cynara-creds-dbus
cynara-creds-gdbus
security-manager
+ security-privilege-manager
REQUIRED
)
${PROJECT_SOURCE_DIR}/src/common/sm_user_request.cpp
${PROJECT_SOURCE_DIR}/src/common/sm_policy_request.cpp
${PROJECT_SOURCE_DIR}/src/common/tzplatform.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/privilege_manager.cpp
)
#system and local includes
/*
- * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
UNSET,
UNTRUSTED,
LICENSED,
+ PRIVACY,
};
Privilege(std::string systemPrivilege, Type type = UNSET, std::string license = std::string())
bool isUnset() const { return m_type == UNSET; }
bool isUntrusted() const { return m_type == UNTRUSTED; }
bool isLicensed() const { return m_type == LICENSED; }
+ bool isPrivacy() const { return m_type == PRIVACY; }
int getType() const { return m_type; }
app_defined_privilege_type getSMType () const {
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <sys/types.h>
+#include <vector>
+
+#include <app_def_privilege.h>
+#include <app_install_helper.h>
+#include <privilege_manager.h>
+#include <memory.h>
+#include <dpl/test/safe_cleanup.h>
+
+class PkgPrivacyPrivileges {
+public:
+ PkgPrivacyPrivileges(const AppInstallHelper &app)
+ : m_pkgId(app.getPkgId()),
+ m_uid(app.getUID()),
+ m_creatorPid(getpid()),
+ m_shouldUnsetPrivacy(false)
+ {
+ std::vector<std::string> privacyPrivileges;
+ for (const Privilege &privilege : app.getPrivileges())
+ if (privilege.isPrivacy())
+ privacyPrivileges.push_back(privilege.getName());
+
+ if (!privacyPrivileges.empty()) {
+ PrivilegeManager::setPrivacyPrivileges(
+ app.getUID(), app.getPkgId(), app.getVersion(), privacyPrivileges);
+ m_shouldUnsetPrivacy = true;
+ }
+ }
+
+ PkgPrivacyPrivileges(const PkgPrivacyPrivileges &) = delete;
+ PkgPrivacyPrivileges(PkgPrivacyPrivileges &&other)
+ : m_pkgId(std::move(other.m_pkgId)),
+ m_uid(other.m_uid),
+ m_shouldUnsetPrivacy(other.m_shouldUnsetPrivacy)
+ {
+ other.m_uid = 0;
+ other.m_shouldUnsetPrivacy = false;
+ other.m_creatorPid = -1;
+ }
+
+ PkgPrivacyPrivileges& operator=(const PkgPrivacyPrivileges &) = delete;
+
+ virtual ~PkgPrivacyPrivileges() {
+ if (m_creatorPid == getpid())
+ {
+ SafeCleanup::run([this]{ unsetPrivacy(); });
+ }
+ }
+
+ void unsetPrivacy() {
+ if (!m_shouldUnsetPrivacy)
+ return;
+ PrivilegeManager::unsetPrivacyPrivileges(m_uid, m_pkgId);
+ m_shouldUnsetPrivacy = false;
+ }
+
+protected:
+ std::string m_pkgId;
+ uid_t m_uid;
+ pid_t m_creatorPid;
+ bool m_shouldUnsetPrivacy;
+};
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <new>
+#include <glib.h>
+#include <gmodule.h>
+
+#include "dpl/test/test_runner.h"
+#include "privilege_manager.h"
+
+namespace PrivilegeManager {
+
+void setPrivacyPrivileges(const uid_t uid, const std::string &pkgId,
+ const std::string &tizenVersion, const std::vector<std::string> &privileges,
+ const privilege_manager_package_type_e &type)
+{
+ GList *list = nullptr;
+
+ for (const std::string &privilege : privileges) {
+ gchar *str = g_strdup(privilege.c_str());
+ if (str == nullptr) {
+ g_list_free_full(list, g_free);
+ throw std::bad_alloc();
+ }
+
+ GList *listNew = g_list_append(list, str);
+ if (listNew == nullptr) {
+ g_list_free_full(list, g_free);
+ throw std::bad_alloc();
+ }
+
+ list = listNew;
+ }
+
+ int ret = privilege_package_info_set_privacy_privilege(uid, pkgId.c_str(),
+ type, tizenVersion.empty() ? "4.0" : tizenVersion.c_str(), list);
+ g_list_free_full(list, g_free);
+
+ RUNNER_ASSERT_MSG(ret == PRVMGR_ERR_NONE,
+ "privilege_package_info_set_privacy_privilege failed: " << ret);
+}
+
+void unsetPrivacyPrivileges(const uid_t uid, const std::string &pkgId)
+{
+ int ret = privilege_package_info_unset_package_privilege_info(
+ uid, pkgId.c_str());
+
+ RUNNER_ASSERT_MSG(ret == PRVMGR_ERR_NONE,
+ "privilege_package_info_unset_privacy_privilege failed: " << ret);
+}
+
+} // namespace PrivilegeManager
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <vector>
+#include <privilege_package_info.h>
+
+namespace PrivilegeManager {
+
+void setPrivacyPrivileges(const uid_t uid, const std::string &pkgId,
