From 2cc02f6eea70516f79d38ee87d1914bb05418dec Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Fri, 21 Oct 2016 16:42:52 +0200 Subject: [PATCH] SM : Cleanup - privacy manager test cases Added required by new version of test cases: * Move constructor of AppInstallHelper * Move constructor of ScopedInstaller * Move constructor of TemporaryTestUser * Remove passing isHybrid to AppInstallHelper constructor Change-Id: If5da564bc799f74d897e66eb3e313e13e43a8563 --- src/common/temp_test_user.cpp | 6 + src/common/temp_test_user.h | 4 + .../common/app_install_helper.cpp | 16 + .../common/app_install_helper.h | 10 +- .../common/scoped_installer.h | 13 + .../test_cases_privacy_manager.cpp | 1591 ++++++++------------ 6 files changed, 633 insertions(+), 1007 deletions(-) diff --git a/src/common/temp_test_user.cpp b/src/common/temp_test_user.cpp index 000410f..c460f0f 100644 --- a/src/common/temp_test_user.cpp +++ b/src/common/temp_test_user.cpp @@ -34,6 +34,12 @@ #include #include +TemporaryTestUser::TemporaryTestUser(TemporaryTestUser &&other) + : m_uid(other.m_uid), m_gid(other.m_gid), m_userName(std::move(other.m_userName)), + m_userType(other.m_userType), m_offline(other.m_offline), m_creatorPid(other.m_creatorPid) +{ + other.m_creatorPid = -1; +} void TemporaryTestUser::create(void) { diff --git a/src/common/temp_test_user.h b/src/common/temp_test_user.h index a6ca03d..3a3b6d1 100644 --- a/src/common/temp_test_user.h +++ b/src/common/temp_test_user.h @@ -34,6 +34,10 @@ public: m_offline(offline), m_creatorPid(getpid()) {}; + // TODO - copy constructor should be deleted + TemporaryTestUser(const TemporaryTestUser &) = default; + TemporaryTestUser(TemporaryTestUser &&other); + TemporaryTestUser& operator=(const TemporaryTestUser &) = delete; ~TemporaryTestUser(); void remove(void); uid_t getUid() const {return m_uid;} diff --git a/src/security-manager-tests/common/app_install_helper.cpp b/src/security-manager-tests/common/app_install_helper.cpp index f5a0414..29ece2b 100644 --- a/src/security-manager-tests/common/app_install_helper.cpp +++ b/src/security-manager-tests/common/app_install_helper.cpp @@ -31,6 +31,18 @@ #include "app_install_helper.h" +AppInstallHelper::AppInstallHelper(AppInstallHelper &&other) + : m_appName(std::move(other.m_appName)), m_pkgName(std::move(other.m_pkgName)), + m_isLocal(other.m_isLocal), m_uidGid(other.m_uidGid), + m_version(std::move(other.m_version)), m_installType(other.m_installType), + m_isHybrid(other.m_isHybrid), m_installDir(std::move(other.m_installDir)), + m_dirTypeMap(std::move(other.m_dirTypeMap)), m_fileTypeMap(std::move(other.m_fileTypeMap)), + m_privileges(std::move(other.m_privileges)), m_author(std::move(other.m_author)), + m_creatorPid(other.m_creatorPid) +{ + other.m_creatorPid = -1; +} + std::string AppInstallHelper::getInstallDir() const { return m_installDir + getPkgId(); } @@ -118,6 +130,10 @@ void AppInstallHelper::createPrivateRODir() { m_dirTypeMap[SECURITY_MANAGER_PATH_RO].emplace_back(getPrivateRODir()); } +void AppInstallHelper::setHybrid() { + m_isHybrid = true; +} + bool AppInstallHelper::getIsHybrid() const { return m_isHybrid; } diff --git a/src/security-manager-tests/common/app_install_helper.h b/src/security-manager-tests/common/app_install_helper.h index 04a1200..f45564e 100644 --- a/src/security-manager-tests/common/app_install_helper.h +++ b/src/security-manager-tests/common/app_install_helper.h @@ -32,10 +32,9 @@ struct AppInstallHelper { const std::string &pkgNamePrefix, bool isLocal, uid_t uid, - std::string version = std::string(), - bool isHybrid = false) + std::string version = std::string()) : m_appName(appNamePrefix), m_pkgName(pkgNamePrefix), m_isLocal(isLocal), m_uidGid(uid), m_version(version), - m_installType(SM_APP_INSTALL_NONE), m_isHybrid(isHybrid), m_creatorPid(getpid()) + m_installType(SM_APP_INSTALL_NONE), m_isHybrid(false), m_creatorPid(getpid()) { setInstallPath(); } @@ -58,6 +57,10 @@ struct AppInstallHelper { : AppInstallHelper(namePrefix, namePrefix, true, uid) {} + // TODO - copy constructor should be deleted + AppInstallHelper(const AppInstallHelper &other) = default; + AppInstallHelper(AppInstallHelper &&other); + // App info getters and setters std::string getAppId() const; std::string getPkgId() const; @@ -69,6 +72,7 @@ struct AppInstallHelper { std::string getAuthor() const; void setInstallType(app_install_type type); app_install_type getInstallType(); + void setHybrid(); bool getIsHybrid() const; // Path types creation and removal on file system diff --git a/src/security-manager-tests/common/scoped_installer.h b/src/security-manager-tests/common/scoped_installer.h index 582ea1d..b4ab9cb 100644 --- a/src/security-manager-tests/common/scoped_installer.h +++ b/src/security-manager-tests/common/scoped_installer.h @@ -65,6 +65,19 @@ public: SecurityManagerTest::Api::install(instReq); } + ScopedInstaller(const ScopedInstaller &) = delete; + ScopedInstaller(ScopedInstaller &&other) + : m_appInstallHelper(std::move(other.m_appInstallHelper)), + m_shouldUninstall(other.m_shouldUninstall), + m_requestUid(other.m_requestUid), + m_creatorPid(other.m_creatorPid) + { + other.m_shouldUninstall = false; + other.m_creatorPid = -1; + } + + ScopedInstaller& operator=(const ScopedInstaller &) = delete; + virtual ~ScopedInstaller() { if (m_creatorPid == getpid()) uninstallApp(); diff --git a/src/security-manager-tests/test_cases_privacy_manager.cpp b/src/security-manager-tests/test_cases_privacy_manager.cpp index 7d81a2f..cea0ccf 100644 --- a/src/security-manager-tests/test_cases_privacy_manager.cpp +++ b/src/security-manager-tests/test_cases_privacy_manager.cpp @@ -14,9 +14,9 @@ * limitations under the License. */ +#include #include #include -#include #include #include #include @@ -24,14 +24,13 @@ #include #include +#include + #include #include #include -#include -#include +#include #include -#include -#include #include #include #include @@ -42,30 +41,18 @@ #include using namespace SecurityManagerTest; - -static const std::vector PM_MANY_APPS = { - "security_manager_pm_app_1", - "security_manager_pm_app_2", - "security_manager_pm_app_3", - "security_manager_pm_app_4", - "security_manager_pm_app_5" +namespace { +struct UserInfo { + std::string userName; + GumUserType userType; }; -const std::string PRIVILEGE_MANAGER_APP = "privilege_manager"; -const std::string PRIVILEGE_MANAGER_PKG = "privilege_manager"; -const std::string PRIVILEGE_MANAGER_SELF_PRIVILEGE = "http://tizen.org/privilege/notexist"; -const std::string PRIVILEGE_MANAGER_ADMIN_PRIVILEGE = "http://tizen.org/privilege/internal/usermanagement"; - -static const std::map PM_MANY_APPS_PKGS = { - {"security_manager_pm_app_1", {"security_manager_pm_pkg_1", "2.1"}}, - {"security_manager_pm_app_2", {"security_manager_pm_pkg_2", "3.0"}}, - {"security_manager_pm_app_3", {"security_manager_pm_pkg_3", "2.1.1"}}, - {"security_manager_pm_app_4", {"security_manager_pm_pkg_4", "3.1"}}, - {"security_manager_pm_app_5", {"security_manager_pm_pkg_5", "2.2"}}, - {PRIVILEGE_MANAGER_APP, {PRIVILEGE_MANAGER_PKG, "3.0"}} -}; +// Privileges required for having permission to self/admin get/set policies. +const std::string SELF_PRIVILEGE = "http://tizen.org/privilege/notexist"; +const std::string ADMIN_PRIVILEGE = "http://tizen.org/privilege/internal/usermanagement"; -static const std::vector PM_MANY_APPS_PRIVILEGES = { +typedef std::vector Privileges; +const std::vector TEST_PRIVILEGES = { { "http://tizen.org/privilege/internet", "http://tizen.org/privilege/display" @@ -93,227 +80,174 @@ static const std::vector PM_MANY_APPS_PRIVILEGES = { } }; -RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PRIVACY_MANAGER) - -static inline void register_current_process_as_privilege_manager(uid_t uid, bool forAdmin = false) -{ - InstallRequest request; - request.setAppId(PRIVILEGE_MANAGER_APP.c_str()); - request.setPkgId(PRIVILEGE_MANAGER_PKG.c_str()); - request.setUid(uid); - request.addPrivilege(PRIVILEGE_MANAGER_SELF_PRIVILEGE.c_str()); - if (forAdmin) - request.addPrivilege(PRIVILEGE_MANAGER_ADMIN_PRIVILEGE.c_str()); - Api::install(request); - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); +const std::vector TEST_PRIVACY_PRIVILEGES = { + { + "http://tizen.org/privilege/telephony", + "http://tizen.org/privilege/led", + "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here + "http://tizen.org/privilege/account.read", + "http://tizen.org/privilege/healthinfo" + }, + { + "http://tizen.org/privilege/telephony", + "http://tizen.org/privilege/led", + "http://tizen.org/privilege/callhistory.read" // privacy-related privileges start here + } }; +bool isPrivilegePrivacy(const std::string &priv) { + return (1 == privilege_info_is_privacy(priv.c_str())); +} + +int countPrivacyPrivileges(const Privileges &privs) { + return std::count_if(privs.begin(), privs.end(), isPrivilegePrivacy); +} + +} + +RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PRIVACY_MANAGER) + RUNNER_CHILD_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_self) { - //TEST DATA - const std::string username("sm_test_10_user_name"); - unsigned int privileges_count = 0; - - std::map>> users2AppsMap; - std::map> apps2PrivsMap; - - for (unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) { - apps2PrivsMap.insert(std::pair>( - PM_MANY_APPS.at(i), std::set( - PM_MANY_APPS_PRIVILEGES.at(i).begin(), - PM_MANY_APPS_PRIVILEGES.at(i).end()))); - privileges_count += PM_MANY_APPS_PRIVILEGES.at(i).size(); - }; + TemporaryTestUser tmpUser("sm_test_10_user_name", GUM_USERTYPE_NORMAL, false); + tmpUser.create(); + + unsigned expectedPolicyCount = 0; + std::map appIdToAIH; + for (unsigned i = 0; i < TEST_PRIVILEGES.size(); i++) { + AppInstallHelper app("sm_test_10_" + std::to_string(i), tmpUser.getUid()); + app.addPrivileges(TEST_PRIVILEGES[i]); + expectedPolicyCount += app.getPrivileges().size(); + appIdToAIH.emplace(app.getAppId(), std::move(app)); + } - apps2PrivsMap.insert(std::pair>( - PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); - ++privileges_count; - users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); - //TEST DATA END + AppInstallHelper privManager("sm_test_10_privilege_manager", tmpUser.getUid()); + std::string privManagerAppId = privManager.getAppId(); + privManager.addPrivilege(SELF_PRIVILEGE); + expectedPolicyCount += privManager.getPrivileges().size(); + appIdToAIH.emplace(privManager.getAppId(), std::move(privManager)); - SynchronizationPipe pipe; - pid_t pid = fork(); + std::vector scopedInstallations; + for (const auto &appIdAIH : appIdToAIH) { + scopedInstallations.emplace_back(ScopedInstaller(appIdAIH.second)); + } + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed"); if (pid != 0) { //parent process - pipe.claimParentEp(); - TemporaryTestUser tmpUser(username, GUM_USERTYPE_NORMAL, false); - tmpUser.create(); - - for(const auto &user : users2AppsMap) { - for(const auto &app : user.second) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - try { - requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str()); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); - }; - requestInst.setUid(tmpUser.getUid()); - - for (const auto &privilege : app.second) { - requestInst.addPrivilege(privilege.c_str()); - }; - - Api::install(requestInst); - }; - - //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str()); - }; - - //Start child process - pipe.post(); waitPid(pid); - - tmpUser.remove(); } else { //child process - pipe.claimChildEp(); - pipe.wait(); - - uid_t uid; gid_t gid; - PasswdAccess::allUser(username, uid, gid); - std::string uidStr = std::to_string(uid); - register_current_process_as_privilege_manager(uid); - int result = drop_root_privileges(uid, gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + Api::setProcessLabel(privManagerAppId); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0, + "drop_root_privileges failed"); std::vector policyEntries; - PolicyEntry filter; - Api::getPolicy(filter, policyEntries); + Api::getPolicy(PolicyEntry(), policyEntries); RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size()); + RUNNER_ASSERT_MSG(policyEntries.size() == expectedPolicyCount, + "Number of policies doesn't match - should be: " << expectedPolicyCount + << " and is " << policyEntries.size()); for (const auto &policyEntry : policyEntries) { std::string user = policyEntry.getUser(); std::string app = policyEntry.getAppId(); std::string privilege = policyEntry.getPrivilege(); - RUNNER_ASSERT_MSG(user == uidStr, "Unexpected user: " << user); + RUNNER_ASSERT_MSG(user == tmpUser.getUidString(), "Unexpected user: " << user); - try { - std::set::iterator tmp = users2AppsMap.at(username).at(app).find(privilege); - if (tmp == users2AppsMap.at(username).at(app).end()) - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected app: " << policyEntry << ". Exception: " << e.what()); - }; - }; + auto appIt = appIdToAIH.find(app); + RUNNER_ASSERT_MSG(appIt != appIdToAIH.end(), "Policy returned unexpected app: " << app); + + AppInstallHelper &aih = appIt->second; + auto appPrivileges = aih.getPrivileges(); + auto privIt = std::find(appPrivileges.begin(), appPrivileges.end(), privilege); + RUNNER_ASSERT_MSG(privIt != appPrivileges.end(), + "Unexpected privilege " << privilege << " for app " << app); + } exit(0); - }; + } } RUNNER_CHILD_TEST(security_manager_11_privacy_manager_fetch_whole_policy_for_admin_unprivileged) { - //TEST DATA - const std::vector usernames = {"sm_test_11_user_name_1", "sm_test_11_user_name_2"}; - unsigned int privileges_count = 0; + const std::string normalNameToSwitch = "sm_test_11_user_name_normal"; + const std::vector userInfos = {{normalNameToSwitch, GUM_USERTYPE_NORMAL}, + {"sm_test_11_user_name_admin", GUM_USERTYPE_ADMIN}}; - std::map>> users2AppsMap; - std::map> apps2PrivsMap; + std::map usernameToTTU; + // uid + app_id -> AppInstallHelper (different users can have same app_id installed) + std::map, AppInstallHelper> userAppIdToAIH; + unsigned expectedPolicyCount = 0; - for (const auto &username : usernames) { - //Only entries for one of the users will be listed - privileges_count = 0; - - for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) { - apps2PrivsMap.insert(std::pair>( - PM_MANY_APPS.at(i), std::set( - PM_MANY_APPS_PRIVILEGES.at(i).begin(), - PM_MANY_APPS_PRIVILEGES.at(i).end()))); - privileges_count+=PM_MANY_APPS_PRIVILEGES.at(i).size(); + for (unsigned int u_i = 0; u_i < userInfos.size(); u_i++) { + TemporaryTestUser user(userInfos[u_i].userName, userInfos[u_i].userType); + user.create(); + + for (unsigned int p_i = 0; p_i < TEST_PRIVILEGES.size(); p_i++) { + AppInstallHelper app("sm_test_11_" + std::to_string(p_i), user.getUid()); + app.addPrivileges(TEST_PRIVILEGES[p_i]); + if (user.getUserName() == normalNameToSwitch) // Only entries for this user should be fetched + expectedPolicyCount += app.getPrivileges().size(); + userAppIdToAIH.emplace(std::make_pair(user.getUid(), app.getAppId()), std::move(app)); }; - users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); + usernameToTTU.emplace(userInfos[u_i].userName, std::move(user)); }; - users2AppsMap.at(usernames.at(0)).insert(std::pair>( - PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); + TemporaryTestUser &normalUserToSwitch = usernameToTTU.at(normalNameToSwitch); - ++privileges_count; - //TEST DATA END + AppInstallHelper privManager("sm_test_11_priv_manager", normalUserToSwitch.getUid()); + std::string privManagerAppId = privManager.getAppId(); + privManager.addPrivilege(SELF_PRIVILEGE); + expectedPolicyCount += privManager.getPrivileges().size(); + userAppIdToAIH.emplace(std::make_pair(normalUserToSwitch.getUid(), privManager.getAppId()), + std::move(privManager)); - SynchronizationPipe pipe; - pid_t pid = fork(); + std::vector scopedInstallations; + for (const auto &userAppIdAIH : userAppIdToAIH) { + scopedInstallations.emplace_back(ScopedInstaller(userAppIdAIH.second)); + } + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed"); if (pid != 0) { //parent process - pipe.claimParentEp(); - std::vector users = { - TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), - TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) - }; - - users.at(0).create(); - users.at(1).create(); - - //Install apps for both users - for(const auto &user : users) { - for(const auto &app : users2AppsMap.at(user.getUserName())) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - try { - requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str()); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); - }; - requestInst.setUid(user.getUid()); - - for (const auto &privilege : app.second) { - requestInst.addPrivilege(privilege.c_str()); - }; - - Api::install(requestInst); - }; - - //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str()); - }; - - //Start