-DLOCAL_APP_DIR="%{TZ_SYS_HOME}/security_test_user/apps_rw"
make %{?jobs:-j%jobs}
+%pre
+id -u security_test_user 1>/dev/null 2>&1 || \
+ gum-utils -o -a --username=security_test_user --usertype=normal
+
%install
%make_install
ln -sf /etc/smack/test_smack_rules %{buildroot}/etc/smack/test_smack_rules_lnk
%post
-id -u security_test_user 1>/dev/null 2>&1 || \
- gum-utils -o -a --username=security_test_user --usertype=normal
-
# Reload dbus daemon to apply newly installed configuration
systemctl reload dbus
/etc/smack/test_smack_rules
/etc/smack/test_smack_rules_lnk
%{TZ_SYS_RW_APP}*
-%{TZ_SYS_HOME}/security_test_user/apps_rw/*
+%attr(755, security_test_user,users) %{TZ_SYS_HOME}/security_test_user/apps_rw/*
/usr/bin/cynara-test
/usr/bin/ckm-tests
/usr/bin/ckm-integration-tests
dbus-1
sqlite3
libgum
+ libtzplatform-config
glib-2.0
cynara-creds-socket
cynara-creds-dbus
cynara-creds-gdbus
+ security-manager
REQUIRED
)
${PROJECT_SOURCE_DIR}/src/common/timeout.cpp
${PROJECT_SOURCE_DIR}/src/common/temp_test_user.cpp
${PROJECT_SOURCE_DIR}/src/common/cynara_helpers_creds.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/label_generator.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/app_install_helper.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/sm_api.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/sm_label_monitor.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/sm_request.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/sm_sharing_request.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/sm_user_request.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/sm_policy_request.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/tzplatform.cpp
)
#system and local includes
--- /dev/null
+/*
+ * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fcntl.h>
+#include <map>
+#include <string>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/smack.h>
+#include <unistd.h>
+#include <utility>
+
+#include <security-manager-types.h>
+
+#include <dpl/test/test_runner.h>
+#include <tzplatform.h>
+#include <label_generator.h>
+#include <tests_common.h>
+#include <tzplatform.h>
+
+#include "app_install_helper.h"
+
+namespace {
+ std::string genSkelPath() {
+ static std::string skelPkgDir;
+ if (!skelPkgDir.empty())
+ return skelPkgDir;
+ std::string app = TzPlatformConfig::getEnv(TZ_USER_APP);
+ std::string home = TzPlatformConfig::getEnv(TZ_USER_HOME);
+ std::string skelDir = "/etc/skel";
+
+ skelPkgDir.assign(app);
+ skelPkgDir.replace(0, home.length(), skelDir);
+
+ return skelPkgDir;
+ }
+
+ const AppInstallHelper::TypePathMap typeToPath = {
+ {SECURITY_MANAGER_PATH_RW, "app_rw"},
+ {SECURITY_MANAGER_PATH_RO, "app_ro"},
+ {SECURITY_MANAGER_PATH_PUBLIC_RO, "public_ro"},
+ {SECURITY_MANAGER_PATH_TRUSTED_RW, "trusted_rw"},
+ {SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, "shared_ro"}
+ };
+}
+
+AppInstallHelper::AppInstallHelper(AppInstallHelper &&other)
+ : m_appName(std::move(other.m_appName)), m_pkgName(std::move(other.m_pkgName)),
+ m_isLocal(other.m_isLocal), m_uidGid(other.m_uidGid),
+ m_version(std::move(other.m_version)), m_installType(other.m_installType),
+ m_isHybrid(other.m_isHybrid),
+ m_rootPaths(std::move(other.m_rootPaths)),
+ m_dirTypeMap(std::move(other.m_dirTypeMap)),
+ m_fileTypeMap(std::move(other.m_fileTypeMap)),
+ m_privileges(std::move(other.m_privileges)),
+ m_appDefinedPrivileges(std::move(other.m_appDefinedPrivileges)),
+ m_author(std::move(other.m_author)),
+ m_creatorPid(other.m_creatorPid)
+{
+ other.m_creatorPid = -1;
+}
+
+void AppInstallHelper::setInstallPath(RootType type) const {
+ RootInfo &info = m_rootPaths[type];
+ if (!info.path.empty())
+ return;
+
+ switch (type) {
+ case RootType::BASE:
+ if (m_isLocal)
+ info.path = TzPlatformConfig::appDirPath(getUID()) + getPkgId();
+ else
+ info.path = TzPlatformConfig::globalAppDir() + "/" + getPkgId();
+ break;
+ case RootType::EXTENDED:
+ if (m_isLocal)
+ info.path = TzPlatformConfig::extendedSdUserDir(getUID()) + "/" + getPkgId();
+ else
+ info.path = TzPlatformConfig::extendedSdDir() + "/" + getPkgId();
+ break;
+ case RootType::SKEL:
+ info.path = genSkelPath() + "/" + getPkgId();
+ break;
+ }
+}
+
+std::string AppInstallHelper::getInstallDir(RootType type) const {
+ setInstallPath(type);
+ return m_rootPaths[type].path;
+}
+
+std::string AppInstallHelper::getPath(app_install_path_type smType, PathType pType, int i, RootType rType) const {
+ std::string path;
+ switch (pType) {
+ case PathType::DIR:
+ path = getInstallDir(rType) + "/" + typeToPath.at(smType) + "_dir" + std::to_string(i);
+ break;
+ case PathType::FILE:
+ // put files in the directory of the same type
+ path = getInstallDir(rType) + "/" + typeToPath.at(smType) + "_dir0/" + typeToPath.at(smType) + std::to_string(i);
+ break;
+ }
+ return path;
+}
+
+std::string AppInstallHelper::getTrustedDir(int i, RootType type) const {
+ return getPath(SECURITY_MANAGER_PATH_TRUSTED_RW, PathType::DIR, i , type);
+}
+
+std::string AppInstallHelper::getPrivateDir(int i, RootType type) const {
