projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Unify privilege representation
[platform/core/test/security-tests.git] / src / security-manager-tests / test_cases_app_defined_privilege.cpp
1 /*
2  * Copyright (c) 2017 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 #include <functional>
18 #include <string>
19 #include <sys/types.h>
20 #include <sys/un.h>
21 #include <unistd.h>
22
23 #include <cynara_test_client.h>
24 #include <dpl/test/test_runner.h>
25 #include <sm_api.h>
26 #include <sm_commons.h>
27 #include <sm_request.h>
28 #include <tests_common.h>
29 #include <tzplatform.h>
30 #include <app_install_helper.h>
31 #include <scoped_installer.h>
32 #include <privilege_names.h>
33
34 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
35
36 using namespace SecurityManagerTest;
37 using namespace PrivilegeNames;
38
39 RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
40 {
41     const Privilege privilege(
42         "http://tizen.org/untrusted/devstudio/statistic",
43         Privilege::UNTRUSTED);
44     const std::string providerAppId = "app_def_01_provider";
45     const std::string clientAppId = "app_def_01_client";
46     const std::string ownerId = "5001";
47     const std::string session = "S0M3S3SSI0N";
48
49     AppInstallHelper provider(providerAppId);
50     AppInstallHelper client(clientAppId);
51
52     std::string clientLabel = client.generateAppLabel();
53
54     provider.addAppDefinedPrivilege(privilege);
55     client.addPrivilege(privilege);
56
57     ScopedInstaller req1(provider);
58     ScopedInstaller req2(client);
59
60     CynaraTestClient::Client cynara;
61     cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
62
63     // uninstall provider
64     req1.uninstallApp();
65
66     cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
67 }
68
69 RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
70 {
71     const Privilege providerPrivilegeLicense(
72         "http://tizen.org/licensed/abcsoftware/calendar",
73         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
74     const Privilege clientPrivilegeLicense(
75         "http://tizen.org/licensed/abcsoftware/calendar",
76         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
77     const std::string providerAppId = "app_def_provider_01";
78     const std::string clientAppId = "app_def_client_01";
79     const std::string ownerId = "5001";
80     const std::string session = "S0M33S3SSI0N";
81
82     AppInstallHelper provider(providerAppId);
83     AppInstallHelper client(clientAppId);
84
85     std::string clientLabel = client.generateAppLabel();
86
87     provider.addAppDefinedPrivilege(providerPrivilegeLicense);
88     client.addPrivilege(clientPrivilegeLicense);
89
90     ScopedInstaller req1(provider);
91     ScopedInstaller req2(client);
92
93     CynaraTestClient::Client cynara;
94     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_ALLOWED);
95
96     // uninstall provider
97     req1.uninstallApp();
98
99     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
100 }
101
102 RUNNER_CHILD_TEST(app_defined_03_database_update)
103 {
104     const Privilege privilegeA(
105         "http://tizen.org/untrusted/devstudio/statistic", Privilege::UNTRUSTED);
106     const Privilege privilegeB(
107         "http://tizen.org/untrusted/gamestudio/football", Privilege::UNTRUSTED);
108
109     const std::string providerAppIdA = "app_def_provider_01";
110     const std::string providerAppIdB = "app_def_provider_02";
111     const std::string clientAppId = "app_def_client_01";
112     const std::string ownerId = "5001";
113     const std::string session = "S0M33S3SSI0N";
114
115     AppInstallHelper providerA(providerAppIdA);
116     AppInstallHelper providerB(providerAppIdB);
117     AppInstallHelper client(clientAppId);
118     client.setHybrid();
119     std::string clientLabel = client.generateAppLabel();
120
121     providerA.addAppDefinedPrivilege(privilegeA);
122     providerB.addAppDefinedPrivilege(privilegeB);
123     client.addPrivilege(privilegeA);
124     client.addPrivilege(privilegeB);
125
126     ScopedInstaller req1(providerA);
127     ScopedInstaller req2(providerB);
128     ScopedInstaller req3(client);
129
130     CynaraTestClient::Client cynara;
131     cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
132     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
133
134     // uninstall providerA
135     req1.uninstallApp();
136
137     cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
138     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
139
140     // uninstall providerB
141     req2.uninstallApp();
142
143     cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
144     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
145 }
146
147 RUNNER_CHILD_TEST(app_defined_04_app_update)
148 {
149     const Privilege providerPrivilegeLicenseA(
150         "http://tizen.org/licensed/abcsoftware/calendar",
151         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
152     const Privilege clientPrivilegeLicenseA(
153         "http://tizen.org/licensed/abcsoftware/calendar",
154         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
155     const Privilege privilegeB(
156         "http://tizen.org/untrusted/devstudio/statistic",
157         Privilege::UNTRUSTED);
158     const Privilege providerPrivilegeLicenseC(
159         "http://tizen.org/licensed/xyzsoftware/camera",
