projects / platform / core / test / security-tests.git / blob
? search:


6f049ba22df1a484406567e7ba12524933117d59
[platform/core/test/security-tests.git] / src / security-manager-tests / test_cases_smack_privileges.cpp
1 /*
2  * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 #include <memory>
18
19 #include <tzplatform_config.h>
20
21 #include <dpl/test/test_runner.h>
22 #include <dpl/test/test_runner_child.h>
23
24 #include <scoped_installer.h>
25 #include <scoped_app_launcher.h>
26 #include <temp_test_user.h>
27 #include <app_install_helper_ext.h>
28 #include <sm_policy_request.h>
29 #include <privilege_names.h>
30
31 using namespace SecurityManagerTest;
32 using namespace PrivilegeNames;
33
34 namespace {
35
36 const uid_t OWNER_ID = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
37
38 void changePolicy(const AppInstallHelper& app, const std::string& priv, const std::string &level) {
39     PolicyRequest policyRequest;
40     PolicyEntry entry(app.getAppId(), std::to_string(app.getUID()), priv);
41     entry.setLevel(level);
42     policyRequest.addEntry(entry);
43     Api::sendPolicy(policyRequest);
44 }
45
46 } // namespace anonymous
47
48 RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_SMACK_PRIVILEGES)
49
50 RUNNER_CHILD_TEST(smack_privileges_10_no_privileges)
51 {
52     AppInstallHelperExt app("sm_test_sp_10_app");
53     {
54         ScopedInstaller appInstall(app);
55         app.checkAfterInstall();
56         app.checkDeniedPrivileges({PRIV_INTERNET});
57         app.checkSmackPrivileges({}, {PRIV_INTERNET});
58         {
59             ScopedAppLauncher appLaunch(app);
60             app.checkSmackPrivileges({}, {PRIV_INTERNET});
61         }
62     }
63     app.checkAfterUninstall();
64 }
65
66 RUNNER_CHILD_TEST(smack_privileges_20_internet_privilege)
67 {
68     AppInstallHelperExt app("sm_test_sp_20_app");
69     app.addPrivileges({PRIV_INTERNET});
70     {
71         ScopedInstaller appInstall(app);
72         app.checkAfterInstall();
73
74         // rules absent before app is launched
75         app.checkSmackPrivileges({}, {PRIV_INTERNET});
76         {
77             ScopedAppLauncher appLaunch(app);
78             app.checkSmackPrivileges({PRIV_INTERNET}, {});
79         }
80         // rules present after app is terminated
81         app.checkSmackPrivileges({PRIV_INTERNET}, {});
82     }
83     app.checkAfterUninstall();
84     // rules removed after app uninstallation
85     app.checkSmackPrivileges({}, {PRIV_INTERNET});
86 }
87
88 RUNNER_CHILD_TEST(smack_privileges_30_one_after_another)
89 {
90     AppInstallHelperExt app("sm_test_sp_30_app");
91     app.addPrivileges({PRIV_INTERNET});
92     {
93         ScopedInstaller appInstall(app);
94         app.checkAfterInstall();
95
96         // rules absent before app is launched
97         app.checkSmackPrivileges({}, {PRIV_INTERNET});
98         {
99             ScopedAppLauncher appLaunch(app);
100             app.checkSmackPrivileges({PRIV_INTERNET}, {});
101         }
102         // rules present after app is terminated
103         app.checkSmackPrivileges({PRIV_INTERNET}, {});
104
105         {
106             ScopedAppLauncher appLaunch(app);
107             app.checkSmackPrivileges({PRIV_INTERNET}, {});
108         }
109         // rules present after app is terminated
110         app.checkSmackPrivileges({PRIV_INTERNET}, {});
111     }
112     app.checkAfterUninstall();
113     // rules removed after app uninstallation
114     app.checkSmackPrivileges({}, {PRIV_INTERNET});
115 }
116
117 RUNNER_CHILD_TEST(smack_privileges_40_different_users_one_after_another)
118 {
119     TemporaryTestUser testUser("sm_test_40_user_name", GUM_USERTYPE_NORMAL, true);
120     testUser.create();
121
122     AppInstallHelperExt app("sm_test_sp_40_app");
123     app.addPrivileges({PRIV_INTERNET});
124     {
125         // global install
