RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir)
{
int result;
+
+ DB_BEGIN
+
result = perm_app_install(APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APPID_SHARED_DIR);
RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
+ DB_END
+
result = nftw(TEST_APP_DIR, &nftw_check_labels_app_shared_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for shared app dir");
*/
RUNNER_TEST_SMACK(privilege_control04_add_permissions)
{
- int result = perm_app_uninstall(APP_ID);
+ int result = 0;
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
result = perm_app_install(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" perm_app_enable_permissions failed with result: " << result);
+ DB_END
+
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules_efl);
RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
int result;
// Cleanup
+ DB_BEGIN
+
result = perm_app_uninstall(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
result = perm_app_uninstall(WGT_PARTNER_APP_ID);
result = perm_app_uninstall(OSP_PLATFORM_APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ // Close transaction to commit uninstallation before further actions
+ DB_END
+
+ DB_BEGIN
+
// Install test apps
result = perm_app_install(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
result = perm_app_install(OSP_PLATFORM_APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ // Close transaction to commit installation before further actions
+ DB_END
+
+ DB_BEGIN
// TEST:
// Revoke permissions
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
+ DB_END
+
// Are all the permissions revoked?
result = test_have_any_accesses(rules_wgt);
RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
result = test_have_any_accesses(rules_osp_platform);
RUNNER_ASSERT_MSG(result == 0, "Not all permisions revoked.");
+ DB_BEGIN
+
// Cleanup - uninstall test apps
result = perm_app_uninstall(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
result = perm_app_uninstall(OSP_PLATFORM_APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ DB_END
}
const char** privileges, const char* type,
const char* app_path, const char* dac_file,
const std::vector< std::vector<std::string> > &rules) {
+
int result = perm_app_uninstall(app_id);
RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
" perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ DB_BEGIN
+
result = perm_app_install(app_id);
RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
" perm_app_install returned " << result << ". Errno: " << strerror(errno));
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
" Error enabling app permissions. Result: " << result);
+ DB_END
+
result = test_have_all_accesses(rules);
RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
remove_smack_files();
+ DB_BEGIN
// argument validation
result = perm_add_api_feature(APP_TYPE_OSP, NULL, NULL, NULL, 0);
}, NULL, 0);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ DB_END
// empty group ids
result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), (const char*[]) {"~APP~ b a",NULL},(const gid_t[]) {0,1,2},0);
}
/*
- * Check perm_app_install function
+ * Check perm_app_uninstall function
*/
RUNNER_TEST(privilege_control07_app_uninstall)
{
cleaning_smack_app_files();
+ DB_BEGIN
+
// Adding two apps before antivir
result = perm_app_install(APP_TEST_APP_1);
RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
result = app_register_av(APP_TEST_AV_1);
RUNNER_ASSERT_MSG(result == 0, "app_register_av returned " << result << ". Errno: " << strerror(errno));
+ DB_END
+
// Checking added apps accesses
checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_1, "app_register_av(APP_TEST_AV_1)");
checkOnlyAvAccess(APP_TEST_AV_1, APP_TEST_APP_2, "app_register_av(APP_TEST_AV_1)");
int result;
// Clean up after test:
+ DB_BEGIN
+
result = perm_app_uninstall(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
result = perm_app_install(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
+ DB_END
+
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+ DB_BEGIN
+
// Clean up
result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
+ DB_END
+
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2);
RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+ DB_BEGIN
+
// Clean up
result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
+ DB_END
+
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_no_r);
RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+ DB_BEGIN
+
// Clean up
result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions without r. Result: " << result);
+ DB_END
+
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_no_r);
RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
result = test_have_all_accesses(rules2);
RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
+ DB_BEGIN
+
// Clean up
result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions without r. Result: " << result);
+ DB_END
+
// Check if the accesses are realy applied..
