- a/src/common/label_generator.cpp
+++ b/src/common/label_generator.cpp
@@ -30,7 +30,7 @@ std::string generateProcessLabel(const std::string &appId, const std::string &pk
     return label;
 }
 
-std::string generatePathRWLabel(const std::string &pkgId)
+std::string generateOwnerRWPathLabel(const std::string &pkgId)
 {
     if (!smack_check())
         return NO_SMACK_LABEL;
@@ -38,15 +38,15 @@ std::string generatePathRWLabel(const std::string &pkgId)
     return "User::Pkg::" + pkgId;
 }
 
-std::string generatePathROLabel(const std::string &pkgId)
+std::string generateOwnerROPathLabel(const std::string &pkgId)
 {
     if (!smack_check())
         return NO_SMACK_LABEL;
 
-    return generatePathRWLabel(pkgId) + "::RO";
+    return generateOwnerRWPathLabel(pkgId) + "::RO";
 }
 
-std::string generatePathTrustedLabel(int64_t authorId)
+std::string generateTrustedPathLabel(int64_t authorId)
 {
     if (!smack_check())
         return NO_SMACK_LABEL;
@@ -54,7 +54,7 @@ std::string generatePathTrustedLabel(int64_t authorId)
     return "User::Author::" + std::to_string(authorId);
 }
 
-std::string getPublicPathLabel()
+std::string getOwnerROOtherROPathLabel()
 {
     if (!smack_check())
         return NO_SMACK_LABEL;
@@ -62,7 +62,7 @@ std::string getPublicPathLabel()
     return "User::Home";
 }
 
-std::string getSharedROPathLabel()
+std::string getOwnerRWOtherROPathLabel()
 {
     if (!smack_check())
         return NO_SMACK_LABEL;

diff --git a/src/common/label_generator.h b/src/common/label_generator.h
index 6274a235a13be699902ce53a04077807f084f574..54010f73f1662dd57a4023696454be414dcbd27d 100644 (file)
--- a/src/common/label_generator.h
+++ b/src/common/label_generator.h
@@ -20,8 +20,8 @@
 constexpr inline char NO_SMACK_LABEL[] = "User::Pkg::default_app_no_Smack_mode";
 
 std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid = false);
-std::string generatePathRWLabel(const std::string &pkgId);
-std::string generatePathROLabel(const std::string &pkgId);
-std::string generatePathTrustedLabel(int64_t authorId);
-std::string getPublicPathLabel();
-std::string getSharedROPathLabel();
+std::string generateOwnerRWPathLabel(const std::string &pkgId);
+std::string generateOwnerROPathLabel(const std::string &pkgId);
+std::string generateTrustedPathLabel(int64_t authorId);
+std::string getOwnerROOtherROPathLabel();
+std::string getOwnerRWOtherROPathLabel();

diff --git a/src/common/tests_common.cpp b/src/common/tests_common.cpp
index 1cf87fd44255573a92fab1c71195429062220e24..c9c411aa36a153678df4353b63692fe2aa2a6c50 100644 (file)
--- a/src/common/tests_common.cpp
+++ b/src/common/tests_common.cpp
@@ -22,12 +22,16 @@
  */
 
 #include "tests_common.h"
+
+#include <cassert>
+#include <cerrno>
+
+#include <grp.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
-#include <errno.h>
 
 bool smack_check(void)
 {
@@ -148,14 +152,42 @@ pid_t runInChild(const std::function<void(void)> &process) {
     return pid;
 }
 
-void runInChildParentWait(const std::function<void(void)> &process) {
+pid_t runInChildParentWait(const std::function<void(void)> &process) {
     pid_t pid = fork();
     RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
     if (pid == 0) {
         process();
         exit(EXIT_SUCCESS);
-    } else {
-        waitPid(pid);
     }
+    waitPid(pid);
+    return pid;
+}
+
+std::optional<gid_t> nameToGid(const char *name) noexcept {
+    struct group entry, *gresult;
+    char buffer[1024];
+    if (0 != getgrnam_r(name, &entry, buffer, sizeof(buffer), &gresult) && (gresult != NULL))
+        return std::nullopt;
+
+    return entry.gr_gid;
+}
+
+gid_t checkedNameToGid(const char *name) {
+    auto gid = nameToGid(name);
+    RUNNER_ASSERT_MSG(gid.has_value(), "Error in getgrnam. Group name: " << name);
+    return *gid;
+}
+
+std::optional<gid_t> getSystemAccessGid() noexcept {
+    if (smack_check())
+        return std::nullopt;
+
+    static const std::optional<gid_t> SYSTEM_ACCESS_GID = nameToGid("system_access");
+    return SYSTEM_ACCESS_GID;
 }
 
