operator std::string() const { return m_name; }
+ bool operator==(const std::string& other) const { return m_name == other; }
+
private:
std::string m_name;
Type m_type;
/*
- * Copyright (c) 2014-2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
return m_isHybrid;
}
-void AppInstallHelper::addPrivileges(const std::vector<std::string> &privileges) {
- for (auto &p : privileges) {
- addPrivilege(Privilege(p));
- }
-}
-
-std::vector<std::string> AppInstallHelper::getPrivilegesNames() const {
- std::vector<std::string> privileges;
- for (auto &p : m_privileges) {
- privileges.push_back(p.getName());
- }
- return privileges;
-}
-
void AppInstallHelper::addPrivilege(Privilege privilege) {
m_privileges.push_back(std::move(privilege));
}
/*
- * Copyright (c) 2014-2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const TypePathsMap& getFilesMap() const;
// Privileges
- std::vector<std::string> getPrivilegesNames() const; // deprecated
- void addPrivileges(const std::vector<std::string> &privileges); // deprecated
void addPrivilege(Privilege privilege);
void addPrivileges(const PrivilegeVector &privileges);
const PrivilegeVector& getPrivileges() const;
#include <sm_api.h>
#include <label_generator.h>
#include <cynara_test_client.h>
+#include <policy_configuration.h>
namespace {
constexpr char SMACK_RULES_PATH[] = "/sys/fs/smackfs/load2";
namespace SecurityManagerTest
{
-void AppInstallHelperExt::checkPrivileges(const PolicyConfiguration::PrivVector &allowedPrivs,
- const PolicyConfiguration::PrivVector &deniedPrivs) const
+void AppInstallHelperExt::checkPrivileges(const PrivilegeVector &allowedPrivs,
+ const PrivilegeVector &deniedPrivs) const
{
/* Privileges should be granted to all users if root installs app */
auto user = (m_uidGid == 0 ? ANY_USER_REPRESENTATION : std::to_string(m_uidGid));
int result;
for (auto &priv : allowedPrivs) {
- ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_ALLOWED);
+ ctc.check(smackLabel.c_str(), "", user, priv.getName().c_str(), CYNARA_API_ACCESS_ALLOWED);
Api::appHasPrivilege(m_appName, priv, m_uidGid, result);
RUNNER_ASSERT_MSG(result == 1,
}
for (auto &priv : deniedPrivs) {
- ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
+ ctc.check(smackLabel.c_str(), "", user, priv.getName().c_str(), CYNARA_API_ACCESS_DENIED);
Api::appHasPrivilege(m_appName, priv, m_uidGid, result);
RUNNER_ASSERT_MSG(result == 0,
}
}
-void AppInstallHelperExt::checkDeniedPrivileges(const PolicyConfiguration::PrivVector &deniedPrivs) const
+void AppInstallHelperExt::checkDeniedPrivileges(const PrivilegeVector &deniedPrivs) const
{
checkPrivileges({}, deniedPrivs);
}
-void AppInstallHelperExt::checkPrivilegeGroups(const PolicyConfiguration::PrivVector &allowedPrivs) const
+void AppInstallHelperExt::checkPrivilegeGroups(const PrivilegeVector &allowedPrivs) const
{
static PolicyConfiguration policy;
const auto allowed_groups = policy.privToGroup(allowedPrivs);
checkSmackAccesses(staticRules[m_isHybrid]);
- checkPrivileges(getPrivilegesNames(), {});
+ checkPrivileges(m_privileges, {});
}
void AppInstallHelperExt::checkAfterUninstall(bool removePkg) const
// there should be no hybrid rules regardless of the app type
