Smack privilege tests with different configurations

Change-Id: I93138c69683dc910df44515d216b42f0b5855ff5

diff --git a/src/security-manager-tests/smack-privileges/malformed/privilege-mapping/priv-rules-default-template.smack b/src/security-manager-tests/smack-privileges/malformed/privilege-mapping/priv-rules-default-template.smack
new file mode 100644 (file)
index 0000000..09c5be6
--- /dev/null
+++ b/src/security-manager-tests/smack-privileges/malformed/privilege-mapping/priv-rules-default-template.smack
@@ -0,0 +1,2 @@
+~PROCESS~ ~PRIVILEGE~ w
+~PRIVILEGE~ ~PROCESS~ w

diff --git a/src/security-manager-tests/smack-privileges/malformed/privilege-smack.list b/src/security-manager-tests/smack-privileges/malformed/privilege-smack.list
new file mode 100644 (file)
index 0000000..04ab381
--- /dev/null
+++ b/src/security-manager-tests/smack-privileges/malformed/privilege-smack.list
@@ -0,0 +1,3 @@
+http://tizen.org/privilege/internet System::Privilege::Internet default
+http://tizen.org/privilege/camera System::Privilege::Camera the-fault
+http://tizen.org/privilege/camera System::Privilege::Camera

diff --git a/src/security-manager-tests/smack-privileges/multiple-privs/privilege-mapping/flawed-camera-template.smack b/src/security-manager-tests/smack-privileges/multiple-privs/privilege-mapping/flawed-camera-template.smack
new file mode 100644 (file)
index 0000000..fb35c52
--- /dev/null
+++ b/src/security-manager-tests/smack-privileges/multiple-privs/privilege-mapping/flawed-camera-template.smack
@@ -0,0 +1,3 @@
+~PROCESS~ System::TEF r
+~PROCESS~ ~PRIVILEGE~ w
+~PRIVILEGE~ ~PROCESS~ w

diff --git a/src/security-manager-tests/smack-privileges/multiple-privs/privilege-mapping/priv-rules-default-template.smack b/src/security-manager-tests/smack-privileges/multiple-privs/privilege-mapping/priv-rules-default-template.smack
new file mode 100644 (file)
index 0000000..09c5be6
--- /dev/null
+++ b/src/security-manager-tests/smack-privileges/multiple-privs/privilege-mapping/priv-rules-default-template.smack
@@ -0,0 +1,2 @@
+~PROCESS~ ~PRIVILEGE~ w
+~PRIVILEGE~ ~PROCESS~ w

diff --git a/src/security-manager-tests/smack-privileges/multiple-privs/privilege-smack.list b/src/security-manager-tests/smack-privileges/multiple-privs/privilege-smack.list
new file mode 100644 (file)
index 0000000..8a0bc4f
--- /dev/null
+++ b/src/security-manager-tests/smack-privileges/multiple-privs/privilege-smack.list
@@ -0,0 +1,2 @@
+http://tizen.org/privilege/internet System::Privilege::Internet default
+http://tizen.org/privilege/camera System::Privilege::Camera flawed-camera-template.smack

diff --git a/src/security-manager-tests/test_cases_smack_privileges.cpp b/src/security-manager-tests/test_cases_smack_privileges.cpp
index 2878da3..0aba4f7 100644 (file)
--- a/src/security-manager-tests/test_cases_smack_privileges.cpp
+++ b/src/security-manager-tests/test_cases_smack_privileges.cpp
@@ -58,11 +58,24 @@ void changePolicy(const AppInstallHelper& app, const std::string& priv, const st
     Api::sendPolicy(policyRequest);
 }
 
+const std::vector<AccessRequest> INTERNET_RULES = {
+    {"~PROCESS~", "System::Privilege::Internet", "w"},
+    {"System::Privilege::Internet", "~PROCESS~", "w"}
+};
+const std::vector<AccessRequest> CAMERA_RULES = {
+    {"~PROCESS~", "System::Privilege::Camera", "w"},
+    {"System::Privilege::Camera", "~PROCESS~", "w"}
+};
+const std::vector<AccessRequest> CAMERA_IGNORED_RULES = {
+    {"~PROCESS~", "System::TEF", "r"}
+};
+
 enum class SmackPrivSetup {
     ORIGINAL,
     EMPTY,
     INTERNET_ONLY,
-    // TODO test other configurations
+    MULTIPLE_PRIVS,
+    MALFORMED
 };
 
