--- /dev/null
+#
+#Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+# @brief
+#
+
+INCLUDE(FindPkgConfig)
+
+# Dependencies
+PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP
+ REQUIRED
+ libsmack
+ libprivilege-control
+ security-manager
+ dpl-test-efl)
+
+
+SET(TARGET_SEC_MGR_TESTS "security-manager-tests")
+
+SET(SEC_MGR_SOURCES
+ ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/security_manager_tests.cpp
+ ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp
+ )
+
+INCLUDE_DIRECTORIES(SYSTEM
+ ${SEC_MGR_TESTS_DEP_INCLUDE_DIRS}
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/tests/common/
+ ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/common/
+ )
+
+ADD_EXECUTABLE(${TARGET_SEC_MGR_TESTS} ${SEC_MGR_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_SEC_MGR_TESTS}
+ ${SEC_MGR_TESTS_DEP_LIBRARIES}
+ tests-common)
+
+INSTALL(TARGETS ${TARGET_SEC_MGR_TESTS} DESTINATION /usr/bin)
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/WRT_security_manager_test_rules1.smack
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/WRT_security_manager_test_rules2.smack
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/WRT_security_manager_test_rules2_no_r.smack
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/WRT_security_manager_test_rules2_r.smack
+ DESTINATION /usr/share/privilege-control/
+ )
--- /dev/null
+#include <dpl/test/test_runner.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <memory.h>
+#include <summary_collector.h>
+
+#include <libprivilege-control_test_common.h>
+#include <tests_common.h>
+
+#include <security-manager.h>
+
+DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
+
+static const char* SM_APP_ID = "sm_test_app_id";
+static const char* SM_PKG_ID = "sm_test_pkg_id";
+
+static uid_t SM_ALLOWED_UID1 = 6666;
+static uid_t SM_ALLOWED_UID2 = 7777;
+
+static const char* SM_ALLOWED_PERMISSION1 = "security_manager_test_rules2_r";
+static const char* SM_ALLOWED_PERMISSION2 = "security_manager_test_rules2_no_r";
+
+static const rules_t SM_ALLOWED_RULES = {
+ { USER_APP_ID, "test_sm_book_8", "r" },
+ { USER_APP_ID, "test_sm_book_9", "w" },
+ { USER_APP_ID, "test_sm_book_10", "x" },
+ { USER_APP_ID, "test_sm_book_11", "rw" },
+ { USER_APP_ID, "test_sm_book_12", "rx" },
+ { USER_APP_ID, "test_sm_book_13", "wx" },
+ { USER_APP_ID, "test_sm_book_14", "rwx" },
+ { USER_APP_ID, "test_sm_book_15", "rwxat" },
+ { "test_sm_subject_8", USER_APP_ID, "r" },
+ { "test_sm_subject_9", USER_APP_ID, "w" },
+ { "test_sm_subject_10", USER_APP_ID, "x" },
+ { "test_sm_subject_11", USER_APP_ID, "rw" },
+ { "test_sm_subject_12", USER_APP_ID, "rx" },
+ { "test_sm_subject_13", USER_APP_ID, "wx" },
+ { "test_sm_subject_14", USER_APP_ID, "rwx" },
+ { "test_sm_subject_15", USER_APP_ID, "rwxat" }
+};
+static const rules_t SM_DENIED_RULES = {
+ { USER_APP_ID, "test_sm_book_1", "r" },
+ { USER_APP_ID, "test_sm_book_2", "w" },
+ { USER_APP_ID, "test_sm_book_3", "x" },
+ { USER_APP_ID, "test_sm_book_4", "rw" },
+ { USER_APP_ID, "test_sm_book_5", "rx" },
+ { USER_APP_ID, "test_sm_book_6", "wx" },
+ { USER_APP_ID, "test_sm_book_7", "rwx" },
+ { "test_sm_subject_1", USER_APP_ID, "r" },
+ { "test_sm_subject_2", USER_APP_ID, "w" },
+ { "test_sm_subject_3", USER_APP_ID, "x" },
+ { "test_sm_subject_4", USER_APP_ID, "rw" },
+ { "test_sm_subject_5", USER_APP_ID, "rx" },
+ { "test_sm_subject_6", USER_APP_ID, "wx" },
+ { "test_sm_subject_7", USER_APP_ID, "rwx" }
+};
+
+static const char* SM_DENIED_PERMISSION1 = "security_manager_test_rules1";
+static const char* SM_DENIED_PERMISSION2 = "security_manager_test_rules2";
+
+static const char* SM_ALLOWED_PATH = TEST_APP_DIR;
+static const char* SM_DENIED_PATH = TEST_NON_APP_DIR;
+
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
+
+static app_inst_req* do_app_inst_req_new()
+{
+ int result;
+ app_inst_req *req = NULL;
+
+ result = security_manager_app_inst_req_new(&req);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "creation of new request failed. Result: " << result);
+ RUNNER_ASSERT_MSG_BT(req != NULL, "creation of new request did not allocate memory");
+ return req;
+}
+
+static void prepare_app_path()
+{
+ int result;
+
+ result = nftw(SM_ALLOWED_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to clean Smack labels in " << SM_ALLOWED_PATH);
+
+ result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
+}
+
+static void check_app_path_after_install()
+{
+ int result;
+
+ result = nftw(SM_ALLOWED_PATH, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_ALLOWED_PATH);
+
+ result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
+}
+
+static void check_app_permission_after_install()
+{
+ bool result;
+
+ result = check_all_accesses(smack_check(), SM_ALLOWED_RULES);
+ RUNNER_ASSERT_MSG_BT(result, "Permissions not added.");
+ result = check_no_accesses(smack_check(), SM_DENIED_RULES);
+ RUNNER_ASSERT_MSG_BT(result, "Permissions added.");
+
+ check_perm_app_has_permission(USER_APP_ID, SM_ALLOWED_PERMISSION1, true);
+ check_perm_app_has_permission(USER_APP_ID, SM_ALLOWED_PERMISSION2, true);
+ check_perm_app_has_permission(USER_APP_ID, SM_DENIED_PERMISSION1, false);
+ check_perm_app_has_permission(USER_APP_ID, SM_DENIED_PERMISSION2, false);
+}
+
+static void prepare_app_env()
+{
+ prepare_app_path();
+}
+
+static void check_app_env_after_install()
+{
+ check_app_path_after_install();
+ check_app_permission_after_install();
+}
+
+RUNNER_TEST(security_manager_01_app_install_unsinstall)
+{
+ int result;
+ AppInstReqUniquePtr request;
+
+ prepare_app_env();
+
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting pkg id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_add_allowed_user(request.get(), SM_ALLOWED_UID1);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed user failed. Result: " << result);
+ result = security_manager_app_inst_req_add_allowed_user(request.get(), SM_ALLOWED_UID2);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed user failed. Result: " << result);
+
+ result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PERMISSION1);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed permission failed. Result: " << result);
+ result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PERMISSION2);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed permission failed. Result: " << result);
+
+ result = security_manager_app_inst_req_add_path(request.get(), SM_ALLOWED_PATH,
+ SECURITY_MANAGER_PATH_PRIVATE);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed path failed. Result: " << result);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing app failed. Result: " << result);
+
+ check_app_env_after_install();
+
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling app failed. Result: " << result);
+
+}
+
+int main(int argc, char *argv[])
+{
+ SummaryCollector::Register();
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}