additional_rules_table_check();
}
+void TestLibPrivilegeControlDatabase::test_db_label(const std::string& label_name)
+{
+ if(!m_base.is_open())
+ m_base.open();
+
+ Sqlite3DBaseSelectResult result;
+ ostringstream sql;
+
+
+ sql << "SELECT label_id FROM label WHERE name = '" << label_name << "' ;";
+ m_base.execute(sql.str(), result);
+
+ RUNNER_ASSERT_MSG_BT(result.rows.size() == 1, "querry : <" << sql.str() << "> returned [" <<
+ result.rows.size() << "] rows");
+}
+
+void TestLibPrivilegeControlDatabase::test_db_not_label(const std::string& label_name)
+{
+ if(!m_base.is_open())
+ m_base.open();
+
+ Sqlite3DBaseSelectResult result;
+ ostringstream sql;
+
+ sql << "SELECT label_id FROM label WHERE name = '" << label_name << "' ;";
+ m_base.execute(sql.str(), result);
+
+ RUNNER_ASSERT_MSG_BT(result.rows.size() == 0, "querry : <" << sql.str() << "> returned [" <<
+ result.rows.size() << "] rows");
+}
+
+void TestLibPrivilegeControlDatabase::test_db__perm_app_setup_path(const std::string& app_name,
+ const std::string& path)
+{
+ if(!m_base.is_open())
+ m_base.open();
+
+ Sqlite3DBaseSelectResult result;
+ ostringstream sql;
+
+ sql << "SELECT * FROM app_path "
+ "INNER JOIN app USING(app_id) "
+ "INNER JOIN label ON label.label_id = app.label_id "
+ "WHERE "
+ "label.name == '" << app_name << "' "
+ "AND app_path.path == '" << path << "' "
+ ";";
+ m_base.execute(sql.str(), result);
+
+ RUNNER_ASSERT_MSG_BT(result.rows.size() == 1, ": querry : <" << sql.str() << "> returned [" <<
+ result.rows.size() << "] rows");
+}
+
+void TestLibPrivilegeControlDatabase::test_db__perm_app_remove_path(const std::string& app_name,
+ const std::string& path)
+{
+ if(!m_base.is_open())
+ m_base.open();
+
+ Sqlite3DBaseSelectResult result;
+ ostringstream sql;
+
+ sql << "SELECT * FROM app_path "
+ "INNER JOIN app USING(app_id) "
+ "INNER JOIN label ON label.label_id = app.label_id "
+ "WHERE "
+ "label.name == '" << app_name << "' "
+ "AND app_path.path == '" << path << "' "
+ ";";
+ m_base.execute(sql.str(), result);
+
+ RUNNER_ASSERT_MSG_BT(result.rows.size() == 0, "querry : <" << sql.str() << "> returned [" <<
+ result.rows.size() << "] rows");
+}
+
void TestLibPrivilegeControlDatabase::app_label(const std::string& app_name)
{
Sqlite3DBaseSelectResult result;
*
* It checks existence of proper: label, app records and permission for ALL_APPS for installed app.
*
- * @param name name of installed app
+ * @param name name of installed app
*/
void test_db_after__perm_app_install(const char* name);
*
* It checks absence of proper: label for installed app.
*
- * @param name name of uninstalled app
+ * @param name name of uninstalled app
*/
void test_db_after__perm_app_uninstall(const char* name);
*
* It checks existence of proper permissions from perm_list and main permission for whole app_type.
*
- * @param name name of application
- * @param app_type type of application (EFL, WRT, etc. )
- * @param perm_list list of permission to enable
- * @param persistent persistence or volatileness of permissions
+ * @param name name of application
+ * @param app_type type of application (EFL, WRT, etc. )
+ * @param perm_list list of permission to enable
+ * @param persistent persistence or volatileness of permissions
*/
void test_db_after__perm_app_enable_permissions(const char* name, app_type_t app_type,
const char** perm_list, bool persistent);
*/
void test_db_after__perm_add_additional_rules(const additional_rules& rules);
+/**
+ * @brief Check existence of label with given name.
+ *
+ * @label_name name of the label
+ */
+ void test_db_label(const std::string& label_name);
+
+/**
+ * @brief Check absence of test_db_label with given name.
+ *
+ * @label_name name of the label
+ */
+ void test_db_not_label(const std::string& label_name);
+
+/**
+ * @brief Check existence of path for given app.
+ *
+ * @param app_name name of application
+ * @param path name of path
+ */
+ void test_db__perm_app_setup_path(const std::string& app_name, const std::string& path);
+
+/**
+ * @brief Check absence of path for given app.
+ *
+ * @param app_name name of application
+ * @param path name of path
+ */
+ void test_db__perm_app_remove_path(const std::string& app_name, const std::string& path);
+
private:
/**
* @var base
/**
* @brief Check existence of label related records for given app.
*
- * @param app_name name of application
+ * @param app_name name of application
*/
void app_label(const std::string& app_name);
/**
* @brief Check absence of label record for given app.