+ return getPath(SECURITY_MANAGER_PATH_RW, PathType::DIR, i, type);
+}
+
+std::string AppInstallHelper::getPrivateRODir(int i, RootType type) const {
+ return getPath(SECURITY_MANAGER_PATH_RO, PathType::DIR, i, type);
+}
+
+std::string AppInstallHelper::getPublicDir(RootType type) const {
+ return getPath(SECURITY_MANAGER_PATH_PUBLIC_RO, PathType::DIR, 0, type);
+}
+
+std::string AppInstallHelper::getPrivatePath(int i, RootType type) const {
+ return getPath(SECURITY_MANAGER_PATH_RW, PathType::FILE, i, type);
+}
+
+std::string AppInstallHelper::getSharedRODir(int i, RootType type) const {
+ return getPath(SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, PathType::DIR, i, type);
+}
+
+std::string AppInstallHelper::getAppId() const {
+ return m_appName + "_app_id";
+}
+
+std::string AppInstallHelper::getPkgId() const {
+ return m_pkgName + "_pkg_id";
+}
+
+void AppInstallHelper::setVersion(const std::string &version) {
+ m_version = version;
+}
+
+std::string AppInstallHelper::getVersion() const {
+ return m_version;
+}
+
+int AppInstallHelper::getUID() const {
+ return m_uidGid;
+}
+
+int AppInstallHelper::getGID() const {
+ return m_uidGid;
+}
+
+bool AppInstallHelper::createFile(app_install_path_type smType, const std::string &path) {
+ if (creat(path.c_str(), 0751) == 0) {
+ // Local paths need user change
+ m_fileTypeMap[smType].push_back(std::move(path));
+ if (!m_isLocal || chown(path.c_str(), m_uidGid, m_uidGid) == 0)
+ return true;
+ }
+ return false;
+}
+
+bool AppInstallHelper::createDir(app_install_path_type smType, const std::string &path, bool isBasePath) {
+ mktreeSafe(path, 0777);
+ // Dont pass base pkg dirs to SM, because transmute will be forced on RO subdirs
+ if (!isBasePath)
+ m_dirTypeMap[smType].push_back(std::move(path));
+ if (!m_isLocal || chown(path.c_str(), m_uidGid, m_uidGid) == 0)
+ return true;
+
+ return false;
+}
+
+void AppInstallHelper::createInstallDir(RootType type) {
+ setInstallPath(type);
+ RootInfo &info = m_rootPaths[type];
+ if (info.isCreated)
+ return;
+ createDir(SECURITY_MANAGER_PATH_PUBLIC_RO, info.path, true);
+ info.isCreated = true;
+}
+
+void AppInstallHelper::createPath(app_install_path_type smType, PathType pType, int i, RootType rType) {
+ createInstallDir(rType);
+ std::string path = getPath(smType, pType, i, rType);
+ switch (pType) {
+ case PathType::DIR:
+ createDir(smType, path);
+ break;
+ case PathType::FILE:
+ createPath(smType, PathType::DIR, i, rType);
+ createFile(smType, path);
+ break;
+ }
+}
+
+void AppInstallHelper::createTrustedDir(int i, RootType type) {
+ createPath(SECURITY_MANAGER_PATH_TRUSTED_RW, PathType::DIR, i, type);
+}
+
+void AppInstallHelper::createPrivateDir(int i, RootType type) {
+ createPath(SECURITY_MANAGER_PATH_RW, PathType::DIR, i, type);
+}
+
+void AppInstallHelper::createPublicDir(RootType type) {
+ createPath(SECURITY_MANAGER_PATH_PUBLIC_RO, PathType::DIR, 0, type);
+}
+
+void AppInstallHelper::createPrivateFile(int i, RootType type) {
+ createPath(SECURITY_MANAGER_PATH_RW, PathType::FILE, i, type);
+}
+
+void AppInstallHelper::createSharedRODir(int i, RootType type) {
+ createPath(SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, PathType::DIR, i, type);
+}
+
+void AppInstallHelper::createPrivateRODir(int i, RootType type) {
+ createPath(SECURITY_MANAGER_PATH_RO, PathType::DIR, i, type);
+}
+
+void AppInstallHelper::setHybrid() {
+ m_isHybrid = true;
+}
+
+bool AppInstallHelper::getIsHybrid() const {
+ return m_isHybrid;
+}
+
+void AppInstallHelper::addPrivileges(const std::vector<std::string> &privileges) {
+ for (auto &p : privileges) {
+ addPrivilege(Privilege(p));
+ }
+}
+
+std::vector<std::string> AppInstallHelper::getPrivilegesNames() const {
+ std::vector<std::string> privileges;
+ for (auto &p : m_privileges) {
+ privileges.push_back(p.getName());
+ }
+ return privileges;
+}
+
+void AppInstallHelper::addPrivilege(Privilege privilege) {
+ m_privileges.push_back(std::move(privilege));
+}
+
+void AppInstallHelper::addPrivileges(const PrivilegeVector &privileges) {
+ std::copy(privileges.begin(), privileges.end(), std::back_inserter(m_privileges));
+}
+
+const PrivilegeVector& AppInstallHelper::getPrivileges() const {
+ return m_privileges;
+}
+
+void AppInstallHelper::addAppDefinedPrivilege(Privilege privilege) {
+ m_appDefinedPrivileges.push_back(std::move(privilege));
+}
+
+const PrivilegeVector& AppInstallHelper::getAppDefinedPrivileges() const {
+ return m_appDefinedPrivileges;
+}
+
+void AppInstallHelper::revokeRules() const {
+ RUNNER_ASSERT_MSG(
+ 0 == smack_revoke_subject(generateAppLabel().c_str()),
+ "Revoking smack subject failed");
+}
+
+std::string AppInstallHelper::generateAppLabel() const {
+ return generateProcessLabel(getAppId(), getPkgId(), getIsHybrid());
+}
+
+std::string AppInstallHelper::generatePkgLabel() const {
+ return generatePathRWLabel(getPkgId());
+}
+
+const AppInstallHelper::TypePathsMap& AppInstallHelper::getDirsMap() const {
+ return m_dirTypeMap;
+}
+
+const AppInstallHelper::TypePathsMap& AppInstallHelper::getFilesMap() const {
+ return m_fileTypeMap;
+}
+