child - pipe.post(); waitPid(pid); - - for (auto &user : users) - user.remove(); - } else { //child process - pipe.claimChildEp(); - pipe.wait(); - - uid_t uid; gid_t gid; - PasswdAccess::allUser(usernames.at(0), uid, gid); - std::string uidStr = std::to_string(uid); - register_current_process_as_privilege_manager(uid); - - //change uid to normal user - errno = 0; - int result = drop_root_privileges(uid, gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + Api::setProcessLabel(privManagerAppId); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(normalUserToSwitch.getUid(), + normalUserToSwitch.getGid()) == 0, + "drop_root_privileges failed"); std::vector policyEntries; - PolicyEntry filter; - - //this call should only return privileges belonging to the current uid - Api::getPolicy(filter, policyEntries); + Api::getPolicy(PolicyEntry(), policyEntries); RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size()); + RUNNER_ASSERT_MSG(policyEntries.size() == expectedPolicyCount, + "Number of policies doesn't match - should be: " << expectedPolicyCount + << " and is " << policyEntries.size()); for (const auto &policyEntry : policyEntries) { + // Expect policy only for current process user std::string user = policyEntry.getUser(); std::string app = policyEntry.getAppId(); std::string privilege = policyEntry.getPrivilege(); - RUNNER_ASSERT_MSG(uidStr == user, "Unexpected user: " << user); + RUNNER_ASSERT_MSG(normalUserToSwitch.getUidString() == user, "Unexpected user: " << user); + auto userAppIdToAIHIt = userAppIdToAIH.find(std::make_pair(static_cast(std::stoi(user)), app)); + RUNNER_ASSERT_MSG(userAppIdToAIHIt != userAppIdToAIH.end(), + "Unknown app " << app << " for user " << user); - try { - std::set::iterator tmp = users2AppsMap.at(usernames.at(0)).at(app).find(privilege); - if (tmp == users2AppsMap.at(usernames.at(0)).at(app).end()) - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Unexpected policy entry: app: " << policyEntry << ". Exception: " << e.what()); - }; - }; + AppInstallHelper &aih = userAppIdToAIHIt->second; + auto privs = aih.getPrivileges(); + + auto appPrivileges = aih.getPrivileges(); + auto privIt = std::find(appPrivileges.begin(), appPrivileges.end(), privilege); + RUNNER_ASSERT_MSG(privIt != appPrivileges.end(), + "Unexpected privilege " << privilege << " for app " << app); + } exit(0); - }; + } } RUNNER_CHILD_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_admin_privileged) @@ -322,216 +256,181 @@ RUNNER_CHILD_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_adm Api::getPolicy(PolicyEntry(), oldPolicyVec); std::unordered_set oldPolicySet(oldPolicyVec.begin(), oldPolicyVec.end()); - //TEST DATA - const std::vector usernames = {"sm_test_12_user_name_1", "sm_test_12_user_name_2"}; - unsigned int privileges_count = oldPolicyVec.size(); + std::string adminNameToSwitch = "sm_test_12_user_name_admin"; + const std::vector userInfos = {{"sm_test_12_user_name_normal",GUM_USERTYPE_NORMAL}, + {adminNameToSwitch, GUM_USERTYPE_ADMIN}}; - std::map>> users2AppsMap; - std::map> apps2PrivsMap; + std::map usernameToTTU; + std::vector uidStrings; + // uidstring + app_id -> AppInstallHelper + std::map, AppInstallHelper> userAppIdToAIH; + unsigned expectedPolicyCount = oldPolicyVec.size(); - for (const auto &username : usernames) { - for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) { - apps2PrivsMap.insert(std::pair>( - PM_MANY_APPS.at(i), std::set( - PM_MANY_APPS_PRIVILEGES.at(i).begin(), - PM_MANY_APPS_PRIVILEGES.at(i).end()))); - privileges_count+=PM_MANY_APPS_PRIVILEGES.at(i).size(); + for (unsigned int u_i = 0; u_i < userInfos.size(); u_i++) { + TemporaryTestUser user(userInfos[u_i].userName, userInfos[u_i].userType); + user.create(); + uidStrings.push_back(user.getUidString()); + + for (unsigned int p_i = 0; p_i < TEST_PRIVILEGES.size(); p_i++) { + AppInstallHelper app("sm_test_12_" + std::to_string(p_i), user.getUid()); + // Shift privileges, so same app_id for different users doesn't have same privileges + app.addPrivileges(TEST_PRIVILEGES.at((p_i + u_i) % TEST_PRIVILEGES.size())); + expectedPolicyCount += app.getPrivileges().size(); + userAppIdToAIH.emplace(std::make_pair(user.getUid(), app.getAppId()), std::move(app)); }; - - users2AppsMap.insert(std::make_pair(username, apps2PrivsMap)); + usernameToTTU.emplace(user.getUserName(), std::move(user)); }; - users2AppsMap.at(usernames.at(1)).insert(std::make_pair(PRIVILEGE_MANAGER_APP, - std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE, PRIVILEGE_MANAGER_ADMIN_PRIVILEGE})); + TemporaryTestUser &adminUserToSwitch = usernameToTTU.at(adminNameToSwitch); - privileges_count += 2; - //TEST DATA END + AppInstallHelper privManager("sm_test_12_priv_manager", adminUserToSwitch.getUid()); + std::string privManagerAppId = privManager.getAppId(); + privManager.addPrivilege(SELF_PRIVILEGE); + privManager.addPrivilege(ADMIN_PRIVILEGE); + expectedPolicyCount += privManager.getPrivileges().size(); - SynchronizationPipe pipe; - pid_t pid = fork(); + userAppIdToAIH.emplace(std::make_pair(adminUserToSwitch.getUid(), privManager.getAppId()), + std::move(privManager)); - if (pid != 0) { //parent process - pipe.claimParentEp(); - std::vector users = { - TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), - TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) - }; - - users.at(0).create(); - users.at(1).create(); - //Install apps for both users - for(const auto &user : users) { - for(const auto &app : users2AppsMap.at(user.getUserName())) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - try { - requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str()); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); - }; - requestInst.setUid(user.getUid()); - - for (const auto &privilege : app.second) { - requestInst.addPrivilege(privilege.c_str()); - }; - - Api::install(requestInst); - }; - - //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str()); - }; + std::vector scopedInstallations; + for (const auto &userAppIdAIH : userAppIdToAIH) { + scopedInstallations.emplace_back(ScopedInstaller(userAppIdAIH.second)); + } - //Start child process - pipe.post(); + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed"); + if (pid != 0) { //parent process waitPid(pid); - - for (auto &user : users) - user.remove(); - } else { //child process - pipe.claimChildEp(); - pipe.wait(); - - uid_t adminUid; - gid_t adminGid; - PasswdAccess::allUser(usernames.at(1), adminUid, adminGid); - std::string adminUidStr = std::to_string(adminUid); - uid_t normalUid = PasswdAccess::uid(usernames.at(0)); - std::string normalUidStr = std::to_string(normalUid); - register_current_process_as_privilege_manager(adminUid, true); - - //change uid to normal user - int result = drop_root_privileges(adminUid, adminGid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - + Api::setProcessLabel(privManagerAppId); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUserToSwitch.getUid(), + adminUserToSwitch.getGid()) == 0, + "drop_root_privileges failed"); std::vector policyEntries; - //this call should succeed as the calling user is privileged Api::getPolicy(PolicyEntry(), policyEntries); - RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size()); + RUNNER_ASSERT_MSG(policyEntries.size() == expectedPolicyCount, + "Number of policies doesn't match - should be: " << expectedPolicyCount + << " and is " << policyEntries.size()); for (const auto &policyEntry : policyEntries) { + // Expect policy for all users to be returned if (oldPolicySet.count(policyEntry)) continue; - std::string user = policyEntry.getUser(); std::string app = policyEntry.getAppId(); std::string privilege = policyEntry.getPrivilege(); - RUNNER_ASSERT_MSG(user == normalUidStr || user == adminUidStr, "Unexpected user: " << user); + auto uidStringIt = std::find(uidStrings.begin(), uidStrings.end(), user); + RUNNER_ASSERT_MSG(uidStringIt != uidStrings.end(), "Unexpected user: " << user); - std::string uidStrToLook = user == normalUidStr ? usernames.at(0) : usernames.at(1); + auto userAppIdToAIHIt = userAppIdToAIH.find( + std::make_pair(static_cast(std::stoi(user)), app)); + RUNNER_ASSERT_MSG(userAppIdToAIHIt != userAppIdToAIH.end(), + "Unknown app " << app << " for user " << user); - try { - std::set::iterator