From: Pawel Wieczorek Date: Wed, 22 Apr 2015 15:01:20 +0000 (+0200) Subject: Merge branch 'tizen' into security-manager X-Git-Tag: security-manager_5.5_testing~109^2~15 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=172747c7c388d09105f6788e0604b37f1e6df896;hp=c96e454948003646973b678be5e2ea9057fe0892;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Merge branch 'tizen' into security-manager Conflicts: packaging/security-tests.spec src/security-manager-tests/CMakeLists.txt src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/exec src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/normal src/security-manager-tests/test_DIR/app_dir/.level_1/exec src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/exec src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/normal src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_exec src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_normal src/security-manager-tests/test_DIR/app_dir/.level_1/normal src/security-manager-tests/test_DIR/app_dir/exec src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/exec src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/normal src/security-manager-tests/test_DIR/app_dir/level_1/exec src/security-manager-tests/test_DIR/app_dir/level_1/level_2/exec src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_exec src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_non_exec src/security-manager-tests/test_DIR/app_dir/level_1/level_2/normal src/security-manager-tests/test_DIR/app_dir/level_1/link_to_exec src/security-manager-tests/test_DIR/app_dir/level_1/link_to_non_exec src/security-manager-tests/test_DIR/app_dir/level_1/normal src/security-manager-tests/test_DIR/app_dir/link_to_exec src/security-manager-tests/test_DIR/app_dir/link_to_non_app_dir src/security-manager-tests/test_DIR/app_dir/link_to_non_app_exec src/security-manager-tests/test_DIR/app_dir/link_to_non_app_normal src/security-manager-tests/test_DIR/app_dir/link_to_non_exec src/security-manager-tests/test_DIR/app_dir/normal src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/exec src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/normal src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/exec src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/exec src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/normal src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/normal src/security-manager-tests/test_DIR/app_dir_public_ro/exec src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/exec src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/normal src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/exec src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/exec src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_exec src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_non_exec src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/normal src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_exec src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_non_exec src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/normal src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_exec src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_dir src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_exec src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_normal src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_exec src/security-manager-tests/test_DIR/app_dir_public_ro/normal src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/exec src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/normal src/security-manager-tests/test_DIR/non_app_dir/.level_1/exec src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/exec src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/normal src/security-manager-tests/test_DIR/non_app_dir/.level_1/normal src/security-manager-tests/test_DIR/non_app_dir/exec src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/exec src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/normal src/security-manager-tests/test_DIR/non_app_dir/level_1/exec src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/exec src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_exec src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_non_exec src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/normal src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_exec src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_non_exec src/security-manager-tests/test_DIR/non_app_dir/level_1/normal src/security-manager-tests/test_DIR/non_app_dir/link_to_exec src/security-manager-tests/test_DIR/non_app_dir/link_to_non_exec src/security-manager-tests/test_DIR/non_app_dir/normal tests/common/CMakeLists.txt tests/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/exec tests/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/normal tests/security-manager-tests/apps_rw/app_dir/.level_1/exec tests/security-manager-tests/apps_rw/app_dir/.level_1/level_2/exec tests/security-manager-tests/apps_rw/app_dir/.level_1/level_2/normal tests/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_exec tests/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_normal tests/security-manager-tests/apps_rw/app_dir/.level_1/normal tests/security-manager-tests/apps_rw/app_dir/exec tests/security-manager-tests/apps_rw/app_dir/level_1/.level_2/exec tests/security-manager-tests/apps_rw/app_dir/level_1/.level_2/normal tests/security-manager-tests/apps_rw/app_dir/level_1/exec tests/security-manager-tests/apps_rw/app_dir/level_1/level_2/exec tests/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_exec tests/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_non_exec tests/security-manager-tests/apps_rw/app_dir/level_1/level_2/normal tests/security-manager-tests/apps_rw/app_dir/level_1/link_to_exec tests/security-manager-tests/apps_rw/app_dir/level_1/link_to_non_exec tests/security-manager-tests/apps_rw/app_dir/level_1/normal tests/security-manager-tests/apps_rw/app_dir/link_to_exec tests/security-manager-tests/apps_rw/app_dir/link_to_non_app_dir tests/security-manager-tests/apps_rw/app_dir/link_to_non_app_exec tests/security-manager-tests/apps_rw/app_dir/link_to_non_app_normal tests/security-manager-tests/apps_rw/app_dir/link_to_non_exec tests/security-manager-tests/apps_rw/app_dir/normal tests/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/exec tests/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/normal tests/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/exec tests/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/exec tests/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/normal tests/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/normal tests/security-manager-tests/apps_rw/app_dir_public_ro/exec tests/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/exec tests/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/normal tests/security-manager-tests/apps_rw/app_dir_public_ro/level_1/exec tests/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/exec tests/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_exec tests/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_non_exec tests/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/normal tests/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_exec tests/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_non_exec tests/security-manager-tests/apps_rw/app_dir_public_ro/level_1/normal tests/security-manager-tests/apps_rw/app_dir_public_ro/link_to_exec tests/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_dir tests/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_exec tests/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_normal tests/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_exec tests/security-manager-tests/apps_rw/app_dir_public_ro/normal tests/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/exec tests/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/normal tests/security-manager-tests/apps_rw/non_app_dir/.level_1/exec tests/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/exec tests/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/normal tests/security-manager-tests/apps_rw/non_app_dir/.level_1/normal tests/security-manager-tests/apps_rw/non_app_dir/exec tests/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/exec tests/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/normal tests/security-manager-tests/apps_rw/non_app_dir/level_1/exec tests/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/exec tests/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_exec tests/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_non_exec tests/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/normal tests/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_exec tests/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_non_exec tests/security-manager-tests/apps_rw/non_app_dir/level_1/normal tests/security-manager-tests/apps_rw/non_app_dir/link_to_exec tests/security-manager-tests/apps_rw/non_app_dir/link_to_non_exec tests/security-manager-tests/apps_rw/non_app_dir/normal tests/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/exec tests/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/normal tests/security-manager-tests/test_DIR/app_dir/.level_1/exec tests/security-manager-tests/test_DIR/app_dir/.level_1/level_2/exec tests/security-manager-tests/test_DIR/app_dir/.level_1/level_2/normal tests/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_exec tests/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_normal tests/security-manager-tests/test_DIR/app_dir/.level_1/normal tests/security-manager-tests/test_DIR/app_dir/exec tests/security-manager-tests/test_DIR/app_dir/level_1/.level_2/exec tests/security-manager-tests/test_DIR/app_dir/level_1/.level_2/normal tests/security-manager-tests/test_DIR/app_dir/level_1/exec tests/security-manager-tests/test_DIR/app_dir/level_1/level_2/exec tests/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_exec tests/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_non_exec tests/security-manager-tests/test_DIR/app_dir/level_1/level_2/normal tests/security-manager-tests/test_DIR/app_dir/level_1/link_to_exec tests/security-manager-tests/test_DIR/app_dir/level_1/link_to_non_exec tests/security-manager-tests/test_DIR/app_dir/level_1/normal tests/security-manager-tests/test_DIR/app_dir/link_to_exec tests/security-manager-tests/test_DIR/app_dir/link_to_non_app_dir tests/security-manager-tests/test_DIR/app_dir/link_to_non_app_exec tests/security-manager-tests/test_DIR/app_dir/link_to_non_app_normal tests/security-manager-tests/test_DIR/app_dir/link_to_non_exec tests/security-manager-tests/test_DIR/app_dir/normal tests/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/exec tests/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/normal tests/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/exec tests/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/exec tests/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/normal tests/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/normal tests/security-manager-tests/test_DIR/app_dir_public_ro/exec tests/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/exec tests/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/normal tests/security-manager-tests/test_DIR/app_dir_public_ro/level_1/exec tests/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/exec tests/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_exec tests/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_non_exec tests/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/normal tests/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_exec tests/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_non_exec tests/security-manager-tests/test_DIR/app_dir_public_ro/level_1/normal tests/security-manager-tests/test_DIR/app_dir_public_ro/link_to_exec tests/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_dir tests/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_exec tests/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_normal tests/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_exec tests/security-manager-tests/test_DIR/app_dir_public_ro/normal tests/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/exec tests/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/normal tests/security-manager-tests/test_DIR/non_app_dir/.level_1/exec tests/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/exec tests/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/normal tests/security-manager-tests/test_DIR/non_app_dir/.level_1/normal tests/security-manager-tests/test_DIR/non_app_dir/exec tests/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/exec tests/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/normal tests/security-manager-tests/test_DIR/non_app_dir/level_1/exec tests/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/exec tests/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_exec tests/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_non_exec tests/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/normal tests/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_exec tests/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_non_exec tests/security-manager-tests/test_DIR/non_app_dir/level_1/normal tests/security-manager-tests/test_DIR/non_app_dir/link_to_exec tests/security-manager-tests/test_DIR/non_app_dir/link_to_non_exec tests/security-manager-tests/test_DIR/non_app_dir/normal Change-Id: If7b091f075dd360826c7194e94443a35adf27b1e Signed-off-by: Pawel Wieczorek --- diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec index d664c17..a3d222e 100644 --- a/packaging/security-tests.spec +++ b/packaging/security-tests.spec @@ -26,9 +26,7 @@ BuildRequires: cynara-devel BuildRequires: pkgconfig(libtzplatform-config) BuildRequires: boost-devel BuildRequires: pkgconfig(vconf) -Requires(post): gum-utils -Requires(postun): gum-utils -Requires(postun): %{_bindir}/id +BuildRequires: pkgconfig(libgum) >= 1.0.5 Requires: perf Requires: gdb Requires: key-manager-listener @@ -51,8 +49,7 @@ cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DSECURITY_MDFPP_STATE_ENABLE=1 \ %endif -DCMAKE_VERBOSE_MAKEFILE=ON \ - -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \ - -DAPP_USER=security-tests-app + -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db make %{?jobs:-j%jobs} %install @@ -60,10 +57,8 @@ make %{?jobs:-j%jobs} ln -sf /etc/smack/test_smack_rules %{buildroot}/etc/smack/test_smack_rules_lnk %post -%{_bindir}/gum-utils --add-user --username=security-tests-app --usertype=normal --offline - find /etc/smack/test_privilege_control_DIR/ -type f -name exec -exec chmod 0755 {} + -find /usr/apps/test_DIR/ -type f -name exec -exec chmod 0755 {} + +find /usr/apps/ -type f -name exec -exec chmod 0755 {} + # Load permissions templates api_feature_loader --verbose @@ -76,9 +71,6 @@ api_feature_loader --verbose echo "security-tests postinst done ..." -%postun -%{_bindir}/gum-utils --delete-user --uid=`%{_bindir}/id -u security-tests-app` --offline - %files %manifest %{name}.manifest %defattr(-, root, root, -) @@ -107,8 +99,7 @@ echo "security-tests postinst done ..." /etc/smack/test_smack_rules_lnk /usr/share/privilege-control/* /etc/smack/test_privilege_control_DIR/* -/usr/apps/test_DIR/* -/home/security-tests-app/test_DIR +/usr/apps/* /usr/bin/test-app-efl /usr/bin/test-app-osp /usr/bin/test-app-wgt diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index fcfc13f..994fee1 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -1,10 +1,13 @@ INCLUDE(FindPkgConfig) +SET(COMMON_TARGET_TEST "tests-common") #dependencies PKG_CHECK_MODULES(COMMON_TARGET_DEP libsmack dbus-1 sqlite3 + libgum + glib-2.0 REQUIRED ) @@ -24,6 +27,7 @@ SET(COMMON_TARGET_TEST_SOURCES ${PROJECT_SOURCE_DIR}/src/common/uds.cpp ${PROJECT_SOURCE_DIR}/src/common/synchronization_pipe.cpp ${PROJECT_SOURCE_DIR}/src/common/timeout.cpp + ${PROJECT_SOURCE_DIR}/src/common/temp_test_user.cpp ) #system and local includes diff --git a/src/common/temp_test_user.cpp b/src/common/temp_test_user.cpp new file mode 100644 index 0000000..f6aa6c1 --- /dev/null +++ b/src/common/temp_test_user.cpp @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +*/ + +/* + * @file temp_test_user.cpp + * @author Jan Cybulski (j.cybulski@partner.samsung.com) + * @version 1.0 + * @brief File with class for users management + */ + + +#include +#include +#include + +void TemporaryTestUser::create(void) +{ + if (m_guser) { + remove(); + }; + + m_guser = gum_user_create_sync (m_offline); + RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object"); + g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL); + g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL); + gboolean added = gum_user_add_sync(m_guser); + RUNNER_ASSERT_MSG(added, "Failed to add user"); + g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL); + RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0."); + g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL); + RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0."); +} + +void TemporaryTestUser::remove(void) +{ + if(m_guser){ + gum_user_delete_sync(m_guser, TRUE); + g_object_unref(m_guser); + m_guser = nullptr; + } +} + +TemporaryTestUser::~TemporaryTestUser() +{ + this->remove(); +} diff --git a/src/common/temp_test_user.h b/src/common/temp_test_user.h new file mode 100644 index 0000000..120b21b --- /dev/null +++ b/src/common/temp_test_user.