check_path(sharedRODir, getSharedROPathLabel());
}
-RUNNER_TEST(security_manager_02_app_install_uninstall_full)
+RUNNER_CHILD_TEST(security_manager_02_app_install_uninstall_full)
{
const PrivilegeVector defaultPrivs = {
PRIV_INTERNAL_AUDIO,
app.checkAfterInstall();
app.checkDeniedPrivileges(someDeniedPrivs);
- app.checkPrivilegeGroups(defaultAllowedPrivs);
+ {
+ ScopedAppLauncher launcher(app, [&]{ app.checkGroupPrivileges(defaultAllowedPrivs); });
+ }
check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
app.checkAfterUninstall();
}
+RUNNER_CHILD_TEST(security_manager_02a_set_process_groups)
+{
+ const PrivilegeVector defaultPrivs = {
+ PRIV_INTERNAL_AUDIO,
+ PRIV_INTERNAL_DISPLAY,
+ PRIV_INTERNAL_VIDEO,
+ };
+ const PrivilegeVector allowedPrivs = {PRIV_CAMERA, PRIV_MEDIASTORAGE};
+
+ auto defaultAllowedPrivs = defaultPrivs;
+ defaultAllowedPrivs.insert(defaultAllowedPrivs.end(), allowedPrivs.begin(), allowedPrivs.end());
+
+ AppInstallHelperExt app("sm_test_02a");
+ app.addPrivileges(allowedPrivs);
+ {
+ ScopedInstaller appInstall(app);
+
+ app.checkAfterInstall();
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid != 0) {
+ waitPid(pid);
+ } else {
+ Api::setProcessGroups(app.getAppId());
+ app.checkGroupPrivileges(defaultAllowedPrivs);
+ exit(0);
+ }
+ }
+ app.checkAfterUninstall();
+}
+
RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
{
std::string expectedSockLabel = "labelExpectedOnlyFromSocket";