From: Zofia Abramowska Date: Tue, 4 Oct 2016 15:13:02 +0000 (+0200) Subject: SM : Cleanup - simple test cases X-Git-Tag: security-manager_5.5_testing~20^2~26 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4aff4064dce89f64426842c09c83b200e89d8616;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git SM : Cleanup - simple test cases Change-Id: Ia96f74c14eb772c34ec084f58fbe9f7845fc7576 --- diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/.level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/.level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/.level_1/level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/.level_1/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/link_to_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/level_1/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_app_normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/link_to_non_exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_public_ro/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/.level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/.level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/level_2/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/.level_1/level_2/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/exec b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_ro/exec new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_rw_others_ro/normal b/src/security-manager-tests/app_files/sm_test_01d_pkg_id_full/app_dir_rw_others_ro/normal new file mode 100644 index 00000000..e69de29b diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/.level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/.level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/.level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/link_to_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/.level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/link_to_non_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/link_to_non_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/link_to_non_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_dir/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_app_normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/link_to_non_exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_public_ro/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/.level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/level_2/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/.level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/exec b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_ro/exec deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_rw_others_ro/normal b/src/security-manager-tests/app_files/sm_test_27_pkg_id_full/app_dir_rw_others_ro/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/common/sm_commons.cpp b/src/security-manager-tests/common/sm_commons.cpp index f7ae1064..d0e48a2d 100644 --- a/src/security-manager-tests/common/sm_commons.cpp +++ b/src/security-manager-tests/common/sm_commons.cpp @@ -252,6 +252,18 @@ void check_app_permissions(const std::string &app_id, const std::string &pkg_id, } } +void sm_app_has_privileges(const AppInstallHelper &app, + const std::vector &privileges, + int expectedResult) +{ + for (auto const &privilege : privileges) { + int result; + Api::appHasPrivilege(app.getAppId(), privilege, app.getUID(), result); + RUNNER_ASSERT_MSG(result == expectedResult, "Application " << app.getAppId() + << " has unexpected access to " << privilege << ", is : " + << " should be : " << expectedResult ); + } +} void check_app_after_install(const std::string &app_id, const std::string &pkg_id) { diff --git a/src/security-manager-tests/common/sm_commons.h b/src/security-manager-tests/common/sm_commons.h index 8560c4dd..a5edc68a 100644 --- a/src/security-manager-tests/common/sm_commons.h +++ b/src/security-manager-tests/common/sm_commons.h @@ -27,6 +27,7 @@ #include +#include #include #include #include @@ -65,6 +66,9 @@ int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/, void check_app_permissions(const std::string &app_id, const std::string &pkg_id, const std::string &user, const privileges_t &allowed_privs, const privileges_t &denied_privs, bool isHybrid = false); +void sm_app_has_privileges(const AppInstallHelper &app, + const std::vector &privileges, + int result); void check_app_after_install(const std::string &app_id, const std::string &pkg_id); void check_app_after_install(const std::string &app_id, const std::string &pkg_id, const privileges_t &allowed_privs, diff --git a/src/security-manager-tests/test_cases.cpp b/src/security-manager-tests/test_cases.cpp index 37e89f09..fdfc5cb0 100644 --- a/src/security-manager-tests/test_cases.cpp +++ b/src/security-manager-tests/test_cases.cpp @@ -14,13 +14,13 @@ * limitations under the License. */ +// cstdlibg has to be included before attr/xattr #include #include #include +#include #include #include -#include - #include #include #include @@ -28,9 +28,12 @@ #include +#include #include #include -#include +#include +#include +#include #include #include #include @@ -44,176 +47,188 @@ using namespace SecurityManagerTest; +namespace { +std::vector merge(const std::vector &one, const std::vector &two) { + std::vector sum; + sum.reserve(one.size() + two.size()); + sum.insert(sum.end(), one.begin(), one.end()); + sum.insert(sum.end(), two.begin(), two.end()); + return sum; +} +} + RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER) RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall) { - const char *const sm_app_id = "sm_test_01a_app_id_double"; - const char *const sm_pkg_id = "sm_test_01a_pkg_id_double"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - - Api::install(requestInst); - Api::install(requestInst); - - // Check records in the security-manager database - check_app_after_install(sm_app_id, sm_pkg_id); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); - Api::uninstall(requestUninst); - - // Check records in the security-manager database - check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); + AppInstallHelper app("sm_test_01a_app"); + { + ScopedInstaller appInstall(app); + // FIXME - whitebox - db + check_app_after_install(app.getAppId(), app.getPkgId()); + { + ScopedInstaller appInstall2(app); + // FIXME - whitebox - db + check_app_after_install(app.getAppId(), app.getPkgId()); + } + // FIXME - whitebox - db + check_app_after_uninstall(app.getAppId(), app.getPkgId(), TestSecurityManagerDatabase::REMOVED); + } } RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id) { - const char *const sm_app_id = "sm_test_01b_app"; - const char *const sm_pkg_id = "sm_test_01b_pkg"; - const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + AppInstallHelper app("sm_test_01b"); + { + ScopedInstaller appInstall(app); - Api::install(requestInst); + InstallRequest requestInst2; + requestInst2.setAppId(app.getAppId()); + requestInst2.setPkgId(app.getPkgId() + "_wrong"); - InstallRequest