From 52cdda51ad125598c03698b36549588b9e2c987d Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Mon, 20 Jul 2020 14:20:07 +0200 Subject: [PATCH] Fix author_id mismatch after DB upgrade author_id is a DB table primary key and depends on apps instalation order. Instead of using author_id in SMACK label, use 64 bits (16 character string) of SHA1(author_name) in hex format. This commit includes: - sqlite3-sha1 extension copied from: https://github.com/sqlite/sqlite/blob/master/ext/misc/sha1.c - new DB schema and migration script, - rules loader adjustment to new SMACK label, - filesystem (SECURITY_MANAGER_PATH_TRUSTED_RW) relabeling, - app instalation changes. Change-Id: I4f478e0b9dfde06ef752d250d5bc7ef3183cde19 --- CMakeLists.txt | 1 + db/db.sql | 8 +- db/updates/update-db-to-v14.sql | 26 ++ packaging/security-manager.spec | 1 + policy/updates/update-policy-to-v9.sh | 43 +++ src/common/CMakeLists.txt | 3 + src/common/include/privilege_db.h | 22 +- src/common/include/service_impl.h | 2 +- src/common/include/smack-labels.h | 8 +- src/common/include/smack-rules.h | 32 +- src/common/privilege_db.cpp | 59 ++- src/common/service_impl.cpp | 42 +-- src/common/sha1.c | 398 +++++++++++++++++++++ src/common/smack-labels.cpp | 14 +- src/common/smack-rules.cpp | 54 +-- .../rules-loader/security-manager-rules-loader.cpp | 91 ++--- test/CMakeLists.txt | 1 + ...security-manager-test-rules-default-exclude.txt | 116 ++++-- ...ecurity-manager-test-rules-default-packages.txt | 26 +- test/data/.security-manager-test-rules-default.txt | 24 +- test/data/.security-manager-test-rules-exclude.txt | 92 +++-- .../data/.security-manager-test-rules-packages.txt | 2 +- test/data/.security-manager-test-rules.db | Bin 143360 -> 151552 bytes test/data/.security-manager-test-rules.txt | 118 ++++-- test/privilege_db_fixture.cpp | 20 +- test/test_privilege_db_add_app.cpp | 18 +- test/test_privilege_db_app_pkg_getters.cpp | 53 ++- test/test_smack-labels.cpp | 14 +- test/test_smack-rules.cpp | 45 +-- 29 files changed, 980 insertions(+), 353 deletions(-) create mode 100644 db/updates/update-db-to-v14.sql create mode 100755 policy/updates/update-policy-to-v9.sh create mode 100644 src/common/sha1.c diff --git a/CMakeLists.txt b/CMakeLists.txt index fafbd1d..fe3d121 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -124,6 +124,7 @@ SET(TARGET_CLEANUP "security-manager-cleanup") SET(TARGET_LOADER "security-manager-rules-loader") SET(TARGET_TEST_LOADER "security-manager-test-rules-loader") SET(TARGET_NSS "security-manager-nss") +SET(TARGET_SQLITE_EXT "sqlite3-sha1-ext") ADD_SUBDIRECTORY(src) ADD_SUBDIRECTORY(pc) diff --git a/db/db.sql b/db/db.sql index 0c4ee87..2c4795e 100644 --- a/db/db.sql +++ b/db/db.sql @@ -4,7 +4,7 @@ PRAGMA auto_vacuum = NONE; BEGIN EXCLUSIVE TRANSACTION; -PRAGMA user_version = 13; +PRAGMA user_version = 14; CREATE TABLE IF NOT EXISTS pkg ( pkg_id INTEGER PRIMARY KEY, @@ -59,7 +59,8 @@ PRIMARY KEY (privilege_name, group_name) CREATE TABLE IF NOT EXISTS author ( author_id INTEGER PRIMARY KEY, name VARCHAR NOT NULL, - UNIQUE (name) + hash VARCHAR NOT NULL, + UNIQUE (hash) ); CREATE TABLE IF NOT EXISTS app_defined_privilege ( @@ -96,6 +97,7 @@ SELECT pkg.author_id, pkg.name as pkg_name, author.name as author_name, + author.hash as author_hash, pkg.is_hybrid FROM user_app LEFT JOIN app USING (app_id) @@ -118,7 +120,7 @@ BEGIN AND NEW.author_name IS NOT NULL AND author_name!=NEW.author_name); - INSERT OR IGNORE INTO author(name) VALUES (NEW.author_name); + INSERT OR IGNORE INTO author(name, hash) VALUES (NEW.author_name, NEW.author_hash); INSERT OR IGNORE INTO pkg(name, author_id, is_hybrid) VALUES ( NEW.pkg_name, diff --git a/db/updates/update-db-to-v14.sql b/db/updates/update-db-to-v14.sql new file mode 100644 index 0000000..da34939 --- /dev/null +++ b/db/updates/update-db-to-v14.sql @@ -0,0 +1,26 @@ +PRAGMA foreign_keys=OFF; + +BEGIN EXCLUSIVE TRANSACTION; + +PRAGMA user_version = 14; + +CREATE TABLE author_new ( + author_id INTEGER PRIMARY KEY, + name VARCHAR NOT NULL, + hash VARCHAR NOT NULL, + UNIQUE (hash) +); + +SELECT load_extension('libsqlite3-sha1-ext.so'); +INSERT INTO author_new +SELECT author_id, name, substr(sha1(name), 1, 16) +FROM author; + +DROP TABLE author; +ALTER TABLE author_new RENAME TO author; + +PRAGMA foreign_key_check; + +COMMIT TRANSACTION; + +PRAGMA foreign_keys=ON; diff --git a/packaging/security-manager.spec b/packaging/security-manager.spec index 8495f70..3cbe2c1 100644 --- a/packaging/security-manager.spec +++ b/packaging/security-manager.spec @@ -289,6 +289,7 @@ chsmack -a System %{db_test_dir}/.security-manager-test-rules*.txt %dir %attr(711,root,root) %{TZ_SYS_VAR}/%{name}/ %{_libdir}/libsecurity-manager-commons.so.* +%{_libdir}/libsqlite3-sha1-ext.so %attr(-,root,root) %{_unitdir}/security-manager.* %attr(-,root,root) %{_unitdir}/security-manager-cleanup.* %attr(-,root,root) %{_unitdir}/security-manager-rules-loader.service diff --git a/policy/updates/update-policy-to-v9.sh b/policy/updates/update-policy-to-v9.sh new file mode 100755 index 0000000..9bc9a57 --- /dev/null +++ b/policy/updates/update-policy-to-v9.sh @@ -0,0 +1,43 @@ +#!/bin/sh -e + +# +# Copyright (c) 2020 Samsung Electronics Co., Ltd. All rights reserved. +# +# This file is licensed under the terms of MIT License or the Apache License +# Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. +# See the LICENSE file or the notice below for Apache License Version 2.0 +# details. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +export PATH=/sbin:/usr/sbin:/bin:/usr/bin + +. /etc/tizen-platform.conf + +systemctl stop security-manager.service security-manager.socket + +trusted_dirs=`find "$TZ_SYS_OPT" -name trusted | grep apps_rw` + +echo "$trusted_dirs" | while read dir +do + pkg=`echo "$dir" | rev | cut -d '/' -f 3 | rev` + hash=`sqlite3 "$TZ_SYS_DB"/.security-manager.db "SELECT DISTINCT author_hash FROM user_app_pkg_view WHERE pkg_name='$pkg'"` + if [ -n "$hash" ] + then + chsmack -a "User::Author::$hash" "$dir" + fi +done + +systemctl start security-manager-rules-loader.service +systemctl start security-manager.service security-manager.socket diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index ee3514a..194f27f 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -33,6 +33,7 @@ PKG_CHECK_MODULES(COMMON_DEP libtzplatform-config security-privilege-manager mount + openssl1.1 ) IF(DPL_WITH_DLOG) @@ -118,6 +119,7 @@ ENDIF(DPL_WITH_SYSTEMD_JOURNAL) LINK_DIRECTORIES(${COMMON_DEP_LIBRARY_DIRS} ${DLOG_DEP_LIBRARY_DIRS}) ADD_LIBRARY(${TARGET_COMMON} SHARED ${COMMON_SOURCES}) +ADD_LIBRARY(${TARGET_SQLITE_EXT} SHARED sha1.c) SET_SOURCE_FILES_PROPERTIES(${GEN_PATH}/db.h PROPERTIES GENERATED 1) ADD_DEPENDENCIES(${TARGET_COMMON} generate) @@ -139,4 +141,5 @@ TARGET_LINK_LIBRARIES(${TARGET_COMMON} ) INSTALL(TARGETS ${TARGET_COMMON} DESTINATION ${LIB_INSTALL_DIR}) +INSTALL(TARGETS ${TARGET_SQLITE_EXT} DESTINATION ${LIB_INSTALL_DIR}) INSTALL(DIRECTORY DESTINATION ${DATA_INSTALL_DIR}/dummy) diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h index 030cd76..812bacf 100644 --- a/src/common/include/privilege_db.h +++ b/src/common/include/privilege_db.h @@ -73,8 +73,8 @@ enum class StmtType : uint8_t { EGetAllPackages, EGetAppsInPkg, EGetGroupsRelatedPrivileges, - EGetPkgAuthorId, - EAuthorIdExists, + EGetPkgAuthor, + EAuthorExists, ESetPackageSharedRO, EIsPackageHybrid, EAddAppDefinedPrivilege, @@ -213,15 +213,15 @@ public: bool PkgNameExists(const std::string &pkgName); /** - * Check if authorId is already registered in database + * Check if author is already registered in database * - * @param authorId numerical author identifier + * @param authorHash author identifier, sha1(author_name) * @exception PrivilegeDb::Exception::InternalError on internal error * @exception PrivilegeDb::Exception::ConstraintError on constraint violation - * @return true if authorId exists in the database + * @return true if author exists in the database * */ - bool AuthorIdExists(int authorId); + bool AuthorExists(const std::string &authorHash); /** * Return package id associated with a given application id @@ -263,7 +263,7 @@ public: * @param pkgName - package identifier * @param uid - user identifier for whom application is going to be installed * @param targetTizenVer - target tizen version for application - * @param author - author identifier + * @param authorName - author identifier * @param isHybrid - hybrid flag setting * @exception PrivilegeDb::Exception::InternalError on internal error * @exception PrivilegeDb::Exception::ConstraintError on constraint violation @@ -273,7 +273,7 @@ public: const std::string &pkgName, uid_t uid, const std::string &targetTizenVer, - const std::string &authorId, + const std::string &authorName, bool isHybrid); /** @@ -460,15 +460,15 @@ public: */ void GetAllPackages(std::vector &packages); - /* Retrive an id of an author from database + /* Retrive hash of author_name from database * * @param pkgName[in] package identifier - * @param authorId[out] author id associated with the package, or -1 if no + * @param authorHash[out] hash of author_name associated with the package, or empty string if no * author was assigned during installation * @exception PrivilegeDb::Exception::InternalError on internal error * @exception PrivilegeDb::Exception::ConstraintError on constraint violation */ - void GetPkgAuthorId(const std::string &pkgName, int &authorId); + void GetPkgAuthor(const std::string &pkgName, std::string &authorHash); /** * Retrieve vector of pairs with group_name (1st value) and privilege_name (2nd value) diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h index ce86e22..468a54d 100644 --- a/src/common/include/service_impl.h +++ b/src/common/include/service_impl.h @@ -59,7 +59,7 @@ struct UninstallHelper { bool isPkgHybrid; bool removePkg; bool removeAuthor; - int authorId; + std::string authorHash; Smack::Labels pkgLabels; std::vector removeApps; AppDefinedPrivilegesVector oldAppDefinedPrivileges; diff --git a/src/common/include/smack-labels.h b/src/common/include/smack-labels.h index 5bfba35..24cb8b2 100644 --- a/src/common/include/smack-labels.h +++ b/src/common/include/smack-labels.h @@ -45,12 +45,14 @@ namespace SmackLabels { * @param path[in] path to a file or directory to setup * @param pathType[in] type of path to setup. See description of * app_install_path_type in security-manager.h for details + * @param authorHash[in] hash of author_name of given application + * (if not applicable, set to empty string) */ void setupPath( const std::string &pkgName, const std::string &path, app_install_path_type pathType, - const int authorId = -1); + const std::string &authorHash = std::string()); /** * Sets Smack labels on a / non-recursively @@ -126,10 +128,10 @@ Smack::Label generateSharedPrivateLabel(const std::string &pkgName, const std::s * Generates label for trusted paths. Trusted paths are paths where all application * of the same author have rw rights. * - * @param[in] authorId + * @param[in] authorHash * @return resulting Smack label */ -Smack::Label generatePathTrustedLabel(const int authorId); +Smack::Label generatePathTrustedLabel(const std::string &authorHash); /** * Returns smack label for given socket diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h index 6423c04..9fe3f08 100644 --- a/src/common/include/smack-rules.h +++ b/src/common/include/smack-rules.h @@ -52,13 +52,13 @@ public: * * @param[in] appProcessLabel - process label of the application * @param[in] pkgName - package identifier - * @param[in] authorId - author id of application + * @param[in] authorHash - hash of author_name * @param[in] pkgLabels - a list of process labels of all applications inside this package */ void installApplicationRules( const std::string &appProcessLabel, const std::string &pkgName, - const int authorId, + const std::string &authorHash, const Smack::Labels &pkgLabels); /** @@ -76,13 +76,13 @@ public: * * @param[in] appProcessLabel - process label of the application * @param[in] pkgName - package id of given application - * @param[in] authorId - author id of given application (if not applicable, set to -1) + * @param[in] authorHash - hash of author_name of given application (if not applicable, set to empty string) * @param[in] privileges - a list of privileges allowed for given application */ void enablePrivilegeRules( const Smack::Label &appProcessLabel, const std::string &pkgName, - int authorId, + const std::string &authorHash, const std::vector &privileges); /** @@ -93,12 +93,12 @@ public: * * @param[in] appProcessLabel - process label of the application * @param[in] pkgName - package id of given application - * @param[in] authorId - author id of given application (if not applicable, set to -1) + * @param[in] authorHash - hash of author_name of given application (if not applicable, set to empty string) */ void disableAllPrivilegeRules( const Smack::Label &appProcessLabel, const std::string &pkgName, - int authorId); + const std::string &authorHash); /** * Disable privilege-specific smack rules for given application @@ -108,13 +108,13 @@ public: * * @param[in] appProcessLabel - process label of the application * @param[in] pkgName - package id of given application - * @param[in] authorId - author id of given application (if not applicable, set to -1) + * @param[in] authorHash - hash of author_name of given application (if not applicable, set to empty string) * @param[in] privileges - a list of privileges to be disabled for given application */ void disablePrivilegeRules( const Smack::Label &appProcessLabel, const std::string &pkgName, - int authorId, + const std::string &authorHash, const std::vector &privileges); /** @@ -134,11 +134,11 @@ public: * * @param[in] appProcessLabel - application process label * @param[in] pkgName - package identifier that the application is in - * @param[in] authorId - identification (datbase key) of the author + * @param[in] authorHash - identification of the author */ void uninstallApplicationRules(const Smack::Label &appProcessLabel, const std::string &pkgName, - const int authorId); + const std::string &authorHash); /** * Update package specific rules @@ -157,9 +157,9 @@ public: /** * Uninstall author-specific smack rules. * - * param[in] authorId - identification (datbase key) of the author + * param[in] authorHash - identification of the author */ - void uninstallAuthorRules(const int authorId); + void uninstallAuthorRules(const std::string &authorHash); /** * Add rules related to private path sharing rules @@ -215,7 +215,7 @@ public: TemplateManager::Type type, const Smack::Label &appProcessLabel, const std::string &pkgName, - const int authorId); + const std::string &authorHash); void addFromPrivTemplate( SmackAccesses &rules, @@ -224,13 +224,13 @@ public: const Smack::Label &appProcessLabel, const Smack::Label &privilegeLable, const std::string &pkgName, - const int authorId); + const std::string &authorHash); void useTemplate( TemplateManager::Type type, const Smack::Label &appProcessLabel, const std::string &pkgName, - const int authorId = -1); + const std::string &authorHash = std::string()); private: /** @@ -247,7 +247,7 @@ private: SmackAccesses &rules, const Smack::Label &appProcessLabel, const std::string &pkgName, - int authorId, + const std::string &authorHash, const std::vector &privileges); TemplateManager m_templateMgr; diff --git a/src/common/privilege_db.cpp b/src/common/privilege_db.cpp index 07ade39..3fe9358 100644 --- a/src/common/privilege_db.cpp +++ b/src/common/privilege_db.cpp @@ -33,8 +33,11 @@ #include #include #include +#include #include +#include + #include #include "../gen/db.h" #include "privilege_db.h" @@ -45,8 +48,8 @@ namespace SecurityManager { namespace { constexpr const char *g_queries[StmtTypeCount] = { - [underlying(StmtType::EAddApplication)] = "INSERT INTO user_app_pkg_view (app_name, pkg_name, uid, version, author_name, is_hybrid)" - " VALUES (?, ?, ?, ?, ?, ?)", + [underlying(StmtType::EAddApplication)] = "INSERT INTO user_app_pkg_view (app_name, pkg_name, uid, version, author_name, author_hash, is_hybrid)" + " VALUES (?, ?, ?, ?, ?, ?, ?)", [underlying(StmtType::ERemoveApplication)] = "DELETE FROM user_app_pkg_view WHERE app_name=? AND uid=?", [underlying(StmtType::EPkgNameExists)] = "SELECT count(*) FROM pkg WHERE name=?", [underlying(StmtType::EAppNameExists)] = "SELECT count(*) FROM app WHERE name=?", @@ -70,8 +73,8 @@ constexpr const char *g_queries[StmtTypeCount] = { [underlying(StmtType::EGetAllPackages)] = "SELECT DISTINCT pkg_name FROM user_app_pkg_view", [underlying(StmtType::EGetAppsInPkg)] = " SELECT DISTINCT app_name FROM user_app_pkg_view WHERE pkg_name = ?", [underlying(StmtType::EGetGroupsRelatedPrivileges)] = "SELECT DISTINCT group_name, privilege_name FROM privilege_group", - [underlying(StmtType::EGetPkgAuthorId)] = "SELECT author_id FROM pkg WHERE name = ? AND author_id IS NOT NULL", - [underlying(StmtType::EAuthorIdExists)] = "SELECT count(*) FROM author where author_id=?", + [underlying(StmtType::EGetPkgAuthor)] = "SELECT DISTINCT author_hash FROM user_app_pkg_view WHERE pkg_name = ?", + [underlying(StmtType::EAuthorExists)] = "SELECT count(*) FROM author WHERE hash=?", [underlying(StmtType::ESetPackageSharedRO)] = "UPDATE pkg SET shared_ro=? WHERE name=?", [underlying(StmtType::EIsPackageHybrid)] = "SELECT is_hybrid FROM pkg WHERE name=?", [underlying(StmtType::EAddAppDefinedPrivilege)] = "INSERT INTO app_defined_privilege_view (app_name, uid, privilege, type, license) VALUES (?, ?, ?, ?, ?)", @@ -283,6 +286,25 @@ void PrivilegeDb::GetAppVersion(const std::string &appName, std::string &tizenVe }); } +std::string getAuthorHash(const std::string &author) +{ + if (author.empty()) + return std::string(); + + // SHA1 produce 160 bits hash + unsigned char hash[20]; + SHA1((const unsigned char*)author.data(), author.size(), hash); + + std::stringstream ss; + ss << std::hex; + + // get 64 bits only in hex format (16 characters) + for (int i = 0; i < 8; ++i) + ss << std::setw(2) << std::setfill('0') << (int)hash[i]; + + return ss.str(); +} + void PrivilegeDb::AddApplication( const std::string &appName, const std::string &pkgName, @@ -298,7 +320,8 @@ void PrivilegeDb::AddApplication( command->BindInteger(3, static_cast(uid)); command->BindString(4, targetTizenVer); authorName.empty() ? command->BindNull(5) : command->BindString(5, authorName); - command->BindInteger(6, isHybrid ? 