2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Jan Olszak (j.olszak@samsung.com)
20 * @author Rafal Krypa (r.krypa@samsung.com)
21 * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
23 * @brief libprivilege-control test runner
36 #include <sys/types.h>
39 #include <sys/socket.h>
41 #include <sys/smack.h>
43 #include <privilege-control.h>
44 #include <dpl/test/test_runner.h>
45 #include <dpl/test/test_runner_child.h>
46 #include <dpl/test/test_runner_multiprocess.h>
47 #include <dpl/log/log.h>
48 #include <tests_common.h>
49 #include <libprivilege-control_test_common.h>
50 #include "common/duplicates.h"
51 #include "common/db.h"
54 // Error codes for test_libprivilege_strerror
55 const std::vector<int> error_codes {
56 PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
57 PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
58 PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
59 PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
64 std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
66 std::vector<std::string> names;
67 for(size_t i = 0; i < size; ++i) {
68 names.push_back(prefix + "_" + std::to_string(i) + suffix);
73 const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
74 const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
75 const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
76 const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
77 const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
78 const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
79 const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
81 void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
83 std::ifstream dac_file(dac_file_path);
84 RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
86 auto it = gids.begin();
88 while (std::getline(dac_file,line)) {
89 std::istringstream is(line);
92 RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
93 RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
97 RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
102 void remove_smack_files()
105 unlink(OSP_BLAHBLAH);
106 unlink(WRT_BLAHBLAH);
107 unlink(OTHER_BLAHBLAH);
108 unlink(WRT_BLAHBLAH_DAC);
109 unlink(OTHER_BLAHBLAH_DAC);
111 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
112 unlink(OSP_BLAHBLAH_DAC[i].c_str());
114 for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
115 unlink(OSP_BLAHBLAH_DAC[i].c_str());
120 RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
122 RUNNER_TEST(privilege_control02_perm_app_setup_path_01_PRIVATE)
126 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
127 RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
129 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
130 RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
134 result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
135 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_PRIVATE failed");
139 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
140 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
142 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
143 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
146 RUNNER_TEST(privilege_control02_perm_app_setup_path_02_FLOOR)
150 result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
151 RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
153 result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
154 RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
158 result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_FLOOR);
159 RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_FLOOR type failed");
163 result = nftw(TEST_APP_DIR, &nftw_check_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
164 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
166 result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
167 RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
171 RUNNER_TEST_SMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO)
173 test_perm_app_setup_path_PUBLIC_RO(true);
177 * Revoke permissions from the list. Should be executed as privileged user.
179 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
181 test_revoke_permissions(__LINE__, WGT_APP_ID);
185 * Revoke permissions from the list. Should be executed as privileged user.
187 RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
189 test_revoke_permissions(__LINE__, OSP_APP_ID);
192 void test_set_app_privilege(
193 const char* app_id, app_type_t APP_TYPE,
194 const char** privileges, const char* type,
195 const char* app_path, const char* dac_file,
196 const rules_t &rules) {
197 check_app_installed(app_path);
201 /* Remove the group file to make sure other tests do not affect current one. This is because all
202 apps get the same label "User" */
203 const char* db_file = tzplatform_mkpath(TZ_SYS_DB,".privilege_control_app_gids.db");
204 RUNNER_ASSERT_MSG(db_file, "Failed to get groups db path");
205 result = unlink(db_file);
206 RUNNER_ASSERT_MSG(result == 0, "Removing group db failed " << strerror(errno));
210 result = perm_app_uninstall(app_id);
211 RUNNER_ASSERT_MSG(result == 0,
212 " perm_app_uninstall returned " << result << ". "
213 "Errno: " << strerror(errno));
215 result = perm_app_install(app_id);
216 RUNNER_ASSERT_MSG(result == 0,
217 " perm_app_install returned " << result << ". "
218 "Errno: " << strerror(errno));
221 result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, false);
222 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
223 " Error registering app permissions. Result: " << result);
227 result = test_have_all_accesses(rules);
228 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
230 std::set<unsigned> groups_before;
231 read_user_gids(groups_before, APP_UID);
233 result = perm_app_set_privilege(app_id, type, app_path);
234 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
235 " Error in perm_app_set_privilege. Error: " << result);
237 // Check if SMACK label really set
239 result = smack_new_label_from_self(&label);
240 RUNNER_ASSERT_MSG(result >= 0,
241 " Error getting current process label");
242 RUNNER_ASSERT_MSG(label != nullptr,
243 " Process label is not set");
245 result = strcmp(USER_APP_ID, label);
246 RUNNER_ASSERT_MSG(result == 0,
247 " Process label " << label << " is incorrect");
249 check_groups(groups_before, dac_file);
253 * Set APP privileges. wgt.
