Added tests for security_manager_get_app_manifest_policy() API call

Change-Id: If04e0e560d2c9a6a91b880a754d871edfdc13f08

diff --git a/src/security-manager-tests/test_cases_privacy_manager.cpp b/src/security-manager-tests/test_cases_privacy_manager.cpp
index eeec39af0218071f5512111c96820aef5a2b8131..19c6465a65b7f0a947ef543ec4a83a39d08930b3 100644 (file)
--- a/src/security-manager-tests/test_cases_privacy_manager.cpp
+++ b/src/security-manager-tests/test_cases_privacy_manager.cpp
@@ -965,3 +965,160 @@ RUNNER_CHILD_TEST(security_manager_20_privacy_manager_privacy_related_privileges
         }
     }
 }
+
+RUNNER_CHILD_TEST(security_manager_21_fetch_app_manifest_invalid_params)
+{
+    int ret = security_manager_get_app_manifest_policy(nullptr, 0, nullptr, nullptr);
+    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_INPUT_PARAM, "Expected invalid input param, returned " << ret);
+}
+
+
+RUNNER_CHILD_TEST(security_manager_22_fetch_app_manifest_no_app)
+{
+    char **privileges;
+    size_t nPrivs = 0;
+    int ret = security_manager_get_app_manifest_policy("not_existing_app_id", 0, &privileges, &nPrivs);
+    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT, "Expected no such object error, returned " << ret);
+}
+
+RUNNER_CHILD_TEST(security_manager_23_fetch_app_manifest_invalid_user)
+{
+    TemporaryTestUser user("sm_test_23_fetch_username", GUM_USERTYPE_NORMAL);
+    user.create();
+
+    AppInstallHelper app("security_manager_23_fetch", user.getUid());
+    app.setInstallType(SM_APP_INSTALL_LOCAL);
+    app.addPrivileges(TEST_PRIVACY_PRIVILEGES[1]);
+    ScopedInstaller appInstall(app);
+
+    char **privileges;
+    size_t nPrivs = 0;
+    int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), 0, &privileges, &nPrivs);
+    // Should security-manager check if user exists?
+    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+    RUNNER_ASSERT_MSG(nPrivs == 0, "Expected empty set of privileges, returned " << nPrivs);
+}
+
+RUNNER_CHILD_TEST(security_manager_24_fetch_app_manifest_auth_error)
+{
+    TemporaryTestUser user("sm_test_24_fetch_username", GUM_USERTYPE_NORMAL);
+    user.create();
+
+    AppInstallHelper app("security_manager_24_fetch", user.getUid());
+    app.setInstallType(SM_APP_INSTALL_LOCAL);
+    app.addPrivileges(TEST_PRIVACY_PRIVILEGES[1]);
+    ScopedInstaller appInstall(app);
+
+    pid_t pid = fork();
+    RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+    if (pid != 0) { //parent process
+        waitPid(pid);
+    } else { //child process
+        Api::setProcessLabel(app.getAppId());
+        RUNNER_ASSERT_ERRNO_MSG(
+                drop_root_privileges(user.getUid(), user.getGid()) == 0,
+                "drop_root_privileges failed");
+        char **privileges;
+        size_t nPrivs = 0;
+        int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+        RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "Expected access denied, returned " << ret);
+        exit(0);
+    }
+}
+
+static void check_privileges_from_manifest(const AppInstallHelper &aih, char **privileges, size_t nPrivs)
+{
+    std::vector<std::string> aihPrivs = aih.getPrivilegesNames();
+    RUNNER_ASSERT_MSG(nPrivs == aihPrivs.size(), "Expected privileges number: " << aihPrivs.size() << ", got " << nPrivs);
+    for (size_t i = 0; i < nPrivs; ++i) {
+        RUNNER_ASSERT_MSG(std::find(aihPrivs.begin(), aihPrivs.end(), std::string(privileges[i])) != aihPrivs.end(),
+                          "Privilege " << privileges[i] << " not found");
+    }
+}
+
+RUNNER_CHILD_TEST(security_manager_25_fetch_app_manifest_global_app)
+{
+    TemporaryTestUser user("sm_test_25_fetch_username", GUM_USERTYPE_NORMAL);
+    user.create();
+
+    AppInstallHelper app("security_manager_25_fetch");
+    app.setInstallType(SM_APP_INSTALL_GLOBAL);
+    app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+    app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+    ScopedInstaller appInstall(app);
+
+    char **privileges;
+    size_t nPrivs = 0;
+
+    int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), 0, &privileges, &nPrivs);
+    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+    check_privileges_from_manifest(app, privileges, nPrivs);
+    security_manager_privileges_free(privileges, nPrivs);
+
+    // since app is installed globally, also for our temporary user the returned list should be the same
+    nPrivs = 0;
+    ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+    check_privileges_from_manifest(app, privileges, nPrivs);
+    security_manager_privileges_free(privileges, nPrivs);
+}
+
+RUNNER_CHILD_TEST(security_manager_26_fetch_app_manifest_local_app)
+{
+    TemporaryTestUser user("sm_test_26_fetch_username", GUM_USERTYPE_NORMAL);
+    user.create();
+
+    AppInstallHelper app("security_manager_26_fetch", user.getUid());
+    app.setInstallType(SM_APP_INSTALL_LOCAL);
+    app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+    app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+    ScopedInstaller appInstall(app);
+
+    char **privileges;
+    size_t nPrivs = 0;
+
+    int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+    check_privileges_from_manifest(app, privileges, nPrivs);
+    security_manager_privileges_free(privileges, nPrivs);
+
+    // since app is installed locally, if we ask for other user (ie. root), we should get empty list of privileges
+    nPrivs = 0;
+    ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), 0, &privileges, &nPrivs);
+    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+    RUNNER_ASSERT_MSG(nPrivs == 0, "Expected empty set of privileges, returned " << nPrivs);
+}
+
+RUNNER_CHILD_TEST(security_manager_27_fetch_app_manifest_both_apps)
+{
+    TemporaryTestUser user("sm_test_27_fetch_username", GUM_USERTYPE_NORMAL);
+    user.create();
+
+    AppInstallHelper appGlobal("security_manager_27_fetch");
+    appGlobal.setInstallType(SM_APP_INSTALL_GLOBAL);
+    appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+    appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+    appGlobal.addPrivilege(std::string("http://tizen.org/privielge/contacts.read"));
+    ScopedInstaller appGlobalInstall(appGlobal);
+
+    AppInstallHelper appLocal("security_manager_27_fetch", user.getUid());
+    appLocal.setInstallType(SM_APP_INSTALL_LOCAL);
+    appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+    appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+    ScopedInstaller appLocalInstall(appLocal);
+
+
+    char **privileges;
+    size_t nPrivs = 0;
+
+    int ret = security_manager_get_app_manifest_policy(appLocal.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+    check_privileges_from_manifest(appLocal, privileges, nPrivs);
+    security_manager_privileges_free(privileges, nPrivs);
+
+    nPrivs = 0;
+    ret = security_manager_get_app_manifest_policy(appGlobal.getAppId().c_str(), 0, &privileges, &nPrivs);
+    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected succes, returned " << ret);
+    check_privileges_from_manifest(appGlobal, privileges, nPrivs);
+    security_manager_privileges_free(privileges, nPrivs);
+}