Merge branch 'tizen' into security-manager

author Pawel Wieczorek <p.wieczorek2@samsung.com>

Wed, 22 Apr 2015 15:01:20 +0000 (17:01 +0200)

committer Pawel Wieczorek <p.wieczorek2@samsung.com>

Wed, 22 Apr 2015 15:24:59 +0000 (08:24 -0700)
author Pawel Wieczorek <p.wieczorek2@samsung.com>
Wed, 22 Apr 2015 15:01:20 +0000 (17:01 +0200)
committer Pawel Wieczorek <p.wieczorek2@samsung.com>
Wed, 22 Apr 2015 15:24:59 +0000 (08:24 -0700)
diff --combined packaging/security-tests.spec

index 4a1d30d,d664c17..a3d222e
--- 1/packaging/security-tests.spec
--- 2/packaging/security-tests.spec
+++ b/packaging/security-tests.spec
@@@ -25,9 -25,13 +25,11 @@@ BuildRequires: pkgconfig(sqlite3
   BuildRequires: cynara-devel
   BuildRequires: pkgconfig(libtzplatform-config)
   BuildRequires: boost-devel
- -Requires(post): gum-utils
- -Requires(postun): gum-utils
- -Requires(postun): %{_bindir}/id
+ BuildRequires: pkgconfig(vconf)
+ +BuildRequires: pkgconfig(libgum) >= 1.0.5
   Requires: perf
   Requires: gdb
+ Requires: key-manager-listener
   
   %description
   Security tests repository - for tests that can't be kept together with code.
@@@ -43,8 -47,12 +45,11 @@@ cmake . -DCMAKE_INSTALL_PREFIX=%{_prefi
           -DDPL_LOG="ON"                    \
           -DVERSION=%{version}              \
           -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:DEBUG} \
+ %if "%{sec_product_feature_security_mdfpp_enable}" == "1"
+         -DSECURITY_MDFPP_STATE_ENABLE=1 \
+ %endif
           -DCMAKE_VERBOSE_MAKEFILE=ON       \
- -        -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \
- -        -DAPP_USER=security-tests-app
+ +        -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db
   make %{?jobs:-j%jobs}
   
   %install
@@@ -52,14 -60,25 +57,20 @@@
   ln -sf /etc/smack/test_smack_rules %{buildroot}/etc/smack/test_smack_rules_lnk
   
   %post
- -%{_bindir}/gum-utils --add-user --username=security-tests-app --usertype=normal --offline
- -
   find /etc/smack/test_privilege_control_DIR/ -type f -name exec -exec chmod 0755 {} +
- -find /usr/apps/test_DIR/ -type f -name exec -exec chmod 0755 {} +
+ +find /usr/apps/ -type f -name exec -exec chmod 0755 {} +
   
   # Load permissions templates
   api_feature_loader --verbose
   
+ # Set vconf key for cc-mode testing if vconf key isn't there.
+ %if "%{sec_product_feature_security_mdfpp_enable}" != "1"
+     echo "Install vconf key (file/security_mdpp/security_mdpp_state) for testing key-manager"
+     vconftool set -t string file/security_mdpp/security_mdpp_state "Unset"
+ %endif
+ 
   echo "security-tests postinst done ..."
   
- -%postun
- -%{_bindir}/gum-utils --delete-user --uid=`%{_bindir}/id -u security-tests-app` --offline
- -
   %files
   %manifest %{name}.manifest
   %defattr(-, root, root, -)
@@@ -88,7 -107,8 +99,7 @@@
   /etc/smack/test_smack_rules_lnk
   /usr/share/privilege-control/*
   /etc/smack/test_privilege_control_DIR/*
- -/usr/apps/test_DIR/*
- -/home/security-tests-app/test_DIR
+ +/usr/apps/*
   /usr/bin/test-app-efl
   /usr/bin/test-app-osp
   /usr/bin/test-app-wgt
@@@ -99,3 -119,4 +110,4 @@@
   /usr/lib/security-tests/cynara-tests/plugins/single-policy/*
   /usr/lib/security-tests/cynara-tests/plugins/multiple-policy/*
   /usr/lib/security-tests/cynara-tests/plugins/test-agent/*
+ /usr/bin/security-tests-inner-test
diff --combined src/common/CMakeLists.txt

index 0000000,fcfc13f..994fee1

mode 000000,100644..100644
--- /dev/null
--- 2/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@@ -1,0 -1,44 +1,48 @@@
+ INCLUDE(FindPkgConfig)
++SET(COMMON_TARGET_TEST "tests-common")
+ 
+ #dependencies
+ PKG_CHECK_MODULES(COMMON_TARGET_DEP
+     libsmack
+     dbus-1
+     sqlite3
++    libgum
++    glib-2.0
+     REQUIRED
+     )
+ 
+ #files to compile
+ SET(COMMON_TARGET_TEST_SOURCES
+     ${PROJECT_SOURCE_DIR}/src/common/tests_common.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/access_provider.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/smack_access.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/dbus_connection.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/dbus_message_in.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/dbus_message_out.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/service_manager.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/memory.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/db_sqlite.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/fs_label_manager.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/passwd_access.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/uds.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/synchronization_pipe.cpp
+     ${PROJECT_SOURCE_DIR}/src/common/timeout.cpp
++    ${PROJECT_SOURCE_DIR}/src/common/temp_test_user.cpp
+     )
+ 
+ #system and local includes
+ INCLUDE_DIRECTORIES(SYSTEM ${COMMON_TARGET_DEP_INCLUDE_DIRS})
+ 
+ INCLUDE_DIRECTORIES(
+     ${PROJECT_SOURCE_DIR}/src/framework/include
+     ${PROJECT_SOURCE_DIR}/src/common
+     )
+ 
+ 
+ #output OBJECT format
+ ADD_LIBRARY(${COMMON_TARGET_TEST} ${COMMON_TARGET_TEST_SOURCES})
+ 
+ TARGET_LINK_LIBRARIES(${COMMON_TARGET_TEST} ${COMMON_TARGET_DEP_LIBRARIES}
+     dpl-test-framework)
+ 
+ INSTALL (FILES ${PROJECT_SOURCE_DIR}/src/common/security-tests.conf DESTINATION /etc/dbus-1/system.d)
diff --combined src/common/temp_test_user.cpp

index f6aa6c1,0000000..f6aa6c1

mode 100644,000000..100644
--- 1/tests/common/temp_test_user.cpp
--- /dev/null
+++ b/src/common/temp_test_user.cpp
@@@ -1,59 -1,0 +1,59 @@@
+ +/*
+ + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ + *
+ + *    Licensed under the Apache License, Version 2.0 (the "License");
+ + *    you may not use this file except in compliance with the License.
+ + *    You may obtain a copy of the License at
+ + *
+ + *        http://www.apache.org/licenses/LICENSE-2.0
+ + *
+ + *    Unless required by applicable law or agreed to in writing, software
+ + *    distributed under the License is distributed on an "AS IS" BASIS,
+ + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ + *    See the License for the specific language governing permissions and
+ + *    limitations under the License.
+ +*/
+ +
+ +/*
+ + * @file        temp_test_user.cpp
+ + * @author      Jan Cybulski (j.cybulski@partner.samsung.com)
+ + * @version     1.0
+ + * @brief       File with class for users management
+ + */
+ +
+ +
+ +#include <temp_test_user.h>
+ +#include <glib-object.h>
+ +#include <dpl/test/test_runner.h>
+ +
+ +void TemporaryTestUser::create(void)
+ +{
+ +    if (m_guser) {
+ +        remove();
+ +    };
+ +
+ +    m_guser = gum_user_create_sync (m_offline);
+ +    RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object");
+ +    g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL);
+ +    g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL);
+ +    gboolean added = gum_user_add_sync(m_guser);
+ +    RUNNER_ASSERT_MSG(added, "Failed to add user");
+ +    g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL);
+ +    RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0.");
+ +    g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL);
+ +    RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0.");
+ +}
+ +
+ +void TemporaryTestUser::remove(void)
+ +{
+ +    if(m_guser){
+ +        gum_user_delete_sync(m_guser, TRUE);
+ +        g_object_unref(m_guser);
+ +        m_guser = nullptr;
+ +    }
+ +}
+ +
+ +TemporaryTestUser::~TemporaryTestUser()
+ +{
+ +    this->remove();
+ +}
diff --combined src/common/temp_test_user.h

index 120b21b,0000000..120b21b

mode 100644,000000..100644
--- 1/tests/common/temp_test_user.h
--- /dev/null
+++ b/src/common/temp_test_user.h
@@@ -1,53 -1,0 +1,53 @@@
+ +/*
+ + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ + *
+ + *    Licensed under the Apache License, Version 2.0 (the "License");
+ + *    you may not use this file except in compliance with the License.
+ + *    You may obtain a copy of the License at
+ + *
+ + *        http://www.apache.org/licenses/LICENSE-2.0
+ + *
+ + *    Unless required by applicable law or agreed to in writing, software
+ + *    distributed under the License is distributed on an "AS IS" BASIS,
+ + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ + *    See the License for the specific language governing permissions and
+ + *    limitations under the License.
+ +*/
+ +
+ +#ifndef TEMP_TEST_USER_H
+ +#define TEMP_TEST_USER_H
+ +
+ +#include <string>
+ +#include <sys/types.h>
+ +#include <gum-user.h>
+ +#include <common/gum-user-types.h>
+ +
+ +class TemporaryTestUser {
+ +public:
+ +    TemporaryTestUser() = delete;
+ +    TemporaryTestUser(std::string userName, GumUserType userType, bool offline) :
+ +            m_uid(0),
+ +            m_gid(0),
+ +            m_userName(userName),
+ +            m_userType(userType),
+ +            m_guser(nullptr),
+ +            m_offline(offline)
+ +            {};
+ +    ~TemporaryTestUser();
+ +    void remove(void);
+ +    uid_t getUid() const {return m_uid;}
+ +    uid_t getGid() const {return m_gid;}
+ +    void create(void);
+ +    void getUidString(std::string& uidstr) const {uidstr =  std::to_string(static_cast<unsigned int>(m_uid));}
+ +    const std::string& getUserName() const {return m_userName;}
+ +    GumUserType getUserType() const {return m_userType;}
+ +private:
+ +    uid_t m_uid;
+ +    uid_t m_gid;
+ +    std::string m_userName;
+ +    GumUserType m_userType;
+ +    GumUser *m_guser;
+ +    bool m_offline;
+ +};
+ +
+ +#endif
diff --combined src/common/tests_common.cpp

index a8afc7b,3095243..2332abb
--- 1/tests/common/tests_common.cpp
--- 2/src/common/tests_common.cpp
+++ b/src/common/tests_common.cpp
@@@ -1,5 -1,5 +1,5 @@@
   /*
-  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+  * Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
    *
    *    Licensed under the Apache License, Version 2.0 (the "License");
    *    you may not use this file except in compliance with the License.
@@@ -22,7 -22,6 +22,7 @@@
    */
   
   #include "tests_common.h"
+ +#include <fcntl.h>
   #include <sys/mman.h>
   #include <sys/stat.h>
   #include <sys/types.h>
@@@ -36,25 -35,15 +36,15 @@@ int DB::Transaction::db_result = PC_OPE
   
   const char *WGT_APP_ID = "QwCqJ0ttyS";
   
- int smack_runtime_check(void)
- {
-     static int smack_present = -1;
-     if (-1 == smack_present) {
-         if (smack_smackfs_path()) {
-             smack_present = 1;
-         } else {
-             smack_present = 0;
-         }
-     }
-     return smack_present;
- }
- 
- int smack_check(void)
+ bool smack_check(void)
   {
   #ifndef WRT_SMACK_ENABLED
-     return 0;
+     return false;
   #else
-     return smack_runtime_check();
+     static int smack_present = -1;
+     if (-1 == smack_present)
+         smack_present = smack_smackfs_path() == nullptr ? 0 : 1;
+     return smack_present == 1;
   #endif
   }
   
@@@ -184,63 -173,3 +174,63 @@@ int files_compare(int fd1, int fd2
   
       return result;
   }
+ +
+ +void mkdirSafe(const std::string &path, mode_t mode)
+ +{
+ +    RUNNER_ASSERT_ERRNO_MSG(0 == mkdir(path.c_str(), mode) || errno == EEXIST,
+ +                            "mkdir for <" << path << "> with mode <" << mode << "> failed");
+ +}
+ +
+ +void mktreeSafe(const std::string &path, mode_t mode)
+ +{
+ +    // Create subsequent parent directories
+ +    // Assume that path is absolute - i.e. starts with '/'
+ +    for (size_t pos = 0; (pos = path.find("/", pos + 1)) != std::string::npos; )
+ +        mkdirSafe(path.substr(0, pos).c_str(), mode);
+ +
+ +    mkdirSafe(path, mode);
+ +}
+ +
+ +void creatSafe(const std::string &path, mode_t mode)
+ +{
+ +    RUNNER_ASSERT_ERRNO_MSG(-1 != creat(path.c_str(), mode),
+ +                            "creat for <" << path << "> with mode <" << mode << "> failed");
+ +}
+ +
+ +void symlinkSafe(const std::string &targetPath, const std::string &linkPath)
+ +{
+ +    RUNNER_ASSERT_ERRNO_MSG(0 == symlink(targetPath.c_str(), linkPath.c_str()),
+ +                            "symlink for <" << linkPath << "> to <" << targetPath << "> failed");
+ +}
+ +
+ +void removeDir(const std::string &path)
+ +{
+ +    DIR *d = opendir(path.c_str());
+ +
+ +    if (nullptr == d) {
+ +        RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "opendir of <" << path << "> failed");
+ +        return;
+ +    }
+ +
+ +    struct dirent *dirEntry;
+ +    while (nullptr != (dirEntry = readdir(d))) {
+ +        std::string entryName(dirEntry->d_name);
+ +        if (entryName == "." || entryName == "..")
+ +            continue;
+ +
+ +        std::string entryPath(path + "/" + entryName);
+ +        struct stat st;
+ +
+ +        RUNNER_ASSERT_ERRNO_MSG(0 == lstat(entryPath.c_str(), &st),
+ +                                "stat for <" << entryPath << "> failed");
+ +        if (S_ISDIR(st.st_mode))
+ +            removeDir(entryPath);
+ +        else
+ +            RUNNER_ASSERT_ERRNO_MSG(0 == unlink(entryPath.c_str()),
+ +                                    "unlink for <" << entryPath << "> failed");
+ +    }
+ +
+ +    closedir(d);
+ +
+ +    RUNNER_ASSERT_ERRNO_MSG(0 == rmdir(path.c_str()), "rmdir for <" << path << "> failed");
+ +}
diff --combined src/common/tests_common.h

index 52c0500,2fb249b..ac398f0
--- 1/tests/common/tests_common.h
--- 2/src/common/tests_common.h
+++ b/src/common/tests_common.h
@@@ -1,5 -1,5 +1,5 @@@
   /*
-  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+  * Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
    *
    *    Licensed under the Apache License, Version 2.0 (the "License");
    *    you may not use this file except in compliance with the License.
@@@ -40,19 -40,13 +40,18 @@@ const uid_t DB_ALARM_UID = 6001
   const gid_t DB_ALARM_GID = 6001;
   const std::string TMP_DIR("/tmp");
   
- int smack_runtime_check(void);
- int smack_check(void);
+ bool smack_check(void);
   int drop_root_privileges(uid_t appUid = APP_UID, gid_t appGid = APP_GID);
   void setLabelForSelf(const int line, const char *label);
   void add_process_group(const char* group_name);
   void remove_process_group(const char* group_name);
   std::string formatCstr(const char *cstr);
   int files_compare(int fd1, int fd2);
+ +void mkdirSafe(const std::string &path, mode_t mode);
+ +void mktreeSafe(const std::string &path, mode_t mode);
+ +void creatSafe(const std::string &path, mode_t mode);
+ +void symlinkSafe(const std::string &targetPath, const std::string &linkPath);
+ +void removeDir(const std::string &path);
   
