projects / platform / core / test / security-tests.git / blob
? search:


2878da3692bae654797351a359db99abab7bd313
[platform/core/test/security-tests.git] / src / security-manager-tests / test_cases_smack_privileges.cpp
1 /*
2  * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 #include <memory>
18 #include <map>
19 #include <cassert>
20
21 #include <boost/filesystem.hpp>
22
23 #include <tzplatform_config.h>
24
25 #include <dpl/test/test_runner.h>
26 #include <dpl/test/test_runner_child.h>
27
28 #include <scoped_installer.h>
29 #include <scoped_app_launcher.h>
30 #include <temp_test_user.h>
31 #include <app_install_helper_ext.h>
32 #include <sm_policy_request.h>
33 #include <privilege_names.h>
34 #include <sm_commons.h>
35 #include <service_manager.h>
36
37 using namespace SecurityManagerTest;
38 using namespace PrivilegeNames;
39
40 namespace {
41
42 namespace fs = boost::filesystem;
43
44 const uid_t OWNER_ID = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
45
46 const fs::path TEST_SETUP_PATH = SM_TEST_DIR "/smack-privileges";
47 const fs::path BACKUP_SETUP_PATH = TEST_SETUP_PATH / "backup";
48
49 constexpr char SM_POLICY_PATH[] = "/usr/share/security-manager/policy";
50 constexpr char SM_SMACK_PRIV_MAPPING_SUBDIR[] = "/privilege-mapping";
51 constexpr char SM_SMACK_PRIV_CONFIG[] = "privilege-smack.list";
52
53 void changePolicy(const AppInstallHelper& app, const std::string& priv, const std::string &level) {
54     PolicyRequest policyRequest;
55     PolicyEntry entry(app.getAppId(), std::to_string(app.getUID()), priv);
56     entry.setLevel(level);
57     policyRequest.addEntry(entry);
58     Api::sendPolicy(policyRequest);
59 }
60
61 enum class SmackPrivSetup {
62     ORIGINAL,
63     EMPTY,
64     INTERNET_ONLY,
65     // TODO test other configurations
66 };
67
68 // This is to ensure that original security-manager policy is restored after the group is finished
69 class SmackPrivGroupEnv final : public DPL::Test::TestGroup {
70 private:
71     class SmackPrivSetupMgr final {
72     public:
73         SmackPrivSetupMgr() :
74             m_currentSetup(SmackPrivSetup::ORIGINAL),
75             m_serviceManager("security-manager.service"),
76             m_setupMap({{ SmackPrivSetup::EMPTY, "empty" },
77                         { SmackPrivSetup::INTERNET_ONLY, "internet-only" }})
78         {
79         }
80         SmackPrivSetupMgr(const SmackPrivSetupMgr&) = delete;
81         SmackPrivSetupMgr& operator=(const SmackPrivSetupMgr&) = delete;
82         ~SmackPrivSetupMgr()
83         {
84             // restore setup
85             if (m_currentSetup != SmackPrivSetup::ORIGINAL) {
86                 try {
87                     copySetup(BACKUP_SETUP_PATH, SM_POLICY_PATH);
88
89                     m_serviceManager.restartService();
90                 } catch (...) {
91                     RUNNER_ERROR_MSG("Unknown exception occurred during backup restore.");
92                 }
93             }
94         }
95
96         void install(SmackPrivSetup setup)
97         {
98             if (setup == m_currentSetup)
99                 return;
100
101             // backup setup
102             if (m_currentSetup == SmackPrivSetup::ORIGINAL)
103                 copySetup(SM_POLICY_PATH, BACKUP_SETUP_PATH);
104
105             copySetup(TEST_SETUP_PATH / m_setupMap.at(setup), SM_POLICY_PATH);
106             m_currentSetup = setup;
107
108             // restart SM
109             m_serviceManager.restartService();
110         }
111
112     private:
113         void copySetup(const boost::filesystem::path& src, const boost::filesystem::path& dst)
114         {
115             const auto srcConfig = src / SM_SMACK_PRIV_CONFIG;
116             const auto dstConfig = dst / SM_SMACK_PRIV_CONFIG;
117             const auto srcMappingSubdir = src / SM_SMACK_PRIV_MAPPING_SUBDIR;
118             const auto dstMappingSubdir = dst / SM_SMACK_PRIV_MAPPING_SUBDIR;
119
120             // remove dst
121             fs::remove(dstConfig);
