2 * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
21 #include <boost/filesystem.hpp>
23 #include <tzplatform_config.h>
25 #include <dpl/test/test_runner.h>
26 #include <dpl/test/test_runner_child.h>
28 #include <scoped_installer.h>
29 #include <scoped_app_launcher.h>
30 #include <temp_test_user.h>
31 #include <app_install_helper_ext.h>
32 #include <sm_policy_request.h>
33 #include <privilege_names.h>
34 #include <sm_commons.h>
35 #include <service_manager.h>
37 using namespace SecurityManagerTest;
38 using namespace PrivilegeNames;
42 namespace fs = boost::filesystem;
44 const uid_t OWNER_ID = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
46 const fs::path TEST_SETUP_PATH = SM_TEST_DIR "/smack-privileges";
47 const fs::path BACKUP_SETUP_PATH = TEST_SETUP_PATH / "backup";
49 constexpr char SM_POLICY_PATH[] = "/usr/share/security-manager/policy";
50 constexpr char SM_SMACK_PRIV_MAPPING_SUBDIR[] = "/privilege-mapping";
51 constexpr char SM_SMACK_PRIV_CONFIG[] = "privilege-smack.list";
53 void changePolicy(const AppInstallHelper& app, const std::string& priv, const std::string &level) {
54 PolicyRequest policyRequest;
55 PolicyEntry entry(app.getAppId(), std::to_string(app.getUID()), priv);
56 entry.setLevel(level);
57 policyRequest.addEntry(entry);
58 Api::sendPolicy(policyRequest);
61 enum class SmackPrivSetup {
65 // TODO test other configurations
68 // This is to ensure that original security-manager policy is restored after the group is finished
69 class SmackPrivGroupEnv final : public DPL::Test::TestGroup {
71 class SmackPrivSetupMgr final {
74 m_currentSetup(SmackPrivSetup::ORIGINAL),
75 m_serviceManager("security-manager.service"),
76 m_setupMap({{ SmackPrivSetup::EMPTY, "empty" },
77 { SmackPrivSetup::INTERNET_ONLY, "internet-only" }})
80 SmackPrivSetupMgr(const SmackPrivSetupMgr&) = delete;
81 SmackPrivSetupMgr& operator=(const SmackPrivSetupMgr&) = delete;
85 if (m_currentSetup != SmackPrivSetup::ORIGINAL) {
87 copySetup(BACKUP_SETUP_PATH, SM_POLICY_PATH);
89 m_serviceManager.restartService();
91 RUNNER_ERROR_MSG("Unknown exception occurred during backup restore.");
96 void install(SmackPrivSetup setup)
98 if (setup == m_currentSetup)
102 if (m_currentSetup == SmackPrivSetup::ORIGINAL)
103 copySetup(SM_POLICY_PATH, BACKUP_SETUP_PATH);
105 copySetup(TEST_SETUP_PATH / m_setupMap.at(setup), SM_POLICY_PATH);
106 m_currentSetup = setup;
109 m_serviceManager.restartService();
113 void copySetup(const boost::filesystem::path& src, const boost::filesystem::path& dst)
115 const auto srcConfig = src / SM_SMACK_PRIV_CONFIG;
116 const auto dstConfig = dst / SM_SMACK_PRIV_CONFIG;
117 const auto srcMappingSubdir = src / SM_SMACK_PRIV_MAPPING_SUBDIR;
118 const auto dstMappingSubdir = dst / SM_SMACK_PRIV_MAPPING_SUBDIR;
121 fs::remove(dstConfig);
122 fs::remove_all(dstMappingSubdir);
125 if (fs::exists(srcConfig))
126 fs::copy_file(srcConfig, dstConfig);
128 if (fs::exists(srcMappingSubdir)) {
129 fs::create_directory(dstMappingSubdir);
130 for (const auto& e: fs::recursive_directory_iterator(srcMappingSubdir))
131 fs::copy(e.path(), dstMappingSubdir / fs::relative(e.path(), srcMappingSubdir));
135 SmackPrivSetup m_currentSetup;
136 ServiceManager m_serviceManager;
137 const std::map<SmackPrivSetup, std::string> m_setupMap;
140 static SmackPrivSetupMgr* m_setupMgr;
143 void Init() override {
146 m_setupMgr = new SmackPrivSetupMgr();
