* limitations under the License.
*/
+#include <poll.h>
#include <string>
+#include <sys/prctl.h>
#include <sys/smack.h>
#include <sys/types.h>
#include <unistd.h>
#include <app_install_helper.h>
#include <dpl/test/test_runner.h>
#include <memory.h>
-#include <poll.h>
-#include <sys/prctl.h>
+#include <message_pipe.h>
+#include <scoped_installer.h>
#include <sm_api.h>
#include <sm_commons.h>
+#include <sm_label_monitor.h>
#include <synchronization_pipe.h>
#include <temp_test_user.h>
#include <tests_common.h>
gid_t gid;
};
-static UidGidMsg createUserSendCreds(TemporaryTestUser &testUser, int pipefd1)
-{
- testUser.create();
- UidGidMsg msg;
- msg.uid = testUser.getUid();
- msg.gid = testUser.getGid();
- RUNNER_ASSERT_MSG(msg.uid != 0, "wrong uid of created test user");
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd1, &msg, sizeof(UidGidMsg)));
- RUNNER_ASSERT_MSG((written == sizeof(UidGidMsg)),"write failed");
- return msg;
-}
-
-static UidGidMsg readCreds(int pipefd0)
-{
- struct UidGidMsg msg;
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd0, &msg, sizeof(UidGidMsg)));
- RUNNER_ASSERT_MSG(fetched == sizeof(UidGidMsg), "read failed");
- return msg;
-}
-
static void testSetLabelForSelf(const std::string &appName, const std::string &pkgName,
bool expected_success)
{
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_LABEL_MONITOR_API)
-RUNNER_CHILD_TEST(security_manager_71_app_label_monitor_user_local_global) {
-
- const char *sm_app_id_a = "sm_test_71_app_label_monitor_local";
- const char *sm_pkg_id_a = "sm_test_71_app_label_monitor_local";
- const char *sm_app_id_b = "sm_test_71_app_label_monitor_global";
- const char *sm_pkg_id_b = "sm_test_71_app_label_monitor_global";
- const std::string new_user_name = "sm_test_71";
- int pipefd[2];
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1), "pipe failed");
- SynchronizationPipe s_pipe;
-
+RUNNER_CHILD_TEST(security_manager_71_app_label_monitor_user_local_global)
+{
+ SynchronizationPipe synchPipe;
+ TemporaryTestUser testUser("sm_test_71_user_name", GUM_USERTYPE_NORMAL, false);
+ testUser.create();
pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
if (pid != 0) { //parent process
- FdUniquePtr pipeptr(pipefd + 1);
- close(pipefd[0]);
- TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
- UidGidMsg msg = createUserSendCreds(testUser, pipefd[1]);
- int result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- s_pipe.claimParentEp();
- s_pipe.wait(); //synchronization point A1
- install_app(sm_app_id_a, sm_pkg_id_a, msg.uid, SM_APP_INSTALL_LOCAL, false);
- s_pipe.post(); //synchronization point A2
- s_pipe.wait(); //synchronization point B1
- install_app(sm_app_id_b, sm_pkg_id_b, msg.uid, SM_APP_INSTALL_GLOBAL, false);
- s_pipe.post(); //synchronization point B2
- s_pipe.wait(); //synchronization point C1
- uninstall_app(sm_app_id_a, sm_app_id_a, false, SM_APP_INSTALL_LOCAL, false);
- s_pipe.post(); //synchronization point C2
- s_pipe.wait(); //synchronization point D1
- uninstall_app(sm_app_id_b, sm_app_id_b, false, SM_APP_INSTALL_GLOBAL, false);
- s_pipe.post(); //synchronization point D2
+ synchPipe.claimParentEp();
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+ "drop_root_privileges failed");
+
+ synchPipe.wait(); //synchronization point A1
+ AppInstallHelper appLocal("sm_test_71_local", testUser.getUid());
+ appLocal.setInstallType(SM_APP_INSTALL_LOCAL);
+ ScopedInstaller appLocalInstall(appLocal);