   #define RUNNER_TEST_SMACK(Proc)                                                     \
       void Proc();                                                                    \
diff --combined src/security-manager-tests/CMakeLists.txt

index 5b2b2eb,4a0f954..7f1d234
--- 1/tests/security-manager-tests/CMakeLists.txt
--- 2/src/security-manager-tests/CMakeLists.txt
+++ b/src/security-manager-tests/CMakeLists.txt
@@@ -1,5 -1,4 +1,4 @@@
- #
- #Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ # Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
   #
   #   Licensed under the Apache License, Version 2.0 (the "License");
   #   you may not use this file except in compliance with the License.
@@@ -26,29 -25,19 +25,28 @@@ PKG_CHECK_MODULES(SEC_MGR_TESTS_DE
       libsmack
       libprivilege-control
       cynara-client
+ +    cynara-admin
       security-manager
       libtzplatform-config
       sqlite3
- -    libcap)
+ +    libcap
+ +    dbus-1
-     libgum
-     cynara-admin)
++    libgum)
   
   
   SET(TARGET_SEC_MGR_TESTS "security-manager-tests")
   
   SET(SEC_MGR_SOURCES
-     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/security_manager_tests.cpp
-     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/sm_api.cpp
-     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/sm_db.cpp
-     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/sm_request.cpp
-     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/sm_user_request.cpp
-     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/sm_policy_request.cpp
-     ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_client.cpp
-     ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_admin.cpp
-     ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/plugins.cpp
-     ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp
+     ${PROJECT_SOURCE_DIR}/src/security-manager-tests/security_manager_tests.cpp
++    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_api.cpp
+     ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_db.cpp
++    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_request.cpp
++    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_user_request.cpp
++    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_policy_request.cpp
+     ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
++    ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp
++    ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
+     ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
      )
   
   INCLUDE_DIRECTORIES(SYSTEM
@@@ -60,27 -49,28 +58,27 @@@ INCLUDE_DIRECTORIES(SYSTE
       )
   
   INCLUDE_DIRECTORIES(
-     ${PROJECT_SOURCE_DIR}/tests/common/
-     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/
-     ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/
-     ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/
-     ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/common/
+     ${PROJECT_SOURCE_DIR}/src/common/
+     ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/
+     ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/
++    ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
+     ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
      )
   
+ +FIND_PACKAGE(Threads)
+ +
   ADD_EXECUTABLE(${TARGET_SEC_MGR_TESTS} ${SEC_MGR_SOURCES})
   
   TARGET_LINK_LIBRARIES(${TARGET_SEC_MGR_TESTS}
       ${SEC_MGR_TESTS_DEP_LIBRARIES}
       dpl-test-framework
       tests-common
+ +    ${CMAKE_THREAD_LIBS_INIT}
       )
   
   INSTALL(TARGETS ${TARGET_SEC_MGR_TESTS} DESTINATION /usr/bin)
   
   INSTALL(DIRECTORY
-     ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/apps_rw/
- -    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_DIR
++    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/apps_rw/
       DESTINATION /usr/apps/
   )
- -
- -INSTALL(DIRECTORY
- -    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_DIR
- -    DESTINATION /home/${APP_USER}/
- -)
diff --cc src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/.level_1/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/.level_1/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/level_1/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/level_1/level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_non_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/level_1/level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/level_1/link_to_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/level_1/link_to_non_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/level_1/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/link_to_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/link_to_non_app_dir
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/link_to_non_app_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/link_to_non_app_normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/link_to_non_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_non_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_non_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_dir
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/app_dir_public_ro/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/.level_1/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/.level_1/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/level_1/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_non_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_non_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/level_1/normal
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/link_to_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/link_to_non_exec
Simple merge
diff --cc src/security-manager-tests/apps_rw/non_app_dir/normal
Simple merge
diff --combined src/security-manager-tests/apps_rw/subdir/file

index e69de29,0000000..e69de29

mode 100644,000000..100644
--- 1/tests/cynara-tests/db_patterns/default/_
--- /dev/null
+++ b/src/security-manager-tests/apps_rw/subdir/file
diff --combined src/security-manager-tests/common/sm_api.cpp

index 12ede82,0000000..12ede82

mode 100644,000000..100644
--- 1/tests/security-manager-tests/common/sm_api.cpp
--- /dev/null
+++ b/src/security-manager-tests/common/sm_api.cpp
@@@ -1,182 -1,0 +1,182 @@@
+ +/*
+ + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ + *
+ + *    Licensed under the Apache License, Version 2.0 (the "License");
+ + *    you may not use this file except in compliance with the License.
+ + *    You may obtain a copy of the License at
+ + *
+ + *        http://www.apache.org/licenses/LICENSE-2.0
+ + *
+ + *    Unless required by applicable law or agreed to in writing, software
+ + *    distributed under the License is distributed on an "AS IS" BASIS,
+ + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ + *    See the License for the specific language governing permissions and
+ + *    limitations under the License.
+ + */
+ +
+ +#include <sm_api.h>
+ +
+ +#include <dpl/test/test_runner.h>
+ +
+ +namespace SecurityManagerTest {
+ +
+ +namespace Api {
+ +
+ +void install(const InstallRequest &request, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_app_install(request.get());
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "installing app returned wrong value."
+ +                          << " InstallRequest: [ " << request << "];"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +}
+ +
+ +void uninstall(const InstallRequest &request, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_app_uninstall(request.get());
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "uninstalling app returned wrong value."
+ +                          << " InstallRequest: [ " << request << "];"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +}
+ +
+ +std::string getPkgId(const char *appId, lib_retcode expectedResult)
+ +{
+ +    char *pkgId = nullptr;
+ +    int result = security_manager_get_app_pkgid(&pkgId, appId);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "getting pkg id from app id returned wrong value."
+ +                          << " App id: " << appId << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +    if (expectedResult != SECURITY_MANAGER_SUCCESS)
+ +        return std::string();
+ +
+ +    RUNNER_ASSERT_MSG(pkgId != nullptr, "getting pkg id did not allocate memory");
+ +    std::string str(pkgId);
+ +    free(pkgId);
+ +    return str;
+ +}
+ +
+ +void setProcessLabel(const char *appId, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_set_process_label_from_appid(appId);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "setting process label from app id returned wrong value."
+ +                          << " App id: " << appId << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +}
+ +
+ +void setProcessGroups(const char *appId, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_set_process_groups_from_appid(appId);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "setting process groups from app id returned wrong value."
+ +                          << " App id: " << appId << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +}
+ +
+ +void dropProcessPrivileges(lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_drop_process_privileges();
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "dropping process privileges returned wrong value."
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +}
+ +
+ +void prepareApp(const char *appId, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_prepare_app(appId);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "preparing app returned wrong value."
+ +                          << " App id: " << appId << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +}
+ +
+ +void addUser(const UserRequest &request, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_user_add(request.get());
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "adding user returned wrong value."
+ +                          << " UserRequest: [ " << request << "];"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +}
+ +
+ +void deleteUser(const UserRequest &request, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_user_delete(request.get());
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "deleting user returned wrong value."
+ +                          << " UserRequest: [ " << request << "];"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +}
+ +
+ +void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_policy_update_send(request.get());
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                          "sending policy update for self returned wrong value."
+ +                          << " PolicyRequest: [ " << request << "];"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +}
+ +
+ +void getConfiguredPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult, bool forAdmin)
+ +{
+ +    policy_entry **pp_privs_policy = NULL;
+ +    size_t policy_size = 0;
+ +    int result;
+ +
+ +    if (forAdmin) {
+ +        result = security_manager_get_configured_policy_for_admin(filter.get(), &pp_privs_policy, &policy_size);
+ +    } else {
+ +        result = security_manager_get_configured_policy_for_self(filter.get(), &pp_privs_policy, &policy_size);
+ +    };
+ +
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "Unexpected result for filter: " << filter << std::endl
+ +                          << " Result: " << result << ";");
+ +
+ +    for (unsigned int i = 0; i < policy_size; ++i) {
+ +        PolicyEntry pe(*pp_privs_policy[i]);
+ +        policyEntries.push_back(pe);
+ +    };
+ +}
+ +
+ +void getPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
+ +{
+ +    policy_entry **pp_privs_policy = NULL;
+ +    size_t policy_size = 0;
+ +    int result;
+ +
+ +    result = security_manager_get_policy(filter.get(), &pp_privs_policy, &policy_size);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "Unexpected result" << std::endl
+ +                          << " Result: " << result << ";");
+ +    for (unsigned int i = 0; i < policy_size; ++i) {
+ +        PolicyEntry pe(*pp_privs_policy[i]);
+ +        policyEntries.push_back(pe);
+ +    };
+ +}
+ +
+ +void getPolicyForSelf(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
+ +{
+ +    getConfiguredPolicy(filter, policyEntries, expectedResult, false);
+ +}
+ +
+ +void getPolicyForAdmin(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
+ +{
+ +    getConfiguredPolicy(filter, policyEntries, expectedResult, true);
+ +}
+ +
+ +} // namespace Api
+ +
+ +} // namespace SecurityManagerTest
diff --combined src/security-manager-tests/common/sm_api.h

index 8a99e32,0000000..8a99e32

mode 100644,000000..100644
--- 1/tests/security-manager-tests/common/sm_api.h
--- /dev/null
+++ b/src/security-manager-tests/common/sm_api.h
@@@ -1,47 -1,0 +1,47 @@@
+ +/*
+ + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ + *
+ + *    Licensed under the Apache License, Version 2.0 (the "License");
+ + *    you may not use this file except in compliance with the License.
+ + *    You may obtain a copy of the License at
+ + *
+ + *        http://www.apache.org/licenses/LICENSE-2.0
+ + *
+ + *    Unless required by applicable law or agreed to in writing, software
+ + *    distributed under the License is distributed on an "AS IS" BASIS,
+ + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ + *    See the License for the specific language governing permissions and
+ + *    limitations under the License.
+ + */
+ +
+ +#ifndef SECURITY_MANAGER_TEST_API
+ +#define SECURITY_MANAGER_TEST_API
+ +
+ +#include <sm_request.h>
+ +#include <sm_user_request.h>
+ +#include <sm_policy_request.h>
+ +
+ +#include <security-manager.h>
+ +
+ +namespace SecurityManagerTest {
+ +
+ +namespace Api {
+ +
+ +void install(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void uninstall(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +std::string getPkgId(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void setProcessLabel(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void setProcessGroups(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void dropProcessPrivileges(lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void prepareApp(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void addUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void deleteUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void getPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void getPolicyForSelf(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +void getPolicyForAdmin(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +} // namespace Api
+ +
+ +} // namespace SecurityManagerTest
+ +
+ +#endif // SECURITY_MANAGER_TEST_API
diff --combined src/security-manager-tests/common/sm_db.cpp

index 8e3e562,2f420bf..8e3e562
--- 1/tests/security-manager-tests/common/sm_db.cpp
--- 2/src/security-manager-tests/common/sm_db.cpp
+++ b/src/security-manager-tests/common/sm_db.cpp
@@@ -187,13 -187,15 +187,13 @@@ void TestSecurityManagerDatabase::setup
       if (!m_base.is_open())
           m_base.open();
   
- -    sql << "INSERT OR IGNORE INTO privilege (name) VALUES ('" << privilege << "')";
- -    m_base.execute(sql.str(), result);
- -
       for (const auto &group : groups) {
           sql.clear();
           sql.str("");
- -        sql << "INSERT OR IGNORE INTO privilege_group (privilege_id, name) "
- -               "VALUES ((SELECT privilege_id FROM privilege WHERE name = '"
- -                << privilege << "'), '" << group << "')";
+ +        sql << "INSERT INTO privilege_group_view (privilege_name, group_name) "
+ +               "VALUES ("
+ +                << "'" << privilege << "'" << ","
+ +                << "'" << group << "'" << ")";
           m_base.execute(sql.str(), result);
       }
   }
diff --combined src/security-manager-tests/common/sm_policy_request.cpp

index 043b8d1,0000000..043b8d1

mode 100644,000000..100644
--- 1/tests/security-manager-tests/common/sm_policy_request.cpp
--- /dev/null
+++ b/src/security-manager-tests/common/sm_policy_request.cpp
@@@ -1,173 -1,0 +1,173 @@@
+ +/*
+ + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ + *
+ + *    Licensed under the Apache License, Version 2.0 (the "License");
+ + *    you may not use this file except in compliance with the License.
+ + *    You may obtain a copy of the License at
+ + *
+ + *        http://www.apache.org/licenses/LICENSE-2.0
+ + *
+ + *    Unless required by applicable law or agreed to in writing, software
+ + *    distributed under the License is distributed on an "AS IS" BASIS,
+ + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ + *    See the License for the specific language governing permissions and
+ + *    limitations under the License.
+ + */
+ +
+ +#include <sm_policy_request.h>
+ +
+ +#include <dpl/test/test_runner.h>
+ +
+ +namespace SecurityManagerTest {
+ +
+ +PolicyEntry::PolicyEntry()
+ +    : m_appId(true, std::string(SECURITY_MANAGER_ANY))
+ +    , m_user(true, std::string(SECURITY_MANAGER_ANY))
+ +    , m_privilege(true, std::string(SECURITY_MANAGER_ANY))
+ +    , m_currentLevel(false, std::string(""))
+ +    , m_maxLevel(false, std::string(""))
+ +{
+ +    int result = security_manager_policy_entry_new(&m_entry);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ +                      "creation of new policy entry failed. Result: " << result);
+ +    RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory");
+ +
+ +    security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str());
+ +    security_manager_policy_entry_set_user(m_entry, m_user.second.c_str());
+ +    security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str());
+ +}
+ +
+ +PolicyEntry::PolicyEntry(const std::string &appId, const std::string &user,
+ +        const std::string &privilege)
+ +    : m_appId(true, std::string(appId))
+ +    , m_user(true, std::string(user))
+ +    , m_privilege(true, std::string(privilege))
+ +    , m_currentLevel(false, std::string(""))
+ +    , m_maxLevel(false, std::string(""))
+ +{
+ +    int result = security_manager_policy_entry_new(&m_entry);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ +                      "creation of new policy entry failed. Result: " << result);
+ +    RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory");
+ +
+ +    security_manager_policy_entry_set_user(m_entry, m_user.second.c_str());
+ +    security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str());
+ +    security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str());
+ +}
+ +
+ +PolicyEntry::PolicyEntry(policy_entry &entry): m_entry(&entry)
+ +{
+ +    m_appId.first = true;
+ +    m_appId.second = std::string(security_manager_policy_entry_get_application(m_entry));
+ +
+ +    m_user.first = true;
+ +    m_user.second = std::string(security_manager_policy_entry_get_user(m_entry));
+ +
+ +    m_privilege.first = true;
+ +    m_privilege.second = std::string(security_manager_policy_entry_get_privilege(m_entry));
+ +
+ +    m_currentLevel.first = true;
+ +    m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry));
+ +
+ +    m_maxLevel.first = true;
+ +    m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry));
+ +};
+ +
+ +void PolicyEntry::setLevel(const std::string &level)
+ +{
+ +    m_currentLevel.first = true;
+ +    m_currentLevel.second = level;
+ +    security_manager_policy_entry_set_level(m_entry, level.c_str());
+ +    m_maxLevel.first = true;
+ +    m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry));
+ +};
+ +
+ +void PolicyEntry::setMaxLevel(const std::string &level)
+ +{
+ +    m_maxLevel.first = true;
+ +    m_maxLevel.second = level;
+ +    security_manager_policy_entry_admin_set_level(m_entry, level.c_str());
+ +    m_currentLevel.first = true;
+ +    m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry));
+ +};
+ +
+ +
+ +std::ostream& operator<<(std::ostream &os, const PolicyEntry &request)
+ +{
+ +    if (request.m_appId.first)
+ +            os << "appId: " << request.m_appId.second << "; ";
+ +
+ +    if (request.m_user.first)
+ +            os << "user: " << request.m_user.second << "; ";
+ +
+ +    if (request.m_privilege.first)
+ +            os << "privilege: " << request.m_privilege.second << "; ";
+ +
+ +    if (request.m_currentLevel.first)
+ +            os << "current: " << request.m_currentLevel.second << "; ";
+ +
+ +    if (request.m_maxLevel.first)
+ +            os << "max: " << request.m_maxLevel.second << "; ";
+ +
+ +    return os;
+ +}
+ +
+ +PolicyEntry::~PolicyEntry()
+ +{
+ +}
+ +
+ +void PolicyEntry::free(void)
+ +{
+ +    security_manager_policy_entry_free(m_entry);
+ +}
+ +
+ +
+ +PolicyRequest::PolicyRequest()
+ +    : m_req(nullptr),
+ +      m_entries()
+ +{
+ +    int result = security_manager_policy_update_req_new(&m_req);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ +                      "creation of new policy request failed. Result: " << result);
+ +    RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new policy request did not allocate memory");
+ +}
+ +
+ +PolicyRequest::~PolicyRequest()
+ +{
+ +    for(std::vector<PolicyEntry>::iterator it = m_entries.begin(); it != m_entries.end(); ++it) {
+ +        it->free();
+ +    }
+ +    security_manager_policy_update_req_free(m_req);
+ +}
+ +
+ +void PolicyRequest::addEntry(PolicyEntry &entry,
+ +        lib_retcode expectedResult)
+ +{
+ +    int result = 0;
+ +
+ +    result = security_manager_policy_update_req_add_entry(m_req, entry.get());
+ +
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                     "adding policy entry to request returned wrong value."
+ +                          << " entry: " << entry << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +
+ +    m_entries.push_back(entry);
+ +}
+ +
+ +std::ostream& operator<<(std::ostream &os, const PolicyRequest &request)
+ +{
+ +    if (request.m_entries.size() != 0)
+ +    {
+ +        os << "PolicyRequest m_entries size: " << request.m_entries.size() << "; ";
+ +
+ +        for(unsigned int i = 0; i != request.m_entries.size(); i++) {
+ +           os << "entry " << i << ": " << request.m_entries[i] << "; ";
+ +       }
+ +    }
+ +
+ +    return os;
+ +}
+ +
+ +} // namespace SecurityManagerTest
diff --combined src/security-manager-tests/common/sm_policy_request.h