1 : 0); + authorName.empty() ? command->BindNull(6) : command->BindString(6, getAuthorHash(authorName)); + command->BindInteger(7, isHybrid ? 1 : 0); if (command->Step()) { LogDebug("Unexpected SQLITE_ROW answer to query: " << @@ -323,8 +346,8 @@ void PrivilegeDb::RemoveApplication( std::string pkgName; GetAppPkgName(appName, pkgName); - int authorId; - GetPkgAuthorId(pkgName, authorId); + std::string authorHash; + GetPkgAuthor(pkgName, authorHash); auto command = getStatement(StmtType::ERemoveApplication); command->BindString(1, appName); @@ -339,7 +362,7 @@ void PrivilegeDb::RemoveApplication( appNameIsNoMore = !(AppNameExists(appName)); pkgNameIsNoMore = !(PkgNameExists(pkgName)); - authorNameIsNoMore = !(AuthorIdExists(authorId)); + authorNameIsNoMore = !(AuthorExists(authorHash)); }); } @@ -546,33 +569,33 @@ void PrivilegeDb::GetPkgApps(const std::string &pkgName, }); } -void PrivilegeDb::GetPkgAuthorId(const std::string &pkgName, int &authorId) +void PrivilegeDb::GetPkgAuthor(const std::string &pkgName, std::string &authorHash) { try_catch([&] { - auto command = getStatement(StmtType::EGetPkgAuthorId); + auto command = getStatement(StmtType::EGetPkgAuthor); command->BindString(1, pkgName); if (command->Step()) { - authorId = command->GetColumnInteger(0); - LogDebug("Got authorid: " << authorId << " for pkgName " << pkgName); + authorHash = command->GetColumnString(0); + LogDebug("Got author: " << authorHash << " for pkgName " << pkgName); } else { - authorId = -1; - LogDebug("No authorid found for pkgName " << pkgName); + authorHash = std::string(); + LogDebug("No author found for pkgName " << pkgName); } }); } -bool PrivilegeDb::AuthorIdExists(int authorId) +bool PrivilegeDb::AuthorExists(const std::string &authorHash) { return try_catch([&]() -> bool { - auto command = getStatement(StmtType::EAuthorIdExists); + auto command = getStatement(StmtType::EAuthorExists); int cnt = 0; - command->BindInteger(1, authorId); + command->BindString(1, authorHash); if (command->Step()) cnt = command->GetColumnInteger(0); - LogDebug("AuthorId " << authorId << " found in " << cnt << " entries in db"); + LogDebug("Author " << authorHash << " found in " << cnt << " entries in db"); return (cnt > 0); }); diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index bc3ddc2..70bf9f9 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -76,7 +76,7 @@ UninstallHelper::UninstallHelper() { isPkgHybrid = false; removePkg = false; removeAuthor = false; - authorId = 0; + authorHash = std::string(); } namespace { @@ -347,8 +347,8 @@ int ServiceImpl::labelPaths(const pkg_paths &paths, return SECURITY_MANAGER_ERROR_INPUT_PARAM; } - int authorId; - m_privilegeDb.GetPkgAuthorId(pkgName, authorId); + std::string authorHash; + m_privilegeDb.GetPkgAuthor(pkgName, authorHash); std::string homePath; std::vector pkgLegalBaseDirs; @@ -391,7 +391,7 @@ int ServiceImpl::labelPaths(const pkg_paths &paths, for (const auto &pkgPath : paths) { const std::string &path = pkgPath.first; app_install_path_type pathType = static_cast(pkgPath.second); - SmackLabels::setupPath(pkgName, path, pathType, authorId); + SmackLabels::setupPath(pkgName, path, pathType, authorHash); } for (const auto &basePath : pkgLegalBaseDirs) { @@ -526,18 +526,18 @@ void ServiceImpl::appInstallCynaraPolicies(app_inst_req::app& app, app_inst_req& int ServiceImpl::appInstallSmackRules(app_inst_req &req, InstallHelper &ih) { - int authorId = -1; + std::string authorHash = std::string(); Smack::Labels pkgLabels; try { - m_privilegeDb.GetPkgAuthorId(req.pkgName, authorId); + m_privilegeDb.GetPkgAuthor(req.pkgName, authorHash); // Check if hybridity is changed if the package is installed if (ih.isUserPkgInstalled && ih.isOldPkgHybrid != req.isHybrid) { for (auto &app : req.apps) { Smack::Label oldAppLabel = SmackLabels::generateProcessLabel( app.appName, req.pkgName, ih.isOldPkgHybrid); - m_smackRules.uninstallApplicationRules(oldAppLabel, req.pkgName, authorId); + m_smackRules.uninstallApplicationRules(oldAppLabel, req.pkgName, authorHash); if (req.isHybrid) // was not hybrid - all labels were the same break; } @@ -551,7 +551,7 @@ int ServiceImpl::appInstallSmackRules(app_inst_req &req, InstallHelper &ih) Smack::Label appLabel = SmackLabels::generateProcessLabel( app.appName, req.pkgName, req.isHybrid); - m_smackRules.installApplicationRules(appLabel, req.pkgName, authorId, pkgLabels); + m_smackRules.installApplicationRules(appLabel, req.pkgName, authorHash, pkgLabels); if (!req.isHybrid) // is not hybrid - all labels are the same break; } @@ -890,7 +890,7 @@ int ServiceImpl::appUninstallSmackRules(app_inst_req &req, UninstallHelper &uh) * Nonhybrid apps have the same label, so revoking it is unnecessary * unless whole package is being removed. */ - m_smackRules.uninstallApplicationRules(processLabel, req.pkgName, uh.authorId); + m_smackRules.uninstallApplicationRules(processLabel, req.pkgName, uh.authorHash); } if (!uh.removePkg) { uh.pkgLabels.erase(std::remove(uh.pkgLabels.begin(), uh.pkgLabels.end(), processLabel), @@ -904,9 +904,9 @@ int ServiceImpl::appUninstallSmackRules(app_inst_req &req, UninstallHelper &uh) m_smackRules.updatePackageRules(req.pkgName, uh.pkgLabels); } - if (uh.authorId != -1 && uh.removeAuthor) { - LogDebug("Removing Smack rules for authorId " << uh.authorId); - m_smackRules.uninstallAuthorRules(uh.authorId); + if (!uh.authorHash.empty() && uh.removeAuthor) { + LogDebug("Removing Smack rules for author " << uh.authorHash); + m_smackRules.uninstallAuthorRules(uh.authorHash); } } catch (const SmackException::Base &e) { LogError("Error while removing Smack rules for application: " << e.DumpToString()); @@ -942,7 +942,7 @@ int ServiceImpl::appUninstall(const Credentials &creds, app_inst_req &req) // that this app belongs to, this will allow us to remove all rules within the // package that the app appears in UninstallHelper uh; - m_privilegeDb.GetPkgAuthorId(req.pkgName, uh.authorId); + m_privilegeDb.GetPkgAuthor(req.pkgName, uh.authorHash); getPkgLabels(req.pkgName, uh.pkgLabels); uh.isPkgHybrid = m_privilegeDb.IsPackageHybrid(req.pkgName); @@ -1138,11 +1138,11 @@ void ServiceImpl::updateRunningAppSmackPolicy( std::string appName, pkgName; SmackLabels::generateAppPkgNameFromLabel(appContext.appProcessLabel, appName, pkgName); - int authorId; - m_privilegeDb.GetPkgAuthorId(pkgName, authorId); + std::string authorHash; + m_privilegeDb.GetPkgAuthor(pkgName, authorHash); - m_smackRules.disablePrivilegeRules(appContext.appProcessLabel, pkgName, authorId, denied); - m_smackRules.enablePrivilegeRules(appContext.appProcessLabel, pkgName, authorId, allowed); + m_smackRules.disablePrivilegeRules(appContext.appProcessLabel, pkgName, authorHash, denied); + m_smackRules.enablePrivilegeRules(appContext.appProcessLabel, pkgName, authorHash, allowed); } bool isMultiUser(const MountNS::AppContext &app, const std::vector &runningApps) @@ -2269,8 +2269,8 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName return ret; } - int authorId; - m_privilegeDb.GetPkgAuthorId(pkgName, authorId); + std::string authorHash; + m_privilegeDb.GetPkgAuthor(pkgName, authorHash); std::vector pkgLabels; getPkgLabels(pkgName, pkgLabels); @@ -2279,7 +2279,7 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName // We have to remove all possible privilege related Smack rules, because application // policy might have changed from last prepareApp // (e.g. application new version was installed) - m_smackRules.disableAllPrivilegeRules(label, pkgName, authorId); + m_smackRules.disableAllPrivilegeRules(label, pkgName, authorHash); // TODO: Optimization is welcomed here auto runningApps = MountNS::getMountNSApps(); @@ -2287,7 +2287,7 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName LogWarning("Detected multiuser instance of " << appName << ". Privilege related Smack rules are cleared and won't be reapplied."); } else { - m_smackRules.enablePrivilegeRules(label, pkgName, authorId, allowedPrivileges); + m_smackRules.enablePrivilegeRules(label, pkgName, authorHash, allowedPrivileges); } } diff --git a/src/common/sha1.c b/src/common/sha1.c new file mode 100644 index 0000000..c288da8 --- /dev/null +++ b/src/common/sha1.c @@ -0,0 +1,398 @@ +/* +** 2017-01-27 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +****************************************************************************** +** +** This SQLite extension implements functions that compute SHA1 hashes. +** Two SQL functions are implemented: +** +** sha1(X) +** sha1_query(Y) +** +** The sha1(X) function computes the SHA1 hash of the input X, or NULL if +** X is NULL. +** +** The sha1_query(Y) function evalutes all queries in the SQL statements of Y +** and returns a hash of their results. +*/ +#include "sqlite3ext.h" +SQLITE_EXTENSION_INIT1 +#include +#include +#include + +/****************************************************************************** +** The Hash Engine +*/ +/* Context for the SHA1 hash */ +typedef struct SHA1Context SHA1Context; +struct SHA1Context { + unsigned int state[5]; + unsigned int count[2]; + unsigned char buffer[64]; +}; + +#define SHA_ROT(x,l,r) ((x) << (l) | (x) >> (r)) +#define rol(x,k) SHA_ROT(x,k,32-(k)) +#define ror(x,k) SHA_ROT(x,32-(k),k) + +#define blk0le(i) (block[i] = (ror(block[i],8)&0xFF00FF00) \ + |(rol(block[i],8)&0x00FF00FF)) +#define blk0be(i) block[i] +#define blk(i) (block[i&15] = rol(block[(i+13)&15]^block[(i+8)&15] \ + ^block[(i+2)&15]^block[i&15],1)) + +/* + * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 + * + * Rl0() for little-endian and Rb0() for big-endian. Endianness is + * determined at run-time. + */ +#define Rl0(v,w,x,y,z,i) \ + z+=((w&(x^y))^y)+blk0le(i)+0x5A827999+rol(v,5);w=ror(w,2); +#define Rb0(v,w,x,y,z,i) \ + z+=((w&(x^y))^y)+blk0be(i)+0x5A827999+rol(v,5);w=ror(w,2); +#define R1(v,w,x,y,z,i) \ + z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=ror(w,2); +#define R2(v,w,x,y,z,i) \ + z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=ror(w,2); +#define R3(v,w,x,y,z,i) \ + z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=ror(w,2); +#define R4(v,w,x,y,z,i) \ + z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=ror(w,2); + +/* + * Hash a single 512-bit block. This is the core of the algorithm. + */ +void SHA1Transform(unsigned int state[5], const unsigned char buffer[64]){ + unsigned int qq[5]; /* a, b, c, d, e; */ + static int one = 1; + unsigned int block[16]; + memcpy(block, buffer, 64); + memcpy(qq,state,5*sizeof(unsigned int)); + +#define a qq[0] +#define b qq[1] +#define c qq[2] +#define d qq[3] +#define e qq[4] + + /* Copy p->state[] to working vars */ + /* + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + */ + + /* 4 rounds of 20 operations each. Loop unrolled. */ + if( 1 == *(unsigned char*)&one ){ + Rl0(a,b,c,d,e, 0); Rl0(e,a,b,c,d, 1); Rl0(d,e,a,b,c, 2); Rl0(c,d,e,a,b, 3); + Rl0(b,c,d,e,a, 4); Rl0(a,b,c,d,e, 5); Rl0(e,a,b,c,d, 6); Rl0(d,e,a,b,c, 7); + Rl0(c,d,e,a,b, 8); Rl0(b,c,d,e,a, 9); Rl0(a,b,c,d,e,10); Rl0(e,a,b,c,d,11); + Rl0(d,e,a,b,c,12); Rl0(c,d,e,a,b,13); Rl0(b,c,d,e,a,14); Rl0(a,b,c,d,e,15); + }else{ + Rb0(a,b,c,d,e, 0); Rb0(e,a,b,c,d, 1); Rb0(d,e,a,b,c, 2); Rb0(c,d,e,a,b, 3); + Rb0(b,c,d,e,a, 4); Rb0(a,b,c,d,e, 5); Rb0(e,a,b,c,d, 6); Rb0(d,e,a,b,c, 7); + Rb0(c,d,e,a,b, 8); Rb0(b,c,d,e,a, 9); Rb0(a,b,c,d,e,10); Rb0(e,a,b,c,d,11); + Rb0(d,e,a,b,c,12); Rb0(c,d,e,a,b,13); Rb0(b,c,d,e,a,14); Rb0(a,b,c,d,e,15); + } + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + +#undef a +#undef b +#undef c +#undef d +#undef e +} + + +/* Initialize a SHA1 context */ +static void hash_init(SHA1Context *p){ + /* SHA1 initialization constants */ + p->state[0] = 0x67452301; + p->state[1] = 0xEFCDAB89; + p->state[2] = 0x98BADCFE; + p->state[3] = 0x10325476; + p->state[4] = 0xC3D2E1F0; + p->count[0] = p->count[1] = 0; +} + +/* Add new content to the SHA1 hash */ +static void hash_step( + SHA1Context *p, /* Add content to this context */ + const unsigned char *data, /* Data to be added */ + unsigned int len /* Number of bytes in data */ +){ + unsigned int i, j; + + j = p->count[0]; + if( (p->count[0] += len << 3) < j ){ + p->count[1] += (len>>29)+1; + } + j = (j >> 3) & 63; + if( (j + len) > 63 ){ + (void)memcpy(&p->buffer[j], data, (i = 64-j)); + SHA1Transform(p->state, p->buffer); + for(; i + 63 < len; i += 64){ + SHA1Transform(p->state, &data[i]); + } + j = 0; + }else{ + i = 0; + } + (void)memcpy(&p->buffer[j], &data[i], len - i); +} + +/* Compute a string using sqlite3_vsnprintf() and hash it */ +static void hash_step_vformat( + SHA1Context *p, /* Add content to this context */ + const char *zFormat, + ... +){ + va_list ap; + int n; + char zBuf[50]; + va_start(ap, zFormat); + sqlite3_vsnprintf(sizeof(zBuf),zBuf,zFormat,ap); + va_end(ap); + n = (int)strlen(zBuf); + hash_step(p, (unsigned char*)zBuf, n); +} + + +/* Add padding and compute the message digest. Render the +** message digest as lower-case hexadecimal and put it into +** zOut[]. zOut[] must be at least 41 bytes long. */ +static void hash_finish( + SHA1Context *p, /* The SHA1 context to finish and render */ + char *zOut /* Store hexadecimal hash here */ +){ + unsigned int i; + unsigned char finalcount[8]; + unsigned char digest[20]; + static const char zEncode[] = "0123456789abcdef"; + + for (i = 0; i < 8; i++){ + finalcount[i] = (unsigned char)((p->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + hash_step(p, (const unsigned char *)"\200", 1); + while ((p->count[0] & 504) != 448){ + hash_step(p, (const unsigned char *)"\0", 1); + } + hash_step(p, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++){ + digest[i] = (unsigned char)((p->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } + for(i=0; i<20; i++){ + zOut[i*2] = zEncode[(digest[i]>>4)&0xf]; + zOut[i*2+1] = zEncode[digest[i] & 0xf]; + } + zOut[i*2]= 0; +} +/* End of the hashing logic +*****************************************************************************/ + +/* +** Implementation of the sha1(X) function. +** +** Return a lower-case hexadecimal rendering of the SHA1 hash of the +** argument X. If X is a BLOB, it is hashed as is. For all other +** types of input, X is converted into a UTF-8 string and the string +** is hash without the trailing 0x00 terminator. The hash of a NULL +** value is NULL. +*/ +static void sha1Func( + sqlite3_context *context, + __attribute__((unused)) int argc, + sqlite3_value **argv +){ + SHA1Context cx; + int eType = sqlite3_value_type(argv[0]); + int nByte = sqlite3_value_bytes(argv[0]); + char zOut[44]; + + assert( argc==1 ); + if( eType==SQLITE_NULL ) return; + hash_init(&cx); + if( eType==SQLITE_BLOB ){ + hash_step(&cx, sqlite3_value_blob(argv[0]), nByte); + }else{ + hash_step(&cx, sqlite3_value_text(argv[0]), nByte); + } + hash_finish(&cx, zOut); + sqlite3_result_text(context, zOut, 40, SQLITE_TRANSIENT); +} + +/* +** Implementation of the sha1_query(SQL) function. +** +** This function compiles and runs the SQL statement(s) given in the +** argument. The results are hashed using SHA1 and that hash is returned. +** +** The original SQL text is included as part of the hash. +** +** The hash is not just a concatenation of the outputs. Each query +** is delimited and each row and value within the query is delimited, +** with all values being marked with their datatypes. +*/ +static void sha1QueryFunc( + sqlite3_context *context, + __attribute__((unused)) int argc, + sqlite3_value **argv +){ + sqlite3 *db = sqlite3_context_db_handle(context); + const char *zSql = (const char*)sqlite3_value_text(argv[0]); + sqlite3_stmt *pStmt = 0; + int nCol; /* Number of columns in the result set */ + int i; /* Loop counter */ + int rc; + int n; + const char *z; + SHA1Context cx; + char zOut[44]; + + assert( argc==1 ); + if( zSql==0 ) return; + hash_init(&cx); + while( zSql[0] ){ + rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zSql); + if( rc ){ + char *zMsg = sqlite3_mprintf("error SQL statement [%s]: %s", + zSql, sqlite3_errmsg(db)); + sqlite3_finalize(pStmt); + sqlite3_result_error(context, zMsg, -1); + sqlite3_free(zMsg); + return; + } + if( !sqlite3_stmt_readonly(pStmt) ){ + char *zMsg = sqlite3_mprintf("non-query: [%s]", sqlite3_sql(pStmt)); + sqlite3_finalize(pStmt); + sqlite3_result_error(context, zMsg, -1); + sqlite3_free(zMsg); + return; + } + nCol = sqlite3_column_count(pStmt); + z = sqlite3_sql(pStmt); + n = (int)strlen(z); + hash_step_vformat(&cx,"S%d:",n); + hash_step(&cx,(unsigned char*)z,n); + + /* Compute a hash over the result of the query */ + while( SQLITE_ROW==sqlite3_step(pStmt) ){ + hash_step(&cx,(const unsigned char*)"R",1); + for(i=0; i=1; j--){ + x[j] = u & 0xff; + u >>= 8; + } + x[0] = 'I'; + hash_step(&cx, x, 9); + break; + } + case SQLITE_FLOAT: { + sqlite3_uint64 u; + int j; + unsigned char x[9]; + double r = sqlite3_column_double(pStmt,i); + memcpy(&u, &r, 8); + for(j=8; j>=1; j--){ + x[j] = u & 0xff; + u >>= 8; + } + x[0] = 'F'; + hash_step(&cx,x,9); + break; + } + case SQLITE_TEXT: { + int n2 = sqlite3_column_bytes(pStmt, i); + const unsigned char *z2 = sqlite3_column_text(pStmt, i); + hash_step_vformat(&cx,"T%d:",n2); + hash_step(&cx, z2, n2); + break; + } + case SQLITE_BLOB: { + int n2 = sqlite3_column_bytes(pStmt, i); + const unsigned char *z2 = sqlite3_column_blob(pStmt, i); + hash_step_vformat(&cx,"B%d:",n2); + hash_step(&cx, z2, n2); + break; + } + } + } + } + sqlite3_finalize(pStmt); + } + hash_finish(&cx, zOut); + sqlite3_result_text(context, zOut, 40, SQLITE_TRANSIENT); +} + + +#ifdef _WIN32 +__declspec(dllexport) +#endif +int sqlite3_sha_init( + sqlite3 *db, + char **pzErrMsg, + const sqlite3_api_routines *pApi +){ + int rc = SQLITE_OK; + SQLITE_EXTENSION_INIT2(pApi); + (void)pzErrMsg; /* Unused parameter */ + rc = sqlite3_create_function(db, "sha1", 1, + SQLITE_UTF8 | SQLITE_INNOCUOUS | SQLITE_DETERMINISTIC, + 0, sha1Func, 0, 