2 * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
21 #include <boost/filesystem.hpp>
23 #include <tzplatform_config.h>
25 #include <dpl/test/test_runner.h>
26 #include <dpl/test/test_runner_child.h>
28 #include <scoped_installer.h>
29 #include <scoped_app_launcher.h>
30 #include <temp_test_user.h>
31 #include <app_install_helper_ext.h>
32 #include <sm_policy_request.h>
33 #include <privilege_names.h>
34 #include <sm_commons.h>
35 #include <service_manager.h>
37 using namespace SecurityManagerTest;
38 using namespace PrivilegeNames;
42 namespace fs = boost::filesystem;
44 const uid_t OWNER_ID = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
46 const fs::path TEST_SETUP_PATH = SM_TEST_DIR "/smack-privileges";
47 const fs::path BACKUP_SETUP_PATH = TEST_SETUP_PATH / "backup";
49 constexpr char SM_POLICY_PATH[] = "/usr/share/security-manager/policy";
50 constexpr char SM_SMACK_PRIV_MAPPING_SUBDIR[] = "/privilege-mapping";
51 constexpr char SM_SMACK_PRIV_CONFIG[] = "privilege-smack.list";
53 void changePolicy(const AppInstallHelper& app, const std::string& priv, const std::string &level) {
54 PolicyRequest policyRequest;
55 PolicyEntry entry(app.getAppId(), std::to_string(app.getUID()), priv);
56 entry.setLevel(level);
57 policyRequest.addEntry(entry);
58 Api::sendPolicy(policyRequest);
61 enum class SmackPrivSetup {
65 // TODO test other configurations
68 // This is to ensure that original security-manager policy is restored after the group is finished
69 class SmackPrivGroupEnv final : public DPL::Test::TestGroup {
71 class SmackPrivSetupMgr final {
74 m_currentSetup(SmackPrivSetup::ORIGINAL),
75 m_serviceManager("security-manager.service"),
76 m_setupMap({{ SmackPrivSetup::EMPTY, "empty" },
77 { SmackPrivSetup::INTERNET_ONLY, "internet-only" }})
80 SmackPrivSetupMgr(const SmackPrivSetupMgr&) = delete;
81 SmackPrivSetupMgr& operator=(const SmackPrivSetupMgr&) = delete;
85 if (m_currentSetup != SmackPrivSetup::ORIGINAL) {
87 copySetup(BACKUP_SETUP_PATH, SM_POLICY_PATH);
89 m_serviceManager.restartService();
91 RUNNER_ERROR_MSG("Unknown exception occurred during backup restore.");
96 void install(SmackPrivSetup setup)
98 if (setup == m_currentSetup)
102 if (m_currentSetup == SmackPrivSetup::ORIGINAL)
103 copySetup(SM_POLICY_PATH, BACKUP_SETUP_PATH);
105 copySetup(TEST_SETUP_PATH / m_setupMap.at(setup), SM_POLICY_PATH);
106 m_currentSetup = setup;
109 m_serviceManager.restartService();
113 void copySetup(const boost::filesystem::path& src, const boost::filesystem::path& dst)
115 const auto srcConfig = src / SM_SMACK_PRIV_CONFIG;
116 const auto dstConfig = dst / SM_SMACK_PRIV_CONFIG;
117 const auto srcMappingSubdir = src / SM_SMACK_PRIV_MAPPING_SUBDIR;
118 const auto dstMappingSubdir = dst / SM_SMACK_PRIV_MAPPING_SUBDIR;
121 fs::remove(dstConfig);
122 fs::remove_all(dstMappingSubdir);
125 if (fs::exists(srcConfig))
126 fs::copy_file(srcConfig, dstConfig);
128 if (fs::exists(srcMappingSubdir)) {
129 fs::create_directory(dstMappingSubdir);
130 for (const auto& e: fs::recursive_directory_iterator(srcMappingSubdir))
131 fs::copy(e.path(), dstMappingSubdir / fs::relative(e.path(), srcMappingSubdir));
135 SmackPrivSetup m_currentSetup;
136 ServiceManager m_serviceManager;
137 const std::map<SmackPrivSetup, std::string> m_setupMap;
140 static std::unique_ptr<SmackPrivSetupMgr> m_setupMgr;
143 void Init() override {
146 m_setupMgr.reset(new SmackPrivSetupMgr());
149 static void Install(SmackPrivSetup setup)