160         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
161     const Privilege clientPrivilegeLicenseC(
162         "http://tizen.org/licensed/xyzsoftware/camera",
163         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
164
165     const std::string providerAppId = "app_def_provider_01";
166     const std::string clientAppId = "app_def_client_01";
167     const std::string ownerId = "5001";
168     const std::string session = "S0M33S3SSI0N";
169
170     AppInstallHelper providerV1(providerAppId);
171     AppInstallHelper providerV2(providerAppId);
172     AppInstallHelper client(clientAppId);
173
174     std::string clientLabel = client.generateAppLabel();
175
176     providerV1.addAppDefinedPrivilege(providerPrivilegeLicenseA);
177     providerV1.addAppDefinedPrivilege(privilegeB);
178     client.addPrivilege(clientPrivilegeLicenseA);
179     client.addPrivilege(privilegeB);
180     client.addPrivilege(clientPrivilegeLicenseC);
181
182     ScopedInstaller req1(providerV1);
183     ScopedInstaller req2(client);
184
185     CynaraTestClient::Client cynara;
186     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED);
187     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
188     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_DENIED);
189
190     // update provider version, remove privilegeA, add privilegeC
191     providerV2.addAppDefinedPrivilege(privilegeB);
192     providerV2.addAppDefinedPrivilege(providerPrivilegeLicenseC);
193
194     ScopedInstaller req3(providerV2);
195
196     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
197     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
198     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_ALLOWED);
199 }
200
201 RUNNER_CHILD_TEST(app_defined_05_global_local_install)
202 {
203     const Privilege privilegeA(
204         "http://tizen.org/untrusted/devstudio/statistic",
205         Privilege::UNTRUSTED);
206     const Privilege providerLocalPrivilegeLicenseB(
207         "http://tizen.org/licensed/abcsoftware/calendar",
208         "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
209     const Privilege clientGlobalPrivilegeLicenseB(
210         "http://tizen.org/licensed/abcsoftware/calendar",
211         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
212     const Privilege clientLocalPrivilegeLicenseB(
213         "http://tizen.org/licensed/abcsoftware/calendar",
214         "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
215     const Privilege privilegeC(
216         "http://tizen.org/untrusted/gamestudio/football",
217         Privilege::UNTRUSTED);
218
219     const std::string providerAppId = "app_def_provider_01";
220     const std::string clientAppId = "app_def_client_01";
221     const std::string ownerId = "5001";
222     const std::string bobId = "5002";
223     const std::string session = "S0M33S3SSI0N";
224
225     AppInstallHelper providerGlobal(providerAppId);
226     AppInstallHelper providerLocal(providerAppId, 5002);
227     AppInstallHelper clientGlobal(clientAppId);
228     AppInstallHelper clientLocal(clientAppId, 5002);
229
230     std::string clientGlobalLabel = clientGlobal.generateAppLabel();
231     std::string clientLocalLabel = clientLocal.generateAppLabel();
232
233     providerGlobal.addAppDefinedPrivilege(privilegeA);
234     providerGlobal.addAppDefinedPrivilege(privilegeC);
235     providerLocal.addAppDefinedPrivilege(privilegeA);
236     providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseB);
237
238     clientGlobal.addPrivilege(privilegeA);
239     clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
240     clientGlobal.addPrivilege(privilegeC);
241     clientLocal.addPrivilege(clientLocalPrivilegeLicenseB);
242     clientLocal.addPrivilege(privilegeC);
243
244     CynaraTestClient::Client cynara;
245
246     // local provider only and global consumer only
247     ScopedInstaller req1(providerLocal);
248     ScopedInstaller req2(clientGlobal);
249     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
250     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
251     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
252     cynara.check(clientGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
253     cynara.check(clientGlobalLabel, session, bobId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
254     cynara.check(clientGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
255
256     // local provider only and global/local consumer
257     ScopedInstaller req3(clientLocal);
258     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
259     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
260     cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
261
262     // global/local provider and global/local consumer
263     ScopedInstaller req4(providerGlobal);
264     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
265     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
266     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
267     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
268     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
269     //cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
270
271     // global provider only and global/local consumer
272     req1.uninstallApp();
273     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
274     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
275     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
