From: Dariusz Michaluk Date: Mon, 22 May 2017 15:29:33 +0000 (+0200) Subject: Adjust app defined privileges tests to license-manager changes X-Git-Tag: security-manager_5.5_testing~15^2~6 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Ftest%2Fsecurity-tests.git;a=commitdiff_plain;h=1b0ef1b4ab59d1412929c24447cea032225d4fe8 Adjust app defined privileges tests to license-manager changes Change-Id: I3b478b4e418e3df46e194cd13ec9524a57ab1d13 --- diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec index f981779..f815452 100644 --- a/packaging/security-tests.spec +++ b/packaging/security-tests.spec @@ -59,7 +59,8 @@ cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DAPP_USER="security_test_user" \ -DCKM_TEST_DIR=%{ckm_test_dir} \ -DCKM_RW_DATA_DIR=%{ckm_rw_data_dir} \ - -DGLOBAL_APP_DIR=%{TZ_SYS_RW_APP} + -DGLOBAL_APP_DIR=%{TZ_SYS_RW_APP} \ + -DLOCAL_APP_DIR="%{TZ_SYS_HOME}/security_test_user/apps_rw" make %{?jobs:-j%jobs} %install @@ -93,6 +94,7 @@ echo "security-tests postinst done ..." /etc/smack/test_smack_rules /etc/smack/test_smack_rules_lnk %{TZ_SYS_RW_APP}* +%{TZ_SYS_HOME}/security_test_user/apps_rw/* /usr/bin/cynara-test /usr/bin/ckm-tests /usr/bin/ckm-integration-tests diff --git a/src/security-manager-tests/CMakeLists.txt b/src/security-manager-tests/CMakeLists.txt index b986d9a..c5badf9 100644 --- a/src/security-manager-tests/CMakeLists.txt +++ b/src/security-manager-tests/CMakeLists.txt @@ -101,3 +101,8 @@ INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/src/security-manager-tests/app_files/ DESTINATION ${GLOBAL_APP_DIR} ) + +INSTALL(DIRECTORY + ${PROJECT_SOURCE_DIR}/src/security-manager-tests/app_files/ + DESTINATION ${LOCAL_APP_DIR} +) \ No newline at end of file diff --git a/src/security-manager-tests/app_files/app_def_client_01_pkg_id/cert/futuremind.der b/src/security-manager-tests/app_files/app_def_client_01_pkg_id/cert/futuremind.der new file mode 100644 index 0000000..939977f Binary files /dev/null and b/src/security-manager-tests/app_files/app_def_client_01_pkg_id/cert/futuremind.der differ diff --git a/src/security-manager-tests/app_files/app_def_client_01_pkg_id/cert/softwaremind.pem b/src/security-manager-tests/app_files/app_def_client_01_pkg_id/cert/softwaremind.pem new file mode 100644 index 0000000..3656f1c --- /dev/null +++ b/src/security-manager-tests/app_files/app_def_client_01_pkg_id/cert/softwaremind.