153 m_setupMgr->install(setup);
156 void Finish() override {
163 std::unique_ptr<SmackPrivGroupEnv::SmackPrivSetupMgr> SmackPrivGroupEnv::m_setupMgr;
165 } // namespace anonymous
167 RUNNER_TEST_GROUP_INIT_ENV(SECURITY_MANAGER_SMACK_PRIVILEGES, SmackPrivGroupEnv)
169 RUNNER_CHILD_TEST(smack_privileges_10_no_privileges)
171 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
173 AppInstallHelperExt app("sm_test_sp_10_app");
175 ScopedInstaller appInstall(app);
176 app.checkAfterInstall();
177 app.checkDeniedPrivileges({PRIV_INTERNET});
178 app.checkSmackPrivileges({}, {PRIV_INTERNET});
180 ScopedAppLauncher appLaunch(app);
181 app.checkSmackPrivileges({}, {PRIV_INTERNET});
184 app.checkAfterUninstall();
187 RUNNER_CHILD_TEST(smack_privileges_20_internet_privilege)
189 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
191 AppInstallHelperExt app("sm_test_sp_20_app");
192 app.addPrivileges({PRIV_INTERNET});
194 ScopedInstaller appInstall(app);
195 app.checkAfterInstall();
197 // rules absent before app is launched
198 app.checkSmackPrivileges({}, {PRIV_INTERNET});
200 ScopedAppLauncher appLaunch(app);
201 app.checkSmackPrivileges({PRIV_INTERNET}, {});
203 // rules present after app is terminated
204 app.checkSmackPrivileges({PRIV_INTERNET}, {});
206 app.checkAfterUninstall();
207 // rules removed after app uninstallation
208 app.checkSmackPrivileges({}, {PRIV_INTERNET});
211 RUNNER_CHILD_TEST(smack_privileges_30_one_after_another)
213 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
215 AppInstallHelperExt app("sm_test_sp_30_app");
216 app.addPrivileges({PRIV_INTERNET});
218 ScopedInstaller appInstall(app);
219 app.checkAfterInstall();
221 // rules absent before app is launched
222 app.checkSmackPrivileges({}, {PRIV_INTERNET});
224 ScopedAppLauncher appLaunch(app);
225 app.checkSmackPrivileges({PRIV_INTERNET}, {});
227 // rules present after app is terminated
228 app.checkSmackPrivileges({PRIV_INTERNET}, {});
231 ScopedAppLauncher appLaunch(app);
232 app.checkSmackPrivileges({PRIV_INTERNET}, {});
234 // rules present after app is terminated
235 app.checkSmackPrivileges({PRIV_INTERNET}, {});
237 app.checkAfterUninstall();
238 // rules removed after app uninstallation
239 app.checkSmackPrivileges({}, {PRIV_INTERNET});
242 RUNNER_CHILD_TEST(smack_privileges_40_different_users_one_after_another)
244 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
246 TemporaryTestUser testUser("sm_test_40_user_name", GUM_USERTYPE_NORMAL, true);
249 AppInstallHelperExt app("sm_test_sp_40_app");
250 app.addPrivileges({PRIV_INTERNET});
253 ScopedInstaller appInstall(app);
254 app.checkAfterInstall();
256 app.checkSmackPrivileges({}, {PRIV_INTERNET});
260 app.setUidGid(OWNER_ID);
261 ScopedAppLauncher appLaunch(app);
262 app.checkSmackPrivileges({PRIV_INTERNET}, {});
265 app.checkSmackPrivileges({PRIV_INTERNET}, {});
269 app.setUidGid(testUser.getUid());
270 ScopedAppLauncher appLaunch(app);
271 app.checkSmackPrivileges({PRIV_INTERNET}, {});
274 app.checkSmackPrivileges({PRIV_INTERNET}, {});
276 app.checkAfterUninstall();
277 app.checkSmackPrivileges({}, {PRIV_INTERNET});
280 RUNNER_CHILD_TEST(smack_privileges_50_same_user_simultaneously)
282 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
284 AppInstallHelperExt app("sm_test_sp_50_app", OWNER_ID);
285 app.addPrivileges({PRIV_INTERNET});
287 ScopedInstaller appInstall(app);
288 app.checkAfterInstall();
290 app.checkSmackPrivileges({}, {PRIV_INTERNET});