276     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
277     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
278     cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
279
280     // global provider only and global consumer only
281     req3.uninstallApp();
282     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
283     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
284     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
285 }
286
287 RUNNER_CHILD_TEST(app_defined_06_get_provider)
288 {
289     int result;
290     char *pkgId = nullptr;
291     char *appId = nullptr;
292     const Privilege privilegeA(
293         "http://tizen.org/untrusted/devstudio/statistic",
294         Privilege::UNTRUSTED);
295     const Privilege privilegeB(
296         "http://tizen.org/untrusted/gamestudio/running",
297         Privilege::UNTRUSTED);
298     const std::string providerAppId = "app_def_06_provider";
299     uid_t uid = 5001;
300
301     AppInstallHelper providerGlobal(providerAppId);
302     AppInstallHelper providerLocal(providerAppId, uid);
303     providerGlobal.addAppDefinedPrivilege(privilegeB);
304     providerLocal.addAppDefinedPrivilege(privilegeA);
305     ScopedInstaller req1(providerGlobal);
306     ScopedInstaller req2(providerLocal);
307
308     result = security_manager_get_app_defined_privilege_provider("noExistingPrivilege",
309                                                                  uid, &pkgId, &appId);
310     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
311     RUNNER_ASSERT(appId == nullptr);
312     RUNNER_ASSERT(pkgId == nullptr);
313
314     result = security_manager_get_app_defined_privilege_provider(privilegeA,
315                                                                  uid+1, &pkgId, &appId);
316     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
317     RUNNER_ASSERT(appId == nullptr);
318     RUNNER_ASSERT(pkgId == nullptr);
319
320     result = security_manager_get_app_defined_privilege_provider(privilegeA,
321                                                                  uid, nullptr, nullptr);
322     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
323
324     result = security_manager_get_app_defined_privilege_provider(privilegeA,
325                                                                  uid, &pkgId, nullptr);
326     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
327     RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
328     free(pkgId);
329     pkgId = nullptr;
330
331     result = security_manager_get_app_defined_privilege_provider(privilegeA,
332                                                                  uid, nullptr, &appId);
333     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
334     RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
335     free(appId);
336     appId = nullptr;
337
338     result = security_manager_get_app_defined_privilege_provider(privilegeA,
339                                                                  uid, &pkgId, &appId);
340     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
341     RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
342     RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
343     free(appId);
344     free(pkgId);
345     appId = nullptr;
346     pkgId = nullptr;
347
348     result = security_manager_get_app_defined_privilege_provider(privilegeB,
349                                                                  uid, &pkgId, &appId);
350     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT,
351             "Local installation of application should 'hide' this privilege. Provider should not be found.");
352     RUNNER_ASSERT(appId == nullptr);
353     RUNNER_ASSERT(pkgId == nullptr);
354 }
355
356 RUNNER_CHILD_TEST(app_defined_07_get_provider_license)
357 {
358     int result;
359     char *license = nullptr;
360     const Privilege providerLocalPrivilegeLicenseA(
361         "http://tizen.org/licensed/abcsoftware/calendar",
362         "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
363     const Privilege providerGlobalPrivilegeLicenseB(
364         "http://tizen.org/licensed/xyzsoftware/camera",
365         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
366     const Privilege privilegeBuntrusted(
367         providerGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
368
369     const std::string providerAppId = "app_def_provider_01";
370     uid_t uid = 5002;
371
372     AppInstallHelper providerGlobal(providerAppId);
373     AppInstallHelper providerLocal(providerAppId, uid);
374     providerGlobal.addAppDefinedPrivilege(providerGlobalPrivilegeLicenseB);
375     providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseA);
376     providerLocal.addAppDefinedPrivilege(privilegeBuntrusted);
377
378     ScopedInstaller req1(providerGlobal);
379     ScopedInstaller req2(providerLocal);
380
381     result = security_manager_get_app_defined_privilege_license(nullptr, uid, &license);
382     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
383     RUNNER_ASSERT(license == nullptr);
384
385     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, nullptr);
386     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
387
388     result = security_manager_get_app_defined_privilege_license("noExistingPrivilege", uid, &license);
389     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
