#include <dpl/test/test_runner.h>
#include <memory.h>
#include <passwd_access.h>
+#include <policy_configuration.h>
+#include <privilege_info.h>
#include <scoped_label.h>
+#include <scoped_installer.h>
#include <sm_api.h>
#include <sm_commons.h>
#include <sm_policy_request.h>
RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size());
}
}
+
+RUNNER_CHILD_TEST(security_manager_18_privacy_manager_privacy_related_privileges_policy_install_remove)
+{
+ TemporaryTestUser user("sm_test_18_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper helper("sm_test_18",
+ user.getUid());
+ helper.addPrivileges({
+ "http://tizen.org/privilege/telephony",
+ "http://tizen.org/privilege/led",
+ "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here
+ "http://tizen.org/privilege/account.read",
+ "http://tizen.org/privilege/healthinfo"
+ });
+
+ PolicyEntry filter (helper.getAppId(), user.getUidString(), SECURITY_MANAGER_ANY);
+ std::vector<PolicyEntry> policyEntries;
+
+ {
+ ScopedInstaller installer(helper);
+ unsigned int privacyNum = 0;
+ for (auto &priv : helper.getPrivileges()) {
+ if (1 == privilege_info_is_privacy(priv.c_str()))
+ ++privacyNum;
+ };
+
+ Api::getPolicy(filter, policyEntries);
+
+ RUNNER_ASSERT_MSG(policyEntries.size() == helper.getPrivileges().size(),
+ "Number of policy entries doesn't match; should be " << helper.getPrivileges().size() << " but is " << policyEntries.size());
+
+ if (PolicyConfiguration::getIsAskuserEnabled() ) {
+ unsigned int privacyActNum = 0;
+ for (auto &entry : policyEntries)
+ if (1 == privilege_info_is_privacy(entry.getPrivilege().c_str())) {
+ RUNNER_ASSERT_MSG(entry.getCurrentLevel() == "Ask user", "Invalid policy setup; policy should be \"Ask user\" but is " << entry.getCurrentLevel());
+ ++privacyActNum;
+ }
+ RUNNER_ASSERT_MSG(privacyActNum == privacyNum, "Should be " << privacyNum << " privacy privileges, but is " << privacyActNum);
+ }
+ }
+
+ policyEntries.clear();
+
+ Api::getPolicy(filter, policyEntries);
+
+ RUNNER_ASSERT_MSG(policyEntries.size() == 0, "After deinstallation, policy entries size should be 0, but is: " << policyEntries.size());
+}
+
+RUNNER_CHILD_TEST(security_manager_19_privacy_manager_privacy_related_privileges_policy_hybrid)
+{
+ TemporaryTestUser user("sm_test_19_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper helper1("sm_test_19_app_id_1",
+ "sm_test_19_pkg_id",
+ true,
+ user.getUid(),
+ "3.0",
+ true); // hybrid package
+
+ helper1.addPrivileges({
+ "http://tizen.org/privilege/telephony",
+ "http://tizen.org/privilege/led",
+ "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here
+ "http://tizen.org/privilege/account.read",
+ "http://tizen.org/privilege/healthinfo"
+ });
+
+ AppInstallHelper helper2("sm_test_19_app_id_2",
+ "sm_test_19_pkg_id",
+ true,
+ user.getUid(),
+ "3.0",
+ true); // hybrid package
+
+ helper2.addPrivileges({
+ "http://tizen.org/privilege/telephony",
+ "http://tizen.org/privilege/led",
+ "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here
+ });
+
+ std::vector<PolicyEntry> policyEntries;
+
+ PolicyEntry filter(SECURITY_MANAGER_ANY, user.getUidString(), SECURITY_MANAGER_ANY);
+ {
+ ScopedInstaller installer1(helper1);
+ ScopedInstaller installer2(helper2);
+
+ unsigned int privacyNum1 = 0, privacyNum2 = 0;
+
+ for (auto &priv : helper1.getPrivileges()) {
+ if (1 == privilege_info_is_privacy(priv.c_str()))
+ ++privacyNum1;
+ };
+
+ for (auto &priv : helper2.getPrivileges()) {
+ if (1 == privilege_info_is_privacy(priv.c_str()))
+ ++privacyNum2;
+ };
+
+ Api::getPolicy(filter, policyEntries);
+
+ if (PolicyConfiguration::getIsAskuserEnabled() ) {
+ unsigned int privacyAct1 = 0, privacyAct2 = 0;
+ for (auto &entry : policyEntries) {
+ RUNNER_ASSERT_MSG(entry.getAppId() == helper1.getAppId() || entry.getAppId() == helper2.getAppId(),
+ "Invalid appId: should be either " << helper1.getAppId() << " or " << helper2.getAppId() << " but is " << entry.getAppId());
+ if (1 == privilege_info_is_privacy(entry.getPrivilege().c_str())) {
+ RUNNER_ASSERT_MSG(entry.getCurrentLevel() == "Ask user",
+ "Invalid policy setup; policy should be \"Ask user\" but is " << entry.getCurrentLevel());
+ if (entry.getAppId() == helper1.getAppId())
+ ++privacyAct1;
+ else
+ ++privacyAct2;
+ }
+ }
+ RUNNER_ASSERT_MSG(privacyNum1 == privacyAct1, "Should be " << privacyNum1 << " privacy privileges, but is " << privacyAct1);
+ RUNNER_ASSERT_MSG(privacyNum2 == privacyAct2, "Should be " << privacyNum2 << " privacy privileges, but is " << privacyAct2);
+ }
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_20_privacy_manager_privacy_related_privielges_policy_admin_check)
+{
+ TemporaryTestUser user("sm_test_20_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper helper("sm_test_20",
+ user.getUid());
+
+ helper.addPrivileges({
+ "http://tizen.org/privilege/telephony",
+ "http://tizen.org/privilege/led",
+ "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here
+ "http://tizen.org/privilege/account.read",
+ "http://tizen.org/privilege/healthinfo"
+ });
+
+ ScopedInstaller installer(helper);
+
+ if (PolicyConfiguration::getIsAskuserEnabled() ) {
+ CynaraTestAdmin::Admin admin;
+ int policyType = 0;
+ admin.getPolicyTypeForDescription("Ask user", policyType);
+ for (auto &priv : helper.getPrivileges()) {
+ if (1 == privilege_info_is_privacy(priv.c_str())) {
+ admin.adminCheck("", true, helper.generateAppLabel().c_str(), user.getUidString().c_str(), priv.c_str(), policyType, nullptr);
+ }
+ }
+ }
+}
projects / platform / core / test / security-tests.git / blobdiff