static const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
-static const char *const SM_RW_PATH = "/usr/apps/app_dir";
-static const char *const SM_RO_PATH = "/usr/apps/app_dir_public_ro";
+static const char *const SM_RW_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir";
+static const char *const SM_RO_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir_ro";
+static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir_public_ro";
static const char *const SM_DENIED_PATH = "/usr/apps/non_app_dir";
static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
return "User::App::" + appId;
}
+static std::string generatePkgLabel(const std::string &pkgId)
+{
+ return "User::Pkg::" + pkgId;
+}
+
static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
const char* correctLabel, bool transmute_test, bool exec_test)
{
result = nftw(SM_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RO_PATH);
+ result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
+
result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
}
prepare_app_path();
}
-static void check_app_path_after_install(const char *appId)
+static void check_app_path_after_install(const char *pkgId)
{
int result;
- nftw_expected_label = generateAppLabel(appId);
- nftw_expected_transmute = false;
- nftw_expected_exec = true;
+ nftw_expected_label = generatePkgLabel(pkgId);
+ nftw_expected_transmute = true;
+ nftw_expected_exec = false;
result = nftw(SM_RW_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH);
- nftw_expected_label = "User::Home";
- nftw_expected_transmute = true;
+ nftw_expected_label = generatePkgLabel(pkgId) + "::RO";
+ nftw_expected_transmute = false;
nftw_expected_exec = false;
result = nftw(SM_RO_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH);
+ nftw_expected_label = "User::Home";
+ nftw_expected_transmute = true;
+ nftw_expected_exec = false;
+
+ result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
+
result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
}
requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
+ requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
Api::install(requestInst);
SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
/* TODO: add parameters to this function */
- check_app_path_after_install(sm_app_id);
+ check_app_path_after_install(sm_pkg_id);
InstallRequest requestUninst;
requestUninst.setAppId(sm_app_id);
const std::string &appDir,
bool requestUid)
{
- InstallRequest requestPublic;
-
- //install app for non-root user and try to register public path (should fail)
- prepare_request(requestPublic, sm_app_id, sm_pkg_id,
- SECURITY_MANAGER_PATH_PUBLIC, appDir.c_str(),
- requestUid ? user.getUid() : 0);
-
- Api::install(requestPublic, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
-
InstallRequest requestPrivate;
//install app for non-root user