390     RUNNER_ASSERT(license == nullptr);
391
392     result = security_manager_get_app_defined_privilege_license(privilegeBuntrusted, uid, &license);
393     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
394     RUNNER_ASSERT(license == nullptr);
395
396     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid+1, &license);
397     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
398     RUNNER_ASSERT(license == nullptr);
399
400     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, &license);
401     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
402     RUNNER_ASSERT(license && providerLocalPrivilegeLicenseA.getLicense() == license);
403     free(license);
404     license = nullptr;
405
406     req2.uninstallApp();
407     result = security_manager_get_app_defined_privilege_license(providerGlobalPrivilegeLicenseB, uid, &license);
408     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
409     RUNNER_ASSERT(license && providerGlobalPrivilegeLicenseB.getLicense() == license);
410     free(license);
411     license = nullptr;
412 }
413
414 RUNNER_CHILD_TEST(app_defined_08_add_get_license_with_untrusted_priv)
415 {
416     int result;
417     char *license = nullptr;
418     char *appId = nullptr;
419     char *pkgId = nullptr;
420
421     const Privilege privilegeUntrusted(
422         "http://tizen.org/licensed/abcsoftware/calendar",
423         Privilege::UNTRUSTED);
424
425     const std::string providerAppId = "app_def_provider_07";
426     const std::string clientAppId = "app_def_client_07";
427     uid_t uid = 5002;
428
429     AppInstallHelper providerGlobal(providerAppId);
430     providerGlobal.addAppDefinedPrivilege(privilegeUntrusted);
431
432     AppInstallHelper clientLocal(clientAppId, uid);
433     clientLocal.addPrivilege(privilegeUntrusted);
434
435     ScopedInstaller req1(providerGlobal);
436     ScopedInstaller req2(clientLocal);
437
438     result = security_manager_get_client_privilege_license(privilegeUntrusted,
439                                                            clientLocal.getPkgId().c_str(),
440                                                            clientLocal.getAppId().c_str(),
441                                                            uid, &license);
442     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
443     RUNNER_ASSERT(license == nullptr);
444
445     result = security_manager_get_app_defined_privilege_license(privilegeUntrusted, uid, &license);
446     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT, "getting privilege provider license failed");
447     RUNNER_ASSERT(license == nullptr);
448
449     result = security_manager_get_app_defined_privilege_provider(privilegeUntrusted,
450                                                                  uid, &pkgId, &appId);
451     RUNNER_ASSERT(result == SECURITY_MANAGER_SUCCESS);
452     RUNNER_ASSERT(appId != nullptr && providerGlobal.getAppId() == appId);
453     RUNNER_ASSERT(pkgId != nullptr && providerGlobal.getPkgId() == pkgId);
454     free(appId);
455     free(pkgId);
456 }
457
458 RUNNER_CHILD_TEST(app_defined_09_add_get_client_license)
459 {
460     int result;
461     char *license = nullptr;
462     const Privilege clientLocalPrivilegeLicenseA(
463         "http://tizen.org/licensed/abcsoftware/calendar",
464         "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
465     const Privilege clientGlobalPrivilegeLicenseB(
466         "http://tizen.org/licensed/xyzsoftware/camera",
467         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
468     const Privilege privilegeBuntrusted(
469         clientGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
470
471     const std::string clientAppId = "app_def_client_01";
472     uid_t uid = 5002;
473
474     AppInstallHelper clientGlobal(clientAppId);
475     AppInstallHelper clientLocal(clientAppId, uid);
476     clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
477     clientLocal.addPrivilege(clientLocalPrivilegeLicenseA);
478     clientLocal.addPrivilege(privilegeBuntrusted);
479     ScopedInstaller req1(clientGlobal);
480     ScopedInstaller req2(clientLocal);
481
482     result = security_manager_get_client_privilege_license(nullptr,
483                                                            clientLocal.getPkgId().c_str(),
484                                                            clientLocal.getAppId().c_str(),
485                                                            uid, &license);
486     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
487     RUNNER_ASSERT(license == nullptr);
488
489     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, nullptr, nullptr,
490                                                            uid, &license);
491     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
492     RUNNER_ASSERT(license == nullptr);
493
494     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
495                                                            clientLocal.getPkgId().c_str(),
496                                                            clientLocal.getAppId().c_str(),
497                                                            uid, nullptr);
498     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
499
500     result = security_manager_get_client_privilege_license("noExistingPrivilege",
501                                                            clientLocal.getPkgId().c_str(),