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGKzCCBBOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCUEwx +ETAPBgNVBAcMCFdhcnN6YXdhMRUwEwYDVQQKDAxBQkMgU29mdHdhcmUxNzA1BgNV +BAMMLmh0dHA6Ly90aXplbi5vcmcvbGljZW5zZWQvYWJjc29mdHdhcmUvY2FsZW5k +YXIxJzAlBgkqhkiG9w0BCQEWGGRldmVsb3BlckBhYmNzb2Z0d2FyZS5wbDAeFw0x +NzA1MjIxMDQ1NDBaFw0yNzA1MjAxMDQ1NDBaMIGaMQswCQYDVQQGEwJQTDERMA8G +A1UEBwwIV2Fyc3phd2ExFTATBgNVBAoMDFNvZnR3YXJlTWluZDE3MDUGA1UEAwwu +aHR0cDovL3RpemVuLm9yZy9saWNlbnNlZC9hYmNzb2Z0d2FyZS9jYWxlbmRhcjEo +MCYGCSqGSIb3DQEJARYZZGV2ZWxvcGVyQHNvZnR3YXJlbWluZC5wbDCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKrQPv8BIr9nf1/vTy20NUUGlr9znzml +204IY9Ai9/TS2/MJ6QFECic8ZncY08vyioz6Kdq2SnRumDACcmOX3567Jz656+rH +SSuE8TWdl5BiuPZEyOFatn+QanvrBPnBYc4YVxfLosBlGkPWxO3XefbS4aXlSppk +uiNES0L41u0Do2UTmcKnWMuHPg8gh8eegpDSEettTlS91+LWIYnPFcnC9vivmKY3 +0nWuGpf5SqCj7ohILxQnUpdGJ9Cp/OptFSbLaPZUtPgIQZoUSQLEmeHo1na3s/8Q +9pnQPH9y/+fdv+O8IGEpaFZHtrLwWgZlfpvrFvz1dj3h+8M8GVlyazbeoDKMHuRo +GJlz/DccjEOmMcFDS4+eDCPw15gbivoxi79Dlisx9vwcdVVUfohBAuvPAEVH4EtF +SK0BIJvRhy9y1awTvRH2tZIPtDW6c4DVaYRzuJdjd/SyVN6l62NrHNecQ8DIS1e0 +uKcqy0BMPken7W7K6qPnG+vSxL8dow1SdlQIvOG05n8JJyNKVe1SVZzpzY54bWK1 +qsYyFcfLB89kCXMzOSYCQqCvurvZCV72tYCqPLCzI4rjTj/3RF5FJ8gRrcKKZ2C+ +C7ocxtyps5VScOTe9JFiKltPsIMfzqD0noz2nCqXsqSD1eYtUmSqdJHGhKsJ3Ys6 +HDGFdNJmpM8rAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w +ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRMmXV0qvxE2pWY +6eyKGANG67Tj9DAfBgNVHSMEGDAWgBRTIMeLiV3E5mZu1sfsWox9Iw1bZDANBgkq +hkiG9w0BAQsFAAOCAgEAgyhlvdFM7ZN9u7V0GKJMNSbKZ6Etk2LT+VZjIKtv28lw +Vchtp4LR5p3fCB17BTYgSno6PJmulx/Vku09r2LgN6eUxfzW41IQhMnngDi0QHOK +i9VdgC8e4CqJlDUBTpodDcAlDRJ0oDWW/sPJbHsuQ00kmiIYun4uxiiLY0gAMbF+ +Vk2bTlsr5NxBunNv5OCj6jf1dFFz45R31xyeDrUyQkjl3rWrDLRHfSFT2NHrszL5 +pueBbLY07qlbatMYF1Mv905YqFJtMVl0cHoqbk5r9rIRBph8DiH6HB5Hs2bk7wDO +7yN3ZOjkYwjqc3nCv/ijSGdZJKPWGGNClpYwoSCi1BTNRLDWpc5o1TrPc5y8rSJV +PIdt9JAiUSpB3n2zpyPZyU1pZuBCUbU75GflfJsv2B2hj04bfTEo092/dn7geaQs +b57UALs5t2CrBrc5Y6HHlwTG9ui99YFLe2n8nk7YTpz31ApvhI1a6L2/rH0jCXdx +pEqirQ4PWJlk/xVUddOR29a6QV9nDlL4la58qPImjRyfDsZhnSsF8jkWAa1J2wHM +fEiT0SVQr7Zalmkd8zAiOTI+wn59pfmrKK+KmQXgRvf0UidGoNKa+zlLOTME2qbS +1GSU+c6QAxP4W5Q7M7akjxx2FOV3UiXX31CoU0Zf0agidinNcTLn3V4Tkz3gvyA= +-----END CERTIFICATE----- diff --git a/src/security-manager-tests/app_files/app_def_provider_01_pkg_id/cert/abcsoftware.pem b/src/security-manager-tests/app_files/app_def_provider_01_pkg_id/cert/abcsoftware.pem new file mode 100644 index 0000000..261c43a --- /dev/null +++ b/src/security-manager-tests/app_files/app_def_provider_01_pkg_id/cert/abcsoftware.