projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Provide configuration for smack-privilege tests
[platform/core/test/security-tests.git] / src / security-manager-tests / test_cases_smack_privileges.cpp
1 /*
2  * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 #include <memory>
18 #include <map>
19 #include <cassert>
20
21 #include <boost/filesystem.hpp>
22
23 #include <tzplatform_config.h>
24
25 #include <dpl/test/test_runner.h>
26 #include <dpl/test/test_runner_child.h>
27
28 #include <scoped_installer.h>
29 #include <scoped_app_launcher.h>
30 #include <temp_test_user.h>
31 #include <app_install_helper_ext.h>
32 #include <sm_policy_request.h>
33 #include <privilege_names.h>
34 #include <sm_commons.h>
35 #include <service_manager.h>
36
37 using namespace SecurityManagerTest;
38 using namespace PrivilegeNames;
39
40 namespace {
41
42 namespace fs = boost::filesystem;
43
44 const uid_t OWNER_ID = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
45
46 const fs::path TEST_SETUP_PATH = SM_TEST_DIR "/smack-privileges";
47 const fs::path BACKUP_SETUP_PATH = TEST_SETUP_PATH / "backup";
48
49 constexpr char SM_POLICY_PATH[] = "/usr/share/security-manager/policy";
50 constexpr char SM_SMACK_PRIV_MAPPING_SUBDIR[] = "/privilege-mapping";
51 constexpr char SM_SMACK_PRIV_CONFIG[] = "privilege-smack.list";
52
53 void changePolicy(const AppInstallHelper& app, const std::string& priv, const std::string &level) {
54     PolicyRequest policyRequest;
55     PolicyEntry entry(app.getAppId(), std::to_string(app.getUID()), priv);
56     entry.setLevel(level);
57     policyRequest.addEntry(entry);
58     Api::sendPolicy(policyRequest);
59 }
60
61 enum class SmackPrivSetup {
62     ORIGINAL,
63     EMPTY,
64     INTERNET_ONLY,
65     // TODO test other configurations
66 };
67
68 // This is to ensure that original security-manager policy is restored after the group is finished
69 class SmackPrivGroupEnv final : public DPL::Test::TestGroup {
70 private:
71     class SmackPrivSetupMgr final {
72     public:
73         SmackPrivSetupMgr() :
74             m_currentSetup(SmackPrivSetup::ORIGINAL),
75             m_serviceManager("security-manager.service"),
76             m_setupMap({{ SmackPrivSetup::EMPTY, "empty" },
77                         { SmackPrivSetup::INTERNET_ONLY, "internet-only" }})
78         {
79         }
80         SmackPrivSetupMgr(const SmackPrivSetupMgr&) = delete;
81         SmackPrivSetupMgr& operator=(const SmackPrivSetupMgr&) = delete;
82         ~SmackPrivSetupMgr()
83         {
84             // restore setup
85             if (m_currentSetup != SmackPrivSetup::ORIGINAL) {
86                 try {
87                     copySetup(BACKUP_SETUP_PATH, SM_POLICY_PATH);
88
89                     m_serviceManager.restartService();
90                 } catch (...) {
91                     RUNNER_ERROR_MSG("Unknown exception occurred during backup restore.");
92                 }
93             }
94         }
95
96         void install(SmackPrivSetup setup)
97         {
98             if (setup == m_currentSetup)
99                 return;
100
101             // backup setup
102             if (m_currentSetup == SmackPrivSetup::ORIGINAL)
103                 copySetup(SM_POLICY_PATH, BACKUP_SETUP_PATH);
104
105             copySetup(TEST_SETUP_PATH / m_setupMap.at(setup), SM_POLICY_PATH);
106             m_currentSetup = setup;
107
108             // restart SM
109             m_serviceManager.restartService();
110         }
111
112     private:
113         void copySetup(const boost::filesystem::path& src, const boost::filesystem::path& dst)
114         {
115             const auto srcConfig = src / SM_SMACK_PRIV_CONFIG;
116             const auto dstConfig = dst / SM_SMACK_PRIV_CONFIG;
117             const auto srcMappingSubdir = src / SM_SMACK_PRIV_MAPPING_SUBDIR;
118             const auto dstMappingSubdir = dst / SM_SMACK_PRIV_MAPPING_SUBDIR;
119
120             // remove dst
121             fs::remove(dstConfig);
122             fs::remove_all(dstMappingSubdir);
123
124             // copy