checkHybridAppSmackRulesAterUninstall();
- checkDeniedPrivileges(getPrivilegesNames());
+ checkDeniedPrivileges(m_privileges);
}
void AppInstallHelperExt::checkSmackAccesses(std::vector<AccessRequest> rules, bool hasAccess) const
#include <app_install_helper.h>
#include <template_parser.h>
-#include <policy_configuration.h>
+#include <app_def_privilege.h>
namespace SecurityManagerTest {
public:
using AppInstallHelper::AppInstallHelper;
- void checkPrivileges(const PolicyConfiguration::PrivVector &allowedPrivs,
- const PolicyConfiguration::PrivVector &deniedPrivs) const;
- void checkDeniedPrivileges(const PolicyConfiguration::PrivVector &deniedPrivs) const;
- void checkPrivilegeGroups(const PolicyConfiguration::PrivVector &allowedPrivs) const;
+ void checkPrivileges(const PrivilegeVector &allowedPrivs,
+ const PrivilegeVector &deniedPrivs) const;
+ void checkDeniedPrivileges(const PrivilegeVector &deniedPrivs) const;
+ void checkPrivilegeGroups(const PrivilegeVector &allowedPrivs) const;
void checkAfterInstall() const;
void checkAfterUninstall(bool removePkg = true) const;
return result;
}
-PolicyConfiguration::GroupVector PolicyConfiguration::privToGroup(const PolicyConfiguration::PrivVector &privVector) {
- GroupVector result;
- if (m_privGroupMap.empty())
- loadPrivGroupMap();
- for (auto &e : privVector) {
- auto it = m_privGroupMap.find(e);
- if (it == m_privGroupMap.end())
- continue;
- result.push_back(it->second);
- }
- return result;
-}
-
PolicyConfiguration::PrivVector PolicyConfiguration::getSystemdManagedPrivs()
{
PolicyConfiguration::PrivVector result;
gid_t groupToGid(const std::string &gname);
PrivGroupMap getPrivGroupMap();
PrivVector getSystemdManagedPrivs();
- GroupVector privToGroup(const PrivVector &privVector);
+
+ template <typename T>
+ GroupVector privToGroup(const T &privVector);
GidVector groupToGid(const GroupVector &groupVector);
static bool getIsAskuserEnabled();
std::map<UserType, UserDescription> m_userDescriptionMap;
};
+template <typename T>
+PolicyConfiguration::GroupVector PolicyConfiguration::privToGroup(const T &privVector) {
+ GroupVector result;
+ if (m_privGroupMap.empty())
+ loadPrivGroupMap();
+ for (auto &e : privVector) {
+ auto it = m_privGroupMap.find(e);
+ if (it == m_privGroupMap.end())
+ continue;
+ result.push_back(it->second);
+ }
+ return result;
+}
+
+
} // namespace SecurityManagerTest
#endif
#include <scoped_app_launcher.h>
#include <app_install_helper_ext.h>
#include <privilege_names.h>
+#include <app_def_privilege.h>
using namespace SecurityManagerTest;
using namespace PrivilegeNames;
RUNNER_TEST(security_manager_02_app_install_uninstall_full)
{
- const PolicyConfiguration::PrivVector defaultPrivs = {
+ const PrivilegeVector defaultPrivs = {
PRIV_INTERNAL_AUDIO,
PRIV_INTERNAL_DISPLAY,
PRIV_INTERNAL_VIDEO,
};
- const PolicyConfiguration::PrivVector allowedPrivs = {PRIV_CAMERA, PRIV_MEDIASTORAGE};
- const PolicyConfiguration::PrivVector someDeniedPrivs = {PRIV_INTERNET, PRIV_EXTERNALSTORAGE};
+ const PrivilegeVector allowedPrivs = {PRIV_CAMERA, PRIV_MEDIASTORAGE};
+ const PrivilegeVector someDeniedPrivs = {PRIV_INTERNET, PRIV_EXTERNALSTORAGE};
- PolicyConfiguration::PrivVector defaultAllowedPrivs = defaultPrivs;