122             fs::remove_all(dstMappingSubdir);
123
124             // copy
125             if (fs::exists(srcConfig))
126                 fs::copy_file(srcConfig, dstConfig);
127
128             if (fs::exists(srcMappingSubdir)) {
129                 fs::create_directory(dstMappingSubdir);
130                 for (const auto& e: fs::recursive_directory_iterator(srcMappingSubdir))
131                     fs::copy(e.path(), dstMappingSubdir / fs::relative(e.path(), srcMappingSubdir));
132             }
133         }
134
135         SmackPrivSetup m_currentSetup;
136         ServiceManager m_serviceManager;
137         const std::map<SmackPrivSetup, std::string> m_setupMap;
138     };
139
140     static SmackPrivSetupMgr* m_setupMgr;
141
142 public:
143     void Init() override {
144         assert(!m_setupMgr);
145
146         m_setupMgr = new SmackPrivSetupMgr();
147     }
148
149     static void Install(SmackPrivSetup setup)
150     {
151         assert(m_setupMgr);
152
153         m_setupMgr->install(setup);
154     }
155
156     void Finish() override {
157         assert(m_setupMgr);
158
159         delete(m_setupMgr);
160         m_setupMgr = nullptr;
161     }
162 };
163
164 SmackPrivGroupEnv::SmackPrivSetupMgr* SmackPrivGroupEnv::m_setupMgr = nullptr;
165
166 template<SmackPrivSetup T>
167 class TestSetup
168 {
169 public:
170     void init(const std::string &) {
171         SmackPrivGroupEnv::Install(T);
172     }
173     void finish() {}
174 };
175
176 typedef TestSetup<SmackPrivSetup::INTERNET_ONLY> InternetOnlySetup;
177
178 } // namespace anonymous
179
180 RUNNER_TEST_GROUP_INIT_ENV(SECURITY_MANAGER_SMACK_PRIVILEGES, SmackPrivGroupEnv)
181
182 RUNNER_CHILD_TEST(smack_privileges_10_no_privileges, InternetOnlySetup)
183 {
184     AppInstallHelperExt app("sm_test_sp_10_app");
185     {
186         ScopedInstaller appInstall(app);
187         app.checkAfterInstall();
188         app.checkDeniedPrivileges({PRIV_INTERNET});
189         app.checkSmackPrivileges({}, {PRIV_INTERNET});
190         {
191             ScopedAppLauncher appLaunch(app);
192             app.checkSmackPrivileges({}, {PRIV_INTERNET});
193         }
194     }
195     app.checkAfterUninstall();
196 }
197
198 RUNNER_CHILD_TEST(smack_privileges_20_internet_privilege, InternetOnlySetup)
199 {
200     AppInstallHelperExt app("sm_test_sp_20_app");
201     app.addPrivileges({PRIV_INTERNET});
202     {
203         ScopedInstaller appInstall(app);
204         app.checkAfterInstall();
205
206         // rules absent before app is launched
207         app.checkSmackPrivileges({}, {PRIV_INTERNET});
208         {
209             ScopedAppLauncher appLaunch(app);
210             app.checkSmackPrivileges({PRIV_INTERNET}, {});
211         }
212         // rules present after app is terminated
213         app.checkSmackPrivileges({PRIV_INTERNET}, {});
214     }
215     app.checkAfterUninstall();
216     // rules removed after app uninstallation
217     app.checkSmackPrivileges({}, {PRIV_INTERNET});
218 }
219
220 RUNNER_CHILD_TEST(smack_privileges_30_one_after_another, InternetOnlySetup)
221 {
222     AppInstallHelperExt app("sm_test_sp_30_app");
223     app.addPrivileges({PRIV_INTERNET});
224     {
225         ScopedInstaller appInstall(app);
226         app.checkAfterInstall();
227
228         // rules absent before app is launched
229         app.checkSmackPrivileges({}, {PRIV_INTERNET});
230         {
231             ScopedAppLauncher appLaunch(app);
232             app.checkSmackPrivileges({PRIV_INTERNET}, {});
233         }
234         // rules present after app is terminated
235         app.checkSmackPrivileges({PRIV_INTERNET}, {});
236
237         {
238             ScopedAppLauncher appLaunch(app);
239             app.checkSmackPrivileges({PRIV_INTERNET}, {});
240         }
241         // rules present after app is terminated
242         app.checkSmackPrivileges({PRIV_INTERNET}, {});
243     }
244     app.checkAfterUninstall();
245     // rules removed after app uninstallation