requestInst2; - requestInst2.setAppId(sm_app_id); - requestInst2.setPkgId(sm_pkg_id_wrong); + Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM); - Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM); + // FIXME - whitebox - db + check_app_after_install(app.getAppId(), app.getPkgId()); + } + // FIXME - whitebox - db + check_app_after_uninstall(app.getAppId(), app.getPkgId(), TestSecurityManagerDatabase::REMOVED); +} +RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored) +{ + AppInstallHelper app("sm_test_01c"); + ScopedInstaller appInstall(app); - /* Check records in the security-manager database */ - check_app_after_install(sm_app_id, sm_pkg_id); + // FIXME - whitebox - db + check_app_after_install(app.getAppId(), app.getPkgId()); InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); + requestUninst.setAppId(app.getAppId()); + requestUninst.setPkgId(app.getPkgId() + "_ignored"); // pkg_id param is ignored in uninstall request Api::uninstall(requestUninst); - - /* Check records in the security-manager database */ - check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); + // FIXME - whitebox - db + check_app_after_uninstall(app.getAppId(), app.getPkgId(), TestSecurityManagerDatabase::REMOVED); + // ScopedInstaller destructor (app second uninstallation) won't have any effect } -RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored) +/* + * This test uses files installed with security-tests package + */ +RUNNER_TEST(security_manager_01d_app_install_complicated_dir_tree) { - const char * const sm_app_id = "SM_TEST_01c_APPID"; - const char * const sm_pkg_id = "SM_TEST_01c_PKGID"; - const char * const sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + const std::string appId = "sm_test_01d_app_id_full"; + const std::string pkgId = "sm_test_01d_pkg_id_full"; - Api::install(requestInst); + const std::string rootDir = TzPlatformConfig::globalAppDir() + "/" + pkgId + "/"; + const std::string privateDir = rootDir + "app_dir/"; + const std::string privateRODir = rootDir + "app_dir_ro/"; + const std::string publicRODir = rootDir + "app_dir_public_ro/"; + const std::string sharedRODir = rootDir + "app_dir_rw_others_ro/"; - /* Check records in the security-manager database */ - check_app_after_install(sm_app_id, sm_pkg_id); + int result = nftw(rootDir.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << rootDir); - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - requestUninst.setPkgId(sm_pkg_id_wrong); + InstallRequest requestInst; + requestInst.setAppId(appId); + requestInst.setPkgId(pkgId); + requestInst.addPath(privateDir, SECURITY_MANAGER_PATH_RW); + requestInst.addPath(privateRODir, SECURITY_MANAGER_PATH_RO); + requestInst.addPath(publicRODir, SECURITY_MANAGER_PATH_PUBLIC_RO); + requestInst.addPath(sharedRODir, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO); + Api::install(requestInst); - Api::uninstall(requestUninst); + std::unique_ptr> appCleanup(&requestInst, + [](InstallRequest *req) { + Api::uninstall(*req); + }); - check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); + check_path(privateDir, generatePathRWLabel(pkgId)); + check_path(privateRODir, generatePathROLabel(pkgId), false); + check_path(publicRODir, getPublicPathLabel()); + check_path(sharedRODir, generatePathSharedROLabel(pkgId)); } RUNNER_TEST(security_manager_02_app_install_uninstall_full) { - std::string SM_RW_PATH = genRWPath(2); - std::string SM_RO_PATH = genROPath(2); - std::string SM_PUBLIC_RO_PATH = genPublicROPath(2); - - const char *const sm_app_id = "sm_test_02_app_id_full"; - const char *const sm_pkg_id = "sm_test_02_pkg_id_full"; - - prepare_app_env(2); - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); - requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); - requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW); - requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO); - requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO); - - Api::install(requestInst); + const privileges_t allowedPrivs = { + "http://tizen.org/privilege/display", + "http://tizen.org/privilege/nfc" + }; - /* Check records in the security-manager database */ - check_app_after_install(sm_app_id, sm_pkg_id, - SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS); + const privileges_t someDeniedPrivs = { + "http://tizen.org/privilege/bluetooth", + "http://tizen.org/privilege/power" + }; - /* TODO: add parameters to this function */ - check_app_path_after_install(2, sm_pkg_id, false); + AppInstallHelper app("sm_test_02"); + app.createInstallDir(); + app.createPrivateDir(); + app.createPrivateRODir(); + app.createPublicDir(); + app.createSharedRODir(); + app.addPrivileges(allowedPrivs); + { + ScopedInstaller appInstall(app); - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); + // FIXME - whitebox - db, groups + check_app_after_install(app.getAppId(), app.getPkgId(), + app.getPrivileges(), someDeniedPrivs, SM_ALLOWED_GROUPS); - Api::uninstall(requestUninst); + check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId())); + check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false); + check_path(app.getPublicDir(), getPublicPathLabel()); + check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId())); + } - /* Check records in the security-manager database, - * all previously allowed privileges should be removed */ - check_app_after_uninstall(sm_app_id, sm_pkg_id, - SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED); + // FIXME - whitebox - db + check_app_after_uninstall(app.getAppId(), app.getPkgId(), + app.getPrivileges(), TestSecurityManagerDatabase::REMOVED); } RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid) { - const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack"; - const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack"; - const char *const socketLabel = "not_expected_label"; - std::string expected_label = generateProcessLabel(app_id, pkg_id); - std::string expected_socket_label = socketLabel; - char *label = nullptr; - CStringPtr labelPtr; - int result; + std::string expectedSockLabel = "labelExpectedOnlyFromSocket"; - uninstall_app(app_id, pkg_id, true); - install_app(app_id, pkg_id); + AppInstallHelper app("sm_test_03a"); + std::string expectedProcLabel = generateProcessLabel(app.getAppId(), app.getPkgId()); - const auto sockaddr = UDSHelpers::makeAbstractAddress("sm_test_03.socket"); + const auto sockaddr = UDSHelpers::makeAbstractAddress("sm_test_03a.socket"); int sock = UDSHelpers::createServer(&sockaddr); SockUniquePtr sockPtr(&sock); - //Set socket label to something different than expecedLabel - result = smack_set_label_for_file(*sockPtr, XATTR_NAME_SMACKIPIN, socketLabel); + //Set socket label to something different than expeced process label + int result = smack_set_label_for_file(*sockPtr, XATTR_NAME_SMACKIPIN, expectedSockLabel.c_str()); RUNNER_ASSERT_ERRNO_MSG(result == 0, "Can't set socket label. Result: " << result); - result = smack_set_label_for_file(*sockPtr, XATTR_NAME_SMACKIPOUT, socketLabel); + result = smack_set_label_for_file(*sockPtr, XATTR_NAME_SMACKIPOUT, expectedSockLabel.c_str()); RUNNER_ASSERT_ERRNO_MSG(result == 0, "Can't set socket label. Result: " << result); + ScopedInstaller appInstall(app); - SynchronizationPipe pipe; pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed"); + if (pid == 0) { // child + Api::setProcessLabel(app.getAppId()); - if (pid != 0) { // parent process - pipe.claimParentEp(); - Api::setProcessLabel(app_id); - + char *label = nullptr; + CStringPtr labelPtr; result = smack_new_label_from_file(*sockPtr, XATTR_NAME_SMACKIPIN, &label); RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label); labelPtr.reset(label); - result = expected_socket_label.compare(label); + result = expectedSockLabel.compare(label); RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " << - expected_label << " Actual: " << label); + expectedProcLabel << " Actual: " << label); result = smack_new_label_from_file(*sockPtr, XATTR_NAME_SMACKIPOUT, &label); RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label); labelPtr.reset(label); - result = expected_socket_label.compare(label); + result = expectedSockLabel.compare(label); RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " << - expected_label << " Actual: " << label); + expectedProcLabel << " Actual: " << label); result = smack_new_label_from_self(&label); RUNNER_ASSERT_MSG(result >= 0, @@ -222,131 +237,69 @@ RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid) " Process label is not set"); labelPtr.reset(label); - result = expected_label.compare(label); + result = expectedProcLabel.compare(label); RUNNER_ASSERT_MSG(result == 0, - " Process label is incorrect. Expected: \"" << expected_label << + " Process label is incorrect. Expected: \"" << expectedProcLabel << "\" Actual: \"" << label << "\""); - pipe.post(); + } else { // parent waitPid(pid); - } else { // child process - pipe.claimChildEp(); - pipe.wait(); - uninstall_app(app_id, pkg_id, true); - exit(0); } } -RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack) -{ - const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack"; - const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack"; - - uninstall_app(app_id, pkg_id, true); - install_app(app_id, pkg_id); - - { - ScopedProcessLabel keepLabel; - Api::setProcessLabel(app_id); - } - - uninstall_app(app_id, pkg_id, true); -} - -static void install_and_check(const char *const sm_app_id, - const char *const sm_pkg_id, - const TemporaryTestUser& user, - const std::string &appDir, - bool requestUid) -{ - InstallRequest requestPrivate; - - //install app for non-root user - //should fail (users may only register folders inside their home) - prepare_request(requestPrivate, sm_app_id, sm_pkg_id, - SECURITY_MANAGER_PATH_RW, SM_RW_PATH, - requestUid ? user.getUid() : 0); - - Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); - - InstallRequest requestPrivateUser; - - //install app for non-root user - //should succeed - this time i register folder inside user's home dir - prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, - SECURITY_MANAGER_PATH_RW, appDir.c_str(), - requestUid ? user.getUid() : 0); - - for (auto &privilege : SM_ALLOWED_PRIVILEGES) - requestPrivateUser.addPrivilege(privilege.c_str()); - - Api::install(requestPrivateUser); - - check_app_permissions(sm_app_id, sm_pkg_id, - user.getUidString().c_str(), - SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES); -} - RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self) { - int result; - const char *const sm_app_id = "sm_test_04a_app_id_uid"; - const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid"; - const std::string new_user_name = "sm_test_04a_user_name"; + const std::vector allowedPrivs = { + "http://tizen.org/privilege/bluetooth", + "http://tizen.org/privilege/power" + }; + const std::vector someDeniedPrivs = { + "http://tizen.org/privilege/display", + "http://tizen.org/privilege/nfc" + }; - TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser testUser("sm_test_04a_user_name", GUM_USERTYPE_NORMAL); testUser.create(); - removeTestDirs(testUser, sm_app_id, sm_pkg_id); - createTestDirs(testUser, sm_app_id, sm_pkg_id); - - const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id); - - //switch user to non-root - result = drop_root_privileges(testUser.getUid(), testUser.getGid()); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + AppInstallHelper app("sm_test_04a", testUser.getUid()); + app.addPrivileges(allowedPrivs); - install_and_check(sm_app_id, sm_pkg_id, testUser, userAppDirPath, false); - - //uninstall app as non-root user - InstallRequest request; - request.setAppId(sm_app_id); - - Api::uninstall(request); - - check_app_permissions(sm_app_id, sm_pkg_id, - testUser.getUidString().c_str(), - SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0, + "drop_root_privileges failed"); + { + ScopedInstaller appInstall(app, false); + check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), + allowedPrivs, someDeniedPrivs); + } + check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), + {}, merge(allowedPrivs, someDeniedPrivs)); } -RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user) -{ - int result; - const char *const sm_app_id = "sm_test_04b_app_id_uid"; - const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid"; - const std::string new_user_name = "sm_test_04b_user_name"; +RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user) { + const std::vector allowedPrivs = { + "http://tizen.org/privilege/internet", + "http://tizen.org/privilege/led" + }; + const std::vector someDeniedPrivs = { + "http://tizen.org/privilege/location", + "http://tizen.org/privilege/notification" + }; - TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser testUser("sm_test_04b_user_name", GUM_USERTYPE_NORMAL); testUser.create(); - removeTestDirs(testUser, sm_app_id, sm_pkg_id); - createTestDirs(testUser, sm_app_id, sm_pkg_id); - - install_and_check(sm_app_id, sm_pkg_id, testUser, - TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id), true); - - //switch user to non-root - root may not uninstall apps for specified users - result = drop_root_privileges(testUser.getUid(), testUser.getGid()); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + AppInstallHelper app("sm_test_04b", testUser.getUid()); + app.addPrivileges(allowedPrivs); - //uninstall app as non-root user - InstallRequest request; - request.setAppId(sm_app_id); - - Api::uninstall(request); + { + ScopedInstaller appInstall(app); + check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), + allowedPrivs, someDeniedPrivs); - check_app_permissions(sm_app_id, sm_pkg_id, - testUser.getUidString().c_str(), - SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0, + "drop_root_privileges failed"); + } + check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), + {}, merge(allowedPrivs, someDeniedPrivs)); } RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities) @@ -364,123 +317,124 @@ RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities) "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL)); } -RUNNER_CHILD_TEST(security_manager_06_install_app_offline) +RUNNER_TEST(security_manager_06_install_app_offline) { - const char *const app_id = "sm_test_06_app_id_install_app_offline"; - const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline"; - - // Uninstall app on-line, off-line mode doesn't support it - uninstall_app(app_id, pkg_id, true); - ServiceManager("security-manager.service").stopService(); ServiceManager serviceManager("security-manager.socket"); serviceManager.stopService(); - install_app(app_id, pkg_id); - + AppInstallHelper app("sm_test_06"); + ScopedInstaller appInstall(app); + // TODO - check if app is installed properly + // start service before uninstall, offline mode doesn't support uninstall serviceManager.startService(); - - uninstall_app(app_id, pkg_id, true); + appInstall.uninstallApp(); + // TODO - check if app is uninstalled properly } -RUNNER_CHILD_TEST(security_manager_07_user_add_app_install) +RUNNER_TEST(security_manager_07a_user_add_app_install) { - const char *const sm_app_id = "sm_test_07_app_id_user"; - const char *const sm_pkg_id = "sm_test_07_pkg_id_user"; - const std::string new_user_name = "sm_test_07_user_name"; - - TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false); - test_user.create(); - std::string uid_string = test_user.getUidString(); + const std::vector allowedPrivs = { + "http://tizen.org/privilege/internet", + "http://tizen.org/privilege/led" + }; + const std::vector someDeniedPrivs = { + "http://tizen.org/privilege/location", + "http://tizen.org/privilege/notification" + }; - removeTestDirs(test_user, sm_app_id, sm_pkg_id); - createTestDirs(test_user, sm_app_id, sm_pkg_id); + TemporaryTestUser testUser("sm_test_07a_user_name", GUM_USERTYPE_NORMAL); + testUser.create(); - install_app(sm_app_id, sm_pkg_id, test_user.getUid()); + AppInstallHelper app("sm_test_07a", testUser.getUid()); + app.addPrivileges(allowedPrivs); - check_app_after_install(sm_app_id, sm_pkg_id); + InstallRequest req; + req.setAppId(app.getAppId()); + req.setPkgId(app.getPkgId()); + req.setUid(app.getUID()); + for (const auto &priv: app.getPrivileges()) { + req.addPrivilege(priv); + } + Api::install(req); - test_user.remove(); + check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), + allowedPrivs, someDeniedPrivs); - check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); + testUser.remove(); - check_app_after_uninstall(sm_app_id, sm_pkg_id, true); + check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), + {}, merge(allowedPrivs, someDeniedPrivs)); + // TODO - check if app is uninstalled } -RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove) +RUNNER_TEST(security_manager_07b_user_add_offline) { - UserRequest addUserRequest; - - const char *const sm_app_id = "sm_test_08_app_id_user"; - const char *const sm_pkg_id = "sm_test_08_pkg_id_user"; - const std::string new_user_name = "sm_test_08_user_name"; - - // gumd user add - TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false); - test_user.create(); - std::string uid_string = test_user.getUidString(); - - removeTestDirs(test_user, sm_app_id, sm_pkg_id); - createTestDirs(test_user, sm_app_id, sm_pkg_id); - - addUserRequest.setUid(test_user.getUid()); - addUserRequest.setUserType(SM_USER_TYPE_NORMAL); - - //sm user add - Api::addUser(addUserRequest); - - install_app(sm_app_id, sm_pkg_id, test_user.getUid()); - - check_app_after_install(sm_app_id, sm_pkg_id); + ServiceManager("security-manager.service").stopService(); - test_user.remove(); + ServiceManager serviceManager("security-manager.socket"); + serviceManager.stopService(); - UserRequest deleteUserRequest; - deleteUserRequest.setUid(test_user.getUid()); + TemporaryTestUser testUser("sm_test_07b_user_name", GUM_USERTYPE_NORMAL, true); + testUser.create(); - Api::deleteUser(deleteUserRequest); + AppInstallHelper app("sm_test_07b", testUser.getUid()); + ScopedInstaller appInstall(app); - check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); + // FIXME - whitebox - db + check_app_after_install(app.getAppId(), app.getPkgId()); - check_app_after_uninstall(sm_app_id, sm_pkg_id, true); + serviceManager.startService(); + testUser.remove(); + // FIXME - whitebox - db + check_app_after_uninstall(app.getAppId(), app.getPkgId(), true); } -RUNNER_CHILD_TEST(security_manager_09_add_user_offline) +RUNNER_TEST(security_manager_08_user_double_add_double_remove) { - const char *const app_id = "security_manager_09_add_user_offline_app"; - const char *const pkg_id = "security_manager_09_add_user_offline_pkg"; - const std::string new_user_name("sm_test_09_user_name"); - - ServiceManager("security-manager.service").stopService(); - - ServiceManager serviceManager("security-manager.socket"); - serviceManager.stopService(); - - TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, true); - test_user.create(); - - removeTestDirs(test_user, app_id, pkg_id); - createTestDirs(test_user, app_id, pkg_id); + std::vector somePrivs = { + "http://tizen.org/privilege/internet", "http://tizen.org/privilege/led", + "http://tizen.org/privilege/location", "http://tizen.org/privilege/notification" + }; + // gumd + TemporaryTestUser testUser("sm_test_08_user_name", GUM_USERTYPE_NORMAL); + testUser.create(); - install_app(app_id, pkg_id, test_user.getUid()); + // security-manager + UserRequest addUserRequest; + addUserRequest.setUid(testUser.getUid()); + addUserRequest.setUserType(SM_USER_TYPE_NORMAL); + Api::addUser(addUserRequest); - check_app_after_install(app_id, pkg_id); + AppInstallHelper app("sm_test_08", testUser.getUid()); + ScopedInstaller appInstall(app); - serviceManager.startService(); + // FIXME - whitebox - db + check_app_after_install(app.getAppId(), app.getPkgId()); + check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), {}, somePrivs); - test_user.remove(); + // gumd + testUser.remove(); + + // FIXME - whitebox - db + check_app_after_uninstall(app.getAppId(), app.getPkgId(), true); + check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), {}, somePrivs); - check_app_after_uninstall(app_id, pkg_id, true); + // security-manager + UserRequest deleteUserRequest; + deleteUserRequest.setUid(testUser.getUid()); + Api::deleteUser(deleteUserRequest); } -RUNNER_TEST(security_manager_50_app_install_constraint_check) +RUNNER_TEST(security_manager_09_app_install_constraint_check) { auto install = [](const TemporaryTestUser& user, const char *pkgId, const char *appId, const char *version, const char *author, + bool isHybrid, enum lib_retcode expected, bool uninstall = true) { @@ -490,97 +444,86 @@ RUNNER_TEST(security_manager_50_app_install_constraint_check) request.setAppTizenVersion(version); request.setAuthorId(author); request.setUid(user.getUid()); - + if (isHybrid) + request.setHybrid(); Api::install(request, expected); - if(expected == SECURITY_MANAGER_SUCCESS) { - // TODO add verification once check_app_after_install() supports uid - // check_app_after_install(appId, pkgId); - if(uninstall) - Api::uninstall(request); + if(expected == SECURITY_MANAGER_SUCCESS && uninstall) { + Api::uninstall(request); } }; std::vector users = { - {"sm_test_50_user_name_0", GUM_USERTYPE_NORMAL, false}, - {"sm_test_50_user_name_1", GUM_USERTYPE_NORMAL, false} + {"sm_test_09_user_name_0", GUM_USERTYPE_NORMAL, false}, + {"sm_test_09_user_name_1", GUM_USERTYPE_NORMAL, false} }; for(auto& gu : users) gu.create(); - const char *const pkgId[] = {"sm_test_50_pkg_id_0", "sm_test_50_pkg_id_1"}; - const char *const appId[] = {"sm_test_50_app_id_0", "sm_test_50_app_id_1"}; - const char *const version[] = {"sm_test_50_version_0", "sm_test_50_version_1"}; - const char *const author[] = {"sm_test_50_author_0", "sm_test_50_author_1"}; - - // uid_0, pkg_0, app_0, version_0, author_0 - install(users[0], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS, false); - - // uid_1, pkg_0, app_0, version_0, author_0 -> ok (different uid) - install(users[1], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS); - // uid_1, pkg_0, app_0, version_0, author_1 -> fail (author of app_0 must be the same) - install(users[1], pkgId[0], appId[0], version[0], author[1], SECURITY_MANAGER_ERROR_INPUT_PARAM); - // uid_1, pkg_0, app_0, version_1, author_0 -> fail (version of app_0 must be the same) - install(users[1], pkgId[0], appId[0], version[1], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM); - // uid_1, pkg_1, app_0, version_0, author_0 -> fail (pkg of app_0 must be the same) - install(users[1], pkgId[1], appId[0], version[0], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM); - // uid_0, pkg_0, app_0, version_0, author_0 -> ok (the same app again) - install(users[0], pkgId[0], appId[0], version[0], author[0], SECURITY_MANAGER_SUCCESS, false); - // uid_0, pkg_1, app_0, version_0, author_0 -> fail (app_name + uid must be unique) - install(users[0], pkgId[1], appId[0], version[0], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM); - // uid_0, pkg_0, app_0, version_1, author_0 -> fail (app_name + uid must be unique) - install(users[0], pkgId[0], appId[0], version[1], author[0], SECURITY_MANAGER_ERROR_INPUT_PARAM); - // uid_0, pkg_0, app_0, version_0, author_1 -> fail (app_name + uid must be unique) - install(users[0], pkgId[0], appId[0], version[0], author[1], SECURITY_MANAGER_ERROR_INPUT_PARAM); -} - -RUNNER_CHILD_TEST(security_manager_53_app_has_privilege) -{ - const char *const sm_app_id = "sm_test_53_app"; - const char *const sm_pkg_id = "sm_test_53_pkg"; - const std::string new_user_name = "sm_test_47_user_name"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - for (auto const &privilege : SM_ALLOWED_PRIVILEGES) - requestInst.addPrivilege(privilege.c_str()); - Api::install(requestInst); - - for (auto const &privilege : SM_ALLOWED_PRIVILEGES) { - int result; - Api::appHasPrivilege(sm_app_id, privilege.c_str(), TzPlatformConfig::getGlobalUserId(), - result); - RUNNER_ASSERT_MSG(result == 1, "Application " << sm_app_id << - " should have access to privilege " << privilege); - } + const char *const pkgId[] = {"sm_test_09_pkg_id_0", "sm_test_09_pkg_id_1"}; + const char *const appId[] = {"sm_test_09_app_id_0", "sm_test_09_app_id_1"}; + const char *const version[] = {"sm_test_09_version_0", "sm_test_09_version_1"}; + const char *const author[] = {"sm_test_09_author_0", "sm_test_09_author_1"}; + bool hybrid[] = {false, true}; + + // uid_0, pkg_0, app_0, version_0, author_0, not hybrid + install(users[0], pkgId[0], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_SUCCESS, false); + // uid_1, pkg_0, app_0, version_0, author_0, not hybrid -> ok (different uid) + install(users[1], pkgId[0], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_SUCCESS); + // uid_0, pkg_0, app_0, version_0, author_0, hybrid -> fail (different hybrid setting) + install(users[0], pkgId[0], appId[0], version[0], author[0], hybrid[1], SECURITY_MANAGER_ERROR_INPUT_PARAM); + // uid_0, pkg_0, app_1, version_0, author_0, hybrid -> fail (different hybrid setting) + install(users[0], pkgId[0], appId[1], version[0], author[0], hybrid[1], SECURITY_MANAGER_ERROR_INPUT_PARAM); + // uid_1, pkg_0, app_0, version_0, author_0, hybrid -> fail (different hybrid setting) + install(users[1], pkgId[0], appId[0], version[0], author[0], hybrid[1], SECURITY_MANAGER_ERROR_INPUT_PARAM); + // uid_1, pkg_0, app_0, version_0, author_1, not hybrid -> fail (author of app_0 must be the same) + install(users[1], pkgId[0], appId[0], version[0], author[1], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM); + // uid_1, pkg_0, app_0, version_1, author_0, not hybrid -> fail (version of app_0 must be the same) + install(users[1], pkgId[0], appId[0], version[1], author[0], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM); + // uid_1, pkg_1, app_0, version_0, author_0, not hybrid -> fail (pkg of app_0 must be the same) + install(users[1], pkgId[1], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM); + // uid_0, pkg_0, app_0, version_0, author_0, not hybrid -> ok (the same app again) + install(users[0], pkgId[0], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_SUCCESS, false); + // uid_0, pkg_1, app_0, version_0, author_0, not hybrid -> fail (app_name + uid must be unique) + install(users[0], pkgId[1], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM); + // uid_0, pkg_0, app_0, version_1, author_0, not hybrid -> fail (app_name + uid must be unique) + install(users[0], pkgId[0], appId[0], version[1], author[0], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM); + // uid_0, pkg_0, app_0, version_0, author_1, not hybrid -> fail (app_name + uid must be unique) + install(users[0], pkgId[0], appId[0], version[0], author[1], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM); +} - for (auto const &privilege : SM_DENIED_PRIVILEGES) { - int result; - Api::appHasPrivilege(sm_app_id, privilege.c_str(), TzPlatformConfig::getGlobalUserId(), - result); - RUNNER_ASSERT_MSG(result == 0, "Application " << sm_app_id << - " should not have access to privilege " << privilege); - } +RUNNER_CHILD_TEST(security_manager_10_app_has_privilege) +{ + const std::vector allowedPrivs = { + "http://tizen.org/privilege/wifidirect", + "http://tizen.org/privilege/telephony" + }; + const std::vector someDeniedPrivs = { + "http://tizen.org/privilege/vpnservice", + "http://tizen.org/privilege/notification" + }; + AppInstallHelper app("sm_test_10"); + app.addPrivileges(allowedPrivs); + ScopedInstaller appInstall(app); - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - Api::uninstall(requestUninst); + sm_app_has_privileges(app, allowedPrivs, 1); + // FIXME - all other existing privileges should be checked + sm_app_has_privileges(app, someDeniedPrivs, 0); } -RUNNER_TEST_GROUP_INIT(SECRUTIY_MANAGER_POLICY) +RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_POLICY) -RUNNER_TEST(security_manager_18_user_cynara_policy) +RUNNER_TEST(security_manager_20_user_cynara_policy) { + // FIXME - whitebox - cynara const char *const MAIN_BUCKET = "MAIN"; const char *const