0); + if( rc==SQLITE_OK ){ + rc = sqlite3_create_function(db, "sha1_query", 1, + SQLITE_UTF8|SQLITE_DIRECTONLY, 0, + sha1QueryFunc, 0, 0); + } + return rc; +} + +int sqlite3_extension_init(sqlite3 *db, char **err, const sqlite3_api_routines *api) +{ + return sqlite3_sha_init(db, err, api); +} diff --git a/src/common/smack-labels.cpp b/src/common/smack-labels.cpp index d3b0e92..634f01a 100644 --- a/src/common/smack-labels.cpp +++ b/src/common/smack-labels.cpp @@ -140,7 +140,7 @@ void setupPath( const std::string &pkgName, const std::string &path, app_install_path_type pathType, - const int authorId) + const std::string &authorHash) { std::string label; bool label_executables, label_transmute, follow_symlink = false; @@ -168,9 +168,9 @@ void setupPath( follow_symlink = true; break; case SECURITY_MANAGER_PATH_TRUSTED_RW: - if (authorId < 0) + if (authorHash.empty()) ThrowMsg(SmackException::InvalidParam, "You must define author to use PATH_TRUSED_RW"); - label = generatePathTrustedLabel(authorId); + label = generatePathTrustedLabel(authorHash); label_executables = false; label_transmute = true; break; @@ -308,14 +308,14 @@ Smack::Label getSmackLabelFromPid(pid_t pid) return getSmackLabel(&smack_new_label_from_process, pid); } -Smack::Label generatePathTrustedLabel(const int authorId) +Smack::Label generatePathTrustedLabel(const std::string &authorHash) { - if (authorId < 0) { + if (authorHash.empty()) { LogError("Author was not set. It's not possible to generate label for unknown author."); - ThrowMsg(SmackException::InvalidLabel, "Could not generate valid label without authorId"); + ThrowMsg(SmackException::InvalidLabel, "Could not generate valid label without author"); } - return "User::Author::" + std::to_string(authorId); + return "User::Author::" + authorHash; } void setSmackLabelForFd(int fd, const Smack::Label &label) diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp index dd3089e..733e5e9 100644 --- a/src/common/smack-rules.cpp +++ b/src/common/smack-rules.cpp @@ -91,7 +91,7 @@ void SmackRules::addFromTemplate( TemplateManager::Type type, const Smack::Label &appProcessLabel, const std::string &pkgName, - const int authorId) + const std::string &authorHash) { Smack::Label pathRWLabel, pathROLabel; Smack::Label pathTrustedLabel; @@ -101,8 +101,8 @@ void SmackRules::addFromTemplate( pathROLabel = SmackLabels::generatePathROLabel(pkgName); } - if (authorId >= 0) - pathTrustedLabel = SmackLabels::generatePathTrustedLabel(authorId); + if (!authorHash.empty()) + pathTrustedLabel = SmackLabels::generatePathTrustedLabel(authorHash); Smack::TemplateRules templateRules = m_templateMgr.getRules(type); @@ -126,7 +126,7 @@ void SmackRules::addFromPrivTemplate( const Smack::Label &appProcessLabel, const Smack::Label &privilegeLabel, const std::string &pkgName, - int authorId) + const std::string &authorHash) { std::string pathRWLabel, pathROLabel; std::string pathTrustedLabel; @@ -136,8 +136,8 @@ void SmackRules::addFromPrivTemplate( pathROLabel = SmackLabels::generatePathROLabel(pkgName); } - if (authorId >= 0) - pathTrustedLabel = SmackLabels::generatePathTrustedLabel(authorId); + if (!authorHash.empty()) + pathTrustedLabel = SmackLabels::generatePathTrustedLabel(authorHash); Smack::TemplateRules templateRules = m_templateMgr.getRules(type, privilege); for (auto rule : templateRules) { @@ -184,10 +184,10 @@ void SmackRules::useTemplate( TemplateManager::Type type, const Smack::Label &appProcessLabel, const std::string &pkgName, - const int authorId) + const std::string &authorHash) { SmackAccesses smackRules; - addFromTemplate(smackRules, type, appProcessLabel, pkgName, authorId); + addFromTemplate(smackRules, type, appProcessLabel, pkgName, authorHash); if (smack_check()) smackRules.apply(); @@ -196,13 +196,13 @@ void SmackRules::useTemplate( void SmackRules::installApplicationRules( const Smack::Label &appProcessLabel, const std::string &pkgName, - const int authorId, + const std::string &authorHash, const Smack::Labels &pkgLabels) { - useTemplate(TemplateManager::Type::APP_RULES_TEMPLATE, appProcessLabel, pkgName, authorId); + useTemplate(TemplateManager::Type::APP_RULES_TEMPLATE, appProcessLabel, pkgName, authorHash); - if (authorId >= 0) - useTemplate(TemplateManager::Type::AUTHOR_RULES_TEMPLATE, appProcessLabel, pkgName, authorId); + if (!authorHash.empty()) + useTemplate(TemplateManager::Type::AUTHOR_RULES_TEMPLATE, appProcessLabel, pkgName, authorHash); updatePackageRules(pkgName, pkgLabels); } @@ -217,7 +217,7 @@ void SmackRules::addPrivilegesRules( SmackAccesses &rules, const Smack::Label &appProcessLabel, const std::string &pkgName, - int authorId, + const std::string &authorHash, const std::vector &privileges) { for (auto &privilege : privileges) { @@ -225,14 +225,14 @@ void SmackRules::addPrivilegesRules( if (privLabel.empty()) continue; addFromPrivTemplate(rules, TemplateManager::Type::PRIV_RULES_TEMPLATE, privilege, - appProcessLabel, privLabel, pkgName, authorId); + appProcessLabel, privLabel, pkgName, authorHash); } } void SmackRules::enablePrivilegeRules( const Smack::Label &appProcessLabel, const std::string &pkgName, - int authorId, + const std::string &authorHash, const std::vector &privileges) { if (privileges.empty()) { @@ -243,7 +243,7 @@ void SmackRules::enablePrivilegeRules( LogDebug("Enabling privilege rules for " << appProcessLabel); SmackAccesses smackRules; - addPrivilegesRules(smackRules, appProcessLabel, pkgName, authorId, privileges); + addPrivilegesRules(smackRules, appProcessLabel, pkgName, authorHash, privileges); if (smack_check()) smackRules.apply(); @@ -252,16 +252,16 @@ void SmackRules::enablePrivilegeRules( void SmackRules::disableAllPrivilegeRules( const Smack::Label &appProcessLabel, const std::string &pkgName, - int authorId) + const std::string &authorHash) { LogDebug("Disabling all privilege rules for " << appProcessLabel); - disablePrivilegeRules(appProcessLabel, pkgName, authorId, m_templateMgr.getAllMappedPrivs()); + disablePrivilegeRules(appProcessLabel, pkgName, authorHash, m_templateMgr.getAllMappedPrivs()); } void SmackRules::disablePrivilegeRules( const Smack::Label &appProcessLabel, const std::string &pkgName, - int authorId, + const std::string &authorHash, const std::vector &privileges) { if (privileges.empty()) { @@ -272,7 +272,7 @@ void SmackRules::disablePrivilegeRules( LogDebug("Disabling privilege rules for " << appProcessLabel); SmackAccesses smackRules; - addPrivilegesRules(smackRules, appProcessLabel, pkgName, authorId, privileges); + addPrivilegesRules(smackRules, appProcessLabel, pkgName, authorHash, privileges); if (smack_check()) smackRules.clear(); @@ -287,7 +287,7 @@ void SmackRules::updatePackageRules( TemplateManager::Type::PKG_RULES_TEMPLATE, std::string(), pkgName, - -1); + std::string()); generatePackageCrossDeps(smackRules, pkgLabels); @@ -300,7 +300,7 @@ void SmackRules::uninstallPackageRules(const std::string &pkgName, { SmackAccesses smackRules; addFromTemplate(smackRules, TemplateManager::Type::PKG_RULES_TEMPLATE, - std::string(), pkgName, -1); + std::string(), pkgName, std::string()); generatePackageCrossDeps(smackRules, pkgLabels); smackRules.clear(); } @@ -308,22 +308,22 @@ void SmackRules::uninstallPackageRules(const std::string &pkgName, void SmackRules::uninstallApplicationRules( const Smack::Label &appLabel, const std::string &pkgName, - const int authorId) + const std::string &authorHash) { SmackAccesses smackRules; addFromTemplate(smackRules, TemplateManager::Type::APP_RULES_TEMPLATE, - appLabel, pkgName, authorId); + appLabel, pkgName, authorHash); if (isPrivilegeMappingEnabled()) - addPrivilegesRules(smackRules, appLabel, pkgName, authorId, m_templateMgr.getAllMappedPrivs()); + addPrivilegesRules(smackRules, appLabel, pkgName, authorHash, m_templateMgr.getAllMappedPrivs()); smackRules.clear(); SmackLabels::revokeSubject(appLabel); } -void SmackRules::uninstallAuthorRules(const int authorId) +void SmackRules::uninstallAuthorRules(const std::string &authorHash) { SmackAccesses smackRules; addFromTemplate(smackRules, TemplateManager::Type::AUTHOR_RULES_TEMPLATE, - std::string(), std::string(), authorId); + std::string(), std::string(), authorHash); smackRules.clear(); } diff --git a/src/server/rules-loader/security-manager-rules-loader.cpp b/src/server/rules-loader/security-manager-rules-loader.cpp index e8e7904..1eeef96 100644 --- a/src/server/rules-loader/security-manager-rules-loader.cpp +++ b/src/server/rules-loader/security-manager-rules-loader.cpp @@ -110,6 +110,8 @@ static_assert(SMACK_LABEL_LEN <= 255U, constexpr int MAX_PKG_NAME_LEN = SMACK_LABEL_LEN - (sizeof "User::Pkg::" - 1); +constexpr int AUTHOR_HASH_LEN = 16; + // string view (O(1) memory pointer to a string with no trailing \0) // // Views are used to avoid data copying and foster memory locality. @@ -409,11 +411,11 @@ private: PageTape pkgsInfo{3}; -// package information is retrieved via "SELECT name, is_hybrid, author_id, pkg_id FROM pkg ORDER BY pkg_id" +// package information is retrieved via "SELECT pkg.name, pkg.is_hybrid, author.hash, pkg.pkg_id FROM pkg LEFT JOIN author ON pkg.author_id = author.author_id ORDER by pkg.pkg_id" // the result is scanned row by row and serialize into the pkgsInfo tape as follows: -// uint8_t flags = PkgFlag::hybrid * bool(is_hybrid) + PkgFlag::selected * bool(selected) + PkgFlag::authorLen * strlen(to_string(author_id)) -// if author_id not null -// char[strlen(to_string(author_id))] to_string(author_id) // no length (stored already in flags) nor trailing \0 +// uint8_t flags = PkgFlag::hybrid * bool(is_hybrid) + PkgFlag::selected * bool(selected) + PkgFlag::haveAuthor * bool(author.hash) +// if author.hash not null +// char[AUTHOR_HASH_LEN] author_hash // no length nor trailing \0 // uint8_t strlen(name) // char[strlen(name)] name // no trailing \0 // if is_hybrid @@ -423,14 +425,11 @@ PageTape pkgsInfo{3}; enum PkgFlag : uint8_t { hybrid = 1, selected = 2, - authorLen = 4, + haveAuthor = 4, }; // when gathering package information: author identifier dictionary; each entry stored as: -// sqlite3_int64 author_id -// uint8_t strlen(to_string(author_id)) -// char[strlen(to_string(author_id))] to_string(author_id) // no trailing \0 -// // align up to alignof(sqlite3_int64) for the next entry +// char[AUTHOR_HASH_LEN] author_hash // no trailing \0 // // when writing package rules: process label suffixes for the current package // non-hybrid: @@ -446,7 +445,6 @@ PageTape pkgLabels{1}; // length changes depending on the context StrView pl{pkgL.str, 0}; -// stringification of author_id // ("User::Author::" + pathTrusted) corresponds to the ~PATH_TRUSTED~ rule template variable StrView pathTrusted; @@ -455,10 +453,6 @@ StrView pathTrusted; // used when writing app-to-app rules within the same package StrView pkgLApp{pkgL.str, 0}; -// temporary buffer for decimal author_id stringification (not \0-terminated) -char authorBuf[std::numeric_limits::digits10 + 1]; -static_assert(sizeof authorBuf <= 256 / PkgFlag::authorLen, "author string length does not fit in package flag byte"); - // fallback database path if not null char const *cachedFallbackPath; char const *getFallbackPath() { @@ -650,6 +644,11 @@ bool dbUp(CheckFallback checkFallback) { return false; } + if (unlikely(SQLITE_OK != sqlite3_enable_load_extension(db, 1))) { + toStderr("not authorized to load extension"); + return false; + } + // good for robustness in the face of unlikely poweroffs, must be turned on per connection if (unlikely(!dbExec("PRAGMA synchronous=EXTRA"))) { toStderr("pragma synchronous failed"); @@ -746,7 +745,7 @@ bool dbUp(CheckFallback checkFallback) { // results of both queries can then be processed in sorted order to achieve a linear complexity join // package metadata query sorted by pkg_id - if (unlikely(!(pkgq = prep("SELECT name, is_hybrid, author_id, pkg_id FROM pkg ORDER BY pkg_id")))) { + if (unlikely(!(pkgq = prep("SELECT pkg.name, pkg.is_hybrid, author.hash, pkg.pkg_id FROM pkg LEFT JOIN author ON pkg.author_id = author.author_id ORDER by pkg.pkg_id")))) { toStderr("package metadata query preparation failed"); return false; } @@ -775,47 +774,34 @@ inl void readPkgsInfoAndEmitAuthors(char *selectedPkgs[]) { // start constructing pkgFlags const bool hybrid = sqlite3_column_int(pkgq, 1); - const bool haveAuthor = SQLITE_INTEGER == sqlite3_column_type(pkgq, 2); size_t pkgFlags = hybrid * PkgFlag::hybrid; - // the package has an author - retrieve its stringification and emit author-only rules + // make pathTrusted point to the author_hash + pathTrusted.str = colStr(pkgq, 2); + pathTrusted.size = AUTHOR_HASH_LEN; + const bool haveAuthor = pathTrusted.str; + + // the package has an author, emit author-only rules // - // author_id stringification is expensive, particularly because author_id is an sqlite_int64 even on 32-bit platforms - // author-only rules should also be emitted just once for a particular author_id to avoid duplication and its runtime impact + // author-only rules should be emitted just once for a particular author to avoid duplication and its runtime impact // // since the expected number of authors is small (say < 200 or so) and typically extremely small (< 50), - // pkgLabels is used as a linear dictionary holding (authorId, to_string(authorId)) tuples - // every distinct authorId is stringified exactly once + // pkgLabels is used as a linear dictionary holding author_hash'es if (haveAuthor) { - const auto authorId = sqlite3_column_int64(pkgq, 2); - - // search for authorId in the linear dictionary + // search for author in the linear dictionary bool found = false; auto auit = pkgLabels.start(); while (auit) { - const auto id = auit.get(); - // string view into a stringification already in the tape - pathTrusted = auit(auit()); - if (authorId == id) { + char* hash = reinterpret_cast(auit.ptr); + auit += AUTHOR_HASH_LEN; + if (memcmp(pathTrusted.str, hash, AUTHOR_HASH_LEN) == 0) { found = true; break; } - auit.align(alignof(decltype(authorId))); } // not found - add to dictionary if (unlikely(!found)) { - // stringify into authorBuf right-to-left - size_t len = 0; - typename std::make_unsigned::type>::type n = authorId; - do { - authorBuf[sizeof authorBuf - 1 - len++] = '0' + n % 10U; - } while (n /= 10U); - - // make pathTrusted point to the stringification - pathTrusted.str = authorBuf + (sizeof authorBuf - len); - pathTrusted.size = len; - // emit author rules now that pathTrusted denotes a newly discovered author // rules contain author as the sole variable, ex. "User ~PATH_TRUSTED~ rwxat" // @@ -823,16 +809,13 @@ inl void readPkgsInfoAndEmitAuthors(char *selectedPkgs[]) { if (likely(systemRules)) rulesAuthor(); - // append the (authorId,pathTrusted) tuple to the linear dictionary - pkgLabels.reserve(2 * sizeof authorId + sizeof authorBuf); - pkgLabels += authorId; - pkgLabels += uint8_t(len); + // append pathTrusted to the linear dictionary + pkgLabels.reserve(AUTHOR_HASH_LEN); pkgLabels += pathTrusted; - pkgLabels.align(alignof(decltype(authorId))); } - // add authorId stringification length to pkgFlags - pkgFlags += pathTrusted.size * PkgFlag::authorLen; + // add haveAuthor flag to pkgFlags + pkgFlags += haveAuthor * PkgFlag::haveAuthor; } // select all packages if allRules flag is enabled @@ -855,8 +838,8 @@ inl void readPkgsInfoAndEmitAuthors(char *selectedPkgs[]) { // add selected flag to pkgFlags pkgFlags += selected * PkgFlag::selected; - // more precise calculations would be wasteful because padding and author len - pkgsInfo.reserve(1 + sizeof authorBuf + 1 + SMACK_LABEL_LEN + alignof(sqlite3_int64) - 1 + sizeof(sqlite3_int64)); + // more precise calculations would be wasteful because padding + pkgsInfo.reserve(1 + AUTHOR_HASH_LEN + 1 + SMACK_LABEL_LEN + alignof(sqlite3_int64) - 1 + sizeof(sqlite3_int64)); // add package info to the pkgsInfo tape pkgsInfo += uint8_t(pkgFlags); @@ -883,11 +866,11 @@ inl void emitPkgLabelRules() { const size_t pkgFlags = pkit(); const bool hybrid = pkgFlags & PkgFlag::hybrid; const bool selected = pkgFlags & PkgFlag::selected; - const auto authorLen = pkgFlags / PkgFlag::authorLen; - if (authorLen) { + const bool haveAuthor = pkgFlags & PkgFlag::haveAuthor; + if (haveAuthor) { pathTrusted.str = reinterpret_cast(pkit.ptr); - pathTrusted.size = authorLen; - pkit += authorLen; + pathTrusted.size = AUTHOR_HASH_LEN; + pkit += AUTHOR_HASH_LEN; } // put pkg.name right after "User::Pkg::" in pkgL so that pkgL = "User::Pkg::" + pkg.name @@ -984,7 +967,7 @@ inl void emitPkgLabelRules() { // // "~PROCESS~ " == pl // ~PATH_TRUSTED~ == "User::Author::" + pathTrusted - if (likely(authorLen)) rulesPkgLabelAuthor(); + if (likely(haveAuthor)) rulesPkgLabelAuthor(); // application-to-different-application rules within the package size_t obj = 0; diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index cf974b1..fef4bb3 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -30,6 +30,7 @@ PKG_CHECK_MODULES(COMMON_DEP REQUIRED security-privilege-manager mount libcap + openssl1.1 ) FIND_PACKAGE(Threads REQUIRED) diff --git a/test/data/.security-manager-test-rules-default-exclude.txt b/test/data/.security-manager-test-rules-default-exclude.txt index d7280aa..0e6a74e 100644 --- a/test/data/.security-manager-test-rules-default-exclude.txt +++ b/test/data/.security-manager-test-rules-default-exclude.txt @@ -1,4 +1,6 @@ -System User::Author::1 rwxat +System User::Author::0fdfb83545aabc1f rwxat +System User::Author::42a5f0d50138e7f3 rwxat +System User::Author::b1c7dc06f99e70d0 rwxat System User::Pkg::attach-panel-camera rwxat System User::Pkg::attach-panel-camera::RO rwxat System User::Pkg::attach-panel-document rwxat @@ -181,6 +183,10 @@ System User::Pkg::pkg100::App::acc100 rwxat System User::Pkg::pkg100::App::add100 rwxat System User::Pkg::pkg100::App::app100 rwxat System User::Pkg::pkg100::RO rwxat +System User::Pkg::pkg101 rwxat +System User::Pkg::pkg101::RO rwxat +System User::Pkg::pkg102 rwxat +System User::Pkg::pkg102::RO rwxat System User::Pkg::pkg10::App::abb10 rwxat System User::Pkg::pkg10::App::acc10 rwxat System User::Pkg::pkg10::App::add10 rwxat @@ -787,7 +793,9 @@ System