+ synchPipe.post(); //synchronization point A2
+
+ synchPipe.wait(); //synchronization point B1
+ AppInstallHelper appGlobal("sm_test_71_global");
+ appLocal.setInstallType(SM_APP_INSTALL_GLOBAL);
+ // This shouldn't be possible with dropped privileges, but uid and gid doesn't suffice
+ // to lose privileges to install applications (tests are running with System::Privileged)
+ ScopedInstaller appGlobalInstall(appGlobal);
+ synchPipe.post(); //synchronization point B2
+
+ synchPipe.wait(); //synchronization point C1
+ appLocalInstall.uninstallApp();
+ synchPipe.post(); //synchronization point C2
+
+ synchPipe.wait(); //synchronization point D1
+ appGlobalInstall.uninstallApp();
+ synchPipe.post(); //synchronization point D2
+
waitPid(pid);
} else { //child process
+ synchPipe.claimChildEp();
setCaps("cap_mac_admin+ep cap_setuid+ep cap_setgid+ep");
RUNNER_ASSERT_ERRNO_MSG(prctl(PR_SET_KEEPCAPS, 1, 0, 0) == 0, "prctl keeping caps failed");
- s_pipe.claimChildEp();
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
- UidGidMsg msg = readCreds(pipefd[0]);
- int result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+ "drop_root_privileges failed");
+
setCaps("cap_mac_admin+ep");
- app_labels_monitor *monitor;
+
+ LabelMonitor monitor;
int fd;
- nfds_t nfds = 1;
- struct pollfd fds[1];
- Api::labelsMonitorInit(&monitor);
- Api::labelsProcess(monitor);
Api::labelsMonitorGetFd(monitor, &fd);
- fds[0].fd = fd;
- fds[0].events = POLLIN;
+ struct pollfd fds[1] = {fd, POLLIN, 0};
for (int i = 0; i < 4; i++) { //A,B,C,D
- s_pipe.post(); //synchronization point {A,B,C,D}1
- s_pipe.wait(); //synchronization point {A,B,C,D}2
+ synchPipe.post(); //synchronization point {A,B,C,D}1
+ synchPipe.wait(); //synchronization point {A,B,C,D}2
+ nfds_t nfds = 1;
int poll_num = TEMP_FAILURE_RETRY(poll(fds, nfds, 0));
RUNNER_ASSERT_MSG(poll_num > 0, "Application installation was not detected");
RUNNER_ASSERT_MSG((fds[0].revents & POLLIN) > 0, "There is no data to read "
"regarding app installation");
}
- Api::labelsMonitorFinish(monitor);
}
}
-RUNNER_CHILD_TEST(security_manager_72_app_label_monitor_user_local) {
+RUNNER_CHILD_TEST(security_manager_72_app_label_monitor_user_local)
+{
+ SynchronizationPipe synchPipe;
+ TemporaryTestUser testUser("sm_test_75_user_name", GUM_USERTYPE_NORMAL, false);
+ testUser.create();
- const char *sm_app_id_a = "sm_test_72_app_label_monitor_local_1";
- const char *sm_pkg_id_a = "sm_test_72_app_label_monitor_local_1";
- const char *sm_app_id_b = "sm_test_72_app_label_monitor_local_2";
- const char *sm_pkg_id_b = "sm_test_72_app_label_monitor_local_2";
- const std::string new_user_name = "sm_test_75";
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid != 0) { //parent process
+ synchPipe.claimParentEp();
- int pipefd[2];
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1), "pipe failed");
- SynchronizationPipe s_pipe;
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+ "drop_root_privileges failed");
- pid_t pid = fork();
- if (pid != 0) { //parent process
- FdUniquePtr pipeptr(pipefd + 1);
- close(pipefd[0]);
- TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
- UidGidMsg msg = createUserSendCreds(testUser, pipefd[1]);
- int result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- s_pipe.claimParentEp();
- s_pipe.wait(); //synchronization point A1
- install_app(sm_app_id_a, sm_pkg_id_a, msg.uid, SM_APP_INSTALL_LOCAL, false);
- s_pipe.post(); //synchronization point A2
