2 * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 #include <app_install_helper.h>
21 #include <pkg_privacy_privileges.h>
22 #include <scoped_installer.h>
24 #include <sm_commons.h>
25 #include <temp_test_user.h>
26 #include <tests_common.h>
28 #include <dpl/test/test_runner.h>
29 #include <dpl/test/test_runner_child.h>
31 const PrivilegeVector TEST_PRIVACY_PRIVILEGES = {
32 Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
33 Privilege("http://tizen.org/privilege/account.read", Privilege::PRIVACY),
34 Privilege("http://tizen.org/privilege/healthinfo", Privilege::PRIVACY) };
36 using namespace SecurityManagerTest;
38 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_POLICY)
40 RUNNER_CHILD_TEST(security_manager_ap1_app_policy_fetch_for_self) {
41 TemporaryTestUser tmpUser("sm_test_ap1_user_name", GUM_USERTYPE_NORMAL, false);
44 AppInstallHelper app("sm_test_ap1", tmpUser.getUid());
45 app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
47 unsigned expectedPolicyCount = countPrivacyPrivileges(app.getPrivileges());
49 // If askuser is disabled there will be no privacy policy to expect
50 RUNNER_ASSERT_MSG(isAskuserDisabled() || expectedPolicyCount > 0,
51 "Application won't be installed with any privacy privileges, fix test");
53 PkgPrivacyPrivileges setupPrivacyPrivs(app);
54 ScopedInstaller appInstall(app);
57 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
58 if (pid != 0) { //parent process
60 } else { //child process
61 Api::setProcessLabel(app.getAppId());
62 RUNNER_ASSERT_ERRNO_MSG(
63 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
64 "drop_root_privileges failed");
66 std::string uidStr = tmpUser.getUidString();
67 for (const auto &appPrivilege : app.getPrivileges()) {
68 PolicyEntry filter(app.getAppId(), uidStr, appPrivilege);
70 std::vector<PolicyEntry> policyEntries;
71 Api::getPolicyForSelf(filter, policyEntries);
72 if (isAskuserDisabled()) {
73 //further checks do not make sense, but we've checked if app has permission to perform policy fetch
77 RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
78 RUNNER_ASSERT_MSG(policyEntries.size() == 1,
79 "Number of policies doesn't match - should be: " << expectedPolicyCount << " and is " << policyEntries.size());
81 for (const auto &policyEntry : policyEntries) {
82 std::string user = policyEntry.getUser();
83 std::string appId = policyEntry.getAppId();
84 std::string privilege = policyEntry.getPrivilege();
86 RUNNER_ASSERT_MSG(appId == app.getAppId(),
87 "Policy returned for wrong appId," " expected : " << app.getAppId() << ", got : " << appId);
88 RUNNER_ASSERT_MSG(user == uidStr,
89 "Policy returned for wrong user," " expected : " << uidStr << ", got : " << user);
90 RUNNER_ASSERT_MSG(privilege == appPrivilege.getName(),
91 "Policy returned for wrong privilege," " expected : " << appPrivilege << ", got : " << privilege);
99 RUNNER_CHILD_TEST(security_manager_ap2_app_policy_fetch_for_self_different_user) {
100 TemporaryTestUser tmpUser("sm_test_ap2_1_user_name", GUM_USERTYPE_NORMAL, false);
102 TemporaryTestUser tmpUser2("sm_test_ap2_2_user_name", GUM_USERTYPE_NORMAL, false);
105 AppInstallHelper app("sm_test_ap2", tmpUser.getUid());
106 app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
108 PkgPrivacyPrivileges setupPrivacyPrivs(app);
109 ScopedInstaller appInstall(app);
112 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
113 if (pid != 0) { //parent process
115 } else { //child process
116 Api::setProcessLabel(app.getAppId());
117 RUNNER_ASSERT_ERRNO_MSG(
118 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
119 "drop_root_privileges failed");
121 std::string wrongUidStr = tmpUser2.getUidString();
122 for (const auto &appPrivilege : app.getPrivileges()) {
123 PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege);
125 std::vector<PolicyEntry> policyEntries;
126 Api::getPolicyForSelf(filter, policyEntries,
127 SECURITY_MANAGER_ERROR_ACCESS_DENIED);
133 RUNNER_CHILD_TEST(security_manager_ap3_app_policy_fetch_for_self_different_user_global) {
134 TemporaryTestUser tmpUser("sm_test_ap3_1_user_name", GUM_USERTYPE_NORMAL, false);
136 TemporaryTestUser tmpUser2("sm_test_ap3_2_user_name", GUM_USERTYPE_NORMAL, false);
139 AppInstallHelper app("sm_test_ap3");
140 app.setInstallType(SM_APP_INSTALL_GLOBAL);
141 app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
143 PkgPrivacyPrivileges setupPrivacyPrivs(app);
144 ScopedInstaller appInstall(app);
147 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
148 if (pid != 0) { //parent process
150 } else { //child process
151 Api::setProcessLabel(app.getAppId());
152 RUNNER_ASSERT_ERRNO_MSG(
153 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
154 "drop_root_privileges failed");
156 std::string wrongUidStr = tmpUser2.getUidString();
157 for (const auto &appPrivilege : app.getPrivileges()) {
158 PolicyEntry filter(app.getAppId(), wrongUidStr, appPrivilege);
160 std::vector<PolicyEntry> policyEntries;
161 Api::getPolicyForSelf(filter, policyEntries,
162 SECURITY_MANAGER_ERROR_ACCESS_DENIED);
168 RUNNER_CHILD_TEST(security_manager_ap3_app_policy_fetch_for_self_different_app) {
169 TemporaryTestUser tmpUser("sm_test_ap3_user_name", GUM_USERTYPE_NORMAL, false);
172 AppInstallHelper app1("sm_test_ap3_1", tmpUser.getUid());
173 app1.addPrivileges(TEST_PRIVACY_PRIVILEGES);
175 AppInstallHelper app2("sm_test_ap3_2", tmpUser.getUid());
176 app2.addPrivileges(TEST_PRIVACY_PRIVILEGES);
178 PkgPrivacyPrivileges setupPrivacyPrivs1(app1);
179 ScopedInstaller appInstall1(app1);
181 PkgPrivacyPrivileges setupPrivacyPrivs2(app2);
182 ScopedInstaller appInstall2(app2);
185 RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
186 if (pid != 0) { //parent process
188 } else { //child process
189 Api::setProcessLabel(app1.getAppId());
190 RUNNER_ASSERT_ERRNO_MSG(
191 drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
192 "drop_root_privileges failed");
194 std::string uidStr = tmpUser.getUidString();
195 for (const auto &appPrivilege : app1.getPrivileges()) {
196 PolicyEntry filter(app2.getAppId(), uidStr, appPrivilege);
198 std::vector<PolicyEntry> policyEntries;
199 Api::getPolicyForSelf(filter, policyEntries,
200 SECURITY_MANAGER_ERROR_ACCESS_DENIED);