From: Marcin Niesluchowski Date: Wed, 30 Apr 2014 14:37:53 +0000 (+0200) Subject: Adapt tests to change in libprivilege-control. X-Git-Tag: security-manager_5.5_testing~253 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F85%2F20385%2F1;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Adapt tests to change in libprivilege-control. See libprivilege-control change: -> 'Adapt to tizenorg: Generate app label from pkg_id' Verification: -> security-tests.sh libprivilege-control --runignored --output=text (tests from libprvilegecontrol and libprivilegecontrol_nosmack groups should pass) Change-Id: I3b9a29dc10b33ee1ae488142bf16c4e4b4d69987 --- diff --git a/packaging/security-tests.manifest b/packaging/security-tests.manifest index bcd5e40..22a9b7e 100644 --- a/packaging/security-tests.manifest +++ b/packaging/security-tests.manifest @@ -15,7 +15,7 @@ - + diff --git a/tests/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack b/tests/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack index 858f5b1..e1be7de 100644 --- a/tests/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack +++ b/tests/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack @@ -1,16 +1,16 @@ -~APP~ test_book_8 r -~APP~ test_book_9 w -~APP~ test_book_10 x -~APP~ test_book_11 rw -~APP~ test_book_12 rx -~APP~ test_book_13 wx -~APP~ test_book_14 rwx -~APP~ test_book_15 rwxat -test_subject_8 ~APP~ r -test_subject_9 ~APP~ w -test_subject_10 ~APP~ x -test_subject_11 ~APP~ rw -test_subject_12 ~APP~ rx -test_subject_13 ~APP~ wx -test_subject_14 ~APP~ rwx -test_subject_15 ~APP~ rwxat +~APP~ test_book_osp_8 r +~APP~ test_book_osp_9 w +~APP~ test_book_osp_10 x +~APP~ test_book_osp_11 rw +~APP~ test_book_osp_12 rx +~APP~ test_book_osp_13 wx +~APP~ test_book_osp_14 rwx +~APP~ test_book_osp_15 rwxat +test_subject_osp_8 ~APP~ r +test_subject_osp_9 ~APP~ w +test_subject_osp_10 ~APP~ x +test_subject_osp_11 ~APP~ rw +test_subject_osp_12 ~APP~ rx +test_subject_osp_13 ~APP~ wx +test_subject_osp_14 ~APP~ rwx +test_subject_osp_15 ~APP~ rwxat diff --git a/tests/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack b/tests/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack index 858f5b1..7c7571b 100644 --- a/tests/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack +++ b/tests/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack @@ -1,16 +1,16 @@ -~APP~ test_book_8 r -~APP~ test_book_9 w -~APP~ test_book_10 x -~APP~ test_book_11 rw -~APP~ test_book_12 rx -~APP~ test_book_13 wx -~APP~ test_book_14 rwx -~APP~ test_book_15 rwxat -test_subject_8 ~APP~ r -test_subject_9 ~APP~ w -test_subject_10 ~APP~ x -test_subject_11 ~APP~ rw -test_subject_12 ~APP~ rx -test_subject_13 ~APP~ wx -test_subject_14 ~APP~ rwx -test_subject_15 ~APP~ rwxat +~APP~ test_book_wgt_8 r +~APP~ test_book_wgt_9 w +~APP~ test_book_wgt_10 x +~APP~ test_book_wgt_11 rw +~APP~ test_book_wgt_12 rx +~APP~ test_book_wgt_13 wx +~APP~ test_book_wgt_14 rwx +~APP~ test_book_wgt_15 rwxat +test_subject_wgt_8 ~APP~ r +test_subject_wgt_9 ~APP~ w +test_subject_wgt_10 ~APP~ x +test_subject_wgt_11 ~APP~ rw +test_subject_wgt_12 ~APP~ rx +test_subject_wgt_13 ~APP~ wx +test_subject_wgt_14 ~APP~ rwx +test_subject_wgt_15 ~APP~ rwxat diff --git a/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h b/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h index 0fa812d..3107b42 100644 --- a/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h +++ b/tests/libprivilege-control-tests/common/libprivilege-control_test_common.h @@ -68,6 +68,8 @@ #define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP" +extern const char *USER_APP_ID; + const std::string RDB_PATH("/opt/dbspace/.rules-db.db3"); const std::string RDB_PATH_BACKUP("/opt/dbspace/.rules-db.db3.backup"); @@ -95,118 +97,118 @@ typedef