Merge branch 'tizen' into security-manager

author Pawel Wieczorek <p.wieczorek2@samsung.com>

Wed, 22 Apr 2015 15:01:20 +0000 (17:01 +0200)

committer Pawel Wieczorek <p.wieczorek2@samsung.com>

Wed, 22 Apr 2015 15:24:59 +0000 (08:24 -0700)
author Pawel Wieczorek <p.wieczorek2@samsung.com>
Wed, 22 Apr 2015 15:01:20 +0000 (17:01 +0200)
committer Pawel Wieczorek <p.wieczorek2@samsung.com>
Wed, 22 Apr 2015 15:24:59 +0000 (08:24 -0700)
diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec

index d664c17..a3d222e 100644 (file)
--- a/packaging/security-tests.spec
+++ b/packaging/security-tests.spec
@@ -26,9 +26,7 @@ BuildRequires: cynara-devel
  BuildRequires: pkgconfig(libtzplatform-config)
  BuildRequires: boost-devel
  BuildRequires: pkgconfig(vconf)
-Requires(post): gum-utils
-Requires(postun): gum-utils
-Requires(postun): %{_bindir}/id
+BuildRequires: pkgconfig(libgum) >= 1.0.5
  Requires: perf
  Requires: gdb
  Requires: key-manager-listener
@@ -51,8 +49,7 @@ cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \
          -DSECURITY_MDFPP_STATE_ENABLE=1 \
  %endif
          -DCMAKE_VERBOSE_MAKEFILE=ON       \
-        -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \
-        -DAPP_USER=security-tests-app
+        -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db
  make %{?jobs:-j%jobs}
  
  %install
@@ -60,10 +57,8 @@ make %{?jobs:-j%jobs}
  ln -sf /etc/smack/test_smack_rules %{buildroot}/etc/smack/test_smack_rules_lnk
  
  %post
-%{_bindir}/gum-utils --add-user --username=security-tests-app --usertype=normal --offline
-
  find /etc/smack/test_privilege_control_DIR/ -type f -name exec -exec chmod 0755 {} +
-find /usr/apps/test_DIR/ -type f -name exec -exec chmod 0755 {} +
+find /usr/apps/ -type f -name exec -exec chmod 0755 {} +
  
  # Load permissions templates
  api_feature_loader --verbose
@@ -76,9 +71,6 @@ api_feature_loader --verbose
  
  echo "security-tests postinst done ..."
  
-%postun
-%{_bindir}/gum-utils --delete-user --uid=`%{_bindir}/id -u security-tests-app` --offline
-
  %files
  %manifest %{name}.manifest
  %defattr(-, root, root, -)
@@ -107,8 +99,7 @@ echo "security-tests postinst done ..."
  /etc/smack/test_smack_rules_lnk
  /usr/share/privilege-control/*
  /etc/smack/test_privilege_control_DIR/*
-/usr/apps/test_DIR/*
-/home/security-tests-app/test_DIR
+/usr/apps/*
  /usr/bin/test-app-efl
  /usr/bin/test-app-osp
  /usr/bin/test-app-wgt
diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt

index fcfc13f..994fee1 100644 (file)
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -1,10 +1,13 @@
  INCLUDE(FindPkgConfig)
+SET(COMMON_TARGET_TEST "tests-common")
  
  #dependencies
  PKG_CHECK_MODULES(COMMON_TARGET_DEP
      libsmack
      dbus-1
      sqlite3
+    libgum
+    glib-2.0
      REQUIRED
      )
  
@@ -24,6 +27,7 @@ SET(COMMON_TARGET_TEST_SOURCES
      ${PROJECT_SOURCE_DIR}/src/common/uds.cpp
      ${PROJECT_SOURCE_DIR}/src/common/synchronization_pipe.cpp
      ${PROJECT_SOURCE_DIR}/src/common/timeout.cpp
+    ${PROJECT_SOURCE_DIR}/src/common/temp_test_user.cpp
      )
  
  #system and local includes
diff --git a/src/common/temp_test_user.cpp b/src/common/temp_test_user.cpp

new file mode 100644 (file)

index 0000000..f6aa6c1
--- /dev/null
+++ b/src/common/temp_test_user.cpp
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+*/
+
+/*
+ * @file        temp_test_user.cpp
+ * @author      Jan Cybulski (j.cybulski@partner.samsung.com)
+ * @version     1.0
+ * @brief       File with class for users management
+ */
+
+
+#include <temp_test_user.h>
+#include <glib-object.h>
+#include <dpl/test/test_runner.h>
+
+void TemporaryTestUser::create(void)
+{
+    if (m_guser) {
+        remove();
+    };
+
+    m_guser = gum_user_create_sync (m_offline);
+    RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object");
+    g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL);
+    g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL);
+    gboolean added = gum_user_add_sync(m_guser);
+    RUNNER_ASSERT_MSG(added, "Failed to add user");
+    g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL);
+    RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0.");
+    g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL);
+    RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0.");
+}
+
+void TemporaryTestUser::remove(void)
+{
+    if(m_guser){
+        gum_user_delete_sync(m_guser, TRUE);
+        g_object_unref(m_guser);
+        m_guser = nullptr;
+    }
+}
+
+TemporaryTestUser::~TemporaryTestUser()
+{
+    this->remove();
+}
diff --git a/src/common/temp_test_user.h b/src/common/temp_test_user.h

new file mode 100644 (file)

index 0000000..120b21b
--- /dev/null
+++ b/src/common/temp_test_user.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+*/
+
+#ifndef TEMP_TEST_USER_H
+#define TEMP_TEST_USER_H
+
+#include <string>
+#include <sys/types.h>
+#include <gum-user.h>
+#include <common/gum-user-types.h>
+
+class TemporaryTestUser {
+public:
+    TemporaryTestUser() = delete;
+    TemporaryTestUser(std::string userName, GumUserType userType, bool offline) :
+            m_uid(0),
+            m_gid(0),
+            m_userName(userName),
+            m_userType(userType),
+            m_guser(nullptr),
+            m_offline(offline)
+            {};
+    ~TemporaryTestUser();
+    void remove(void);
+    uid_t getUid() const {return m_uid;}
+    uid_t getGid() const {return m_gid;}
+    void create(void);
+    void getUidString(std::string& uidstr) const {uidstr =  std::to_string(static_cast<unsigned int>(m_uid));}
+    const std::string& getUserName() const {return m_userName;}
+    GumUserType getUserType() const {return m_userType;}
+private:
+    uid_t m_uid;
+    uid_t m_gid;
+    std::string m_userName;
+    GumUserType m_userType;
+    GumUser *m_guser;
+    bool m_offline;
+};
+
+#endif
diff --git a/src/common/tests_common.cpp b/src/common/tests_common.cpp

index 3095243..2332abb 100644 (file)
--- a/src/common/tests_common.cpp
+++ b/src/common/tests_common.cpp
@@ -22,6 +22,7 @@
   */
  
  #include "tests_common.h"
+#include <fcntl.h>
  #include <sys/mman.h>
  #include <sys/stat.h>
  #include <sys/types.h>
@@ -173,3 +174,63 @@ int files_compare(int fd1, int fd2)
  
      return result;
  }
+
+void mkdirSafe(const std::string &path, mode_t mode)
+{
+    RUNNER_ASSERT_ERRNO_MSG(0 == mkdir(path.c_str(), mode) || errno == EEXIST,
+                            "mkdir for <" << path << "> with mode <" << mode << "> failed");
+}
+
+void mktreeSafe(const std::string &path, mode_t mode)
+{
+    // Create subsequent parent directories
+    // Assume that path is absolute - i.e. starts with '/'
+    for (size_t pos = 0; (pos = path.find("/", pos + 1)) != std::string::npos; )
+        mkdirSafe(path.substr(0, pos).c_str(), mode);
+
+    mkdirSafe(path, mode);
+}
+
+void creatSafe(const std::string &path, mode_t mode)
+{
+    RUNNER_ASSERT_ERRNO_MSG(-1 != creat(path.c_str(), mode),
+                            "creat for <" << path << "> with mode <" << mode << "> failed");
+}
+
+void symlinkSafe(const std::string &targetPath, const std::string &linkPath)
+{
+    RUNNER_ASSERT_ERRNO_MSG(0 == symlink(targetPath.c_str(), linkPath.c_str()),
+                            "symlink for <" << linkPath << "> to <" << targetPath << "> failed");
+}
+
+void removeDir(const std::string &path)
+{
+    DIR *d = opendir(path.c_str());
+
+    if (nullptr == d) {
+        RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "opendir of <" << path << "> failed");
+        return;
+    }
+
+    struct dirent *dirEntry;
+    while (nullptr != (dirEntry = readdir(d))) {
+        std::string entryName(dirEntry->d_name);
+        if (entryName == "." || entryName == "..")
+            continue;
+
+        std::string entryPath(path + "/" + entryName);
+        struct stat st;
+
+        RUNNER_ASSERT_ERRNO_MSG(0 == lstat(entryPath.c_str(), &st),
+                                "stat for <" << entryPath << "> failed");
+        if (S_ISDIR(st.st_mode))
+            removeDir(entryPath);
+        else
+            RUNNER_ASSERT_ERRNO_MSG(0 == unlink(entryPath.c_str()),
+                                    "unlink for <" << entryPath << "> failed");
+    }
+
+    closedir(d);
+
+    RUNNER_ASSERT_ERRNO_MSG(0 == rmdir(path.c_str()), "rmdir for <" << path << "> failed");
+}
diff --git a/src/common/tests_common.h b/src/common/tests_common.h

index 2fb249b..ac398f0 100644 (file)
--- a/src/common/tests_common.h
+++ b/src/common/tests_common.h
@@ -47,6 +47,11 @@ void add_process_group(const char* group_name);
  void remove_process_group(const char* group_name);
  std::string formatCstr(const char *cstr);
  int files_compare(int fd1, int fd2);
+void mkdirSafe(const std::string &path, mode_t mode);
+void mktreeSafe(const std::string &path, mode_t mode);
+void creatSafe(const std::string &path, mode_t mode);
+void symlinkSafe(const std::string &targetPath, const std::string &linkPath);
+void removeDir(const std::string &path);
  
  #define RUNNER_TEST_SMACK(Proc)                                                     \
      void Proc();                                                                    \
diff --git a/src/security-manager-tests/CMakeLists.txt b/src/security-manager-tests/CMakeLists.txt

index 4a0f954..7f1d234 100644 (file)
--- a/src/security-manager-tests/CMakeLists.txt
+++ b/src/security-manager-tests/CMakeLists.txt
@@ -25,18 +25,27 @@ PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP
      libsmack
      libprivilege-control
      cynara-client
+    cynara-admin
      security-manager
      libtzplatform-config
      sqlite3
-    libcap)
+    libcap
+    dbus-1
+    libgum)
  
  
  SET(TARGET_SEC_MGR_TESTS "security-manager-tests")
  
  SET(SEC_MGR_SOURCES
      ${PROJECT_SOURCE_DIR}/src/security-manager-tests/security_manager_tests.cpp
+    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_api.cpp
      ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_db.cpp
+    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_request.cpp
+    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_user_request.cpp
+    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_policy_request.cpp
      ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
+    ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp
+    ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
      ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
     )
  
@@ -52,25 +61,24 @@ INCLUDE_DIRECTORIES(
      ${PROJECT_SOURCE_DIR}/src/common/
      ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/
      ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/
+    ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
      ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
     )
  
+FIND_PACKAGE(Threads)
+
  ADD_EXECUTABLE(${TARGET_SEC_MGR_TESTS} ${SEC_MGR_SOURCES})
  
  TARGET_LINK_LIBRARIES(${TARGET_SEC_MGR_TESTS}
      ${SEC_MGR_TESTS_DEP_LIBRARIES}
      dpl-test-framework
      tests-common
+    ${CMAKE_THREAD_LIBS_INIT}
      )
  
  INSTALL(TARGETS ${TARGET_SEC_MGR_TESTS} DESTINATION /usr/bin)
  
  INSTALL(DIRECTORY
-    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_DIR
+    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/apps_rw/
      DESTINATION /usr/apps/
  )
-
-INSTALL(DIRECTORY
-    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_DIR
-    DESTINATION /home/${APP_USER}/
-)
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/exec b/src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/exec

rename to src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/normal b/src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/normal

rename to src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/normal
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/exec b/src/security-manager-tests/apps_rw/app_dir/.level_1/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/exec

rename to src/security-manager-tests/apps_rw/app_dir/.level_1/exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/exec b/src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/exec

rename to src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/normal b/src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/normal

rename to src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_exec b/src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_exec

rename to src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_normal b/src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_normal

rename to src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_normal
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/normal b/src/security-manager-tests/apps_rw/app_dir/.level_1/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/normal

rename to src/security-manager-tests/apps_rw/app_dir/.level_1/normal
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/exec b/src/security-manager-tests/apps_rw/app_dir/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/exec

rename to src/security-manager-tests/apps_rw/app_dir/exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/exec b/src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/exec

rename to src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/normal b/src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/normal

rename to src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/normal
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/exec b/src/security-manager-tests/apps_rw/app_dir/level_1/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/exec

rename to src/security-manager-tests/apps_rw/app_dir/level_1/exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/exec b/src/security-manager-tests/apps_rw/app_dir/level_1/level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/exec

rename to src/security-manager-tests/apps_rw/app_dir/level_1/level_2/exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/link_to_exec b/src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/link_to_exec

rename to src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_non_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/link_to_non_exec

rename to src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_non_exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/normal b/src/security-manager-tests/apps_rw/app_dir/level_1/level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/normal

rename to src/security-manager-tests/apps_rw/app_dir/level_1/level_2/normal
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_exec b/src/security-manager-tests/apps_rw/app_dir/level_1/link_to_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_exec

rename to src/security-manager-tests/apps_rw/app_dir/level_1/link_to_exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir/level_1/link_to_non_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_non_exec

rename to src/security-manager-tests/apps_rw/app_dir/level_1/link_to_non_exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/normal b/src/security-manager-tests/apps_rw/app_dir/level_1/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/normal

rename to src/security-manager-tests/apps_rw/app_dir/level_1/normal
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/apps_rw/app_dir/link_to_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_exec

rename to src/security-manager-tests/apps_rw/app_dir/link_to_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_dir b/src/security-manager-tests/apps_rw/app_dir/link_to_non_app_dir