+void AppInstallHelper::removePaths() {
+ for (const auto &oneTypePaths : m_dirTypeMap)
+ for (const auto& path : oneTypePaths.second)
+ rmdir(path.c_str());
+
+ m_dirTypeMap.clear();
+
+ for (const auto &oneTypePaths : m_fileTypeMap)
+ for (const auto& path : oneTypePaths.second)
+ unlink(path.c_str());
+
+ m_fileTypeMap.clear();
+
+ for (auto& rootInfo : m_rootPaths) {
+ if (rootInfo.second.isCreated)
+ rmdir(rootInfo.second.path.c_str());
+ rootInfo.second.isCreated = false;
+ }
+}
+
+void AppInstallHelper::setAuthor(const std::string &author) {
+ m_author = author;
+}
+std::string AppInstallHelper::getAuthor() const {
+ return m_author;
+}
+
+void AppInstallHelper::setInstallType(app_install_type type) {
+ m_installType = type;
+}
+app_install_type AppInstallHelper::getInstallType() const {
+ return m_installType;
+}
+
struct AppInstallHelper {
using TypePathsMap = std::map<app_install_path_type, std::vector<std::string>>;
+ using TypePathMap = std::map<app_install_path_type, std::string>;
+
AppInstallHelper(const std::string &appNamePrefix,
const std::string &pkgNamePrefix,
bool isLocal,
uid_t uid,
std::string version = std::string())
: m_appName(appNamePrefix), m_pkgName(pkgNamePrefix), m_isLocal(isLocal), m_uidGid(uid), m_version(version),
- m_installType(SM_APP_INSTALL_NONE), m_isHybrid(false), m_isInstallDirCreated(false), m_creatorPid(getpid())
- {
- setInstallPath();
- }
+ m_installType(SM_APP_INSTALL_NONE), m_isHybrid(false), m_creatorPid(getpid())
+ {}
AppInstallHelper(const std::string &appNamePrefix,
const std::string &pkgNamePrefix,
void setHybrid();
bool getIsHybrid() const;
+ enum RootType {
+ BASE,
+ SKEL,
+ EXTENDED
+ };
+
+ enum PathType {
+ FILE,
+ DIR
+ };
+
// Path types creation and removal on file system
- void createInstallDir();
- void createTrustedDir(int i = 0);
- void createPrivateDir(int i = 0);
- void createPublicDir();
- void createPrivateFile(int i = 0);
- void createSharedRODir(int i = 0);
- void createPrivateRODir(int i = 0);
+ void createPath(app_install_path_type smType, PathType pType, int i = 0, RootType rType = RootType::BASE);
+
+ // below methods are deprecated
+ void createTrustedDir(int i = 0, RootType type = RootType::BASE);
+ void createPrivateDir(int i = 0, RootType type = RootType::BASE);
+ void createPublicDir(RootType type = RootType::BASE);
+ void createPrivateFile(int i = 0, RootType type = RootType::BASE);
+ void createSharedRODir(int i = 0, RootType type = RootType::BASE);
+ void createPrivateRODir(int i = 0, RootType type = RootType::BASE);
void removePaths();
// Path getters
- std::string getInstallDir() const;
- std::string getTrustedDir(int i = 0) const;
- std::string getPrivateDir(int i = 0) const;
- std::string getPrivateRODir(int i = 0) const;
- std::string getPublicDir() const;
- std::string getPrivatePath(int i = 0) const;
- std::string getSharedRODir(int i = 0) const;
+ std::string getPath(app_install_path_type smType, PathType pType, int i = 0, RootType rType = RootType::BASE) const;
+
+ // below methods are deprecated
+ std::string getInstallDir(RootType type) const;
+ std::string getTrustedDir(int i = 0, RootType type = RootType::BASE) const;
+ std::string getPrivateDir(int i = 0, RootType type = RootType::BASE) const;
+ std::string getPrivateRODir(int i = 0, RootType type = RootType::BASE) const;
+ std::string getPublicDir(RootType type = RootType::BASE) const;
+ std::string getPrivatePath(int i = 0, RootType type = RootType::BASE) const;
+ std::string getSharedRODir(int i = 0, RootType type = RootType::BASE) const;
const TypePathsMap& getDirsMap() const;
const TypePathsMap& getFilesMap() const;
}
protected:
- void setInstallPath();
- bool create(std::function<int(const char*, mode_t)> &&creatFun, const std::string &path);
+ struct RootInfo {
+ RootInfo() : isCreated(false) {}
+ std::string path;
+ int isCreated;
+ };
+ using RootTypeInfoMap = std::map<RootType, RootInfo>;
+
+ void setInstallPath(RootType type) const;
+
+ bool createFile(app_install_path_type smType, const std::string &path);
+ bool createDir(app_install_path_type smType, const std::string &path, bool isBasePath = false);
+ void createInstallDir(RootType type);
+
std::string m_appName;
std::string m_pkgName;
bool m_isLocal;
std::string m_version;
app_install_type m_installType;
bool m_isHybrid;
- std::string m_installDir;
- bool m_isInstallDirCreated;
+
+ mutable RootTypeInfoMap m_rootPaths;
TypePathsMap m_dirTypeMap;
TypePathsMap m_fileTypeMap;
+
PrivilegeVector m_privileges;
PrivilegeVector m_appDefinedPrivileges;
+
std::string m_author;
pid_t m_creatorPid;
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <label_generator.h>
+
+// Common implementation details
+std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid)
+{
+ std::string label = "User::Pkg::" + pkgId;
+ if (isHybrid) {
+ label += "::App::" + appId;
+ }
+ return label;
+}
+
+std::string generatePathRWLabel(const std::string &pkgId)
+{
+ return "User::Pkg::" + pkgId;
+}
+
+std::string generatePathROLabel(const std::string &pkgId)
+{
+ return generatePathRWLabel(pkgId) + "::RO";
+}
+