126         ScopedInstaller appInstall(app);
127         app.checkAfterInstall();
128
129         app.checkSmackPrivileges({}, {PRIV_INTERNET});
130
131         // owner launch
132         {
133             app.setUidGid(OWNER_ID);
134             ScopedAppLauncher appLaunch(app);
135             app.checkSmackPrivileges({PRIV_INTERNET}, {});
136         }
137
138         app.checkSmackPrivileges({PRIV_INTERNET}, {});
139
140         // test user launch
141         {
142             app.setUidGid(testUser.getUid());
143             ScopedAppLauncher appLaunch(app);
144             app.checkSmackPrivileges({PRIV_INTERNET}, {});
145         }
146
147         app.checkSmackPrivileges({PRIV_INTERNET}, {});
148     }
149     app.checkAfterUninstall();
150     app.checkSmackPrivileges({}, {PRIV_INTERNET});
151 }
152
153 RUNNER_CHILD_TEST(smack_privileges_50_same_user_simultaneously)
154 {
155     AppInstallHelperExt app("sm_test_sp_50_app", OWNER_ID);
156     app.addPrivileges({PRIV_INTERNET});
157     {
158         ScopedInstaller appInstall(app);
159         app.checkAfterInstall();
160
161         app.checkSmackPrivileges({}, {PRIV_INTERNET});
162         {
163             ScopedAppLauncher appLaunch1(app);
164             app.checkSmackPrivileges({PRIV_INTERNET}, {});
165             {
166                 ScopedAppLauncher appLaunch2(app);
167                 app.checkSmackPrivileges({PRIV_INTERNET}, {});
168             }
169             app.checkSmackPrivileges({PRIV_INTERNET}, {});
170         }
171         app.checkSmackPrivileges({PRIV_INTERNET}, {});
172     }
173     app.checkAfterUninstall();
174     app.checkSmackPrivileges({}, {PRIV_INTERNET});
175 }
176
177 RUNNER_CHILD_TEST(smack_privileges_60_same_user_interchangeably)
178 {
179     AppInstallHelperExt app("sm_test_sp_60_app", OWNER_ID);
180     app.addPrivileges({PRIV_INTERNET});
181     {
182         // local install
183         ScopedInstaller appInstall(app);
184         app.checkAfterInstall();
185
186         app.checkSmackPrivileges({}, {PRIV_INTERNET});
187
188         // owner launch 1
189         auto appLaunch1 = std::make_unique<ScopedAppLauncher>(app);
190
191         app.checkSmackPrivileges({PRIV_INTERNET}, {});
192
193         // owner launch 2
194         auto appLaunch2 = std::make_unique<ScopedAppLauncher>(app);
195
196         app.checkSmackPrivileges({PRIV_INTERNET}, {});
197
198         // owner terminate 1
199         appLaunch1.reset();
200
201         app.checkSmackPrivileges({PRIV_INTERNET}, {});
202
203         // owner terminate 2
204         appLaunch2.reset();
205     }
206     app.checkAfterUninstall();
207     app.checkSmackPrivileges({}, {PRIV_INTERNET});
208 }
209
210 RUNNER_CHILD_TEST(smack_privileges_70_different_users_simultaneously)
211 {
212     TemporaryTestUser testUser("sm_test_70_user_name", GUM_USERTYPE_NORMAL, true);
213     testUser.create();
214
215     AppInstallHelperExt app("sm_test_sp_70_app");
216     app.addPrivileges({PRIV_INTERNET});
217     {
218         // global install
219         ScopedInstaller appInstall(app);
220         app.checkAfterInstall();
221
222         app.checkSmackPrivileges({}, {PRIV_INTERNET});
223
224         // owner launch
225         {
226             app.setUidGid(OWNER_ID);
227             ScopedAppLauncher appLaunch(app);
228             app.checkSmackPrivileges({PRIV_INTERNET}, {});
229
230             // test user launch
231             {
232                 app.setUidGid(testUser.getUid());
233                 ScopedAppLauncher appLaunch(app);
234
235                 // multiuser detected -> rules removed
236                 app.checkSmackPrivileges({}, {PRIV_INTERNET});
237             }
238             app.checkSmackPrivileges({}, {PRIV_INTERNET});
239         }
240         app.checkSmackPrivileges({}, {PRIV_INTERNET});
241
242         // owner launch
