From f1761b58597fb4b54aed13f8374892955957f47a Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Thu, 8 Sep 2016 19:57:46 +0200 Subject: [PATCH] SM: Change process label generation Change-Id: I36365303a07ef94e0a62a16fa0adf6824ca6c8c5 --- .../common/sm_commons.cpp | 8 ++-- .../common/sm_request.cpp | 9 ++++ .../common/sm_request.h | 2 +- .../test_cases_privacy_manager.cpp | 48 ++++++++++++------- .../test_cases_trusted_sharing.cpp | 4 +- 5 files changed, 49 insertions(+), 22 deletions(-) diff --git a/src/security-manager-tests/common/sm_commons.cpp b/src/security-manager-tests/common/sm_commons.cpp index dd027f55..0598cc73 100644 --- a/src/security-manager-tests/common/sm_commons.cpp +++ b/src/security-manager-tests/common/sm_commons.cpp @@ -70,9 +70,11 @@ const std::string uidToStr(const uid_t uid) std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid) { - (void) pkgId; - (void) isHybrid; - return "User::App::" + appId; + std::string label = "User::Pkg::" + pkgId; + if (isHybrid) { + label += "::App::" + appId; + } + return label; } std::string generatePathRWLabel(const std::string &pkgId) diff --git a/src/security-manager-tests/common/sm_request.cpp b/src/security-manager-tests/common/sm_request.cpp index c20dbb6c..9f9f3826 100644 --- a/src/security-manager-tests/common/sm_request.cpp +++ b/src/security-manager-tests/common/sm_request.cpp @@ -140,6 +140,15 @@ void InstallRequest::setInstallType(const enum app_install_type &type, lib_retco << " Expected result: " << expectedResult); } +void InstallRequest::setHybrid(lib_retcode expectedResult) +{ + int result = security_manager_app_inst_req_set_hybrid(m_req); + RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, + "setting security_manager_app_inst_req_set_hybrid returned wrong value." + << " Result: " << result << ";" + << " Expected result: " << expectedResult); +} + std::ostream& operator<<(std::ostream &os, const InstallRequest &request) { if (!request.m_appId.empty()) diff --git a/src/security-manager-tests/common/sm_request.h b/src/security-manager-tests/common/sm_request.h index a6af195e..a11ba1dd 100644 --- a/src/security-manager-tests/common/sm_request.h +++ b/src/security-manager-tests/common/sm_request.h @@ -64,7 +64,7 @@ public: void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); void setAuthorId(std::string authorId, lib_retcode expectedResult= SECURITY_MANAGER_SUCCESS); void setInstallType(const enum app_install_type &type, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); - + void setHybrid(lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); std::string getAppTizenVersion() const { return m_tizenVer; } app_inst_req *get() { return m_req; } const app_inst_req *get() const { return m_req; } diff --git a/src/security-manager-tests/test_cases_privacy_manager.cpp b/src/security-manager-tests/test_cases_privacy_manager.cpp index a09d294f..0c1d4940 100644 --- a/src/security-manager-tests/test_cases_privacy_manager.cpp +++ b/src/security-manager-tests/test_cases_privacy_manager.cpp @@ -24,6 +24,7 @@ #include #include +#include #include #include #include @@ -732,7 +733,7 @@ RUNNER_CHILD_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_fo RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin) { - const char *const update_app_id = "security_manager_15_update_app_id"; + AppInstallHelper app("security_manager_15_update"); const char *const update_privilege = "http://tizen.org/privilege/led"; const char *const check_start_bucket = "ADMIN"; const std::string username("sm_test_15_username"); @@ -754,6 +755,12 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_adm TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false); user.create(); + app.createInstallDir(); + InstallRequest inst; + inst.setAppId(app.getAppId()); + inst.setPkgId(app.getPkgId()); + Api::install(inst); + pid = fork(); RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); if (pid != 0)//parent process @@ -772,7 +779,7 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_adm waitPid(pid); - admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id, "").c_str(), + admin.adminCheck(check_start_bucket, false, app.generateAppLabel().c_str(), std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); } if(pid == 0) @@ -788,8 +795,7 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_adm result = drop_root_privileges(msg.uid, msg.gid); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - // FIXME - Application has to be installed for it to have policy set in SM - PolicyEntry entry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); + PolicyEntry entry(app.getAppId(), std::to_string(static_cast(msg.uid)), update_privilege); entry.setMaxLevel("Allow"); addPolicyRequest.addEntry(entry); @@ -801,6 +807,7 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_adm RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard) { const char *const update_other_app_id = "security_manager_15_update_other_app_id"; + const char *const update_other_pkg_id = "security_manager_15_update_other_pkg_id"; const char *const update_privilege = "http://tizen.org/privilege/led"; const char *const check_start_bucket = "ADMIN"; const std::string username("sm_test_15_username"); @@ -840,7 +847,7 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_adm