#include <tests_common.h>
#include <security-manager.h>
+#include <sm_db.h>
DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
static const char *const SM_APP_ID2 = "sm_test_app_id_full";
static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
-static const char *const SM_ALLOWED_PERMISSION1 = "security_manager_test_rules2_r";
-static const char *const SM_ALLOWED_PERMISSION2 = "security_manager_test_rules2_no_r";
+static const privileges_t SM_ALLOWED_PRIVILEGES = {
+ "security_manager_test_rules2_r",
+ "security_manager_test_rules2_no_r"
+};
+
+static const privileges_t SM_DENIED_PRIVILEGES = {
+ "security_manager_test_rules1",
+ "security_manager_test_rules2"
+};
+
static const char *const XATTR_NAME_TIZENEXEC = XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
static const rules_t SM_ALLOWED_RULES = {
{ "test_sm_subject_7", USER_APP_ID, "rwx" }
};
-static const char *const SM_DENIED_PERMISSION1 = "security_manager_test_rules1";
-static const char *const SM_DENIED_PERMISSION2 = "security_manager_test_rules2";
-
static const char *const SM_PRIVATE_PATH = "/etc/smack/test_DIR/app_dir";
static const char *const SM_PUBLIC_PATH = "/etc/smack/test_DIR/app_dir_public";
static const char *const SM_PUBLIC_RO_PATH = "/etc/smack/test_DIR/app_dir_public_ro";
return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
}
-
-RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
-
static app_inst_req* do_app_inst_req_new()
{
int result;
return req;
}
-RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
-{
- int result;
- AppInstReqUniquePtr request;
-
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing already installed app failed. Result: " << result);
-
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling already uninstalled app failed. Result: " << result);
-}
-
static void prepare_app_path()
{
int result;
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
}
+static void prepare_app_env()
+{
+ prepare_app_path();
+}
+
+/* TODO: add parameters to this function */
static void check_app_path_after_install()
{
int result;
RUNNER_ASSERT_MSG_BT(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
}
-static void check_app_permission_after_install()
+static void check_app_permissions(const char *const app_id, const char *const pkg_id,
+ const privileges_t &allowed_privs, const privileges_t &denied_privs,
+ const rules_t &allowed_rules, const rules_t &denied_rules)
{
bool result;
- result = check_all_accesses(smack_check(), SM_ALLOWED_RULES);
+ result = check_all_accesses(smack_check(), allowed_rules);
RUNNER_ASSERT_MSG_BT(result, "Permissions not added.");
- result = check_no_accesses(smack_check(), SM_DENIED_RULES);
+ result = check_no_accesses(smack_check(), denied_rules);
RUNNER_ASSERT_MSG_BT(result, "Permissions added.");
- check_perm_app_has_permission(USER_APP_ID, SM_ALLOWED_PERMISSION1, true);
- check_perm_app_has_permission(USER_APP_ID, SM_ALLOWED_PERMISSION2, true);
- check_perm_app_has_permission(USER_APP_ID, SM_DENIED_PERMISSION1, false);
- check_perm_app_has_permission(USER_APP_ID, SM_DENIED_PERMISSION2, false);
+ /* TODO: USER_APP_ID is hardcoded in the following checks, because libprivilege always generate
+ * label "User" for all installed apps. Adjust it when libprivilege is upgraded. */
+ (void)app_id; // unused parameter
+ (void)pkg_id; // unused parameter
+
+ for (auto it = allowed_privs.begin(); it != allowed_privs.end(); ++it)
+ check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), true);
+
+ for (auto it = denied_privs.begin(); it != denied_privs.end(); ++it)
+ check_perm_app_has_permission(USER_APP_ID, (*it).c_str(), false);
}
-static void prepare_app_env()
+static void check_app_after_install(const char *const app_id, const char *const pkg_id,
+ const privileges_t &allowed_privs, const privileges_t &denied_privs,
+ const rules_t &allowed_rules, const rules_t &denied_rules)
{
- prepare_app_path();
+ check_app_permissions(app_id, pkg_id,
+ allowed_privs, denied_privs,
+ allowed_rules, denied_rules);
}
-static void check_app_env_after_install()
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
+
+
+RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
{
- check_app_path_after_install();
- check_app_permission_after_install();
+ int result;
+ AppInstReqUniquePtr request;
+
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting pkg id failed. Result: " << result);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing app failed. Result: " << result);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing already installed app failed. Result: " << result);
+
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling app failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling already uninstalled app failed. Result: " << result);
}
RUNNER_TEST(security_manager_02_app_install_uninstall_full)
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting pkg id failed. Result: " << result);
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PERMISSION1);
+ result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting allowed permission failed. Result: " << result);
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PERMISSION2);
+ result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"setting allowed permission failed. Result: " << result);
RUNNER_ASSERT_MSG_BT((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
"installing app failed. Result: " << result);
- check_app_env_after_install();
+ check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
+ SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES,
+ SM_ALLOWED_RULES, SM_DENIED_RULES);
+
+ /* TODO: add parameters to this function */
+ check_app_path_after_install();
request.reset(do_app_inst_req_new());