}
void runAccessTest(const AppInstallHelper &app, const std::string &testPath, int accessType) {
- auto fun = [&](){
- RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(app.getUID(), app.getGID()) == 0,
- "launcher failed");
- Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId());
- accessTest(app.getAppId(), testPath, accessType);
- };
-
- auto pid = runInChildParentWait(fun);
- Api::cleanupApp(app.getAppId(), app.getUID(), pid);
+ ScopedAppLauncher(app, [&] { accessTest(app.getAppId(), testPath, accessType);});
}
void runAccessTest(const AppInstallHelper &app, const TestUser &user,
ScopedAppLauncher(app, user, [&] { accessTest(app.getAppId(), testPath, accessType);});
}
-void runAccessTest(const AppInstallHelper &app, const std::string &testPath,
- uid_t uid, gid_t gid, int accessType) {
- auto fun = [&](){
- RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(uid, gid) == 0,
- "launcher failed");
- Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId());
- accessTest(app.getAppId(), testPath, accessType);
- };
-
- auto pid = runInChildParentWait(fun);
- Api::cleanupApp(app.getAppId(), uid, pid);
-}
-
void runSystemAccessTest(uid_t uid, gid_t gid, const std::string &testPath, int accessType) {
for (const auto &label : SM_SYSTEM_LABELS)
runAccessTest(label, uid, gid, testPath, accessType);
void runAccessTest(const std::string &label, uid_t uid, gid_t gid,
const std::string &testPath, int accessType);
void runAccessTest(const AppInstallHelper &app, const std::string &testPath, int accessType);
-void runAccessTest(const AppInstallHelper &app, const std::string &testPath,
- uid_t uid, gid_t gid, int accessType);
void runAccessTest(const AppInstallHelper &app, const TestUser &user, const std::string &testPath,
int accessType);
void runSystemAccessTest(uid_t uid, gid_t gid, const std::string &testPath, int accessType);
security_manager_37b_pkg_double_share_owner_uninstall
security_manager_38a_share_one_with_two_uninstall_target
security_manager_38b_share_one_with_two_uninstall_owner
+ security_manager_27_fetch_app_manifest_app_context_local_positive
+ security_manager_28_fetch_app_manifest_app_context_global_positive
+ security_manager_30_fetch_app_manifest_app_context_local_different_label
+ security_manager_31_fetch_app_manifest_app_context_local_different_label_with_privilege
+ security_manager_ap2_app_policy_fetch_for_self_different_user
+ security_manager_ap3_app_policy_fetch_for_self_different_user_global
+ security_manager_ap3_app_policy_fetch_for_self_different_app
+ security_manager_14_privacy_manager_fetch_and_update_policy_for_admin
+ security_manager_15_privacy_manager_send_policy_update_for_admin
+ security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard
)
function run_tests_and_exit {
* limitations under the License.
*/
+#include <scoped_app_launcher.h>
#include <linux/xattr.h>
#include <fstream>
#include <memory>
app.addPrivilege(PRIV_INTERNET);
ScopedInstaller appInstall(app);
- pid_t pid = runInChildParentWait([&] {
- // child - the actual application
- RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed");
- Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId());
-
+ ScopedAppLauncher(app, testUser, [&] {
RUNNER_ASSERT_MSG(ping() == 0, "No internet access while the privilege is present");
});
-
- Api::cleanupApp(app.getAppId(), testUser.getUid(), pid);
}
RUNNER_CHILD_TEST(security_manager_12b_internet_access_negative)
AppInstallHelperExt app("sm_test_12b", "sm_test_12b", testUser.getUid());
ScopedInstaller appInstall(app);
- pid_t pid = runInChildParentWait([&] {
- // child - the actual application
- RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed");
- Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId());
-
+ ScopedAppLauncher(app, testUser, [&] {
RUNNER_ASSERT_MSG(ping() != 0, "Internet access detected despite no privilege");
});
-
- Api::cleanupApp(app.getAppId(), testUser.getUid(), pid);
}
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_POLICY)
ScopedInstaller normalAppInstall(normalApp);
normalApp.checkAfterInstall();
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(adminApp.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUser.getUid(),adminUser.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(adminApp, adminUser, [&] {
PolicyRequest addPolicyReq;
for (auto &deniedPriv : deniedPrivsAfterChange) {
PolicyEntry entry(SECURITY_MANAGER_ANY, normalUser.getUidString(), deniedPriv);
AppInstallHelperExt app("sm_test_26_1a", "sm_test_26_1a", testUser.getUid());
ScopedInstaller appInstall(app);