125             if (fs::exists(srcConfig))
126                 fs::copy_file(srcConfig, dstConfig);
127
128             if (fs::exists(srcMappingSubdir)) {
129                 fs::create_directory(dstMappingSubdir);
130                 for (const auto& e: fs::recursive_directory_iterator(srcMappingSubdir))
131                     fs::copy(e.path(), dstMappingSubdir / fs::relative(e.path(), srcMappingSubdir));
132             }
133         }
134
135         SmackPrivSetup m_currentSetup;
136         ServiceManager m_serviceManager;
137         const std::map<SmackPrivSetup, std::string> m_setupMap;
138     };
139
140     static std::unique_ptr<SmackPrivSetupMgr> m_setupMgr;
141
142 public:
143     void Init() override {
144         assert(!m_setupMgr);
145
146         m_setupMgr.reset(new SmackPrivSetupMgr());
147     }
148
149     static void Install(SmackPrivSetup setup)
150     {
151         assert(m_setupMgr);
152
153         m_setupMgr->install(setup);
154     }
155
156     void Finish() override {
157         assert(m_setupMgr);
158
159         m_setupMgr.reset();
160     }
161 };
162
163 std::unique_ptr<SmackPrivGroupEnv::SmackPrivSetupMgr> SmackPrivGroupEnv::m_setupMgr;
164
165 } // namespace anonymous
166
167 RUNNER_TEST_GROUP_INIT_ENV(SECURITY_MANAGER_SMACK_PRIVILEGES, SmackPrivGroupEnv)
168
169 RUNNER_CHILD_TEST(smack_privileges_10_no_privileges)
170 {
171     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
172
173     AppInstallHelperExt app("sm_test_sp_10_app");
174     {
175         ScopedInstaller appInstall(app);
176         app.checkAfterInstall();
177         app.checkDeniedPrivileges({PRIV_INTERNET});
178         app.checkSmackPrivileges({}, {PRIV_INTERNET});
179         {
180             ScopedAppLauncher appLaunch(app);
181             app.checkSmackPrivileges({}, {PRIV_INTERNET});
182         }
183     }
184     app.checkAfterUninstall();
185 }
186
187 RUNNER_CHILD_TEST(smack_privileges_20_internet_privilege)
188 {
189     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
190
191     AppInstallHelperExt app("sm_test_sp_20_app");
192     app.addPrivileges({PRIV_INTERNET});
193     {
194         ScopedInstaller appInstall(app);
195         app.checkAfterInstall();
196
197         // rules absent before app is launched
198         app.checkSmackPrivileges({}, {PRIV_INTERNET});
199         {
200             ScopedAppLauncher appLaunch(app);
201             app.checkSmackPrivileges({PRIV_INTERNET}, {});
202         }
203         // rules present after app is terminated
204         app.checkSmackPrivileges({PRIV_INTERNET}, {});
205     }
206     app.checkAfterUninstall();
207     // rules removed after app uninstallation
208     app.checkSmackPrivileges({}, {PRIV_INTERNET});
209 }
210
211 RUNNER_CHILD_TEST(smack_privileges_30_one_after_another)
212 {
213     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
214
215     AppInstallHelperExt app("sm_test_sp_30_app");
216     app.addPrivileges({PRIV_INTERNET});
217     {
218         ScopedInstaller appInstall(app);
219         app.checkAfterInstall();
220
221         // rules absent before app is launched
222         app.checkSmackPrivileges({}, {PRIV_INTERNET});
223         {
224             ScopedAppLauncher appLaunch(app);
225             app.checkSmackPrivileges({PRIV_INTERNET}, {});
226         }
227         // rules present after app is terminated
228         app.checkSmackPrivileges({PRIV_INTERNET}, {});
229
230         {
231             ScopedAppLauncher appLaunch(app);
232             app.checkSmackPrivileges({PRIV_INTERNET}, {});
233         }
234         // rules present after app is terminated
235         app.checkSmackPrivileges({PRIV_INTERNET}, {});
236     }
237     app.checkAfterUninstall();
238     // rules removed after app uninstallation
239     app.checkSmackPrivileges({}, {PRIV_INTERNET});
240 }
241
242 RUNNER_CHILD_TEST(smack_privileges_40_different_users_one_after_another)
243 {
244     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
245
246     TemporaryTestUser testUser("sm_test_40_user_name", GUM_USERTYPE_NORMAL, true);
247     testUser.create();