waitPid(pid); - admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_other_app_id, "").c_str(), + admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_other_app_id, update_other_pkg_id).c_str(), std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); } if(pid == 0) @@ -868,7 +875,7 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_adm RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_self) { - const char *const update_app_id = "security_manager_15_update_app_id"; + AppInstallHelper app("security_manager_15_update"); const char *const update_privilege = "http://tizen.org/privilege/led"; const char *const check_start_bucket = ""; const std::string username("sm_test_15_username"); @@ -890,6 +897,12 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_sel TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); user.create(); + app.createInstallDir(); + InstallRequest inst; + inst.setAppId(app.getAppId()); + inst.setPkgId(app.getPkgId()); + Api::install(inst); + pid = fork(); RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); if (pid != 0)//parent process @@ -908,7 +921,7 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_sel waitPid(pid); - admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id, "").c_str(), + admin.adminCheck(check_start_bucket, false, app.generateAppLabel().c_str(), std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); } if(pid == 0) @@ -924,8 +937,7 @@ RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_sel result = drop_root_privileges(msg.uid, msg.gid); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - // FIXME - Application has to be installed for it to have policy set in SM - PolicyEntry entry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); + PolicyEntry entry(app.getAppId(), std::to_string(static_cast(msg.uid)), update_privilege); entry.setLevel("Allow"); addPolicyRequest.addEntry(entry); @@ -1010,7 +1022,7 @@ RUNNER_CHILD_TEST(security_manager_16_policy_levels_get) RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self) { - const char *const update_app_id = "security_manager_17_update_app_id"; + AppInstallHelper app("security_manager_17_update"); const char *const update_privilege = "http://tizen.org/privilege/led"; const char *const check_start_bucket = ""; const std::string username("sm_test_17_username"); @@ -1034,6 +1046,12 @@ RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self) TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); user.create(); + app.createInstallDir(); + InstallRequest inst; + inst.setAppId(app.getAppId()); + inst.setPkgId(app.getPkgId()); + Api::install(inst); + pid[0] = fork(); RUNNER_ASSERT_MSG(pid[0] >= 0, "fork failed"); if (pid[0] != 0)//parent process @@ -1052,7 +1070,7 @@ RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self) waitPid(pid[0]); - admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id, "").c_str(), + admin.adminCheck(check_start_bucket, false, app.generateAppLabel().c_str(), std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); pid[1] = fork(); @@ -1070,7 +1088,7 @@ RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self) waitPid(pid[1]); - admin.adminCheck(check_start_bucket, false, generateProcessLabel(update_app_id, "").c_str(), + admin.adminCheck(check_start_bucket, false, app.generateAppLabel().c_str(), std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr); } if(pid[1] == 0) @@ -1086,8 +1104,7 @@ RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self) // delete this entry PolicyRequest deletePolicyRequest; - // FIXME - Application has to be installed for it to have policy set in SM - PolicyEntry deleteEntry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); + PolicyEntry deleteEntry(app.getAppId(), std::to_string(static_cast(msg.uid)), update_privilege); deleteEntry.setLevel(SECURITY_MANAGER_DELETE); deletePolicyRequest.addEntry(deleteEntry); @@ -1108,8 +1125,7 @@ RUNNER_CHILD_TEST(security_manager_17_privacy_manager_delete_policy_for_self) result = drop_root_privileges(msg.uid, msg.gid); RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - // FIXME - Application has to be installed for it to have policy set in SM - PolicyEntry entry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); + PolicyEntry entry(app.getAppId(), std::to_string(static_cast(msg.uid)), update_privilege); entry.setLevel("Allow"); addPolicyRequest.addEntry(entry); diff --git a/src/security-manager-tests/test_cases_trusted_sharing.cpp b/src/security-manager-tests/test_cases_trusted_sharing.cpp index d493b74c..6993816a 100644 --- a/src/security-manager-tests/test_cases_trusted_sharing.cpp +++ b/src/security-manager-tests/test_cases_trusted_sharing.cpp @@ -249,7 +249,7 @@ RUNNER_TEST(security_manager_46_pkgId_deinstalation_test) * User PKGLabel rwxatl */ - std::vector helper {{"a46"}, {"b46"}}; + std::vector helper {{"a46", "a46"}, {"b46", "a46"}}; auto &trusted1 = helper[0]; auto &trusted2 = helper[1]; @@ -270,7 +270,7 @@ RUNNER_TEST(security_manager_46_pkgId_deinstalation_test) InstallRequest trustingApp2; trustingApp2.setAppId(trusted2.getAppId()); - trustingApp2.setPkgId(trusted1.getPkgId()); // both apps will be part of same pkgId + trustingApp2.setPkgId(trusted2.getPkgId()); trustingApp2.setAuthorId(authorId1); Api::install(trustingApp2); -- 2.34.1