- pid_t pid = runInChildParentWait([&] {
- RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed");
- auto expected = getuid();
- Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId());
+ ScopedAppLauncher(app, testUser, [&] {
uid_t owner_uid = 0;
RUNNER_ASSERT_MSG(
security_manager_get_app_owner_uid(getpid(), &owner_uid) == SECURITY_MANAGER_SUCCESS,
"Invalid return from security_manager_get_app_owner_uid()");
- RUNNER_ASSERT_MSG(owner_uid == expected, "Invalid uid returned - expected: "
- << expected << " returned: " << owner_uid);
+ RUNNER_ASSERT_MSG(owner_uid == testUser.getUid(), "Invalid uid returned - expected: "
+ << testUser.getUid() << " returned: " << owner_uid);
});
-
- Api::cleanupApp(app.getAppId(), testUser.getUid(), pid);
}
RUNNER_CHILD_TEST(security_manager_26_1b_security_manager_get_app_owner_uid)
app.checkAfterUninstall();
}
-
RUNNER_CHILD_TEST(security_manager_26_4a_security_manager_get_app_full_credentials_from_pid)
{
TestUser testUser = TestUser::createTemporary("sm_test_26_4a_user_name", GUM_USERTYPE_NORMAL);
AppInstallHelperExt app("sm_test_26_4a", "sm_test_26_4a", testUser.getUid());
ScopedInstaller appInstall(app);
- auto pid = runInChildParentWait([&]{
- // child - the actual application
- RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed");
- auto expected = getuid();
- Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId());
+ ScopedAppLauncher(app, testUser, [&]{
uid_t owner_uid = 0;
char* pkgId = nullptr;
char* appId = nullptr;
security_manager_get_app_full_credentials_from_pid(getpid(), &owner_uid, &pkgId, &appId) == SECURITY_MANAGER_SUCCESS,
"Invalid return from ecurity_manager_get_app_full_credentials_from_pid()");
- RUNNER_ASSERT_MSG(owner_uid == expected, "Invalid uid returned - expected: "
- << expected << " returned: " << owner_uid);
+ CStringPtr pkgPtr(pkgId);
+ CStringPtr appPtr(appId);
+
+ RUNNER_ASSERT_MSG(owner_uid == testUser.getUid(), "Invalid uid returned - expected: "
+ << testUser.getUid() << " returned: " << owner_uid);
- RUNNER_ASSERT_MSG(app.getPkgId() == pkgId, "Invalid pkgId returned from security_manager_get_app_full_credentials_from_pid");
- RUNNER_ASSERT_MSG(appId == nullptr, "Invalid appId returned from security_manager_get_app_full_credentials_from_pid"); // non-hybrid app
+ RUNNER_ASSERT_MSG(
+ pkgId != nullptr && app.getPkgId() == pkgId,
+ "Invalid pkgId returned from security_manager_get_app_full_credentials_from_pid"
+ );
+ // non-hybrid app
+ RUNNER_ASSERT_MSG(
+ appId == nullptr,
+ "Invalid appId returned from security_manager_get_app_full_credentials_from_pid"
+ );
});
- Api::cleanupApp(app.getAppId(), testUser.getUid(), pid);
}
-
RUNNER_CHILD_TEST(security_manager_26_4b_security_manager_get_app_full_credentials_from_pid)
{
TestUser testUser = TestUser::createTemporary("sm_test_26_4b_user_name", GUM_USERTYPE_NORMAL);
AppInstallHelperExt app("sm_test_26_4b", "sm_test_26_4b", testUser.getUid());
app.setHybrid();
ScopedInstaller appInstall(app);
- auto pid = runInChildParentWait([&]{
- // child - the actual application
- RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed");
- auto expected = getuid();
- Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId());
+ ScopedAppLauncher(app, testUser, [&]{
uid_t owner_uid = 0;
char* pkgId = nullptr;
char* appId = nullptr;
security_manager_get_app_full_credentials_from_pid(getpid(), &owner_uid, &pkgId, &appId) == SECURITY_MANAGER_SUCCESS,
"Invalid return from ecurity_manager_get_app_full_credentials_from_pid()");
- RUNNER_ASSERT_MSG(owner_uid == expected, "Invalid uid returned - expected: "
- << expected << " returned: " << owner_uid);
+ CStringPtr pkgPtr(pkgId);
+ CStringPtr appPtr(appId);
+
+ RUNNER_ASSERT_MSG(owner_uid == testUser.getUid(), "Invalid uid returned - expected: "
+ << testUser.getUid() << " returned: " << owner_uid);
- RUNNER_ASSERT_MSG(app.getPkgId() == pkgId, "Invalid pkgId returned from security_manager_get_app_full_credentials_from_pid");
- RUNNER_ASSERT_MSG(app.getAppId() == appId, "Invalid appId returned from security_manager_get_app_full_credentials_from_pid"); // hybrid app
+ RUNNER_ASSERT_MSG(
+ pkgId != nullptr && app.getPkgId() == pkgId,
+ "Invalid pkgId returned from security_manager_get_app_full_credentials_from_pid"
+ );
+ // hybrid app
+ RUNNER_ASSERT_MSG(
+ appId != nullptr && app.getAppId() == appId,
+ "Invalid appId returned from security_manager_get_app_full_credentials_from_pid"
+ );
});
- Api::cleanupApp(app.getAppId(), testUser.getUid(), pid);
}
* limitations under the License.