248
249     AppInstallHelperExt app("sm_test_sp_40_app");
250     app.addPrivileges({PRIV_INTERNET});
251     {
252         // global install
253         ScopedInstaller appInstall(app);
254         app.checkAfterInstall();
255
256         app.checkSmackPrivileges({}, {PRIV_INTERNET});
257
258         // owner launch
259         {
260             app.setUidGid(OWNER_ID);
261             ScopedAppLauncher appLaunch(app);
262             app.checkSmackPrivileges({PRIV_INTERNET}, {});
263         }
264
265         app.checkSmackPrivileges({PRIV_INTERNET}, {});
266
267         // test user launch
268         {
269             app.setUidGid(testUser.getUid());
270             ScopedAppLauncher appLaunch(app);
271             app.checkSmackPrivileges({PRIV_INTERNET}, {});
272         }
273
274         app.checkSmackPrivileges({PRIV_INTERNET}, {});
275     }
276     app.checkAfterUninstall();
277     app.checkSmackPrivileges({}, {PRIV_INTERNET});
278 }
279
280 RUNNER_CHILD_TEST(smack_privileges_50_same_user_simultaneously)
281 {
282     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
283
284     AppInstallHelperExt app("sm_test_sp_50_app", OWNER_ID);
285     app.addPrivileges({PRIV_INTERNET});
286     {
287         ScopedInstaller appInstall(app);
288         app.checkAfterInstall();
289
290         app.checkSmackPrivileges({}, {PRIV_INTERNET});
291         {
292             ScopedAppLauncher appLaunch1(app);
293             app.checkSmackPrivileges({PRIV_INTERNET}, {});
294             {
295                 ScopedAppLauncher appLaunch2(app);
296                 app.checkSmackPrivileges({PRIV_INTERNET}, {});
297             }
298             app.checkSmackPrivileges({PRIV_INTERNET}, {});
299         }
300         app.checkSmackPrivileges({PRIV_INTERNET}, {});
301     }
302     app.checkAfterUninstall();
303     app.checkSmackPrivileges({}, {PRIV_INTERNET});
304 }
305
306 RUNNER_CHILD_TEST(smack_privileges_60_same_user_interchangeably)
307 {
308     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
309
310     AppInstallHelperExt app("sm_test_sp_60_app", OWNER_ID);
311     app.addPrivileges({PRIV_INTERNET});
312     {
313         // local install
314         ScopedInstaller appInstall(app);
315         app.checkAfterInstall();
316
317         app.checkSmackPrivileges({}, {PRIV_INTERNET});
318
319         // owner launch 1
320         auto appLaunch1 = std::make_unique<ScopedAppLauncher>(app);
321
322         app.checkSmackPrivileges({PRIV_INTERNET}, {});
323
324         // owner launch 2
325         auto appLaunch2 = std::make_unique<ScopedAppLauncher>(app);
326
327         app.checkSmackPrivileges({PRIV_INTERNET}, {});
328
329         // owner terminate 1
330         appLaunch1.reset();
331
332         app.checkSmackPrivileges({PRIV_INTERNET}, {});
333
334         // owner terminate 2
335         appLaunch2.reset();
336     }
337     app.checkAfterUninstall();
338     app.checkSmackPrivileges({}, {PRIV_INTERNET});
339 }
340
341 RUNNER_CHILD_TEST(smack_privileges_70_different_users_simultaneously)
342 {
343     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
344
345     TemporaryTestUser testUser("sm_test_70_user_name", GUM_USERTYPE_NORMAL, true);
346     testUser.create();
347
348     AppInstallHelperExt app("sm_test_sp_70_app");
349     app.addPrivileges({PRIV_INTERNET});
350     {
351         // global install
352         ScopedInstaller appInstall(app);
353         app.checkAfterInstall();
354
355         app.checkSmackPrivileges({}, {PRIV_INTERNET});
356
357         // owner launch
358         {
359             app.setUidGid(OWNER_ID);
360             ScopedAppLauncher appLaunch(app);
361             app.checkSmackPrivileges({PRIV_INTERNET}, {});
362
363             // test user launch
364             {
365                 app.setUidGid(testUser.getUid());
366                 ScopedAppLauncher appLaunch(app);
367
368                 // multiuser detected -> rules removed
369                 app.checkSmackPrivileges({}, {PRIV_INTERNET});
370             }
371             app.checkSmackPrivileges({}, {PRIV_INTERNET});
