From 262f87352cb03bf3774c473c1f262969f79fd8f7 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Wed, 10 Feb 2016 15:13:52 +0100 Subject: [PATCH] Add test for pkgId During deinstallation rules with pkg are removed. If more that one application is connected with pkg id the rule must be untouch. Change-Id: I59cc7976fc539d462dc5210ae25ae78c9a8d546e --- .../security_manager_tests.cpp | 172 ++++++++++++++++----- 1 file changed, 137 insertions(+), 35 deletions(-) diff --git a/src/security-manager-tests/security_manager_tests.cpp b/src/security-manager-tests/security_manager_tests.cpp index ea82655..4f2a6dc 100644 --- a/src/security-manager-tests/security_manager_tests.cpp +++ b/src/security-manager-tests/security_manager_tests.cpp @@ -547,8 +547,12 @@ void check_exact_access(const std::string& subject, const std::string& object, c for(const auto& c : negative) { int result = smack_have_access(subject.c_str(), object.c_str(), std::string(1, c).c_str()); RUNNER_ASSERT_MSG(result >= 0, "smack_have_access failed"); - RUNNER_ASSERT_MSG(result == 0, - "Unexpected smack access: " << subject << " " << object << " " << c); + RUNNER_ASSERT_MSG(result == 0, "Unexpected access for" << + " subject:" << subject << + " object:" << object << + " right:" << std::string(1,c) << + " result:" << result << + " expected:0"); } } @@ -3358,6 +3362,104 @@ RUNNER_TEST(security_manager_44_app_install_with_trusted_path_no_author_id) Api::install(app, SECURITY_MANAGER_ERROR_INPUT_PARAM); } +RUNNER_TEST(security_manager_45_test_authorId_identificator_creation) +{ + std::vector helper {{"a45"}, {"b45"}}; + auto &trusted1 = helper[0]; + auto &trusted2 = helper[1]; + + TestSecurityManagerDatabase dbtest; + const char *authorId1 = "custom_author_id_test a45"; + const char *authorId2 = "custom_author_id_test b45"; + + // cleanup + for (auto &e : helper) { + e.revokeRules(); + e.createInstallDir(); + e.createTrustedDir(); + } + + // install app with shared/trusted dir + InstallRequest trustingApp; + trustingApp.setAppId(trusted1.getAppId()); + trustingApp.setPkgId(trusted1.getPkgId()); + trustingApp.setAuthorId(authorId1); + trustingApp.addPath(trusted1.getTrustedDir().c_str(), SECURITY_MANAGER_PATH_TRUSTED_RW); + Api::install(trustingApp); + + int64_t authorDb1 = dbtest.get_author_id(authorId1); + + // install trusted app + InstallRequest trustedApp; + trustedApp.setAppId(trusted2.getAppId()); + trustedApp.setPkgId(trusted2.getPkgId()); + trustedApp.setAuthorId(authorId2); + Api::install(trustedApp); + + int64_t authorDb2 = dbtest.get_author_id(authorId2); + RUNNER_ASSERT(authorDb1 != authorDb2); +} + +RUNNER_TEST(security_manager_46_pkgId_deinstalation_test) +{ + /* Description: + * Lets assume that app1 and app2 are part of pkg1. + * Deinstalation of app1 mustnot remove rules: + * System PKG1Label rwxatl + * User PKGLabel rwxatl + */ + + std::vector helper {{"a46"}, {"b46"}}; + auto &trusted1 = helper[0]; + auto &trusted2 = helper[1]; + + std::string authorId1 = "author46XYZ"; + + for (auto &e : helper) { + e.revokeRules(); + e.createInstallDir(); + e.createTrustedDir(); + } + + InstallRequest trustingApp; + trustingApp.setAppId(trusted1.getAppId()); + trustingApp.setPkgId(trusted1.getPkgId()); + trustingApp.setAuthorId(authorId1); + trustingApp.addPath(trusted1.getTrustedDir().c_str(), SECURITY_MANAGER_PATH_TRUSTED_RW); + Api::install(trustingApp); + + InstallRequest trustingApp2; + trustingApp2.setAppId(trusted2.getAppId()); + trustingApp2.setPkgId(trusted1.getPkgId()); // both apps will be