+std::string generatePathSharedROLabel(const std::string &pkgId)
+{
+ return generatePathRWLabel(pkgId) + "::SharedRO";
+}
+
+std::string generatePathTrustedLabel(int64_t authorId)
+{
+ return "User::Author::" + std::to_string(authorId);
+}
+
+std::string getPublicPathLabel()
+{
+ return "User::Home";
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <string>
+#include <sys/types.h>
+
+std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid = false);
+std::string generatePathRWLabel(const std::string &pkgId);
+std::string generatePathROLabel(const std::string &pkgId);
+std::string generatePathSharedROLabel(const std::string &pkgId);
+std::string generatePathTrustedLabel(int64_t authorId);
+std::string getPublicPathLabel();
int ret = smack_set_label_for_self(label);
RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self("<<label<<"). Error: " << ret);
}
+
+pid_t runInChild(const std::function<void(void)> &process) {
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
+
+ if (pid == 0) {
+ process();
+ exit(EXIT_SUCCESS);
+ }
+ return pid;
+}
+
+void runInChildParentWait(const std::function<void(void)> &process) {
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
+ if (pid == 0) {
+ process();
+ exit(EXIT_SUCCESS);
+ } else {
+ waitPid(pid);
+ }
+}
+
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
#include <dpl/test/test_runner_multiprocess.h>
-#include <sys/smack.h>
+
+#include <algorithm>
#include <sys/types.h>
#include <string>
#include <tuple>
void waitPid(pid_t pid);
void change_label(const char* label);
+pid_t runInChild(const std::function<void(void)> &process);
+void runInChildParentWait(const std::function<void(void)> &process);
+
#define RUNNER_TEST_SMACK(Proc, ...) \
void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
static int Static##Proc##Init() \
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <pwd.h>
#include <sys/types.h>
-#include <tzplatform_config.h>
#include <dpl/test/test_runner.h>
#include <memory.h>
DEFINE_SMARTPTR(tzplatform_context_destroy, tzplatform_context, TzPlatformContextPtr);
+std::string getEnv(enum tzplatform_variable id)
+{
+ auto env = tzplatform_getenv(id);
+ RUNNER_ASSERT_MSG(env != nullptr, "Tzplatform-config returned null for " << id);
+ return env;
+}
+
uid_t getGlobalUserId(void)
{
return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
return appDir;
}
+const std::string extendedSdDir()
+{
+ struct tzplatform_context *tzCtxPtr = nullptr;
+
+ RUNNER_ASSERT_MSG(0 == tzplatform_context_create(&tzCtxPtr), "Couldn't create tzplatform context");
+ TzPlatformContextPtr tzCtxPtrSmart(tzCtxPtr);
+
+ const char *appDir = tzplatform_context_getenv(tzCtxPtr, TZ_SYS_EXTENDEDSD_APP);
+ RUNNER_ASSERT_MSG(nullptr != appDir,
+ "tzplatform_context_getenv failed for getting sys extended sd");
+ return appDir;
+}
+
+const std::string extendedSdUserDir(uid_t uid)
+{
+ struct tzplatform_context *tzCtxPtr = nullptr;
+
+ RUNNER_ASSERT_MSG(0 == tzplatform_context_create(&tzCtxPtr), "Couldn't create tzplatform context");
+ TzPlatformContextPtr tzCtxPtrSmart(tzCtxPtr);
+
+ RUNNER_ASSERT_MSG(0 == tzplatform_context_set_user(tzCtxPtr, uid),
+ "Unable to set user with uid <" << uid << "> for tzplatform context");
+
+ const char *appDir = tzplatform_context_getenv(tzCtxPtr, TZ_USER_EXTENDEDSD_APP);
+ RUNNER_ASSERT_MSG(nullptr != appDir,
+ "tzplatform_context_getenv failed for getting user extended sd");
+ return appDir;
+}
+
+const std::string getPath(enum tzplatform_variable id) {
+ struct tzplatform_context *tzCtxPtr = nullptr;
+
+ RUNNER_ASSERT_MSG(0 == tzplatform_context_create(&tzCtxPtr), "Couldn't create tzplatform context");
+ TzPlatformContextPtr tzCtxPtrSmart(tzCtxPtr);
+
+ const char *path = tzplatform_context_getenv(tzCtxPtr, id);
+ RUNNER_ASSERT_MSG(nullptr != path,
+ "tzplatform_context_getenv failed for getting " << static_cast<int>(id));
+ return path;
+}
+
}
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <string>
+#include <tzplatform_config.h>
+
#include <temp_test_user.h>
namespace TzPlatformConfig {
+std::string getEnv(enum tzplatform_variable id);
+
+const std::string getPath(enum tzplatform_variable id);
+
uid_t getGlobalUserId(void);
uid_t getGlobalGroupId(void);
const std::string appDirPath(const TemporaryTestUser &user, const std::string &appId,
const std::string &pkgId);
+const std::string appDirPath(uid_t uid);
+
const std::string globalAppDir();
-const std::string appDirPath(uid_t uid);
+const std::string extendedSdDir();
+
+const std::string extendedSdUserDir(uid_t uid);
+
}
std::string m_label = "cynara_helpers";
};
-pid_t runInChild(const std::function<void(void)> &process) {
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
-
- if (pid == 0) {
- process();
- exit(EXIT_SUCCESS);
- }
-
- return pid;
-}
-
cynara_client_creds getClientDefaultMethod() {
cynara_client_creds def;
int ret = cynara_creds_get_default_client_method(&def);
INCLUDE(FindPkgConfig)
-# Dependencies
-PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP
- REQUIRED
- security-manager
-)
-
SET(TARGET_NETHER_TESTS "nether-tests")
