From: Zbigniew Jasinski Date: Tue, 27 Jan 2015 18:26:01 +0000 (+0100) Subject: Test for new path types for application installation in security-manager X-Git-Tag: security-manager_5.5_testing~109^2~25 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5c97dc8ac591899ae75795e9bfff459d0b5cf72c;hp=8ee1016ffa4f441ac07655ecbbfd135f01bbdace;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Test for new path types for application installation in security-manager Changes to https://review.tizen.org/gerrit/#/c/33051/ Change-Id: If46428e20e23dd8724803f28945cbb7fb166a370 --- diff --git a/tests/security-manager-tests/security_manager_tests.cpp b/tests/security-manager-tests/security_manager_tests.cpp index a342ea9..b7ca82d 100644 --- a/tests/security-manager-tests/security_manager_tests.cpp +++ b/tests/security-manager-tests/security_manager_tests.cpp @@ -58,8 +58,8 @@ static const privileges_t SM_NO_PRIVILEGES = { static const std::vector SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"}; -static const char *const SM_PRIVATE_PATH = "/usr/apps/test_DIR/app_dir"; -static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro"; +static const char *const SM_RW_PATH = "/usr/apps/test_DIR/app_dir"; +static const char *const SM_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro"; static const char *const SM_DENIED_PATH = "/usr/apps/test_DIR/non_app_dir"; static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/ static const std::string EXEC_FILE("exec"); @@ -116,9 +116,9 @@ static const std::vector MANY_APPS_PRIVILEGES = { } }; -static void generateAppLabel(const std::string &pkgId, std::string &label) +static void generateAppLabel(const std::string &appId, std::string &label) { - (void) pkgId; + (void) appId; label = "User"; } @@ -169,28 +169,28 @@ static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb } -static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb, +static int nftw_check_sm_labels_app_rw_dir(const char *fpath, const struct stat *sb, int /*typeflag*/, struct FTW* /*ftwbuf*/) { return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true); } -static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb, +static int nftw_check_sm_labels_app_ro_dir(const char *fpath, const struct stat *sb, int /*typeflag*/, struct FTW* /*ftwbuf*/) { - return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false); + return nftw_check_sm_labels_app_dir(fpath, sb, "User::Home", true, false); } static void prepare_app_path() { int result; - result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH); + result = nftw(SM_RW_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RW_PATH); - result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH); + result = nftw(SM_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RO_PATH); result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH); @@ -206,11 +206,11 @@ static void check_app_path_after_install() { int result; - result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH); + result = nftw(SM_RW_PATH, &nftw_check_sm_labels_app_rw_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH); - result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH); + result = nftw(SM_RO_PATH, &nftw_check_sm_labels_app_ro_dir, FTW_MAX_FDS, FTW_PHYS); + RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH); result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH); @@ -220,9 +220,9 @@ static void check_app_path_after_install() static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user, const privileges_t &allowed_privs, const privileges_t &denied_privs) { - (void) app_id; + (void) pkg_id; std::string smackLabel; - generateAppLabel(pkg_id, smackLabel); + generateAppLabel(app_id, smackLabel); CynaraTestClient::Client ctc; @@ -473,8 +473,8 @@ RUNNER_TEST(security_manager_02_app_install_uninstall_full) requestInst.setPkgId(sm_pkg_id); requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); - requestInst.addPath(SM_PRIVATE_PATH, SECURITY_MANAGER_PATH_PRIVATE); - requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO); + requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW); + requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO); Api::install(requestInst); @@ -641,7 +641,7 @@ static void install_and_check(const char *const sm_app_id, //install app for non-root user //should fail (users may only register folders inside their home) prepare_request(requestPrivate, sm_app_id, sm_pkg_id, - SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, + SECURITY_MANAGER_PATH_RW, SM_RW_PATH, requestUid ? user.getUid() : 0); Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); @@ -651,7 +651,7 @@ static void install_and_check(const char *const sm_app_id, //install app for non-root user //should succeed - this time i register folder inside user's home dir prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, - SECURITY_MANAGER_PATH_PRIVATE, appDir.c_str(), + SECURITY_MANAGER_PATH_RW, appDir.c_str(), requestUid ? user.getUid() : 0); for (auto &privilege : SM_ALLOWED_PRIVILEGES)