 // This is to ensure that original security-manager policy is restored after the group is finished
@@ -74,7 +87,9 @@ private:
             m_currentSetup(SmackPrivSetup::ORIGINAL),
             m_serviceManager("security-manager.service"),
             m_setupMap({{ SmackPrivSetup::EMPTY, "empty" },
-                        { SmackPrivSetup::INTERNET_ONLY, "internet-only" }})
+                        { SmackPrivSetup::INTERNET_ONLY, "internet-only" },
+                        { SmackPrivSetup::MULTIPLE_PRIVS, "multiple-privs" },
+                        { SmackPrivSetup::MALFORMED, "malformed" }})
         {
         }
         SmackPrivSetupMgr(const SmackPrivSetupMgr&) = delete;
@@ -173,7 +188,10 @@ public:
     void finish() {}
 };
 
+typedef TestSetup<SmackPrivSetup::EMPTY> EmptySetup;
 typedef TestSetup<SmackPrivSetup::INTERNET_ONLY> InternetOnlySetup;
+typedef TestSetup<SmackPrivSetup::MULTIPLE_PRIVS> MultiplePrivsSetup;
+typedef TestSetup<SmackPrivSetup::MALFORMED> MalformedSetup;
 
 } // namespace anonymous
 
@@ -187,9 +205,11 @@ RUNNER_CHILD_TEST(smack_privileges_10_no_privileges, InternetOnlySetup)
         app.checkAfterInstall();
         app.checkDeniedPrivileges({PRIV_INTERNET});
         app.checkSmackPrivileges({}, {PRIV_INTERNET});
+        app.checkSmackAccesses(CAMERA_RULES, false);
         {
             ScopedAppLauncher appLaunch(app);
             app.checkSmackPrivileges({}, {PRIV_INTERNET});
+            app.checkSmackAccesses(CAMERA_RULES, false);
         }
     }
     app.checkAfterUninstall();
@@ -198,16 +218,18 @@ RUNNER_CHILD_TEST(smack_privileges_10_no_privileges, InternetOnlySetup)
 RUNNER_CHILD_TEST(smack_privileges_20_internet_privilege, InternetOnlySetup)
 {
     AppInstallHelperExt app("sm_test_sp_20_app");
-    app.addPrivileges({PRIV_INTERNET});
+    app.addPrivileges({PRIV_INTERNET, PRIV_CAMERA});
     {
         ScopedInstaller appInstall(app);
         app.checkAfterInstall();
 
         // rules absent before app is launched
         app.checkSmackPrivileges({}, {PRIV_INTERNET});
+        app.checkSmackAccesses(CAMERA_RULES, false);
         {
             ScopedAppLauncher appLaunch(app);
             app.checkSmackPrivileges({PRIV_INTERNET}, {});
+            app.checkSmackAccesses(CAMERA_RULES, false);
         }
         // rules present after app is terminated
         app.checkSmackPrivileges({PRIV_INTERNET}, {});
@@ -812,4 +834,128 @@ RUNNER_CHILD_TEST(smack_privileges_180_hybrid_package_both_apps_privileged, Inte
     app2.checkSmackPrivileges({}, {PRIV_INTERNET});
 }
 