292 ScopedAppLauncher appLaunch1(app);
293 app.checkSmackPrivileges({PRIV_INTERNET}, {});
295 ScopedAppLauncher appLaunch2(app);
296 app.checkSmackPrivileges({PRIV_INTERNET}, {});
298 app.checkSmackPrivileges({PRIV_INTERNET}, {});
300 app.checkSmackPrivileges({PRIV_INTERNET}, {});
302 app.checkAfterUninstall();
303 app.checkSmackPrivileges({}, {PRIV_INTERNET});
306 RUNNER_CHILD_TEST(smack_privileges_60_same_user_interchangeably)
308 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
310 AppInstallHelperExt app("sm_test_sp_60_app", OWNER_ID);
311 app.addPrivileges({PRIV_INTERNET});
314 ScopedInstaller appInstall(app);
315 app.checkAfterInstall();
317 app.checkSmackPrivileges({}, {PRIV_INTERNET});
320 auto appLaunch1 = std::make_unique<ScopedAppLauncher>(app);
322 app.checkSmackPrivileges({PRIV_INTERNET}, {});
325 auto appLaunch2 = std::make_unique<ScopedAppLauncher>(app);
327 app.checkSmackPrivileges({PRIV_INTERNET}, {});
332 app.checkSmackPrivileges({PRIV_INTERNET}, {});
337 app.checkAfterUninstall();
338 app.checkSmackPrivileges({}, {PRIV_INTERNET});
341 RUNNER_CHILD_TEST(smack_privileges_70_different_users_simultaneously)
343 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
345 TemporaryTestUser testUser("sm_test_70_user_name", GUM_USERTYPE_NORMAL, true);
348 AppInstallHelperExt app("sm_test_sp_70_app");
349 app.addPrivileges({PRIV_INTERNET});
352 ScopedInstaller appInstall(app);
353 app.checkAfterInstall();
355 app.checkSmackPrivileges({}, {PRIV_INTERNET});
359 app.setUidGid(OWNER_ID);
360 ScopedAppLauncher appLaunch(app);
361 app.checkSmackPrivileges({PRIV_INTERNET}, {});
365 app.setUidGid(testUser.getUid());
366 ScopedAppLauncher appLaunch(app);
368 // multiuser detected -> rules removed
369 app.checkSmackPrivileges({}, {PRIV_INTERNET});
371 app.checkSmackPrivileges({}, {PRIV_INTERNET});
373 app.checkSmackPrivileges({}, {PRIV_INTERNET});
377 app.setUidGid(OWNER_ID);
378 ScopedAppLauncher appLaunch(app);
381 app.checkSmackPrivileges({PRIV_INTERNET}, {});
384 app.checkAfterUninstall();
385 app.checkSmackPrivileges({}, {PRIV_INTERNET});
388 RUNNER_CHILD_TEST(smack_privileges_80_uninstall_local_while_running)
390 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
392 AppInstallHelperExt app("sm_test_sp_80_app");
393 app.addPrivileges({PRIV_INTERNET});
396 ScopedInstaller appInstall1(app);
397 app.checkAfterInstall();
399 app.checkSmackPrivileges({}, {PRIV_INTERNET});
402 AppInstallHelperExt app2("sm_test_sp_80_app", OWNER_ID);
403 auto appInstall2 = std::make_unique<ScopedInstaller>(app2);
404 app2.checkAfterInstall();
407 ScopedAppLauncher appLaunch(app);
408 app.checkSmackPrivileges({PRIV_INTERNET}, {});
413 app.checkSmackPrivileges({PRIV_INTERNET}, {});
415 app.checkAfterUninstall();
416 app.checkSmackPrivileges({}, {PRIV_INTERNET});
419 RUNNER_CHILD_TEST(smack_privileges_90_user_removal)
421 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
423 TemporaryTestUser testUser("sm_test_90_user_name", GUM_USERTYPE_NORMAL, true);
426 AppInstallHelperExt app("sm_test_sp_90_app", testUser.getUid());
427 app.addPrivileges({PRIV_INTERNET});
430 ScopedInstaller appInstall(app);
431 app.checkAfterInstall();
433 app.checkSmackPrivileges({}, {PRIV_INTERNET});
437 ScopedAppLauncher appLaunch(app);
438 app.checkSmackPrivileges({PRIV_INTERNET}, {});
441 app.checkSmackPrivileges({PRIV_INTERNET}, {});
446 app.checkAfterUninstall();
447 app.checkSmackPrivileges({}, {PRIV_INTERNET});
451 RUNNER_CHILD_TEST(smack_privileges_100_hybrid_app)