part of same pkgId + trustingApp2.setAuthorId(authorId1); + Api::install(trustingApp2); + + check_exact_access("System", generateAppLabel(trusted1.getAppId()), "rwxl"); + check_exact_access("User", generateAppLabel(trusted1.getAppId()), "rwxl"); + check_exact_access("System", generatePkgLabel(trusted1.getPkgId()), "rwxatl"); + check_exact_access("User", generatePkgLabel(trusted1.getPkgId()), "rwxatl"); + check_exact_access("System", generateAppLabel(trusted2.getAppId()), "rwxl"); + check_exact_access("User", generateAppLabel(trusted2.getAppId()), "rwxl"); + + Api::uninstall(trustingApp2); + + check_exact_access("System", generateAppLabel(trusted1.getAppId()), "rwxl"); + check_exact_access("User", generateAppLabel(trusted1.getAppId()), "rwxl"); + check_exact_access("System", generatePkgLabel(trusted1.getPkgId()), "rwxatl"); + check_exact_access("User", generatePkgLabel(trusted1.getPkgId()), "rwxatl"); + check_exact_access("System", generateAppLabel(trusted2.getAppId()), ""); + check_exact_access("User", generateAppLabel(trusted2.getAppId()), ""); + + Api::uninstall(trustingApp); + + check_exact_access("System", generateAppLabel(trusted1.getAppId()), ""); + check_exact_access("User", generateAppLabel(trusted1.getAppId()), ""); + check_exact_access("System", generatePkgLabel(trusted1.getPkgId()), ""); + check_exact_access("User", generatePkgLabel(trusted1.getPkgId()), ""); +} + +RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_CREDENTIAL_API) + class ProcessCredentials { public: ProcessCredentials(const std::string &smackLabel) : m_label(smackLabel) {} @@ -3423,10 +3525,10 @@ void clientTestTemplate(SocketAssertionFn assertion, const std::string &scope, c assertion(sock, pid); } -RUNNER_CHILD_TEST(security_manager_45a_get_id_by_socket) +RUNNER_CHILD_TEST(security_manager_51a_get_id_by_socket) { - const char *const sm_app_id = "sm_test_45a_app"; - const char *const sm_pkg_id = "sm_test_45a_pkg"; + const char *const sm_app_id = "sm_test_51a_app"; + const char *const sm_pkg_id = "sm_test_51a_pkg"; InstallRequest requestInst; requestInst.setAppId(sm_app_id); @@ -3451,10 +3553,10 @@ RUNNER_CHILD_TEST(security_manager_45a_get_id_by_socket) Api::uninstall(requestUninst); } -RUNNER_CHILD_TEST(security_manager_45b_get_id_by_socket) +RUNNER_CHILD_TEST(security_manager_51b_get_id_by_socket) { - const char *const sm_app_id = "sm_test_45b_app"; - const char *const sm_pkg_id = "sm_test_45b_pkg"; + const char *const sm_app_id = "sm_test_51b_app"; + const char *const sm_pkg_id = "sm_test_51b_pkg"; InstallRequest requestInst; requestInst.setAppId(sm_app_id); @@ -3475,10 +3577,10 @@ RUNNER_CHILD_TEST(security_manager_45b_get_id_by_socket) Api::uninstall(requestUninst); } -RUNNER_CHILD_TEST(security_manager_45c_get_id_by_socket) +RUNNER_CHILD_TEST(security_manager_51c_get_id_by_socket) { - const char *const sm_app_id = "sm_test_45c_app"; - const char *const sm_pkg_id = "sm_test_45c_pkg"; + const char *const sm_app_id = "sm_test_51c_app"; + const char *const sm_pkg_id = "sm_test_51c_pkg"; InstallRequest requestInst; requestInst.setAppId(sm_app_id); @@ -3501,10 +3603,10 @@ RUNNER_CHILD_TEST(security_manager_45c_get_id_by_socket) Api::uninstall(requestUninst); } -RUNNER_CHILD_TEST(security_manager_45d_get_id_by_socket) +RUNNER_CHILD_TEST(security_manager_51d_get_id_by_socket) { - const char *const sm_app_id = "sm_test_45d_app"; - const char *const sm_pkg_id = "sm_test_45d_pkg"; + const char *const sm_app_id = "sm_test_51d_app"; + const char *const sm_pkg_id = "sm_test_51d_pkg"; InstallRequest