* limitations under the License.
*/
#include <cstdint>
-#include <map>
+#include <unordered_map>
#include <string>
#include <sys/smack.h>
#include <sys/types.h>
#include <unistd.h>
#include <dpl/test/test_runner.h>
-#include <sm_api.h>
#include <sm_commons.h>
-#include <sm_request.h>
#include <tests_common.h>
+#include <scoped_installer.h>
+#include <scoped_path_remover.h>
using namespace SecurityManagerTest;
namespace {
-const int sm_app_shared_test_id = 27;
-const char *const sm_app_shared_id = "sm_test_27_app_id_full";
-const char *const sm_app_shared_another_in_package_id = "sm_test_27_app_2_id_full";
-const char *const sm_pkg_shared_id = "sm_test_27_pkg_id_full";
-
-static const std::map<std::string, struct app_attributes> MANY_APPS_PKGS = {
- {"security_manager_10_app_1", {"security_manager_10_pkg_1", "2.1"}},
- {"security_manager_10_app_2", {"security_manager_10_pkg_2", "3.0"}},
- {"security_manager_10_app_3", {"security_manager_10_pkg_3", "2.1.1"}},
- {"security_manager_10_app_4", {"security_manager_10_pkg_4", "3.1"}},
- {"security_manager_10_app_5", {"security_manager_10_pkg_5", "2.2"}}
+const int ACCESS_SUCCESS = 0;
+const int ACCESS_ERROR = -1;
+
+const std::vector<std::pair<std::string, std::string>> versionCombinations {
+ std::make_pair("2.4", "2.4"),
+ std::make_pair("2.4", "3.0"),
+ std::make_pair("3.0", "3.0"),
+ std::make_pair("3.0", "2.4")
};
-void changeSecurityContext(const std::string& label, uid_t uid, gid_t gid)
+const std::unordered_map<int, const char* const> accessTypeToString {
+ std::make_pair(0, "F_OK"),
+ std::make_pair(1, "X_OK"),
+ std::make_pair(2, "W_OK"),
+ std::make_pair(3, "W_OK|X_OK"),
+ std::make_pair(4, "R_OK"),
+ std::make_pair(5, "R_OK|X_OK"),
+ std::make_pair(6, "R_OK|W_OK"),
+ std::make_pair(7, "R_OK|W_OK|X_OK")
+};
+
+void changeSecurityContext(const std::string &label, uid_t uid, gid_t gid)
{
RUNNER_ASSERT_ERRNO_MSG(0 == smack_set_label_for_self(label.c_str()),
"Error in smack_set_label_for_self(" << label << ")");
RUNNER_ASSERT_ERRNO_MSG(0 == setuid(uid), "Error in setuid.");
}
-void test_success_worker(const std::string &appName, const std::string &pkgName, int test_num)
+AppInstallHelper prepAIH(const std::string &appName,
+ const std::string &pkgName,
+ std::string version,
+ bool isSharedRO)
{
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
-
- changeSecurityContext(generateProcessLabel(appName, pkgName), APP_UID, APP_GID);
-
- RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1,
- "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH );
-}
+ bool appIsLocal = true;
+ AppInstallHelper appInstallHelper(appName, pkgName, version, appIsLocal);
-void test_fail_worker(const std::string &appName, const std::string &pkgName, int test_num)
-{
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
+ appInstallHelper.createInstallDir();
- changeSecurityContext(generateProcessLabel(appName, pkgName), APP_UID, APP_GID);
+ if (isSharedRO)
+ appInstallHelper.createSharedRODir();
- RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1,
- "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName
- << " surprisingly succeeded, while expecting fail");
+ return appInstallHelper;
}
-}
-
-RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PUBLIC_SHARING)
-RUNNER_TEST(security_manager_27a_API2X_app_install)
-{
- std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
- std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
- prepare_app_env(sm_app_shared_test_id, true);
-
- // install other apps
- for(const auto &app : MANY_APPS_PKGS) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- requestInst.setPkgId(app.second.package.c_str());
- requestInst.setAppTizenVersion(app.second.Tizen_ver.c_str());
-
- Api::install(requestInst);
+void runAccessTest(const AppInstallHelper &appFrom, const std::string &testPath,
+ const int accessType, const int accessResult) {
+ auto fun = [&](){
+ changeSecurityContext(appFrom.generateAppLabel(), appFrom.getUID(), appFrom.getGID());
+ RUNNER_ASSERT_ERRNO_MSG(::access(testPath.c_str(), accessType) == accessResult,
+ "access from app " << appFrom.getAppId() << " to path " << testPath
+ << " (" << accessTypeToString.at(accessType) << "): ");
};
- // install
- {
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_shared_id);
- requestInst.setPkgId(sm_pkg_shared_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
- requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
- requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
- requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
- requestInst.setAppTizenVersion("2.4");
