#include <dpl/test/test_runner.h>
+#include <memory>
+
namespace SecurityManagerTest {
namespace Api {
+void free_cstring_list(char **p, size_t count) {
+ for (size_t i = 0; i < count; i++) {
+ free(p[i]);
+ }
+ delete [] p;
+}
+
void install(const InstallRequest &request, lib_retcode expectedResult)
{
int result = security_manager_app_install(request.get());
getConfiguredPolicy(filter, policyEntries, expectedResult, true);
}
+void getPrivilegesMappings(const char *version_from,
+ const char *version_to,
+ const std::vector<std::string> &privileges,
+ std::vector<std::string> &mappings,
+ lib_retcode expectedResult)
+{
+ char **mappings_buff = nullptr;
+ size_t mappings_count;
+
+ size_t i = 0;
+
+ std::unique_ptr<char *, std::function<void(char**)>> privileges_buff(new char*[privileges.size()],
+ std::bind(free_cstring_list, std::placeholders::_1, std::ref(i)));
+
+ for (; i < privileges.size(); i++) {
+ if (privileges[i].empty())
+ privileges_buff.get()[i] = nullptr;
+ else
+ privileges_buff.get()[i] = strdup(privileges[i].c_str());
+ RUNNER_ASSERT_MSG(privileges_buff.get()[i], "Couldn't copy string");
+ }
+
+ int result;
+ if (privileges.empty())
+ result = security_manager_get_privileges_mapping(version_from, version_to, nullptr,
+ privileges.size(), &mappings_buff, &mappings_count);
+ else
+ result = security_manager_get_privileges_mapping(version_from, version_to, privileges_buff.get(),
+ privileges.size(), &mappings_buff, &mappings_count);
+ RUNNER_ASSERT_MSG(static_cast<lib_retcode>(result) == expectedResult,
+ "Unexpected result in security_manager_get_privileges_mapping()" << std::endl
+ << "For version_from: " << version_from << " version_to: " << version_to << " for set of privileges" << std::endl
+ << " Result: " << result << " Expected: " << expectedResult);
+ for (size_t i = 0; i < mappings_count; i++) {
+ mappings.push_back(mappings_buff[i]);
+ }
+ security_manager_privilege_mapping_free(mappings_buff, mappings_count);
+}
+
} // namespace Api
} // namespace SecurityManagerTest
-#include <dpl/log/log.h>
-#include <dpl/test/test_runner.h>
+
#include <fcntl.h>
#include <stdio.h>
#include <memory.h>
-#include <string>
-#include <unordered_set>
-#include <sys/capability.h>
#include <semaphore.h>
-
#include <unistd.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/socket.h>
-#include <sys/un.h>
+
#include <attr/xattr.h>
#include <linux/xattr.h>
-
-#include <unistd.h>
+#include <sys/capability.h>
+#include <sys/socket.h>
#include <sys/types.h>
+#include <sys/un.h>
#include <sys/wait.h>
+#include <algorithm>
+#include <fstream>
+#include <string>
+#include <unordered_set>
+
#include <grp.h>
#include <pwd.h>
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-
#include <tzplatform_config.h>
#include <security-manager.h>
+
+#include <dpl/log/log.h>
+#include <dpl/test/test_runner.h>
+#include <libprivilege-control_test_common.h>
+#include <tests_common.h>
#include <sm_api.h>
#include <sm_db.h>
#include <sm_request.h>
}
};
+/* PRIVILEGE MAPPING TEST CONSTS */
+
+static const std::string OLD_VERSION = "2.4";
+static const std::string NEW_VERSION = "3.0";
+
+static const std::vector<std::string> OLD_PRIVILEGES = {
+ "http://tizen.org/privilege/internet.old",
+ "http://tizen.org/privilege/telephony.old",
+ "http://tizen.org/privilege/contact.old",
+ "http://tizen.org/privilege/led.old",
+ "http://tizen.org/privilege/email.old"
+};
+
+static const std::vector<privileges_t> &NEW_PRIVILEGES = MANY_APPS_PRIVILEGES;
+
+static const privileges_t DEFAULT_PRIVILEGES = {
+ "http://tizen.org/privilege/led",
+ "http://tizen.org/privilege/internet"
+};
+
static std::string generateAppLabel(const std::string &appId)
{
return "User::App::" + appId;
}
}
-RUNNER_CHILD_TEST(security_manager_10_user_cynara_policy)
+RUNNER_CHILD_TEST(security_manager_18_user_cynara_policy)
{
RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
const char *const MAIN_BUCKET = "MAIN";
admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
}
-RUNNER_CHILD_TEST(security_manager_11_security_manager_cmd_install)
+RUNNER_CHILD_TEST(security_manager_19_security_manager_cmd_install)
{
RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
int ret;
}
}
-RUNNER_CHILD_TEST(security_manager_12_security_manager_cmd_users)
+RUNNER_CHILD_TEST(security_manager_20_security_manager_cmd_users)
{
RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
int ret;
}
}
-RUNNER_MULTIPROCESS_TEST(security_manager_13_security_manager_admin_deny_user_priv)
+RUNNER_MULTIPROCESS_TEST(security_manager_21_security_manager_admin_deny_user_priv)
{
const int BUFFER_SIZE = 128;
struct message {
}
}
+void saveMappingsToDb(const std::string &version_from, const std::string &version_to,
+ const privileges_t &privileges, const std::vector<privileges_t> &mappings) {
+ TestSecurityManagerDatabase db;
+ RUNNER_ASSERT_MSG(privileges.size() == mappings.size(), "Wrong given privileges and mappings size");
+ auto privIt = privileges.begin();
