#include <libprivilege-control_test_common.h>
#include <tests_common.h>
+#include <tzplatform_config.h>
#include <security-manager.h>
#include <sm_api.h>
#include <sm_db.h>
using namespace SecurityManagerTest;
DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
+DEFINE_SMARTPTR(tzplatform_context_destroy, tzplatform_context, TzPlatformContextPtr);
static const privileges_t SM_ALLOWED_PRIVILEGES = {
"http://tizen.org/privilege/location",
static const char *const SM_PRIVATE_PATH = "/usr/apps/test_DIR/app_dir";
static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro";
static const char *const SM_DENIED_PATH = "/usr/apps/test_DIR/non_app_dir";
-static const char *const SM_PRIVATE_PATH_FOR_USER = "/home/" APP_USER "/test_DIR";
static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
+static const std::string EXEC_FILE("exec");
+static const std::string NORMAL_FILE("normal");
+static const std::string LINK_PREFIX("link_to_");
static void generateAppLabel(const std::string &pkgId, std::string &label)
{
uninstall_app(app_id, pkg_id, true);
}
-
-
static void prepare_request(InstallRequest &request,
const char *const app_id,
const char *const pkg_id,
request.setUid(uid);
}
+static uid_t getGlobalUserId(void)
+{
+ return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
+}
-static struct passwd* get_app_pw()
+static const std::string appDirPath(const TemporaryTestUser &user)
{
- struct passwd *pw = nullptr;
- errno = 0;
- while(!(pw = getpwnam(APP_USER))) {
- RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
- }
- return pw;
+ struct tzplatform_context *tzCtxPtr = nullptr;
+
+ RUNNER_ASSERT(0 == tzplatform_context_create(&tzCtxPtr));
+ TzPlatformContextPtr tzCtxPtrSmart(tzCtxPtr);
+
+ RUNNER_ASSERT_MSG(0 == tzplatform_context_set_user(tzCtxPtr, user.getUid()),
+ "Unable to set user <" << user.getUserName() << "> for tzplatform context");
+
+ const char *appDir = tzplatform_context_getenv(tzCtxPtr,
+ getGlobalUserId() == user.getUid() ? TZ_SYS_RW_APP : TZ_USER_APP);
+ RUNNER_ASSERT_MSG(nullptr != appDir,
+ "tzplatform_context_getenv failed"
+ << "for getting sys rw app of user <" << user.getUserName() << ">");
+
+ return appDir;
+}
+
+static const std::string nonAppDirPath(const TemporaryTestUser &user)
+{
+ return TMP_DIR + "/" + user.getUserName();
}
+static const std::string uidToStr(const uid_t uid)
+{
+ return std::to_string(static_cast<unsigned int>(uid));
+}
static void install_and_check(const char *const sm_app_id,
const char *const sm_pkg_id,
- const std::string &user, uid_t uid,
- const std::string &user_path = SM_PRIVATE_PATH_FOR_USER)
+ const TemporaryTestUser& user,
+ const std::string &appDir,
+ bool requestUid)
{
InstallRequest requestPublic;
//install app for non-root user and try to register public path (should fail)
- prepare_request(requestPublic, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PUBLIC, user_path.c_str(), uid);
+ prepare_request(requestPublic, sm_app_id, sm_pkg_id,
+ SECURITY_MANAGER_PATH_PUBLIC, appDir.c_str(),
+ requestUid ? user.getUid() : 0);
Api::install(requestPublic, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
//install app for non-root user
//should fail (users may only register folders inside their home)
- prepare_request(requestPrivate, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH, uid);
+ prepare_request(requestPrivate, sm_app_id, sm_pkg_id,
+ SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH,
+ requestUid ? user.getUid() : 0);
Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
//install app for non-root user
//should succeed - this time i register folder inside user's home dir
- prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, SECURITY_MANAGER_PATH_PRIVATE, user_path.c_str(), uid);
+ prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
+ SECURITY_MANAGER_PATH_PRIVATE, appDir.c_str(),
+ requestUid ? user.getUid() : 0);
for (auto &privilege : SM_ALLOWED_PRIVILEGES)
requestPrivateUser.addPrivilege(privilege.c_str());
Api::install(requestPrivateUser);
- check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+ check_app_permissions(sm_app_id, sm_pkg_id,