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_dir

rename to src/security-manager-tests/apps_rw/app_dir/link_to_non_app_dir
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_exec b/src/security-manager-tests/apps_rw/app_dir/link_to_non_app_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_exec

rename to src/security-manager-tests/apps_rw/app_dir/link_to_non_app_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_normal b/src/security-manager-tests/apps_rw/app_dir/link_to_non_app_normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_normal

rename to src/security-manager-tests/apps_rw/app_dir/link_to_non_app_normal
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir/link_to_non_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_non_exec

rename to src/security-manager-tests/apps_rw/app_dir/link_to_non_exec
diff --git a/src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/normal b/src/security-manager-tests/apps_rw/app_dir/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/normal

rename to src/security-manager-tests/apps_rw/app_dir/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/normal

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/normal

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/normal

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/normal

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_non_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_non_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/normal

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_non_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_non_exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_non_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/normal

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/link_to_non_app_dir b/src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_dir

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/link_to_non_app_dir

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_dir
diff --git a/src/security-manager-tests/test_DIR/app_dir/link_to_non_app_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/link_to_non_app_exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/link_to_non_app_normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/link_to_non_app_normal

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_normal
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_non_exec

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/normal b/src/security-manager-tests/apps_rw/app_dir_public_ro/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/normal

rename to src/security-manager-tests/apps_rw/app_dir_public_ro/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/level_2/exec b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/exec

rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/normal b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/normal

rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/exec b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/level_1/exec

rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/exec b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/exec

rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/normal b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/level_1/normal

rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/level_2/normal b/src/security-manager-tests/apps_rw/non_app_dir/.level_1/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/normal

rename to src/security-manager-tests/apps_rw/non_app_dir/.level_1/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir/exec b/src/security-manager-tests/apps_rw/non_app_dir/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/exec

rename to src/security-manager-tests/apps_rw/non_app_dir/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/exec

rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/normal b/src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/normal

rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/.level_1/exec

rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/exec

rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/link_to_exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/link_to_exec

rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/link_to_non_exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_non_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/link_to_non_exec

rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_non_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/normal b/src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/.level_1/normal

rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/link_to_exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/level_1/link_to_exec

rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/link_to_non_exec b/src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_non_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/level_1/link_to_non_exec

rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_non_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/normal b/src/security-manager-tests/apps_rw/non_app_dir/level_1/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/normal

rename to src/security-manager-tests/apps_rw/non_app_dir/level_1/normal
diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/apps_rw/non_app_dir/link_to_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_exec

rename to src/security-manager-tests/apps_rw/non_app_dir/link_to_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/apps_rw/non_app_dir/link_to_non_exec

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_non_exec

rename to src/security-manager-tests/apps_rw/non_app_dir/link_to_non_exec
diff --git a/src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/normal b/src/security-manager-tests/apps_rw/non_app_dir/normal

similarity index 100%

rename from src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/normal

rename to src/security-manager-tests/apps_rw/non_app_dir/normal
diff --git a/src/security-manager-tests/apps_rw/subdir/file b/src/security-manager-tests/apps_rw/subdir/file

new file mode 100644 (file)

index 0000000..e69de29
diff --git a/src/security-manager-tests/common/sm_api.cpp b/src/security-manager-tests/common/sm_api.cpp

new file mode 100644 (file)

index 0000000..12ede82
--- /dev/null
+++ b/src/security-manager-tests/common/sm_api.cpp
@@ -0,0 +1,182 @@
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include <sm_api.h>
+
+#include <dpl/test/test_runner.h>
+
+namespace SecurityManagerTest {
+
+namespace Api {
+
+void install(const InstallRequest &request, lib_retcode expectedResult)
+{
+    int result = security_manager_app_install(request.get());
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "installing app returned wrong value."
+                          << " InstallRequest: [ " << request << "];"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+}
+
+void uninstall(const InstallRequest &request, lib_retcode expectedResult)
+{
+    int result = security_manager_app_uninstall(request.get());
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "uninstalling app returned wrong value."
+                          << " InstallRequest: [ " << request << "];"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+}
+
+std::string getPkgId(const char *appId, lib_retcode expectedResult)
+{
+    char *pkgId = nullptr;
+    int result = security_manager_get_app_pkgid(&pkgId, appId);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "getting pkg id from app id returned wrong value."
+                          << " App id: " << appId << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+    if (expectedResult != SECURITY_MANAGER_SUCCESS)
+        return std::string();
+
+    RUNNER_ASSERT_MSG(pkgId != nullptr, "getting pkg id did not allocate memory");
+    std::string str(pkgId);
+    free(pkgId);
+    return str;
+}
+
+void setProcessLabel(const char *appId, lib_retcode expectedResult)
+{
+    int result = security_manager_set_process_label_from_appid(appId);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "setting process label from app id returned wrong value."
+                          << " App id: " << appId << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+}
+
+void setProcessGroups(const char *appId, lib_retcode expectedResult)
+{
+    int result = security_manager_set_process_groups_from_appid(appId);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "setting process groups from app id returned wrong value."
+                          << " App id: " << appId << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+}
+
+void dropProcessPrivileges(lib_retcode expectedResult)
+{
+    int result = security_manager_drop_process_privileges();
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "dropping process privileges returned wrong value."
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+}
+
+void prepareApp(const char *appId, lib_retcode expectedResult)
+{
+    int result = security_manager_prepare_app(appId);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "preparing app returned wrong value."
+                          << " App id: " << appId << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+}
+
+void addUser(const UserRequest &request, lib_retcode expectedResult)
+{
+    int result = security_manager_user_add(request.get());
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "adding user returned wrong value."
+                          << " UserRequest: [ " << request << "];"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+}
+
+void deleteUser(const UserRequest &request, lib_retcode expectedResult)
+{
+    int result = security_manager_user_delete(request.get());
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "deleting user returned wrong value."
+                          << " UserRequest: [ " << request << "];"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+}
+
+void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult)
+{
+    int result = security_manager_policy_update_send(request.get());
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                          "sending policy update for self returned wrong value."
+                          << " PolicyRequest: [ " << request << "];"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+}
+
+void getConfiguredPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult, bool forAdmin)
+{
+    policy_entry **pp_privs_policy = NULL;
+    size_t policy_size = 0;
+    int result;
+
+    if (forAdmin) {
+        result = security_manager_get_configured_policy_for_admin(filter.get(), &pp_privs_policy, &policy_size);
+    } else {
+        result = security_manager_get_configured_policy_for_self(filter.get(), &pp_privs_policy, &policy_size);
+    };
+
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "Unexpected result for filter: " << filter << std::endl
+                          << " Result: " << result << ";");
+
+    for (unsigned int i = 0; i < policy_size; ++i) {
+        PolicyEntry pe(*pp_privs_policy[i]);
+        policyEntries.push_back(pe);
+    };
+}
+
+void getPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
+{
+    policy_entry **pp_privs_policy = NULL;
+    size_t policy_size = 0;
+    int result;
+
+    result = security_manager_get_policy(filter.get(), &pp_privs_policy, &policy_size);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "Unexpected result" << std::endl
+                          << " Result: " << result << ";");
+    for (unsigned int i = 0; i < policy_size; ++i) {
+        PolicyEntry pe(*pp_privs_policy[i]);
+        policyEntries.push_back(pe);
+    };
+}
+
+void getPolicyForSelf(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
+{
+    getConfiguredPolicy(filter, policyEntries, expectedResult, false);
+}
+
+void getPolicyForAdmin(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
+{
+    getConfiguredPolicy(filter, policyEntries, expectedResult, true);
+}
+
+} // namespace Api
+
+} // namespace SecurityManagerTest
diff --git a/src/security-manager-tests/common/sm_api.h b/src/security-manager-tests/common/sm_api.h

new file mode 100644 (file)

index 0000000..8a99e32
--- /dev/null
+++ b/src/security-manager-tests/common/sm_api.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#ifndef SECURITY_MANAGER_TEST_API
+#define SECURITY_MANAGER_TEST_API
+
+#include <sm_request.h>
+#include <sm_user_request.h>
+#include <sm_policy_request.h>
+
+#include <security-manager.h>
+
+namespace SecurityManagerTest {
+
+namespace Api {
+
+void install(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void uninstall(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+std::string getPkgId(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void setProcessLabel(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void setProcessGroups(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void dropProcessPrivileges(lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void prepareApp(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void addUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void deleteUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void getPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void getPolicyForSelf(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void getPolicyForAdmin(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+} // namespace Api
+
+} // namespace SecurityManagerTest
+
+#endif // SECURITY_MANAGER_TEST_API
diff --git a/src/security-manager-tests/common/sm_db.cpp b/src/security-manager-tests/common/sm_db.cpp

index 2f420bf..8e3e562 100644 (file)
--- a/src/security-manager-tests/common/sm_db.cpp
+++ b/src/security-manager-tests/common/sm_db.cpp
@@ -187,15 +187,13 @@ void TestSecurityManagerDatabase::setup_privilege_groups(const std::string &priv
      if (!m_base.is_open())
          m_base.open();
  
-    sql << "INSERT OR IGNORE INTO privilege (name) VALUES ('" << privilege << "')";
-    m_base.execute(sql.str(), result);
-
      for (const auto &group : groups) {
          sql.clear();
          sql.str("");
-        sql << "INSERT OR IGNORE INTO privilege_group (privilege_id, name) "
-               "VALUES ((SELECT privilege_id FROM privilege WHERE name = '"
-                << privilege << "'), '" << group << "')";
+        sql << "INSERT INTO privilege_group_view (privilege_name, group_name) "
+               "VALUES ("
+                << "'" << privilege << "'" << ","
+                << "'" << group << "'" << ")";
          m_base.execute(sql.str(), result);
      }
  }
diff --git a/src/security-manager-tests/common/sm_policy_request.cpp b/src/security-manager-tests/common/sm_policy_request.cpp

new file mode 100644 (file)

index 0000000..043b8d1
--- /dev/null
+++ b/src/security-manager-tests/common/sm_policy_request.cpp
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include <sm_policy_request.h>
+
+#include <dpl/test/test_runner.h>
+
+namespace SecurityManagerTest {
+
+PolicyEntry::PolicyEntry()
+    : m_appId(true, std::string(SECURITY_MANAGER_ANY))
+    , m_user(true, std::string(SECURITY_MANAGER_ANY))
+    , m_privilege(true, std::string(SECURITY_MANAGER_ANY))
+    , m_currentLevel(false, std::string(""))
+    , m_maxLevel(false, std::string(""))
+{
+    int result = security_manager_policy_entry_new(&m_entry);
+    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+                      "creation of new policy entry failed. Result: " << result);
+    RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory");
+
+    security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str());
+    security_manager_policy_entry_set_user(m_entry, m_user.second.c_str());
+    security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str());
+}
+
+PolicyEntry::PolicyEntry(const std::string &appId, const std::string &user,
+        const std::string &privilege)
+    : m_appId(true, std::string(appId))
+    , m_user(true, std::string(user))
+    , m_privilege(true, std::string(privilege))
+    , m_currentLevel(false, std::string(""))
+    , m_maxLevel(false, std::string(""))
+{
+    int result = security_manager_policy_entry_new(&m_entry);
+    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+                      "creation of new policy entry failed. Result: " << result);
+    RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory");
+
+    security_manager_policy_entry_set_user(m_entry, m_user.second.c_str());
+    security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str());
+    security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str());
+}
+
+PolicyEntry::PolicyEntry(policy_entry &entry): m_entry(&entry)
+{
+    m_appId.first = true;
+    m_appId.second = std::string(security_manager_policy_entry_get_application(m_entry));
+
+    m_user.first = true;
+    m_user.second = std::string(security_manager_policy_entry_get_user(m_entry));
+
+    m_privilege.first = true;
+    m_privilege.second = std::string(security_manager_policy_entry_get_privilege(m_entry));
+
+    m_currentLevel.first = true;
+    m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry));
+
+    m_maxLevel.first = true;
+    m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry));
+};
+
+void PolicyEntry::setLevel(const std::string &level)
+{
+    m_currentLevel.first = true;
+    m_currentLevel.second = level;
+    security_manager_policy_entry_set_level(m_entry, level.c_str());
+    m_maxLevel.first = true;
+    m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry));
+};
+
+void PolicyEntry::setMaxLevel(const std::string &level)
+{
+    m_maxLevel.first = true;
+    m_maxLevel.second = level;
+    security_manager_policy_entry_admin_set_level(m_entry, level.c_str());
+    m_currentLevel.first = true;
+    m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry));
+};
+
+
+std::ostream& operator<<(std::ostream &os, const PolicyEntry &request)
+{
+    if (request.m_appId.first)
+            os << "appId: " << request.m_appId.second << "; ";
+
+    if (request.m_user.first)
+            os << "user: " << request.m_user.second << "; ";
+
+    if (request.m_privilege.first)
+            os << "privilege: " << request.m_privilege.second << "; ";
+
+    if (request.m_currentLevel.first)
+            os << "current: " << request.m_currentLevel.second << "; ";
+
+    if (request.m_maxLevel.first)
+            os << "max: " << request.m_maxLevel.second << "; ";
+
+    return os;
+}
+
+PolicyEntry::~PolicyEntry()
+{
+}
+
+void PolicyEntry::free(void)
+{
+    security_manager_policy_entry_free(m_entry);
+}
+
+
+PolicyRequest::PolicyRequest()
+    : m_req(nullptr),
+      m_entries()
+{
+    int result = security_manager_policy_update_req_new(&m_req);
+    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+                      "creation of new policy request failed. Result: " << result);
+    RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new policy request did not allocate memory");
+}
+
+PolicyRequest::~PolicyRequest()
+{
+    for(std::vector<PolicyEntry>::iterator it = m_entries.begin(); it != m_entries.end(); ++it) {
+        it->free();
+    }
+    security_manager_policy_update_req_free(m_req);
+}
+
+void PolicyRequest::addEntry(PolicyEntry &entry,
+        lib_retcode expectedResult)
+{
+    int result = 0;
+
+    result = security_manager_policy_update_req_add_entry(m_req, entry.get());
+
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                     "adding policy entry to request returned wrong value."
+                          << " entry: " << entry << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+
+    m_entries.push_back(entry);
+}
+
+std::ostream& operator<<(std::ostream &os, const PolicyRequest &request)
+{
+    if (request.m_entries.size() != 0)
+    {
+        os << "PolicyRequest m_entries size: " << request.m_entries.size() << "; ";
+
+        for(unsigned int i = 0; i != request.m_entries.size(); i++) {
+           os << "entry " << i << ": " << request.m_entries[i] << "; ";
+       }
+    }
+
+    return os;
+}
+
+} // namespace SecurityManagerTest
diff --git a/src/security-manager-tests/common/sm_policy_request.h b/src/security-manager-tests/common/sm_policy_request.h

