DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
-static const char *const SM_APP_ID1 = "sm_test_app_id_double";
-static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
-
-static const char *const SM_APP_ID2 = "sm_test_app_id_full";
-static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
-
-static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
-static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
-
static const privileges_t SM_ALLOWED_PRIVILEGES = {
"security_manager_test_rules2_r",
"security_manager_test_rules2_no_r"
{
int result;
AppInstReqUniquePtr request;
+ const char *const sm_app_id = "sm_test_01_app_id_double";
+ const char *const sm_pkg_id = "sm_test_01_pkg_id_double";
request.reset(do_app_inst_req_new());
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
+ result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting app id failed. Result: " << result);
- result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), sm_pkg_id);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting pkg id failed. Result: " << result);
"installing already installed app failed. Result: " << result);
/* Check records in the security-manager database */
- check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
+ check_app_after_install(sm_app_id, sm_pkg_id);
request.reset(do_app_inst_req_new());
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
+ result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting app id failed. Result: " << result);
"uninstalling already uninstalled app failed. Result: " << result);
/* Check records in the security-manager database */
- check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
+ check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
}
RUNNER_TEST(security_manager_02_app_install_uninstall_full)
{
int result;
AppInstReqUniquePtr request;
+ const char *const sm_app_id = "sm_test_02_app_id_full";
+ const char *const sm_pkg_id = "sm_test_02_pkg_id_full";
prepare_app_env();
request.reset(do_app_inst_req_new());
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
+ result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting app id failed. Result: " << result);
- result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), sm_pkg_id);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting pkg id failed. Result: " << result);
"installing app failed. Result: " << result);
/* Check records in the security-manager database */
- check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
+ check_app_after_install(sm_app_id, sm_pkg_id,
SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
/* TODO: add parameters to this function */
request.reset(do_app_inst_req_new());
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
+ result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting app id failed. Result: " << result);
/* Check records in the security-manager database,
* all previously allowed privileges should be removed */
- check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
+ check_app_after_uninstall(sm_app_id, sm_pkg_id,
SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
}
RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
{
- const char *const app_id = "sm_test_app_id_set_label_from_appid";
- const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
+ const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
+ const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
const char *const expected_label = USER_APP_ID;
const char *const socketLabel = "not_expected_label";
char *label = nullptr;
RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
{
- const char *const app_id = "sm_test_app_id_set_label_from_appid";
- const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
+ const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack";
+ const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack";
int result;
uninstall_app(app_id, pkg_id, false, true);
}
-static void install_and_check(AppInstReqUniquePtr &request, const std::string &user, uid_t uid)
+static void install_and_check(AppInstReqUniquePtr &request,
+ const char *const sm_app_id,
+ const char *const sm_pkg_id,
+ const std::string &user, uid_t uid)
{
int result;
//install app for non-root user and try to register public path (should fail)
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER, uid);
+ prepare_request(request, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER, uid);
result = security_manager_app_install(request.get());
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
//install app for non-root user
//should fail (users may only register folders inside their home)
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid);
+ prepare_request(request, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid);
result = security_manager_app_install(request.get());
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
"installing app not failed. Result: " << result);
//install app for non-root user
//should succeed - this time i register folder inside user's home dir
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER, uid);
+ prepare_request(request, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER, uid);
for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"installing app failed. Result: " << result);
- check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+ check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
}
RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
{
int result;
AppInstReqUniquePtr request;
+ const char *const sm_app_id = "sm_test_04a_app_id_uid";
+ const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
+
struct passwd *pw = get_app_pw();
const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- install_and_check(request, user, 0);
+ install_and_check(request, sm_app_id, sm_pkg_id, user, 0);
//uninstall app as non-root user
request.reset(do_app_inst_req_new());
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
+ result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting app id failed. Result: " << result);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"uninstalling app failed. Result: " << result);
- check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+ check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
}
RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
{
int result;
AppInstReqUniquePtr request;
+ const char *const sm_app_id = "sm_test_04b_app_id_uid";
+ const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
+
struct passwd *pw = get_app_pw();
const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
- install_and_check(request, user, pw->pw_uid);
+ install_and_check(request, sm_app_id, sm_pkg_id, user, pw->pw_uid);
//switch user to non-root - root may not uninstall apps for specified users
result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
//uninstall app as non-root user
request.reset(do_app_inst_req_new());
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
+ result = security_manager_app_inst_req_set_app_id(request.get(), sm_app_id);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting app id failed. Result: " << result);
RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"uninstalling app failed. Result: " << result);
- check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+ check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
}