*
- * @param app_name name of application
+ * @param app_name name of application
*/
void app_not_label(const std::string& app_name);
/**
* @brief It checks single additional record (and marks it in temporary table)
*
- * @param rule additional rule to be checked
+ * @param rule additional rule to be checked
*/
void additional_rules_check_single_rule(const additional_rule& rule);
/**
* @brief Checks existence of single record in label table
*
- * @param label label to be checked
+ * @param label label to be checked
*/
void label(const std::string& label);
/**
* @brief Checks existence of single record in app_path_type table
*
- * @param path path to be checked
+ * @param path path to be checked
*/
void app_path_type(const std::string& path);
/**
* @brief Checks existence of single record in label_app_path_type_rule table
*
- * @param rule rule to be checked (object field is ignored
- * only: subject, isreverse and access fields are used)
- * @param path path to be checked (as object of rule)
+ * @param rule rule to be checked (object field is ignored
+ * only: subject, isreverse and access fields are used)
+ * @param path path to be checked (as object of rule)
*/
void label_app_path_type_rule(const additional_rule& rule, const std::string& path);
DB_END
}
+
+RUNNER_TEST(privilege_control29_perm_app_remove_path)
+{
+ char** pp_paths;
+ int result;
+ size_t i;
+ const size_t i_num_paths_to_remove = 4;
+ const size_t i_num_paths = 7;
+ CStringListPtr paths;
+ std::vector<Directory> test_paths;
+
+ for (i = 0; i < i_num_paths; ++i) {
+ test_paths.push_back(Directory("/tmp/dir" + std::to_string(i), 0));
+ RUNNER_ASSERT_MSG_BT(test_paths[i].isCreated(), "failed to create a directory " <<
+ test_paths[i].path() << ": " << strerror(test_paths[i].errorCode()));
+ }
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_ID);
+
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed: " <<
+ perm_strerror(result));
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " <<
+ perm_strerror(result));
+
+ for (i = 0; i < i_num_paths; ++i) {
+ result = perm_app_setup_path(APP_ID, test_paths[i].path().c_str(), PERM_APP_PATH_PUBLIC);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path failed: " << perm_strerror(result));
+ }
+
+ for (i = 0; i < i_num_paths_to_remove; ++i) {
+ result = perm_app_remove_path(APP_ID, test_paths[i].path().c_str());
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_remove_path failed: " << perm_strerror(result));
+ }
+
+ result = perm_app_get_paths(APP_ID, PERM_APP_PATH_PUBLIC, &pp_paths);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_get_paths failed: " <<
+ perm_strerror(result));
+ paths.reset(pp_paths);
+
+ DB_END
+
+ for (i = 0; pp_paths[i] != NULL; ++i) {
+ RUNNER_ASSERT_MSG_BT(i < i_num_paths - i_num_paths_to_remove,
+ "perm_app_remove_path removed too few paths");
+ RUNNER_ASSERT_MSG_BT(test_paths[i + i_num_paths_to_remove].path() == pp_paths[i],
+ "unexpected path encountered - " << pp_paths[i] << " instead of " <<
+ test_paths[i + i_num_paths].path() <<
+ " - perm_app_remove_path removed wrong path?");
+ }
+ RUNNER_ASSERT_MSG_BT(i == i_num_paths - i_num_paths_to_remove,
+ "perm_app_remove_path removed too many paths");
+
+ for (i = i_num_paths_to_remove; i < i_num_paths; ++i) {
+ RUNNER_ASSERT_MSG_BT(mkdir(test_paths[i].path().c_str(), 0) == -1 && errno == EEXIST,
+ "unexpected error " << strerror(errno) <<
+ "- perm_app_remove_path removed data from file system?");
+ }
+}
+
+RUNNER_TEST(privilege_control29_perm_app_remove_path_group)
+{
+ const char* label = "perm.app.remove.path.group";
+ int result;
+ Directory directory("/tmp/perm_app_remove_path_dir1", 0);
+ TestLibPrivilegeControlDatabase db_test;
+
+ RUNNER_ASSERT_MSG_BT(directory.isCreated(), "failed to create the directory " <<
+ directory.path() << ": " << strerror(directory.errorCode()));
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_1);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed: " <<
+ perm_strerror(result));
+
+ result = perm_app_uninstall(APP_2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed: " <<
+ perm_strerror(result));
+
+ result = perm_app_install(APP_1);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " <<
+ perm_strerror(result));
+
+ result = perm_app_install(APP_2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " <<
+ perm_strerror(result));
+
+ result = perm_app_setup_path(APP_1, directory.path().c_str(), PERM_APP_PATH_GROUP, label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path failed: " << perm_strerror(result));
+
+ result = perm_app_setup_path(APP_2, directory.path().c_str(), PERM_APP_PATH_GROUP, label);
+ RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_setup_path failed: " << perm_strerror(result));
+
+ result = perm_app_remove_path(APP_1, directory.path().c_str());
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_remove_path failed: " <<
+ perm_strerror(result));
+
+ DB_END
+
+ db_test.test_db_label(label);
+ db_test.test_db__perm_app_remove_path(APP_1, directory.path());
+ db_test.test_db__perm_app_setup_path(APP_2, directory.path());
+
+ DB_BEGIN
+
+ result = perm_app_remove_path(APP_2, directory.path().c_str());
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_remove_path failed: " <<
+ perm_strerror(result));
+
+ DB_END
+
+ db_test.test_db__perm_app_remove_path(APP_2, directory.path());
+ db_test.test_db_not_label(label);
+
+ RUNNER_ASSERT_MSG_BT(mkdir(directory.path().c_str(), 0) == -1 && errno == EEXIST,
+ "unexpected error " << strerror(errno) <<
+ "- perm_app_remove_path removed data from file system?");
+}
&pp_paths) == PC_ERR_INVALID_PARAM,
"perm_app_get_paths should not accept paths of type PERM_APP_PATH_ANY_LABEL");
}
+
+RUNNER_TEST(privilege_control21p_incorrect_params_perm_app_remove_path)
+{
+ RUNNER_ASSERT_MSG_BT(perm_app_remove_path(NULL, "path") == PC_ERR_INVALID_PARAM,
+ "perm_app_remove_path didn't check if pkg_id isn't NULL.");
+}
projects / platform / core / test / security-tests.git / commitdiff