<filesystem path="/usr/bin/security-server-tests-stress" exec_label="_" />
<filesystem path="/usr/bin/security-server-tests-dbus" exec_label="_" />
- <filesystem path="/usr/bin/hello-tizen" exec_label="hello-tizen" />
+ <filesystem path="/usr/bin/hello-tizen" exec_label="User" />
</assign>
<request>
<domain name="_" />
-~APP~ test_book_8 r
-~APP~ test_book_9 w
-~APP~ test_book_10 x
-~APP~ test_book_11 rw
-~APP~ test_book_12 rx
-~APP~ test_book_13 wx
-~APP~ test_book_14 rwx
-~APP~ test_book_15 rwxat
-test_subject_8 ~APP~ r
-test_subject_9 ~APP~ w
-test_subject_10 ~APP~ x
-test_subject_11 ~APP~ rw
-test_subject_12 ~APP~ rx
-test_subject_13 ~APP~ wx
-test_subject_14 ~APP~ rwx
-test_subject_15 ~APP~ rwxat
+~APP~ test_book_osp_8 r
+~APP~ test_book_osp_9 w
+~APP~ test_book_osp_10 x
+~APP~ test_book_osp_11 rw
+~APP~ test_book_osp_12 rx
+~APP~ test_book_osp_13 wx
+~APP~ test_book_osp_14 rwx
+~APP~ test_book_osp_15 rwxat
+test_subject_osp_8 ~APP~ r
+test_subject_osp_9 ~APP~ w
+test_subject_osp_10 ~APP~ x
+test_subject_osp_11 ~APP~ rw
+test_subject_osp_12 ~APP~ rx
+test_subject_osp_13 ~APP~ wx
+test_subject_osp_14 ~APP~ rwx
+test_subject_osp_15 ~APP~ rwxat
-~APP~ test_book_8 r
-~APP~ test_book_9 w
-~APP~ test_book_10 x
-~APP~ test_book_11 rw
-~APP~ test_book_12 rx
-~APP~ test_book_13 wx
-~APP~ test_book_14 rwx
-~APP~ test_book_15 rwxat
-test_subject_8 ~APP~ r
-test_subject_9 ~APP~ w
-test_subject_10 ~APP~ x
-test_subject_11 ~APP~ rw
-test_subject_12 ~APP~ rx
-test_subject_13 ~APP~ wx
-test_subject_14 ~APP~ rwx
-test_subject_15 ~APP~ rwxat
+~APP~ test_book_wgt_8 r
+~APP~ test_book_wgt_9 w
+~APP~ test_book_wgt_10 x
+~APP~ test_book_wgt_11 rw
+~APP~ test_book_wgt_12 rx
+~APP~ test_book_wgt_13 wx
+~APP~ test_book_wgt_14 rwx
+~APP~ test_book_wgt_15 rwxat
+test_subject_wgt_8 ~APP~ r
+test_subject_wgt_9 ~APP~ w
+test_subject_wgt_10 ~APP~ x
+test_subject_wgt_11 ~APP~ rw
+test_subject_wgt_12 ~APP~ rx
+test_subject_wgt_13 ~APP~ wx
+test_subject_wgt_14 ~APP~ rwx
+test_subject_wgt_15 ~APP~ rwxat
#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
+extern const char *USER_APP_ID;
+
const std::string RDB_PATH("/opt/dbspace/.rules-db.db3");
const std::string RDB_PATH_BACKUP("/opt/dbspace/.rules-db.db3.backup");
// Rules from WRT_test_privilege_control_rules1.smack for wgt
const rules_t rules1 = {
- { WGT_APP_ID, "test_book_1", "r" },
- { WGT_APP_ID, "test_book_2", "w" },
- { WGT_APP_ID, "test_book_3", "x" },
- { WGT_APP_ID, "test_book_4", "rw" },
- { WGT_APP_ID, "test_book_5", "rx" },
- { WGT_APP_ID, "test_book_6", "wx" },
- { WGT_APP_ID, "test_book_7", "rwx" },
- { "test_subject_1", WGT_APP_ID, "r" },
- { "test_subject_2", WGT_APP_ID, "w" },
- { "test_subject_3", WGT_APP_ID, "x" },
- { "test_subject_4", WGT_APP_ID, "rw" },
- { "test_subject_5", WGT_APP_ID, "rx" },
- { "test_subject_6", WGT_APP_ID, "wx" },
- { "test_subject_7", WGT_APP_ID, "rwx" }
+ { USER_APP_ID, "test_book_1", "r" },
+ { USER_APP_ID, "test_book_2", "w" },
+ { USER_APP_ID, "test_book_3", "x" },