std::unique_ptr CStringPtr; // Rules from WRT_test_privilege_control_rules1.smack for wgt const rules_t rules1 = { - { WGT_APP_ID, "test_book_1", "r" }, - { WGT_APP_ID, "test_book_2", "w" }, - { WGT_APP_ID, "test_book_3", "x" }, - { WGT_APP_ID, "test_book_4", "rw" }, - { WGT_APP_ID, "test_book_5", "rx" }, - { WGT_APP_ID, "test_book_6", "wx" }, - { WGT_APP_ID, "test_book_7", "rwx" }, - { "test_subject_1", WGT_APP_ID, "r" }, - { "test_subject_2", WGT_APP_ID, "w" }, - { "test_subject_3", WGT_APP_ID, "x" }, - { "test_subject_4", WGT_APP_ID, "rw" }, - { "test_subject_5", WGT_APP_ID, "rx" }, - { "test_subject_6", WGT_APP_ID, "wx" }, - { "test_subject_7", WGT_APP_ID, "rwx" } + { USER_APP_ID, "test_book_1", "r" }, + { USER_APP_ID, "test_book_2", "w" }, + { USER_APP_ID, "test_book_3", "x" }, + { USER_APP_ID, "test_book_4", "rw" }, + { USER_APP_ID, "test_book_5", "rx" }, + { USER_APP_ID, "test_book_6", "wx" }, + { USER_APP_ID, "test_book_7", "rwx" }, + { "test_subject_1", USER_APP_ID, "r" }, + { "test_subject_2", USER_APP_ID, "w" }, + { "test_subject_3", USER_APP_ID, "x" }, + { "test_subject_4", USER_APP_ID, "rw" }, + { "test_subject_5", USER_APP_ID, "rx" }, + { "test_subject_6", USER_APP_ID, "wx" }, + { "test_subject_7", USER_APP_ID, "rwx" } }; // Rules from WRT_test_privilege_control_rules2.smack const rules_t rules2 = { - { WGT_APP_ID, "test_book_8", "r" }, - { WGT_APP_ID, "test_book_9", "w" }, - { WGT_APP_ID, "test_book_10", "x" }, - { WGT_APP_ID, "test_book_11", "rw" }, - { WGT_APP_ID, "test_book_12", "rx" }, - { WGT_APP_ID, "test_book_13", "wx" }, - { WGT_APP_ID, "test_book_14", "rwx" }, - { WGT_APP_ID, "test_book_15", "rwxat" }, - { "test_subject_8", WGT_APP_ID, "r" }, - { "test_subject_9", WGT_APP_ID, "w" }, - { "test_subject_10", WGT_APP_ID, "x" }, - { "test_subject_11", WGT_APP_ID, "rw" }, - { "test_subject_12", WGT_APP_ID, "rx" }, - { "test_subject_13", WGT_APP_ID, "wx" }, - { "test_subject_14", WGT_APP_ID, "rwx" }, - { "test_subject_15", WGT_APP_ID, "rwxat" } + { USER_APP_ID, "test_book_8", "r" }, + { USER_APP_ID, "test_book_9", "w" }, + { USER_APP_ID, "test_book_10", "x" }, + { USER_APP_ID, "test_book_11", "rw" }, + { USER_APP_ID, "test_book_12", "rx" }, + { USER_APP_ID, "test_book_13", "wx" }, + { USER_APP_ID, "test_book_14", "rwx" }, + { USER_APP_ID, "test_book_15", "rwxat" }, + { "test_subject_8", USER_APP_ID, "r" }, + { "test_subject_9", USER_APP_ID, "w" }, + { "test_subject_10", USER_APP_ID, "x" }, + { "test_subject_11", USER_APP_ID, "rw" }, + { "test_subject_12", USER_APP_ID, "rx" }, + { "test_subject_13", USER_APP_ID, "wx" }, + { "test_subject_14", USER_APP_ID, "rwx" }, + { "test_subject_15", USER_APP_ID, "rwxat" } }; // Rules from WRT_test_privilege_control_rules_no_r.smack const rules_t rules2_no_r = { - { WGT_APP_ID, "test_book_9", "w" }, - { WGT_APP_ID, "test_book_10", "x" }, - { WGT_APP_ID, "test_book_11", "w" }, - { WGT_APP_ID, "test_book_12", "x" }, - { WGT_APP_ID, "test_book_13", "x" }, - { WGT_APP_ID, "test_book_14", "wx" }, - { WGT_APP_ID, "test_book_15", "wxat" }, - { "test_subject_9", WGT_APP_ID, "w" }, - { "test_subject_10", WGT_APP_ID, "x" }, - { "test_subject_11", WGT_APP_ID, "w" }, - { "test_subject_12", WGT_APP_ID, "x" }, - { "test_subject_13", WGT_APP_ID, "x" }, - { "test_subject_14", WGT_APP_ID, "wx" }, - { "test_subject_15", WGT_APP_ID, "wxat" } + { USER_APP_ID, "test_book_9", "w" }, + { USER_APP_ID, "test_book_10", "x" }, + { USER_APP_ID, "test_book_11", "w" }, + { USER_APP_ID, "test_book_12", "x" }, + { USER_APP_ID, "test_book_13", "x" }, + { USER_APP_ID, "test_book_14", "wx" }, + { USER_APP_ID, "test_book_15", "wxat" }, + { "test_subject_9", USER_APP_ID, "w" }, + { "test_subject_10", USER_APP_ID, "x" }, + { "test_subject_11", USER_APP_ID, "w" }, + { "test_subject_12", USER_APP_ID, "x" }, + { "test_subject_13", USER_APP_ID, "x" }, + { "test_subject_14", USER_APP_ID, "wx" }, + { "test_subject_15", USER_APP_ID, "wxat" } }; // Rules