tmp = users2AppsMap.at(uidStrToLook).at(app).find(privilege); - if (tmp == users2AppsMap.at(uidStrToLook).at(app).end()) - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected app: " << policyEntry << ". Exception: " << e.what()); - } catch (const std::invalid_argument& e) { - RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what()); - }; - }; + AppInstallHelper &aih = userAppIdToAIHIt->second; + auto privs = aih.getPrivileges(); + auto appPrivileges = aih.getPrivileges(); + auto privIt = std::find(appPrivileges.begin(), appPrivileges.end(), privilege); + RUNNER_ASSERT_MSG(privIt != appPrivileges.end(), + "Unexpected privilege " << privilege << " for app " << app); + }; exit(0); }; } RUNNER_CHILD_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_unprivileged) { - //TEST DATA - const std::vector usernames = {"sm_test_13_user_name_1", "sm_test_13_user_name_2"}; + std::string normalName = "sm_test_13_user_name_normal"; + std::string adminName = "sm_test_13_user_name_admin"; + const std::vector userInfos = {{normalName,GUM_USERTYPE_NORMAL}, + {adminName, GUM_USERTYPE_ADMIN}}; - std::map>> users2AppsMap; - std::map> apps2PrivsMap; + std::map usernameToTTU; + std::map> uidToAIHs; + unsigned expectedPolicyCount = 0; + std::string privManagerAppId; - for (const auto &username : usernames) { + for (unsigned int u_i = 0; u_i < userInfos.size(); u_i++) { + //Only entries for one of the users will be listed + TemporaryTestUser user(userInfos[u_i].userName, userInfos[u_i].userType); + user.create(); - for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) { - apps2PrivsMap.insert(std::pair>( - PM_MANY_APPS.at(i), std::set( - PM_MANY_APPS_PRIVILEGES.at(i).begin(), - PM_MANY_APPS_PRIVILEGES.at(i).end()))); + for (unsigned int p_i = 0; p_i < TEST_PRIVILEGES.size(); p_i++) { + AppInstallHelper app("sm_test_13_" + std::to_string(p_i), user.getUid()); + // Shift privileges, so same app_id for different user doesn't have same privileges + app.addPrivileges(TEST_PRIVILEGES.at((p_i + u_i) % TEST_PRIVILEGES.size())); + expectedPolicyCount += app.getPrivileges().size(); + uidToAIHs[user.getUid()].emplace_back(std::move(app)); }; + AppInstallHelper privManager("sm_test_13_priv_manager", user.getUid()); + privManagerAppId = privManager.getAppId(); + privManager.addPrivilege(SELF_PRIVILEGE); + expectedPolicyCount += privManager.getPrivileges().size(); + uidToAIHs[user.getUid()].emplace_back(std::move(privManager)); - users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); + usernameToTTU.emplace(user.getUserName(), std::move(user)); }; - users2AppsMap.at(usernames.at(1)).insert(std::pair>( - PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); - - //TEST DATA END - - pid_t pid[2]; - SynchronizationPipe sync[2]; - std::vector policyEntries; - - pid[0] = fork(); - - if (pid[0] == 0) { //child #1 process - sync[0].claimChildEp(); - sync[0].wait(); - - uid_t uid; gid_t gid; - PasswdAccess::allUser(usernames.at(0), uid, gid); - register_current_process_as_privilege_manager(uid); + std::vector scopedInstallations; + for (const auto &userAIHs : uidToAIHs) { + for (const auto &aih : userAIHs.second) + scopedInstallations.emplace_back(ScopedInstaller(aih)); + } - //change uid to normal user - int result = drop_root_privileges(uid, gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + TemporaryTestUser &adminUser = usernameToTTU.at(adminName); + TemporaryTestUser &normalUser = usernameToTTU.at(normalName); - PolicyEntry filter; + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >=0, "Fork failed"); + if (pid == 0) { //child #1 process + Api::setProcessLabel(privManagerAppId); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(normalUser.getUid(), normalUser.getGid()) == 0, + "drop_root_privileges failed"); + auto &app1 = uidToAIHs[normalUser.getUid()][0]; + auto &app2 = uidToAIHs[normalUser.getUid()][0]; PolicyRequest policyRequest; - PolicyEntry policyEntry( - PM_MANY_APPS[0], - std::to_string(uid), - "http://tizen.org/privilege/internet" + app1.getAppId(), + normalUser.getUidString(), + app1.getPrivileges()[0] ); policyEntry.setLevel("Deny"); policyRequest.addEntry(policyEntry); policyEntry = PolicyEntry( - PM_MANY_APPS[1], - std::to_string(uid), - "http://tizen.org/privilege/display" + app2.getAppId(), + normalUser.getUidString(), + app1.getPrivileges()[1] ); policyEntry.setLevel("Deny"); - policyRequest.addEntry(policyEntry); Api::sendPolicy(policyRequest); exit(0); - } else { //parent process - sync[0].claimParentEp(); - pid[1] = fork(); - - if (pid[1] == 0) { //child #2 process - sync[1].claimChildEp(); - sync[1].wait(); - - uid_t target_uid = PasswdAccess::uid(usernames.at(0)); - uid_t my_uid; - gid_t my_gid; - PasswdAccess::allUser(usernames.at(1), my_uid, my_gid); - - register_current_process_as_privilege_manager(my_uid); - - //change uid to normal user - int result = drop_root_privileges(my_uid, my_gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + } else { + waitPid(pid); + pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >=0, "Fork failed"); + if (pid == 0) { //child #2 process + Api::setProcessLabel(privManagerAppId); + // Admin user, but in context of app, which doesn't have usermanagement privilege + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUser.getUid(), adminUser.getGid()) == 0, + "drop_root_privileges failed"); PolicyEntry filter = PolicyEntry( SECURITY_MANAGER_ANY, - std::to_string(target_uid), + normalUser.getUidString(), SECURITY_MANAGER_ANY ); - + std::vector policyEntries; //U2 requests contents of U1 privacy manager - should fail Api::getPolicyForSelf(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED); - RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty, but is " << policyEntries.size()); + RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty, but has " + << policyEntries.size() << " entries"); filter = PolicyEntry( SECURITY_MANAGER_ANY, @@ -543,264 +442,103 @@ RUNNER_CHILD_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_ //U2 requests contents of ADMIN bucket - should fail Api::getPolicyForAdmin(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED); - RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty, but is " << policyEntries.size()); + RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty, but has " + << policyEntries.size() << " entries"); exit(0); - } else { //parent - sync[1].claimParentEp(); - std::vector users = { - TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), - TemporaryTestUser(usernames.at(1), GUM_USERTYPE_NORMAL, false) - }; - - users.at(0).create(); - users.at(1).create(); - - //Install apps for both users - for(const auto &user : users2AppsMap) { - - for(const auto &app : user.second) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - try { - requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str()); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); - }; - requestInst.setUid(users.at(0).getUid()); - - for (const auto &privilege : app.second) { - requestInst.addPrivilege(privilege.c_str()); - }; - - Api::install(requestInst); - }; - - //check_app_after_install(PM_MANY_APPS[i].c_str(), PM_MANY_APPS_PKGS[i].c_str()); - }; - - //Start child #1 - sync[0].post(); - waitPid(pid[0]); - - //Start child #2 - sync[1].post(); - waitPid(pid[1]); - - for (auto &user : users) - user.remove(); - }; - }; + } else { + waitPid(pid); + } + } } RUNNER_CHILD_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_for_admin) { - //TEST DATA - const std::vector usernames = {"sm_test_14_user_name_1", "sm_test_14_user_name_2"}; - unsigned int privileges_count = 0; - - std::map>> users2AppsMap; - std::map> apps2PrivsMap; - - for (const auto &username : usernames) { - - for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) { - apps2PrivsMap.insert(std::pair>( - PM_MANY_APPS.at(i), std::set( - PM_MANY_APPS_PRIVILEGES.at(i).begin(), - PM_MANY_APPS_PRIVILEGES.at(i).end()))); - privileges_count+=PM_MANY_APPS_PRIVILEGES.at(i).size(); - }; - - users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); - }; + TemporaryTestUser adminUserToSwitch("sm_test_14_user_name_admin", GUM_USERTYPE_ADMIN); + adminUserToSwitch.create(); - users2AppsMap.at(usernames.at(1)).insert(std::pair>( - PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); + AppInstallHelper