MANIFESTS_BUCKET = "MANIFESTS"; const char *const ADMIN_BUCKET = "ADMIN"; const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL"; - const std::string username("sm_test_10_user_cynara_policy"); CynaraTestAdmin::Admin admin; - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser user("sm_test_20_user_name", GUM_USERTYPE_NORMAL, false); user.create(); std::string uid_string = user.getUidString(); @@ -606,91 +549,67 @@ RUNNER_CHILD_TEST(security_manager_21_security_manager_admin_deny_user_priv) char buf[BUFFER_SIZE]; } msg; - privileges_t admin_required_privs = { - "http://tizen.org/privilege/notexist", - "http://tizen.org/privilege/internal/usermanagement"}; - privileges_t manifest_privs = { - "http://tizen.org/privilege/internet", - "http://tizen.org/privilege/datasharing"}; - privileges_t real_privs_allow = {"http://tizen.org/privilege/datasharing"}; - privileges_t real_privs_deny = {"http://tizen.org/privilege/internet"}; - - const std::string pirivman_id = "sm_test_13_ADMIN_APP"; - const std::string pirivman_pkg_id = "sm_test_13_ADMIN_PKG"; - const std::string app_id = "sm_test_13_SOME_APP"; - const std::string pkg_id = "sm_test_13_SOME_PKG"; - - int pipefd[2]; - pid_t pid; - int result = 0; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - pid = fork(); + const privileges_t adminRequiredPrivs = { + "http://tizen.org/privilege/notexist", + "http://tizen.org/privilege/internal/usermanagement" + }; + const privileges_t manifestPrivs = { + "http://tizen.org/privilege/internet", + "http://tizen.org/privilege/datasharing" + }; + const privileges_t allowedPrivsAfterChange = {"http://tizen.org/privilege/datasharing"}; + const privileges_t deniedPrivsAfterChange = {"http://tizen.org/privilege/internet"}; + + MessagePipe msgPipe; + + pid_t pid = fork(); RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); if (pid != 0)//parent process { - TemporaryTestUser admin("sm_test_13_ADMIN_USER", GUM_USERTYPE_ADMIN, false); - TemporaryTestUser child("sm_test_13_NORMAL_USER", GUM_USERTYPE_NORMAL, false); - - InstallRequest request,request2; - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - admin.create(); - child.create(); - std::string childuidstr = child.getUidString(); - - //install privacy manager for admin - request.setAppId(pirivman_id.c_str()); - request.setPkgId(pirivman_pkg_id.c_str()); - request.setUid(admin.getUid()); - for (auto &priv: admin_required_privs) - request.addPrivilege(priv.c_str()); - Api::install(request); - - //install app for child that has internet privilege - request2.setAppId(app_id.c_str()); - request2.setPkgId(pkg_id.c_str()); - request2.setUid(child.getUid()); - for (auto &priv: manifest_privs) - request2.addPrivilege(priv.c_str()); - Api::install(request2); - - check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(), - manifest_privs, SM_NO_PRIVILEGES); + msgPipe.claimParentEp(); + TemporaryTestUser adminUser("sm_test_21_admin_user_name", GUM_USERTYPE_ADMIN, false); + TemporaryTestUser normalUser("sm_test_21_normal_user_name", GUM_USERTYPE_NORMAL, false); - //send info to child - msg.uid = admin.getUid(); - msg.gid = admin.getGid(); - strncpy (msg.buf, childuidstr.c_str(), BUFFER_SIZE); + adminUser.create(); + normalUser.create(); + std::string childUidStr = normalUser.getUidString(); + + AppInstallHelper adminApp("sm_test_21_admin", adminUser.getUid()); + adminApp.createInstallDir(); + adminApp.addPrivileges(adminRequiredPrivs); + ScopedInstaller adminAppInstall(adminApp); - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + AppInstallHelper normalApp("sm_test_21_normal", normalUser.getUid()); + normalApp.createInstallDir(); + normalApp.addPrivileges(manifestPrivs); + + ScopedInstaller normalAppInstall(normalApp); + check_app_permissions(normalApp.getAppId(), normalApp.getPkgId(), childUidStr, + manifestPrivs, {}); + + //send info to child + msg.uid = adminUser.getUid(); + msg.gid = adminUser.getGid(); + strncpy (msg.buf, childUidStr.c_str(), BUFFER_SIZE); + msgPipe.write(msg); waitPid(pid); - check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(), - real_privs_allow, real_privs_deny); + check_app_permissions(normalApp.getAppId(), normalApp.getPkgId(), childUidStr, + allowedPrivsAfterChange, deniedPrivsAfterChange); } - if (pid == 0)//child - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); + if (pid == 0) { + msgPipe.claimChildEp(); + // Get created user credentials + msgPipe.read(msg); - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + AppInstallHelper adminApp("sm_test_21_admin"); + Api::setProcessLabel(adminApp.getAppId()); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(msg.uid, msg.gid) == 0, "drop_root_privileges failed"); - //become admin privacy manager manager - Api::setProcessLabel(pirivman_id.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); PolicyRequest addPolicyReq; - //change rights - for (auto &denypriv:real_privs_deny) { - /*this entry will deny some privileges for user whose uid (as c string) - was sent in message's buf field. - That user would be denying internet for child in this case*/ - PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, denypriv); + for (auto &deniedPriv : deniedPrivsAfterChange) { + PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, deniedPriv); entry.setMaxLevel("Deny"); addPolicyReq.addEntry(entry); } @@ -701,23 +620,23 @@ RUNNER_CHILD_TEST(security_manager_21_security_manager_admin_deny_user_priv) RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_CMD) -RUNNER_TEST(security_manager_19_security_manager_cmd_install) +RUNNER_TEST(security_manager_22_security_manager_cmd_install) { int ret; const int SUCCESS = 0; const int FAILURE = 256; - const std::string app_id = "security_manager_10_app"; - const std::string pkg_id = "security_manager_10_pkg"; - const std::string username("sm_test_10_user_name"); + const std::string app_id = "sm_test_22_app_id"; + const std::string pkg_id = "sm_test_22_pkg_id"; + const std::string username("sm_test_22_user_name"); - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser user(username, GUM_USERTYPE_NORMAL); user.create(); - std::string uid_string = user.getUidString(); + const std::string path1 = TzPlatformConfig::appDirPath(user, app_id, pkg_id) + "/p1"; const std::string path2 = TzPlatformConfig::appDirPath(user, app_id, pkg_id) + "/p2"; const std::string pkgopt = " --pkg=" + pkg_id; const std::string appopt = " --app=" + app_id; - const std::string uidopt = " --uid=" + uid_string; + const std::string uidopt = " --uid=" + user.getUidString(); mktreeSafe(path1.c_str(), 0); mktreeSafe(path2.c_str(), 0); @@ -752,16 +671,13 @@ RUNNER_TEST(security_manager_19_security_manager_cmd_install) } } -RUNNER_TEST(security_manager_20_security_manager_cmd_users) +RUNNER_TEST(security_manager_23_security_manager_cmd_users) { - int ret; const int SUCCESS = 0; const int FAILURE = 256; - const std::string username("sm_test_11_user_name"); - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser user("sm_test_23_user_name", GUM_USERTYPE_NORMAL, false); user.create(); - std::string uid_string = user.getUidString(); - const std::string uidopt = " --uid=" + uid_string; + const std::string uidopt = " --uid=" + user.getUidString(); struct operation { std::string command; @@ -782,49 +698,31 @@ RUNNER_TEST(security_manager_20_security_manager_cmd_users) }; for (auto &op : operations) { - ret = system((op.command + " 1>/dev/null 2>&1").c_str()); + int ret = system((op.command + " 1>/dev/null 2>&1").c_str()); RUNNER_ASSERT_MSG(ret == op.expected_result, "Unexpected result for command '" << op.command <<"': " << ret << " Expected was: "<< op.expected_result); } } -std::vector readPrivilegeGroups() -{ - std::vector groups; - const static std::string privilegeGroupMappingPath("/usr/share/security-manager/policy/privilege-group.list"); - std::ifstream mappingFile(privilegeGroupMappingPath); - - RUNNER_ASSERT_MSG(mappingFile.is_open(), - "Unable to read group mapping file " << privilegeGroupMappingPath); - - std::string line; - std::regex r("^[^ #]+ +(.