from test_privilege_control_rules.smack // minus WRT_test_privilege_control_rules_no_r.smack const rules_t rules2_r = { - { WGT_APP_ID, "test_book_8", "r" }, - { WGT_APP_ID, "test_book_11", "r" }, - { WGT_APP_ID, "test_book_12", "r" }, - { WGT_APP_ID, "test_book_14", "r" }, - { WGT_APP_ID, "test_book_15", "r" }, - { "test_subject_8", WGT_APP_ID, "r" }, - { "test_subject_11", WGT_APP_ID, "r" }, - { "test_subject_12", WGT_APP_ID, "r" }, - { "test_subject_14", WGT_APP_ID, "r" }, - { "test_subject_15", WGT_APP_ID, "r" } + { USER_APP_ID, "test_book_8", "r" }, + { USER_APP_ID, "test_book_11", "r" }, + { USER_APP_ID, "test_book_12", "r" }, + { USER_APP_ID, "test_book_14", "r" }, + { USER_APP_ID, "test_book_15", "r" }, + { "test_subject_8", USER_APP_ID, "r" }, + { "test_subject_11", USER_APP_ID, "r" }, + { "test_subject_12", USER_APP_ID, "r" }, + { "test_subject_14", USER_APP_ID, "r" }, + { "test_subject_15", USER_APP_ID, "r" } }; // Rules from EFL_test_privilege_control_rules_efl.smack for rpm const rules_t rules_efl = { - { EFL_APP_ID, "test_book_efl", "r" } + { USER_APP_ID, "test_book_efl", "r" } }; // Rules from WRT_test_privilege_control_rules_wgt.smack for wgt const rules_t rules_wgt = { - { WGT_APP_ID, "test_book_8", "r" }, - { WGT_APP_ID, "test_book_9", "w" }, - { WGT_APP_ID, "test_book_10", "x" }, - { WGT_APP_ID, "test_book_11", "rw" }, - { WGT_APP_ID, "test_book_12", "rx" }, - { WGT_APP_ID, "test_book_13", "wx" }, - { WGT_APP_ID, "test_book_14", "rwx" }, - { WGT_APP_ID, "test_book_15", "rwxat" }, - { "test_subject_8", WGT_APP_ID, "r" }, - { "test_subject_9", WGT_APP_ID, "w" }, - { "test_subject_10", WGT_APP_ID, "x" }, - { "test_subject_11", WGT_APP_ID, "rw" }, - { "test_subject_12", WGT_APP_ID, "rx" }, - { "test_subject_13", WGT_APP_ID, "wx" }, - { "test_subject_14", WGT_APP_ID, "rwx" }, - { "test_subject_15", WGT_APP_ID, "rwxat" } + { USER_APP_ID, "test_book_wgt_8", "r" }, + { USER_APP_ID, "test_book_wgt_9", "w" }, + { USER_APP_ID, "test_book_wgt_10", "x" }, + { USER_APP_ID, "test_book_wgt_11", "rw" }, + { USER_APP_ID, "test_book_wgt_12", "rx" }, + { USER_APP_ID, "test_book_wgt_13", "wx" }, + { USER_APP_ID, "test_book_wgt_14", "rwx" }, + { USER_APP_ID, "test_book_wgt_15", "rwxat" }, + { "test_subject_wgt_8", USER_APP_ID, "r" }, + { "test_subject_wgt_9", USER_APP_ID, "w" }, + { "test_subject_wgt_10", USER_APP_ID, "x" }, + { "test_subject_wgt_11", USER_APP_ID, "rw" }, + { "test_subject_wgt_12", USER_APP_ID, "rx" }, + { "test_subject_wgt_13", USER_APP_ID, "wx" }, + { "test_subject_wgt_14", USER_APP_ID, "rwx" }, + { "test_subject_wgt_15", USER_APP_ID, "rwxat" } }; // Rules from OSP_test_privilege_control_rules_osp.smack for osp const rules_t rules_osp = { - { OSP_APP_ID, "test_book_8", "r" }, - { OSP_APP_ID, "test_book_9", "w" }, - { OSP_APP_ID, "test_book_10", "x" }, - { OSP_APP_ID, "test_book_11", "rw" }, - { OSP_APP_ID, "test_book_12", "rx" }, - { OSP_APP_ID, "test_book_13", "wx" }, - { OSP_APP_ID, "test_book_14", "rwx" }, - { OSP_APP_ID, "test_book_15", "rwxat" }, - { "test_subject_8", OSP_APP_ID, "r" }, - { "test_subject_9", OSP_APP_ID, "w" }, - { "test_subject_10", OSP_APP_ID, "x" }, - { "test_subject_11", OSP_APP_ID, "rw" }, - { "test_subject_12", OSP_APP_ID, "rx" }, - { "test_subject_13", OSP_APP_ID, "wx" }, - { "test_subject_14", OSP_APP_ID, "rwx" }, - { "test_subject_15", OSP_APP_ID, "rwxat" } + { USER_APP_ID, "test_book_osp_8", "r" }, + { USER_APP_ID, "test_book_osp_9", "w" }, + { USER_APP_ID, "test_book_osp_10", "x" }, + { USER_APP_ID, "test_book_osp_11", "rw" }, + { USER_APP_ID, "test_book_osp_12", "rx" }, + { USER_APP_ID, "test_book_osp_13", "wx" }, + { USER_APP_ID, "test_book_osp_14", "rwx" }, + { USER_APP_ID, "test_book_osp_15", "rwxat" }, + { "test_subject_osp_8", USER_APP_ID, "r" }, + { "test_subject_osp_9", USER_APP_ID, "w" }, + { "test_subject_osp_10", USER_APP_ID, "x" }, + { "test_subject_osp_11", USER_APP_ID, "rw" }, + { "test_subject_osp_12", USER_APP_ID, "rx" }, + { "test_subject_osp_13", USER_APP_ID, "wx" }, + { "test_subject_osp_14", USER_APP_ID, "rwx" }, + { "test_subject_osp_15", USER_APP_ID, "rwxat" } }; int