projects / platform / core / test / security-tests.git / blob
? search:


a72a7d65307760fc3f926122b2255efea2eb28a9
[platform/core/test/security-tests.git] / src / security-manager-tests / test_cases_app_defined_privilege.cpp
1 /*
2  * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 #include <functional>
18 #include <string>
19 #include <sys/types.h>
20 #include <sys/un.h>
21 #include <unistd.h>
22
23 #include <cynara_test_client.h>
24 #include <dpl/test/test_runner.h>
25 #include <sm_api.h>
26 #include <sm_commons.h>
27 #include <sm_request.h>
28 #include <tests_common.h>
29 #include <tzplatform.h>
30 #include <app_install_helper.h>
31 #include <scoped_installer.h>
32
33 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
34
35 using namespace SecurityManagerTest;
36
37 RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
38 {
39     const Privilege privilege(
40         "http://tizen.org/untrusted/devstudio/statistic",
41         Privilege::UNTRUSTED);
42     const std::string providerAppId = "app_def_01_provider";
43     const std::string clientAppId = "app_def_01_client";
44     const std::string ownerId = "5001";
45     const std::string session = "S0M3S3SSI0N";
46
47     AppInstallHelper provider(providerAppId);
48     AppInstallHelper client(clientAppId);
49
50     std::string clientLabel = client.generateAppLabel();
51
52     provider.addAppDefinedPrivilege(privilege);
53     client.addPrivilege(privilege);
54
55     ScopedInstaller req1(provider);
56     ScopedInstaller req2(client);
57
58     CynaraTestClient::Client cynara;
59     cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
60
61     // uninstall provider
62     req1.uninstallApp();
63
64     cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
65 }
66
67 RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
68 {
69     const Privilege providerPrivilegeLicense(
70         "http://tizen.org/licensed/abcsoftware/calendar",
71         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
72     const Privilege clientPrivilegeLicense(
73         "http://tizen.org/licensed/abcsoftware/calendar",
74         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
75     const std::string providerAppId = "app_def_provider_01";
76     const std::string clientAppId = "app_def_client_01";
77     const std::string ownerId = "5001";
78     const std::string session = "S0M33S3SSI0N";
79
80     AppInstallHelper provider(providerAppId);
81     AppInstallHelper client(clientAppId);
82
83     std::string clientLabel = client.generateAppLabel();
84
85     provider.addAppDefinedPrivilege(providerPrivilegeLicense);
86     client.addPrivilege(clientPrivilegeLicense);
87
88     ScopedInstaller req1(provider);
89     ScopedInstaller req2(client);
90
91     CynaraTestClient::Client cynara;
92     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_ALLOWED);
93
94     // uninstall provider
95     req1.uninstallApp();
96
97     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
98 }
99
100 RUNNER_CHILD_TEST(app_defined_03_database_update)
101 {
102     const Privilege privilegeA(
103         "http://tizen.org/untrusted/devstudio/statistic", Privilege::UNTRUSTED);
104     const Privilege privilegeB(
105         "http://tizen.org/untrusted/gamestudio/football", Privilege::UNTRUSTED);
106
107     const std::string providerAppIdA = "app_def_provider_01";
108     const std::string providerAppIdB = "app_def_provider_02";
109     const std::string clientAppId = "app_def_client_01";
110     const std::string ownerId = "5001";
111     const std::string session = "S0M33S3SSI0N";
112
113     AppInstallHelper providerA(providerAppIdA);
114     AppInstallHelper providerB(providerAppIdB);
115     AppInstallHelper client(clientAppId);
116     client.setHybrid();
117     std::string clientLabel = client.generateAppLabel();
118
119     providerA.addAppDefinedPrivilege(privilegeA);
120     providerB.addAppDefinedPrivilege(privilegeB);
121     client.addPrivilege(privilegeA);
122     client.addPrivilege(privilegeB);
123
124     ScopedInstaller req1(providerA);
125     ScopedInstaller req2(providerB);
126     ScopedInstaller req3(client);
127
128     CynaraTestClient::Client cynara;
129     cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
130     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
131
132     // uninstall providerA
133     req1.uninstallApp();
134
135     cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
136     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
137
138     // uninstall providerB
139     req2.uninstallApp();
140
141     cynara.check(clientLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
142     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
143 }
144
145 RUNNER_CHILD_TEST(app_defined_04_app_update)
146 {
147     const Privilege providerPrivilegeLicenseA(
148         "http://tizen.org/licensed/abcsoftware/calendar",
149         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
150     const Privilege clientPrivilegeLicenseA(
151         "http://tizen.org/licensed/abcsoftware/calendar",
152         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
153     const Privilege privilegeB(
154         "http://tizen.org/untrusted/devstudio/statistic",
155         Privilege::UNTRUSTED);
156     const Privilege providerPrivilegeLicenseC(
157         "http://tizen.org/licensed/xyzsoftware/camera",
158         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