SET(NETHER_TESTS_SOURCES
${PROJECT_SOURCE_DIR}/src/nether-tests/nether_tests.cpp
${PROJECT_SOURCE_DIR}/src/common/tests_common.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/tzplatform.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_api.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/tzplatform.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/sm_api.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/sm_request.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/sm_user_request.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/sm_policy_request.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/app_install_helper.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_commons.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_user_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_policy_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/app_install_helper.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/policy_configuration.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
)
${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_trusted_sharing.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_prepare_app.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/security_manager_tests.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/app_install_helper.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/policy_configuration.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_api.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_commons.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_label_monitor.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_sharing_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_user_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_policy_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/tzplatform.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
+++ /dev/null
-/*
- * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <fcntl.h>
-#include <map>
-#include <string>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/smack.h>
-#include <unistd.h>
-#include <utility>
-
-#include <security-manager-types.h>
-
-#include <dpl/test/test_runner.h>
-#include <sm_commons.h>
-#include <tzplatform.h>
-
-#include "app_install_helper.h"
-
-AppInstallHelper::AppInstallHelper(AppInstallHelper &&other)
- : m_appName(std::move(other.m_appName)), m_pkgName(std::move(other.m_pkgName)),
- m_isLocal(other.m_isLocal), m_uidGid(other.m_uidGid),
- m_version(std::move(other.m_version)), m_installType(other.m_installType),
- m_isHybrid(other.m_isHybrid), m_installDir(std::move(other.m_installDir)),
- m_dirTypeMap(std::move(other.m_dirTypeMap)),
- m_fileTypeMap(std::move(other.m_fileTypeMap)),
- m_privileges(std::move(other.m_privileges)),
- m_appDefinedPrivileges(std::move(other.m_appDefinedPrivileges)),
- m_author(std::move(other.m_author)),
- m_creatorPid(other.m_creatorPid)
-{
- other.m_creatorPid = -1;
-}
-
-std::string AppInstallHelper::getInstallDir() const {
- return m_installDir + getPkgId();
-}
-
-std::string AppInstallHelper::getTrustedDir(int i) const {
- return getInstallDir() + "/trustedDir" + std::to_string(i);
-}
-
-std::string AppInstallHelper::getPrivateDir(int i) const {
- return getInstallDir() + "/app_dir" + std::to_string(i) +"/";
-}
-
-std::string AppInstallHelper::getPrivateRODir(int i) const {
- return getInstallDir() + "/app_dir_ro" + std::to_string(i) +"/";
-}
-
-std::string AppInstallHelper::getPublicDir() const {
- return getInstallDir() + "/app_public_ro/";
-}
-
-std::string AppInstallHelper::getPrivatePath(int i) const {
- return getPrivateDir() + "shareme" + std::to_string(i);
-}
-
-std::string AppInstallHelper::getSharedRODir(int i) const {
- return getInstallDir() + "/app_dir_rw_others_ro" + std::to_string(i) +"/";
-}
-
-std::string AppInstallHelper::getAppId() const {
- return m_appName + "_app_id";
-}
-
-std::string AppInstallHelper::getPkgId() const {
- return m_pkgName + "_pkg_id";
-}
-
-void AppInstallHelper::setVersion(const std::string &version) {
- m_version = version;
-}
-
-std::string AppInstallHelper::getVersion() const {
- return m_version;
-}
-
-int AppInstallHelper::getUID() const {
- return m_uidGid;
-}
-
-int AppInstallHelper::getGID() const {
- return m_uidGid;
-}
-
-void AppInstallHelper::createInstallDir() {
- create(mkdir, getInstallDir());
- m_isInstallDirCreated = true;
-}
-
-void AppInstallHelper::createTrustedDir(int i) {
- if (create(mkdir, getTrustedDir(i)))
- m_dirTypeMap[SECURITY_MANAGER_PATH_TRUSTED_RW].emplace_back(getTrustedDir(i));
-}
-
-void AppInstallHelper::createPrivateDir(int i) {
- if (create(mkdir, getPrivateDir(i)))
- m_dirTypeMap[SECURITY_MANAGER_PATH_RW].emplace_back(getPrivateDir(i));
-}
-
-void AppInstallHelper::createPublicDir() {
- if (mkdir(getPublicDir().c_str(), 0777) == 0) {
- m_dirTypeMap[SECURITY_MANAGER_PATH_PUBLIC_RO].emplace_back(getPublicDir());
- }
-}
-
-void AppInstallHelper::createPrivateFile(int i) {
- // This is intentional, let all private file be in one directory
- createPrivateDir();