+gid_t checkedGetSystemAccessGid() {
+    auto gid = getSystemAccessGid();
+    RUNNER_ASSERT_MSG(gid.has_value(), "Failed to get system_access gid");
+    return *gid;
+};

diff --git a/src/common/tests_common.h b/src/common/tests_common.h
index 681e7b517d7c54750d747447d1fa781660df5f13..3205b51df9882aebdb1d627ccb48b451b4adcd3d 100644 (file)
--- a/src/common/tests_common.h
+++ b/src/common/tests_common.h
@@ -31,6 +31,7 @@
 #include <dpl/test/test_runner_multiprocess.h>
 
 #include <algorithm>
+#include <optional>
 #include <sys/types.h>
 #include <string>
 #include <tuple>
@@ -47,7 +48,12 @@ void mktreeSafe(const std::string &path, mode_t mode);
 void waitPid(pid_t pid);
 
 pid_t runInChild(const std::function<void(void)> &process);
-void runInChildParentWait(const std::function<void(void)> &process);
+pid_t runInChildParentWait(const std::function<void(void)> &process);
+
+[[nodiscard]] std::optional<gid_t> nameToGid(const char *name) noexcept;
+[[nodiscard]] gid_t checkedNameToGid(const char *name);
+[[nodiscard]] std::optional<gid_t> getSystemAccessGid() noexcept;
+[[nodiscard]] gid_t checkedGetSystemAccessGid();
 
 #define RUNNER_TEST_SMACK(Proc, ...)                                                        \
     void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple);                                  \

diff --git a/src/nether-tests/CMakeLists.txt b/src/nether-tests/CMakeLists.txt
index 5cf79156191c3a0e82cabad8cce350ee1dc82032..d694bdc1d9e62f709105bf05fad4f5601a999363 100644 (file)
--- a/src/nether-tests/CMakeLists.txt
+++ b/src/nether-tests/CMakeLists.txt
@@ -30,6 +30,7 @@ SET(NETHER_TESTS_SOURCES
     ${PROJECT_SOURCE_DIR}/src/common/sm_user_request.cpp
     ${PROJECT_SOURCE_DIR}/src/common/sm_policy_request.cpp
     ${PROJECT_SOURCE_DIR}/src/common/app_install_helper.cpp
+    ${PROJECT_SOURCE_DIR}/src/common/dac.cpp
     ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_commons.cpp
     ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/policy_configuration.cpp
     ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/template_parser.cpp

diff --git a/src/security-manager-tests/CMakeLists.txt b/src/security-manager-tests/CMakeLists.txt
index 1c8a8ecb71893160d285fc8b19f7cbb536447213..57d277f098f85540e558262922e177f965ca185f 100644 (file)
--- a/src/security-manager-tests/CMakeLists.txt
+++ b/src/security-manager-tests/CMakeLists.txt
@@ -37,7 +37,8 @@ PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP
     libcap
     dbus-1
     libgum
-    boost)
+    boost
+    libacl)
 
 
 SET(TARGET_SEC_MGR_TESTS "security-manager-tests")

