2 * Copyright (c) 2017 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <sys/types.h>
23 #include <cynara_test_client.h>
24 #include <dpl/test/test_runner.h>
26 #include <sm_commons.h>
27 #include <sm_request.h>
28 #include <tests_common.h>
29 #include <tzplatform.h>
30 #include <app_install_helper.h>
31 #include <scoped_installer.h>
32 #include <privilege_names.h>
34 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
36 using namespace SecurityManagerTest;
37 using namespace PrivilegeNames;
39 RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
41 const Privilege privilege(
42 "http://tizen.org/untrusted/devstudio/statistic",
43 Privilege::UNTRUSTED);
44 const std::string providerAppId = "app_def_01_provider";
45 const std::string clientAppId = "app_def_01_client";
46 const std::string ownerId = "5001";
47 const std::string session = "S0M3S3SSI0N";
49 AppInstallHelper provider(providerAppId);
50 AppInstallHelper client(clientAppId);
52 std::string clientLabel = client.generateAppLabel();
54 provider.addAppDefinedPrivilege(privilege);
55 client.addPrivilege(privilege);
57 ScopedInstaller req1(provider);
58 ScopedInstaller req2(client);
60 CynaraTestClient::Client cynara;
61 cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
66 cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
69 RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
71 const Privilege providerPrivilegeLicense(
72 "http://tizen.org/licensed/abcsoftware/calendar",
73 "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
74 const Privilege clientPrivilegeLicense(
75 "http://tizen.org/licensed/abcsoftware/calendar",
76 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
77 const std::string providerAppId = "app_def_provider_01";
78 const std::string clientAppId = "app_def_client_01";
79 const std::string ownerId = "5001";
80 const std::string session = "S0M33S3SSI0N";
82 AppInstallHelper provider(providerAppId);
83 AppInstallHelper client(clientAppId);
85 std::string clientLabel = client.generateAppLabel();
87 provider.addAppDefinedPrivilege(providerPrivilegeLicense);
88 client.addPrivilege(clientPrivilegeLicense);
90 ScopedInstaller req1(provider);
91 ScopedInstaller req2(client);
93 CynaraTestClient::Client cynara;
94 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_ALLOWED);
99 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
102 RUNNER_CHILD_TEST(app_defined_03_database_update)
104 const Privilege privilegeA(
105 "http://tizen.org/untrusted/devstudio/statistic", Privilege::UNTRUSTED);
106 const Privilege privilegeB(
107 "http://tizen.org/untrusted/gamestudio/football", Privilege::UNTRUSTED);
109 const std::string providerAppIdA = "app_def_provider_01";
110 const std::string providerAppIdB = "app_def_provider_02";
111 const std::string clientAppId = "app_def_client_01";
112 const std::string ownerId = "5001";
113 const std::string session = "S0M33S3SSI0N";
115 AppInstallHelper providerA(providerAppIdA);
116 AppInstallHelper providerB(providerAppIdB);
117 AppInstallHelper client(clientAppId);
119 std::string clientLabel = client.generateAppLabel();
121 providerA.addAppDefinedPrivilege(privilegeA);
122 providerB.addAppDefinedPrivilege(privilegeB);
123 client.addPrivilege(privilegeA);
124 client.addPrivilege(privilegeB);
126 ScopedInstaller req1(providerA);
127 ScopedInstaller req2(providerB);
128 ScopedInstaller req3(client);
130 CynaraTestClient::Client cynara;
131 cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
132 cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
134 // uninstall providerA
137 cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
138 cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
140 // uninstall providerB
143 cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
144 cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
147 RUNNER_CHILD_TEST(app_defined_04_app_update)
149 const Privilege providerPrivilegeLicenseA(
150 "http://tizen.org/licensed/abcsoftware/calendar",
151 "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
152 const Privilege clientPrivilegeLicenseA(
153 "http://tizen.org/licensed/abcsoftware/calendar",
154 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
155 const Privilege privilegeB(
156 "http://tizen.org/untrusted/devstudio/statistic",
157 Privilege::UNTRUSTED);
