Api::sendPolicy(policyRequest);
}
+const std::vector<AccessRequest> INTERNET_RULES = {
+ {"~PROCESS~", "System::Privilege::Internet", "w"},
+ {"System::Privilege::Internet", "~PROCESS~", "w"}
+};
+const std::vector<AccessRequest> CAMERA_RULES = {
+ {"~PROCESS~", "System::Privilege::Camera", "w"},
+ {"System::Privilege::Camera", "~PROCESS~", "w"}
+};
+const std::vector<AccessRequest> CAMERA_IGNORED_RULES = {
+ {"~PROCESS~", "System::TEF", "r"}
+};
+
enum class SmackPrivSetup {
ORIGINAL,
EMPTY,
INTERNET_ONLY,
- // TODO test other configurations
+ MULTIPLE_PRIVS,
+ MALFORMED
};
// This is to ensure that original security-manager policy is restored after the group is finished
m_currentSetup(SmackPrivSetup::ORIGINAL),
m_serviceManager("security-manager.service"),
m_setupMap({{ SmackPrivSetup::EMPTY, "empty" },
- { SmackPrivSetup::INTERNET_ONLY, "internet-only" }})
+ { SmackPrivSetup::INTERNET_ONLY, "internet-only" },
+ { SmackPrivSetup::MULTIPLE_PRIVS, "multiple-privs" },
+ { SmackPrivSetup::MALFORMED, "malformed" }})
{
}
SmackPrivSetupMgr(const SmackPrivSetupMgr&) = delete;
void finish() {}
};
+typedef TestSetup<SmackPrivSetup::EMPTY> EmptySetup;
typedef TestSetup<SmackPrivSetup::INTERNET_ONLY> InternetOnlySetup;
+typedef TestSetup<SmackPrivSetup::MULTIPLE_PRIVS> MultiplePrivsSetup;
+typedef TestSetup<SmackPrivSetup::MALFORMED> MalformedSetup;
} // namespace anonymous
app.checkAfterInstall();
app.checkDeniedPrivileges({PRIV_INTERNET});
app.checkSmackPrivileges({}, {PRIV_INTERNET});
+ app.checkSmackAccesses(CAMERA_RULES, false);
{
ScopedAppLauncher appLaunch(app);
app.checkSmackPrivileges({}, {PRIV_INTERNET});
+ app.checkSmackAccesses(CAMERA_RULES, false);
}
}
app.checkAfterUninstall();
RUNNER_CHILD_TEST(smack_privileges_20_internet_privilege, InternetOnlySetup)
{
AppInstallHelperExt app("sm_test_sp_20_app");
- app.addPrivileges({PRIV_INTERNET});
+ app.addPrivileges({PRIV_INTERNET, PRIV_CAMERA});
{
ScopedInstaller appInstall(app);
app.checkAfterInstall();
// rules absent before app is launched
app.checkSmackPrivileges({}, {PRIV_INTERNET});
+ app.checkSmackAccesses(CAMERA_RULES, false);
{
ScopedAppLauncher appLaunch(app);
app.checkSmackPrivileges({PRIV_INTERNET}, {});
+ app.checkSmackAccesses(CAMERA_RULES, false);
}
// rules present after app is terminated
app.checkSmackPrivileges({PRIV_INTERNET}, {});
app2.checkSmackPrivileges({}, {PRIV_INTERNET});
}
-// TODO custom smack privileges
+RUNNER_CHILD_TEST(smack_privileges_200_empty_policy, EmptySetup)
+{
+ AppInstallHelperExt app("sm_test_sp_200_app");
+ app.addPrivileges({PRIV_INTERNET, PRIV_CAMERA});
+ {
+ ScopedInstaller appInstall(app);
+
+ app.checkAfterInstall();
+
+ app.checkSmackAccesses(INTERNET_RULES, false);
+ app.checkSmackAccesses(CAMERA_RULES, false);
+ {
+ ScopedAppLauncher appLaunch(app);
+
+ // no config -> no access
+ app.checkSmackAccesses(INTERNET_RULES, false);
+ app.checkSmackAccesses(CAMERA_RULES, false);
+ }
+ }
+ app.checkAfterUninstall();
+ app.checkSmackAccesses(INTERNET_RULES, false);
+ app.checkSmackAccesses(CAMERA_RULES, false);
+}
+
+RUNNER_CHILD_TEST(smack_privileges_300_multi_policy_no_privs, MultiplePrivsSetup)
+{
+ AppInstallHelperExt app("sm_test_sp_300_app");
+ {
+ ScopedInstaller appInstall(app);
+
+ app.checkAfterInstall();
+ app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+ app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+ {
+ ScopedAppLauncher appLaunch(app);
+
+ app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+ app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+ }
+ }
+ app.checkAfterUninstall();
+ app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+}
+
+RUNNER_CHILD_TEST(smack_privileges_310_multi_policy_single_priv, MultiplePrivsSetup)
+{
+ AppInstallHelperExt app("sm_test_sp_310_app");
+ app.addPrivilege(PRIV_CAMERA);
+ {
+ ScopedInstaller appInstall(app);
+
+ app.checkAfterInstall();
+ app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+ app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+ {
+ ScopedAppLauncher appLaunch(app);
+
+ app.checkSmackPrivileges({PRIV_CAMERA}, {PRIV_INTERNET});
+ app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+ }
+ }
+ app.checkAfterUninstall();
+ app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+}
+
+RUNNER_CHILD_TEST(smack_privileges_320_multi_policy_all_privs, MultiplePrivsSetup)
+{
+ TemporaryTestUser testUser("sm_test_320_user_name", GUM_USERTYPE_NORMAL, true);
+ testUser.create();
+
+ AppInstallHelperExt app("sm_test_sp_320_app", testUser.getUid());
+ app.addPrivileges({PRIV_CAMERA, PRIV_INTERNET});
+ {
+ ScopedInstaller appInstall(app);
+
+ app.checkAfterInstall();
+ app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+ app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+ {
+ ScopedAppLauncher appLaunch(app);
+
+ app.checkSmackPrivileges({PRIV_CAMERA, PRIV_INTERNET}, {});
+ app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+
+ // change policy
+ changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
+
+ app.checkSmackPrivileges({PRIV_CAMERA}, {PRIV_INTERNET});
+ app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+
+ // change policy
+ changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
+ changePolicy(app, PRIV_CAMERA, PolicyEntry::LEVEL_DENY);
+
+ app.checkSmackPrivileges({PRIV_INTERNET}, {PRIV_CAMERA});
+ app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+ }
+ }
+ app.checkAfterUninstall();
+ app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+}
+
+RUNNER_CHILD_TEST(smack_privileges_400_malformed, MalformedSetup)
+{
+ AppInstallHelperExt app("sm_test_sp_400_app");
+ app.addPrivileges({PRIV_INTERNET, PRIV_CAMERA});
+ {
+ ScopedInstaller appInstall(app);
+
+ app.checkAfterInstall();
+
+ app.checkSmackAccesses(INTERNET_RULES, false);
+ app.checkSmackAccesses(CAMERA_RULES, false);
+ {
+ ScopedAppLauncher appLaunch(app);
+
+ // malformed config -> no access
+ app.checkSmackAccesses(INTERNET_RULES, false);
+ app.checkSmackAccesses(CAMERA_RULES, false);
+ }
+ }
+ app.checkAfterUninstall();
+ app.checkSmackAccesses(INTERNET_RULES, false);
+ app.checkSmackAccesses(CAMERA_RULES, false);
+}