From: Maciej J. Karpiuk Date: Thu, 28 Jan 2016 09:06:54 +0000 (+0100) Subject: security-manager: added tests of 2.X shared folders backward compatibility X-Git-Tag: security-manager_5.5_testing~109^2~9 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2d65b105c4830813e3e47f8e6dec2742346ba450;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git security-manager: added tests of 2.X shared folders backward compatibility Change-Id: Ic83a9570a1bff97a80c4a3bfc4e38d73bee472f0 --- diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/.level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/.level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/link_to_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/.level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/.level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/level_2/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/level_2/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/exec new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_rw_others_ro/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_rw_others_ro/normal new file mode 100644 index 0000000..e69de29 diff --git a/src/security-manager-tests/common/sm_request.cpp b/src/security-manager-tests/common/sm_request.cpp index 910bbfd..7db63b1 100644 --- a/src/security-manager-tests/common/sm_request.cpp +++ b/src/security-manager-tests/common/sm_request.cpp @@ -22,6 +22,7 @@ namespace SecurityManagerTest { InstallRequest::InstallRequest() : m_req(nullptr) + , m_tizenVer("3.0") , m_appId(nullptr) , m_pkgId(nullptr) , m_uid(false, 0) @@ -37,6 +38,17 @@ InstallRequest::~InstallRequest() security_manager_app_inst_req_free(m_req); } +void InstallRequest::setAppTizenVersion(const char * tizenVer, lib_retcode expectedResult) +{ + int result = security_manager_app_inst_req_set_target_version(m_req, tizenVer); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "setting app id returned wrong value." + << " Tizen version: " << tizenVer << ";" + << " Result: " << result << ";" + << " Expected result: " << expectedResult); + m_tizenVer = std::string(tizenVer); +} + void InstallRequest::setAppId(const char *appId, lib_retcode expectedResult) { int result = security_manager_app_inst_req_set_app_id(m_req, appId); diff --git a/src/security-manager-tests/common/sm_request.h b/src/security-manager-tests/common/sm_request.h index 0bd0878..52c4d46 100644 --- a/src/security-manager-tests/common/sm_request.h +++ b/src/security-manager-tests/common/sm_request.h @@ -35,6 +35,8 @@ public: InstallRequest& operator=(const InstallRequest&) = delete; ~InstallRequest(); + void setAppTizenVersion(const char *tizenVer, + lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); void setAppId(const char *appId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); void setPkgId(const char *pkgId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); void addPrivilege(const char *privilege, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); @@ -42,12 +44,14 @@ public: lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); + std::string getAppTizenVersion() const { return m_tizenVer; } const app_inst_req *get() const { return m_req; } friend std::ostream& operator<<(std::ostream &, const InstallRequest&); private: app_inst_req *m_req; + std::string m_tizenVer; const char *m_appId; const char *m_pkgId; std::vector m_privileges; diff --git a/src/security-manager-tests/security_manager_tests.cpp b/src/security-manager-tests/security_manager_tests.cpp index f504f99..e61b5b7 100644 --- a/src/security-manager-tests/security_manager_tests.cpp +++ b/src/security-manager-tests/security_manager_tests.cpp @@ -58,9 +58,35 @@ static const privileges_t SM_NO_PRIVILEGES = { static const std::vector SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"}; +void changeSecurityContext(const std::string& label, uid_t uid, gid_t gid) +{ + RUNNER_ASSERT_ERRNO_MSG(0 == smack_set_label_for_self(label.c_str()), + "Error in smack_set_label_for_self(" << label << ")"); + + RUNNER_ASSERT_ERRNO_MSG(0 == setgid(gid), "Error in setgid."); + RUNNER_ASSERT_ERRNO_MSG(0 == setuid(uid), "Error in setuid."); +} + +std::string genPath(int app_num, const char *postfix) { + char buf[16]; + sprintf(buf, "%02d", app_num); + return std::string("/usr/apps/sm_test_") + std::string(buf) + std::string("_pkg_id_full/") + std::string(postfix); +} +std::string genRWPath(int app_num) { + return