index bd31329,0000000..bd31329

mode 100644,000000..100644
--- 1/tests/security-manager-tests/common/sm_policy_request.h
--- /dev/null
+++ b/src/security-manager-tests/common/sm_policy_request.h
@@@ -1,87 -1,0 +1,87 @@@
+ +/*
+ + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ + *
+ + *    Licensed under the Apache License, Version 2.0 (the "License");
+ + *    you may not use this file except in compliance with the License.
+ + *    You may obtain a copy of the License at
+ + *
+ + *        http://www.apache.org/licenses/LICENSE-2.0
+ + *
+ + *    Unless required by applicable law or agreed to in writing, software
+ + *    distributed under the License is distributed on an "AS IS" BASIS,
+ + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ + *    See the License for the specific language governing permissions and
+ + *    limitations under the License.
+ + */
+ +
+ +#ifndef SECURITY_MANAGER_TEST_POLICYREQUEST
+ +#define SECURITY_MANAGER_TEST_POLICYREQUEST
+ +
+ +#include <iostream>
+ +#include <sys/types.h>
+ +#include <utility>
+ +#include <vector>
+ +
+ +#include <security-manager.h>
+ +
+ +namespace SecurityManagerTest {
+ +
+ +class PolicyEntry
+ +{
+ +public:
+ +    PolicyEntry();
+ +
+ +    PolicyEntry(const std::string &appId,
+ +                const std::string &user,
+ +                const std::string &privilege
+ +                );
+ +    ~PolicyEntry();
+ +
+ +    PolicyEntry(policy_entry &entry);
+ +
+ +    policy_entry *get() const { return m_entry; }
+ +    std::string getUser() const         { return m_user.second; }
+ +    std::string getAppId() const        { return m_appId.second; }
+ +    std::string getPrivilege() const    { return m_privilege.second; }
+ +    std::string getCurrentLevel() const { return m_currentLevel.second; }
+ +    std::string getMaxLevel() const     { return m_maxLevel.second; }
+ +    void setLevel(const std::string &level);
+ +    void setMaxLevel(const std::string &level);
+ +    void free(void);
+ +
+ +    friend std::ostream& operator<<(std::ostream &, const PolicyEntry&);
+ +
+ +private:
+ +    policy_entry *m_entry;
+ +    std::pair<bool, std::string> m_appId;
+ +    std::pair<bool, std::string> m_user;
+ +    std::pair<bool, std::string> m_privilege;
+ +    std::pair<bool, std::string> m_currentLevel;
+ +    std::pair<bool, std::string> m_maxLevel;
+ +};
+ +
+ +std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyEntry &request);
+ +
+ +class PolicyRequest
+ +{
+ +public:
+ +    PolicyRequest();
+ +    PolicyRequest(const PolicyRequest&) = delete;
+ +    PolicyRequest& operator=(const PolicyRequest&) = delete;
+ +    ~PolicyRequest();
+ +
+ +    void addEntry(PolicyEntry &entry, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +
+ +    policy_update_req *get() const { return m_req; }
+ +    friend std::ostream& operator<<(std::ostream &, const PolicyRequest&);
+ +
+ +private:
+ +    policy_update_req *m_req;
+ +    std::vector<PolicyEntry> m_entries;
+ +};
+ +
+ +std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyRequest &request);
+ +
+ +} // namespace SecurityManagerTest
+ +
+ +#endif // SECURITY_MANAGER_TEST_USERREQUEST
diff --combined src/security-manager-tests/common/sm_request.cpp

index 910bbfd,0000000..910bbfd

mode 100644,000000..100644
--- 1/tests/security-manager-tests/common/sm_request.cpp
--- /dev/null
+++ b/src/security-manager-tests/common/sm_request.cpp
@@@ -1,124 -1,0 +1,124 @@@
+ +/*
+ + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ + *
+ + *    Licensed under the Apache License, Version 2.0 (the "License");
+ + *    you may not use this file except in compliance with the License.
+ + *    You may obtain a copy of the License at
+ + *
+ + *        http://www.apache.org/licenses/LICENSE-2.0
+ + *
+ + *    Unless required by applicable law or agreed to in writing, software
+ + *    distributed under the License is distributed on an "AS IS" BASIS,
+ + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ + *    See the License for the specific language governing permissions and
+ + *    limitations under the License.
+ + */
+ +
+ +#include <sm_request.h>
+ +
+ +#include <dpl/test/test_runner.h>
+ +
+ +namespace SecurityManagerTest {
+ +
+ +InstallRequest::InstallRequest()
+ +    : m_req(nullptr)
+ +    , m_appId(nullptr)
+ +    , m_pkgId(nullptr)
+ +    , m_uid(false, 0)
+ +{
+ +    int result = security_manager_app_inst_req_new(&m_req);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ +                      "creation of new request failed. Result: " << result);
+ +    RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory");
+ +}
+ +
+ +InstallRequest::~InstallRequest()
+ +{
+ +    security_manager_app_inst_req_free(m_req);
+ +}
+ +
+ +void InstallRequest::setAppId(const char *appId, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_app_inst_req_set_app_id(m_req, appId);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "setting app id returned wrong value."
+ +                          << " App id: " << appId << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +    m_appId = appId;
+ +}
+ +
+ +void InstallRequest::setPkgId(const char *pkgId, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_app_inst_req_set_pkg_id(m_req, pkgId);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "setting pkg id returned wrong value."
+ +                          << " Pkg id: " << pkgId << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +    m_pkgId = pkgId;
+ +}
+ +
+ +void InstallRequest::addPrivilege(const char *privilege, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_app_inst_req_add_privilege(m_req, privilege);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "adding privilege returned wrong value."
+ +                          << " Privilege: " << privilege << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +    m_privileges.push_back(privilege);
+ +}
+ +
+ +void InstallRequest::addPath(const char *path, app_install_path_type pathType, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_app_inst_req_add_path(m_req, path, pathType);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "adding path returned wrong value."
+ +                          << " Path: " << path << ";"
+ +                          << " Path type: " << pathType << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +    m_paths.push_back(std::pair<std::string, app_install_path_type>(path, pathType));
+ +}
+ +
+ +void InstallRequest::setUid(const uid_t uid, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_app_inst_req_set_uid(m_req, uid);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                      "setting uid returned wrong value."
+ +                          << " Uid: " << uid << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +    m_uid.first = true;
+ +    m_uid.second = uid;
+ +}
+ +
+ +std::ostream& operator<<(std::ostream &os, const InstallRequest &request)
+ +{
+ +    if (request.m_appId != nullptr)
+ +        os << "app id: " << request.m_appId << "; ";
+ +    if (request.m_pkgId != nullptr)
+ +        os << "pkg id: " << request.m_pkgId << "; ";
+ +    if (!request.m_privileges.empty()) {
+ +        os << "privileges: [ " << request.m_privileges[0];
+ +        for (size_t i=1; i < request.m_privileges.size(); ++i) {
+ +            os << "; " << request.m_privileges[i];
+ +        }
+ +        os << " ]";
+ +    }
+ +    if (!request.m_paths.empty()) {
+ +        os << "paths: [ " << "< " << request.m_paths[0].first << "; "
+ +                                  << request.m_paths[0].second << " >";
+ +        for (size_t i=1; i < request.m_paths.size(); ++i) {
+ +            os << "; < " << request.m_paths[i].first << "; "
+ +                         << request.m_paths[i].second << " >";
+ +        }
+ +        os << " ]";
+ +    }
+ +    if (request.m_uid.first)
+ +        os << "uid: " << request.m_uid.second << "; ";
+ +    return os;
+ +}
+ +
+ +} // namespace SecurityManagerTest
diff --combined src/security-manager-tests/common/sm_request.h

index 0bd0878,0000000..0bd0878

mode 100644,000000..100644
--- 1/tests/security-manager-tests/common/sm_request.h
--- /dev/null
+++ b/src/security-manager-tests/common/sm_request.h
@@@ -1,62 -1,0 +1,62 @@@
+ +/*
+ + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ + *
+ + *    Licensed under the Apache License, Version 2.0 (the "License");
+ + *    you may not use this file except in compliance with the License.
+ + *    You may obtain a copy of the License at
+ + *
+ + *        http://www.apache.org/licenses/LICENSE-2.0
+ + *
+ + *    Unless required by applicable law or agreed to in writing, software
+ + *    distributed under the License is distributed on an "AS IS" BASIS,
+ + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ + *    See the License for the specific language governing permissions and
+ + *    limitations under the License.
+ + */
+ +
+ +#ifndef SECURITY_MANAGER_TEST_INSTALLREQUEST
+ +#define SECURITY_MANAGER_TEST_INSTALLREQUEST
+ +
+ +#include <iostream>
+ +#include <string>
+ +#include <sys/types.h>
+ +#include <utility>
+ +#include <vector>
+ +
+ +#include <security-manager.h>
+ +
+ +namespace SecurityManagerTest {
+ +
+ +class InstallRequest
+ +{
+ +public:
+ +    InstallRequest();
+ +    InstallRequest(const InstallRequest&) = delete;
+ +    InstallRequest& operator=(const InstallRequest&) = delete;
+ +    ~InstallRequest();
+ +
+ +    void setAppId(const char *appId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+ +    void setPkgId(const char *pkgId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+ +    void addPrivilege(const char *privilege, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+ +    void addPath(const char *path, app_install_path_type pathType,
+ +                 lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ +    void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+ +
+ +    const app_inst_req *get() const { return m_req; }
+ +    friend std::ostream& operator<<(std::ostream &, const InstallRequest&);
+ +
+ +private:
+ +    app_inst_req *m_req;
+ +
+ +    const char *m_appId;
+ +    const char *m_pkgId;
+ +    std::vector<std::string> m_privileges;
+ +    std::vector<std::pair<std::string, app_install_path_type> > m_paths;
+ +    std::pair<bool, uid_t> m_uid;
+ +};
+ +
+ +std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::InstallRequest &request);
+ +
+ +} // namespace SecurityManagerTest
+ +
+ +#endif // SECURITY_MANAGER_TEST_INSTALLREQUEST
diff --combined src/security-manager-tests/common/sm_user_request.cpp

index 4b176c3,0000000..4b176c3

mode 100644,000000..100644
--- 1/tests/security-manager-tests/common/sm_user_request.cpp
--- /dev/null
+++ b/src/security-manager-tests/common/sm_user_request.cpp
@@@ -1,74 -1,0 +1,74 @@@
+ +/*
+ + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ + *
+ + *    Licensed under the Apache License, Version 2.0 (the "License");
+ + *    you may not use this file except in compliance with the License.
+ + *    You may obtain a copy of the License at
+ + *
+ + *        http://www.apache.org/licenses/LICENSE-2.0
+ + *
+ + *    Unless required by applicable law or agreed to in writing, software
+ + *    distributed under the License is distributed on an "AS IS" BASIS,
+ + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ + *    See the License for the specific language governing permissions and
+ + *    limitations under the License.
+ + */
+ +
+ +#include <sm_user_request.h>
+ +
+ +#include <dpl/test/test_runner.h>
+ +
+ +namespace SecurityManagerTest {
+ +
+ +UserRequest::UserRequest()
+ +    : m_req(nullptr)
+ +    , m_uid(false, 0)
+ +    , m_utype(false, static_cast<security_manager_user_type>(0))
+ +{
+ +    int result = security_manager_user_req_new(&m_req);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ +                      "creation of new request failed. Result: " << result);
+ +    RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory");
+ +}
+ +
+ +UserRequest::~UserRequest()
+ +{
+ +    security_manager_user_req_free(m_req);
+ +}
+ +
+ +void UserRequest::setUid(const uid_t uid, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_user_req_set_uid(m_req, uid);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                     "setting uid returned wrong value."
+ +                          << " Uid: " << uid << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +    m_uid.first = true;
+ +    m_uid.second = uid;
+ +}
+ +
+ +void UserRequest::setUserType(const security_manager_user_type utype, lib_retcode expectedResult)
+ +{
+ +    int result = security_manager_user_req_set_user_type(m_req, utype);
+ +    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ +                     "setting user type returned wrong value."
+ +                          << " User type: " << utype << ";"
+ +                          << " Result: " << result << ";"
+ +                          << " Expected result: " << expectedResult);
+ +    m_utype.first = true;
+ +    m_utype.second = utype;
+ +}
+ +
+ +std::ostream& operator<<(std::ostream &os, const UserRequest &request)
+ +{
+ +    if (request.m_uid.first)
+ +        os << "uid: " << request.m_uid.second << "; ";
+ +
+ +    if (request.m_utype.first)
+ +        os << "utype: " << request.m_utype.second << "; ";
+ +
+ +    return os;
+ +}
+ +
+ +} // namespace SecurityManagerTest
diff --combined src/security-manager-tests/common/sm_user_request.h

index 64da559,0000000..64da559

mode 100644,000000..100644
--- 1/tests/security-manager-tests/common/sm_user_request.h
--- /dev/null
+++ b/src/security-manager-tests/common/sm_user_request.h
@@@ -1,54 -1,0 +1,54 @@@
+ +/*
+ + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ + *
+ + *    Licensed under the Apache License, Version 2.0 (the "License");
+ + *    you may not use this file except in compliance with the License.
+ + *    You may obtain a copy of the License at
+ + *
+ + *        http://www.apache.org/licenses/LICENSE-2.0
+ + *
+ + *    Unless required by applicable law or agreed to in writing, software
+ + *    distributed under the License is distributed on an "AS IS" BASIS,
+ + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ + *    See the License for the specific language governing permissions and
+ + *    limitations under the License.
+ + */
+ +
+ +#ifndef SECURITY_MANAGER_TEST_USERREQUEST
+ +#define SECURITY_MANAGER_TEST_USERREQUEST
+ +
+ +#include <iostream>
+ +#include <sys/types.h>
+ +#include <utility>
+ +
+ +#include <security-manager.h>
+ +
+ +namespace SecurityManagerTest {
+ +
+ +class UserRequest
+ +{
+ +public:
+ +    UserRequest();
+ +    UserRequest(const UserRequest&) = delete;
+ +    UserRequest& operator=(const UserRequest&) = delete;
+ +    ~UserRequest();
+ +
+ +    void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+ +    void setUserType(const security_manager_user_type utype,
+ +                     lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+ +
+ +    const user_req *get() const { return m_req; }
+ +    friend std::ostream& operator<<(std::ostream &, const UserRequest&);
+ +
+ +private:
+ +    user_req *m_req;
+ +
+ +    std::pair<bool, uid_t> m_uid;
+ +    std::pair<bool, security_manager_user_type> m_utype;
+ +};
+ +
+ +std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::UserRequest &request);
+ +
+ +} // namespace SecurityManagerTest
+ +
+ +#endif // SECURITY_MANAGER_TEST_USERREQUEST
diff --combined src/security-manager-tests/security_manager_tests.cpp

index 27db73d,21f7081..27db73d
--- 1/tests/security-manager-tests/security_manager_tests.cpp
--- 2/src/security-manager-tests/security_manager_tests.cpp
+++ b/src/security-manager-tests/security_manager_tests.cpp
@@@ -1,4 -1,3 +1,4 @@@
+ +#include <dpl/log/log.h>
   #include <dpl/test/test_runner.h>
   #include <fcntl.h>
   #include <stdio.h>
@@@ -6,51 -5,42 +6,51 @@@
   #include <string>
   #include <unordered_set>
   #include <sys/capability.h>
+ +#include <semaphore.h>
   