- Api::install(requestInst);
- }
+ runInChildParentWait(fun);
+}
- // another app in package
- {
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_shared_another_in_package_id);
- requestInst.setPkgId(sm_pkg_shared_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
- requestInst.setAppTizenVersion("2.4");
- Api::install(requestInst);
- }
+} //anonymous namespace
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_SHARED_RO)
- /* TODO: add parameters to this function */
- check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
+/**
+ * Test 76 : Check whether owner app
+ * have access to own sharedRO dir
+ */
+RUNNER_CHILD_TEST(security_manager_76_owner_shared_ro_have_rw_access_to_own_shared_ro_dir)
+{
+ std::string sharedROAppName = "sm_test_76_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_76_pkg1_sharedRO";
+ auto run_test = [&](std::string ver) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver, true));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
- RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
-}
+ runAccessTest(sharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS);
+ };
-RUNNER_CHILD_TEST(security_manager_27b_owner_1_have_access)
-{
- test_success_worker(sm_app_shared_id, sm_pkg_shared_id, sm_app_shared_test_id);
+ run_test("2.4");
+ run_test("3.0");
}
-RUNNER_CHILD_TEST(security_manager_27c_owner_2_have_access)
+/**
+ * Test 77 : Check whether app from non_sharedRO pkg
+ * have access to sharedRO dir of an application
+ */
+RUNNER_CHILD_TEST(security_manager_77_no_shared_ro_have_ro_access_to_shared_ro)
{
- test_success_worker(sm_app_shared_another_in_package_id, sm_pkg_shared_id, sm_app_shared_test_id);
+ std::string sharedROAppName = "sm_test_77_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_77_pkg1_sharedRO";
+ std::string nonSharedROAppName = "sm_test_77_app2";
+ std::string nonSharedROPkgName = "sm_test_77_pkg2";
+
+ auto run_test = [&](std::string ver1, std::string ver2) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
+ ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver2, false));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
+
+ runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
+ runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
+ };
+
+ for (const auto &version : versionCombinations) {
+ run_test(version.first, version.second);
+ }
}
-RUNNER_CHILD_TEST(security_manager_27d_API2X_apps_have_access_app_1)
+/**
+ * Test 78 : Check whether app from another sharedRO pkg
+ * have access to sharedRO dir of an application
+ */
+RUNNER_CHILD_TEST(security_manager_78_another_pkg_shared_ro_have_ro_access_to_shared_ro)
{
- test_success_worker("security_manager_10_app_1", "security_manager_10_pkg_1", sm_app_shared_test_id);
+ std::string sharedROAppName = "sm_test_78_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_78_pkg1_sharedRO";
+ std::string sharedROAppName2 = "sm_test_78_app2_sharedRO";
+ std::string sharedROPkgName2 = "sm_test_78_pkg2_sharedRO";
+
+ auto run_test = [&](std::string ver1, std::string ver2) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
+ ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName2, ver2, true));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(),
+ sharedROPkgApp2.getAIH().getSharedRODir()});
+
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
+ };
+
+ for (const auto &version : versionCombinations)
+ run_test(version.first, version.second);
}
-RUNNER_CHILD_TEST(security_manager_27e_API2X_apps_dont_have_access_app_2)
+/**
+ * Test 79 : Install two sharedRO apps in one package
+ * and check access to sharedRO dir
+ */
+RUNNER_CHILD_TEST(security_manager_79_same_pkg_shared_ro_have_ro_access_to_shared_ro)
{
- test_fail_worker("security_manager_10_app_2", "security_manager_10_pkg_2", sm_app_shared_test_id);
+ std::string sharedROAppName = "sm_test_79_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_79_pkg1_sharedRO";
+ std::string sharedROAppName2 = "sm_test_79_app2_sharedRO";
+
+ auto run_test = [&](std::string ver1, std::string ver2) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
+ ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName, ver2, true));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
+
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS);
+ };
+
+ for (const auto &version : versionCombinations)
+ run_test(version.first, version.second);
}
-RUNNER_CHILD_TEST(security_manager_27f_API2X_apps_have_access_app_3)
+/**
+ * Test 80 : Check whether application from non-sharedRO pkg
+ * have proper access to RO dir of an sharedRO application.