255 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
257 test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
258 LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
262 * Set APP privileges. osp app.
264 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
266 test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
267 LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
270 RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_efl)
272 test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
274 LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
278 * Add new API feature
280 RUNNER_TEST(privilege_control08_add_api_feature)
284 remove_smack_files();
288 // argument validation
289 result = perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0);
290 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
292 result = perm_add_api_feature(APP_TYPE_OSP,"", nullptr, nullptr, 0);
293 RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
296 // Already existing feature:
297 // TODO: Database will be malformed. (Rules for these features will be removed.)
298 result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", nullptr, nullptr, 0);
299 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
301 result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", nullptr, nullptr, 0);
302 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
305 result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", nullptr, nullptr, 0);
306 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
308 result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", nullptr, nullptr, 0);
309 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
312 const char *test1[] = { nullptr };
313 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, nullptr, 0);
314 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
316 const char *test2[] = { "", nullptr };
317 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, nullptr, 0);
318 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
320 const char *test3[] = { " \t\n", "\t \n", "\n\t ", nullptr };
321 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, nullptr, 0);
322 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
325 const char *test4[] = { "malformed", nullptr };
326 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, nullptr, 0);
327 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
329 const char *test5[] = { "malformed malformed", nullptr };
330 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, nullptr, 0);
331 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
333 const char *test6[] = { "-malformed malformed rwxat", nullptr };
334 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, nullptr, 0);
335 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
337 const char *test7[] = { "~/\"\\ malformed rwxat", nullptr };
338 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, nullptr, 0);
339 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
341 const char *test8[] = { "subject object rwxat something else", nullptr };
342 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, nullptr, 0);
343 RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
347 const char *test9[] = {
348 "~APP~ object\t rwxatl",
350 "subject2\t~APP~ ltxarw",
354 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, nullptr, 0);
355 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
357 const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", nullptr };
358 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, nullptr, 0);
359 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
361 const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", nullptr }; // TODO This fails.
362 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, nullptr, 0);
363 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
366 // TODO For now identical/complementary rules are not merged.
367 const char *test12[] = {
368 "subject1 ~APP~ rwxatl",
370 "subject2 ~APP~ ltxarw",
373 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, nullptr, 0);
374 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
377 const char *test13[] = { "~APP~ b a", nullptr};
378 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
379 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
380 result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
381 RUNNER_ASSERT(result == -1);
382 remove_smack_files();
386 result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
387 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
388 osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
389 remove_smack_files();
391 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
392 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
393 osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
394 remove_smack_files();
396 result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
397 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
398 osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
399 remove_smack_files();
405 * Add new API feature, assign it to an app and redefine the API feature.
406 * Check if app rules has changed after redefinition.
