#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
#define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
+#define EFL_APP_ID "EFL_APP_ID"
+
#define WGT_APP_ID "QwCqJ0ttyS"
#define WGT_PARTNER_APP_ID "7btsV1Y0sX"
#define WGT_PLATFORM_APP_ID "G4DE3U2vmW"
const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", NULL };
const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", NULL };
const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", NULL };
+const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
+
#define LIBPRIVILEGE_APP_GROUP_LIST "/usr/share/privilege-control/app_group_list"
#define LIBPRIVILEGE_TEST_DAC_FILE "/usr/share/privilege-control/test_privilege_control_rules.dac"
#define APP_TEST_AV_2 "test-antivirus_2"
#define APP_TEST_AV_3 "test-av-3"
-#define SMACK_APPS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_apps_id.db"
-#define SMACK_AVS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_avs_id.db"
-#define SMACK_PUBLIC_DIRS_DATABASE "/opt/dbspace/.privilege_control_public_dirs.db"
-#define SMACK_APPS_SETTINGS_LABELS_DATABASE "/opt/dbspace/.privilege_control_app_setting.db"
-#define SMACK_SETTINGS_DIRS_DATABASE "/opt/dbspace/.privilege_control_setting_dir.db"
-
#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1"
#define APP_TEST_SETTINGS_ASP2 "test-app-settings-asp2"
#define APP_TEST_AV_ASP1 "test-app-av-asp1"
// ---- Macros and arrays used in stress tests ----
#define TEST_OSP_FEATURE_APP_ID "test-osp-feature-app"
#define TEST_WGT_FEATURE_APP_ID "test-wgt-feature-app"
-#define TEST_OSP_FEATURE "http://test-feature/osp_rxl"
-#define TEST_WGT_FEATURE "http://test-feature/wgt_rwx"
+#define TEST_OSP_FEATURE "OSP_test-feature.osp_rxl"
+#define TEST_WGT_FEATURE "WGT_test-feature.wgt_rxl"
// OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also!
const char *FILE_PATH_TEST_OSP_FEATURE = "/usr/share/privilege-control/OSP_test-feature.osp_rxl.smack";
const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl",
{ APP_ID, APPID_SHARED_DIR, "rwxat"}
};
-// Rules from test_privilege_control_rules2.smack
+// Rules from WRT_test_privilege_control_rules2.smack
const std::vector< std::vector<std::string> > rules2 = {
- { APP_ID, "test_book_8", "r" },
- { APP_ID, "test_book_9", "w" },
- { APP_ID, "test_book_10", "x" },
- { APP_ID, "test_book_11", "rw" },
- { APP_ID, "test_book_12", "rx" },
- { APP_ID, "test_book_13", "wx" },
- { APP_ID, "test_book_14", "rwx" },
- { APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", APP_ID, "r" },
- { "test_subject_9", APP_ID, "w" },
- { "test_subject_10", APP_ID, "x" },
- { "test_subject_11", APP_ID, "rw" },
- { "test_subject_12", APP_ID, "rx" },
- { "test_subject_13", APP_ID, "wx" },
- { "test_subject_14", APP_ID, "rwx" },
- { "test_subject_15", APP_ID, "rwxat" }
+ { WGT_APP_ID, "test_book_8", "r" },
+ { WGT_APP_ID, "test_book_9", "w" },
+ { WGT_APP_ID, "test_book_10", "x" },
+ { WGT_APP_ID, "test_book_11", "rw" },
+ { WGT_APP_ID, "test_book_12", "rx" },
+ { WGT_APP_ID, "test_book_13", "wx" },
+ { WGT_APP_ID, "test_book_14", "rwx" },
+ { WGT_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", WGT_APP_ID, "r" },
+ { "test_subject_9", WGT_APP_ID, "w" },
+ { "test_subject_10", WGT_APP_ID, "x" },
+ { "test_subject_11", WGT_APP_ID, "rw" },
+ { "test_subject_12", WGT_APP_ID, "rx" },
+ { "test_subject_13", WGT_APP_ID, "wx" },
+ { "test_subject_14", WGT_APP_ID, "rwx" },
+ { "test_subject_15", WGT_APP_ID, "rwxat" }
};
-// Rules from test_privilege_control_rules_no_r.smack
+// Rules from WRT_test_privilege_control_rules_no_r.smack
const std::vector< std::vector<std::string> > rules2_no_r = {
- { APP_ID, "test_book_9", "w" },
- { APP_ID, "test_book_10", "x" },
- { APP_ID, "test_book_11", "w" },
- { APP_ID, "test_book_12", "x" },
- { APP_ID, "test_book_13", "wx" },
- { APP_ID, "test_book_14", "wx" },
- { APP_ID, "test_book_15", "wxat" },
- { "test_subject_9", APP_ID, "w" },
- { "test_subject_10", APP_ID, "x" },
- { "test_subject_11", APP_ID, "w" },
- { "test_subject_12", APP_ID, "x" },
- { "test_subject_13", APP_ID, "wx" },
- { "test_subject_14", APP_ID, "wx" },
- { "test_subject_15", APP_ID, "wxat" }
+ { WGT_APP_ID, "test_book_9", "w" },
+ { WGT_APP_ID, "test_book_10", "x" },
+ { WGT_APP_ID, "test_book_11", "w" },
+ { WGT_APP_ID, "test_book_12", "x" },
+ { WGT_APP_ID, "test_book_13", "x" },
+ { WGT_APP_ID, "test_book_14", "wx" },
+ { WGT_APP_ID, "test_book_15", "wxat" },
+ { "test_subject_9", WGT_APP_ID, "w" },
+ { "test_subject_10", WGT_APP_ID, "x" },
+ { "test_subject_11", WGT_APP_ID, "w" },
+ { "test_subject_12", WGT_APP_ID, "x" },
+ { "test_subject_13", WGT_APP_ID, "x" },
+ { "test_subject_14", WGT_APP_ID, "wx" },
+ { "test_subject_15", WGT_APP_ID, "wxat" }
};
// Rules from test_privilege_control_rules.smack
-// minus test_privilege_control_rules_no_r.smack
+// minus WRT_test_privilege_control_rules_no_r.smack
const std::vector< std::vector<std::string> > rules2_r = {
- { APP_ID, "test_book_8", "r" },
- { APP_ID, "test_book_11", "r" },
- { APP_ID, "test_book_12", "r" },
- { APP_ID, "test_book_14", "r" },
- { APP_ID, "test_book_15", "r" },
- { "test_subject_8", APP_ID, "r" },
- { "test_subject_11", APP_ID, "r" },
- { "test_subject_12", APP_ID, "r" },
- { "test_subject_14", APP_ID, "r" },
- { "test_subject_15", APP_ID, "r" }
+ { WGT_APP_ID, "test_book_8", "r" },
+ { WGT_APP_ID, "test_book_11", "r" },
+ { WGT_APP_ID, "test_book_12", "r" },
+ { WGT_APP_ID, "test_book_14", "r" },
+ { WGT_APP_ID, "test_book_15", "r" },
+ { "test_subject_8", WGT_APP_ID, "r" },
+ { "test_subject_11", WGT_APP_ID, "r" },
+ { "test_subject_12", WGT_APP_ID, "r" },
+ { "test_subject_14", WGT_APP_ID, "r" },
+ { "test_subject_15", WGT_APP_ID, "r" }
};
-// Rules from test_privilege_control_rules_wgt.smack for wgt
+// Rules from WRT_test_privilege_control_rules_wgt.smack for wgt
const std::vector< std::vector<std::string> > rules_wgt = {
{ WGT_APP_ID, "test_book_8", "r" },
{ WGT_APP_ID, "test_book_9", "w" },
{ "test_subject_15", WGT_APP_ID, "rwxat" }
};
-// Rules from test_privilege_control_rules_wgt.smack for wgt_partner
+// Rules from WRT_test_privilege_control_rules.smack for wgt
+const std::vector< std::vector<std::string> > rules_wgt2 = {
+ { WGT_APP_ID, "test_book_1", "r" },
+ { WGT_APP_ID, "test_book_2", "w" },
+ { WGT_APP_ID, "test_book_3", "x" },
+ { WGT_APP_ID, "test_book_4", "rw" },
+ { WGT_APP_ID, "test_book_5", "rx" },
+ { WGT_APP_ID, "test_book_6", "wx" },