- s_pipe.wait(); //synchronization point B1
- install_app(sm_app_id_b, sm_pkg_id_b, msg.uid, SM_APP_INSTALL_LOCAL, false);
- s_pipe.post(); //synchronization point B2
- s_pipe.wait(); //synchronization point C1
- uninstall_app(sm_app_id_a, sm_app_id_a, false, SM_APP_INSTALL_LOCAL, false);
- s_pipe.post(); //synchronization point C2
- s_pipe.wait(); //synchronization point D1
- uninstall_app(sm_app_id_b, sm_app_id_b, false, SM_APP_INSTALL_LOCAL, false);
- s_pipe.post(); //synchronization point D2
- waitPid(pid);
- } else { //child process
- setCaps("cap_mac_admin+ep cap_setuid+ep cap_setgid+ep");
- RUNNER_ASSERT_ERRNO_MSG(prctl(PR_SET_KEEPCAPS, 1, 0, 0) == 0, "prctl keeping caps failed");
- s_pipe.claimChildEp();
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
- UidGidMsg msg = readCreds(pipefd[0]);
- int result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- setCaps("cap_mac_admin+ep");
- app_labels_monitor *monitor;
- int fd;
+ synchPipe.wait(); //synchronization point A1
+ AppInstallHelper appLocal("sm_test_72_local1", testUser.getUid());
+ appLocal.setInstallType(SM_APP_INSTALL_LOCAL);
+ ScopedInstaller appLocalInstall(appLocal);
+ synchPipe.post(); //synchronization point A2
+
+ synchPipe.wait(); //synchronization point B1
+ AppInstallHelper appLocal2("sm_test_72_local2");
+ appLocal2.setInstallType(SM_APP_INSTALL_LOCAL);
+ ScopedInstaller appLocal2Install(appLocal2);
+ synchPipe.post(); //synchronization point B2
+
+ synchPipe.wait(); //synchronization point C1
+ appLocalInstall.uninstallApp();
+ synchPipe.post(); //synchronization point C2
+
+ synchPipe.wait(); //synchronization point D1
+ appLocal2Install.uninstallApp();
+ synchPipe.post(); //synchronization point D2
+
+ waitPid(pid);
+ } else { //child process
+ synchPipe.claimChildEp();
+
+ setCaps("cap_mac_admin+ep cap_setuid+ep cap_setgid+ep");
+ RUNNER_ASSERT_ERRNO_MSG(prctl(PR_SET_KEEPCAPS, 1, 0, 0) == 0, "prctl keeping caps failed");
+
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+ "drop_root_privileges failed");
+ setCaps("cap_mac_admin+ep");
+
+ LabelMonitor monitor;
+ int fd;
+ Api::labelsMonitorGetFd(monitor, &fd);
+ struct pollfd fds[1] = {fd, POLLIN, 0};
+ for (int i = 0; i < 4; i++) { //A,B,C,D
+ synchPipe.post(); //synchronization point {A,B,C,D}1
+ synchPipe.wait(); //synchronization point {A,B,C,D}2
nfds_t nfds = 1;
- struct pollfd fds[1];
- Api::labelsMonitorInit(&monitor);
- Api::labelsProcess(monitor);
- Api::labelsMonitorGetFd(monitor, &fd);
- fds[0].fd = fd;
- fds[0].events = POLLIN;
- for (int i = 0; i < 4; i++) { //A,B,C,D
- s_pipe.post(); //synchronization point {A,B,C,D}1
- s_pipe.wait(); //synchronization point {A,B,C,D}2
- int poll_num = TEMP_FAILURE_RETRY(poll(fds, nfds, 0));
- RUNNER_ASSERT_MSG(poll_num > 0, "Application installation was not detected");
- RUNNER_ASSERT_MSG((fds[0].revents & POLLIN) > 0, "There is no data to read "
- "regarding app installation");
- }
- Api::labelsMonitorFinish(monitor);
+ int poll_num = TEMP_FAILURE_RETRY(poll(fds, nfds, 0));
+ RUNNER_ASSERT_MSG(poll_num > 0, "Application installation was not detected");
+ RUNNER_ASSERT_MSG((fds[0].revents & POLLIN) > 0, "There is no data to read "
+ "regarding app installation");
}
+ }
}
-RUNNER_CHILD_TEST(security_manager_73_app_label_monitor_different_users) {
+RUNNER_CHILD_TEST(security_manager_73_app_label_monitor_different_users)
+{
+ const std::string appLocalName = "sm_test_73_local";
+ const std::string appGlobalName = "sm_test_73_global";