408 RUNNER_TEST_SMACK(privilege_control09_perm_add_api_feature_redefine)
411 const char *permissionName[] = { "org.tizen.test.permtoberedefined", nullptr};
413 // Rules to be used with the first check
414 const rules_t test_rules1 = {
415 { GENERATED_APP_ID, PERM_TO_REDEFINE, "rx" },
416 { PERM_TO_REDEFINE, GENERATED_APP_ID, "rwx" },
417 { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
420 // Rules that contain differences - to be used with the second check (after re-def)
421 const rules_t test_rules2 = {
422 { GENERATED_APP_ID, PERM_TO_REDEFINE, "rwx" },
423 { PERM_TO_REDEFINE, GENERATED_APP_ID, "rx" },
424 { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "watl" }
427 // Differences between rules1 and rules2 - should be revoked after re-def)
428 const rules_t diff_rules = {
429 { PERM_TO_REDEFINE, GENERATED_APP_ID, "w" },
430 { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
433 // Rules to be used with the first definition
434 const char *perm_rules1[] = {
435 "~APP~ " PERM_TO_REDEFINE " rx",
436 PERM_TO_REDEFINE " ~APP~ rwx",
437 "~APP~ " PERM_SUB_TO_REDEFINE " rx",
441 // Rules that contain differences - to be used with the second definition (re-def)
442 const char *perm_rules2[] = {
443 "~APP~ " PERM_TO_REDEFINE " rwx",
444 PERM_TO_REDEFINE " ~APP~ rx",
445 "~APP~ " PERM_SUB_TO_REDEFINE " watl",
451 // uninstall app to make sure that all rules and permissions are revoked
452 result = perm_app_uninstall(APP_ID);
453 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
454 "perm_app_uninstall failed: " << perm_strerror(result));
456 result = perm_app_install(APP_ID);
457 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
458 "perm_app_install failed: " << perm_strerror(result));
460 result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules1, nullptr, 0);
461 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
462 "perm_add_api_feature failed: " << result);
464 result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP, permissionName, true);
465 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
466 "perm_app_enable_permissions failed: " << perm_strerror(result));
470 // Check if rules are applied
471 result = test_have_all_accesses(test_rules1);
472 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
476 // Redefine the permission
477 result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules2, nullptr, 0);
478 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
479 "perm_add_api_feature failed: " << result);
483 // Check if rules are updated
484 result = test_have_all_accesses(test_rules2);
485 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added after update.");
486 // The difference between rules1 and rules2 should be revoked!
487 result = test_have_any_accesses(diff_rules);
488 RUNNER_ASSERT_MSG(result == 0, "Permissions are not fully updated.");
492 * Check perm_app_uninstall function
494 void check_perm_app_uninstall(const char* pkg_id)
500 result = perm_app_uninstall(pkg_id);
501 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned: " << perm_strerror(result));
506 RUNNER_TEST(privilege_control07_app_uninstall)
508 check_perm_app_uninstall(APP_ID);
512 * Check perm_app_install function
514 void check_perm_app_install(const char* pkg_id)
520 result = perm_app_install(pkg_id);
521 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
525 TestLibPrivilegeControlDatabase db_test;
526 db_test.test_db_after__perm_app_install(USER_APP_ID);
529 RUNNER_TEST(privilege_control01_app_install)
531 check_perm_app_uninstall(APP_ID);
532 check_perm_app_install(APP_ID);
533 // try install second time app with the same ID - it should pass.
534 check_perm_app_install(APP_ID);
538 * Check perm_rollback function
540 RUNNER_TEST(privilege_control07_app_rollback)
542 check_perm_app_uninstall(APP_ID);
548 result = perm_app_install(APP_ID);
549 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
551 // transaction rollback
552 result = perm_rollback();
553 RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
558 RUNNER_TEST(privilege_control07_app_rollback_2)
560 check_perm_app_uninstall(APP_ID);
566 result = perm_app_install(APP_ID);
567 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
569 // transaction rollback
570 result = perm_rollback();
571 RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
573 // install once again after the rollback
574 result = perm_app_install(APP_ID);
575 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
579 TestLibPrivilegeControlDatabase db_test;
580 db_test.test_db_after__perm_app_install(USER_APP_ID);
584 * Grant SMACK permissions based on permissions list.
