2 * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <sys/types.h>
23 #include <cynara_test_client.h>
24 #include <dpl/test/test_runner.h>
26 #include <sm_commons.h>
27 #include <sm_request.h>
28 #include <tests_common.h>
29 #include <tzplatform.h>
30 #include <app_install_helper.h>
31 #include <scoped_installer.h>
33 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
35 using namespace SecurityManagerTest;
37 RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
39 const Privilege privilege("http://tizen.org/applicationDefinedPrivilege/app_defined_01",
40 Privilege::UNTRUSTED);
41 const std::string providerAppId = "app_def_01_provider_appid";
42 const std::string consumerAppId = "app_def_01_client_appid";
43 const std::string ownerId = "5001";
44 const std::string session = "S0M3S3SSI0N";
46 AppInstallHelper provider(providerAppId);
47 AppInstallHelper consumer(consumerAppId);
49 std::string consumerLabel = consumer.generateAppLabel();
51 provider.addAppDefinedPrivilege(privilege);
52 consumer.addPrivilege(privilege);
54 ScopedInstaller req1(provider);
55 ScopedInstaller req2(consumer);
57 CynaraTestClient::Client cynara;
58 cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
63 cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
66 RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
68 const Privilege privilege("http://tizen.org/licensedPrivilege/app_defined_02",
69 "/opt/data/app_defined_02/res/license");
70 const std::string providerAppId = "app_def_02_provider_appid";
71 const std::string consumerAppId = "app_def_02_client_appid";
72 const std::string ownerId = "5001";
73 const std::string session = "S0M33S3SSI0N";
75 AppInstallHelper provider(providerAppId);
76 AppInstallHelper consumer(consumerAppId);
78 std::string consumerLabel = consumer.generateAppLabel();
80 provider.addAppDefinedPrivilege(privilege);
81 consumer.addPrivilege(privilege);
83 ScopedInstaller req1(provider);
84 ScopedInstaller req2(consumer);
86 CynaraTestClient::Client cynara;
87 cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
92 cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
95 RUNNER_CHILD_TEST(app_defined_03_database_update)
97 // Because of a bug in implementation during installation of
98 // providerB privileges of providerA were deleted from cynara
99 // database. This test should check if bug was fixed.
100 Privilege privilegeA("http://tizen.org/licensedPrivilege/app_defined_03a",
101 "/opt/data/app_defined_03a/res/license");
102 Privilege privilegeB("http://tizen.org/licensedPrivilege/app_defined_03b",
103 "/opt/data/app_defined_03b/res/license");
104 const std::string providerAppIdA = "app_def_03a_provider_appid";
105 const std::string providerAppIdB = "app_def_03b_provider_appid";
106 const std::string consumerAppId = "app_def_03_client_appid";
107 const std::string ownerId = "5001";
108 const std::string session = "S0M33S3SSI0N";
110 AppInstallHelper providerA(providerAppIdA);
111 AppInstallHelper providerB(providerAppIdB);
112 AppInstallHelper consumer(consumerAppId);
114 std::string consumerLabel = consumer.generateAppLabel();
116 providerA.addAppDefinedPrivilege(privilegeA);
117 providerB.addAppDefinedPrivilege(privilegeB);
118 consumer.addPrivilege(privilegeA);
119 consumer.addPrivilege(privilegeB);
121 ScopedInstaller req1(providerA);
122 ScopedInstaller req2(providerB);
123 ScopedInstaller req3(consumer);
125 CynaraTestClient::Client cynara;
126 cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
127 cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
129 // uninstall providerA
132 cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
133 cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
135 // uninstall providerB
138 cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
139 cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
142 RUNNER_CHILD_TEST(app_defined_04_app_update)
144 const Privilege privilegeA("http://tizen.org/licensedPrivilege/app_defined_04a",
145 "/opt/data/app_defined_04a/res/license");
146 const Privilege privilegeB("http://tizen.org/applicationDefinedPrivilege/app_defined_04b",
147 Privilege::UNTRUSTED);
148 const Privilege privilegeC("http://tizen.org/licensedPrivilege/app_defined_04c",
149 "/opt/data/app_defined_04c/res/license");
150 const std::string providerAppId = "app_def_04_provider_appid";