+
+ TemporaryTestUser testUser1("sm_test_73_user_name_1", GUM_USERTYPE_NORMAL, false);
+ testUser1.create();
- const char *sm_app_id_a = "sm_test_73_app_label_monitor_local_1";
- const char *sm_pkg_id_a = "sm_test_73_app_label_monitor_local_1";
- const char *sm_app_id_b = "sm_test_73_app_label_monitor_global_2";
- const char *sm_pkg_id_b = "sm_test_73_app_label_monitor_global_2";
- const std::string new_user_name_1 = "sm_test_73_1";
- const std::string new_user_name_2 = "sm_test_73_2";
+ TemporaryTestUser testUser2("sm_test_73_user_name_2", GUM_USERTYPE_NORMAL, false);
+ testUser2.create();
- SynchronizationPipe s_pipe;
+ AppInstallHelper appLocal(appLocalName, testUser1.getUid());
+ appLocal.setInstallType(SM_APP_INSTALL_LOCAL);
+ ScopedInstaller appLocalInstall(appLocal);
+
+ AppInstallHelper appGlobal(appGlobalName);
+ appGlobal.setInstallType(SM_APP_INSTALL_GLOBAL);
+ ScopedInstaller appGlobalInstall(appGlobal);
pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
if (pid != 0) { //parent process
- s_pipe.claimParentEp();
- TemporaryTestUser testUserOne(new_user_name_1, GUM_USERTYPE_NORMAL, false);
- testUserOne.create();
- s_pipe.post(); //synchronization point A for user creation
- int result = drop_root_privileges(testUserOne.getUid(), testUserOne.getGid());
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- install_app(sm_app_id_a, sm_pkg_id_a, testUserOne.getUid(), SM_APP_INSTALL_LOCAL, false);
- install_app(sm_app_id_b, sm_pkg_id_b, testUserOne.getUid(), SM_APP_INSTALL_GLOBAL, false);
- s_pipe.post(); //synchronization point B
- s_pipe.wait(); //synchronization point C
- uninstall_app(sm_app_id_a, sm_app_id_a, false, SM_APP_INSTALL_LOCAL, false);
- uninstall_app(sm_app_id_b, sm_app_id_b, false, SM_APP_INSTALL_LOCAL, false);
waitPid(pid);
} else { //child process
setCaps("cap_mac_admin+ep cap_setuid+ep cap_setgid+ep");
RUNNER_ASSERT_ERRNO_MSG(prctl(PR_SET_KEEPCAPS, 1, 0, 0) == 0, "prctl keeping caps failed");
- s_pipe.claimChildEp();
- s_pipe.wait(); //synchronization point A for user creation
- TemporaryTestUser testUserTwo(new_user_name_2, GUM_USERTYPE_NORMAL, false);
- testUserTwo.create();
- int result = drop_root_privileges(testUserTwo.getUid(), testUserTwo.getGid());
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser2.getUid(), testUser2.getGid()) == 0,
+ "drop_root_privileges failed");
setCaps("cap_mac_admin+ep");
- app_labels_monitor *monitor;
- Api::labelsMonitorInit(&monitor);
- s_pipe.wait(); //B
+ LabelMonitor monitor;
+
Api::labelsProcess(monitor);
- Api::labelsMonitorFinish(monitor);
setCaps("cap_mac_admin-eip");
- testSetLabelForSelf(sm_app_id_a, sm_pkg_id_a, false); // local installation by another user
- testSetLabelForSelf(sm_app_id_b, sm_pkg_id_b, true); // global installation by another user
- s_pipe.post(); //C
+ // Only for proper appId and pkgId generation
+ AppInstallHelper appLocal(appLocalName), appGlobal(appGlobalName);
+ testSetLabelForSelf(appLocal.getAppId(), appLocal.getPkgId(), false);
+ testSetLabelForSelf(appGlobal.getAppId(), appGlobal.getPkgId(), true);
}
}
-RUNNER_CHILD_TEST(security_manager_74_app_label_monitor_relabel_changes_1) {
-
- const char *sm_app_id_a = "sm_test_74_app_label_monitor_global_1";
- const char *sm_pkg_id_a = "sm_test_74_app_label_monitor_global_1";
- const char *sm_app_id_b = "sm_test_74_app_label_monitor_global_2";
- const char *sm_pkg_id_b = "sm_test_74_app_label_monitor_global_2";