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/.level_1/.level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/.level_1/.level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/.level_1/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/.level_1/level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/.level_1/level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/.level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/.level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/.level_1/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/.level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/.level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/level_2/link_to_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/level_2/link_to_non_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/link_to_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/link_to_non_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/level_1/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/.level_1/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/level_1/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/link_to_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_dir/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_app_normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/link_to_non_exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_public_ro/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/.level_1/.level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/.level_1/.level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/.level_1/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/.level_1/level_2/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/.level_1/level_2/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_ro/exec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_rw_others_ro/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id/app_dir_rw_others_ro/normal
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/.level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/link_to_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/.level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/level_2/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/exec
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_rw_others_ro/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_rw_others_ro/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/.level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_exec
deleted file mode 120000 (symlink)
index a3a6771..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_exec
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir/exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_normal
deleted file mode 120000 (symlink)
index 1fdebec..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_normal
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir/normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/.level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_exec
deleted file mode 120000 (symlink)
index f1b66f3..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_exec
+++ /dev/null
@@ -1 +0,0 @@
-exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_non_exec
deleted file mode 120000 (symlink)
index 5ae0346..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_non_exec
+++ /dev/null
@@ -1 +0,0 @@
-normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_exec
deleted file mode 120000 (symlink)
index f1b66f3..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_exec
+++ /dev/null
@@ -1 +0,0 @@
-exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_non_exec
deleted file mode 120000 (symlink)
index 5ae0346..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_non_exec
+++ /dev/null
@@ -1 +0,0 @@
-normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_exec
deleted file mode 120000 (symlink)
index f1b66f3..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_exec
+++ /dev/null
@@ -1 +0,0 @@
-exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_dir b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_dir
deleted file mode 120000 (symlink)
index 45083fb..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_dir
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_exec
deleted file mode 120000 (symlink)
index a3a6771..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_exec
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir/exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_normal
deleted file mode 120000 (symlink)
index 1fdebec..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_normal
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir/normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_exec
deleted file mode 120000 (symlink)
index 5ae0346..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_exec
+++ /dev/null
@@ -1 +0,0 @@
-normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec
deleted file mode 120000 (symlink)
index f1b66f3..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec
+++ /dev/null
@@ -1 +0,0 @@
-exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec
deleted file mode 120000 (symlink)
index 5ae0346..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec
+++ /dev/null
@@ -1 +0,0 @@
-normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_exec
deleted file mode 120000 (symlink)
index f1b66f3..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_exec
+++ /dev/null
@@ -1 +0,0 @@
-exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec
deleted file mode 120000 (symlink)
index 5ae0346..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec
+++ /dev/null
@@ -1 +0,0 @@
-normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_exec
deleted file mode 120000 (symlink)
index f1b66f3..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_exec
+++ /dev/null
@@ -1 +0,0 @@
-exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_dir b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_dir
deleted file mode 120000 (symlink)
index 45083fb..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_dir
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_exec
deleted file mode 120000 (symlink)
index a3a6771..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_exec
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir/exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_normal
deleted file mode 120000 (symlink)
index 1fdebec..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_normal
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir/normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_exec
deleted file mode 120000 (symlink)
index 5ae0346..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_exec
+++ /dev/null
@@ -1 +0,0 @@
-normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/.level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_exec
deleted file mode 120000 (symlink)
index a3a6771..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_exec
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir/exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_normal
deleted file mode 120000 (symlink)
index 1fdebec..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_normal
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir/normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/.level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/.level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/exec
deleted file mode 100755 (executable)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_exec
deleted file mode 120000 (symlink)
index f1b66f3..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_exec
+++ /dev/null
@@ -1 +0,0 @@
-exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_non_exec
deleted file mode 120000 (symlink)
index 5ae0346..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_non_exec
+++ /dev/null
@@ -1 +0,0 @@
-normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_exec
deleted file mode 120000 (symlink)
index f1b66f3..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_exec
+++ /dev/null
@@ -1 +0,0 @@
-exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_non_exec
deleted file mode 120000 (symlink)
index 5ae0346..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_non_exec
+++ /dev/null
@@ -1 +0,0 @@
-normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_exec
deleted file mode 120000 (symlink)
index f1b66f3..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_exec
+++ /dev/null
@@ -1 +0,0 @@
-exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_dir b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_dir
deleted file mode 120000 (symlink)
index 45083fb..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_dir
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_exec
deleted file mode 120000 (symlink)
index a3a6771..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_exec
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir/exec
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_normal
deleted file mode 120000 (symlink)
index 1fdebec..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_normal
+++ /dev/null
@@ -1 +0,0 @@
-../../non_app_dir/normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_exec
deleted file mode 120000 (symlink)
index 5ae0346..0000000
--- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_exec
+++ /dev/null
@@ -1 +0,0 @@
-normal
\ No newline at end of file

diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/normal
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/src/security-manager-tests/common/app_install_helper_ext.cpp b/src/security-manager-tests/common/app_install_helper_ext.cpp
index c6e2c4ba93703dba857ab8ccee2088ff62f293c4..b4de639f2cc87192f7d6e3f078060c58c160a26a 100644 (file)
--- a/src/security-manager-tests/common/app_install_helper_ext.cpp
+++ b/src/security-manager-tests/common/app_install_helper_ext.cpp
@@ -226,8 +226,8 @@ void AppInstallHelperExt::checkSmackAccesses(std::vector<AccessRequest> rules, b
 {
 #ifdef SMACK_ENABLED
     const std::pair<std::string, std::string> switchAliases[] = {
-        {"~PATH_RW~", generatePathRWLabel(m_pkgName)},
-        {"~PATH_RO~", generatePathROLabel(m_pkgName)},
+        {"~PATH_RW~", generateOwnerRWPathLabel(m_pkgName)},
+        {"~PATH_RO~", generateOwnerROPathLabel(m_pkgName)},
         {"~PROCESS~", generateProcessLabel(m_appName, m_pkgName, m_isHybrid)}
     };
 
@@ -264,8 +264,8 @@ void AppInstallHelperExt::checkSmackAccesses(std::vector<AccessRequest> rules, b
 void AppInstallHelperExt::checkPkgSmackRulesAfterUninstall() const
 {
     const std::vector<AccessRequest> rules(parseSmackRulesFile(SMACK_RULES_PATH));
-    const std::string labels[] = {generatePathRWLabel(m_pkgName),
-                                  generatePathROLabel(m_pkgName),
+    const std::string labels[] = {generateOwnerRWPathLabel(m_pkgName),
+                                  generateOwnerROPathLabel(m_pkgName),
                                   generateProcessLabel(m_appName, m_pkgName, true),
                                   generateProcessLabel(m_appName, m_pkgName)};
 

diff --git a/src/security-manager-tests/common/policy_configuration.cpp b/src/security-manager-tests/common/policy_configuration.cpp
index db347671e3bf841fa614045002a1cfd1b0a18075..7ee8a04803669d411aa43804248f86e2b377d6a0 100644 (file)
--- a/src/security-manager-tests/common/policy_configuration.cpp
+++ b/src/security-manager-tests/common/policy_configuration.cpp
@@ -20,13 +20,13 @@
 #include <vector>
 #include <stdexcept>
 