+ uidToStr(user.getUid()).c_str(),
+ SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+}
+
+static void createTestDir(const std::string &dir)
+{
+ mode_t dirMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
+ mode_t execFileMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
+ mode_t normalFileMode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
+
+ mkdirSafe(dir, dirMode);
+ creatSafe(dir + "/" + EXEC_FILE, execFileMode);
+ creatSafe(dir + "/" + NORMAL_FILE, normalFileMode);
+ symlinkSafe(dir + "/" + EXEC_FILE, dir + "/" + LINK_PREFIX + EXEC_FILE);
+ symlinkSafe(dir + "/" + NORMAL_FILE, dir + "/" + LINK_PREFIX + NORMAL_FILE);
+}
+
+static void createInnerAppDir(const std::string &dir, const std::string &nonAppDir)
+{
+ createTestDir(dir);
+
+ symlinkSafe(nonAppDir, dir + "/" + LINK_PREFIX + "non_app_dir");
+ symlinkSafe(nonAppDir + "/" + EXEC_FILE,
+ dir + "/" + LINK_PREFIX + "non_app_" + EXEC_FILE);
+ symlinkSafe(nonAppDir + "/" + NORMAL_FILE,
+ dir + "/" + LINK_PREFIX + "non_app_" + NORMAL_FILE);
+}
+
+static void generateAppDir(const TemporaryTestUser &user)
+{
+ const std::string dir = appDirPath(user);
+ const std::string nonAppDir = nonAppDirPath(user);
+
+ createInnerAppDir(dir, nonAppDir);
+ createInnerAppDir(dir + "/.inner_dir", nonAppDir);
+ createInnerAppDir(dir + "/inner_dir", nonAppDir);
+}
+
+static void generateNonAppDir(const TemporaryTestUser &user)
+{
+ const std::string dir = nonAppDirPath(user);
+
+ createTestDir(dir);
+ createTestDir(dir + "/.inner_dir");
+ createTestDir(dir + "/inner_dir");
+}
+
+static void createTestDirs(const TemporaryTestUser &user)
+{
+ generateAppDir(user);
+ generateNonAppDir(user);
+}
+
+static void removeTestDirs(const TemporaryTestUser &user)
+{
+ removeDir(appDirPath(user));
+ removeDir(nonAppDirPath(user));
}
RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
int result;
const char *const sm_app_id = "sm_test_04a_app_id_uid";
const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
+ const std::string new_user_name = "sm_test_04a_user_name";
+
+ TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
- struct passwd *pw = get_app_pw();
- const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
+ removeTestDirs(testUser);
+ createTestDirs(testUser);
+
+ const std::string userAppDirPath = appDirPath(testUser);
//switch user to non-root
- result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ result = drop_root_privileges(testUser.getUid(), testUser.getGid());
RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- install_and_check(sm_app_id, sm_pkg_id, user, 0);
+ install_and_check(sm_app_id, sm_pkg_id, testUser, userAppDirPath, false);
//uninstall app as non-root user
InstallRequest request;
Api::uninstall(request);
- check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+ check_app_permissions(sm_app_id, sm_pkg_id,
+ uidToStr(testUser.getUid()).c_str(),
+ SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
}
RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
int result;
const char *const sm_app_id = "sm_test_04b_app_id_uid";
const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
+ const std::string new_user_name = "sm_test_04b_user_name";
+
+ TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
- struct passwd *pw = get_app_pw();
- const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
+ removeTestDirs(testUser);
+ createTestDirs(testUser);
- install_and_check(sm_app_id, sm_pkg_id, user, pw->pw_uid);
+ install_and_check(sm_app_id, sm_pkg_id, testUser, appDirPath(testUser), true);
//switch user to non-root - root may not uninstall apps for specified users
- result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ result = drop_root_privileges(testUser.getUid(), testUser.getGid());
RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
//uninstall app as non-root user
Api::uninstall(request);
- check_app_permissions(sm_app_id, sm_pkg_id, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+ check_app_permissions(sm_app_id, sm_pkg_id,
+ uidToStr(testUser.getUid()).c_str(),
+ SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
}