src/security-manager-tests/test_cases_app_defined_privilege.cpp

   1 /*
   2  * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *    Licensed under the Apache License, Version 2.0 (the "License");
   5  *    you may not use this file except in compliance with the License.
   6  *    You may obtain a copy of the License at
   7  *
   8  *        http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *    Unless required by applicable law or agreed to in writing, software
  11  *    distributed under the License is distributed on an "AS IS" BASIS,
  12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *    See the License for the specific language governing permissions and
  14  *    limitations under the License.
  15  */
  16
  17 #include <functional>
  18 #include <string>
  19 #include <sys/types.h>
  20 #include <sys/un.h>
  21 #include <unistd.h>
  22
  23 #include <cynara_test_client.h>
  24 #include <dpl/test/test_runner.h>
  25 #include <sm_api.h>
  26 #include <sm_commons.h>
  27 #include <sm_request.h>
  28 #include <tests_common.h>
  29 #include <tzplatform.h>
  30 #include <app_install_helper.h>
  31 #include <scoped_installer.h>
  32
  33 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
  34
  35 using namespace SecurityManagerTest;
  36
  37 RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
  38 {
  39     const Privilege privilege(
  40         "http://tizen.org/untrusted/devstudio/statistic",
  41         Privilege::UNTRUSTED);
  42     const std::string providerAppId = "app_def_01_provider";
  43     const std::string clientAppId = "app_def_01_client";
  44     const std::string ownerId = "5001";
  45     const std::string session = "S0M3S3SSI0N";
  46
  47     AppInstallHelper provider(providerAppId);
  48     AppInstallHelper client(clientAppId);
  49
  50     std::string clientLabel = client.generateAppLabel();
  51
  52     provider.addAppDefinedPrivilege(privilege);
  53     client.addPrivilege(privilege);
  54
  55     ScopedInstaller req1(provider);
  56     ScopedInstaller req2(client);
  57
  58     CynaraTestClient::Client cynara;
  59     cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
  60
  61     // uninstall provider
  62     req1.uninstallApp();
  63
  64     cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
  65 }
  66
  67 RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
  68 {
  69     const Privilege providerPrivilegeLicense(
  70         "http://tizen.org/licensed/abcsoftware/calendar",
  71         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
  72     const Privilege clientPrivilegeLicense(
  73         "http://tizen.org/licensed/abcsoftware/calendar",
  74         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
  75     const std::string providerAppId = "app_def_provider_01";
  76     const std::string clientAppId = "app_def_client_01";
  77     const std::string ownerId = "5001";
  78     const std::string session = "S0M33S3SSI0N";
  79
  80     AppInstallHelper provider(providerAppId);
  81     AppInstallHelper client(clientAppId);
  82
  83     std::string clientLabel = client.generateAppLabel();
  84
  85     provider.addAppDefinedPrivilege(providerPrivilegeLicense);
  86     client.addPrivilege(clientPrivilegeLicense);
  87
  88     ScopedInstaller req1(provider);
  89     ScopedInstaller req2(client);
  90
  91     CynaraTestClient::Client cynara;
  92     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_ALLOWED);
  93
  94     // uninstall provider
  95     req1.uninstallApp();
  96
  97     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
  98 }
  99
 100 RUNNER_CHILD_TEST(app_defined_03_database_update)
 101 {
 102     const Privilege providerPrivilegeLicenseA(
 103         "http://tizen.org/licensed/abcsoftware/calendar",
 104         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
 105     const Privilege clientPrivilegeLicenseA(
 106         "http://tizen.org/licensed/abcsoftware/calendar",
 107         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
 108     const Privilege providerPrivilegeLicenseB(
 109         "http://tizen.org/licensed/xyzsoftware/camera",
 110         "/opt/usr/globalapps/app_def_provider_02_pkg_id/cert/xyzsoftware.pem");
 111     const Privilege clientPrivilegeLicenseB(
 112         "http://tizen.org/licensed/xyzsoftware/camera",
 113         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
 114
 115     const std::string providerAppIdA = "app_def_provider_01";
 116     const std::string providerAppIdB = "app_def_provider_02";
 117     const std::string clientAppId = "app_def_client_01";
 118     const std::string ownerId = "5001";
 119     const std::string session = "S0M33S3SSI0N";
 120
 121     AppInstallHelper providerA(providerAppIdA);
 122     AppInstallHelper providerB(providerAppIdB);
 123     AppInstallHelper client(clientAppId);
 124     client.setHybrid();
 125     std::string clientLabel = client.generateAppLabel();
 126
 127     providerA.addAppDefinedPrivilege(providerPrivilegeLicenseA);
