Merge remote-tracking branch 'tizen/security-manager' into appdefined

Change-Id: I430ce5badf02a457c2f1dac9b3871d6e2ae3c65c

diff --git a/src/security-manager-tests/CMakeLists.txt b/src/security-manager-tests/CMakeLists.txt
index fad06f1..b986d9a 100644 (file)
--- a/src/security-manager-tests/CMakeLists.txt
+++ b/src/security-manager-tests/CMakeLists.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
 #
 #   Licensed under the Apache License, Version 2.0 (the "License");
 #   you may not use this file except in compliance with the License.
@@ -41,6 +41,7 @@ SET(SEC_MGR_SOURCES
     ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_commons.cpp
     ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp
     ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases.cpp
+    ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_app_defined_privilege.cpp
     ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_credentials.cpp
     ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_dyntransition.cpp
     ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_nss.cpp

diff --git a/src/security-manager-tests/common/app_def_privilege.h b/src/security-manager-tests/common/app_def_privilege.h
new file mode 100644 (file)
index 0000000..cbc626d
--- /dev/null
+++ b/src/security-manager-tests/common/app_def_privilege.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+#pragma once
+
+#include <string>
+#include <utility>
+#include <vector>
+
+#include <security-manager-types.h>
+
+typedef std::pair<std::string, app_defined_privilege_type> AppDefPrivilege;
+typedef std::vector<AppDefPrivilege> AppDefPrivilegeVector;
+

diff --git a/src/security-manager-tests/common/app_install_helper.cpp b/src/security-manager-tests/common/app_install_helper.cpp
index 0436241..edd5a2a 100644 (file)
--- a/src/security-manager-tests/common/app_install_helper.cpp
+++ b/src/security-manager-tests/common/app_install_helper.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
@@ -153,6 +153,14 @@ std::vector<std::string> AppInstallHelper::getPrivileges() const {
     return m_privileges;
 }
 
+void AppInstallHelper::addAppDefinedPrivilege(const AppDefPrivilege &privilege) {
+    m_appDefinedPrivileges.push_back(privilege);
+}
+
+AppDefPrivilegeVector AppInstallHelper::getAppDefinedPrivileges() const {
+    return m_appDefinedPrivileges;
+}
+
 void AppInstallHelper::revokeRules() const {
     RUNNER_ASSERT_MSG(
         0 == smack_revoke_subject(generateAppLabel().c_str()),

diff --git a/src/security-manager-tests/common/app_install_helper.h b/src/security-manager-tests/common/app_install_helper.h
index 883dd0e..1150ecc 100644 (file)
--- a/src/security-manager-tests/common/app_install_helper.h
+++ b/src/security-manager-tests/common/app_install_helper.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
@@ -17,13 +17,16 @@
 
 #include <fcntl.h>
 #include <functional>
+#include <sys/types.h>
+#include <unistd.h>
+
 #include <map>
 #include <string>
-#include <sys/types.h>
+#include <utility>
 #include <vector>
-#include <unistd.h>
 
 #include <security-manager-types.h>
+#include <app_def_privilege.h>
 
 struct AppInstallHelper {
 
@@ -110,6 +113,9 @@ struct AppInstallHelper {
     void addPrivileges(const std::vector<std::string> &privileges);
     std::vector<std::string> getPrivileges() const;
 
+    void addAppDefinedPrivilege(const AppDefPrivilege &privilege);
+    AppDefPrivilegeVector getAppDefinedPrivileges() const;
+
     // Smack
     std::string generateAppLabel() const;
     std::string generatePkgLabel() const;
@@ -134,6 +140,7 @@ protected:
     TypePathsMap m_dirTypeMap;
     TypePathsMap m_fileTypeMap;
     std::vector<std::string> m_privileges;
+    AppDefPrivilegeVector m_appDefinedPrivileges;
     std::string m_author;
 
     pid_t m_creatorPid;