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +*/ + +#ifndef TEMP_TEST_USER_H +#define TEMP_TEST_USER_H + +#include +#include +#include +#include + +class TemporaryTestUser { +public: + TemporaryTestUser() = delete; + TemporaryTestUser(std::string userName, GumUserType userType, bool offline) : + m_uid(0), + m_gid(0), + m_userName(userName), + m_userType(userType), + m_guser(nullptr), + m_offline(offline) + {}; + ~TemporaryTestUser(); + void remove(void); + uid_t getUid() const {return m_uid;} + uid_t getGid() const {return m_gid;} + void create(void); + void getUidString(std::string& uidstr) const {uidstr = std::to_string(static_cast(m_uid));} + const std::string& getUserName() const {return m_userName;} + GumUserType getUserType() const {return m_userType;} +private: + uid_t m_uid; + uid_t m_gid; + std::string m_userName; + GumUserType m_userType; + GumUser *m_guser; + bool m_offline; +}; + +#endif diff --git a/src/common/tests_common.cpp b/src/common/tests_common.cpp index 3095243..2332abb 100644 --- a/src/common/tests_common.cpp +++ b/src/common/tests_common.cpp @@ -22,6 +22,7 @@ */ #include "tests_common.h" +#include #include #include #include @@ -173,3 +174,63 @@ int files_compare(int fd1, int fd2) return result; } + +void mkdirSafe(const std::string &path, mode_t mode) +{ + RUNNER_ASSERT_ERRNO_MSG(0 == mkdir(path.c_str(), mode) || errno == EEXIST, + "mkdir for <" << path << "> with mode <" << mode << "> failed"); +} + +void mktreeSafe(const std::string &path, mode_t mode) +{ + // Create subsequent parent directories + // Assume that path is absolute - i.e. starts with '/' + for (size_t pos = 0; (pos = path.find("/", pos + 1)) != std::string::npos; ) + mkdirSafe(path.substr(0, pos).c_str(), mode); + + mkdirSafe(path, mode); +} + +void creatSafe(const std::string &path, mode_t mode) +{ + RUNNER_ASSERT_ERRNO_MSG(-1 != creat(path.c_str(), mode), + "creat for <" << path << "> with mode <" << mode << "> failed"); +} + +void symlinkSafe(const std::string &targetPath, const std::string &linkPath) +{ + RUNNER_ASSERT_ERRNO_MSG(0 == symlink(targetPath.c_str(), linkPath.c_str()), + "symlink for <" << linkPath << "> to <" << targetPath << "> failed"); +} + +void removeDir(const std::string &path) +{ + DIR *d = opendir(path.c_str()); + + if (nullptr == d) { + RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "opendir of <" << path << "> failed"); + return; + } + + struct dirent *dirEntry; + while (nullptr != (dirEntry = readdir(d))) { + std::string entryName(dirEntry->d_name); + if (entryName == "." || entryName == "..") + continue; + + std::string entryPath(path + "/" + entryName); + struct stat st; + + RUNNER_ASSERT_ERRNO_MSG(0 == lstat(entryPath.c_str(), &st), + "stat for <" << entryPath << "> failed"); + if (S_ISDIR(st.st_mode)) + removeDir(entryPath); + else + RUNNER_ASSERT_ERRNO_MSG(0 == unlink(entryPath.c_str()), + "unlink for <" << entryPath << "> failed"); + } + + closedir(d); + + RUNNER_ASSERT_ERRNO_MSG(0 == rmdir(path.c_str()), "rmdir for <" << path << "> failed"); +} diff --git a/src/common/tests_common.h b/src/common/tests_common.h index 2fb249b..ac398f0 100644 --- a/src/common/tests_common.h +++ b/src/common/tests_common.h @@ -47,6 +47,11 @@ void add_process_group(const char* group_name); void remove_process_group(const char* group_name); std::string formatCstr(const char *cstr); int files_compare(int fd1, int fd2); +void mkdirSafe(const std::string &path, mode_t mode); +void mktreeSafe(const std::string &path, mode_t mode); +void creatSafe(const std::string &path, mode_t mode); +void symlinkSafe(const std::string &targetPath, const std::string &linkPath); +void removeDir(const std::string &path); #define RUNNER_TEST_SMACK(Proc) \ void Proc(); \ diff --git a/src/security-manager-tests/CMakeLists.txt b/src/security-manager-tests/CMakeLists.txt index 4a0f954..7f1d234 100644 --- a/src/security-manager-tests/CMakeLists.txt +++ b/src/security-manager-tests/CMakeLists.txt @@ -25,18 +25,27 @@ PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP libsmack libprivilege-control cynara-client + cynara-admin security-manager libtzplatform-config sqlite3 - libcap) + libcap + dbus-1 + libgum) SET(TARGET_SEC_MGR_TESTS "security-manager-tests") SET(SEC_MGR_SOURCES ${PROJECT_SOURCE_DIR}/src/security-manager-tests/security_manager_tests.cpp + ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_api.cpp ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_db.cpp + ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_request.cpp + ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_user_request.cpp + ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_policy_request.cpp ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp + ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp + ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp ) @@ -52,25 +61,24 @@ INCLUDE_DIRECTORIES( ${PROJECT_SOURCE_DIR}/src/common/ ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/ + ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/ ) +FIND_PACKAGE(Threads) + ADD_EXECUTABLE(${TARGET_SEC_MGR_TESTS} ${SEC_MGR_SOURCES}) TARGET_LINK_LIBRARIES(${TARGET_SEC_MGR_TESTS} ${SEC_MGR_TESTS_DEP_LIBRARIES} dpl-test-framework tests-common + ${CMAKE_THREAD_LIBS_INIT} ) INSTALL(TARGETS ${TARGET_SEC_MGR_TESTS} DESTINATION /usr/bin) INSTALL(DIRECTORY - ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_DIR + ${PROJECT_SOURCE_DIR}/src/security-manager-tests/apps_rw/ DESTINATION /usr/apps/ ) - -INSTALL(DIRECTORY - ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_DIR - DESTINATION /home/${APP_USER}/ -) diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/exec b/src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/exec rename to src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/normal b/src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/normal rename to src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/normal diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/exec b/src/security-manager-tests/apps_rw/app_dir/.level_1/exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/exec rename to src/security-manager-tests/apps_rw/app_dir/.level_1/exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/exec b/src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/exec rename to src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/normal b/src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/normal rename to src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/normal diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_exec b/src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_exec rename to src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_exec diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_normal b/src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_normal rename to src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_normal diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/normal b/src/security-manager-tests/apps_rw/app_dir/.level_1/normal similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/normal rename to src/security-manager-tests/apps_rw/app_dir/.level_1/normal diff --git a/src/security-manager-tests/test_DIR/non_app_dir/exec b/src/security-manager-tests/apps_rw/app_dir/exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/exec rename to src/security-manager-tests/apps_rw/app_dir/exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/exec b/src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/exec rename to src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/normal b/src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/normal rename to src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/normal diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/exec b/src/security-manager-tests/apps_rw/app_dir/level_1/exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/exec rename to src/security-manager-tests/apps_rw/app_dir/level_1/exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/exec b/src/security-manager-tests/apps_rw/app_dir/level_1/level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/exec rename to src/security-manager-tests/apps_rw/app_dir/level_1/level_2/exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/link_to_exec b/src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/link_to_exec rename to src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_non_exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/link_to_non_exec rename to src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_non_exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/normal b/src/security-manager-tests/apps_rw/app_dir/level_1/level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/normal rename to src/security-manager-tests/apps_rw/app_dir/level_1/level_2/normal diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_exec b/src/security-manager-tests/apps_rw/app_dir/level_1/link_to_exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_exec rename to src/security-manager-tests/apps_rw/app_dir/level_1/link_to_exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir/level_1/link_to_non_exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_non_exec rename to src/security-manager-tests/apps_rw/app_dir/level_1/link_to_non_exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/normal b/src/security-manager-tests/apps_rw/app_dir/level_1/normal similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/normal rename to src/security-manager-tests/apps_rw/app_dir/level_1/normal diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/apps_rw/app_dir/link_to_exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_exec rename to src/security-manager-tests/apps_rw/app_dir/link_to_exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_dir b/src/security-manager-tests/apps_rw/app_dir/link_to_non_app_dir similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_dir rename to src/security-manager-tests/apps_rw/app_dir/link_to_non_app_dir diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_exec b/src/security-manager-tests/apps_rw/app_dir/link_to_non_app_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_exec rename to src/security-manager-tests/apps_rw/app_dir/link_to_non_app_exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_normal b/src/security-manager-tests/apps_rw/app_dir/link_to_non_app_normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_normal rename to src/security-manager-tests/apps_rw/app_dir/link_to_non_app_normal diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir/link_to_non_exec similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_non_exec rename to src/security-manager-tests/apps_rw/app_dir/link_to_non_exec diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/normal b/src/security-manager-tests/apps_rw/app_dir/normal similarity index 100% rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/normal rename to src/security-manager-tests/apps_rw/app_dir/normal diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/normal rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/normal diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/normal rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/normal diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/normal rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/normal diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/normal rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/normal diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_non_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_non_exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/normal rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/normal diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_non_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_non_exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_non_exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/normal rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/normal diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_exec diff --git a/src/security-manager-tests/test_DIR/app_dir/link_to_non_app_dir b/src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_dir similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/link_to_non_app_dir rename to src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_dir diff --git a/src/security-manager-tests/test_DIR/app_dir/link_to_non_app_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/link_to_non_app_exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_exec diff --git a/src/security-manager-tests/test_DIR/app_dir/link_to_non_app_normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/link_to_non_app_normal rename to src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_normal diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_non_exec rename to src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_exec diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/normal rename to src/security-manager-tests/apps_rw/app_dir_public_ro/normal diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/level_2/exec b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/exec rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/exec diff --git a/src/security-manager-tests/test_DIR/app_dir/normal b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/normal rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/normal diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/exec b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/level_1/exec rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/exec diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/exec b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/exec rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/exec diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/normal b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/level_1/normal rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/normal diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/level_2/normal b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/normal rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/normal diff --git a/src/security-manager-tests/test_DIR/app_dir/exec b/src/security-manager-tests/apps_rw/non_app_dir/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/exec rename to src/security-manager-tests/apps_rw/non_app_dir/exec diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/exec rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/exec diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/normal b/src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/normal rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/normal diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/.level_1/exec rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/exec diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/exec rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/exec diff --git a/src/security-manager-tests/test_DIR/app_dir/link_to_exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/link_to_exec rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_exec diff --git a/src/security-manager-tests/test_DIR/app_dir/link_to_non_exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_non_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/link_to_non_exec rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_non_exec diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/normal b/src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/.level_1/normal rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/normal diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/link_to_exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/level_1/link_to_exec rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_exec diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/link_to_non_exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_non_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/level_1/link_to_non_exec rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_non_exec diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/normal b/src/security-manager-tests/apps_rw/non_app_dir/level_1/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/normal rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/normal diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/apps_rw/non_app_dir/link_to_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_exec rename to src/security-manager-tests/apps_rw/non_app_dir/link_to_exec diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/apps_rw/non_app_dir/link_to_non_exec similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_non_exec rename to src/security-manager-tests/apps_rw/non_app_dir/link_to_non_exec diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/normal b/src/security-manager-tests/apps_rw/non_app_dir/normal similarity index 100% rename from src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/normal rename to src/security-manager-tests/apps_rw/non_app_dir/normal diff --git a/src/security-manager-tests/apps_rw/subdir/file b/src/security-manager-tests/apps_rw/subdir/file new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/common/sm_api.cpp b/src/security-manager-tests/common/sm_api.cpp new file mode 100644 index 0000000..12ede82 --- /dev/null +++ b/src/security-manager-tests/common/sm_api.cpp @@ -0,0 +1,182 @@ +/* + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include + +namespace SecurityManagerTest { + +namespace Api { + +void install(const InstallRequest &request, lib_retcode expectedResult) +{ + int result = security_manager_app_install(request.get()); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "installing app returned wrong value." + << " InstallRequest: [ " << request << "];" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); +} + +void uninstall(const InstallRequest &request, lib_retcode expectedResult) +{ + int result = security_manager_app_uninstall(request.get()); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "uninstalling app returned wrong value." + << " InstallRequest: [ " << request << "];" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); +} + +std::string getPkgId(const char *appId, lib_retcode expectedResult) +{ + char *pkgId = nullptr; + int result = security_manager_get_app_pkgid(&pkgId, appId); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "getting pkg id from app id returned wrong value." + << " App id: " << appId << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); + if (expectedResult != SECURITY_MANAGER_SUCCESS) + return std::string(); + + RUNNER_ASSERT_MSG(pkgId != nullptr, "getting pkg id did not allocate memory"); + std::string str(pkgId); + free(pkgId); + return str; +} + +void setProcessLabel(const char *appId, lib_retcode expectedResult) +{ + int result = security_manager_set_process_label_from_appid(appId); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "setting process label from app id returned wrong value." + << " App id: " << appId << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); +} + +void setProcessGroups(const char *appId, lib_retcode expectedResult) +{ + int result = security_manager_set_process_groups_from_appid(appId); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "setting process groups from app id returned wrong value." + << " App id: " << appId << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); +} + +void dropProcessPrivileges(lib_retcode expectedResult) +{ + int result = security_manager_drop_process_privileges(); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "dropping process privileges returned wrong value." + << " Result: " << result << ";" + << " Expected result: " << expectedResult); +} + +void prepareApp(const char *appId, lib_retcode expectedResult) +{ + int result = security_manager_prepare_app(appId); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "preparing app returned wrong value." + << " App id: " << appId << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); +} + +void addUser(const UserRequest &request, lib_retcode expectedResult) +{ + int result = security_manager_user_add(request.get()); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "adding user returned wrong value." + << " UserRequest: [ " << request << "];" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); +} + +void deleteUser(const UserRequest &request, lib_retcode expectedResult) +{ + int result = security_manager_user_delete(request.get()); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "deleting user returned wrong value." + << " UserRequest: [ " << request << "];" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); +} + +void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult) +{ + int result = security_manager_policy_update_send(request.get()); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "sending policy update for self returned wrong value." + << " PolicyRequest: [ " << request << "];" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); +} + +void getConfiguredPolicy(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult, bool forAdmin) +{ + policy_entry **pp_privs_policy = NULL; + size_t policy_size = 0; + int result; + + if (forAdmin) { + result = security_manager_get_configured_policy_for_admin(filter.get(), &pp_privs_policy, &policy_size); + } else { + result = security_manager_get_configured_policy_for_self(filter.get(), &pp_privs_policy, &policy_size); + }; + + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "Unexpected result for filter: " << filter << std::endl + << " Result: " << result << ";"); + + for (unsigned int i = 0; i < policy_size; ++i) { + PolicyEntry pe(*pp_privs_policy[i]); + policyEntries.push_back(pe); + }; +} + +void getPolicy(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult) +{ + policy_entry **pp_privs_policy = NULL; + size_t policy_size = 0; + int result; + + result = security_manager_get_policy(filter.get(), &pp_privs_policy, &policy_size); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "Unexpected result" << std::endl + << " Result: " << result << ";"); + for (unsigned int i = 0; i < policy_size; ++i) { + PolicyEntry pe(*pp_privs_policy[i]); + policyEntries.push_back(pe); + }; +} + +void getPolicyForSelf(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult) +{ + getConfiguredPolicy(filter, policyEntries, expectedResult, false); +} + +void getPolicyForAdmin(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult) +{ + getConfiguredPolicy(filter, policyEntries, expectedResult, true); +} + +} // namespace Api + +} // namespace SecurityManagerTest diff --git a/src/security-manager-tests/common/sm_api.h b/src/security-manager-tests/common/sm_api.h new file mode 100644 index 0000000..8a99e32 --- /dev/null +++ b/src/security-manager-tests/common/sm_api.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SECURITY_MANAGER_TEST_API +#define SECURITY_MANAGER_TEST_API + +#include +#include +#include + +#include + +namespace SecurityManagerTest { + +namespace Api { + +void install(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void uninstall(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +std::string getPkgId(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void setProcessLabel(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void setProcessGroups(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void dropProcessPrivileges(lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void prepareApp(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void addUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void deleteUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void getPolicy(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void getPolicyForSelf(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +void getPolicyForAdmin(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); +} // namespace Api + +} // namespace SecurityManagerTest + +#endif // SECURITY_MANAGER_TEST_API diff --git a/src/security-manager-tests/common/sm_db.cpp b/src/security-manager-tests/common/sm_db.cpp index 2f420bf..8e3e562 100644 --- a/src/security-manager-tests/common/sm_db.cpp +++ b/src/security-manager-tests/common/sm_db.cpp @@ -187,15 +187,13 @@ void TestSecurityManagerDatabase::setup_privilege_groups(const std::string &priv if (!m_base.is_open()) m_base.open(); - sql << "INSERT OR IGNORE INTO privilege (name) VALUES ('" << privilege << "')"; - m_base.execute(sql.str(), result); - for (const auto &group : groups) { sql.clear(); sql.str(""); - sql << "INSERT OR IGNORE INTO privilege_group (privilege_id, name) " - "VALUES ((SELECT privilege_id FROM privilege WHERE name = '" - << privilege << "'), '" << group << "')"; + sql << "INSERT INTO privilege_group_view (privilege_name, group_name) " + "VALUES (" + << "'" << privilege << "'" << "," + << "'" << group << "'" << ")"; m_base.execute(sql.str(), result); } } diff --git a/src/security-manager-tests/common/sm_policy_request.cpp b/src/security-manager-tests/common/sm_policy_request.cpp new file mode 100644 index 0000000..043b8d1 --- /dev/null +++ b/src/security-manager-tests/common/sm_policy_request.cpp @@ -0,0 +1,173 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include + +namespace SecurityManagerTest { + +PolicyEntry::PolicyEntry() + : m_appId(true, std::string(SECURITY_MANAGER_ANY)) + , m_user(true, std::string(SECURITY_MANAGER_ANY)) + , m_privilege(true, std::string(SECURITY_MANAGER_ANY)) + , m_currentLevel(false, std::string("")) + , m_maxLevel(false, std::string("")) +{ + int result = security_manager_policy_entry_new(&m_entry); + RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "creation of new policy entry failed. Result: " << result); + RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory"); + + security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str()); + security_manager_policy_entry_set_user(m_entry, m_user.second.c_str()); + security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str()); +} + +PolicyEntry::PolicyEntry(const std::string &appId, const std::string &user, + const std::string &privilege) + : m_appId(true, std::string(appId)) + , m_user(true, std::string(user)) + , m_privilege(true, std::string(privilege)) + , m_currentLevel(false, std::string("")) + , m_maxLevel(false, std::string("")) +{ + int result = security_manager_policy_entry_new(&m_entry); + RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "creation of new policy entry failed. Result: " << result); + RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory"); + + security_manager_policy_entry_set_user(m_entry, m_user.second.c_str()); + security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str()); + security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str()); +} + +PolicyEntry::PolicyEntry(policy_entry &entry): m_entry(&entry) +{ + m_appId.first = true; + m_appId.second = std::string(security_manager_policy_entry_get_application(m_entry)); + + m_user.first = true; + m_user.second = std::string(security_manager_policy_entry_get_user(m_entry)); + + m_privilege.first = true; + m_privilege.second = std::string(security_manager_policy_entry_get_privilege(m_entry)); + + m_currentLevel.first = true; + m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry)); + + m_maxLevel.first = true; + m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry)); +}; + +void PolicyEntry::setLevel(const std::string &level) +{ + m_currentLevel.first = true; + m_currentLevel.second = level; + security_manager_policy_entry_set_level(m_entry, level.c_str()); + m_maxLevel.first = true; + m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry)); +}; + +void PolicyEntry::setMaxLevel(const std::string &level) +{ + m_maxLevel.first = true; + m_maxLevel.second = level; + security_manager_policy_entry_admin_set_level(m_entry, level.c_str()); + m_currentLevel.first = true; + m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry)); +}; + + +std::ostream& operator<<(std::ostream &os, const PolicyEntry &request) +{ + if (request.m_appId.first) + os << "appId: " << request.m_appId.second << "; "; + + if (request.m_user.first) + os << "user: " << request.m_user.second << "; "; + + if (request.m_privilege.first) + os << "privilege: " << request.m_privilege.second << "; "; + + if (request.m_currentLevel.first) + os << "current: " << request.m_currentLevel.second << "; "; + + if (request.m_maxLevel.first) + os << "max: " << request.m_maxLevel.second << "; "; + + return os; +} + +PolicyEntry::~PolicyEntry() +{ +} + +void PolicyEntry::free(void) +{ + security_manager_policy_entry_free(m_entry); +} + + +PolicyRequest::PolicyRequest() + : m_req(nullptr), + m_entries() +{ + int result = security_manager_policy_update_req_new(&m_req); + RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "creation of new policy request failed. Result: " << result); + RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new policy request did not allocate memory"); +} + +PolicyRequest::~PolicyRequest() +{ + for(std::vector::iterator it = m_entries.begin(); it != m_entries.end(); ++it) { + it->free(); + } + security_manager_policy_update_req_free(m_req); +} + +void PolicyRequest::addEntry(PolicyEntry &entry, + lib_retcode expectedResult) +{ + int result = 0; + + result = security_manager_policy_update_req_add_entry(m_req, entry.get()); + + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "adding policy entry to request returned wrong value." + << " entry: " << entry << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); + + m_entries.push_back(entry); +} + +std::ostream& operator<<(std::ostream &os, const PolicyRequest &request) +{ + if (request.m_entries.size() != 0) + { + os << "PolicyRequest m_entries size: " << request.m_entries.size() << "; "; + + for(unsigned int i = 0; i != request.m_entries.size(); i++) { + os << "entry " << i << ": " << request.m_entries[i] << "; "; + } + } + + return os; +} + +} // namespace SecurityManagerTest diff --git a/src/security-manager-tests/common/sm_policy_request.h b/src/security-manager-tests/common/sm_policy_request.h new file mode 100644 index 0000000..bd31329 --- /dev/null +++ b/src/security-manager-tests/common/sm_policy_request.