149 static void Install(SmackPrivSetup setup)
153 m_setupMgr->install(setup);
156 void Finish() override {
160 m_setupMgr = nullptr;
164 SmackPrivGroupEnv::SmackPrivSetupMgr* SmackPrivGroupEnv::m_setupMgr = nullptr;
166 template<SmackPrivSetup T>
170 void init(const std::string &) {
171 SmackPrivGroupEnv::Install(T);
176 typedef TestSetup<SmackPrivSetup::INTERNET_ONLY> InternetOnlySetup;
178 } // namespace anonymous
180 RUNNER_TEST_GROUP_INIT_ENV(SECURITY_MANAGER_SMACK_PRIVILEGES, SmackPrivGroupEnv)
182 RUNNER_CHILD_TEST(smack_privileges_10_no_privileges, InternetOnlySetup)
184 AppInstallHelperExt app("sm_test_sp_10_app");
186 ScopedInstaller appInstall(app);
187 app.checkAfterInstall();
188 app.checkDeniedPrivileges({PRIV_INTERNET});
189 app.checkSmackPrivileges({}, {PRIV_INTERNET});
191 ScopedAppLauncher appLaunch(app);
192 app.checkSmackPrivileges({}, {PRIV_INTERNET});
195 app.checkAfterUninstall();
198 RUNNER_CHILD_TEST(smack_privileges_20_internet_privilege, InternetOnlySetup)
200 AppInstallHelperExt app("sm_test_sp_20_app");
201 app.addPrivileges({PRIV_INTERNET});
203 ScopedInstaller appInstall(app);
204 app.checkAfterInstall();
206 // rules absent before app is launched
207 app.checkSmackPrivileges({}, {PRIV_INTERNET});
209 ScopedAppLauncher appLaunch(app);
210 app.checkSmackPrivileges({PRIV_INTERNET}, {});
212 // rules present after app is terminated
213 app.checkSmackPrivileges({PRIV_INTERNET}, {});
215 app.checkAfterUninstall();
216 // rules removed after app uninstallation
217 app.checkSmackPrivileges({}, {PRIV_INTERNET});
220 RUNNER_CHILD_TEST(smack_privileges_30_one_after_another, InternetOnlySetup)
222 AppInstallHelperExt app("sm_test_sp_30_app");
223 app.addPrivileges({PRIV_INTERNET});
225 ScopedInstaller appInstall(app);
226 app.checkAfterInstall();
228 // rules absent before app is launched
229 app.checkSmackPrivileges({}, {PRIV_INTERNET});
231 ScopedAppLauncher appLaunch(app);
232 app.checkSmackPrivileges({PRIV_INTERNET}, {});
234 // rules present after app is terminated
235 app.checkSmackPrivileges({PRIV_INTERNET}, {});
238 ScopedAppLauncher appLaunch(app);
239 app.checkSmackPrivileges({PRIV_INTERNET}, {});
241 // rules present after app is terminated
242 app.checkSmackPrivileges({PRIV_INTERNET}, {});
244 app.checkAfterUninstall();
245 // rules removed after app uninstallation
246 app.checkSmackPrivileges({}, {PRIV_INTERNET});
249 RUNNER_CHILD_TEST(smack_privileges_40_different_users_one_after_another, InternetOnlySetup)
251 TemporaryTestUser testUser("sm_test_40_user_name", GUM_USERTYPE_NORMAL, true);
254 AppInstallHelperExt app("sm_test_sp_40_app");
255 app.addPrivileges({PRIV_INTERNET});
258 ScopedInstaller appInstall(app);
259 app.checkAfterInstall();
261 app.checkSmackPrivileges({}, {PRIV_INTERNET});
265 app.setUidGid(OWNER_ID);
266 ScopedAppLauncher appLaunch(app);
267 app.checkSmackPrivileges({PRIV_INTERNET}, {});
270 app.checkSmackPrivileges({PRIV_INTERNET}, {});
274 app.setUidGid(testUser.getUid());
275 ScopedAppLauncher appLaunch(app);
276 app.checkSmackPrivileges({PRIV_INTERNET}, {});
279 app.checkSmackPrivileges({PRIV_INTERNET}, {});
281 app.checkAfterUninstall();
282 app.checkSmackPrivileges({}, {PRIV_INTERNET});
285 RUNNER_CHILD_TEST(smack_privileges_50_same_user_simultaneously, InternetOnlySetup)
287 AppInstallHelperExt app("sm_test_sp_50_app", OWNER_ID);
288 app.addPrivileges({PRIV_INTERNET});