158 const Privilege providerPrivilegeLicenseC(
159 "http://tizen.org/licensed/xyzsoftware/camera",
160 "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
161 const Privilege clientPrivilegeLicenseC(
162 "http://tizen.org/licensed/xyzsoftware/camera",
163 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
165 const std::string providerAppId = "app_def_provider_01";
166 const std::string clientAppId = "app_def_client_01";
167 const std::string ownerId = "5001";
168 const std::string session = "S0M33S3SSI0N";
170 AppInstallHelper providerV1(providerAppId);
171 AppInstallHelper providerV2(providerAppId);
172 AppInstallHelper client(clientAppId);
174 std::string clientLabel = client.generateAppLabel();
176 providerV1.addAppDefinedPrivilege(providerPrivilegeLicenseA);
177 providerV1.addAppDefinedPrivilege(privilegeB);
178 client.addPrivilege(clientPrivilegeLicenseA);
179 client.addPrivilege(privilegeB);
180 client.addPrivilege(clientPrivilegeLicenseC);
182 ScopedInstaller req1(providerV1);
183 ScopedInstaller req2(client);
185 CynaraTestClient::Client cynara;
186 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED);
187 cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
188 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_DENIED);
190 // update provider version, remove privilegeA, add privilegeC
191 providerV2.addAppDefinedPrivilege(privilegeB);
192 providerV2.addAppDefinedPrivilege(providerPrivilegeLicenseC);
194 ScopedInstaller req3(providerV2);
196 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
197 cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
198 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_ALLOWED);
201 RUNNER_CHILD_TEST(app_defined_05_global_local_install)
203 const Privilege privilegeA(
204 "http://tizen.org/untrusted/devstudio/statistic",
205 Privilege::UNTRUSTED);
206 const Privilege providerLocalPrivilegeLicenseB(
207 "http://tizen.org/licensed/abcsoftware/calendar",
208 "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
209 const Privilege clientGlobalPrivilegeLicenseB(
210 "http://tizen.org/licensed/abcsoftware/calendar",
211 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
212 const Privilege clientLocalPrivilegeLicenseB(
213 "http://tizen.org/licensed/abcsoftware/calendar",
214 "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
215 const Privilege privilegeC(
216 "http://tizen.org/untrusted/gamestudio/football",
217 Privilege::UNTRUSTED);
219 const std::string providerAppId = "app_def_provider_01";
220 const std::string clientAppId = "app_def_client_01";
221 const std::string ownerId = "5001";
222 const std::string bobId = "5002";
223 const std::string session = "S0M33S3SSI0N";
225 AppInstallHelper providerGlobal(providerAppId);
226 AppInstallHelper providerLocal(providerAppId, 5002);
227 AppInstallHelper clientGlobal(clientAppId);
228 AppInstallHelper clientLocal(clientAppId, 5002);
230 std::string clientGlobalLabel = clientGlobal.generateAppLabel();
231 std::string clientLocalLabel = clientLocal.generateAppLabel();
233 providerGlobal.addAppDefinedPrivilege(privilegeA);
234 providerGlobal.addAppDefinedPrivilege(privilegeC);
235 providerLocal.addAppDefinedPrivilege(privilegeA);
236 providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseB);
238 clientGlobal.addPrivilege(privilegeA);
239 clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
240 clientGlobal.addPrivilege(privilegeC);
241 clientLocal.addPrivilege(clientLocalPrivilegeLicenseB);
242 clientLocal.addPrivilege(privilegeC);
244 CynaraTestClient::Client cynara;
246 // local provider only and global consumer only
247 ScopedInstaller req1(providerLocal);
248 ScopedInstaller req2(clientGlobal);
249 cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
250 cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
251 cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
252 cynara.check(clientGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
253 cynara.check(clientGlobalLabel, session, bobId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
254 cynara.check(clientGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
256 // local provider only and global/local consumer
257 ScopedInstaller req3(clientLocal);
258 cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
259 cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
