2 * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 #include <app_install_helper.h>
21 #include <pkg_privacy_privileges.h>
22 #include <scoped_installer.h>
24 #include <sm_commons.h>
25 #include <temp_test_user.h>
26 #include <tests_common.h>
28 #include <dpl/test/test_runner.h>
29 #include <dpl/test/test_runner_child.h>
30 #include <privilege_names.h>
32 using namespace PrivilegeNames;
34 const PrivilegeVector TEST_PRIVACY_PRIVILEGES = {
35 Privilege(PRIV_CALLHISTORY_READ, Privilege::PRIVACY),
36 Privilege(PRIV_ACCOUNT_READ, Privilege::PRIVACY),
37 Privilege(PRIV_HEALTHINFO, Privilege::PRIVACY) };
39 using namespace SecurityManagerTest;
41 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_POLICY)
43 RUNNER_CHILD_TEST(security_manager_ap1_app_policy_fetch_for_self) {
44 TemporaryTestUser tmpUser("sm_test_ap1_user_name", GUM_USERTYPE_NORMAL, false);
47 AppInstallHelper app("sm_test_ap1", tmpUser.getUid());
48 app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
50 unsigned expectedPolicyCount = countPrivacyPrivileges(app.getPrivileges());
52 // If askuser is disabled there will be no privacy policy to expect
53 RUNNER_ASSERT_MSG(isAskuserDisabled() || expectedPolicyCount > 0,
54 "Application won't be installed with any privacy privileges, fix test");
56 PkgPrivacyPrivileges setupPrivacyPrivs(app);
57 ScopedInstaller appInstall(app);
60 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
61 if (pid != 0) { //parent process
63 } else { //child process
64 Api::setProcessLabel(app.getAppId());
65 RUNNER_ASSERT_ERRNO_MSG(
66 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
67 "drop_root_privileges failed");
69 std::string uidStr = tmpUser.getUidString();
70 for (const auto &appPrivilege : app.getPrivileges()) {
71 PolicyEntry filter(app.getAppId(), uidStr, appPrivilege);
73 std::vector<PolicyEntry> policyEntries;
74 Api::getPolicyForSelf(filter, policyEntries);
75 if (isAskuserDisabled()) {
76 //further checks do not make sense, but we've checked if app has permission to perform policy fetch
80 RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
81 RUNNER_ASSERT_MSG(policyEntries.size() == 1,
82 "Number of policies doesn't match - should be: " << expectedPolicyCount << " and is " << policyEntries.size());
84 for (const auto &policyEntry : policyEntries) {
85 std::string user = policyEntry.getUser();
86 std::string appId = policyEntry.getAppId();
87 std::string privilege = policyEntry.getPrivilege();
89 RUNNER_ASSERT_MSG(appId == app.getAppId(),
90 "Policy returned for wrong appId," " expected : " << app.getAppId() << ", got : " << appId);
91 RUNNER_ASSERT_MSG(user == uidStr,
92 "Policy returned for wrong user," " expected : " << uidStr << ", got : " << user);
93 RUNNER_ASSERT_MSG(privilege == appPrivilege.getName(),
94 "Policy returned for wrong privilege," " expected : " << appPrivilege << ", got : " << privilege);
102 RUNNER_CHILD_TEST(security_manager_ap2_app_policy_fetch_for_self_different_user) {
103 TemporaryTestUser tmpUser("sm_test_ap2_1_user_name", GUM_USERTYPE_NORMAL, false);
105 TemporaryTestUser tmpUser2("sm_test_ap2_2_user_name", GUM_USERTYPE_NORMAL, false);
108 AppInstallHelper app("sm_test_ap2", tmpUser.getUid());
109 app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
111 PkgPrivacyPrivileges setupPrivacyPrivs(app);
112 ScopedInstaller appInstall(app);
115 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
116 if (pid != 0) { //parent process
118 } else { //child process
119 Api::setProcessLabel(app.getAppId());
120 RUNNER_ASSERT_ERRNO_MSG(
121 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
122 "drop_root_privileges failed");
124 std::string wrongUidStr = tmpUser2.getUidString();
125 for (const auto &appPrivilege : app.getPrivileges()) {
126 PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege);
128 std::vector<PolicyEntry> policyEntries;
129 Api::getPolicyForSelf(filter, policyEntries,
130 SECURITY_MANAGER_ERROR_ACCESS_DENIED);
136 RUNNER_CHILD_TEST(security_manager_ap3_app_policy_fetch_for_self_different_user_global) {
137 TemporaryTestUser tmpUser("sm_test_ap3_1_user_name", GUM_USERTYPE_NORMAL, false);
139 TemporaryTestUser tmpUser2("sm_test_ap3_2_user_name", GUM_USERTYPE_NORMAL, false);
142 AppInstallHelper app("sm_test_ap3");
143 app.setInstallType(SM_APP_INSTALL_GLOBAL);
144 app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
146 PkgPrivacyPrivileges setupPrivacyPrivs(app);
147 ScopedInstaller appInstall(app);
150 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
151 if (pid != 0) { //parent process
153 } else { //child process
154 Api::setProcessLabel(app.getAppId());
155 RUNNER_ASSERT_ERRNO_MSG(
156 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
157 "drop_root_privileges failed");
159 std::string wrongUidStr = tmpUser2.getUidString();
160 for (const auto &appPrivilege : app.getPrivileges()) {
161 PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege);
163 std::vector<PolicyEntry> policyEntries;
164 Api::getPolicyForSelf(filter, policyEntries,
165 SECURITY_MANAGER_ERROR_ACCESS_DENIED);
171 RUNNER_CHILD_TEST(security_manager_ap3_app_policy_fetch_for_self_different_app) {
172 TemporaryTestUser tmpUser("sm_test_ap3_user_name", GUM_USERTYPE_NORMAL, false);
175 AppInstallHelper app1("sm_test_ap3_1", tmpUser.getUid());
176 app1.addPrivileges(TEST_PRIVACY_PRIVILEGES);
178 AppInstallHelper app2("sm_test_ap3_2", tmpUser.getUid());
179 app2.addPrivileges(TEST_PRIVACY_PRIVILEGES);
181 PkgPrivacyPrivileges setupPrivacyPrivs1(app1);
182 ScopedInstaller appInstall1(app1);
184 PkgPrivacyPrivileges setupPrivacyPrivs2(app2);
185 ScopedInstaller appInstall2(app2);
188 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
189 if (pid != 0) { //parent process
191 } else { //child process
192 Api::setProcessLabel(app1.getAppId());
193 RUNNER_ASSERT_ERRNO_MSG(
194 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
195 "drop_root_privileges failed");
197 std::string uidStr = tmpUser.getUidString();
198 for (const auto &appPrivilege : app1.getPrivileges()) {
199 PolicyEntry filter(app2.getAppId(), uidStr, appPrivilege);
201 std::vector<PolicyEntry> policyEntries;
202 Api::getPolicyForSelf(filter, policyEntries,
203 SECURITY_MANAGER_ERROR_ACCESS_DENIED);