diff --git a/src/security-manager-tests/common/scoped_installer.h b/src/security-manager-tests/common/scoped_installer.h
index 10e1ceb..1856ec9 100644 (file)
--- a/src/security-manager-tests/common/scoped_installer.h
+++ b/src/security-manager-tests/common/scoped_installer.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
@@ -62,9 +62,11 @@ public:
         for (const auto& typePaths : app.getFilesMap())
             for (const auto& path : typePaths.second)
                 instReq.addPath(path, typePaths.first);
-        for (const auto &priv : app.getPrivileges()) {
+        for (const auto &priv : app.getPrivileges())
             instReq.addPrivilege(priv.c_str());
-        }
+        for (const auto &priv : app.getAppDefinedPrivileges())
+            instReq.addAppDefinedPrivilege(priv);
+
         SecurityManagerTest::Api::install(instReq);
     }
 

diff --git a/src/security-manager-tests/common/sm_request.cpp b/src/security-manager-tests/common/sm_request.cpp
index 2bba17c..61ead51 100644 (file)
--- a/src/security-manager-tests/common/sm_request.cpp
+++ b/src/security-manager-tests/common/sm_request.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
@@ -95,6 +95,18 @@ void InstallRequest::addPrivilege(const std::string &privilege, lib_retcode expe
     m_privileges.push_back(privilege);
 }
 
+void InstallRequest::addAppDefinedPrivilege(const AppDefPrivilege &privilege, lib_retcode expectedResult)
+{
+    int result = security_manager_app_inst_req_add_app_defined_privilege(m_req, privilege.first.c_str(),
+                                                                         static_cast<app_defined_privilege_type>(privilege.second));
+    RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+                      "adding app defined privilege returned wrong value."
+                          << " Privilege: " << privilege.first << ";"
+                          << " Result: " << result << ";"
+                          << " Expected result: " << expectedResult);
+    m_appDefinedPrivileges.push_back(privilege);
+}
+
 void InstallRequest::addPath(std::string path, app_install_path_type pathType, lib_retcode expectedResult)
 {
     int result = security_manager_app_inst_req_add_path(m_req, path.c_str(), pathType);
@@ -162,6 +174,16 @@ std::ostream& operator<<(std::ostream &os, const InstallRequest &request)
         }
         os << " ]";
     }
+    if (!request.m_appDefinedPrivileges.empty()) {
+        os << "app defined privileges: [ "  << "< " << request.m_appDefinedPrivileges[0].first << "; "
+                                                    << request.m_appDefinedPrivileges[0].second << " >";
+        for (size_t i = 1; i < request.m_appDefinedPrivileges.size(); ++i) {
+            os << "; <" << request.m_appDefinedPrivileges[i].first << "; "
+                        << request.m_appDefinedPrivileges[i].second << " >";
+        }
+        os << " ]";
+    }
+
     if (!request.m_paths.empty()) {
         os << "paths: [ " << "< " << request.m_paths[0].first << "; "
                                   << request.m_paths[0].second << " >";

diff --git a/src/security-manager-tests/common/sm_request.h b/src/security-manager-tests/common/sm_request.h
index ee72521..cb7e97c 100644 (file)
--- a/src/security-manager-tests/common/sm_request.h
+++ b/src/security-manager-tests/common/sm_request.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@
 #include <vector>
 
 #include <security-manager.h>
+#include <app_def_privilege.h>
 
 namespace SecurityManagerTest {
 class InstallRequest;
@@ -59,6 +60,7 @@ public:
     void setAppId(std::string appId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
     void setPkgId(std::string pkgId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
     void addPrivilege(const std::string &privilege, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
+    void addAppDefinedPrivilege(const AppDefPrivilege &privilege, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
     void addPath(std::string path, app_install_path_type pathType,
                  lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
     void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
@@ -78,6 +80,7 @@ private:
     std::string m_pkgId;
     std::string m_authorId;
     std::vector<std::string> m_privileges;
+    AppDefPrivilegeVector m_appDefinedPrivileges;
     std::vector<std::pair<std::string, app_install_path_type> > m_paths;
     std::pair<bool, uid_t> m_uid;
 };

