From: Mateusz Forc Date: Mon, 19 Sep 2016 10:58:17 +0000 (+0200) Subject: SM : Adjust tests for new shared RO support X-Git-Tag: security-manager_5.5_testing~20^2~46 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F22%2F88522%2F7;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git SM : Adjust tests for new shared RO support SharedRO accesses now are applied to all applications, not only tizen 2.X ones Change-Id: Ibe65bab965476c70865011bcb7648561a6688a2e --- diff --git a/src/security-manager-tests/common/sm_commons.cpp b/src/security-manager-tests/common/sm_commons.cpp index 90581b2..dd027f5 100644 --- a/src/security-manager-tests/common/sm_commons.cpp +++ b/src/security-manager-tests/common/sm_commons.cpp @@ -23,6 +23,8 @@ #include #include #include +#include + #include #include @@ -35,6 +37,7 @@ #include #include #include +#include #include #include #include "tzplatform.h" @@ -541,3 +544,32 @@ void removeTestDirs(const TemporaryTestUser &user, removeDir(TzPlatformConfig::appDirPath(user, appId, pkgId)); removeDir(nonAppDirPath(user)); } + +pid_t runInChild(const std::function &process) { + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed"); + + if (pid == 0) { + process(); + exit(EXIT_SUCCESS); + } + return pid; +} + +void runInChildParentWait(const std::function &process) { + SynchronizationPipe pipe; + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed"); + + if (pid == 0) { + pipe.claimChildEp(); + + process(); + + pipe.post(); + exit(EXIT_SUCCESS); + } else { + pipe.claimParentEp(); + pipe.wait(); + } +} diff --git a/src/security-manager-tests/common/sm_commons.h b/src/security-manager-tests/common/sm_commons.h index 287294c..3399847 100644 --- a/src/security-manager-tests/common/sm_commons.h +++ b/src/security-manager-tests/common/sm_commons.h @@ -21,7 +21,9 @@ #include #include #include + #include +#include #include @@ -89,3 +91,7 @@ void createTestDirs(const TemporaryTestUser &user, const std::string &appId, const std::string &pkgId); void removeTestDirs(const TemporaryTestUser &user, const std::string &appId, const std::string &pkgId); + +pid_t runInChild(const std::function &process); + +void runInChildParentWait(const std::function &process); diff --git a/src/security-manager-tests/test_cases_credentials.cpp b/src/security-manager-tests/test_cases_credentials.cpp index 16a2830..5efc166 100644 --- a/src/security-manager-tests/test_cases_credentials.cpp +++ b/src/security-manager-tests/test_cases_credentials.cpp @@ -14,7 +14,6 @@ * limitations under the License. */ -#include #include #include #include @@ -57,17 +56,6 @@ private: std::string m_label; }; -pid_t runInChild(const std::function &process) { - pid_t pid = fork(); - RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed"); - - if (pid == 0) { - process(); - exit(EXIT_SUCCESS); - } - return pid; -} - void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr, const struct ProcessCredentials &peerCredentials) { SecurityServer::AccessProvider ap(peerCredentials.label()); diff --git a/src/security-manager-tests/test_cases_public_sharing.cpp b/src/security-manager-tests/test_cases_public_sharing.cpp index ec1ae4c..6e48951 100644 --- a/src/security-manager-tests/test_cases_public_sharing.cpp +++ b/src/security-manager-tests/test_cases_public_sharing.cpp @@ -14,35 +14,43 @@ * limitations under the License. */ #include -#include +#include #include #include #include #include #include -#include #include -#include #include +#include +#include using namespace SecurityManagerTest; namespace { -const int sm_app_shared_test_id = 27; -const char *const sm_app_shared_id = "sm_test_27_app_id_full"; -const char *const sm_app_shared_another_in_package_id = "sm_test_27_app_2_id_full"; -const char *const sm_pkg_shared_id = "sm_test_27_pkg_id_full"; - -static const std::map MANY_APPS_PKGS = { - {"security_manager_10_app_1", {"security_manager_10_pkg_1", "2.1"}}, - {"security_manager_10_app_2", {"security_manager_10_pkg_2", "3.0"}}, - {"security_manager_10_app_3", {"security_manager_10_pkg_3", "2.1.1"}}, - {"security_manager_10_app_4", {"security_manager_10_pkg_4", "3.1"}}, - {"security_manager_10_app_5", {"security_manager_10_pkg_5", "2.2"}} +const int ACCESS_SUCCESS = 0; +const int ACCESS_ERROR = -1; + +const std::vector> versionCombinations { + std::make_pair("2.4", "2.4"), + std::make_pair("2.4", "3.0"), + std::make_pair("3.0", "3.0"), + std::make_pair("3.0", "2.4") }; -void