151 const std::string consumerAppId = "app_def_04_client_appid";
152 const std::string ownerId = "5001";
153 const std::string session = "S0M33S3SSI0N";
155 AppInstallHelper providerV1(providerAppId);
156 AppInstallHelper providerV2(providerAppId);
157 AppInstallHelper consumer(consumerAppId);
159 std::string consumerLabel = consumer.generateAppLabel();
161 providerV1.addAppDefinedPrivilege(privilegeA);
162 providerV1.addAppDefinedPrivilege(privilegeB);
163 consumer.addPrivilege(privilegeA);
164 consumer.addPrivilege(privilegeB);
165 consumer.addPrivilege(privilegeC);
167 ScopedInstaller req1(providerV1);
168 ScopedInstaller req2(consumer);
170 CynaraTestClient::Client cynara;
171 cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
172 cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
173 cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
175 // update provider version, remove privilegeA, add privilegeC
176 providerV2.addAppDefinedPrivilege(privilegeB);
177 providerV2.addAppDefinedPrivilege(privilegeC);
179 ScopedInstaller req3(providerV2);
181 cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
182 cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
183 cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
186 RUNNER_CHILD_TEST(app_defined_05_global_local_install)
188 const Privilege privilegeA("http://tizen.org/licensedPrivilege/app_defined_05a",
189 Privilege::UNTRUSTED);
190 const Privilege privilegeB("http://tizen.org/applicationDefinedPrivilege/app_defined_05b",
191 "/opt/data/app_defined_05b/res/license");
192 const Privilege privilegeC("http://tizen.org/applicationDefinedPrivilege/app_defined_05c",
193 Privilege::UNTRUSTED);
194 const std::string providerAppId = "app_def_05_provider_appid";
195 const std::string consumerAppId = "app_def_05_client_appid";
196 const std::string ownerId = "5001";
197 const std::string bobId = "5002";
198 const std::string session = "S0M33S3SSI0N";
200 AppInstallHelper providerGlobal(providerAppId);
201 AppInstallHelper providerLocal(providerAppId, 5002);
202 AppInstallHelper consumerGlobal(consumerAppId);
203 AppInstallHelper consumerLocal(consumerAppId, 5002);
205 std::string consumerGlobalLabel = consumerGlobal.generateAppLabel();
206 std::string consumerLocalLabel = consumerLocal.generateAppLabel();
208 providerGlobal.addAppDefinedPrivilege(privilegeA);
209 providerGlobal.addAppDefinedPrivilege(privilegeC);
210 providerLocal.addAppDefinedPrivilege(privilegeA);
211 providerLocal.addAppDefinedPrivilege(privilegeB);
213 consumerGlobal.addPrivilege(privilegeA);
214 consumerGlobal.addPrivilege(privilegeB);
215 consumerGlobal.addPrivilege(privilegeC);
217 consumerLocal.addPrivilege(privilegeB);
218 consumerLocal.addPrivilege(privilegeC);
220 CynaraTestClient::Client cynara;
222 // local provider only and global consumer only
223 ScopedInstaller req1(providerLocal);
224 ScopedInstaller req2(consumerGlobal);
225 cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
226 cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
227 cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
228 cynara.check(consumerGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
229 cynara.check(consumerGlobalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
230 cynara.check(consumerGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
232 // local provider only and global/local consumer
233 ScopedInstaller req3(consumerLocal);
234 cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
235 cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
236 cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
238 // global/local provider and global/local consumer
239 ScopedInstaller req4(providerGlobal);
240 cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
241 cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
242 cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
243 cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
244 cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
245 //cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
247 // global provider only and global/local consumer
249 cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
250 cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
251 cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
252 cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