-#include <grp.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #include <dpl/test/test_runner.h>
 #include <dpl/test/test_runner_child.h>
 #include <policy_configuration.h>
+#include "tests_common.h"
 
 #define CONF_DIR "/usr/share/security-manager/policy/"
 #define CONF_GROUP_FILE "privilege-group.list"
@@ -86,16 +86,6 @@ PolicyConfiguration::SmackPrivRulesMap parsePrivilegeSmackList() {
 
 } // namespace anonymous
 
-gid_t nameToGid(const char *name) {
-    struct group entry, *gresult;
-    char buffer[1024];
-    RUNNER_ASSERT_MSG(
-        0 == getgrnam_r(name, &entry, buffer, 1024, &gresult) && (gresult != NULL),
-        "Error in getgrnam. Group name: " << name);
-    return entry.gr_gid;
-}
-
-
 std::string PolicyConfiguration::getConfigFilePath(UserType userType) {
     const char *user = NULL;
     switch(userType) {
@@ -144,7 +134,7 @@ PolicyConfiguration::UserDescription& PolicyConfiguration::getUserDescription(Po
 gid_t PolicyConfiguration::groupToGid(const std::string &gname) {
     auto it = m_groupGidMap.find(gname);
     if (it == m_groupGidMap.end())
-        m_groupGidMap[gname] = nameToGid(gname.c_str());
+        m_groupGidMap[gname] = checkedNameToGid(gname.c_str());
     return m_groupGidMap[gname];
 }
 

diff --git a/src/security-manager-tests/common/policy_configuration.h b/src/security-manager-tests/common/policy_configuration.h
index cd89dc92f2eeb259b64a352845568eaaa86270d1..3f8b236499ff969cb689a7fe0154354258cab1e2 100644 (file)
--- a/src/security-manager-tests/common/policy_configuration.h
+++ b/src/security-manager-tests/common/policy_configuration.h
@@ -27,8 +27,6 @@
 
 namespace SecurityManagerTest {
 
-gid_t nameToGid(const char *name);
-
 class PolicyConfiguration {
 public:
     typedef std::vector<gid_t> GidVector;

diff --git a/src/security-manager-tests/common/sm_commons.cpp b/src/security-manager-tests/common/sm_commons.cpp
index d8f60b1a94064f8dba9e0f48d5dbb7938b50bf2a..12add6e152b62b8c2537f40d8cb077e54807d13d 100644 (file)
--- a/src/security-manager-tests/common/sm_commons.cpp
+++ b/src/security-manager-tests/common/sm_commons.cpp
@@ -43,77 +43,89 @@
 #include <template_parser.h>
 #include <temp_test_user.h>
 
+#include "dac.h"
+
 using namespace SecurityManagerTest;
 
-#define ALLOW 0
-#define DENY -1
+namespace {
+inline constexpr int ALLOW = 0;
+inline constexpr int DENY = -1;
+
+const std::vector<std::string> SM_SYSTEM_LABELS = {"System", "System::Privileged", "User"};
+
+int getOppositeAccessType(int accessType) noexcept {
+    return accessType ^ (R_OK | W_OK | X_OK);
+}
+
+const std::unordered_map<int, const char* const> accessTypeToString {
+    std::make_pair(0, "F_OK"),
+    std::make_pair(1, "X_OK"),
+    std::make_pair(2, "W_OK"),
+    std::make_pair(3, "W_OK|X_OK"),
+    std::make_pair(4, "R_OK"),
+    std::make_pair(5, "R_OK|X_OK"),
+    std::make_pair(6, "R_OK|W_OK"),
+    std::make_pair(7, "R_OK|W_OK|X_OK")
+};
 
 // Common DB/nftw checks
 
 // nftw doesn't allow passing user data to functions. Work around by using global variable
-static std::string nftw_expected_label;
+Access nftw_expected_access;
 bool nftw_expected_transmute;
 bool nftw_expected_exec;
 