new file mode 100644 (file)

index 0000000..bd31329
--- /dev/null
+++ b/src/security-manager-tests/common/sm_policy_request.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#ifndef SECURITY_MANAGER_TEST_POLICYREQUEST
+#define SECURITY_MANAGER_TEST_POLICYREQUEST
+
+#include <iostream>
+#include <sys/types.h>
+#include <utility>
+#include <vector>
+
+#include <security-manager.h>
+
+namespace SecurityManagerTest {
+
+class PolicyEntry
+{
+public:
+    PolicyEntry();
+
+    PolicyEntry(const std::string &appId,
+                const std::string &user,
+                const std::string &privilege
+                );
+    ~PolicyEntry();
+
+    PolicyEntry(policy_entry &entry);
+
+    policy_entry *get() const { return m_entry; }
+    std::string getUser() const         { return m_user.second; }
+    std::string getAppId() const        { return m_appId.second; }
+    std::string getPrivilege() const    { return m_privilege.second; }
+    std::string getCurrentLevel() const { return m_currentLevel.second; }
+    std::string getMaxLevel() const     { return m_maxLevel.second; }
+    void setLevel(const std::string &level);
+    void setMaxLevel(const std::string &level);
+    void free(void);
+
+    friend std::ostream& operator<<(std::ostream &, const PolicyEntry&);
+
+private:
+    policy_entry *m_entry;
+    std::pair<bool, std::string> m_appId;
+    std::pair<bool, std::string> m_user;
+    std::pair<bool, std::string> m_privilege;
+    std::pair<bool, std::string> m_currentLevel;
+    std::pair<bool, std::string> m_maxLevel;
+};
+
+std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyEntry &request);
+
+class PolicyRequest
+{
+public:
+    PolicyRequest();
+    PolicyRequest(const PolicyRequest&) = delete;
+    PolicyRequest& operator=(const PolicyRequest&) = delete;
+    ~PolicyRequest();
+
+    void addEntry(PolicyEntry &entry, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+
+    policy_update_req *get() const { return m_req; }
+    friend std::ostream& operator<<(std::ostream &, const PolicyRequest&);
+
+private:
+    policy_update_req *m_req;
+    std::vector<PolicyEntry> m_entries;
+};
+
+std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyRequest &request);
+
+} // namespace SecurityManagerTest
+
+#endif // SECURITY_MANAGER_TEST_USERREQUEST
diff --git a/src/security-manager-tests/common/sm_request.cpp b/src/security-manager-tests/common/sm_request.cpp

new file mode 100644 (file)

index 0000000..910bbfd
--- /dev/null
+++ b/src/security-manager-tests/common/sm_request.cpp
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include <sm_request.h>
+
+#include <dpl/test/test_runner.h>
+
+namespace SecurityManagerTest {
+
+InstallRequest::InstallRequest()
+    : m_req(nullptr)
+    , m_appId(nullptr)
+    , m_pkgId(nullptr)
+    , m_uid(false, 0)
+{
+    int result = security_manager_app_inst_req_new(&m_req);
+    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+                      "creation of new request failed. Result: " << result);
+    RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory");
+}
+
+InstallRequest::~InstallRequest()
+{
+    security_manager_app_inst_req_free(m_req);
+}
+
+void InstallRequest::setAppId(const char *appId, lib_retcode expectedResult)
+{
+    int result = security_manager_app_inst_req_set_app_id(m_req, appId);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "setting app id returned wrong value."
+                          << " App id: " << appId << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+    m_appId = appId;
+}
+
+void InstallRequest::setPkgId(const char *pkgId, lib_retcode expectedResult)
+{
+    int result = security_manager_app_inst_req_set_pkg_id(m_req, pkgId);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "setting pkg id returned wrong value."
+                          << " Pkg id: " << pkgId << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+    m_pkgId = pkgId;
+}
+
+void InstallRequest::addPrivilege(const char *privilege, lib_retcode expectedResult)
+{
+    int result = security_manager_app_inst_req_add_privilege(m_req, privilege);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "adding privilege returned wrong value."
+                          << " Privilege: " << privilege << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+    m_privileges.push_back(privilege);
+}
+
+void InstallRequest::addPath(const char *path, app_install_path_type pathType, lib_retcode expectedResult)
+{
+    int result = security_manager_app_inst_req_add_path(m_req, path, pathType);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "adding path returned wrong value."
+                          << " Path: " << path << ";"
+                          << " Path type: " << pathType << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+    m_paths.push_back(std::pair<std::string, app_install_path_type>(path, pathType));
+}
+
+void InstallRequest::setUid(const uid_t uid, lib_retcode expectedResult)
+{
+    int result = security_manager_app_inst_req_set_uid(m_req, uid);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "setting uid returned wrong value."
+                          << " Uid: " << uid << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+    m_uid.first = true;
+    m_uid.second = uid;
+}
+
+std::ostream& operator<<(std::ostream &os, const InstallRequest &request)
+{
+    if (request.m_appId != nullptr)
+        os << "app id: " << request.m_appId << "; ";
+    if (request.m_pkgId != nullptr)
+        os << "pkg id: " << request.m_pkgId << "; ";
+    if (!request.m_privileges.empty()) {
+        os << "privileges: [ " << request.m_privileges[0];
+        for (size_t i=1; i < request.m_privileges.size(); ++i) {
+            os << "; " << request.m_privileges[i];
+        }
+        os << " ]";
+    }
+    if (!request.m_paths.empty()) {
+        os << "paths: [ " << "< " << request.m_paths[0].first << "; "
+                                  << request.m_paths[0].second << " >";
+        for (size_t i=1; i < request.m_paths.size(); ++i) {
+            os << "; < " << request.m_paths[i].first << "; "
+                         << request.m_paths[i].second << " >";
+        }
+        os << " ]";
+    }
+    if (request.m_uid.first)
+        os << "uid: " << request.m_uid.second << "; ";
+    return os;
+}
+
+} // namespace SecurityManagerTest
diff --git a/src/security-manager-tests/common/sm_request.h b/src/security-manager-tests/common/sm_request.h

new file mode 100644 (file)

index 0000000..0bd0878
--- /dev/null
+++ b/src/security-manager-tests/common/sm_request.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#ifndef SECURITY_MANAGER_TEST_INSTALLREQUEST
+#define SECURITY_MANAGER_TEST_INSTALLREQUEST
+
+#include <iostream>
+#include <string>
+#include <sys/types.h>
+#include <utility>
+#include <vector>
+
+#include <security-manager.h>
+
+namespace SecurityManagerTest {
+
+class InstallRequest
+{
+public:
+    InstallRequest();
+    InstallRequest(const InstallRequest&) = delete;
+    InstallRequest& operator=(const InstallRequest&) = delete;
+    ~InstallRequest();
+
+    void setAppId(const char *appId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+    void setPkgId(const char *pkgId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+    void addPrivilege(const char *privilege, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+    void addPath(const char *path, app_install_path_type pathType,
+                 lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+    void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+
+    const app_inst_req *get() const { return m_req; }
+    friend std::ostream& operator<<(std::ostream &, const InstallRequest&);
+
+private:
+    app_inst_req *m_req;
+
+    const char *m_appId;
+    const char *m_pkgId;
+    std::vector<std::string> m_privileges;
+    std::vector<std::pair<std::string, app_install_path_type> > m_paths;
+    std::pair<bool, uid_t> m_uid;
+};
+
+std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::InstallRequest &request);
+
+} // namespace SecurityManagerTest
+
+#endif // SECURITY_MANAGER_TEST_INSTALLREQUEST
diff --git a/src/security-manager-tests/common/sm_user_request.cpp b/src/security-manager-tests/common/sm_user_request.cpp

new file mode 100644 (file)

index 0000000..4b176c3
--- /dev/null
+++ b/src/security-manager-tests/common/sm_user_request.cpp
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include <sm_user_request.h>
+
+#include <dpl/test/test_runner.h>
+
+namespace SecurityManagerTest {
+
+UserRequest::UserRequest()
+    : m_req(nullptr)
+    , m_uid(false, 0)
+    , m_utype(false, static_cast<security_manager_user_type>(0))
+{
+    int result = security_manager_user_req_new(&m_req);
+    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+                      "creation of new request failed. Result: " << result);
+    RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory");
+}
+
+UserRequest::~UserRequest()
+{
+    security_manager_user_req_free(m_req);
+}
+
+void UserRequest::setUid(const uid_t uid, lib_retcode expectedResult)
+{
+    int result = security_manager_user_req_set_uid(m_req, uid);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                     "setting uid returned wrong value."
+                          << " Uid: " << uid << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+    m_uid.first = true;
+    m_uid.second = uid;
+}
+
+void UserRequest::setUserType(const security_manager_user_type utype, lib_retcode expectedResult)
+{
+    int result = security_manager_user_req_set_user_type(m_req, utype);
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                     "setting user type returned wrong value."
+                          << " User type: " << utype << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+    m_utype.first = true;
+    m_utype.second = utype;
+}
+
+std::ostream& operator<<(std::ostream &os, const UserRequest &request)
+{
+    if (request.m_uid.first)
+        os << "uid: " << request.m_uid.second << "; ";
+
+    if (request.m_utype.first)
+        os << "utype: " << request.m_utype.second << "; ";
+
+    return os;
+}
+
+} // namespace SecurityManagerTest
diff --git a/src/security-manager-tests/common/sm_user_request.h b/src/security-manager-tests/common/sm_user_request.h

new file mode 100644 (file)

index 0000000..64da559
--- /dev/null
+++ b/src/security-manager-tests/common/sm_user_request.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#ifndef SECURITY_MANAGER_TEST_USERREQUEST
+#define SECURITY_MANAGER_TEST_USERREQUEST
+
+#include <iostream>
+#include <sys/types.h>
+#include <utility>
+
+#include <security-manager.h>
+
+namespace SecurityManagerTest {
+
+class UserRequest
+{
+public:
+    UserRequest();
+    UserRequest(const UserRequest&) = delete;
+    UserRequest& operator=(const UserRequest&) = delete;
+    ~UserRequest();
+
+    void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+    void setUserType(const security_manager_user_type utype,
+                     lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+
+    const user_req *get() const { return m_req; }
+    friend std::ostream& operator<<(std::ostream &, const UserRequest&);
+
+private:
+    user_req *m_req;
+
+    std::pair<bool, uid_t> m_uid;
+    std::pair<bool, security_manager_user_type> m_utype;
+};
+
+std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::UserRequest &request);
+
+} // namespace SecurityManagerTest
+
+#endif // SECURITY_MANAGER_TEST_USERREQUEST
diff --git a/src/security-manager-tests/security_manager_tests.cpp b/src/security-manager-tests/security_manager_tests.cpp

index 21f7081..27db73d 100644 (file)
--- a/src/security-manager-tests/security_manager_tests.cpp
+++ b/src/security-manager-tests/security_manager_tests.cpp
@@ -1,3 +1,4 @@
+#include <dpl/log/log.h>
  #include <dpl/test/test_runner.h>
  #include <fcntl.h>
  #include <stdio.h>
@@ -5,42 +6,51 @@
  #include <string>
  #include <unordered_set>
  #include <sys/capability.h>
+#include <semaphore.h>
  
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
  #include <sys/socket.h>
  #include <sys/un.h>
  #include <attr/xattr.h>
  #include <linux/xattr.h>
  
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
  #include <grp.h>
  #include <pwd.h>
  
  #include <libprivilege-control_test_common.h>
  #include <tests_common.h>
  
+#include <tzplatform_config.h>
  #include <security-manager.h>
+#include <sm_api.h>
  #include <sm_db.h>
+#include <sm_request.h>
+#include <sm_user_request.h>
+#include <temp_test_user.h>
  #include <cynara_test_client.h>
+#include <cynara_test_admin.h>
+#include <service_manager.h>
+#include <cynara_test_admin.h>
  
-DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
-DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
-
-static const char *const SM_APP_ID1 = "sm_test_app_id_double";
-static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
+using namespace SecurityManagerTest;
  
