return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
}
+static uid_t getGlobalGroupId(void)
+{
+ gid_t global_uid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
+ errno = 0;
+ passwd* pw = getpwuid(global_uid);
+ RUNNER_ASSERT_ERRNO_MSG(pw, "getpwuid() failed.");
+ return pw->pw_gid;
+
+}
+
static const std::string appDirPath(const TemporaryTestUser &user,
const std::string &appId, const std::string &pkgId)
{
Api::install(requestPrivateUser, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
}
+RUNNER_TEST(security_manager_54_path_req_no_pkg)
+{
+ const char *const sm_app_id = "sm_test_54_app_id";
+ const char *const sm_pkg_id = "sm_test_54_pkg_id";
+
+ TemporaryTestUser user("sm_test_54_user_name", GUM_USERTYPE_NORMAL, false);
+ user.create();
+ std::string path = appDirPath(user, sm_app_id, sm_pkg_id);
+
+ removeTestDirs(user, sm_app_id, sm_pkg_id);
+ createTestDirs(user, sm_app_id, sm_pkg_id);
+
+ PathsRequest req;
+ req.setPkgId("non-existing-pkg-id");
+ req.setUid(user.getUid());
+ req.addPath(path, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
+}
+
+RUNNER_TEST(security_manager_55_path_req_empty_pkg)
+{
+ const char *const sm_app_id = "sm_test_55_app_id";
+ const char *const sm_pkg_id = "sm_test_55_pkg_id";
+
+ TemporaryTestUser user("sm_test_55_user_name", GUM_USERTYPE_NORMAL, false);
+ user.create();
+ std::string path = appDirPath(user, sm_app_id, sm_pkg_id);
+
+ removeTestDirs(user, sm_app_id, sm_pkg_id);
+ createTestDirs(user, sm_app_id, sm_pkg_id);
+
+ PathsRequest req;
+ req.setPkgId("");
+ req.setUid(user.getUid());
+ req.addPath(path, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(req, (lib_retcode)SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
+}
+
+RUNNER_TEST(security_manager_56_path_req_wrong_type)
+{
+ PathsRequest req;
+ req.setInstallType(SM_APP_INSTALL_END,
+ (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
+ req.setInstallType((app_install_type)(SM_APP_INSTALL_NONE-1),
+ (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM);
+}
+
+RUNNER_TEST(security_manager_57_path_req_wrong_uid)
+{
+ const char *const sm_app_id = "sm_test_57_app_id";
+ const char *const sm_pkg_id = "sm_test_57_pkg_id";
+
+ TemporaryTestUser user("sm_test_57_user_name", GUM_USERTYPE_NORMAL, false);
+ user.create();
+ std::string path = appDirPath(user, sm_app_id, sm_pkg_id);
+
+ removeTestDirs(user, sm_app_id, sm_pkg_id);
+ createTestDirs(user, sm_app_id, sm_pkg_id);
+
+ install_app(sm_app_id, sm_pkg_id, user.getUid());
+
+ PathsRequest preq;
+ preq.setPkgId(sm_pkg_id);
+ preq.setUid(-1);
+ preq.setInstallType(SM_APP_INSTALL_LOCAL);
+ preq.addPath(path, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
+}
+
+RUNNER_TEST(security_manager_58_path_req_empty_paths)
+{
+ const char *const sm_app_id = "sm_test_58_app_id";
+ const char *const sm_pkg_id = "sm_test_58_pkg_id";
+
+ TemporaryTestUser user("sm_test_58_user_name", GUM_USERTYPE_NORMAL, false);
+ user.create();
+
+ install_app(sm_app_id, sm_pkg_id, user.getUid());
+
+ PathsRequest req;
+ req.setPkgId(sm_pkg_id);
+ req.setUid(user.getUid());
+ Api::registerPaths(req);
+}
+
+RUNNER_TEST(security_manager_59_path_req_as_root_positive)