genPath(app_num, "app_dir"); +} +std::string genROPath(int app_num) { + return genPath(app_num, "app_dir_ro"); +} +std::string genPublicROPath(int app_num) { + return genPath(app_num, "app_dir_public_ro"); +} +std::string genOwnerRWOthersROPath(int app_num) { + return genPath(app_num, "app_dir_rw_others_ro"); +} + static const char *const SM_RW_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir"; -static const char *const SM_RO_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir_ro"; -static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir_public_ro"; + static const char *const SM_DENIED_PATH = "/usr/apps/non_app_dir"; static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/ @@ -81,13 +107,17 @@ static const std::vector MANY_APPS = { "security_manager_10_app_5" }; -static const std::map MANY_APPS_PKGS = { - {"security_manager_10_app_1", "security_manager_10_pkg_1"}, - {"security_manager_10_app_2", "security_manager_10_pkg_2"}, - {"security_manager_10_app_3", "security_manager_10_pkg_3"}, - {"security_manager_10_app_4", "security_manager_10_pkg_4"}, - {"security_manager_10_app_5", "security_manager_10_pkg_5"}, - {PRIVILEGE_MANAGER_APP, PRIVILEGE_MANAGER_PKG} +struct app_attributes { + std::string package; + std::string Tizen_ver; +}; +static const std::map MANY_APPS_PKGS = { + {"security_manager_10_app_1", {"security_manager_10_pkg_1", "2.1"}}, + {"security_manager_10_app_2", {"security_manager_10_pkg_2", "3.0"}}, + {"security_manager_10_app_3", {"security_manager_10_pkg_3", "2.1.1"}}, + {"security_manager_10_app_4", {"security_manager_10_pkg_4", "3.1"}}, + {"security_manager_10_app_5", {"security_manager_10_pkg_5", "2.2"}}, + {PRIVILEGE_MANAGER_APP, {PRIVILEGE_MANAGER_PKG, "3.0"}} }; static const std::vector MANY_APPS_PRIVILEGES = { @@ -143,6 +173,11 @@ static std::string generateAppLabel(const std::string &appId) return "User::App::" + appId; } +static std::string generatePkgLabelOwnerRWothersRO(const std::string &pkgId) +{ + return "User::Pkg::" + pkgId + "::SharedRO"; +} + static std::string generatePkgLabel(const std::string &pkgId) { return "User::Pkg::" + pkgId; @@ -206,55 +241,78 @@ static int nftw_check_sm_labels(const char *fpath, const struct stat *sb, nftw_expected_label.c_str(), nftw_expected_transmute, nftw_expected_exec); } -static void prepare_app_path() +static void prepare_app_path(int app_num, bool others_enabled = false) { + std::string SM_RW_PATH = genRWPath(app_num); + std::string SM_RO_PATH = genROPath(app_num); + std::string SM_PUBLIC_RO_PATH = genPublicROPath(app_num); int result; - result = nftw(SM_RW_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + result = nftw(SM_RW_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RW_PATH); - result = nftw(SM_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + result = nftw(SM_RO_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RO_PATH); - result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + result = nftw(SM_PUBLIC_RO_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH); + if(others_enabled) { + std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(app_num); + result = nftw(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_OWNER_RW_OTHERS_RO_PATH); + } + result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH); } -static void prepare_app_env() +static void prepare_app_env(int app_num, bool others_enabled = false) { - prepare_app_path(); + prepare_app_path(app_num, others_enabled); } -static void check_app_path_after_install(const char *pkgId) +static void check_app_path_after_install(int app_num, const char *pkgId, bool others_enabled=false) { + std::string SM_RW_PATH = genRWPath(app_num); + std::string SM_RO_PATH = genROPath(app_num); + std::string SM_PUBLIC_RO_PATH = genPublicROPath(app_num); int result; nftw_expected_label = generatePkgLabel(pkgId); nftw_expected_transmute = true; nftw_expected_exec = false; - result = nftw(SM_RW_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS); + result = nftw(SM_RW_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH); nftw_expected_label = generatePkgLabel(pkgId) + "::RO"; nftw_expected_transmute = false; nftw_expected_exec = false; - result = nftw(SM_RO_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS); + result = nftw(SM_RO_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH); nftw_expected_label = "User::Home"; nftw_expected_transmute = true; nftw_expected_exec = false; - result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS); + result = nftw(SM_PUBLIC_RO_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH); result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH); + + // owner RW, others RO + if(others_enabled) { + std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(app_num); + nftw_expected_label = generatePkgLabelOwnerRWothersRO(pkgId); + nftw_expected_transmute = true; + nftw_expected_exec = false; + + result = nftw(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_OWNER_RW_OTHERS_RO_PATH); + } } @@ -366,7 +424,6 @@ static void install_app(const char *app_id, const char *pkg_id, uid_t uid = 0) Api::install(request); check_app_after_install(app_id, pkg_id); - } static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed) @@ -429,7 +486,7 @@ RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall) Api::install(requestInst); Api::install(requestInst); - /* Check records in the security-manager database */ + // Check records in the security-manager database check_app_after_install(sm_app_id, sm_pkg_id); InstallRequest requestUninst; @@ -438,7 +495,7 @@ RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall) Api::uninstall(requestUninst); Api::uninstall(requestUninst); - /* Check records in the security-manager database */ + // Check records in the security-manager database check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); } @@ -503,19 +560,23 @@ RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored) RUNNER_TEST(security_manager_02_app_install_uninstall_full) { + std::string SM_RW_PATH = genRWPath(2); + std::string SM_RO_PATH = genROPath(2); + std::string SM_PUBLIC_RO_PATH = genPublicROPath(2); + const char *const sm_app_id = "sm_test_02_app_id_full"; const char *const sm_pkg_id = "sm_test_02_pkg_id_full"; - prepare_app_env(); + prepare_app_env(2); InstallRequest requestInst; requestInst.setAppId(sm_app_id); requestInst.setPkgId(sm_pkg_id); requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); - requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW); - requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO); - requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO); + requestInst.addPath(SM_RW_PATH.c_str(), SECURITY_MANAGER_PATH_RW); + requestInst.addPath(SM_RO_PATH.c_str(), SECURITY_MANAGER_PATH_RO); + requestInst.addPath(SM_PUBLIC_RO_PATH.c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO); Api::install(requestInst); @@ -524,7 +585,7 @@ RUNNER_TEST(security_manager_02_app_install_uninstall_full) SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS); /* TODO: add parameters to this function */ - check_app_path_after_install(sm_pkg_id); + check_app_path_after_install(2, sm_pkg_id, false); InstallRequest requestUninst; requestUninst.setAppId(sm_app_id); @@ -988,7 +1049,7 @@ RUNNER_MULTIPROCESS_TEST(security_manager_10_privacy_manager_fetch_whole_policy_ InstallRequest requestInst; requestInst.setAppId(app.first.c_str()); try { - requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); + requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).package.c_str()); } catch (const std::out_of_range &e) { RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); }; @@ -1102,7 +1163,7 @@ RUNNER_MULTIPROCESS_TEST(security_manager_11_privacy_manager_fetch_whole_policy_ InstallRequest requestInst; requestInst.setAppId(app.first.c_str()); try { - requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); + requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).package.c_str()); } catch (const std::out_of_range &e) { RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); }; @@ -1218,7 +1279,7 @@ RUNNER_MULTIPROCESS_TEST(security_manager_12_privacy_manager_fetch_whole_policy_ InstallRequest requestInst; requestInst.setAppId(app.first.c_str()); try { - requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); + requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).package.c_str()); } catch (const std::out_of_range &e) { RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); }; @@ -1420,7 +1481,7 @@ RUNNER_MULTIPROCESS_TEST(security_manager_13_privacy_manager_fetch_policy_after_ InstallRequest requestInst; requestInst.setAppId(app.first.c_str()); try { - requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); + requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).package.c_str()); } catch (const std::out_of_range &e) { RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); }; @@ -1512,7 +1573,7 @@ RUNNER_MULTIPROCESS_TEST(security_manager_14_privacy_manager_fetch_and_update_po InstallRequest requestInst; requestInst.setAppId(app.first.c_str()); try { - requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); + requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).package.c_str()); } catch (const std::out_of_range &e) { RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); }; @@ -2037,7 +2098,7 @@ RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_fetch_whole_policy_ for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { InstallRequest requestInst; requestInst.setAppId(MANY_APPS[i].c_str()); - requestInst.setPkgId(MANY_APPS_PKGS.at(MANY_APPS[i]).c_str()); + requestInst.setPkgId(MANY_APPS_PKGS.at(MANY_APPS[i]).package.c_str()); requestInst.setUid(user.getUid()); for (auto &priv : MANY_APPS_PRIVILEGES.at(i)) { @@ -2449,6 +2510,227 @@ RUNNER_TEST(security_manager_26_get_default_mappings_default_version) "Wrong default mapping returned"); } +namespace { +const int sm_app_shared_test_id = 27; +const char *const sm_app_shared_id = "sm_test_27_app_id_full"; +const char *const sm_app_shared_another_in_package_id = "sm_test_27_app_2_id_full"; +const char *const sm_pkg_shared_id = "sm_test_27_pkg_id_full"; + +void test_success_worker(const std::string &appName, int test_num) +{ + std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num); + + changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID); + + RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, + "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH ); +} + +void test_fail_worker(const std::string &appName, int test_num) +{ + std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num); + + changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID); + + RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1, + "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName + << " surprisingly succeeded, while expecting fail"); +} +} + +RUNNER_TEST(security_manager_27a_API2X_app_install) +{ + std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id); + std::string SM_RO_PATH = genROPath(sm_app_shared_test_id); + std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id); + std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id); + prepare_app_env(sm_app_shared_test_id, true); + + // install other apps + for(const auto &app : MANY_APPS_PKGS) { + InstallRequest requestInst; + requestInst.setAppId(app.first.c_str()); + requestInst.setPkgId(app.second.package.c_str()); + requestInst.setAppTizenVersion(app.second.Tizen_ver.c_str()); + + Api::install(requestInst); + }; + + // install + { + InstallRequest requestInst; + requestInst.setAppId(sm_app_shared_id); + requestInst.setPkgId(sm_pkg_shared_id); + requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); + requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); + requestInst.addPath(SM_RW_PATH.c_str(), SECURITY_MANAGER_PATH_RW); + requestInst.addPath(SM_RO_PATH.c_str(), SECURITY_MANAGER_PATH_RO); + requestInst.addPath(SM_PUBLIC_RO_PATH.c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO); + requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO); + requestInst.setAppTizenVersion("2.4"); + Api::install(requestInst); + } + + // another app in package + { + InstallRequest requestInst; + requestInst.setAppId(sm_app_shared_another_in_package_id); + requestInst.setPkgId(sm_pkg_shared_id); + requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); + requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); + requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO); + requestInst.setAppTizenVersion("2.4"); + Api::install(requestInst); + } + + /* Check records in the security-manager database */ + check_app_after_install(sm_app_shared_id, sm_pkg_shared_id, + SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS); + /* Check records in the security-manager database */ + check_app_after_install(sm_app_shared_another_in_package_id, sm_pkg_shared_id, + SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS); + + /* TODO: add parameters to this function */ + check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true); + + RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed"); +} + +RUNNER_CHILD_TEST(security_manager_27b_owner_1_have_access) +{ + test_success_worker(sm_app_shared_id, sm_app_shared_test_id); +} + +RUNNER_CHILD_TEST(security_manager_27c_owner_2_have_access) +{ + test_success_worker(sm_app_shared_another_in_package_id, sm_app_shared_test_id); +} + +RUNNER_CHILD_TEST(security_manager_27d_API2X_apps_have_access_app_1) +{ + test_success_worker("security_manager_10_app_1", sm_app_shared_test_id); +} + +RUNNER_CHILD_TEST(security_manager_27e_API2X_apps_dont_have_access_app_2) +{ + test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id); +} + +RUNNER_CHILD_TEST(security_manager_27f_API2X_apps_have_access_app_3) +{ + test_success_worker("security_manager_10_app_3", sm_app_shared_test_id); +} + +RUNNER_CHILD_TEST(security_manager_27g_API2X_apps_dont_have_access_app_4) +{ + test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id); +} + +RUNNER_CHILD_TEST(security_manager_27h_API2X_apps_have_access_app_5) +{ + test_success_worker("security_manager_10_app_5", sm_app_shared_test_id); +} + + +RUNNER_TEST(security_manager_27i_API2X_app_uninstall) +{ + { + InstallRequest requestUninst; + requestUninst.setAppId(sm_app_shared_id); + Api::uninstall(requestUninst); + } + { + InstallRequest requestUninst; + requestUninst.setAppId(sm_app_shared_another_in_package_id); + Api::uninstall(requestUninst); + } + + /* Check records in the security-manager database, + * all previously allowed privileges should be removed */ + check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id, + SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED); + check_app_after_uninstall(sm_app_shared_another_in_package_id, sm_pkg_shared_id, + SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED); +} + +RUNNER_TEST(security_manager_27j_API30_app_install) +{ + std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id); + std::string SM_RO_PATH = genROPath(sm_app_shared_test_id); + std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id); + std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id); + prepare_app_env(sm_app_shared_test_id, true); + + // install + InstallRequest requestInst; + requestInst.setAppId(sm_app_shared_id); + requestInst.setPkgId(sm_pkg_shared_id); + requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); + requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); + requestInst.addPath(SM_RW_PATH.c_str(), SECURITY_MANAGER_PATH_RW); + requestInst.addPath(SM_RO_PATH.c_str(), SECURITY_MANAGER_PATH_RO); + requestInst.addPath(SM_PUBLIC_RO_PATH.c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO); + requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO); + requestInst.setAppTizenVersion("3.0"); + + Api::install(requestInst); + + /* Check records in the security-manager database */ + check_app_after_install(sm_app_shared_id, sm_pkg_shared_id, + SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS); + + /* TODO: add parameters to this function */ + check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true); + + RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed"); +} + +RUNNER_CHILD_TEST(security_manager_27k_API30_apps_dont_have_access_app_1) +{ + test_fail_worker("security_manager_10_app_1", sm_app_shared_test_id); +} + +RUNNER_CHILD_TEST(security_manager_27l_API30_apps_dont_have_access_app_2) +{ + test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id); +} + +RUNNER_CHILD_TEST(security_manager_27m_API30_apps_dont_have_access_app_3) +{ + test_fail_worker("security_manager_10_app_3", sm_app_shared_test_id); +} + +RUNNER_CHILD_TEST(security_manager_27n_API30_apps_dont_have_access_app_4) +{ + test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id); +} + +RUNNER_CHILD_TEST(security_manager_27o_API30_apps_dont_have_access_app_5) +{ + test_fail_worker("security_manager_10_app_5", sm_app_shared_test_id); +} + +RUNNER_TEST(security_manager_27p_API30_app_uninstall) +{ + InstallRequest requestUninst; + requestUninst.setAppId(sm_app_shared_id); + + Api::uninstall(requestUninst); + + /* Check records in the security-manager database, + * all previously allowed privileges should be removed */ + check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id, + SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED); + + // install other apps + for(const auto &app : MANY_APPS_PKGS) { + InstallRequest requestUninst; + requestUninst.setAppId(app.first.c_str()); + + Api::uninstall(requestUninst); + }; +} + int main(int argc, char *argv[]) { return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);