 128     providerB.addAppDefinedPrivilege(providerPrivilegeLicenseB);
 129     client.addPrivilege(clientPrivilegeLicenseA);
 130     client.addPrivilege(clientPrivilegeLicenseB);
 131
 132     ScopedInstaller req1(providerA);
 133     ScopedInstaller req2(providerB);
 134     ScopedInstaller req3(client);
 135
 136     CynaraTestClient::Client cynara;
 137     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED);
 138     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
 139
 140     // uninstall providerA
 141     req1.uninstallApp();
 142
 143     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
 144     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
 145
 146     // uninstall providerB
 147     req2.uninstallApp();
 148
 149     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
 150     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 151 }
 152
 153 RUNNER_CHILD_TEST(app_defined_04_app_update)
 154 {
 155     const Privilege providerPrivilegeLicenseA(
 156         "http://tizen.org/licensed/abcsoftware/calendar",
 157         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
 158     const Privilege clientPrivilegeLicenseA(
 159         "http://tizen.org/licensed/abcsoftware/calendar",
 160         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
 161     const Privilege privilegeB(
 162         "http://tizen.org/untrusted/devstudio/statistic",
 163         Privilege::UNTRUSTED);
 164     const Privilege providerPrivilegeLicenseC(
 165         "http://tizen.org/licensed/xyzsoftware/camera",
 166         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
 167     const Privilege clientPrivilegeLicenseC(
 168         "http://tizen.org/licensed/xyzsoftware/camera",
 169         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
 170
 171     const std::string providerAppId = "app_def_provider_01";
 172     const std::string clientAppId = "app_def_client_01";
 173     const std::string ownerId = "5001";
 174     const std::string session = "S0M33S3SSI0N";
 175
 176     AppInstallHelper providerV1(providerAppId);
 177     AppInstallHelper providerV2(providerAppId);
 178     AppInstallHelper client(clientAppId);
 179
 180     std::string clientLabel = client.generateAppLabel();
 181
 182     providerV1.addAppDefinedPrivilege(providerPrivilegeLicenseA);
 183     providerV1.addAppDefinedPrivilege(privilegeB);
 184     client.addPrivilege(clientPrivilegeLicenseA);
 185     client.addPrivilege(privilegeB);
 186     client.addPrivilege(clientPrivilegeLicenseC);
 187
 188     ScopedInstaller req1(providerV1);
 189     ScopedInstaller req2(client);
 190
 191     CynaraTestClient::Client cynara;
 192     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED);
 193     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
 194     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_DENIED);
 195
 196     // update provider version, remove privilegeA, add privilegeC
 197     providerV2.addAppDefinedPrivilege(privilegeB);
 198     providerV2.addAppDefinedPrivilege(providerPrivilegeLicenseC);
 199
 200     ScopedInstaller req3(providerV2);
 201
 202     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED);
 203     cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
 204     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_ALLOWED);
 205 }
 206
 207 RUNNER_CHILD_TEST(app_defined_05_global_local_install)
 208 {
 209     const Privilege privilegeA(
 210         "http://tizen.org/untrusted/devstudio/statistic",
 211         Privilege::UNTRUSTED);
 212     const Privilege providerLocalPrivilegeLicenseB(
 213         "http://tizen.org/licensed/abcsoftware/calendar",
 214         "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
 215     const Privilege clientGlobalPrivilegeLicenseB(
 216         "http://tizen.org/licensed/abcsoftware/calendar",
 217         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem");
 218     const Privilege clientLocalPrivilegeLicenseB(
 219         "http://tizen.org/licensed/abcsoftware/calendar",
 220         "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
 221     const Privilege privilegeC(
 222         "http://tizen.org/untrusted/gamestudio/football",
 223         Privilege::UNTRUSTED);
 224
 225     const std::string providerAppId = "app_def_provider_01";
 226     const std::string clientAppId = "app_def_client_01";
 227     const std::string ownerId = "5001";
 228     const std::string bobId = "5002";
 229     const std::string session = "S0M33S3SSI0N";
 230
 231     AppInstallHelper providerGlobal(providerAppId);
 232     AppInstallHelper providerLocal(providerAppId, 5002);
 233     AppInstallHelper clientGlobal(clientAppId);
 234     AppInstallHelper clientLocal(clientAppId, 5002);
 235
 236     std::string clientGlobalLabel = clientGlobal.generateAppLabel();
 237     std::string clientLocalLabel = clientLocal.generateAppLabel();
 238
 239     providerGlobal.addAppDefinedPrivilege(privilegeA);