- const char *sm_app_id_c = "sm_test_74_app_label_monitor_global_3";
- const char *sm_pkg_id_c = "sm_test_74_app_label_monitor_global_3";
- const std::string new_user_name = "sm_test_74";
+RUNNER_CHILD_TEST(security_manager_74_app_label_monitor_relabel_changes_global)
+{
+ const std::string appGlobalName1 = "sm_test_74_global1";
+ const std::string appGlobalName2 = "sm_test_74_global2";
- int pipefd[2];
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1), "pipe failed");
- SynchronizationPipe s_pipe;
+ AppInstallHelper appGlobal1(appGlobalName1);
+ AppInstallHelper appGlobal2(appGlobalName2);
+ ScopedInstaller appGlobalInstall1(appGlobal1);
+ ScopedInstaller appGlobalInstall2(appGlobal2);
pid_t pid = fork();
- if (pid != 0) { //parent process
- FdUniquePtr pipeptr(pipefd + 1);
- close(pipefd[0]);
- s_pipe.claimParentEp();
- install_app(sm_app_id_a, sm_pkg_id_a, getuid(), SM_APP_INSTALL_GLOBAL);
- TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
- UidGidMsg msg = createUserSendCreds(testUser, pipefd[1]);
- int result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- install_app(sm_app_id_b, sm_pkg_id_b, msg.uid, SM_APP_INSTALL_GLOBAL, false);
- install_app(sm_app_id_c, sm_pkg_id_c, msg.gid, SM_APP_INSTALL_GLOBAL, false);
- s_pipe.post(); //Synchronization point A
- s_pipe.wait(); //Synchronization point B
- uninstall_app(sm_app_id_a, sm_pkg_id_a, false, SM_APP_INSTALL_GLOBAL, false);
- uninstall_app(sm_app_id_b, sm_app_id_b, false, SM_APP_INSTALL_GLOBAL, false);
- uninstall_app(sm_app_id_c, sm_app_id_c, false, SM_APP_INSTALL_GLOBAL, false);
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid != 0) { // parent
waitPid(pid);
- } else { //child process
+ } else { // child
+ TemporaryTestUser testUser("sm_test_74_user_name", GUM_USERTYPE_NORMAL, false);
+
setCaps("all=eip");
RUNNER_ASSERT_ERRNO_MSG(prctl(PR_SET_KEEPCAPS, 1, 0, 0) == 0, "prctl keeping caps failed");
- s_pipe.claimChildEp();
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
- UidGidMsg msg = readCreds(pipefd[0]);
- int result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ testUser.create();
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+ "drop_root_privileges failed");
setCaps("cap_mac_admin=eip");
- app_labels_monitor *monitor;
- Api::labelsMonitorInit(&monitor);
- s_pipe.wait(); //A
+
+ LabelMonitor monitor;
Api::labelsProcess(monitor);
- Api::labelsMonitorFinish(monitor);
setCaps("cap_mac_admin-eip");
- testSetLabelForSelf(sm_app_id_a, sm_pkg_id_a, true); // global installation (OK)
- testSetLabelForSelf(sm_app_id_b, sm_pkg_id_b, false); //second change
- testSetLabelForSelf(sm_app_id_c, sm_pkg_id_c, false); //second change
- s_pipe.post(); //B
+
+ testSetLabelForSelf(appGlobal1.getAppId(), appGlobal1.getPkgId(), true); // global installation (OK)
+ testSetLabelForSelf(appGlobal1.getAppId(), appGlobal1.getPkgId(), false); //second change
+ testSetLabelForSelf(appGlobal2.getAppId(), appGlobal2.getPkgId(), false); //third change
}
}
-RUNNER_CHILD_TEST(security_manager_75_app_label_monitor_relabel_changes_2) {
-
- const char *sm_app_id_a = "sm_test_75_app_label_monitor_local_1";
- const char *sm_pkg_id_a = "sm_test_75_app_label_monitor_local_1";
- const char *sm_app_id_b = "sm_test_75_app_label_monitor_local_2";
- const char *sm_pkg_id_b = "sm_test_75_app_label_monitor_local_2";
- const char *sm_app_id_c = "sm_test_75_app_label_monitor_local_3";
- const char *sm_pkg_id_c = "sm_test_75_app_label_monitor_local_3";