372         }
373         app.checkSmackPrivileges({}, {PRIV_INTERNET});
374
375         // owner launch
376         {
377             app.setUidGid(OWNER_ID);
378             ScopedAppLauncher appLaunch(app);
379
380             // rules restored
381             app.checkSmackPrivileges({PRIV_INTERNET}, {});
382         }
383     }
384     app.checkAfterUninstall();
385     app.checkSmackPrivileges({}, {PRIV_INTERNET});
386 }
387
388 RUNNER_CHILD_TEST(smack_privileges_80_uninstall_local_while_running)
389 {
390     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
391
392     AppInstallHelperExt app("sm_test_sp_80_app");
393     app.addPrivileges({PRIV_INTERNET});
394     {
395         // global install
396         ScopedInstaller appInstall1(app);
397         app.checkAfterInstall();
398
399         app.checkSmackPrivileges({}, {PRIV_INTERNET});
400
401         // local install
402         AppInstallHelperExt app2("sm_test_sp_80_app", OWNER_ID);
403         auto appInstall2 = std::make_unique<ScopedInstaller>(app2);
404         app2.checkAfterInstall();
405
406         // global launch
407         ScopedAppLauncher appLaunch(app);
408         app.checkSmackPrivileges({PRIV_INTERNET}, {});
409
410         // local uninstall
411         appInstall2.reset();
412
413         app.checkSmackPrivileges({PRIV_INTERNET}, {});
414     }
415     app.checkAfterUninstall();
416     app.checkSmackPrivileges({}, {PRIV_INTERNET});
417 }
418
419 RUNNER_CHILD_TEST(smack_privileges_90_user_removal)
420 {
421     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
422
423     TemporaryTestUser testUser("sm_test_90_user_name", GUM_USERTYPE_NORMAL, true);
424     testUser.create();
425
426     AppInstallHelperExt app("sm_test_sp_90_app", testUser.getUid());
427     app.addPrivileges({PRIV_INTERNET});
428     {
429         // local install
430         ScopedInstaller appInstall(app);
431         app.checkAfterInstall();
432
433         app.checkSmackPrivileges({}, {PRIV_INTERNET});
434
435         // local launch
436         {
437             ScopedAppLauncher appLaunch(app);
438             app.checkSmackPrivileges({PRIV_INTERNET}, {});
439         }
440
441         app.checkSmackPrivileges({PRIV_INTERNET}, {});
442
443         // user removal
444         testUser.remove();
445
446         app.checkAfterUninstall();
447         app.checkSmackPrivileges({}, {PRIV_INTERNET});
448     }
449 }
450
451 RUNNER_CHILD_TEST(smack_privileges_100_hybrid_app)
452 {
453     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
454
455     AppInstallHelperExt app("sm_test_sp_100_app");
456     app.addPrivileges({PRIV_INTERNET});
457     app.setHybrid();
458     {
459         ScopedInstaller appInstall(app);
460         app.checkAfterInstall();
461
462         app.checkSmackPrivileges({}, {PRIV_INTERNET});
463
464         // launch
465         {
466             ScopedAppLauncher appLaunch(app);
467             app.checkSmackPrivileges({PRIV_INTERNET}, {});
468         }
469
470         app.checkSmackPrivileges({PRIV_INTERNET}, {});
471     }
472     app.checkAfterUninstall();
473     app.checkSmackPrivileges({}, {PRIV_INTERNET});
474 }
475
476 RUNNER_CHILD_TEST(smack_privileges_110_hybridity_change)
477 {
478     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
479
480     AppInstallHelperExt app("sm_test_sp_110_app");
481     app.addPrivileges({PRIV_INTERNET});
482     {
483         ScopedInstaller appInstall(app);
484         app.checkAfterInstall();
485
486         app.checkSmackPrivileges({}, {PRIV_INTERNET});
487
488         // launch
489         {
490             ScopedAppLauncher appLaunch(app);
491             app.checkSmackPrivileges({PRIV_INTERNET}, {});
492         }
493
494         app.checkSmackPrivileges({PRIV_INTERNET}, {});
495
496         app.setHybrid();
497
498         // make it hybrid
499         InstallRequest request;
500         request.setAppId(app.getAppId());
501         request.setPkgId(app.getPkgId());
502         request.setUid(app.getUID());
503         request.setHybrid();