+ */
+RUNNER_CHILD_TEST(security_manager_80_no_shared_ro_have_no_access_to_shared_ro_app_ro_dir)
{
- test_success_worker("security_manager_10_app_3", "security_manager_10_pkg_3", sm_app_shared_test_id);
+ std::string sharedROAppName = "sm_test_80_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_80_pkg1_sharedRO";
+ std::string nonSharedROAppName = "sm_test_80_app2";
+ std::string nonSharedROPkgName = "sm_test_80_pkg2";
+
+ auto run_test = [&](std::string ver1, std::string ver2) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
+ ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver2, false));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
+
+ runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|X_OK, ACCESS_ERROR);
+ runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|W_OK, ACCESS_ERROR);
+ };
+
+ for (const auto &version : versionCombinations)
+ run_test(version.first, version.second);
}
-RUNNER_CHILD_TEST(security_manager_27g_API2X_apps_dont_have_access_app_4)
+/**
+ * Test 81 : Check whether sharedRO application from another pkg
+ * have proper access to RO dir of other sharedRO app.
+ */
+RUNNER_CHILD_TEST(security_manager_81_another_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir)
{
- test_fail_worker("security_manager_10_app_4", "security_manager_10_pkg_4", sm_app_shared_test_id);
+ std::string sharedROAppName = "sm_test_81_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_81_pkg1_sharedRO";
+ std::string sharedROAppName2 = "sm_test_81_app2_sharedRO";
+ std::string sharedROPkgName2 = "sm_test_81_pkg2_sharedRO";
+
+ auto run_test = [&](std::string ver1, std::string ver2) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
+ ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName2, ver2, true));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(),
+ sharedROPkgApp2.getAIH().getSharedRODir()});
+
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|X_OK, ACCESS_ERROR);
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|W_OK, ACCESS_ERROR);
+ };
+
+ for (const auto &version : versionCombinations)
+ run_test(version.first, version.second);
}
-RUNNER_CHILD_TEST(security_manager_27h_API2X_apps_have_access_app_5)
+/**
+ * Test 82 : Check whether sharedRO application from same pkg
+ * have proper access to RO dir of other sharedRO app.
+ */
+RUNNER_CHILD_TEST(security_manager_82_same_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir)
{
- test_success_worker("security_manager_10_app_5", "security_manager_10_pkg_5", sm_app_shared_test_id);
-}
+ std::string sharedROAppName = "sm_test_82_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_82_pkg1_sharedRO";
+ std::string sharedROAppName2 = "sm_test_82_app2_sharedRO";
+ auto run_test = [&](std::string ver1, std::string ver2) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
+ ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName, ver2, true));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
-RUNNER_TEST(security_manager_27i_API2X_app_uninstall)
-{
- {
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_shared_id);
- Api::uninstall(requestUninst);
- }
- {
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_shared_another_in_package_id);
- Api::uninstall(requestUninst);
- }
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|X_OK, ACCESS_ERROR);
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|W_OK, ACCESS_ERROR);
+ };
- /* Check records in the security-manager database,
- * all previously allowed privileges should be removed */
- check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
- check_app_after_uninstall(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
+ for (const auto &version : versionCombinations)
+ run_test(version.first, version.second);
}
-RUNNER_TEST(security_manager_27j_API30_app_install)
+/**
+ * Test 83 : Try to add valid sharedRO dir to an app
+ * and check all possible accesses to to it.