+ const std::string &tizenVersion, const std::vector<std::string> &privileges,
+ const privilege_manager_package_type_e &type = PRVMGR_PACKAGE_TYPE_CORE);
+
+void unsetPrivacyPrivileges(const uid_t uid, const std::string &pkgId);
+
+} // namespace PrivilegeManager
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <vector>
#include <app_install_helper.h>
+#include <pkg_privacy_privileges.h>
#include <scoped_installer.h>
#include <sm_api.h>
#include <sm_commons.h>
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
-const std::vector<std::string> TEST_PRIVACY_PRIVILEGES = {
- "http://tizen.org/privilege/callhistory.read",
- "http://tizen.org/privilege/account.read",
- "http://tizen.org/privilege/healthinfo" };
+const PrivilegeVector TEST_PRIVACY_PRIVILEGES = {
+ Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
+ Privilege("http://tizen.org/privilege/account.read", Privilege::PRIVACY),
+ Privilege("http://tizen.org/privilege/healthinfo", Privilege::PRIVACY) };
using namespace SecurityManagerTest;
RUNNER_ASSERT_MSG(isAskuserDisabled() || expectedPolicyCount > 0,
"Application won't be installed with any privacy privileges, fix test");
+ PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller appInstall(app);
pid_t pid = fork();
AppInstallHelper app("sm_test_ap2", tmpUser.getUid());
app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+ PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller appInstall(app);
pid_t pid = fork();
app.setInstallType(SM_APP_INSTALL_GLOBAL);
app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+ PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller appInstall(app);
pid_t pid = fork();
AppInstallHelper app2("sm_test_ap3_2", tmpUser.getUid());
app2.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+ PkgPrivacyPrivileges setupPrivacyPrivs1(app1);
ScopedInstaller appInstall1(app1);
+
+ PkgPrivacyPrivileges setupPrivacyPrivs2(app2);
ScopedInstaller appInstall2(app2);
pid_t pid = fork();
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <cynara_test_admin.h>
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
+#include <pkg_privacy_privileges.h>
#include <policy_configuration.h>
#include <scoped_installer.h>
#include <sm_api.h>
}
};
-const std::vector<Privileges> TEST_PRIVACY_PRIVILEGES = {
+const PrivilegeVector TEST_PRIVACY_PRIVILEGES[] = {
{
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here
- "http://tizen.org/privilege/account.read",
- "http://tizen.org/privilege/healthinfo"
+ Privilege("http://tizen.org/privilege/telephony"),
+ Privilege("http://tizen.org/privilege/led"),
+ Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
+ Privilege("http://tizen.org/privilege/account.read", Privilege::PRIVACY),
+ Privilege("http://tizen.org/privilege/healthinfo", Privilege::PRIVACY),
},
{
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/callhistory.read" // privacy-related privileges start here
+ Privilege("http://tizen.org/privilege/telephony"),
+ Privilege("http://tizen.org/privilege/led"),
+ Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
}
};
PolicyEntry filter (app.getAppId(), user.getUidString(), SECURITY_MANAGER_ANY);
std::vector<PolicyEntry> policyEntries;
{
+ PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller installer(app);
unsigned int privacyNum = countPrivacyPrivileges(app.getPrivileges());
if (isHybrid)
app1.setHybrid();
app1.addPrivileges(TEST_PRIVACY_PRIVILEGES[0]);
+ PkgPrivacyPrivileges setupPrivacyPrivs1(app1);
ScopedInstaller installer1(app1);
AppInstallHelper app2("sm_test_19_app_id_2", pkgId, user.getUid());
if (isHybrid)
app2.setHybrid();
app2.addPrivileges(TEST_PRIVACY_PRIVILEGES[1]);
+ PkgPrivacyPrivileges setupPrivacyPrivs2(app2);
ScopedInstaller installer2(app2);
int privacyCount1, privacyCount2;
AppInstallHelper app("sm_test_20", user.getUid());
app.addPrivileges(TEST_PRIVACY_PRIVILEGES[0]);
+ PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller installer(app);
CynaraTestAdmin::Admin admin;
projects / platform / core / test / security-tests.git / commitdiff