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SECURITY_MANAGER_TEST_POLICYREQUEST +#define SECURITY_MANAGER_TEST_POLICYREQUEST + +#include +#include +#include +#include + +#include + +namespace SecurityManagerTest { + +class PolicyEntry +{ +public: + PolicyEntry(); + + PolicyEntry(const std::string &appId, + const std::string &user, + const std::string &privilege + ); + ~PolicyEntry(); + + PolicyEntry(policy_entry &entry); + + policy_entry *get() const { return m_entry; } + std::string getUser() const { return m_user.second; } + std::string getAppId() const { return m_appId.second; } + std::string getPrivilege() const { return m_privilege.second; } + std::string getCurrentLevel() const { return m_currentLevel.second; } + std::string getMaxLevel() const { return m_maxLevel.second; } + void setLevel(const std::string &level); + void setMaxLevel(const std::string &level); + void free(void); + + friend std::ostream& operator<<(std::ostream &, const PolicyEntry&); + +private: + policy_entry *m_entry; + std::pair m_appId; + std::pair m_user; + std::pair m_privilege; + std::pair m_currentLevel; + std::pair m_maxLevel; +}; + +std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyEntry &request); + +class PolicyRequest +{ +public: + PolicyRequest(); + PolicyRequest(const PolicyRequest&) = delete; + PolicyRequest& operator=(const PolicyRequest&) = delete; + ~PolicyRequest(); + + void addEntry(PolicyEntry &entry, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); + + policy_update_req *get() const { return m_req; } + friend std::ostream& operator<<(std::ostream &, const PolicyRequest&); + +private: + policy_update_req *m_req; + std::vector m_entries; +}; + +std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyRequest &request); + +} // namespace SecurityManagerTest + +#endif // SECURITY_MANAGER_TEST_USERREQUEST diff --git a/src/security-manager-tests/common/sm_request.cpp b/src/security-manager-tests/common/sm_request.cpp new file mode 100644 index 0000000..910bbfd --- /dev/null +++ b/src/security-manager-tests/common/sm_request.cpp @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include + +namespace SecurityManagerTest { + +InstallRequest::InstallRequest() + : m_req(nullptr) + , m_appId(nullptr) + , m_pkgId(nullptr) + , m_uid(false, 0) +{ + int result = security_manager_app_inst_req_new(&m_req); + RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "creation of new request failed. Result: " << result); + RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory"); +} + +InstallRequest::~InstallRequest() +{ + security_manager_app_inst_req_free(m_req); +} + +void InstallRequest::setAppId(const char *appId, lib_retcode expectedResult) +{ + int result = security_manager_app_inst_req_set_app_id(m_req, appId); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "setting app id returned wrong value." + << " App id: " << appId << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); + m_appId = appId; +} + +void InstallRequest::setPkgId(const char *pkgId, lib_retcode expectedResult) +{ + int result = security_manager_app_inst_req_set_pkg_id(m_req, pkgId); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "setting pkg id returned wrong value." + << " Pkg id: " << pkgId << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); + m_pkgId = pkgId; +} + +void InstallRequest::addPrivilege(const char *privilege, lib_retcode expectedResult) +{ + int result = security_manager_app_inst_req_add_privilege(m_req, privilege); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "adding privilege returned wrong value." + << " Privilege: " << privilege << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); + m_privileges.push_back(privilege); +} + +void InstallRequest::addPath(const char *path, app_install_path_type pathType, lib_retcode expectedResult) +{ + int result = security_manager_app_inst_req_add_path(m_req, path, pathType); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "adding path returned wrong value." + << " Path: " << path << ";" + << " Path type: " << pathType << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); + m_paths.push_back(std::pair(path, pathType)); +} + +void InstallRequest::setUid(const uid_t uid, lib_retcode expectedResult) +{ + int result = security_manager_app_inst_req_set_uid(m_req, uid); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "setting uid returned wrong value." + << " Uid: " << uid << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); + m_uid.first = true; + m_uid.second = uid; +} + +std::ostream& operator<<(std::ostream &os, const InstallRequest &request) +{ + if (request.m_appId != nullptr) + os << "app id: " << request.m_appId << "; "; + if (request.m_pkgId != nullptr) + os << "pkg id: " << request.m_pkgId << "; "; + if (!request.m_privileges.empty()) { + os << "privileges: [ " << request.m_privileges[0]; + for (size_t i=1; i < request.m_privileges.size(); ++i) { + os << "; " << request.m_privileges[i]; + } + os << " ]"; + } + if (!request.m_paths.empty()) { + os << "paths: [ " << "< " << request.m_paths[0].first << "; " + << request.m_paths[0].second << " >"; + for (size_t i=1; i < request.m_paths.size(); ++i) { + os << "; < " << request.m_paths[i].first << "; " + << request.m_paths[i].second << " >"; + } + os << " ]"; + } + if (request.m_uid.first) + os << "uid: " << request.m_uid.second << "; "; + return os; +} + +} // namespace SecurityManagerTest diff --git a/src/security-manager-tests/common/sm_request.h b/src/security-manager-tests/common/sm_request.h new file mode 100644 index 0000000..0bd0878 --- /dev/null +++ b/src/security-manager-tests/common/sm_request.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SECURITY_MANAGER_TEST_INSTALLREQUEST +#define SECURITY_MANAGER_TEST_INSTALLREQUEST + +#include +#include +#include +#include +#include + +#include + +namespace SecurityManagerTest { + +class InstallRequest +{ +public: + InstallRequest(); + InstallRequest(const InstallRequest&) = delete; + InstallRequest& operator=(const InstallRequest&) = delete; + ~InstallRequest(); + + void setAppId(const char *appId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); + void setPkgId(const char *pkgId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); + void addPrivilege(const char *privilege, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); + void addPath(const char *path, app_install_path_type pathType, + lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); + void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); + + const app_inst_req *get() const { return m_req; } + friend std::ostream& operator<<(std::ostream &, const InstallRequest&); + +private: + app_inst_req *m_req; + + const char *m_appId; + const char *m_pkgId; + std::vector m_privileges; + std::vector > m_paths; + std::pair m_uid; +}; + +std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::InstallRequest &request); + +} // namespace SecurityManagerTest + +#endif // SECURITY_MANAGER_TEST_INSTALLREQUEST diff --git a/src/security-manager-tests/common/sm_user_request.cpp b/src/security-manager-tests/common/sm_user_request.cpp new file mode 100644 index 0000000..4b176c3 --- /dev/null +++ b/src/security-manager-tests/common/sm_user_request.cpp @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include + +namespace SecurityManagerTest { + +UserRequest::UserRequest() + : m_req(nullptr) + , m_uid(false, 0) + , m_utype(false, static_cast(0)) +{ + int result = security_manager_user_req_new(&m_req); + RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, + "creation of new request failed. Result: " << result); + RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory"); +} + +UserRequest::~UserRequest() +{ + security_manager_user_req_free(m_req); +} + +void UserRequest::setUid(const uid_t uid, lib_retcode expectedResult) +{ + int result = security_manager_user_req_set_uid(m_req, uid); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "setting uid returned wrong value." + << " Uid: " << uid << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); + m_uid.first = true; + m_uid.second = uid; +} + +void UserRequest::setUserType(const security_manager_user_type utype, lib_retcode expectedResult) +{ + int result = security_manager_user_req_set_user_type(m_req, utype); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "setting user type returned wrong value." + << " User type: " << utype << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); + m_utype.first = true; + m_utype.second = utype; +} + +std::ostream& operator<<(std::ostream &os, const UserRequest &request) +{ + if (request.m_uid.first) + os << "uid: " << request.m_uid.second << "; "; + + if (request.m_utype.first) + os << "utype: " << request.m_utype.second << "; "; + + return os; +} + +} // namespace SecurityManagerTest diff --git a/src/security-manager-tests/common/sm_user_request.h b/src/security-manager-tests/common/sm_user_request.h new file mode 100644 index 0000000..64da559 --- /dev/null +++ b/src/security-manager-tests/common/sm_user_request.h @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SECURITY_MANAGER_TEST_USERREQUEST +#define SECURITY_MANAGER_TEST_USERREQUEST + +#include +#include +#include + +#include + +namespace SecurityManagerTest { + +class UserRequest +{ +public: + UserRequest(); + UserRequest(const UserRequest&) = delete; + UserRequest& operator=(const UserRequest&) = delete; + ~UserRequest(); + + void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); + void setUserType(const security_manager_user_type utype, + lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); + + const user_req *get() const { return m_req; } + friend std::ostream& operator<<(std::ostream &, const UserRequest&); + +private: + user_req *m_req; + + std::pair m_uid; + std::pair m_utype; +}; + +std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::UserRequest &request); + +} // namespace SecurityManagerTest + +#endif // SECURITY_MANAGER_TEST_USERREQUEST diff --git a/src/security-manager-tests/security_manager_tests.cpp b/src/security-manager-tests/security_manager_tests.cpp index 21f7081..27db73d 100644 --- a/src/security-manager-tests/security_manager_tests.cpp +++ b/src/security-manager-tests/security_manager_tests.cpp @@ -1,3 +1,4 @@ +#include #include #include #include @@ -5,42 +6,51 @@ #include #include #include +#include +#include +#include +#include #include #include #include #include +#include +#include +#include + #include #include #include #include +#include #include +#include #include +#include +#include +#include #include +#include +#include +#include -DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr); -DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr); - -static const char *const SM_APP_ID1 = "sm_test_app_id_double"; -static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double"; +using namespace SecurityManagerTest; -static const char *const SM_APP_ID2 = "sm_test_app_id_full"; -static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full"; - -static const char *const SM_APP_ID3 = "sm_test_app_id_uid"; -static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid"; +DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr); +DEFINE_SMARTPTR(tzplatform_context_destroy, tzplatform_context, TzPlatformContextPtr); static const privileges_t SM_ALLOWED_PRIVILEGES = { - "security_manager_test_rules2_r", - "security_manager_test_rules2_no_r" + "http://tizen.org/privilege/location", + "http://tizen.org/privilege/camera" }; static const privileges_t SM_DENIED_PRIVILEGES = { - "security_manager_test_rules1", - "security_manager_test_rules2" + "http://tizen.org/privilege/bluetooth", + "http://tizen.org/privilege/power" }; static const privileges_t SM_NO_PRIVILEGES = { @@ -48,16 +58,68 @@ static const privileges_t SM_NO_PRIVILEGES = { static const std::vector SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"}; -static const char *const SM_PRIVATE_PATH = "/usr/apps/test_DIR/app_dir"; -static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro"; -static const char *const SM_DENIED_PATH = "/usr/apps/test_DIR/non_app_dir"; -static const char *const SM_PRIVATE_PATH_FOR_USER = "/home/" APP_USER "/test_DIR"; +static const char *const SM_RW_PATH = "/usr/apps/app_dir"; +static const char *const SM_RO_PATH = "/usr/apps/app_dir_public_ro"; +static const char *const SM_DENIED_PATH = "/usr/apps/non_app_dir"; + static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/ +static const std::string EXEC_FILE("exec"); +static const std::string NORMAL_FILE("normal"); +static const std::string LINK_PREFIX("link_to_"); + +static const std::string PRIVILEGE_MANAGER_APP = "privilege_manager"; +static const std::string PRIVILEGE_MANAGER_PKG = "privilege_manager"; +static const std::string PRIVILEGE_MANAGER_SELF_PRIVILEGE = "http://tizen.org/privilege/systemsettings"; +static const std::string PRIVILEGE_MANAGER_ADMIN_PRIVILEGE = "http://tizen.org/privilege/systemsettings.admin"; + +static const std::vector MANY_APPS = { + "security_manager_10_app_1", + "security_manager_10_app_2", + "security_manager_10_app_3", + "security_manager_10_app_4", + "security_manager_10_app_5" +}; + +static const std::map MANY_APPS_PKGS = { + {"security_manager_10_app_1", "security_manager_10_pkg_1"}, + {"security_manager_10_app_2", "security_manager_10_pkg_2"}, + {"security_manager_10_app_3", "security_manager_10_pkg_3"}, + {"security_manager_10_app_4", "security_manager_10_pkg_4"}, + {"security_manager_10_app_5", "security_manager_10_pkg_5"}, + {PRIVILEGE_MANAGER_APP, PRIVILEGE_MANAGER_PKG} +}; + +static const std::vector MANY_APPS_PRIVILEGES = { + { + "http://tizen.org/privilege/internet", + "http://tizen.org/privilege/location" + }, + { + "http://tizen.org/privilege/telephony", + "http://tizen.org/privilege/camera" + }, + { + "http://tizen.org/privilege/contact.read", + "http://tizen.org/privilege/led", + "http://tizen.org/privilege/email" + }, + { + "http://tizen.org/privilege/led", + "http://tizen.org/privilege/email", + "http://tizen.org/privilege/telephony", + "http://tizen.org/privilege/camera" + }, + { + "http://tizen.org/privilege/internet", + "http://tizen.org/privilege/location", + "http://tizen.org/privilege/led", + "http://tizen.org/privilege/email" + } +}; -static void generateAppLabel(const std::string &pkgId, std::string &label) +static std::string generateAppLabel(const std::string &appId) { - (void) pkgId; - label = "User"; + return "User::App::" + appId; } static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb, @@ -106,41 +168,27 @@ static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb return 0; } +// nftw doesn't allow passing user data to functions. Work around by using global variable +static std::string nftw_expected_label; +bool nftw_expected_transmute; +bool nftw_expected_exec; -static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb, +static int nftw_check_sm_labels(const char *fpath, const struct stat *sb, int /*typeflag*/, struct FTW* /*ftwbuf*/) { - return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true); -} - -static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb, - int /*typeflag*/, struct FTW* /*ftwbuf*/) -{ - - return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false); -} - -static app_inst_req* do_app_inst_req_new() -{ - int result; - app_inst_req *req = nullptr; - - result = security_manager_app_inst_req_new(&req); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "creation of new request failed. Result: " << result); - RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory"); - return req; + return nftw_check_sm_labels_app_dir(fpath, sb, + nftw_expected_label.c_str(), nftw_expected_transmute, nftw_expected_exec); } static void prepare_app_path() { int result; - result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH); + result = nftw(SM_RW_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RW_PATH); - result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH); + result = nftw(SM_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RO_PATH); result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH); @@ -151,16 +199,23 @@ static void prepare_app_env() prepare_app_path(); } -/* TODO: add parameters to this function */ -static void check_app_path_after_install() +static void check_app_path_after_install(const char *appId) { int result; - result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH); + nftw_expected_label = generateAppLabel(appId); + nftw_expected_transmute = false; + nftw_expected_exec = true; + + result = nftw(SM_RW_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH); + + nftw_expected_label = "User::Home"; + nftw_expected_transmute = true; + nftw_expected_exec = false; - result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH); + result = nftw(SM_RO_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH); result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH); @@ -170,9 +225,8 @@ static void check_app_path_after_install() static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user, const privileges_t &allowed_privs, const privileges_t &denied_privs) { - (void) app_id; - std::string smackLabel; - generateAppLabel(pkg_id, smackLabel); + (void) pkg_id; + std::string smackLabel = generateAppLabel(app_id); CynaraTestClient::Client ctc; @@ -195,10 +249,7 @@ static void check_app_gids(const char *const app_id, const std::vector &a ret = setgroups(0, NULL); RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups"); - ret = security_manager_set_process_groups_from_appid(app_id); - RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, - "security_manager_set_process_groups_from_appid(" << - app_id << ") failed. Result: " << ret); + Api::setProcessGroups(app_id); ret = getgroups(0, nullptr); RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups"); @@ -270,166 +321,196 @@ static void check_app_after_uninstall(const char *const app_id, const char *cons dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed); } -static void install_app(const char *app_id, const char *pkg_id) +static void install_app(const char *app_id, const char *pkg_id, uid_t uid = 0) { - int result; - AppInstReqUniquePtr request; - request.reset(do_app_inst_req_new()); + InstallRequest request; + request.setAppId(app_id); + request.setPkgId(pkg_id); + request.setUid(uid); + Api::install(request); - result = security_manager_app_inst_req_set_app_id(request.get(), app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); + check_app_after_install(app_id, pkg_id); - result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting pkg id failed. Result: " << result); +} - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing app failed. Result: " << result); +static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed) +{ + InstallRequest request; + request.setAppId(app_id); - check_app_after_install(app_id, pkg_id); + Api::uninstall(request); + check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed); } -static void uninstall_app(const char *app_id, const char *pkg_id, - bool expect_installed, bool expect_pkg_removed) +static inline void register_current_process_as_privilege_manager(uid_t uid, bool forAdmin = false) { - int result; - AppInstReqUniquePtr request; - request.reset(do_app_inst_req_new()); + InstallRequest request; + request.setAppId(PRIVILEGE_MANAGER_APP.c_str()); + request.setPkgId(PRIVILEGE_MANAGER_PKG.c_str()); + request.setUid(uid); + request.addPrivilege(PRIVILEGE_MANAGER_SELF_PRIVILEGE.c_str()); + if (forAdmin) + request.addPrivilege(PRIVILEGE_MANAGER_ADMIN_PRIVILEGE.c_str()); + Api::install(request); + Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); +}; - result = security_manager_app_inst_req_set_app_id(request.get(), app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); +static inline struct passwd *getUserStruct(const std::string &userName) { + struct passwd *pw = nullptr; + errno = 0; - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling app failed. Result: " << result); + while(!