test_have_all_accesses(const rules_t &rules); @@ -228,7 +230,7 @@ int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, int /*typeflag*/, struct FTW* /*ftwbuf*/); -void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack); +void test_revoke_permissions(int line_no, const char* app_id); void test_app_enable_permissions_efl(bool smack); void test_app_disable_permissions_efl(bool smack); void test_app_disable_permissions(bool smack); diff --git a/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp b/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp index 3746dde..f2c52e7 100644 --- a/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp +++ b/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp @@ -41,6 +41,8 @@ #define CANARY_LABEL "tiny_yellow_canary" +const char *USER_APP_ID = "User"; + const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", NULL }; const char *PRIVS2[] = { "test_privilege_control_rules2", NULL }; const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", NULL }; @@ -251,7 +253,7 @@ int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb, labelPtr.reset(label); RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "ACCESS label on " << fpath << " is not set"); - result = strcmp(APPID_DIR, labelPtr.get()); + result = strcmp(USER_APP_ID, labelPtr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"); /* EXEC */ @@ -260,7 +262,7 @@ int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb, RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) { RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set"); - result = strcmp(APPID_DIR, labelPtr.get()); + result = strcmp(USER_APP_ID, labelPtr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on executable file " << fpath << " is incorrect"); } else if (S_ISLNK(sb->st_mode)) { struct stat buf; @@ -271,7 +273,7 @@ int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb, RUNNER_ASSERT_MSG_BT(labelPtr.get() == NULL, "EXEC label on " << fpath << " is set"); } else { RUNNER_ASSERT_MSG_BT(labelPtr.get() != NULL, "EXEC label on " << fpath << " is not set"); - result = strcmp(APPID_DIR, labelPtr.get()); + result = strcmp(USER_APP_ID, labelPtr.get()); RUNNER_ASSERT_MSG_BT(result == 0, "EXEC label on link to executable file " << fpath << " is incorrect"); } } else @@ -326,7 +328,7 @@ int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, return 0; } -void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rules, bool smack) +void test_revoke_permissions(int line_no, const char* app_id) { int result; @@ -360,10 +362,6 @@ void test_revoke_permissions(int line_no, const char* app_id, const rules_t &rul DB_END - // Are all the permissions revoked? - RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules), "Line: " << line_no << - "Not all permisions revoked."); - DB_BEGIN // Cleanup - uninstall test apps @@ -389,13 +387,13 @@ void test_app_enable_permissions_efl(bool smack) "perm_app_install failed: " << result); // Register a permission: - result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true); + result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error registering app permissions. Result: " << result); DB_END - RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}), + RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}), "SMACK accesses not granted for