test_app_setup_path(__LINE__, APP_PATH_SETTINGS_RW);
}
-/**
- * AV Privilege test cases.
- *
- * Each privilege_control24* test case tests antivirus privileges for each app_type_t, except for
- * deprecated APP_TYPE_OTHER type.
- */
-
-int nftw_remove_dir(const char* filename, const struct stat* /*statptr*/, int /*fileflags*/,
- struct FTW* /*pfwt*/)
-{
- int result = -1;
-
- struct stat filestat;
-
- result = stat(filename, &filestat);
- RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to get file statistics. Result: "
- << result << ", error: " << strerror(errno) << ", file: " << filename);
-
- if(S_ISREG(filestat.st_mode)) {
- result = unlink(filename);
- RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to unlink file. Result: "
- << result << ", error: " << strerror(errno) << ", file: " << filename);
- } else if(S_ISDIR(filestat.st_mode)) {
- result = rmdir(filename);
- RUNNER_ASSERT_MSG_BT(result == 0, "NFTW error: Failed to remove dir. Result: "
- << result << ", error: " << strerror(errno) << ", file: " << filename);
- }
-
- return 0;
-}
-
-void InstallApp(const char* pkg_id, const char* path, app_path_type_t app_path_type,
- const char* shared_label)
-{
- int result = -1;
-
- result = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP);
- RUNNER_ASSERT_MSG_BT(result == 0, "Can't create dir for tests. Result: " << result <<
- ", error: " << strerror(errno) << ", app_path_type: " << app_path_type);
-
- DB_BEGIN
-
- result = perm_app_revoke_permissions(pkg_id);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
- << result << ", app_path_type: " << app_path_type);
- result = perm_app_uninstall(pkg_id);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
- << result << ", app_path_type: " << app_path_type);
-
- result = perm_app_install(pkg_id);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
- << result << ", app_path_type: " << app_path_type);
- result = perm_app_setup_path(pkg_id, path, app_path_type, shared_label);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_setup_path failed. Result: "
- << result << ", app_path_type: " << app_path_type);
-
- DB_END
-}
-
-void InstallAV(const char* av_id, app_type_t av_type)
-{
- int result = -1;
-
- DB_BEGIN
-
- result = perm_app_revoke_permissions(av_id);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "revoke_permissions failed. Result: "
- << result << ", av_type: " << av_type);
- result = perm_app_uninstall(av_id);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_uninstall failed. Result: "
- << result << ", av_type: " << av_type);
-
- result = perm_app_install(av_id);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed. Result: "
- << result << ", av_type: " << av_type);
- result = perm_app_enable_permissions(av_id, av_type, PRIVS_AV, true);
- RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "register_permissions failed. Result: "
- << result << ", av_type: " << av_type);
-
- DB_END
-}
-
-void CheckAVPrivilege(app_type_t av_type, app_path_type_t app_path_type)
-{
- int result = -1;
-
- //clean before test
- result = nftw(APP_TEST_APP_1_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
- ", error " << strerror(errno));
-
- result = nftw(APP_TEST_APP_2_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
- ", error " << strerror(errno));
-
- result = nftw(APP_TEST_APP_3_DIR, nftw_remove_dir, FTW_MAX_FDS, FTW_DEPTH | FTW_PHYS);
- RUNNER_ASSERT_MSG_BT(result == 0 || errno == ENOENT, "Failed to nftw. Result: " << result <<
- ", error " << strerror(errno));
-
- InstallApp(APP_TEST_APP_1, APP_TEST_APP_1_DIR, app_path_type, APP_TEST_APP_1_SHARED_LABEL);
- InstallAV(APP_TEST_AV_1, av_type);
- InstallApp(APP_TEST_APP_2, APP_TEST_APP_2_DIR, app_path_type, APP_TEST_APP_2_SHARED_LABEL);
- InstallAV(APP_TEST_AV_2, av_type);
- InstallApp(APP_TEST_APP_3, APP_TEST_APP_3_DIR, app_path_type, APP_TEST_APP_3_SHARED_LABEL);
-
- //test - get ACCESS label and check AV privilege
-
- char* tmp;
-
- //get labels
- result = smack_lgetlabel(APP_TEST_APP_1_DIR, &tmp, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
- << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
- std::string label1(tmp);
- free(tmp);
-
- result = smack_lgetlabel(APP_TEST_APP_2_DIR, &tmp, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
- << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
- std::string label2(tmp);
- free(tmp);
-
- result = smack_lgetlabel(APP_TEST_APP_3_DIR, &tmp, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG_BT(result == 0, "smack_lgetlabel failed. Result: " << result
- << ", av_type: " << av_type << ", app_path_type: " << app_path_type);
- std::string label3(tmp);
- free(tmp);
-
- if(app_path_type == APP_PATH_GROUP_RW)
- {
- result = label1.compare(APP_TEST_APP_1_SHARED_LABEL);
- RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
- ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type);
-
- result = label2.compare(APP_TEST_APP_2_SHARED_LABEL);
- RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
- ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type);
-
- result = label3.compare(APP_TEST_APP_3_SHARED_LABEL);
- RUNNER_ASSERT_MSG_BT(result == 0, "Labels do not equal. Acquired " << label1 <<
- ", should be " << APP_TEST_APP_1_SHARED_LABEL << ". Result: " << result <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type);
- }
-
- std::stringstream ss;
-
- //check AV accesses
- if(smack_check())
- {
- ss << "APP_TEST_APP_1, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccess(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
- ss.str(std::string());
-
- ss << "APP_TEST_APP_2, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccess(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
- ss.str(std::string());
-
- ss << "APP_TEST_APP_3, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccess(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
-
- ss << "APP_TEST_APP_1, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccess(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
- ss.str(std::string());
-
- ss << "APP_TEST_APP_2, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccess(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
- ss.str(std::string());
-
- ss << "APP_TEST_APP_3, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccess(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
- }
- else
- {
- ss << "APP_TEST_APP_1, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, label1.c_str(), ss.str().c_str());
-
- ss.str(std::string());
- ss << "APP_TEST_APP_2, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, label2.c_str(), ss.str().c_str());
-
- ss.str(std::string());
- ss << "APP_TEST_APP_3, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccessNosmack(APP_TEST_AV_1, label3.c_str(), ss.str().c_str());
-
- ss << "APP_TEST_APP_1, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccessNosmack(APP_TEST_AV_2, label1.c_str(), ss.str().c_str());
-
- ss.str(std::string());
- ss << "APP_TEST_APP_2, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccessNosmack(APP_TEST_AV_2, label2.c_str(), ss.str().c_str());
-
- ss.str(std::string());
- ss << "APP_TEST_APP_3, line " << __LINE__ <<
- ", av_type: " << av_type << ", app_path_type: " << app_path_type;
- checkOnlyAvAccessNosmack(APP_TEST_AV_2, label3.c_str(), ss.str().c_str());
- }
-
- DB_BEGIN
-
- //Clean up
- perm_app_revoke_permissions(APP_TEST_AV_1);
- perm_app_revoke_permissions(APP_TEST_AV_2);
- perm_app_uninstall(APP_TEST_AV_1);
- perm_app_uninstall(APP_TEST_AV_2);
- perm_app_uninstall(APP_TEST_APP_1);
- perm_app_uninstall(APP_TEST_APP_2);
- perm_app_uninstall(APP_TEST_APP_3);
-
- DB_END
-}
-
-RUNNER_TEST(privilege_control24a_av_privilege_group_rw)
-{
- CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_GROUP_RW);
- CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_GROUP_RW);
- CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_GROUP_RW);
-}
-
-RUNNER_TEST(privilege_control24b_av_privilege_settings_rw)
-{
- CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_SETTINGS_RW);
- CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_SETTINGS_RW);
- CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_SETTINGS_RW);
-}
-
-RUNNER_TEST(privilege_control24c_av_privilege_public_ro)
-{
- CheckAVPrivilege(APP_TYPE_WGT, APP_PATH_PUBLIC_RO);
- CheckAVPrivilege(APP_TYPE_OSP, APP_PATH_PUBLIC_RO);
- CheckAVPrivilege(APP_TYPE_EFL, APP_PATH_PUBLIC_RO);
-}
-
RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
int POSITIVE_ERROR_CODE = 1;
int NONEXISTING_ERROR_CODE = -239042;
projects / platform / core / test / security-tests.git / commitdiff