-static const char *const SM_APP_ID2 = "sm_test_app_id_full";
-static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
-
-static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
-static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
+DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
+DEFINE_SMARTPTR(tzplatform_context_destroy, tzplatform_context, TzPlatformContextPtr);
  
  static const privileges_t SM_ALLOWED_PRIVILEGES = {
-    "security_manager_test_rules2_r",
-    "security_manager_test_rules2_no_r"
+    "http://tizen.org/privilege/location",
+    "http://tizen.org/privilege/camera"
  };
  
  static const privileges_t SM_DENIED_PRIVILEGES  = {
-    "security_manager_test_rules1",
-    "security_manager_test_rules2"
+    "http://tizen.org/privilege/bluetooth",
+    "http://tizen.org/privilege/power"
  };
  
  static const privileges_t SM_NO_PRIVILEGES  = {
@@ -48,16 +58,68 @@ static const privileges_t SM_NO_PRIVILEGES  = {
  
  static const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
  
-static const char *const SM_PRIVATE_PATH = "/usr/apps/test_DIR/app_dir";
-static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro";
-static const char *const SM_DENIED_PATH = "/usr/apps/test_DIR/non_app_dir";
-static const char *const SM_PRIVATE_PATH_FOR_USER = "/home/" APP_USER "/test_DIR";
+static const char *const SM_RW_PATH = "/usr/apps/app_dir";
+static const char *const SM_RO_PATH = "/usr/apps/app_dir_public_ro";
+static const char *const SM_DENIED_PATH = "/usr/apps/non_app_dir";
+
  static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
+static const std::string EXEC_FILE("exec");
+static const std::string NORMAL_FILE("normal");
+static const std::string LINK_PREFIX("link_to_");
+
+static const std::string PRIVILEGE_MANAGER_APP = "privilege_manager";
+static const std::string PRIVILEGE_MANAGER_PKG = "privilege_manager";
+static const std::string PRIVILEGE_MANAGER_SELF_PRIVILEGE = "http://tizen.org/privilege/systemsettings";
+static const std::string PRIVILEGE_MANAGER_ADMIN_PRIVILEGE = "http://tizen.org/privilege/systemsettings.admin";
+
+static const std::vector<std::string> MANY_APPS = {
+    "security_manager_10_app_1",
+    "security_manager_10_app_2",
+    "security_manager_10_app_3",
+    "security_manager_10_app_4",
+    "security_manager_10_app_5"
+};
+
+static const std::map<std::string, std::string> MANY_APPS_PKGS = {
+    {"security_manager_10_app_1", "security_manager_10_pkg_1"},
+    {"security_manager_10_app_2", "security_manager_10_pkg_2"},
+    {"security_manager_10_app_3", "security_manager_10_pkg_3"},
+    {"security_manager_10_app_4", "security_manager_10_pkg_4"},
+    {"security_manager_10_app_5", "security_manager_10_pkg_5"},
+    {PRIVILEGE_MANAGER_APP, PRIVILEGE_MANAGER_PKG}
+};
+
+static const std::vector<privileges_t> MANY_APPS_PRIVILEGES = {
+    {
+        "http://tizen.org/privilege/internet",
+        "http://tizen.org/privilege/location"
+    },
+    {
+        "http://tizen.org/privilege/telephony",
+        "http://tizen.org/privilege/camera"
+    },
+    {
+        "http://tizen.org/privilege/contact.read",
+        "http://tizen.org/privilege/led",
+        "http://tizen.org/privilege/email"
+    },
+    {
+        "http://tizen.org/privilege/led",
+        "http://tizen.org/privilege/email",
+        "http://tizen.org/privilege/telephony",
+        "http://tizen.org/privilege/camera"
+    },
+    {
+        "http://tizen.org/privilege/internet",
+        "http://tizen.org/privilege/location",
+        "http://tizen.org/privilege/led",
+        "http://tizen.org/privilege/email"
+    }
+};
  
-static void generateAppLabel(const std::string &pkgId, std::string &label)
+static std::string generateAppLabel(const std::string &appId)
  {
-    (void) pkgId;
-    label = "User";
+    return "User::App::" + appId;
  }
  
  static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
@@ -106,41 +168,27 @@ static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb
      return 0;
  }
  
+// nftw doesn't allow passing user data to functions. Work around by using global variable
+static std::string nftw_expected_label;
+bool nftw_expected_transmute;
+bool nftw_expected_exec;
  
-static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
+static int nftw_check_sm_labels(const char *fpath, const struct stat *sb,
                                 int /*typeflag*/, struct FTW* /*ftwbuf*/)
  {
-    return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
-}
-
-static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
-                               int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
-
-    return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
-}
-
-static app_inst_req* do_app_inst_req_new()
-{
-    int result;
-    app_inst_req *req = nullptr;
-
-    result = security_manager_app_inst_req_new(&req);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "creation of new request failed. Result: " << result);
-    RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory");
-    return req;
+    return nftw_check_sm_labels_app_dir(fpath, sb,
+        nftw_expected_label.c_str(), nftw_expected_transmute, nftw_expected_exec);
  }
  
  static void prepare_app_path()
  {
      int result;
  
-    result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
-    RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
+    result = nftw(SM_RW_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+    RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RW_PATH);
  
-    result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
-    RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
+    result = nftw(SM_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+    RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RO_PATH);
  
      result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
      RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
@@ -151,16 +199,23 @@ static void prepare_app_env()
      prepare_app_path();
  }
  
-/* TODO: add parameters to this function */
-static void check_app_path_after_install()
+static void check_app_path_after_install(const char *appId)
  {
      int result;
  
-    result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
-    RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
+    nftw_expected_label = generateAppLabel(appId);
+    nftw_expected_transmute = false;
+    nftw_expected_exec = true;
+
+    result = nftw(SM_RW_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
+    RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH);
+
+    nftw_expected_label = "User::Home";
+    nftw_expected_transmute = true;
+    nftw_expected_exec = false;
  
-    result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
-    RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
+    result = nftw(SM_RO_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
+    RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH);
  
      result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
      RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
@@ -170,9 +225,8 @@ static void check_app_path_after_install()
  static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
                                    const privileges_t &allowed_privs, const privileges_t &denied_privs)
  {
-    (void) app_id;
-    std::string smackLabel;
-    generateAppLabel(pkg_id, smackLabel);
+    (void) pkg_id;
+    std::string smackLabel = generateAppLabel(app_id);
  
      CynaraTestClient::Client ctc;
  
@@ -195,10 +249,7 @@ static void check_app_gids(const char *const app_id, const std::vector<gid_t> &a
      ret = setgroups(0, NULL);
      RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
  
-    ret = security_manager_set_process_groups_from_appid(app_id);
-    RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS,
-            "security_manager_set_process_groups_from_appid(" <<
-            app_id << ") failed. Result: " << ret);
+    Api::setProcessGroups(app_id);
  
      ret = getgroups(0, nullptr);
      RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
@@ -270,166 +321,196 @@ static void check_app_after_uninstall(const char *const app_id, const char *cons
      dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
  }
  
-static void install_app(const char *app_id, const char *pkg_id)
+static void install_app(const char *app_id, const char *pkg_id, uid_t uid = 0)
  {
-    int result;
-    AppInstReqUniquePtr request;
-    request.reset(do_app_inst_req_new());
+    InstallRequest request;
+    request.setAppId(app_id);
+    request.setPkgId(pkg_id);
+    request.setUid(uid);
+    Api::install(request);
  
-    result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting app id failed. Result: " << result);
+    check_app_after_install(app_id, pkg_id);
  
-    result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting pkg id failed. Result: " << result);
+}
  
-    result = security_manager_app_install(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "installing app failed. Result: " << result);
+static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed)
+{
+    InstallRequest request;
+    request.setAppId(app_id);
  
-    check_app_after_install(app_id, pkg_id);
+    Api::uninstall(request);
  
+    check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
  }
  
-static void uninstall_app(const char *app_id, const char *pkg_id,
-        bool expect_installed, bool expect_pkg_removed)
+static inline void register_current_process_as_privilege_manager(uid_t uid, bool forAdmin = false)
  {
-    int result;
-    AppInstReqUniquePtr request;
-    request.reset(do_app_inst_req_new());
+    InstallRequest request;
+    request.setAppId(PRIVILEGE_MANAGER_APP.c_str());
+    request.setPkgId(PRIVILEGE_MANAGER_PKG.c_str());
+    request.setUid(uid);
+    request.addPrivilege(PRIVILEGE_MANAGER_SELF_PRIVILEGE.c_str());
+    if (forAdmin)
+        request.addPrivilege(PRIVILEGE_MANAGER_ADMIN_PRIVILEGE.c_str());
+    Api::install(request);
+    Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+};
  
-    result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-          "setting app id failed. Result: " << result);
+static inline struct passwd *getUserStruct(const std::string &userName) {
+    struct passwd *pw = nullptr;
+    errno = 0;
  
-    result = security_manager_app_uninstall(request.get());
-    RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-          "uninstalling app failed. Result: " << result);
+    while(!(pw = getpwnam(userName.c_str()))) {
+        RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
+    };
  
-    check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
-}
+    return pw;
+};
+
+static inline struct passwd *getUserStruct(const uid_t uid) {
+    struct passwd *pw = nullptr;
+    errno = 0;
  
+    while(!(pw = getpwuid(uid))) {
+        RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
+    };
+
+    return pw;
+};
  
  RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
  
  
-RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
+RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall)
  {
-    int result;
-    AppInstReqUniquePtr request;
+    const char *const sm_app_id = "sm_test_01a_app_id_double";
+    const char *const sm_pkg_id = "sm_test_01a_pkg_id_double";
  
-    request.reset(do_app_inst_req_new());
+    InstallRequest requestInst;
+    requestInst.setAppId(sm_app_id);
+    requestInst.setPkgId(sm_pkg_id);
  
-    result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting app id failed. Result: " << result);
+    Api::install(requestInst);
+    Api::install(requestInst);
  
-    result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting pkg id failed. Result: " << result);
+    /* Check records in the security-manager database */
+    check_app_after_install(sm_app_id, sm_pkg_id);
  
-    result = security_manager_app_install(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "installing app failed. Result: " << result);
+    InstallRequest requestUninst;
+    requestUninst.setAppId(sm_app_id);
  
-    result = security_manager_app_install(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "installing already installed app failed. Result: " << result);
+    Api::uninstall(requestUninst);
+    Api::uninstall(requestUninst);
  
      /* Check records in the security-manager database */
-    check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
+    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+}
+
+
+RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id)
+{
+    const char *const sm_app_id = "sm_test_01b_app";
+    const char *const sm_pkg_id = "sm_test_01b_pkg";
+    const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD";
+
+    InstallRequest requestInst;
+    requestInst.setAppId(sm_app_id);
+    requestInst.setPkgId(sm_pkg_id);
+
+    Api::install(requestInst);
  
-    request.reset(do_app_inst_req_new());
+    InstallRequest requestInst2;
+    requestInst2.setAppId(sm_app_id);
+    requestInst2.setPkgId(sm_pkg_id_wrong);
  
-    result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting app id failed. Result: " << result);
+    Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM);
  
-    result = security_manager_app_uninstall(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "uninstalling app failed. Result: " << result);
  
-    result = security_manager_app_uninstall(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "uninstalling already uninstalled app failed. Result: " << result);
+    /* Check records in the security-manager database */
+    check_app_after_install(sm_app_id, sm_pkg_id);
+
+    InstallRequest requestUninst;
+    requestUninst.setAppId(sm_app_id);
+
+    Api::uninstall(requestUninst);
+
  
      /* Check records in the security-manager database */
-    check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
+    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
+
  }
  
-RUNNER_TEST(security_manager_02_app_install_uninstall_full)
+RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored)
  {
-    int result;
-    AppInstReqUniquePtr request;
+    const char * const  sm_app_id = "SM_TEST_01c_APPID";
+    const char * const  sm_pkg_id = "SM_TEST_01c_PKGID";
+    const char * const  sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong";
  
-    prepare_app_env();
+    InstallRequest requestInst;
+    requestInst.setAppId(sm_app_id);
+    requestInst.setPkgId(sm_pkg_id);
+
+    Api::install(requestInst);
+
+    /* Check records in the security-manager database */
+    check_app_after_install(sm_app_id, sm_pkg_id);
+
+    InstallRequest requestUninst;
+    requestUninst.setAppId(sm_app_id);
+    requestUninst.setPkgId(sm_pkg_id_wrong);
  
-    request.reset(do_app_inst_req_new());
+    Api::uninstall(requestUninst);
  
-    result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting app id failed. Result: " << result);
+    check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
  
-    result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting pkg id failed. Result: " << result);
+}
  
-    result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting allowed permission failed. Result: " << result);
-    result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting allowed permission failed. Result: " << result);
+RUNNER_TEST(security_manager_02_app_install_uninstall_full)
+{
+    const char *const sm_app_id = "sm_test_02_app_id_full";
+    const char *const sm_pkg_id = "sm_test_02_pkg_id_full";
  
-    result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
-                                                    SECURITY_MANAGER_PATH_PRIVATE);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting allowed path failed. Result: " << result);
+    prepare_app_env();
  
-    result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
-                                                    SECURITY_MANAGER_PATH_PUBLIC_RO);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting allowed path failed. Result: " << result);
+    InstallRequest requestInst;
+    requestInst.setAppId(sm_app_id);
+    requestInst.setPkgId(sm_pkg_id);
+    requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
+    requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
+    requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
+    requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
  
-    result = security_manager_app_install(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "installing app failed. Result: " << result);
+    Api::install(requestInst);
  
      /* Check records in the security-manager database */
-    check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
+    check_app_after_install(sm_app_id, sm_pkg_id,
                              SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
  
      /* TODO: add parameters to this function */
-    check_app_path_after_install();
-
-    request.reset(do_app_inst_req_new());
+    check_app_path_after_install(sm_app_id);
  
-    result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting app id failed. Result: " << result);
+    InstallRequest requestUninst;
+    requestUninst.setAppId(sm_app_id);
  
-    result = security_manager_app_uninstall(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "uninstalling app failed. Result: " << result);
+    Api::uninstall(requestUninst);
  
      /* Check records in the security-manager database,
       * all previously allowed privileges should be removed */
-    check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
+    check_app_after_uninstall(sm_app_id, sm_pkg_id,
                                SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
  }
  
  RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
  {
-    const char *const app_id = "sm_test_app_id_set_label_from_appid";
-    const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
-    const char *const expected_label = USER_APP_ID;
+    const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
+    const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
      const char *const socketLabel = "not_expected_label";
+    std::string expected_label = generateAppLabel(app_id);
      char *label = nullptr;
      CStringPtr labelPtr;
      int result;
  
-    uninstall_app(app_id, pkg_id, false, true);
+    uninstall_app(app_id, pkg_id, true);
      install_app(app_id, pkg_id);
  
      struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
@@ -442,33 +523,28 @@ RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
      result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
      RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
      //Set socket label to something different than expecedLabel
-    result = fsetxattr(sock, XATTR_NAME_SMACKIPIN, socketLabel,
-        strlen(socketLabel), 0);
+    result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPIN, socketLabel);
      RUNNER_ASSERT_ERRNO_MSG(result == 0,
          "Can't set socket label. Result: " << result);
-    result = fsetxattr(sock, XATTR_NAME_SMACKIPOUT, socketLabel,
-        strlen(socketLabel), 0);
+    result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPOUT, socketLabel);
      RUNNER_ASSERT_ERRNO_MSG(result == 0,
          "Can't set socket label. Result: " << result);
  