User::Pkg::ug-setting-wifidirect-efl rwxat System User::Pkg::ug-setting-wifidirect-efl::RO rwxat System User::Pkg::wifi-efl-ug rwxat System User::Pkg::wifi-efl-ug::RO rwxat -System::Privileged User::Author::1 rwxat +System::Privileged User::Author::0fdfb83545aabc1f rwxat +System::Privileged User::Author::42a5f0d50138e7f3 rwxat +System::Privileged User::Author::b1c7dc06f99e70d0 rwxat System::Privileged User::Pkg::attach-panel-camera rwxat System::Privileged User::Pkg::attach-panel-camera::RO rwxat System::Privileged User::Pkg::attach-panel-document rwxat @@ -970,6 +978,10 @@ System::Privileged User::Pkg::pkg100::App::acc100 rwxat System::Privileged User::Pkg::pkg100::App::add100 rwxat System::Privileged User::Pkg::pkg100::App::app100 rwxat System::Privileged User::Pkg::pkg100::RO rwxat +System::Privileged User::Pkg::pkg101 rwxat +System::Privileged User::Pkg::pkg101::RO rwxat +System::Privileged User::Pkg::pkg102 rwxat +System::Privileged User::Pkg::pkg102::RO rwxat System::Privileged User::Pkg::pkg10::App::abb10 rwxat System::Privileged User::Pkg::pkg10::App::acc10 rwxat System::Privileged User::Pkg::pkg10::App::add10 rwxat @@ -1576,7 +1588,9 @@ System::Privileged User::Pkg::ug-setting-wifidirect-efl rwxat System::Privileged User::Pkg::ug-setting-wifidirect-efl::RO rwxat System::Privileged User::Pkg::wifi-efl-ug rwxat System::Privileged User::Pkg::wifi-efl-ug::RO rwxat -User User::Author::1 rwxat +User User::Author::0fdfb83545aabc1f rwxat +User User::Author::42a5f0d50138e7f3 rwxat +User User::Author::b1c7dc06f99e70d0 rwxat User User::Pkg::attach-panel-camera rwxat User User::Pkg::attach-panel-camera::RO rwxat User User::Pkg::attach-panel-document rwxat @@ -1759,6 +1773,10 @@ User User::Pkg::pkg100::App::acc100 rwxat User User::Pkg::pkg100::App::add100 rwxat User User::Pkg::pkg100::App::app100 rwxat User User::Pkg::pkg100::RO rwxat +User User::Pkg::pkg101 rwxat +User User::Pkg::pkg101::RO rwxat +User User::Pkg::pkg102 rwxat +User User::Pkg::pkg102::RO rwxat User User::Pkg::pkg10::App::abb10 rwxat User User::Pkg::pkg10::App::acc10 rwxat User User::Pkg::pkg10::App::add10 rwxat @@ -2471,7 +2489,7 @@ User::Pkg::org.tizen.app-selector System::Run rwxat User::Pkg::org.tizen.app-selector System::Shared rxl User::Pkg::org.tizen.app-selector User wx User::Pkg::org.tizen.app-selector User::App::Shared rwxat -User::Pkg::org.tizen.app-selector User::Author::1 rwxat +User::Pkg::org.tizen.app-selector User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.app-selector User::Home rxl User::Pkg::org.tizen.app-selector User::Pkg::org.tizen.app-selector rwxat User::Pkg::org.tizen.app-selector User::Pkg::org.tizen.app-selector::RO rxl @@ -2483,7 +2501,7 @@ User::Pkg::org.tizen.bluetooth-share-ui System::Run rwxat User::Pkg::org.tizen.bluetooth-share-ui System::Shared rxl User::Pkg::org.tizen.bluetooth-share-ui User wx User::Pkg::org.tizen.bluetooth-share-ui User::App::Shared rwxat -User::Pkg::org.tizen.bluetooth-share-ui User::Author::1 rwxat +User::Pkg::org.tizen.bluetooth-share-ui User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.bluetooth-share-ui User::Home rxl User::Pkg::org.tizen.bluetooth-share-ui User::Pkg::org.tizen.bluetooth-share-ui rwxat User::Pkg::org.tizen.bluetooth-share-ui User::Pkg::org.tizen.bluetooth-share-ui::RO rxl @@ -2517,7 +2535,7 @@ User::Pkg::org.tizen.calendar System::Run rwxat User::Pkg::org.tizen.calendar System::Shared rxl User::Pkg::org.tizen.calendar User wx User::Pkg::org.tizen.calendar User::App::Shared rwxat -User::Pkg::org.tizen.calendar User::Author::1 rwxat +User::Pkg::org.tizen.calendar User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.calendar User::Home rxl User::Pkg::org.tizen.calendar User::Pkg::org.tizen.calendar rwxat User::Pkg::org.tizen.calendar User::Pkg::org.tizen.calendar::RO rxl @@ -2529,7 +2547,7 @@ User::Pkg::org.tizen.call-setting System::Run rwxat User::Pkg::org.tizen.call-setting System::Shared rxl User::Pkg::org.tizen.call-setting User wx User::Pkg::org.tizen.call-setting User::App::Shared rwxat -User::Pkg::org.tizen.call-setting User::Author::1 rwxat +User::Pkg::org.tizen.call-setting User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.call-setting User::Home rxl User::Pkg::org.tizen.call-setting User::Pkg::org.tizen.call-setting rwxat User::Pkg::org.tizen.call-setting User::Pkg::org.tizen.call-setting::RO rxl @@ -2541,7 +2559,7 @@ User::Pkg::org.tizen.call-ui System::Run rwxat User::Pkg::org.tizen.call-ui System::Shared rxl User::Pkg::org.tizen.call-ui User wx User::Pkg::org.tizen.call-ui User::App::Shared rwxat -User::Pkg::org.tizen.call-ui User::Author::1 rwxat +User::Pkg::org.tizen.call-ui User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.call-ui User::Home rxl User::Pkg::org.tizen.call-ui User::Pkg::org.tizen.call-ui rwxat User::Pkg::org.tizen.call-ui User::Pkg::org.tizen.call-ui::RO rxl @@ -2564,7 +2582,7 @@ User::Pkg::org.tizen.camera-app System::Run rwxat User::Pkg::org.tizen.camera-app System::Shared rxl User::Pkg::org.tizen.camera-app User wx User::Pkg::org.tizen.camera-app User::App::Shared rwxat -User::Pkg::org.tizen.camera-app User::Author::1 rwxat +User::Pkg::org.tizen.camera-app User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.camera-app User::Home rxl User::Pkg::org.tizen.camera-app User::Pkg::org.tizen.camera-app rwxat User::Pkg::org.tizen.camera-app User::Pkg::org.tizen.camera-app::RO rxl @@ -2587,7 +2605,7 @@ User::Pkg::org.tizen.clock System::Run rwxat User::Pkg::org.tizen.clock System::Shared rxl User::Pkg::org.tizen.clock User wx User::Pkg::org.tizen.clock User::App::Shared rwxat -User::Pkg::org.tizen.clock User::Author::1 rwxat +User::Pkg::org.tizen.clock User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.clock User::Home rxl User::Pkg::org.tizen.clock User::Pkg::org.tizen.clock rwxat User::Pkg::org.tizen.clock User::Pkg::org.tizen.clock::RO rxl @@ -2599,7 +2617,7 @@ User::Pkg::org.tizen.contacts System::Run rwxat User::Pkg::org.tizen.contacts System::Shared rxl User::Pkg::org.tizen.contacts User wx User::Pkg::org.tizen.contacts User::App::Shared rwxat -User::Pkg::org.tizen.contacts User::Author::1 rwxat +User::Pkg::org.tizen.contacts User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.contacts User::Home rxl User::Pkg::org.tizen.contacts User::Pkg::org.tizen.contacts rwxat User::Pkg::org.tizen.contacts User::Pkg::org.tizen.contacts::RO rxl @@ -2622,7 +2640,7 @@ User::Pkg::org.tizen.download-manager System::Run rwxat User::Pkg::org.tizen.download-manager System::Shared rxl User::Pkg::org.tizen.download-manager User wx User::Pkg::org.tizen.download-manager User::App::Shared rwxat -User::Pkg::org.tizen.download-manager User::Author::1 rwxat +User::Pkg::org.tizen.download-manager User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.download-manager User::Home rxl User::Pkg::org.tizen.download-manager User::Pkg::org.tizen.download-manager rwxat User::Pkg::org.tizen.download-manager User::Pkg::org.tizen.download-manager::RO rxl @@ -2645,7 +2663,7 @@ User::Pkg::org.tizen.email System::Run rwxat User::Pkg::org.tizen.email System::Shared rxl User::Pkg::org.tizen.email User wx User::Pkg::org.tizen.email User::App::Shared rwxat -User::Pkg::org.tizen.email User::Author::1 rwxat +User::Pkg::org.tizen.email User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.email User::Home rxl User::Pkg::org.tizen.email User::Pkg::org.tizen.email rwxat User::Pkg::org.tizen.email User::Pkg::org.tizen.email::RO rxl @@ -2701,7 +2719,7 @@ User::Pkg::org.tizen.homescreen-efl System::Run rwxat User::Pkg::org.tizen.homescreen-efl System::Shared rxl User::Pkg::org.tizen.homescreen-efl User wx User::Pkg::org.tizen.homescreen-efl User::App::Shared rwxat -User::Pkg::org.tizen.homescreen-efl User::Author::1 rwxat +User::Pkg::org.tizen.homescreen-efl User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.homescreen-efl User::Home rxl User::Pkg::org.tizen.homescreen-efl User::Pkg::org.tizen.homescreen-efl rwxat User::Pkg::org.tizen.homescreen-efl User::Pkg::org.tizen.homescreen-efl::RO rxl @@ -2713,7 +2731,7 @@ User::Pkg::org.tizen.image-viewer System::Run rwxat User::Pkg::org.tizen.image-viewer System::Shared rxl User::Pkg::org.tizen.image-viewer User wx User::Pkg::org.tizen.image-viewer User::App::Shared rwxat -User::Pkg::org.tizen.image-viewer User::Author::1 rwxat +User::Pkg::org.tizen.image-viewer User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.image-viewer User::Home rxl User::Pkg::org.tizen.image-viewer User::Pkg::org.tizen.image-viewer rwxat User::Pkg::org.tizen.image-viewer User::Pkg::org.tizen.image-viewer::RO rxl @@ -2725,7 +2743,7 @@ User::Pkg::org.tizen.indicator System::Run rwxat User::Pkg::org.tizen.indicator System::Shared rxl User::Pkg::org.tizen.indicator User wx User::Pkg::org.tizen.indicator User::App::Shared rwxat -User::Pkg::org.tizen.indicator User::Author::1 rwxat +User::Pkg::org.tizen.indicator User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.indicator User::Home rxl User::Pkg::org.tizen.indicator User::Pkg::org.tizen.indicator rwxat User::Pkg::org.tizen.indicator User::Pkg::org.tizen.indicator::RO rxl @@ -2759,7 +2777,7 @@ User::Pkg::org.tizen.installer System::Run rwxat User::Pkg::org.tizen.installer System::Shared rxl User::Pkg::org.tizen.installer User wx User::Pkg::org.tizen.installer User::App::Shared rwxat -User::Pkg::org.tizen.installer User::Author::1 rwxat +User::Pkg::org.tizen.installer User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.installer User::Home rxl User::Pkg::org.tizen.installer User::Pkg::org.tizen.installer rwxat User::Pkg::org.tizen.installer User::Pkg::org.tizen.installer::RO rxl @@ -2815,7 +2833,7 @@ User::Pkg::org.tizen.lockscreen System::Run rwxat User::Pkg::org.tizen.lockscreen System::Shared rxl User::Pkg::org.tizen.lockscreen User wx User::Pkg::org.tizen.lockscreen User::App::Shared rwxat -User::Pkg::org.tizen.lockscreen User::Author::1 rwxat +User::Pkg::org.tizen.lockscreen User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.lockscreen User::Home rxl User::Pkg::org.tizen.lockscreen User::Pkg::org.tizen.lockscreen rwxat User::Pkg::org.tizen.lockscreen User::Pkg::org.tizen.lockscreen::RO rxl @@ -2827,7 +2845,7 @@ User::Pkg::org.tizen.memo System::Run rwxat User::Pkg::org.tizen.memo System::Shared rxl User::Pkg::org.tizen.memo User wx User::Pkg::org.tizen.memo User::App::Shared rwxat -User::Pkg::org.tizen.memo User::Author::1 rwxat +User::Pkg::org.tizen.memo User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.memo User::Home rxl User::Pkg::org.tizen.memo User::Pkg::org.tizen.memo rwxat User::Pkg::org.tizen.memo User::Pkg::org.tizen.memo::RO rxl @@ -2850,7 +2868,7 @@ User::Pkg::org.tizen.message System::Run rwxat User::Pkg::org.tizen.message System::Shared rxl User::Pkg::org.tizen.message User wx User::Pkg::org.tizen.message User::App::Shared rwxat -User::Pkg::org.tizen.message User::Author::1 rwxat +User::Pkg::org.tizen.message User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.message User::Home rxl User::Pkg::org.tizen.message User::Pkg::org.tizen.message rwxat User::Pkg::org.tizen.message User::Pkg::org.tizen.message::RO rxl @@ -2862,7 +2880,7 @@ User::Pkg::org.tizen.msg-manager System::Run rwxat User::Pkg::org.tizen.msg-manager System::Shared rxl User::Pkg::org.tizen.msg-manager User wx User::Pkg::org.tizen.msg-manager User::App::Shared rwxat -User::Pkg::org.tizen.msg-manager User::Author::1 rwxat +User::Pkg::org.tizen.msg-manager User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.msg-manager User::Home rxl User::Pkg::org.tizen.msg-manager User::Pkg::org.tizen.msg-manager rwxat User::Pkg::org.tizen.msg-manager User::Pkg::org.tizen.msg-manager::RO rxl @@ -2874,7 +2892,7 @@ User::Pkg::org.tizen.music-player System::Run rwxat User::Pkg::org.tizen.music-player System::Shared rxl User::Pkg::org.tizen.music-player User wx User::Pkg::org.tizen.music-player User::App::Shared rwxat -User::Pkg::org.tizen.music-player User::Author::1 rwxat +User::Pkg::org.tizen.music-player User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.music-player User::Home rxl User::Pkg::org.tizen.music-player User::Pkg::org.tizen.music-player rwxat User::Pkg::org.tizen.music-player User::Pkg::org.tizen.music-player::RO rxl @@ -2886,7 +2904,7 @@ User::Pkg::org.tizen.myfile System::Run rwxat User::Pkg::org.tizen.myfile System::Shared rxl User::Pkg::org.tizen.myfile User wx User::Pkg::org.tizen.myfile User::App::Shared rwxat -User::Pkg::org.tizen.myfile User::Author::1 rwxat +User::Pkg::org.tizen.myfile User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.myfile User::Home rxl User::Pkg::org.tizen.myfile User::Pkg::org.tizen.myfile rwxat User::Pkg::org.tizen.myfile User::Pkg::org.tizen.myfile::RO rxl @@ -2953,7 +2971,7 @@ User::Pkg::org.tizen.quickpanel System::Run rwxat User::Pkg::org.tizen.quickpanel System::Shared rxl User::Pkg::org.tizen.quickpanel User wx User::Pkg::org.tizen.quickpanel User::App::Shared rwxat -User::Pkg::org.tizen.quickpanel User::Author::1 rwxat +User::Pkg::org.tizen.quickpanel User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.quickpanel User::Home rxl User::Pkg::org.tizen.quickpanel User::Pkg::org.tizen.quickpanel rwxat User::Pkg::org.tizen.quickpanel User::Pkg::org.tizen.quickpanel::RO rxl @@ -2987,7 +3005,7 @@ User::Pkg::org.tizen.setting System::Run rwxat User::Pkg::org.tizen.setting System::Shared rxl User::Pkg::org.tizen.setting User wx User::Pkg::org.tizen.setting User::App::Shared rwxat -User::Pkg::org.tizen.setting User::Author::1 rwxat +User::Pkg::org.tizen.setting User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.setting User::Home rxl User::Pkg::org.tizen.setting User::Pkg::org.tizen.setting rwxat User::Pkg::org.tizen.setting User::Pkg::org.tizen.setting::RO rxl @@ -2999,7 +3017,7 @@ User::Pkg::org.tizen.setting-homescreen System::Run rwxat User::Pkg::org.tizen.setting-homescreen System::Shared rxl User::Pkg::org.tizen.setting-homescreen User wx User::Pkg::org.tizen.setting-homescreen User::App::Shared rwxat -User::Pkg::org.tizen.setting-homescreen User::Author::1 rwxat +User::Pkg::org.tizen.setting-homescreen User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.setting-homescreen User::Home rxl User::Pkg::org.tizen.setting-homescreen User::Pkg::org.tizen.setting-homescreen rwxat User::Pkg::org.tizen.setting-homescreen User::Pkg::org.tizen.setting-homescreen::RO rxl @@ -3011,7 +3029,7 @@ User::Pkg::org.tizen.setting-notification System::Run rwxat User::Pkg::org.tizen.setting-notification System::Shared rxl User::Pkg::org.tizen.setting-notification User wx User::Pkg::org.tizen.setting-notification User::App::Shared rwxat -User::Pkg::org.tizen.setting-notification User::Author::1 rwxat +User::Pkg::org.tizen.setting-notification User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.setting-notification User::Home rxl User::Pkg::org.tizen.setting-notification User::Pkg::org.tizen.setting-notification rwxat User::Pkg::org.tizen.setting-notification User::Pkg::org.tizen.setting-notification::RO rxl @@ -3034,7 +3052,7 @@ User::Pkg::org.tizen.share-panel System::Run rwxat User::Pkg::org.tizen.share-panel System::Shared rxl User::Pkg::org.tizen.share-panel User wx User::Pkg::org.tizen.share-panel User::App::Shared rwxat -User::Pkg::org.tizen.share-panel User::Author::1 rwxat +User::Pkg::org.tizen.share-panel User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.share-panel User::Home rxl User::Pkg::org.tizen.share-panel User::Pkg::org.tizen.share-panel rwxat User::Pkg::org.tizen.share-panel User::Pkg::org.tizen.share-panel::RO rxl @@ -3068,7 +3086,7 @@ User::Pkg::org.tizen.sys-lock System::Run rwxat User::Pkg::org.tizen.sys-lock System::Shared rxl User::Pkg::org.tizen.sys-lock User wx User::Pkg::org.tizen.sys-lock User::App::Shared rwxat -User::Pkg::org.tizen.sys-lock User::Author::1 rwxat +User::Pkg::org.tizen.sys-lock User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.sys-lock User::Home rxl User::Pkg::org.tizen.sys-lock User::Pkg::org.tizen.sys-lock rwxat User::Pkg::org.tizen.sys-lock User::Pkg::org.tizen.sys-lock::RO rxl @@ -3102,7 +3120,7 @@ User::Pkg::org.tizen.task-mgr System::Run rwxat User::Pkg::org.tizen.task-mgr System::Shared rxl User::Pkg::org.tizen.task-mgr User wx User::Pkg::org.tizen.task-mgr User::App::Shared rwxat -User::Pkg::org.tizen.task-mgr User::Author::1 rwxat +User::Pkg::org.tizen.task-mgr User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.task-mgr User::Home rxl User::Pkg::org.tizen.task-mgr User::Pkg::org.tizen.task-mgr rwxat User::Pkg::org.tizen.task-mgr User::Pkg::org.tizen.task-mgr::RO rxl @@ -3136,7 +3154,7 @@ User::Pkg::org.tizen.ug-gallery-efl System::Run rwxat User::Pkg::org.tizen.ug-gallery-efl System::Shared rxl User::Pkg::org.tizen.ug-gallery-efl User wx User::Pkg::org.tizen.ug-gallery-efl User::App::Shared rwxat -User::Pkg::org.tizen.ug-gallery-efl User::Author::1 rwxat +User::Pkg::org.tizen.ug-gallery-efl User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.ug-gallery-efl User::Home rxl User::Pkg::org.tizen.ug-gallery-efl User::Pkg::org.tizen.ug-gallery-efl rwxat User::Pkg::org.tizen.ug-gallery-efl User::Pkg::org.tizen.ug-gallery-efl::RO rxl @@ -3148,7 +3166,7 @@ User::Pkg::org.tizen.ug-lockscreen-options System::Run rwxat User::Pkg::org.tizen.ug-lockscreen-options System::Shared rxl User::Pkg::org.tizen.ug-lockscreen-options User wx User::Pkg::org.tizen.ug-lockscreen-options User::App::Shared rwxat -User::Pkg::org.tizen.ug-lockscreen-options User::Author::1 rwxat +User::Pkg::org.tizen.ug-lockscreen-options User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.ug-lockscreen-options User::Home rxl User::Pkg::org.tizen.ug-lockscreen-options User::Pkg::org.tizen.ug-lockscreen-options rwxat User::Pkg::org.tizen.ug-lockscreen-options User::Pkg::org.tizen.ug-lockscreen-options::RO rxl @@ -3160,7 +3178,7 @@ User::Pkg::org.tizen.ug-myfile-efl System::Run rwxat User::Pkg::org.tizen.ug-myfile-efl System::Shared rxl User::Pkg::org.tizen.ug-myfile-efl User wx User::Pkg::org.tizen.ug-myfile-efl User::App::Shared rwxat -User::Pkg::org.tizen.ug-myfile-efl User::Author::1 rwxat +User::Pkg::org.tizen.ug-myfile-efl