+ { WGT_APP_ID, "test_book_7", "rwx" },
+ { "test_subject_1", WGT_APP_ID, "r" },
+ { "test_subject_2", WGT_APP_ID, "w" },
+ { "test_subject_3", WGT_APP_ID, "x" },
+ { "test_subject_4", WGT_APP_ID, "rw" },
+ { "test_subject_5", WGT_APP_ID, "rx" },
+ { "test_subject_6", WGT_APP_ID, "wx" },
+ { "test_subject_7", WGT_APP_ID, "rwx" }
+};
+
+// Rules from WRT_test_privilege_control_rules_wgt.smack for wgt_partner
const std::vector< std::vector<std::string> > rules_wgt_partner = {
{ WGT_PARTNER_APP_ID, "test_book_8", "r" },
{ WGT_PARTNER_APP_ID, "test_book_9", "w" },
{ "test_subject_15", WGT_PARTNER_APP_ID, "rwxat" }
};
-// Rules from test_privilege_control_rules_wgt.smack for wgt_platform
+// Rules from WRT_test_privilege_control_rules_wgt.smack for wgt_platform
const std::vector< std::vector<std::string> > rules_wgt_platform = {
{ WGT_PLATFORM_APP_ID, "test_book_8", "r" },
{ WGT_PLATFORM_APP_ID, "test_book_9", "w" },
{ "test_subject_15", WGT_PLATFORM_APP_ID, "rwxat" }
};
-// Rules from test_privilege_control_rules_osp.smack for osp
+// Rules from OSP_test_privilege_control_rules_osp.smack for osp
const std::vector< std::vector<std::string> > rules_osp = {
{ OSP_APP_ID, "test_book_8", "r" },
{ OSP_APP_ID, "test_book_9", "w" },
{ "test_subject_15", OSP_APP_ID, "rwxat" }
};
-// Rules from test_privilege_control_rules_osp.smack for osp_partner
+// Rules from OSP_test_privilege_control_rules_osp.smack for osp_partner
const std::vector< std::vector<std::string> > rules_osp_partner = {
{ OSP_PARTNER_APP_ID, "test_book_8", "r" },
{ OSP_PARTNER_APP_ID, "test_book_9", "w" },
{ "test_subject_15", OSP_PARTNER_APP_ID, "rwxat" }
};
-// Rules from test_privilege_control_rules_osp.smack for osp_platform
+// Rules from OSP_test_privilege_control_rules_osp.smack for osp_platform
const std::vector< std::vector<std::string> > rules_osp_platform = {
{ OSP_PLATFORM_APP_ID, "test_book_8", "r" },
{ OSP_PLATFORM_APP_ID, "test_book_9", "w" },
{ "test_subject_15", OSP_PLATFORM_APP_ID, "rwxat" }
};
+// Rules from EFL_test_privilege_control_rules_osp.smack for osp_platform
+const std::vector< std::vector<std::string> > rules_efl = {
+ { APP_ID, "test_book_efl", "r" }
+};
namespace {
typedef std::unique_ptr<smack_accesses,std::function<void (smack_accesses*)> > SmackUniquePtr;
void closefdptr(int* fd) { close(*fd); }
typedef std::unique_ptr<int, std::function<void (int*)> > FDUniquePtr;
+std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
+{
+ std::vector<std::string> names;
+ for(int i = 0; i < size; ++i) {
+ names.push_back(prefix + "_" + std::to_string(i) + suffix);
+ }
+ return names;
+}
+
const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
-const char *WRT_BLAHBLAH = "/usr/share/privilege-control/WGT_blahblah.smack";
-const char *OTHER_BLAHBLAH = "/usr/share/privilege-control/blahblah.smack";
-const char *OSP_BLAHBLAH_DAC = "/usr/share/privilege-control/OSP_feature.blah.blahblah.dac";
-const char *WRT_BLAHBLAH_DAC = "/usr/share/privilege-control/WGT_blahblah.dac";
+const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
+const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
+const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
+const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
-const char *BLAHBLAH_FEATURE = "http://feature/blah/blahblah";
+const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
+
//correct and incorrect PID used in incorrect params test
const pid_t PID_CORRECT = 0;
result = strcmp(APPID_SHARED_DIR, label);
RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
- result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxat");
+ result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
RUNNER_ASSERT_MSG(result == 1,
- "Error rwxat access was not given shared dir. Subject: " <<
+ "Error rwxatl access was not given shared dir. Subject: " <<
APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
free(scanf_label_format);
RUNNER_ASSERT_MSG(false, "Can not open database for dirs");
}
- bool is_dir = false;
- while (fscanf(file_db, scanf_label_format, label_temp) == 1) {
- if (strcmp(label_gen, label_temp) == 0) {
- is_dir = true;
- break;
- }
- }
+
free(scanf_label_format);
free(label_gen);
fclose(file_db);
- RUNNER_ASSERT_MSG(is_dir, "Error autogenerated label is not in dirs db.");
-
return 0;
}
-int nftw_check_labels_app_public_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return check_labels_dir(fpath, sb,
- SMACK_APPS_LABELS_DATABASE,
- SMACK_PUBLIC_DIRS_DATABASE, "rx");
-}
-
-int nftw_check_labels_app_settings_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return check_labels_dir(fpath, sb,
- SMACK_APPS_SETTINGS_LABELS_DATABASE,
- SMACK_SETTINGS_DIRS_DATABASE, "rwx");
-}
-
int file_exists(const char *path)
{
FILE *file = fopen(path, "r");
smack_file.close();
}
-void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids)
+void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
{
- std::ifstream dac_file(OSP_BLAHBLAH_DAC);
- RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << OSP_BLAHBLAH_DAC);
+ std::ifstream dac_file(dac_file_path);
+ RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
auto it = gids.begin();
std::string line;
unlink(OSP_BLAHBLAH);
unlink(WRT_BLAHBLAH);
unlink(OTHER_BLAHBLAH);
- unlink(OSP_BLAHBLAH_DAC);
unlink(WRT_BLAHBLAH_DAC);
unlink(OTHER_BLAHBLAH_DAC);
+
+ for(int i=0;i<OSP_BLAHBLAH_DAC.size();++i )
+ unlink(OSP_BLAHBLAH_DAC[i].c_str());
+
+ for(int i=0;i<OSP_BLAHBLAH_DAC.size();++i )
+ unlink(OSP_BLAHBLAH_DAC[i].c_str());
}
int cleaning_smack_app_files (void)
return 0;
}
-int cleaning_smack_database_files (void)
-{
- int fd = -1;
-
- //clean app database
- unlink(SMACK_APPS_LABELS_DATABASE);
- fd = open(SMACK_APPS_LABELS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
- if (fd == -1) {
- return -1;
- }
-
- //clean av database
- unlink(SMACK_AVS_LABELS_DATABASE);
- fd = open(SMACK_AVS_LABELS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
- if (fd == -1) {
- return -1;
- }
-
- //clean app settings database
- unlink(SMACK_APPS_SETTINGS_LABELS_DATABASE);
- fd = open(SMACK_APPS_SETTINGS_LABELS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
- if (fd == -1) {
- return -1;
- }
-
- //clean public dirs database
- unlink(SMACK_PUBLIC_DIRS_DATABASE);
- fd = open(SMACK_PUBLIC_DIRS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
- if (fd == -1) {
- return -1;
- }
-
- //clean settings dirs database
