RUNNER_ASSERT_MSG(nPrivs == 0, "Expected empty set of privileges, returned " << nPrivs);
}
-RUNNER_CHILD_TEST(security_manager_24_fetch_app_manifest_auth_error)
-{
- TemporaryTestUser user("sm_test_24_fetch_username", GUM_USERTYPE_NORMAL);
- user.create();
-
- AppInstallHelper app("security_manager_24_fetch", user.getUid());
- app.setInstallType(SM_APP_INSTALL_LOCAL);
- app.addPrivileges(TEST_PRIVACY_PRIVILEGES[1]);
- ScopedInstaller appInstall(app);
-
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
- if (pid != 0) { //parent process
- waitPid(pid);
- } else { //child process
- Api::setProcessLabel(app.getAppId());
- RUNNER_ASSERT_ERRNO_MSG(
- drop_root_privileges(user.getUid(), user.getGid()) == 0,
- "drop_root_privileges failed");
- char **privileges;
- size_t nPrivs = 0;
- int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
- RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "Expected access denied, returned " << ret);
- exit(0);
- }
-}
-
static void check_privileges_from_manifest(const AppInstallHelper &aih, char **privileges, size_t nPrivs)
{
std::vector<std::string> aihPrivs = aih.getPrivilegesNames();
}
}
-RUNNER_CHILD_TEST(security_manager_25_fetch_app_manifest_global_app)
+RUNNER_CHILD_TEST(security_manager_24_fetch_app_manifest_global_app)
{
- TemporaryTestUser user("sm_test_25_fetch_username", GUM_USERTYPE_NORMAL);
+ TemporaryTestUser user("sm_test_24_fetch_username", GUM_USERTYPE_NORMAL);
user.create();
- AppInstallHelper app("security_manager_25_fetch");
+ AppInstallHelper app("security_manager_24_fetch");
app.setInstallType(SM_APP_INSTALL_GLOBAL);
app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
security_manager_privileges_free(privileges, nPrivs);
}
-RUNNER_CHILD_TEST(security_manager_26_fetch_app_manifest_local_app)
+RUNNER_CHILD_TEST(security_manager_25_fetch_app_manifest_local_app)
{
- TemporaryTestUser user("sm_test_26_fetch_username", GUM_USERTYPE_NORMAL);
+ TemporaryTestUser user("sm_test_25_fetch_username", GUM_USERTYPE_NORMAL);
user.create();
- AppInstallHelper app("security_manager_26_fetch", user.getUid());
+ AppInstallHelper app("security_manager_25_fetch", user.getUid());
app.setInstallType(SM_APP_INSTALL_LOCAL);
app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
RUNNER_ASSERT_MSG(nPrivs == 0, "Expected empty set of privileges, returned " << nPrivs);
}
-RUNNER_CHILD_TEST(security_manager_27_fetch_app_manifest_both_apps)
+RUNNER_CHILD_TEST(security_manager_26_fetch_app_manifest_both_apps)
{
- TemporaryTestUser user("sm_test_27_fetch_username", GUM_USERTYPE_NORMAL);
+ TemporaryTestUser user("sm_test_26_fetch_username", GUM_USERTYPE_NORMAL);
user.create();
- AppInstallHelper appGlobal("security_manager_27_fetch");
+ AppInstallHelper appGlobal("security_manager_26_fetch");
appGlobal.setInstallType(SM_APP_INSTALL_GLOBAL);
appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
appGlobal.addPrivilege(std::string("http://tizen.org/privielge/contacts.read"));
ScopedInstaller appGlobalInstall(appGlobal);
- AppInstallHelper appLocal("security_manager_27_fetch", user.getUid());
+ AppInstallHelper appLocal("security_manager_26_fetch", user.getUid());
appLocal.setInstallType(SM_APP_INSTALL_LOCAL);
appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
check_privileges_from_manifest(appGlobal, privileges, nPrivs);
security_manager_privileges_free(privileges, nPrivs);
}
+
+RUNNER_CHILD_TEST(security_manager_27_fetch_app_manifest_app_context_local_positive)
+{
+ TemporaryTestUser user("sm_test_27_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("security_manager_27_fetch", user.getUid());
+ app.setInstallType(SM_APP_INSTALL_LOCAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_28_fetch_app_manifest_app_context_global_positive)
+{
+ TemporaryTestUser user("sm_test_28_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("security_manager_28_fetch");
+ app.setInstallType(SM_APP_INSTALL_GLOBAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_29_fetch_app_manifest_app_context_local_different_uid)
+{
+ TemporaryTestUser user("sm_test_29_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ TemporaryTestUser user1("sm_test_29_fetch_username_1", GUM_USERTYPE_NORMAL);
+ user1.create();
+
+ AppInstallHelper app("security_manager_29_fetch", user.getUid());
+ app.setInstallType(SM_APP_INSTALL_LOCAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ AppInstallHelper app1("security_manager_29_fetch", user1.getUid());
+ app1.setInstallType(SM_APP_INSTALL_LOCAL);
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
+ ScopedInstaller appInstall1(app1);
+
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app1.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(user1.getUid(), user1.getGid()) == 0,
+ "drop_root_privileges failed");
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "Expected auth failed, returned " << ret);
+
+ nPrivs = 0;
+ ret = security_manager_get_app_manifest_policy(app1.getAppId().c_str(), user1.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app1, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_30_fetch_app_manifest_app_context_local_different_label)
+{
+ TemporaryTestUser user("sm_test_30_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("security_manager_30_fetch", user.getUid());
+ app.setInstallType(SM_APP_INSTALL_LOCAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ AppInstallHelper app1("security_manager_30_fetch_1", user.getUid());
+ app1.setInstallType(SM_APP_INSTALL_LOCAL);
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
+ ScopedInstaller appInstall1(app1);
+
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app1.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "Expected auth failed, returned " << ret);
+
+ nPrivs = 0;
+ ret = security_manager_get_app_manifest_policy(app1.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app1, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_31_fetch_app_manifest_app_context_local_different_label_with_privilege)
+{
+ TemporaryTestUser user("sm_test_31_fetch_username", GUM_USERTYPE_ADMIN);
+ user.create();
+
+ AppInstallHelper app("security_manager_31_fetch", user.getUid());
+ app.setInstallType(SM_APP_INSTALL_LOCAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ AppInstallHelper app1("security_manager_31_fetch_1", user.getUid());
+ app1.setInstallType(SM_APP_INSTALL_LOCAL);
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/internal/usermanagement"));
+ ScopedInstaller appInstall1(app1);
+
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app1.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+
+ nPrivs = 0;
+ ret = security_manager_get_app_manifest_policy(app1.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app1, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+ exit(0);
+ }
+}
projects / platform / core / test / security-tests.git / commitdiff