requestInst; requestInst.setAppId(sm_app_id); @@ -3527,10 +3629,10 @@ RUNNER_CHILD_TEST(security_manager_45d_get_id_by_socket) Api::uninstall(requestUninst); } -RUNNER_CHILD_TEST(security_manager_45e_get_id_by_socket) +RUNNER_CHILD_TEST(security_manager_51e_get_id_by_socket) { - const char *const sm_app_id = "sm_test_45e_app"; - const char *const sm_pkg_id = "sm_test_45e_pkg"; + const char *const sm_app_id = "sm_test_51e_app"; + const char *const sm_pkg_id = "sm_test_51e_pkg"; InstallRequest requestInst; requestInst.setAppId(sm_app_id); @@ -3550,10 +3652,10 @@ RUNNER_CHILD_TEST(security_manager_45e_get_id_by_socket) Api::uninstall(requestUninst); } -RUNNER_CHILD_TEST(security_manager_46a_get_id_by_pid) +RUNNER_CHILD_TEST(security_manager_52a_get_id_by_pid) { - const char *const sm_app_id = "sm_test_46a_app"; - const char *const sm_pkg_id = "sm_test_46a_pkg"; + const char *const sm_app_id = "sm_test_52a_app"; + const char *const sm_pkg_id = "sm_test_52a_pkg"; InstallRequest requestInst; requestInst.setAppId(sm_app_id); @@ -3578,10 +3680,10 @@ RUNNER_CHILD_TEST(security_manager_46a_get_id_by_pid) Api::uninstall(requestUninst); } -RUNNER_CHILD_TEST(security_manager_46b_get_id_by_pid) +RUNNER_CHILD_TEST(security_manager_52b_get_id_by_pid) { - const char *const sm_app_id = "sm_test_46b_app"; - const char *const sm_pkg_id = "sm_test_46b_pkg"; + const char *const sm_app_id = "sm_test_52b_app"; + const char *const sm_pkg_id = "sm_test_52b_pkg"; InstallRequest requestInst; requestInst.setAppId(sm_app_id); @@ -3602,10 +3704,10 @@ RUNNER_CHILD_TEST(security_manager_46b_get_id_by_pid) Api::uninstall(requestUninst); } -RUNNER_CHILD_TEST(security_manager_46c_get_id_by_pid) +RUNNER_CHILD_TEST(security_manager_52c_get_id_by_pid) { - const char *const sm_app_id = "sm_test_46c_app"; - const char *const sm_pkg_id = "sm_test_46c_pkg"; + const char *const sm_app_id = "sm_test_52c_app"; + const char *const sm_pkg_id = "sm_test_52c_pkg"; InstallRequest requestInst; requestInst.setAppId(sm_app_id); @@ -3628,10 +3730,10 @@ RUNNER_CHILD_TEST(security_manager_46c_get_id_by_pid) Api::uninstall(requestUninst); } -RUNNER_CHILD_TEST(security_manager_46d_get_id_by_pid) +RUNNER_CHILD_TEST(security_manager_52d_get_id_by_pid) { - const char *const sm_app_id = "sm_test_46d_app"; - const char *const sm_pkg_id = "sm_test_46d_pkg"; + const char *const sm_app_id = "sm_test_52d_app"; + const char *const sm_pkg_id = "sm_test_52d_pkg"; InstallRequest requestInst; requestInst.setAppId(sm_app_id); @@ -3654,10 +3756,10 @@ RUNNER_CHILD_TEST(security_manager_46d_get_id_by_pid) Api::uninstall(requestUninst); } -RUNNER_CHILD_TEST(security_manager_46e_get_id_by_pid) +RUNNER_CHILD_TEST(security_manager_52e_get_id_by_pid) { - const char *const sm_app_id = "sm_test_46e_app"; - const char *const sm_pkg_id = "sm_test_46e_pkg"; + const char *const sm_app_id = "sm_test_52e_app"; + const char *const sm_pkg_id = "sm_test_52e_pkg"; InstallRequest requestInst; requestInst.setAppId(sm_app_id); @@ -3677,10 +3779,10 @@ RUNNER_CHILD_TEST(security_manager_46e_get_id_by_pid) Api::uninstall(requestUninst); } -RUNNER_CHILD_TEST(security_manager_47_app_has_privilege) +RUNNER_CHILD_TEST(security_manager_53_app_has_privilege) { - const char *const sm_app_id = "sm_test_47_app"; - const char *const sm_pkg_id = "sm_test_47_pkg"; + const char *const sm_app_id = "sm_test_53_app"; + const char *const sm_pkg_id = "sm_test_53_pkg"; const std::string new_user_name = "sm_test_47_user_name"; InstallRequest requestInst; -- 2.7.4