changeSecurityContext(const std::string& label, uid_t uid, gid_t gid) +const std::unordered_map accessTypeToString { + std::make_pair(0, "F_OK"), + std::make_pair(1, "X_OK"), + std::make_pair(2, "W_OK"), + std::make_pair(3, "W_OK|X_OK"), + std::make_pair(4, "R_OK"), + std::make_pair(5, "R_OK|X_OK"), + std::make_pair(6, "R_OK|W_OK"), + std::make_pair(7, "R_OK|W_OK|X_OK") +}; + +void changeSecurityContext(const std::string &label, uid_t uid, gid_t gid) { RUNNER_ASSERT_ERRNO_MSG(0 == smack_set_label_for_self(label.c_str()), "Error in smack_set_label_for_self(" << label << ")"); @@ -51,219 +59,339 @@ void changeSecurityContext(const std::string& label, uid_t uid, gid_t gid) RUNNER_ASSERT_ERRNO_MSG(0 == setuid(uid), "Error in setuid."); } -void test_success_worker(const std::string &appName, const std::string &pkgName, int test_num) +AppInstallHelper prepAIH(const std::string &appName, + const std::string &pkgName, + std::string version, + bool isSharedRO) { - std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num); - - changeSecurityContext(generateProcessLabel(appName, pkgName), APP_UID, APP_GID); - - RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, - "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH ); -} + bool appIsLocal = true; + AppInstallHelper appInstallHelper(appName, pkgName, version, appIsLocal); -void test_fail_worker(const std::string &appName, const std::string &pkgName, int test_num) -{ - std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num); + appInstallHelper.createInstallDir(); - changeSecurityContext(generateProcessLabel(appName, pkgName), APP_UID, APP_GID); + if (isSharedRO) + appInstallHelper.createSharedRODir(); - RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1, - "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName - << " surprisingly succeeded, while expecting fail"); + return appInstallHelper; } -} - -RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PUBLIC_SHARING) -RUNNER_TEST(security_manager_27a_API2X_app_install) -{ - std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id); - std::string SM_RO_PATH = genROPath(sm_app_shared_test_id); - std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id); - std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id); - prepare_app_env(sm_app_shared_test_id, true); - - // install other apps - for(const auto &app : MANY_APPS_PKGS) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - requestInst.setPkgId(app.second.package.c_str()); - requestInst.setAppTizenVersion(app.second.Tizen_ver.c_str()); - - Api::install(requestInst); +void runAccessTest(const AppInstallHelper &appFrom, const std::string &testPath, + const int accessType, const int accessResult) { + auto fun = [&](){ + changeSecurityContext(appFrom.generateAppLabel(), appFrom.getUID(), appFrom.getGID()); + RUNNER_ASSERT_ERRNO_MSG(::access(testPath.c_str(), accessType) == accessResult, + "access from app " << appFrom.getAppId() << " to path " << testPath + << " (" << accessTypeToString.at(accessType) << "): "); }; - // install - { - InstallRequest requestInst; - requestInst.setAppId(sm_app_shared_id); - requestInst.setPkgId(sm_pkg_shared_id); - requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); - requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); - requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW); - requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO); - requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO); - requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO); - requestInst.setAppTizenVersion("2.4"); - Api::install(requestInst); - } + runInChildParentWait(fun); +} - // another app in package - { - InstallRequest requestInst; - requestInst.setAppId(sm_app_shared_another_in_package_id); - requestInst.setPkgId(sm_pkg_shared_id); - requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); - requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); - requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO); - requestInst.setAppTizenVersion("2.4"); - Api::install(requestInst); - } +} //anonymous namespace - /* Check records in the security-manager database */ - check_app_after_install(sm_app_shared_id, sm_pkg_shared_id, - SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS); - /* Check records in the security-manager database */ - check_app_after_install(sm_app_shared_another_in_package_id, sm_pkg_shared_id, - SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS); +RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_SHARED_RO) - /* TODO: add parameters to this function */ - check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true); +/** + * Test 76 : Check whether owner app + * have access to own sharedRO dir + */ +RUNNER_CHILD_TEST(security_manager_76_owner_shared_ro_have_rw_access_to_own_shared_ro_dir) +{ + std::string sharedROAppName = "sm_test_76_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_76_pkg1_sharedRO"; + auto run_test = [&](std::string ver) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver, true)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()}); - RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed"); -} + runAccessTest(sharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS); + }; -RUNNER_CHILD_TEST(security_manager_27b_owner_1_have_access) -{ - test_success_worker(sm_app_shared_id, sm_pkg_shared_id, sm_app_shared_test_id); + run_test("2.4"); + run_test("3.0"); } -RUNNER_CHILD_TEST(security_manager_27c_owner_2_have_access) +/** + * Test 77 : Check whether app from non_sharedRO pkg + * have access to sharedRO dir of an application + */ +RUNNER_CHILD_TEST(security_manager_77_no_shared_ro_have_ro_access_to_shared_ro) { - test_success_worker(sm_app_shared_another_in_package_id, sm_pkg_shared_id, sm_app_shared_test_id); + std::string sharedROAppName = "sm_test_77_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_77_pkg1_sharedRO"; + std::string nonSharedROAppName = "sm_test_77_app2"; + std::string nonSharedROPkgName = "sm_test_77_pkg2"; + + auto run_test = [&](std::string ver1, std::string ver2) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true)); + ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver2, false)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()}); + + runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS); + runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR); + }; + + for (const auto &version : versionCombinations) { + run_test(version.first, version.second); + } } -RUNNER_CHILD_TEST(security_manager_27d_API2X_apps_have_access_app_1) +/** + * Test 78 : Check whether app from another sharedRO pkg + * have access to sharedRO dir of an application + */ +RUNNER_CHILD_TEST(security_manager_78_another_pkg_shared_ro_have_ro_access_to_shared_ro) { - test_success_worker("security_manager_10_app_1", "security_manager_10_pkg_1", sm_app_shared_test_id); + std::string sharedROAppName = "sm_test_78_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_78_pkg1_sharedRO"; + std::string sharedROAppName2 = "sm_test_78_app2_sharedRO"; + std::string sharedROPkgName2 = "sm_test_78_pkg2_sharedRO"; + + auto run_test = [&](std::string ver1, std::string ver2) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true)); + ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName2, ver2, true)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(), + sharedROPkgApp2.getAIH().getSharedRODir()}); + + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS); + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR); + }; + + for (const auto &version : versionCombinations) + run_test(version.first, version.second); } -RUNNER_CHILD_TEST(security_manager_27e_API2X_apps_dont_have_access_app_2) +/** + * Test 79 : Install two sharedRO apps in one package + * and check access to sharedRO dir + */ +RUNNER_CHILD_TEST(security_manager_79_same_pkg_shared_ro_have_ro_access_to_shared_ro) { - test_fail_worker("security_manager_10_app_2", "security_manager_10_pkg_2", sm_app_shared_test_id); + std::string sharedROAppName = "sm_test_79_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_79_pkg1_sharedRO"; + std::string sharedROAppName2 = "sm_test_79_app2_sharedRO"; + + auto run_test = [&](std::string ver1, std::string ver2) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true)); + ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName, ver2, true)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()}); + + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS); + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS); + }; + + for (const auto &version : versionCombinations) + run_test(version.first, version.second); } -RUNNER_CHILD_TEST(security_manager_27f_API2X_apps_have_access_app_3) +/** + * Test 