246     app.checkSmackPrivileges({}, {PRIV_INTERNET});
247 }
248
249 RUNNER_CHILD_TEST(smack_privileges_40_different_users_one_after_another, InternetOnlySetup)
250 {
251     TemporaryTestUser testUser("sm_test_40_user_name", GUM_USERTYPE_NORMAL, true);
252     testUser.create();
253
254     AppInstallHelperExt app("sm_test_sp_40_app");
255     app.addPrivileges({PRIV_INTERNET});
256     {
257         // global install
258         ScopedInstaller appInstall(app);
259         app.checkAfterInstall();
260
261         app.checkSmackPrivileges({}, {PRIV_INTERNET});
262
263         // owner launch
264         {
265             app.setUidGid(OWNER_ID);
266             ScopedAppLauncher appLaunch(app);
267             app.checkSmackPrivileges({PRIV_INTERNET}, {});
268         }
269
270         app.checkSmackPrivileges({PRIV_INTERNET}, {});
271
272         // test user launch
273         {
274             app.setUidGid(testUser.getUid());
275             ScopedAppLauncher appLaunch(app);
276             app.checkSmackPrivileges({PRIV_INTERNET}, {});
277         }
278
279         app.checkSmackPrivileges({PRIV_INTERNET}, {});
280     }
281     app.checkAfterUninstall();
282     app.checkSmackPrivileges({}, {PRIV_INTERNET});
283 }
284
285 RUNNER_CHILD_TEST(smack_privileges_50_same_user_simultaneously, InternetOnlySetup)
286 {
287     AppInstallHelperExt app("sm_test_sp_50_app", OWNER_ID);
288     app.addPrivileges({PRIV_INTERNET});
289     {
290         ScopedInstaller appInstall(app);
291         app.checkAfterInstall();
292
293         app.checkSmackPrivileges({}, {PRIV_INTERNET});
294         {
295             ScopedAppLauncher appLaunch1(app);
296             app.checkSmackPrivileges({PRIV_INTERNET}, {});
297             {
298                 ScopedAppLauncher appLaunch2(app);
299                 app.checkSmackPrivileges({PRIV_INTERNET}, {});
300             }
301             app.checkSmackPrivileges({PRIV_INTERNET}, {});
302         }
303         app.checkSmackPrivileges({PRIV_INTERNET}, {});
304     }
305     app.checkAfterUninstall();
306     app.checkSmackPrivileges({}, {PRIV_INTERNET});
307 }
308
309 RUNNER_CHILD_TEST(smack_privileges_60_same_user_interchangeably, InternetOnlySetup)
310 {
311     AppInstallHelperExt app("sm_test_sp_60_app", OWNER_ID);
312     app.addPrivileges({PRIV_INTERNET});
313     {
314         // local install
315         ScopedInstaller appInstall(app);
316         app.checkAfterInstall();
317
318         app.checkSmackPrivileges({}, {PRIV_INTERNET});
319
320         // owner launch 1
321         auto appLaunch1 = std::make_unique<ScopedAppLauncher>(app);
322
323         app.checkSmackPrivileges({PRIV_INTERNET}, {});
324
325         // owner launch 2
326         auto appLaunch2 = std::make_unique<ScopedAppLauncher>(app);
327
328         app.checkSmackPrivileges({PRIV_INTERNET}, {});
329
330         // owner terminate 1
331         appLaunch1.reset();
332
333         app.checkSmackPrivileges({PRIV_INTERNET}, {});
334
335         // owner terminate 2
336         appLaunch2.reset();
337     }
338     app.checkAfterUninstall();
339     app.checkSmackPrivileges({}, {PRIV_INTERNET});
340 }
341
342 RUNNER_CHILD_TEST(smack_privileges_70_different_users_simultaneously, InternetOnlySetup)
343 {
344     TemporaryTestUser testUser("sm_test_70_user_name", GUM_USERTYPE_NORMAL, true);
345     testUser.create();
346
347     AppInstallHelperExt app("sm_test_sp_70_app");
348     app.addPrivileges({PRIV_INTERNET});
349     {
350         // global install
351         ScopedInstaller appInstall(app);
352         app.checkAfterInstall();
353
354         app.checkSmackPrivileges({}, {PRIV_INTERNET});
355
356         // owner launch
357         {
358             app.setUidGid(OWNER_ID);
359             ScopedAppLauncher appLaunch(app);
360             app.checkSmackPrivileges({PRIV_INTERNET}, {});
361
362             // test user launch
363             {
364                 app.setUidGid(testUser.getUid());
365                 ScopedAppLauncher appLaunch(app);