260 cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
262 // global/local provider and global/local consumer
263 ScopedInstaller req4(providerGlobal);
264 cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
265 cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
266 cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
267 cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
268 cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
269 //cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
271 // global provider only and global/local consumer
273 cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
274 cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
275 cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
276 cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
277 cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
278 cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
280 // global provider only and global consumer only
282 cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
283 cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
284 cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
287 RUNNER_CHILD_TEST(app_defined_06_get_provider)
290 char *pkgId = nullptr;
291 char *appId = nullptr;
292 const Privilege privilegeA(
293 "http://tizen.org/untrusted/devstudio/statistic",
294 Privilege::UNTRUSTED);
295 const Privilege privilegeB(
296 "http://tizen.org/untrusted/gamestudio/running",
297 Privilege::UNTRUSTED);
298 const std::string providerAppId = "app_def_06_provider";
301 AppInstallHelper providerGlobal(providerAppId);
302 AppInstallHelper providerLocal(providerAppId, uid);
303 providerGlobal.addAppDefinedPrivilege(privilegeB);
304 providerLocal.addAppDefinedPrivilege(privilegeA);
305 ScopedInstaller req1(providerGlobal);
306 ScopedInstaller req2(providerLocal);
308 result = security_manager_get_app_defined_privilege_provider("noExistingPrivilege",
309 uid, &pkgId, &appId);
310 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
311 RUNNER_ASSERT(appId == nullptr);
312 RUNNER_ASSERT(pkgId == nullptr);
314 result = security_manager_get_app_defined_privilege_provider(privilegeA,
315 uid+1, &pkgId, &appId);
316 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
317 RUNNER_ASSERT(appId == nullptr);
318 RUNNER_ASSERT(pkgId == nullptr);
320 result = security_manager_get_app_defined_privilege_provider(privilegeA,
321 uid, nullptr, nullptr);
322 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
324 result = security_manager_get_app_defined_privilege_provider(privilegeA,
325 uid, &pkgId, nullptr);
326 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
327 RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
331 result = security_manager_get_app_defined_privilege_provider(privilegeA,
332 uid, nullptr, &appId);
333 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
334 RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
338 result = security_manager_get_app_defined_privilege_provider(privilegeA,
339 uid, &pkgId, &appId);
340 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
341 RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
342 RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
348 result = security_manager_get_app_defined_privilege_provider(privilegeB,
349 uid, &pkgId, &appId);
350 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT,
351 "Local installation of application should 'hide' this privilege. Provider should not be found.");
352 RUNNER_ASSERT(appId == nullptr);
353 RUNNER_ASSERT(pkgId == nullptr);
356 RUNNER_CHILD_TEST(app_defined_07_get_provider_license)
359 char *license = nullptr;
360 const Privilege providerLocalPrivilegeLicenseA(
361 "http://tizen.org/licensed/abcsoftware/calendar",
362 "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
363 const Privilege providerGlobalPrivilegeLicenseB(
364 "http://tizen.org/licensed/xyzsoftware/camera",
365 "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
366 const Privilege privilegeBuntrusted(
367 providerGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
369 const std::string providerAppId = "app_def_provider_01";
372 AppInstallHelper providerGlobal(providerAppId);
373 AppInstallHelper providerLocal(providerAppId, uid);
374 providerGlobal.addAppDefinedPrivilege(providerGlobalPrivilegeLicenseB);