- unlink(SMACK_SETTINGS_DIRS_DATABASE);
- fd = open(SMACK_SETTINGS_DIRS_DATABASE, O_RDWR | O_EXCL | O_CREAT, 0644);
- if (fd == -1) {
- return -1;
- }
-
- return 0;
-}
-
-void add_lables_to_db()
-{
- FILE *file_db;
-
- file_db = fopen(SMACK_AVS_LABELS_DATABASE, "a");
- RUNNER_ASSERT_MSG(file_db != NULL, "Error database file "
- << SMACK_AVS_LABELS_DATABASE << " can not be opened to apend!");
- if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP1)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP2)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- fclose(file_db);
-
- file_db = fopen(SMACK_APPS_SETTINGS_LABELS_DATABASE, "a");
- RUNNER_ASSERT_MSG(file_db != NULL, "Error database file "
- << SMACK_APPS_SETTINGS_LABELS_DATABASE << " can not be opened to apend!");
- if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP1)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP2)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- fclose(file_db);
-
- file_db = fopen(SMACK_APPS_LABELS_DATABASE, "a");
- RUNNER_ASSERT_MSG(file_db != NULL, "Error database file "
- << SMACK_APPS_LABELS_DATABASE << " can not be opened to apend!");
- if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP1)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- if (0 > fprintf(file_db, "%s\n", APP_TEST_AV_ASP2)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP1)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- if (0 > fprintf(file_db, "%s\n", APP_TEST_SETTINGS_ASP2)) {
- fclose(file_db);
- RUNNER_ASSERT_MSG(false, "Error writing to database file");
- }
- fclose(file_db);
-}
} // namespace
RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir)
{
int result;
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
RUNNER_ASSERT_MSG(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
+
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
}
/**
- * Add permisions from test_privilege_control_rules template
+ * Simple enabling EFL permissions;.
*/
RUNNER_TEST_SMACK(privilege_control04_add_permissions)
{
- int result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS, 1);
+ int result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+
+ result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, TRUE);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
+ " perm_app_enable_permissions failed with result: " << result);
// Check if the accesses are realy applied..
- result = test_have_all_accesses(rules);
+ result = test_have_all_accesses(rules_efl);
RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
- //// File exists?
- FILE *pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
-
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- int smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length > 0,
- "SMACK file empty, but privileges list was not empty.. Errno: " << errno);
-
- if (pFile != NULL)
- fclose(pFile);
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
}
/**
{
int result;
- // Revoke permissions
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
+ // Cleanup
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_uninstall(WGT_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_uninstall(WGT_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_uninstall(OSP_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_uninstall(OSP_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_uninstall(OSP_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ // Install test apps
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(WGT_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(WGT_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(OSP_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(OSP_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(OSP_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+
+ // TEST:
+ // Revoke permissions
result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
result = perm_app_revoke_permissions(WGT_PLATFORM_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
-
result = perm_app_revoke_permissions(OSP_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
"Error revoking app permissions. Result: " << result);
// Are all the permissions revoked?
- result = test_have_any_accesses(rules);
- RUNNER_ASSERT_MSG(result != 1, "Not all permisions revoked.");
result = test_have_any_accesses(rules_wgt);
RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
result = test_have_any_accesses(rules_wgt_partner);
RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
result = test_have_any_accesses(rules_wgt_platform);
RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
-
- result = test_have_any_accesses(rules);
- RUNNER_ASSERT_MSG(result != 1, "Not all permisions revoked.");
result = test_have_any_accesses(rules_osp);
RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
result = test_have_any_accesses(rules_osp_partner);
result = test_have_any_accesses(rules_osp_platform);
RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
- FILE *pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- int smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR WGT_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR WGT_PARTNER_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR WGT_PLATFORM_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR OSP_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR OSP_PARTNER_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
-
- pFile = fopen(SMACK_RULES_DIR OSP_PLATFORM_APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file removed!. Errno: " << errno);
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- if (pFile != NULL)
- fclose(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty.. Errno: " << errno);
+ // Cleanup - uninstall test apps
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_uninstall(WGT_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_uninstall(WGT_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_uninstall(OSP_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_uninstall(OSP_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_uninstall(OSP_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
}
static void read_gids(std::set<unsigned> &set, const char *file_path)
}
}
-//Functions add_shared_dir_readers and app_register_av are deprecated and
-//have no replacement. Until those functions are deleted warnings for
-//tests using those functions are supressed.