453 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
455 AppInstallHelperExt app("sm_test_sp_100_app");
456 app.addPrivileges({PRIV_INTERNET});
459 ScopedInstaller appInstall(app);
460 app.checkAfterInstall();
462 app.checkSmackPrivileges({}, {PRIV_INTERNET});
466 ScopedAppLauncher appLaunch(app);
467 app.checkSmackPrivileges({PRIV_INTERNET}, {});
470 app.checkSmackPrivileges({PRIV_INTERNET}, {});
472 app.checkAfterUninstall();
473 app.checkSmackPrivileges({}, {PRIV_INTERNET});
476 RUNNER_CHILD_TEST(smack_privileges_110_hybridity_change)
478 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
480 AppInstallHelperExt app("sm_test_sp_110_app");
481 app.addPrivileges({PRIV_INTERNET});
483 ScopedInstaller appInstall(app);
484 app.checkAfterInstall();
486 app.checkSmackPrivileges({}, {PRIV_INTERNET});
490 ScopedAppLauncher appLaunch(app);
491 app.checkSmackPrivileges({PRIV_INTERNET}, {});
494 app.checkSmackPrivileges({PRIV_INTERNET}, {});
499 InstallRequest request;
500 request.setAppId(app.getAppId());
501 request.setPkgId(app.getPkgId());
502 request.setUid(app.getUID());
504 for (const auto &priv: app.getPrivileges()) {
505 request.addPrivilege(priv);
507 Api::update(request);
509 app.checkSmackPrivileges({}, {PRIV_INTERNET});
513 ScopedAppLauncher appLaunch(app);
514 app.checkSmackPrivileges({PRIV_INTERNET}, {});
517 app.checkSmackPrivileges({PRIV_INTERNET}, {});
519 app.checkAfterUninstall();
520 app.checkSmackPrivileges({}, {PRIV_INTERNET});
523 RUNNER_CHILD_TEST(smack_privileges_120_policy_change_while_running)
525 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
527 TemporaryTestUser testUser("sm_test_120_user_name", GUM_USERTYPE_NORMAL, true);
530 AppInstallHelperExt app("sm_test_sp_120_app", testUser.getUid());
531 app.addPrivileges({PRIV_INTERNET});
533 ScopedInstaller appInstall(app);
534 app.checkAfterInstall();
536 app.checkSmackPrivileges({}, {PRIV_INTERNET});
540 ScopedAppLauncher appLaunch(app);
541 app.checkSmackPrivileges({PRIV_INTERNET}, {});
544 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
546 app.checkSmackPrivileges({}, {PRIV_INTERNET});
549 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
551 app.checkSmackPrivileges({PRIV_INTERNET}, {});
553 app.checkSmackPrivileges({PRIV_INTERNET}, {});
555 app.checkAfterUninstall();
556 app.checkSmackPrivileges({}, {PRIV_INTERNET});
559 RUNNER_CHILD_TEST(smack_privileges_130_different_users_and_policies)
561 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
563 TemporaryTestUser testUser("sm_test_130_user_name", GUM_USERTYPE_NORMAL, true);
566 AppInstallHelperExt app("sm_test_sp_130_app");
567 app.addPrivileges({PRIV_INTERNET});
570 ScopedInstaller appInstall(app);
571 app.checkAfterInstall();
573 app.checkSmackPrivileges({}, {PRIV_INTERNET});
575 // test user launch with denied policy
577 app.setUidGid(testUser.getUid());
578 changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
579 ScopedAppLauncher appLaunch(app);
580 app.checkSmackPrivileges({}, {PRIV_INTERNET});
583 app.checkSmackPrivileges({}, {PRIV_INTERNET});
587 app.setUidGid(OWNER_ID);
588 ScopedAppLauncher appLaunch(app);
589 app.checkSmackPrivileges({PRIV_INTERNET}, {});
592 app.checkSmackPrivileges({PRIV_INTERNET}, {});
594 app.checkAfterUninstall();
595 app.checkSmackPrivileges({}, {PRIV_INTERNET});
598 RUNNER_CHILD_TEST(smack_privileges_140_two_users_sequence)
600 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