375 providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseA);
376 providerLocal.addAppDefinedPrivilege(privilegeBuntrusted);
378 ScopedInstaller req1(providerGlobal);
379 ScopedInstaller req2(providerLocal);
381 result = security_manager_get_app_defined_privilege_license(nullptr, uid, &license);
382 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
383 RUNNER_ASSERT(license == nullptr);
385 result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, nullptr);
386 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
388 result = security_manager_get_app_defined_privilege_license("noExistingPrivilege", uid, &license);
389 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
390 RUNNER_ASSERT(license == nullptr);
392 result = security_manager_get_app_defined_privilege_license(privilegeBuntrusted, uid, &license);
393 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
394 RUNNER_ASSERT(license == nullptr);
396 result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid+1, &license);
397 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
398 RUNNER_ASSERT(license == nullptr);
400 result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, &license);
401 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
402 RUNNER_ASSERT(license && providerLocalPrivilegeLicenseA.getLicense() == license);
407 result = security_manager_get_app_defined_privilege_license(providerGlobalPrivilegeLicenseB, uid, &license);
408 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
409 RUNNER_ASSERT(license && providerGlobalPrivilegeLicenseB.getLicense() == license);
414 RUNNER_CHILD_TEST(app_defined_08_add_get_license_with_untrusted_priv)
417 char *license = nullptr;
418 char *appId = nullptr;
419 char *pkgId = nullptr;
421 const Privilege privilegeUntrusted(
422 "http://tizen.org/licensed/abcsoftware/calendar",
423 Privilege::UNTRUSTED);
425 const std::string providerAppId = "app_def_provider_07";
426 const std::string clientAppId = "app_def_client_07";
429 AppInstallHelper providerGlobal(providerAppId);
430 providerGlobal.addAppDefinedPrivilege(privilegeUntrusted);
432 AppInstallHelper clientLocal(clientAppId, uid);
433 clientLocal.addPrivilege(privilegeUntrusted);
435 ScopedInstaller req1(providerGlobal);
436 ScopedInstaller req2(clientLocal);
438 result = security_manager_get_client_privilege_license(privilegeUntrusted,
439 clientLocal.getPkgId().c_str(),
440 clientLocal.getAppId().c_str(),
442 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
443 RUNNER_ASSERT(license == nullptr);
445 result = security_manager_get_app_defined_privilege_license(privilegeUntrusted, uid, &license);
446 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT, "getting privilege provider license failed");
447 RUNNER_ASSERT(license == nullptr);
449 result = security_manager_get_app_defined_privilege_provider(privilegeUntrusted,
450 uid, &pkgId, &appId);
451 RUNNER_ASSERT(result == SECURITY_MANAGER_SUCCESS);
452 RUNNER_ASSERT(appId != nullptr && providerGlobal.getAppId() == appId);
453 RUNNER_ASSERT(pkgId != nullptr && providerGlobal.getPkgId() == pkgId);
458 RUNNER_CHILD_TEST(app_defined_09_add_get_client_license)
461 char *license = nullptr;
462 const Privilege clientLocalPrivilegeLicenseA(
463 "http://tizen.org/licensed/abcsoftware/calendar",
464 "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
465 const Privilege clientGlobalPrivilegeLicenseB(
466 "http://tizen.org/licensed/xyzsoftware/camera",
467 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
468 const Privilege privilegeBuntrusted(
469 clientGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
471 const std::string clientAppId = "app_def_client_01";
474 AppInstallHelper clientGlobal(clientAppId);
475 AppInstallHelper clientLocal(clientAppId, uid);
476 clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
477 clientLocal.addPrivilege(clientLocalPrivilegeLicenseA);
478 clientLocal.addPrivilege(privilegeBuntrusted);
479 ScopedInstaller req1(clientGlobal);
480 ScopedInstaller req2(clientLocal);
482 result = security_manager_get_client_privilege_license(nullptr,
483 clientLocal.getPkgId().c_str(),
484 clientLocal.getAppId().c_str(),
486 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
487 RUNNER_ASSERT(license == nullptr);
489 result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, nullptr, nullptr,