+ +#include <unistd.h>
+ +#include <sys/types.h>
+ +#include <sys/wait.h>
   #include <sys/socket.h>
   #include <sys/un.h>
   #include <attr/xattr.h>
   #include <linux/xattr.h>
   
+ +#include <unistd.h>
+ +#include <sys/types.h>
+ +#include <sys/wait.h>
+ +
   #include <grp.h>
   #include <pwd.h>
   
   #include <libprivilege-control_test_common.h>
   #include <tests_common.h>
   
+ +#include <tzplatform_config.h>
   #include <security-manager.h>
+ +#include <sm_api.h>
   #include <sm_db.h>
+ +#include <sm_request.h>
+ +#include <sm_user_request.h>
+ +#include <temp_test_user.h>
   #include <cynara_test_client.h>
+ +#include <cynara_test_admin.h>
+ +#include <service_manager.h>
+ +#include <cynara_test_admin.h>
   
- -DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
- -DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
- -
- -static const char *const SM_APP_ID1 = "sm_test_app_id_double";
- -static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
+ +using namespace SecurityManagerTest;
   
- -static const char *const SM_APP_ID2 = "sm_test_app_id_full";
- -static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
- -
- -static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
- -static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
+ +DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
+ +DEFINE_SMARTPTR(tzplatform_context_destroy, tzplatform_context, TzPlatformContextPtr);
   
   static const privileges_t SM_ALLOWED_PRIVILEGES = {
- -    "security_manager_test_rules2_r",
- -    "security_manager_test_rules2_no_r"
+ +    "http://tizen.org/privilege/location",
+ +    "http://tizen.org/privilege/camera"
   };
   
   static const privileges_t SM_DENIED_PRIVILEGES  = {
- -    "security_manager_test_rules1",
- -    "security_manager_test_rules2"
+ +    "http://tizen.org/privilege/bluetooth",
+ +    "http://tizen.org/privilege/power"
   };
   
   static const privileges_t SM_NO_PRIVILEGES  = {
@@@ -58,68 -48,16 +58,68 @@@
   
   static const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
   
- -static const char *const SM_PRIVATE_PATH = "/usr/apps/test_DIR/app_dir";
- -static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro";
- -static const char *const SM_DENIED_PATH = "/usr/apps/test_DIR/non_app_dir";
- -static const char *const SM_PRIVATE_PATH_FOR_USER = "/home/" APP_USER "/test_DIR";
+ +static const char *const SM_RW_PATH = "/usr/apps/app_dir";
+ +static const char *const SM_RO_PATH = "/usr/apps/app_dir_public_ro";
+ +static const char *const SM_DENIED_PATH = "/usr/apps/non_app_dir";
+ +
   static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
+ +static const std::string EXEC_FILE("exec");
+ +static const std::string NORMAL_FILE("normal");
+ +static const std::string LINK_PREFIX("link_to_");
+ +
+ +static const std::string PRIVILEGE_MANAGER_APP = "privilege_manager";
+ +static const std::string PRIVILEGE_MANAGER_PKG = "privilege_manager";
+ +static const std::string PRIVILEGE_MANAGER_SELF_PRIVILEGE = "http://tizen.org/privilege/systemsettings";
+ +static const std::string PRIVILEGE_MANAGER_ADMIN_PRIVILEGE = "http://tizen.org/privilege/systemsettings.admin";
+ +
+ +static const std::vector<std::string> MANY_APPS = {
+ +    "security_manager_10_app_1",
+ +    "security_manager_10_app_2",
+ +    "security_manager_10_app_3",
+ +    "security_manager_10_app_4",
+ +    "security_manager_10_app_5"
+ +};
+ +
+ +static const std::map<std::string, std::string> MANY_APPS_PKGS = {
+ +    {"security_manager_10_app_1", "security_manager_10_pkg_1"},
+ +    {"security_manager_10_app_2", "security_manager_10_pkg_2"},
+ +    {"security_manager_10_app_3", "security_manager_10_pkg_3"},
+ +    {"security_manager_10_app_4", "security_manager_10_pkg_4"},
+ +    {"security_manager_10_app_5", "security_manager_10_pkg_5"},
+ +    {PRIVILEGE_MANAGER_APP, PRIVILEGE_MANAGER_PKG}
+ +};
+ +
+ +static const std::vector<privileges_t> MANY_APPS_PRIVILEGES = {
+ +    {
+ +        "http://tizen.org/privilege/internet",
+ +        "http://tizen.org/privilege/location"
+ +    },
+ +    {
+ +        "http://tizen.org/privilege/telephony",
+ +        "http://tizen.org/privilege/camera"
+ +    },
+ +    {
+ +        "http://tizen.org/privilege/contact.read",
+ +        "http://tizen.org/privilege/led",
+ +        "http://tizen.org/privilege/email"
+ +    },
+ +    {
+ +        "http://tizen.org/privilege/led",
+ +        "http://tizen.org/privilege/email",
+ +        "http://tizen.org/privilege/telephony",
+ +        "http://tizen.org/privilege/camera"
+ +    },
+ +    {
+ +        "http://tizen.org/privilege/internet",
+ +        "http://tizen.org/privilege/location",
+ +        "http://tizen.org/privilege/led",
+ +        "http://tizen.org/privilege/email"
+ +    }
+ +};
   
- -static void generateAppLabel(const std::string &pkgId, std::string &label)
+ +static std::string generateAppLabel(const std::string &appId)
   {
- -    (void) pkgId;
- -    label = "User";
+ +    return "User::App::" + appId;
   }
   
   static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
@@@ -168,27 -106,41 +168,27 @@@
       return 0;
   }
   
+ +// nftw doesn't allow passing user data to functions. Work around by using global variable
+ +static std::string nftw_expected_label;
+ +bool nftw_expected_transmute;
+ +bool nftw_expected_exec;
   
- -static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
+ +static int nftw_check_sm_labels(const char *fpath, const struct stat *sb,
                                  int /*typeflag*/, struct FTW* /*ftwbuf*/)
   {
- -    return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
- -}
- -
- -static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
- -                               int /*typeflag*/, struct FTW* /*ftwbuf*/)
- -{
- -
- -    return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
- -}
- -
- -static app_inst_req* do_app_inst_req_new()
- -{
- -    int result;
- -    app_inst_req *req = nullptr;
- -
- -    result = security_manager_app_inst_req_new(&req);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "creation of new request failed. Result: " << result);
- -    RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory");
- -    return req;
+ +    return nftw_check_sm_labels_app_dir(fpath, sb,
+ +        nftw_expected_label.c_str(), nftw_expected_transmute, nftw_expected_exec);
   }
   
   static void prepare_app_path()
   {
       int result;
   
- -    result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- -    RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
+ +    result = nftw(SM_RW_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ +    RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RW_PATH);
   
- -    result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- -    RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
+ +    result = nftw(SM_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ +    RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RO_PATH);
   
       result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
       RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
@@@ -199,23 -151,16 +199,23 @@@ static void prepare_app_env(
       prepare_app_path();
   }
   
- -/* TODO: add parameters to this function */
- -static void check_app_path_after_install()
+ +static void check_app_path_after_install(const char *appId)
   {
       int result;
   
- -    result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
- -    RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
+ +    nftw_expected_label = generateAppLabel(appId);
+ +    nftw_expected_transmute = false;
+ +    nftw_expected_exec = true;
+ +
+ +    result = nftw(SM_RW_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
+ +    RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH);
+ +
+ +    nftw_expected_label = "User::Home";
+ +    nftw_expected_transmute = true;
+ +    nftw_expected_exec = false;
   
- -    result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
- -    RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
+ +    result = nftw(SM_RO_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
+ +    RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH);
   
       result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
       RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
@@@ -225,8 -170,9 +225,8 @@@
   static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
                                     const privileges_t &allowed_privs, const privileges_t &denied_privs)
   {
- -    (void) app_id;
- -    std::string smackLabel;
- -    generateAppLabel(pkg_id, smackLabel);
+ +    (void) pkg_id;
+ +    std::string smackLabel = generateAppLabel(app_id);
   
       CynaraTestClient::Client ctc;
   
@@@ -249,7 -195,10 +249,7 @@@ static void check_app_gids(const char *
       ret = setgroups(0, NULL);
       RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
   
- -    ret = security_manager_set_process_groups_from_appid(app_id);
- -    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS,
- -            "security_manager_set_process_groups_from_appid(" <<
- -            app_id << ") failed. Result: " << ret);
+ +    Api::setProcessGroups(app_id);
   
       ret = getgroups(0, nullptr);
       RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
@@@ -321,196 -270,166 +321,196 @@@ static void check_app_after_uninstall(c
       dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
   }
   
- -static void install_app(const char *app_id, const char *pkg_id)
+ +static void install_app(const char *app_id, const char *pkg_id, uid_t uid = 0)
   {
- -    int result;
- -    AppInstReqUniquePtr request;
- -    request.reset(do_app_inst_req_new());
+ +    InstallRequest request;
+ +    request.setAppId(app_id);
+ +    request.setPkgId(pkg_id);
+ +    request.setUid(uid);
+ +    Api::install(request);
   
- -    result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting app id failed. Result: " << result);
+ +    check_app_after_install(app_id, pkg_id);
   
- -    result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting pkg id failed. Result: " << result);
+ +}
   
- -    result = security_manager_app_install(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "installing app failed. Result: " << result);
+ +static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed)
+ +{
+ +    InstallRequest request;
+ +    request.setAppId(app_id);
   
- -    check_app_after_install(app_id, pkg_id);
+ +    Api::uninstall(request);
   
+ +    check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
   }
   
- -static void uninstall_app(const char *app_id, const char *pkg_id,
- -        bool expect_installed, bool expect_pkg_removed)
+ +static inline void register_current_process_as_privilege_manager(uid_t uid, bool forAdmin = false)
   {
- -    int result;
- -    AppInstReqUniquePtr request;
- -    request.reset(do_app_inst_req_new());
+ +    InstallRequest request;
+ +    request.setAppId(PRIVILEGE_MANAGER_APP.c_str());
+ +    request.setPkgId(PRIVILEGE_MANAGER_PKG.c_str());
+ +    request.setUid(uid);
+ +    request.addPrivilege(PRIVILEGE_MANAGER_SELF_PRIVILEGE.c_str());
+ +    if (forAdmin)
+ +        request.addPrivilege(PRIVILEGE_MANAGER_ADMIN_PRIVILEGE.c_str());
+ +    Api::install(request);
+ +    Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+ +};
   
- -    result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -          "setting app id failed. Result: " << result);
+ +static inline struct passwd *getUserStruct(const std::string &userName) {
+ +    struct passwd *pw = nullptr;
+ +    errno = 0;
   
- -    result = security_manager_app_uninstall(request.get());
- -    RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -          "uninstalling app failed. Result: " << result);
+ +    while(!(pw = getpwnam(userName.c_str()))) {
+ +        RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
+ +    };
   
- -    check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
- -}
+ +    return pw;
+ +};
+ +
+ +static inline struct passwd *getUserStruct(const uid_t uid) {
+ +    struct passwd *pw = nullptr;
+ +    errno = 0;
   
+ +    while(!(pw = getpwuid(uid))) {
+ +        RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
+ +    };
+ +
+ +    return pw;
+ +};
   
   RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
   
   
- -RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
+ +RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall)
   {
- -    int result;
- -    AppInstReqUniquePtr request;
+ +    const char *const sm_app_id = "sm_test_01a_app_id_double";
+ +    const char *const sm_pkg_id = "sm_test_01a_pkg_id_double";
   
- -    request.reset(do_app_inst_req_new());
+ +    InstallRequest requestInst;
+ +    requestInst.setAppId(sm_app_id);
+ +    requestInst.setPkgId(sm_pkg_id);
   
- -    result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting app id failed. Result: " << result);
+ +    Api::install(requestInst);
+ +    Api::install(requestInst);
   
- -    result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting pkg id failed. Result: " << result);
+ +    /* Check records in the security-manager database */
+ +    check_app_after_install(sm_app_id, sm_pkg_id);
   
- -    result = security_manager_app_install(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "installing app failed. Result: " << result);
+ +    InstallRequest requestUninst;
+ +    requestUninst.setAppId(sm_app_id);
   
- -    result = security_manager_app_install(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "installing already installed app failed. Result: " << result);
+ +    Api::uninstall(requestUninst);
+ +    Api::uninstall(requestUninst);
   
       /* Check records in the security-manager database */
- -    check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
+ +    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+ +}
+ +
+ +
+ +RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id)
+ +{
+ +    const char *const sm_app_id = "sm_test_01b_app";
+ +    const char *const sm_pkg_id = "sm_test_01b_pkg";
+ +    const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD";
+ +
+ +    InstallRequest requestInst;
+ +    requestInst.setAppId(sm_app_id);
+ +    requestInst.setPkgId(sm_pkg_id);
+ +
+ +    Api::install(requestInst);
   
- -    request.reset(do_app_inst_req_new());
+ +    InstallRequest requestInst2;
+ +    requestInst2.setAppId(sm_app_id);
+ +    requestInst2.setPkgId(sm_pkg_id_wrong);
   
- -    result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting app id failed. Result: " << result);
+ +    Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM);
   
- -    result = security_manager_app_uninstall(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "uninstalling app failed. Result: " << result);
   
- -    result = security_manager_app_uninstall(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "uninstalling already uninstalled app failed. Result: " << result);
+ +    /* Check records in the security-manager database */
+ +    check_app_after_install(sm_app_id, sm_pkg_id);
+ +
+ +    InstallRequest requestUninst;
+ +    requestUninst.setAppId(sm_app_id);
+ +
+ +    Api::uninstall(requestUninst);
+ +
   
       /* Check records in the security-manager database */
- -    check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
+ +    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+ +
   }
   
- -RUNNER_TEST(security_manager_02_app_install_uninstall_full)
+ +RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored)
   {
- -    int result;
- -    AppInstReqUniquePtr request;
+ +    const char * const  sm_app_id = "SM_TEST_01c_APPID";
+ +    const char * const  sm_pkg_id = "SM_TEST_01c_PKGID";
+ +    const char * const  sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong";
   
- -    prepare_app_env();
+ +    InstallRequest requestInst;
+ +    requestInst.setAppId(sm_app_id);
+ +    requestInst.setPkgId(sm_pkg_id);
+ +
+ +    Api::install(requestInst);
+ +
+ +    /* Check records in the security-manager database */
+ +    check_app_after_install(sm_app_id, sm_pkg_id);
+ +
+ +    InstallRequest requestUninst;
+ +    requestUninst.setAppId(sm_app_id);
+ +    requestUninst.setPkgId(sm_pkg_id_wrong);
   
- -    request.reset(do_app_inst_req_new());
+ +    Api::uninstall(requestUninst);
   
- -    result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting app id failed. Result: " << result);
+ +    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
   
- -    result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting pkg id failed. Result: " << result);
+ +}
   
- -    result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting allowed permission failed. Result: " << result);
- -    result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting allowed permission failed. Result: " << result);
+ +RUNNER_TEST(security_manager_02_app_install_uninstall_full)
+ +{
+ +    const char *const sm_app_id = "sm_test_02_app_id_full";
+ +    const char *const sm_pkg_id = "sm_test_02_pkg_id_full";
   
- -    result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
- -                                                    SECURITY_MANAGER_PATH_PRIVATE);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting allowed path failed. Result: " << result);
+ +    prepare_app_env();
   
- -    result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
- -                                                    SECURITY_MANAGER_PATH_PUBLIC_RO);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting allowed path failed. Result: " << result);
+ +    InstallRequest requestInst;
+ +    requestInst.setAppId(sm_app_id);
+ +    requestInst.setPkgId(sm_pkg_id);
+ +    requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
+ +    requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
+ +    requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
+ +    requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
   
- -    result = security_manager_app_install(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "installing app failed. Result: " << result);
+ +    Api::install(requestInst);
   