-    result = security_manager_set_process_label_from_appid(app_id);
-    RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
-            "security_manager_set_process_label_from_appid(" <<
-            app_id << ") failed. Result: " << result);
+    Api::setProcessLabel(app_id);
  
-    char value[SMACK_LABEL_LEN + 1];
-    ssize_t size;
-    size = fgetxattr(sock, XATTR_NAME_SMACKIPIN, value, sizeof(value));
-    RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
-    result = strcmp(expected_label, value);
+    result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPIN, &label);
+    RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
+    labelPtr.reset(label);
+    result = expected_label.compare(label);
      RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
-        expected_label << " Actual: " << value);
+        expected_label << " Actual: " << label);
  
-    size = fgetxattr(sock, XATTR_NAME_SMACKIPOUT, value, sizeof(value));
-    RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
-    result = strcmp(expected_label, value);
+    result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPOUT, &label);
+    RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
+    labelPtr.reset(label);
+    result = expected_label.compare(label);
      RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
-        expected_label << " Actual: " << value);
+        expected_label << " Actual: " << label);
  
      result = smack_new_label_from_self(&label);
      RUNNER_ASSERT_MSG(result >= 0,
@@ -477,122 +553,241 @@ RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
              " Process label is not set");
      labelPtr.reset(label);
  
-    result = strcmp(expected_label, label);
+    result = expected_label.compare(label);
      RUNNER_ASSERT_MSG(result == 0,
              " Process label is incorrect. Expected: \"" << expected_label <<
              "\" Actual: \"" << label << "\"");
  
-    uninstall_app(app_id, pkg_id, true, true);
+    uninstall_app(app_id, pkg_id, true);
  }
  
  RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
  {
-    const char *const app_id = "sm_test_app_id_set_label_from_appid";
-    const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
-    int result;
+    const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack";
+    const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack";
  
-    uninstall_app(app_id, pkg_id, false, true);
+    uninstall_app(app_id, pkg_id, true);
      install_app(app_id, pkg_id);
  
-    result = security_manager_set_process_label_from_appid(app_id);
-    RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
-            "security_manager_set_process_label_from_appid(" <<
-            app_id << ") failed. Result: " << result);
+    Api::setProcessLabel(app_id);
  
-    uninstall_app(app_id, pkg_id, true, true);
+    uninstall_app(app_id, pkg_id, true);
  }
  
-
-
-static void prepare_request(AppInstReqUniquePtr &request,
+static void prepare_request(InstallRequest &request,
                const char *const app_id,
                const char *const pkg_id,
                app_install_path_type pathType,
-              const char *const path)
+              const char *const path,
+              uid_t uid)
  {
-    int result;
-    request.reset(do_app_inst_req_new());
+    request.setAppId(app_id);
+    request.setPkgId(pkg_id);
+    request.addPath(path, pathType);
+
+    if (uid != 0)
+        request.setUid(uid);
+}
+
+static uid_t getGlobalUserId(void)
+{
+    return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
+}
+
+static const std::string appDirPath(const TemporaryTestUser &user,
+        const std::string &appId, const std::string &pkgId)
+{
+    struct tzplatform_context *tzCtxPtr = nullptr;
  
-    result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting app id failed. Result: " << result);
+    RUNNER_ASSERT(0 == tzplatform_context_create(&tzCtxPtr));
+    TzPlatformContextPtr tzCtxPtrSmart(tzCtxPtr);
  
-    result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting pkg id failed. Result: " << result);
+    RUNNER_ASSERT_MSG(0 == tzplatform_context_set_user(tzCtxPtr, user.getUid()),
+                      "Unable to set user <" << user.getUserName() << "> for tzplatform context");
  
-    result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting allowed path failed. Result: " << result);
+    const char *appDir = tzplatform_context_getenv(tzCtxPtr,
+                                getGlobalUserId() == user.getUid() ? TZ_SYS_RW_APP : TZ_USER_APP);
+    RUNNER_ASSERT_MSG(nullptr != appDir,
+                      "tzplatform_context_getenv failed"
+                          << "for getting sys rw app of user <" << user.getUserName() << ">");
+
+    return std::string(appDir) + "/" + pkgId + "/" + appId;
  }
  
+static const std::string nonAppDirPath(const TemporaryTestUser &user)
+{
+    return TMP_DIR + "/" + user.getUserName();
+}
  
-static struct passwd* get_app_pw()
+static const std::string uidToStr(const uid_t uid)
  {
-    struct passwd *pw = nullptr;
-    errno = 0;
-    while(!(pw = getpwnam(APP_USER))) {
-        RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
-    }
-    return pw;
+    return std::to_string(static_cast<unsigned int>(uid));
  }
  
-RUNNER_CHILD_TEST(security_manager_04_app_install_uninstall_by_app_user)
+static void install_and_check(const char *const sm_app_id,
+                              const char *const sm_pkg_id,
+                              const TemporaryTestUser& user,
+                              const std::string &appDir,
+                              bool requestUid)
+{
+    InstallRequest requestPublic;
+
+    //install app for non-root user and try to register public path (should fail)
+    prepare_request(requestPublic, sm_app_id, sm_pkg_id,
+                    SECURITY_MANAGER_PATH_PUBLIC, appDir.c_str(),
+                    requestUid ? user.getUid() : 0);
+
+    Api::install(requestPublic, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+
+    InstallRequest requestPrivate;
+
+    //install app for non-root user
+    //should fail (users may only register folders inside their home)
+    prepare_request(requestPrivate, sm_app_id, sm_pkg_id,
+                    SECURITY_MANAGER_PATH_RW, SM_RW_PATH,
+                    requestUid ? user.getUid() : 0);
+
+    Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+
+    InstallRequest requestPrivateUser;
+
+    //install app for non-root user
+    //should succeed - this time i register folder inside user's home dir
+    prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
+                    SECURITY_MANAGER_PATH_RW, appDir.c_str(),
+                    requestUid ? user.getUid() : 0);
+
+    for (auto &privilege : SM_ALLOWED_PRIVILEGES)
+        requestPrivateUser.addPrivilege(privilege.c_str());
+
+    Api::install(requestPrivateUser);
+
+    check_app_permissions(sm_app_id, sm_pkg_id,
+                          uidToStr(user.getUid()).c_str(),
+                          SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+}
+
+static void createTestDir(const std::string &dir)
+{
+    mode_t dirMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
+    mode_t execFileMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
+    mode_t normalFileMode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
+
+    mktreeSafe(dir, dirMode);
+    creatSafe(dir + "/" + EXEC_FILE, execFileMode);
+    creatSafe(dir + "/" + NORMAL_FILE, normalFileMode);
+    symlinkSafe(dir + "/" + EXEC_FILE, dir + "/" + LINK_PREFIX + EXEC_FILE);
+    symlinkSafe(dir + "/" + NORMAL_FILE, dir + "/" + LINK_PREFIX + NORMAL_FILE);
+}
+
+static void createInnerAppDir(const std::string &dir, const std::string &nonAppDir)
+{
+    createTestDir(dir);
+
+    symlinkSafe(nonAppDir, dir + "/" + LINK_PREFIX + "non_app_dir");
+    symlinkSafe(nonAppDir + "/" + EXEC_FILE,
+                dir + "/" + LINK_PREFIX + "non_app_" + EXEC_FILE);
+    symlinkSafe(nonAppDir + "/" + NORMAL_FILE,
+                dir + "/" + LINK_PREFIX + "non_app_" + NORMAL_FILE);
+}
+
+static void generateAppDir(const TemporaryTestUser &user,
+       const std::string &appId, const std::string &pkgId)
+{
+    const std::string dir = appDirPath(user, appId, pkgId);
+    const std::string nonAppDir = nonAppDirPath(user);
+
+    createInnerAppDir(dir, nonAppDir);
+    createInnerAppDir(dir + "/.inner_dir", nonAppDir);
+    createInnerAppDir(dir + "/inner_dir", nonAppDir);
+}
+
+static void generateNonAppDir(const TemporaryTestUser &user)
+{
+    const std::string dir = nonAppDirPath(user);
+
+    createTestDir(dir);
+    createTestDir(dir + "/.inner_dir");
+    createTestDir(dir + "/inner_dir");
+}
+
+static void createTestDirs(const TemporaryTestUser &user,
+       const std::string &appId, const std::string &pkgId)
+{
+    generateAppDir(user, appId, pkgId);
+    generateNonAppDir(user);
+}
+
+static void removeTestDirs(const TemporaryTestUser &user,
+       const std::string &appId, const std::string &pkgId)
+{
+    removeDir(appDirPath(user, appId, pkgId));
+    removeDir(nonAppDirPath(user));
+}
+
+RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
  {
      int result;
-    AppInstReqUniquePtr request;
-    struct passwd *pw = get_app_pw();
-    const std::string user =  std::to_string(static_cast<unsigned int>(pw->pw_uid));
+    const char *const sm_app_id = "sm_test_04a_app_id_uid";
+    const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
+    const std::string new_user_name = "sm_test_04a_user_name";
+
+    TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
+    testUser.create();
+
+    removeTestDirs(testUser, sm_app_id, sm_pkg_id);
+    createTestDirs(testUser, sm_app_id, sm_pkg_id);
+
+    const std::string userAppDirPath = appDirPath(testUser, sm_app_id, sm_pkg_id);
  
      //switch user to non-root
-    result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+    result = drop_root_privileges(testUser.getUid(), testUser.getGid());
      RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
  
-    //install app as non-root user and try to register public path (should fail)
-    prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER);
+    install_and_check(sm_app_id, sm_pkg_id, testUser, userAppDirPath, false);
  
-    result = security_manager_app_install(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
-            "installing app not failed. Result: " << result);
+    //uninstall app as non-root user
+    InstallRequest request;
+    request.setAppId(sm_app_id);
  
-    //install app as non-root user
-    //should fail (non-root users may only register folders inside their home)
-    prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
+    Api::uninstall(request);
  
-    result = security_manager_app_install(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
-            "installing app not failed. Result: " << result);
+    check_app_permissions(sm_app_id, sm_pkg_id,
+                          uidToStr(testUser.getUid()).c_str(),
+                          SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+}
  
-    //install app as non-root user
-    //should succeed - this time i register folder inside user's home dir
-    prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER);
+RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
+{
+    int result;
+    const char *const sm_app_id = "sm_test_04b_app_id_uid";
+    const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
+    const std::string new_user_name = "sm_test_04b_user_name";
  
-    for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
-        result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
-        RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting allowed permission failed. Result: " << result);
-    }
+    TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
+    testUser.create();
  
-    result = security_manager_app_install(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "installing app failed. Result: " << result);
+    removeTestDirs(testUser, sm_app_id, sm_pkg_id);
+    createTestDirs(testUser, sm_app_id, sm_pkg_id);
  
-    check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+    install_and_check(sm_app_id, sm_pkg_id, testUser, appDirPath(testUser, sm_app_id, sm_pkg_id), true);
  
-    //uninstall app as non-root user
-    request.reset(do_app_inst_req_new());
+    //switch user to non-root - root may not uninstall apps for specified users
+    result = drop_root_privileges(testUser.getUid(), testUser.getGid());
+    RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
  
-    result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "setting app id failed. Result: " << result);
+    //uninstall app as non-root user
+    InstallRequest request;
+    request.setAppId(sm_app_id);
  
-    result = security_manager_app_uninstall(request.get());
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-            "uninstalling app failed. Result: " << result);
+    Api::uninstall(request);
  
-    check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+    check_app_permissions(sm_app_id, sm_pkg_id,
+                          uidToStr(testUser.getUid()).c_str(),
+                          SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
  }
  
+
  RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
  {
      int result;
@@ -604,9 +799,7 @@ RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
      RUNNER_ASSERT_MSG(result == 0,
          "can't set capabilities. Result: " << result);
  
-    result = security_manager_drop_process_privileges();
-    RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
-        "dropping caps failed. Result: " << result);
+    Api::dropProcessPrivileges();
  
      caps.reset(cap_get_proc());
      RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
@@ -616,6 +809,1486 @@ RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
          "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
  }
  