159     const Privilege clientPrivilegeLicenseC(
160         "http://tizen.org/licensed/xyzsoftware/camera",
161         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
162
163     const std::string providerAppId = "app_def_provider_01";
164     const std::string clientAppId = "app_def_client_01";
165     const std::string ownerId = "5001";
166     const std::string session = "S0M33S3SSI0N";
167
168     AppInstallHelper providerV1(providerAppId);
169     AppInstallHelper providerV2(providerAppId);
170     AppInstallHelper client(clientAppId);
171
172     std::string clientLabel = client.generateAppLabel();
173
174     providerV1.addAppDefinedPrivilege(providerPrivilegeLicenseA);
175     providerV1.addAppDefinedPrivilege(privilegeB);
176     client.addPrivilege(clientPrivilegeLicenseA);
177     client.addPrivilege(privilegeB);
178     client.addPrivilege(clientPrivilegeLicenseC);
179
180     ScopedInstaller req1(providerV1);
181     ScopedInstaller req2(client);
182
183     CynaraTestClient::Client cynara;
184     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED);
185     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
186     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_DENIED);
187
188     // update provider version, remove privilegeA, add privilegeC
189     providerV2.addAppDefinedPrivilege(privilegeB);
190     providerV2.addAppDefinedPrivilege(providerPrivilegeLicenseC);
191
192     ScopedInstaller req3(providerV2);
193
194     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
195     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
196     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_ALLOWED);
197 }
198
199 RUNNER_CHILD_TEST(app_defined_05_global_local_install)
200 {
201     const Privilege privilegeA(
202         "http://tizen.org/untrusted/devstudio/statistic",
203         Privilege::UNTRUSTED);
204     const Privilege providerLocalPrivilegeLicenseB(
205         "http://tizen.org/licensed/abcsoftware/calendar",
206         "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
207     const Privilege clientGlobalPrivilegeLicenseB(
208         "http://tizen.org/licensed/abcsoftware/calendar",
209         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
210     const Privilege clientLocalPrivilegeLicenseB(
211         "http://tizen.org/licensed/abcsoftware/calendar",
212         "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
213     const Privilege privilegeC(
214         "http://tizen.org/untrusted/gamestudio/football",
215         Privilege::UNTRUSTED);
216
217     const std::string providerAppId = "app_def_provider_01";
218     const std::string clientAppId = "app_def_client_01";
219     const std::string ownerId = "5001";
220     const std::string bobId = "5002";
221     const std::string session = "S0M33S3SSI0N";
222
223     AppInstallHelper providerGlobal(providerAppId);
224     AppInstallHelper providerLocal(providerAppId, 5002);
225     AppInstallHelper clientGlobal(clientAppId);
226     AppInstallHelper clientLocal(clientAppId, 5002);
227
228     std::string clientGlobalLabel = clientGlobal.generateAppLabel();
229     std::string clientLocalLabel = clientLocal.generateAppLabel();
230
231     providerGlobal.addAppDefinedPrivilege(privilegeA);
232     providerGlobal.addAppDefinedPrivilege(privilegeC);
233     providerLocal.addAppDefinedPrivilege(privilegeA);
234     providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseB);
235
236     clientGlobal.addPrivilege(privilegeA);
237     clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
238     clientGlobal.addPrivilege(privilegeC);
239     clientLocal.addPrivilege(clientLocalPrivilegeLicenseB);
240     clientLocal.addPrivilege(privilegeC);
241
242     CynaraTestClient::Client cynara;
243
244     // local provider only and global consumer only
245     ScopedInstaller req1(providerLocal);
246     ScopedInstaller req2(clientGlobal);
247     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
248     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
249     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
250     cynara.check(clientGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
251     cynara.check(clientGlobalLabel, session, bobId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
252     cynara.check(clientGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
253
254     // local provider only and global/local consumer
255     ScopedInstaller req3(clientLocal);
256     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
257     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
258     cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
259
260     // global/local provider and global/local consumer
261     ScopedInstaller req4(providerGlobal);
262     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
263     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
264     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
265     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
266     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
267     //cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
268
269     // global provider only and global/local consumer
270     req1.uninstallApp();
271     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
272     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
273     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
