#include <sm_api.h>
#include <label_generator.h>
#include <cynara_test_client.h>
+#include <policy_configuration.h>
namespace {
constexpr char SMACK_RULES_PATH[] = "/sys/fs/smackfs/load2";
namespace SecurityManagerTest
{
-void AppInstallHelperExt::checkPrivileges(const PolicyConfiguration::PrivVector &allowedPrivs,
- const PolicyConfiguration::PrivVector &deniedPrivs) const
+void AppInstallHelperExt::checkPrivileges(const PrivilegeVector &allowedPrivs,
+ const PrivilegeVector &deniedPrivs) const
{
/* Privileges should be granted to all users if root installs app */
auto user = (m_uidGid == 0 ? ANY_USER_REPRESENTATION : std::to_string(m_uidGid));
int result;
for (auto &priv : allowedPrivs) {
- ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_ALLOWED);
+ ctc.check(smackLabel.c_str(), "", user, priv.getName().c_str(), CYNARA_API_ACCESS_ALLOWED);
Api::appHasPrivilege(m_appName, priv, m_uidGid, result);
RUNNER_ASSERT_MSG(result == 1,
}
for (auto &priv : deniedPrivs) {
- ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
+ ctc.check(smackLabel.c_str(), "", user, priv.getName().c_str(), CYNARA_API_ACCESS_DENIED);
Api::appHasPrivilege(m_appName, priv, m_uidGid, result);
RUNNER_ASSERT_MSG(result == 0,
}
}
-void AppInstallHelperExt::checkDeniedPrivileges(const PolicyConfiguration::PrivVector &deniedPrivs) const
+void AppInstallHelperExt::checkDeniedPrivileges(const PrivilegeVector &deniedPrivs) const
{
checkPrivileges({}, deniedPrivs);
}
-void AppInstallHelperExt::checkPrivilegeGroups(const PolicyConfiguration::PrivVector &allowedPrivs) const
+void AppInstallHelperExt::checkPrivilegeGroups(const PrivilegeVector &allowedPrivs) const
{
static PolicyConfiguration policy;
const auto allowed_groups = policy.privToGroup(allowedPrivs);
checkSmackAccesses(staticRules[m_isHybrid]);
- checkPrivileges(getPrivilegesNames(), {});
+ checkPrivileges(m_privileges, {});
}
void AppInstallHelperExt::checkAfterUninstall(bool removePkg) const
// there should be no hybrid rules regardless of the app type
checkHybridAppSmackRulesAterUninstall();
- checkDeniedPrivileges(getPrivilegesNames());
+ checkDeniedPrivileges(m_privileges);
}
void AppInstallHelperExt::checkSmackAccesses(std::vector<AccessRequest> rules, bool hasAccess) const