privManager("sm_test_14_priv_manager", adminUserToSwitch.getUid()); + privManager.addPrivilege(ADMIN_PRIVILEGE); - privileges_count += 2; - //TEST DATA END - SynchronizationPipe pipe; + ScopedInstaller privManagerInstall(privManager); pid_t pid = fork(); if (pid != 0) { - pipe.claimParentEp(); - std::vector users = { - TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), - TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) - }; - - users.at(0).create(); - users.at(1).create(); - - //Install apps for both users - for(const auto &user : users) { - - for(const auto &app : users2AppsMap.at(user.getUserName())) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - try { - requestInst.setPkgId(PM_MANY_APPS_PKGS.at(app.first).package.c_str()); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); - }; - requestInst.setUid(user.getUid()); - - for (const auto &privilege : app.second) { - requestInst.addPrivilege(privilege.c_str()); - }; - - Api::install(requestInst); - }; - }; - - //Start child process - pipe.post(); waitPid(pid); - - //switch back to root - for (auto &user : users) - user.remove(); - } else { //child process - pipe.claimChildEp(); - pipe.wait(); - - uid_t uid; gid_t gid; - PasswdAccess::allUser(usernames.at(1), uid, gid); - register_current_process_as_privilege_manager(uid, true); - - //change uid to normal user - int result = drop_root_privileges(uid, gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + Api::setProcessLabel(privManager.getAppId()); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUserToSwitch.getUid(), + adminUserToSwitch.getGid()) == 0, + "drop_root_privileges failed"); - PolicyRequest *policyRequest = new PolicyRequest(); - PolicyEntry filter; + PolicyRequest setPolicyRequest; std::vector policyEntries; - //this call should succeed as the calling user is privileged - Api::getPolicyForSelf(filter, policyEntries); - unsigned int policyNum = policyEntries.size(); + const std::string internetPriv = "http://tizen.org/privilege/internet"; + const std::string displayPriv = "http://tizen.org/privilege/display"; - PolicyEntry policyEntry( - SECURITY_MANAGER_ANY, - SECURITY_MANAGER_ANY, - "http://tizen.org/privilege/internet" - ); - policyEntry.setMaxLevel("Deny"); + PolicyEntry internetPolicyEntry(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, internetPriv); + internetPolicyEntry.setMaxLevel("Deny"); + setPolicyRequest.addEntry(internetPolicyEntry); - policyRequest->addEntry(policyEntry); - policyEntry = PolicyEntry( - SECURITY_MANAGER_ANY, - SECURITY_MANAGER_ANY, - "http://tizen.org/privilege/display" - ); - policyEntry.setMaxLevel("Deny"); + PolicyEntry displayPolicyEntry(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, displayPriv); + displayPolicyEntry.setMaxLevel("Deny"); + setPolicyRequest.addEntry(displayPolicyEntry); - policyRequest->addEntry(policyEntry); - Api::sendPolicy(*policyRequest); - Api::getPolicyForAdmin(filter, policyEntries); + Api::sendPolicy(setPolicyRequest); - RUNNER_ASSERT_MSG(policyEntries.size() == policyNum + 2, "Number of policies doesn't match - should be: " - << policyNum + 2 << " and is " << policyEntries.size()); + Api::getPolicyForAdmin(PolicyEntry(), policyEntries); + RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2" + " and is " << policyEntries.size()); - delete policyRequest; - policyRequest = new PolicyRequest(); - policyEntry = PolicyEntry( - SECURITY_MANAGER_ANY, - SECURITY_MANAGER_ANY, - "http://tizen.org/privilege/internet" - ); - policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE); - policyRequest->addEntry(policyEntry); - - policyEntry = PolicyEntry( - SECURITY_MANAGER_ANY, - SECURITY_MANAGER_ANY, - "http://tizen.org/privilege/display" - ); - policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE); + PolicyRequest delPolicyRequest; - policyRequest->addEntry(policyEntry); - Api::sendPolicy(*policyRequest); + internetPolicyEntry.setMaxLevel(SECURITY_MANAGER_DELETE); + delPolicyRequest.addEntry(internetPolicyEntry); - policyEntries.clear(); - Api::getPolicyForAdmin(filter, policyEntries); - RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Number of policies doesn't match - should be: 0 and is " << policyEntries.size()); + displayPolicyEntry.setMaxLevel(SECURITY_MANAGER_DELETE); + delPolicyRequest.addEntry(displayPolicyEntry); - delete policyRequest; + Api::sendPolicy(delPolicyRequest); + policyEntries.clear(); + Api::getPolicyForAdmin(PolicyEntry(), policyEntries); + RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Number of policies doesn't match - should be: 0" + " and is " << policyEntries.size()); exit(0); }; - } RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin) { - AppInstallHelper app("security_manager_15_update"); - const char *const update_privilege = "http://tizen.org/privilege/led"; - const char *const check_start_bucket = "ADMIN"; - const std::string username("sm_test_15_username"); - PolicyRequest addPolicyRequest; - CynaraTestAdmin::Admin admin; - ScopedProcessLabel keepLabel; - - struct message { - uid_t uid; - gid_t gid; - } msg; - - int pipefd[2]; - pid_t pid; - int result = 0; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - - TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false); - user.create(); + const std::string updatePriv = "http://tizen.org/privilege/led"; - app.createInstallDir(); - InstallRequest inst; - inst.setAppId(app.getAppId()); - inst.setPkgId(app.getPkgId()); - Api::install(inst); + TemporaryTestUser adminUser("sm_test_15_username", GUM_USERTYPE_ADMIN); + adminUser.create(); - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - register_current_process_as_privilege_manager(user.getUid(), true); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); + AppInstallHelper updatedApp("security_manager_15_update"); + ScopedInstaller updatedAppInstall(updatedApp); - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + AppInstallHelper privManager("security_manager_15_priv_manager", adminUser.getUid()); + privManager.addPrivilege(ADMIN_PRIVILEGE); + ScopedInstaller privManagerInstall(privManager); + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed"); + if (pid != 0) { //parent process waitPid(pid); + CynaraTestAdmin::Admin admin; + admin.adminCheck("ADMIN", false, updatedApp.generateAppLabel().c_str(), + adminUser.getUidString().c_str(), updatePriv.c_str(), CYNARA_ADMIN_ALLOW, + nullptr); + } else { + Api::setProcessLabel(privManager.getAppId()); - admin.adminCheck(check_start_bucket, false, app.generateAppLabel().c_str(), - std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); - } - if(pid == 0) - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(adminUser.getUid(), adminUser.getGid()) == 0, + "drop_root_privileges failed"); - PolicyEntry entry(app.getAppId(), std::to_string(static_cast(msg.uid)), update_privilege); + PolicyEntry entry(updatedApp.getAppId(), adminUser.getUidString(), updatePriv); entry.setMaxLevel("Allow"); - + PolicyRequest addPolicyRequest; addPolicyRequest.addEntry(entry); Api::sendPolicy(addPolicyRequest); exit(0); @@ -809,67 +547,35 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_adm RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard) { - const char *const update_other_app_id = "security_manager_15_update_other_app_id"; - const char *const update_other_pkg_id = "security_manager_15_update_other_pkg_id"; - const char *const update_privilege = "http://tizen.org/privilege/led"; - const char *const check_start_bucket = "ADMIN"; - const std::string username("sm_test_15_username"); - PolicyRequest addPolicyRequest; - CynaraTestAdmin::Admin admin; - ScopedProcessLabel keepLabel; + const std::string updatePriv = "http://tizen.org/privilege/led"; - struct message { - uid_t uid; - gid_t gid; - } msg; + TemporaryTestUser adminUser("sm_test_15_username", GUM_USERTYPE_ADMIN); + adminUser.create(); - int pipefd[2]; - pid_t pid; - int result = 0; + AppInstallHelper app("security_manager_15"); + ScopedInstaller appInstall(app); - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - - TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false); - user.create(); - - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - register_current_process_as_privilege_manager(user.getUid(), true); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + AppInstallHelper privManager("security_manager_15_priv_manager", adminUser.getUid()); + privManager.addPrivilege(ADMIN_PRIVILEGE); + ScopedInstaller