-// TODO custom smack privileges
+RUNNER_CHILD_TEST(smack_privileges_200_empty_policy, EmptySetup)
+{
+    AppInstallHelperExt app("sm_test_sp_200_app");
+    app.addPrivileges({PRIV_INTERNET, PRIV_CAMERA});
+    {
+        ScopedInstaller appInstall(app);
+
+        app.checkAfterInstall();
+
+        app.checkSmackAccesses(INTERNET_RULES, false);
+        app.checkSmackAccesses(CAMERA_RULES, false);
+        {
+            ScopedAppLauncher appLaunch(app);
+
+            // no config -> no access
+            app.checkSmackAccesses(INTERNET_RULES, false);
+            app.checkSmackAccesses(CAMERA_RULES, false);
+        }
+    }
+    app.checkAfterUninstall();
+    app.checkSmackAccesses(INTERNET_RULES, false);
+    app.checkSmackAccesses(CAMERA_RULES, false);
+}
+
+RUNNER_CHILD_TEST(smack_privileges_300_multi_policy_no_privs, MultiplePrivsSetup)
+{
+    AppInstallHelperExt app("sm_test_sp_300_app");
+    {
+        ScopedInstaller appInstall(app);
+
+        app.checkAfterInstall();
+        app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+        app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+        {
+            ScopedAppLauncher appLaunch(app);
+
+            app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+            app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+        }
+    }
+    app.checkAfterUninstall();
+    app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+}
+
+RUNNER_CHILD_TEST(smack_privileges_310_multi_policy_single_priv, MultiplePrivsSetup)
+{
+    AppInstallHelperExt app("sm_test_sp_310_app");
+    app.addPrivilege(PRIV_CAMERA);
+    {
+        ScopedInstaller appInstall(app);
+
+        app.checkAfterInstall();
+        app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+        app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+        {
+            ScopedAppLauncher appLaunch(app);
+
+            app.checkSmackPrivileges({PRIV_CAMERA}, {PRIV_INTERNET});
+            app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+        }
+    }
+    app.checkAfterUninstall();
+    app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+}
+
+RUNNER_CHILD_TEST(smack_privileges_320_multi_policy_all_privs, MultiplePrivsSetup)
+{
+    TemporaryTestUser testUser("sm_test_320_user_name", GUM_USERTYPE_NORMAL, true);
+    testUser.create();
+
+    AppInstallHelperExt app("sm_test_sp_320_app", testUser.getUid());
+    app.addPrivileges({PRIV_CAMERA, PRIV_INTERNET});
+    {
+        ScopedInstaller appInstall(app);
+
+        app.checkAfterInstall();
+        app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+        app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+        {
+            ScopedAppLauncher appLaunch(app);
+
+            app.checkSmackPrivileges({PRIV_CAMERA, PRIV_INTERNET}, {});
+            app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+
+            // change policy
+            changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_DENY);
+
+            app.checkSmackPrivileges({PRIV_CAMERA}, {PRIV_INTERNET});
+            app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+
+            // change policy
+            changePolicy(app, PRIV_INTERNET, PolicyEntry::LEVEL_ALLOW);
+            changePolicy(app, PRIV_CAMERA, PolicyEntry::LEVEL_DENY);
+
+            app.checkSmackPrivileges({PRIV_INTERNET}, {PRIV_CAMERA});
+            app.checkSmackAccesses(CAMERA_IGNORED_RULES, false);
+        }
+    }
+    app.checkAfterUninstall();
+    app.checkSmackPrivileges({}, {PRIV_INTERNET, PRIV_CAMERA});
+}
+
+RUNNER_CHILD_TEST(smack_privileges_400_malformed, MalformedSetup)
+{
+    AppInstallHelperExt app("sm_test_sp_400_app");
+    app.addPrivileges({PRIV_INTERNET, PRIV_CAMERA});
+    {
+        ScopedInstaller appInstall(app);
+
+        app.checkAfterInstall();
+
+        app.checkSmackAccesses(INTERNET_RULES, false);
+        app.checkSmackAccesses(CAMERA_RULES, false);
+        {
+            ScopedAppLauncher appLaunch(app);
+
+            // malformed config -> no access
+            app.checkSmackAccesses(INTERNET_RULES, false);
+            app.checkSmackAccesses(CAMERA_RULES, false);
+        }
+    }
+    app.checkAfterUninstall();
+    app.checkSmackAccesses(INTERNET_RULES, false);
+    app.checkSmackAccesses(CAMERA_RULES, false);
+}