- const char *bad_seed ="Not_permitted_id";
+RUNNER_CHILD_TEST(security_manager_75_app_label_monitor_relabel_changes_local)
+{
+ const std::string appLocalName1 = "sm_test_75_local1";
+ const std::string appLocalName2 = "sm_test_75_local2";
+ const std::string appLocalName3 = "sm_test_75_local3";
const std::string new_user_name = "sm_test_75";
-
- int pipefd[2];
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1), "pipe failed");
- SynchronizationPipe s_pipe;
+ TemporaryTestUser testUser("sm_test_75_user_name", GUM_USERTYPE_NORMAL, false);
+ testUser.create();
+ SynchronizationPipe synchPipe;
pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
if (pid != 0) { //parent process
- FdUniquePtr pipeptr(pipefd + 1);
- close(pipefd[0]);
- s_pipe.claimParentEp();
- TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
- UidGidMsg msg = createUserSendCreds(testUser, pipefd[1]);
- int result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- install_app(sm_app_id_a, sm_pkg_id_a, msg.uid, SM_APP_INSTALL_LOCAL, false);
- install_app(sm_app_id_b, sm_pkg_id_b, msg.uid, SM_APP_INSTALL_LOCAL, false);
- install_app(sm_app_id_c, sm_pkg_id_c, msg.uid, SM_APP_INSTALL_LOCAL, false);
- uninstall_app(sm_app_id_a, sm_pkg_id_a, false, SM_APP_INSTALL_LOCAL, false);
- s_pipe.post(); //Synchronization A
- s_pipe.wait(); //Synchronization B
- uninstall_app(sm_app_id_b, sm_pkg_id_b, false, SM_APP_INSTALL_LOCAL, false);
- uninstall_app(sm_app_id_c, sm_pkg_id_c, false, SM_APP_INSTALL_LOCAL, false);
+ synchPipe.claimParentEp();
+
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+ "drop_root_privileges failed");
+
+ AppInstallHelper appLocal1(appLocalName1, testUser.getUid());
+ AppInstallHelper appLocal2(appLocalName2, testUser.getUid());
+ AppInstallHelper appLocal3(appLocalName3, testUser.getUid());
+ ScopedInstaller appLocalInstall1(appLocal1), appLocalInstall2(appLocal2), appLocalInstall3(appLocal3);
+ appLocalInstall1.uninstallApp();
+ synchPipe.post();
+
waitPid(pid);
} else { //child process
+ synchPipe.claimChildEp();
+
setCaps("all=eip");
RUNNER_ASSERT_ERRNO_MSG(prctl(PR_SET_KEEPCAPS, 1, 0, 0) == 0, "prctl keeping caps failed");
- s_pipe.claimChildEp();
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
- UidGidMsg msg = readCreds(pipefd[0]);
- int result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
+ "drop_root_privileges failed");
setCaps("cap_mac_admin=eip");
- app_labels_monitor *monitor;
- Api::labelsMonitorInit(&monitor);
- s_pipe.wait(); //A
+
+ synchPipe.wait();
+ LabelMonitor monitor;
Api::labelsProcess(monitor);
- Api::labelsMonitorFinish(monitor);
+
setCaps("cap_mac_admin-eip");
- testSetLabelForSelf(bad_seed, "", false); //not premitted
- testSetLabelForSelf(sm_app_id_a, sm_pkg_id_a, false); //uninstalled
- testSetLabelForSelf(sm_app_id_b, sm_pkg_id_b, true); //installed
- testSetLabelForSelf(sm_app_id_c, sm_pkg_id_c, false); //second change
- s_pipe.post(); //B
+ testSetLabelForSelf("unknownApp", "unknownPkg", false); //not premitted
+
+ // Only for proper appId and pkgId generation
+ AppInstallHelper appLocal1(appLocalName1), appLocal2(appLocalName2), appLocal3(appLocalName3);
+ testSetLabelForSelf(appLocal1.getAppId(), appLocal1.getPkgId(), false); //uninstalled
+ testSetLabelForSelf(appLocal2.getAppId(), appLocal2.getPkgId(), true); //installed
+ testSetLabelForSelf(appLocal3.getAppId(), appLocal3.getPkgId(), false); //second change
}
}
projects / platform / core / test / security-tests.git / commitdiff