602 TemporaryTestUser testUser("sm_test_140_user_name", GUM_USERTYPE_NORMAL, true);
605 AppInstallHelperExt app("sm_test_sp_140_app");
606 app.addPrivileges({PRIV_INTERNET});
609 ScopedInstaller appInstall(app);
610 app.checkAfterInstall();
611 app.checkSmackPrivileges({}, {PRIV_INTERNET});
613 // owner launch -> allowed
614 app.setUidGid(OWNER_ID);
615 ScopedAppLauncher appLaunch1(app);
616 app.checkSmackPrivileges({PRIV_INTERNET}, {});
618 // test user launch -> denied
619 app.setUidGid(testUser.getUid());
620 ScopedAppLauncher appLaunch2(app);
621 app.checkSmackPrivileges({}, {PRIV_INTERNET});
623 // owner launch -> denied
624 app.setUidGid(OWNER_ID);
625 ScopedAppLauncher appLaunch3(app);
626 app.checkSmackPrivileges({}, {PRIV_INTERNET});
628 // test user launch -> still denied
629 app.setUidGid(testUser.getUid());
630 ScopedAppLauncher appLaunch4(app);
631 app.checkSmackPrivileges({}, {PRIV_INTERNET});
634 // test user launch -> allowed
635 app.setUidGid(testUser.getUid());
636 ScopedAppLauncher appLaunch5(app);
637 app.checkSmackPrivileges({PRIV_INTERNET}, {});
639 app.checkAfterUninstall();
640 app.checkSmackPrivileges({}, {PRIV_INTERNET});
643 RUNNER_CHILD_TEST(smack_privileges_150_independent_apps)
645 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
647 TemporaryTestUser testUser("sm_test_150_user_name", GUM_USERTYPE_NORMAL, true);
650 AppInstallHelperExt app1("sm_test_sp_150_app1", testUser.getUid());
651 AppInstallHelperExt app2("sm_test_sp_150_app2", testUser.getUid());
652 app1.addPrivileges({PRIV_INTERNET});
654 ScopedInstaller appInstall1(app1);
655 ScopedInstaller appInstall2(app2);
657 app1.checkAfterInstall();
658 app2.checkAfterInstall();
660 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
661 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
665 ScopedAppLauncher appLaunch1(app1);
666 ScopedAppLauncher appLaunch2(app2);
668 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
669 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
672 app1.checkAfterUninstall();
673 app2.checkAfterUninstall();
674 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
675 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
678 RUNNER_CHILD_TEST(smack_privileges_160_nonhybrid_package)
680 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
682 TemporaryTestUser testUser("sm_test_160_user_name", GUM_USERTYPE_NORMAL, true);
685 constexpr char pkgPrefix[] = "sm_test_sp_160_pkg";
687 AppInstallHelperExt app1("sm_test_sp_160_app1", pkgPrefix, testUser.getUid());
688 app1.addPrivileges({PRIV_INTERNET});
690 AppInstallHelperExt app2("sm_test_sp_160_app2", pkgPrefix, testUser.getUid());
691 app2.addPrivileges({PRIV_INTERNET});
693 ScopedInstaller appInstall1(app1);
694 ScopedInstaller appInstall2(app2);
696 app1.checkAfterInstall();
697 app2.checkAfterInstall();
699 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
700 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
704 ScopedAppLauncher appLaunch1(app1);
705 ScopedAppLauncher appLaunch2(app2);
707 // both have access in non-hybrid package
708 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
709 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
711 // change policy of single app
712 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
714 // both should lose the access
715 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
716 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
718 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