- if (create(creat, getPrivatePath(i)))
- m_fileTypeMap[SECURITY_MANAGER_PATH_RW].emplace_back(getPrivatePath(i));
-}
-
-void AppInstallHelper::createSharedRODir(int i) {
- if (create(mkdir, getSharedRODir(i)))
- m_dirTypeMap[SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO].emplace_back(getSharedRODir(i));
-}
-
-void AppInstallHelper::createPrivateRODir(int i) {
- if (create(mkdir, getPrivateRODir(i)))
- m_dirTypeMap[SECURITY_MANAGER_PATH_RO].emplace_back(getPrivateRODir(i));
-}
-
-void AppInstallHelper::setHybrid() {
- m_isHybrid = true;
-}
-
-bool AppInstallHelper::getIsHybrid() const {
- return m_isHybrid;
-}
-
-void AppInstallHelper::addPrivileges(const std::vector<std::string> &privileges) {
- for (auto &p : privileges) {
- addPrivilege(Privilege(p));
- }
-}
-
-std::vector<std::string> AppInstallHelper::getPrivilegesNames() const {
- std::vector<std::string> privileges;
- for (auto &p : m_privileges) {
- privileges.push_back(p.getName());
- }
- return privileges;
-}
-
-void AppInstallHelper::addPrivilege(Privilege privilege) {
- m_privileges.push_back(std::move(privilege));
-}
-
-void AppInstallHelper::addPrivileges(const PrivilegeVector &privileges) {
- std::copy(privileges.begin(), privileges.end(), std::back_inserter(m_privileges));
-}
-
-const PrivilegeVector& AppInstallHelper::getPrivileges() const {
- return m_privileges;
-}
-
-void AppInstallHelper::addAppDefinedPrivilege(Privilege privilege) {
- m_appDefinedPrivileges.push_back(std::move(privilege));
-}
-
-const PrivilegeVector& AppInstallHelper::getAppDefinedPrivileges() const {
- return m_appDefinedPrivileges;
-}
-
-void AppInstallHelper::revokeRules() const {
- RUNNER_ASSERT_MSG(
- 0 == smack_revoke_subject(generateAppLabel().c_str()),
- "Revoking smack subject failed");
-}
-
-std::string AppInstallHelper::generateAppLabel() const {
- return generateProcessLabel(getAppId(), getPkgId(), getIsHybrid());
-}
-
-std::string AppInstallHelper::generatePkgLabel() const {
- return generatePathRWLabel(getPkgId());
-}
-
-const AppInstallHelper::TypePathsMap& AppInstallHelper::getDirsMap() const {
- return m_dirTypeMap;
-}
-
-const AppInstallHelper::TypePathsMap& AppInstallHelper::getFilesMap() const {
- return m_fileTypeMap;
-}
-
-void AppInstallHelper::removePaths() {
- for (const auto &oneTypePaths : m_dirTypeMap)
- for (const auto& path : oneTypePaths.second)
- rmdir(path.c_str());
-
- m_dirTypeMap.clear();
-
- for (const auto &oneTypePaths : m_fileTypeMap)
- for (const auto& path : oneTypePaths.second)
- unlink(path.c_str());
-
- m_fileTypeMap.clear();
-
- rmdir(getInstallDir().c_str());
- m_isInstallDirCreated = false;
-}
-
-void AppInstallHelper::setInstallPath() {
- if (m_isLocal)
- m_installDir = TzPlatformConfig::appDirPath(getUID());
- else
- m_installDir = TzPlatformConfig::globalAppDir() + "/";
-}
-
-bool AppInstallHelper::create(std::function<int(const char*, mode_t)> &&creatFun, const std::string &path) {
- if (!m_isInstallDirCreated && path != getInstallDir())
- createInstallDir();
- if (creatFun(path.c_str(), 0751) == 0) {
- // Local paths need user change
- if (!m_isLocal || chown(path.c_str(), m_uidGid, m_uidGid) == 0)
- return true;
- }
- return false;
-}
-
-void AppInstallHelper::setAuthor(const std::string &author) {
- m_author = author;
-}
-std::string AppInstallHelper::getAuthor() const {
- return m_author;
-}
-
-void AppInstallHelper::setInstallType(app_install_type type) {
- m_installType = type;
-}
-app_install_type AppInstallHelper::getInstallType() const {
- return m_installType;
-}
-
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <algorithm>
#include <cstring>
+#include <fcntl.h>
#include <ftw.h>
#include <grp.h>
#include <string>
#include <security-manager-types.h>
#include <app-runtime.h>
#include <sys/smack.h>
+#include <privilege_info.h>
#include <cynara_test_client.h>
#include <dpl/test/test_runner.h>
#include <tests_common.h>
#include <policy_configuration.h>
#include "tzplatform.h"
+#include <label_generator.h>
using namespace SecurityManagerTest;
-// Common implementation details
-
-std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid)
-{
- std::string label = "User::Pkg::" + pkgId;
- if (isHybrid) {
- label += "::App::" + appId;
- }
- return label;
-}
-
-std::string generatePathRWLabel(const std::string &pkgId)
-{
- return "User::Pkg::" + pkgId;
-}
-
-std::string generatePathROLabel(const std::string &pkgId)
-{
- return generatePathRWLabel(pkgId) + "::RO";
-}
-
-std::string generatePathSharedROLabel(const std::string &pkgId)
-{
- return generatePathRWLabel(pkgId) + "::SharedRO";
-}
-
-std::string generatePathTrustedLabel(int64_t authorId)
-{
- return "User::Author::" + std::to_string(authorId);
-}
-
-std::string getPublicPathLabel()
-{
- return "User::Home";
-}
-
// Common DB/nftw checks
// nftw doesn't allow passing user data to functions. Work around by using global variable
return caps;
}
-pid_t runInChild(const std::function<void(void)> &process) {
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
-
- if (pid == 0) {
- process();
- exit(EXIT_SUCCESS);
- }
- return pid;
-}
-