290 ScopedInstaller appInstall(app);
291 app.checkAfterInstall();
293 app.checkSmackPrivileges({}, {PRIV_INTERNET});
295 ScopedAppLauncher appLaunch1(app);
296 app.checkSmackPrivileges({PRIV_INTERNET}, {});
298 ScopedAppLauncher appLaunch2(app);
299 app.checkSmackPrivileges({PRIV_INTERNET}, {});
301 app.checkSmackPrivileges({PRIV_INTERNET}, {});
303 app.checkSmackPrivileges({PRIV_INTERNET}, {});
305 app.checkAfterUninstall();
306 app.checkSmackPrivileges({}, {PRIV_INTERNET});
309 RUNNER_CHILD_TEST(smack_privileges_60_same_user_interchangeably, InternetOnlySetup)
311 AppInstallHelperExt app("sm_test_sp_60_app", OWNER_ID);
312 app.addPrivileges({PRIV_INTERNET});
315 ScopedInstaller appInstall(app);
316 app.checkAfterInstall();
318 app.checkSmackPrivileges({}, {PRIV_INTERNET});
321 auto appLaunch1 = std::make_unique<ScopedAppLauncher>(app);
323 app.checkSmackPrivileges({PRIV_INTERNET}, {});
326 auto appLaunch2 = std::make_unique<ScopedAppLauncher>(app);
328 app.checkSmackPrivileges({PRIV_INTERNET}, {});
333 app.checkSmackPrivileges({PRIV_INTERNET}, {});
338 app.checkAfterUninstall();
339 app.checkSmackPrivileges({}, {PRIV_INTERNET});
342 RUNNER_CHILD_TEST(smack_privileges_70_different_users_simultaneously, InternetOnlySetup)
344 TemporaryTestUser testUser("sm_test_70_user_name", GUM_USERTYPE_NORMAL, true);
347 AppInstallHelperExt app("sm_test_sp_70_app");
348 app.addPrivileges({PRIV_INTERNET});
351 ScopedInstaller appInstall(app);
352 app.checkAfterInstall();
354 app.checkSmackPrivileges({}, {PRIV_INTERNET});
358 app.setUidGid(OWNER_ID);
359 ScopedAppLauncher appLaunch(app);
360 app.checkSmackPrivileges({PRIV_INTERNET}, {});
364 app.setUidGid(testUser.getUid());
365 ScopedAppLauncher appLaunch(app);
367 // multiuser detected -> rules removed
368 app.checkSmackPrivileges({}, {PRIV_INTERNET});
370 app.checkSmackPrivileges({}, {PRIV_INTERNET});
372 app.checkSmackPrivileges({}, {PRIV_INTERNET});
376 app.setUidGid(OWNER_ID);
377 ScopedAppLauncher appLaunch(app);
380 app.checkSmackPrivileges({PRIV_INTERNET}, {});
383 app.checkAfterUninstall();
384 app.checkSmackPrivileges({}, {PRIV_INTERNET});
387 RUNNER_CHILD_TEST(smack_privileges_80_uninstall_local_while_running, InternetOnlySetup)
389 AppInstallHelperExt app("sm_test_sp_80_app");
390 app.addPrivileges({PRIV_INTERNET});
393 ScopedInstaller appInstall1(app);
394 app.checkAfterInstall();
396 app.checkSmackPrivileges({}, {PRIV_INTERNET});
399 AppInstallHelperExt app2("sm_test_sp_80_app", OWNER_ID);
400 auto appInstall2 = std::make_unique<ScopedInstaller>(app2);
401 app2.checkAfterInstall();
404 ScopedAppLauncher appLaunch(app);
405 app.checkSmackPrivileges({PRIV_INTERNET}, {});
410 app.checkSmackPrivileges({PRIV_INTERNET}, {});
412 app.checkAfterUninstall();
413 app.checkSmackPrivileges({}, {PRIV_INTERNET});
416 RUNNER_CHILD_TEST(smack_privileges_90_user_removal, InternetOnlySetup)
418 TemporaryTestUser testUser("sm_test_90_user_name", GUM_USERTYPE_NORMAL, true);
421 AppInstallHelperExt app("sm_test_sp_90_app", testUser.getUid());
422 app.addPrivileges({PRIV_INTERNET});
425 ScopedInstaller appInstall(app);
426 app.checkAfterInstall();
428 app.checkSmackPrivileges({}, {PRIV_INTERNET});
432 ScopedAppLauncher appLaunch(app);
433 app.checkSmackPrivileges({PRIV_INTERNET}, {});
436 app.checkSmackPrivileges({PRIV_INTERNET}, {});
441 app.checkAfterUninstall();