366
367                 // multiuser detected -> rules removed
368                 app.checkSmackPrivileges({}, {PRIV_INTERNET});
369             }
370             app.checkSmackPrivileges({}, {PRIV_INTERNET});
371         }
372         app.checkSmackPrivileges({}, {PRIV_INTERNET});
373
374         // owner launch
375         {
376             app.setUidGid(OWNER_ID);
377             ScopedAppLauncher appLaunch(app);
378
379             // rules restored
380             app.checkSmackPrivileges({PRIV_INTERNET}, {});
381         }
382     }
383     app.checkAfterUninstall();
384     app.checkSmackPrivileges({}, {PRIV_INTERNET});
385 }
386
387 RUNNER_CHILD_TEST(smack_privileges_80_uninstall_local_while_running, InternetOnlySetup)
388 {
389     AppInstallHelperExt app("sm_test_sp_80_app");
390     app.addPrivileges({PRIV_INTERNET});
391     {
392         // global install
393         ScopedInstaller appInstall1(app);
394         app.checkAfterInstall();
395
396         app.checkSmackPrivileges({}, {PRIV_INTERNET});
397
398         // local install
399         AppInstallHelperExt app2("sm_test_sp_80_app", OWNER_ID);
400         auto appInstall2 = std::make_unique<ScopedInstaller>(app2);
401         app2.checkAfterInstall();
402
403         // global launch
404         ScopedAppLauncher appLaunch(app);
405         app.checkSmackPrivileges({PRIV_INTERNET}, {});
406
407         // local uninstall
408         appInstall2.reset();
409
410         app.checkSmackPrivileges({PRIV_INTERNET}, {});
411     }
412     app.checkAfterUninstall();
413     app.checkSmackPrivileges({}, {PRIV_INTERNET});
414 }
415
416 RUNNER_CHILD_TEST(smack_privileges_90_user_removal, InternetOnlySetup)
417 {
418     TemporaryTestUser testUser("sm_test_90_user_name", GUM_USERTYPE_NORMAL, true);
419     testUser.create();
420
421     AppInstallHelperExt app("sm_test_sp_90_app", testUser.getUid());
422     app.addPrivileges({PRIV_INTERNET});
423     {
424         // local install
425         ScopedInstaller appInstall(app);
426         app.checkAfterInstall();
427
428         app.checkSmackPrivileges({}, {PRIV_INTERNET});
429
430         // local launch
431         {
432             ScopedAppLauncher appLaunch(app);
433             app.checkSmackPrivileges({PRIV_INTERNET}, {});
434         }
435
436         app.checkSmackPrivileges({PRIV_INTERNET}, {});
437
438         // user removal
439         testUser.remove();
440
441         app.checkAfterUninstall();
442         app.checkSmackPrivileges({}, {PRIV_INTERNET});
443     }
444 }
445
446 RUNNER_CHILD_TEST(smack_privileges_100_hybrid_app, InternetOnlySetup)
447 {
448     AppInstallHelperExt app("sm_test_sp_100_app");
449     app.addPrivileges({PRIV_INTERNET});
450     app.setHybrid();
451     {
452         ScopedInstaller appInstall(app);
453         app.checkAfterInstall();
454
455         app.checkSmackPrivileges({}, {PRIV_INTERNET});
456
457         // launch
458         {
459             ScopedAppLauncher appLaunch(app);
460             app.checkSmackPrivileges({PRIV_INTERNET}, {});
461         }
462
463         app.checkSmackPrivileges({PRIV_INTERNET}, {});
464     }
465     app.checkAfterUninstall();
466     app.checkSmackPrivileges({}, {PRIV_INTERNET});
467 }
468
469 RUNNER_CHILD_TEST(smack_privileges_110_hybridity_change, InternetOnlySetup)
470 {
471     AppInstallHelperExt app("sm_test_sp_110_app");
472     app.addPrivileges({PRIV_INTERNET});
473     {
474         ScopedInstaller appInstall(app);
475         app.checkAfterInstall();
476
477         app.checkSmackPrivileges({}, {PRIV_INTERNET});
478
479         // launch
480         {
481             ScopedAppLauncher appLaunch(app);
482             app.checkSmackPrivileges({PRIV_INTERNET}, {});
483         }
484
485         app.checkSmackPrivileges({PRIV_INTERNET}, {});
486
487         app.setHybrid();
488
489         // make it hybrid
490         InstallRequest request;
491         request.setAppId(app.getAppId());
492         request.setPkgId(app.getPkgId());
