// Common const values
-const privileges_t SM_ALLOWED_PRIVILEGES = {
- "http://tizen.org/privilege/display",
- "http://tizen.org/privilege/nfc"
-};
-
-const privileges_t SM_DENIED_PRIVILEGES = {
- "http://tizen.org/privilege/bluetooth",
- "http://tizen.org/privilege/power"
-};
-
-const privileges_t SM_NO_PRIVILEGES = {
-};
-
const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
-const std::string uidToStr(const uid_t uid)
-{
- return std::to_string(static_cast<unsigned int>(uid));
-}
-
// Common implementation details
std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid)
return "User::Home";
}
-static std::string genPath(int app_num, const char *postfix) {
- char buf[16];
- sprintf(buf, "%02d", app_num);
- return TzPlatformConfig::globalAppDir() + "/sm_test_" + std::string(buf) + "_pkg_id_full/" + std::string(postfix);
-}
-
-std::string genRWPath(int app_num) {
- return genPath(app_num, "app_dir");
-}
-std::string genROPath(int app_num) {
- return genPath(app_num, "app_dir_ro");
-}
-std::string genPublicROPath(int app_num) {
- return genPath(app_num, "app_dir_public_ro");
-}
-
-std::string genOwnerRWOthersROPath(int app_num) {
- return genPath(app_num, "app_dir_rw_others_ro");
-}
-
-static std::string generatePkgLabelOwnerRWothersRO(const std::string &pkgId)
-{
- return "User::Pkg::" + pkgId + "::SharedRO";
-}
-
// Common DB/nftw checks
// nftw doesn't allow passing user data to functions. Work around by using global variable
return 0;
}
-static int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, "canary_label", SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, "canary_label", SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
int /*typeflag*/, struct FTW* /*ftwbuf*/)
{
return 0;
}
-static const std::string SM_DENIED_PATH = TzPlatformConfig::globalAppDir() + "/non_app_dir";
-
void check_app_permissions(const std::string &app_id, const std::string &pkg_id,
const std::string &user, const privileges_t &allowed_privs,
const privileges_t &denied_privs, bool isHybrid)
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << path);
}
-void check_app_path_after_install(int app_num, const char *pkgId, bool others_enabled)
-{
- std::string SM_RW_PATH = genRWPath(app_num);
- std::string SM_RO_PATH = genROPath(app_num);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(app_num);
- int result;
-
- nftw_expected_label = generatePathRWLabel(pkgId);
- nftw_expected_transmute = true;
- nftw_expected_exec = false;
-
- result = nftw(SM_RW_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH);
-
- nftw_expected_label = generatePathRWLabel(pkgId) + "::RO";
- nftw_expected_transmute = false;
- nftw_expected_exec = false;
-
- result = nftw(SM_RO_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH);
-
- nftw_expected_label = "User::Home";
- nftw_expected_transmute = true;
- nftw_expected_exec = false;
-
- result = nftw(SM_PUBLIC_RO_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
-
- result = nftw(SM_DENIED_PATH.c_str(), &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
-
- // owner RW, others RO
- if(others_enabled) {
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(app_num);
- nftw_expected_label = generatePkgLabelOwnerRWothersRO(pkgId);
- nftw_expected_transmute = true;
- nftw_expected_exec = false;
-
- result = nftw(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_OWNER_RW_OTHERS_RO_PATH);
- }
-}
-
void check_app_after_uninstall(const std::string &app_id, const std::string &pkg_id,
const bool is_pkg_removed)
{
/*Privileges should not be granted anymore to any user*/
- check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges, isHybrid);
+ check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, {}, privileges, isHybrid);
}
std::string access_opposite(std::string &access) {
return caps;
}
-static void prepare_app_path(int app_num, bool others_enabled = false)
-{
- std::string SM_RW_PATH = genRWPath(app_num);
- std::string SM_RO_PATH = genROPath(app_num);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(app_num);
- int result;
-
- result = nftw(SM_RW_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RW_PATH);
-
- result = nftw(SM_RO_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RO_PATH);
-
- result = nftw(SM_PUBLIC_RO_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
-
- if(others_enabled) {
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(app_num);
- result = nftw(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_OWNER_RW_OTHERS_RO_PATH);
- }
-
- result = nftw(SM_DENIED_PATH.c_str(), &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
-}
-
-void prepare_app_env(int app_num, bool others_enabled)
-{
- prepare_app_path(app_num, others_enabled);
-}
-
-void install_app(const std::string &app_id, const std::string &pkg_id, uid_t uid, app_install_type type,
- bool check_after)
-{
- InstallRequest request;
- request.setAppId(app_id);
- request.setPkgId(pkg_id);
- request.setUid(uid);
- if (type != SM_APP_INSTALL_NONE)
- request.setInstallType(type);
- Api::install(request);
-
- if (check_after)
- check_app_after_install(app_id, pkg_id);
-}
-
-void uninstall_app(const std::string &app_id, const std::string &pkg_id, bool expect_pkg_removed,