+RUNNER_CHILD_TEST(security_manager_06_install_app_offline)
+{
+    const char *const app_id = "sm_test_06_app_id_install_app_offline";
+    const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline";
+
+    // Uninstall app on-line, off-line mode doesn't support it
+    uninstall_app(app_id, pkg_id, true);
+
+    ServiceManager("security-manager.service").stopService();
+
+    ServiceManager serviceManager("security-manager.socket");
+    serviceManager.stopService();
+
+    install_app(app_id, pkg_id);
+
+    serviceManager.startService();
+
+    uninstall_app(app_id, pkg_id, true);
+}
+
+RUNNER_CHILD_TEST(security_manager_07_user_add_app_install)
+{
+    const char *const sm_app_id = "sm_test_07_app_id_user";
+    const char *const sm_pkg_id = "sm_test_07_pkg_id_user";
+    const std::string new_user_name = "sm_test_07_user_name";
+    std::string uid_string;
+    TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
+    test_user.create();
+    test_user.getUidString(uid_string);
+
+    removeTestDirs(test_user, sm_app_id, sm_pkg_id);
+    createTestDirs(test_user, sm_app_id, sm_pkg_id);
+
+    install_app(sm_app_id, sm_pkg_id, test_user.getUid());
+
+    check_app_after_install(sm_app_id, sm_pkg_id);
+
+    test_user.remove();
+
+    check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+
+    check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
+}
+
+RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove)
+{
+    UserRequest addUserRequest;
+
+    const char *const sm_app_id = "sm_test_08_app_id_user";
+    const char *const sm_pkg_id = "sm_test_08_pkg_id_user";
+    const std::string new_user_name = "sm_test_08_user_name";
+    std::string uid_string;
+
+    // gumd user add
+    TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
+    test_user.create();
+    test_user.getUidString(uid_string);
+
+    removeTestDirs(test_user, sm_app_id, sm_pkg_id);
+    createTestDirs(test_user, sm_app_id, sm_pkg_id);
+
+    addUserRequest.setUid(test_user.getUid());
+    addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
+
+    //sm user add
+    Api::addUser(addUserRequest);
+
+    install_app(sm_app_id, sm_pkg_id, test_user.getUid());
+
+    check_app_after_install(sm_app_id, sm_pkg_id);
+
+    test_user.remove();
+
+    UserRequest deleteUserRequest;
+    deleteUserRequest.setUid(test_user.getUid());
+
+    Api::deleteUser(deleteUserRequest);
+
+    check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+
+    check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
+}
+
+RUNNER_CHILD_TEST(security_manager_09_add_user_offline)
+{
+    const char *const app_id = "security_manager_09_add_user_offline_app";
+    const char *const pkg_id = "security_manager_09_add_user_offline_pkg";
+    const std::string new_user_name("sm_test_09_user_name");
+
+    ServiceManager("security-manager.service").stopService();
+
+    ServiceManager serviceManager("security-manager.socket");
+    serviceManager.stopService();
+
+    TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, true);
+    test_user.create();
+
+    removeTestDirs(test_user, app_id, pkg_id);
+    createTestDirs(test_user, app_id, pkg_id);
+
+    install_app(app_id, pkg_id, test_user.getUid());
+
+    check_app_after_install(app_id, pkg_id);
+
+    serviceManager.startService();
+
+    test_user.remove();
+
+    check_app_after_uninstall(app_id, pkg_id, true);
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_self)
+{
+    //TEST DATA
+    const std::string username("sm_test_10_user_name");
+    unsigned int privileges_count = 0;
+
+    std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
+    std::map<std::string, std::set<std::string>> apps2PrivsMap;
+
+    for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+        apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+            MANY_APPS.at(i), std::set<std::string>(
+                MANY_APPS_PRIVILEGES.at(i).begin(),
+                MANY_APPS_PRIVILEGES.at(i).end())));
+        privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
+    };
+
+    apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+        PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
+    ++privileges_count;
+    users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
+    //TEST DATA END
+
+    sem_t *mutex;
+    errno = 0;
+    RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
+    errno = 0;
+    RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
+    pid_t pid = fork();
+
+    if (pid != 0) { //parent process
+        TemporaryTestUser tmpUser(username, GUM_USERTYPE_NORMAL, false);
+        tmpUser.create();
+
+        for(const auto &user : users2AppsMap) {
+
+            for(const auto &app : user.second) {
+                InstallRequest requestInst;
+                requestInst.setAppId(app.first.c_str());
+                try {
+                    requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
+                } catch (const std::out_of_range &e) {
+                    RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
+                };
+                requestInst.setUid(tmpUser.getUid());
+
+                for (const auto &privilege : app.second) {
+                    requestInst.addPrivilege(privilege.c_str());
+                };
+
+                Api::install(requestInst);
+            };
+
+            //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
+        };
+        //Start child process
+        errno = 0;
+        RUNNER_ASSERT_MSG(sem_post(mutex) ==  0, "Error while opening mutex, errno: " << errno);
+
+        int status;
+        wait(&status);
+
+        tmpUser.remove();
+    };
+
+    if (pid == 0) { //child process
+        errno = 0;
+        RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno);
+        //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
+
+        struct passwd *pw = getUserStruct(username);
+        register_current_process_as_privilege_manager(pw->pw_uid);
+        int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        std::vector<PolicyEntry> policyEntries;
+        PolicyEntry filter;
+        Api::getPolicy(filter, policyEntries);
+
+        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+        RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
+
+        for (const auto &policyEntry : policyEntries) {
+            std::string user = policyEntry.getUser();
+            std::string app = policyEntry.getAppId();
+            std::string privilege = policyEntry.getPrivilege();
+
+            try {
+                struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
+                std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
+                if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
+                    RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
+            } catch (const std::out_of_range &e) {
+                RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
+            } catch (const std::invalid_argument& e) {
+                RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
+            };
+        };
+        exit(0);
+    };
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_11_privacy_manager_fetch_whole_policy_for_admin_unprivileged)
+{
+    //TEST DATA
+    const std::vector<std::string> usernames = {"sm_test_11_user_name_1", "sm_test_11_user_name_2"};
+    unsigned int privileges_count = 0;
+
+    std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
+    std::map<std::string, std::set<std::string>> apps2PrivsMap;
+
+    for (const auto &username : usernames) {
+        //Only entries for one of the users will be listed
+        privileges_count = 0;
+
+        for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+            apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+                MANY_APPS.at(i), std::set<std::string>(
+                    MANY_APPS_PRIVILEGES.at(i).begin(),
+                    MANY_APPS_PRIVILEGES.at(i).end())));
+            privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
+        };
+
+        users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
+    };
+
+    users2AppsMap.at(usernames.at(0)).insert(std::pair<std::string, std::set<std::string>>(
+        PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
+
+    ++privileges_count;
+    //TEST DATA END
+
+    sem_t *mutex;
+    errno = 0;
+    RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
+    errno = 0;
+    RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
+    pid_t pid = fork();
+
+    if (pid != 0) { //parent process
+        std::vector<TemporaryTestUser> users = {
+            TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
+            TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
+            };
+
+        users.at(0).create();
+        users.at(1).create();
+
+        //Install apps for both users
+        for(const auto &user : users) {
+            for(const auto &app : users2AppsMap.at(user.getUserName())) {
+                InstallRequest requestInst;
+                requestInst.setAppId(app.first.c_str());
+                try {
+                    requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
+                } catch (const std::out_of_range &e) {
+                    RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
+                };
+                requestInst.setUid(user.getUid());
+
+                for (const auto &privilege : app.second) {
+                    requestInst.addPrivilege(privilege.c_str());
+                };
+
+                Api::install(requestInst);
+            };
+
+            //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
+        };
+        //Start child
+        errno = 0;
+        RUNNER_ASSERT_MSG(sem_post(mutex) ==  0, "Error while opening mutex, errno: " << errno);
+
+        int status;
+        wait(&status);
+
+        for(auto &user : users) {
+            user.remove();
+        };
+    };
+
+    if (pid == 0) {
+        errno = 0;
+        RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno);
+        struct passwd *pw = getUserStruct(usernames.at(0));
+        register_current_process_as_privilege_manager(pw->pw_uid);
+
+        //change uid to normal user
+        errno = 0;
+        int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        std::vector<PolicyEntry> policyEntries;
+        PolicyEntry filter;
+
+        //this call should only return privileges belonging to the current uid
+        Api::getPolicy(filter, policyEntries);
+
+        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+        RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
+
+        for (const auto &policyEntry : policyEntries) {
+            std::string user = policyEntry.getUser();
+            std::string app = policyEntry.getAppId();
+            std::string privilege = policyEntry.getPrivilege();
+
+            try {
+                struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
+                std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
+                if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
+                    RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
+            } catch (const std::out_of_range &e) {
+                RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
+            } catch (const std::invalid_argument& e) {
+                RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
+            };
+        };
+        exit(0);
+    };
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_admin_privileged)
+{
+    //TEST DATA
+    const std::vector<std::string> usernames = {"sm_test_12_user_name_1", "sm_test_12_user_name_2"};
+    unsigned int privileges_count = 0;
+
+    std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
+    std::map<std::string, std::set<std::string>> apps2PrivsMap;
+
+    for (const auto &username : usernames) {
+
+        for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+            apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+                MANY_APPS.at(i), std::set<std::string>(
+                    MANY_APPS_PRIVILEGES.at(i).begin(),
+                    MANY_APPS_PRIVILEGES.at(i).end())));
+            privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
+        };
+
+        users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
+    };
+
+    users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
+        PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE, PRIVILEGE_MANAGER_ADMIN_PRIVILEGE}));
+
+    privileges_count += 2;
+    //TEST DATA END
+
+    sem_t *mutex;
+    errno = 0;
+    RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
+    errno = 0;
+    RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
+    pid_t pid = fork();
+
+    if (pid != 0) { //parent process
+        std::vector<TemporaryTestUser> users = {
+            TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
+            TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
+            };
+
+        users.at(0).create();
+        users.at(1).create();
+        //Install apps for both users
+        for(const auto &user : users) {
+            for(const auto &app : users2AppsMap.at(user.getUserName())) {
+                InstallRequest requestInst;
+                requestInst.setAppId(app.first.c_str());
+                try {
+                    requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
+                } catch (const std::out_of_range &e) {
+                    RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
+                };
+                requestInst.setUid(user.getUid());
+
+                for (const auto &privilege : app.second) {
+                    requestInst.addPrivilege(privilege.c_str());
+                };
+
+                Api::install(requestInst);
+            };
+
+            //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
+        };
+
+        //Start child
+        errno = 0;
+        RUNNER_ASSERT_MSG(sem_post(mutex) ==  0, "Error while opening mutex, errno: " << errno);
+
+        //Wait for child to finish
+        int status;
+        wait(&status);
+
+        for(auto &user : users) {
+            user.remove();
+        };
+    };
+
+    if (pid == 0) { //child process
+        errno = 0;
+        RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno);
+
+        struct passwd *pw = getUserStruct(usernames.at(1));
+        register_current_process_as_privilege_manager(pw->pw_uid, true);
+
+        //change uid to normal user
+        int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        std::vector<PolicyEntry> policyEntries;
+        PolicyEntry filter;
+        //this call should succeed as the calling user is privileged
+        Api::getPolicy(filter, policyEntries);
+
+        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+        RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
+
+        for (const auto &policyEntry : policyEntries) {
+            std::string user = policyEntry.getUser();
+            std::string app = policyEntry.getAppId();
+            std::string privilege = policyEntry.getPrivilege();
+
+            try {
+                struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
+                std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
+                if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
+                    RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
+            } catch (const std::out_of_range &e) {
+                RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
+            } catch (const std::invalid_argument& e) {
+                RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
+            };
+        };
+
+        exit(0);
+    };
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_unprivileged)
+{
+    //TEST DATA
+    const std::vector<std::string> usernames = {"sm_test_13_user_name_1", "sm_test_13_user_name_2"};
+
+    std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
+    std::map<std::string, std::set<std::string>> apps2PrivsMap;
+
+    for (const auto &username : usernames) {
+
+        for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+            apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+                MANY_APPS.at(i), std::set<std::string>(
+                    MANY_APPS_PRIVILEGES.at(i).begin(),
+                    MANY_APPS_PRIVILEGES.at(i).end())));
+        };
+
+        users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
+    };
+
+    users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
+        PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
+
+    //TEST DATA END
+
+    pid_t pid[2];
+    sem_t *mutex[2];
+    errno = 0;
+    RUNNER_ASSERT_MSG(((mutex[0] = sem_open("mutex_1", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #1, errno: " << errno);
+    errno = 0;
+    RUNNER_ASSERT_MSG(((mutex[1] = sem_open("mutex_2", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #2, errno: " << errno);
+    errno = 0;
+    RUNNER_ASSERT_MSG(sem_init(mutex[0], 1, 0) == 0, "failed to setup mutex #1, errno: " << errno);
+    errno = 0;
+    RUNNER_ASSERT_MSG(sem_init(mutex[1], 1, 0) == 0, "failed to setup mutex #2, errno: " << errno);
+    std::vector<PolicyEntry> policyEntries;
+
+    pid[0] = fork();
+
+    if(pid[0] == 0) { //child #1 process
+        RUNNER_ASSERT_MSG(sem_wait(mutex[0]) == 0, "sem_wait in child #1 failed, errno: " << errno);
+        struct passwd *pw = getUserStruct(usernames.at(0));
+        register_current_process_as_privilege_manager(pw->pw_uid);
+
+        //change uid to normal user
+        int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        PolicyEntry filter;
+        PolicyRequest policyRequest;
+        //this call should succeed as the calling user is privileged
+        Api::getPolicyForSelf(filter, policyEntries);
+
+        RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
+
+        PolicyEntry policyEntry(
+                MANY_APPS[0],
+                std::to_string(pw->pw_uid),
+                "http://tizen.org/privilege/internet"
+                );
+        policyEntry.setLevel("Deny");
+
+        policyRequest.addEntry(policyEntry);
+        policyEntry = PolicyEntry(
+                MANY_APPS[1],
+                std::to_string(pw->pw_uid),
+                "http://tizen.org/privilege/location"
+                );
+        policyEntry.setLevel("Deny");
+
+        policyRequest.addEntry(policyEntry);
+        Api::sendPolicy(policyRequest);
+        Api::getPolicyForSelf(filter, policyEntries);