274     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
275     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
276     cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
277
278     // global provider only and global consumer only
279     req3.uninstallApp();
280     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
281     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
282     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
283 }
284
285 RUNNER_CHILD_TEST(app_defined_06_get_provider)
286 {
287     int result;
288     char *pkgId = nullptr;
289     char *appId = nullptr;
290     const Privilege privilegeA(
291         "http://tizen.org/untrusted/devstudio/statistic",
292         Privilege::UNTRUSTED);
293     const Privilege privilegeB(
294         "http://tizen.org/untrusted/gamestudio/running",
295         Privilege::UNTRUSTED);
296     const std::string providerAppId = "app_def_06_provider";
297     uid_t uid = 5001;
298
299     AppInstallHelper providerGlobal(providerAppId);
300     AppInstallHelper providerLocal(providerAppId, uid);
301     providerGlobal.addAppDefinedPrivilege(privilegeB);
302     providerLocal.addAppDefinedPrivilege(privilegeA);
303     ScopedInstaller req1(providerGlobal);
304     ScopedInstaller req2(providerLocal);
305
306     result = security_manager_get_app_defined_privilege_provider("noExistingPrivilege",
307                                                                  uid, &pkgId, &appId);
308     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
309     RUNNER_ASSERT(appId == nullptr);
310     RUNNER_ASSERT(pkgId == nullptr);
311
312     result = security_manager_get_app_defined_privilege_provider(privilegeA,
313                                                                  uid+1, &pkgId, &appId);
314     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
315     RUNNER_ASSERT(appId == nullptr);
316     RUNNER_ASSERT(pkgId == nullptr);
317
318     result = security_manager_get_app_defined_privilege_provider(privilegeA,
319                                                                  uid, nullptr, nullptr);
320     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
321
322     result = security_manager_get_app_defined_privilege_provider(privilegeA,
323                                                                  uid, &pkgId, nullptr);
324     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
325     RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
326     free(pkgId);
327     pkgId = nullptr;
328
329     result = security_manager_get_app_defined_privilege_provider(privilegeA,
330                                                                  uid, nullptr, &appId);
331     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
332     RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
333     free(appId);
334     appId = nullptr;
335
336     result = security_manager_get_app_defined_privilege_provider(privilegeA,
337                                                                  uid, &pkgId, &appId);
338     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
339     RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
340     RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
341     free(appId);
342     free(pkgId);
343     appId = nullptr;
344     pkgId = nullptr;
345
346     result = security_manager_get_app_defined_privilege_provider(privilegeB,
347                                                                  uid, &pkgId, &appId);
348     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT,
349             "Local installation of application should 'hide' this privilege. Provider should not be found.");
350     RUNNER_ASSERT(appId == nullptr);
351     RUNNER_ASSERT(pkgId == nullptr);
352 }
353
354 RUNNER_CHILD_TEST(app_defined_07_get_provider_license)
355 {
356     int result;
357     char *license = nullptr;
358     const Privilege providerLocalPrivilegeLicenseA(
359         "http://tizen.org/licensed/abcsoftware/calendar",
360         "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
361     const Privilege providerGlobalPrivilegeLicenseB(
362         "http://tizen.org/licensed/xyzsoftware/camera",
363         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
364     const Privilege privilegeBuntrusted(
365         providerGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
366
367     const std::string providerAppId = "app_def_provider_01";
368     uid_t uid = 5002;
369
370     AppInstallHelper providerGlobal(providerAppId);
371     AppInstallHelper providerLocal(providerAppId, uid);
372     providerGlobal.addAppDefinedPrivilege(providerGlobalPrivilegeLicenseB);
373     providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseA);
374     providerLocal.addAppDefinedPrivilege(privilegeBuntrusted);
375
376     ScopedInstaller req1(providerGlobal);
377     ScopedInstaller req2(providerLocal);
378
379     result = security_manager_get_app_defined_privilege_license(nullptr, uid, &license);
380     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
381     RUNNER_ASSERT(license == nullptr);
382
383     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, nullptr);
384     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
385
386     result = security_manager_get_app_defined_privilege_license("noExistingPrivilege", uid, &license);
387     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
388     RUNNER_ASSERT(license == nullptr);