- app_install_type type, bool check_after)
-{
- InstallRequest request;
- request.setAppId(app_id);
- if (type != SM_APP_INSTALL_NONE)
- request.setInstallType(type);
- Api::uninstall(request);
-
- if (check_after)
- check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
-}
-
-static const std::string EXEC_FILE("exec");
-static const std::string NORMAL_FILE("normal");
-static const std::string LINK_PREFIX("link_to_");
-
-static void createTestDir(const std::string &dir)
-{
- mode_t dirMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
- mode_t execFileMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
- mode_t normalFileMode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
-
- mktreeSafe(dir, dirMode);
- creatSafe(dir + "/" + EXEC_FILE, execFileMode);
- creatSafe(dir + "/" + NORMAL_FILE, normalFileMode);
- symlinkSafe(dir + "/" + EXEC_FILE, dir + "/" + LINK_PREFIX + EXEC_FILE);
- symlinkSafe(dir + "/" + NORMAL_FILE, dir + "/" + LINK_PREFIX + NORMAL_FILE);
-}
-
-static void createInnerAppDir(const std::string &dir, const std::string &nonAppDir)
-{
- createTestDir(dir);
-
- symlinkSafe(nonAppDir, dir + "/" + LINK_PREFIX + "non_app_dir");
- symlinkSafe(nonAppDir + "/" + EXEC_FILE,
- dir + "/" + LINK_PREFIX + "non_app_" + EXEC_FILE);
- symlinkSafe(nonAppDir + "/" + NORMAL_FILE,
- dir + "/" + LINK_PREFIX + "non_app_" + NORMAL_FILE);
-}
-
-static const std::string nonAppDirPath(const TemporaryTestUser &user)
-{
- return TMP_DIR + "/" + user.getUserName();
-}
-
-static void generateAppDir(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- const std::string dir = TzPlatformConfig::appDirPath(user, appId, pkgId);
- const std::string nonAppDir = nonAppDirPath(user);
-
- createInnerAppDir(dir, nonAppDir);
- createInnerAppDir(dir + "/.inner_dir", nonAppDir);
- createInnerAppDir(dir + "/inner_dir", nonAppDir);
-}
-
-static void generateNonAppDir(const TemporaryTestUser &user)
-{
- const std::string dir = nonAppDirPath(user);
-
- createTestDir(dir);
- createTestDir(dir + "/.inner_dir");
- createTestDir(dir + "/inner_dir");
-}
-
-void createTestDirs(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- generateAppDir(user, appId, pkgId);
- generateNonAppDir(user);
-}
-
-void removeTestDirs(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- removeDir(TzPlatformConfig::appDirPath(user, appId, pkgId));
- removeDir(nonAppDirPath(user));
-}
-
pid_t runInChild(const std::function<void(void)> &process) {
pid_t pid = fork();
RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
}
void runInChildParentWait(const std::function<void(void)> &process) {
- SynchronizationPipe pipe;
pid_t pid = fork();
RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
-
if (pid == 0) {
- pipe.claimChildEp();
-
process();
-
- pipe.post();
exit(EXIT_SUCCESS);
} else {
- pipe.claimParentEp();
- pipe.wait();
+ waitPid(pid);
}
}
DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
-struct app_attributes {
- std::string package;
- std::string Tizen_ver;
-};
-
const int FTW_MAX_FDS = 16;
-extern const privileges_t SM_ALLOWED_PRIVILEGES;
-extern const privileges_t SM_DENIED_PRIVILEGES;
-extern const privileges_t SM_NO_PRIVILEGES;
extern const std::vector<std::string> SM_ALLOWED_GROUPS;
-const std::string SM_RW_PATH =
- TzPlatformConfig::globalAppDir() + "/sm_test_02_pkg_id_full/app_dir";
-
-const std::string uidToStr(const uid_t uid);
std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid = false);
std::string generatePathRWLabel(const std::string &pkgId);
std::string generatePathSharedROLabel(const std::string &pkgId);
std::string generatePathTrustedLabel(int64_t authorId);
std::string getPublicPathLabel();
-std::string genRWPath(int app_num);
-std::string genROPath(int app_num);
-std::string genPublicROPath(int app_num);
-std::string genOwnerRWOthersROPath(int app_num);
int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
int /*typeflag*/, struct FTW* /*ftwbuf*/);
bool isHybrid = false);
void check_path(const std::string &path, const std::string &label,
bool transmute = true, bool execute = false);
-void check_app_path_after_install(int app_num, const char *pkgId, bool others_enabled=false);
void check_app_after_uninstall(const std::string &app_id, const std::string &pkg_id,
const bool is_pkg_removed);
void check_app_after_uninstall(const std::string &app_id, const std::string &pkg_id,
const std::string &access);
CapsSetsUniquePtr setCaps(const char *cap_string);
-void prepare_app_env(int app_num, bool others_enabled = false);
-void install_app(const std::string &app_id, const std::string &pkg_id, uid_t uid = 0,
- app_install_type type = SM_APP_INSTALL_NONE, bool check_after = true);
-void uninstall_app(const std::string &app_id, const std::string &pkg_id,
- bool expect_pkg_removed = false, app_install_type type = SM_APP_INSTALL_NONE,
- bool check_after = true);
-
-void createTestDirs(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId);
-void removeTestDirs(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId);
pid_t runInChild(const std::function<void(void)> &process);
projects / platform / core / test / security-tests.git / commitdiff