*)"); - while (std::getline(mappingFile, line)) { - std::smatch m; - if (std::regex_search(line, m, r)) - groups.push_back(m[1]); - } - - return groups; -} - RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_GROUPS) -RUNNER_TEST(security_manager_22_groups_get) +RUNNER_TEST(security_manager_24_groups_get) { - std::unordered_set groups; - auto tmp = readPrivilegeGroups(); - groups.insert(tmp.begin(), tmp.end()); - + PolicyConfiguration pc; char ** c_groups; size_t count = 0; Api::getSecurityManagerGroups(&c_groups, &count); - RUNNER_ASSERT_MSG(count == groups.size(), "security_manager_groups_get should set count to: " - << groups.size() << " but count is: " << count); + std::unique_ptr> groupsPtr(c_groups, [count] (char ** groups) { + security_manager_groups_free(groups, count); + }); + + auto policyGroups = pc.getGroup(); + RUNNER_ASSERT_MSG(count == policyGroups.size(), "security_manager_groups_get should set count to: " + << policyGroups.size() << " but count is: " << count); - for (const auto &group : groups) { + for (const auto &group : policyGroups) { bool found = false; for (size_t i = 0; i < count; ++i) { if (group == c_groups[i]) { @@ -834,190 +732,188 @@ RUNNER_TEST(security_manager_22_groups_get) } RUNNER_ASSERT_MSG(found, "PrivilegeGroup: " << group << " was not found"); } - security_manager_groups_free(c_groups, count); } RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_INSTALL_TYPE) -RUNNER_TEST(security_manager_49a_global_user_set_install_type_global) +RUNNER_TEST(security_manager_25a_global_user_set_install_type_global) { - const char *const sm_app_id = "sm_test_49a_app_id_global"; - const char *const sm_pkg_id = "sm_test_49a_pkg_id_global"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - requestInst.setInstallType(SM_APP_INSTALL_GLOBAL); - - Api::install(requestInst); - - // Check records in the security-manager database - check_app_after_install(sm_app_id, sm_pkg_id); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); + AppInstallHelper app("sm_test_25a"); + app.setInstallType(SM_APP_INSTALL_GLOBAL); + { + ScopedInstaller appInstall(app); - Api::uninstall(requestUninst); + // FIXME - whitebox - db + check_app_after_install(app.getAppId(), app.getPkgId()); + } // Check records in the security-manager database - check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); + check_app_after_uninstall(app.getAppId(), app.getPkgId(), TestSecurityManagerDatabase::REMOVED); } -RUNNER_TEST(security_manager_49b_global_user_set_install_type_local) +RUNNER_TEST(security_manager_25b_global_user_set_install_type_local) { - const char *const sm_app_id = "sm_test_49b_app_id_local"; - const char *const sm_pkg_id = "sm_test_49b_pkg_id_local"; + AppInstallHelper app("sm_test_25b"); InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); + requestInst.setAppId(app.getAppId()); + requestInst.setPkgId(app.getPkgId()); requestInst.setInstallType(SM_APP_INSTALL_LOCAL); Api::install(requestInst, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR); } -RUNNER_TEST(security_manager_49c_global_user_set_install_type_preloaded) +RUNNER_TEST(security_manager_25c_global_user_set_install_type_preloaded) { - const char *const sm_app_id = "sm_test_49c_app_id_preloaded"; - const char *const sm_pkg_id = "sm_test_49c_pkg_id_preloaded"; + AppInstallHelper app("sm_test_25c"); + app.setInstallType(SM_APP_INSTALL_PRELOADED); + { + ScopedInstaller appInstall(app); + // FIXME - whitebox - db + check_app_after_install(app.getAppId(), app.getPkgId()); + } + // FIXME - whitebox - db + check_app_after_uninstall(app.getAppId(), app.getPkgId(), TestSecurityManagerDatabase::REMOVED); +} - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - requestInst.setInstallType(SM_APP_INSTALL_PRELOADED); +RUNNER_TEST(security_manager_25d_local_user_set_install_type_invalid) +{ + InstallRequest requestPrivateUser; + requestPrivateUser.setInstallType((app_install_type)0, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM); + requestPrivateUser.setInstallType((app_install_type)22, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM); +} - Api::install(requestInst); +/* + * It is possible for local user to install global application but one needs app_install privileges + * By default only global user or root can install global apps (or "User", "System", "System::Privileged"...) + */ +RUNNER_CHILD_TEST(security_manager_25e_unprivileged_install_type_global) +{ + TemporaryTestUser testUser("sm_test_25e_user_name", GUM_USERTYPE_NORMAL); + testUser.create(); - // Check records in the security-manager database - check_app_after_install(sm_app_id, sm_pkg_id); + AppInstallHelper app("sm_test_25e"); + app.createInstallDir(); - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); + change_label("_"); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0, + "drop_root_privileges failed"); - Api::uninstall(requestUninst); + InstallRequest invalidReq; + invalidReq.setAppId(app.getAppId()); + invalidReq.setPkgId(app.getPkgId()); + invalidReq.setInstallType(SM_APP_INSTALL_GLOBAL); - // Check records in the security-manager database - check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); + Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); } -RUNNER_CHILD_TEST(security_manager_49d_local_user_set_install_type_global) +RUNNER_CHILD_TEST(security_manager_25f_unprivileged_install_type_preloaded) { - int result; - const char *const sm_app_id = "sm_test_49d_app_id_global"; - const char *const sm_pkg_id = "sm_test_49d_pkg_id_global"; - const std::string new_user_name = "sm_test_49d_user_name"; - - TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser testUser("sm_test_25f_user_name", GUM_USERTYPE_NORMAL); testUser.create(); - removeTestDirs(testUser, sm_app_id, sm_pkg_id); - createTestDirs(testUser, sm_app_id, sm_pkg_id); + AppInstallHelper app("sm_test_25f"); + app.createInstallDir(); + + change_label("_"); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0, + "drop_root_privileges failed"); + InstallRequest