EFL_APP"); DB_BEGIN @@ -423,14 +421,25 @@ void test_app_disable_permissions_efl(bool smack) RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " << result); + result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + "Error disabling app permissions. Result: " << result); + + DB_END + + RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}), + "SMACK accesses not disabled for EFL_APP"); + + DB_BEGIN + // Register a permission - result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true); + result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error registering app permissions. Result: " << result); DB_END - RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}), + RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}), "SMACK accesses not granted for EFL_APP"); DB_BEGIN @@ -442,7 +451,7 @@ void test_app_disable_permissions_efl(bool smack) DB_END - RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{EFL_APP_ID,"test_book_efl", "r"}}), + RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}), "SMACK accesses not disabled for EFL_APP"); DB_BEGIN @@ -469,12 +478,39 @@ void test_app_disable_permissions(bool smack) result = perm_app_install(WGT_APP_ID); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install failed: " << result); + + result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + "Error disabling app first permissions. Result: " << result); + + result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + "Error disabling app permissions. Result: " << result); + + result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + "Error disabling app no r permissions. Result: " << result); + + result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + "Error disabling app r permissions. Result: " << result); + + DB_END + + RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules2), + "SMACK accesses not disabled."); + + RUNNER_ASSERT_MSG_BT(check_no_accesses(smack, rules1), + "SMACK accesses not disabled."); + + DB_BEGIN + /** * Test - disable all granted permissions. */ // Prepare permissions that we want to disable - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app permissions. Result: " << result); @@ -502,12 +538,12 @@ void test_app_disable_permissions(bool smack) DB_BEGIN // Prepare permissions that will not be disabled - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error adding app first permissions. Result: " << result); // Prepare permissions that we want to disable - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error adding app second permissions. Result: " << result); @@ -543,11 +579,11 @@ void test_app_disable_permissions(bool smack) DB_BEGIN // Prepare permissions - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app r permissions. Result: " << result); - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app no r permissions. Result: " << result); @@ -566,7 +602,7 @@ void test_app_disable_permissions(bool smack) DB_BEGIN // Prepare permissions - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, 1); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error adding app no r permissions. Result: " << result); @@ -626,20 +662,17 @@ void test_appsettings_privilege(bool smack) RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, " Error registering api feature. Result: " << ret); - ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, true); + ret = perm_app_enable_permissions(APP_TEST, APP_TYPE_OSP, PRIV_APPSETTING, false); RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS, " Error registering app permissions. Result: " << ret); DB_END - //check if "app_test" has an RX access to the app "app_1" - RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, APP_1, "rx"}}), "access denied"); - //check if "app_test" has an RWX access to a folder registered