User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.ug-myfile-efl User::Home rxl User::Pkg::org.tizen.ug-myfile-efl User::Pkg::org.tizen.ug-myfile-efl rwxat User::Pkg::org.tizen.ug-myfile-efl User::Pkg::org.tizen.ug-myfile-efl::RO rxl @@ -3183,7 +3201,7 @@ User::Pkg::org.tizen.videos System::Run rwxat User::Pkg::org.tizen.videos System::Shared rxl User::Pkg::org.tizen.videos User wx User::Pkg::org.tizen.videos User::App::Shared rwxat -User::Pkg::org.tizen.videos User::Author::1 rwxat +User::Pkg::org.tizen.videos User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.videos User::Home rxl User::Pkg::org.tizen.videos User::Pkg::org.tizen.videos rwxat User::Pkg::org.tizen.videos User::Pkg::org.tizen.videos::RO rxl @@ -3217,7 +3235,7 @@ User::Pkg::org.tizen.volume System::Run rwxat User::Pkg::org.tizen.volume System::Shared rxl User::Pkg::org.tizen.volume User wx User::Pkg::org.tizen.volume User::App::Shared rwxat -User::Pkg::org.tizen.volume User::Author::1 rwxat +User::Pkg::org.tizen.volume User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.volume User::Home rxl User::Pkg::org.tizen.volume User::Pkg::org.tizen.volume rwxat User::Pkg::org.tizen.volume User::Pkg::org.tizen.volume::RO rxl @@ -3229,7 +3247,7 @@ User::Pkg::org.tizen.wallpaper-ui-service System::Run rwxat User::Pkg::org.tizen.wallpaper-ui-service System::Shared rxl User::Pkg::org.tizen.wallpaper-ui-service User wx User::Pkg::org.tizen.wallpaper-ui-service User::App::Shared rwxat -User::Pkg::org.tizen.wallpaper-ui-service User::Author::1 rwxat +User::Pkg::org.tizen.wallpaper-ui-service User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.wallpaper-ui-service User::Home rxl User::Pkg::org.tizen.wallpaper-ui-service User::Pkg::org.tizen.wallpaper-ui-service rwxat User::Pkg::org.tizen.wallpaper-ui-service User::Pkg::org.tizen.wallpaper-ui-service::RO rxl @@ -3252,7 +3270,7 @@ User::Pkg::org.tizen.wifi-direct-popup System::Run rwxat User::Pkg::org.tizen.wifi-direct-popup System::Shared rxl User::Pkg::org.tizen.wifi-direct-popup User wx User::Pkg::org.tizen.wifi-direct-popup User::App::Shared rwxat -User::Pkg::org.tizen.wifi-direct-popup User::Author::1 rwxat +User::Pkg::org.tizen.wifi-direct-popup User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.wifi-direct-popup User::Home rxl User::Pkg::org.tizen.wifi-direct-popup User::Pkg::org.tizen.wifi-direct-popup rwxat User::Pkg::org.tizen.wifi-direct-popup User::Pkg::org.tizen.wifi-direct-popup::RO rxl @@ -3380,6 +3398,30 @@ User::Pkg::pkg100::App::app100 User::Pkg::pkg100::App::acc100 rwxat User::Pkg::pkg100::App::app100 User::Pkg::pkg100::App::add100 rwxat User::Pkg::pkg100::App::app100 User::Pkg::pkg100::RO rxl User::Pkg::pkg100::App::app100 _ l +User::Pkg::pkg101 System wx +User::Pkg::pkg101 System::Log rwxa +User::Pkg::pkg101 System::Privileged wx +User::Pkg::pkg101 System::Run rwxat +User::Pkg::pkg101 System::Shared rxl +User::Pkg::pkg101 User wx +User::Pkg::pkg101 User::App::Shared rwxat +User::Pkg::pkg101 User::Author::0fdfb83545aabc1f rwxat +User::Pkg::pkg101 User::Home rxl +User::Pkg::pkg101 User::Pkg::pkg101 rwxat +User::Pkg::pkg101 User::Pkg::pkg101::RO rxl +User::Pkg::pkg101 _ l +User::Pkg::pkg102 System wx +User::Pkg::pkg102 System::Log rwxa +User::Pkg::pkg102 System::Privileged wx +User::Pkg::pkg102 System::Run rwxat +User::Pkg::pkg102 System::Shared rxl +User::Pkg::pkg102 User wx +User::Pkg::pkg102 User::App::Shared rwxat +User::Pkg::pkg102 User::Author::b1c7dc06f99e70d0 rwxat +User::Pkg::pkg102 User::Home rxl +User::Pkg::pkg102 User::Pkg::pkg102 rwxat +User::Pkg::pkg102 User::Pkg::pkg102::RO rxl +User::Pkg::pkg102 _ l User::Pkg::pkg10::App::abb10 System wx User::Pkg::pkg10::App::abb10 System::Log rwxa User::Pkg::pkg10::App::abb10 System::Privileged wx diff --git a/test/data/.security-manager-test-rules-default-packages.txt b/test/data/.security-manager-test-rules-default-packages.txt index 6dc8d5b..a2718c9 100644 --- a/test/data/.security-manager-test-rules-default-packages.txt +++ b/test/data/.security-manager-test-rules-default-packages.txt @@ -1,4 +1,6 @@ -System User::Author::1 rwxat +System User::Author::0fdfb83545aabc1f rwxat +System User::Author::42a5f0d50138e7f3 rwxat +System User::Author::b1c7dc06f99e70d0 rwxat System User::Pkg::attach-panel-camera rwxat System User::Pkg::attach-panel-camera::RO rwxat System User::Pkg::attach-panel-document rwxat @@ -181,6 +183,10 @@ System User::Pkg::pkg100::App::acc100 rwxat System User::Pkg::pkg100::App::add100 rwxat System User::Pkg::pkg100::App::app100 rwxat System User::Pkg::pkg100::RO rwxat +System User::Pkg::pkg101 rwxat +System User::Pkg::pkg101::RO rwxat +System User::Pkg::pkg102 rwxat +System User::Pkg::pkg102::RO rwxat System User::Pkg::pkg10::App::abb10 rwxat System User::Pkg::pkg10::App::acc10 rwxat System User::Pkg::pkg10::App::add10 rwxat @@ -787,7 +793,9 @@ System User::Pkg::ug-setting-wifidirect-efl rwxat System User::Pkg::ug-setting-wifidirect-efl::RO rwxat System User::Pkg::wifi-efl-ug rwxat System User::Pkg::wifi-efl-ug::RO rwxat -System::Privileged User::Author::1 rwxat +System::Privileged User::Author::0fdfb83545aabc1f rwxat +System::Privileged User::Author::42a5f0d50138e7f3 rwxat +System::Privileged User::Author::b1c7dc06f99e70d0 rwxat System::Privileged User::Pkg::attach-panel-camera rwxat System::Privileged User::Pkg::attach-panel-camera::RO rwxat System::Privileged User::Pkg::attach-panel-document rwxat @@ -970,6 +978,10 @@ System::Privileged User::Pkg::pkg100::App::acc100 rwxat System::Privileged User::Pkg::pkg100::App::add100 rwxat System::Privileged User::Pkg::pkg100::App::app100 rwxat System::Privileged User::Pkg::pkg100::RO rwxat +System::Privileged User::Pkg::pkg101 rwxat +System::Privileged User::Pkg::pkg101::RO rwxat +System::Privileged User::Pkg::pkg102 rwxat +System::Privileged User::Pkg::pkg102::RO rwxat System::Privileged User::Pkg::pkg10::App::abb10 rwxat System::Privileged User::Pkg::pkg10::App::acc10 rwxat System::Privileged User::Pkg::pkg10::App::add10 rwxat @@ -1576,7 +1588,9 @@ System::Privileged User::Pkg::ug-setting-wifidirect-efl rwxat System::Privileged User::Pkg::ug-setting-wifidirect-efl::RO rwxat System::Privileged User::Pkg::wifi-efl-ug rwxat System::Privileged User::Pkg::wifi-efl-ug::RO rwxat -User User::Author::1 rwxat +User User::Author::0fdfb83545aabc1f rwxat +User User::Author::42a5f0d50138e7f3 rwxat +User User::Author::b1c7dc06f99e70d0 rwxat User User::Pkg::attach-panel-camera rwxat User User::Pkg::attach-panel-camera::RO rwxat User User::Pkg::attach-panel-document rwxat @@ -1759,6 +1773,10 @@ User User::Pkg::pkg100::App::acc100 rwxat User User::Pkg::pkg100::App::add100 rwxat User User::Pkg::pkg100::App::app100 rwxat User User::Pkg::pkg100::RO rwxat +User User::Pkg::pkg101 rwxat +User User::Pkg::pkg101::RO rwxat +User User::Pkg::pkg102 rwxat +User User::Pkg::pkg102::RO rwxat User User::Pkg::pkg10::App::abb10 rwxat User User::Pkg::pkg10::App::acc10 rwxat User User::Pkg::pkg10::App::add10 rwxat @@ -2405,7 +2423,7 @@ User::Pkg::org.tizen.gallery System::Run rwxat User::Pkg::org.tizen.gallery System::Shared rxl User::Pkg::org.tizen.gallery User wx User::Pkg::org.tizen.gallery User::App::Shared rwxat -User::Pkg::org.tizen.gallery User::Author::1 rwxat +User::Pkg::org.tizen.gallery User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.gallery User::Home rxl User::Pkg::org.tizen.gallery User::Pkg::org.tizen.gallery rwxat User::Pkg::org.tizen.gallery User::Pkg::org.tizen.gallery::RO rxl diff --git a/test/data/.security-manager-test-rules-default.txt b/test/data/.security-manager-test-rules-default.txt index c2b4c79..63f27e2 100644 --- a/test/data/.security-manager-test-rules-default.txt +++ b/test/data/.security-manager-test-rules-default.txt @@ -1,4 +1,6 @@ -System User::Author::1 rwxat +System User::Author::0fdfb83545aabc1f rwxat +System User::Author::42a5f0d50138e7f3 rwxat +System User::Author::b1c7dc06f99e70d0 rwxat System User::Pkg::attach-panel-camera rwxat System User::Pkg::attach-panel-camera::RO rwxat System User::Pkg::attach-panel-document rwxat @@ -181,6 +183,10 @@ System User::Pkg::pkg100::App::acc100 rwxat System User::Pkg::pkg100::App::add100 rwxat System User::Pkg::pkg100::App::app100 rwxat System User::Pkg::pkg100::RO rwxat +System User::Pkg::pkg101 rwxat +System User::Pkg::pkg101::RO rwxat +System User::Pkg::pkg102 rwxat +System User::Pkg::pkg102::RO rwxat System User::Pkg::pkg10::App::abb10 rwxat System User::Pkg::pkg10::App::acc10 rwxat System User::Pkg::pkg10::App::add10 rwxat @@ -787,7 +793,9 @@ System User::Pkg::ug-setting-wifidirect-efl rwxat System User::Pkg::ug-setting-wifidirect-efl::RO rwxat System User::Pkg::wifi-efl-ug rwxat System User::Pkg::wifi-efl-ug::RO rwxat -System::Privileged User::Author::1 rwxat +System::Privileged User::Author::0fdfb83545aabc1f rwxat +System::Privileged User::Author::42a5f0d50138e7f3 rwxat +System::Privileged User::Author::b1c7dc06f99e70d0 rwxat System::Privileged User::Pkg::attach-panel-camera rwxat System::Privileged User::Pkg::attach-panel-camera::RO rwxat System::Privileged User::Pkg::attach-panel-document rwxat @@ -970,6 +978,10 @@ System::Privileged User::Pkg::pkg100::App::acc100 rwxat System::Privileged User::Pkg::pkg100::App::add100 rwxat System::Privileged User::Pkg::pkg100::App::app100 rwxat System::Privileged User::Pkg::pkg100::RO rwxat +System::Privileged User::Pkg::pkg101 rwxat +System::Privileged User::Pkg::pkg101::RO rwxat +System::Privileged User::Pkg::pkg102 rwxat +System::Privileged User::Pkg::pkg102::RO rwxat System::Privileged User::Pkg::pkg10::App::abb10 rwxat System::Privileged User::Pkg::pkg10::App::acc10 rwxat System::Privileged User::Pkg::pkg10::App::add10 rwxat @@ -1576,7 +1588,9 @@ System::Privileged User::Pkg::ug-setting-wifidirect-efl rwxat System::Privileged User::Pkg::ug-setting-wifidirect-efl::RO rwxat System::Privileged User::Pkg::wifi-efl-ug rwxat System::Privileged User::Pkg::wifi-efl-ug::RO rwxat -User User::Author::1 rwxat +User User::Author::0fdfb83545aabc1f rwxat +User User::Author::42a5f0d50138e7f3 rwxat +User User::Author::b1c7dc06f99e70d0 rwxat User User::Pkg::attach-panel-camera rwxat User User::Pkg::attach-panel-camera::RO rwxat User User::Pkg::attach-panel-document rwxat @@ -1759,6 +1773,10 @@ User User::Pkg::pkg100::App::acc100 rwxat User User::Pkg::pkg100::App::add100 rwxat User User::Pkg::pkg100::App::app100 rwxat User User::Pkg::pkg100::RO rwxat +User User::Pkg::pkg101 rwxat +User User::Pkg::pkg101::RO rwxat +User User::Pkg::pkg102 rwxat +User User::Pkg::pkg102::RO rwxat User User::Pkg::pkg10::App::abb10 rwxat User User::Pkg::pkg10::App::acc10 rwxat User User::Pkg::pkg10::App::add10 rwxat diff --git a/test/data/.security-manager-test-rules-exclude.txt b/test/data/.security-manager-test-rules-exclude.txt index 00fcdea..36d4f40 100644 --- a/test/data/.security-manager-test-rules-exclude.txt +++ b/test/data/.security-manager-test-rules-exclude.txt @@ -104,7 +104,7 @@ User::Pkg::org.tizen.app-selector System::Run rwxat User::Pkg::org.tizen.app-selector System::Shared rxl User::Pkg::org.tizen.app-selector User wx User::Pkg::org.tizen.app-selector User::App::Shared rwxat -User::Pkg::org.tizen.app-selector User::Author::1 rwxat +User::Pkg::org.tizen.app-selector User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.app-selector User::Home rxl User::Pkg::org.tizen.app-selector User::Pkg::org.tizen.app-selector rwxat User::Pkg::org.tizen.app-selector User::Pkg::org.tizen.app-selector::RO rxl @@ -116,7 +116,7 @@ User::Pkg::org.tizen.bluetooth-share-ui System::Run rwxat User::Pkg::org.tizen.bluetooth-share-ui System::Shared rxl User::Pkg::org.tizen.bluetooth-share-ui User wx User::Pkg::org.tizen.bluetooth-share-ui User::App::Shared rwxat -User::Pkg::org.tizen.bluetooth-share-ui User::Author::1 rwxat +User::Pkg::org.tizen.bluetooth-share-ui User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.bluetooth-share-ui User::Home rxl User::Pkg::org.tizen.bluetooth-share-ui User::Pkg::org.tizen.bluetooth-share-ui rwxat User::Pkg::org.tizen.bluetooth-share-ui User::Pkg::org.tizen.bluetooth-share-ui::RO rxl @@ -150,7 +150,7 @@ User::Pkg::org.tizen.calendar System::Run rwxat User::Pkg::org.tizen.calendar System::Shared rxl User::Pkg::org.tizen.calendar User wx User::Pkg::org.tizen.calendar User::App::Shared rwxat -User::Pkg::org.tizen.calendar User::Author::1 rwxat +User::Pkg::org.tizen.calendar User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.calendar User::Home rxl User::Pkg::org.tizen.calendar User::Pkg::org.tizen.calendar rwxat User::Pkg::org.tizen.calendar User::Pkg::org.tizen.calendar::RO rxl @@ -162,7 +162,7 @@ User::Pkg::org.tizen.call-setting System::Run rwxat User::Pkg::org.tizen.call-setting System::Shared rxl User::Pkg::org.tizen.call-setting User wx User::Pkg::org.tizen.call-setting User::App::Shared rwxat -User::Pkg::org.tizen.call-setting User::Author::1 rwxat +User::Pkg::org.tizen.call-setting User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.call-setting User::Home rxl User::Pkg::org.tizen.call-setting User::Pkg::org.tizen.call-setting rwxat User::Pkg::org.tizen.call-setting User::Pkg::org.tizen.call-setting::RO rxl @@ -174,7 +174,7 @@ User::Pkg::org.tizen.call-ui System::Run rwxat User::Pkg::org.tizen.call-ui System::Shared rxl User::Pkg::org.tizen.call-ui User wx User::Pkg::org.tizen.call-ui User::App::Shared rwxat -User::Pkg::org.tizen.call-ui User::Author::1 rwxat +User::Pkg::org.tizen.call-ui User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.call-ui User::Home rxl User::Pkg::org.tizen.call-ui User::Pkg::org.tizen.call-ui rwxat User::Pkg::org.tizen.call-ui User::Pkg::org.tizen.call-ui::RO rxl @@ -197,7 +197,7 @@ User::Pkg::org.tizen.camera-app System::Run rwxat User::Pkg::org.tizen.camera-app System::Shared rxl User::Pkg::org.tizen.camera-app User wx User::Pkg::org.tizen.camera-app User::App::Shared rwxat -User::Pkg::org.tizen.camera-app User::Author::1 rwxat +User::Pkg::org.tizen.camera-app User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.camera-app User::Home rxl User::Pkg::org.tizen.camera-app User::Pkg::org.tizen.camera-app rwxat User::Pkg::org.tizen.camera-app User::Pkg::org.tizen.camera-app::RO rxl @@ -220,7 +220,7 @@ User::Pkg::org.tizen.clock System::Run rwxat User::Pkg::org.tizen.clock System::Shared rxl User::Pkg::org.tizen.clock User wx User::Pkg::org.tizen.clock User::App::Shared rwxat -User::Pkg::org.tizen.clock User::Author::1 rwxat +User::Pkg::org.tizen.clock User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.clock User::Home rxl User::Pkg::org.tizen.clock User::Pkg::org.tizen.clock rwxat User::Pkg::org.tizen.clock User::Pkg::org.tizen.clock::RO rxl @@ -232,7 +232,7 @@ User::Pkg::org.tizen.contacts System::Run rwxat User::Pkg::org.tizen.contacts System::Shared rxl User::Pkg::org.tizen.contacts User wx User::Pkg::org.tizen.contacts User::App::Shared rwxat -User::Pkg::org.tizen.contacts User::Author::1 rwxat +User::Pkg::org.tizen.contacts User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.contacts User::Home rxl User::Pkg::org.tizen.contacts User::Pkg::org.tizen.contacts rwxat User::Pkg::org.tizen.contacts User::Pkg::org.tizen.contacts::RO rxl @@ -255,7 +255,7 @@ User::Pkg::org.tizen.download-manager System::Run rwxat User::Pkg::org.tizen.download-manager System::Shared rxl User::Pkg::org.tizen.download-manager User wx User::Pkg::org.tizen.download-manager User::App::Shared rwxat -User::Pkg::org.tizen.download-manager User::Author::1 rwxat +User::Pkg::org.tizen.download-manager User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.download-manager User::Home rxl User::Pkg::org.tizen.download-manager User::Pkg::org.tizen.download-manager rwxat User::Pkg::org.tizen.download-manager User::Pkg::org.tizen.download-manager::RO rxl @@ -278,7 +278,7 @@ User::Pkg::org.tizen.email System::Run rwxat User::Pkg::org.tizen.email System::Shared rxl User::Pkg::org.tizen.email User wx User::Pkg::org.tizen.email User::App::Shared rwxat -User::Pkg::org.tizen.email User::Author::1 rwxat +User::Pkg::org.tizen.email User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.email User::Home rxl User::Pkg::org.tizen.email User::Pkg::org.tizen.email rwxat User::Pkg::org.tizen.email User::Pkg::org.tizen.email::RO rxl @@ -334,7 +334,7 @@ User::Pkg::org.tizen.homescreen-efl System::Run rwxat User::Pkg::org.tizen.homescreen-efl System::Shared rxl User::Pkg::org.tizen.homescreen-efl User wx User::Pkg::org.tizen.homescreen-efl User::App::Shared rwxat -User::Pkg::org.tizen.homescreen-efl User::Author::1 rwxat +User::Pkg::org.tizen.homescreen-efl User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.homescreen-efl User::Home rxl User::Pkg::org.tizen.homescreen-efl User::Pkg::org.tizen.homescreen-efl rwxat User::Pkg::org.tizen.homescreen-efl User::Pkg::org.tizen.homescreen-efl::RO rxl @@ -346,7 +346,7 @@ User::Pkg::org.tizen.image-viewer System::Run rwxat User::Pkg::org.tizen.image-viewer System::Shared rxl User::Pkg::org.tizen.image-viewer User wx User::Pkg::org.tizen.image-viewer User::App::Shared rwxat -User::Pkg::org.tizen.image-viewer User::Author::1 rwxat +User::Pkg::org.tizen.image-viewer User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.image-viewer User::Home rxl User::Pkg::org.tizen.image-viewer User::Pkg::org.tizen.image-viewer rwxat User::Pkg::org.tizen.image-viewer User::Pkg::org.tizen.image-viewer::RO rxl @@ -358,7 +358,7 @@ User::Pkg::org.tizen.indicator System::Run rwxat User::Pkg::org.tizen.indicator System::Shared rxl User::Pkg::org.tizen.indicator User wx User::Pkg::org.tizen.indicator User::App::Shared rwxat -User::Pkg::org.tizen.indicator User::Author::1 rwxat +User::Pkg::org.tizen.indicator User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.indicator User::Home rxl User::Pkg::org.tizen.indicator User::Pkg::org.tizen.indicator rwxat User::Pkg::org.tizen.indicator User::Pkg::org.tizen.indicator::RO rxl @@ -392,7 +392,7 @@ User::Pkg::org.tizen.installer System::Run rwxat User::Pkg::org.tizen.installer System::Shared rxl User::Pkg::org.tizen.installer User wx User::Pkg::org.tizen.installer User::App::Shared rwxat -User::Pkg::org.tizen.installer User::Author::1 rwxat +User::Pkg::org.tizen.installer User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.installer User::Home rxl User::Pkg::org.tizen.installer User::Pkg::org.tizen.installer rwxat User::Pkg::org.tizen.installer User::Pkg::org.tizen.installer::RO rxl @@ -448,7 +448,7 @@ User::Pkg::org.tizen.lockscreen System::Run rwxat User::Pkg::org.tizen.lockscreen System::Shared rxl User::Pkg::org.tizen.lockscreen User wx User::Pkg::org.tizen.lockscreen User::App::Shared rwxat -User::Pkg::org.tizen.lockscreen User::Author::1 rwxat +User::Pkg::org.tizen.lockscreen User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.lockscreen User::Home rxl User::Pkg::org.tizen.lockscreen User::Pkg::org.tizen.lockscreen rwxat User::Pkg::org.tizen.lockscreen User::Pkg::org.tizen.lockscreen::RO rxl @@ -460,7 +460,7 @@ User::Pkg::org.tizen.memo System::Run rwxat User::Pkg::org.tizen.memo System::Shared rxl User::Pkg::org.tizen.memo User wx User::Pkg::org.tizen.memo User::App::Shared rwxat -User::Pkg::org.tizen.memo User::Author::1 rwxat +User::Pkg::org.tizen.memo User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.memo User::Home rxl User::Pkg::org.tizen.memo User::Pkg::org.tizen.memo rwxat User::Pkg::org.tizen.memo User::Pkg::org.tizen.memo::RO rxl @@ -483,7 +483,7 @@ User::Pkg::org.tizen.message System::Run rwxat User::Pkg::org.tizen.message System::Shared rxl User::Pkg::org.tizen.message User wx User::Pkg::org.tizen.message User::App::Shared rwxat -User::Pkg::org.tizen.message User::Author::1 rwxat +User::Pkg::org.tizen.message User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.message User::Home rxl User::Pkg::org.tizen.message User::Pkg::org.tizen.message rwxat User::Pkg::org.tizen.message User::Pkg::org.tizen.message::RO rxl @@ -495,7 +495,7 @@ User::Pkg::org.tizen.msg-manager System::Run rwxat User::Pkg::org.tizen.msg-manager System::Shared rxl User::Pkg::org.tizen.msg-manager User wx User::Pkg::org.tizen.msg-manager User::App::Shared rwxat -User::Pkg::org.tizen.msg-manager User::Author::1 rwxat +User::Pkg::org.tizen.msg-manager User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.msg-manager User::Home rxl User::Pkg::org.tizen.msg-manager User::Pkg::org.tizen.msg-manager rwxat User::Pkg::org.tizen.msg-manager User::Pkg::org.tizen.msg-manager::RO rxl @@ -507,7 +507,7 @@ User::Pkg::org.tizen.music-player System::Run rwxat User::Pkg::org.tizen.music-player System::Shared rxl User::Pkg::org.tizen.music-player User wx User::Pkg::org.tizen.music-player User::App::Shared rwxat -User::Pkg::org.tizen.music-player User::Author::1 rwxat +User::Pkg::org.tizen.music-player User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.music-player User::Home rxl User::Pkg::org.tizen.music-player User::Pkg::org.tizen.music-player rwxat User::Pkg::org.tizen.music-player User::Pkg::org.tizen.music-player::RO rxl @@ -519,7 +519,7 @@ User::Pkg::org.tizen.myfile System::Run rwxat User::Pkg::org.tizen.myfile System::Shared rxl User::Pkg::org.tizen.myfile User wx User::Pkg::org.tizen.myfile User::App::Shared rwxat -User::Pkg::org.tizen.myfile User::Author::1 rwxat +User::Pkg::org.tizen.myfile User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.myfile User::Home rxl User::Pkg::org.tizen.myfile User::Pkg::org.tizen.myfile rwxat User::Pkg::org.tizen.myfile User::Pkg::org.tizen.myfile::RO rxl @@ -586,7 +586,7 @@ User::Pkg::org.tizen.quickpanel System::Run rwxat User::Pkg::org.tizen.quickpanel System::Shared rxl User::Pkg::org.tizen.quickpanel User wx User::Pkg::org.tizen.quickpanel User::App::Shared rwxat -User::Pkg::org.tizen.quickpanel User::Author::1 rwxat +User::Pkg::org.tizen.quickpanel User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.quickpanel User::Home rxl User::Pkg::org.tizen.quickpanel User::Pkg::org.tizen.quickpanel rwxat User::Pkg::org.tizen.quickpanel User::Pkg::org.tizen.quickpanel::RO rxl @@ -620,7 +620,7 @@ User::Pkg::org.tizen.setting System::Run rwxat User::Pkg::org.tizen.setting System::Shared rxl User::Pkg::org.tizen.setting User wx User::Pkg::org.tizen.setting User::App::Shared rwxat -User::Pkg::org.tizen.setting User::Author::1 rwxat +User::Pkg::org.tizen.setting User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.setting User::Home rxl User::Pkg::org.tizen.setting User::Pkg::org.tizen.setting rwxat User::Pkg::org.tizen.setting User::Pkg::org.tizen.setting::RO rxl @@ -632,7 +632,7 @@ User::Pkg::org.tizen.setting-homescreen System::Run rwxat User::Pkg::org.tizen.setting-homescreen System::Shared rxl User::Pkg::org.tizen.setting-homescreen User wx User::Pkg::org.tizen.setting-homescreen User::App::Shared rwxat -User::Pkg::org.tizen.setting-homescreen User::Author::1 rwxat +User::Pkg::org.tizen.setting-homescreen User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.setting-homescreen User::Home rxl User::Pkg::org.tizen.setting-homescreen User::Pkg::org.tizen.setting-homescreen rwxat User::Pkg::org.tizen.setting-homescreen User::Pkg::org.tizen.setting-homescreen::RO rxl @@ -644,7 +644,7 @@ User::Pkg::org.tizen.setting-notification System::Run rwxat User::Pkg::org.tizen.setting-notification System::Shared rxl User::Pkg::org.tizen.setting-notification User wx User::Pkg::org.tizen.setting-notification User::App::Shared rwxat -User::Pkg::org.tizen.setting-notification User::Author::1 rwxat +User::Pkg::org.tizen.setting-notification User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.setting-notification User::Home rxl User::Pkg::org.tizen.setting-notification User::Pkg::org.tizen.setting-notification rwxat User::Pkg::org.tizen.setting-notification User::Pkg::org.tizen.setting-notification::RO rxl @@ -667,7 +667,7 @@ User::Pkg::org.tizen.share-panel System::Run rwxat User::Pkg::org.tizen.share-panel System::Shared rxl User::Pkg::org.tizen.share-panel User wx User::Pkg::org.tizen.share-panel User::App::Shared rwxat -User::Pkg::org.tizen.share-panel User::Author::1 rwxat +User::Pkg::org.tizen.share-panel User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.share-panel User::Home rxl User::Pkg::org.tizen.share-panel User::Pkg::org.tizen.share-panel rwxat User::Pkg::org.tizen.share-panel User::Pkg::org.tizen.share-panel::RO rxl @@ -701,7 +701,7 @@ User::Pkg::org.tizen.sys-lock System::Run rwxat User::Pkg::org.tizen.sys-lock System::Shared rxl User::Pkg::org.tizen.sys-lock User wx User::Pkg::org.tizen.sys-lock User::App::Shared rwxat -User::Pkg::org.tizen.sys-lock User::Author::1 rwxat +User::Pkg::org.tizen.sys-lock User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.sys-lock User::Home rxl User::Pkg::org.tizen.sys-lock User::Pkg::org.tizen.sys-lock rwxat User::Pkg::org.tizen.sys-lock User::Pkg::org.tizen.sys-lock::RO rxl @@ -735,7 +735,7 @@ User::Pkg::org.tizen.task-mgr System::Run rwxat User::Pkg::org.tizen.task-mgr System::Shared rxl User::Pkg::org.tizen.task-mgr User wx User::Pkg::org.tizen.task-mgr User::App::Shared rwxat -User::Pkg::org.tizen.task-mgr User::Author::1 rwxat +User::Pkg::org.tizen.task-mgr User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.task-mgr User::Home rxl User::Pkg::org.tizen.task-mgr User::Pkg::org.tizen.task-mgr rwxat User::Pkg::org.tizen.task-mgr User::Pkg::org.tizen.task-mgr::RO rxl @@ -769,7 +769,7 @@ User::Pkg::org.tizen.ug-gallery-efl System::Run rwxat User::Pkg::org.tizen.ug-gallery-efl System::Shared rxl User::Pkg::org.tizen.ug-gallery-efl User wx User::Pkg::org.tizen.ug-gallery-efl User::App::Shared rwxat -User::Pkg::org.tizen.ug-gallery-efl User::Author::1 rwxat +User::Pkg::org.tizen.ug-gallery-efl User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.ug-gallery-efl User::Home rxl User::Pkg::org.tizen.ug-gallery-efl User::Pkg::org.tizen.ug-gallery-efl rwxat User::Pkg::org.tizen.ug-gallery-efl User::Pkg::org.tizen.ug-gallery-efl::RO rxl @@ -781,7 +781,7 @@ User::Pkg::org.tizen.ug-lockscreen-options System::Run rwxat User::Pkg::org.tizen.ug-lockscreen-options System::Shared rxl User::Pkg::org.tizen.ug-lockscreen-options User wx User::Pkg::org.tizen.ug-lockscreen-options User::App::Shared rwxat -User::Pkg::org.tizen.ug-lockscreen-options User::Author::1 rwxat +User::Pkg::org.tizen.ug-lockscreen-options User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.ug-lockscreen-options User::Home rxl User::Pkg::org.tizen.ug-lockscreen-options User::Pkg::org.tizen.ug-lockscreen-options rwxat User::Pkg::org.tizen.ug-lockscreen-options User::Pkg::org.tizen.ug-lockscreen-options::RO rxl @@ -793,7 +793,7 @@ User::Pkg::org.tizen.ug-myfile-efl System::Run rwxat User::Pkg::org.tizen.ug-myfile-efl System::Shared rxl User::Pkg::org.tizen.ug-myfile-efl User wx User::Pkg::org.tizen.ug-myfile-efl User::App::Shared rwxat -User::Pkg::org.tizen.ug-myfile-efl User::Author::1 rwxat +User::Pkg::org.tizen.ug-myfile-efl User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.ug-myfile-efl User::Home rxl User::Pkg::org.tizen.ug-myfile-efl User::Pkg::org.tizen.ug-myfile-efl rwxat User::Pkg::org.tizen.ug-myfile-efl User::Pkg::org.tizen.ug-myfile-efl::RO rxl @@ -816,7 +816,7 @@ User::Pkg::org.tizen.videos System::Run rwxat User::Pkg::org.tizen.videos System::Shared rxl User::Pkg::org.tizen.videos User wx User::Pkg::org.tizen.videos User::App::Shared rwxat -User::Pkg::org.tizen.videos User::Author::1 rwxat +User::Pkg::org.tizen.videos User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.videos User::Home rxl User::Pkg::org.tizen.videos User::Pkg::org.tizen.videos rwxat User::Pkg::org.tizen.videos User::Pkg::org.tizen.videos::RO rxl @@ -850,7 +850,7 @@ User::Pkg::org.tizen.volume System::Run rwxat User::Pkg::org.tizen.volume System::Shared rxl User::Pkg::org.tizen.volume User wx User::Pkg::org.tizen.volume User::App::Shared rwxat -User::Pkg::org.tizen.volume User::Author::1 rwxat +User::Pkg::org.tizen.volume User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.volume User::Home rxl User::Pkg::org.tizen.volume User::Pkg::org.tizen.volume rwxat User::Pkg::org.tizen.volume User::Pkg::org.tizen.volume::RO rxl @@ -862,7 +862,7 @@ User::Pkg::org.tizen.wallpaper-ui-service System::Run rwxat User::Pkg::org.tizen.wallpaper-ui-service System::Shared rxl User::Pkg::org.tizen.wallpaper-ui-service User wx User::Pkg::org.tizen.wallpaper-ui-service User::App::Shared rwxat -User::Pkg::org.tizen.wallpaper-ui-service User::Author::1 rwxat +User::Pkg::org.tizen.wallpaper-ui-service User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.wallpaper-ui-service User::Home rxl User::Pkg::org.tizen.wallpaper-ui-service User::Pkg::org.tizen.wallpaper-ui-service rwxat User::Pkg::org.tizen.wallpaper-ui-service User::Pkg::org.tizen.wallpaper-ui-service::RO rxl @@ -885,7 +885,7 @@ User::Pkg::org.tizen.wifi-direct-popup System::Run rwxat User::Pkg::org.tizen.wifi-direct-popup System::Shared rxl User::Pkg::org.tizen.wifi-direct-popup User wx User::Pkg::org.tizen.wifi-direct-popup User::App::Shared rwxat -User::Pkg::org.tizen.wifi-direct-popup User::Author::1 rwxat +User::Pkg::org.tizen.wifi-direct-popup User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.wifi-direct-popup User::Home rxl User::Pkg::org.tizen.wifi-direct-popup User::Pkg::org.tizen.wifi-direct-popup rwxat User::Pkg::org.tizen.wifi-direct-popup User::Pkg::org.tizen.wifi-direct-popup::RO rxl @@ -1013,6 +1013,30 @@ User::Pkg::pkg100::App::app100 User::Pkg::pkg100::App::acc100 rwxat User::Pkg::pkg100::App::app100 User::Pkg::pkg100::App::add100 rwxat User::Pkg::pkg100::App::app100 User::Pkg::pkg100::RO rxl User::Pkg::pkg100::App::app100 _ l +User::Pkg::pkg101 System wx +User::Pkg::pkg101 System::Log rwxa +User::Pkg::pkg101 System::Privileged wx +User::Pkg::pkg101 System::Run rwxat +User::Pkg::pkg101 System::Shared rxl +User::Pkg::pkg101 User wx +User::Pkg::pkg101 User::App::Shared rwxat +User::Pkg::pkg101 User::Author::0fdfb83545aabc1f rwxat +User::Pkg::pkg101 User::Home rxl +User::Pkg::pkg101 User::Pkg::pkg101 rwxat +User::Pkg::pkg101 User::Pkg::pkg101::RO rxl +User::Pkg::pkg101 _ l +User::Pkg::pkg102 System wx +User::Pkg::pkg102 System::Log rwxa +User::Pkg::pkg102 System::Privileged wx +User::Pkg::pkg102 System::Run rwxat +User::Pkg::pkg102 System::Shared rxl +User::Pkg::pkg102 User wx +User::Pkg::pkg102 User::App::Shared rwxat +User::Pkg::pkg102 User::Author::b1c7dc06f99e70d0 rwxat +User::Pkg::pkg102 User::Home rxl +User::Pkg::pkg102 User::Pkg::pkg102 rwxat +User::Pkg::pkg102 User::Pkg::pkg102::RO rxl +User::Pkg::pkg102 _ l User::Pkg::pkg10::App::abb10 System wx User::Pkg::pkg10::App::abb10 System::Log rwxa User::Pkg::pkg10::App::abb10 System::Privileged wx diff --git a/test/data/.security-manager-test-rules-packages.txt b/test/data/.security-manager-test-rules-packages.txt index ea23041..6c3bd06 100644 --- a/test/data/.security-manager-test-rules-packages.txt +++ b/test/data/.security-manager-test-rules-packages.txt @@ -38,7 +38,7 @@ User::Pkg::org.tizen.gallery System::Run rwxat User::Pkg::org.tizen.gallery System::Shared rxl User::Pkg::org.tizen.gallery User wx User::Pkg::org.tizen.gallery User::App::Shared rwxat -User::Pkg::org.tizen.gallery User::Author::1 rwxat +User::Pkg::org.tizen.gallery User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.gallery User::Home rxl User::Pkg::org.tizen.gallery User::Pkg::org.tizen.gallery rwxat User::Pkg::org.tizen.gallery User::Pkg::org.tizen.gallery::RO rxl diff --git a/test/data/.security-manager-test-rules.db b/test/data/.security-manager-test-rules.db index db1fd8b885392d078e158af558525855d052ae23..648d750eb745b60ce315bcb482d3591b728b3ed2 100644 GIT binary patch delta 1316 zcmZuwYitx%6rOYE?#$iUo!RXJm)*rO-O|@?yN^DpSlcZuNT`(Bhnj6Iv)!&0S^46_jERKq4-*j+F(GMxwJ~b=VKgx|YD|oGcMu!(PR``J z=bU@L^W~g7y-ubtn=iO4C5B-tsoAI@YIW2wwZ9ioAkEH|aY$nP+ZLDNZ`inM>MO1I zz>e)~4y9CHUc%@+N@YKmKZC6n)`^ZEeJT`eU~>0xh*{3Q={d5%F?LE-o-I1=u&L#1 zYu39o1s3YP&zAN4wAR_kdYBSsffgmLN}~9^*dm&&d#yGL7Cse-`ExQ%in(vNx6#We zO4AD8?A$3K?W^Fo1OjBnoSni}a4FB796$D~e_WXwmz62m*pB44>M7HUoX^8KI-KgF zLXe8Vpk^944-4WSiI6dlq^Mkl>?+LS9 zQYYtOtx(G_Y}(!1NYZWEktn#dccNg^PekDm%k3)W96hy^d#f7ZW&}M23H!2mGo~EF%&>$L|ojW6(>#645(RT8Bkro<&?fP&S-osF( znfJo4!uiS_y!(*=x%7no`@?WQ8@ww@9t?L6MEc~KgOSJlhWe3bl*zF=d6OeAUk`M{ zEmok6Ge%3)Df|MPo~YE>eeeUwB8f0&$T8eC{0YlLPP}9tvg|Q$kkx#VmX@WtI=~hn zKWc}1p_JZZ$r|-&w4Q!8)#cMa?1Mc(yuABZJ2~57h}b>=uL9KSR|bJaP@^wC4l_WQ zi<^XMROnGQ%fyK>gY6jWWE%WPe;@@njPX|#g^oY+<;TB(L&&Rd%fOvo;MGmnp$}nk zP&}Xy<)BM|MeVJduvCP6CFhV&z=$p{g?q=+k!~Q_XIXZfm?9Rb%Np={C)tmt-;7#W7AG#CVphm<(^)hmgKehHSug zT25=cjLu-oYnIdWxSm$XUYV3`q_CCVR$fxRwoN)TLkcp~F}bY1>$7g|XSC zU!)a!!40X?#bU-;Z}7%Kqpk7LU`wK{ZLBpI54zC3SSXl?Ct^Dro12;yB{mvLBqzbd zq}%J&nzfa(rUs=s5sWtnLybGfS`&@=nPR0?##SV4NUN0S3#r46o%QhlJnTQQ|L~yX Oq>0j)^E~!{^ZW%@H&nd< delta 592 zcmXw0T}YE*6n>xgefNEz-`w}Drfze~wq+Pd7PgCiM5gqEU_V2Nh+!_KvXJs3>MEFP z2woHpX)h?%yb1-u&p|Iif_7mMb>UqXkryAs>oOxX55@$oFNHtY@04{O1BxW|f1nM#&F zb2pAK6gQG!=Ucw*q>1e$kx_Zi(7!miA2#PCb zV2Kw=oRkl)p$PN2Rrg=rQA@2ED{s z)aLnb=AhSF^UT-Yc6T~+?cjyGVO`uvqE5U_!6yO(uth0_i!wNXU$FAsA-%q<%P9CB zWrrS%@w2EGf0J;@og|I|jneGHG7yw2{a_RUxpos1pfKfZ0vcF87?Iy^Aq1I-V~DbR z#}Roag$}$O1dnh(4-;9NLmTD1fxG4TJU$~p(_>?&NlBgST{@FF*G_9p=BMe53>UC{ z0Vkwu6@8Td^i4vhKA_vgx_JEs&h)}?gB<>fSBKfEk(2rs#-YBnugTmt3N6fM?FrpW dTNL-vl6y_m2J3W}g&v_#6c={Oaw{F={{Z7eooxUB diff --git a/test/data/.security-manager-test-rules.txt b/test/data/.security-manager-test-rules.txt index 2879c80..2e8b544 100644 --- a/test/data/.security-manager-test-rules.txt +++ b/test/data/.security-manager-test-rules.txt @@ -1,4 +1,6 @@ -System User::Author::1 rwxat +System User::Author::0fdfb83545aabc1f rwxat +System User::Author::42a5f0d50138e7f3 rwxat +System User::Author::b1c7dc06f99e70d0 rwxat System User::Pkg::attach-panel-camera rwxat System User::Pkg::attach-panel-camera::RO rwxat System User::Pkg::attach-panel-document rwxat @@ -181,6 +183,10 @@ System User::Pkg::pkg100::App::acc100 rwxat System User::Pkg::pkg100::App::add100 rwxat System User::Pkg::pkg100::App::app100 rwxat System User::Pkg::pkg100::RO rwxat +System User::Pkg::pkg101 rwxat +System User::Pkg::pkg101::RO rwxat +System User::Pkg::pkg102 rwxat +System User::Pkg::pkg102::RO rwxat System User::Pkg::pkg10::App::abb10 rwxat System User::Pkg::pkg10::App::acc10 rwxat System User::Pkg::pkg10::App::add10 rwxat @@ -787,7 +793,9 @@ System User::Pkg::ug-setting-wifidirect-efl rwxat System User::Pkg::ug-setting-wifidirect-efl::RO rwxat System User::Pkg::wifi-efl-ug rwxat System User::Pkg::wifi-efl-ug::RO rwxat -System::Privileged User::Author::1 rwxat +System::Privileged User::Author::0fdfb83545aabc1f rwxat +System::Privileged User::Author::42a5f0d50138e7f3 rwxat +System::Privileged User::Author::b1c7dc06f99e70d0 rwxat System::Privileged User::Pkg::attach-panel-camera rwxat System::Privileged User::Pkg::attach-panel-camera::RO rwxat System::Privileged User::Pkg::attach-panel-document rwxat @@ -970,6 +978,10 @@ System::Privileged User::Pkg::pkg100::App::acc100 rwxat System::Privileged User::Pkg::pkg100::App::add100 rwxat System::Privileged User::Pkg::pkg100::App::app100 rwxat System::Privileged User::Pkg::pkg100::RO rwxat +System::Privileged User::Pkg::pkg101 rwxat +System::Privileged User::Pkg::pkg101::RO rwxat +System::Privileged User::Pkg::pkg102 rwxat +System::Privileged User::Pkg::pkg102::RO rwxat System::Privileged User::Pkg::pkg10::App::abb10 rwxat System::Privileged User::Pkg::pkg10::App::acc10 rwxat System::Privileged User::Pkg::pkg10::App::add10 rwxat @@ -1576,7 +1588,9 @@ System::Privileged User::Pkg::ug-setting-wifidirect-efl rwxat System::Privileged User::Pkg::ug-setting-wifidirect-efl::RO rwxat System::Privileged User::Pkg::wifi-efl-ug rwxat System::Privileged User::Pkg::wifi-efl-ug::RO rwxat -User User::Author::1 rwxat +User User::Author::0fdfb83545aabc1f rwxat +User User::Author::42a5f0d50138e7f3 rwxat +User User::Author::b1c7dc06f99e70d0 rwxat User User::Pkg::attach-panel-camera rwxat User User::Pkg::attach-panel-camera::RO rwxat User User::Pkg::attach-panel-document rwxat @@ -1759,6 +1773,10 @@ User User::Pkg::pkg100::App::acc100 rwxat User User::Pkg::pkg100::App::add100 rwxat User User::Pkg::pkg100::App::app100 rwxat User User::Pkg::pkg100::RO rwxat +User User::Pkg::pkg101 rwxat +User User::Pkg::pkg101::RO rwxat +User User::Pkg::pkg102 rwxat +User User::Pkg::pkg102::RO rwxat User User::Pkg::pkg10::App::abb10 rwxat User User::Pkg::pkg10::App::acc10 