invalidReq; + invalidReq.setAppId(app.getAppId()); + invalidReq.setPkgId(app.getPkgId()); + invalidReq.setInstallType(SM_APP_INSTALL_PRELOADED); + Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); +} - const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id); - //switch user to non-root - result = drop_root_privileges(testUser.getUid(), testUser.getGid()); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); +RUNNER_CHILD_TEST(security_manager_25g_local_user_set_install_type_local) +{ + std::vector allowedPrivs = { + "http://tizen.org/privilege/volume.set", + "http://tizen.org/privilege/systemmonitor", + "http://tizen.org/privilege/recorder" + }; + std::vector someDeniedPrivs = { + "http://tizen.org/privilege/push", + "http://tizen.org/privilege/power", + "http://tizen.org/privilege/notification" + }; - InstallRequest requestPrivateUser; - prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, - SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(), - false); + TemporaryTestUser testUser("sm_test_25g_user_name", GUM_USERTYPE_NORMAL); + testUser.create(); - requestPrivateUser.setInstallType((app_install_type)0, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM); - requestPrivateUser.setInstallType((app_install_type)22, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM); - requestPrivateUser.setInstallType(SM_APP_INSTALL_GLOBAL); + AppInstallHelper app("sm_test_25g", testUser.getUid()); + app.createInstallDir(); + app.createPrivateDir(); + app.setInstallType(SM_APP_INSTALL_LOCAL); + app.addPrivileges(allowedPrivs); - for (auto &privilege : SM_ALLOWED_PRIVILEGES) - requestPrivateUser.addPrivilege(privilege.c_str()); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0, + "drop_root_privileges failed"); + { + ScopedInstaller appInstall(app); + check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), + allowedPrivs, someDeniedPrivs); - /* - * It is possible for local user to install global application but one needs app_install privileges - * By default only global user or root can install global apps - */ - Api::install(requestPrivateUser, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); + } + check_app_permissions(app.getAppId(), app.getPkgId(), testUser.getUidString(), + {}, merge(allowedPrivs, someDeniedPrivs)); + // TODO - check if app is properly uninstalled } -RUNNER_CHILD_TEST(security_manager_49e_local_user_set_install_type_local) +RUNNER_CHILD_TEST(security_manager_25h_local_path_global_install) { - int result; - const char *const sm_app_id = "sm_test_49e_app_id_local"; - const char *const sm_pkg_id = "sm_test_49e_pkg_id_local"; - const std::string new_user_name = "sm_test_49e_user_name"; - - TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser testUser("sm_test_25h_user_name", GUM_USERTYPE_NORMAL); testUser.create(); - removeTestDirs(testUser, sm_app_id, sm_pkg_id); - createTestDirs(testUser, sm_app_id, sm_pkg_id); - - const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id); - - //switch user to non-root - result = drop_root_privileges(testUser.getUid(), testUser.getGid()); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - InstallRequest requestPrivateUser; - prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, - SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(), - false); + AppInstallHelper app("sm_test_25h", testUser.getUid()); + app.createInstallDir(); + app.createPrivateDir(); - requestPrivateUser.setInstallType(SM_APP_INSTALL_LOCAL); - - for (auto &privilege : SM_ALLOWED_PRIVILEGES) - requestPrivateUser.addPrivilege(privilege.c_str()); - - Api::install(requestPrivateUser); - - check_app_permissions(sm_app_id, sm_pkg_id, - testUser.getUidString().c_str(), - SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES); + InstallRequest invalidReq; + invalidReq.setAppId(app.getAppId()); + invalidReq.setPkgId(app.getPkgId()); + invalidReq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW); + invalidReq.setInstallType(SM_APP_INSTALL_GLOBAL); + Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); +} - //uninstall app as non-root user - InstallRequest request; - request.setAppId(sm_app_id); +RUNNER_CHILD_TEST(security_manager_25i_local_path_preloaded_install) +{ + TemporaryTestUser testUser("sm_test_25i_user_name", GUM_USERTYPE_NORMAL); + testUser.create(); - Api::uninstall(request); + AppInstallHelper app("sm_test_25i", testUser.getUid()); + app.createInstallDir(); + app.createPrivateDir(); - check_app_permissions(sm_app_id, sm_pkg_id, - testUser.getUidString().c_str(), - SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); + InstallRequest invalidReq; + invalidReq.setAppId(app.getAppId()); + invalidReq.setPkgId(app.getPkgId()); + invalidReq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW); + invalidReq.setInstallType(SM_APP_INSTALL_PRELOADED); + Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); } -RUNNER_CHILD_TEST(security_manager_49f_local_user_set_install_type_preloaded) +RUNNER_CHILD_TEST(security_manager_25j_global_path_local_install) { - int result; - const char *const sm_app_id = "sm_test_49f_app_id_preloaded"; - const char *const sm_pkg_id = "sm_test_49f_pkg_id_preloaded"; - const std::string new_user_name = "sm_test_49f_user_name"; - - TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser testUser("sm_test_25j_user_name", GUM_USERTYPE_NORMAL); testUser.create(); - removeTestDirs(testUser, sm_app_id, sm_pkg_id); - createTestDirs(testUser, sm_app_id, sm_pkg_id); + AppInstallHelper appLocal("sm_test_25j", testUser.getUid()); - const std::string userAppDirPath = TzPlatformConfig::appDirPath(testUser, sm_app_id, sm_pkg_id); + AppInstallHelper appGlobal("sm_test_25"); + appGlobal.createPrivateDir(); - //switch user to non-root - result = drop_root_privileges(testUser.getUid(), testUser.getGid()); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0, + "drop_root_privileges failed"); - InstallRequest requestPrivateUser; - prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, - SECURITY_MANAGER_PATH_RW, userAppDirPath.c_str(), - false); + InstallRequest invalidReq; + invalidReq.setAppId(appLocal.getAppId()); + invalidReq.setPkgId(appLocal.getPkgId()); + invalidReq.addPath(appGlobal.getPrivateDir(), SECURITY_MANAGER_PATH_RW); + invalidReq.setInstallType(SM_APP_INSTALL_LOCAL); - requestPrivateUser.setInstallType((app_install_type)0, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM); - requestPrivateUser.setInstallType((app_install_type)22, (lib_retcode)SECURITY_MANAGER_ERROR_INPUT_PARAM); - requestPrivateUser.setInstallType(SM_APP_INSTALL_PRELOADED); - - for (auto &privilege : SM_ALLOWED_PRIVILEGES) - requestPrivateUser.addPrivilege(privilege.c_str()); - - /* - * It is possible for local user to install preloaded application but one needs app_install privileges - * By default only global user or root can install preloaded apps - */ - Api::install(requestPrivateUser, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); + Api::install(invalidReq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); } +