502                                                            clientLocal.getAppId().c_str(),
503                                                            uid, &license);
504     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
505     RUNNER_ASSERT(license == nullptr);
506
507     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, "noExistingPkg", "noExistingApp",
508                                                            uid, &license);
509     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
510     RUNNER_ASSERT(license == nullptr);
511
512     result = security_manager_get_client_privilege_license(privilegeBuntrusted,
513                                                            clientLocal.getPkgId().c_str(),
514                                                            clientLocal.getAppId().c_str(),
515                                                            uid, &license);
516     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
517     RUNNER_ASSERT(license == nullptr);
518
519     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
520                                                            clientLocal.getPkgId().c_str(),
521                                                            clientLocal.getAppId().c_str(),
522                                                            uid+1, &license);
523     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
524     RUNNER_ASSERT(license == nullptr);
525
526     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
527                                                            clientLocal.getPkgId().c_str(),
528                                                            clientLocal.getAppId().c_str(),
529                                                            uid, &license);
530     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
531     RUNNER_ASSERT(license && clientLocalPrivilegeLicenseA.getLicense() == license);
532     free(license);
533     license = nullptr;
534
535     req2.uninstallApp();
536     result = security_manager_get_client_privilege_license(clientGlobalPrivilegeLicenseB,
537                                                            clientGlobal.getPkgId().c_str(),
538                                                            clientGlobal.getAppId().c_str(),
539                                                            uid, &license);
540     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
541     RUNNER_ASSERT(license && clientGlobalPrivilegeLicenseB.getLicense() == license);
542     free(license);
543     license = nullptr;
544 }
545
546 RUNNER_CHILD_TEST(app_defined_10_check_system_privileges)
547 {
548     const std::string providerAppId = "app_def_09_provider";
549     const Privilege privilege(PRIV_INTERNET, Privilege::UNTRUSTED);
550
551     InstallRequest requestInst;
552     requestInst.setAppId(providerAppId);
553     requestInst.setPkgId(providerAppId);
554     requestInst.addAppDefinedPrivilege(privilege);
555     Api::install(requestInst, SECURITY_MANAGER_ERROR_INPUT_PARAM);
556     Api::uninstall(requestInst);
557 }
558
559 RUNNER_CHILD_TEST(app_defined_11_invalid_license)
560 {
561     const Privilege providerPrivilegeLicense(
562         "http://tizen.org/licensed/abcsoftware/calendar",
563         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
564     const Privilege clientPrivilegeLicense(
565         "http://tizen.org/licensed/abcsoftware/calendar",
566         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
567     const std::string providerAppId = "app_def_provider_01";
568     const std::string clientAppId = "app_def_client_01";
569     const std::string ownerId = "5001";
570     const std::string session = "S0M33S3SSI0N";
571
572     AppInstallHelper provider(providerAppId);
573     AppInstallHelper client(clientAppId);
574     client.setHybrid();
575     std::string clientLabel = client.generateAppLabel();
576
577     provider.addAppDefinedPrivilege(providerPrivilegeLicense);
578     client.addPrivilege(clientPrivilegeLicense);
579
580     ScopedInstaller req1(provider);
581     ScopedInstaller req2(client);
582
583     CynaraTestClient::Client cynara;
584     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
585 }
586
587 RUNNER_CHILD_TEST(app_defined_12_invalid_common_name)
588 {
589     const Privilege providerPrivilegeLicense(
590         "http://tizen.org/licensed/xyzsoftware/camera",
591         "/opt/usr/globalapps/app_def_provider_02_pkg_id/cert/xyzsoftware.pem");
592     const Privilege clientPrivilegeLicense(
593         "http://tizen.org/licensed/xyzsoftware/camera",
594         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
595     const std::string providerAppId = "app_def_provider_02";
596     const std::string clientAppId = "app_def_client_01";
597     const std::string ownerId = "5001";
598     const std::string session = "S0M33S3SSI0N";
599
600     AppInstallHelper provider(providerAppId);
601     AppInstallHelper client(clientAppId);
602     client.setHybrid();
603     std::string clientLabel = client.generateAppLabel();
604
605     provider.addAppDefinedPrivilege(providerPrivilegeLicense);
606     client.addPrivilege(clientPrivilegeLicense);
607
608     ScopedInstaller req1(provider);
609     ScopedInstaller req2(client);
610
611     CynaraTestClient::Client cynara;
612     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
613 }
Domain: Security / Uncategorized;