442 app.checkSmackPrivileges({}, {PRIV_INTERNET});
446 RUNNER_CHILD_TEST(smack_privileges_100_hybrid_app, InternetOnlySetup)
448 AppInstallHelperExt app("sm_test_sp_100_app");
449 app.addPrivileges({PRIV_INTERNET});
452 ScopedInstaller appInstall(app);
453 app.checkAfterInstall();
455 app.checkSmackPrivileges({}, {PRIV_INTERNET});
459 ScopedAppLauncher appLaunch(app);
460 app.checkSmackPrivileges({PRIV_INTERNET}, {});
463 app.checkSmackPrivileges({PRIV_INTERNET}, {});
465 app.checkAfterUninstall();
466 app.checkSmackPrivileges({}, {PRIV_INTERNET});
469 RUNNER_CHILD_TEST(smack_privileges_110_hybridity_change, InternetOnlySetup)
471 AppInstallHelperExt app("sm_test_sp_110_app");
472 app.addPrivileges({PRIV_INTERNET});
474 ScopedInstaller appInstall(app);
475 app.checkAfterInstall();
477 app.checkSmackPrivileges({}, {PRIV_INTERNET});
481 ScopedAppLauncher appLaunch(app);
482 app.checkSmackPrivileges({PRIV_INTERNET}, {});
485 app.checkSmackPrivileges({PRIV_INTERNET}, {});
490 InstallRequest request;
491 request.setAppId(app.getAppId());
492 request.setPkgId(app.getPkgId());
493 request.setUid(app.getUID());
495 for (const auto &priv: app.getPrivileges()) {
496 request.addPrivilege(priv);
498 Api::update(request);
500 app.checkSmackPrivileges({}, {PRIV_INTERNET});
504 ScopedAppLauncher appLaunch(app);
505 app.checkSmackPrivileges({PRIV_INTERNET}, {});
508 app.checkSmackPrivileges({PRIV_INTERNET}, {});
510 app.checkAfterUninstall();
511 app.checkSmackPrivileges({}, {PRIV_INTERNET});
514 RUNNER_CHILD_TEST(smack_privileges_120_policy_change_while_running, InternetOnlySetup)
516 TemporaryTestUser testUser("sm_test_120_user_name", GUM_USERTYPE_NORMAL, true);
519 AppInstallHelperExt app("sm_test_sp_120_app", testUser.getUid());
520 app.addPrivileges({PRIV_INTERNET});
522 ScopedInstaller appInstall(app);
523 app.checkAfterInstall();
525 app.checkSmackPrivileges({}, {PRIV_INTERNET});
529 ScopedAppLauncher appLaunch(app);
530 app.checkSmackPrivileges({PRIV_INTERNET}, {});
533 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
535 app.checkSmackPrivileges({}, {PRIV_INTERNET});
538 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
540 app.checkSmackPrivileges({PRIV_INTERNET}, {});
542 app.checkSmackPrivileges({PRIV_INTERNET}, {});
544 app.checkAfterUninstall();
545 app.checkSmackPrivileges({}, {PRIV_INTERNET});
548 RUNNER_CHILD_TEST(smack_privileges_130_different_users_and_policies, InternetOnlySetup)
550 TemporaryTestUser testUser("sm_test_130_user_name", GUM_USERTYPE_NORMAL, true);
553 AppInstallHelperExt app("sm_test_sp_130_app");
554 app.addPrivileges({PRIV_INTERNET});
557 ScopedInstaller appInstall(app);
558 app.checkAfterInstall();
560 app.checkSmackPrivileges({}, {PRIV_INTERNET});
562 // test user launch with denied policy
564 app.setUidGid(testUser.getUid());
565 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
566 ScopedAppLauncher appLaunch(app);
567 app.checkSmackPrivileges({}, {PRIV_INTERNET});
570 app.checkSmackPrivileges({}, {PRIV_INTERNET});
574 app.setUidGid(OWNER_ID);
575 ScopedAppLauncher appLaunch(app);
576 app.checkSmackPrivileges({PRIV_INTERNET}, {});
579 app.checkSmackPrivileges({PRIV_INTERNET}, {});
581 app.checkAfterUninstall();
582 app.checkSmackPrivileges({}, {PRIV_INTERNET});
585 RUNNER_CHILD_TEST(smack_privileges_140_two_users_sequence, InternetOnlySetup)
587 TemporaryTestUser testUser("sm_test_140_user_name", GUM_USERTYPE_NORMAL, true);
