/*
- * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include "app_install_helper.h"
namespace {
+
+const gid_t FILE_GROUP = 100;
+
std::string genSkelPath() {
static std::string skelPkgDir;
if (!skelPkgDir.empty())
case RootType::SKEL:
info.path = genSkelPath() + "/" + getPkgId();
break;
+ case RootType::SHARED:
+ if (m_isLocal)
+ info.path = TzPlatformConfig::appDirPath(getUID()) + ".shared/" + getPkgId();
+ else
+ info.path = TzPlatformConfig::globalAppDir() + "/.shared/" + getPkgId();
+ break;
+ case RootType::SHARED_TMP:
+ if (m_isLocal)
+ info.path = TzPlatformConfig::appDirPath(getUID()) + ".shared_tmp/" + getPkgId();
+ else
+ info.path = TzPlatformConfig::globalAppDir() + "/.shared_tmp/" + getPkgId();
+ break;
}
}
break;
case PathType::FILE:
// put files in the directory of the same type
- path = getInstallDir(rType) + "/" + typeToPath.at(smType) + "_dir0/" + typeToPath.at(smType) + std::to_string(i);
+ path = getPath(smType, PathType::DIR, 0, rType) + "/" + typeToPath.at(smType) + std::to_string(i);
break;
}
return path;
}
std::string AppInstallHelper::getSharedRODir(int i, RootType type) const {
- return getPath(SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, PathType::DIR, i, type);
+return getPath(SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, PathType::DIR, i, type);
+}
+
+std::string AppInstallHelper::getSharedROPath(int i, RootType type) const {
+ return getPath(SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, PathType::FILE, i, type);
}
std::string AppInstallHelper::getAppId() const {
bool AppInstallHelper::createFile(app_install_path_type smType, const std::string &path) {
if (creat(path.c_str(), 0751) == 0) {
// Local paths need user change
- m_fileTypeMap[smType].push_back(std::move(path));
- if (!m_isLocal || chown(path.c_str(), m_uidGid, m_uidGid) == 0)
+ m_fileTypeMap[smType].push_back(path);
+ if (!m_isLocal || chown(path.c_str(), m_uidGid, FILE_GROUP) == 0)
return true;
}
return false;
mktreeSafe(path, 0777);
// Dont pass base pkg dirs to SM, because transmute will be forced on RO subdirs
if (!isBasePath)
- m_dirTypeMap[smType].push_back(std::move(path));
- if (!m_isLocal || chown(path.c_str(), m_uidGid, m_uidGid) == 0)
+ m_dirTypeMap[smType].push_back(path);
+ if (!m_isLocal || chown(path.c_str(), m_uidGid, FILE_GROUP) == 0)
return true;
return false;
createDir(smType, path);
break;
case PathType::FILE:
- createPath(smType, PathType::DIR, i, rType);
+ createPath(smType, PathType::DIR, 0, rType);
createFile(smType, path);
break;
}
}
+void AppInstallHelper::createDirLink(app_install_path_type smType, const std::string &dest, int i,
+ RootType rType)
+{
+ createInstallDir(rType);
+ std::string linkPath = getPath(smType, PathType::DIR, i, rType);
+ if (symlink(dest.c_str(), linkPath.c_str()) == 0) {
+ m_fileTypeMap[smType].push_back(linkPath);
+ if (m_isLocal) {
+ chown(linkPath.c_str(), m_uidGid, FILE_GROUP);
+ }
+ }
+}
+
void AppInstallHelper::createTrustedDir(int i, RootType type) {
createPath(SECURITY_MANAGER_PATH_TRUSTED_RW, PathType::DIR, i, type);
}
}
void AppInstallHelper::createSharedRODir(int i, RootType type) {
- createPath(SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, PathType::DIR, i, type);
+ createPath(SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, PathType::DIR, i, RootType::SHARED);
+ createInstallDir(RootType::SHARED_TMP);