586 RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
590 // Clean up after test:
593 result = perm_app_uninstall(WGT_APP_ID);
594 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
595 result = perm_app_install(WGT_APP_ID);
596 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
599 * Test - Enabling all permissions with persistant mode enabled
601 result = perm_app_revoke_permissions(WGT_APP_ID);
602 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
603 "Error revoking app permissions. Result: " << result);
605 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
606 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
607 " Error registering app permissions. Result: " << result);
611 // Check if the accesses are realy applied..
612 result = test_have_all_accesses(rules2);
613 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
618 result = perm_app_revoke_permissions(WGT_APP_ID);
619 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
620 "Error revoking app permissions. Result: " << result);
625 * Test - Enabling all permissions with persistant mode disabled
629 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
630 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
631 " Error registering app permissions. Result: " << result);
633 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
634 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
635 " Error enabling app permissions. Result: " << result);
639 // Check if the accesses are realy applied..
640 result = test_have_all_accesses(rules2);
641 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
646 result = perm_app_revoke_permissions(WGT_APP_ID);
647 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
648 "Error revoking app permissions. Result: " << result);
653 * Test - Registering new permissions in two complementary files
658 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
659 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
660 " Error registering app permissions. Result: " << result);
664 // Check if the accesses are realy applied..
665 result = test_have_all_accesses(rules2_no_r);
666 RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
671 result = perm_app_revoke_permissions(WGT_APP_ID);
672 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
673 "Error revoking app permissions. Result: " << result);
678 * Test - Enabling some permissions and then enabling complementary permissions
683 // Register permission for rules 2 no r
684 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
685 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
686 " Error registering app permissions without r. Result: " << result);
690 // Check if the accesses are realy applied..
691 result = test_have_all_accesses(rules2_no_r);
692 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
696 // Register permission for rules 2
697 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
698 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
699 " Error registering app all permissions. Result: " << result);
703 // Check if the accesses are realy applied..
704 result = test_have_all_accesses(rules2);
705 RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
710 result = perm_app_revoke_permissions(WGT_APP_ID);
711 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
712 "Error revoking app permissions. Result: " << result);
715 * Test - Enabling some permissions and then enabling all permissions
718 // Enable permission for rules 2 no r
719 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
720 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
721 " Error registering app permissions without r. Result: " << result);
725 // Check if the accesses are realy applied..
726 result = test_have_all_accesses(rules2_no_r);
727 RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
731 // Enable permission for rules 2
732 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
733 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
734 " Error registering app permissions with only r. Result: " << result);
738 // Check if the accesses are realy applied..
739 result = test_have_all_accesses(rules2_r);
740 RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
745 result = perm_app_revoke_permissions(WGT_APP_ID);
746 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
747 "Error revoking app permissions. Result: " << result);
751 // Clean up after test:
752 result = perm_app_uninstall(WGT_APP_ID);
753 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
758 RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
760 test_app_enable_permissions_efl(true);
764 * Check perm_app_install function
766 RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
768 test_app_disable_permissions_efl(true);
773 * Remove previously granted SMACK permissions based on permissions list.
775 RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
777 test_app_disable_permissions(true);
781 * Reset SMACK permissions for an application by revoking all previously
782 * granted rules and enabling them again from a rules file from disk.
784 // TODO: This test is incomplete.
785 RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
790 * Test - doing reset and checking if rules exist again.
795 result = perm_app_install(WGT_APP_ID);
796 RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
798 // Disable permissions
799 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
800 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
801 "Error disabling app permissions. Result: " << result);
803 // Prepare permissions to reset
804 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
805 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
806 " Error registering app permissions. Result: " << result);
809 result = perm_app_reset_permissions(WGT_APP_ID);
810 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
811 "Error reseting app permissions. Result: " << result);
815 // Are all second permissions not disabled?