243         {
244             app.setUidGid(OWNER_ID);
245             ScopedAppLauncher appLaunch(app);
246
247             // rules restored
248             app.checkSmackPrivileges({PRIV_INTERNET}, {});
249         }
250     }
251     app.checkAfterUninstall();
252     app.checkSmackPrivileges({}, {PRIV_INTERNET});
253 }
254
255 RUNNER_CHILD_TEST(smack_privileges_80_uninstall_local_while_running)
256 {
257     AppInstallHelperExt app("sm_test_sp_80_app");
258     app.addPrivileges({PRIV_INTERNET});
259     {
260         // global install
261         ScopedInstaller appInstall1(app);
262         app.checkAfterInstall();
263
264         app.checkSmackPrivileges({}, {PRIV_INTERNET});
265
266         // local install
267         AppInstallHelperExt app2("sm_test_sp_80_app", OWNER_ID);
268         auto appInstall2 = std::make_unique<ScopedInstaller>(app2);
269         app2.checkAfterInstall();
270
271         // global launch
272         ScopedAppLauncher appLaunch(app);
273         app.checkSmackPrivileges({PRIV_INTERNET}, {});
274
275         // local uninstall
276         appInstall2.reset();
277
278         app.checkSmackPrivileges({PRIV_INTERNET}, {});
279     }
280     app.checkAfterUninstall();
281     app.checkSmackPrivileges({}, {PRIV_INTERNET});
282 }
283
284 RUNNER_CHILD_TEST(smack_privileges_90_user_removal)
285 {
286     TemporaryTestUser testUser("sm_test_90_user_name", GUM_USERTYPE_NORMAL, true);
287     testUser.create();
288
289     AppInstallHelperExt app("sm_test_sp_90_app", testUser.getUid());
290     app.addPrivileges({PRIV_INTERNET});
291     {
292         // local install
293         ScopedInstaller appInstall(app);
294         app.checkAfterInstall();
295
296         app.checkSmackPrivileges({}, {PRIV_INTERNET});
297
298         // local launch
299         {
300             ScopedAppLauncher appLaunch(app);
301             app.checkSmackPrivileges({PRIV_INTERNET}, {});
302         }
303
304         app.checkSmackPrivileges({PRIV_INTERNET}, {});
305
306         // user removal
307         testUser.remove();
308
309         app.checkAfterUninstall();
310         app.checkSmackPrivileges({}, {PRIV_INTERNET});
311     }
312 }
313
314 RUNNER_CHILD_TEST(smack_privileges_100_hybrid_app)
315 {
316     AppInstallHelperExt app("sm_test_sp_100_app");
317     app.addPrivileges({PRIV_INTERNET});
318     app.setHybrid();
319     {
320         ScopedInstaller appInstall(app);
321         app.checkAfterInstall();
322
323         app.checkSmackPrivileges({}, {PRIV_INTERNET});
324
325         // launch
326         {
327             ScopedAppLauncher appLaunch(app);
328             app.checkSmackPrivileges({PRIV_INTERNET}, {});
329         }
330
331         app.checkSmackPrivileges({PRIV_INTERNET}, {});
332     }
333     app.checkAfterUninstall();
334     app.checkSmackPrivileges({}, {PRIV_INTERNET});
335 }
336
337 RUNNER_CHILD_TEST(smack_privileges_110_hybridity_change)
338 {
339     AppInstallHelperExt app("sm_test_sp_110_app");
340     app.addPrivileges({PRIV_INTERNET});
341     {
342         ScopedInstaller appInstall(app);
343         app.checkAfterInstall();
344
345         app.checkSmackPrivileges({}, {PRIV_INTERNET});
346
347         // launch
348         {
349             ScopedAppLauncher appLaunch(app);
350             app.checkSmackPrivileges({PRIV_INTERNET}, {});
351         }
352
353         app.checkSmackPrivileges({PRIV_INTERNET}, {});
354
355         app.setHybrid();
356
357         // make it hybrid
358         InstallRequest request;
359         request.setAppId(app.getAppId());
360         request.setPkgId(app.getPkgId());
361         request.setUid(app.getUID());
362         request.setHybrid();
363         for (const auto &priv: app.getPrivileges()) {
364             request.addPrivilege(priv);
365         }
366         Api::update(request);
367
368         app.checkSmackPrivileges({}, {PRIV_INTERNET});