 240     providerGlobal.addAppDefinedPrivilege(privilegeC);
 241     providerLocal.addAppDefinedPrivilege(privilegeA);
 242     providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseB);
 243
 244     clientGlobal.addPrivilege(privilegeA);
 245     clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
 246     clientGlobal.addPrivilege(privilegeC);
 247     clientLocal.addPrivilege(clientLocalPrivilegeLicenseB);
 248     clientLocal.addPrivilege(privilegeC);
 249
 250     CynaraTestClient::Client cynara;
 251
 252     // local provider only and global consumer only
 253     ScopedInstaller req1(providerLocal);
 254     ScopedInstaller req2(clientGlobal);
 255     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
 256     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 257     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
 258     cynara.check(clientGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
 259     cynara.check(clientGlobalLabel, session, bobId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
 260     cynara.check(clientGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
 261
 262     // local provider only and global/local consumer
 263     ScopedInstaller req3(clientLocal);
 264     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
 265     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
 266     cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
 267
 268     // global/local provider and global/local consumer
 269     ScopedInstaller req4(providerGlobal);
 270     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
 271     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 272     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
 273     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
 274     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED);
 275     //cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
 276
 277     // global provider only and global/local consumer
 278     req1.uninstallApp();
 279     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
 280     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 281     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
 282     cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
 283     cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 284     cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
 285
 286     // global provider only and global consumer only
 287     req3.uninstallApp();
 288     cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
 289     cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED);
 290     cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
 291 }
 292
 293 RUNNER_CHILD_TEST(app_defined_06_get_provider)
 294 {
 295     int result;
 296     char *pkgId = nullptr;
 297     char *appId = nullptr;
 298     const Privilege privilegeA(
 299         "http://tizen.org/untrusted/devstudio/statistic",
 300         Privilege::UNTRUSTED);
 301     const Privilege privilegeB(
 302         "http://tizen.org/untrusted/gamestudio/running",
 303         Privilege::UNTRUSTED);
 304     const std::string providerAppId = "app_def_06_provider";
 305     uid_t uid = 5001;
 306
 307     AppInstallHelper providerGlobal(providerAppId);
 308     AppInstallHelper providerLocal(providerAppId, uid);
 309     providerGlobal.addAppDefinedPrivilege(privilegeB);
 310     providerLocal.addAppDefinedPrivilege(privilegeA);
 311     ScopedInstaller req1(providerGlobal);
 312     ScopedInstaller req2(providerLocal);
 313
 314     result = security_manager_get_app_defined_privilege_provider("noExistingPrivilege",
 315                                                                  uid, &pkgId, &appId);
 316     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 317     RUNNER_ASSERT(appId == nullptr);
 318     RUNNER_ASSERT(pkgId == nullptr);
 319
 320     result = security_manager_get_app_defined_privilege_provider(privilegeA,
 321                                                                  uid+1, &pkgId, &appId);
 322     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 323     RUNNER_ASSERT(appId == nullptr);
 324     RUNNER_ASSERT(pkgId == nullptr);
 325
 326     result = security_manager_get_app_defined_privilege_provider(privilegeA,
 327                                                                  uid, nullptr, nullptr);
 328     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 329
 330     result = security_manager_get_app_defined_privilege_provider(privilegeA,
 331                                                                  uid, &pkgId, nullptr);
 332     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
 333     RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
 334     free(pkgId);
 335     pkgId = nullptr;
 336
 337     result = security_manager_get_app_defined_privilege_provider(privilegeA,
 338                                                                  uid, nullptr, &appId);
 339     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