+ auto linkPath = getSharedRODir(i, RootType::SHARED);
+ createDirLink(SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, linkPath, i, type);
+}
+
+void AppInstallHelper::createSharedROFile(int i, RootType type) {
+ createPath(SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO, PathType::FILE, i, type);
}
void AppInstallHelper::createPrivateRODir(int i, RootType type) {
/*
- * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
enum RootType {
BASE,
SKEL,
- EXTENDED
+ EXTENDED,
+ SHARED,
+ SHARED_TMP
};
enum PathType {
void createPublicDir(RootType type = RootType::BASE);
void createPrivateFile(int i = 0, RootType type = RootType::BASE);
void createSharedRODir(int i = 0, RootType type = RootType::BASE);
+ void createSharedROFile(int i = 0, RootType type = RootType::BASE);
void createPrivateRODir(int i = 0, RootType type = RootType::BASE);
void removePaths();
std::string getPublicDir(RootType type = RootType::BASE) const;
std::string getPrivatePath(int i = 0, RootType type = RootType::BASE) const;
std::string getSharedRODir(int i = 0, RootType type = RootType::BASE) const;
+ std::string getSharedROPath(int i = 0, RootType type = RootType::BASE) const;
const TypePathsMap& getDirsMap() const;
const TypePathsMap& getFilesMap() const;
bool createFile(app_install_path_type smType, const std::string &path);
bool createDir(app_install_path_type smType, const std::string &path, bool isBasePath = false);
+ void createDirLink(app_install_path_type smType, const std::string &dest, int i = 0,
+ RootType rType = RootType::BASE);
void createInstallDir(RootType type);
std::string m_appName;
/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017-2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
return generatePathRWLabel(pkgId) + "::RO";
}
-std::string generatePathSharedROLabel(const std::string &pkgId)
-{
- return generatePathRWLabel(pkgId) + "::SharedRO";
-}
-
std::string generatePathTrustedLabel(int64_t authorId)
{
return "User::Author::" + std::to_string(authorId);
{
return "User::Home";
}
+
+std::string getSharedROPathLabel()
+{
+ return "User::App::Shared";
+}
/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017-2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
std::string generateProcessLabel(const std::string &appId, const std::string &pkgId, bool isHybrid = false);
std::string generatePathRWLabel(const std::string &pkgId);
std::string generatePathROLabel(const std::string &pkgId);
-std::string generatePathSharedROLabel(const std::string &pkgId);
std::string generatePathTrustedLabel(int64_t authorId);
std::string getPublicPathLabel();
+std::string getSharedROPathLabel();
#include <string.h>
const uid_t APP_UID = 5001;
-const gid_t APP_GID = 5001;
+const gid_t APP_GID = 100;
const uid_t APP_UID_2 = 5200;
const gid_t APP_GID_2 = 5200;
const uid_t DB_ALARM_UID = 6001;
#include <grp.h>
#include <string>
#include <sys/capability.h>
+#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "tzplatform.h"
#include <label_generator.h>
#include <template_parser.h>
+#include <temp_test_user.h>
using namespace SecurityManagerTest;
#define CONF_DIR "/usr/share/security-manager/policy/"
#define SMACK_RULES_PATH "/sys/fs/smackfs/load2"
+#define ALLOW 0
+#define DENY -1
+
// Common DB/nftw checks
// nftw doesn't allow passing user data to functions. Work around by using global variable
const std::pair<std::string, std::string> switchAliases[] =