       /* Check records in the security-manager database */
- -    check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
+ +    check_app_after_install(sm_app_id, sm_pkg_id,
                               SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
   
       /* TODO: add parameters to this function */
- -    check_app_path_after_install();
- -
- -    request.reset(do_app_inst_req_new());
+ +    check_app_path_after_install(sm_app_id);
   
- -    result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting app id failed. Result: " << result);
+ +    InstallRequest requestUninst;
+ +    requestUninst.setAppId(sm_app_id);
   
- -    result = security_manager_app_uninstall(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "uninstalling app failed. Result: " << result);
+ +    Api::uninstall(requestUninst);
   
       /* Check records in the security-manager database,
        * all previously allowed privileges should be removed */
- -    check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
+ +    check_app_after_uninstall(sm_app_id, sm_pkg_id,
                                 SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
   }
   
   RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
   {
- -    const char *const app_id = "sm_test_app_id_set_label_from_appid";
- -    const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
- -    const char *const expected_label = USER_APP_ID;
+ +    const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
+ +    const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
       const char *const socketLabel = "not_expected_label";
+ +    std::string expected_label = generateAppLabel(app_id);
       char *label = nullptr;
       CStringPtr labelPtr;
       int result;
   
- -    uninstall_app(app_id, pkg_id, false, true);
+ +    uninstall_app(app_id, pkg_id, true);
       install_app(app_id, pkg_id);
   
       struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
@@@ -523,28 -442,33 +523,28 @@@
       result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
       RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
       //Set socket label to something different than expecedLabel
- -    result = fsetxattr(sock, XATTR_NAME_SMACKIPIN, socketLabel,
- -        strlen(socketLabel), 0);
+ +    result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPIN, socketLabel);
       RUNNER_ASSERT_ERRNO_MSG(result == 0,
           "Can't set socket label. Result: " << result);
- -    result = fsetxattr(sock, XATTR_NAME_SMACKIPOUT, socketLabel,
- -        strlen(socketLabel), 0);
+ +    result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPOUT, socketLabel);
       RUNNER_ASSERT_ERRNO_MSG(result == 0,
           "Can't set socket label. Result: " << result);
   
- -    result = security_manager_set_process_label_from_appid(app_id);
- -    RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
- -            "security_manager_set_process_label_from_appid(" <<
- -            app_id << ") failed. Result: " << result);
+ +    Api::setProcessLabel(app_id);
   
- -    char value[SMACK_LABEL_LEN + 1];
- -    ssize_t size;
- -    size = fgetxattr(sock, XATTR_NAME_SMACKIPIN, value, sizeof(value));
- -    RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
- -    result = strcmp(expected_label, value);
+ +    result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPIN, &label);
+ +    RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
+ +    labelPtr.reset(label);
+ +    result = expected_label.compare(label);
       RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
- -        expected_label << " Actual: " << value);
+ +        expected_label << " Actual: " << label);
   
- -    size = fgetxattr(sock, XATTR_NAME_SMACKIPOUT, value, sizeof(value));
- -    RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
- -    result = strcmp(expected_label, value);
+ +    result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPOUT, &label);
+ +    RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
+ +    labelPtr.reset(label);
+ +    result = expected_label.compare(label);
       RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
- -        expected_label << " Actual: " << value);
+ +        expected_label << " Actual: " << label);
   
       result = smack_new_label_from_self(&label);
       RUNNER_ASSERT_MSG(result >= 0,
@@@ -553,241 -477,122 +553,241 @@@
               " Process label is not set");
       labelPtr.reset(label);
   
- -    result = strcmp(expected_label, label);
+ +    result = expected_label.compare(label);
       RUNNER_ASSERT_MSG(result == 0,
               " Process label is incorrect. Expected: \"" << expected_label <<
               "\" Actual: \"" << label << "\"");
   
- -    uninstall_app(app_id, pkg_id, true, true);
+ +    uninstall_app(app_id, pkg_id, true);
   }
   
   RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
   {
- -    const char *const app_id = "sm_test_app_id_set_label_from_appid";
- -    const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
- -    int result;
+ +    const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack";
+ +    const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack";
   
- -    uninstall_app(app_id, pkg_id, false, true);
+ +    uninstall_app(app_id, pkg_id, true);
       install_app(app_id, pkg_id);
   
- -    result = security_manager_set_process_label_from_appid(app_id);
- -    RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
- -            "security_manager_set_process_label_from_appid(" <<
- -            app_id << ") failed. Result: " << result);
+ +    Api::setProcessLabel(app_id);
   
- -    uninstall_app(app_id, pkg_id, true, true);
+ +    uninstall_app(app_id, pkg_id, true);
   }
   
- -
- -
- -static void prepare_request(AppInstReqUniquePtr &request,
+ +static void prepare_request(InstallRequest &request,
                 const char *const app_id,
                 const char *const pkg_id,
                 app_install_path_type pathType,
- -              const char *const path)
+ +              const char *const path,
+ +              uid_t uid)
   {
- -    int result;
- -    request.reset(do_app_inst_req_new());
+ +    request.setAppId(app_id);
+ +    request.setPkgId(pkg_id);
+ +    request.addPath(path, pathType);
+ +
+ +    if (uid != 0)
+ +        request.setUid(uid);
+ +}
+ +
+ +static uid_t getGlobalUserId(void)
+ +{
+ +    return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
+ +}
+ +
+ +static const std::string appDirPath(const TemporaryTestUser &user,
+ +        const std::string &appId, const std::string &pkgId)
+ +{
+ +    struct tzplatform_context *tzCtxPtr = nullptr;
   
- -    result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting app id failed. Result: " << result);
+ +    RUNNER_ASSERT(0 == tzplatform_context_create(&tzCtxPtr));
+ +    TzPlatformContextPtr tzCtxPtrSmart(tzCtxPtr);
   
- -    result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting pkg id failed. Result: " << result);
+ +    RUNNER_ASSERT_MSG(0 == tzplatform_context_set_user(tzCtxPtr, user.getUid()),
+ +                      "Unable to set user <" << user.getUserName() << "> for tzplatform context");
   
- -    result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting allowed path failed. Result: " << result);
+ +    const char *appDir = tzplatform_context_getenv(tzCtxPtr,
+ +                                getGlobalUserId() == user.getUid() ? TZ_SYS_RW_APP : TZ_USER_APP);
+ +    RUNNER_ASSERT_MSG(nullptr != appDir,
+ +                      "tzplatform_context_getenv failed"
+ +                          << "for getting sys rw app of user <" << user.getUserName() << ">");
+ +
+ +    return std::string(appDir) + "/" + pkgId + "/" + appId;
   }
   
+ +static const std::string nonAppDirPath(const TemporaryTestUser &user)
+ +{
+ +    return TMP_DIR + "/" + user.getUserName();
+ +}
   
- -static struct passwd* get_app_pw()
+ +static const std::string uidToStr(const uid_t uid)
   {
- -    struct passwd *pw = nullptr;
- -    errno = 0;
- -    while(!(pw = getpwnam(APP_USER))) {
- -        RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
- -    }
- -    return pw;
+ +    return std::to_string(static_cast<unsigned int>(uid));
   }
   
- -RUNNER_CHILD_TEST(security_manager_04_app_install_uninstall_by_app_user)
+ +static void install_and_check(const char *const sm_app_id,
+ +                              const char *const sm_pkg_id,
+ +                              const TemporaryTestUser& user,
+ +                              const std::string &appDir,
+ +                              bool requestUid)
+ +{
+ +    InstallRequest requestPublic;
+ +
+ +    //install app for non-root user and try to register public path (should fail)
+ +    prepare_request(requestPublic, sm_app_id, sm_pkg_id,
+ +                    SECURITY_MANAGER_PATH_PUBLIC, appDir.c_str(),
+ +                    requestUid ? user.getUid() : 0);
+ +
+ +    Api::install(requestPublic, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ +
+ +    InstallRequest requestPrivate;
+ +
+ +    //install app for non-root user
+ +    //should fail (users may only register folders inside their home)
+ +    prepare_request(requestPrivate, sm_app_id, sm_pkg_id,
+ +                    SECURITY_MANAGER_PATH_RW, SM_RW_PATH,
+ +                    requestUid ? user.getUid() : 0);
+ +
+ +    Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ +
+ +    InstallRequest requestPrivateUser;
+ +
+ +    //install app for non-root user
+ +    //should succeed - this time i register folder inside user's home dir
+ +    prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
+ +                    SECURITY_MANAGER_PATH_RW, appDir.c_str(),
+ +                    requestUid ? user.getUid() : 0);
+ +
+ +    for (auto &privilege : SM_ALLOWED_PRIVILEGES)
+ +        requestPrivateUser.addPrivilege(privilege.c_str());
+ +
+ +    Api::install(requestPrivateUser);
+ +
+ +    check_app_permissions(sm_app_id, sm_pkg_id,
+ +                          uidToStr(user.getUid()).c_str(),
+ +                          SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+ +}
+ +
+ +static void createTestDir(const std::string &dir)
+ +{
+ +    mode_t dirMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
+ +    mode_t execFileMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
+ +    mode_t normalFileMode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
+ +
+ +    mktreeSafe(dir, dirMode);
+ +    creatSafe(dir + "/" + EXEC_FILE, execFileMode);
+ +    creatSafe(dir + "/" + NORMAL_FILE, normalFileMode);
+ +    symlinkSafe(dir + "/" + EXEC_FILE, dir + "/" + LINK_PREFIX + EXEC_FILE);
+ +    symlinkSafe(dir + "/" + NORMAL_FILE, dir + "/" + LINK_PREFIX + NORMAL_FILE);
+ +}
+ +
+ +static void createInnerAppDir(const std::string &dir, const std::string &nonAppDir)
+ +{
+ +    createTestDir(dir);
+ +
+ +    symlinkSafe(nonAppDir, dir + "/" + LINK_PREFIX + "non_app_dir");
+ +    symlinkSafe(nonAppDir + "/" + EXEC_FILE,
+ +                dir + "/" + LINK_PREFIX + "non_app_" + EXEC_FILE);
+ +    symlinkSafe(nonAppDir + "/" + NORMAL_FILE,
+ +                dir + "/" + LINK_PREFIX + "non_app_" + NORMAL_FILE);
+ +}
+ +
+ +static void generateAppDir(const TemporaryTestUser &user,
+ +       const std::string &appId, const std::string &pkgId)
+ +{
+ +    const std::string dir = appDirPath(user, appId, pkgId);
+ +    const std::string nonAppDir = nonAppDirPath(user);
+ +
+ +    createInnerAppDir(dir, nonAppDir);
+ +    createInnerAppDir(dir + "/.inner_dir", nonAppDir);
+ +    createInnerAppDir(dir + "/inner_dir", nonAppDir);
+ +}
+ +
+ +static void generateNonAppDir(const TemporaryTestUser &user)
+ +{
+ +    const std::string dir = nonAppDirPath(user);
+ +
+ +    createTestDir(dir);
+ +    createTestDir(dir + "/.inner_dir");
+ +    createTestDir(dir + "/inner_dir");
+ +}
+ +
+ +static void createTestDirs(const TemporaryTestUser &user,
+ +       const std::string &appId, const std::string &pkgId)
+ +{
+ +    generateAppDir(user, appId, pkgId);
+ +    generateNonAppDir(user);
+ +}
+ +
+ +static void removeTestDirs(const TemporaryTestUser &user,
+ +       const std::string &appId, const std::string &pkgId)
+ +{
+ +    removeDir(appDirPath(user, appId, pkgId));
+ +    removeDir(nonAppDirPath(user));
+ +}
+ +
+ +RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
   {
       int result;
- -    AppInstReqUniquePtr request;
- -    struct passwd *pw = get_app_pw();
- -    const std::string user =  std::to_string(static_cast<unsigned int>(pw->pw_uid));
+ +    const char *const sm_app_id = "sm_test_04a_app_id_uid";
+ +    const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
+ +    const std::string new_user_name = "sm_test_04a_user_name";
+ +
+ +    TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
+ +    testUser.create();
+ +
+ +    removeTestDirs(testUser, sm_app_id, sm_pkg_id);
+ +    createTestDirs(testUser, sm_app_id, sm_pkg_id);
+ +
+ +    const std::string userAppDirPath = appDirPath(testUser, sm_app_id, sm_pkg_id);
   
       //switch user to non-root
- -    result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ +    result = drop_root_privileges(testUser.getUid(), testUser.getGid());
       RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
   
- -    //install app as non-root user and try to register public path (should fail)
- -    prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER);
+ +    install_and_check(sm_app_id, sm_pkg_id, testUser, userAppDirPath, false);
   
- -    result = security_manager_app_install(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- -            "installing app not failed. Result: " << result);
+ +    //uninstall app as non-root user
+ +    InstallRequest request;
+ +    request.setAppId(sm_app_id);
   
- -    //install app as non-root user
- -    //should fail (non-root users may only register folders inside their home)
- -    prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
+ +    Api::uninstall(request);
   
- -    result = security_manager_app_install(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- -            "installing app not failed. Result: " << result);
+ +    check_app_permissions(sm_app_id, sm_pkg_id,
+ +                          uidToStr(testUser.getUid()).c_str(),
+ +                          SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+ +}
   
- -    //install app as non-root user
- -    //should succeed - this time i register folder inside user's home dir
- -    prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER);
+ +RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
+ +{
+ +    int result;
+ +    const char *const sm_app_id = "sm_test_04b_app_id_uid";
+ +    const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
+ +    const std::string new_user_name = "sm_test_04b_user_name";
   
- -    for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
- -        result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
- -        RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting allowed permission failed. Result: " << result);
- -    }
+ +    TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
+ +    testUser.create();
   
- -    result = security_manager_app_install(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "installing app failed. Result: " << result);
+ +    removeTestDirs(testUser, sm_app_id, sm_pkg_id);
+ +    createTestDirs(testUser, sm_app_id, sm_pkg_id);
   
- -    check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+ +    install_and_check(sm_app_id, sm_pkg_id, testUser, appDirPath(testUser, sm_app_id, sm_pkg_id), true);
   
- -    //uninstall app as non-root user
- -    request.reset(do_app_inst_req_new());
+ +    //switch user to non-root - root may not uninstall apps for specified users
+ +    result = drop_root_privileges(testUser.getUid(), testUser.getGid());
+ +    RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
   
- -    result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "setting app id failed. Result: " << result);
+ +    //uninstall app as non-root user
+ +    InstallRequest request;
+ +    request.setAppId(sm_app_id);
   
- -    result = security_manager_app_uninstall(request.get());
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -            "uninstalling app failed. Result: " << result);
+ +    Api::uninstall(request);
   
- -    check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+ +    check_app_permissions(sm_app_id, sm_pkg_id,
+ +                          uidToStr(testUser.getUid()).c_str(),
+ +                          SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
   }
   
+ +
   RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
   {
       int result;
@@@ -799,7 -604,9 +799,7 @@@
       RUNNER_ASSERT_MSG(result == 0,
           "can't set capabilities. Result: " << result);
   
- -    result = security_manager_drop_process_privileges();
- -    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- -        "dropping caps failed. Result: " << result);
+ +    Api::dropProcessPrivileges();
   
       caps.reset(cap_get_proc());
       RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
@@@ -809,1486 -616,6 +809,1486 @@@
           "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
   }
   