369
370         // launch
371         {
372             ScopedAppLauncher appLaunch(app);
373             app.checkSmackPrivileges({PRIV_INTERNET}, {});
374         }
375
376         app.checkSmackPrivileges({PRIV_INTERNET}, {});
377     }
378     app.checkAfterUninstall();
379     app.checkSmackPrivileges({}, {PRIV_INTERNET});
380 }
381
382 RUNNER_CHILD_TEST(smack_privileges_120_policy_change_while_running)
383 {
384     TemporaryTestUser testUser("sm_test_120_user_name", GUM_USERTYPE_NORMAL, true);
385     testUser.create();
386
387     AppInstallHelperExt app("sm_test_sp_120_app", testUser.getUid());
388     app.addPrivileges({PRIV_INTERNET});
389     {
390         ScopedInstaller appInstall(app);
391         app.checkAfterInstall();
392
393         app.checkSmackPrivileges({}, {PRIV_INTERNET});
394
395         // launch
396         {
397             ScopedAppLauncher appLaunch(app);
398             app.checkSmackPrivileges({PRIV_INTERNET}, {});
399
400             // change policy
401             changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
402
403             app.checkSmackPrivileges({}, {PRIV_INTERNET});
404
405             // change policy
406             changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
407
408             app.checkSmackPrivileges({PRIV_INTERNET}, {});
409         }
410         app.checkSmackPrivileges({PRIV_INTERNET}, {});
411     }
412     app.checkAfterUninstall();
413     app.checkSmackPrivileges({}, {PRIV_INTERNET});
414 }
415
416 RUNNER_CHILD_TEST(smack_privileges_130_different_users_and_policies)
417 {
418     TemporaryTestUser testUser("sm_test_130_user_name", GUM_USERTYPE_NORMAL, true);
419     testUser.create();
420
421     AppInstallHelperExt app("sm_test_sp_130_app");
422     app.addPrivileges({PRIV_INTERNET});
423     {
424         // global install
425         ScopedInstaller appInstall(app);
426         app.checkAfterInstall();
427
428         app.checkSmackPrivileges({}, {PRIV_INTERNET});
429
430         // test user launch with denied policy
431         {
432             app.setUidGid(testUser.getUid());
433             changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
434             ScopedAppLauncher appLaunch(app);
435             app.checkSmackPrivileges({}, {PRIV_INTERNET});
436         }
437
438         app.checkSmackPrivileges({}, {PRIV_INTERNET});
439
440         // owner launch
441         {
442             app.setUidGid(OWNER_ID);
443             ScopedAppLauncher appLaunch(app);
444             app.checkSmackPrivileges({PRIV_INTERNET}, {});
445         }
446
447         app.checkSmackPrivileges({PRIV_INTERNET}, {});
448     }
449     app.checkAfterUninstall();
450     app.checkSmackPrivileges({}, {PRIV_INTERNET});
451 }
452
453 RUNNER_CHILD_TEST(smack_privileges_140_two_users_sequence)
454 {
455     TemporaryTestUser testUser("sm_test_140_user_name", GUM_USERTYPE_NORMAL, true);
456     testUser.create();
457
458     AppInstallHelperExt app("sm_test_sp_140_app");
459     app.addPrivileges({PRIV_INTERNET});
460     {
461         // global install
462         ScopedInstaller appInstall(app);
463         app.checkAfterInstall();
464         app.checkSmackPrivileges({}, {PRIV_INTERNET});
465         {
466             // owner launch -> allowed
467             app.setUidGid(OWNER_ID);
468             ScopedAppLauncher appLaunch1(app);
469             app.checkSmackPrivileges({PRIV_INTERNET}, {});
470             {
471                 // test user launch -> denied
472                 app.setUidGid(testUser.getUid());
473                 ScopedAppLauncher appLaunch2(app);
474                 app.checkSmackPrivileges({}, {PRIV_INTERNET});
475
476                 // owner launch -> denied
477                 app.setUidGid(OWNER_ID);
478                 ScopedAppLauncher appLaunch3(app);