{std::make_pair("~PATH_RW~", generatePathRWLabel(pkgId)),
std::make_pair("~PATH_RO~", generatePathROLabel(pkgId)),
- std::make_pair("~PATH_SHARED_RO~", generatePathSharedROLabel(pkgId)),
+ std::make_pair("~PATH_SHARED_RO~", getSharedROPathLabel()),
std::make_pair("~PROCESS~", generateProcessLabel(appId, pkgId, isHybrid))};
for (auto rule : rules[isHybrid]) {
const std::vector<AccessRequest> rules(std::move(parseSmackRulesFile(SMACK_RULES_PATH)));
const std::string labels[] = {generatePathRWLabel(pkgId),
generatePathROLabel(pkgId),
- generatePathSharedROLabel(pkgId),
generateProcessLabel(appId, pkgId, true),
generateProcessLabel(appId, pkgId)};
for (const auto &rule : rules) {
<< " (" << accessTypeToString.at(accessType) << ")");
}
+void accessTest(const std::string &id, const std::string &testPath, int accessType) {
+ int oppositeAccessType = getOppositeAccessType(accessType);
+
+ if (accessType != 0) {
+ accessCheck(id, testPath, accessType, ALLOW);
+ }
+ if (oppositeAccessType != 0) {
+ static const std::vector<int> singleAccessTypes = {R_OK, W_OK, X_OK};
+ for (auto singleAccessType : singleAccessTypes) {
+ if (oppositeAccessType & singleAccessType) {
+ accessCheck(id, testPath, singleAccessType, DENY);
+ }
+ }
+ }
+}
+
void runAccessTest(const std::string &label, uid_t uid, gid_t gid,
const std::string &testPath, int accessType) {
auto fun = [&](){
- int oppositeAccessType = getOppositeAccessType(accessType);
ScopedProcessLabel spl(label, false);
RUNNER_ASSERT_ERRNO_MSG(0 == drop_root_privileges(uid, gid),
"drop_root_privileges failed.");
- if (accessType != 0)
- accessCheck(label, testPath, accessType, 0);
- if (oppositeAccessType != 0) {
- std::vector<int> singleAccessTypes = {R_OK, W_OK, X_OK};
- for (auto singleAccessType : singleAccessTypes)
- if (oppositeAccessType & singleAccessType)
- accessCheck(label, testPath, singleAccessType, -1);
- }
+ accessTest(label, testPath, accessType);
};
runInChildParentWait(fun);
void runAccessTest(const AppInstallHelper &app, const std::string &testPath, int accessType) {
auto fun = [&](){
- int oppositeAccessType = getOppositeAccessType(accessType);
Api::setProcessLabel(app.getAppId());
RUNNER_ASSERT_ERRNO_MSG(0 == drop_root_privileges(app.getUID(), app.getGID()),
"drop_root_privileges failed.");
- if (accessType != 0)
- accessCheck(app.getAppId(), testPath, accessType, 0);
- if (oppositeAccessType != 0) {
- std::vector<int> singleAccessTypes = {R_OK, W_OK, X_OK};
- for (auto singleAccessType : singleAccessTypes)
- if (oppositeAccessType & singleAccessType)
- accessCheck(app.getAppId(), testPath, singleAccessType, -1);
- }
+ accessTest(app.getAppId(), testPath, accessType);
};
runInChildParentWait(fun);
return std::count_if(privs.begin(), privs.end(), isPrivilegePrivacy);
}
+int setLauncherSecurityAttributes(uid_t uid, gid_t gid)
+{
+ // Add launcher capabilities (cap_dac_override, cap_setgid, cap_sys_admin, cap_mac_admin),
+ // launcher is user process, we must drop root privileges (cap_setgid, cap_setuid are needed).
+ // By default, the permitted capability set is cleared when credentials change is made
+ // (if a process drops a capability from its permitted set, it can never reacquire that capability),
+ // setting the "keep capabilities" flag prevents it from being cleared.
+ // Effective capability set is always cleared when credential change is made, we need to add them again.