diff --git a/src/security-manager-tests/test_cases.cpp b/src/security-manager-tests/test_cases.cpp
index 233f447..54dfc93 100644 (file)
--- a/src/security-manager-tests/test_cases.cpp
+++ b/src/security-manager-tests/test_cases.cpp
@@ -508,7 +508,8 @@ RUNNER_TEST(security_manager_20_user_cynara_policy)
 {
     // FIXME - whitebox - cynara
     const char *const MAIN_BUCKET = "MAIN";
-    const char *const MANIFESTS_BUCKET = "MANIFESTS";
+    const char *const MANIFESTS_GLOBAL_BUCKET = "MANIFESTS_GLOBAL";
+    const char *const MANIFESTS_LOCAL_BUCKET = "MANIFESTS_LOCAL";
     const char *const ADMIN_BUCKET = "ADMIN";
     const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL";
     CynaraTestAdmin::Admin admin;
@@ -525,7 +526,8 @@ RUNNER_TEST(security_manager_20_user_cynara_policy)
     CynaraTestAdmin::CynaraPoliciesContainer emptyContainer;
 
     admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
-    admin.listPolicies(MANIFESTS_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
+    admin.listPolicies(MANIFESTS_GLOBAL_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
+    admin.listPolicies(MANIFESTS_LOCAL_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
     admin.listPolicies(CYNARA_ADMIN_DEFAULT_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
     admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
 }