(pw = getpwnam(userName.c_str()))) { + RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed"); + }; - check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed); -} + return pw; +}; + +static inline struct passwd *getUserStruct(const uid_t uid) { + struct passwd *pw = nullptr; + errno = 0; + while(!(pw = getpwuid(uid))) { + RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed"); + }; + + return pw; +}; RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER) -RUNNER_TEST(security_manager_01_app_double_install_double_uninstall) +RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall) { - int result; - AppInstReqUniquePtr request; + const char *const sm_app_id = "sm_test_01a_app_id_double"; + const char *const sm_pkg_id = "sm_test_01a_pkg_id_double"; - request.reset(do_app_inst_req_new()); + InstallRequest requestInst; + requestInst.setAppId(sm_app_id); + requestInst.setPkgId(sm_pkg_id); - result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); + Api::install(requestInst); + Api::install(requestInst); - result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting pkg id failed. Result: " << result); + /* Check records in the security-manager database */ + check_app_after_install(sm_app_id, sm_pkg_id); - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing app failed. Result: " << result); + InstallRequest requestUninst; + requestUninst.setAppId(sm_app_id); - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing already installed app failed. Result: " << result); + Api::uninstall(requestUninst); + Api::uninstall(requestUninst); /* Check records in the security-manager database */ - check_app_after_install(SM_APP_ID1, SM_PKG_ID1); + check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); +} + + +RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id) +{ + const char *const sm_app_id = "sm_test_01b_app"; + const char *const sm_pkg_id = "sm_test_01b_pkg"; + const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD"; + + InstallRequest requestInst; + requestInst.setAppId(sm_app_id); + requestInst.setPkgId(sm_pkg_id); + + Api::install(requestInst); - request.reset(do_app_inst_req_new()); + InstallRequest requestInst2; + requestInst2.setAppId(sm_app_id); + requestInst2.setPkgId(sm_pkg_id_wrong); - result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); + Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM); - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling app failed. Result: " << result); - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling already uninstalled app failed. Result: " << result); + /* Check records in the security-manager database */ + check_app_after_install(sm_app_id, sm_pkg_id); + + InstallRequest requestUninst; + requestUninst.setAppId(sm_app_id); + + Api::uninstall(requestUninst); + /* Check records in the security-manager database */ - check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED); + check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); + } -RUNNER_TEST(security_manager_02_app_install_uninstall_full) +RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored) { - int result; - AppInstReqUniquePtr request; + const char * const sm_app_id = "SM_TEST_01c_APPID"; + const char * const sm_pkg_id = "SM_TEST_01c_PKGID"; + const char * const sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong"; - prepare_app_env(); + InstallRequest requestInst; + requestInst.setAppId(sm_app_id); + requestInst.setPkgId(sm_pkg_id); + + Api::install(requestInst); + + /* Check records in the security-manager database */ + check_app_after_install(sm_app_id, sm_pkg_id); + + InstallRequest requestUninst; + requestUninst.setAppId(sm_app_id); + requestUninst.setPkgId(sm_pkg_id_wrong); - request.reset(do_app_inst_req_new()); + Api::uninstall(requestUninst); - result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); + check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); - result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting pkg id failed. Result: " << result); +} - result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed permission failed. Result: " << result); - result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed permission failed. Result: " << result); +RUNNER_TEST(security_manager_02_app_install_uninstall_full) +{ + const char *const sm_app_id = "sm_test_02_app_id_full"; + const char *const sm_pkg_id = "sm_test_02_pkg_id_full"; - result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH, - SECURITY_MANAGER_PATH_PRIVATE); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed path failed. Result: " << result); + prepare_app_env(); - result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH, - SECURITY_MANAGER_PATH_PUBLIC_RO); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed path failed. Result: " << result); + InstallRequest requestInst; + requestInst.setAppId(sm_app_id); + requestInst.setPkgId(sm_pkg_id); + requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); + requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); + requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW); + requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO); - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing app failed. Result: " << result); + Api::install(requestInst); /* Check records in the security-manager database */ - check_app_after_install(SM_APP_ID2, SM_PKG_ID2, + check_app_after_install(sm_app_id, sm_pkg_id, SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS); /* TODO: add parameters to this function */ - check_app_path_after_install(); - - request.reset(do_app_inst_req_new()); + check_app_path_after_install(sm_app_id); - result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); + InstallRequest requestUninst; + requestUninst.setAppId(sm_app_id); - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling app failed. Result: " << result); + Api::uninstall(requestUninst); /* Check records in the security-manager database, * all previously allowed privileges should be removed */ - check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2, + check_app_after_uninstall(sm_app_id, sm_pkg_id, SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED); } RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid) { - const char *const app_id = "sm_test_app_id_set_label_from_appid"; - const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid"; - const char *const expected_label = USER_APP_ID; + const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack"; + const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack"; const char *const socketLabel = "not_expected_label"; + std::string expected_label = generateAppLabel(app_id); char *label = nullptr; CStringPtr labelPtr; int result; - uninstall_app(app_id, pkg_id, false, true); + uninstall_app(app_id, pkg_id, true); install_app(app_id, pkg_id); struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH}; @@ -442,33 +523,28 @@ RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid) result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed"); //Set socket label to something different than expecedLabel - result = fsetxattr(sock, XATTR_NAME_SMACKIPIN, socketLabel, - strlen(socketLabel), 0); + result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPIN, socketLabel); RUNNER_ASSERT_ERRNO_MSG(result == 0, "Can't set socket label. Result: " << result); - result = fsetxattr(sock, XATTR_NAME_SMACKIPOUT, socketLabel, - strlen(socketLabel), 0); + result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPOUT, socketLabel); RUNNER_ASSERT_ERRNO_MSG(result == 0, "Can't set socket label. Result: " << result); - result = security_manager_set_process_label_from_appid(app_id); - RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, - "security_manager_set_process_label_from_appid(" << - app_id << ") failed. Result: " << result); + Api::setProcessLabel(app_id); - char value[SMACK_LABEL_LEN + 1]; - ssize_t size; - size = fgetxattr(sock, XATTR_NAME_SMACKIPIN, value, sizeof(value)); - RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value); - result = strcmp(expected_label, value); + result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPIN, &label); + RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label); + labelPtr.reset(label); + result = expected_label.compare(label); RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " << - expected_label << " Actual: " << value); + expected_label << " Actual: " << label); - size = fgetxattr(sock, XATTR_NAME_SMACKIPOUT, value, sizeof(value)); - RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value); - result = strcmp(expected_label, value); + result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPOUT, &label); + RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label); + labelPtr.reset(label); + result = expected_label.compare(label); RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " << - expected_label << " Actual: " << value); + expected_label << " Actual: " << label); result = smack_new_label_from_self(&label); RUNNER_ASSERT_MSG(result >= 0, @@ -477,122 +553,241 @@ RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid) " Process label is not set"); labelPtr.reset(label); - result = strcmp(expected_label, label); + result = expected_label.compare(label); RUNNER_ASSERT_MSG(result == 0, " Process label is incorrect. Expected: \"" << expected_label << "\" Actual: \"" << label << "\""); - uninstall_app(app_id, pkg_id, true, true); + uninstall_app(app_id, pkg_id, true); } RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack) { - const char *const app_id = "sm_test_app_id_set_label_from_appid"; - const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid"; - int result; + const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack"; + const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack"; - uninstall_app(app_id, pkg_id, false, true); + uninstall_app(app_id, pkg_id, true); install_app(app_id, pkg_id); - result = security_manager_set_process_label_from_appid(app_id); - RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, - "security_manager_set_process_label_from_appid(" << - app_id << ") failed. Result: " << result); + Api::setProcessLabel(app_id); - uninstall_app(app_id, pkg_id, true, true); + uninstall_app(app_id, pkg_id, true); } - - -static void prepare_request(AppInstReqUniquePtr &request, +static void prepare_request(InstallRequest &request, const char *const app_id, const char *const pkg_id, app_install_path_type pathType, - const char *const path) + const char *const path, + uid_t uid) { - int result; - request.reset(do_app_inst_req_new()); + request.setAppId(app_id); + request.setPkgId(pkg_id); + request.addPath(path, pathType); + + if (uid != 0) + request.setUid(uid); +} + +static uid_t getGlobalUserId(void) +{ + return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER); +} + +static const std::string appDirPath(const TemporaryTestUser &user, + const std::string &appId, const std::string &pkgId) +{ + struct tzplatform_context *tzCtxPtr = nullptr; - result = security_manager_app_inst_req_set_app_id(request.get(), app_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); + RUNNER_ASSERT(0 == tzplatform_context_create(&tzCtxPtr)); + TzPlatformContextPtr tzCtxPtrSmart(tzCtxPtr); - result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting pkg id failed. Result: " << result); + RUNNER_ASSERT_MSG(0 == tzplatform_context_set_user(tzCtxPtr, user.getUid()), + "Unable to set user <" << user.getUserName() << "> for tzplatform context"); - result = security_manager_app_inst_req_add_path(request.get(), path, pathType); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed path failed. Result: " << result); + const char *appDir = tzplatform_context_getenv(tzCtxPtr, + getGlobalUserId() == user.getUid() ? TZ_SYS_RW_APP : TZ_USER_APP); + RUNNER_ASSERT_MSG(nullptr != appDir, + "tzplatform_context_getenv failed" + << "for getting sys rw app of user <" << user.getUserName() << ">"); + + return std::string(appDir) + "/" + pkgId + "/" + appId; } +static const std::string nonAppDirPath(const TemporaryTestUser &user) +{ + return TMP_DIR + "/" + user.getUserName(); +} -static struct passwd* get_app_pw() +static const std::string uidToStr(const uid_t uid) { - struct passwd *pw = nullptr; - errno = 0; - while(!