+
+ setCaps("cap_dac_override+ep cap_setgid+ep cap_sys_admin+ep cap_mac_admin+ep cap_setuid+ep");
+ int ret = prctl(PR_SET_KEEPCAPS, 1, 0, 0);
+ if (ret != 0)
+ return ret;
+
+ ret = drop_root_privileges(uid, gid);
+ if (ret != 0)
+ return ret;
+
+ setCaps("cap_dac_override+ep cap_setgid+ep cap_sys_admin+ep cap_mac_admin+ep");
+ return ret;
+}
+int setLauncherSecurityAttributes(TemporaryTestUser &user)
+{
+ return setLauncherSecurityAttributes(user.getUid(), user.getGid());
+}
+
CapsSetsUniquePtr setCaps(const char *cap_string);
+void accessTest(const std::string &id, const std::string &testPath, int accessType);
void runAccessTest(const std::string &label, uid_t uid, gid_t gid,
const std::string &testPath, int accessType);
void runAccessTest(const AppInstallHelper &app, const std::string &testPath, int accessType);
bool isPrivilegePrivacy(const std::string &priv);
int countPrivacyPrivileges(const PrivilegeVector &privs);
int countPrivacyPrivileges(const std::vector<std::string> &privs);
+
+int setLauncherSecurityAttributes(uid_t uid, gid_t gid);
+int setLauncherSecurityAttributes(TemporaryTestUser &user);
check_path(privateDir, generatePathRWLabel(pkgId));
check_path(privateRODir, generatePathROLabel(pkgId), false);
check_path(publicRODir, getPublicPathLabel());
- check_path(sharedRODir, generatePathSharedROLabel(pkgId));
+ check_path(sharedRODir, getSharedROPathLabel());
}
RUNNER_TEST(security_manager_02_app_install_uninstall_full)
check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
check_path(app.getPublicDir(), getPublicPathLabel());
- check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
+ check_path(app.getSharedRODir(), getSharedROPathLabel());
}
check_app_after_uninstall(app.getAppId(), app.getPkgId(), app.getPrivilegesNames());
std::thread thread;
};
-int setLauncherSecurityAttributes(TemporaryTestUser &user)
-{
- // Add launcher capabilities (cap_dac_override, cap_setgid, cap_sys_admin, cap_mac_admin),
- // launcher is user process, we must drop root privileges (cap_setgid, cap_setuid are needed).
- // By default, the permitted capability set is cleared when credentials change is made
- // (if a process drops a capability from its permitted set, it can never reacquire that capability),
- // setting the "keep capabilities" flag prevents it from being cleared.
- // Effective capability set is always cleared when credential change is made, we need to add them again.
-
- setCaps("cap_dac_override+ep cap_setgid+ep cap_sys_admin+ep cap_mac_admin+ep cap_setuid+ep");
- int ret = prctl(PR_SET_KEEPCAPS, 1, 0, 0);
- if (ret != 0)
- return ret;
-
- ret = drop_root_privileges(user.getUid(), user.getGid());
- if (ret != 0)
- return ret;
-
- setCaps("cap_dac_override+ep cap_setgid+ep cap_sys_admin+ep cap_mac_admin+ep");
- return ret;
-}
-
ino_t getFileInode(const std::string &path)
{
struct stat st;
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*/
#include <cstdint>
#include <fcntl.h>
+#include <functional>
#include <unordered_map>
#include <string>
#include <sys/smack.h>
namespace {
const uid_t OWNER_UID = 5001;
+const uid_t OWNER_GID = 100;
const std::vector<std::string> versions = {
"2.4",
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_SHARED_RO)
+static void runAccessTest(uid_t uid, gid_t gid, const std::string &appId,
+ std::function<void(void)> f)
+{
+ pid_t pid = fork();
+
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid == 0) {
+ setLauncherSecurityAttributes(uid, gid);
+ Api::prepareAppCandidate();
+ Api::prepareApp(appId.c_str());
+ f();
+ exit(0);
+ } else {
+
+ waitPid(pid);
+ Api::cleanupApp(appId.c_str(), uid, pid);
+ }
+}
+
/**
* Check whether owner app have access to own sharedRO dir
*/
app.createSharedRODir();
ScopedInstaller sharedROPkgApp(app);