diff --git a/src/security-manager-tests/test_cases_app_defined_privilege.cpp b/src/security-manager-tests/test_cases_app_defined_privilege.cpp
new file mode 100644 (file)
index 0000000..c681d1a
--- /dev/null
+++ b/src/security-manager-tests/test_cases_app_defined_privilege.cpp
@@ -0,0 +1,316 @@
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include <functional>
+#include <string>
+#include <sys/types.h>
+#include <sys/un.h>
+#include <unistd.h>
+
+#include <cynara_test_client.h>
+#include <dpl/test/test_runner.h>
+#include <sm_api.h>
+#include <sm_commons.h>
+#include <sm_request.h>
+#include <tests_common.h>
+#include <tzplatform.h>
+#include <app_install_helper.h>
+#include <scoped_installer.h>
+
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_APP_DEFINED_PRIVILEGE)
+
+using namespace SecurityManagerTest;
+
+RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted)
+{
+    const std::string privilege = "http://tizen.org/applicationDefinedPrivilege/app_defined_01";
+    const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED;
+    const std::string providerAppId = "app_def_01_provider_appid";
+    const std::string consumerAppId = "app_def_01_client_appid";
+    const std::string ownerId = "5001";
+    const std::string session = "S0M3S3SSI0N";
+
+    AppInstallHelper provider(providerAppId);
+    AppInstallHelper consumer(consumerAppId);
+
+    std::string consumerLabel = consumer.generateAppLabel();
+
+    provider.addAppDefinedPrivilege(std::make_pair(privilege, type));
+    consumer.addPrivilege(privilege);
+
+    ScopedInstaller req1(provider);
+    ScopedInstaller req2(consumer);
+
+    CynaraTestClient::Client cynara;
+    cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
+
+    // uninstall provider
+    req1.uninstallApp();
+
+    cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+RUNNER_CHILD_TEST(app_defined_02_global_install_licensed)
+{
+    const std::string privilege = "http://tizen.org/licensedPrivilege/app_defined_02";
+    const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED;
+    const std::string providerAppId = "app_def_02_provider_appid";
+    const std::string consumerAppId = "app_def_02_client_appid";
+    const std::string ownerId = "5001";
+    const std::string session = "S0M33S3SSI0N";
+
+    AppInstallHelper provider(providerAppId);
+    AppInstallHelper consumer(consumerAppId);
+
+    std::string consumerLabel = consumer.generateAppLabel();
+
+    provider.addAppDefinedPrivilege(std::make_pair(privilege, type));
+    consumer.addPrivilege(privilege);
+
+    ScopedInstaller req1(provider);
+    ScopedInstaller req2(consumer);
+
+    CynaraTestClient::Client cynara;
+    cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED);
+
+    // uninstall provider
+    req1.uninstallApp();
+
+    cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+RUNNER_CHILD_TEST(app_defined_03_database_update)
+{
+    // Because of a bug in implementation during installation of
+    // providerB privileges of providerA were deleted from cynara
+    // database. This test should check if bug was fixed.
+    const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_03a";
+    const std::string privilegeB = "http://tizen.org/licensedPrivilege/app_defined_03b";
+    const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED;
+    const std::string providerAppIdA = "app_def_03a_provider_appid";
+    const std::string providerAppIdB = "app_def_03b_provider_appid";
+    const std::string consumerAppId = "app_def_03_client_appid";
+    const std::string ownerId = "5001";
+    const std::string session = "S0M33S3SSI0N";
+
+    AppInstallHelper providerA(providerAppIdA);
+    AppInstallHelper providerB(providerAppIdB);
+    AppInstallHelper consumer(consumerAppId);
+
+    std::string consumerLabel = consumer.generateAppLabel();
+
+    providerA.addAppDefinedPrivilege(std::make_pair(privilegeA, type));
+    providerB.addAppDefinedPrivilege(std::make_pair(privilegeB, type));
+    consumer.addPrivilege(privilegeA);
+    consumer.addPrivilege(privilegeB);
+
+    ScopedInstaller req1(providerA);
+    ScopedInstaller req2(providerB);
+    ScopedInstaller req3(consumer);
+
+    CynaraTestClient::Client cynara;
+    cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+
+    // uninstall providerA
+    req1.uninstallApp();
+
+    cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+
+    // uninstall providerB
+    req2.uninstallApp();
+
+    cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
+}
+
+RUNNER_CHILD_TEST(app_defined_04_app_update)
+{
+    const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_04a";
+    const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_04b";
+    const std::string privilegeC = "http://tizen.org/licensedPrivilege/app_defined_04c";
+    const std::string providerAppId = "app_def_04_provider_appid";
+    const std::string consumerAppId = "app_def_04_client_appid";
+    const std::string ownerId = "5001";
+    const std::string session = "S0M33S3SSI0N";
+
+    AppInstallHelper providerV1(providerAppId);
+    AppInstallHelper providerV2(providerAppId);
+    AppInstallHelper consumer(consumerAppId);
+
+    std::string consumerLabel = consumer.generateAppLabel();
+
+    providerV1.addAppDefinedPrivilege(std::make_pair(privilegeA, SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED));
+    providerV1.addAppDefinedPrivilege(std::make_pair(privilegeB, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
+    consumer.addPrivilege(privilegeA);
+    consumer.addPrivilege(privilegeB);
+    consumer.addPrivilege(privilegeC);
+
+    ScopedInstaller req1(providerV1);
+    ScopedInstaller req2(consumer);
+
+    CynaraTestClient::Client cynara;
+    cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
+
+    // update provider version, remove privilegeA, add privilegeC
+    providerV2.addAppDefinedPrivilege(std::make_pair(privilegeB, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