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-RUNNER_TEST_SMACK(privilege_control05_add_shared_dir_readers)
-{
-#define TEST_OBJ "TEST_OBJECT"
-#define TEST_OBJ_SOME_OTHER "TEST_OBJA"
-#define test_string_01 "TEST_raz TEST_OBJECT r-x--- ------"
-#define test_string_21 "TEST_trzy TEST_OBJA -wx---\n"
-#define test_string_22 "TEST_trzy TEST_OBJECT r-x--- ------\n"
-
- int result;
- int i;
- int fd = -1;
- char *path;
-
- const char *app_labels_wrong[] = {"-TEST_raz", NULL};
- const char *app_labels[] = {"TEST_raz", "TEST_dwa", "TEST_trzy", NULL};
- const int READ_BUF_SIZE = 1000;
- char buf[READ_BUF_SIZE];
- FILE *file = NULL;
- struct smack_accesses *rules = NULL;
-
- //test environment cleaning
- cleaning_smack_app_files();
- cleaning_smack_database_files();
-
- //test what happens when the label is not correct SMACK label
- result = add_shared_dir_readers(TEST_OBJ,app_labels_wrong);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "add_shared_dir_readers should fail here");
-
- result = smack_have_access(app_labels_wrong[0],TEST_OBJ,"rx");
- RUNNER_ASSERT_MSG(result != 1, "add_shared_dir_readers should not grant permission here");
-
- //ok, now the correct list of apps
- result = smack_accesses_new(&rules);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in smack_accesses_new.");
-
- for (i = 0; i < 3; i++) {
-
- result = perm_app_revoke_permissions(app_labels[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_revoke_permissions.");
- result = perm_app_uninstall(app_labels[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall.");
- result = perm_app_install(app_labels[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
-
- RUNNER_ASSERT(0 <= asprintf(&path, SMACK_RULES_DIR "/%s", app_labels[i]));
- fd = open(path, O_WRONLY, 0644);
- RUNNER_ASSERT_MSG(fd != -1, "Error in opening file " << path);
-
- if (i == 1) {
- result = smack_accesses_add(rules,app_labels[i],TEST_OBJ,"wt");
- RUNNER_ASSERT_MSG(result == 0, "smack_accesses_add failed");
- }
- if (i == 2) {
- smack_accesses_free(rules);
- result = smack_accesses_new(&rules);
- result = smack_accesses_add(rules,app_labels[i],TEST_OBJ_SOME_OTHER,"wx");
- RUNNER_ASSERT_MSG(result == 0, "smack_accesses_add failed");
- }
- result = smack_accesses_apply(rules);
- RUNNER_ASSERT_MSG(fd != -1, "smack_accesses_apply failed");
-
- result = smack_accesses_save(rules, fd);
- RUNNER_ASSERT_MSG(fd != -1, "smack_accesses_apply failed");
-
- free(path);
- close(fd);
- }
-
- smack_accesses_free(rules);
-
- // THE TEST - accesses
-
- result = add_shared_dir_readers(TEST_OBJ,app_labels);
- RUNNER_ASSERT_MSG(result == 0, "add_shared_dir_readers failed");
-
- result = smack_have_access(app_labels[0],TEST_OBJ,"rx");
- RUNNER_ASSERT_MSG(result == 1, "add_shared_dir_readers ERROR");
-
- result = smack_have_access(app_labels[1],TEST_OBJ,"rx");
- RUNNER_ASSERT_MSG(result == 1, "add_shared_dir_readers ERROR");
-
- result = smack_have_access(app_labels[2],TEST_OBJ,"rx");
- RUNNER_ASSERT_MSG(result == 1, "add_shared_dir_readers ERROR");
-
- result = smack_have_access(app_labels[1],TEST_OBJ,"rwxt");
- RUNNER_ASSERT_MSG(result == 1, "add_shared_dir_readers ERROR");
-
- result = smack_have_access(app_labels[2],TEST_OBJ_SOME_OTHER,"wx");
- RUNNER_ASSERT_MSG(result == 1, "add_shared_dir_readers ERROR");
-
-
- //TEST the operations on empty files
-
- RUNNER_ASSERT(0 <= asprintf(&path, SMACK_RULES_DIR "/%s", app_labels[0]));
- file = fopen(path, "r");
-
- RUNNER_ASSERT_MSG(file, "fopen failed, errno:" << errno);
-
- RUNNER_ASSERT(NULL != fgets(buf, READ_BUF_SIZE, file));
- result = strcmp(buf, test_string_01);
- RUNNER_ASSERT_MSG( result != 0, "add_shared_dir_readers ERROR, file not formatted" << path);
-
- free(path);
- fclose(file);
-
- //TEST the operations on non empty files
- RUNNER_ASSERT(0 <= asprintf(&path, SMACK_RULES_DIR "/%s", app_labels[2]));
- file = NULL;
- file = fopen(path, "r");
- RUNNER_ASSERT_MSG(file, "fopen failed, errno:" << errno);
-
- RUNNER_ASSERT(NULL != fgets(buf, READ_BUF_SIZE, file));
- result = strcmp(buf, test_string_21);
- RUNNER_ASSERT_MSG( result == 0, "add_shared_dir_readers ERROR, file not formatted" << path);
-
- RUNNER_ASSERT(NULL != fgets(buf, READ_BUF_SIZE, file));
- result = strcmp(buf, test_string_22);
- RUNNER_ASSERT_MSG( result == 0, "add_shared_dir_readers ERROR, file not formatted" << path);
-
- free(path);
- fclose(file);
-}
-#pragma GCC diagnostic warning "-Wdeprecated-declarations"
/**
* Set APP privileges.
*/
-
void check_groups(const char *dac_file)
{
std::set<unsigned> groups_check;
RUNNER_ASSERT_MSG(groups_check.empty(), "Application doesn't belong to some required groups: " << groups_left);
}
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege)
-{
- int result;
-
- // Preset exec label
- smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
- smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
-
- /**
- * TODO This test should also verify perm_app_set_privilege behavior for OSP and
- * WRT apps. To do that we'll have to install real apps on device as a
- * precondition.
- */
-
- // Set APP privileges
- result = perm_app_set_privilege(APP_ID, NULL, APP_SET_PRIV_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error getting current process label");
- RUNNER_ASSERT_MSG(label != NULL, "Process label is not set");
- result = strcmp(APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
-
- // Check if DAC privileges really set
- RUNNER_ASSERT_MSG(getuid() == APP_UID, "Wrong UID");
- RUNNER_ASSERT_MSG(getgid() == APP_GID, "Wrong GID");
-
- result = strcmp(getenv("HOME"), APP_HOME_DIR);
- RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR");
-
- result = strcmp(getenv("USER"), APP_USER_NAME);
- RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME");
-
- check_groups(LIBPRIVILEGE_TEST_DAC_FILE);
-}
-
/**
* Set APP privileges. wgt.