- runAccessTest(app, app.getSharedRODir(), R_OK|W_OK|X_OK);
+ runAccessTest(OWNER_UID, OWNER_GID, app.getAppId(), [&]() {
+ accessTest(app.getAppId(), app.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
}
}
+RUNNER_CHILD_TEST(security_manager_7x_test)
+{
+ AppInstallHelper ownerApp("owner_7x", OWNER_UID);
+ ownerApp.createSharedRODir();
+ ScopedInstaller ownerAppInstall(ownerApp);
+
+ AppInstallHelper otherApp("other_7x", OWNER_UID);
+ otherApp.createSharedRODir();
+ ScopedInstaller otherAppInstall(otherApp);
+
+ runAccessTest(OWNER_UID, OWNER_GID, ownerApp.getAppId(), [&]() {
+ accessTest(ownerApp.getAppId(), ownerApp.getSharedRODir(), R_OK | W_OK | X_OK);
+ accessTest(ownerApp.getAppId(), otherApp.getSharedRODir(), R_OK | X_OK);
+ exit(0);
+ });
+}
+
/**
* Check whether app without shared RO path has access to shared RO dir and
* no access to private directories of application from different package between
AppInstallHelper nonSharedApp("sm_test_77_nonshared", OWNER_UID, version.second);
ScopedInstaller nonSharedAppInstall(nonSharedApp);
- runAccessTest(sharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
- runAccessTest(nonSharedApp, sharedApp.getPrivateDir(), 0);
- runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|X_OK);
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp.getAppId(), [&]() {
+ accessTest(sharedApp.getAppId(), sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp.getPrivateDir(), 0);
+ accessTest(nonSharedApp.getAppId(), sharedApp.getSharedRODir(), R_OK|X_OK);
+ });
}
}
sharedApp2.createPrivateDir();
ScopedInstaller sharedApp2Install(sharedApp2);
- runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), R_OK|X_OK);
- runAccessTest(sharedApp1, sharedApp2.getSharedRODir(), R_OK|X_OK);
- runAccessTest(sharedApp1, sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
- runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
- runAccessTest(sharedApp2, sharedApp1.getPrivateDir(), 0);
- runAccessTest(sharedApp1, sharedApp2.getPrivateDir(), 0);
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp1.getAppId(), [&]() {
+ accessTest(sharedApp1.getAppId(), sharedApp2.getSharedRODir(), R_OK|X_OK);
+ accessTest(sharedApp1.getAppId(), sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
+ accessTest(sharedApp1.getAppId(), sharedApp2.getPrivateDir(), 0);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp1.getSharedRODir(), R_OK|X_OK);
+ accessTest(sharedApp2.getAppId(), sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ accessTest(sharedApp2.getAppId(), sharedApp1.getPrivateDir(), 0);
+ });
}
}
sharedApp2.createSharedRODir();
ScopedInstaller sharedAppInstall2(sharedApp2);
- runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
- runAccessTest(sharedApp1, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
- };
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp1.getAppId(), [&]() {
+ accessTest(sharedApp1.getAppId(), sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp1.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
+ }
}
/**
AppInstallHelper nonSharedApp("sm_test_79b_shared2", sharedPkgName, OWNER_UID, version);
ScopedInstaller nonSharedAppInstall(nonSharedApp);
- runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
};
}
AppInstallHelper nonSharedApp("sm_test_80_nonshared", sharedPkgName, OWNER_UID, version);
ScopedInstaller nonSharedAppInstall(nonSharedApp);
- runAccessTest(sharedApp2, sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
- runAccessTest(sharedApp1, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
- runAccessTest(nonSharedApp, sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
- runAccessTest(nonSharedApp, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp1.getAppId(), [&]() {
+ accessTest(sharedApp1.getAppId(), sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+ });