493         request.setUid(app.getUID());
494         request.setHybrid();
495         for (const auto &priv: app.getPrivileges()) {
496             request.addPrivilege(priv);
497         }
498         Api::update(request);
499
500         app.checkSmackPrivileges({}, {PRIV_INTERNET});
501
502         // launch
503         {
504             ScopedAppLauncher appLaunch(app);
505             app.checkSmackPrivileges({PRIV_INTERNET}, {});
506         }
507
508         app.checkSmackPrivileges({PRIV_INTERNET}, {});
509     }
510     app.checkAfterUninstall();
511     app.checkSmackPrivileges({}, {PRIV_INTERNET});
512 }
513
514 RUNNER_CHILD_TEST(smack_privileges_120_policy_change_while_running, InternetOnlySetup)
515 {
516     TemporaryTestUser testUser("sm_test_120_user_name", GUM_USERTYPE_NORMAL, true);
517     testUser.create();
518
519     AppInstallHelperExt app("sm_test_sp_120_app", testUser.getUid());
520     app.addPrivileges({PRIV_INTERNET});
521     {
522         ScopedInstaller appInstall(app);
523         app.checkAfterInstall();
524
525         app.checkSmackPrivileges({}, {PRIV_INTERNET});
526
527         // launch
528         {
529             ScopedAppLauncher appLaunch(app);
530             app.checkSmackPrivileges({PRIV_INTERNET}, {});
531
532             // change policy
533             changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
534
535             app.checkSmackPrivileges({}, {PRIV_INTERNET});
536
537             // change policy
538             changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
539
540             app.checkSmackPrivileges({PRIV_INTERNET}, {});
541         }
542         app.checkSmackPrivileges({PRIV_INTERNET}, {});
543     }
544     app.checkAfterUninstall();
545     app.checkSmackPrivileges({}, {PRIV_INTERNET});
546 }
547
548 RUNNER_CHILD_TEST(smack_privileges_130_different_users_and_policies, InternetOnlySetup)
549 {
550     TemporaryTestUser testUser("sm_test_130_user_name", GUM_USERTYPE_NORMAL, true);
551     testUser.create();
552
553     AppInstallHelperExt app("sm_test_sp_130_app");
554     app.addPrivileges({PRIV_INTERNET});
555     {
556         // global install
557         ScopedInstaller appInstall(app);
558         app.checkAfterInstall();
559
560         app.checkSmackPrivileges({}, {PRIV_INTERNET});
561
562         // test user launch with denied policy
563         {
564             app.setUidGid(testUser.getUid());
565             changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
566             ScopedAppLauncher appLaunch(app);
567             app.checkSmackPrivileges({}, {PRIV_INTERNET});
568         }
569
570         app.checkSmackPrivileges({}, {PRIV_INTERNET});
571
572         // owner launch
573         {
574             app.setUidGid(OWNER_ID);
575             ScopedAppLauncher appLaunch(app);
576             app.checkSmackPrivileges({PRIV_INTERNET}, {});
577         }
578
579         app.checkSmackPrivileges({PRIV_INTERNET}, {});
580     }
581     app.checkAfterUninstall();
582     app.checkSmackPrivileges({}, {PRIV_INTERNET});
583 }
584
585 RUNNER_CHILD_TEST(smack_privileges_140_two_users_sequence, InternetOnlySetup)
586 {
587     TemporaryTestUser testUser("sm_test_140_user_name", GUM_USERTYPE_NORMAL, true);
588     testUser.create();
589
590     AppInstallHelperExt app("sm_test_sp_140_app");
591     app.addPrivileges({PRIV_INTERNET});
592     {
593         // global install
594         ScopedInstaller appInstall(app);
595         app.checkAfterInstall();
596         app.checkSmackPrivileges({}, {PRIV_INTERNET});
597         {
598             // owner launch -> allowed
599             app.setUidGid(OWNER_ID);
600             ScopedAppLauncher appLaunch1(app);
601             app.checkSmackPrivileges({PRIV_INTERNET}, {});
602             {
603                 // test user launch -> denied
604                 app.setUidGid(testUser.getUid());
605                 ScopedAppLauncher appLaunch2(app);
606                 app.checkSmackPrivileges({}, {PRIV_INTERNET});