+ PrivilegeVector defaultAllowedPrivs = defaultPrivs;
defaultAllowedPrivs.insert(defaultAllowedPrivs.end(), allowedPrivs.begin(), allowedPrivs.end());
AppInstallHelperExt app("sm_test_02");
RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
{
- const PolicyConfiguration::PrivVector allowedPrivs = {PRIV_BLUETOOTH, PRIV_POWER};
- const PolicyConfiguration::PrivVector someDeniedPrivs = {PRIV_DISPLAY, PRIV_NFC};
+ const PrivilegeVector allowedPrivs = {PRIV_BLUETOOTH, PRIV_POWER};
+ const PrivilegeVector someDeniedPrivs = {PRIV_DISPLAY, PRIV_NFC};
TemporaryTestUser testUser("sm_test_04a_user_name", GUM_USERTYPE_NORMAL);
testUser.create();
}
RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user) {
- const PolicyConfiguration::PrivVector allowedPrivs = {PRIV_INTERNET, PRIV_LED};
- const PolicyConfiguration::PrivVector someDeniedPrivs = {PRIV_LOCATION, PRIV_NOTIFICATION};
+ const PrivilegeVector allowedPrivs = {PRIV_INTERNET, PRIV_LED};
+ const PrivilegeVector someDeniedPrivs = {PRIV_LOCATION, PRIV_NOTIFICATION};
TemporaryTestUser testUser("sm_test_04b_user_name", GUM_USERTYPE_NORMAL);
testUser.create();
RUNNER_CHILD_TEST(security_manager_07a_user_add_app_install)
{
- const PolicyConfiguration::PrivVector allowedPrivs = {PRIV_INTERNET, PRIV_LED};
- const PolicyConfiguration::PrivVector someDeniedPrivs = {PRIV_LOCATION, PRIV_NOTIFICATION};
+ const PrivilegeVector allowedPrivs = {PRIV_INTERNET, PRIV_LED};
+ const PrivilegeVector someDeniedPrivs = {PRIV_LOCATION, PRIV_NOTIFICATION};
TemporaryTestUser testUser("sm_test_07a_user_name", GUM_USERTYPE_NORMAL);
testUser.create();
RUNNER_TEST(security_manager_08_user_double_add_double_remove)
{
- const PolicyConfiguration::PrivVector somePrivs = {PRIV_LED, PRIV_NOTIFICATION};
+ const PrivilegeVector somePrivs = {PRIV_LED, PRIV_NOTIFICATION};
// gumd
TemporaryTestUser testUser("sm_test_08_user_name", GUM_USERTYPE_NORMAL);
RUNNER_CHILD_TEST(security_manager_10_app_has_privilege)
{
- const PolicyConfiguration::PrivVector allowedPrivs = {PRIV_WIFIDIRECT, PRIV_TELEPHONY};
- const PolicyConfiguration::PrivVector someDeniedPrivs = {PRIV_VPNSERVICE, PRIV_NOTIFICATION};
+ const PrivilegeVector allowedPrivs = {PRIV_WIFIDIRECT, PRIV_TELEPHONY};
+ const PrivilegeVector someDeniedPrivs = {PRIV_VPNSERVICE, PRIV_NOTIFICATION};
AppInstallHelperExt app("sm_test_10");
app.addPrivileges(allowedPrivs);
RUNNER_CHILD_TEST(security_manager_21_security_manager_admin_deny_user_priv)
{
- const PolicyConfiguration::PrivVector adminRequiredPrivs = {
- PRIV_NOTEXIST,
- PRIV_INTERNAL_USERMANAGEMENT
- };
- const PolicyConfiguration::PrivVector manifestPrivs = {PRIV_INTERNET, PRIV_DATASHARING};
- const PolicyConfiguration::PrivVector allowedPrivsAfterChange = {PRIV_DATASHARING};
- const PolicyConfiguration::PrivVector deniedPrivsAfterChange = {PRIV_INTERNET};
+ const PrivilegeVector adminRequiredPrivs = {PRIV_NOTEXIST, PRIV_INTERNAL_USERMANAGEMENT};
+ const PrivilegeVector manifestPrivs = {PRIV_INTERNET, PRIV_DATASHARING};
+ const PrivilegeVector allowedPrivsAfterChange = {PRIV_DATASHARING};
+ const PrivilegeVector deniedPrivsAfterChange = {PRIV_INTERNET};
TemporaryTestUser adminUser("sm_test_21_admin_user_name", GUM_USERTYPE_ADMIN, false);
