From: Bartlomiej Grzelewski Date: Tue, 21 Feb 2017 15:33:59 +0000 (+0100) Subject: Add test for cynara policy database update X-Git-Tag: security-manager_5.5_testing~15^2~7^2~14 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5e988b52fc29e4834b78191e6e2502f5aebc2f96;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Add test for cynara policy database update Change-Id: Ibc424e56cf2be97a927334a2d7d5c2214534103d --- diff --git a/src/security-manager-tests/common/app_def_privilege.h b/src/security-manager-tests/common/app_def_privilege.h new file mode 100644 index 00000000..cbc626d6 --- /dev/null +++ b/src/security-manager-tests/common/app_def_privilege.h @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#pragma once + +#include +#include +#include + +#include + +typedef std::pair AppDefPrivilege; +typedef std::vector AppDefPrivilegeVector; + diff --git a/src/security-manager-tests/common/app_install_helper.cpp b/src/security-manager-tests/common/app_install_helper.cpp index 69be4635..edd5a2ad 100644 --- a/src/security-manager-tests/common/app_install_helper.cpp +++ b/src/security-manager-tests/common/app_install_helper.cpp @@ -153,11 +153,11 @@ std::vector AppInstallHelper::getPrivileges() const { return m_privileges; } -void AppInstallHelper::addAppDefinedPrivilege(const std::pair &privilege) { +void AppInstallHelper::addAppDefinedPrivilege(const AppDefPrivilege &privilege) { m_appDefinedPrivileges.push_back(privilege); } -std::vector> AppInstallHelper::getAppDefinedPrivileges() const { +AppDefPrivilegeVector AppInstallHelper::getAppDefinedPrivileges() const { return m_appDefinedPrivileges; } diff --git a/src/security-manager-tests/common/app_install_helper.h b/src/security-manager-tests/common/app_install_helper.h index 27543fc2..1150ecc6 100644 --- a/src/security-manager-tests/common/app_install_helper.h +++ b/src/security-manager-tests/common/app_install_helper.h @@ -17,13 +17,16 @@ #include #include +#include +#include + #include #include -#include +#include #include -#include #include +#include struct AppInstallHelper { @@ -110,8 +113,8 @@ struct AppInstallHelper { void addPrivileges(const std::vector &privileges); std::vector getPrivileges() const; - void addAppDefinedPrivilege(const std::pair &privilege); - std::vector> getAppDefinedPrivileges() const; + void addAppDefinedPrivilege(const AppDefPrivilege &privilege); + AppDefPrivilegeVector getAppDefinedPrivileges() const; // Smack std::string generateAppLabel() const; @@ -137,7 +140,7 @@ protected: TypePathsMap m_dirTypeMap; TypePathsMap m_fileTypeMap; std::vector m_privileges; - std::vector> m_appDefinedPrivileges; + AppDefPrivilegeVector m_appDefinedPrivileges; std::string m_author; pid_t m_creatorPid; diff --git a/src/security-manager-tests/common/sm_request.cpp b/src/security-manager-tests/common/sm_request.cpp index dc992bc6..61ead514 100644 --- a/src/security-manager-tests/common/sm_request.cpp +++ b/src/security-manager-tests/common/sm_request.cpp @@ -95,7 +95,7 @@ void InstallRequest::addPrivilege(const std::string &privilege, lib_retcode expe m_privileges.push_back(privilege); } -void InstallRequest::addAppDefinedPrivilege(const std::pair &privilege, lib_retcode expectedResult) +void InstallRequest::addAppDefinedPrivilege(const AppDefPrivilege &privilege, lib_retcode expectedResult) { int result = security_manager_app_inst_req_add_app_defined_privilege(m_req, privilege.first.c_str(), static_cast(privilege.second)); diff --git a/src/security-manager-tests/common/sm_request.h b/src/security-manager-tests/common/sm_request.h index 99c43181..cb7e97c8 100644 --- a/src/security-manager-tests/common/sm_request.h +++ b/src/security-manager-tests/common/sm_request.h @@ -24,6 +24,7 @@ #include #include +#include namespace SecurityManagerTest { class InstallRequest; @@ -59,7 +60,7 @@ public: void setAppId(std::string appId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); void setPkgId(std::string pkgId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); void addPrivilege(const std::string &privilege, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); - void