/**
* Add new API feature
*/
-RUNNER_TEST(privilege_control11_add_api_feature)
+RUNNER_TEST(privilege_control08_add_api_feature)
{
int result;
DB_END
}
+/**
+ * Add new API feature, assign it to an app and redefine the API feature.
+ * Check if app rules has changed after redefinition.
+ */
+RUNNER_TEST_SMACK(privilege_control09_perm_add_api_feature_redefine)
+{
+ int result;
+ const char *permissionName[] = { "org.tizen.test.permtoberedefined", NULL};
+
+ // Rules to be used with the first check
+ const rules_t test_rules1 = {
+ { GENERATED_APP_ID, PERM_TO_REDEFINE, "rx" },
+ { PERM_TO_REDEFINE, GENERATED_APP_ID, "rwx" },
+ { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
+ };
+
+ // Rules that contain differences - to be used with the second check (after re-def)
+ const rules_t test_rules2 = {
+ { GENERATED_APP_ID, PERM_TO_REDEFINE, "rwx" },
+ { PERM_TO_REDEFINE, GENERATED_APP_ID, "rx" },
+ { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "watl" }
+ };
+
+ // Differences between rules1 and rules2 - should be revoked after re-def)
+ const rules_t diff_rules = {
+ { PERM_TO_REDEFINE, GENERATED_APP_ID, "w" },
+ { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
+ };
+
+ // Rules to be used with the first definition
+ const char *perm_rules1[] = {
+ "~APP~ " PERM_TO_REDEFINE " rx",
+ PERM_TO_REDEFINE " ~APP~ rwx",
+ "~APP~ " PERM_SUB_TO_REDEFINE " rx",
+ NULL
+ };
+
+ // Rules that contain differences - to be used with the second definition (re-def)
+ const char *perm_rules2[] = {
+ "~APP~ " PERM_TO_REDEFINE " rwx",
+ PERM_TO_REDEFINE " ~APP~ rx",
+ "~APP~ " PERM_SUB_TO_REDEFINE " watl",
+ NULL
+ };
+
+ DB_BEGIN
+
+ // uninstall app to make sure that all rules and permissions are revoked
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << perm_strerror(result));
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << perm_strerror(result));
+
+ result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules1, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_add_api_feature failed: " << result);
+
+ result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP, permissionName, true);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_app_enable_permissions failed: " << perm_strerror(result));
+
+ DB_END
+
+ // Check if rules are applied
+ result = test_have_all_accesses(test_rules1);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Not all permissions added.");
+
+ DB_BEGIN
+
+ // Redefine the permission
+ result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules2, NULL, 0);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "perm_add_api_feature failed: " << result);
+
+ DB_END
+
+ // Check if rules are updated
+ result = test_have_all_accesses(test_rules2);
+ RUNNER_ASSERT_MSG_BT(result == 1, "Not all permissions added after update.");
+ // The difference between rules1 and rules2 should be revoked!
+ result = test_have_any_accesses(diff_rules);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Permissions are not fully updated.");
+}
+
/*
* Check perm_app_uninstall function
*/
projects / platform / core / test / security-tests.git / commitdiff