TemporaryTestUser normalUser("sm_test_21_normal_user_name", GUM_USERTYPE_NORMAL, false);
RUNNER_CHILD_TEST(security_manager_25g_local_user_set_install_type_local)
{
- const PolicyConfiguration::PrivVector allowedPrivs = {
- PRIV_VOLUME_SET,
- PRIV_SYSTEMMONITOR,
- PRIV_INTERNET
- };
- const PolicyConfiguration::PrivVector someDeniedPrivs = {
- PRIV_PUSH,
- PRIV_POWER,
- PRIV_NOTIFICATION,
- };
+ const PrivilegeVector allowedPrivs = {PRIV_VOLUME_SET, PRIV_SYSTEMMONITOR, PRIV_INTERNET};
+ const PrivilegeVector someDeniedPrivs = {PRIV_PUSH, PRIV_POWER, PRIV_NOTIFICATION};
TemporaryTestUser testUser("sm_test_25g_user_name", GUM_USERTYPE_NORMAL);
testUser.create();
TemporaryTestUser testUser("sm_test_26_user_name", GUM_USERTYPE_NORMAL);
testUser.create();
- const PolicyConfiguration::PrivVector allowedPrivs = {PRIV_WIFIDIRECT, PRIV_TELEPHONY};
+ const PrivilegeVector allowedPrivs = {PRIV_WIFIDIRECT, PRIV_TELEPHONY};
AppInstallHelperExt app1("sm_test_26_1", "sm_test_26", testUser.getUid());
app1.addPrivileges(allowedPrivs);
/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <tzplatform.h>
#include <app_install_helper.h>
#include <scoped_installer.h>
+#include <privilege_names.h>
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
using namespace SecurityManagerTest;
+using namespace PrivilegeNames;
RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
{
RUNNER_CHILD_TEST(app_defined_10_check_system_privileges)
{
const std::string providerAppId = "app_def_09_provider";
- const Privilege privilege("http://tizen.org/privilege/internet", Privilege::UNTRUSTED);
+ const Privilege privilege(PRIV_INTERNET, Privilege::UNTRUSTED);
InstallRequest requestInst;
requestInst.setAppId(providerAppId);
CynaraTestClient::Client cynara;
cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED);
-}
\ No newline at end of file
+}
/*
- * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
+#include <privilege_names.h>
+
+using namespace PrivilegeNames;
const PrivilegeVector TEST_PRIVACY_PRIVILEGES = {
- Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
- Privilege("http://tizen.org/privilege/account.read", Privilege::PRIVACY),
- Privilege("http://tizen.org/privilege/healthinfo", Privilege::PRIVACY) };
+ Privilege(PRIV_CALLHISTORY_READ, Privilege::PRIVACY),
+ Privilege(PRIV_ACCOUNT_READ, Privilege::PRIVACY),
+ Privilege(PRIV_HEALTHINFO, Privilege::PRIVACY) };
using namespace SecurityManagerTest;
#include <sm_policy_request.h>
#include <sm_user_request.h>
#include <temp_test_user.h>
+#include <privilege_names.h>
#include <security-manager.h>
using namespace SecurityManagerTest;
+using namespace PrivilegeNames;
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_NSS_PLUGIN)
// Removing one more privilege from policy (that has GID associated), which should not affect nss daemon groups
PolicyRequest policyRequest;
- PolicyEntry entry(
- SECURITY_MANAGER_ANY,
- std::to_string(static_cast<int>(testUser.getUid())),
- "http://tizen.org/privilege/camera");
+ PolicyEntry entry(SECURITY_MANAGER_ANY, testUser.getUidString(), PRIV_CAMERA);
entry.setMaxLevel(PolicyEntry::LEVEL_DENY);
policyRequest.addEntry(entry);
#include <sm_commons.h>