*/
+#include <scoped_app_launcher.h>
#include <string>
#include <vector>
PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller appInstall(app);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(app.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(
- drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(app, tmpUser, [&] {
std::string uidStr = tmpUser.getUidString();
for (const auto &appPrivilege : app.getPrivileges()) {
PolicyEntry filter(app.getAppId(), uidStr, appPrivilege);
PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller appInstall(app);
- runInChildParentWait([&] { //child process
- Api::setAppProcessIdentity(app.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(
- drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(app, tmpUser, [&] { //child process
std::string wrongUidStr = tmpUser2.getUidString();
for (const auto &appPrivilege : app.getPrivileges()) {
PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege);
PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller appInstall(app);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(app.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(
- drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(app, tmpUser, [&] {
std::string wrongUidStr = tmpUser2.getUidString();
for (const auto &appPrivilege : app.getPrivileges()) {
PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege);
ScopedInstaller appInstall2(app2);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(app1.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(
- drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(app1, tmpUser, [&] {
std::string uidStr = tmpUser.getUidString();
for (const auto &appPrivilege : app1.getPrivileges()) {
PolicyEntry filter(app2.getAppId(), uidStr, appPrivilege);
* limitations under the License.
*/
+#include <scoped_app_launcher.h>
#include <poll.h>
#include <sys/smack.h>
#include <sys/capability.h>
app.addPrivileges({PRIV_EXTERNALSTORAGE, PRIV_MEDIASTORAGE});
ScopedInstaller appInstall(app);
- SynchronizationPipe synchPipe;
- pid_t pid = runInChild([&] {
- synchPipe.claimChildEp();
- try {
- RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(tmpUser) == 0, "launcher failed");
- Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId());
- } catch (...) {
- synchPipe.post();
- throw;
- }
- synchPipe.post();
- });
-
- synchPipe.claimParentEp();
- synchPipe.wait();
+ ScopedAppLauncher launcher = ScopedAppLauncher(app, tmpUser);
PolicyRequest policyRequest;
PolicyEntry policyEntry(app.getAppId(), tmpUser.getUidString(), PRIV_EXTERNALSTORAGE);
policyRequest.addEntry(policyEntry);
Api::sendPolicy(policyRequest);
- waitPid(pid);
- Api::cleanupApp(app.getAppId(), tmpUser.getUid(), pid);
}
namespace {
std::time_t begin = std::time(nullptr);
while(1) {
- pid_t pid2 = runInChildParentWait([&] {
- RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(tmpUser) == 0, "launcher failed");
- Api::prepareAppCandidate();
- Api::prepareApp(app.getAppId());
- });
-
- Api::cleanupApp(app.getAppId(), tmpUser.getUid(), pid2);
+ ScopedAppLauncher(app, tmpUser);
std::time_t now = std::time(nullptr);
if (now - begin >= 30) // wait 30 sec
* limitations under the License.