privManagerInstall(privManager); + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed"); + if (pid != 0) { waitPid(pid); - - admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_other_app_id, update_other_pkg_id).c_str(), - std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); - } - if(pid == 0) - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - // use wildcard as appId - PolicyEntry entry(SECURITY_MANAGER_ANY, std::to_string(static_cast(msg.uid)), update_privilege); + CynaraTestAdmin::Admin admin; + admin.adminCheck("ADMIN", false, app.generateAppLabel().c_str(), + adminUser.getUidString().c_str(), updatePriv.c_str(), CYNARA_ADMIN_ALLOW, + nullptr); + } else { + Api::setProcessLabel(privManager.getAppId()); + RUNNER_ASSERT_MSG(drop_root_privileges(adminUser.getUid(), adminUser.getGid()) == 0, + "drop_root_privileges failed"); + + PolicyEntry entry(SECURITY_MANAGER_ANY, adminUser.getUidString(), updatePriv); entry.setMaxLevel("Allow"); + PolicyRequest addPolicyRequest; addPolicyRequest.addEntry(entry); Api::sendPolicy(addPolicyRequest); exit(0); @@ -878,71 +584,34 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_adm RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_self) { - AppInstallHelper app("security_manager_15_update"); - const char *const update_privilege = "http://tizen.org/privilege/led"; - const char *const check_start_bucket = ""; - const std::string username("sm_test_15_username"); - PolicyRequest addPolicyRequest; - CynaraTestAdmin::Admin admin; - ScopedProcessLabel keepLabel; + const std::string updatePriv = "http://tizen.org/privilege/led"; - struct message { - uid_t uid; - gid_t gid; - } msg; - - int pipefd[2]; - pid_t pid; - int result = 0; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser user("sm_test_15_username", GUM_USERTYPE_NORMAL); user.create(); - app.createInstallDir(); - InstallRequest inst; - inst.setAppId(app.getAppId()); - inst.setPkgId(app.getPkgId()); - Api::install(inst); + AppInstallHelper app("security_manager_15"); + ScopedInstaller appInstall(app); - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - register_current_process_as_privilege_manager(user.getUid(), false); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + AppInstallHelper privManager("security_manager_15_priv_manager", user.getUid()); + privManager.addPrivilege(SELF_PRIVILEGE); + ScopedInstaller privManagerInstall(privManager); + pid_t pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0) { waitPid(pid); - - admin.adminCheck(check_start_bucket, false, app.generateAppLabel().c_str(), - std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); - } - if(pid == 0) - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - PolicyEntry entry(app.getAppId(), std::to_string(static_cast(msg.uid)), update_privilege); + CynaraTestAdmin::Admin admin; + admin.adminCheck("", false, app.generateAppLabel().c_str(), user.getUidString().c_str(), + updatePriv.c_str(), CYNARA_ADMIN_ALLOW, nullptr); + } else { + Api::setProcessLabel(privManager.getAppId()); + RUNNER_ASSERT_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0, + "drop_root_privileges failed"); + + PolicyEntry entry(app.getAppId(), user.getUidString(), updatePriv); entry.setLevel("Allow"); + PolicyRequest addPolicyRequest; addPolicyRequest.addEntry(entry); Api::sendPolicy(addPolicyRequest); exit(0); @@ -951,188 +620,142 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_sel RUNNER_CHILD_TEST(security_manager_16_policy_levels_get) { - const std::string username("sm_test_16_user_cynara_policy"); - CynaraTestAdmin::Admin admin; - int pipefd[2]; - pid_t pid; - int result = 0; - - struct message { - uid_t uid; - gid_t gid; - } msg; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser user("sm_test_16_user_name", GUM_USERTYPE_NORMAL); user.create(); - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed"); + if (pid != 0) { waitPid(pid); - } - if(pid == 0) - { - int ret; + } else { + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0, + "drop_root_privileges failed"); + char** levels; - std::string allow_policy, deny_policy; size_t count; - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - // 3 should be there when ask-user is installed - ret = security_manager_policy_levels_get(&levels, &count); - + int ret = security_manager_policy_levels_get(&levels, &count); RUNNER_ASSERT_MSG((lib_retcode)ret == SECURITY_MANAGER_SUCCESS, "Invlid return code: " << ret); + std::unique_ptr> descriptionsPtr(levels, + [count](char **levels) { security_manager_policy_levels_free(levels, count);}); - RUNNER_ASSERT_MSG(count == 3, "Invalid number of policy levels. Should be 3, instead there is: " << static_cast(count)); + RUNNER_ASSERT_MSG(count >= 2, "Invalid number of policy levels. Should be 3," + " instead there is: " << count); - deny_policy = std::string(levels[0]); - allow_policy = std::string(levels[count-1]); + std::string denyPolicy = std::string(levels[0]); + std::string allowPolicy = std::string(levels[count-1]); // first should always be Deny - RUNNER_ASSERT_MSG(deny_policy.compare("Deny") == 0, + RUNNER_ASSERT_MSG(denyPolicy.compare("Deny") == 0, "Invalid first policy level. Should be Deny, instead there is: " << levels[0]); // last should always be Allow - RUNNER_ASSERT_MSG(allow_policy.compare("Allow") == 0, + RUNNER_ASSERT_MSG(allowPolicy.compare("Allow") == 0, "Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]); - - security_manager_policy_levels_free(levels, count); exit(0); } } -RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self) +RUNNER_CHILD_TEST(security_manager_17a_privacy_manager_delete_policy_for_self) { - AppInstallHelper app("security_manager_17_update"); - const char *const update_privilege = "http://tizen.org/privilege/led"; - const char *const check_start_bucket = ""; - const std::string username("sm_test_17_username"); - PolicyRequest addPolicyRequest; - CynaraTestAdmin::Admin admin; + const std::string updatePriv = "http://tizen.org/privilege/led"; - struct message { - uid_t uid; - gid_t gid; - } msg; - - int pipefd[2]; - int pipefd2[2]; - pid_t pid[2]; - int result = 0; - ScopedProcessLabel keepLabel; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - RUNNER_ASSERT_MSG((pipe(pipefd2) != -1),"second pipe failed"); - - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); + TemporaryTestUser user("sm_test_17a_username", GUM_USERTYPE_NORMAL); user.create(); - app.createInstallDir(); - InstallRequest inst; - inst.setAppId(app.getAppId()); - inst.setPkgId(app.getPkgId()); - Api::install(inst); - - pid[0] = fork(); - RUNNER_ASSERT_MSG(pid[0] >= 0, "fork failed"); - if (pid[0] != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); + AppInstallHelper app("security_manager_17a"); + ScopedInstaller appInstall(app); - register_current_process_as_privilege_manager(user.getUid(), false); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - - waitPid(pid[0]); + SynchronizationPipe synchPipe; + pid_t pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0) { + synchPipe.claimParentEp(); - admin.adminCheck(check_start_bucket, false, app.generateAppLabel().c_str(), - std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); + synchPipe.wait(); + CynaraTestAdmin::Admin admin; + admin.adminCheck("", false, app.generateAppLabel().c_str(), user.getUidString().c_str(), + updatePriv.c_str(), CYNARA_ADMIN_ALLOW, nullptr); + synchPipe.post(); - pid[1] = fork(); - if (pid[1] != 0)//parent process - { - FdUniquePtr pipeptr(pipefd2+1); - close(pipefd2[0]); + synchPipe.wait(); + admin.adminCheck("", false, app.generateAppLabel().c_str(), user.getUidString().c_str(), + updatePriv.c_str(), CYNARA_ADMIN_DENY, nullptr); + waitPid(pid); + } else { + synchPipe.claimChildEp(); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0, + "drop_root_privileges failed"); - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); + PolicyEntry entry(app.getAppId(), user.getUidString(), updatePriv); + entry.setLevel("Allow"); + PolicyRequest addPolicyRequest; + addPolicyRequest.addEntry(entry); + Api::sendPolicy(addPolicyRequest); + synchPipe.post(); - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd2[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); + synchPipe.wait(); + PolicyEntry deleteEntry(app.getAppId(), user.getUidString(), updatePriv); + deleteEntry.setLevel(SECURITY_MANAGER_DELETE); + PolicyRequest