#include <memory.h>
#include <tests_common.h>
+#include <privilege_names.h>
using namespace SecurityManagerTest;
+using namespace PrivilegeNames;
namespace {
bool finish = false;
const std::string APP_TEST_USER = "app_test_user";
-const std::string EXTERNAL_STORAGE_PRIVILEGE = "http://tizen.org/privilege/externalstorage";
-const std::string MEDIA_STORAGE_PRIVILEGE = "http://tizen.org/privilege/mediastorage";
-
const std::string ACCESS_DENIED_DIR_PATH = "/usr/share/security-manager/dummy";
const std::string EXTERNAL_STORAGE_DIR_PATH = "/opt/media";
const std::string MEDIA_STORAGE_RW_DIR_PATH = "/opt/usr/media";
tmpUser.create();
AppInstallHelper app("app103", tmpUser.getUid());
- app.addPrivilege(EXTERNAL_STORAGE_PRIVILEGE);
- app.addPrivilege(MEDIA_STORAGE_PRIVILEGE);
+ app.addPrivileges({PRIV_EXTERNALSTORAGE, PRIV_MEDIASTORAGE});
ScopedInstaller appInstall(app);
SynchronizationPipe synchPipe;
RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
PolicyRequest policyRequest;
- PolicyEntry policyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), EXTERNAL_STORAGE_PRIVILEGE);
+ PolicyEntry policyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), PRIV_EXTERNALSTORAGE);
policyEntry.setLevel(PolicyEntry::LEVEL_DENY);
policyRequest.addEntry(policyEntry);
- policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), MEDIA_STORAGE_PRIVILEGE);
+ policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), PRIV_MEDIASTORAGE);
policyEntry.setLevel(PolicyEntry::LEVEL_DENY);
policyRequest.addEntry(policyEntry);
Api::sendPolicy(policyRequest);
result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RO_DIR_PATH, pid);
RUNNER_ASSERT_ERRNO_MSG(result == true, "path is not bound");
- policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), EXTERNAL_STORAGE_PRIVILEGE);
+ policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), PRIV_EXTERNALSTORAGE);
policyEntry.setLevel(PolicyEntry::LEVEL_ALLOW);
policyRequest.addEntry(policyEntry);
- policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), MEDIA_STORAGE_PRIVILEGE);
+ policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), PRIV_MEDIASTORAGE);
policyEntry.setLevel(PolicyEntry::LEVEL_ALLOW);
policyRequest.addEntry(policyEntry);
Api::sendPolicy(policyRequest);
for (int i = 0; i < nAppsMax; i++) {
apps.emplace_back(App{AppInstallHelper("app200_" + std::to_string(i), uid), 0});
auto &hlp = apps.back().hlp;
- for (const auto &p : { EXTERNAL_STORAGE_PRIVILEGE, MEDIA_STORAGE_PRIVILEGE,
- std::string("http://tizen.org/privilege/camera"),
- std::string("http://tizen.org/privilege/internet") })
- hlp.addPrivilege(p);
+ hlp.addPrivileges({PRIV_EXTERNALSTORAGE, PRIV_MEDIASTORAGE, PRIV_CAMERA, PRIV_INTERNET});
hlp.createSharedRODir();
appInstalls.emplace_back(ScopedInstaller(hlp));
}
/*
- * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <synchronization_pipe.h>
#include <temp_test_user.h>
#include <tests_common.h>
+#include <privilege_names.h>
+#include <app_def_privilege.h>
using namespace SecurityManagerTest;
+using namespace PrivilegeNames;
namespace {
struct UserInfo {
std::string userName;
};
// Privileges required for having permission to self/admin get/set policies.