 340     RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
 341     free(appId);
 342     appId = nullptr;
 343
 344     result = security_manager_get_app_defined_privilege_provider(privilegeA,
 345                                                                  uid, &pkgId, &appId);
 346     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
 347     RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
 348     RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
 349     free(appId);
 350     free(pkgId);
 351     appId = nullptr;
 352     pkgId = nullptr;
 353
 354     result = security_manager_get_app_defined_privilege_provider(privilegeB,
 355                                                                  uid, &pkgId, &appId);
 356     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
 357     RUNNER_ASSERT(appId && std::string(appId) == providerGlobal.getAppId());
 358     RUNNER_ASSERT(pkgId && std::string(pkgId) == providerGlobal.getPkgId());
 359     free(appId);
 360     free(pkgId);
 361     appId = nullptr;
 362     pkgId = nullptr;
 363 }
 364
 365 RUNNER_CHILD_TEST(app_defined_07_get_provider_license)
 366 {
 367     int result;
 368     char *license = nullptr;
 369     const Privilege providerLocalPrivilegeLicenseA(
 370         "http://tizen.org/licensed/abcsoftware/calendar",
 371         "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
 372     const Privilege providerGlobalPrivilegeLicenseB(
 373         "http://tizen.org/licensed/xyzsoftware/camera",
 374         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der");
 375     const Privilege privilegeBuntrusted(
 376         providerGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
 377
 378     const std::string providerAppId = "app_def_provider_01";
 379     uid_t uid = 5002;
 380
 381     AppInstallHelper providerGlobal(providerAppId);
 382     AppInstallHelper providerLocal(providerAppId, uid);
 383     providerGlobal.addAppDefinedPrivilege(providerGlobalPrivilegeLicenseB);
 384     providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseA);
 385     providerLocal.addAppDefinedPrivilege(privilegeBuntrusted);
 386
 387     ScopedInstaller req1(providerGlobal);
 388     ScopedInstaller req2(providerLocal);
 389
 390     result = security_manager_get_app_defined_privilege_license(nullptr, uid, &license);
 391     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 392     RUNNER_ASSERT(license == nullptr);
 393
 394     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, nullptr);
 395     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 396
 397     result = security_manager_get_app_defined_privilege_license("noExistingPrivilege", uid, &license);
 398     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 399     RUNNER_ASSERT(license == nullptr);
 400
 401     result = security_manager_get_app_defined_privilege_license(privilegeBuntrusted, uid, &license);
 402     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 403     RUNNER_ASSERT(license == nullptr);
 404
 405     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid+1, &license);
 406     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 407     RUNNER_ASSERT(license == nullptr);
 408
 409     result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, &license);
 410     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
 411     RUNNER_ASSERT(license && providerLocalPrivilegeLicenseA.getLicense() == license);
 412     free(license);
 413     license = nullptr;
 414
 415     req2.uninstallApp();
 416     result = security_manager_get_app_defined_privilege_license(providerGlobalPrivilegeLicenseB, uid, &license);
 417     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed");
 418     RUNNER_ASSERT(license && providerGlobalPrivilegeLicenseB.getLicense() == license);
 419     free(license);
 420     license = nullptr;
 421 }
 422
 423 RUNNER_CHILD_TEST(app_defined_08_add_get_client_license)
 424 {
 425     int result;
 426     char *license = nullptr;
 427     const Privilege clientLocalPrivilegeLicenseA(
 428         "http://tizen.org/licensed/abcsoftware/calendar",
 429         "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem");
 430     const Privilege clientGlobalPrivilegeLicenseB(
 431         "http://tizen.org/licensed/xyzsoftware/camera",
 432         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
 433     const Privilege privilegeBuntrusted(
 434         clientGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED);
 435
 436     const std::string clientAppId = "app_def_client_01";
 437     uid_t uid = 5002;
 438
 439     AppInstallHelper clientGlobal(clientAppId);
 440     AppInstallHelper clientLocal(clientAppId, uid);
 441     clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB);
 442     clientLocal.addPrivilege(clientLocalPrivilegeLicenseA);
 443     clientLocal.addPrivilege(privilegeBuntrusted);
 444     ScopedInstaller req1(clientGlobal);
 445     ScopedInstaller req2(clientLocal);