80 : Check whether application from non-sharedRO pkg + * have proper access to RO dir of an sharedRO application. + */ +RUNNER_CHILD_TEST(security_manager_80_no_shared_ro_have_no_access_to_shared_ro_app_ro_dir) { - test_success_worker("security_manager_10_app_3", "security_manager_10_pkg_3", sm_app_shared_test_id); + std::string sharedROAppName = "sm_test_80_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_80_pkg1_sharedRO"; + std::string nonSharedROAppName = "sm_test_80_app2"; + std::string nonSharedROPkgName = "sm_test_80_pkg2"; + + auto run_test = [&](std::string ver1, std::string ver2) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true)); + ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver2, false)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()}); + + runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|X_OK, ACCESS_ERROR); + runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|W_OK, ACCESS_ERROR); + }; + + for (const auto &version : versionCombinations) + run_test(version.first, version.second); } -RUNNER_CHILD_TEST(security_manager_27g_API2X_apps_dont_have_access_app_4) +/** + * Test 81 : Check whether sharedRO application from another pkg + * have proper access to RO dir of other sharedRO app. + */ +RUNNER_CHILD_TEST(security_manager_81_another_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir) { - test_fail_worker("security_manager_10_app_4", "security_manager_10_pkg_4", sm_app_shared_test_id); + std::string sharedROAppName = "sm_test_81_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_81_pkg1_sharedRO"; + std::string sharedROAppName2 = "sm_test_81_app2_sharedRO"; + std::string sharedROPkgName2 = "sm_test_81_pkg2_sharedRO"; + + auto run_test = [&](std::string ver1, std::string ver2) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true)); + ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName2, ver2, true)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(), + sharedROPkgApp2.getAIH().getSharedRODir()}); + + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|X_OK, ACCESS_ERROR); + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|W_OK, ACCESS_ERROR); + }; + + for (const auto &version : versionCombinations) + run_test(version.first, version.second); } -RUNNER_CHILD_TEST(security_manager_27h_API2X_apps_have_access_app_5) +/** + * Test 82 : Check whether sharedRO application from same pkg + * have proper access to RO dir of other sharedRO app. + */ +RUNNER_CHILD_TEST(security_manager_82_same_pkg_shared_ro_have_no_access_to_shared_ro_app_ro_dir) { - test_success_worker("security_manager_10_app_5", "security_manager_10_pkg_5", sm_app_shared_test_id); -} + std::string sharedROAppName = "sm_test_82_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_82_pkg1_sharedRO"; + std::string sharedROAppName2 = "sm_test_82_app2_sharedRO"; + auto run_test = [&](std::string ver1, std::string ver2) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true)); + ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName, ver2, true)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()}); -RUNNER_TEST(security_manager_27i_API2X_app_uninstall) -{ - { - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_shared_id); - Api::uninstall(requestUninst); - } - { - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_shared_another_in_package_id); - Api::uninstall(requestUninst); - } + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|X_OK, ACCESS_ERROR); + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getPrivateRODir(), R_OK|W_OK, ACCESS_ERROR); + }; - /* Check records in the security-manager database, - * all previously allowed privileges should be removed */ - check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id, - SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED); - check_app_after_uninstall(sm_app_shared_another_in_package_id, sm_pkg_shared_id, - SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED); + for (const auto &version : versionCombinations) + run_test(version.first, version.second); } -RUNNER_TEST(security_manager_27j_API30_app_install) +/** + * Test 83 : Try to add valid sharedRO dir to an app + * and check all possible accesses to to it. + */ +RUNNER_CHILD_TEST(security_manager_83_add_path_to_app_and_check_all) { - std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id); - std::string SM_RO_PATH = genROPath(sm_app_shared_test_id); - std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id); - std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id); - prepare_app_env(sm_app_shared_test_id, true); - - // install - InstallRequest requestInst; - requestInst.setAppId(sm_app_shared_id); - requestInst.setPkgId(sm_pkg_shared_id); - requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); - requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); - requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW); - requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO); - requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO); - requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO); - requestInst.setAppTizenVersion("3.0"); - - Api::install(requestInst); - - /* Check records in the security-manager database */ - check_app_after_install(sm_app_shared_id, sm_pkg_shared_id, - SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS); - - /* TODO: add parameters to this function */ - check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true); - - RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed"); -} + std::string sharedROAppName = "sm_test_83_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_83_pkg1_sharedRO"; + std::string nonSharedROAppName = "sm_test_83_app2"; + std::string nonSharedROPkgName = "sm_test_83_pkg2"; + std::string nonSharedROAppName2 = "sm_test_83_app3_will_be_sharedRO"; + std::string nonSharedROPkgName2 = "sm_test_83_pkg3_will_be_sharedRO"; + + auto run_test = [&](std::string ver1, std::string ver2) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true)); + ScopedInstaller anotherNonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver1, false)); + ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName2, nonSharedROPkgName2, ver2, false)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(), + anotherNonSharedROPkgApp.getAIH().getSharedRODir(), + nonSharedROPkgApp.getAIH().getSharedRODir()}); + + nonSharedROPkgApp.getAIH().createSharedRODir(); + + PathsRequest sharedRORequest; + sharedRORequest.setPkgId(nonSharedROPkgApp.getAIH().getPkgId()); + sharedRORequest.addPath(nonSharedROPkgApp.getAIH().getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO); + sharedRORequest.setUid(nonSharedROPkgApp.getAIH().getUID()); + Api::registerPaths(sharedRORequest); + + runAccessTest(nonSharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS); + + runAccessTest(sharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS); + runAccessTest(sharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR); + + runAccessTest(anotherNonSharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS); + runAccessTest(anotherNonSharedROPkgApp.getAIH(), nonSharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR); + }; -RUNNER_CHILD_TEST(security_manager_27k_API30_apps_dont_have_access_app_1) -{ - test_fail_worker("security_manager_10_app_1", "security_manager_10_pkg_1", sm_app_shared_test_id); + for (const auto &version : versionCombinations) + run_test(version.first, version.second); } -RUNNER_CHILD_TEST(security_manager_27l_API30_apps_dont_have_access_app_2) +/** + * Test 84 : Try to add path which does not belong + * to an app and check if operation succeeds. + */ +RUNNER_CHILD_TEST(security_manager_84_add_invalid_path_to_app_and_check_all) { - test_fail_worker("security_manager_10_app_2", "security_manager_10_pkg_2", sm_app_shared_test_id); -} + std::string sharedROAppName = "sm_test_84_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_84_pkg1_sharedRO"; + std::string nonSharedROAppName = "sm_test_84_app2"; + std::string nonSharedROPkgName = "sm_test_84_pkg2"; + std::string nonSharedROAppName2 = "sm_test_84_app3_wont_be_sharedRO"; + std::string nonSharedROPkgName2 = "sm_test_84_pkg3_wont_be_sharedRO"; + + auto run_test = [&](std::string ver1, std::string ver2) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true)); + ScopedInstaller anotherNonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver1, false)); + ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName2, nonSharedROPkgName2, ver2 ,false)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(), anotherNonSharedROPkgApp.getAIH().getSharedRODir()}); + + PathsRequest