+ */
+RUNNER_CHILD_TEST(security_manager_83_add_path_to_app_and_check_all)
{
- std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
- std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
- prepare_app_env(sm_app_shared_test_id, true);
-
- // install
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_shared_id);
- requestInst.setPkgId(sm_pkg_shared_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
- requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
- requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
- requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
- requestInst.setAppTizenVersion("3.0");
-
- Api::install(requestInst);
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
-
- /* TODO: add parameters to this function */
- check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
-
- RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
-}
+ std::string sharedROAppName = "sm_test_83_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_83_pkg1_sharedRO";
+ std::string nonSharedROAppName = "sm_test_83_app2";
+ std::string nonSharedROPkgName = "sm_test_83_pkg2";
+ std::string nonSharedROAppName2 = "sm_test_83_app3_will_be_sharedRO";
+ std::string nonSharedROPkgName2 = "sm_test_83_pkg3_will_be_sharedRO";
+
+ auto run_test = [&](std::string ver1, std::string ver2) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
+ ScopedInstaller anotherNonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver1, false));
+ ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName2, nonSharedROPkgName2, ver2, false));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(),
+ anotherNonSharedROPkgApp.getAIH().getSharedRODir(),
+ nonSharedROPkgApp.getAIH().getSharedRODir()});
+
+ nonSharedROPkgApp.getAIH().createSharedRODir();
+
+ PathsRequest sharedRORequest;
+ sharedRORequest.setPkgId(nonSharedROPkgApp.getAIH().getPkgId());
+ sharedRORequest.addPath(nonSharedROPkgApp.getAIH().getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
+ sharedRORequest.setUid(nonSharedROPkgApp.getAIH().getUID());
+ Api::registerPaths(sharedRORequest);
+
+ runAccessTest(nonSharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS);
+
+ runAccessTest(sharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
+ runAccessTest(sharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
+
+ runAccessTest(anotherNonSharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
+ runAccessTest(anotherNonSharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
+ };
-RUNNER_CHILD_TEST(security_manager_27k_API30_apps_dont_have_access_app_1)
-{
- test_fail_worker("security_manager_10_app_1", "security_manager_10_pkg_1", sm_app_shared_test_id);
+ for (const auto &version : versionCombinations)
+ run_test(version.first, version.second);
}
-RUNNER_CHILD_TEST(security_manager_27l_API30_apps_dont_have_access_app_2)
+/**
+ * Test 84 : Try to add path which does not belong
+ * to an app and check if operation succeeds.
+ */
+RUNNER_CHILD_TEST(security_manager_84_add_invalid_path_to_app_and_check_all)
{
- test_fail_worker("security_manager_10_app_2", "security_manager_10_pkg_2", sm_app_shared_test_id);
-}
+ std::string sharedROAppName = "sm_test_84_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_84_pkg1_sharedRO";
+ std::string nonSharedROAppName = "sm_test_84_app2";
+ std::string nonSharedROPkgName = "sm_test_84_pkg2";
+ std::string nonSharedROAppName2 = "sm_test_84_app3_wont_be_sharedRO";
+ std::string nonSharedROPkgName2 = "sm_test_84_pkg3_wont_be_sharedRO";
+
+ auto run_test = [&](std::string ver1, std::string ver2) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
+ ScopedInstaller anotherNonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver1, false));
+ ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName2, nonSharedROPkgName2, ver2 ,false));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(), anotherNonSharedROPkgApp.getAIH().getSharedRODir()});
+
+ PathsRequest sharedRORequest;
+ sharedRORequest.setPkgId(nonSharedROPkgApp.getAIH().getPkgId());
+ sharedRORequest.addPath(sharedROPkgApp.getAIH().getPrivateRODir(), SECURITY_MANAGER_PATH_RO);
+ sharedRORequest.setUid(nonSharedROPkgApp.getAIH().getUID());
+ Api::registerPaths(sharedRORequest, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ };
-RUNNER_CHILD_TEST(security_manager_27m_API30_apps_dont_have_access_app_3)
-{
- test_fail_worker("security_manager_10_app_3", "security_manager_10_pkg_3", sm_app_shared_test_id);
+ for (const auto &version : versionCombinations)
+ run_test(version.first, version.second);
}
-RUNNER_CHILD_TEST(security_manager_27n_API30_apps_dont_have_access_app_4)
+/**
+ * Test 85 : Install and uninstall app and check accesses to
+ * uninstalled paths from other packages.