+ +RUNNER_CHILD_TEST(security_manager_06_install_app_offline)
+ +{
+ +    const char *const app_id = "sm_test_06_app_id_install_app_offline";
+ +    const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline";
+ +
+ +    // Uninstall app on-line, off-line mode doesn't support it
+ +    uninstall_app(app_id, pkg_id, true);
+ +
+ +    ServiceManager("security-manager.service").stopService();
+ +
+ +    ServiceManager serviceManager("security-manager.socket");
+ +    serviceManager.stopService();
+ +
+ +    install_app(app_id, pkg_id);
+ +
+ +    serviceManager.startService();
+ +
+ +    uninstall_app(app_id, pkg_id, true);
+ +}
+ +
+ +RUNNER_CHILD_TEST(security_manager_07_user_add_app_install)
+ +{
+ +    const char *const sm_app_id = "sm_test_07_app_id_user";
+ +    const char *const sm_pkg_id = "sm_test_07_pkg_id_user";
+ +    const std::string new_user_name = "sm_test_07_user_name";
+ +    std::string uid_string;
+ +    TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
+ +    test_user.create();
+ +    test_user.getUidString(uid_string);
+ +
+ +    removeTestDirs(test_user, sm_app_id, sm_pkg_id);
+ +    createTestDirs(test_user, sm_app_id, sm_pkg_id);
+ +
+ +    install_app(sm_app_id, sm_pkg_id, test_user.getUid());
+ +
+ +    check_app_after_install(sm_app_id, sm_pkg_id);
+ +
+ +    test_user.remove();
+ +
+ +    check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+ +
+ +    check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
+ +}
+ +
+ +RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove)
+ +{
+ +    UserRequest addUserRequest;
+ +
+ +    const char *const sm_app_id = "sm_test_08_app_id_user";
+ +    const char *const sm_pkg_id = "sm_test_08_pkg_id_user";
+ +    const std::string new_user_name = "sm_test_08_user_name";
+ +    std::string uid_string;
+ +
+ +    // gumd user add
+ +    TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
+ +    test_user.create();
+ +    test_user.getUidString(uid_string);
+ +
+ +    removeTestDirs(test_user, sm_app_id, sm_pkg_id);
+ +    createTestDirs(test_user, sm_app_id, sm_pkg_id);
+ +
+ +    addUserRequest.setUid(test_user.getUid());
+ +    addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
+ +
+ +    //sm user add
+ +    Api::addUser(addUserRequest);
+ +
+ +    install_app(sm_app_id, sm_pkg_id, test_user.getUid());
+ +
+ +    check_app_after_install(sm_app_id, sm_pkg_id);
+ +
+ +    test_user.remove();
+ +
+ +    UserRequest deleteUserRequest;
+ +    deleteUserRequest.setUid(test_user.getUid());
+ +
+ +    Api::deleteUser(deleteUserRequest);
+ +
+ +    check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+ +
+ +    check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
+ +}
+ +
+ +RUNNER_CHILD_TEST(security_manager_09_add_user_offline)
+ +{
+ +    const char *const app_id = "security_manager_09_add_user_offline_app";
+ +    const char *const pkg_id = "security_manager_09_add_user_offline_pkg";
+ +    const std::string new_user_name("sm_test_09_user_name");
+ +
+ +    ServiceManager("security-manager.service").stopService();
+ +
+ +    ServiceManager serviceManager("security-manager.socket");
+ +    serviceManager.stopService();
+ +
+ +    TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, true);
+ +    test_user.create();
+ +
+ +    removeTestDirs(test_user, app_id, pkg_id);
+ +    createTestDirs(test_user, app_id, pkg_id);
+ +
+ +    install_app(app_id, pkg_id, test_user.getUid());
+ +
+ +    check_app_after_install(app_id, pkg_id);
+ +
+ +    serviceManager.startService();
+ +
+ +    test_user.remove();
+ +
+ +    check_app_after_uninstall(app_id, pkg_id, true);
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_self)
+ +{
+ +    //TEST DATA
+ +    const std::string username("sm_test_10_user_name");
+ +    unsigned int privileges_count = 0;
+ +
+ +    std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
+ +    std::map<std::string, std::set<std::string>> apps2PrivsMap;
+ +
+ +    for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+ +        apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+ +            MANY_APPS.at(i), std::set<std::string>(
+ +                MANY_APPS_PRIVILEGES.at(i).begin(),
+ +                MANY_APPS_PRIVILEGES.at(i).end())));
+ +        privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
+ +    };
+ +
+ +    apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+ +        PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
+ +    ++privileges_count;
+ +    users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
+ +    //TEST DATA END
+ +
+ +    sem_t *mutex;
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
+ +    pid_t pid = fork();
+ +
+ +    if (pid != 0) { //parent process
+ +        TemporaryTestUser tmpUser(username, GUM_USERTYPE_NORMAL, false);
+ +        tmpUser.create();
+ +
+ +        for(const auto &user : users2AppsMap) {
+ +
+ +            for(const auto &app : user.second) {
+ +                InstallRequest requestInst;
+ +                requestInst.setAppId(app.first.c_str());
+ +                try {
+ +                    requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
+ +                } catch (const std::out_of_range &e) {
+ +                    RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
+ +                };
+ +                requestInst.setUid(tmpUser.getUid());
+ +
+ +                for (const auto &privilege : app.second) {
+ +                    requestInst.addPrivilege(privilege.c_str());
+ +                };
+ +
+ +                Api::install(requestInst);
+ +            };
+ +
+ +            //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
+ +        };
+ +        //Start child process
+ +        errno = 0;
+ +        RUNNER_ASSERT_MSG(sem_post(mutex) ==  0, "Error while opening mutex, errno: " << errno);
+ +
+ +        int status;
+ +        wait(&status);
+ +
+ +        tmpUser.remove();
+ +    };
+ +
+ +    if (pid == 0) { //child process
+ +        errno = 0;
+ +        RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno);
+ +        //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
+ +
+ +        struct passwd *pw = getUserStruct(username);
+ +        register_current_process_as_privilege_manager(pw->pw_uid);
+ +        int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        std::vector<PolicyEntry> policyEntries;
+ +        PolicyEntry filter;
+ +        Api::getPolicy(filter, policyEntries);
+ +
+ +        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
+ +
+ +        for (const auto &policyEntry : policyEntries) {
+ +            std::string user = policyEntry.getUser();
+ +            std::string app = policyEntry.getAppId();
+ +            std::string privilege = policyEntry.getPrivilege();
+ +
+ +            try {
+ +                struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
+ +                std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
+ +                if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
+ +                    RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
+ +            } catch (const std::out_of_range &e) {
+ +                RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
+ +            } catch (const std::invalid_argument& e) {
+ +                RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
+ +            };
+ +        };
+ +        exit(0);
+ +    };
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_11_privacy_manager_fetch_whole_policy_for_admin_unprivileged)
+ +{
+ +    //TEST DATA
+ +    const std::vector<std::string> usernames = {"sm_test_11_user_name_1", "sm_test_11_user_name_2"};
+ +    unsigned int privileges_count = 0;
+ +
+ +    std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
+ +    std::map<std::string, std::set<std::string>> apps2PrivsMap;
+ +
+ +    for (const auto &username : usernames) {
+ +        //Only entries for one of the users will be listed
+ +        privileges_count = 0;
+ +
+ +        for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+ +            apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+ +                MANY_APPS.at(i), std::set<std::string>(
+ +                    MANY_APPS_PRIVILEGES.at(i).begin(),
+ +                    MANY_APPS_PRIVILEGES.at(i).end())));
+ +            privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
+ +        };
+ +
+ +        users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
+ +    };
+ +
+ +    users2AppsMap.at(usernames.at(0)).insert(std::pair<std::string, std::set<std::string>>(
+ +        PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
+ +
+ +    ++privileges_count;
+ +    //TEST DATA END
+ +
+ +    sem_t *mutex;
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
+ +    pid_t pid = fork();
+ +
+ +    if (pid != 0) { //parent process
+ +        std::vector<TemporaryTestUser> users = {
+ +            TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
+ +            TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
+ +            };
+ +
+ +        users.at(0).create();
+ +        users.at(1).create();
+ +
+ +        //Install apps for both users
+ +        for(const auto &user : users) {
+ +            for(const auto &app : users2AppsMap.at(user.getUserName())) {
+ +                InstallRequest requestInst;
+ +                requestInst.setAppId(app.first.c_str());
+ +                try {
+ +                    requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
+ +                } catch (const std::out_of_range &e) {
+ +                    RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
+ +                };
+ +                requestInst.setUid(user.getUid());
+ +
+ +                for (const auto &privilege : app.second) {
+ +                    requestInst.addPrivilege(privilege.c_str());
+ +                };
+ +
+ +                Api::install(requestInst);
+ +            };
+ +
+ +            //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
+ +        };
+ +        //Start child
+ +        errno = 0;
+ +        RUNNER_ASSERT_MSG(sem_post(mutex) ==  0, "Error while opening mutex, errno: " << errno);
+ +
+ +        int status;
+ +        wait(&status);
+ +
+ +        for(auto &user : users) {
+ +            user.remove();
+ +        };
+ +    };
+ +
+ +    if (pid == 0) {
+ +        errno = 0;
+ +        RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno);
+ +        struct passwd *pw = getUserStruct(usernames.at(0));
+ +        register_current_process_as_privilege_manager(pw->pw_uid);
+ +
+ +        //change uid to normal user
+ +        errno = 0;
+ +        int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        std::vector<PolicyEntry> policyEntries;
+ +        PolicyEntry filter;
+ +
+ +        //this call should only return privileges belonging to the current uid
+ +        Api::getPolicy(filter, policyEntries);
+ +
+ +        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
+ +
+ +        for (const auto &policyEntry : policyEntries) {
+ +            std::string user = policyEntry.getUser();
+ +            std::string app = policyEntry.getAppId();
+ +            std::string privilege = policyEntry.getPrivilege();
+ +
+ +            try {
+ +                struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
+ +                std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
+ +                if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
+ +                    RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
+ +            } catch (const std::out_of_range &e) {
+ +                RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
+ +            } catch (const std::invalid_argument& e) {
+ +                RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
+ +            };
+ +        };
+ +        exit(0);
+ +    };
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_admin_privileged)
+ +{
+ +    //TEST DATA
+ +    const std::vector<std::string> usernames = {"sm_test_12_user_name_1", "sm_test_12_user_name_2"};
+ +    unsigned int privileges_count = 0;
+ +
+ +    std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
+ +    std::map<std::string, std::set<std::string>> apps2PrivsMap;
+ +
+ +    for (const auto &username : usernames) {
+ +
+ +        for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+ +            apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+ +                MANY_APPS.at(i), std::set<std::string>(
+ +                    MANY_APPS_PRIVILEGES.at(i).begin(),
+ +                    MANY_APPS_PRIVILEGES.at(i).end())));
+ +            privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
+ +        };
+ +
+ +        users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
+ +    };
+ +
+ +    users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
+ +        PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE, PRIVILEGE_MANAGER_ADMIN_PRIVILEGE}));
+ +
+ +    privileges_count += 2;
+ +    //TEST DATA END
+ +
+ +    sem_t *mutex;
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
+ +    pid_t pid = fork();
+ +
+ +    if (pid != 0) { //parent process
+ +        std::vector<TemporaryTestUser> users = {
+ +            TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
+ +            TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
+ +            };
+ +
+ +        users.at(0).create();
+ +        users.at(1).create();
+ +        //Install apps for both users
+ +        for(const auto &user : users) {
+ +            for(const auto &app : users2AppsMap.at(user.getUserName())) {
+ +                InstallRequest requestInst;
+ +                requestInst.setAppId(app.first.c_str());
+ +                try {
+ +                    requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
+ +                } catch (const std::out_of_range &e) {
+ +                    RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
+ +                };
+ +                requestInst.setUid(user.getUid());
+ +
+ +                for (const auto &privilege : app.second) {
+ +                    requestInst.addPrivilege(privilege.c_str());
+ +                };
+ +
+ +                Api::install(requestInst);
+ +            };
+ +
+ +            //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
+ +        };
+ +
+ +        //Start child
+ +        errno = 0;
+ +        RUNNER_ASSERT_MSG(sem_post(mutex) ==  0, "Error while opening mutex, errno: " << errno);
+ +
+ +        //Wait for child to finish
+ +        int status;
+ +        wait(&status);
+ +
+ +        for(auto &user : users) {
+ +            user.remove();
+ +        };
+ +    };
+ +
+ +    if (pid == 0) { //child process
+ +        errno = 0;
+ +        RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno);
+ +
+ +        struct passwd *pw = getUserStruct(usernames.at(1));
+ +        register_current_process_as_privilege_manager(pw->pw_uid, true);
+ +
+ +        //change uid to normal user
+ +        int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        std::vector<PolicyEntry> policyEntries;
+ +        PolicyEntry filter;
+ +        //this call should succeed as the calling user is privileged
+ +        Api::getPolicy(filter, policyEntries);
+ +
+ +        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
+ +
+ +        for (const auto &policyEntry : policyEntries) {
+ +            std::string user = policyEntry.getUser();
+ +            std::string app = policyEntry.getAppId();
+ +            std::string privilege = policyEntry.getPrivilege();
+ +
+ +            try {
+ +                struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
+ +                std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
+ +                if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
+ +                    RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
+ +            } catch (const std::out_of_range &e) {
+ +                RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
+ +            } catch (const std::invalid_argument& e) {
+ +                RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
+ +            };
+ +        };
+ +
+ +        exit(0);
+ +    };
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_unprivileged)
+ +{
+ +    //TEST DATA
+ +    const std::vector<std::string> usernames = {"sm_test_13_user_name_1", "sm_test_13_user_name_2"};
+ +
+ +    std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
+ +    std::map<std::string, std::set<std::string>> apps2PrivsMap;
+ +
+ +    for (const auto &username : usernames) {
+ +
+ +        for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+ +            apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+ +                MANY_APPS.at(i), std::set<std::string>(
+ +                    MANY_APPS_PRIVILEGES.at(i).begin(),
+ +                    MANY_APPS_PRIVILEGES.at(i).end())));
+ +        };
+ +
+ +        users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
+ +    };
+ +
+ +    users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
+ +        PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
+ +
+ +    //TEST DATA END
+ +
+ +    pid_t pid[2];
+ +    sem_t *mutex[2];
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(((mutex[0] = sem_open("mutex_1", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #1, errno: " << errno);
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(((mutex[1] = sem_open("mutex_2", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #2, errno: " << errno);
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(sem_init(mutex[0], 1, 0) == 0, "failed to setup mutex #1, errno: " << errno);
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(sem_init(mutex[1], 1, 0) == 0, "failed to setup mutex #2, errno: " << errno);
+ +    std::vector<PolicyEntry> policyEntries;
+ +
+ +    pid[0] = fork();
+ +
+ +    if(pid[0] == 0) { //child #1 process
+ +        RUNNER_ASSERT_MSG(sem_wait(mutex[0]) == 0, "sem_wait in child #1 failed, errno: " << errno);
+ +        struct passwd *pw = getUserStruct(usernames.at(0));
+ +        register_current_process_as_privilege_manager(pw->pw_uid);
+ +
+ +        //change uid to normal user
+ +        int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        PolicyEntry filter;
+ +        PolicyRequest policyRequest;
+ +        //this call should succeed as the calling user is privileged
+ +        Api::getPolicyForSelf(filter, policyEntries);
+ +
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
+ +
+ +        PolicyEntry policyEntry(
+ +                MANY_APPS[0],
+ +                std::to_string(pw->pw_uid),
+ +                "http://tizen.org/privilege/internet"
+ +                );
+ +        policyEntry.setLevel("Deny");
+ +
+ +        policyRequest.addEntry(policyEntry);