-static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
-                              const char* correctLabel, bool transmute_test, bool exec_test)
+int nftw_check_sm_access(const char *fpath,
+                         const struct stat *sb,
+                         int /*typeflag*/,
+                         struct FTW* /*ftwbuf*/)
 {
-#if SMACK_ENABLED
-    int result;
-    CStringPtr labelPtr;
-    char* label = nullptr;
-
-    /* ACCESS */
-    result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
-    RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
-    labelPtr.reset(label);
-    RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
-    result = strcmp(correctLabel, label);
-    RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
-            " (should be '" << correctLabel << "' and is '" << label << "')");
-
-
-    /* EXEC */
-    result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
-    RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
-    labelPtr.reset(label);
-
-    if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
-        RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
-        result = strcmp(correctLabel, label);
-        RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
-    } else
-        RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
-
-    /* TRANSMUTE */
-    result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
-    RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
-    labelPtr.reset(label);
-
-    if (S_ISDIR(sb->st_mode) && transmute_test == true) {
-        RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
-        RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
-                "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
-    } else {
-        RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
+    if (smack_check()) {
+        int result;
+        CStringPtr labelPtr;
+        char* label = nullptr;
+
+        /* ACCESS */
+        result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
+        RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+        labelPtr.reset(label);
+        RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
+        RUNNER_ASSERT_MSG(nftw_expected_access.label == label, "ACCESS label on " << fpath << " is incorrect"
+                " (should be '" << nftw_expected_access.label << "' and is '" << label << "')");
+
+        /* EXEC */
+        result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
+        RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+        labelPtr.reset(label);
+
+        if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && nftw_expected_exec) {
+            RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
+            RUNNER_ASSERT_MSG(nftw_expected_access.label == label, "Incorrect EXEC label on executable file " << fpath);
+        } else
+            RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
+
+
+        /* TRANSMUTE */
+        result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
+        RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+        labelPtr.reset(label);
+
+        if (S_ISDIR(sb->st_mode) && nftw_expected_transmute) {
+            RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
+            RUNNER_ASSERT_MSG(strcmp(label, "TRUE") == 0,
+                    "TRANSMUTE label on " << fpath << " is not set properly: '" << label << "'");
+        } else {
+            RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
+        }
     }
-#else
-    (void)fpath;
-    (void)sb;
-    (void)correctLabel;
-    (void)transmute_test;
-    (void)exec_test;
-#endif
+
+    if (nftw_expected_access.dac.has_value())
+        CheckDac(fpath, *nftw_expected_access.dac);
+
     return 0;
 }
 
-static int nftw_check_sm_labels(const char *fpath, const struct stat *sb,
-                               int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
-    return nftw_check_sm_labels_app_dir(fpath, sb,
-        nftw_expected_label.c_str(), nftw_expected_transmute, nftw_expected_exec);
-}
+} // namespace
 
 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
                        int /*typeflag*/, struct FTW* /*ftwbuf*/)
@@ -129,13 +141,13 @@ int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
     return 0;
 }
 
-void check_path(const std::string &path, const std::string &label, bool transmute, bool execute) {
-    nftw_expected_label = label;
+void check_path(const std::string &path, const Access &access, bool transmute, bool execute) {
+    nftw_expected_access = access;
     nftw_expected_transmute = transmute;
     nftw_expected_exec = execute;
 
     // check labels
-    int result = nftw(path.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
+    int result = nftw(path.c_str(), &nftw_check_sm_access, FTW_MAX_FDS, FTW_PHYS);
     RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << path);
 }
 
@@ -149,21 +161,6 @@ CapsSetsUniquePtr setCaps(const char *cap_string)
     return caps;
 }
 
-static int getOppositeAccessType(int accessType) {
-    return accessType ^ (R_OK | W_OK | X_OK);
-}
-
-static const std::unordered_map<int, const char* const> accessTypeToString {
-    std::make_pair(0, "F_OK"),
-    std::make_pair(1, "X_OK"),
-    std::make_pair(2, "W_OK"),
-    std::make_pair(3, "W_OK|X_OK"),
-    std::make_pair(4, "R_OK"),
-    std::make_pair(5, "R_OK|X_OK"),
-    std::make_pair(6, "R_OK|W_OK"),
-    std::make_pair(7, "R_OK|W_OK|X_OK")
-};
-
 void accessCheck(const std::string &id, const std::string &path, int accessType,
                  int expected)
 {
@@ -204,17 +201,17 @@ void runAccessTest(const std::string &label, uid_t uid, gid_t gid,
 
 void runAccessTest(const AppInstallHelper &app, const std::string &testPath, int accessType) {
     auto fun = [&](){
-        Api::setAppProcessIdentity(app.getAppId());
-        RUNNER_ASSERT_ERRNO_MSG(0 == drop_root_privileges(app.getUID(), app.getGID()),
-                                "drop_root_privileges failed.");
+        RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(app.getUID(), app.getGID()) == 0,
+                                "launcher failed");
+        Api::prepareAppCandidate();
+        Api::prepareApp(app.getAppId());
         accessTest(app.getAppId(), testPath, accessType);
     };
 
-    runInChildParentWait(fun);
+    auto pid = runInChildParentWait(fun);
+    Api::cleanupApp(app.getAppId(), app.getUID(), pid);
 }
 