+ auto mappIt = mappings.begin();
+ for (; privIt != privileges.end() && mappIt != mappings.end(); privIt++, mappIt++) {
+ for (const auto &mapping : *mappIt) {
+ db.setup_privilege_mapping(version_from, version_to, *privIt, mapping);
+ }
+ }
+}
+
+void saveDefaultMappingsToDb(const std::string &version_from, const std::string &version_to,
+ const privileges_t &privileges) {
+ TestSecurityManagerDatabase db;
+ for (auto &privilege : privileges) {
+ db.setup_default_version_privilege(version_from, version_to, privilege);
+ }
+}
+
+void concatUnique(privileges_t &to, const privileges_t &from) {
+ to.reserve(to.size() + from.size());
+ for (auto &new_priv : from) {
+ if (std::find(to.begin(), to.end(), new_priv) == to.end())
+ to.push_back(new_priv);
+ }
+}
+
+RUNNER_TEST(security_manager_22_get_privilege_mappings)
+{
+ saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES);
+ saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
+ privileges_t retrievedMapping;
+ std::string current;
+ auto expectedIt = NEW_PRIVILEGES.begin();
+ for (const auto &privilege : OLD_PRIVILEGES) {
+ retrievedMapping.clear();
+ std::vector<std::string> privilegeToMap = {privilege};
+ Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(),
+ privilegeToMap, retrievedMapping);
+ std::vector<std::string> expectedPrivileges = *expectedIt;
+ concatUnique(expectedPrivileges, DEFAULT_PRIVILEGES);
+ RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
+ "Wrong count of mappings returned for " << privilege << "."
+ " Got " << retrievedMapping.size()
+ << " expected " << expectedPrivileges.size());
+ RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
+ "Wrong mapping returned for " << privilege);
+ ++expectedIt;
+ }
+}
+
+RUNNER_TEST(security_manager_23_get_privileges_mappings)
+{
+ saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES);
+ saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
+
+ std::vector<std::string> retrievedMapping;
+ std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
+ for(auto &expected : NEW_PRIVILEGES) {
+ concatUnique(expectedPrivileges, expected);
+ }
+ const std::vector<std::string> &privilegesToMap = OLD_PRIVILEGES;
+
+ Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(), privilegesToMap, retrievedMapping);
+ RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
+ "Wrong count of mappings returned. Got " << retrievedMapping.size()
+ << " expected " << expectedPrivileges.size());
+ RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
+ "Wrong mapping returned for privileges set");
+}
+
+RUNNER_TEST(security_manager_24_get_privileges_mappings_default_version)
+{
+ saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES);
+ saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
+
+ std::vector<std::string> retrievedMapping;
+ std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
+ for(auto &expected : NEW_PRIVILEGES) {
+ concatUnique(expectedPrivileges, expected);
+ }
+ const std::vector<std::string> &privilegesToMap = OLD_PRIVILEGES;
+
+ Api::getPrivilegesMappings(OLD_VERSION.c_str(), nullptr, privilegesToMap, retrievedMapping);
+ RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
+ "Wrong count of mappings returned. Got " << retrievedMapping.size()
+ << " expected " << expectedPrivileges.size());
+ RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
+ "Wrong mapping returned for privileges set");
+}
+
+RUNNER_TEST(security_manager_25_get_default_mappings)
+{
+ saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
+
+ std::vector<std::string> retrievedMapping;
+ std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
+
+ // Empty privilege to map vector will indicate nullptr privilege array in security-manager API
+ std::vector<std::string> privilegeToMap;
+
+ Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(), privilegeToMap, retrievedMapping);
+ RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
+ "Wrong count of mappings returned. Got " << retrievedMapping.size()
+ << " expected " << expectedPrivileges.size());
+ RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
+ "Wrong default mapping returned");
+}
+
+RUNNER_TEST(security_manager_26_get_default_mappings_default_version)
+{
+ saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
+
+ std::vector<std::string> retrievedMapping;
+ std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
+
+ // Empty privilege to map vector will indicate nullptr privilege array in security-manager API
+ std::vector<std::string> privilegeToMap;
+
+ Api::getPrivilegesMappings(OLD_VERSION.c_str(), nullptr, privilegeToMap, retrievedMapping);
+ RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
+ "Wrong count of mappings returned. Got " << retrievedMapping.size()
+ << " expected " << expectedPrivileges.size());
+ RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
+ "Wrong default mapping returned");
+}
+
int main(int argc, char *argv[])
{
return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);