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGBzCCA++gAwIBAgIJAIKqRu4TspIQMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD +VQQGEwJQTDERMA8GA1UEBwwIV2Fyc3phd2ExFTATBgNVBAoMDEFCQyBTb2Z0d2Fy +ZTE3MDUGA1UEAwwuaHR0cDovL3RpemVuLm9yZy9saWNlbnNlZC9hYmNzb2Z0d2Fy +ZS9jYWxlbmRhcjEnMCUGCSqGSIb3DQEJARYYZGV2ZWxvcGVyQGFiY3NvZnR3YXJl +LnBsMB4XDTE3MDUyMjEwMzc1NFoXDTI3MDUyMDEwMzc1NFowgZkxCzAJBgNVBAYT +AlBMMREwDwYDVQQHDAhXYXJzemF3YTEVMBMGA1UECgwMQUJDIFNvZnR3YXJlMTcw +NQYDVQQDDC5odHRwOi8vdGl6ZW4ub3JnL2xpY2Vuc2VkL2FiY3NvZnR3YXJlL2Nh +bGVuZGFyMScwJQYJKoZIhvcNAQkBFhhkZXZlbG9wZXJAYWJjc29mdHdhcmUucGww +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3Tr3uFl1xC84/8JNRVPbh +w+tj8oC5BQ0Tg+bKf42nsBKOKJocvoyrNY6z3WhFDHbrlMDnbv3sy7/5n+mop8de +BACEFU0X1SHE84+GiVi1k4b16btdoDONDmkWP40wrMdPMEvF8nIvAgiU9dsjGHlC +vP1jRlI1bVuz3xbsChZ3s+XLyd7/fvPsun3cEdr9OA5qMSyi6YPRlXPjlxSu6gDt +hdR7K8dsUceq7xbNBZnXgBAEbrK+A39/qGcFZo9qqnxGARVlJHwCOUl7dbgqe2Il +RmeZ4EuUnrFHO/eFTTkwQYDfrMLkbYqClpLoP75snEiPkzmTH+GdlqDOoUH7CTFF +IVKTDjoj+//KEfSTp8TJoORKQgE23CALZMpxmOMCqx84EKwmjW+d0WXVt/7yJdi2 +u8aLVXD8GJPKbjJTYU+otkCTVyNtRdyg6bv+D1mIHCpTKE4LUnP52Xvca31KTg5j +sCzyu+7JmYWNMrt7uenpMCG8F9pKLWBcZ+5srOC47MKMRKcd25JA2NXj3f7YMY08 +G+DQLoqbx3PUzxoSK1fB1S/qFVe1z/9QFX92dIweoU23MJZbMxjCT9triwW8lWrW +palLiuJASST+neYve6tNMRsrz1yuZzYbjmIzAoKPxl+L4lMY/4xInC/h8R1u2bPA +GMrZElXoWgVlEB9GvOgbPwIDAQABo1AwTjAdBgNVHQ4EFgQUUyDHi4ldxOZmbtbH +7FqMfSMNW2QwHwYDVR0jBBgwFoAUUyDHi4ldxOZmbtbH7FqMfSMNW2QwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAMoO7zVSwyKa6uvKpXPsdN9zfbAZj +62p+BG1qwM16YUCT6Df8efgeX+s5+pJN1dEbrKedQoRJv1+WxiupwNs8BwTapc0D +sy8Yap3iwxdQPHgn9z19xOnGdMQxszGlUjNY6zsoc9Cr7c29Oz/a6ZmrJiJ+lVNN +YZxhcm8p654BtPbQzZp1vlCTAZv30EQzSplhZTN/ifxihFGAgGKDu8mQEKlj1WMr +gD++SyJCWV6hfseNLxfwd8pSvc+OpiTgTNel0SNXW1mpXyN648RqpwFk9SbvjxE3 +7d5uq3THraMj4/2DG4bMUqkFe5oiB2NHHeIE13dqk0vKkoztPwYWf6WfedS9h68e +4ZY8xxvBct/EtM939npkPdQzzMab2D/bT3T1fW3iHG2CuUPj4MgI+lsSkbEontNE +OYMCFCasXpOOUKLlVqnOC5saaZS9bE7CVeCWffBvP6sSuWweOpnOfuDSRzHgtFIu +r91r5WuRM8jtIBTIza2OqaVpUHoRWGWsMaAi7ZfZWImo3ipAmpCi2lTkK8Ima5lu +m6i5OoP3c/fgNLIbG45tEeylq+6qmr571rBSU6GUjQKCmNb3eLeiX4wdGVAwnwM1 +f9hXxpsGOeTQLxpfvJ23yzLo8YszPfs4yF0DRrCKU3aUnx8x7yqMdyT17koxtmwv +FvrHx6xiu0jNt+o= +-----END CERTIFICATE----- diff --git a/src/security-manager-tests/app_files/app_def_provider_01_pkg_id/cert/xyzsoftware.der