-static const std::vector<std::string> SM_SYSTEM_LABELS = {"System", "System::Privileged", "User"};
-
 void runSystemAccessTest(uid_t uid, gid_t gid, const std::string &testPath, int accessType) {
     for (const auto &label : SM_SYSTEM_LABELS)
         runAccessTest(label, uid, gid, testPath, accessType);
@@ -276,4 +273,3 @@ int setLauncherSecurityAttributes(TemporaryTestUser &user)
 {
     return setLauncherSecurityAttributes(user.getUid(), user.getGid());
 }
-

diff --git a/src/security-manager-tests/common/sm_commons.h b/src/security-manager-tests/common/sm_commons.h
index 427657d9ba7ed2b739550a7a2bbb6166f859ddee..2df2caf9a1a4805149090fc2641ce30eb2a2d23c 100644 (file)
--- a/src/security-manager-tests/common/sm_commons.h
+++ b/src/security-manager-tests/common/sm_commons.h
@@ -33,7 +33,7 @@ const int FTW_MAX_FDS = 16;
 
 int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
                        int /*typeflag*/, struct FTW* /*ftwbuf*/);
-void check_path(const std::string &path, const std::string &label,
+void check_path(const std::string &path, const Access &access,
                 bool transmute = true, bool execute = false);
 
 CapsSetsUniquePtr setCaps(const char *cap_string);

diff --git a/src/security-manager-tests/run-security-manager-no-smack-tests.sh b/src/security-manager-tests/run-security-manager-no-smack-tests.sh
index 99ba48619b07c3fa33c1d709c118236a813ab696..3dd16bb737c08150650b90140ee4f44bdee84822 100644 (file)
--- a/src/security-manager-tests/run-security-manager-no-smack-tests.sh
+++ b/src/security-manager-tests/run-security-manager-no-smack-tests.sh
@@ -69,7 +69,13 @@ required=(
        security_manager_11a_set_identity_system
        security_manager_11b_set_identity_privileged
        security_manager_11c_set_identity_app_no_author
+       app_defined_06_get_provider
+       app_defined_07_get_provider_license
+       app_defined_08_add_get_license_with_untrusted_priv
+       app_defined_09_add_get_client_license
        app_defined_10_check_system_privileges
+       app_defined_11_invalid_license
+       app_defined_12_invalid_common_name
        security_manager_22_security_manager_cmd_install
        security_manager_23_security_manager_cmd_users
        security_manager_51b_get_id_by_socket_bad_fd
@@ -139,8 +145,19 @@ required=(
        security_manager_66_path_req_check_labels
        security_manager_67_path_req_shared_ro_3_0
        security_manager_68_path_req_shared_ro_2_X
+       security_manager_69_path_req_trusted_rw_no_author
        security_manager_70_path_req_trusted_rw_positive
+       security_manager_76_owner_access
+       security_manager_7x_test
+       security_manager_77_owner_other_access_version_combinations
+       security_manager_78_another_pkg_shared_ro_have_ro_access_to_shared_ro
+       security_manager_79a_same_pkg_shared_ro_have_ro_access_to_shared_ro
+       security_manager_79b_same_pkg_shared_ro_have_ro_access_to_shared_ro
+       security_manager_80_same_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir
+       security_manager_81_add_path_to_app_and_check_all
        security_manager_82_add_invalid_path_to_app_and_check_all
+       security_manager_83_install_uninstall_shared_ro_app_and_check_cleaning
+       security_manager_84_install_uninstall_shared_ro_two_apps_in_one_pkg
        smack_privileges_10_no_privileges
        smack_privileges_20_internet_privilege
        smack_privileges_30_one_after_another
@@ -166,6 +183,13 @@ required=(
        smack_privileges_400_malformed
        security_manager_40_set_wrong_author_id
        security_manager_41_set_author_id_multiple_times
+       security_manager_43_app_install_with_trusted_path
+       security_manager_44_app_install_with_trusted_path_no_author_id
+       security_manager_45_test_authorId_identificator_creation
+       security_manager_46a_pkgId_deinstalation_test_hybrid
+       security_manager_46b_pkgId_deinstalation_test_nonhybrid
+       security_manager_46c_pkgId_deinstalation_test_hybrid_only_provider
+       security_manager_46d_pkgId_deinstalation_test_hybrid_only_trusted
 )
 
 function run_tests_and_exit {

diff --git a/src/security-manager-tests/security_manager_tests.cpp b/src/security-manager-tests/security_manager_tests.cpp
index c03df0cc34032e4f2d6005911280a91805858961..cc31c0e05e4dac09188d78cb28e246dfe7e121d5 100644 (file)
--- a/src/security-manager-tests/security_manager_tests.cpp
+++ b/src/security-manager-tests/security_manager_tests.cpp
@@ -14,9 +14,50 @@
  *    limitations under the License.
  */
 