result = test_have_all_accesses(rules2_no_r);
RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
result = test_have_all_accesses(rules2_r);
RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
+ DB_BEGIN
+
// Clean up
result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
result = perm_app_uninstall(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ DB_END
}
RUNNER_CHILD_TEST(privilege_control11_app_enable_permissions_efl)
{
int result;
+ DB_BEGIN
+
// Prepare
result = perm_app_uninstall(EFL_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error enabling app permissions. Result: " << result);
+ DB_END
+
RUNNER_ASSERT_MSG(smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
"SMACK accesses not granted for EFL_APP");
{
int result;
+ DB_BEGIN
+
// Prepare
result = perm_app_uninstall(EFL_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error enabling app permissions. Result: " << result);
+ DB_END
+
RUNNER_ASSERT_MSG(smack_have_access(EFL_APP_ID,"test_book_efl", "r"),
"SMACK accesses not granted for EFL_APP");
{
int result;
+ DB_BEGIN
+
// Prepare
result = perm_app_uninstall(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
+ DB_END
+
// Are all the permissions enabled?
result = test_have_any_accesses(rules2);
RUNNER_ASSERT_MSG(result==1, "Not all permisions enabled.");
* Test - disable some granted permissions leaving non complementary and then disabling those too.
*/
+ DB_BEGIN
+
// Prepare permissions that will not be disabled
result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error disabling app second permissions. Result: " << result);
+ DB_END
+
// Are all second permissions disabled?
result = test_have_any_accesses(rules2);
RUNNER_ASSERT_MSG(result!=1, "Not all first permisions disabled.");
* Test - disable only no r granted permissions.
*/
+ DB_BEGIN
+
// Prepare permissions
result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, 1);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error disabling app no r permissions. Result: " << result);
+ DB_END
+
// Is any r permissions disabled?
result = test_have_all_accesses(rules2_r);
RUNNER_ASSERT_MSG(result==1, "Some of r permissions disabled.");
* Test - doing reset and checking if rules exist again.
*/
+ DB_BEGIN
+
result = perm_app_install(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error reseting app permissions. Result: " << result);
+ DB_END
+
// Are all second permissions not disabled?
result = test_have_all_accesses(rules2);
RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
+ DB_BEGIN
+
// Disable permissions
result = perm_app_revoke_permissions(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
result = perm_app_uninstall(WGT_APP_ID);
RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ DB_END
}
/**
(void)perm_app_uninstall(APP_1);
(void)perm_app_uninstall(APP_2);
+ DB_BEGIN
+
//install some app 1
ret = perm_app_install(APP_1);
RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install." << ret);
RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << ret);
+ DB_END
+
//check if "app_test" has an RX access to the app "app_1"
ret = smack_have_access(APP_TEST, APP_1, "rx");
RUNNER_ASSERT_MSG(ret,"access denied");
RUNNER_ASSERT_MSG(ret,"access denied to smack label: " << app1_dir_label);
+ DB_BEGIN
+
//intstall another app: "app_2"
ret = perm_app_install(APP_2);
RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_install.");
ret = perm_app_setup_path(APP_2, APP_2_DIR, APP_PATH_SETTINGS_RW );
RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "Error in perm_app_setup_path: " << ret);
+ DB_END
+
//check if "app_test" has an RX access to the app "app_2"
ret = smack_have_access(APP_TEST, APP_2, "rx");
RUNNER_ASSERT_MSG(ret,"access denies");
rmdir(APP_1_DIR);
rmdir(APP_2_DIR);
+ DB_BEGIN
+
(void)perm_app_uninstall(APP_TEST);
(void)perm_app_uninstall(APP_1);
(void)perm_app_uninstall(APP_2);
+
+ DB_END
}
void test_app_setup_path(int line_no, app_path_type_t PATH_TYPE) {
int result;
+ DB_BEGIN
+