+ */
+RUNNER_CHILD_TEST(security_manager_85_install_uninstall_shared_ro_app_and_check_cleaning)
{
- test_fail_worker("security_manager_10_app_4", "security_manager_10_pkg_4", sm_app_shared_test_id);
-}
+ std::string sharedROAppName = "sm_test_85_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_85_pkg1_sharedRO";
+ std::string sharedROAppName2 = "sm_test_85_app2_sharedRO";
+ std::string sharedROPkgName2 = "sm_test_85_pkg2_sharedRO";
+ std::string nonSharedROAppName = "sm_test_85_app3";
+ std::string nonSharedROPkgName = "sm_test_85_pkg3";
-RUNNER_CHILD_TEST(security_manager_27o_API30_apps_dont_have_access_app_5)
-{
- test_fail_worker("security_manager_10_app_5", "security_manager_10_pkg_5", sm_app_shared_test_id);
-}
+ auto run_test = [&](std::string ver1, std::string ver2) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true));
+ ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName2, ver2, true));
+ ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver2, false));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(), sharedROPkgApp2.getAIH().getSharedRODir()});
-RUNNER_TEST(security_manager_27p_API30_app_uninstall)
-{
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_shared_id);
+ sharedROPkgApp.uninstallApp();
- Api::uninstall(requestUninst);
+ runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_ERROR);
+ runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
- /* Check records in the security-manager database,
- * all previously allowed privileges should be removed */
- check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_ERROR);
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR);
- // install other apps
- for(const auto &app : MANY_APPS_PKGS) {
- InstallRequest requestUninst;
- requestUninst.setAppId(app.first);
+ /**
+ * After Deinstallation of an app, sharedRO dir
+ * still exists, but only owner app have an access (sharedRO rules are revoked)
+ */
- Api::uninstall(requestUninst);
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), F_OK, ACCESS_SUCCESS);
};
+
+ for (const auto &version : versionCombinations)
+ run_test(version.first, version.second);
+}
+
+/**
+ * Test 86 : Install multiple SharedRO apps,
+ * uninstall one of them and check accesses to sharedRO path
+ * within one package.
+ */
+RUNNER_CHILD_TEST(security_manager_86_install_uninstall_shared_ro_two_apps_in_one_pkg)
+{
+ std::string sharedROAppName = "sm_test_86_app1_sharedRO";
+ std::string sharedROPkgName = "sm_test_86_pkg1_sharedRO";
+ std::string sharedROAppName2 = "sm_test_86_app2_sharedRO";
+ std::string nonSharedROAppName = "sm_test_86_app3";
+
+ auto run_test = [&](std::string ver1, std::string ver2) {
+ ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, false));
+ ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName, ver2, true));
+ ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, sharedROPkgName, ver2, false));
+ ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()});
+
+ sharedROPkgApp.uninstallApp();
+
+ runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), F_OK, ACCESS_SUCCESS);
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS);
+ runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS);
+ };
+
+ for (const auto &version : versionCombinations)
+ run_test(version.first, version.second);
}