-const std::string SELF_PRIVILEGE = "http://tizen.org/privilege/notexist";
-const std::string ADMIN_PRIVILEGE = "http://tizen.org/privilege/internal/usermanagement";
-
-typedef std::vector<std::string> Privileges;
-const std::vector<Privileges> TEST_PRIVILEGES = {
- {
- "http://tizen.org/privilege/internet",
- "http://tizen.org/privilege/display"
- },
- {
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/datasharing"
- },
- {
- "http://tizen.org/privilege/content.write",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email"
- },
- {
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email",
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/datasharing"
- },
- {
- "http://tizen.org/privilege/internet",
- "http://tizen.org/privilege/display",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email"
- }
+const std::string& SELF_PRIVILEGE = PRIV_NOTEXIST;
+const std::string& ADMIN_PRIVILEGE = PRIV_INTERNAL_USERMANAGEMENT;
+
+const std::vector<PrivilegeVector> TEST_PRIVILEGES = {
+ {PRIV_INTERNET, PRIV_DISPLAY},
+ {PRIV_TELEPHONY, PRIV_DATASHARING},
+ {PRIV_CONTENT_WRITE, PRIV_LED, PRIV_EMAIL},
+ {PRIV_LED, PRIV_EMAIL, PRIV_TELEPHONY, PRIV_DATASHARING},
+ {PRIV_INTERNET, PRIV_DISPLAY, PRIV_LED, PRIV_EMAIL}
};
const PrivilegeVector TEST_PRIVACY_PRIVILEGES[] = {
{
- Privilege("http://tizen.org/privilege/telephony"),
- Privilege("http://tizen.org/privilege/led"),
- Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
- Privilege("http://tizen.org/privilege/account.read", Privilege::PRIVACY),
- Privilege("http://tizen.org/privilege/healthinfo", Privilege::PRIVACY),
+ Privilege(PRIV_TELEPHONY),
+ Privilege(PRIV_LED),
+ Privilege(PRIV_CALLHISTORY_READ, Privilege::PRIVACY),
+ Privilege(PRIV_ACCOUNT_READ, Privilege::PRIVACY),
+ Privilege(PRIV_HEALTHINFO, Privilege::PRIVACY),
},
{
- Privilege("http://tizen.org/privilege/telephony"),
- Privilege("http://tizen.org/privilege/led"),
- Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
+ Privilege(PRIV_TELEPHONY),
+ Privilege(PRIV_LED),
+ Privilege(PRIV_CALLHISTORY_READ, Privilege::PRIVACY),
}
};
RUNNER_ASSERT_MSG(appIt != appIdToAIH.end(), "Policy returned unexpected app: " << app);
AppInstallHelper &aih = appIt->second;
- auto appPrivileges = aih.getPrivilegesNames();
+ auto& appPrivileges = aih.getPrivileges();
auto privIt = std::find(appPrivileges.begin(), appPrivileges.end(), privilege);
RUNNER_ASSERT_MSG(privIt != appPrivileges.end(),
"Unexpected privilege " << privilege << " for app " << app);
AppInstallHelper &aih = userAppIdToAIHIt->second;
auto privs = aih.getPrivileges();
- auto appPrivileges = aih.getPrivilegesNames();
+ auto& appPrivileges = aih.getPrivileges();
auto privIt = std::find(appPrivileges.begin(), appPrivileges.end(), privilege);
RUNNER_ASSERT_MSG(privIt != appPrivileges.end(),
"Unexpected privilege " << privilege << " for app " << app);
AppInstallHelper &aih = userAppIdToAIHIt->second;
auto privs = aih.getPrivileges();
- auto appPrivileges = aih.getPrivilegesNames();
+ auto& appPrivileges = aih.getPrivileges();
auto privIt = std::find(appPrivileges.begin(), appPrivileges.end(), privilege);
RUNNER_ASSERT_MSG(privIt != appPrivileges.end(),
"Unexpected privilege " << privilege << " for app " << app);
PolicyRequest setPolicyRequest;
std::vector<PolicyEntry> policyEntries;
- const std::string internetPriv = "http://tizen.org/privilege/internet";
- const std::string displayPriv = "http://tizen.org/privilege/display";
-
- PolicyEntry internetPolicyEntry(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, internetPriv);
+ PolicyEntry internetPolicyEntry(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, PRIV_INTERNET);
internetPolicyEntry.setMaxLevel(PolicyEntry::LEVEL_DENY);
setPolicyRequest.addEntry(internetPolicyEntry);
- PolicyEntry displayPolicyEntry(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, displayPriv);
+ PolicyEntry displayPolicyEntry(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, PRIV_DISPLAY);
displayPolicyEntry.setMaxLevel(PolicyEntry::LEVEL_DENY);
setPolicyRequest.addEntry(displayPolicyEntry);
RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin)
{
- const std::string updatePriv = "http://tizen.org/privilege/led";
+ const std::string& updatePriv = PRIV_LED;
