From: Tomasz Swierczek <t.swierczek@samsung.com>
Date: Thu, 30 Jan 2025 09:55:57 +0000 (+0100)
Subject: Make security_manager_26_1_security_manager_get_app_owner_uid test work in no-smack... 
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F82%2F318882%2F16;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git

Make security_manager_26_1_security_manager_get_app_owner_uid test work in no-smack mode

Change-Id: Id80490c119b14ffb1937c07fbaa2b6b0eeb85af4
---

diff --git a/src/security-manager-tests/test_cases.cpp b/src/security-manager-tests/test_cases.cpp
index 9e1e03ce..13d5e589 100644
--- a/src/security-manager-tests/test_cases.cpp
+++ b/src/security-manager-tests/test_cases.cpp
@@ -1138,20 +1138,38 @@ RUNNER_CHILD_TEST(security_manager_26_1_security_manager_get_app_owner_uid)
 {
     TemporaryTestUser testUser("sm_test_26_1_user_name", GUM_USERTYPE_NORMAL);
     testUser.create();
+    AppInstallHelperExt app("sm_test_26_1", "sm_test_26_1", testUser.getUid());
+    ScopedInstaller appInstall(app);
     pid_t pid = fork();
     RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
     if (pid != 0) {
-        uid_t parent_uid;
-        RUNNER_ASSERT_MSG(security_manager_get_app_owner_uid(getpid(), &parent_uid) == SECURITY_MANAGER_SUCCESS,
-                                "Invalid return from security_manager_get_app_owner_uid()");
-        RUNNER_ASSERT_MSG(parent_uid == getuid(), "Invalid uid returned");
+        // wait for child to exit before uninstallation
         waitPid(pid);
+        Api::cleanupApp(app.getAppId(), testUser.getUid(), pid);
     } else {
-        RUNNER_ASSERT_ERRNO_MSG(setuid(testUser.getUid()) == 0, "setuid failed");
-        uid_t uid;
-        RUNNER_ASSERT_MSG(security_manager_get_app_owner_uid(getpid(), &uid) == SECURITY_MANAGER_SUCCESS,
-                                "Invalid return from security_manager_get_app_owner_uid()");
-        RUNNER_ASSERT_MSG(uid == testUser.getUid(), "Invalid uid returned");
+        // child - the actual application
+        RUNNER_ASSERT_MSG(setLauncherSecurityAttributes(testUser) == 0, "launcher failed");
+        Api::prepareAppCandidate();
+        Api::prepareApp(app.getAppId());
+        uid_t owner_uid = 0;
+        RUNNER_ASSERT_MSG(
+            security_manager_get_app_owner_uid(getpid(), &owner_uid) == SECURITY_MANAGER_SUCCESS,
+            "Invalid return from security_manager_get_app_owner_uid()");
+        // TODO - on smack-enabled image prepareApp call doesn't change UID as its inherited
+        // normally from launchpad. Calling setuid() will drop caps, that can be mitigated by
+        // prctl & libcap, but namespace setup fails in that case. Hence, for now, the test on
+        // smack-enabled image expects to return UID of the calling process that tests were executed
+        // with.
+        //
+        // This will be changed once we'll do completely black-box security tests that will actually
+        // install a real app.
+#ifdef SMACK_ENABLED
+        RUNNER_ASSERT_MSG(owner_uid == getuid(), "Invalid uid returned - expected: "
+                          << getuid() << " returned: " << owner_uid);
+#else
+        RUNNER_ASSERT_MSG(owner_uid == testUser.getUid(), "Invalid uid returned - expected: "
+                          << testUser.getUid() << " returned: " << owner_uid);
+#endif
         exit(0);
     }
 }