Add smack-privilege checkers to AppInstallHelperExt

author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Thu, 23 Apr 2020 08:24:07 +0000 (10:24 +0200)

committer Zofia Abramowska <z.abramowska@samsung.com>

Wed, 29 Apr 2020 14:09:15 +0000 (14:09 +0000)
author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Thu, 23 Apr 2020 08:24:07 +0000 (10:24 +0200)
committer Zofia Abramowska <z.abramowska@samsung.com>
Wed, 29 Apr 2020 14:09:15 +0000 (14:09 +0000)
diff --git a/src/security-manager-tests/common/app_install_helper_ext.cpp b/src/security-manager-tests/common/app_install_helper_ext.cpp

index 2f4e0ee..cec5434 100644 (file)
--- a/src/security-manager-tests/common/app_install_helper_ext.cpp
+++ b/src/security-manager-tests/common/app_install_helper_ext.cpp
@@ -140,6 +140,27 @@ void AppInstallHelperExt::checkPrivilegeGroups(const PrivilegeVector &allowedPri
      checkGids(allowed_gids);
  }
  
+void AppInstallHelperExt:: checkSmackPrivileges(const PrivilegeVector &allowedPrivs,
+                                                const PrivilegeVector &deniedPrivs) const
+{
+    auto& smackPrivilegeRules = PolicyConfiguration::getSmackPrivRulesMap();
+
+    auto getPrivilegeRules = [&](const PrivilegeVector &privs) {
+        std::vector<AccessRequest> rules;
+
+        for (auto &priv : privs) {
+            auto it = smackPrivilegeRules.find(priv);
+            RUNNER_ASSERT_MSG(it != smackPrivilegeRules.end(), priv << " is not a smack privilege");
+
+            rules.insert(rules.end(), it->second.begin(), it->second.end());
+        }
+        return rules;
+    };
+
+    checkSmackAccesses(getPrivilegeRules(allowedPrivs));
+    checkSmackAccesses(getPrivilegeRules(deniedPrivs), false);
+}
+
  void AppInstallHelperExt::checkAfterInstall() const
  {
      static const std::vector<AccessRequest> staticRules[] =
diff --git a/src/security-manager-tests/common/app_install_helper_ext.h b/src/security-manager-tests/common/app_install_helper_ext.h

index 00c5c49..5b89d11 100644 (file)
--- a/src/security-manager-tests/common/app_install_helper_ext.h
+++ b/src/security-manager-tests/common/app_install_helper_ext.h
@@ -33,6 +33,8 @@ public:
                           const PrivilegeVector &deniedPrivs) const;
      void checkDeniedPrivileges(const PrivilegeVector &deniedPrivs) const;
      void checkPrivilegeGroups(const PrivilegeVector &allowedPrivs) const;
+    void checkSmackPrivileges(const PrivilegeVector &allowedPrivs,
+                              const PrivilegeVector &deniedPrivs = {}) const;
      void checkAfterInstall() const;
      void checkAfterUninstall(bool removePkg = true) const;
author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Thu, 23 Apr 2020 08:24:07 +0000 (10:24 +0200)
committer	Zofia Abramowska <z.abramowska@samsung.com>
	Wed, 29 Apr 2020 14:09:15 +0000 (14:09 +0000)
src/security-manager-tests/common/app_install_helper_ext.cpp		patch \| blob \| history
src/security-manager-tests/common/app_install_helper_ext.h		patch \| blob \| history