504         for (const auto &priv: app.getPrivileges()) {
505             request.addPrivilege(priv);
506         }
507         Api::update(request);
508
509         app.checkSmackPrivileges({}, {PRIV_INTERNET});
510
511         // launch
512         {
513             ScopedAppLauncher appLaunch(app);
514             app.checkSmackPrivileges({PRIV_INTERNET}, {});
515         }
516
517         app.checkSmackPrivileges({PRIV_INTERNET}, {});
518     }
519     app.checkAfterUninstall();
520     app.checkSmackPrivileges({}, {PRIV_INTERNET});
521 }
522
523 RUNNER_CHILD_TEST(smack_privileges_120_policy_change_while_running)
524 {
525     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
526
527     TemporaryTestUser testUser("sm_test_120_user_name", GUM_USERTYPE_NORMAL, true);
528     testUser.create();
529
530     AppInstallHelperExt app("sm_test_sp_120_app", testUser.getUid());
531     app.addPrivileges({PRIV_INTERNET});
532     {
533         ScopedInstaller appInstall(app);
534         app.checkAfterInstall();
535
536         app.checkSmackPrivileges({}, {PRIV_INTERNET});
537
538         // launch
539         {
540             ScopedAppLauncher appLaunch(app);
541             app.checkSmackPrivileges({PRIV_INTERNET}, {});
542
543             // change policy
544             changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
545
546             app.checkSmackPrivileges({}, {PRIV_INTERNET});
547
548             // change policy
549             changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
550
551             app.checkSmackPrivileges({PRIV_INTERNET}, {});
552         }
553         app.checkSmackPrivileges({PRIV_INTERNET}, {});
554     }
555     app.checkAfterUninstall();
556     app.checkSmackPrivileges({}, {PRIV_INTERNET});
557 }
558
559 RUNNER_CHILD_TEST(smack_privileges_130_different_users_and_policies)
560 {
561     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
562
563     TemporaryTestUser testUser("sm_test_130_user_name", GUM_USERTYPE_NORMAL, true);
564     testUser.create();
565
566     AppInstallHelperExt app("sm_test_sp_130_app");
567     app.addPrivileges({PRIV_INTERNET});
568     {
569         // global install
570         ScopedInstaller appInstall(app);
571         app.checkAfterInstall();
572
573         app.checkSmackPrivileges({}, {PRIV_INTERNET});
574
575         // test user launch with denied policy
576         {
577             app.setUidGid(testUser.getUid());
578             changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
579             ScopedAppLauncher appLaunch(app);
580             app.checkSmackPrivileges({}, {PRIV_INTERNET});
581         }
582
583         app.checkSmackPrivileges({}, {PRIV_INTERNET});
584
585         // owner launch
586         {
587             app.setUidGid(OWNER_ID);
588             ScopedAppLauncher appLaunch(app);
589             app.checkSmackPrivileges({PRIV_INTERNET}, {});
590         }
591
592         app.checkSmackPrivileges({PRIV_INTERNET}, {});
593     }
594     app.checkAfterUninstall();
595     app.checkSmackPrivileges({}, {PRIV_INTERNET});
596 }
597
598 RUNNER_CHILD_TEST(smack_privileges_140_two_users_sequence)
599 {
600     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
601
602     TemporaryTestUser testUser("sm_test_140_user_name", GUM_USERTYPE_NORMAL, true);
603     testUser.create();
604
605     AppInstallHelperExt app("sm_test_sp_140_app");
606     app.addPrivileges({PRIV_INTERNET});
607     {
608         // global install
609         ScopedInstaller appInstall(app);
610         app.checkAfterInstall();
611         app.checkSmackPrivileges({}, {PRIV_INTERNET});
612         {
613             // owner launch -> allowed
614             app.setUidGid(OWNER_ID);
615             ScopedAppLauncher appLaunch1(app);
616             app.checkSmackPrivileges({PRIV_INTERNET}, {});
617             {
618                 // test user launch -> denied
619                 app.setUidGid(testUser.getUid());
620                 ScopedAppLauncher appLaunch2(app);
621                 app.checkSmackPrivileges({}, {PRIV_INTERNET});
622
623                 // owner launch -> denied