result = perm_app_uninstall(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
" Error in perm_app_uninstall." << result);
RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
" perm_app_setup_path() failed");
+ DB_END
+
result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
" Unable to check Smack labels for non-app dir");
unlink(SMACK_RULES_DIR APP_ID);
+ DB_BEGIN
+
perm_app_uninstall(APP_ID);
result = perm_app_install(APP_ID);
result = perm_app_enable_permissions(APP_TEST_APP_1, APP_TYPE_WGT, (const char**) &perm, 1);
RUNNER_ASSERT_MSG(result == 0, "app_enable_permission failed: " << result);
+ DB_END
+
file = fopen(SMACK_STARTUP_RULES_FILE, "r");
RUNNER_ASSERT_MSG(file != NULL, "File open failed: " << SMACK_STARTUP_RULES_FILE << " : " << file << ". Errno: " << strerror(errno));
#include <dpl/test/test_runner.h>
#include <privilege-control.h>
#include <libprivilege-control_test_common.h>
+#include <tests_common.h>
#include <sys/smack.h>
// ---- Macros and arrays used in stress tests ----
"Unable to clean up Smack labels in: " << TEST_NON_APP_DIR
<< ". Result: " << result);
+ DB_BEGIN
+
result = perm_app_revoke_permissions(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error in perm_app_revoke_permissions. Result: " << result);
"Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
<< TEST_WGT_FEATURE << ". Result: " << result);
+ DB_END
+
// Install app loop
for (int i = 0; i < 100; ++i)
{
+ DB_BEGIN
+
// Add application
result = perm_app_install(APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error in perm_app_enable_permissions from WGT Feature. Loop index: "
<< i << ". Result: " << result);
+ DB_END
+
// add shared dirs
switch (i%2) // separate odd and even loop runs
{
case 0: // Shared dirs: APP_PATH_PRIVATE & APP_PATH_PUBLIC_RO
{
+ DB_BEGIN
+
// Add app shared dir - APP_PATH_PRIVATE
result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
APP_PATH_PRIVATE);
"Error in perm_app_setup_path. Loop index: " << i
<< ". Result: " << result);
+ DB_END
+
// Verify that some previously installed app does not have any access
// to APP_ID private label
result = test_have_any_accesses(rules_to_test_any_access1);
}
case 1: // Shared dirs: APP_PATH_APPSETTING_RW & APP_PATH_GROUP_RW
{
+ DB_BEGIN
+
// Add app shared dir - APP_PATH_SETTINGS_RW
result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
APP_PATH_SETTINGS_RW);
"Error in perm_app_setup_path. Loop index: " << i
<< ". Result: " << result);
+ DB_END
+
// Get autogenerated App-Setting label
char *label;
result = smack_getlabel(TEST_APP_DIR, &label,
<< ". Result: " << result);
} // END Install app loop
+ DB_BEGIN
+
// Uninstall setting app and additional app
result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
"Error in perm_app_uninstall. Result: " << result);
+ DB_END
+
// Remove api features
// TODO: Rewrite removing features
unlink(FILE_PATH_TEST_OSP_FEATURE);
RUNNER_ASSERT_MSG(result > 0, "Cannot generate name for app nr: " << i);
}
+ DB_BEGIN
+
// Clear any previously created apps, files, labels and permissions
for (int i = 0; i < app_count; ++i)
{
"Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
<< TEST_WGT_FEATURE << ". Result: " << result);
+ DB_END
+
// Install apps loop
for (int i = 0; i < 10; ++i)
{
+ DB_BEGIN
+
// Install 10 apps
for (int j = 0; j < app_count; ++j)
{
"Error in perm_app_setup_path. App id: " << app_ids[9]
<< " Loop index: " << i << ". Result: " << result);
+ DB_END
+
// Verify that some previously installed app does not have
// any acces to app 0 and app 5 PRIVATE folders
for (int j = 0; j < app_count; ++j)
<< app_ids[j] << ". Loop index: " << i);
}
+ DB_BEGIN
+
// Revoke permissions
for (int j = 0; j < app_count; ++j)
{
<< ". Result: " << result);
}
+ DB_END
+
// Check if permissions are removed properly
for (int j = 0; j < app_count; ++j)
{
}
}
+ DB_BEGIN
+
// Remove labels from folders and uninstall all apps
for (int j = 0; j < app_count; ++j)
{
<< ". Result: " << result);
}
+ DB_END
+
// Remove created dirs
for (int j = 0; j < app_count; ++j)
{