-void runInChildParentWait(const std::function<void(void)> &process) {
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
- if (pid == 0) {
- process();
- exit(EXIT_SUCCESS);
- } else {
- waitPid(pid);
- }
-}
-
static int getOppositeAccessType(int accessType) {
return accessType ^ (R_OK | W_OK | X_OK);
}
runAccessTest(label, uid, gid, testPath, accessType);
}
+bool isAskuserDisabled() {
+ static bool isAskuserDisabled = false;
+ static bool isChecked = false;
+
+ if (isChecked)
+ return isAskuserDisabled;
+
+ std::string sysShare = TzPlatformConfig::getPath(TZ_SYS_SHARE);
+ std::string askDisableFile = sysShare + "/askuser_disable";
+
+ isAskuserDisabled = (access(askDisableFile.c_str(), F_OK) != -1);
+ isChecked = true;
+ return isAskuserDisabled;
+}
+
+bool isPrivilegePrivacy(const std::string &priv) {
+ return (1 == privilege_info_is_privacy(priv.c_str()));
+}
+
+int countPrivacyPrivileges(const PrivilegeVector &privs) {
+ return std::count_if(privs.begin(), privs.end(), isPrivilegePrivacy);
+}
+
+int countPrivacyPrivileges(const std::vector<std::string> &privs) {
+ return std::count_if(privs.begin(), privs.end(), isPrivilegePrivacy);
+}
+
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const int FTW_MAX_FDS = 16;
-std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid = false);
-std::string generatePathRWLabel(const std::string &pkgId);
-std::string generatePathROLabel(const std::string &pkgId);
-std::string generatePathSharedROLabel(const std::string &pkgId);
-std::string generatePathTrustedLabel(int64_t authorId);
-std::string getPublicPathLabel();
-
typedef std::vector<std::string> privileges_t;
int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
CapsSetsUniquePtr setCaps(const char *cap_string);
-pid_t runInChild(const std::function<void(void)> &process);
-
-void runInChildParentWait(const std::function<void(void)> &process);
void runAccessTest(const std::string &label, uid_t uid, gid_t gid,
const std::string &testPath, int accessType);
void runAccessTest(const AppInstallHelper &app, const std::string &testPath, int accessType);
void runSystemAccessTest(uid_t uid, gid_t gid, const std::string &testPath, int accessType);
+
+bool isAskuserDisabled();
+bool isPrivilegePrivacy(const std::string &priv);
+int countPrivacyPrivileges(const PrivilegeVector &privs);
+int countPrivacyPrivileges(const std::vector<std::string> &privs);
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <app_install_helper.h>
#include <cynara_test_admin.h>
#include <dpl/test/test_runner.h>
+#include <label_generator.h>
#include <message_pipe.h>
#include <policy_configuration.h>
#include <scoped_installer.h>
#include <app_install_helper.h>
#include <scoped_installer.h>
#include <sm_api.h>
+#include <sm_commons.h>
#include <temp_test_user.h>
#include <tests_common.h>
TemporaryTestUser tmpUser("sm_test_ap1_user_name", GUM_USERTYPE_NORMAL, false);
tmpUser.create();
- unsigned expectedPolicyCount = 1;
-
AppInstallHelper app("sm_test_ap1", tmpUser.getUid());
app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+ unsigned expectedPolicyCount = countPrivacyPrivileges(app.getPrivileges());
+
+ // If askuser is disabled there will be no privacy policy to expect
+ RUNNER_ASSERT_MSG(isAskuserDisabled() || expectedPolicyCount > 0,
+ "Application won't be installed with any privacy privileges, fix test");
+
ScopedInstaller appInstall(app);
pid_t pid = fork();
std::vector<PolicyEntry> policyEntries;
Api::getPolicyForSelf(filter, policyEntries);
+ if (isAskuserDisabled()) {
+ //further checks do not make sense, but we've checked if app has permission to perform policy fetch
+ continue;
+ }
RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
RUNNER_ASSERT_MSG(policyEntries.size() == 1,
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <access_provider.h>
#include <cynara_helpers_creds.h>
#include <dpl/test/test_runner.h>
+#include <label_generator.h>
#include <memory.h>
#include <passwd_access.h>
#include <sm_api.h>
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <app_install_helper.h>
#include <dpl/test/test_runner.h>
+#include <label_generator.h>
#include <memory.h>
#include <message_pipe.h>
#include <scoped_installer.h>
static void testSetLabelForSelf(const std::string &appName, const std::string &pkgName,
bool expected_success)
{
+ //FIXME : replace this with SM API
std::string label = generateProcessLabel(appName, pkgName);
int result = smack_set_label_for_self(label.c_str());
if (expected_success)
#include <sys/smack.h>
#include <sys/capability.h>
+#include <sys/prctl.h>
#include <thread>
#include <string>
bool finish = false;
const size_t THREADS = 10;
-const std::string SYNC_TEST_APP("app100");
+const std::string APP_TEST_USER = "app_test_user";
typedef std::unique_ptr<_cap_struct, decltype(&cap_free)> CapPtr;
std::thread thread;
};
+int setLauncherSecurityAttributes(TemporaryTestUser &user)
+{
+ // Add launcher capabilities (cap_dac_override, cap_setgid, cap_sys_admin, cap_mac_admin),
+ // launcher is user process, we must drop root privileges (cap_setgid, cap_setuid are needed).