479                 app.checkSmackPrivileges({}, {PRIV_INTERNET});
480             }
481             // test user launch -> still denied
482             app.setUidGid(testUser.getUid());
483             ScopedAppLauncher appLaunch4(app);
484             app.checkSmackPrivileges({}, {PRIV_INTERNET});
485         }
486
487         // test user launch -> allowed
488         app.setUidGid(testUser.getUid());
489         ScopedAppLauncher appLaunch5(app);
490         app.checkSmackPrivileges({PRIV_INTERNET}, {});
491     }
492     app.checkAfterUninstall();
493     app.checkSmackPrivileges({}, {PRIV_INTERNET});
494 }
495
496 RUNNER_CHILD_TEST(smack_privileges_150_independent_apps)
497 {
498     TemporaryTestUser testUser("sm_test_150_user_name", GUM_USERTYPE_NORMAL, true);
499     testUser.create();
500
501     AppInstallHelperExt app1("sm_test_sp_150_app1", testUser.getUid());
502     AppInstallHelperExt app2("sm_test_sp_150_app2", testUser.getUid());
503     app1.addPrivileges({PRIV_INTERNET});
504     {
505         ScopedInstaller appInstall1(app1);
506         ScopedInstaller appInstall2(app2);
507
508         app1.checkAfterInstall();
509         app2.checkAfterInstall();
510
511         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
512         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
513
514         // launch
515         {
516             ScopedAppLauncher appLaunch1(app1);
517             ScopedAppLauncher appLaunch2(app2);
518
519             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
520             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
521         }
522     }
523     app1.checkAfterUninstall();
524     app2.checkAfterUninstall();
525     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
526     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
527 }
528
529 RUNNER_CHILD_TEST(smack_privileges_160_nonhybrid_package)
530 {
531     TemporaryTestUser testUser("sm_test_160_user_name", GUM_USERTYPE_NORMAL, true);
532     testUser.create();
533
534     constexpr char pkgPrefix[] = "sm_test_sp_160_pkg";
535
536     AppInstallHelperExt app1("sm_test_sp_160_app1", pkgPrefix, testUser.getUid());
537     app1.addPrivileges({PRIV_INTERNET});
538
539     AppInstallHelperExt app2("sm_test_sp_160_app2", pkgPrefix, testUser.getUid());
540     app2.addPrivileges({PRIV_INTERNET});
541     {
542         ScopedInstaller appInstall1(app1);
543         ScopedInstaller appInstall2(app2);
544
545         app1.checkAfterInstall();
546         app2.checkAfterInstall();
547
548         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
549         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
550
551         // launch
552         {
553             ScopedAppLauncher appLaunch1(app1);
554             ScopedAppLauncher appLaunch2(app2);
555
556             // both have access in non-hybrid package
557             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
558             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
559
560             // change policy of single app
561             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
562
563             // both should lose the access
564             app1.checkSmackPrivileges({}, {PRIV_INTERNET});
565             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
566
567             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
568
569             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
570             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
571         }
572     }
573     app1.checkAfterUninstall();
574     app2.checkAfterUninstall();
575     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
576     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
577 }
578
579
580 RUNNER_CHILD_TEST(smack_privileges_170_hybrid_package)
581 {
582     TemporaryTestUser testUser("sm_test_170_user_name", GUM_USERTYPE_NORMAL, true);