624                 app.setUidGid(OWNER_ID);
625                 ScopedAppLauncher appLaunch3(app);
626                 app.checkSmackPrivileges({}, {PRIV_INTERNET});
627             }
628             // test user launch -> still denied
629             app.setUidGid(testUser.getUid());
630             ScopedAppLauncher appLaunch4(app);
631             app.checkSmackPrivileges({}, {PRIV_INTERNET});
632         }
633
634         // test user launch -> allowed
635         app.setUidGid(testUser.getUid());
636         ScopedAppLauncher appLaunch5(app);
637         app.checkSmackPrivileges({PRIV_INTERNET}, {});
638     }
639     app.checkAfterUninstall();
640     app.checkSmackPrivileges({}, {PRIV_INTERNET});
641 }
642
643 RUNNER_CHILD_TEST(smack_privileges_150_independent_apps)
644 {
645     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
646
647     TemporaryTestUser testUser("sm_test_150_user_name", GUM_USERTYPE_NORMAL, true);
648     testUser.create();
649
650     AppInstallHelperExt app1("sm_test_sp_150_app1", testUser.getUid());
651     AppInstallHelperExt app2("sm_test_sp_150_app2", testUser.getUid());
652     app1.addPrivileges({PRIV_INTERNET});
653     {
654         ScopedInstaller appInstall1(app1);
655         ScopedInstaller appInstall2(app2);
656
657         app1.checkAfterInstall();
658         app2.checkAfterInstall();
659
660         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
661         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
662
663         // launch
664         {
665             ScopedAppLauncher appLaunch1(app1);
666             ScopedAppLauncher appLaunch2(app2);
667
668             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
669             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
670         }
671     }
672     app1.checkAfterUninstall();
673     app2.checkAfterUninstall();
674     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
675     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
676 }
677
678 RUNNER_CHILD_TEST(smack_privileges_160_nonhybrid_package)
679 {
680     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
681
682     TemporaryTestUser testUser("sm_test_160_user_name", GUM_USERTYPE_NORMAL, true);
683     testUser.create();
684
685     constexpr char pkgPrefix[] = "sm_test_sp_160_pkg";
686
687     AppInstallHelperExt app1("sm_test_sp_160_app1", pkgPrefix, testUser.getUid());
688     app1.addPrivileges({PRIV_INTERNET});
689
690     AppInstallHelperExt app2("sm_test_sp_160_app2", pkgPrefix, testUser.getUid());
691     app2.addPrivileges({PRIV_INTERNET});
692     {
693         ScopedInstaller appInstall1(app1);
694         ScopedInstaller appInstall2(app2);
695
696         app1.checkAfterInstall();
697         app2.checkAfterInstall();
698
699         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
700         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
701
702         // launch
703         {
704             ScopedAppLauncher appLaunch1(app1);
705             ScopedAppLauncher appLaunch2(app2);
706
707             // both have access in non-hybrid package
708             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
709             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
710
711             // change policy of single app
712             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
713
714             // both should lose the access
715             app1.checkSmackPrivileges({}, {PRIV_INTERNET});
716             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
717
718             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
719
720             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
721             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
722         }
723     }
724     app1.checkAfterUninstall();
725     app2.checkAfterUninstall();
726     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
727     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
728 }
729
730
731 RUNNER_CHILD_TEST(smack_privileges_170_hybrid_package)