by "app_1" ret = smack_getlabel(APP_1_DIR, &label, SMACK_LABEL_ACCESS ); app1DirLabelPtr.reset(label); RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed"); - RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get()); + RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID, app1DirLabelPtr.get(), "rwx"}}), "access denied to smack label: " << app1DirLabelPtr.get()); DB_BEGIN @@ -655,14 +688,11 @@ void test_appsettings_privilege(bool smack) DB_END - //check if "app_test" has an RX access to the app "app_2" - RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, APP_2, "rx"}}), "access denied"); - //check if "app_test" has an RWX access to a folder registered by "app_2" ret = smack_getlabel(APP_2_DIR, &label, SMACK_LABEL_ACCESS ); app2DirLabelPtr.reset(label); RUNNER_ASSERT_MSG_BT(ret == PC_OPERATION_SUCCESS,"smack_getlabel failed"); - RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{APP_TEST, app2DirLabelPtr.get(), "rwx"}}), "access denies"); + RUNNER_ASSERT_MSG_BT(check_all_accesses(smack, {{USER_APP_ID, app2DirLabelPtr.get(), "rwx"}}), "access denies"); rmdir(APP_1_DIR); rmdir(APP_2_DIR); diff --git a/tests/libprivilege-control-tests/test_cases.cpp b/tests/libprivilege-control-tests/test_cases.cpp index 1a88592..93b1cab 100644 --- a/tests/libprivilege-control-tests/test_cases.cpp +++ b/tests/libprivilege-control-tests/test_cases.cpp @@ -91,10 +91,10 @@ int nftw_check_labels_app_shared_dir(const char *fpath, const struct stat *sb, result = strcmp(APPID_SHARED_DIR, label); RUNNER_ASSERT_MSG_BT(result == 0, "ACCESS label on " << fpath << " is incorrect"); - result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxatl"); + result = smack_have_access(USER_APP_ID, APPID_SHARED_DIR, "rwxatl"); RUNNER_ASSERT_MSG_BT(result == 1, "Error rwxatl access was not given shared dir. Subject: " << - APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result); + USER_APP_ID << ". Object: " << APPID_SHARED_DIR << ". Result: " << result); /* EXEC */ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); RUNNER_ASSERT_MSG_BT(result == 0, "Could not get label for the path"); @@ -190,8 +190,8 @@ RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir) result = perm_app_install(APP_ID); RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID); - RUNNER_ASSERT_MSG_BT(result != 0, "perm_app_setup_path(APP_ID, APP_ID) didn't fail"); + result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, USER_APP_ID); + RUNNER_ASSERT_MSG_BT(result != 0, "perm_app_setup_path(APP_ID, USER_APP_ID) didn't fail"); DB_END @@ -227,7 +227,7 @@ RUNNER_TEST_SMACK(privilege_control03_app_label_shared_dir) */ RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt) { - test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, true); + test_revoke_permissions(__LINE__, WGT_APP_ID); } /** @@ -235,7 +235,7 @@ RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt) */ RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp) { - test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, true); + test_revoke_permissions(__LINE__, OSP_APP_ID); } void test_set_app_privilege( @@ -260,7 +260,7 @@ void test_set_app_privilege( "Errno: " << strerror(errno)); // TEST: - result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, true); + result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app permissions. Result: " << result); @@ -283,7 +283,8 @@ void test_set_app_privilege( " Error getting current process label"); RUNNER_ASSERT_MSG_BT(label != NULL, " Process label is not set"); - result = strcmp(app_id, label); + + result = strcmp(USER_APP_ID, label); RUNNER_ASSERT_MSG_BT(result == 0, " Process label " << label << " is incorrect"); @@ -455,9 +456,6 @@ void check_perm_app_uninstall(const char* pkg_id) RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_uninstall