607
608                 // owner launch -> denied
609                 app.setUidGid(OWNER_ID);
610                 ScopedAppLauncher appLaunch3(app);
611                 app.checkSmackPrivileges({}, {PRIV_INTERNET});
612             }
613             // test user launch -> still denied
614             app.setUidGid(testUser.getUid());
615             ScopedAppLauncher appLaunch4(app);
616             app.checkSmackPrivileges({}, {PRIV_INTERNET});
617         }
618
619         // test user launch -> allowed
620         app.setUidGid(testUser.getUid());
621         ScopedAppLauncher appLaunch5(app);
622         app.checkSmackPrivileges({PRIV_INTERNET}, {});
623     }
624     app.checkAfterUninstall();
625     app.checkSmackPrivileges({}, {PRIV_INTERNET});
626 }
627
628 RUNNER_CHILD_TEST(smack_privileges_150_independent_apps, InternetOnlySetup)
629 {
630     TemporaryTestUser testUser("sm_test_150_user_name", GUM_USERTYPE_NORMAL, true);
631     testUser.create();
632
633     AppInstallHelperExt app1("sm_test_sp_150_app1", testUser.getUid());
634     AppInstallHelperExt app2("sm_test_sp_150_app2", testUser.getUid());
635     app1.addPrivileges({PRIV_INTERNET});
636     {
637         ScopedInstaller appInstall1(app1);
638         ScopedInstaller appInstall2(app2);
639
640         app1.checkAfterInstall();
641         app2.checkAfterInstall();
642
643         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
644         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
645
646         // launch
647         {
648             ScopedAppLauncher appLaunch1(app1);
649             ScopedAppLauncher appLaunch2(app2);
650
651             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
652             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
653         }
654     }
655     app1.checkAfterUninstall();
656     app2.checkAfterUninstall();
657     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
658     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
659 }
660
661 RUNNER_CHILD_TEST(smack_privileges_160_nonhybrid_package, InternetOnlySetup)
662 {
663     TemporaryTestUser testUser("sm_test_160_user_name", GUM_USERTYPE_NORMAL, true);
664     testUser.create();
665
666     constexpr char pkgPrefix[] = "sm_test_sp_160_pkg";
667
668     AppInstallHelperExt app1("sm_test_sp_160_app1", pkgPrefix, testUser.getUid());
669     app1.addPrivileges({PRIV_INTERNET});
670
671     AppInstallHelperExt app2("sm_test_sp_160_app2", pkgPrefix, testUser.getUid());
672     app2.addPrivileges({PRIV_INTERNET});
673     {
674         ScopedInstaller appInstall1(app1);
675         ScopedInstaller appInstall2(app2);
676
677         app1.checkAfterInstall();
678         app2.checkAfterInstall();
679
680         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
681         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
682
683         // launch
684         {
685             ScopedAppLauncher appLaunch1(app1);
686             ScopedAppLauncher appLaunch2(app2);
687
688             // both have access in non-hybrid package
689             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
690             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
691
692             // change policy of single app
693             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
694
695             // both should lose the access
696             app1.checkSmackPrivileges({}, {PRIV_INTERNET});
697             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
698
699             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
700
701             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
702             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
703         }
704     }
705     app1.checkAfterUninstall();
706     app2.checkAfterUninstall();
707     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
708     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
709 }
710
711
712 RUNNER_CHILD_TEST(smack_privileges_170_hybrid_package, InternetOnlySetup)