 446
 447     result = security_manager_get_client_privilege_license(nullptr,
 448                                                            clientLocal.getAppId().c_str(),
 449                                                            uid, &license);
 450     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 451     RUNNER_ASSERT(license == nullptr);
 452
 453     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, nullptr,
 454                                                            uid, &license);
 455     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 456     RUNNER_ASSERT(license == nullptr);
 457
 458     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
 459                                                            clientLocal.getAppId().c_str(),
 460                                                            uid, nullptr);
 461     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 462
 463     result = security_manager_get_client_privilege_license("noExistingPrivilege",
 464                                                            clientLocal.getAppId().c_str(),
 465                                                            uid, &license);
 466     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 467     RUNNER_ASSERT(license == nullptr);
 468
 469     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, "noExistingApp",
 470                                                            uid, &license);
 471     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 472     RUNNER_ASSERT(license == nullptr);
 473
 474     result = security_manager_get_client_privilege_license(privilegeBuntrusted,
 475                                                            clientLocal.getAppId().c_str(),
 476                                                            uid, &license);
 477     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 478     RUNNER_ASSERT(license == nullptr);
 479
 480     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
 481                                                            clientLocal.getAppId().c_str(),
 482                                                            uid+1, &license);
 483     RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
 484     RUNNER_ASSERT(license == nullptr);
 485
 486     result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA,
 487                                                            clientLocal.getAppId().c_str(),
 488                                                            uid, &license);
 489     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
 490     RUNNER_ASSERT(license && clientLocalPrivilegeLicenseA.getLicense() == license);
 491     free(license);
 492     license = nullptr;
 493
 494     req2.uninstallApp();
 495     result = security_manager_get_client_privilege_license(clientGlobalPrivilegeLicenseB,
 496                                                            clientGlobal.getAppId().c_str(),
 497                                                            uid, &license);
 498     RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed");
 499     RUNNER_ASSERT(license && clientGlobalPrivilegeLicenseB.getLicense() == license);
 500     free(license);
 501     license = nullptr;
 502 }
 503
 504 RUNNER_CHILD_TEST(app_defined_09_check_system_privileges)
 505 {
 506     const std::string providerAppId = "app_def_09_provider";
 507     const Privilege privilege("http://tizen.org/privilege/internet", Privilege::UNTRUSTED);
 508
 509     InstallRequest requestInst;
 510     requestInst.setAppId(providerAppId);
 511     requestInst.setPkgId(providerAppId);
 512     requestInst.addAppDefinedPrivilege(privilege);
 513     Api::install(requestInst, SECURITY_MANAGER_ERROR_INPUT_PARAM);
 514     Api::uninstall(requestInst);
 515 }
 516
 517 RUNNER_CHILD_TEST(app_defined_10_invalid_license)
 518 {
 519     const Privilege providerPrivilegeLicense(
 520         "http://tizen.org/licensed/abcsoftware/calendar",
 521         "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem");
 522     const Privilege clientPrivilegeLicense(
 523         "http://tizen.org/licensed/abcsoftware/calendar",
 524         "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der");
 525     const std::string providerAppId = "app_def_provider_01";
 526     const std::string clientAppId = "app_def_client_01";
 527     const std::string ownerId = "5001";
 528     const std::string session = "S0M33S3SSI0N";
 529
 530     AppInstallHelper provider(providerAppId);
 531     AppInstallHelper client(clientAppId);
 532     client.setHybrid();
 533     std::string clientLabel = client.generateAppLabel();
 534
 535     provider.addAppDefinedPrivilege(providerPrivilegeLicense);
 536     client.addPrivilege(clientPrivilegeLicense);
 537
 538     ScopedInstaller req1(provider);
 539     ScopedInstaller req2(client);
 540
 541     CynaraTestClient::Client cynara;
 542     cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
 543 }