returned: " << perm_strerror(result)); DB_END - - TestLibPrivilegeControlDatabase db_test; - db_test.test_db_after__perm_app_uninstall(pkg_id); } RUNNER_TEST(privilege_control07_app_uninstall) @@ -480,7 +478,7 @@ void check_perm_app_install(const char* pkg_id) DB_END TestLibPrivilegeControlDatabase db_test; - db_test.test_db_after__perm_app_install(pkg_id); + db_test.test_db_after__perm_app_install(USER_APP_ID); } RUNNER_TEST(privilege_control01_app_install) @@ -510,10 +508,6 @@ RUNNER_TEST(privilege_control07_app_rollback) RUNNER_ASSERT_MSG_BT(result == 0, "perm_rollback returned: " << perm_strerror(result)); DB_END - - TestLibPrivilegeControlDatabase db_test; - db_test.test_db_after__perm_app_uninstall(APP_ID); - } RUNNER_TEST(privilege_control07_app_rollback_2) @@ -538,7 +532,7 @@ RUNNER_TEST(privilege_control07_app_rollback_2) DB_END TestLibPrivilegeControlDatabase db_test; - db_test.test_db_after__perm_app_install(APP_ID); + db_test.test_db_after__perm_app_install(USER_APP_ID); } /** @@ -563,7 +557,7 @@ RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions) RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error revoking app permissions. Result: " << result); - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app permissions. Result: " << result); @@ -587,11 +581,11 @@ RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions) */ DB_BEGIN - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app permissions. Result: " << result); - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 0); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error enabling app permissions. Result: " << result); @@ -616,7 +610,7 @@ RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions) DB_BEGIN - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app permissions. Result: " << result); @@ -642,7 +636,7 @@ RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions) DB_BEGIN // Register permission for rules 2 no r - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app permissions without r. Result: " << result); @@ -655,7 +649,7 @@ RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions) DB_BEGIN // Register permission for rules 2 - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app all permissions. Result: " << result); @@ -677,7 +671,7 @@ RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions) */ // Enable permission for rules 2 no r - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app permissions without r. Result: " << result); @@ -690,7 +684,7 @@ RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions) DB_BEGIN // Enable permission for rules 2 - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, true); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error registering app permissions with only r. Result: " << result); @@ -756,6 +750,11 @@ RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions) result = perm_app_install(WGT_APP_ID); RUNNER_ASSERT_MSG_BT(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); + // Disable permissions + result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + "Error disabling app permissions. Result: " << result); + // Prepare permissions to reset result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, @@ -775,7 +774,7 @@ RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions) DB_BEGIN // Disable permissions - result = perm_app_revoke_permissions(WGT_APP_ID); + result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error disabling app permissions. Result: " << result); diff --git a/tests/libprivilege-control-tests/test_cases_nosmack.cpp b/tests/libprivilege-control-tests/test_cases_nosmack.cpp index cf84205..94821a0 100644 --- a/tests/libprivilege-control-tests/test_cases_nosmack.cpp +++ b/tests/libprivilege-control-tests/test_cases_nosmack.cpp @@ -76,7 +76,7 @@ int nftw_check_labels_app_shared_dir_nosmack(const char *fpath, const struct sta //The only exception in nftw_check_labels_app_shared_dir //smack_have_access returns -1 because of no SMACK. - result = smack_have_access(APP_ID, APPID_SHARED_DIR, "rwxat"); + result = smack_have_access(USER_APP_ID, APPID_SHARED_DIR, "rwxat"); RUNNER_ASSERT_MSG_BT(result == -1, "smack_have_access should return error (SMACK is off). Result: " << result); @@ -110,7 +110,7 @@ RUNNER_TEST_NOSMACK(privilege_control03_app_label_shared_dir_nosmack) DB_BEGIN - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, APP_ID); + result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_GROUP_RW, USER_APP_ID); RUNNER_ASSERT_MSG_BT(result != PC_OPERATION_SUCCESS, "perm_app_setup_path should fail here. Result: " << result); @@ -174,12 +174,12 @@ RUNNER_TEST_NOSMACK(privilege_control04_add_permissions_nosmack) "Despite SMACK being off some accesses were added. Result: " << result); TestLibPrivilegeControlDatabase db_test; - db_test.test_db_after__perm_app_install(APP_ID); - db_test.test_db_after__perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true); + db_test.test_db_after__perm_app_install(USER_APP_ID); + db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true); DB_BEGIN - result = perm_app_disable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL); + result = perm_app_disable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "Error disabling permissions: " << perm_strerror(result)); DB_END @@ -315,7 +315,7 @@ RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_efl_nosmack) */ RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack) { - test_revoke_permissions(__LINE__, WGT_APP_ID, rules_wgt, false); + test_revoke_permissions(__LINE__, WGT_APP_ID); } /** @@ -323,7 +323,7 @@ RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack) */ RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_nosmack) { - test_revoke_permissions(__LINE__, OSP_APP_ID, rules_osp, false); + test_revoke_permissions(__LINE__, OSP_APP_ID); } /** @@ -363,8 +363,8 @@ RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack) RUNNER_ASSERT_MSG_BT(result == -1, "Permissions shouldn't be added. Result: " << result); TestLibPrivilegeControlDatabase db_test; - db_test.test_db_after__perm_app_install(WGT_APP_ID); - db_test.test_db_after__perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); + db_test.test_db_after__perm_app_install(USER_APP_ID); + db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_WGT, PRIVS2, true); DB_BEGIN @@ -375,7 +375,7 @@ RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack) DB_END - db_test.test_db_after__perm_app_install(WGT_APP_ID); + db_test.test_db_after__perm_app_install(USER_APP_ID); } RUNNER_CHILD_TEST_NOSMACK(privilege_control11_app_enable_permissions_efl_nosmack) @@ -419,8 +419,13 @@ RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack) RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); + // Disable permissions + result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); + RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, + "Error disabling app permissions. Result: " << result); + // Prepare permissions to reset - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1); + result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, " Error adding app permissions. Result: " << result); @@ -437,9 +442,9 @@ RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack) DB_BEGIN // Disable permissions - result = perm_app_revoke_permissions(WGT_APP_ID); + result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); RUNNER_ASSERT_MSG_BT(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); + "Error disabling app permissions. Result: " << result); DB_END }