+ +        policyEntry = PolicyEntry(
+ +                MANY_APPS[1],
+ +                std::to_string(pw->pw_uid),
+ +                "http://tizen.org/privilege/location"
+ +                );
+ +        policyEntry.setLevel("Deny");
+ +
+ +        policyRequest.addEntry(policyEntry);
+ +        Api::sendPolicy(policyRequest);
+ +        Api::getPolicyForSelf(filter, policyEntries);
+ +
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
+ +        exit(0);
+ +    };
+ +
+ +    if (pid[0] != 0) {//parent process
+ +        pid[1] = fork();
+ +
+ +        if (pid[1] == 0) { //child #2 process
+ +            errno = 0;
+ +            RUNNER_ASSERT_MSG(sem_wait(mutex[1]) == 0, "sem_wait in child #2 failed, errno: " << errno);
+ +            struct passwd *pw_target = getUserStruct(usernames.at(0));
+ +            struct passwd *pw = getUserStruct(usernames.at(1));
+ +            register_current_process_as_privilege_manager(pw->pw_uid);
+ +
+ +            //change uid to normal user
+ +            int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ +            RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +            PolicyEntry filter = PolicyEntry(
+ +                        SECURITY_MANAGER_ANY,
+ +                        std::to_string(pw_target->pw_uid),
+ +                        SECURITY_MANAGER_ANY
+ +                        );
+ +
+ +            //U2 requests contents of U1 privacy manager - should fail
+ +            Api::getPolicyForSelf(filter, policyEntries);
+ +            RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
+ +
+ +            filter = PolicyEntry(
+ +                        SECURITY_MANAGER_ANY,
+ +                        SECURITY_MANAGER_ANY,
+ +                        SECURITY_MANAGER_ANY
+ +                        );
+ +
+ +            policyEntries.clear();
+ +
+ +            //U2 requests contents of ADMIN bucket - should fail
+ +            Api::getPolicyForAdmin(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED);
+ +            RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
+ +            exit(0);
+ +        };
+ +
+ +        if (pid[1] != 0) { //parent
+ +
+ +            std::vector<TemporaryTestUser> users = {
+ +                TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
+ +                TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
+ +                };
+ +
+ +            users.at(0).create();
+ +            users.at(1).create();
+ +
+ +            //Install apps for both users
+ +            for(const auto &user : users2AppsMap) {
+ +
+ +                for(const auto &app : user.second) {
+ +                    InstallRequest requestInst;
+ +                    requestInst.setAppId(app.first.c_str());
+ +                    try {
+ +                        requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
+ +                    } catch (const std::out_of_range &e) {
+ +                        RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
+ +                    };
+ +                    requestInst.setUid(users.at(0).getUid());
+ +
+ +                    for (const auto &privilege : app.second) {
+ +                        requestInst.addPrivilege(privilege.c_str());
+ +                    };
+ +
+ +                    Api::install(requestInst);
+ +                };
+ +
+ +                //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
+ +            };
+ +
+ +            int status;
+ +            //Start child #1
+ +            errno = 0;
+ +            RUNNER_ASSERT_MSG(sem_post(mutex[0]) ==  0, "Error while opening mutex #1, errno: " << errno);
+ +
+ +            //Wait until child #1 finishes
+ +            pid_t ret = wait(&status);
+ +            RUNNER_ASSERT_MSG((ret != -1) && WIFEXITED(status), "Updating privileges failed");
+ +
+ +            //Start child #2
+ +            errno = 0;
+ +            RUNNER_ASSERT_MSG(sem_post(mutex[1]) ==  0, "Error while opening mutex #2, errno: " << errno);
+ +            //Wait until child #2 finishes
+ +            ret = wait(&status);
+ +            RUNNER_ASSERT_MSG((ret =-1) && WIFEXITED(status), "Listing privileges failed");
+ +
+ +            for(auto &user : users) {
+ +                user.remove();
+ +            };
+ +
+ +            sem_close(mutex[0]);
+ +            sem_close(mutex[1]);
+ +        };
+ +    };
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_for_admin)
+ +{
+ +    //TEST DATA
+ +    const std::vector<std::string> usernames = {"sm_test_14_user_name_1", "sm_test_14_user_name_2"};
+ +    unsigned int privileges_count = 0;
+ +
+ +    std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
+ +    std::map<std::string, std::set<std::string>> apps2PrivsMap;
+ +
+ +    for (const auto &username : usernames) {
+ +
+ +        for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+ +            apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+ +                MANY_APPS.at(i), std::set<std::string>(
+ +                    MANY_APPS_PRIVILEGES.at(i).begin(),
+ +                    MANY_APPS_PRIVILEGES.at(i).end())));
+ +            privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
+ +        };
+ +
+ +        users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
+ +    };
+ +
+ +    users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
+ +        PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
+ +
+ +    privileges_count += 2;
+ +    //TEST DATA END
+ +    sem_t *mutex;
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
+ +    errno = 0;
+ +    RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
+ +
+ +    pid_t pid = fork();
+ +    if (pid != 0) {
+ +        std::vector<TemporaryTestUser> users = {
+ +            TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
+ +            TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
+ +            };
+ +
+ +        users.at(0).create();
+ +        users.at(1).create();
+ +
+ +        //Install apps for both users
+ +        for(const auto &user : users) {
+ +
+ +            for(const auto &app : users2AppsMap.at(user.getUserName())) {
+ +                InstallRequest requestInst;
+ +                requestInst.setAppId(app.first.c_str());
+ +                try {
+ +                    requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
+ +                } catch (const std::out_of_range &e) {
+ +                    RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
+ +                };
+ +                requestInst.setUid(user.getUid());
+ +
+ +                for (const auto &privilege : app.second) {
+ +                    requestInst.addPrivilege(privilege.c_str());
+ +                };
+ +
+ +                Api::install(requestInst);
+ +            };
+ +        };
+ +        //Start child process
+ +        errno = 0;
+ +        RUNNER_ASSERT_MSG(sem_post(mutex) ==  0, "Error while opening mutex, errno: " << errno);
+ +        int status;
+ +        //Wait for child process to finish
+ +        wait(&status);
+ +
+ +        //switch back to root
+ +        for(auto &user : users) {
+ +            user.remove();
+ +        };
+ +
+ +        sem_close(mutex);
+ +    }
+ +
+ +    if (pid == 0) { //child process
+ +        errno = 0;
+ +        RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno);
+ +
+ +        struct passwd *pw = getUserStruct(usernames.at(0));
+ +        register_current_process_as_privilege_manager(pw->pw_uid, true);
+ +
+ +        //change uid to normal user
+ +        int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        PolicyRequest *policyRequest = new PolicyRequest();
+ +        PolicyEntry filter;
+ +        std::vector<PolicyEntry> policyEntries;
+ +        //this call should succeed as the calling user is privileged
+ +        Api::getPolicyForSelf(filter, policyEntries);
+ +
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
+ +
+ +        PolicyEntry policyEntry(
+ +                SECURITY_MANAGER_ANY,
+ +                SECURITY_MANAGER_ANY,
+ +                "http://tizen.org/privilege/internet"
+ +                );
+ +        policyEntry.setMaxLevel("Deny");
+ +
+ +        policyRequest->addEntry(policyEntry);
+ +        policyEntry = PolicyEntry(
+ +                SECURITY_MANAGER_ANY,
+ +                SECURITY_MANAGER_ANY,
+ +                "http://tizen.org/privilege/location"
+ +                );
+ +        policyEntry.setMaxLevel("Deny");
+ +
+ +        policyRequest->addEntry(policyEntry);
+ +        Api::sendPolicy(*policyRequest);
+ +        Api::getPolicyForAdmin(filter, policyEntries);
+ +
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
+ +
+ +        delete policyRequest;
+ +        policyRequest = new PolicyRequest();
+ +        policyEntry = PolicyEntry(
+ +                SECURITY_MANAGER_ANY,
+ +                SECURITY_MANAGER_ANY,
+ +                "http://tizen.org/privilege/internet"
+ +                );
+ +        policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
+ +        policyRequest->addEntry(policyEntry);
+ +
+ +        policyEntry = PolicyEntry(
+ +                SECURITY_MANAGER_ANY,
+ +                SECURITY_MANAGER_ANY,
+ +                "http://tizen.org/privilege/location"
+ +                );
+ +        policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
+ +
+ +        policyRequest->addEntry(policyEntry);
+ +        Api::sendPolicy(*policyRequest);
+ +
+ +        policyEntries.clear();
+ +        Api::getPolicyForAdmin(filter, policyEntries);
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Number of policies doesn't match - should be: 0 and is " << policyEntries.size());
+ +
+ +        delete policyRequest;
+ +
+ +        exit(0);
+ +    };
+ +
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin)
+ +{
+ +    const char *const update_app_id = "security_manager_15_update_app_id";
+ +    const char *const update_privilege = "http://tizen.org/privilege/led";
+ +    const char *const check_start_bucket = "ADMIN";
+ +    const std::string username("sm_test_15_username");
+ +    PolicyRequest addPolicyRequest;
+ +    CynaraTestAdmin::Admin admin;
+ +
+ +    struct message {
+ +        uid_t uid;
+ +        gid_t gid;
+ +    } msg;
+ +
+ +    int pipefd[2];
+ +    pid_t pid;
+ +    int result = 0;
+ +
+ +    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+ +
+ +    TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
+ +    user.create();
+ +
+ +    pid = fork();
+ +    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+ +    if (pid != 0)//parent process
+ +    {
+ +        FdUniquePtr pipeptr(pipefd+1);
+ +        close(pipefd[0]);
+ +
+ +        register_current_process_as_privilege_manager(user.getUid(), true);
+ +
+ +        //send info to child
+ +        msg.uid = user.getUid();
+ +        msg.gid = user.getGid();
+ +
+ +        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+ +
+ +        //wait for child
+ +        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+ +
+ +        admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+ +                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+ +    }
+ +    if(pid == 0)
+ +    {
+ +        FdUniquePtr pipeptr(pipefd);
+ +        close(pipefd[1]);
+ +
+ +        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+ +
+ +        //become admin privacy manager manager
+ +        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+ +        result = drop_root_privileges(msg.uid, msg.gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+ +        entry.setMaxLevel("Allow");
+ +
+ +        addPolicyRequest.addEntry(entry);
+ +        Api::sendPolicy(addPolicyRequest);
+ +        exit(0);
+ +    }
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard)
+ +{
+ +    const char *const update_other_app_id = "security_manager_15_update_other_app_id";
+ +    const char *const update_privilege = "http://tizen.org/privilege/led";
+ +    const char *const check_start_bucket = "ADMIN";
+ +    const std::string username("sm_test_15_username");
+ +    PolicyRequest addPolicyRequest;
+ +    CynaraTestAdmin::Admin admin;
+ +
+ +    struct message {
+ +        uid_t uid;
+ +        gid_t gid;
+ +    } msg;
+ +
+ +    int pipefd[2];
+ +    pid_t pid;
+ +    int result = 0;
+ +
+ +    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+ +
+ +    TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
+ +    user.create();
+ +
+ +    pid = fork();
+ +    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+ +    if (pid != 0)//parent process
+ +    {
+ +        FdUniquePtr pipeptr(pipefd+1);
+ +        close(pipefd[0]);
+ +
+ +        register_current_process_as_privilege_manager(user.getUid(), true);
+ +
+ +        //send info to child
+ +        msg.uid = user.getUid();
+ +        msg.gid = user.getGid();
+ +
+ +        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+ +
+ +        //wait for child
+ +        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+ +
+ +        admin.adminCheck(check_start_bucket, false, generateAppLabel(update_other_app_id).c_str(),
+ +                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+ +    }
+ +    if(pid == 0)
+ +    {
+ +        FdUniquePtr pipeptr(pipefd);
+ +        close(pipefd[1]);
+ +
+ +        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+ +
+ +        //become admin privacy manager manager
+ +        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+ +        result = drop_root_privileges(msg.uid, msg.gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        // use wildcard as appId
+ +        PolicyEntry entry(SECURITY_MANAGER_ANY, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+ +        entry.setMaxLevel("Allow");
+ +
+ +        addPolicyRequest.addEntry(entry);
+ +        Api::sendPolicy(addPolicyRequest);
+ +        exit(0);
+ +    }
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_self)
+ +{
+ +    const char *const update_app_id = "security_manager_15_update_app_id";
+ +    const char *const update_privilege = "http://tizen.org/privilege/led";
+ +    const char *const check_start_bucket = "";
+ +    const std::string username("sm_test_15_username");
+ +    PolicyRequest addPolicyRequest;
+ +    CynaraTestAdmin::Admin admin;
+ +
+ +    struct message {
+ +        uid_t uid;
+ +        gid_t gid;
+ +    } msg;
+ +
+ +    int pipefd[2];
+ +    pid_t pid;
+ +    int result = 0;
+ +
+ +    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+ +
+ +    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+ +    user.create();
+ +
+ +    pid = fork();
+ +    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+ +    if (pid != 0)//parent process
+ +    {
+ +        FdUniquePtr pipeptr(pipefd+1);
+ +        close(pipefd[0]);
+ +
+ +        register_current_process_as_privilege_manager(user.getUid(), false);
+ +
+ +        //send info to child
+ +        msg.uid = user.getUid();
+ +        msg.gid = user.getGid();
+ +
+ +        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+ +
+ +        //wait for child
+ +        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+ +
+ +        admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+ +                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+ +    }
+ +    if(pid == 0)
+ +    {
+ +        FdUniquePtr pipeptr(pipefd);
+ +        close(pipefd[1]);
+ +
+ +        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+ +
+ +        //become admin privacy manager manager
+ +        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+ +        result = drop_root_privileges(msg.uid, msg.gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+ +        entry.setLevel("Allow");
+ +
+ +        addPolicyRequest.addEntry(entry);
+ +        Api::sendPolicy(addPolicyRequest);
+ +        exit(0);
+ +    }
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_16_policy_levels_get)
+ +{
+ +    const std::string username("sm_test_16_user_cynara_policy");
+ +    CynaraTestAdmin::Admin admin;
+ +    int pipefd[2];
+ +    pid_t pid;
+ +    int result = 0;
+ +
+ +    struct message {
+ +        uid_t uid;
+ +        gid_t gid;
+ +    } msg;
+ +
+ +    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+ +
+ +    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+ +    user.create();
+ +
+ +    pid = fork();
+ +    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+ +    if (pid != 0)//parent process
+ +    {
+ +        FdUniquePtr pipeptr(pipefd+1);
+ +        close(pipefd[0]);
+ +
+ +        //send info to child
+ +        msg.uid = user.getUid();
+ +        msg.gid = user.getGid();
+ +
+ +        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+ +
+ +        //wait for child
+ +        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+ +    }
+ +    if(pid == 0)
+ +    {
+ +        int ret;
+ +        char** levels;
+ +        std::string allow_policy, deny_policy;
+ +        size_t count;
+ +        FdUniquePtr pipeptr(pipefd);
+ +        close(pipefd[1]);
+ +
+ +        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+ +
+ +        //become admin privacy manager manager
+ +        result = drop_root_privileges(msg.uid, msg.gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        // without plugins there should only be 2 policies - Allow and Deny
+ +        ret = security_manager_policy_levels_get(&levels, &count);
+ +
+ +        RUNNER_ASSERT_MSG((lib_retcode)ret == SECURITY_MANAGER_SUCCESS,
+ +                "Invlid return code: " << ret);
+ +
+ +        RUNNER_ASSERT_MSG(count == 2, "Invalid number of policy levels. Should be 2, instead there is: " << static_cast<int>(count));
+ +
+ +        deny_policy = std::string(levels[0]);
+ +        allow_policy = std::string(levels[count-1]);
+ +
+ +        // first should always be Deny
+ +        RUNNER_ASSERT_MSG(deny_policy.compare("Deny") == 0,
+ +                "Invalid first policy level. Should be Deny, instead there is: " << levels[0]);
+ +
+ +        // last should always be Allow
+ +        RUNNER_ASSERT_MSG(allow_policy.compare("Allow") == 0,
+ +                "Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]);
+ +
+ +        security_manager_policy_levels_free(levels, count);
+ +        exit(0);
+ +    }
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_delete_policy_for_self)
+ +{
+ +    const char *const update_app_id = "security_manager_17_update_app_id";
+ +    const char *const update_privilege = "http://tizen.org/privilege/led";
+ +    const char *const check_start_bucket = "";
+ +    const std::string username("sm_test_17_username");
+ +    PolicyRequest addPolicyRequest;
+ +    CynaraTestAdmin::Admin admin;
+ +
+ +    struct message {
+ +        uid_t uid;
+ +        gid_t gid;
+ +    } msg;
+ +
+ +    int pipefd[2];
+ +    int pipefd2[2];