732 {
733     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
734
735     TemporaryTestUser testUser("sm_test_170_user_name", GUM_USERTYPE_NORMAL, true);
736     testUser.create();
737
738     constexpr char pkgPrefix[] = "sm_test_sp_170_pkg";
739
740     AppInstallHelperExt app1("sm_test_sp_170_app1", pkgPrefix, testUser.getUid());
741     app1.addPrivileges({PRIV_INTERNET});
742     app1.setHybrid();
743
744     AppInstallHelperExt app2("sm_test_sp_170_app2", pkgPrefix, testUser.getUid());
745     app2.setHybrid();
746     {
747         ScopedInstaller appInstall1(app1);
748         ScopedInstaller appInstall2(app2);
749
750         app1.checkAfterInstall();
751         app2.checkAfterInstall();
752
753         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
754         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
755
756         // launch
757         {
758             ScopedAppLauncher appLaunch1(app1);
759             ScopedAppLauncher appLaunch2(app2);
760
761             // only one have access in a hybrid package
762             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
763             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
764
765             // change policy of single app
766             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
767
768             // both should have no access
769             app1.checkSmackPrivileges({}, {PRIV_INTERNET});
770             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
771
772             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
773
774             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
775             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
776         }
777     }
778     app1.checkAfterUninstall();
779     app2.checkAfterUninstall();
780     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
781     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
782 }
783
784 RUNNER_CHILD_TEST(smack_privileges_180_hybrid_package_both_apps_privileged)
785 {
786     SmackPrivGroupEnv::Install(SmackPrivSetup::INTERNET_ONLY);
787
788     TemporaryTestUser testUser("sm_test_180_user_name", GUM_USERTYPE_NORMAL, true);
789     testUser.create();
790
791     constexpr char pkgPrefix[] = "sm_test_sp_180_pkg";
792
793     AppInstallHelperExt app1("sm_test_sp_180_app1", pkgPrefix, testUser.getUid());
794     app1.addPrivileges({PRIV_INTERNET});
795     app1.setHybrid();
796
797     AppInstallHelperExt app2("sm_test_sp_180_app2", pkgPrefix, testUser.getUid());
798     app2.addPrivileges({PRIV_INTERNET});
799     app2.setHybrid();
800     {
801         ScopedInstaller appInstall1(app1);
802         ScopedInstaller appInstall2(app2);
803
804         app1.checkAfterInstall();
805         app2.checkAfterInstall();
806
807         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
808         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
809
810         // launch
811         {
812             ScopedAppLauncher appLaunch1(app1);
813             ScopedAppLauncher appLaunch2(app2);
814
815             // only one have access in a hybrid package
816             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
817             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
818
819             // change policy of single app
820             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
821
822             // both should have no access
823             app1.checkSmackPrivileges({}, {PRIV_INTERNET});
824             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
825
826             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
827
828             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
829             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
830         }
831     }
832     app1.checkAfterUninstall();
833     app2.checkAfterUninstall();
834     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
835     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
836 }
837
838 // TODO custom smack privileges
Domain: Security / Uncategorized;