253 cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_DENIED);
254 cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
256 // global provider only and global consumer only
258 cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
259 cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
260 cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
263 RUNNER_CHILD_TEST(app_defined_06_get_provider)
266 char *pkgId = nullptr;
267 char *appId = nullptr;
268 const Privilege privilegeA("http://tizen.org/applicationDefinedPrivilege/app_defined_06a",
269 Privilege::UNTRUSTED);
270 const Privilege privilegeB("http://tizen.org/applicationDefinedPrivilege/app_defined_06b",
271 Privilege::UNTRUSTED);
272 const std::string providerId = "app_def_06_provider";
275 AppInstallHelper providerGlobal(providerId);
276 AppInstallHelper providerLocal(providerId, uid);
277 providerGlobal.addAppDefinedPrivilege(privilegeB);
278 providerLocal.addAppDefinedPrivilege(privilegeA);
279 ScopedInstaller req1(providerGlobal);
280 ScopedInstaller req2(providerLocal);
282 result = security_manager_get_app_defined_privilege_provider("noExistingPrivilege",
283 uid, &pkgId, &appId);
284 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
285 RUNNER_ASSERT(appId == nullptr);
286 RUNNER_ASSERT(pkgId == nullptr);
288 result = security_manager_get_app_defined_privilege_provider(privilegeA,
289 uid+1, &pkgId, &appId);
290 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
291 RUNNER_ASSERT(appId == nullptr);
292 RUNNER_ASSERT(pkgId == nullptr);
294 result = security_manager_get_app_defined_privilege_provider(privilegeA,
295 uid, nullptr, nullptr);
296 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
298 result = security_manager_get_app_defined_privilege_provider(privilegeA,
299 uid, &pkgId, nullptr);
300 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
301 RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
305 result = security_manager_get_app_defined_privilege_provider(privilegeA,
306 uid, nullptr, &appId);
307 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
308 RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
312 result = security_manager_get_app_defined_privilege_provider(privilegeA,
313 uid, &pkgId, &appId);
314 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
315 RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
316 RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
322 result = security_manager_get_app_defined_privilege_provider(privilegeB,
323 uid, &pkgId, &appId);
324 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
325 RUNNER_ASSERT(appId && std::string(appId) == providerGlobal.getAppId());
326 RUNNER_ASSERT(pkgId && std::string(pkgId) == providerGlobal.getPkgId());
333 RUNNER_CHILD_TEST(app_defined_07_get_provider_license)
336 char *license = nullptr;
337 const Privilege privilegeA("http://tizen.org/applicationDefinedPrivilege/app_defined_07a",
338 "/opt/data/app_defined_07a/res/license");
339 const Privilege privilegeB("http://tizen.org/applicationDefinedPrivilege/app_defined_07b",
340 "/opt/data/app_defined_07b/res/license");
341 const Privilege privilegeC("http://tizen.org/applicationDefinedPrivilege/app_defined_07c",
342 "/opt/data/app_defined_07c/res/license");
343 const Privilege privilegeCuntrusted(privilegeC.getName(), Privilege::UNTRUSTED);
344 const std::string providerId = "app_def_07_provider";
347 AppInstallHelper providerGlobal(providerId);
348 AppInstallHelper providerLocal(providerId, uid);
349 providerGlobal.addAppDefinedPrivilege(privilegeB);
350 providerGlobal.addAppDefinedPrivilege(privilegeC);
351 providerLocal.addAppDefinedPrivilege(privilegeA);
352 providerLocal.addAppDefinedPrivilege(privilegeCuntrusted);
354 ScopedInstaller req1(providerGlobal);
355 ScopedInstaller req2(providerLocal);
357 result = security_manager_get_app_defined_privilege_license(nullptr, uid, &license);
358 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
359 RUNNER_ASSERT(license == nullptr);
361 result = security_manager_get_app_defined_privilege_license(privilegeA, uid, nullptr);
362 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
364 result = security_manager_get_app_defined_privilege_license("noExistingPrivilege", uid, &license);
365 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