rwxat User User::Pkg::pkg10::App::add10 rwxat @@ -2504,7 +2522,7 @@ User::Pkg::org.tizen.app-selector System::Run rwxat User::Pkg::org.tizen.app-selector System::Shared rxl User::Pkg::org.tizen.app-selector User wx User::Pkg::org.tizen.app-selector User::App::Shared rwxat -User::Pkg::org.tizen.app-selector User::Author::1 rwxat +User::Pkg::org.tizen.app-selector User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.app-selector User::Home rxl User::Pkg::org.tizen.app-selector User::Pkg::org.tizen.app-selector rwxat User::Pkg::org.tizen.app-selector User::Pkg::org.tizen.app-selector::RO rxl @@ -2516,7 +2534,7 @@ User::Pkg::org.tizen.bluetooth-share-ui System::Run rwxat User::Pkg::org.tizen.bluetooth-share-ui System::Shared rxl User::Pkg::org.tizen.bluetooth-share-ui User wx User::Pkg::org.tizen.bluetooth-share-ui User::App::Shared rwxat -User::Pkg::org.tizen.bluetooth-share-ui User::Author::1 rwxat +User::Pkg::org.tizen.bluetooth-share-ui User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.bluetooth-share-ui User::Home rxl User::Pkg::org.tizen.bluetooth-share-ui User::Pkg::org.tizen.bluetooth-share-ui rwxat User::Pkg::org.tizen.bluetooth-share-ui User::Pkg::org.tizen.bluetooth-share-ui::RO rxl @@ -2550,7 +2568,7 @@ User::Pkg::org.tizen.calendar System::Run rwxat User::Pkg::org.tizen.calendar System::Shared rxl User::Pkg::org.tizen.calendar User wx User::Pkg::org.tizen.calendar User::App::Shared rwxat -User::Pkg::org.tizen.calendar User::Author::1 rwxat +User::Pkg::org.tizen.calendar User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.calendar User::Home rxl User::Pkg::org.tizen.calendar User::Pkg::org.tizen.calendar rwxat User::Pkg::org.tizen.calendar User::Pkg::org.tizen.calendar::RO rxl @@ -2562,7 +2580,7 @@ User::Pkg::org.tizen.call-setting System::Run rwxat User::Pkg::org.tizen.call-setting System::Shared rxl User::Pkg::org.tizen.call-setting User wx User::Pkg::org.tizen.call-setting User::App::Shared rwxat -User::Pkg::org.tizen.call-setting User::Author::1 rwxat +User::Pkg::org.tizen.call-setting User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.call-setting User::Home rxl User::Pkg::org.tizen.call-setting User::Pkg::org.tizen.call-setting rwxat User::Pkg::org.tizen.call-setting User::Pkg::org.tizen.call-setting::RO rxl @@ -2574,7 +2592,7 @@ User::Pkg::org.tizen.call-ui System::Run rwxat User::Pkg::org.tizen.call-ui System::Shared rxl User::Pkg::org.tizen.call-ui User wx User::Pkg::org.tizen.call-ui User::App::Shared rwxat -User::Pkg::org.tizen.call-ui User::Author::1 rwxat +User::Pkg::org.tizen.call-ui User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.call-ui User::Home rxl User::Pkg::org.tizen.call-ui User::Pkg::org.tizen.call-ui rwxat User::Pkg::org.tizen.call-ui User::Pkg::org.tizen.call-ui::RO rxl @@ -2597,7 +2615,7 @@ User::Pkg::org.tizen.camera-app System::Run rwxat User::Pkg::org.tizen.camera-app System::Shared rxl User::Pkg::org.tizen.camera-app User wx User::Pkg::org.tizen.camera-app User::App::Shared rwxat -User::Pkg::org.tizen.camera-app User::Author::1 rwxat +User::Pkg::org.tizen.camera-app User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.camera-app User::Home rxl User::Pkg::org.tizen.camera-app User::Pkg::org.tizen.camera-app rwxat User::Pkg::org.tizen.camera-app User::Pkg::org.tizen.camera-app::RO rxl @@ -2620,7 +2638,7 @@ User::Pkg::org.tizen.clock System::Run rwxat User::Pkg::org.tizen.clock System::Shared rxl User::Pkg::org.tizen.clock User wx User::Pkg::org.tizen.clock User::App::Shared rwxat -User::Pkg::org.tizen.clock User::Author::1 rwxat +User::Pkg::org.tizen.clock User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.clock User::Home rxl User::Pkg::org.tizen.clock User::Pkg::org.tizen.clock rwxat User::Pkg::org.tizen.clock User::Pkg::org.tizen.clock::RO rxl @@ -2632,7 +2650,7 @@ User::Pkg::org.tizen.contacts System::Run rwxat User::Pkg::org.tizen.contacts System::Shared rxl User::Pkg::org.tizen.contacts User wx User::Pkg::org.tizen.contacts User::App::Shared rwxat -User::Pkg::org.tizen.contacts User::Author::1 rwxat +User::Pkg::org.tizen.contacts User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.contacts User::Home rxl User::Pkg::org.tizen.contacts User::Pkg::org.tizen.contacts rwxat User::Pkg::org.tizen.contacts User::Pkg::org.tizen.contacts::RO rxl @@ -2655,7 +2673,7 @@ User::Pkg::org.tizen.download-manager System::Run rwxat User::Pkg::org.tizen.download-manager System::Shared rxl User::Pkg::org.tizen.download-manager User wx User::Pkg::org.tizen.download-manager User::App::Shared rwxat -User::Pkg::org.tizen.download-manager User::Author::1 rwxat +User::Pkg::org.tizen.download-manager User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.download-manager User::Home rxl User::Pkg::org.tizen.download-manager User::Pkg::org.tizen.download-manager rwxat User::Pkg::org.tizen.download-manager User::Pkg::org.tizen.download-manager::RO rxl @@ -2678,7 +2696,7 @@ User::Pkg::org.tizen.email System::Run rwxat User::Pkg::org.tizen.email System::Shared rxl User::Pkg::org.tizen.email User wx User::Pkg::org.tizen.email User::App::Shared rwxat -User::Pkg::org.tizen.email User::Author::1 rwxat +User::Pkg::org.tizen.email User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.email User::Home rxl User::Pkg::org.tizen.email User::Pkg::org.tizen.email rwxat User::Pkg::org.tizen.email User::Pkg::org.tizen.email::RO rxl @@ -2712,7 +2730,7 @@ User::Pkg::org.tizen.gallery System::Run rwxat User::Pkg::org.tizen.gallery System::Shared rxl User::Pkg::org.tizen.gallery User wx User::Pkg::org.tizen.gallery User::App::Shared rwxat -User::Pkg::org.tizen.gallery User::Author::1 rwxat +User::Pkg::org.tizen.gallery User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.gallery User::Home rxl User::Pkg::org.tizen.gallery User::Pkg::org.tizen.gallery rwxat User::Pkg::org.tizen.gallery User::Pkg::org.tizen.gallery::RO rxl @@ -2746,7 +2764,7 @@ User::Pkg::org.tizen.homescreen-efl System::Run rwxat User::Pkg::org.tizen.homescreen-efl System::Shared rxl User::Pkg::org.tizen.homescreen-efl User wx User::Pkg::org.tizen.homescreen-efl User::App::Shared rwxat -User::Pkg::org.tizen.homescreen-efl User::Author::1 rwxat +User::Pkg::org.tizen.homescreen-efl User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.homescreen-efl User::Home rxl User::Pkg::org.tizen.homescreen-efl User::Pkg::org.tizen.homescreen-efl rwxat User::Pkg::org.tizen.homescreen-efl User::Pkg::org.tizen.homescreen-efl::RO rxl @@ -2758,7 +2776,7 @@ User::Pkg::org.tizen.image-viewer System::Run rwxat User::Pkg::org.tizen.image-viewer System::Shared rxl User::Pkg::org.tizen.image-viewer User wx User::Pkg::org.tizen.image-viewer User::App::Shared rwxat -User::Pkg::org.tizen.image-viewer User::Author::1 rwxat +User::Pkg::org.tizen.image-viewer User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.image-viewer User::Home rxl User::Pkg::org.tizen.image-viewer User::Pkg::org.tizen.image-viewer rwxat User::Pkg::org.tizen.image-viewer User::Pkg::org.tizen.image-viewer::RO rxl @@ -2770,7 +2788,7 @@ User::Pkg::org.tizen.indicator System::Run rwxat User::Pkg::org.tizen.indicator System::Shared rxl User::Pkg::org.tizen.indicator User wx User::Pkg::org.tizen.indicator User::App::Shared rwxat -User::Pkg::org.tizen.indicator User::Author::1 rwxat +User::Pkg::org.tizen.indicator User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.indicator User::Home rxl User::Pkg::org.tizen.indicator User::Pkg::org.tizen.indicator rwxat User::Pkg::org.tizen.indicator User::Pkg::org.tizen.indicator::RO rxl @@ -2804,7 +2822,7 @@ User::Pkg::org.tizen.installer System::Run rwxat User::Pkg::org.tizen.installer System::Shared rxl User::Pkg::org.tizen.installer User wx User::Pkg::org.tizen.installer User::App::Shared rwxat -User::Pkg::org.tizen.installer User::Author::1 rwxat +User::Pkg::org.tizen.installer User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.installer User::Home rxl User::Pkg::org.tizen.installer User::Pkg::org.tizen.installer rwxat User::Pkg::org.tizen.installer User::Pkg::org.tizen.installer::RO rxl @@ -2860,7 +2878,7 @@ User::Pkg::org.tizen.lockscreen System::Run rwxat User::Pkg::org.tizen.lockscreen System::Shared rxl User::Pkg::org.tizen.lockscreen User wx User::Pkg::org.tizen.lockscreen User::App::Shared rwxat -User::Pkg::org.tizen.lockscreen User::Author::1 rwxat +User::Pkg::org.tizen.lockscreen User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.lockscreen User::Home rxl User::Pkg::org.tizen.lockscreen User::Pkg::org.tizen.lockscreen rwxat User::Pkg::org.tizen.lockscreen User::Pkg::org.tizen.lockscreen::RO rxl @@ -2872,7 +2890,7 @@ User::Pkg::org.tizen.memo System::Run rwxat User::Pkg::org.tizen.memo System::Shared rxl User::Pkg::org.tizen.memo User wx User::Pkg::org.tizen.memo User::App::Shared rwxat -User::Pkg::org.tizen.memo User::Author::1 rwxat +User::Pkg::org.tizen.memo User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.memo User::Home rxl User::Pkg::org.tizen.memo User::Pkg::org.tizen.memo rwxat User::Pkg::org.tizen.memo User::Pkg::org.tizen.memo::RO rxl @@ -2895,7 +2913,7 @@ User::Pkg::org.tizen.message System::Run rwxat User::Pkg::org.tizen.message System::Shared rxl User::Pkg::org.tizen.message User wx User::Pkg::org.tizen.message User::App::Shared rwxat -User::Pkg::org.tizen.message User::Author::1 rwxat +User::Pkg::org.tizen.message User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.message User::Home rxl User::Pkg::org.tizen.message User::Pkg::org.tizen.message rwxat User::Pkg::org.tizen.message User::Pkg::org.tizen.message::RO rxl @@ -2907,7 +2925,7 @@ User::Pkg::org.tizen.msg-manager System::Run rwxat User::Pkg::org.tizen.msg-manager System::Shared rxl User::Pkg::org.tizen.msg-manager User wx User::Pkg::org.tizen.msg-manager User::App::Shared rwxat -User::Pkg::org.tizen.msg-manager User::Author::1 rwxat +User::Pkg::org.tizen.msg-manager User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.msg-manager User::Home rxl User::Pkg::org.tizen.msg-manager User::Pkg::org.tizen.msg-manager rwxat User::Pkg::org.tizen.msg-manager User::Pkg::org.tizen.msg-manager::RO rxl @@ -2919,7 +2937,7 @@ User::Pkg::org.tizen.music-player System::Run rwxat User::Pkg::org.tizen.music-player System::Shared rxl User::Pkg::org.tizen.music-player User wx User::Pkg::org.tizen.music-player User::App::Shared rwxat -User::Pkg::org.tizen.music-player User::Author::1 rwxat +User::Pkg::org.tizen.music-player User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.music-player User::Home rxl User::Pkg::org.tizen.music-player User::Pkg::org.tizen.music-player rwxat User::Pkg::org.tizen.music-player User::Pkg::org.tizen.music-player::RO rxl @@ -2931,7 +2949,7 @@ User::Pkg::org.tizen.myfile System::Run rwxat User::Pkg::org.tizen.myfile System::Shared rxl User::Pkg::org.tizen.myfile User wx User::Pkg::org.tizen.myfile User::App::Shared rwxat -User::Pkg::org.tizen.myfile User::Author::1 rwxat +User::Pkg::org.tizen.myfile User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.myfile User::Home rxl User::Pkg::org.tizen.myfile User::Pkg::org.tizen.myfile rwxat User::Pkg::org.tizen.myfile User::Pkg::org.tizen.myfile::RO rxl @@ -2998,7 +3016,7 @@ User::Pkg::org.tizen.quickpanel System::Run rwxat User::Pkg::org.tizen.quickpanel System::Shared rxl User::Pkg::org.tizen.quickpanel User wx User::Pkg::org.tizen.quickpanel User::App::Shared rwxat -User::Pkg::org.tizen.quickpanel User::Author::1 rwxat +User::Pkg::org.tizen.quickpanel User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.quickpanel User::Home rxl User::Pkg::org.tizen.quickpanel User::Pkg::org.tizen.quickpanel rwxat User::Pkg::org.tizen.quickpanel User::Pkg::org.tizen.quickpanel::RO rxl @@ -3032,7 +3050,7 @@ User::Pkg::org.tizen.setting System::Run rwxat User::Pkg::org.tizen.setting System::Shared rxl User::Pkg::org.tizen.setting User wx User::Pkg::org.tizen.setting User::App::Shared rwxat -User::Pkg::org.tizen.setting User::Author::1 rwxat +User::Pkg::org.tizen.setting User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.setting User::Home rxl User::Pkg::org.tizen.setting User::Pkg::org.tizen.setting rwxat User::Pkg::org.tizen.setting User::Pkg::org.tizen.setting::RO rxl @@ -3044,7 +3062,7 @@ User::Pkg::org.tizen.setting-homescreen System::Run rwxat User::Pkg::org.tizen.setting-homescreen System::Shared rxl User::Pkg::org.tizen.setting-homescreen User wx User::Pkg::org.tizen.setting-homescreen User::App::Shared rwxat -User::Pkg::org.tizen.setting-homescreen User::Author::1 rwxat +User::Pkg::org.tizen.setting-homescreen User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.setting-homescreen User::Home rxl User::Pkg::org.tizen.setting-homescreen User::Pkg::org.tizen.setting-homescreen rwxat User::Pkg::org.tizen.setting-homescreen User::Pkg::org.tizen.setting-homescreen::RO rxl @@ -3067,7 +3085,7 @@ User::Pkg::org.tizen.setting-notification System::Run rwxat User::Pkg::org.tizen.setting-notification System::Shared rxl User::Pkg::org.tizen.setting-notification User wx User::Pkg::org.tizen.setting-notification User::App::Shared rwxat -User::Pkg::org.tizen.setting-notification User::Author::1 rwxat +User::Pkg::org.tizen.setting-notification User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.setting-notification User::Home rxl User::Pkg::org.tizen.setting-notification User::Pkg::org.tizen.setting-notification rwxat User::Pkg::org.tizen.setting-notification User::Pkg::org.tizen.setting-notification::RO rxl @@ -3090,7 +3108,7 @@ User::Pkg::org.tizen.share-panel System::Run rwxat User::Pkg::org.tizen.share-panel System::Shared rxl User::Pkg::org.tizen.share-panel User wx User::Pkg::org.tizen.share-panel User::App::Shared rwxat -User::Pkg::org.tizen.share-panel User::Author::1 rwxat +User::Pkg::org.tizen.share-panel User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.share-panel User::Home rxl User::Pkg::org.tizen.share-panel User::Pkg::org.tizen.share-panel rwxat User::Pkg::org.tizen.share-panel User::Pkg::org.tizen.share-panel::RO rxl @@ -3124,7 +3142,7 @@ User::Pkg::org.tizen.sys-lock System::Run rwxat User::Pkg::org.tizen.sys-lock System::Shared rxl User::Pkg::org.tizen.sys-lock User wx User::Pkg::org.tizen.sys-lock User::App::Shared rwxat -User::Pkg::org.tizen.sys-lock User::Author::1 rwxat +User::Pkg::org.tizen.sys-lock User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.sys-lock User::Home rxl User::Pkg::org.tizen.sys-lock User::Pkg::org.tizen.sys-lock rwxat User::Pkg::org.tizen.sys-lock User::Pkg::org.tizen.sys-lock::RO rxl @@ -3158,7 +3176,7 @@ User::Pkg::org.tizen.task-mgr System::Run rwxat User::Pkg::org.tizen.task-mgr System::Shared rxl User::Pkg::org.tizen.task-mgr User wx User::Pkg::org.tizen.task-mgr User::App::Shared rwxat -User::Pkg::org.tizen.task-mgr User::Author::1 rwxat +User::Pkg::org.tizen.task-mgr User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.task-mgr User::Home rxl User::Pkg::org.tizen.task-mgr User::Pkg::org.tizen.task-mgr rwxat User::Pkg::org.tizen.task-mgr User::Pkg::org.tizen.task-mgr::RO rxl @@ -3192,7 +3210,7 @@ User::Pkg::org.tizen.ug-gallery-efl System::Run rwxat User::Pkg::org.tizen.ug-gallery-efl System::Shared rxl User::Pkg::org.tizen.ug-gallery-efl User wx User::Pkg::org.tizen.ug-gallery-efl User::App::Shared rwxat -User::Pkg::org.tizen.ug-gallery-efl User::Author::1 rwxat +User::Pkg::org.tizen.ug-gallery-efl User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.ug-gallery-efl User::Home rxl User::Pkg::org.tizen.ug-gallery-efl User::Pkg::org.tizen.ug-gallery-efl rwxat User::Pkg::org.tizen.ug-gallery-efl User::Pkg::org.tizen.ug-gallery-efl::RO rxl @@ -3204,7 +3222,7 @@ User::Pkg::org.tizen.ug-lockscreen-options System::Run rwxat User::Pkg::org.tizen.ug-lockscreen-options System::Shared rxl User::Pkg::org.tizen.ug-lockscreen-options User wx User::Pkg::org.tizen.ug-lockscreen-options User::App::Shared rwxat -User::Pkg::org.tizen.ug-lockscreen-options User::Author::1 rwxat +User::Pkg::org.tizen.ug-lockscreen-options User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.ug-lockscreen-options User::Home rxl User::Pkg::org.tizen.ug-lockscreen-options User::Pkg::org.tizen.ug-lockscreen-options rwxat User::Pkg::org.tizen.ug-lockscreen-options User::Pkg::org.tizen.ug-lockscreen-options::RO rxl @@ -3216,7 +3234,7 @@ User::Pkg::org.tizen.ug-myfile-efl System::Run rwxat User::Pkg::org.tizen.ug-myfile-efl System::Shared rxl User::Pkg::org.tizen.ug-myfile-efl User wx User::Pkg::org.tizen.ug-myfile-efl User::App::Shared rwxat -User::Pkg::org.tizen.ug-myfile-efl User::Author::1 rwxat +User::Pkg::org.tizen.ug-myfile-efl User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.ug-myfile-efl User::Home rxl User::Pkg::org.tizen.ug-myfile-efl User::Pkg::org.tizen.ug-myfile-efl rwxat User::Pkg::org.tizen.ug-myfile-efl User::Pkg::org.tizen.ug-myfile-efl::RO rxl @@ -3239,7 +3257,7 @@ User::Pkg::org.tizen.videos System::Run rwxat User::Pkg::org.tizen.videos System::Shared rxl User::Pkg::org.tizen.videos User wx User::Pkg::org.tizen.videos User::App::Shared rwxat -User::Pkg::org.tizen.videos User::Author::1 rwxat +User::Pkg::org.tizen.videos User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.videos User::Home rxl User::Pkg::org.tizen.videos User::Pkg::org.tizen.videos rwxat User::Pkg::org.tizen.videos User::Pkg::org.tizen.videos::RO rxl @@ -3273,7 +3291,7 @@ User::Pkg::org.tizen.volume System::Run rwxat User::Pkg::org.tizen.volume System::Shared rxl User::Pkg::org.tizen.volume User wx User::Pkg::org.tizen.volume User::App::Shared rwxat -User::Pkg::org.tizen.volume User::Author::1 rwxat +User::Pkg::org.tizen.volume User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.volume User::Home rxl User::Pkg::org.tizen.volume User::Pkg::org.tizen.volume rwxat User::Pkg::org.tizen.volume User::Pkg::org.tizen.volume::RO rxl @@ -3285,7 +3303,7 @@ User::Pkg::org.tizen.wallpaper-ui-service System::Run rwxat User::Pkg::org.tizen.wallpaper-ui-service System::Shared rxl User::Pkg::org.tizen.wallpaper-ui-service User wx User::Pkg::org.tizen.wallpaper-ui-service User::App::Shared rwxat -User::Pkg::org.tizen.wallpaper-ui-service User::Author::1 rwxat +User::Pkg::org.tizen.wallpaper-ui-service User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.wallpaper-ui-service User::Home rxl User::Pkg::org.tizen.wallpaper-ui-service User::Pkg::org.tizen.wallpaper-ui-service rwxat User::Pkg::org.tizen.wallpaper-ui-service User::Pkg::org.tizen.wallpaper-ui-service::RO rxl @@ -3308,7 +3326,7 @@ User::Pkg::org.tizen.wifi-direct-popup System::Run rwxat User::Pkg::org.tizen.wifi-direct-popup System::Shared rxl User::Pkg::org.tizen.wifi-direct-popup User wx User::Pkg::org.tizen.wifi-direct-popup User::App::Shared rwxat -User::Pkg::org.tizen.wifi-direct-popup User::Author::1 rwxat +User::Pkg::org.tizen.wifi-direct-popup User::Author::42a5f0d50138e7f3 rwxat User::Pkg::org.tizen.wifi-direct-popup User::Home rxl User::Pkg::org.tizen.wifi-direct-popup User::Pkg::org.tizen.wifi-direct-popup rwxat User::Pkg::org.tizen.wifi-direct-popup User::Pkg::org.tizen.wifi-direct-popup::RO rxl @@ -3436,6 +3454,30 @@ User::Pkg::pkg100::App::app100 User::Pkg::pkg100::App::acc100 rwxat User::Pkg::pkg100::App::app100 User::Pkg::pkg100::App::add100 rwxat User::Pkg::pkg100::App::app100 User::Pkg::pkg100::RO rxl User::Pkg::pkg100::App::app100 _ l +User::Pkg::pkg101 System wx +User::Pkg::pkg101 System::Log rwxa +User::Pkg::pkg101 System::Privileged wx +User::Pkg::pkg101 System::Run rwxat +User::Pkg::pkg101 System::Shared rxl +User::Pkg::pkg101 User wx +User::Pkg::pkg101 User::App::Shared rwxat +User::Pkg::pkg101 User::Author::0fdfb83545aabc1f rwxat +User::Pkg::pkg101 User::Home rxl +User::Pkg::pkg101 User::Pkg::pkg101 rwxat +User::Pkg::pkg101 User::Pkg::pkg101::RO rxl +User::Pkg::pkg101 _ l +User::Pkg::pkg102 System wx +User::Pkg::pkg102 System::Log rwxa +User::Pkg::pkg102 System::Privileged wx +User::Pkg::pkg102 System::Run rwxat +User::Pkg::pkg102 System::Shared rxl +User::Pkg::pkg102 User wx +User::Pkg::pkg102 User::App::Shared rwxat +User::Pkg::pkg102 User::Author::b1c7dc06f99e70d0 rwxat +User::Pkg::pkg102 User::Home rxl +User::Pkg::pkg102 User::Pkg::pkg102 rwxat +User::Pkg::pkg102 User::Pkg::pkg102::RO rxl +User::Pkg::pkg102 _ l User::Pkg::pkg10::App::abb10 System wx User::Pkg::pkg10::App::abb10 System::Log rwxa User::Pkg::pkg10::App::abb10 System::Privileged wx diff --git a/test/privilege_db_fixture.cpp b/test/privilege_db_fixture.cpp index e616c91..2f447fa 100644 --- a/test/privilege_db_fixture.cpp +++ b/test/privilege_db_fixture.cpp @@ -134,7 +134,7 @@ void PrivilegeDBFixture::addAppSuccess(const std::string &appName, const std::string &pkgName, const uid_t uid, const std::string &tizenVer, const std::string &authorName, bool isHybrid) { - int authorId = -1; + std::string authorHash; BOOST_REQUIRE_NO_THROW(testPrivDb->AddApplication(appName, pkgName, uid, tizenVer, authorName, isHybrid)); @@ -145,9 +145,9 @@ void PrivilegeDBFixture::addAppSuccess(const std::string &appName, "PkgNameExists wrongly not reported " << pkgName << " as existing package name"); if (authorName.length() > 0) { - BOOST_REQUIRE_NO_THROW(testPrivDb->GetPkgAuthorId(pkgName, authorId)); - BOOST_REQUIRE_MESSAGE(testPrivDb->AuthorIdExists(authorId), - "AuthorIdExists wrongly not reported " << uid << " as existing author id"); + BOOST_REQUIRE_NO_THROW(testPrivDb->GetPkgAuthor(pkgName, authorHash)); + BOOST_REQUIRE_MESSAGE(testPrivDb->AuthorExists(authorHash), + "AuthorExists wrongly not reported " << uid << " as existing author"); } } @@ -158,11 +158,11 @@ void PrivilegeDBFixture::addAppFail(const std::string &appName, bool appNameExists; bool pkgNameExists; bool authorNameExists; - int authorId; + std::string authorHash; if (authorName.length() > 0) { - BOOST_REQUIRE_NO_THROW(testPrivDb->GetPkgAuthorId(pkgName, authorId)); - BOOST_REQUIRE_NO_THROW(authorNameExists = testPrivDb->AuthorIdExists(authorId)); + BOOST_REQUIRE_NO_THROW(testPrivDb->GetPkgAuthor(pkgName, authorHash)); + BOOST_REQUIRE_NO_THROW(authorNameExists = testPrivDb->AuthorExists(authorHash)); } BOOST_REQUIRE_NO_THROW(appNameExists = testPrivDb->AppNameExists(appName)); @@ -177,9 +177,9 @@ void PrivilegeDBFixture::addAppFail(const std::string &appName, "PkgNameExists wrongly changed value after unsuccessful installation."); if (authorName.length() > 0) { - BOOST_REQUIRE_NO_THROW(testPrivDb->GetPkgAuthorId(pkgName, authorId)); - BOOST_REQUIRE_MESSAGE(authorNameExists == testPrivDb->AuthorIdExists(authorId), - "AuthorIdExists wrongly changed value after unsuccessful installation."); + BOOST_REQUIRE_NO_THROW(testPrivDb->GetPkgAuthor(pkgName, authorHash)); + BOOST_REQUIRE_MESSAGE(authorNameExists == testPrivDb->AuthorExists(authorHash), + "AuthorExists wrongly changed value after unsuccessful installation."); } } diff --git a/test/test_privilege_db_add_app.cpp b/test/test_privilege_db_add_app.cpp index ccc7bde..cd4965f 100644 --- a/test/test_privilege_db_add_app.cpp +++ b/test/test_privilege_db_add_app.cpp @@ -164,21 +164,21 @@ POSITIVE_TEST_CASE(T580_add_applications_with_different_authors_to_packages) POSITIVE_TEST_CASE(T590_add_applications_with_empty_noempty_author) { - int authorIdPkg; + std::string authorHash; addAppSuccess(app(1), pkg(1), uid(1), tizenVer(1), "", NotHybrid); - BOOST_REQUIRE_NO_THROW(getPrivDb()->GetPkgAuthorId(pkg(1), authorIdPkg)); - BOOST_REQUIRE_MESSAGE(authorIdPkg == -1, "Wrong author id returned: " << authorIdPkg - << " expected: -1"); + BOOST_REQUIRE_NO_THROW(getPrivDb()->GetPkgAuthor(pkg(1), authorHash)); + BOOST_REQUIRE_MESSAGE(authorHash.empty(), "Wrong author returned: " << authorHash + << " expected: empty"); addAppSuccess(app(2), pkg(1), uid(1), tizenVer(1), author(1), NotHybrid); - BOOST_REQUIRE_NO_THROW(getPrivDb()->GetPkgAuthorId(pkg(1), authorIdPkg)); - BOOST_REQUIRE_MESSAGE(authorIdPkg != -1, "Wrong author id returned: -1"); + BOOST_REQUIRE_NO_THROW(getPrivDb()->GetPkgAuthor(pkg(1), authorHash)); + BOOST_REQUIRE_MESSAGE(!authorHash.empty(), "Wrong author returned: empty"); addAppSuccess(app(3), pkg(1), uid(1), tizenVer(1), "", NotHybrid); - BOOST_REQUIRE_NO_THROW(getPrivDb()->GetPkgAuthorId(pkg(2), authorIdPkg)); - BOOST_REQUIRE_MESSAGE(authorIdPkg == -1, "Wrong author id returned: " << authorIdPkg - << " expected: -1"); + BOOST_REQUIRE_NO_THROW(getPrivDb()->GetPkgAuthor(pkg(2), authorHash)); + BOOST_REQUIRE_MESSAGE(authorHash.empty(), "Wrong author returned: " << authorHash + << " expected: empty"); } POSITIVE_TEST_CASE(T600_add_applications_with_different_isHybrid_false_true) diff --git a/test/test_privilege_db_app_pkg_getters.cpp b/test/test_privilege_db_app_pkg_getters.cpp index f47d429..8a7c959 100644 --- a/test/test_privilege_db_app_pkg_getters.cpp +++ b/test/test_privilege_db_app_pkg_getters.cpp @@ -43,7 +43,7 @@ struct PrivilegeDBGettersFixture : PrivilegeDBFixture void checkGetAppPkgInfo(const std::string &app, const std::string &expectedPackage, bool expectedIsHybrid, bool expectedIsSharedRO); void checkGetPkgApps(const std::string &package, std::vector expectedApps); - void checkGetPkgAuthorId(const std::string &pkgName, int expectedAuthorId); + void checkGetPkgAuthor(const std::string &pkgName, const std::string &expectedAuthorHash); void checkGetUserApps(const uid_t uid, std::vector expectedApps); void checkGetUserAppsFromPkg(uid_t uid, const std::string &pkgName, std::vector expectedApps); @@ -86,13 +86,13 @@ void PrivilegeDBGettersFixture::checkGetPkgApps(const std::string &package, expectedApps.begin(), expectedApps.end()); }; -void PrivilegeDBGettersFixture::checkGetPkgAuthorId(const std::string &pkgName, - int expectedAuthorId) +void PrivilegeDBGettersFixture::checkGetPkgAuthor(const std::string &pkgName, + const std::string &expectedAuthorHash) { - int authorId; - BOOST_REQUIRE_NO_THROW(getPrivDb()->GetPkgAuthorId(pkgName, authorId)); - BOOST_CHECK_MESSAGE(expectedAuthorId == authorId, "GetPkgAuthorId for package: " - << pkgName << " returned authorId: " << authorId << " expected: " << expectedAuthorId); + std::string authorHash; + BOOST_REQUIRE_NO_THROW(getPrivDb()->GetPkgAuthor(pkgName, authorHash)); + BOOST_CHECK_MESSAGE(expectedAuthorHash == authorHash, "GetPkgAuthor for package: " + << pkgName << " returned author: " << authorHash << " expected: " << expectedAuthorHash); }; void PrivilegeDBGettersFixture::checkGetUserApps(const uid_t uid, @@ -161,19 +161,18 @@ POSITIVE_TEST_CASE(T315_pkg_name_exists_finds_nothing) " as existing package name"); } -POSITIVE_TEST_CASE(T320_author_id_exists_finds_nothing) +POSITIVE_TEST_CASE(T320_author_exists_finds_nothing) { - //database is clean, author ids are assigned sequentially from bottom - const int notExistingAuthorId= 200; + std::string notExistingAuthorHash= "1234567890abcde"; - BOOST_REQUIRE_MESSAGE(!getPrivDb()->AuthorIdExists(notExistingAuthorId), - "AuthorIdExists wrongly reported " << notExistingAuthorId << - " as existing author id"); + BOOST_REQUIRE_MESSAGE(!getPrivDb()->AuthorExists(notExistingAuthorHash), + "AuthorExists wrongly reported " << notExistingAuthorHash << + " as existing author"); } POSITIVE_TEST_CASE(T325_app_name_pkg_author_exists) { - int authorId = -1; + std::string authorHash; addAppSuccess(app(1), pkg(1), uid(1), tizenVer(1), author(1), NotHybrid); addAppSuccess(app(2), pkg(2), uid(1), tizenVer(1), author(2), NotHybrid); @@ -185,9 +184,9 @@ POSITIVE_TEST_CASE(T325_app_name_pkg_author_exists) "AppNameExists wrongly not reported " << app(1) << " as existing application name"); BOOST_REQUIRE_MESSAGE(getPrivDb()->PkgNameExists(pkg(1)), "PkgNameExists wrongly not reported " << pkg(1) << " as existing package name"); - BOOST_REQUIRE_NO_THROW(getPrivDb()->GetPkgAuthorId(pkg(1), authorId)); - BOOST_REQUIRE_MESSAGE(getPrivDb()->AuthorIdExists(authorId), - "AuthorIdExists wrongly not found " << author(1) << " as existing author"); + BOOST_REQUIRE_NO_THROW(getPrivDb()->GetPkgAuthor(pkg(1), authorHash)); + BOOST_REQUIRE_MESSAGE(getPrivDb()->AuthorExists(authorHash), + "AuthorExists wrongly not found " << author(1) << " as existing author"); } POSITIVE_TEST_CASE(T330_get_app_pkg_name) @@ -397,22 +396,22 @@ POSITIVE_TEST_CASE(T365_get_all_packages) POSITIVE_TEST_CASE(T370_get_pkg_author_id) { - checkGetPkgAuthorId(pkg(1), -1); + checkGetPkgAuthor(pkg(1), ""); - addAppSuccess(app(1), pkg(1), uid(1), tizenVer(1), author(1), Hybrid); - checkGetPkgAuthorId(pkg(1), 1); + addAppSuccess(app(1), pkg(1), uid(1), tizenVer(1), "author(1)", Hybrid); + checkGetPkgAuthor(pkg(1), "f5ac9cea2142b382"); - addAppSuccess(app(2), pkg(2), uid(2), tizenVer(1), author(2), Hybrid); - checkGetPkgAuthorId(pkg(2), 2); + addAppSuccess(app(2), pkg(2), uid(2), tizenVer(1), "author(2)", Hybrid); + checkGetPkgAuthor(pkg(2), "c970622b1db2bbcf"); - addAppSuccess(app(3), pkg(2), uid(2), tizenVer(1), author(2), Hybrid); - checkGetPkgAuthorId(pkg(2), 2); + addAppSuccess(app(3), pkg(2), uid(2), tizenVer(1), "author(2)", Hybrid); + checkGetPkgAuthor(pkg(2), "c970622b1db2bbcf"); removeAppSuccess(app(1), uid(1)); - checkGetPkgAuthorId(pkg(1), -1); + checkGetPkgAuthor(pkg(1), ""); - addAppSuccess(app(1), pkg(1), uid(3), tizenVer(1), author(3), Hybrid); - checkGetPkgAuthorId(pkg(1), 3); + addAppSuccess(app(1), pkg(1), uid(3), tizenVer(1), "author(3)", Hybrid); + checkGetPkgAuthor(pkg(1), "0a8585f0b71a5fd7"); } POSITIVE_TEST_CASE(T380_is_package_Hybrid) diff --git a/test/test_smack-labels.cpp b/test/test_smack-labels.cpp index d4d2072..eb476c2 100644 --- a/test/test_smack-labels.cpp +++ b/test/test_smack-labels.cpp @@ -205,15 +205,15 @@ NEGATIVE_TEST_CASE(T1025_generate_smack_label_path_ro_invalid_pkg) NEGATIVE_TEST_CASE(T1026_generate_smack_label_path_trusted_invalid_author) { - const int invalidAuthorId = -1; - BOOST_REQUIRE_THROW(generatePathTrustedLabel(invalidAuthorId), SmackException::InvalidLabel); + const std::string invalidAuthorHash = ""; + BOOST_REQUIRE_THROW(generatePathTrustedLabel(invalidAuthorHash), SmackException::InvalidLabel); } POSITIVE_TEST_CASE(T1030_generate_smack_labels) { const std::string appName = "appNameT1030"; const std::string pkgName = "pkgNameT1030"; - const int validAuthorId = 42; + const std::string validAuthorHash = "1234567890abcde"; const std::string path = "/usr/apps/" + appName + "/shared/"; const std::string processLabel = "User::Pkg::pkgNameT1030"; @@ -233,8 +233,8 @@ POSITIVE_TEST_CASE(T1030_generate_smack_labels) const std::string sharedPrivateLabel = "User::Pkg::$1$pkgNameT$j2QeZi5Xvx67DnPfPtwSF."; BOOST_REQUIRE(generateSharedPrivateLabel(pkgName, path) == sharedPrivateLabel); - const std::string pathTrustedLabel = "User::Author::42"; - BOOST_REQUIRE(generatePathTrustedLabel(validAuthorId) == pathTrustedLabel); + const std::string pathTrustedLabel = "User::Author::1234567890abcde"; + BOOST_REQUIRE(generatePathTrustedLabel(validAuthorHash) == pathTrustedLabel); } NEGATIVE_TEST_CASE(T1031_generate_smack_label_invalid_pkg_name_non_hybrid) @@ -328,9 +328,9 @@ NEGATIVE_FIXTURE_TEST_CASE(T1052_setup_path_rw, DirectoryFixture) NEGATIVE_FIXTURE_TEST_CASE(T1053_setup_path_rw, DirectoryFixture) { const std::string pkgName = "pkgNameT1053"; - const int invalidAuthorId = -1; + const std::string invalidAuthorHash = ""; - BOOST_REQUIRE_THROW(setupPath(pkgName, directoryPath, SECURITY_MANAGER_PATH_TRUSTED_RW, invalidAuthorId), + BOOST_REQUIRE_THROW(setupPath(pkgName, directoryPath, SECURITY_MANAGER_PATH_TRUSTED_RW, invalidAuthorHash), SmackException::InvalidParam); } diff --git a/test/test_smack-rules.cpp b/test/test_smack-rules.cpp index ed57b3c..32052e6 100644 --- a/test/test_smack-rules.cpp +++ b/test/test_smack-rules.cpp @@ -62,12 +62,13 @@ struct DbFixture return pkgId; } - int getNextAuthorId() { - static int i = 0; + std::string getNextAuthorHash() { + static int i = 10000000; + std::string authorHash; do { - ++i; - } while (db.AuthorIdExists(i)); - return i; + authorHash = std::to_string(i++); + } while (db.AuthorExists(authorHash)); + return authorHash; } PrivilegeDb db; @@ -146,7 +147,7 @@ NEGATIVE_TEST_CASE(NAME) \ BOOST_REQUIRE_THROW( \ SmackAccesses().add(SUBJ, OBJ, PERM), \ SmackException::LibsmackError); \ -} +} NEGATIVE_RULE_ADD(T1127_smack_rules_exception_invalid_printable_character_subject, "subject/", "object", "rwxat") NEGATIVE_RULE_ADD(T1128_smack_rules_exception_invalid_printable_character_object, "subject", "object/", "rwxat") @@ -255,12 +256,12 @@ POSITIVE_FIXTURE_TEST_CASE(T1300_smack_rules_class_install_app_rules, DbFixture) std::string pkg = getNextPkgId(); std::string label1 = generateProcessLabel("app1", pkg, true); std::string label2 = generateProcessLabel("app2", pkg, true); - int author = getNextAuthorId(); + std::string authorHash = getNextAuthorHash(); BOOST_REQUIRE_NO_THROW(rules.installApplicationRules( - label1, pkg, author, + label1, pkg, authorHash, {label1, label2})); BOOST_REQUIRE_NO_THROW(rules.uninstallApplicationRules( - label1, pkg, author)); + label1, pkg, authorHash)); } POSITIVE_TEST_CASE(T1301_smack_rules_class_check_is_mapping_enabled) @@ -274,10 +275,10 @@ POSITIVE_FIXTURE_TEST_CASE(T1302_smack_rules_class_enable_disable_privileges, Db SmackRules rules; std::string pkg = getNextPkgId(); std::string label = generateProcessLabel("app", pkg, false); - int author = getNextAuthorId(); - BOOST_REQUIRE_NO_THROW(rules.enablePrivilegeRules(label, pkg, author, {})); - BOOST_REQUIRE_NO_THROW(rules.enablePrivilegeRules(label, pkg, author, {"http://tizen.org/privilege/dummy"})); - BOOST_REQUIRE_NO_THROW(rules.disableAllPrivilegeRules(label, pkg, author)); + std::string authorHash = getNextAuthorHash(); + BOOST_REQUIRE_NO_THROW(rules.enablePrivilegeRules(label, pkg, authorHash, {})); + BOOST_REQUIRE_NO_THROW(rules.enablePrivilegeRules(label, pkg, authorHash, {"http://tizen.org/privilege/dummy"})); + BOOST_REQUIRE_NO_THROW(rules.disableAllPrivilegeRules(label, pkg, authorHash)); } POSITIVE_FIXTURE_TEST_CASE(T1304_smack_rules_class_disable_specific_privilege_rules, DbFixture) @@ -285,9 +286,9 @@ POSITIVE_FIXTURE_TEST_CASE(T1304_smack_rules_class_disable_specific_privilege_ru SmackRules rules; std::string pkg = getNextPkgId(); std::string label = generateProcessLabel("app", pkg, false); - int author = getNextAuthorId(); + std::string authorHash = getNextAuthorHash(); BOOST_REQUIRE_NO_THROW(rules.disablePrivilegeRules( - label, pkg, author, {"http://tizen.org/privilege/dummy"})); + label, pkg, authorHash, {"http://tizen.org/privilege/dummy"})); } POSITIVE_FIXTURE_TEST_CASE(T1305_smack_rules_class_uninstall_pkg_rules, DbFixture) @@ -303,7 +304,7 @@ POSITIVE_FIXTURE_TEST_CASE(T1306_smack_rules_class_uninstall_app_rules, DbFixtur SmackRules rules; std::string pkg = getNextPkgId(); std::string label = generateProcessLabel("app", pkg, false); - BOOST_REQUIRE_NO_THROW(rules.uninstallApplicationRules(label, pkg, 1)); + BOOST_REQUIRE_NO_THROW(rules.uninstallApplicationRules(label, pkg, "1")); } POSITIVE_FIXTURE_TEST_CASE(T1307_smack_rules_class_update_pkg_rules, DbFixture) @@ -319,7 +320,7 @@ POSITIVE_FIXTURE_TEST_CASE(T1307_smack_rules_class_update_pkg_rules, DbFixture) POSITIVE_FIXTURE_TEST_CASE(T1308_smack_rules_class_uninstall_author_rules, DbFixture) { SmackRules rules; - BOOST_REQUIRE_NO_THROW(rules.uninstallAuthorRules(getNextAuthorId())); + BOOST_REQUIRE_NO_THROW(rules.uninstallAuthorRules(getNextAuthorHash())); } POSITIVE_FIXTURE_TEST_CASE(T1309_smack_rules_class_private_sharing, DbFixture) @@ -352,14 +353,14 @@ POSITIVE_FIXTURE_TEST_CASE(T1310_smack_rules_class_templates, DbFixture) std::string pkg = getNextPkgId(); std::string label = generateProcessLabel("app", pkg, false); - int author = getNextAuthorId(); + std::string authorHash = getNextAuthorHash(); BOOST_REQUIRE_NO_THROW(rules.addFromTemplate( accesses, TemplateManager::Type::APP_RULES_TEMPLATE, label, pkg, - author)); + authorHash)); BOOST_REQUIRE_NO_THROW(rules.addFromPrivTemplate( accesses, @@ -368,12 +369,12 @@ POSITIVE_FIXTURE_TEST_CASE(T1310_smack_rules_class_templates, DbFixture) label, "aPrivilegeLabelDummy", pkg, - author)); + authorHash)); BOOST_REQUIRE_NO_THROW(rules.useTemplate( TemplateManager::Type::APP_RULES_TEMPLATE, - label, pkg, 1)); - BOOST_REQUIRE_NO_THROW(rules.disableAllPrivilegeRules(label, pkg, 1)); + label, pkg, "1")); + BOOST_REQUIRE_NO_THROW(rules.disableAllPrivilegeRules(label, pkg, "1")); } BOOST_AUTO_TEST_SUITE_END() -- 2.7.4