+
+        RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
+        exit(0);
+    };
+
+    if (pid[0] != 0) {//parent process
+        pid[1] = fork();
+
+        if (pid[1] == 0) { //child #2 process
+            errno = 0;
+            RUNNER_ASSERT_MSG(sem_wait(mutex[1]) == 0, "sem_wait in child #2 failed, errno: " << errno);
+            struct passwd *pw_target = getUserStruct(usernames.at(0));
+            struct passwd *pw = getUserStruct(usernames.at(1));
+            register_current_process_as_privilege_manager(pw->pw_uid);
+
+            //change uid to normal user
+            int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+            RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+            PolicyEntry filter = PolicyEntry(
+                        SECURITY_MANAGER_ANY,
+                        std::to_string(pw_target->pw_uid),
+                        SECURITY_MANAGER_ANY
+                        );
+
+            //U2 requests contents of U1 privacy manager - should fail
+            Api::getPolicyForSelf(filter, policyEntries);
+            RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
+
+            filter = PolicyEntry(
+                        SECURITY_MANAGER_ANY,
+                        SECURITY_MANAGER_ANY,
+                        SECURITY_MANAGER_ANY
+                        );
+
+            policyEntries.clear();
+
+            //U2 requests contents of ADMIN bucket - should fail
+            Api::getPolicyForAdmin(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED);
+            RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
+            exit(0);
+        };
+
+        if (pid[1] != 0) { //parent
+
+            std::vector<TemporaryTestUser> users = {
+                TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
+                TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
+                };
+
+            users.at(0).create();
+            users.at(1).create();
+
+            //Install apps for both users
+            for(const auto &user : users2AppsMap) {
+
+                for(const auto &app : user.second) {
+                    InstallRequest requestInst;
+                    requestInst.setAppId(app.first.c_str());
+                    try {
+                        requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
+                    } catch (const std::out_of_range &e) {
+                        RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
+                    };
+                    requestInst.setUid(users.at(0).getUid());
+
+                    for (const auto &privilege : app.second) {
+                        requestInst.addPrivilege(privilege.c_str());
+                    };
+
+                    Api::install(requestInst);
+                };
+
+                //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
+            };
+
+            int status;
+            //Start child #1
+            errno = 0;
+            RUNNER_ASSERT_MSG(sem_post(mutex[0]) ==  0, "Error while opening mutex #1, errno: " << errno);
+
+            //Wait until child #1 finishes
+            pid_t ret = wait(&status);
+            RUNNER_ASSERT_MSG((ret != -1) && WIFEXITED(status), "Updating privileges failed");
+
+            //Start child #2
+            errno = 0;
+            RUNNER_ASSERT_MSG(sem_post(mutex[1]) ==  0, "Error while opening mutex #2, errno: " << errno);
+            //Wait until child #2 finishes
+            ret = wait(&status);
+            RUNNER_ASSERT_MSG((ret =-1) && WIFEXITED(status), "Listing privileges failed");
+
+            for(auto &user : users) {
+                user.remove();
+            };
+
+            sem_close(mutex[0]);
+            sem_close(mutex[1]);
+        };
+    };
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_for_admin)
+{
+    //TEST DATA
+    const std::vector<std::string> usernames = {"sm_test_14_user_name_1", "sm_test_14_user_name_2"};
+    unsigned int privileges_count = 0;
+
+    std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
+    std::map<std::string, std::set<std::string>> apps2PrivsMap;
+
+    for (const auto &username : usernames) {
+
+        for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+            apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
+                MANY_APPS.at(i), std::set<std::string>(
+                    MANY_APPS_PRIVILEGES.at(i).begin(),
+                    MANY_APPS_PRIVILEGES.at(i).end())));
+            privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
+        };
+
+        users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
+    };
+
+    users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
+        PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
+
+    privileges_count += 2;
+    //TEST DATA END
+    sem_t *mutex;
+    errno = 0;
+    RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
+    errno = 0;
+    RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
+
+    pid_t pid = fork();
+    if (pid != 0) {
+        std::vector<TemporaryTestUser> users = {
+            TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
+            TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
+            };
+
+        users.at(0).create();
+        users.at(1).create();
+
+        //Install apps for both users
+        for(const auto &user : users) {
+
+            for(const auto &app : users2AppsMap.at(user.getUserName())) {
+                InstallRequest requestInst;
+                requestInst.setAppId(app.first.c_str());
+                try {
+                    requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
+                } catch (const std::out_of_range &e) {
+                    RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
+                };
+                requestInst.setUid(user.getUid());
+
+                for (const auto &privilege : app.second) {
+                    requestInst.addPrivilege(privilege.c_str());
+                };
+
+                Api::install(requestInst);
+            };
+        };
+        //Start child process
+        errno = 0;
+        RUNNER_ASSERT_MSG(sem_post(mutex) ==  0, "Error while opening mutex, errno: " << errno);
+        int status;
+        //Wait for child process to finish
+        wait(&status);
+
+        //switch back to root
+        for(auto &user : users) {
+            user.remove();
+        };
+
+        sem_close(mutex);
+    }
+
+    if (pid == 0) { //child process
+        errno = 0;
+        RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno);
+
+        struct passwd *pw = getUserStruct(usernames.at(0));
+        register_current_process_as_privilege_manager(pw->pw_uid, true);
+
+        //change uid to normal user
+        int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        PolicyRequest *policyRequest = new PolicyRequest();
+        PolicyEntry filter;
+        std::vector<PolicyEntry> policyEntries;
+        //this call should succeed as the calling user is privileged
+        Api::getPolicyForSelf(filter, policyEntries);
+
+        RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
+
+        PolicyEntry policyEntry(
+                SECURITY_MANAGER_ANY,
+                SECURITY_MANAGER_ANY,
+                "http://tizen.org/privilege/internet"
+                );
+        policyEntry.setMaxLevel("Deny");
+
+        policyRequest->addEntry(policyEntry);
+        policyEntry = PolicyEntry(
+                SECURITY_MANAGER_ANY,
+                SECURITY_MANAGER_ANY,
+                "http://tizen.org/privilege/location"
+                );
+        policyEntry.setMaxLevel("Deny");
+
+        policyRequest->addEntry(policyEntry);
+        Api::sendPolicy(*policyRequest);
+        Api::getPolicyForAdmin(filter, policyEntries);
+
+        RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
+
+        delete policyRequest;
+        policyRequest = new PolicyRequest();
+        policyEntry = PolicyEntry(
+                SECURITY_MANAGER_ANY,
+                SECURITY_MANAGER_ANY,
+                "http://tizen.org/privilege/internet"
+                );
+        policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
+        policyRequest->addEntry(policyEntry);
+
+        policyEntry = PolicyEntry(
+                SECURITY_MANAGER_ANY,
+                SECURITY_MANAGER_ANY,
+                "http://tizen.org/privilege/location"
+                );
+        policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
+
+        policyRequest->addEntry(policyEntry);
+        Api::sendPolicy(*policyRequest);
+
+        policyEntries.clear();
+        Api::getPolicyForAdmin(filter, policyEntries);
+        RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Number of policies doesn't match - should be: 0 and is " << policyEntries.size());
+
+        delete policyRequest;
+
+        exit(0);
+    };
+
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin)
+{
+    const char *const update_app_id = "security_manager_15_update_app_id";
+    const char *const update_privilege = "http://tizen.org/privilege/led";
+    const char *const check_start_bucket = "ADMIN";
+    const std::string username("sm_test_15_username");
+    PolicyRequest addPolicyRequest;
+    CynaraTestAdmin::Admin admin;
+
+    struct message {
+        uid_t uid;
+        gid_t gid;
+    } msg;
+
+    int pipefd[2];
+    pid_t pid;
+    int result = 0;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+
+    TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
+    user.create();
+
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        register_current_process_as_privilege_manager(user.getUid(), true);
+
+        //send info to child
+        msg.uid = user.getUid();
+        msg.gid = user.getGid();
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+        admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+    }
+    if(pid == 0)
+    {
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+        entry.setMaxLevel("Allow");
+
+        addPolicyRequest.addEntry(entry);
+        Api::sendPolicy(addPolicyRequest);
+        exit(0);
+    }
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard)
+{
+    const char *const update_other_app_id = "security_manager_15_update_other_app_id";
+    const char *const update_privilege = "http://tizen.org/privilege/led";
+    const char *const check_start_bucket = "ADMIN";
+    const std::string username("sm_test_15_username");
+    PolicyRequest addPolicyRequest;
+    CynaraTestAdmin::Admin admin;
+
+    struct message {
+        uid_t uid;
+        gid_t gid;
+    } msg;
+
+    int pipefd[2];
+    pid_t pid;
+    int result = 0;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+
+    TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
+    user.create();
+
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        register_current_process_as_privilege_manager(user.getUid(), true);
+
+        //send info to child
+        msg.uid = user.getUid();
+        msg.gid = user.getGid();
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+        admin.adminCheck(check_start_bucket, false, generateAppLabel(update_other_app_id).c_str(),
+                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+    }
+    if(pid == 0)
+    {
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        // use wildcard as appId
+        PolicyEntry entry(SECURITY_MANAGER_ANY, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+        entry.setMaxLevel("Allow");
+
+        addPolicyRequest.addEntry(entry);
+        Api::sendPolicy(addPolicyRequest);
+        exit(0);
+    }
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_self)
+{
+    const char *const update_app_id = "security_manager_15_update_app_id";
+    const char *const update_privilege = "http://tizen.org/privilege/led";
+    const char *const check_start_bucket = "";
+    const std::string username("sm_test_15_username");
+    PolicyRequest addPolicyRequest;
+    CynaraTestAdmin::Admin admin;
+
+    struct message {
+        uid_t uid;
+        gid_t gid;
+    } msg;
+
+    int pipefd[2];
+    pid_t pid;
+    int result = 0;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+
+    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+    user.create();
+
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        register_current_process_as_privilege_manager(user.getUid(), false);
+
+        //send info to child
+        msg.uid = user.getUid();
+        msg.gid = user.getGid();
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+        admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+    }
+    if(pid == 0)
+    {
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+        entry.setLevel("Allow");
+
+        addPolicyRequest.addEntry(entry);
+        Api::sendPolicy(addPolicyRequest);
+        exit(0);
+    }
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_16_policy_levels_get)
+{
+    const std::string username("sm_test_16_user_cynara_policy");
+    CynaraTestAdmin::Admin admin;
+    int pipefd[2];
+    pid_t pid;
+    int result = 0;
+
+    struct message {
+        uid_t uid;
+        gid_t gid;
+    } msg;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+
+    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+    user.create();
+
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        //send info to child
+        msg.uid = user.getUid();
+        msg.gid = user.getGid();
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+    }
+    if(pid == 0)
+    {
+        int ret;
+        char** levels;
+        std::string allow_policy, deny_policy;
+        size_t count;
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        // without plugins there should only be 2 policies - Allow and Deny
+        ret = security_manager_policy_levels_get(&levels, &count);
+
+        RUNNER_ASSERT_MSG((lib_retcode)ret == SECURITY_MANAGER_SUCCESS,
+                "Invlid return code: " << ret);
+
+        RUNNER_ASSERT_MSG(count == 2, "Invalid number of policy levels. Should be 2, instead there is: " << static_cast<int>(count));
+
+        deny_policy = std::string(levels[0]);
+        allow_policy = std::string(levels[count-1]);
+
+        // first should always be Deny
+        RUNNER_ASSERT_MSG(deny_policy.compare("Deny") == 0,
+                "Invalid first policy level. Should be Deny, instead there is: " << levels[0]);
+
+        // last should always be Allow
+        RUNNER_ASSERT_MSG(allow_policy.compare("Allow") == 0,
+                "Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]);
+
+        security_manager_policy_levels_free(levels, count);
+        exit(0);
+    }
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_delete_policy_for_self)
+{
+    const char *const update_app_id = "security_manager_17_update_app_id";
+    const char *const update_privilege = "http://tizen.org/privilege/led";
+    const char *const check_start_bucket = "";
+    const std::string username("sm_test_17_username");
+    PolicyRequest addPolicyRequest;
+    CynaraTestAdmin::Admin admin;
+
+    struct message {
+        uid_t uid;
+        gid_t gid;
+    } msg;
+
+    int pipefd[2];
+    int pipefd2[2];
+    pid_t pid;
+    int result = 0;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+    RUNNER_ASSERT_MSG((pipe(pipefd2) != -1),"second pipe failed");
+
+    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
+    user.create();
+
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        register_current_process_as_privilege_manager(user.getUid(), false);
+
+        //send info to child
+        msg.uid = user.getUid();
+        msg.gid = user.getGid();
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+        admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+                std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
+
+        pid = fork();
+        if (pid != 0)//parent process
+        {
+            FdUniquePtr pipeptr(pipefd2+1);
+            close(pipefd2[0]);
+
+            //send info to child
+            msg.uid = user.getUid();
+            msg.gid = user.getGid();
+
+            ssize_t written = TEMP_FAILURE_RETRY(write(pipefd2[1], &msg, sizeof(struct message)));
+            RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+            //wait for child
+            RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+            //wait for child
+            waitpid(-1, &result, 0);
+
+            admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
+                    std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr);
+        }
+        if(pid == 0)
+        {
+            FdUniquePtr pipeptr(pipefd2);
+            close(pipefd2[1]);
+
+            ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message)));
+            RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+            //become admin privacy manager manager
+            Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+            result = drop_root_privileges(msg.uid, msg.gid);
+            RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+            // delete this entry
+            PolicyRequest deletePolicyRequest;
+            PolicyEntry deleteEntry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+            deleteEntry.setLevel(SECURITY_MANAGER_DELETE);
+
+            deletePolicyRequest.addEntry(deleteEntry);
+            Api::sendPolicy(deletePolicyRequest);
+            exit(0);
+        }
+    }
+    if(pid == 0)
+    {
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
+        entry.setLevel("Allow");
+
+        addPolicyRequest.addEntry(entry);
+        Api::sendPolicy(addPolicyRequest);
+        exit(0);
+    }
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_self_filtered)
+{
+    const std::string username("sm_test_17_user_name");
+
+    struct message {
+        uid_t uid;
+        gid_t gid;
+        unsigned int privileges_count;
+    } msg;
+
+    int pipefd[2];
+    pid_t pid;
+    int result = 0;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        TemporaryTestUser user(username, static_cast<GumUserType>(GUM_USERTYPE_NORMAL), false);
+        user.create();
+
+        unsigned int privileges_count = 0;
+
+        register_current_process_as_privilege_manager(user.getUid(), false);
+        //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
+        ++privileges_count;
+
+        for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
+            InstallRequest requestInst;
+            requestInst.setAppId(MANY_APPS[i].c_str());