590 AppInstallHelperExt app("sm_test_sp_140_app");
591 app.addPrivileges({PRIV_INTERNET});
594 ScopedInstaller appInstall(app);
595 app.checkAfterInstall();
596 app.checkSmackPrivileges({}, {PRIV_INTERNET});
598 // owner launch -> allowed
599 app.setUidGid(OWNER_ID);
600 ScopedAppLauncher appLaunch1(app);
601 app.checkSmackPrivileges({PRIV_INTERNET}, {});
603 // test user launch -> denied
604 app.setUidGid(testUser.getUid());
605 ScopedAppLauncher appLaunch2(app);
606 app.checkSmackPrivileges({}, {PRIV_INTERNET});
608 // owner launch -> denied
609 app.setUidGid(OWNER_ID);
610 ScopedAppLauncher appLaunch3(app);
611 app.checkSmackPrivileges({}, {PRIV_INTERNET});
613 // test user launch -> still denied
614 app.setUidGid(testUser.getUid());
615 ScopedAppLauncher appLaunch4(app);
616 app.checkSmackPrivileges({}, {PRIV_INTERNET});
619 // test user launch -> allowed
620 app.setUidGid(testUser.getUid());
621 ScopedAppLauncher appLaunch5(app);
622 app.checkSmackPrivileges({PRIV_INTERNET}, {});
624 app.checkAfterUninstall();
625 app.checkSmackPrivileges({}, {PRIV_INTERNET});
628 RUNNER_CHILD_TEST(smack_privileges_150_independent_apps, InternetOnlySetup)
630 TemporaryTestUser testUser("sm_test_150_user_name", GUM_USERTYPE_NORMAL, true);
633 AppInstallHelperExt app1("sm_test_sp_150_app1", testUser.getUid());
634 AppInstallHelperExt app2("sm_test_sp_150_app2", testUser.getUid());
635 app1.addPrivileges({PRIV_INTERNET});
637 ScopedInstaller appInstall1(app1);
638 ScopedInstaller appInstall2(app2);
640 app1.checkAfterInstall();
641 app2.checkAfterInstall();
643 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
644 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
648 ScopedAppLauncher appLaunch1(app1);
649 ScopedAppLauncher appLaunch2(app2);
651 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
652 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
655 app1.checkAfterUninstall();
656 app2.checkAfterUninstall();
657 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
658 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
661 RUNNER_CHILD_TEST(smack_privileges_160_nonhybrid_package, InternetOnlySetup)
663 TemporaryTestUser testUser("sm_test_160_user_name", GUM_USERTYPE_NORMAL, true);
666 constexpr char pkgPrefix[] = "sm_test_sp_160_pkg";
668 AppInstallHelperExt app1("sm_test_sp_160_app1", pkgPrefix, testUser.getUid());
669 app1.addPrivileges({PRIV_INTERNET});
671 AppInstallHelperExt app2("sm_test_sp_160_app2", pkgPrefix, testUser.getUid());
672 app2.addPrivileges({PRIV_INTERNET});
674 ScopedInstaller appInstall1(app1);
675 ScopedInstaller appInstall2(app2);
677 app1.checkAfterInstall();
678 app2.checkAfterInstall();
680 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
681 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
685 ScopedAppLauncher appLaunch1(app1);
686 ScopedAppLauncher appLaunch2(app2);
688 // both have access in non-hybrid package
689 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
690 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
692 // change policy of single app
693 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
695 // both should lose the access
696 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
697 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
699 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
701 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