-#include <dpl/test/test_runner.h>
+#include "dpl/test/test_runner.h"
+#include "tests_common.h"
+
+#include <grp.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+namespace {
+
+int addSystemAccessGroupForCurrentProcess()
+{
+    static constexpr size_t MAX_GROUPS = 100;
+    gid_t gids[MAX_GROUPS + 1];
+    int cnt = getgroups(MAX_GROUPS, gids);
+    if (cnt == -1) {
+        std::cerr << "getgroups() failed\n";
+        return -1;
+    }
+
+    auto gid = getSystemAccessGid();
+    if (!gid.has_value()) {
+        std::cerr << "Failed to get system_access gid\n";
+        return -1;
+    }
+
+    gids[cnt] = *gid;
+    cnt++;
+
+    if (setgroups(cnt, gids) < 0) {
+        std::cerr << "setgroups failed\n";
+        return -1;
+    }
+    return 0;
+}
+
+} // namespace
 
 int main(int argc, char *argv[])
 {
+    if (!smack_check()) {
+        int ret = addSystemAccessGroupForCurrentProcess();
+        if (ret != 0)
+            return ret;
+    }
+
     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
 }

diff --git a/src/security-manager-tests/test_cases.cpp b/src/security-manager-tests/test_cases.cpp
index 732afa34bd4d3869810e726de07b8965ebe41ecb..46f3451969cdf8216171dfcf70833c8dfb46c3d6 100644 (file)
--- a/src/security-manager-tests/test_cases.cpp
+++ b/src/security-manager-tests/test_cases.cpp
@@ -102,10 +102,9 @@ RUNNER_CHILD_TEST(security_manager_01c_app_uninstall_wrong_pkg_id)
  */
 RUNNER_TEST(security_manager_01d_app_install_complicated_dir_tree)
 {
-    const std::string appId = "sm_test_01d_app_id_full";
-    const std::string pkgId = "sm_test_01d_pkg_id_full";
+    AppInstallHelper app("sm_test_01d");
 
-    const std::string rootDir = TzPlatformConfig::globalAppDir() + "/" + pkgId + "/";
+    const std::string rootDir = TzPlatformConfig::globalAppDir() + "/" + app.getPkgId() + "/";
     const std::string privateDir = rootDir + "app_dir/";
     const std::string privateRODir = rootDir + "app_dir_ro/";
     const std::string publicRODir = rootDir + "app_dir_public_ro/";
@@ -115,8 +114,8 @@ RUNNER_TEST(security_manager_01d_app_install_complicated_dir_tree)
     RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << rootDir);
 
     InstallRequest requestInst;
-    requestInst.setAppId(appId);
-    requestInst.setPkgId(pkgId);
+    requestInst.setAppId(app.getAppId());
+    requestInst.setPkgId(app.getPkgId());
     requestInst.addPath(privateDir, SECURITY_MANAGER_PATH_RW);
     requestInst.addPath(privateRODir, SECURITY_MANAGER_PATH_RO);
     requestInst.addPath(publicRODir, SECURITY_MANAGER_PATH_PUBLIC_RO);
@@ -128,13 +127,13 @@ RUNNER_TEST(security_manager_01d_app_install_complicated_dir_tree)
                 Api::uninstall(*req);
     });
 
-    check_path(privateDir, generatePathRWLabel(pkgId));
-    check_path(privateRODir, generatePathROLabel(pkgId), false);
-    check_path(publicRODir, getPublicPathLabel());
-    check_path(sharedRODir, getSharedROPathLabel());
+    check_path(privateDir, app.pathOwnerRWAccess());
+    check_path(privateRODir, app.pathOwnerROAccess(), false);
+    check_path(publicRODir, app.pathOwnerROOtherROAccess());
+    check_path(sharedRODir, app.pathOwnerRWOtherROAccess());
 }
 
-RUNNER_CHILD_TEST(security_manager_02_app_install_uninstall_full)
+RUNNER_TEST(security_manager_02_app_install_uninstall_full)
 {
     const PrivilegeVector defaultPrivs = {
         PRIV_INTERNAL_AUDIO,
@@ -162,10 +161,10 @@ RUNNER_CHILD_TEST(security_manager_02_app_install_uninstall_full)
             ScopedAppLauncher launcher(app, [&]{ app.checkGroupPrivileges(defaultAllowedPrivs); });
         }
 
-        check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
-        check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
-        check_path(app.getPublicDir(), getPublicPathLabel());
-        check_path(app.getSharedRODir(), getSharedROPathLabel());
+        check_path(app.getPrivateDir(), app.pathOwnerRWAccess());
+        check_path(app.getPrivateRODir(), app.pathOwnerROAccess(), false);
+        check_path(app.getPublicDir(), app.pathOwnerROOtherROAccess());
+        check_path(app.getSharedRODir(), app.pathOwnerRWOtherROAccess());
     }
 
     app.checkAfterUninstall();

diff --git a/src/security-manager-tests/test_cases_paths.cpp b/src/security-manager-tests/test_cases_paths.cpp
index 6e6652f2795e63ae6221ab2ae1d1c11b9543774e..fe5dcdae8640f91249e870ba89af41ddc261fe35 100644 (file)
--- a/src/security-manager-tests/test_cases_paths.cpp
+++ b/src/security-manager-tests/test_cases_paths.cpp
@@ -26,9 +26,9 @@ using namespace SecurityManagerTest;
 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PATHS)
 
 static void checkPaths(const AppInstallHelper &app, AppInstallHelper::RootType type) {
-    check_path(app.getPrivateDir(0, type), generatePathRWLabel(app.getPkgId()));
-    check_path(app.getPrivateRODir(0, type), generatePathROLabel(app.getPkgId()), false);
-    check_path(app.getPublicDir(type), getPublicPathLabel());
+    check_path(app.getPrivateDir(0, type), app.pathOwnerRWAccess());
+    check_path(app.getPrivateRODir(0, type), app.pathOwnerROAccess(), false);
+    check_path(app.getPublicDir(type), app.pathOwnerROOtherROAccess());
 }
 