+{
+ const char *const sm_app_id = "sm_test_59_app_id";
+ const char *const sm_pkg_id = "sm_test_59_pkg_id";
+
+ TemporaryTestUser user("sm_test_59_user_name", GUM_USERTYPE_NORMAL, false);
+ user.create();
+ std::string path = appDirPath(user, sm_app_id, sm_pkg_id);
+
+ removeTestDirs(user, sm_app_id, sm_pkg_id);
+ createTestDirs(user, sm_app_id, sm_pkg_id);
+
+ install_app(sm_app_id, sm_pkg_id, user.getUid());
+
+ PathsRequest preq;
+ preq.setPkgId(sm_pkg_id);
+ preq.setUid(user.getUid());
+ preq.addPath(path, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+}
+
+RUNNER_CHILD_TEST(security_manager_60_path_req_as_user_positive)
+{
+ const char *const sm_app_id = "sm_test_60_app_id";
+ const char *const sm_pkg_id = "sm_test_60_pkg_id";
+
+ TemporaryTestUser user("sm_test_60_user_name", GUM_USERTYPE_NORMAL, false);
+ user.create();
+ std::string path = appDirPath(user, sm_app_id, sm_pkg_id);
+
+ removeTestDirs(user, sm_app_id, sm_pkg_id);
+ createTestDirs(user, sm_app_id, sm_pkg_id);
+
+ install_app(sm_app_id, sm_pkg_id, user.getUid());
+
+ int result = drop_root_privileges(user.getUid(), user.getGid());
+ RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+ PathsRequest preq;
+ preq.setPkgId(sm_pkg_id);
+ preq.setUid(user.getUid());
+ preq.addPath(path, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+}
+
+RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
+{
+ const char *const sm_app_id = "sm_test_61_app_id";
+ const char *const sm_pkg_id = "sm_test_61_pkg_id";
+
+ TemporaryTestUser user1("sm_test_61_1_user_name", GUM_USERTYPE_NORMAL, false);
+ user1.create();
+ TemporaryTestUser user2("sm_test_61_2_user_name", GUM_USERTYPE_NORMAL, false);
+ user2.create();
+
+ std::string path = appDirPath(user2, sm_app_id, sm_pkg_id);
+
+ removeTestDirs(user2, sm_app_id, sm_pkg_id);
+ createTestDirs(user2, sm_app_id, sm_pkg_id);
+
+ install_app(sm_app_id, sm_pkg_id, user2.getUid());
+
+ int result = drop_root_privileges(user1.getUid(), user1.getGid());
+ RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+ PathsRequest preq;
+ preq.setPkgId(sm_pkg_id);
+ preq.setUid(user2.getUid());
+ preq.addPath(path, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+}
+
+void testPathOutside(const std::string& pkgId, uid_t uid, const std::string& path)
+{
+ PathsRequest preq;
+ preq.setPkgId(pkgId);
+ preq.setUid(uid);
+ preq.addPath(path, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+}
+
+RUNNER_TEST(security_manager_62_path_req_path_outside)
+{
+ const char *const sm_app_id = "sm_test_62_app_id";
+ const char *const sm_pkg_id = "sm_test_62_pkg_id";
+
+ TemporaryTestUser user1("sm_test_62_1_user_name", GUM_USERTYPE_NORMAL, false);
+ user1.create();
+ TemporaryTestUser user2("sm_test_62_2_user_name", GUM_USERTYPE_NORMAL, false);
+ user2.create();
+
+ install_app(sm_app_id, sm_pkg_id, user1.getUid());
+
+ removeTestDirs(user1, sm_app_id, sm_pkg_id);
+ removeTestDirs(user2, sm_app_id, sm_pkg_id);
+ createTestDirs(user1, sm_app_id, sm_pkg_id);
+ createTestDirs(user2, sm_app_id, sm_pkg_id);
+
+ testPathOutside(sm_pkg_id, user1.getUid(), appDirPath(user2, sm_app_id, sm_pkg_id));