720 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
721 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
724 app1.checkAfterUninstall();
725 app2.checkAfterUninstall();
726 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
727 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
731 RUNNER_CHILD_TEST(smack_privileges_170_hybrid_package)
733 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
735 TemporaryTestUser testUser("sm_test_170_user_name", GUM_USERTYPE_NORMAL, true);
738 constexpr char pkgPrefix[] = "sm_test_sp_170_pkg";
740 AppInstallHelperExt app1("sm_test_sp_170_app1", pkgPrefix, testUser.getUid());
741 app1.addPrivileges({PRIV_INTERNET});
744 AppInstallHelperExt app2("sm_test_sp_170_app2", pkgPrefix, testUser.getUid());
747 ScopedInstaller appInstall1(app1);
748 ScopedInstaller appInstall2(app2);
750 app1.checkAfterInstall();
751 app2.checkAfterInstall();
753 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
754 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
758 ScopedAppLauncher appLaunch1(app1);
759 ScopedAppLauncher appLaunch2(app2);
761 // only one have access in a hybrid package
762 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
763 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
765 // change policy of single app
766 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
768 // both should have no access
769 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
770 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
772 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
774 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
775 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
778 app1.checkAfterUninstall();
779 app2.checkAfterUninstall();
780 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
781 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
784 RUNNER_CHILD_TEST(smack_privileges_180_hybrid_package_both_apps_privileged)
786 SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
788 TemporaryTestUser testUser("sm_test_180_user_name", GUM_USERTYPE_NORMAL, true);
791 constexpr char pkgPrefix[] = "sm_test_sp_180_pkg";
793 AppInstallHelperExt app1("sm_test_sp_180_app1", pkgPrefix, testUser.getUid());
794 app1.addPrivileges({PRIV_INTERNET});
797 AppInstallHelperExt app2("sm_test_sp_180_app2", pkgPrefix, testUser.getUid());
798 app2.addPrivileges({PRIV_INTERNET});
801 ScopedInstaller appInstall1(app1);
802 ScopedInstaller appInstall2(app2);
804 app1.checkAfterInstall();
805 app2.checkAfterInstall();
807 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
808 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
812 ScopedAppLauncher appLaunch1(app1);
813 ScopedAppLauncher appLaunch2(app2);
815 // only one have access in a hybrid package
816 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
817 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
819 // change policy of single app
820 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
822 // both should have no access
823 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
824 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
826 changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
828 app1.checkSmackPrivileges({PRIV_INTERNET}, {});
829 app2.checkSmackPrivileges({PRIV_INTERNET}, {});
832 app1.checkAfterUninstall();
833 app2.checkAfterUninstall();
834 app1.checkSmackPrivileges({}, {PRIV_INTERNET});
835 app2.checkSmackPrivileges({}, {PRIV_INTERNET});
838 // TODO custom smack privileges