} else {
// child - the actual application
RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed");
+ auto expected = getuid();
Api::prepareAppCandidate();
Api::prepareApp(app.getAppId());
uid_t owner_uid = 0;
RUNNER_ASSERT_MSG(
security_manager_get_app_owner_uid(getpid(), &owner_uid) == SECURITY_MANAGER_SUCCESS,
"Invalid return from security_manager_get_app_owner_uid()");
- // TODO - on smack-enabled image prepareApp call doesn't change UID as its inherited
- // normally from launchpad. Calling setuid() will drop caps, that can be mitigated by
- // prctl & libcap, but namespace setup fails in that case. Hence, for now, the test on
- // smack-enabled image expects to return UID of the calling process that tests were executed
- // with.
- //
- // This will be changed once we'll do completely black-box security tests that will actually
- // install a real app.
- if (smack_check()) {
- RUNNER_ASSERT_MSG(owner_uid == getuid(), "Invalid uid returned - expected: "
- << getuid() << " returned: " << owner_uid);
- } else {
- RUNNER_ASSERT_MSG(owner_uid == testUser.getUid(), "Invalid uid returned - expected: "
- << testUser.getUid() << " returned: " << owner_uid);
- }
+
+ RUNNER_ASSERT_MSG(owner_uid == expected, "Invalid uid returned - expected: "
+ << expected << " returned: " << owner_uid);
exit(0);
}
}
}
app.checkAfterUninstall();
}
+
+
+RUNNER_CHILD_TEST(security_manager_26_4a_security_manager_get_app_full_credentials_from_pid)
+{
+ TemporaryTestUser testUser("sm_test_26_4_user_name", GUM_USERTYPE_NORMAL);
+ testUser.create();
+ AppInstallHelperExt app("sm_test_26_4", "sm_test_26_4", testUser.getUid());
+ ScopedInstaller appInstall(app);
+ auto pid = runInChildParentWait([&]{
+ // child - the actual application
+ RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed");
+ auto expected = getuid();
+ Api::prepareAppCandidate();
+ Api::prepareApp(app.getAppId());
+ uid_t owner_uid = 0;
+ char* pkgId = nullptr;
+ char* appId = nullptr;
+ RUNNER_ASSERT_MSG(
+ security_manager_get_app_full_credentials_from_pid(getpid(), &owner_uid, &pkgId, &appId) == SECURITY_MANAGER_SUCCESS,
+ "Invalid return from ecurity_manager_get_app_full_credentials_from_pid()");
+
+ RUNNER_ASSERT_MSG(owner_uid == expected, "Invalid uid returned - expected: "
+ << expected << " returned: " << owner_uid);
+
+ RUNNER_ASSERT_MSG(app.getPkgId() == pkgId, "Invalid pkgId returned from security_manager_get_app_full_credentials_from_pid");
+ RUNNER_ASSERT_MSG(appId == nullptr, "Invalid appId returned from security_manager_get_app_full_credentials_from_pid"); // non-hybrid app
+ });
+ Api::cleanupApp(app.getAppId(), testUser.getUid(), pid);
+}
+
+
+RUNNER_CHILD_TEST(security_manager_26_4b_security_manager_get_app_full_credentials_from_pid)
+{
+ TemporaryTestUser testUser("sm_test_26_4_user_name", GUM_USERTYPE_NORMAL);
+ testUser.create();
+ AppInstallHelperExt app("sm_test_26_4", "sm_test_26_4", testUser.getUid());
+ app.setHybrid();
+ ScopedInstaller appInstall(app);
+ auto pid = runInChildParentWait([&]{
+ // child - the actual application
+ RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed");
+ auto expected = getuid();
+ Api::prepareAppCandidate();
+ Api::prepareApp(app.getAppId());
+ uid_t owner_uid = 0;
+ char* pkgId = nullptr;
+ char* appId = nullptr;
+ RUNNER_ASSERT_MSG(
+ security_manager_get_app_full_credentials_from_pid(getpid(), &owner_uid, &pkgId, &appId) == SECURITY_MANAGER_SUCCESS,
+ "Invalid return from ecurity_manager_get_app_full_credentials_from_pid()");
+
+ RUNNER_ASSERT_MSG(owner_uid == expected, "Invalid uid returned - expected: "
+ << expected << " returned: " << owner_uid);
+
+ RUNNER_ASSERT_MSG(app.getPkgId() == pkgId, "Invalid pkgId returned from security_manager_get_app_full_credentials_from_pid");
+ RUNNER_ASSERT_MSG(app.getAppId() == appId, "Invalid appId returned from security_manager_get_app_full_credentials_from_pid"); // hybrid app
+ });
+ Api::cleanupApp(app.getAppId(), testUser.getUid(), pid);
+}
projects / platform / core / test / security-tests.git / commitdiff