(pw = getpwnam(APP_USER))) { - RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed"); - } - return pw; + return std::to_string(static_cast(uid)); } -RUNNER_CHILD_TEST(security_manager_04_app_install_uninstall_by_app_user) +static void install_and_check(const char *const sm_app_id, + const char *const sm_pkg_id, + const TemporaryTestUser& user, + const std::string &appDir, + bool requestUid) +{ + InstallRequest requestPublic; + + //install app for non-root user and try to register public path (should fail) + prepare_request(requestPublic, sm_app_id, sm_pkg_id, + SECURITY_MANAGER_PATH_PUBLIC, appDir.c_str(), + requestUid ? user.getUid() : 0); + + Api::install(requestPublic, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); + + InstallRequest requestPrivate; + + //install app for non-root user + //should fail (users may only register folders inside their home) + prepare_request(requestPrivate, sm_app_id, sm_pkg_id, + SECURITY_MANAGER_PATH_RW, SM_RW_PATH, + requestUid ? user.getUid() : 0); + + Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); + + InstallRequest requestPrivateUser; + + //install app for non-root user + //should succeed - this time i register folder inside user's home dir + prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, + SECURITY_MANAGER_PATH_RW, appDir.c_str(), + requestUid ? user.getUid() : 0); + + for (auto &privilege : SM_ALLOWED_PRIVILEGES) + requestPrivateUser.addPrivilege(privilege.c_str()); + + Api::install(requestPrivateUser); + + check_app_permissions(sm_app_id, sm_pkg_id, + uidToStr(user.getUid()).c_str(), + SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES); +} + +static void createTestDir(const std::string &dir) +{ + mode_t dirMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH; + mode_t execFileMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH; + mode_t normalFileMode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH; + + mktreeSafe(dir, dirMode); + creatSafe(dir + "/" + EXEC_FILE, execFileMode); + creatSafe(dir + "/" + NORMAL_FILE, normalFileMode); + symlinkSafe(dir + "/" + EXEC_FILE, dir + "/" + LINK_PREFIX + EXEC_FILE); + symlinkSafe(dir + "/" + NORMAL_FILE, dir + "/" + LINK_PREFIX + NORMAL_FILE); +} + +static void createInnerAppDir(const std::string &dir, const std::string &nonAppDir) +{ + createTestDir(dir); + + symlinkSafe(nonAppDir, dir + "/" + LINK_PREFIX + "non_app_dir"); + symlinkSafe(nonAppDir + "/" + EXEC_FILE, + dir + "/" + LINK_PREFIX + "non_app_" + EXEC_FILE); + symlinkSafe(nonAppDir + "/" + NORMAL_FILE, + dir + "/" + LINK_PREFIX + "non_app_" + NORMAL_FILE); +} + +static void generateAppDir(const TemporaryTestUser &user, + const std::string &appId, const std::string &pkgId) +{ + const std::string dir = appDirPath(user, appId, pkgId); + const std::string nonAppDir = nonAppDirPath(user); + + createInnerAppDir(dir, nonAppDir); + createInnerAppDir(dir + "/.inner_dir", nonAppDir); + createInnerAppDir(dir + "/inner_dir", nonAppDir); +} + +static void generateNonAppDir(const TemporaryTestUser &user) +{ + const std::string dir = nonAppDirPath(user); + + createTestDir(dir); + createTestDir(dir + "/.inner_dir"); + createTestDir(dir + "/inner_dir"); +} + +static void createTestDirs(const TemporaryTestUser &user, + const std::string &appId, const std::string &pkgId) +{ + generateAppDir(user, appId, pkgId); + generateNonAppDir(user); +} + +static void removeTestDirs(const TemporaryTestUser &user, + const std::string &appId, const std::string &pkgId) +{ + removeDir(appDirPath(user, appId, pkgId)); + removeDir(nonAppDirPath(user)); +} + +RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self) { int result; - AppInstReqUniquePtr request; - struct passwd *pw = get_app_pw(); - const std::string user = std::to_string(static_cast(pw->pw_uid)); + const char *const sm_app_id = "sm_test_04a_app_id_uid"; + const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid"; + const std::string new_user_name = "sm_test_04a_user_name"; + + TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false); + testUser.create(); + + removeTestDirs(testUser, sm_app_id, sm_pkg_id); + createTestDirs(testUser, sm_app_id, sm_pkg_id); + + const std::string userAppDirPath = appDirPath(testUser, sm_app_id, sm_pkg_id); //switch user to non-root - result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + result = drop_root_privileges(testUser.getUid(), testUser.getGid()); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - //install app as non-root user and try to register public path (should fail) - prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER); + install_and_check(sm_app_id, sm_pkg_id, testUser, userAppDirPath, false); - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, - "installing app not failed. Result: " << result); + //uninstall app as non-root user + InstallRequest request; + request.setAppId(sm_app_id); - //install app as non-root user - //should fail (non-root users may only register folders inside their home) - prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH); + Api::uninstall(request); - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, - "installing app not failed. Result: " << result); + check_app_permissions(sm_app_id, sm_pkg_id, + uidToStr(testUser.getUid()).c_str(), + SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); +} - //install app as non-root user - //should succeed - this time i register folder inside user's home dir - prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER); +RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user) +{ + int result; + const char *const sm_app_id = "sm_test_04b_app_id_uid"; + const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid"; + const std::string new_user_name = "sm_test_04b_user_name"; - for (auto &privilege : SM_ALLOWED_PRIVILEGES) { - result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting allowed permission failed. Result: " << result); - } + TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false); + testUser.create(); - result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "installing app failed. Result: " << result); + removeTestDirs(testUser, sm_app_id, sm_pkg_id); + createTestDirs(testUser, sm_app_id, sm_pkg_id); - check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES); + install_and_check(sm_app_id, sm_pkg_id, testUser, appDirPath(testUser, sm_app_id, sm_pkg_id), true); - //uninstall app as non-root user - request.reset(do_app_inst_req_new()); + //switch user to non-root - root may not uninstall apps for specified users + result = drop_root_privileges(testUser.getUid(), testUser.getGid()); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "setting app id failed. Result: " << result); + //uninstall app as non-root user + InstallRequest request; + request.setAppId(sm_app_id); - result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "uninstalling app failed. Result: " << result); + Api::uninstall(request); - check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); + check_app_permissions(sm_app_id, sm_pkg_id, + uidToStr(testUser.getUid()).c_str(), + SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); } + RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities) { int result; @@ -604,9 +799,7 @@ RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities) RUNNER_ASSERT_MSG(result == 0, "can't set capabilities. Result: " << result); - result = security_manager_drop_process_privileges(); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "dropping caps failed. Result: " << result); + Api::dropProcessPrivileges(); caps.reset(cap_get_proc()); RUNNER_ASSERT_MSG(caps, "can't get proc capabilities"); @@ -616,6 +809,1486 @@ RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities) "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL)); } +RUNNER_CHILD_TEST(security_manager_06_install_app_offline) +{ + const char *const app_id = "sm_test_06_app_id_install_app_offline"; + const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline"; + + // Uninstall app on-line, off-line mode doesn't support it + uninstall_app(app_id, pkg_id, true); + + ServiceManager("security-manager.service").stopService(); + + ServiceManager serviceManager("security-manager.socket"); + serviceManager.stopService(); + + install_app(app_id, pkg_id); + + serviceManager.startService(); + + uninstall_app(app_id, pkg_id, true); +} + +RUNNER_CHILD_TEST(security_manager_07_user_add_app_install) +{ + const char *const sm_app_id = "sm_test_07_app_id_user"; + const char *const sm_pkg_id = "sm_test_07_pkg_id_user"; + const std::string new_user_name = "sm_test_07_user_name"; + std::string uid_string; + TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false); + test_user.create(); + test_user.getUidString(uid_string); + + removeTestDirs(test_user, sm_app_id, sm_pkg_id); + createTestDirs(test_user, sm_app_id, sm_pkg_id); + + install_app(sm_app_id, sm_pkg_id, test_user.getUid()); + + check_app_after_install(sm_app_id, sm_pkg_id); + + test_user.remove(); + + check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); + + check_app_after_uninstall(sm_app_id, sm_pkg_id, true); +} + +RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove) +{ + UserRequest addUserRequest; + + const char *const sm_app_id = "sm_test_08_app_id_user"; + const char *const sm_pkg_id = "sm_test_08_pkg_id_user"; + const std::string new_user_name = "sm_test_08_user_name"; + std::string uid_string; + + // gumd user add + TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false); + test_user.create(); + test_user.getUidString(uid_string); + + removeTestDirs(test_user, sm_app_id, sm_pkg_id); + createTestDirs(test_user, sm_app_id, sm_pkg_id); + + addUserRequest.setUid(test_user.getUid()); + addUserRequest.setUserType(SM_USER_TYPE_NORMAL); + + //sm user add + Api::addUser(addUserRequest); + + install_app(sm_app_id, sm_pkg_id, test_user.getUid()); + + check_app_after_install(sm_app_id, sm_pkg_id); + + test_user.remove(); + + UserRequest deleteUserRequest; + deleteUserRequest.setUid(test_user.getUid()); + + Api::deleteUser(deleteUserRequest); + + check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); + + check_app_after_uninstall(sm_app_id, sm_pkg_id, true); +} + +RUNNER_CHILD_TEST(security_manager_09_add_user_offline) +{ + const char *const app_id = "security_manager_09_add_user_offline_app"; + const char *const pkg_id = "security_manager_09_add_user_offline_pkg"; + const std::string new_user_name("sm_test_09_user_name"); + + ServiceManager("security-manager.service").stopService(); + + ServiceManager serviceManager("security-manager.socket"); + serviceManager.stopService(); + + TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, true); + test_user.create(); + + removeTestDirs(test_user, app_id, pkg_id); + createTestDirs(test_user, app_id, pkg_id); + + install_app(app_id, pkg_id, test_user.getUid()); + + check_app_after_install(app_id, pkg_id); + + serviceManager.startService(); + + test_user.remove(); + + check_app_after_uninstall(app_id, pkg_id, true); +} + +RUNNER_MULTIPROCESS_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_self) +{ + //TEST DATA + const std::string username("sm_test_10_user_name"); + unsigned int privileges_count = 0; + + std::map>> users2AppsMap; + std::map> apps2PrivsMap; + + for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { + apps2PrivsMap.insert(std::pair>( + MANY_APPS.at(i), std::set( + MANY_APPS_PRIVILEGES.at(i).begin(), + MANY_APPS_PRIVILEGES.at(i).end()))); + privileges_count+=MANY_APPS_PRIVILEGES.at(i).size(); + }; + + apps2PrivsMap.insert(std::pair>( + PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); + ++privileges_count; + users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); + //TEST DATA END + + sem_t *mutex; + errno = 0; + RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno); + errno = 0; + RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno); + pid_t pid = fork(); + + if (pid != 0) { //parent process + TemporaryTestUser tmpUser(username, GUM_USERTYPE_NORMAL, false); + tmpUser.create(); + + for(const auto &user : users2AppsMap) { + + for(const auto &app : user.second) { + InstallRequest requestInst; + requestInst.setAppId(app.first.c_str()); + try { + requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); + } catch (const std::out_of_range &e) { + RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); + }; + requestInst.setUid(tmpUser.getUid()); + + for (const auto &privilege : app.second) { + requestInst.addPrivilege(privilege.c_str()); + }; + + Api::install(requestInst); + }; + + //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str()); + }; + //Start child process + errno = 0; + RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno); + + int status; + wait(&status); + + tmpUser.remove(); + }; + + if (pid == 0) { //child process + errno = 0; + RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno); + //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable + + struct passwd *pw = getUserStruct(username); + register_current_process_as_privilege_manager(pw->pw_uid); + int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + std::vector policyEntries; + PolicyEntry filter; + Api::getPolicy(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); + RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size()); + + for (const auto &policyEntry : policyEntries) { + std::string user = policyEntry.getUser(); + std::string app = policyEntry.getAppId(); + std::string privilege = policyEntry.getPrivilege(); + + try { + struct passwd *pw_current = getUserStruct(static_cast(std::stoul(user))); + std::set::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege); + if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end()) + RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry); + } catch (const std::out_of_range &e) { + RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what()); + } catch (const std::invalid_argument& e) { + RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what()); + }; + }; + exit(0); + }; +} + +RUNNER_MULTIPROCESS_TEST(security_manager_11_privacy_manager_fetch_whole_policy_for_admin_unprivileged) +{ + //TEST DATA + const std::vector usernames = {"sm_test_11_user_name_1", "sm_test_11_user_name_2"}; + unsigned int privileges_count = 0; + + std::map>> users2AppsMap; + std::map> apps2PrivsMap; + + for (const auto &username : usernames) { + //Only entries for one of the users will be listed + privileges_count = 0; + + for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { + apps2PrivsMap.insert(std::pair>( + MANY_APPS.at(i), std::set( + MANY_APPS_PRIVILEGES.at(i).begin(), + MANY_APPS_PRIVILEGES.at(i).end()))); + privileges_count+=MANY_APPS_PRIVILEGES.at(i).size(); + }; + + users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); + }; + + users2AppsMap.at(usernames.at(0)).insert(std::pair>( + PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); + + ++privileges_count; + //TEST DATA END + + sem_t *mutex; + errno = 0; + RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno); + errno = 0; + RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno); + pid_t pid = fork(); + + if (pid != 0) { //parent process + std::vector users = { + TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), + TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) + }; + + users.at(0).create(); + users.at(1).create(); + + //Install apps for both users + for(const auto &user : users) { + for(const auto &app : users2AppsMap.at(user.getUserName())) { + InstallRequest requestInst; + requestInst.setAppId(app.first.c_str()); + try { + requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); + } catch (const std::out_of_range &e) { + RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); + }; + requestInst.setUid(user.getUid()); + + for (const auto &privilege : app.second) { + requestInst.addPrivilege(privilege.c_str()); + }; + + Api::install(requestInst); + }; + + //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str()); + }; + //Start child + errno = 0; + RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno); + + int status; + wait(&status); + + for(auto &user : users) { + user.remove(); + }; + }; + + if (pid == 0) { + errno = 0; + RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno); + struct passwd *pw = getUserStruct(usernames.at(0)); + register_current_process_as_privilege_manager(pw->pw_uid); + + //change uid to normal user + errno = 0; + int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + std::vector policyEntries; + PolicyEntry filter; + + //this call should only return privileges belonging to the current uid + Api::getPolicy(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); + RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size()); + + for (const auto &policyEntry : policyEntries) { + std::string user = policyEntry.getUser(); + std::string app = policyEntry.getAppId(); + std::string privilege = policyEntry.getPrivilege(); + + try { + struct passwd *pw_current = getUserStruct(static_cast(std::stoul(user))); + std::set::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege); + if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end()) + RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry); + } catch (const std::out_of_range &e) { + RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what()); + } catch (const std::invalid_argument& e) { + RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what()); + }; + }; + exit(0); + }; +} + +RUNNER_MULTIPROCESS_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_admin_privileged) +{ + //TEST DATA + const std::vector usernames = {"sm_test_12_user_name_1", "sm_test_12_user_name_2"}; + unsigned int privileges_count = 0; + + std::map>> users2AppsMap; + std::map> apps2PrivsMap; + + for (const auto &username : usernames) { + + for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { + apps2PrivsMap.insert(std::pair>( + MANY_APPS.at(i), std::set( + MANY_APPS_PRIVILEGES.at(i).begin(), + MANY_APPS_PRIVILEGES.at(i).end()))); + privileges_count+=MANY_APPS_PRIVILEGES.at(i).size(); + }; + + users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); + }; + + users2AppsMap.at(usernames.at(1)).insert(std::pair>( + PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE, PRIVILEGE_MANAGER_ADMIN_PRIVILEGE})); + + privileges_count += 2; + //TEST DATA END + + sem_t *mutex; + errno = 0; + RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno); + errno = 0; + RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno); + pid_t pid = fork(); + + if (pid != 0) { //parent process + std::vector users = { + TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), + TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) + }; + + users.at(0).create(); + users.at(1).create(); + //Install apps for both users + for(const auto &user : users) { + for(const auto &app : users2AppsMap.at(user.getUserName())) { + InstallRequest requestInst; + requestInst.setAppId(app.first.c_str()); + try { + requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); + } catch (const std::out_of_range &e) { + RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); + }; + requestInst.setUid(user.getUid()); + + for (const auto &privilege : app.second) { + requestInst.addPrivilege(privilege.c_str()); + }; + + Api::install(requestInst); + }; + + //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str()); + }; + + //Start child + errno = 0; + RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno); + + //Wait for child to finish + int status; + wait(&status); + + for(auto &user : users) { + user.remove(); + }; + }; + + if (pid == 0) { //child process + errno = 0; + RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno); + + struct passwd *pw = getUserStruct(usernames.at(1)); + register_current_process_as_privilege_manager(pw->pw_uid, true); + + //change uid to normal user + int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + std::vector policyEntries; + PolicyEntry filter; + //this call should succeed as the calling user is privileged + Api::getPolicy(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); + RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size()); + + for (const auto &policyEntry : policyEntries) { + std::string user = policyEntry.getUser(); + std::string app = policyEntry.getAppId(); + std::string privilege = policyEntry.getPrivilege(); + + try { + struct passwd *pw_current = getUserStruct(static_cast(std::stoul(user))); + std::set::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege); + if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end()) + RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry); + } catch (const std::out_of_range &e) { + RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what()); + } catch (const std::invalid_argument& e) { + RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what()); + }; + }; + + exit(0); + }; +} + +RUNNER_MULTIPROCESS_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_unprivileged) +{ + //TEST DATA + const std::vector usernames = {"sm_test_13_user_name_1", "sm_test_13_user_name_2"}; + + std::map>> users2AppsMap; + std::map> apps2PrivsMap; + + for (const auto &username : usernames) { + + for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { + apps2PrivsMap.insert(std::pair>( + MANY_APPS.at(i), std::set( + MANY_APPS_PRIVILEGES.at(i).begin(), + MANY_APPS_PRIVILEGES.at(i).end()))); + }; + + users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); + }; + + users2AppsMap.at(usernames.at(1)).insert(std::pair>( + PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); + + //TEST DATA END + + pid_t pid[2]; + sem_t *mutex[2]; + errno = 0; + RUNNER_ASSERT_MSG(((mutex[0] = sem_open("mutex_1", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #1, errno: " << errno); + errno = 0; + RUNNER_ASSERT_MSG(((mutex[1] = sem_open("mutex_2", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #2, errno: " << errno); + errno = 0; + RUNNER_ASSERT_MSG(sem_init(mutex[0], 1, 0) == 0, "failed to setup mutex #1, errno: " << errno); + errno = 0; + RUNNER_ASSERT_MSG(sem_init(mutex[1], 1, 0) == 0, "failed to setup mutex #2, errno: " << errno); + std::vector policyEntries; + + pid[0] = fork(); + + if(pid[0] == 0) { //child #1 process + RUNNER_ASSERT_MSG(sem_wait(mutex[0]) == 0, "sem_wait in child #1 failed, errno: " << errno); + struct passwd *pw = getUserStruct(usernames.at(0)); + register_current_process_as_privilege_manager(pw->pw_uid); + + //change uid to normal user + int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + PolicyEntry filter; + PolicyRequest policyRequest; + //this call should succeed as the calling user is privileged + Api::getPolicyForSelf(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty"); + + PolicyEntry policyEntry( + MANY_APPS[0], + std::to_string(pw->pw_uid), + "http://tizen.org/privilege/internet" + ); + policyEntry.setLevel("Deny"); + + policyRequest.addEntry(policyEntry); + policyEntry = PolicyEntry( + MANY_APPS[1], + std::to_string(pw->pw_uid), + "http://tizen.org/privilege/location" + ); + policyEntry.setLevel("Deny"); + + policyRequest.addEntry(policyEntry); + Api::sendPolicy(policyRequest); + Api::getPolicyForSelf(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size()); + exit(0); + }; + + if (pid[0] != 0) {//parent process + pid[1] = fork(); + + if (pid[1] == 0) { //child #2 process + errno = 0; + RUNNER_ASSERT_MSG(sem_wait(mutex[1]) == 0, "sem_wait in child #2 failed, errno: " << errno); + struct passwd *pw_target = getUserStruct(usernames.at(0)); + struct passwd *pw = getUserStruct(usernames.at(1)); + register_current_process_as_privilege_manager(pw->pw_uid); + + //change uid to normal user + int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + PolicyEntry filter = PolicyEntry( + SECURITY_MANAGER_ANY, + std::to_string(pw_target->pw_uid), + SECURITY_MANAGER_ANY + ); + + //U2 requests contents of U1 privacy manager - should fail + Api::getPolicyForSelf(filter, policyEntries); + RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty"); + + filter = PolicyEntry( + SECURITY_MANAGER_ANY, + SECURITY_MANAGER_ANY, + SECURITY_MANAGER_ANY + ); + + policyEntries.clear(); + + //U2 requests contents of ADMIN bucket - should fail + Api::getPolicyForAdmin(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED); + RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty"); + exit(0); + }; + + if (pid[1] != 0) { //parent + + std::vector users = { + TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), + TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) + }; + + users.at(0).create(); + users.at(1).create(); + + //Install apps for both users + for(const auto &user : users2AppsMap) { + + for(const auto &app : user.second) { + InstallRequest requestInst; + requestInst.setAppId(app.first.c_str()); + try { + requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); + } catch (const std::out_of_range &e) { + RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); + }; + requestInst.setUid(users.at(0).getUid()); + + for (const auto &privilege : app.second) { + requestInst.addPrivilege(privilege.c_str()); + }; + + Api::install(requestInst); + }; + + //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str()); + }; + + int status; + //Start child #1 + errno = 0; + RUNNER_ASSERT_MSG(sem_post(mutex[0]) == 0, "Error while opening mutex #1, errno: " << errno); + + //Wait until child #1 finishes + pid_t ret = wait(&status); + RUNNER_ASSERT_MSG((ret != -1) && WIFEXITED(status), "Updating privileges failed"); + + //Start child #2 + errno = 0; + RUNNER_ASSERT_MSG(sem_post(mutex[1]) == 0, "Error while opening mutex #2, errno: " << errno); + //Wait until child #2 finishes + ret = wait(&status); + RUNNER_ASSERT_MSG((ret =-1) && WIFEXITED(status), "Listing privileges failed"); + + for(auto &user : users) { + user.remove(); + }; + + sem_close(mutex[0]); + sem_close(mutex[1]); + }; + }; +} + +RUNNER_MULTIPROCESS_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_for_admin) +{ + //TEST DATA + const std::vector usernames = {"sm_test_14_user_name_1", "sm_test_14_user_name_2"}; + unsigned int privileges_count = 0; + + std::map>> users2AppsMap; + std::map> apps2PrivsMap; + + for (const auto &username : usernames) { + + for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { + apps2PrivsMap.insert(std::pair>( + MANY_APPS.at(i), std::set( + MANY_APPS_PRIVILEGES.at(i).begin(), + MANY_APPS_PRIVILEGES.at(i).end()))); + privileges_count+=MANY_APPS_PRIVILEGES.at(i).size(); + }; + + users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); + }; + + users2AppsMap.at(usernames.at(1)).insert(std::pair>( + PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); + + privileges_count += 2; + //TEST DATA END + sem_t *mutex; + errno = 0; + RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno); + errno = 0; + RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno); + + pid_t pid = fork(); + if (pid != 0) { + std::vector users = { + TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), + TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) + }; + + users.at(0).create(); + users.at(1).create(); + + //Install apps for both users + for(const auto &user : users) { + + for(const auto &app : users2AppsMap.at(user.getUserName())) { + InstallRequest requestInst; + requestInst.setAppId(app.first.c_str()); + try { + requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); + } catch (const std::out_of_range &e) { + RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); + }; + requestInst.setUid(user.getUid()); + + for (const auto &privilege : app.second) { + requestInst.addPrivilege(privilege.c_str()); + }; + + Api::install(requestInst); + }; + }; + //Start child process + errno = 0; + RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno); + int status; + //Wait for child process to finish + wait(&status); + + //switch back to root + for(auto &user : users) { + user.remove(); + }; + + sem_close(mutex); + } + + if (pid == 0) { //child process + errno = 0; + RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno); + + struct passwd *pw = getUserStruct(usernames.at(0)); + register_current_process_as_privilege_manager(pw->pw_uid, true); + + //change uid to normal user + int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + PolicyRequest *policyRequest = new PolicyRequest(); + PolicyEntry filter; + std::vector policyEntries; + //this call should succeed as the calling user is privileged + Api::getPolicyForSelf(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty"); + + PolicyEntry policyEntry( + SECURITY_MANAGER_ANY, + SECURITY_MANAGER_ANY, + "http://tizen.org/privilege/internet" + ); + policyEntry.setMaxLevel("Deny"); + + policyRequest->addEntry(policyEntry); + policyEntry = PolicyEntry( + SECURITY_MANAGER_ANY, + SECURITY_MANAGER_ANY, + "http://tizen.org/privilege/location" + ); + policyEntry.setMaxLevel("Deny"); + + policyRequest->addEntry(policyEntry); + Api::sendPolicy(*policyRequest); + Api::getPolicyForAdmin(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size()); + + delete policyRequest; + policyRequest = new PolicyRequest(); + policyEntry = PolicyEntry( + SECURITY_MANAGER_ANY, + SECURITY_MANAGER_ANY, + "http://tizen.org/privilege/internet" + ); + policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE); + policyRequest->addEntry(policyEntry); + + policyEntry = PolicyEntry( + SECURITY_MANAGER_ANY, + SECURITY_MANAGER_ANY, + "http://tizen.org/privilege/location" + ); + policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE); + + policyRequest->addEntry(policyEntry); + Api::sendPolicy(*policyRequest); + + policyEntries.clear(); + Api::getPolicyForAdmin(filter, policyEntries); + RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Number of policies doesn't match - should be: 0 and is " << policyEntries.size()); + + delete policyRequest; + + exit(0); + }; + +} + +RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin) +{ + const char *const update_app_id = "security_manager_15_update_app_id"; + const char *const update_privilege = "http://tizen.org/privilege/led"; + const char *const check_start_bucket = "ADMIN"; + const std::string username("sm_test_15_username"); + PolicyRequest addPolicyRequest; + CynaraTestAdmin::Admin admin; + + struct message { + uid_t uid; + gid_t gid; + } msg; + + int pipefd[2]; + pid_t pid; + int result = 0; + + RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); + + TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false); + user.create(); + + pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0)//parent process + { + FdUniquePtr pipeptr(pipefd+1); + close(pipefd[0]); + + register_current_process_as_privilege_manager(user.getUid(), true); + + //send info to child + msg.uid = user.getUid(); + msg.gid = user.getGid(); + + ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + + //wait for child + RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); + + admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), + std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); + } + if(pid == 0) + { + FdUniquePtr pipeptr(pipefd); + close(pipefd[1]); + + ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + + //become admin privacy manager manager + Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); + result = drop_root_privileges(msg.uid, msg.gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + PolicyEntry entry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); + entry.setMaxLevel("Allow"); + + addPolicyRequest.addEntry(entry); + Api::sendPolicy(addPolicyRequest); + exit(0); + } +} + +RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard) +{ + const char *const update_other_app_id = "security_manager_15_update_other_app_id"; + const char *const update_privilege = "http://tizen.org/privilege/led"; + const char *const check_start_bucket = "ADMIN"; + const std::string username("sm_test_15_username"); + PolicyRequest addPolicyRequest; + CynaraTestAdmin::Admin admin; + + struct message { + uid_t uid; + gid_t gid; + } msg; + + int pipefd[2]; + pid_t pid; + int result = 0; + + RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); + + TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false); + user.create(); + + pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0)//parent process + { + FdUniquePtr pipeptr(pipefd+1); + close(pipefd[0]); + + register_current_process_as_privilege_manager(user.getUid(), true); + + //send info to child + msg.uid = user.getUid(); + msg.gid = user.getGid(); + + ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + + //wait for child + RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); + + admin.adminCheck(check_start_bucket, false, generateAppLabel(update_other_app_id).c_str(), + std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); + } + if(pid == 0) + { + FdUniquePtr pipeptr(pipefd); + close(pipefd[1]); + + ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + + //become admin privacy manager manager + Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); + result = drop_root_privileges(msg.uid, msg.gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + // use wildcard as appId + PolicyEntry entry(SECURITY_MANAGER_ANY, std::to_string(static_cast(msg.uid)), update_privilege); + entry.setMaxLevel("Allow"); + + addPolicyRequest.addEntry(entry); + Api::sendPolicy(addPolicyRequest); + exit(0); + } +} + +RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_self) +{ + const char *const update_app_id = "security_manager_15_update_app_id"; + const char *const update_privilege = "http://tizen.org/privilege/led"; + const char *const check_start_bucket = ""; + const std::string username("sm_test_15_username"); + PolicyRequest addPolicyRequest; + CynaraTestAdmin::Admin admin; + + struct message { + uid_t uid; + gid_t gid; + } msg; + + int pipefd[2]; + pid_t pid; + int result = 0; + + RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); + + TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); + user.create(); + + pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0)//parent process + { + FdUniquePtr pipeptr(pipefd+1); + close(pipefd[0]); + + register_current_process_as_privilege_manager(user.getUid(), false); + + //send info to child + msg.uid = user.getUid(); + msg.gid = user.getGid(); + + ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + + //wait for child + RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); + + admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), + std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); + } + if(pid == 0) + { + FdUniquePtr pipeptr(pipefd); + close(pipefd[1]); + + ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + + //become admin privacy manager manager + Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); + result = drop_root_privileges(msg.uid, msg.gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + PolicyEntry entry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); + entry.setLevel("Allow"); + + addPolicyRequest.addEntry(entry); + Api::sendPolicy(addPolicyRequest); + exit(0); + } +} + +RUNNER_MULTIPROCESS_TEST(security_manager_16_policy_levels_get) +{ + const std::string username("sm_test_16_user_cynara_policy"); + CynaraTestAdmin::Admin admin; + int pipefd[2]; + pid_t pid; + int result = 0; + + struct message { + uid_t uid; + gid_t gid; + } msg; + + RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); + + TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); + user.create(); + + pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0)//parent process + { + FdUniquePtr pipeptr(pipefd+1); + close(pipefd[0]); + + //send info to child + msg.uid = user.getUid(); + msg.gid = user.getGid(); + + ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + + //wait for child + RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); + } + if(pid == 0) + { + int ret; + char** levels; + std::string allow_policy, deny_policy; + size_t count; + FdUniquePtr pipeptr(pipefd); + close(pipefd[1]); + + ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + + //become admin privacy manager manager + result = drop_root_privileges(msg.uid, msg.gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + // without plugins there should only be 2 policies - Allow and Deny + ret = security_manager_policy_levels_get(&levels, &count); + + RUNNER_ASSERT_MSG((lib_retcode)ret == SECURITY_MANAGER_SUCCESS, + "Invlid return code: " << ret); + + RUNNER_ASSERT_MSG(count == 2, "Invalid number of policy levels. Should be 2, instead there is: " << static_cast(count)); + + deny_policy = std::string(levels[0]); + allow_policy = std::string(levels[count-1]); + + // first should always be Deny + RUNNER_ASSERT_MSG(deny_policy.compare("Deny") == 0, + "Invalid first policy level. Should be Deny, instead there is: " << levels[0]); + + // last should always be Allow + RUNNER_ASSERT_MSG(allow_policy.compare("Allow") == 0, + "Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]); + + security_manager_policy_levels_free(levels, count); + exit(0); + } +} + +RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_delete_policy_for_self) +{ + const char *const update_app_id = "security_manager_17_update_app_id"; + const char *const update_privilege = "http://tizen.org/privilege/led"; + const char *const check_start_bucket = ""; + const std::string username("sm_test_17_username"); + PolicyRequest addPolicyRequest; + CynaraTestAdmin::Admin admin; + + struct message { + uid_t uid; + gid_t gid; + } msg; + + int pipefd[2]; + int pipefd2[2]; + pid_t pid; + int result = 0; + + RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); + RUNNER_ASSERT_MSG((pipe(pipefd2) != -1),"second pipe failed"); + + TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); + user.create(); + + pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0)//parent process + { + FdUniquePtr pipeptr(pipefd+1); + close(pipefd[0]); + + register_current_process_as_privilege_manager(user.getUid(), false); + + //send info to child + msg.uid = user.getUid(); + msg.gid = user.getGid(); + + ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + + //wait for child + RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); + + admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), + std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); + + pid = fork(); + if (pid != 0)//parent process + { + FdUniquePtr pipeptr(pipefd2+1); + close(pipefd2[0]); + + //send info to child + msg.uid = user.getUid(); + msg.gid = user.getGid(); + + ssize_t written = TEMP_FAILURE_RETRY(write(pipefd2[1], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + + //wait for child + RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); + + //wait for child + waitpid(-1, &result, 0); + + admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), + std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr); + } + if(pid == 0) + { + FdUniquePtr pipeptr(pipefd2); + close(pipefd2[1]); + + ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + + //become admin privacy manager manager + Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); + result = drop_root_privileges(msg.uid, msg.gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + // delete this entry + PolicyRequest deletePolicyRequest; + PolicyEntry deleteEntry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); + deleteEntry.setLevel(SECURITY_MANAGER_DELETE); + + deletePolicyRequest.addEntry(deleteEntry); + Api::sendPolicy(deletePolicyRequest); + exit(0); + } + } + if(pid == 0) + { + FdUniquePtr pipeptr(pipefd); + close(pipefd[1]); + + ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + + //become admin privacy manager manager + Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); + result = drop_root_privileges(msg.uid, msg.gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + PolicyEntry entry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); + entry.setLevel("Allow"); + + addPolicyRequest.addEntry(entry); + Api::sendPolicy(addPolicyRequest); + exit(0); + } +} + +RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_self_filtered) +{ + const std::string username("sm_test_17_user_name"); + + struct message { + uid_t uid; + gid_t gid; + unsigned int privileges_count; + } msg; + + int pipefd[2]; + pid_t pid; + int result = 0; + + RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); + + pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0)//parent process + { + FdUniquePtr pipeptr(pipefd+1); + close(pipefd[0]); + + TemporaryTestUser user(username, static_cast(GUM_USERTYPE_NORMAL), false); + user.create(); + + unsigned int privileges_count = 0; + + register_current_process_as_privilege_manager(user.getUid(), false); + //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable + ++privileges_count; + + for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { + InstallRequest requestInst; + requestInst.setAppId(MANY_APPS[i].c_str()); + requestInst.setPkgId(MANY_APPS_PKGS.at(MANY_APPS[i]).c_str()); + requestInst.setUid(user.getUid()); + + for (auto &priv : MANY_APPS_PRIVILEGES.at(i)) { + requestInst.addPrivilege(priv.c_str()); + }; + + Api::install(requestInst); + privileges_count += MANY_APPS_PRIVILEGES.at(i).size(); + }; + + //send info to child + msg.uid = user.getUid(); + msg.gid = user.getGid(); + msg.privileges_count = privileges_count; + + ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + + //wait for child + RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); + } + if(pid == 0) + { + FdUniquePtr pipeptr(pipefd); + close(pipefd[1]); + + ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + + //become admin privacy manager manager + Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); + result = drop_root_privileges(msg.uid, msg.gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + + // filter by privilege + std::vector policyEntries; + PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/internet"); + Api::getPolicy(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); + RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size()); + + // filter by other privilege + policyEntries.clear(); + PolicyEntry filter2(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/email"); + Api::getPolicy(filter2, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); + RUNNER_ASSERT_MSG(policyEntries.size() == 3, "Number of policies doesn't match - should be: 3 and is " << policyEntries.size()); + + // filter by appId + policyEntries.clear(); + PolicyEntry filter3(MANY_APPS[4].c_str(), SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY); + Api::getPolicy(filter3, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); + RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size()); + } +} + +RUNNER_CHILD_TEST(security_manager_10_user_cynara_policy) +{ + const char *const MAIN_BUCKET = "MAIN"; + const char *const MANIFESTS_BUCKET = "MANIFESTS"; + const char *const ADMIN_BUCKET = "ADMIN"; + const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL"; + const std::string username("sm_test_10_user_cynara_policy"); + CynaraTestAdmin::Admin admin; + std::string uid_string; + TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true); + user.create(); + user.getUidString(uid_string); + + CynaraTestAdmin::CynaraPoliciesContainer nonemptyContainer; + nonemptyContainer.add(MAIN_BUCKET,CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, CYNARA_ADMIN_BUCKET, USER_TYPE_NORMAL_BUCKET); + admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, nonemptyContainer,CYNARA_API_SUCCESS); + + user.remove(); + CynaraTestAdmin::CynaraPoliciesContainer emptyContainer; + + admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS); + admin.listPolicies(MANIFESTS_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS); + admin.listPolicies(CYNARA_ADMIN_DEFAULT_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS); + admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS); +} + +RUNNER_CHILD_TEST(security_manager_11_security_manager_cmd_install) +{ + int ret; + const int SUCCESS = 0; + const int FAILURE = 256; + const std::string app_id = "security_manager_10_app"; + const std::string pkg_id = "security_manager_10_pkg"; + const std::string username("sm_test_10_user_name"); + std::string uid_string; + TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true); + user.create(); + user.getUidString(uid_string); + const std::string path1 = appDirPath(user, app_id, pkg_id) + "/p1"; + const std::string path2 = appDirPath(user, app_id, pkg_id) + "/p2"; + const std::string pkgopt = " --pkg=" + pkg_id; + const std::string appopt = " --app=" + app_id; + const std::string uidopt = " --uid=" + uid_string; + + mktreeSafe(path1.c_str(), 0); + mktreeSafe(path2.c_str(), 0); + + const std::string installcmd = "security-manager-cmd --install " + appopt + pkgopt + uidopt; + + struct operation { + std::string command; + int expected_result; + }; + std::vector operations = { + {"security-manager-cmd", FAILURE},//no option + {"security-manager-cmd --blah", FAILURE},//blah option is not known + {"security-manager-cmd --help", SUCCESS}, + {"security-manager-cmd --install", FAILURE},//no params + {"security-manager-cmd -i", FAILURE},//no params + {"security-manager-cmd --i --app=app_id_10 --pkg=pkg_id_10", FAILURE},//no uid + {installcmd, SUCCESS}, + {"security-manager-cmd -i -a" + app_id + " -g" + pkg_id + uidopt, SUCCESS}, + {installcmd + " --path " + path1 + " writable", SUCCESS}, + {installcmd + " --path " + path1, FAILURE},//no path type + {installcmd + " --path " + path1 + " writable" + " --path " + path2 + " readable", SUCCESS}, + {installcmd + " --path " + path1 + " prie" + " --path " + path2 + " readable", FAILURE},//wrong path type + {installcmd + " --path " + path1 + " writable" + " --privilege somepriv --privilege somepriv2" , SUCCESS}, + }; + + for (auto &op : operations) { + ret = system(op.command.c_str()); + RUNNER_ASSERT_MSG(ret == op.expected_result, + "Unexpected result for command '" << op.command <<"': " + << ret << " Expected was: "<< op.expected_result); + } +} + +RUNNER_CHILD_TEST(security_manager_12_security_manager_cmd_users) +{ + int ret; + const int SUCCESS = 0; + const int FAILURE = 256; + const std::string username("sm_test_11_user_name"); + std::string uid_string; + TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true); + user.create(); + user.getUidString(uid_string); + const std::string uidopt = " --uid=" + uid_string; + + struct operation { + std::string command; + int expected_result; + }; + std::vector operations = { + {"security-manager-cmd --manage-users=remove", FAILURE},//no params + {"security-manager-cmd -m", FAILURE},//no params + {"security-manager-cmd -mr", FAILURE},//no uid + {"security-manager-cmd -mr --uid" + uidopt, FAILURE},//no uid + {"security-manager-cmd -mr --sdfj" + uidopt, FAILURE},//sdfj? + {"security-manager-cmd --msdf -u2004" , FAILURE},//sdf? + {"security-manager-cmd -mr" + uidopt, SUCCESS},//ok, removed + {"security-manager-cmd -mr --blah" + uidopt, FAILURE},//blah + {"security-manager-cmd -ma" + uidopt, SUCCESS},//ok, added + {"security-manager-cmd -ma --usertype=normal" + uidopt, SUCCESS},//ok, added + {"security-manager-cmd -ma --usertype=mal" + uidopt, FAILURE},//ok, added + }; + + for (auto &op : operations) { + ret = system(op.command.c_str()); + RUNNER_ASSERT_MSG(ret == op.expected_result, + "Unexpected result for command '" << op.command <<"': " + << ret << " Expected was: "<< op.expected_result); + } +} + +RUNNER_MULTIPROCESS_TEST(security_manager_13_security_manager_admin_deny_user_priv) +{ + const int BUFFER_SIZE = 128; + struct message { + uid_t uid; + gid_t gid; + char buf[BUFFER_SIZE]; + } msg; + + privileges_t admin_required_privs = { + "http://tizen.org/privilege/systemsettings.admin", + "http://tizen.org/privilege/systemsettings"}; + privileges_t manifest_privs = { + "http://tizen.org/privilege/internet", + "http://tizen.org/privilege/camera"}; + privileges_t real_privs_allow = {"http://tizen.org/privilege/camera"}; + privileges_t real_privs_deny = {"http://tizen.org/privilege/internet"}; + + const std::string pirivman_id = "sm_test_13_ADMIN_APP"; + const std::string pirivman_pkg_id = "sm_test_13_ADMIN_PKG"; + const std::string app_id = "sm_test_13_SOME_APP"; + const std::string pkg_id = "sm_test_13_SOME_PKG"; + + int pipefd[2]; + pid_t pid; + int result = 0; + + RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); + pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0)//parent process + { + std::string childuidstr; + TemporaryTestUser admin("sm_test_13_ADMIN_USER", GUM_USERTYPE_ADMIN, true); + TemporaryTestUser child("sm_test_13_NORMAL_USER", GUM_USERTYPE_NORMAL, true); + + InstallRequest request,request2; + FdUniquePtr pipeptr(pipefd+1); + close(pipefd[0]); + + admin.create(); + child.create(); + child.getUidString(childuidstr); + + //install privacy manager for admin + request.setAppId(pirivman_id.c_str()); + request.setPkgId(pirivman_pkg_id.c_str()); + request.setUid(admin.getUid()); + for (auto &priv: admin_required_privs) + request.addPrivilege(priv.c_str()); + Api::install(request); + + //install app for child that has internet privilege + request2.setAppId(app_id.c_str()); + request2.setPkgId(pkg_id.c_str()); + request2.setUid(child.getUid()); + for (auto &priv: manifest_privs) + request2.addPrivilege(priv.c_str()); + Api::install(request2); + + check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(), + manifest_privs, SM_NO_PRIVILEGES); + + //send info to child + msg.uid = admin.getUid(); + msg.gid = admin.getGid(); + strncpy (msg.buf, childuidstr.c_str(), BUFFER_SIZE); + + ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + + //wait for child + RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); + + check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(), + real_privs_allow, real_privs_deny); + } + if (pid == 0)//child + { + FdUniquePtr pipeptr(pipefd); + close(pipefd[1]); + + ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); + RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + + //become admin privacy manager manager + Api::setProcessLabel(pirivman_id.c_str()); + result = drop_root_privileges(msg.uid, msg.gid); + RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + PolicyRequest addPolicyReq; + //change rights + for (auto &denypriv:real_privs_deny) { + /*this entry will deny some privileges for user whose uid (as c string) + was sent in message's buf field. + That user would be denying internet for child in this case*/ + PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, denypriv); + entry.setMaxLevel("Deny"); + addPolicyReq.addEntry(entry); + } + Api::sendPolicy(addPolicyReq); + exit(0); + } +} + int main(int argc, char *argv[]) { return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);