 RUNNER_TEST(security_manager_101_paths_global_extended)
@@ -67,10 +67,10 @@ RUNNER_TEST(security_manager_103_paths_global_skel)
 
     ScopedInstaller install(app);
 
-    check_path(app.getPrivateDir(0, AppInstallHelper::RootType::SKEL), generatePathRWLabel(app.getPkgId()));
+    check_path(app.getPrivateDir(0, AppInstallHelper::RootType::SKEL), app.pathOwnerRWAccess());
     // Below doesn't work, because /etc/skel/apps_rw has transmute and label "User::Home", to which "System::Privileged" has a 't' access
     //check_path(app.getPrivateRODir(0, AppInstallHelper::RootType::SKEL), generatePathROLabel(app.getPkgId()), false);
-    check_path(app.getPublicDir(AppInstallHelper::RootType::SKEL), getPublicPathLabel());
+    check_path(app.getPublicDir(AppInstallHelper::RootType::SKEL), app.pathOwnerROOtherROAccess());
 }
 
 RUNNER_TEST(security_manager_104_paths_local_skel)

diff --git a/src/security-manager-tests/test_cases_register_paths.cpp b/src/security-manager-tests/test_cases_register_paths.cpp
index 26970c0d3477f9c4dd9a020f271c266f855829c8..1f2229c1daa73ef1370c4b6382c40bbd55e5ea7b 100644 (file)
--- a/src/security-manager-tests/test_cases_register_paths.cpp
+++ b/src/security-manager-tests/test_cases_register_paths.cpp
@@ -344,10 +344,10 @@ RUNNER_TEST(security_manager_66_path_req_check_labels)
     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
     Api::registerPaths(preq);
 
-    check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
-    check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
-    check_path(app.getPublicDir(), getPublicPathLabel());
-    check_path(app.getSharedRODir(), getSharedROPathLabel());
+    check_path(app.getPrivateDir(), app.pathOwnerRWAccess());
+    check_path(app.getPrivateRODir(), app.pathOwnerROAccess(), false);
+    check_path(app.getPublicDir(), app.pathOwnerROOtherROAccess());
+    check_path(app.getSharedRODir(), app.pathOwnerRWOtherROAccess());
 }
 
 RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
@@ -367,7 +367,7 @@ RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 
     Api::registerPaths(preq);
-    check_path(app.getSharedRODir(), getSharedROPathLabel());
+    check_path(app.getSharedRODir(), app.pathOwnerRWOtherROAccess());
 }
 
 RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
@@ -387,7 +387,7 @@ RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
     preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
 
     Api::registerPaths(preq);
-    check_path(app.getSharedRODir(), getSharedROPathLabel());
+    check_path(app.getSharedRODir(), app.pathOwnerRWOtherROAccess());
 }
 
 RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)

diff --git a/src/security-manager-tests/test_cases_trusted_sharing.cpp b/src/security-manager-tests/test_cases_trusted_sharing.cpp
index 76cb0f56ea17a0130cef37b1af342037fcdb2866..9c6cb935c1bcae3ec6ef521af6cb282fc9038c39 100644 (file)
--- a/src/security-manager-tests/test_cases_trusted_sharing.cpp
+++ b/src/security-manager-tests/test_cases_trusted_sharing.cpp
@@ -115,8 +115,11 @@ RUNNER_CHILD_TEST(security_manager_43_app_install_with_trusted_path)
 
     userInstall.uninstallApp();
 
-    // no more apps with author id
-    runSystemAccessTest(user.getUid(), user.getGid(), trustedPath, 0);
+    // on no-smack the acl rule will disappear after directory removal
+    if (smack_check()) {
+        // no more apps with author id
+        runSystemAccessTest(user.getUid(), user.getGid(), trustedPath, 0);
+    }
 }
 
 
@@ -194,7 +197,9 @@ void test_46_pkgId_deinstallation(bool isFirstOneHybrid, bool isSecondOneHybrid)
 
     providerInstaller.uninstallApp();
 
-    runSystemAccessTest(user.getUid(), user.getGid(), trustedPath, 0);
+    // on no-smack the acl rule will disappear after directory removal
+    if (smack_check())
+        runSystemAccessTest(user.getUid(), user.getGid(), trustedPath, 0);
 }
 
 RUNNER_CHILD_TEST(security_manager_46a_pkgId_deinstalation_test_hybrid)