389
390     result = security_manager_get_app_defined_privilege_license(privilegeBuntrusted, uid, &license);
391     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
392     RUNNER_ASSERT(license == nullptr);
393
394     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid+1, &license);
395     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
396     RUNNER_ASSERT(license == nullptr);
397
398     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, &license);
399     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
400     RUNNER_ASSERT(license && providerLocalPrivilegeLicenseA.getLicense() == license);
401     free(license);
402     license = nullptr;
403
404     req2.uninstallApp();
405     result = security_manager_get_app_defined_privilege_license(providerGlobalPrivilegeLicenseB, uid, &license);
406     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
407     RUNNER_ASSERT(license && providerGlobalPrivilegeLicenseB.getLicense() == license);
408     free(license);
409     license = nullptr;
410 }
411
412 RUNNER_CHILD_TEST(app_defined_08_add_get_license_with_untrusted_priv)
413 {
414     int result;
415     char *license = nullptr;
416     char *appId = nullptr;
417     char *pkgId = nullptr;
418
419     const Privilege privilegeUntrusted(
420         "http://tizen.org/licensed/abcsoftware/calendar",
421         Privilege::UNTRUSTED);
422
423     const std::string providerAppId = "app_def_provider_07";
424     const std::string clientAppId = "app_def_client_07";
425     uid_t uid = 5002;
426
427     AppInstallHelper providerGlobal(providerAppId);
428     providerGlobal.addAppDefinedPrivilege(privilegeUntrusted);
429
430     AppInstallHelper clientLocal(clientAppId, uid);
431     clientLocal.addPrivilege(privilegeUntrusted);
432
433     ScopedInstaller req1(providerGlobal);
434     ScopedInstaller req2(clientLocal);
435
436     result = security_manager_get_client_privilege_license(privilegeUntrusted,
437                                                            clientLocal.getPkgId().c_str(),
438                                                            clientLocal.getAppId().c_str(),
439                                                            uid, &license);
440     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
441     RUNNER_ASSERT(license == nullptr);
442
443     result = security_manager_get_app_defined_privilege_license(privilegeUntrusted, uid, &license);
444     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT, "getting privilege provider license failed");
445     RUNNER_ASSERT(license == nullptr);
446
447     result = security_manager_get_app_defined_privilege_provider(privilegeUntrusted,
448                                                                  uid, &pkgId, &appId);
449     RUNNER_ASSERT(result == SECURITY_MANAGER_SUCCESS);
450     RUNNER_ASSERT(appId != nullptr && providerGlobal.getAppId() == appId);
451     RUNNER_ASSERT(pkgId != nullptr && providerGlobal.getPkgId() == pkgId);
452     free(appId);
453     free(pkgId);
454 }
455
456 RUNNER_CHILD_TEST(app_defined_09_add_get_client_license)
457 {
458     int result;
459     char *license = nullptr;
460     const Privilege clientLocalPrivilegeLicenseA(
461         "http://tizen.org/licensed/abcsoftware/calendar",
462         "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
463     const Privilege clientGlobalPrivilegeLicenseB(
464         "http://tizen.org/licensed/xyzsoftware/camera",
465         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
466     const Privilege privilegeBuntrusted(
467         clientGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
468
469     const std::string clientAppId = "app_def_client_01";
470     uid_t uid = 5002;
471
472     AppInstallHelper clientGlobal(clientAppId);
473     AppInstallHelper clientLocal(clientAppId, uid);
474     clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
475     clientLocal.addPrivilege(clientLocalPrivilegeLicenseA);
476     clientLocal.addPrivilege(privilegeBuntrusted);
477     ScopedInstaller req1(clientGlobal);
478     ScopedInstaller req2(clientLocal);
479
480     result = security_manager_get_client_privilege_license(nullptr,
481                                                            clientLocal.getPkgId().c_str(),
482                                                            clientLocal.getAppId().c_str(),
483                                                            uid, &license);
484     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
485     RUNNER_ASSERT(license == nullptr);
486
487     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, nullptr, nullptr,
488                                                            uid, &license);
489     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
490     RUNNER_ASSERT(license == nullptr);
491
492     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
493                                                            clientLocal.getPkgId().c_str(),
494                                                            clientLocal.getAppId().c_str(),
495                                                            uid, nullptr);
496     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
497
498     result = security_manager_get_client_privilege_license("noExistingPrivilege",
499                                                            clientLocal.getPkgId().c_str(),