816 result = test_have_all_accesses(rules2);
817 RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
821 // Disable permissions
822 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
823 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
824 "Error disabling app permissions. Result: " << result);
826 result = perm_app_uninstall(WGT_APP_ID);
827 RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
832 static void smack_set_random_label_based_on_pid_on_self(void)
835 std::stringstream ss;
837 ss << "s-" << getpid() << "-" << getppid();
838 result = smack_set_label_for_self(ss.str().c_str());
839 RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
840 << ss.str().c_str() << ") failed");
843 static void smack_unix_sock_server(int sock)
849 fd = accept(sock, nullptr, nullptr);
854 FdUniquePtr fdPtr(&fd);
856 result = smack_new_label_from_self(&smack_label);
857 RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
858 SmackLabelPtr smackLabelPtr(smack_label);
860 ssize_t bitsNum = write(fd, smack_label, strlen(smack_label));
861 RUNNER_ASSERT_ERRNO_MSG(bitsNum >= 0 && static_cast<size_t>(bitsNum) == strlen(smack_label),
865 RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
868 struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
872 RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
874 smack_set_random_label_based_on_pid_on_self();
876 if (!pid) { /* child process, server */
879 /* Set the process label before creating a socket */
880 sock = socket(AF_UNIX, SOCK_STREAM, 0);
881 RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
882 SockUniquePtr sockPtr(&sock);
885 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
886 RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
888 result = listen(sock, 1);
889 RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
890 smack_unix_sock_server(sock);
892 /* Change the process label with listening socket */
893 smack_unix_sock_server(sock);
896 RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
897 /* Now running two concurrent servers.
898 Test if socket label was unaffected by fork() */
899 smack_unix_sock_server(sock);
900 /* Let's give the two servers different labels */
901 smack_unix_sock_server(sock);
904 } else { /* parent process, client */
905 sleep(1); /* Give server some time to setup listening socket */
907 for (i = 0; i < 4; ++i) {
910 char smack_label1[SMACK_LABEL_LEN + 1];
913 sock = socket(AF_UNIX, SOCK_STREAM, 0);
914 RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
915 SockUniquePtr sockPtr(&sock);
917 result = connect(sock,
918 (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
919 RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
922 result = read(sock, smack_label1, SMACK_LABEL_LEN);
924 RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
926 smack_label1[result] = '\0';
927 smack_label2 = perm_app_id_from_socket(sock);
928 RUNNER_ASSERT_MSG(smack_label2 != nullptr, "perm_app_id_from_socket failed");
929 result = strcmp(smack_label1, smack_label2);
930 RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
931 << "' != '" << smack_label2 << "-" << random() << "'");
936 RUNNER_TEST(privilege_control20_perm_app_has_permission)
939 const char *other_app_label = "test_other_app_label";
943 result = perm_app_uninstall(WGT_APP_ID);
944 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
945 "Error uninstalling app. Result" << result);
947 result = perm_app_install(WGT_APP_ID);
948 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
949 "Error installing app. Result" << result);
951 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R);
952 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
953 "Error disabling app r and no r permissions. Result: " << result);
957 check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
958 check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
959 check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
960 check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
964 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
965 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
966 "Error registering app r permissions. Result: " << result);
970 check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
971 check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
972 check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
973 check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
977 result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
978 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
979 "Error registering app r permissions. Result: " << result);
983 check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
984 check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
985 check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
986 check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
990 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
991 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
992 "Error disabling app r and no r permissions. Result: " << result);
996 check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
997 check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
998 check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
999 check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
1003 result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
1004 RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
1005 "Error disabling app r and no r permissions. Result: " << result);
1009 check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
1010 check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
1011 check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
1012 check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
1015 RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
1016 int POSITIVE_ERROR_CODE = 1;
1017 int NONEXISTING_ERROR_CODE = -239042;
1020 for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
1021 RUNNER_ASSERT_MSG(strcmp(perm_strerror(*itr), "Unknown error") != 0,
1022 "Returned invalid error code description.");
1025 result = perm_strerror(POSITIVE_ERROR_CODE);
1026 RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
1027 "Bad message returned for invalid error code: \"" << result << "\"");
1029 result = perm_strerror(NONEXISTING_ERROR_CODE);
1030 RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
1031 "Bad message returned for invalid error code: \"" << result << "\"");