583     testUser.create();
584
585     constexpr char pkgPrefix[] = "sm_test_sp_170_pkg";
586
587     AppInstallHelperExt app1("sm_test_sp_170_app1", pkgPrefix, testUser.getUid());
588     app1.addPrivileges({PRIV_INTERNET});
589     app1.setHybrid();
590
591     AppInstallHelperExt app2("sm_test_sp_170_app2", pkgPrefix, testUser.getUid());
592     app2.setHybrid();
593     {
594         ScopedInstaller appInstall1(app1);
595         ScopedInstaller appInstall2(app2);
596
597         app1.checkAfterInstall();
598         app2.checkAfterInstall();
599
600         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
601         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
602
603         // launch
604         {
605             ScopedAppLauncher appLaunch1(app1);
606             ScopedAppLauncher appLaunch2(app2);
607
608             // only one have access in a hybrid package
609             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
610             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
611
612             // change policy of single app
613             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
614
615             // both should have no access
616             app1.checkSmackPrivileges({}, {PRIV_INTERNET});
617             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
618
619             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
620
621             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
622             app2.checkSmackPrivileges({}, {PRIV_INTERNET});
623         }
624     }
625     app1.checkAfterUninstall();
626     app2.checkAfterUninstall();
627     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
628     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
629 }
630
631 RUNNER_CHILD_TEST(smack_privileges_180_hybrid_package_both_apps_privileged)
632 {
633     TemporaryTestUser testUser("sm_test_180_user_name", GUM_USERTYPE_NORMAL, true);
634     testUser.create();
635
636     constexpr char pkgPrefix[] = "sm_test_sp_180_pkg";
637
638     AppInstallHelperExt app1("sm_test_sp_180_app1", pkgPrefix, testUser.getUid());
639     app1.addPrivileges({PRIV_INTERNET});
640     app1.setHybrid();
641
642     AppInstallHelperExt app2("sm_test_sp_180_app2", pkgPrefix, testUser.getUid());
643     app2.addPrivileges({PRIV_INTERNET});
644     app2.setHybrid();
645     {
646         ScopedInstaller appInstall1(app1);
647         ScopedInstaller appInstall2(app2);
648
649         app1.checkAfterInstall();
650         app2.checkAfterInstall();
651
652         app1.checkSmackPrivileges({}, {PRIV_INTERNET});
653         app2.checkSmackPrivileges({}, {PRIV_INTERNET});
654
655         // launch
656         {
657             ScopedAppLauncher appLaunch1(app1);
658             ScopedAppLauncher appLaunch2(app2);
659
660             // only one have access in a hybrid package
661             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
662             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
663
664             // change policy of single app
665             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
666
667             // both should have no access
668             app1.checkSmackPrivileges({}, {PRIV_INTERNET});
669             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
670
671             changePolicy(app1, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
672
673             app1.checkSmackPrivileges({PRIV_INTERNET}, {});
674             app2.checkSmackPrivileges({PRIV_INTERNET}, {});
675         }
676     }
677     app1.checkAfterUninstall();
678     app2.checkAfterUninstall();
679     app1.checkSmackPrivileges({}, {PRIV_INTERNET});
680     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
681 }
682
683 // TODO custom smack privileges
Domain: Security / Uncategorized;