+ +    pid_t pid;
+ +    int result = 0;
+ +
+ +    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+ +    RUNNER_ASSERT_MSG((pipe(pipefd2) != -1),"second pipe failed");
+ +
+ +    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+ +    user.create();
+ +
+ +    pid = fork();
+ +    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+ +    if (pid != 0)//parent process
+ +    {
+ +        FdUniquePtr pipeptr(pipefd+1);
+ +        close(pipefd[0]);
+ +
+ +        register_current_process_as_privilege_manager(user.getUid(), false);
+ +
+ +        //send info to child
+ +        msg.uid = user.getUid();
+ +        msg.gid = user.getGid();
+ +
+ +        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+ +
+ +        //wait for child
+ +        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+ +
+ +        admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+ +                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+ +
+ +        pid = fork();
+ +        if (pid != 0)//parent process
+ +        {
+ +            FdUniquePtr pipeptr(pipefd2+1);
+ +            close(pipefd2[0]);
+ +
+ +            //send info to child
+ +            msg.uid = user.getUid();
+ +            msg.gid = user.getGid();
+ +
+ +            ssize_t written = TEMP_FAILURE_RETRY(write(pipefd2[1], &msg, sizeof(struct message)));
+ +            RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+ +
+ +            //wait for child
+ +            RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+ +
+ +            //wait for child
+ +            waitpid(-1, &result, 0);
+ +
+ +            admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+ +                    std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr);
+ +        }
+ +        if(pid == 0)
+ +        {
+ +            FdUniquePtr pipeptr(pipefd2);
+ +            close(pipefd2[1]);
+ +
+ +            ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message)));
+ +            RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+ +
+ +            //become admin privacy manager manager
+ +            Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+ +            result = drop_root_privileges(msg.uid, msg.gid);
+ +            RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +            // delete this entry
+ +            PolicyRequest deletePolicyRequest;
+ +            PolicyEntry deleteEntry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+ +            deleteEntry.setLevel(SECURITY_MANAGER_DELETE);
+ +
+ +            deletePolicyRequest.addEntry(deleteEntry);
+ +            Api::sendPolicy(deletePolicyRequest);
+ +            exit(0);
+ +        }
+ +    }
+ +    if(pid == 0)
+ +    {
+ +        FdUniquePtr pipeptr(pipefd);
+ +        close(pipefd[1]);
+ +
+ +        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+ +
+ +        //become admin privacy manager manager
+ +        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+ +        result = drop_root_privileges(msg.uid, msg.gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+ +        entry.setLevel("Allow");
+ +
+ +        addPolicyRequest.addEntry(entry);
+ +        Api::sendPolicy(addPolicyRequest);
+ +        exit(0);
+ +    }
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_self_filtered)
+ +{
+ +    const std::string username("sm_test_17_user_name");
+ +
+ +    struct message {
+ +        uid_t uid;
+ +        gid_t gid;
+ +        unsigned int privileges_count;
+ +    } msg;
+ +
+ +    int pipefd[2];
+ +    pid_t pid;
+ +    int result = 0;
+ +
+ +    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+ +
+ +    pid = fork();
+ +    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+ +    if (pid != 0)//parent process
+ +    {
+ +        FdUniquePtr pipeptr(pipefd+1);
+ +        close(pipefd[0]);
+ +
+ +        TemporaryTestUser user(username, static_cast<GumUserType>(GUM_USERTYPE_NORMAL), false);
+ +        user.create();
+ +
+ +        unsigned int privileges_count = 0;
+ +
+ +        register_current_process_as_privilege_manager(user.getUid(), false);
+ +        //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
+ +        ++privileges_count;
+ +
+ +        for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+ +            InstallRequest requestInst;
+ +            requestInst.setAppId(MANY_APPS[i].c_str());
+ +            requestInst.setPkgId(MANY_APPS_PKGS.at(MANY_APPS[i]).c_str());
+ +            requestInst.setUid(user.getUid());
+ +
+ +            for (auto &priv : MANY_APPS_PRIVILEGES.at(i)) {
+ +                requestInst.addPrivilege(priv.c_str());
+ +            };
+ +
+ +            Api::install(requestInst);
+ +            privileges_count += MANY_APPS_PRIVILEGES.at(i).size();
+ +        };
+ +
+ +        //send info to child
+ +        msg.uid = user.getUid();
+ +        msg.gid = user.getGid();
+ +        msg.privileges_count = privileges_count;
+ +
+ +        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+ +
+ +        //wait for child
+ +        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+ +    }
+ +    if(pid == 0)
+ +    {
+ +        FdUniquePtr pipeptr(pipefd);
+ +        close(pipefd[1]);
+ +
+ +        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+ +
+ +        //become admin privacy manager manager
+ +        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+ +        result = drop_root_privileges(msg.uid, msg.gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +
+ +        // filter by privilege
+ +        std::vector<PolicyEntry> policyEntries;
+ +        PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/internet");
+ +        Api::getPolicy(filter, policyEntries);
+ +
+ +        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
+ +
+ +        // filter by other privilege
+ +        policyEntries.clear();
+ +        PolicyEntry filter2(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/email");
+ +        Api::getPolicy(filter2, policyEntries);
+ +
+ +        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == 3, "Number of policies doesn't match - should be: 3 and is " << policyEntries.size());
+ +
+ +        // filter by appId
+ +        policyEntries.clear();
+ +        PolicyEntry filter3(MANY_APPS[4].c_str(), SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY);
+ +        Api::getPolicy(filter3, policyEntries);
+ +
+ +        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+ +        RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size());
+ +    }
+ +}
+ +
+ +RUNNER_CHILD_TEST(security_manager_10_user_cynara_policy)
+ +{
+ +    const char *const MAIN_BUCKET = "MAIN";
+ +    const char *const MANIFESTS_BUCKET = "MANIFESTS";
+ +    const char *const ADMIN_BUCKET = "ADMIN";
+ +    const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL";
+ +    const std::string username("sm_test_10_user_cynara_policy");
+ +    CynaraTestAdmin::Admin admin;
+ +    std::string uid_string;
+ +    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
+ +    user.create();
+ +    user.getUidString(uid_string);
+ +
+ +    CynaraTestAdmin::CynaraPoliciesContainer nonemptyContainer;
+ +    nonemptyContainer.add(MAIN_BUCKET,CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, CYNARA_ADMIN_BUCKET, USER_TYPE_NORMAL_BUCKET);
+ +    admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, nonemptyContainer,CYNARA_API_SUCCESS);
+ +
+ +    user.remove();
+ +    CynaraTestAdmin::CynaraPoliciesContainer emptyContainer;
+ +
+ +    admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
+ +    admin.listPolicies(MANIFESTS_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
+ +    admin.listPolicies(CYNARA_ADMIN_DEFAULT_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
+ +    admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
+ +}
+ +
+ +RUNNER_CHILD_TEST(security_manager_11_security_manager_cmd_install)
+ +{
+ +    int ret;
+ +    const int SUCCESS = 0;
+ +    const int FAILURE = 256;
+ +    const std::string app_id = "security_manager_10_app";
+ +    const std::string pkg_id = "security_manager_10_pkg";
+ +    const std::string username("sm_test_10_user_name");
+ +    std::string uid_string;
+ +    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
+ +    user.create();
+ +    user.getUidString(uid_string);
+ +    const std::string path1 = appDirPath(user, app_id, pkg_id) + "/p1";
+ +    const std::string path2 = appDirPath(user, app_id, pkg_id) + "/p2";
+ +    const std::string pkgopt = " --pkg=" + pkg_id;
+ +    const std::string appopt = " --app=" + app_id;
+ +    const std::string uidopt = " --uid=" + uid_string;
+ +
+ +    mktreeSafe(path1.c_str(), 0);
+ +    mktreeSafe(path2.c_str(), 0);
+ +
+ +    const std::string installcmd = "security-manager-cmd --install " + appopt + pkgopt + uidopt;
+ +
+ +    struct operation {
+ +        std::string command;
+ +        int expected_result;
+ +    };
+ +    std::vector<struct operation> operations = {
+ +            {"security-manager-cmd", FAILURE},//no option
+ +            {"security-manager-cmd --blah", FAILURE},//blah option is not known
+ +            {"security-manager-cmd --help", SUCCESS},
+ +            {"security-manager-cmd --install", FAILURE},//no params
+ +            {"security-manager-cmd -i", FAILURE},//no params
+ +            {"security-manager-cmd --i --app=app_id_10 --pkg=pkg_id_10", FAILURE},//no uid
+ +            {installcmd, SUCCESS},
+ +            {"security-manager-cmd -i -a" + app_id + " -g" + pkg_id + uidopt, SUCCESS},
+ +            {installcmd + " --path " + path1 + " writable", SUCCESS},
+ +            {installcmd + " --path " + path1, FAILURE},//no path type
+ +            {installcmd + " --path " + path1 + " writable" + " --path " + path2 + " readable", SUCCESS},
+ +            {installcmd + " --path " + path1 + " prie" + " --path " + path2 + " readable", FAILURE},//wrong path type
+ +            {installcmd + " --path " + path1 + " writable" + " --privilege somepriv --privilege somepriv2" , SUCCESS},
+ +    };
+ +
+ +    for (auto &op : operations) {
+ +        ret = system(op.command.c_str());
+ +        RUNNER_ASSERT_MSG(ret == op.expected_result,
+ +                "Unexpected result for command '" << op.command <<"': "
+ +                << ret << " Expected was: "<< op.expected_result);
+ +    }
+ +}
+ +
+ +RUNNER_CHILD_TEST(security_manager_12_security_manager_cmd_users)
+ +{
+ +    int ret;
+ +    const int SUCCESS = 0;
+ +    const int FAILURE = 256;
+ +    const std::string username("sm_test_11_user_name");
+ +    std::string uid_string;
+ +    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
+ +    user.create();
+ +    user.getUidString(uid_string);
+ +    const std::string uidopt = " --uid=" + uid_string;
+ +
+ +    struct operation {
+ +        std::string command;
+ +        int expected_result;
+ +    };
+ +    std::vector<struct operation> operations = {
+ +            {"security-manager-cmd --manage-users=remove", FAILURE},//no params
+ +            {"security-manager-cmd -m", FAILURE},//no params
+ +            {"security-manager-cmd -mr", FAILURE},//no uid
+ +            {"security-manager-cmd -mr --uid" + uidopt, FAILURE},//no uid
+ +            {"security-manager-cmd -mr --sdfj" + uidopt, FAILURE},//sdfj?
+ +            {"security-manager-cmd --msdf -u2004" , FAILURE},//sdf?
+ +            {"security-manager-cmd -mr" + uidopt, SUCCESS},//ok, removed
+ +            {"security-manager-cmd -mr --blah" + uidopt, FAILURE},//blah
+ +            {"security-manager-cmd -ma" + uidopt, SUCCESS},//ok, added
+ +            {"security-manager-cmd -ma --usertype=normal" + uidopt, SUCCESS},//ok, added
+ +            {"security-manager-cmd -ma --usertype=mal" + uidopt, FAILURE},//ok, added
+ +    };
+ +
+ +    for (auto &op : operations) {
+ +        ret = system(op.command.c_str());
+ +        RUNNER_ASSERT_MSG(ret == op.expected_result,
+ +                "Unexpected result for command '" << op.command <<"': "
+ +                << ret << " Expected was: "<< op.expected_result);
+ +    }
+ +}
+ +
+ +RUNNER_MULTIPROCESS_TEST(security_manager_13_security_manager_admin_deny_user_priv)
+ +{
+ +    const int BUFFER_SIZE = 128;
+ +    struct message {
+ +        uid_t uid;
+ +        gid_t gid;
+ +        char buf[BUFFER_SIZE];
+ +    } msg;
+ +
+ +    privileges_t admin_required_privs = {
+ +            "http://tizen.org/privilege/systemsettings.admin",
+ +            "http://tizen.org/privilege/systemsettings"};
+ +    privileges_t manifest_privs = {
+ +            "http://tizen.org/privilege/internet",
+ +            "http://tizen.org/privilege/camera"};
+ +    privileges_t real_privs_allow = {"http://tizen.org/privilege/camera"};
+ +    privileges_t real_privs_deny = {"http://tizen.org/privilege/internet"};
+ +
+ +    const std::string pirivman_id = "sm_test_13_ADMIN_APP";
+ +    const std::string pirivman_pkg_id = "sm_test_13_ADMIN_PKG";
+ +    const std::string app_id = "sm_test_13_SOME_APP";
+ +    const std::string pkg_id = "sm_test_13_SOME_PKG";
+ +
+ +    int pipefd[2];
+ +    pid_t pid;
+ +    int result = 0;
+ +
+ +    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+ +    pid = fork();
+ +    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+ +    if (pid != 0)//parent process
+ +    {
+ +        std::string childuidstr;
+ +        TemporaryTestUser admin("sm_test_13_ADMIN_USER", GUM_USERTYPE_ADMIN, true);
+ +        TemporaryTestUser child("sm_test_13_NORMAL_USER", GUM_USERTYPE_NORMAL, true);
+ +
+ +        InstallRequest request,request2;
+ +        FdUniquePtr pipeptr(pipefd+1);
+ +        close(pipefd[0]);
+ +
+ +        admin.create();
+ +        child.create();
+ +        child.getUidString(childuidstr);
+ +
+ +        //install privacy manager for admin
+ +        request.setAppId(pirivman_id.c_str());
+ +        request.setPkgId(pirivman_pkg_id.c_str());
+ +        request.setUid(admin.getUid());
+ +        for (auto &priv: admin_required_privs)
+ +            request.addPrivilege(priv.c_str());
+ +        Api::install(request);
+ +
+ +        //install app for child that has internet privilege
+ +        request2.setAppId(app_id.c_str());
+ +        request2.setPkgId(pkg_id.c_str());
+ +        request2.setUid(child.getUid());
+ +        for (auto &priv: manifest_privs)
+ +            request2.addPrivilege(priv.c_str());
+ +        Api::install(request2);
+ +
+ +        check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
+ +                              manifest_privs, SM_NO_PRIVILEGES);
+ +
+ +        //send info to child
+ +        msg.uid = admin.getUid();
+ +        msg.gid = admin.getGid();
+ +        strncpy (msg.buf, childuidstr.c_str(), BUFFER_SIZE);
+ +
+ +        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+ +
+ +        //wait for child
+ +        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+ +
+ +        check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
+ +                              real_privs_allow, real_privs_deny);
+ +    }
+ +    if (pid == 0)//child
+ +    {
+ +        FdUniquePtr pipeptr(pipefd);
+ +        close(pipefd[1]);
+ +
+ +        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+ +        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+ +
+ +        //become admin privacy manager manager
+ +        Api::setProcessLabel(pirivman_id.c_str());
+ +        result = drop_root_privileges(msg.uid, msg.gid);
+ +        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+ +        PolicyRequest addPolicyReq;
+ +        //change rights
+ +        for (auto &denypriv:real_privs_deny) {
+ +            /*this entry will deny some privileges for user whose uid (as c string)
+ +              was sent in message's buf field.
+ +              That user would be denying internet for child in this case*/
+ +            PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, denypriv);
+ +            entry.setMaxLevel("Deny");
+ +            addPolicyReq.addEntry(entry);
+ +        }
+ +        Api::sendPolicy(addPolicyReq);
+ +        exit(0);
+ +    }
+ +}
+ +
   int main(int argc, char *argv[])
   {
       return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
author	Pawel Wieczorek <p.wieczorek2@samsung.com>
	Wed, 22 Apr 2015 15:01:20 +0000 (17:01 +0200)
committer	Pawel Wieczorek <p.wieczorek2@samsung.com>
	Wed, 22 Apr 2015 15:24:59 +0000 (08:24 -0700)
		1	2
packaging/security-tests.spec	patch \|	diff1 \|	diff2 \|	blob \| history
src/common/CMakeLists.txt	patch \|	\|	diff2 \|	blob \| history
src/common/temp_test_user.cpp	patch \|	diff1 \|	\|	blob \| history
src/common/temp_test_user.h	patch \|	diff1 \|	\|	blob \| history
src/common/tests_common.cpp	patch \|	diff1 \|	diff2 \|	blob \| history
src/common/tests_common.h	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/CMakeLists.txt	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_non_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/link_to_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/link_to_non_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/link_to_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/link_to_non_app_dir	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/link_to_non_app_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/link_to_non_app_normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/link_to_non_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_non_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_non_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_dir	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_non_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_non_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/link_to_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/link_to_non_exec	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/non_app_dir/normal	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/apps_rw/subdir/file	patch \|	diff1 \|	\|	blob \| history
src/security-manager-tests/common/sm_api.cpp	patch \|	diff1 \|	\|	blob \| history
src/security-manager-tests/common/sm_api.h	patch \|	diff1 \|	\|	blob \| history
src/security-manager-tests/common/sm_db.cpp	patch \|	diff1 \|	diff2 \|	blob \| history
src/security-manager-tests/common/sm_policy_request.cpp	patch \|	diff1 \|	\|	blob \| history
src/security-manager-tests/common/sm_policy_request.h	patch \|	diff1 \|	\|	blob \| history
src/security-manager-tests/common/sm_request.cpp	patch \|	diff1 \|	\|	blob \| history
src/security-manager-tests/common/sm_request.h	patch \|	diff1 \|	\|	blob \| history
src/security-manager-tests/common/sm_user_request.cpp	patch \|	diff1 \|	\|	blob \| history
src/security-manager-tests/common/sm_user_request.h	patch \|	diff1 \|	\|	blob \| history
src/security-manager-tests/security_manager_tests.cpp	patch \|	diff1 \|	diff2 \|	blob \| history