+            requestInst.setPkgId(MANY_APPS_PKGS.at(MANY_APPS[i]).c_str());
+            requestInst.setUid(user.getUid());
+
+            for (auto &priv : MANY_APPS_PRIVILEGES.at(i)) {
+                requestInst.addPrivilege(priv.c_str());
+            };
+
+            Api::install(requestInst);
+            privileges_count += MANY_APPS_PRIVILEGES.at(i).size();
+        };
+
+        //send info to child
+        msg.uid = user.getUid();
+        msg.gid = user.getGid();
+        msg.privileges_count = privileges_count;
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+    }
+    if(pid == 0)
+    {
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+        // filter by privilege
+        std::vector<PolicyEntry> policyEntries;
+        PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/internet");
+        Api::getPolicy(filter, policyEntries);
+
+        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+        RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
+
+        // filter by other privilege
+        policyEntries.clear();
+        PolicyEntry filter2(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/email");
+        Api::getPolicy(filter2, policyEntries);
+
+        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+        RUNNER_ASSERT_MSG(policyEntries.size() == 3, "Number of policies doesn't match - should be: 3 and is " << policyEntries.size());
+
+        // filter by appId
+        policyEntries.clear();
+        PolicyEntry filter3(MANY_APPS[4].c_str(), SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY);
+        Api::getPolicy(filter3, policyEntries);
+
+        RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
+        RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size());
+    }
+}
+
+RUNNER_CHILD_TEST(security_manager_10_user_cynara_policy)
+{
+    const char *const MAIN_BUCKET = "MAIN";
+    const char *const MANIFESTS_BUCKET = "MANIFESTS";
+    const char *const ADMIN_BUCKET = "ADMIN";
+    const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL";
+    const std::string username("sm_test_10_user_cynara_policy");
+    CynaraTestAdmin::Admin admin;
+    std::string uid_string;
+    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
+    user.create();
+    user.getUidString(uid_string);
+
+    CynaraTestAdmin::CynaraPoliciesContainer nonemptyContainer;
+    nonemptyContainer.add(MAIN_BUCKET,CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, CYNARA_ADMIN_BUCKET, USER_TYPE_NORMAL_BUCKET);
+    admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, nonemptyContainer,CYNARA_API_SUCCESS);
+
+    user.remove();
+    CynaraTestAdmin::CynaraPoliciesContainer emptyContainer;
+
+    admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
+    admin.listPolicies(MANIFESTS_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
+    admin.listPolicies(CYNARA_ADMIN_DEFAULT_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
+    admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
+}
+
+RUNNER_CHILD_TEST(security_manager_11_security_manager_cmd_install)
+{
+    int ret;
+    const int SUCCESS = 0;
+    const int FAILURE = 256;
+    const std::string app_id = "security_manager_10_app";
+    const std::string pkg_id = "security_manager_10_pkg";
+    const std::string username("sm_test_10_user_name");
+    std::string uid_string;
+    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
+    user.create();
+    user.getUidString(uid_string);
+    const std::string path1 = appDirPath(user, app_id, pkg_id) + "/p1";
+    const std::string path2 = appDirPath(user, app_id, pkg_id) + "/p2";
+    const std::string pkgopt = " --pkg=" + pkg_id;
+    const std::string appopt = " --app=" + app_id;
+    const std::string uidopt = " --uid=" + uid_string;
+
+    mktreeSafe(path1.c_str(), 0);
+    mktreeSafe(path2.c_str(), 0);
+
+    const std::string installcmd = "security-manager-cmd --install " + appopt + pkgopt + uidopt;
+
+    struct operation {
+        std::string command;
+        int expected_result;
+    };
+    std::vector<struct operation> operations = {
+            {"security-manager-cmd", FAILURE},//no option
+            {"security-manager-cmd --blah", FAILURE},//blah option is not known
+            {"security-manager-cmd --help", SUCCESS},
+            {"security-manager-cmd --install", FAILURE},//no params
+            {"security-manager-cmd -i", FAILURE},//no params
+            {"security-manager-cmd --i --app=app_id_10 --pkg=pkg_id_10", FAILURE},//no uid
+            {installcmd, SUCCESS},
+            {"security-manager-cmd -i -a" + app_id + " -g" + pkg_id + uidopt, SUCCESS},
+            {installcmd + " --path " + path1 + " writable", SUCCESS},
+            {installcmd + " --path " + path1, FAILURE},//no path type
+            {installcmd + " --path " + path1 + " writable" + " --path " + path2 + " readable", SUCCESS},
+            {installcmd + " --path " + path1 + " prie" + " --path " + path2 + " readable", FAILURE},//wrong path type
+            {installcmd + " --path " + path1 + " writable" + " --privilege somepriv --privilege somepriv2" , SUCCESS},
+    };
+
+    for (auto &op : operations) {
+        ret = system(op.command.c_str());
+        RUNNER_ASSERT_MSG(ret == op.expected_result,
+                "Unexpected result for command '" << op.command <<"': "
+                << ret << " Expected was: "<< op.expected_result);
+    }
+}
+
+RUNNER_CHILD_TEST(security_manager_12_security_manager_cmd_users)
+{
+    int ret;
+    const int SUCCESS = 0;
+    const int FAILURE = 256;
+    const std::string username("sm_test_11_user_name");
+    std::string uid_string;
+    TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
+    user.create();
+    user.getUidString(uid_string);
+    const std::string uidopt = " --uid=" + uid_string;
+
+    struct operation {
+        std::string command;
+        int expected_result;
+    };
+    std::vector<struct operation> operations = {
+            {"security-manager-cmd --manage-users=remove", FAILURE},//no params
+            {"security-manager-cmd -m", FAILURE},//no params
+            {"security-manager-cmd -mr", FAILURE},//no uid
+            {"security-manager-cmd -mr --uid" + uidopt, FAILURE},//no uid
+            {"security-manager-cmd -mr --sdfj" + uidopt, FAILURE},//sdfj?
+            {"security-manager-cmd --msdf -u2004" , FAILURE},//sdf?
+            {"security-manager-cmd -mr" + uidopt, SUCCESS},//ok, removed
+            {"security-manager-cmd -mr --blah" + uidopt, FAILURE},//blah
+            {"security-manager-cmd -ma" + uidopt, SUCCESS},//ok, added
+            {"security-manager-cmd -ma --usertype=normal" + uidopt, SUCCESS},//ok, added
+            {"security-manager-cmd -ma --usertype=mal" + uidopt, FAILURE},//ok, added
+    };
+
+    for (auto &op : operations) {
+        ret = system(op.command.c_str());
+        RUNNER_ASSERT_MSG(ret == op.expected_result,
+                "Unexpected result for command '" << op.command <<"': "
+                << ret << " Expected was: "<< op.expected_result);
+    }
+}
+
+RUNNER_MULTIPROCESS_TEST(security_manager_13_security_manager_admin_deny_user_priv)
+{
+    const int BUFFER_SIZE = 128;
+    struct message {
+        uid_t uid;
+        gid_t gid;
+        char buf[BUFFER_SIZE];
+    } msg;
+
+    privileges_t admin_required_privs = {
+            "http://tizen.org/privilege/systemsettings.admin",
+            "http://tizen.org/privilege/systemsettings"};
+    privileges_t manifest_privs = {
+            "http://tizen.org/privilege/internet",
+            "http://tizen.org/privilege/camera"};
+    privileges_t real_privs_allow = {"http://tizen.org/privilege/camera"};
+    privileges_t real_privs_deny = {"http://tizen.org/privilege/internet"};
+
+    const std::string pirivman_id = "sm_test_13_ADMIN_APP";
+    const std::string pirivman_pkg_id = "sm_test_13_ADMIN_PKG";
+    const std::string app_id = "sm_test_13_SOME_APP";
+    const std::string pkg_id = "sm_test_13_SOME_PKG";
+
+    int pipefd[2];
+    pid_t pid;
+    int result = 0;
+
+    RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
+    pid = fork();
+    RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
+    if (pid != 0)//parent process
+    {
+        std::string childuidstr;
+        TemporaryTestUser admin("sm_test_13_ADMIN_USER", GUM_USERTYPE_ADMIN, true);
+        TemporaryTestUser child("sm_test_13_NORMAL_USER", GUM_USERTYPE_NORMAL, true);
+
+        InstallRequest request,request2;
+        FdUniquePtr pipeptr(pipefd+1);
+        close(pipefd[0]);
+
+        admin.create();
+        child.create();
+        child.getUidString(childuidstr);
+
+        //install privacy manager for admin
+        request.setAppId(pirivman_id.c_str());
+        request.setPkgId(pirivman_pkg_id.c_str());
+        request.setUid(admin.getUid());
+        for (auto &priv: admin_required_privs)
+            request.addPrivilege(priv.c_str());
+        Api::install(request);
+
+        //install app for child that has internet privilege
+        request2.setAppId(app_id.c_str());
+        request2.setPkgId(pkg_id.c_str());
+        request2.setUid(child.getUid());
+        for (auto &priv: manifest_privs)
+            request2.addPrivilege(priv.c_str());
+        Api::install(request2);
+
+        check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
+                              manifest_privs, SM_NO_PRIVILEGES);
+
+        //send info to child
+        msg.uid = admin.getUid();
+        msg.gid = admin.getGid();
+        strncpy (msg.buf, childuidstr.c_str(), BUFFER_SIZE);
+
+        ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
+
+        //wait for child
+        RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
+
+        check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
+                              real_privs_allow, real_privs_deny);
+    }
+    if (pid == 0)//child
+    {
+        FdUniquePtr pipeptr(pipefd);
+        close(pipefd[1]);
+
+        ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
+        RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
+
+        //become admin privacy manager manager
+        Api::setProcessLabel(pirivman_id.c_str());
+        result = drop_root_privileges(msg.uid, msg.gid);
+        RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+        PolicyRequest addPolicyReq;
+        //change rights
+        for (auto &denypriv:real_privs_deny) {
+            /*this entry will deny some privileges for user whose uid (as c string)
+              was sent in message's buf field.
+              That user would be denying internet for child in this case*/
+            PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, denypriv);
+            entry.setMaxLevel("Deny");
+            addPolicyReq.addEntry(entry);
+        }
+        Api::sendPolicy(addPolicyReq);
+        exit(0);
+    }
+}
+
  int main(int argc, char *argv[])
  {
      return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
author	Pawel Wieczorek <p.wieczorek2@samsung.com>
	Wed, 22 Apr 2015 15:01:20 +0000 (17:01 +0200)
committer	Pawel Wieczorek <p.wieczorek2@samsung.com>
	Wed, 22 Apr 2015 15:24:59 +0000 (08:24 -0700)
packaging/security-tests.spec		patch \| blob \| history
src/common/CMakeLists.txt		patch \| blob \| history
src/common/temp_test_user.cpp	[new file with mode: 0644]	patch \| blob
src/common/temp_test_user.h	[new file with mode: 0644]	patch \| blob
src/common/tests_common.cpp		patch \| blob \| history
src/common/tests_common.h		patch \| blob \| history
src/security-manager-tests/CMakeLists.txt		patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/.level_2/normal	[moved from src/security-manager-tests/test_DIR/non_app_dir/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/level_1/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/level_2/normal	[moved from src/security-manager-tests/test_DIR/non_app_dir/level_1/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_exec	[moved from src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/link_to_non_app_normal	[moved from src/security-manager-tests/test_DIR/app_dir/.level_1/link_to_non_app_normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/.level_1/normal	[moved from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/.level_2/normal	[moved from src/security-manager-tests/test_DIR/non_app_dir/level_1/.level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/.level_1/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/level_2/exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/link_to_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/level_2/link_to_non_exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/link_to_non_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/level_2/normal	[moved from src/security-manager-tests/test_DIR/non_app_dir/.level_1/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/link_to_exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/link_to_non_exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/level_1/link_to_non_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/level_1/normal	[moved from src/security-manager-tests/test_DIR/non_app_dir/.level_1/level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/link_to_exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/link_to_non_app_dir	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_dir with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/link_to_non_app_exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/link_to_non_app_normal	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_app_normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/link_to_non_exec	[moved from src/security-manager-tests/test_DIR/non_app_dir/level_1/level_2/link_to_non_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir/normal	[moved from src/security-manager-tests/test_DIR/non_app_dir/.level_1/.level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/.level_2/normal	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/level_2/normal	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/.level_1/normal	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/.level_2/normal	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/.level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/link_to_non_exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/link_to_non_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/level_2/normal	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/link_to_non_exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/link_to_non_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/level_1/normal	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_dir	[moved from src/security-manager-tests/test_DIR/app_dir/link_to_non_app_dir with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_exec	[moved from src/security-manager-tests/test_DIR/app_dir/link_to_non_app_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_app_normal	[moved from src/security-manager-tests/test_DIR/app_dir/link_to_non_app_normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/link_to_non_exec	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/level_1/level_2/link_to_non_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/app_dir_public_ro/normal	[moved from src/security-manager-tests/test_DIR/app_dir_public_ro/.level_1/.level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/exec	[moved from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/.level_2/normal	[moved from src/security-manager-tests/test_DIR/app_dir/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/exec	[moved from src/security-manager-tests/test_DIR/app_dir/level_1/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/exec	[moved from src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/level_2/normal	[moved from src/security-manager-tests/test_DIR/app_dir/level_1/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/.level_1/normal	[moved from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/exec	[moved from src/security-manager-tests/test_DIR/app_dir/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/exec	[moved from src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/.level_2/normal	[moved from src/security-manager-tests/test_DIR/app_dir/level_1/.level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/exec	[moved from src/security-manager-tests/test_DIR/app_dir/.level_1/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/exec	[moved from src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_exec	[moved from src/security-manager-tests/test_DIR/app_dir/link_to_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/link_to_non_exec	[moved from src/security-manager-tests/test_DIR/app_dir/link_to_non_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/level_2/normal	[moved from src/security-manager-tests/test_DIR/app_dir/.level_1/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_exec	[moved from src/security-manager-tests/test_DIR/app_dir/level_1/link_to_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/link_to_non_exec	[moved from src/security-manager-tests/test_DIR/app_dir/level_1/link_to_non_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/level_1/normal	[moved from src/security-manager-tests/test_DIR/app_dir/.level_1/level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/link_to_exec	[moved from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/link_to_non_exec	[moved from src/security-manager-tests/test_DIR/app_dir/level_1/level_2/link_to_non_exec with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/non_app_dir/normal	[moved from src/security-manager-tests/test_DIR/app_dir/.level_1/.level_2/normal with 100% similarity]	patch \| blob \| history
src/security-manager-tests/apps_rw/subdir/file	[new file with mode: 0644]	patch \| blob
src/security-manager-tests/common/sm_api.cpp	[new file with mode: 0644]	patch \| blob
src/security-manager-tests/common/sm_api.h	[new file with mode: 0644]	patch \| blob
src/security-manager-tests/common/sm_db.cpp		patch \| blob \| history
src/security-manager-tests/common/sm_policy_request.cpp	[new file with mode: 0644]	patch \| blob
src/security-manager-tests/common/sm_policy_request.h	[new file with mode: 0644]	patch \| blob
src/security-manager-tests/common/sm_request.cpp	[new file with mode: 0644]	patch \| blob
src/security-manager-tests/common/sm_request.h	[new file with mode: 0644]	patch \| blob
src/security-manager-tests/common/sm_user_request.cpp	[new file with mode: 0644]	patch \| blob
src/security-manager-tests/common/sm_user_request.h	[new file with mode: 0644]	patch \| blob
src/security-manager-tests/security_manager_tests.cpp		patch \| blob \| history