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
{
- int result;
+ int result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ // TEST:
result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
result = strcmp(WGT_APP_ID, label);
RUNNER_ASSERT_MSG(result == 0, "Process label " << label << " is incorrect");
-
check_groups(LIBPRIVILEGE_TEST_DAC_FILE_WGT);
}
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_partner)
{
- int result;
+ int result = perm_app_uninstall(WGT_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(WGT_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ // TEST:
result = perm_app_enable_permissions(WGT_PARTNER_APP_ID, APP_TYPE_WGT_PARTNER, PRIVS_WGT, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt_platform)
{
- int result;
+ int result = perm_app_uninstall(WGT_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(WGT_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ // TEST:
result = perm_app_enable_permissions(WGT_PLATFORM_APP_ID, APP_TYPE_WGT_PLATFORM, PRIVS_WGT, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
{
- int result;
+ int result = perm_app_uninstall(OSP_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(OSP_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ // TEST:
result = perm_app_enable_permissions(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_partner)
{
- int result;
+ int result = perm_app_uninstall(OSP_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(OSP_PARTNER_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ // TEST:
result = perm_app_enable_permissions(OSP_PARTNER_APP_ID, APP_TYPE_OSP_PARTNER, PRIVS_OSP, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
+ "Error enabling app permissions. Result: " << result);
result = test_have_all_accesses(rules_osp_partner);
RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
*/
RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp_platform)
{
- int result;
+ int result = perm_app_uninstall(OSP_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(OSP_PLATFORM_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ // TEST:
result = perm_app_enable_permissions(OSP_PLATFORM_APP_ID, APP_TYPE_OSP_PLATFORM, PRIVS_OSP, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- // already existing features
+ // Already existing feature:
+ // TODO: Database will be malformed. (Rules for these features will be removed.)
result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
-
- result = perm_add_api_feature(APP_TYPE_OTHER,"http://tizen.org/privilege/messaging", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
- result = perm_add_api_feature(APP_TYPE_OTHER,"http://tizen.org/messaging", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
- result = perm_add_api_feature(APP_TYPE_OTHER,"http://messaging", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
- result = perm_add_api_feature(APP_TYPE_OTHER,"messaging.read", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// empty features
result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
- result = perm_add_api_feature(APP_TYPE_OTHER,"blahblah", NULL, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
-
-
- // smack files existence
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
-
- result = file_exists(WRT_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
-
- result = file_exists(OTHER_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// empty rules
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, { NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == 0);
- remove_smack_files();
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), { NULL }, NULL, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == 0);
- remove_smack_files();
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), (const char*[]) { "", NULL }, NULL, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), (const char*[]) { " \t\n", "\t \n", "\n\t ", NULL }, NULL, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// malformed rules
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "malformed", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), (const char*[]) { "malformed", NULL }, NULL, 0);
+ RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "malformed malformed", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), (const char*[]) { "malformed malformed", NULL }, NULL, 0);
+ RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "-malformed malformed rwxat", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), (const char*[]) { "-malformed malformed rwxat", NULL }, NULL, 0);
+ RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "~/\"\\ malformed rwxat", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), (const char*[]) { "~/\"\\ malformed rwxat", NULL }, NULL, 0);
+ RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "subject object rwxat something else", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
- result = file_exists(OSP_BLAHBLAH);
- RUNNER_ASSERT(result == -1);
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), (const char*[]) { "subject object rwxat something else", NULL }, NULL, 0);
+ RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
// correct rules
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "malformed malformed maaaaaalformed", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "malformed malformed r--a-l" });
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) { "subject object foo", NULL }, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "subject object ------" });
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {
- "subject object\t rwxatl",
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), (const char*[]) {
+ "~APP~ object\t rwxatl",
" \t \n",
- "subject2\tobject2 ltxarw",
+ "subject2\t~APP~ ltxarw",
"",
NULL
}, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "subject object rwxatl", "subject2 object2 rwxatl"});
- remove_smack_files();
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {
- "Sub::jE,ct object a-RwXL",
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), (const char*[]) {
+ "Sub::jE,ct ~APP~ a-rwxl",
NULL
}, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "Sub::jE,ct object rwxa-l"});
- remove_smack_files();
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), (const char*[]) {
+ "Sub::sjE,ct ~APP~ a-RwXL", // TODO This fails.
+ NULL
+ }, NULL, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
// TODO For now identical/complementary rules are not merged.
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {
- "subject object rwxatl",
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), (const char*[]) {
+ "subject1 ~APP~ rwxatl",
" \t \n",
- "subject object ltxarw",
+ "subject2 ~APP~ ltxarw",
"",
NULL
}, NULL, 0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "subject object rwxatl", "subject object rwxatl"});
- remove_smack_files();
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
// empty group ids
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},0);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "a a ---a--"});
- result = file_exists(OSP_BLAHBLAH_DAC);
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
RUNNER_ASSERT(result == -1);
remove_smack_files();
// valid group ids
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},3);
- printf("%d \n", result);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "a a ---a--"});
- osp_blahblah_dac_check(__LINE__, {0,1,2});
+ result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},3);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
remove_smack_files();
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {0,1,2},1);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "a a ---a--"});
- osp_blahblah_dac_check(__LINE__, {0});
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
remove_smack_files();
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE, (const char*[]) {"a a a",NULL},(const gid_t[]) {1,1,1},3);
- RUNNER_ASSERT(result == PC_OPERATION_SUCCESS);
- osp_blahblah_check(__LINE__, { "a a ---a--"});
- osp_blahblah_dac_check(__LINE__, {1,1,1});
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {1,1,1},3);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
remove_smack_files();
}
RUNNER_TEST(privilege_control01_app_install)
{
int result;
- int fd = -1;
- unlink(SMACK_RULES_DIR APP_ID);
perm_app_uninstall(APP_ID);
result = perm_app_install(APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
- // checking if file really exists
- fd = open(SMACK_RULES_DIR APP_ID, O_RDONLY);
- RUNNER_ASSERT_MSG(fd >= 0, "File open failed: " << SMACK_RULES_DIR << APP_ID << " : " << fd << ". Errno: " << strerror(errno));
- close(fd);
-
// try install second time app with the same ID - it should pass.
result = perm_app_install(APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
RUNNER_TEST_SMACK(privilege_control10_app_register_av)
{
+ RUNNER_IGNORED_MSG("app_register_av is not implemented");
int result;
// cleaning
smack_revoke_subject(APP_TEST_AV_2);
cleaning_smack_app_files();
- cleaning_smack_database_files();
// Adding two apps before antivir
result = perm_app_install(APP_TEST_APP_1);
smack_revoke_subject(APP_TEST_AV_2);
cleaning_smack_app_files();
- cleaning_smack_database_files();
}
#pragma GCC diagnostic warning "-Wdeprecated-declarations"
RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
{
int result;
- int smack_file_length;
- FILE *pFile;
+
+ // Clean up after test:
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
/**
* Test - Enabling all permissions with persistant mode enabled
*/
-
- result = perm_app_revoke_permissions(APP_ID);
+ result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
result = test_have_all_accesses(rules2);
RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
- //// File exists?
- pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
-
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length > 0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
-
- if (pFile != NULL)
- fclose(pFile);
-
// Clean up
- result = perm_app_revoke_permissions(APP_ID);
+ result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
* Test - Enabling all permissions with persistant mode disabled
*/
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 0);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
result = test_have_all_accesses(rules2);
RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
- //// File exists?
- pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
-
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length == 0,
- "SMACK file not empty with persistant mode 0. Errno: " << errno);
-
- if (pFile != NULL)
- fclose(pFile);
-
// Clean up
- result = perm_app_revoke_permissions(APP_ID);
+ result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
* Test - Enabling all permissions in two complementary files
*/
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_R_AND_NO_R, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
// Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
+ result = test_have_all_accesses(rules2_no_r);
RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
- //// File exists?
- pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
-
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length > 0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
-
- if (pFile != NULL)
- fclose(pFile);
-
// Clean up
- result = perm_app_revoke_permissions(APP_ID);
+ result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
*/
// Enable permission for rules 2 no r
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_NO_R, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions without r. Result: " << result);
result = test_have_all_accesses(rules2_no_r);
RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
- //// File exists?
- pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
-
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length > 0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
-
- if (pFile != NULL)
- fclose(pFile);
-
// Enable permission for rules 2
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app all permissions. Result: " << result);
RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
// Clean up
- result = perm_app_revoke_permissions(APP_ID);
+ result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
*/
// Enable permission for rules 2 no r
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_NO_R, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions without r. Result: " << result);
result = test_have_all_accesses(rules2_no_r);
RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
- //// File exists?
- pFile = fopen(SMACK_RULES_DIR APP_ID, "rb");
- RUNNER_ASSERT_MSG(pFile != NULL,
- "SMACK file NOT created!. Errno: " << errno);
-
- //// Is it empty?
- fseek(pFile, 0L, SEEK_END);
- smack_file_length = ftell(pFile);
- RUNNER_ASSERT_MSG(smack_file_length > 0,
- "SMACK file empty with persistant mode 1. Errno: " << errno);
-
- if (pFile != NULL)
- fclose(pFile);
-
// Enable permission for rules 2
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_R, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions with only r. Result: " << result);
// Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
+ result = test_have_all_accesses(rules2_r);
RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
// Clean up
- result = perm_app_revoke_permissions(APP_ID);
+ result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
+
+
+
+ // Clean up after test:
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
}
RUNNER_CHILD_TEST(privilege_control11_app_enable_permissions_efl)
{
int result;
- const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", NULL };
- result = perm_app_install("EFL_APP");
+ // Prepare
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+ result = perm_app_install(EFL_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"perm_app_install failed: " << result);
- result = perm_app_enable_permissions("EFL_APP", APP_TYPE_EFL, PRIVS_EFL, 0);
+ // Enable a permission:
+ result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error enabling app permissions. Result: " << result);
- RUNNER_ASSERT_MSG( smack_have_access("EFL_APP","test_book_efl", "r"),
+ RUNNER_ASSERT_MSG(smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
"SMACK accesses not granted for EFL_APP");
- (void)perm_app_uninstall("EFL_APP");
+ // Cleanup
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
}
-
/*
- * Until perm_app_disable_permissions is not fixed this test should remain
- * commented
+ * Check perm_app_install function
*/
+RUNNER_CHILD_TEST(privilege_control12_app_disable_permissions_efl)
+{
+ int result;
+
+ // Prepare
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+
+ result = perm_app_install(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << result);
+
+ // Enable a permission
+ result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error enabling app permissions. Result: " << result);
+
+ RUNNER_ASSERT_MSG(smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
+ "SMACK accesses not granted for EFL_APP");
+
+ // Disable a permission
+ result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ RUNNER_ASSERT_MSG(!smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
+ "SMACK accesses not granted for EFL_APP");
+
+ // Cleanup
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+}
+
+
/**
* Remove previously granted SMACK permissions based on permissions list.
*/
-/*RUNNER_TEST(privilege_control12_app_disable_permissions)
+RUNNER_TEST(privilege_control12_app_disable_permissions)
{
-*/
+ int result;
+
+ // Prepare
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << result);
/**
* Test - disable all granted permissions.
*/
-/* int result;
// Prepare permissions that we want to disable
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
+ // Are all the permissions enabled?
+ result = test_have_any_accesses(rules2);
+ RUNNER_ASSERT_MSG(result==1, "Not all permisions enabled.");
+
// Disable permissions
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2);
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error disabling app permissions. Result: " << result);
// Are all the permissions disabled?
result = test_have_any_accesses(rules2);
RUNNER_ASSERT_MSG(result!=1, "Not all permisions disabled.");
-*/
+
/**
* Test - disable some granted permissions leaving non complementary and then disabling those too.
*/
-/*
+
// Prepare permissions that will not be disabled
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error adding app first permissions. Result: " << result);
// Prepare permissions that we want to disable
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error adding app second permissions. Result: " << result);
// Disable second permissions
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2);
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error disabling app second permissions. Result: " << result);
RUNNER_ASSERT_MSG(result!=1, "Not all first permisions disabled.");
// Are all first permissions not disabled?
- result = test_have_all_accesses(rules);
+ result = test_have_all_accesses(rules_wgt2);
RUNNER_ASSERT_MSG(result==1, "Some of second permissions disabled.");
// Disable first permissions
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS);
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error disabling app first permissions. Result: " << result);
// Are all second permissions disabled?
- result = test_have_any_accesses(rules);
+ result = test_have_any_accesses(rules_wgt2);
RUNNER_ASSERT_MSG(result!=1, "Not all second permisions disabled.");
-*/
+
/**
* Test - disable only no r granted permissions.
*/
-/*
+
// Prepare permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error adding app permissions. Result: " << result);
// Disable same permissions without r
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_NO_R);
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error disabling app no r permissions. Result: " << result);
RUNNER_ASSERT_MSG(result!=1, "Not all no r permissions disabled.");
// Prepare permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2_NO_R, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error adding app no r permissions. Result: " << result);
+ result = test_have_any_accesses(rules2_no_r);
+ RUNNER_ASSERT_MSG(result=1, "Not all no r permissions enabled.");
// Disable all permissions
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2);
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error disabling app permissions. Result: " << result);
+ result = test_have_any_accesses(rules2_r);
+ RUNNER_ASSERT_MSG(result!=1, "Not all r permissions disabled.");
+
+
+
+ // Clean up after test:
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
}
-*/
+
/**
* Reset SMACK permissions for an application by revoking all previously
* granted rules and enabling them again from a rules file from disk.
*/
-
+// TODO: This test is incomplete.
RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
{
int result;
* Test - doing reset and checking if rules exist again.