sharedRORequest; + sharedRORequest.setPkgId(nonSharedROPkgApp.getAIH().getPkgId()); + sharedRORequest.addPath(sharedROPkgApp.getAIH().getPrivateRODir(), SECURITY_MANAGER_PATH_RO); + sharedRORequest.setUid(nonSharedROPkgApp.getAIH().getUID()); + Api::registerPaths(sharedRORequest, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); + }; -RUNNER_CHILD_TEST(security_manager_27m_API30_apps_dont_have_access_app_3) -{ - test_fail_worker("security_manager_10_app_3", "security_manager_10_pkg_3", sm_app_shared_test_id); + for (const auto &version : versionCombinations) + run_test(version.first, version.second); } -RUNNER_CHILD_TEST(security_manager_27n_API30_apps_dont_have_access_app_4) +/** + * Test 85 : Install and uninstall app and check accesses to + * uninstalled paths from other packages. + */ +RUNNER_CHILD_TEST(security_manager_85_install_uninstall_shared_ro_app_and_check_cleaning) { - test_fail_worker("security_manager_10_app_4", "security_manager_10_pkg_4", sm_app_shared_test_id); -} + std::string sharedROAppName = "sm_test_85_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_85_pkg1_sharedRO"; + std::string sharedROAppName2 = "sm_test_85_app2_sharedRO"; + std::string sharedROPkgName2 = "sm_test_85_pkg2_sharedRO"; + std::string nonSharedROAppName = "sm_test_85_app3"; + std::string nonSharedROPkgName = "sm_test_85_pkg3"; -RUNNER_CHILD_TEST(security_manager_27o_API30_apps_dont_have_access_app_5) -{ - test_fail_worker("security_manager_10_app_5", "security_manager_10_pkg_5", sm_app_shared_test_id); -} + auto run_test = [&](std::string ver1, std::string ver2) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, true)); + ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName2, ver2, true)); + ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, nonSharedROPkgName, ver2, false)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir(), sharedROPkgApp2.getAIH().getSharedRODir()}); -RUNNER_TEST(security_manager_27p_API30_app_uninstall) -{ - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_shared_id); + sharedROPkgApp.uninstallApp(); - Api::uninstall(requestUninst); + runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_ERROR); + runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR); - /* Check records in the security-manager database, - * all previously allowed privileges should be removed */ - check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id, - SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED); + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_ERROR); + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_ERROR); - // install other apps - for(const auto &app : MANY_APPS_PKGS) { - InstallRequest requestUninst; - requestUninst.setAppId(app.first); + /** + * After Deinstallation of an app, sharedRO dir + * still exists, but only owner app have an access (sharedRO rules are revoked) + */ - Api::uninstall(requestUninst); + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp.getAIH().getSharedRODir(), F_OK, ACCESS_SUCCESS); }; + + for (const auto &version : versionCombinations) + run_test(version.first, version.second); +} + +/** + * Test 86 : Install multiple SharedRO apps, + * uninstall one of them and check accesses to sharedRO path + * within one package. + */ +RUNNER_CHILD_TEST(security_manager_86_install_uninstall_shared_ro_two_apps_in_one_pkg) +{ + std::string sharedROAppName = "sm_test_86_app1_sharedRO"; + std::string sharedROPkgName = "sm_test_86_pkg1_sharedRO"; + std::string sharedROAppName2 = "sm_test_86_app2_sharedRO"; + std::string nonSharedROAppName = "sm_test_86_app3"; + + auto run_test = [&](std::string ver1, std::string ver2) { + ScopedInstaller sharedROPkgApp(prepAIH(sharedROAppName, sharedROPkgName, ver1, false)); + ScopedInstaller sharedROPkgApp2(prepAIH(sharedROAppName2, sharedROPkgName, ver2, true)); + ScopedInstaller nonSharedROPkgApp(prepAIH(nonSharedROAppName, sharedROPkgName, ver2, false)); + ScopedPathRemover pathRemover({sharedROPkgApp.getAIH().getSharedRODir()}); + + sharedROPkgApp.uninstallApp(); + + runAccessTest(nonSharedROPkgApp.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS); + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), F_OK, ACCESS_SUCCESS); + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), R_OK|X_OK, ACCESS_SUCCESS); + runAccessTest(sharedROPkgApp2.getAIH(), sharedROPkgApp2.getAIH().getSharedRODir(), R_OK|W_OK, ACCESS_SUCCESS); + }; + + for (const auto &version : versionCombinations) + run_test(version.first, version.second); }