500                                                            clientLocal.getAppId().c_str(),
501                                                            uid, &license);
502     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
503     RUNNER_ASSERT(license == nullptr);
504
505     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, "noExistingPkg", "noExistingApp",
506                                                            uid, &license);
507     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
508     RUNNER_ASSERT(license == nullptr);
509
510     result = security_manager_get_client_privilege_license(privilegeBuntrusted,
511                                                            clientLocal.getPkgId().c_str(),
512                                                            clientLocal.getAppId().c_str(),
513                                                            uid, &license);
514     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
515     RUNNER_ASSERT(license == nullptr);
516
517     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
518                                                            clientLocal.getPkgId().c_str(),
519                                                            clientLocal.getAppId().c_str(),
520                                                            uid+1, &license);
521     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
522     RUNNER_ASSERT(license == nullptr);
523
524     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
525                                                            clientLocal.getPkgId().c_str(),
526                                                            clientLocal.getAppId().c_str(),
527                                                            uid, &license);
528     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
529     RUNNER_ASSERT(license && clientLocalPrivilegeLicenseA.getLicense() == license);
530     free(license);
531     license = nullptr;
532
533     req2.uninstallApp();
534     result = security_manager_get_client_privilege_license(clientGlobalPrivilegeLicenseB,
535                                                            clientGlobal.getPkgId().c_str(),
536                                                            clientGlobal.getAppId().c_str(),
537                                                            uid, &license);
538     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
539     RUNNER_ASSERT(license && clientGlobalPrivilegeLicenseB.getLicense() == license);
540     free(license);
541     license = nullptr;
542 }
543
544 RUNNER_CHILD_TEST(app_defined_10_check_system_privileges)
545 {
546     const std::string providerAppId = "app_def_09_provider";
547     const Privilege privilege("http://tizen.org/privilege/internet", Privilege::UNTRUSTED);
548
549     InstallRequest requestInst;
550     requestInst.setAppId(providerAppId);
551     requestInst.setPkgId(providerAppId);
552     requestInst.addAppDefinedPrivilege(privilege);
553     Api::install(requestInst, SECURITY_MANAGER_ERROR_INPUT_PARAM);
554     Api::uninstall(requestInst);
555 }
556
557 RUNNER_CHILD_TEST(app_defined_11_invalid_license)
558 {
559     const Privilege providerPrivilegeLicense(
560         "http://tizen.org/licensed/abcsoftware/calendar",
561         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
562     const Privilege clientPrivilegeLicense(
563         "http://tizen.org/licensed/abcsoftware/calendar",
564         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
565     const std::string providerAppId = "app_def_provider_01";
566     const std::string clientAppId = "app_def_client_01";
567     const std::string ownerId = "5001";
568     const std::string session = "S0M33S3SSI0N";
569
570     AppInstallHelper provider(providerAppId);
571     AppInstallHelper client(clientAppId);
572     client.setHybrid();
573     std::string clientLabel = client.generateAppLabel();
574
575     provider.addAppDefinedPrivilege(providerPrivilegeLicense);
576     client.addPrivilege(clientPrivilegeLicense);
577
578     ScopedInstaller req1(provider);
579     ScopedInstaller req2(client);
580
581     CynaraTestClient::Client cynara;
582     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
583 }
584
585 RUNNER_CHILD_TEST(app_defined_12_invalid_common_name)
586 {
587     const Privilege providerPrivilegeLicense(
588         "http://tizen.org/licensed/xyzsoftware/camera",
589         "/opt/usr/globalapps/app_def_provider_02_pkg_id/cert/xyzsoftware.pem");
590     const Privilege clientPrivilegeLicense(
591         "http://tizen.org/licensed/xyzsoftware/camera",
592         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
593     const std::string providerAppId = "app_def_provider_02";
594     const std::string clientAppId = "app_def_client_01";
595     const std::string ownerId = "5001";
596     const std::string session = "S0M33S3SSI0N";
597
598     AppInstallHelper provider(providerAppId);
599     AppInstallHelper client(clientAppId);
600     client.setHybrid();
601     std::string clientLabel = client.generateAppLabel();
602
603     provider.addAppDefinedPrivilege(providerPrivilegeLicense);
604     client.addPrivilege(clientPrivilegeLicense);
605
606     ScopedInstaller req1(provider);
607     ScopedInstaller req2(client);
608
609     CynaraTestClient::Client cynara;
610     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
611 }
Domain: Security / Uncategorized;