TemporaryTestUser adminUser("sm_test_15_username", GUM_USERTYPE_ADMIN);
adminUser.create();
RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard)
{
- const std::string updatePriv = "http://tizen.org/privilege/led";
+ const std::string& updatePriv = PRIV_LED;
TemporaryTestUser adminUser("sm_test_15_username", GUM_USERTYPE_ADMIN);
adminUser.create();
RUNNER_CHILD_TEST(security_manager_15_privacy_manager_send_policy_update_for_self)
{
- const std::string updatePriv = "http://tizen.org/privilege/led";
+ const std::string& updatePriv = PRIV_LED;
TemporaryTestUser user("sm_test_15_username", GUM_USERTYPE_NORMAL);
user.create();
RUNNER_CHILD_TEST(security_manager_17a_privacy_manager_delete_policy_for_self)
{
- const std::string updatePriv = "http://tizen.org/privilege/led";
+ const std::string& updatePriv = PRIV_LED;
TemporaryTestUser user("sm_test_17a_username", GUM_USERTYPE_NORMAL);
user.create();
RUNNER_CHILD_TEST(security_manager_17b_privacy_manager_delete_policy_for_self)
{
- const std::string updatePriv = "http://tizen.org/privilege/led";
+ const std::string& updatePriv = PRIV_LED;
TemporaryTestUser user("sm_test_17b_username", GUM_USERTYPE_NORMAL);
user.create();
static void check_privileges_from_manifest(const AppInstallHelper &aih, char **privileges, size_t nPrivs)
{
- std::vector<std::string> aihPrivs = aih.getPrivilegesNames();
+ auto& aihPrivs = aih.getPrivileges();
RUNNER_ASSERT_MSG(nPrivs == aihPrivs.size(), "Expected privileges number: " << aihPrivs.size() << ", got " << nPrivs);
for (size_t i = 0; i < nPrivs; ++i) {
RUNNER_ASSERT_MSG(std::find(aihPrivs.begin(), aihPrivs.end(), std::string(privileges[i])) != aihPrivs.end(),
AppInstallHelper app("security_manager_24_fetch");
app.setInstallType(SM_APP_INSTALL_GLOBAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
char **privileges;
AppInstallHelper app("security_manager_25_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
char **privileges;
AppInstallHelper appGlobal("security_manager_26_fetch");
appGlobal.setInstallType(SM_APP_INSTALL_GLOBAL);
- appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
- appGlobal.addPrivilege(std::string("http://tizen.org/privielge/contacts.read"));
+ appGlobal.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE, PRIV_CONTACTS_READ});
ScopedInstaller appGlobalInstall(appGlobal);
AppInstallHelper appLocal("security_manager_26_fetch", user.getUid());
appLocal.setInstallType(SM_APP_INSTALL_LOCAL);
- appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ appLocal.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appLocalInstall(appLocal);
AppInstallHelper app("security_manager_27_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
pid_t pid = fork();
AppInstallHelper app("security_manager_28_fetch");
app.setInstallType(SM_APP_INSTALL_GLOBAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
pid_t pid = fork();
AppInstallHelper app("security_manager_29_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
AppInstallHelper app1("security_manager_29_fetch", user1.getUid());
app1.setInstallType(SM_APP_INSTALL_LOCAL);
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
+ app1.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE, PRIV_CONTACTS_READ});
ScopedInstaller appInstall1(app1);
AppInstallHelper app("security_manager_30_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
AppInstallHelper app1("security_manager_30_fetch_1", user.getUid());
app1.setInstallType(SM_APP_INSTALL_LOCAL);
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
+ app1.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE, PRIV_CONTACTS_READ});
ScopedInstaller appInstall1(app1);
AppInstallHelper app("security_manager_31_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app.addPrivileges({PRIV_CALENDAR_READ, PRIV_CALENDAR_WRITE});
ScopedInstaller appInstall(app);
AppInstallHelper app1("security_manager_31_fetch_1", user.getUid());
app1.setInstallType(SM_APP_INSTALL_LOCAL);
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
- app1.addPrivilege(std::string("http://tizen.org/privilege/internal/usermanagement"));
+ app1.addPrivileges({PRIV_CALENDAR_READ,
+ PRIV_CALENDAR_WRITE,
+ PRIV_CONTACTS_READ,
+ PRIV_INTERNAL_USERMANAGEMENT});
ScopedInstaller appInstall1(app1);
projects / platform / core / test / security-tests.git / commitdiff