702 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
705 app1.checkAfterUninstall();
706 app2.checkAfterUninstall();
707 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
708 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
712 RUNNER_CHILD_TEST(smack_privileges_170_hybrid_package, InternetOnlySetup)
714 TemporaryTestUser testUser("sm_test_170_user_name", GUM_USERTYPE_NORMAL, true);
717 constexpr char pkgPrefix[] = "sm_test_sp_170_pkg";
719 AppInstallHelperExt app1("sm_test_sp_170_app1", pkgPrefix, testUser.getUid());
720 app1.addPrivileges({PRIV_INTERNET});
723 AppInstallHelperExt app2("sm_test_sp_170_app2", pkgPrefix, testUser.getUid());
726 ScopedInstaller appInstall1(app1);
727 ScopedInstaller appInstall2(app2);
729 app1.checkAfterInstall();
730 app2.checkAfterInstall();
732 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
733 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
737 ScopedAppLauncher appLaunch1(app1);
738 ScopedAppLauncher appLaunch2(app2);
740 // only one have access in a hybrid package
741 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
742 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
744 // change policy of single app
745 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
747 // both should have no access
748 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
749 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
751 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
753 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
754 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
757 app1.checkAfterUninstall();
758 app2.checkAfterUninstall();
759 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
760 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
763 RUNNER_CHILD_TEST(smack_privileges_180_hybrid_package_both_apps_privileged, InternetOnlySetup)
765 TemporaryTestUser testUser("sm_test_180_user_name", GUM_USERTYPE_NORMAL, true);
768 constexpr char pkgPrefix[] = "sm_test_sp_180_pkg";
770 AppInstallHelperExt app1("sm_test_sp_180_app1", pkgPrefix, testUser.getUid());
771 app1.addPrivileges({PRIV_INTERNET});
774 AppInstallHelperExt app2("sm_test_sp_180_app2", pkgPrefix, testUser.getUid());
775 app2.addPrivileges({PRIV_INTERNET});
778 ScopedInstaller appInstall1(app1);
779 ScopedInstaller appInstall2(app2);
781 app1.checkAfterInstall();
782 app2.checkAfterInstall();
784 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
785 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
789 ScopedAppLauncher appLaunch1(app1);
790 ScopedAppLauncher appLaunch2(app2);
792 // only one have access in a hybrid package
793 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
794 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
796 // change policy of single app
797 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
799 // both should have no access
800 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
801 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
803 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
805 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
806 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
809 app1.checkAfterUninstall();
810 app2.checkAfterUninstall();
811 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
812 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
815 // TODO custom smack privileges