+ { USER_APP_ID, "test_book_4", "rw" },
+ { USER_APP_ID, "test_book_5", "rx" },
+ { USER_APP_ID, "test_book_6", "wx" },
+ { USER_APP_ID, "test_book_7", "rwx" },
+ { "test_subject_1", USER_APP_ID, "r" },
+ { "test_subject_2", USER_APP_ID, "w" },
+ { "test_subject_3", USER_APP_ID, "x" },
+ { "test_subject_4", USER_APP_ID, "rw" },
+ { "test_subject_5", USER_APP_ID, "rx" },
+ { "test_subject_6", USER_APP_ID, "wx" },
+ { "test_subject_7", USER_APP_ID, "rwx" }
};
// Rules from WRT_test_privilege_control_rules2.smack
const rules_t rules2 = {
- { WGT_APP_ID, "test_book_8", "r" },
- { WGT_APP_ID, "test_book_9", "w" },
- { WGT_APP_ID, "test_book_10", "x" },
- { WGT_APP_ID, "test_book_11", "rw" },
- { WGT_APP_ID, "test_book_12", "rx" },
- { WGT_APP_ID, "test_book_13", "wx" },
- { WGT_APP_ID, "test_book_14", "rwx" },
- { WGT_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", WGT_APP_ID, "r" },
- { "test_subject_9", WGT_APP_ID, "w" },
- { "test_subject_10", WGT_APP_ID, "x" },
- { "test_subject_11", WGT_APP_ID, "rw" },
- { "test_subject_12", WGT_APP_ID, "rx" },
- { "test_subject_13", WGT_APP_ID, "wx" },
- { "test_subject_14", WGT_APP_ID, "rwx" },
- { "test_subject_15", WGT_APP_ID, "rwxat" }
+ { USER_APP_ID, "test_book_8", "r" },
+ { USER_APP_ID, "test_book_9", "w" },
+ { USER_APP_ID, "test_book_10", "x" },
+ { USER_APP_ID, "test_book_11", "rw" },
+ { USER_APP_ID, "test_book_12", "rx" },
+ { USER_APP_ID, "test_book_13", "wx" },
+ { USER_APP_ID, "test_book_14", "rwx" },
+ { USER_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", USER_APP_ID, "r" },
+ { "test_subject_9", USER_APP_ID, "w" },
+ { "test_subject_10", USER_APP_ID, "x" },
+ { "test_subject_11", USER_APP_ID, "rw" },
+ { "test_subject_12", USER_APP_ID, "rx" },
+ { "test_subject_13", USER_APP_ID, "wx" },
+ { "test_subject_14", USER_APP_ID, "rwx" },
+ { "test_subject_15", USER_APP_ID, "rwxat" }
};
// Rules from WRT_test_privilege_control_rules_no_r.smack
const rules_t rules2_no_r = {
- { WGT_APP_ID, "test_book_9", "w" },
- { WGT_APP_ID, "test_book_10", "x" },
- { WGT_APP_ID, "test_book_11", "w" },
- { WGT_APP_ID, "test_book_12", "x" },
- { WGT_APP_ID, "test_book_13", "x" },
- { WGT_APP_ID, "test_book_14", "wx" },
- { WGT_APP_ID, "test_book_15", "wxat" },
- { "test_subject_9", WGT_APP_ID, "w" },
- { "test_subject_10", WGT_APP_ID, "x" },
- { "test_subject_11", WGT_APP_ID, "w" },
- { "test_subject_12", WGT_APP_ID, "x" },
- { "test_subject_13", WGT_APP_ID, "x" },
- { "test_subject_14", WGT_APP_ID, "wx" },
- { "test_subject_15", WGT_APP_ID, "wxat" }
+ { USER_APP_ID, "test_book_9", "w" },
+ { USER_APP_ID, "test_book_10", "x" },
+ { USER_APP_ID, "test_book_11", "w" },
+ { USER_APP_ID, "test_book_12", "x" },
+ { USER_APP_ID, "test_book_13", "x" },
+ { USER_APP_ID, "test_book_14", "wx" },
+ { USER_APP_ID, "test_book_15", "wxat" },
+ { "test_subject_9", USER_APP_ID, "w" },
+ { "test_subject_10", USER_APP_ID, "x" },
+ { "test_subject_11", USER_APP_ID, "w" },