deletePolicyRequest; + deletePolicyRequest.addEntry(deleteEntry); + Api::sendPolicy(deletePolicyRequest); + synchPipe.post(); - waitPid(pid[1]); + exit(0); + } +} - admin.adminCheck(check_start_bucket, false, app.generateAppLabel().c_str(), - std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr); - } - if(pid[1] == 0) - { - FdUniquePtr pipeptr(pipefd2); - close(pipefd2[1]); +RUNNER_CHILD_TEST(security_manager_17b_privacy_manager_delete_policy_for_self) +{ + const std::string updatePriv = "http://tizen.org/privilege/led"; - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + TemporaryTestUser user("sm_test_17b_username", GUM_USERTYPE_NORMAL); + user.create(); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + AppInstallHelper app("security_manager_17b"); + ScopedInstaller appInstall(app); - // delete this entry - PolicyRequest deletePolicyRequest; - PolicyEntry deleteEntry(app.getAppId(), std::to_string(static_cast(msg.uid)), update_privilege); - deleteEntry.setLevel(SECURITY_MANAGER_DELETE); + AppInstallHelper privManager("security_manager_17b_priv_manager", user.getUid()); + privManager.addPrivilege(SELF_PRIVILEGE); + ScopedInstaller privManagerInstall(privManager); - deletePolicyRequest.addEntry(deleteEntry); - Api::sendPolicy(deletePolicyRequest); - exit(0); - } - } - if(pid[0] == 0) - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); + SynchronizationPipe synchPipe; + pid_t pid = fork(); + RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); + if (pid != 0) { + synchPipe.claimParentEp(); + synchPipe.wait(); + CynaraTestAdmin::Admin admin; + admin.adminCheck("", false, app.generateAppLabel().c_str(), user.getUidString().c_str(), + updatePriv.c_str(), CYNARA_ADMIN_ALLOW, nullptr); + synchPipe.post(); - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + synchPipe.wait(); + admin.adminCheck("", false, app.generateAppLabel().c_str(), + user.getUidString().c_str(), updatePriv.c_str(), CYNARA_ADMIN_DENY, nullptr); + waitPid(pid); - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + } else { + synchPipe.claimChildEp(); + Api::setProcessLabel(privManager.getAppId()); + RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0, + "drop_root_privileges failed"); - PolicyEntry entry(app.getAppId(), std::to_string(static_cast(msg.uid)), update_privilege); + PolicyEntry entry(app.getAppId(), user.getUidString(), updatePriv); entry.setLevel("Allow"); - + PolicyRequest addPolicyRequest; addPolicyRequest.addEntry(entry); Api::sendPolicy(addPolicyRequest); + synchPipe.post(); + + synchPipe.wait(); + PolicyRequest deletePolicyRequest; + PolicyEntry deleteEntry(app.getAppId(), user.getUidString(), updatePriv); + deleteEntry.setLevel(SECURITY_MANAGER_DELETE); + deletePolicyRequest.addEntry(deleteEntry); + Api::sendPolicy(deletePolicyRequest); + synchPipe.post(); exit(0); } } @@ -1140,248 +763,208 @@ RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self) RUNNER_CHILD_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_self_filtered) { const std::string username("sm_test_17_user_name"); + std::vector appHelpers; + std::vector scopedInstallations; + std::map privToCount; + unsigned policyCount = 0; - struct message { - uid_t uid; - gid_t gid; - unsigned int privileges_count; - } msg; + TemporaryTestUser user(username, static_cast(GUM_USERTYPE_NORMAL), false); + user.create(); + + for (unsigned int i = 0; i < TEST_PRIVILEGES.size(); i++) { + AppInstallHelper app("sm_test_17_" + std::to_string(i), user.getUid()); + app.addPrivileges(TEST_PRIVILEGES[i]); + policyCount += app.getPrivileges().size(); + + appHelpers.emplace_back(std::move(app)); + for (auto &priv: TEST_PRIVILEGES[i]) { + privToCount[priv]++; + } + } - int pipefd[2]; - pid_t pid; - int result = 0; - ScopedProcessLabel keepLabel; + AppInstallHelper privManager("sm_test_17_priv_manager", user.getUid()); + std::string privManagerAppId = privManager.getAppId(); + privManager.addPrivilege(SELF_PRIVILEGE); + privToCount[SELF_PRIVILEGE]++; + policyCount += privManager.getPrivileges().size(); - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); + appHelpers.emplace_back(std::move(privManager)); + for (const auto &app : appHelpers) + scopedInstallations.emplace_back(std::move(ScopedInstaller(app))); - pid = fork(); + pid_t pid = fork(); RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); if (pid != 0)//parent process { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - TemporaryTestUser user(username, static_cast(GUM_USERTYPE_NORMAL), false); - user.create(); - - unsigned int privileges_count = 0; - - for(unsigned int i = 0; i < PM_MANY_APPS.size(); ++i) { - InstallRequest requestInst; - requestInst.setAppId(PM_MANY_APPS[i].c_str()); - requestInst.setPkgId(PM_MANY_APPS_PKGS.at(PM_MANY_APPS[i]).package.c_str()); - requestInst.setUid(user.getUid()); - - for (auto &priv : PM_MANY_APPS_PRIVILEGES.at(i)) { - requestInst.addPrivilege(priv.c_str()); - }; - - Api::install(requestInst); - privileges_count += PM_MANY_APPS_PRIVILEGES.at(i).size(); - }; - - register_current_process_as_privilege_manager(user.getUid(), false); - //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable - ++privileges_count; - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - msg.privileges_count = privileges_count; - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - waitPid(pid); - } - if(pid == 0) - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); + } else { + Api::setProcessLabel(privManagerAppId); + RUNNER_ASSERT_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0, + "drop_root_privileges failed"); + + for (const auto &privCount : privToCount) { + std::vector policyEntries; + PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, privCount.first); + Api::getPolicy(filter, policyEntries); + RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); + RUNNER_ASSERT_MSG(policyEntries.size() == privCount.second, + "Number of policies doesn't match - should be: " << privCount.second + << " and is " << policyEntries.size()); + } - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); + for (const auto &app : appHelpers) { + std::vector policyEntries; + PolicyEntry filter(app.getAppId(), SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY); + Api::getPolicy(filter, policyEntries); + RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); + RUNNER_ASSERT_MSG(policyEntries.size() == app.getPrivileges().size(), + "Number of policies doesn't match - should be: " << app.getPrivileges().size() + << " and is " << policyEntries.size()); + } - // filter by privilege std::vector policyEntries; - PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/internet"); + PolicyEntry filter(SECURITY_MANAGER_ANY, user.getUidString(), SECURITY_MANAGER_ANY); Api::getPolicy(filter, policyEntries); - RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size()); + RUNNER_ASSERT_MSG(policyEntries.size() == policyCount, + "Number of policies doesn't match - should be: " << policyCount + << " and is " << policyEntries.size()); - // filter by other privilege - policyEntries.clear(); - PolicyEntry filter2(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/email"); - Api::getPolicy(filter2, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == 3, "Number of policies doesn't match - should be: 3 and is " << policyEntries.size()); - - // filter by appId - policyEntries.clear(); - PolicyEntry filter3(PM_MANY_APPS[4].c_str(), SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY); - Api::getPolicy(filter3, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size()); + exit(0); } } RUNNER_CHILD_TEST(security_manager_18_privacy_manager_privacy_related_privileges_policy_install_remove) { + const std::string askUserDescription = "Ask user"; TemporaryTestUser user("sm_test_18_username", GUM_USERTYPE_NORMAL); user.create(); - AppInstallHelper helper("sm_test_18", - user.getUid()); - helper.addPrivileges({ - "http://tizen.org/privilege/telephony", - "http://tizen.org/privilege/led", - "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here - "http://tizen.org/privilege/account.read", - "http://tizen.org/privilege/healthinfo" - }); - - PolicyEntry filter (helper.getAppId(), user.getUidString(), SECURITY_MANAGER_ANY); - std::vector policyEntries; + AppInstallHelper app("sm_test_18", user.getUid()); + app.addPrivileges(TEST_PRIVACY_PRIVILEGES[0]); + PolicyEntry