713 {
714     TemporaryTestUser testUser("sm_test_170_user_name", GUM_USERTYPE_NORMAL, true);
715     testUser.create();
716
717     constexpr char pkgPrefix[] = "sm_test_sp_170_pkg";
718
719     AppInstallHelperExt app1("sm_test_sp_170_app1", pkgPrefix, testUser.getUid());
720     app1.addPrivileges({PRIV_INTERNET});
721     app1.setHybrid();
722
723     AppInstallHelperExt app2("sm_test_sp_170_app2", pkgPrefix, testUser.getUid());
724     app2.setHybrid();
725     {
726         ScopedInstaller appInstall1(app1);
727         ScopedInstaller appInstall2(app2);
728
729         app1.checkAfterInstall();
730         app2.checkAfterInstall();
731
732         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
733         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
734
735         // launch
736         {
737             ScopedAppLauncher appLaunch1(app1);
738             ScopedAppLauncher appLaunch2(app2);
739
740             // only one have access in a hybrid package
741             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
742             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
743
744             // change policy of single app
745             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
746
747             // both should have no access
748             app1.checkSmackPrivileges({}, {PRIV_INTERNET});
749             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
750
751             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
752
753             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
754             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
755         }
756     }
757     app1.checkAfterUninstall();
758     app2.checkAfterUninstall();
759     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
760     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
761 }
762
763 RUNNER_CHILD_TEST(smack_privileges_180_hybrid_package_both_apps_privileged, InternetOnlySetup)
764 {
765     TemporaryTestUser testUser("sm_test_180_user_name", GUM_USERTYPE_NORMAL, true);
766     testUser.create();
767
768     constexpr char pkgPrefix[] = "sm_test_sp_180_pkg";
769
770     AppInstallHelperExt app1("sm_test_sp_180_app1", pkgPrefix, testUser.getUid());
771     app1.addPrivileges({PRIV_INTERNET});
772     app1.setHybrid();
773
774     AppInstallHelperExt app2("sm_test_sp_180_app2", pkgPrefix, testUser.getUid());
775     app2.addPrivileges({PRIV_INTERNET});
776     app2.setHybrid();
777     {
778         ScopedInstaller appInstall1(app1);
779         ScopedInstaller appInstall2(app2);
780
781         app1.checkAfterInstall();
782         app2.checkAfterInstall();
783
784         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
785         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
786
787         // launch
788         {
789             ScopedAppLauncher appLaunch1(app1);
790             ScopedAppLauncher appLaunch2(app2);
791
792             // only one have access in a hybrid package
793             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
794             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
795
796             // change policy of single app
797             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
798
799             // both should have no access
800             app1.checkSmackPrivileges({}, {PRIV_INTERNET});
801             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
802
803             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
804
805             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
806             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
807         }
808     }
809     app1.checkAfterUninstall();
810     app2.checkAfterUninstall();
811     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
812     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
813 }
814
815 // TODO custom smack privileges
Domain: Security / Uncategorized;