*/
+#include <scoped_app_launcher.h>
#include <algorithm>
#include <cstdlib>
#include <map>
#include <dpl/test/test_runner_child.h>
#include <pkg_privacy_privileges.h>
#include <policy_configuration.h>
+#include <scoped_app_launcher.h>
#include <scoped_installer.h>
#include <sm_api.h>
#include <sm_commons.h>
}
AppInstallHelper privManager("sm_test_10_privilege_manager", tmpUser.getUid());
- std::string privManagerAppId = privManager.getAppId();
privManager.addPrivilege(SELF_PRIVILEGE);
expectedPolicyCount += privManager.getPrivileges().size();
appIdToAIH.emplace(privManager.getAppId(), std::move(privManager));
scopedInstallations.emplace_back(ScopedInstaller(appIdAIH.second));
}
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(privManagerAppId);
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher launcher(privManager, [&] {
std::vector<PolicyEntry> policyEntries;
Api::getPolicy(PolicyEntry(), policyEntries);
TestUser &normalUserToSwitch = usernameToTTU.at(normalNameToSwitch);
AppInstallHelper privManager("sm_test_11_priv_manager", normalUserToSwitch.getUid());
- std::string privManagerAppId = privManager.getAppId();
privManager.addPrivilege(SELF_PRIVILEGE);
expectedPolicyCount += privManager.getPrivileges().size();
userAppIdToAIH.emplace(std::make_pair(normalUserToSwitch.getUid(), privManager.getAppId()),
scopedInstallations.emplace_back(ScopedInstaller(userAppIdAIH.second));
}
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(privManagerAppId);
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(normalUserToSwitch.getUid(),
- normalUserToSwitch.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(privManager, normalUserToSwitch, [&] {
std::vector<PolicyEntry> policyEntries;
Api::getPolicy(PolicyEntry(), policyEntries);
TestUser &adminUserToSwitch = usernameToTTU.at(adminNameToSwitch);
AppInstallHelper privManager("sm_test_12_priv_manager", adminUserToSwitch.getUid());
- std::string privManagerAppId = privManager.getAppId();
privManager.addPrivilege(SELF_PRIVILEGE);
privManager.addPrivilege(ADMIN_PRIVILEGE);
expectedPolicyCount += privManager.getPrivileges().size();
scopedInstallations.emplace_back(ScopedInstaller(userAppIdAIH.second));
}
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(privManagerAppId);
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUserToSwitch.getUid(),
- adminUserToSwitch.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(privManager, adminUserToSwitch, [&] {
std::vector<PolicyEntry> policyEntries;
Api::getPolicy(PolicyEntry(), policyEntries);
RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
std::map<std::string, TestUser> usernameToTTU;
std::map<uid_t, std::vector<AppInstallHelper>> uidToAIHs;
- unsigned expectedPolicyCount = 0;
- std::string privManagerAppId;
+ std::map<uid_t, AppInstallHelper> uidToPM;
for (unsigned int u_i = 0; u_i < userInfos.size(); u_i++) {
//Only entries for one of the users will be listed
AppInstallHelper app("sm_test_13_" + std::to_string(p_i), user.getUid());
// Shift privileges, so same app_id for different user doesn't have same privileges
app.addPrivileges(TEST_PRIVILEGES.at((p_i + u_i) % TEST_PRIVILEGES.size()));
- expectedPolicyCount += app.getPrivileges().size();
uidToAIHs[user.getUid()].emplace_back(std::move(app));
};
AppInstallHelper privManager("sm_test_13_priv_manager", user.getUid());
- privManagerAppId = privManager.getAppId();
privManager.addPrivilege(SELF_PRIVILEGE);
- expectedPolicyCount += privManager.getPrivileges().size();
- uidToAIHs[user.getUid()].emplace_back(std::move(privManager));
+ uidToPM.emplace(user.getUid(), std::move(privManager));
usernameToTTU.emplace(user.getUserName(), std::move(user));
};
for (const auto &aih : userAIHs.second)
scopedInstallations.emplace_back(ScopedInstaller(aih));
}
+ for (const auto &[uid, pm]: uidToPM) {
+ scopedInstallations.emplace_back(ScopedInstaller(pm));
+ }
- TestUser &adminUser = usernameToTTU.at(adminName);
TestUser &normalUser = usernameToTTU.at(normalName);
+ auto &privManager = uidToPM.at(normalUser.getUid());
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(privManagerAppId);
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(normalUser.getUid(), normalUser.getGid()) == 0,
- "drop_root_privileges failed");
+ ScopedAppLauncher(privManager, normalUser, [&] {
auto &app1 = uidToAIHs[normalUser.getUid()][0];
- auto &app2 = uidToAIHs[normalUser.getUid()][0];
+ auto &app2 = uidToAIHs[normalUser.getUid()][1];
PolicyRequest policyRequest;
PolicyEntry policyEntry(
app1.getAppId(),
policyRequest.addEntry(policyEntry);
Api::sendPolicy(policyRequest);
});
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(privManagerAppId);
- // Admin user, but in context of app, which doesn't have usermanagement privilege
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUser.getUid(), adminUser.getGid()) == 0,
- "drop_root_privileges failed");
+ TestUser &adminUser = usernameToTTU.at(adminName);
+ auto &adminPrivManager = uidToPM.at(adminUser.getUid());
+
+ ScopedAppLauncher(adminPrivManager, adminUser, [&] {
PolicyEntry filter = PolicyEntry(