+ // By default, the permitted capability set is cleared when credentials change is made
+ // (if a process drops a capability from its permitted set, it can never reacquire that capability),
+ // setting the "keep capabilities" flag prevents it from being cleared.
+ // Effective capability set is always cleared when credential change is made, we need to add them again.
+
+ setCaps("cap_dac_override+ep cap_setgid+ep cap_sys_admin+ep cap_mac_admin+ep cap_setuid+ep");
+ int ret = prctl(PR_SET_KEEPCAPS, 1, 0, 0);
+ if (ret != 0)
+ return ret;
+
+ ret = drop_root_privileges(user.getUid(), user.getGid());
+ if (ret != 0)
+ return ret;
+
+ setCaps("cap_dac_override+ep cap_setgid+ep cap_sys_admin+ep cap_mac_admin+ep");
+ return ret;
+}
+
} // anonymous namespace
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PREPARE_APP)
RUNNER_CHILD_TEST(security_manager_100_synchronize_credentials_test)
{
- AppInstallHelper app(SYNC_TEST_APP.c_str());
+ TemporaryTestUser tmpUser(APP_TEST_USER, GUM_USERTYPE_NORMAL, false);
+ tmpUser.create();
+
+ AppInstallHelper app("app100", tmpUser.getUid());
ScopedInstaller appInstall(app);
const std::string expectedLabel = app.generateAppLabel();
RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
if (pid == 0) {
{
+ RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(tmpUser) == 0, "launcher failed");
+
ThreadWrapper threads[THREADS];
for (size_t i = 0; i < THREADS; i++)
#include <utility>
#include <vector>
-#include <privilege_info.h>
-
#include <app_install_helper.h>
#include <cynara_test_admin.h>
#include <dpl/test/test_runner.h>
}
};
-bool isPrivilegePrivacy(const Privilege &priv) {
- return (1 == privilege_info_is_privacy(priv));
-}
-
-int countPrivacyPrivileges(const PrivilegeVector &privs) {
- return std::count_if(privs.begin(), privs.end(), isPrivilegePrivacy);
-}
-
}
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PRIVACY_MANAGER)
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <app_install_helper.h>
#include <dpl/test/test_runner.h>
+#include <label_generator.h>
#include <scoped_installer.h>
#include <sm_api.h>
#include <sm_commons.h>
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_SHM)
-RUNNER_TEST(shm01_create_file) {
+RUNNER_TEST(shm01_create_file)
+{
+ RUNNER_IGNORED_MSG("This test is turn off because SMACK is still disabled for POSIX shared memory");
AppInstallHelper app("shm01_app");
const char *shmName = "shm01_testName";
auto exLabel = app.generateAppLabel();
RUNNER_ASSERT_ERRNO_MSG(0 == ret, "shm_unlink failed");
}
-RUNNER_TEST(shm02_double_open) {
+RUNNER_TEST(shm02_double_open)
+{
+ RUNNER_IGNORED_MSG("This test is turn off because SMACK is still disabled for POSIX shared memory");
AppInstallHelper app("shm02_app");
const char *shmName = "shm02_testName";
auto exLabel = app.generateAppLabel();
RUNNER_ASSERT_ERRNO_MSG(0 == ret, "shm_unlink failed");
}
-RUNNER_TEST(shm03_double_share) {
+RUNNER_TEST(shm03_double_share)
+{
+ RUNNER_IGNORED_MSG("This test is turn off because SMACK is still disabled for POSIX shared memory");
const char *shmName = "shm03_testName";
AppInstallHelper appa("shm03_testAppA");
RUNNER_ASSERT_ERRNO_MSG(0 == ret, "shm_unlink failed");
}
-RUNNER_TEST(shm04_performance_test_shm_open) {
+RUNNER_TEST(shm04_performance_test_shm_open)
+{
+ RUNNER_IGNORED_MSG("This test is turn off because SMACK is still disabled for POSIX shared memory");
const char *shmName = "shm04_testName";
// clean up environment
RUNNER_PERF_TEST_END();
}
-RUNNER_TEST(shm05_performance_test_shm_open_wrapper) {
+RUNNER_TEST(shm05_performance_test_shm_open_wrapper)
+{
+ RUNNER_IGNORED_MSG("This test is turn off because SMACK is still disabled for POSIX shared memory");
const char *shmName = "shm05_testName";
AppInstallHelper appa("shm05_app");
projects / platform / core / test / security-tests.git / commitdiff