+    providerV2.addAppDefinedPrivilege(std::make_pair(privilegeC, SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED));
+    ScopedInstaller req3(providerV2);
+
+    cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
+}
+
+RUNNER_CHILD_TEST(app_defined_05_global_local_install)
+{
+    const std::string privilegeA = "http://tizen.org/licensedPrivilege/app_defined_05a";
+    const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_05b";
+    const std::string privilegeC = "http://tizen.org/applicationDefinedPrivilege/app_defined_05c";
+    const std::string providerAppId = "app_def_05_provider_appid";
+    const std::string consumerAppId = "app_def_05_client_appid";
+    const std::string ownerId = "5001";
+    const std::string bobId = "5002";
+    const std::string session = "S0M33S3SSI0N";
+
+    AppInstallHelper providerGlobal(providerAppId);
+    AppInstallHelper providerLocal(providerAppId, 5002);
+    AppInstallHelper consumerGlobal(consumerAppId);
+    AppInstallHelper consumerLocal(consumerAppId, 5002);
+
+    std::string consumerGlobalLabel = consumerGlobal.generateAppLabel();
+    std::string consumerLocalLabel = consumerLocal.generateAppLabel();
+
+    providerGlobal.addAppDefinedPrivilege(std::make_pair(privilegeA, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
+    providerGlobal.addAppDefinedPrivilege(std::make_pair(privilegeC, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
+
+    providerLocal.addAppDefinedPrivilege(std::make_pair(privilegeA, SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED));
+    providerLocal.addAppDefinedPrivilege(std::make_pair(privilegeB, SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED));
+
+    consumerGlobal.addPrivilege(privilegeA);
+    consumerGlobal.addPrivilege(privilegeB);
+    consumerGlobal.addPrivilege(privilegeC);
+
+    consumerLocal.addPrivilege(privilegeB);
+    consumerLocal.addPrivilege(privilegeC);
+
+    CynaraTestClient::Client cynara;
+
+    // local provider only and global consumer only
+    ScopedInstaller req1(providerLocal);
+    ScopedInstaller req2(consumerGlobal);
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerGlobalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
+
+    // local provider only and global/local consumer
+    ScopedInstaller req3(consumerLocal);
+    cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
+
+    // global/local provider and global/local consumer
+    ScopedInstaller req4(providerGlobal);
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED);
+    //cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED);
+
+    // global provider only and global/local consumer
+    req1.uninstallApp();
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
+
+    // global provider only and global consumer only
+    req3.uninstallApp();
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED);
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED);
+    cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED);
+}
+
+RUNNER_CHILD_TEST(app_defined_06_get_provider)
+{
+    int result;
+    char *pkgId = nullptr;
+    char *appId = nullptr;
+    const std::string privilegeA = "http://tizen.org/applicationDefinedPrivilege/app_defined_06a";
+    const std::string privilegeB = "http://tizen.org/applicationDefinedPrivilege/app_defined_06b";
+    const app_defined_privilege_type type = SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED;
+    const std::string providerId = "app_def_06_provider";
+    uid_t uid = 5001;
+
+    AppInstallHelper providerGlobal(providerId);
+    AppInstallHelper providerLocal(providerId, uid);
+    providerGlobal.addAppDefinedPrivilege(std::make_pair(privilegeB, type));
+    providerLocal.addAppDefinedPrivilege(std::make_pair(privilegeA, type));
+    ScopedInstaller req1(providerGlobal);
+    ScopedInstaller req2(providerLocal);
+
+    result = security_manager_identify_privilege_provider("noExistingPrivilege", uid, &pkgId, &appId);
+    RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
+    RUNNER_ASSERT(appId == nullptr);
+    RUNNER_ASSERT(pkgId == nullptr);
+
+    result = security_manager_identify_privilege_provider(privilegeA.c_str(), uid+1, &pkgId, &appId);
+    RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
+    RUNNER_ASSERT(appId == nullptr);
+    RUNNER_ASSERT(pkgId == nullptr);
+
+    result = security_manager_identify_privilege_provider(privilegeA.c_str(), uid, nullptr, nullptr);
+    RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM);
+
+    result = security_manager_identify_privilege_provider(privilegeA.c_str(), uid, &pkgId, nullptr);
+    RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
+    RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
+    free(pkgId);
+    pkgId = nullptr;
+
+    result = security_manager_identify_privilege_provider(privilegeA.c_str(), uid, nullptr, &appId);
+    RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
+    RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
+    free(appId);
+    appId = nullptr;
+
+    result = security_manager_identify_privilege_provider(privilegeA.c_str(), uid, &pkgId, &appId);
+    RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
+    RUNNER_ASSERT(appId && std::string(appId) == providerLocal.getAppId());
+    RUNNER_ASSERT(pkgId && std::string(pkgId) == providerLocal.getPkgId());
+    free(appId);
+    free(pkgId);
+    appId = nullptr;
+    pkgId = nullptr;
+
+    result = security_manager_identify_privilege_provider(privilegeB.c_str(), uid, &pkgId, &appId);
+    RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider failed");
+    RUNNER_ASSERT(appId && std::string(appId) == providerGlobal.getAppId());
+    RUNNER_ASSERT(pkgId && std::string(pkgId) == providerGlobal.getPkgId());
+    free(appId);
+    free(pkgId);
+    appId = nullptr;
+    pkgId = nullptr;
+}