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp1.getPrivateDir(1), R_OK|W_OK|X_OK);
+ accessTest(nonSharedApp.getAppId(), sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+ });
sharedAppInstall1.uninstallApp();
- runAccessTest(nonSharedApp, sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp2.getPrivateDir(2), R_OK|W_OK|X_OK);
+ });
}
}
sharedRORequest.setUid(sharedApp2.getUID());
Api::registerPaths(sharedRORequest);
- runAccessTest(sharedApp, sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
- runAccessTest(sharedApp, sharedApp.getPrivateDir(), R_OK|W_OK|X_OK);
-
- runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
- runAccessTest(sharedApp2, sharedApp.getSharedRODir(), R_OK|X_OK);
- runAccessTest(sharedApp2, sharedApp.getPrivateDir(), 0);
-
- runAccessTest(nonSharedApp, sharedApp.getSharedRODir(), R_OK|X_OK);
- runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(), R_OK|X_OK);
- runAccessTest(nonSharedApp, sharedApp.getPrivateDir(), 0);
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp.getAppId(), [&]() {
+ accessTest(sharedApp.getAppId(), sharedApp.getSharedRODir(), R_OK|W_OK|X_OK);
+ accessTest(sharedApp.getAppId(), sharedApp.getPrivateDir(), R_OK|W_OK|X_OK);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ accessTest(sharedApp2.getAppId(), sharedApp.getSharedRODir(), R_OK|X_OK);
+ accessTest(sharedApp2.getAppId(), sharedApp.getPrivateDir(), 0);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp.getSharedRODir(), R_OK|X_OK);
+ accessTest(nonSharedApp.getAppId(), sharedApp2.getSharedRODir(), R_OK|X_OK);
+ accessTest(nonSharedApp.getAppId(), sharedApp.getPrivateDir(), 0);
+ });
}
}
ScopedInstaller nonSharedAppInstall(nonSharedApp);
sharedAppInstall1.uninstallApp();
+ sharedApp1.removePaths();
- runAccessTest(nonSharedApp, sharedApp1.getSharedRODir(), 0);
- runAccessTest(sharedApp2, sharedApp1.getSharedRODir(), 0);
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp1.getSharedRODir(), 0);
+ accessTest(nonSharedApp.getAppId(), sharedApp2.getSharedRODir(), R_OK|X_OK);
+ });
- runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(), R_OK|X_OK);
- runAccessTest(sharedApp2, sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp1.getSharedRODir(), 0);
+ accessTest(sharedApp2.getAppId(), sharedApp2.getSharedRODir(), R_OK|W_OK|X_OK);
+ });
}
}
sharedAppInstall1.uninstallApp();
- runAccessTest(nonSharedApp, sharedApp2.getSharedRODir(2), R_OK|X_OK);
- runAccessTest(sharedApp2, sharedApp2.getSharedRODir(2), R_OK|W_OK|X_OK);
+ runAccessTest(OWNER_UID, OWNER_GID, nonSharedApp.getAppId(), [&]() {
+ accessTest(nonSharedApp.getAppId(), sharedApp2.getSharedRODir(2), R_OK|X_OK);
+ });
+
+ runAccessTest(OWNER_UID, OWNER_GID, sharedApp2.getAppId(), [&]() {
+ accessTest(sharedApp2.getAppId(), sharedApp2.getSharedRODir(2), R_OK|W_OK|X_OK);
+ });
}
}
/*
- * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
check_path(app.getPublicDir(), getPublicPathLabel());
- check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
+ check_path(app.getSharedRODir(), getSharedROPathLabel());
}
RUNNER_TEST(security_manager_67_path_req_shared_ro_3_0)
preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
Api::registerPaths(preq);
- check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
+ check_path(app.getSharedRODir(), getSharedROPathLabel());
}
RUNNER_TEST(security_manager_68_path_req_shared_ro_2_X)
preq.addPath(app.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
Api::registerPaths(preq);
- check_path(app.getSharedRODir(), generatePathSharedROLabel(app.getPkgId()));
+ check_path(app.getSharedRODir(), getSharedROPathLabel());
}
RUNNER_TEST(security_manager_69_path_req_trusted_rw_no_author)
projects / platform / core / test / security-tests.git / commitdiff