+ { "test_subject_12", USER_APP_ID, "x" },
+ { "test_subject_13", USER_APP_ID, "x" },
+ { "test_subject_14", USER_APP_ID, "wx" },
+ { "test_subject_15", USER_APP_ID, "wxat" }
};
// Rules from test_privilege_control_rules.smack
// minus WRT_test_privilege_control_rules_no_r.smack
const rules_t rules2_r = {
- { WGT_APP_ID, "test_book_8", "r" },
- { WGT_APP_ID, "test_book_11", "r" },
- { WGT_APP_ID, "test_book_12", "r" },
- { WGT_APP_ID, "test_book_14", "r" },
- { WGT_APP_ID, "test_book_15", "r" },
- { "test_subject_8", WGT_APP_ID, "r" },
- { "test_subject_11", WGT_APP_ID, "r" },
- { "test_subject_12", WGT_APP_ID, "r" },
- { "test_subject_14", WGT_APP_ID, "r" },
- { "test_subject_15", WGT_APP_ID, "r" }
+ { USER_APP_ID, "test_book_8", "r" },
+ { USER_APP_ID, "test_book_11", "r" },
+ { USER_APP_ID, "test_book_12", "r" },
+ { USER_APP_ID, "test_book_14", "r" },
+ { USER_APP_ID, "test_book_15", "r" },
+ { "test_subject_8", USER_APP_ID, "r" },
+ { "test_subject_11", USER_APP_ID, "r" },
+ { "test_subject_12", USER_APP_ID, "r" },
+ { "test_subject_14", USER_APP_ID, "r" },
+ { "test_subject_15", USER_APP_ID, "r" }
};
// Rules from EFL_test_privilege_control_rules_efl.smack for rpm
const rules_t rules_efl = {
- { EFL_APP_ID, "test_book_efl", "r" }
+ { USER_APP_ID, "test_book_efl", "r" }
};
// Rules from WRT_test_privilege_control_rules_wgt.smack for wgt
const rules_t rules_wgt = {
- { WGT_APP_ID, "test_book_8", "r" },
- { WGT_APP_ID, "test_book_9", "w" },
- { WGT_APP_ID, "test_book_10", "x" },
- { WGT_APP_ID, "test_book_11", "rw" },
- { WGT_APP_ID, "test_book_12", "rx" },
- { WGT_APP_ID, "test_book_13", "wx" },
- { WGT_APP_ID, "test_book_14", "rwx" },
- { WGT_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", WGT_APP_ID, "r" },
- { "test_subject_9", WGT_APP_ID, "w" },
- { "test_subject_10", WGT_APP_ID, "x" },
- { "test_subject_11", WGT_APP_ID, "rw" },
- { "test_subject_12", WGT_APP_ID, "rx" },
- { "test_subject_13", WGT_APP_ID, "wx" },
- { "test_subject_14", WGT_APP_ID, "rwx" },
- { "test_subject_15", WGT_APP_ID, "rwxat" }
+ { USER_APP_ID, "test_book_wgt_8", "r" },
+ { USER_APP_ID, "test_book_wgt_9", "w" },
+ { USER_APP_ID, "test_book_wgt_10", "x" },
+ { USER_APP_ID, "test_book_wgt_11", "rw" },
+ { USER_APP_ID, "test_book_wgt_12", "rx" },
+ { USER_APP_ID, "test_book_wgt_13", "wx" },
+ { USER_APP_ID, "test_book_wgt_14", "rwx" },
+ { USER_APP_ID, "test_book_wgt_15", "rwxat" },
+ { "test_subject_wgt_8", USER_APP_ID, "r" },
+ { "test_subject_wgt_9", USER_APP_ID, "w" },
+ { "test_subject_wgt_10", USER_APP_ID, "x" },
+ { "test_subject_wgt_11", USER_APP_ID, "rw" },
+ { "test_subject_wgt_12", USER_APP_ID, "rx" },
+ { "test_subject_wgt_13", USER_APP_ID, "wx" },
+ { "test_subject_wgt_14", USER_APP_ID, "rwx" },
+ { "test_subject_wgt_15", USER_APP_ID, "rwxat" }
};
// Rules from OSP_test_privilege_control_rules_osp.smack for osp
const rules_t rules_osp = {
- { OSP_APP_ID, "test_book_8", "r" },
- { OSP_APP_ID, "test_book_9", "w" },
- { OSP_APP_ID, "test_book_10", "x" },