+ testPathOutside(sm_pkg_id, user1.getUid(), appDirPath(user1, sm_app_id, "sm_test_62_non_existing_pkg_id"));
+ testPathOutside(sm_pkg_id, user1.getUid(), std::string("/home/") + user1.getUserName());
+}
+
+void testPathsReqAsUser(const enum app_install_type &type, lib_retcode expectedResult) {
+ const char *const sm_app_id = "sm_test_63_app_id";
+ const char *const sm_pkg_id = "sm_test_63_pkg_id";
+
+ TemporaryTestUser user("sm_test_63_user_name", GUM_USERTYPE_NORMAL, false);
+ user.create();
+ std::string path = appDirPath(user, sm_app_id, sm_pkg_id);
+
+ removeTestDirs(user, sm_app_id, sm_pkg_id);
+ createTestDirs(user, sm_app_id, sm_pkg_id);
+
+ install_app(sm_app_id, sm_pkg_id, user.getUid());
+
+ int result = drop_root_privileges(user.getUid(), user.getGid());
+ RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+ PathsRequest preq;
+ preq.setPkgId(sm_pkg_id);
+ preq.setUid(user.getUid());
+ preq.setInstallType(type);
+ preq.addPath(path, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(preq, expectedResult);
+}
+
+RUNNER_CHILD_TEST(security_manager_63a_path_req_as_user)
+{
+ testPathsReqAsUser(SM_APP_INSTALL_GLOBAL,
+ (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+}
+
+RUNNER_CHILD_TEST(security_manager_63b_path_req_preloaded_as_user)
+{
+ testPathsReqAsUser(SM_APP_INSTALL_PRELOADED,
+ (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+}
+
+void testPathsReqLocal(uid_t uid, gid_t gid)
+{
+ const char *const sm_app_id = "sm_test_64_app_id";
+ const char *const sm_pkg_id = "sm_test_64_pkg_id";
+
+ TemporaryTestUser user("sm_test_64_user_name", GUM_USERTYPE_NORMAL, false);
+ user.create();
+ std::string path = appDirPath(user, sm_app_id, sm_pkg_id);
+
+ removeTestDirs(user, sm_app_id, sm_pkg_id);
+ createTestDirs(user, sm_app_id, sm_pkg_id);
+
+ install_app(sm_app_id, sm_pkg_id, user.getUid());
+
+ int result = drop_root_privileges(uid, gid);
+ RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+ PathsRequest preq;
+ preq.setPkgId(sm_pkg_id);
+ preq.setUid(user.getUid());
+ preq.setInstallType(SM_APP_INSTALL_LOCAL);
+ preq.addPath(path, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+}
+
+
+RUNNER_CHILD_TEST(security_manager_64a_path_req_as_local_as_root)
+{
+ testPathsReqLocal(0, 0);
+}
+
+RUNNER_CHILD_TEST(security_manager_64b_path_req_as_local_asuser)
+{
+ testPathsReqLocal(getGlobalUserId(), getGlobalGroupId());
+}
+
+RUNNER_TEST(security_manager_66_path_req_check_labels)
+{
+ const char *const sm_app_id = "sm_test_66_app_id_full";
+ const char *const sm_pkg_id = "sm_test_66_pkg_id_full";
+
+ std::string SM_RW_PATH = genRWPath(66);
+ std::string SM_RO_PATH = genROPath(66);
+ std::string SM_PUBLIC_RO_PATH = genPublicROPath(66);
+ // TODO others, trusted rw
+
+ prepare_app_env(66);
+
+ install_app(sm_app_id, sm_pkg_id);
+
+ PathsRequest preq;
+ preq.setPkgId(sm_pkg_id);
+ preq.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
+ preq.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
+ preq.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
+ Api::registerPaths(preq);
+
+ uninstall_app(sm_app_id, sm_pkg_id, true);
+}
+
int main(int argc, char *argv[])
{
return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);