SECURITY_MANAGER_ANY,
normalUser.getUidString(),
ScopedInstaller privManagerInstall(privManager);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(privManager.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUserToSwitch.getUid(),
- adminUserToSwitch.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(privManager, adminUserToSwitch, [&] {
PolicyRequest setPolicyRequest;
std::vector<PolicyEntry> policyEntries;
privManager.addPrivilege(ADMIN_PRIVILEGE);
ScopedInstaller privManagerInstall(privManager);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(privManager.getAppId());
-
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUser.getUid(), adminUser.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(privManager, adminUser, [&] {
PolicyEntry entry(updatedApp.getAppId(), adminUser.getUidString(), updatePriv);
entry.setMaxLevel(PolicyEntry::LEVEL_ALLOW);
PolicyRequest addPolicyRequest;
privManager.addPrivilege(ADMIN_PRIVILEGE);
ScopedInstaller privManagerInstall(privManager);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(privManager.getAppId());
- RUNNER_ASSERT_MSG(drop_root_privileges(adminUser.getUid(), adminUser.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(privManager, adminUser, [&] {
PolicyEntry entry(SECURITY_MANAGER_ANY, adminUser.getUidString(), updatePriv);
entry.setMaxLevel(PolicyEntry::LEVEL_ALLOW);
privManager.addPrivilege(SELF_PRIVILEGE);
ScopedInstaller privManagerInstall(privManager);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(privManager.getAppId());
- RUNNER_ASSERT_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(privManager, user, [&] {
PolicyEntry entry(app.getAppId(), user.getUidString(), updatePriv);
entry.setLevel(PolicyEntry::LEVEL_ALLOW);
ScopedInstaller privManagerInstall(privManager);
SynchronizationPipe synchPipe;
- pid_t pid = runInChild([&] {
+ ScopedAppLauncher launcher(privManager, user, [&] {
synchPipe.claimChildEp();
- Api::setAppProcessIdentity(privManager.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
- "drop_root_privileges failed");
-
PolicyEntry entry(app.getAppId(), user.getUidString(), updatePriv);
entry.setLevel(PolicyEntry::LEVEL_ALLOW);
PolicyRequest addPolicyRequest;
synchPipe.wait();
admin.adminCheck("", false, app.generateAppLabel().c_str(),
user.getUidString().c_str(), updatePriv.c_str(), CYNARA_ADMIN_DENY, nullptr);
- waitPid(pid);
}
RUNNER_CHILD_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_self_filtered)
}
AppInstallHelper privManager("sm_test_17_priv_manager", user.getUid());
- std::string privManagerAppId = privManager.getAppId();
privManager.addPrivilege(SELF_PRIVILEGE);
privToCount[SELF_PRIVILEGE]++;
policyCount += privManager.getPrivileges().size();
for (const auto &app : appHelpers)
scopedInstallations.emplace_back(std::move(ScopedInstaller(app)));
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(privManagerAppId);
- RUNNER_ASSERT_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
- "drop_root_privileges failed");
-
+ ScopedAppLauncher(privManager, user, [&] {
for (const auto &privCount : privToCount) {
std::vector<PolicyEntry> policyEntries;
PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, privCount.first);
app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(app.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(
- drop_root_privileges(user.getUid(), user.getGid()) == 0,
- "drop_root_privileges failed");
+ ScopedAppLauncher(app, user, [&] {
char **privileges;
size_t nPrivs = 0;
int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
- runInChildParentWait([&] { //child process
- Api::setAppProcessIdentity(app.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(
- drop_root_privileges(user.getUid(), user.getGid()) == 0,
- "drop_root_privileges failed");
+ ScopedAppLauncher(app, user, [&] {
char **privileges;
size_t nPrivs = 0;
int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
ScopedInstaller appInstall1(app1);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(app1.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(
- drop_root_privileges(user1.getUid(), user1.getGid()) == 0,
- "drop_root_privileges failed");
+ ScopedAppLauncher(app1, user1, [&] {
char **privileges;
size_t nPrivs = 0;
int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
ScopedInstaller appInstall1(app1);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(app1.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(
- drop_root_privileges(user.getUid(), user.getGid()) == 0,
- "drop_root_privileges failed");
+ ScopedAppLauncher(app1, user, [&] {
char **privileges;
size_t nPrivs = 0;
int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
ScopedInstaller appInstall1(app1);
- runInChildParentWait([&] {
- Api::setAppProcessIdentity(app1.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(
- drop_root_privileges(user.getUid(), user.getGid()) == 0,
- "drop_root_privileges failed");
+ ScopedAppLauncher(app1, user, [&] {
char **privileges;
size_t nPrivs = 0;
int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
projects / platform / core / test / security-tests.git / commitdiff