- { OSP_APP_ID, "test_book_11", "rw" },
- { OSP_APP_ID, "test_book_12", "rx" },
- { OSP_APP_ID, "test_book_13", "wx" },
- { OSP_APP_ID, "test_book_14", "rwx" },
- { OSP_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", OSP_APP_ID, "r" },
- { "test_subject_9", OSP_APP_ID, "w" },
- { "test_subject_10", OSP_APP_ID, "x" },
- { "test_subject_11", OSP_APP_ID, "rw" },
- { "test_subject_12", OSP_APP_ID, "rx" },
- { "test_subject_13", OSP_APP_ID, "wx" },
- { "test_subject_14", OSP_APP_ID, "rwx" },
- { "test_subject_15", OSP_APP_ID, "rwxat" }
+ { USER_APP_ID, "test_book_osp_8", "r" },
+ { USER_APP_ID, "test_book_osp_9", "w" },
+ { USER_APP_ID, "test_book_osp_10", "x" },
+ { USER_APP_ID, "test_book_osp_11", "rw" },
+ { USER_APP_ID, "test_book_osp_12", "rx" },
+ { USER_APP_ID, "test_book_osp_13", "wx" },
+ { USER_APP_ID, "test_book_osp_14", "rwx" },
+ { USER_APP_ID, "test_book_osp_15", "rwxat" },
+ { "test_subject_osp_8", USER_APP_ID, "r" },
+ { "test_subject_osp_9", USER_APP_ID, "w" },
+ { "test_subject_osp_10", USER_APP_ID, "x" },
+ { "test_subject_osp_11", USER_APP_ID, "rw" },
+ { "test_subject_osp_12", USER_APP_ID, "rx" },
+ { "test_subject_osp_13", USER_APP_ID, "wx" },
+ { "test_subject_osp_14", USER_APP_ID, "rwx" },
+ { "test_subject_osp_15", USER_APP_ID, "rwxat" }
};
int test_have_all_accesses(const rules_t &rules);
int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
int /*typeflag*/, struct FTW* /*ftwbuf*/);
-void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack);
+void test_revoke_permissions(int line_no, const char* app_id);
void test_app_enable_permissions_efl(bool smack);
void test_app_disable_permissions_efl(bool smack);
void test_app_disable_permissions(bool smack);
#define CANARY_LABEL "tiny_yellow_canary"
+const char *USER_APP_ID = "User";
+
const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", NULL };
const char *PRIVS2[] = { "test_privilege_control_rules2", NULL };
const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL };
labelPtr.reset(label);
RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set");
- result = strcmp(APPID_DIR, labelPtr.get());
+ result = strcmp(USER_APP_ID, labelPtr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect");
/* EXEC */
RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
- result = strcmp(APPID_DIR, labelPtr.get());
+ result = strcmp(USER_APP_ID, labelPtr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
} else if (S_ISLNK(sb->st_mode)) {
struct stat buf;
RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set");
} else {
RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set");
- result = strcmp(APPID_DIR, labelPtr.get());
+ result = strcmp(USER_APP_ID, labelPtr.get());
RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect");
}
} else
return 0;
}
-void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack)
+void test_revoke_permissions(int line_no, const char* app_id)
{
int result;
DB_END
- // Are all the permissions revoked?
- RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules), "Line: " << line_no <<
- "Not all permisions revoked.");
-
DB_BEGIN
// Cleanup - uninstall test apps
"perm_app_install failed: " << result);
// Register a permission:
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
+ result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error registering app permissions. Result: " << result);
DB_END
- RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
"SMACK accesses not granted for EFL_APP");
DB_BEGIN
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_install failed: " << result);
+ result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
+ "SMACK accesses not disabled for EFL_APP");
+
+ DB_BEGIN
+
// Register a permission
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
+ result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error registering app permissions. Result: " << result);
DB_END
- RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
"SMACK accesses not granted for EFL_APP");
DB_BEGIN
DB_END
- RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}),
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
"SMACK accesses not disabled for EFL_APP");
DB_BEGIN
result = perm_app_install(WGT_APP_ID);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_install failed: " << result);
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "Error disabling app first permissions. Result: " << result);
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "Error disabling app no r permissions. Result: " << result);
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "Error disabling app r permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2),
+ "SMACK accesses not disabled.");
+
+ RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules1),
+ "SMACK accesses not disabled.");
+
+ DB_BEGIN
+
/**
* Test - disable all granted permissions.
*/
// Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app permissions. Result: " << result);
DB_BEGIN
// Prepare permissions that will not be disabled
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error adding app first permissions. Result: " << result);
// Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error adding app second permissions. Result: " << result);
DB_BEGIN
// Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app r permissions. Result: " << result);
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app no r permissions. Result: " << result);
DB_BEGIN
// Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error adding app no r permissions. Result: " << result);
RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,
" Error registering api feature. Result: " << ret);
- ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true);
+ ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, false);
RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,
" Error registering app permissions. Result: " << ret);
DB_END
- //check if "app_test" has an RX access to the app "app_1"
- RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, APP_1, "rx"}}), "access denied");
-
//check if "app_test" has an RWX access to a folder registered by "app_1"
ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS );
app1DirLabelPtr.reset(label);
RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
- RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get());
DB_BEGIN
DB_END
- //check if "app_test" has an RX access to the app "app_2"
- RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, APP_2, "rx"}}), "access denied");
-
//check if "app_test" has an RWX access to a folder registered by "app_2"
ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS );
app2DirLabelPtr.reset(label);
RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed");
- RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, app2DirLabelPtr.get(), "rwx"}}), "access denies");
+ RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID, app2DirLabelPtr.get(), "rwx"}}), "access denies");
rmdir(APP_1_DIR);
rmdir(APP_2_DIR);
result = strcmp(APPID_SHARED_DIR, label);
RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect");
- result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl");
+ result = smack_have_access(USER_APP_ID, APPID_SHARED_DIR, "rwxatl");
RUNNER_ASSERT_MSG_BT(result == 1,
"Error rwxatl access was not given shared dir. Subject: " <<
- APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
+ USER_APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result);
/* EXEC */
result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path");
result = perm_app_install(APP_ID);
RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
- RUNNER_ASSERT_MSG_BT(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail");
+ result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, USER_APP_ID);
+ RUNNER_ASSERT_MSG_BT(result != 0, "perm_app_setup_path(APP_ID, USER_APP_ID) didn't fail");
DB_END
*/
RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
{
- test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, true);
+ test_revoke_permissions(__LINE__, WGT_APP_ID);
}
/**
*/
RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
{
- test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, true);
+ test_revoke_permissions(__LINE__, OSP_APP_ID);
}
void test_set_app_privilege(
"Errno: " << strerror(errno));