*/
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
// Prepare permissions to reset
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, PRIVS2, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error adding app permissions. Result: " << result);
// Reset permissions
- result = perm_app_reset_permissions(APP_ID);
+ result = perm_app_reset_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error reseting app permissions. Result: " << result);
RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
// Disable permissions
- result = perm_app_revoke_permissions(APP_ID);
+ result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error disabling app permissions. Result: " << result);
+
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
}
/**
*/
RUNNER_TEST_SMACK(privilege_control14_app_add_friend)
{
+ RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
+
int result;
/**
#define APP_TEST "app_test"
-#define PRIV_APPSETTING (const char*[]) {"http://tizen.org/privilege/appsetting", NULL}
+#define PRIV_APPSETTING (const char*[]) {"org.tizen.privilege.appsetting", NULL}
int ret;
char *app1_dir_label;
ret = smack_getlabel(APP_1_DIR, &app1_dir_label, SMACK_LABEL_ACCESS );
RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
ret = smack_have_access(APP_TEST, app1_dir_label, "rwx");
- RUNNER_ASSERT_MSG(ret,"access denies");
+ RUNNER_ASSERT_MSG(ret,"access denied to smack label: " << app1_dir_label);
//intstall another app: "app_2"
{
int result;
- cleaning_smack_database_files();
- add_lables_to_db();
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall." << result);
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install." << result);
result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
-
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
- cleaning_smack_database_files();
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall." << result);
}
RUNNER_TEST_SMACK(privilege_control19_app_setup_path_settings)
{
int result;
- cleaning_smack_database_files();
- add_lables_to_db();
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall." << result);
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_install." << result);
result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to clean up Smack labels in " << TEST_APP_DIR);
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_SETTINGS_RW);
RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_settings_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
-
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
- cleaning_smack_database_files();
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Error in perm_app_uninstall." << result);
}
RUNNER_TEST(privilege_control20_early_rules)
{
+ RUNNER_IGNORED_MSG("early rules are not implemented");
+
int result;
int fd = -1;
int pass_1 = 0;
RUNNER_TEST(privilege_control21j_incorrect_params_app_add_friend)
{
+ RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
+
RUNNER_ASSERT_MSG(perm_app_add_friend(NULL, APP_FRIEND_2) == PC_ERR_INVALID_PARAM, "perm_app_add_friend didin't check if pkg_id1 isn't NULL.");
RUNNER_ASSERT_MSG(perm_app_add_friend("", APP_FRIEND_2) == PC_ERR_INVALID_PARAM, "perm_app_add_friend didin't check if pkg_id1 isn't empty.");
RUNNER_ASSERT_MSG(perm_app_add_friend(APP_FRIEND_1, NULL) == PC_ERR_INVALID_PARAM, "perm_app_add_friend didin't check if pkg_id2 isn't NULL.");
RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, "", NULL, NULL, 0) == PC_ERR_INVALID_PARAM, "perm_add_api_feature didn't check if api_feature_name isn't empty.");
}
-//A test for incompleted app_disable_permissions function
RUNNER_TEST(privilege_control21l_incorrect_params_ignored_disable_permissions)
{
- //perm_app_disable_permissions is only a stub for now. When this function will be completed,
- //un-ignore this test.
- RUNNER_IGNORED_MSG("A test for perm_app_disable_permissions. Check comment.");
-
- //perm_app_disable_permissions - since this func is only a stub, no tests are performed
RUNNER_ASSERT_MSG(perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, NULL) == PC_ERR_INVALID_PARAM, "perm_app_disable_permissions didn't check if perm_list isn't NULL.");
RUNNER_ASSERT_MSG(perm_app_disable_permissions(NULL, APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM, "perm_app_disable_permissions didn't check if pkg_id isn't NULL.");
RUNNER_ASSERT_MSG(perm_app_disable_permissions("", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM, "perm_app_disable_permissions didn't check if pkg_id isn't empty.");
//test environment cleaning
cleaning_smack_app_files();
- cleaning_smack_database_files();
//test what happens when the label is not correct SMACK label
result = add_shared_dir_readers(test_obj,app_labels_wrong);
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
RUNNER_TEST_NOSMACK(privilege_control10_app_register_av_nosmack)
{
+ RUNNER_IGNORED_MSG("app_register_av is not implemented");
int result;
// cleaning
smack_revoke_subject(APP_TEST_AV_2);
cleaning_smack_app_files();
- cleaning_smack_database_files();
// Adding two apps before antivir
result = perm_app_install(APP_TEST_APP_1);
smack_revoke_subject(APP_TEST_AV_2);
cleaning_smack_app_files();
- cleaning_smack_database_files();
+
}
#pragma GCC diagnostic warning "-Wdeprecated-declarations"
*/
RUNNER_TEST_NOSMACK(privilege_control14_app_add_friend_nosmack)
{
+ RUNNER_IGNORED_MSG("perm_app_add_friend is not implemented");
+
int result;
result = perm_app_revoke_permissions(APP_FRIEND_1);
return 0;
}
-int nftw_check_labels_app_public_dir_nosmack(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return check_labels_dir_nosmack(fpath, sb,
- SMACK_APPS_LABELS_DATABASE,
- SMACK_PUBLIC_DIRS_DATABASE, "rx");
-}
-
-int nftw_check_labels_app_settings_dir_nosmack(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return check_labels_dir_nosmack(fpath, sb,
- SMACK_APPS_SETTINGS_LABELS_DATABASE,
- SMACK_SETTINGS_DIRS_DATABASE, "rwx");
-}
-
/**
* NOSMACK version of privilege_control18 test.
*
{
int result;
- cleaning_smack_database_files();
- add_lables_to_db();
-
result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0,
"Unable to clean up Smack labels in " << TEST_APP_DIR << ". Result: " << result);
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed. Result: " << result);
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_dir_nosmack, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to check Smack labels for shared app dir. Result: " << result);
-
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0,
"Unable to check Smack labels for non-app dir. Result: " << result);
- cleaning_smack_database_files();
}
/**
{
int result;
- cleaning_smack_database_files();
- add_lables_to_db();
-
result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0,
"Unable to clean up Smack labels in " << TEST_APP_DIR << ". Result: " << result);
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_SETTINGS_RW);
RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed. Result: " << result);
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_settings_dir_nosmack, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to check Smack labels for shared app dir. Result: " << result);
-
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0,
"Unable to check Smack labels for non-app dir. Result: " << result);
- cleaning_smack_database_files();
}
/**
"Error in perm_app_uninstall. Result: " << result);
// remove api features by deleting files
+ // TODO: Rewrite deleting features
unlink(FILE_PATH_TEST_OSP_FEATURE);
unlink(FILE_PATH_TEST_WGT_FEATURE);
- cleaning_smack_database_files();
-
// Install setting app and give it app-setting permissions
result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
result = perm_app_install(TEST_OSP_FEATURE_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error in perm_app_install. Result: " << result);
+ result = perm_app_enable_permissions(TEST_OSP_FEATURE_APP_ID,
+ APP_TYPE_OSP,(const char*[]) {NULL}, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error enabling permissions. Result: " << result);
// Register two valid api features
result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
<< TEST_WGT_FEATURE << ". Result: " << result);
- // Check whether api-feature's smack files are created
-// TODO Remove this check when new database is introduced
- result = file_exists(FILE_PATH_TEST_OSP_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test OSP Api Feature file is not created.");
- result = file_exists(FILE_PATH_TEST_WGT_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test WGT API Feature file is not created.");
-
// Install app loop
for (int i = 0; i < 100; ++i)
{
+ // Add application