addAppDefinedPrivilege(const std::pair &privilege, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); + void addAppDefinedPrivilege(const AppDefPrivilege &privilege, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); void addPath(std::string path, app_install_path_type pathType, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); @@ -79,7 +80,7 @@ private: std::string m_pkgId; std::string m_authorId; std::vector m_privileges; - std::vector> m_appDefinedPrivileges; + AppDefPrivilegeVector m_appDefinedPrivileges; std::vector > m_paths; std::pair m_uid; }; diff --git a/src/security-manager-tests/test_cases_app_defined_privilege.cpp b/src/security-manager-tests/test_cases_app_defined_privilege.cpp index d06ada62..6ce15b2c 100644 --- a/src/security-manager-tests/test_cases_app_defined_privilege.cpp +++ b/src/security-manager-tests/test_cases_app_defined_privilege.cpp @@ -34,9 +34,9 @@ RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE) using namespace SecurityManagerTest; -RUNNER_CHILD_TEST(app_define_01_global_install) +RUNNER_CHILD_TEST(app_defined_01_global_install) { - const std::string privilege = "http://tizen.org/applicationDefinedPrivilege/alamakota"; + const std::string privilege = "http://tizen.org/applicationDefinedPrivilege/app_defined_01"; const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED; const std::string providerAppId = "app_def_01_provider_appid"; const std::string consumerAppId = "app_def_01_client_appid"; @@ -79,9 +79,9 @@ RUNNER_CHILD_TEST(app_define_01_global_install) << " privilege: " << privilege); } -RUNNER_CHILD_TEST(app_define_02_global_install) +RUNNER_CHILD_TEST(app_defined_02_global_install) { - const std::string privilege = "http://tizen.org/licensedPrivilege/alamakota"; + const std::string privilege = "http://tizen.org/licensedPrivilege/app_defined_02"; const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED; const std::string providerAppId = "app_def_02_provider_appid"; const std::string consumerAppId = "app_def_02_client_appid"; @@ -124,3 +124,57 @@ RUNNER_CHILD_TEST(app_define_02_global_install) << " privilege: " << privilege); } +RUNNER_CHILD_TEST(app_defined_03_database_update_fixed) +{ + // Because of a bug in implementation during installation of + // providerB privileges of providerA were deleted from cynara + // database. This test should check if bug was fixed. + const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_define_03a"; + const std::string privilegeB = "http://tizen.org/licensedPrivilege/app_define_03b"; + const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED; + const std::string providerAppIdA = "app_def_03a_provider_appid"; + const std::string providerAppIdB = "app_def_03b_provider_appid"; + const std::string consumerAppId = "app_def_03_client_appid"; + const std::string ownerId = "5001"; + const std::string session = "S0M33S3SSI0N"; + + struct cynara *m_cynara = nullptr; + + AppInstallHelper providerA(providerAppIdA); + AppInstallHelper providerB(providerAppIdB); + AppInstallHelper consumer(consumerAppId); + + std::string consumerLabel = consumer.generateAppLabel(); + + providerA.addAppDefinedPrivilege(std::make_pair(privilegeA, type)); + providerB.addAppDefinedPrivilege(std::make_pair(privilegeB, type)); + consumer.addPrivilege(privilegeA); + + ScopedInstaller req1(providerA); + ScopedInstaller req2(providerB); + ScopedInstaller req3(consumer); + + int ret = cynara_initialize(&m_cynara, nullptr); + RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS, + "cynara_initialize failed. ret: " << ret); + RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara struct was not initialized"); + + ret = cynara_check( + m_cynara, + consumerLabel.c_str(), + session.c_str(), + ownerId.c_str(), + privilegeA.c_str()); + + cynara_finish(m_cynara); + + RUNNER_ASSERT_MSG(ret == CYNARA_API_ACCESS_ALLOWED, + "cynara_check returned wrong value: " + << ret << " != " << CYNARA_API_ACCESS_ALLOWED << "." + << " client: " << consumerLabel << "," + << " session: " << session << "," + << " user: " << ownerId << "," + << " privilege: " << privilegeA); +} + +