// TEST:
- result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, true);
+ result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app permissions. Result: " << result);
" Error getting current process label");
RUNNER_ASSERT_MSG_BT(label != NULL,
" Process label is not set");
- result = strcmp(app_id, label);
+
+ result = strcmp(USER_APP_ID, label);
RUNNER_ASSERT_MSG_BT(result == 0,
" Process label " << label << " is incorrect");
RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned: " << perm_strerror(result));
DB_END
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_uninstall(pkg_id);
}
RUNNER_TEST(privilege_control07_app_uninstall)
DB_END
TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(pkg_id);
+ db_test.test_db_after__perm_app_install(USER_APP_ID);
}
RUNNER_TEST(privilege_control01_app_install)
RUNNER_ASSERT_MSG_BT(result == 0, "perm_rollback returned: " << perm_strerror(result));
DB_END
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_uninstall(APP_ID);
-
}
RUNNER_TEST(privilege_control07_app_rollback_2)
DB_END
TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(APP_ID);
+ db_test.test_db_after__perm_app_install(USER_APP_ID);
}
/**
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error revoking app permissions. Result: " << result);
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app permissions. Result: " << result);
*/
DB_BEGIN
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app permissions. Result: " << result);
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error enabling app permissions. Result: " << result);
DB_BEGIN
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app permissions. Result: " << result);
DB_BEGIN
// Register permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app permissions without r. Result: " << result);
DB_BEGIN
// Register permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app all permissions. Result: " << result);
*/
// Enable permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app permissions without r. Result: " << result);
DB_BEGIN
// Enable permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error registering app permissions with only r. Result: " << result);
result = perm_app_install(WGT_APP_ID);
RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ // Disable permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
// Prepare permissions to reset
result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
DB_BEGIN
// Disable permissions
- result = perm_app_revoke_permissions(WGT_APP_ID);
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error disabling app permissions. Result: " << result);
//The only exception in nftw_check_labels_app_shared_dir
//smack_have_access returns -1 because of no SMACK.
- result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxat");
+ result = smack_have_access(USER_APP_ID, APPID_SHARED_DIR, "rwxat");
RUNNER_ASSERT_MSG_BT(result == -1,
"smack_have_access should return error (SMACK is off). Result: " << result);
DB_BEGIN
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID);
+ result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, USER_APP_ID);
RUNNER_ASSERT_MSG_BT(result != PC_OPERATION_SUCCESS,
"perm_app_setup_path should fail here. Result: " << result);
"Despite SMACK being off some accesses were added. Result: " << result);
TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(APP_ID);
- db_test.test_db_after__perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
+ db_test.test_db_after__perm_app_install(USER_APP_ID);
+ db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
DB_BEGIN
- result = perm_app_disable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL);
+ result = perm_app_disable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"Error disabling permissions: " << perm_strerror(result));
DB_END
*/
RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack)
{
- test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, false);
+ test_revoke_permissions(__LINE__, WGT_APP_ID);
}
/**
*/
RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_nosmack)
{
- test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, false);
+ test_revoke_permissions(__LINE__, OSP_APP_ID);
}
/**
RUNNER_ASSERT_MSG_BT(result == -1, "Permissions shouldn't be added. Result: " << result);
TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(WGT_APP_ID);
- db_test.test_db_after__perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ db_test.test_db_after__perm_app_install(USER_APP_ID);
+ db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_WGT, PRIVS2, true);
DB_BEGIN
DB_END
- db_test.test_db_after__perm_app_install(WGT_APP_ID);
+ db_test.test_db_after__perm_app_install(USER_APP_ID);
}
RUNNER_CHILD_TEST_NOSMACK(privilege_control11_app_enable_permissions_efl_nosmack)
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
"perm_app_install returned " << result << ". Errno: " << strerror(errno));
+ // Disable permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
// Prepare permissions to reset
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
" Error adding app permissions. Result: " << result);
DB_BEGIN
// Disable permissions
- result = perm_app_revoke_permissions(WGT_APP_ID);
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
+ "Error disabling app permissions. Result: " << result);
DB_END
}