491 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
492 RUNNER_ASSERT(license == nullptr);
494 result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
495 clientLocal.getPkgId().c_str(),
496 clientLocal.getAppId().c_str(),
498 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
500 result = security_manager_get_client_privilege_license("noExistingPrivilege",
501 clientLocal.getPkgId().c_str(),
502 clientLocal.getAppId().c_str(),
504 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
505 RUNNER_ASSERT(license == nullptr);
507 result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, "noExistingPkg", "noExistingApp",
509 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
510 RUNNER_ASSERT(license == nullptr);
512 result = security_manager_get_client_privilege_license(privilegeBuntrusted,
513 clientLocal.getPkgId().c_str(),
514 clientLocal.getAppId().c_str(),
516 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
517 RUNNER_ASSERT(license == nullptr);
519 result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
520 clientLocal.getPkgId().c_str(),
521 clientLocal.getAppId().c_str(),
523 RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
524 RUNNER_ASSERT(license == nullptr);
526 result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
527 clientLocal.getPkgId().c_str(),
528 clientLocal.getAppId().c_str(),
530 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
531 RUNNER_ASSERT(license && clientLocalPrivilegeLicenseA.getLicense() == license);
536 result = security_manager_get_client_privilege_license(clientGlobalPrivilegeLicenseB,
537 clientGlobal.getPkgId().c_str(),
538 clientGlobal.getAppId().c_str(),
540 RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
541 RUNNER_ASSERT(license && clientGlobalPrivilegeLicenseB.getLicense() == license);
546 RUNNER_CHILD_TEST(app_defined_10_check_system_privileges)
548 const std::string providerAppId = "app_def_09_provider";
549 const Privilege privilege(PRIV_INTERNET, Privilege::UNTRUSTED);
551 InstallRequest requestInst;
552 requestInst.setAppId(providerAppId);
553 requestInst.setPkgId(providerAppId);
554 requestInst.addAppDefinedPrivilege(privilege);
555 Api::install(requestInst, SECURITY_MANAGER_ERROR_INPUT_PARAM);
556 Api::uninstall(requestInst);
559 RUNNER_CHILD_TEST(app_defined_11_invalid_license)
561 const Privilege providerPrivilegeLicense(
562 "http://tizen.org/licensed/abcsoftware/calendar",
563 "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
564 const Privilege clientPrivilegeLicense(
565 "http://tizen.org/licensed/abcsoftware/calendar",
566 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
567 const std::string providerAppId = "app_def_provider_01";
568 const std::string clientAppId = "app_def_client_01";
569 const std::string ownerId = "5001";
570 const std::string session = "S0M33S3SSI0N";
572 AppInstallHelper provider(providerAppId);
573 AppInstallHelper client(clientAppId);
575 std::string clientLabel = client.generateAppLabel();
577 provider.addAppDefinedPrivilege(providerPrivilegeLicense);
578 client.addPrivilege(clientPrivilegeLicense);
580 ScopedInstaller req1(provider);
581 ScopedInstaller req2(client);
583 CynaraTestClient::Client cynara;
584 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
587 RUNNER_CHILD_TEST(app_defined_12_invalid_common_name)
589 const Privilege providerPrivilegeLicense(
590 "http://tizen.org/licensed/xyzsoftware/camera",
591 "/opt/usr/globalapps/app_def_provider_02_pkg_id/cert/xyzsoftware.pem");
592 const Privilege clientPrivilegeLicense(
593 "http://tizen.org/licensed/xyzsoftware/camera",
594 "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
595 const std::string providerAppId = "app_def_provider_02";
596 const std::string clientAppId = "app_def_client_01";
597 const std::string ownerId = "5001";
598 const std::string session = "S0M33S3SSI0N";
600 AppInstallHelper provider(providerAppId);
601 AppInstallHelper client(clientAppId);
603 std::string clientLabel = client.generateAppLabel();
605 provider.addAppDefinedPrivilege(providerPrivilegeLicense);
606 client.addPrivilege(clientPrivilegeLicense);
608 ScopedInstaller req1(provider);
609 ScopedInstaller req2(client);
611 CynaraTestClient::Client cynara;
612 cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);