result = perm_app_install(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error in perm_app_install. Loop index: " << i
<< ". Result: " << result);
- // add persistent api feature permissions
+ // Add persistent permissions
result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP,
TEST_OSP_FEATURE_PRIVS, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error in perm_app_setup_path. Loop index: " << i
<< ". Result: " << result);
- // Verify that some previously installed app does not have any acces
- // to APP_ID private label
+ // Verify that some previously installed app does not have any access
+ // to APP_ID private label
result = test_have_any_accesses(rules_to_test_any_access1);
RUNNER_ASSERT_MSG(result == 0,
"Error - other app has access to private label. Loop index: "
// Verify that all permissions to public dir have been added
// correctly, also to other app
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, shared_dir_auto_label.c_str(), "rwxatl" },
- { TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" } } );
+ result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to Public RO dir are granted. Loop index: "
+ << i);
+
+ result = smack_have_access(TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" );
RUNNER_ASSERT_MSG(result == 1,
"Not all accesses to Public RO dir are granted. Loop index: "
<< i);
// Verify that setting app has rwx permission to app dir
// and rx permissions to app
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, shared_dir_auto_label.c_str(), "rwxatl" },
- { APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx" },
- { APP_TEST_SETTINGS_ASP1, APP_ID, "rx" } } );
+ result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to App-Setting dir are granted. Loop index: "
- << i);
+ "Not all accesses to App-Setting dir are granted. "
+ << APP_ID << " "<< shared_dir_auto_label << " rwxatl "
+ << "Loop index: " << i);
+
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to App-Setting dir are granted. "
+ << APP_TEST_SETTINGS_ASP1 << " " << shared_dir_auto_label << " rwx. "
+ << "Loop index: " << i);
+
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, APP_ID, "rx");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to App-Setting dir are granted. "
+ << APP_TEST_SETTINGS_ASP1 << " " << APP_ID << " rx"
+ << "Loop index: " << i);
// Verify that all permissions to public dir have been added
// correctly, also to other app
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { APP_ID, APPID_SHARED_DIR, "rwxatl" } } );
+ result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
RUNNER_ASSERT_MSG(result == 1,
"Not all accesses to Group RW dir are granted. Loop index: "
<< i);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error in perm_app_revoke_permissions. Loop index: " << i
<< ". Result: " << result);
- result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
// check if api-features permissions are removed properly
result = test_have_any_accesses(rules_to_test_any_access2);
RUNNER_ASSERT_MSG(result == 0,
"Not all permisions revoked. Loop index: " << i);
- // check if shared dir and app-setting permissions are removed properly
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(APP_ID, shared_dir_auto_label.c_str()));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(APP_ID, APPID_SHARED_DIR));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(TEST_OSP_FEATURE_APP_ID,
- shared_dir_auto_label.c_str()));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(APP_TEST_SETTINGS_ASP1,
- shared_dir_auto_label.c_str()));
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. Loop index: " << i);
-
// remove labels from app folder
result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0,
result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error in perm_app_uninstall. Result: " << result);
+
// Remove api features
+ // TODO: Rewrite removing features
unlink(FILE_PATH_TEST_OSP_FEATURE);
unlink(FILE_PATH_TEST_WGT_FEATURE);
- cleaning_smack_database_files();
}
/**
NULL };
- // generate app ids: test_APP0, test_APP1, test_APP2 etc
+ // generate app ids: test_APP0, test_APP1, test_APP2 etc.:
for (int i = 0; i < app_count; ++i)
{
result = sprintf(app_ids[i], APP_ID "%d", i);
<< app_ids[i] << ". Result: " << result);
}
- // remove api feature by deleting the file
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
-
- cleaning_smack_database_files();
-
// Install setting app and give it app-setting permissions
result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
<< TEST_WGT_FEATURE << ". Result: " << result);
- // Check whether api-feature's smack files are created
-// TODO Remove this check when new database is introduced
- result = file_exists(FILE_PATH_TEST_OSP_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test OSP Api Feature file is not created.");
- result = file_exists(FILE_PATH_TEST_WGT_FEATURE);
- RUNNER_ASSERT_MSG(result == 0, "Test WGT API Feature file is not created.");
-
// Install apps loop
for (int i = 0; i < 10; ++i)
{
TEST_WGT_FEATURE_PRIVS, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error in perm_app_enable_permissions from WGT Feature. App id: "
- << app_ids[j] << " Loop index: " << i << ". Result: " << result);
+ << app_ids[j+5] << " Loop index: " << i << ". Result: " << result);
}
// Add app shared dirs - APP_PATH_PRIVATE (apps 0, 5)
free(label);
// Verify that setting app has rwx permission to app-settings dirs and rx to apps
- result = test_have_all_accesses(
- (const std::vector< std::vector<std::string> >) {
- { app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl" },
- { app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl" },
- { APP_TEST_SETTINGS_ASP1, app_ids[4], "rx" },
- { APP_TEST_SETTINGS_ASP1, app_ids[9], "rx" },
- { APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx" },
- { APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx" } } );
+ result = smack_have_access(app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to App-Setting dir are granted."
+ << app_ids[4] << " " << setting_dir4_auto_label
+ << " Loop index: " << i);
+ result = smack_have_access(app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to App-Setting dir are granted."
+ << app_ids[9] << " " << setting_dir9_auto_label
+ << " Loop index: " << i);
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[4], "rx");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to App-Setting dir are granted."
+ << APP_TEST_SETTINGS_ASP1 << " " << app_ids[4]
+ << " Loop index: " << i);
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[9], "rx");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to App-Setting dir are granted."
+ << APP_TEST_SETTINGS_ASP1 << " " << app_ids[9]
+ << " Loop index: " << i);
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx");
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to App-Setting dir are granted."
+ << APP_TEST_SETTINGS_ASP1 << " " << setting_dir4_auto_label
+ << " Loop index: " << i);
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx");
RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to App-Setting dir are granted. Loop index: "
- << i);
+ "Not all accesses to App-Setting dir are granted."
+ << APP_TEST_SETTINGS_ASP1 << " " << setting_dir9_auto_label
+ << " Loop index: " << i);
<< app_ids[j] << " Loop index: " << i
<< ". Result: " << result);
}
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions for setting app. Loop index: "
- << i << ". Result: " << result);
// Check if permissions are removed properly
for (int j = 0; j < app_count; ++j)
"Not all permisions revoked. Subject: " << app_ids[j]
<< " Object: " << app_ids[k] << " Loop index: " << i);
}
-
- // Check if permissions to shared dirs are removed properly
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- shared_dir3_auto_label.c_str())
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- shared_dir7_auto_label.c_str())
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- shared_dir8_auto_label.c_str())
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
- result = test_have_any_accesses(
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j],
- APPID_SHARED_DIR)
- );
- RUNNER_ASSERT_MSG(result == 0,
- "Not all permisions to shared dirs revoked. App id: "
- << app_ids[j] << " Loop index: " << i);
}
// Remove labels from folders and uninstall all apps
result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error in perm_app_uninstall. Result: " << result);
- // Remove api features
- unlink(FILE_PATH_TEST_OSP_FEATURE);
- unlink(FILE_PATH_TEST_WGT_FEATURE);
- cleaning_smack_database_files();
-}
+}
\ No newline at end of file
projects / platform / core / test / security-tests.git / commitdiff