From e6de046e71716f5d7b4902816bc4f2b5c837d394 Mon Sep 17 00:00:00 2001 From: Tomasz Swierczek Date: Fri, 16 Feb 2018 14:13:40 +0100 Subject: [PATCH] Added tests for security_manager_get_app_manifest_policy() API call Change-Id: If04e0e560d2c9a6a91b880a754d871edfdc13f08 --- .../test_cases_privacy_manager.cpp | 157 ++++++++++++++++++ 1 file changed, 157 insertions(+) diff --git a/src/security-manager-tests/test_cases_privacy_manager.cpp b/src/security-manager-tests/test_cases_privacy_manager.cpp index eeec39af..19c6465a 100644 --- a/src/security-manager-tests/test_cases_privacy_manager.cpp +++ b/src/security-manager-tests/test_cases_privacy_manager.cpp @@ -965,3 +965,160 @@ RUNNER_CHILD_TEST(security_manager_20_privacy_manager_privacy_related_privileges } } } + +RUNNER_CHILD_TEST(security_manager_21_fetch_app_manifest_invalid_params) +{ + int ret = security_manager_get_app_manifest_policy(nullptr, 0, nullptr, nullptr); + RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_INPUT_PARAM, "Expected invalid input param, returned " << ret); +} + + +RUNNER_CHILD_TEST(security_manager_22_fetch_app_manifest_no_app) +{ + char **privileges; + size_t nPrivs = 0; + int ret = security_manager_get_app_manifest_policy("not_existing_app_id", 0, &privileges, &nPrivs); + RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT, "Expected no such object error, returned " << ret); +} + +RUNNER_CHILD_TEST(security_manager_23_fetch_app_manifest_invalid_user) +{ + TemporaryTestUser user("sm_test_23_fetch_username", GUM_USERTYPE_NORMAL); + user.create(); + + AppInstallHelper app("security_manager_23_fetch", user.getUid()); + app.setInstallType(SM_APP_INSTALL_LOCAL); + app.addPrivileges(TEST_PRIVACY_PRIVILEGES[1]); + ScopedInstaller appInstall(app); + + char **privileges; + size_t nPrivs = 0; + int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), 0, &privileges, &nPrivs); + // Should security-manager check if user exists? + RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret); + RUNNER_ASSERT_MSG(nPrivs == 0, "Expected empty set of privileges, returned " << nPrivs); +} + +RUNNER_CHILD_TEST(security_manager_24_fetch_app_manifest_auth_error) +{ + TemporaryTestUser user("sm_test_24_fetch_username", GUM_USERTYPE_NORMAL); + user.create(); + + AppInstallHelper app("security_manager_24_fetch", user.getUid()); + app.setInstallType(SM_APP_INSTALL_LOCAL); + app.addPrivileges(TEST_PRIVACY_PRIVILEGES[1]); + ScopedInstaller appInstall(app); + + pid_t pid = fork(); + RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed"); + if (pid != 0) { //parent process + waitPid(pid); + } else { //child process + Api::setProcessLabel(app.getAppId()); + RUNNER_ASSERT_ERRNO_MSG( + drop_root_privileges(user.getUid(), user.getGid()) == 0, + "drop_root_privileges failed"); + char **privileges; + size_t nPrivs = 0; + int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs); + RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "Expected access denied, returned " << ret); + exit(0); + } +} + +static void check_privileges_from_manifest(const AppInstallHelper &aih, char **privileges, size_t nPrivs) +{ + std::vector aihPrivs = aih.getPrivilegesNames(); + RUNNER_ASSERT_MSG(nPrivs == aihPrivs.size(), "Expected privileges number: " << aihPrivs.size() << ", got " << nPrivs); + for (size_t i = 0; i < nPrivs; ++i) { + RUNNER_ASSERT_MSG(std::find(aihPrivs.begin(), aihPrivs.end(), std::string(privileges[i])) != aihPrivs.end(), + "Privilege " << privileges[i] << " not found"); + } +} + +RUNNER_CHILD_TEST(security_manager_25_fetch_app_manifest_global_app) +{ + TemporaryTestUser user("sm_test_25_fetch_username", GUM_USERTYPE_NORMAL); + user.create(); + + AppInstallHelper app("security_manager_25_fetch"); + app.setInstallType(SM_APP_INSTALL_GLOBAL); + app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read")); + app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write")); + ScopedInstaller appInstall(app); + + char **privileges; + size_t nPrivs = 0; + + int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), 0, &privileges, &nPrivs); + RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret); + check_privileges_from_manifest(app, privileges, nPrivs); + security_manager_privileges_free(privileges, nPrivs); + + // since app is installed globally, also for our temporary user the returned list should be the same + nPrivs = 0; + ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs); + RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret); + check_privileges_from_manifest(app, privileges, nPrivs); + security_manager_privileges_free(privileges, nPrivs); +} + +RUNNER_CHILD_TEST(security_manager_26_fetch_app_manifest_local_app) +{ + TemporaryTestUser user("sm_test_26_fetch_username", GUM_USERTYPE_NORMAL); + user.create(); + + AppInstallHelper app("security_manager_26_fetch", user.getUid()); + app.setInstallType(SM_APP_INSTALL_LOCAL); + app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read")); + app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write")); + ScopedInstaller appInstall(app); + + char **privileges; + size_t nPrivs = 0; + + int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs); + RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret); + check_privileges_from_manifest(app, privileges, nPrivs); + security_manager_privileges_free(privileges, nPrivs); + + // since app is installed locally, if we ask for other user (ie. root), we should get empty list of privileges + nPrivs = 0; + ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), 0, &privileges, &nPrivs); + RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret); + RUNNER_ASSERT_MSG(nPrivs == 0, "Expected empty set of privileges, returned " << nPrivs); +} + +RUNNER_CHILD_TEST(security_manager_27_fetch_app_manifest_both_apps) +{ + TemporaryTestUser user("sm_test_27_fetch_username", GUM_USERTYPE_NORMAL); + user.create(); + + AppInstallHelper appGlobal("security_manager_27_fetch"); + appGlobal.setInstallType(SM_APP_INSTALL_GLOBAL); + appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read")); + appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write")); + appGlobal.addPrivilege(std::string("http://tizen.org/privielge/contacts.read")); + ScopedInstaller appGlobalInstall(appGlobal); + + AppInstallHelper appLocal("security_manager_27_fetch", user.getUid()); + appLocal.setInstallType(SM_APP_INSTALL_LOCAL); + appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read")); + appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write")); + ScopedInstaller appLocalInstall(appLocal); + + + char **privileges; + size_t nPrivs = 0; + + int ret = security_manager_get_app_manifest_policy(appLocal.getAppId().c_str(), user.getUid(), &privileges, &nPrivs); + RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret); + check_privileges_from_manifest(appLocal, privileges, nPrivs); + security_manager_privileges_free(privileges, nPrivs); + + nPrivs = 0; + ret = security_manager_get_app_manifest_policy(appGlobal.getAppId().c_str(), 0, &privileges, &nPrivs); + RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected succes, returned " << ret); + check_privileges_from_manifest(appGlobal, privileges, nPrivs); + security_manager_privileges_free(privileges, nPrivs); +} -- 2.34.1