From: Michal Eljasiewicz <m.eljasiewic@samsung.com>
Date: Tue, 17 Feb 2015 11:24:07 +0000 (+0100)
Subject: Test case for deleting policy for self
X-Git-Tag: security-manager_5.5_testing~109^2~31
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b0f4906a0f736e2a602cf975ac74643917468c62;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git

Test case for deleting policy for self

Change-Id: I55b86c6806987734b6bcd51a87e47a5364a1f209
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>
---

diff --git a/tests/security-manager-tests/security_manager_tests.cpp b/tests/security-manager-tests/security_manager_tests.cpp
index 8c98d9ad..6d4e624f 100644
--- a/tests/security-manager-tests/security_manager_tests.cpp
+++ b/tests/security-manager-tests/security_manager_tests.cpp
@@ -1847,6 +1847,123 @@ RUNNER_MULTIPROCESS_TEST(security_manager_16_policy_levels_get)
     }
 }
 
+RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self)
+{
+    const char *const update_app_id = "security_manager_17_update_app_id";
+    const char *const update_privilege = "http://tizen.org/privilege/led";
+    const char *const check_start_bucket = "";
+    const std::string username("sm_test_17_username");
+    PolicyRequest addPolicyRequest;
+    CynaraTestAdmin::Admin admin;
+
+    std::string smackLabel;
+    generateAppLabel(update_app_id, smackLabel);
+
+    struct message {
+        uid_t uid;
+        gid_t gid;
+    } msg;
+
+    int pipefd[2];
+    int pipefd2[2];
+    pid_t pid;
+    int result = 0;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+    RUNNER_ASSERT_MSG((pipe(pipefd2) != -1),"second pipe failed");
+
+    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+    user.create();
+
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        register_current_process_as_privilege_manager(user.getUid(), false);
+
+        //send info to child
+        msg.uid = user.getUid();
+        msg.gid = user.getGid();
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+        admin.adminCheck(check_start_bucket, false, smackLabel.c_str(),
+                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+
+        pid = fork();
+        if (pid != 0)//parent process
+        {
+            FdUniquePtr pipeptr(pipefd2+1);
+            close(pipefd2[0]);
+
+            //send info to child
+            msg.uid = user.getUid();
+            msg.gid = user.getGid();
+
+            ssize_t written = TEMP_FAILURE_RETRY(write(pipefd2[1], &msg, sizeof(struct message)));
+            RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+            //wait for child
+            RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+            //wait for child
+            waitpid(-1, &result, 0);
+
+            admin.adminCheck(check_start_bucket, false, smackLabel.c_str(),
+                    std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr);
+        }
+        if(pid == 0)
+        {
+            FdUniquePtr pipeptr(pipefd2);
+            close(pipefd2[1]);
+
+            ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message)));
+            RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+            //become admin privacy manager manager
+            Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+            result = drop_root_privileges(msg.uid, msg.gid);
+            RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+            // delete this entry
+            PolicyRequest deletePolicyRequest;
+            PolicyEntry deleteEntry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+            deleteEntry.setLevel(SECURITY_MANAGER_DELETE);
+
+            deletePolicyRequest.addEntry(deleteEntry);
+            Api::sendPolicy(deletePolicyRequest);
+            exit(0);
+        }
+    }
+    if(pid == 0)
+    {
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+        entry.setLevel("Allow");
+
+        addPolicyRequest.addEntry(entry);
+        Api::sendPolicy(addPolicyRequest);
+        exit(0);
+    }
+}
+
 int main(int argc, char *argv[])
 {
     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);