filter (app.getAppId(), user.getUidString(), SECURITY_MANAGER_ANY); + std::vector policyEntries; { - ScopedInstaller installer(helper); - unsigned int privacyNum = 0; - for (auto &priv : helper.getPrivileges()) { - if (1 == privilege_info_is_privacy(priv.c_str())) - ++privacyNum; - }; + ScopedInstaller installer(app); + unsigned int privacyNum = countPrivacyPrivileges(app.getPrivileges()); Api::getPolicy(filter, policyEntries); - RUNNER_ASSERT_MSG(policyEntries.size() == helper.getPrivileges().size(), - "Number of policy entries doesn't match; should be " << helper.getPrivileges().size() << " but is " << policyEntries.size()); + RUNNER_ASSERT_MSG(policyEntries.size() == app.getPrivileges().size(), + "Number of policy entries doesn't match; should be " << app.getPrivileges().size() + << " but is " << policyEntries.size()); if (PolicyConfiguration::getIsAskuserEnabled() ) { unsigned int privacyActNum = 0; for (auto &entry : policyEntries) - if (1 == privilege_info_is_privacy(entry.getPrivilege().c_str())) { - RUNNER_ASSERT_MSG(entry.getCurrentLevel() == "Ask user", "Invalid policy setup; policy should be \"Ask user\" but is " << entry.getCurrentLevel()); + if (isPrivilegePrivacy(entry.getPrivilege())) { + RUNNER_ASSERT_MSG(entry.getCurrentLevel() == askUserDescription, + "Invalid policy setup; policy should be \"Ask user\" but is " + << entry.getCurrentLevel()); ++privacyActNum; } - RUNNER_ASSERT_MSG(privacyActNum == privacyNum, "Should be " << privacyNum << " privacy privileges, but is " << privacyActNum); + RUNNER_ASSERT_MSG(privacyActNum == privacyNum, + "Should be " << privacyNum << " privacy privileges," + "but is " << privacyActNum); } } policyEntries.clear(); - Api::getPolicy(filter, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() == 0, "After deinstallation, policy entries size should be 0, but is: " << policyEntries.size()); + RUNNER_ASSERT_MSG(policyEntries.size() == 0, + "After deinstallation, policy entries size should be 0," + "but is: " << policyEntries.size()); } -RUNNER_CHILD_TEST(security_manager_19_privacy_manager_privacy_related_privileges_policy_hybrid) -{ +void test_privacy_related_privileges(bool isHybrid) { + const std::string askUserDescription = "Ask user"; TemporaryTestUser user("sm_test_19_username", GUM_USERTYPE_NORMAL); user.create(); - AppInstallHelper helper1("sm_test_19_app_id_1", - "sm_test_19_pkg_id", - true, - user.getUid(), - "3.0", - true); // hybrid package - - helper1.addPrivileges({ - "http://tizen.org/privilege/telephony", - "http://tizen.org/privilege/led", - "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here - "http://tizen.org/privilege/account.read", - "http://tizen.org/privilege/healthinfo" - }); - - AppInstallHelper helper2("sm_test_19_app_id_2", - "sm_test_19_pkg_id", - true, - user.getUid(), - "3.0", - true); // hybrid package - - helper2.addPrivileges({ - "http://tizen.org/privilege/telephony", - "http://tizen.org/privilege/led", - "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here - }); + const std::string pkgId = "sm_test_19_pkg_id"; + + AppInstallHelper app1("sm_test_19_app_id_1", pkgId, user.getUid()); + if (isHybrid) + app1.setHybrid(); + app1.addPrivileges(TEST_PRIVACY_PRIVILEGES[0]); + ScopedInstaller installer1(app1); + + AppInstallHelper app2("sm_test_19_app_id_2", pkgId, user.getUid()); + if (isHybrid) + app2.setHybrid(); + app2.addPrivileges(TEST_PRIVACY_PRIVILEGES[1]); + ScopedInstaller installer2(app2); + + int privacyCount1, privacyCount2; + if (!PolicyConfiguration::getIsAskuserEnabled()) { + privacyCount1 = 0; + privacyCount2 = 0; + } else { + privacyCount1 = countPrivacyPrivileges(app1.getPrivileges()); + privacyCount2 = countPrivacyPrivileges(app2.getPrivileges()); + } std::vector policyEntries; - PolicyEntry filter(SECURITY_MANAGER_ANY, user.getUidString(), SECURITY_MANAGER_ANY); - { - ScopedInstaller installer1(helper1); - ScopedInstaller installer2(helper2); - - unsigned int privacyNum1 = 0, privacyNum2 = 0; - - for (auto &priv : helper1.getPrivileges()) { - if (1 == privilege_info_is_privacy(priv.c_str())) - ++privacyNum1; - }; - - for (auto &priv : helper2.getPrivileges()) { - if (1 == privilege_info_is_privacy(priv.c_str())) - ++privacyNum2; - }; - - Api::getPolicy(filter, policyEntries); + Api::getPolicy(filter, policyEntries); - if (PolicyConfiguration::getIsAskuserEnabled() ) { - unsigned int privacyAct1 = 0, privacyAct2 = 0; - for (auto &entry : policyEntries) { - RUNNER_ASSERT_MSG(entry.getAppId() == helper1.getAppId() || entry.getAppId() == helper2.getAppId(), - "Invalid appId: should be either " << helper1.getAppId() << " or " << helper2.getAppId() << " but is " << entry.getAppId()); - if (1 == privilege_info_is_privacy(entry.getPrivilege().c_str())) { - RUNNER_ASSERT_MSG(entry.getCurrentLevel() == "Ask user", - "Invalid policy setup; policy should be \"Ask user\" but is " << entry.getCurrentLevel()); - if (entry.getAppId() == helper1.getAppId()) - ++privacyAct1; - else - ++privacyAct2; - } - } - RUNNER_ASSERT_MSG(privacyNum1 == privacyAct1, "Should be " << privacyNum1 << " privacy privileges, but is " << privacyAct1); - RUNNER_ASSERT_MSG(privacyNum2 == privacyAct2, "Should be " << privacyNum2 << " privacy privileges, but is " << privacyAct2); + int privacyAct1 = 0, privacyAct2 = 0; + for (auto &entry : policyEntries) { + RUNNER_ASSERT_MSG(entry.getAppId() == app1.getAppId() || entry.getAppId() == app2.getAppId(), + "Invalid appId: should be either " << app1.getAppId() << " or " + << app2.getAppId() << " but is " << entry.getAppId()); + if (PolicyConfiguration::getIsAskuserEnabled() && isPrivilegePrivacy(entry.getPrivilege())) { + RUNNER_ASSERT_MSG(entry.getCurrentLevel() == askUserDescription, + "Invalid policy setup; policy should be \"Ask user\" but is " + << entry.getCurrentLevel()); + if (entry.getAppId() == app1.getAppId()) + ++privacyAct1; + else + ++privacyAct2; } } + RUNNER_ASSERT_MSG(privacyCount1 == privacyAct1, "Should be " << privacyCount1 + << " privacy privileges, but is " << privacyAct1); + RUNNER_ASSERT_MSG(privacyCount2 == privacyAct2, "Should be " << privacyCount2 + << " privacy privileges, but is " << privacyAct2); } -RUNNER_CHILD_TEST(security_manager_20_privacy_manager_privacy_related_privielges_policy_admin_check) +RUNNER_CHILD_TEST(security_manager_19a_privacy_manager_privacy_related_privileges_policy_hybrid) { + test_privacy_related_privileges(true); +} + +RUNNER_CHILD_TEST(security_manager_19b_privacy_manager_privacy_related_privileges_policy_no_hybrid) +{ + test_privacy_related_privileges(false); +} + +RUNNER_CHILD_TEST(security_manager_20_privacy_manager_privacy_related_privileges_policy_admin_check) +{ + const std::string askUserDescription = "Ask user"; TemporaryTestUser user("sm_test_20_username", GUM_USERTYPE_NORMAL); user.create(); - AppInstallHelper helper("sm_test_20", - user.getUid()); - - helper.addPrivileges({ - "http://tizen.org/privilege/telephony", - "http://tizen.org/privilege/led", - "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here - "http://tizen.org/privilege/account.read", - "http://tizen.org/privilege/healthinfo" - }); + AppInstallHelper app("sm_test_20", user.getUid()); + app.addPrivileges(TEST_PRIVACY_PRIVILEGES[0]); - ScopedInstaller installer(helper); + ScopedInstaller installer(app); - if (PolicyConfiguration::getIsAskuserEnabled() ) { - CynaraTestAdmin::Admin admin; - int policyType = 0; - admin.getPolicyTypeForDescription("Ask user", policyType); - for (auto &priv : helper.getPrivileges()) { - if (1 == privilege_info_is_privacy(priv.c_str())) { - admin.adminCheck("", true, helper.generateAppLabel().c_str(), user.getUidString().c_str(), priv.c_str(), policyType, nullptr); - } + CynaraTestAdmin::Admin admin; + int policyType = CYNARA_ADMIN_ALLOW; + int privacyPolicyType = -1; + if (PolicyConfiguration::getIsAskuserEnabled()) + admin.getPolicyTypeForDescription(askUserDescription, privacyPolicyType); + + for (auto &priv : app.getPrivileges()) { + if (PolicyConfiguration::getIsAskuserEnabled() && isPrivilegePrivacy(priv)) { + admin.adminCheck("", true, app.generateAppLabel().c_str(), + user.getUidString().c_str(), priv.c_str(), privacyPolicyType, + nullptr); + } else { + admin.adminCheck("", true, app.generateAppLabel().c_str(), + user.getUidString().c_str(), priv.c_str(), policyType, nullptr); } } } -- 2.7.4