366 RUNNER_ASSERT(license == nullptr);
368 result = security_manager_get_app_defined_privilege_license(privilegeC, uid, &license);
369 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
370 RUNNER_ASSERT(license == nullptr);
372 result = security_manager_get_app_defined_privilege_license(privilegeA, uid+1, &license);
373 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
374 RUNNER_ASSERT(license == nullptr);
376 result = security_manager_get_app_defined_privilege_license(privilegeB, uid, &license);
377 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
378 RUNNER_ASSERT(license && privilegeB.getLicense() == license);
382 result = security_manager_get_app_defined_privilege_license(privilegeA, uid, &license);
383 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
384 RUNNER_ASSERT(license && privilegeA.getLicense() == license);
389 result = security_manager_get_app_defined_privilege_license(privilegeC, uid, &license);
390 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
391 RUNNER_ASSERT(license && privilegeC.getLicense() == license);
396 RUNNER_CHILD_TEST(app_defined_08_add_get_client_license)
399 char *license = nullptr;
401 const Privilege privilegeA("http://tizen.org/applicationDefinedPrivilege/app_defined_08a",
402 "/opt/data/app_defined_08a/res/license");
403 const Privilege privilegeB("http://tizen.org/applicationDefinedPrivilege/app_defined_08b",
404 "/opt/data/app_defined_08b/res/license");
405 const Privilege privilegeC("http://tizen.org/applicationDefinedPrivilege/app_defined_08c",
406 "/opt/data/app_defined_08c/res/license");
407 const Privilege privilegeCunset(privilegeC.getName(), Privilege::UNTRUSTED);
409 const std::string clientId = "app_def_08_client";
412 AppInstallHelper clientGlobal(clientId);
413 AppInstallHelper clientLocal(clientId, uid);
414 clientGlobal.addPrivilege(privilegeB);
415 clientGlobal.addPrivilege(privilegeC);
416 clientLocal.addPrivilege(privilegeA);
417 clientLocal.addPrivilege(privilegeCunset);
418 ScopedInstaller req1(clientGlobal);
419 ScopedInstaller req2(clientLocal);
421 result = security_manager_get_client_privilege_license(nullptr,
422 clientLocal.getAppId().c_str(),
424 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
425 RUNNER_ASSERT(license == nullptr);
427 result = security_manager_get_client_privilege_license(privilegeA, nullptr,
429 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
430 RUNNER_ASSERT(license == nullptr);
432 result = security_manager_get_client_privilege_license(privilegeA,
433 clientLocal.getAppId().c_str(),
435 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
437 result = security_manager_get_client_privilege_license("noExistingPrivilege",
438 clientLocal.getAppId().c_str(),
440 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
441 RUNNER_ASSERT(license == nullptr);
443 result = security_manager_get_client_privilege_license(privilegeA, "noExistingApp",
445 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
446 RUNNER_ASSERT(license == nullptr);
448 result = security_manager_get_client_privilege_license(privilegeC,
449 clientLocal.getAppId().c_str(),
451 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
452 RUNNER_ASSERT(license == nullptr);
454 result = security_manager_get_client_privilege_license(privilegeA,
455 clientLocal.getAppId().c_str(),
457 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
458 RUNNER_ASSERT(license == nullptr);
460 result = security_manager_get_client_privilege_license(privilegeA,
461 clientLocal.getAppId().c_str(),
463 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
464 RUNNER_ASSERT(license && privilegeA.getLicense() == license);
469 result = security_manager_get_client_privilege_license(privilegeB,
470 clientGlobal.getAppId().c_str(),
472 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
473 RUNNER_ASSERT(license && privilegeB.getLicense() == license);
478 RUNNER_CHILD_TEST(app_defined_09_check_system_privileges)
480 const std::string providerId = "app_def_09_provider";
481 const Privilege privilege("http://tizen.org/privilege/internet", Privilege::UNTRUSTED);
483 InstallRequest requestInst;
484 requestInst.setAppId(providerId);
485 requestInst.setPkgId(providerId);
486 requestInst.addAppDefinedPrivilege(privilege);
487 Api::install(requestInst, SECURITY_MANAGER_ERROR_INPUT_PARAM);
488 Api::uninstall(requestInst);