b/src/security-manager-tests/app_files/app_def_provider_01_pkg_id/cert/xyzsoftware.der new file mode 100644 index 0000000..43592a2 Binary files /dev/null and b/src/security-manager-tests/app_files/app_def_provider_01_pkg_id/cert/xyzsoftware.der differ diff --git a/src/security-manager-tests/app_files/app_def_provider_02_pkg_id/cert/xyzsoftware.pem b/src/security-manager-tests/app_files/app_def_provider_02_pkg_id/cert/xyzsoftware.pem new file mode 100644 index 0000000..dac26ce --- /dev/null +++ b/src/security-manager-tests/app_files/app_def_provider_02_pkg_id/cert/xyzsoftware.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGAzCCA+ugAwIBAgIJAMW2m1NESRlDMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD +VQQGEwJQTDERMA8GA1UEBwwIV2Fyc3phd2ExFTATBgNVBAoMDFhZWiBTb2Z0d2Fy +ZTE1MDMGA1UEAwwsaHR0cDovL3RpemVuLm9yZy9saWNlbnNlZC94eXpzb2Z0d2Fy +ZS9jYW1lcmExJzAlBgkqhkiG9w0BCQEWGGRldmVsb3BlckB4eXpzb2Z0d2FyZS5w +bDAeFw0xNzA1MjIxMDM5NTZaFw0yNzA1MjAxMDM5NTZaMIGXMQswCQYDVQQGEwJQ +TDERMA8GA1UEBwwIV2Fyc3phd2ExFTATBgNVBAoMDFhZWiBTb2Z0d2FyZTE1MDMG +A1UEAwwsaHR0cDovL3RpemVuLm9yZy9saWNlbnNlZC94eXpzb2Z0d2FyZS9jYW1l +cmExJzAlBgkqhkiG9w0BCQEWGGRldmVsb3BlckB4eXpzb2Z0d2FyZS5wbDCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANM4GnuC3K+PfvgLEMorjNbagbsD +ldcs2boeI40Dh62yZcZs0/UnbhPGZsqqYqksAuSgKi+E8biViimE7ocUdTv9zO/8 +C/JpOJ+yFmjS5rp+XW7rQfvT3MTAQhCioQzIgCZ2mSGjS7EecBHBJ6RslLJ5xK0K +M5IVg6o5R+wBmQ8t+vnLZlFByzbOSIJQiV+DIk6wkBrVDBVlN3CxotxH63+LRpYG +G688phYaSOh45X+OT61+YZlET72wqovt38sMfUfVk6e8LhSUgZ01JAw+2wj1FiAL +mlwS9YjpRBhikChiuqM8MygMZWxiG9hMYaKiAdUnxewFn9uft2VgumlDsoNXa7rv +3NZuwFpA4Rn5BAYXzug+qYEwQBgaUdjaTA6eZX0lIgqTlAD4KrO4VlvqeHpHhsxz +djKbUZUJ4C2ipY69uqljgkcNGR5G1jxKcu36N8UbQuqbLpeD/hBercIDvZxxNTFq +PM0GOoy5vxnw+D8S/+Zhmz0gVfYOwsgKHj8qqeLzLuv7am41oj3JJXTwZ+a5rsLL +dVJRKv0cuQHNLczTkHvUxT9r8IFAHbW4TrNSfFyuL24ZBGugosZphL2w/DH8+Vl5 +rUzB2697B2EiyNFbXvb+om0bRvP/kfrV29PXNfuh2ON7gOJ1LechSbYSXBzPcxb0 +QlLUxUUK7JXZ1EUDAgMBAAGjUDBOMB0GA1UdDgQWBBQTkNCAM9/lC6vAN3IRb6ix +tETxJzAfBgNVHSMEGDAWgBQTkNCAM9/lC6vAN3IRb6ixtETxJzAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCWx5LuvRjS8LSUcVd08J1zfxoPo+uoDsQ6 +N3Y6Il/v4vo/L2BZGcsL/hL9XC25JXc4n3AePigEqvOuLytydRnbQsTtInSChWdC +wsiVFDL+3nh4wQI6oNAejB4/he5kRNToL8Jzj5FF63OIDhirOO4IDQLROXpJACpW +e1tyR6RmoSSR2/H29dFac33sXsd7ear9qVNYk7taKfRgYcW08ihTRJB30VZ5w8t+ +w35OWq3Uviz7LTfnRlf78OuPtR9COaSGuNvptJiPc8UenK0aFN16u42gCGStRxNh +BYOvBxwLlZw2c6waQak5hMka5DDqw4AQQV+SW6iVglAOs4uUh0TSSvH3ENpcAS6k +ceeQT1PpJ5pVjHWMY9yFGIDU+neVPJSRJrhAv4apsGKvAsI4kBUbdhN3A1trNx74 +VztboL8fNIzaZgHAy1N78sSRKfvY4B8SZkBmoUKD6zSsVvrWX4awkZ9KxP0LXDaI +1PpMTEB7JpcwPIc4tOVeo7u3KpDBWoxAhfJwEuta72zKteC+G5+pBOH3nPZmjpVV +aELnXNDOegA270vSrXDOibvuhTWN0XJhzSAsh1PHH82mIg/goXSky2uiS4y19GDW +WUW2Mj1V9+DSd7htYBLJLGgcQg4uJDtoLjOzv7W0ajeLy/P8oHpGJjjMt/I/PDTF +f0AFDypwwg== +-----END CERTIFICATE----- diff --git a/src/security-manager-tests/test_cases_app_defined_privilege.cpp b/src/security-manager-tests/test_cases_app_defined_privilege.cpp index 0de22f9..ee78b50 100644 --- a/src/security-manager-tests/test_cases_app_defined_privilege.cpp +++ b/src/security-manager-tests/test_cases_app_defined_privilege.cpp @@ -36,228 +36,258 @@ using namespace SecurityManagerTest; RUNNER_CHILD_TEST(app_defined_01_global_install_untrusted) { - const Privilege privilege("http://tizen.org/applicationDefinedPrivilege/app_defined_01", - Privilege::UNTRUSTED); - const std::string providerAppId = "app_def_01_provider_appid"; - const std::string consumerAppId = "app_def_01_client_appid"; + const Privilege privilege( + "http://tizen.org/untrusted/devstudio/statistic", + Privilege::UNTRUSTED); + const std::string providerAppId = "app_def_01_provider"; + const std::string clientAppId = "app_def_01_client"; const std::string ownerId = "5001"; const std::string session = "S0M3S3SSI0N"; AppInstallHelper provider(providerAppId); - AppInstallHelper consumer(consumerAppId); + AppInstallHelper client(clientAppId); - std::string consumerLabel = consumer.generateAppLabel(); + std::string clientLabel = client.generateAppLabel(); provider.addAppDefinedPrivilege(privilege); - consumer.addPrivilege(privilege); + client.addPrivilege(privilege); ScopedInstaller req1(provider); - ScopedInstaller req2(consumer); + ScopedInstaller req2(client); CynaraTestClient::Client cynara; - cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED); // uninstall provider req1.uninstallApp(); - cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED); } RUNNER_CHILD_TEST(app_defined_02_global_install_licensed) { - const Privilege privilege("http://tizen.org/licensedPrivilege/app_defined_02", - "/opt/data/app_defined_02/res/license"); - const std::string providerAppId = "app_def_02_provider_appid"; - const std::string consumerAppId = "app_def_02_client_appid"; + const Privilege providerPrivilegeLicense( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem"); + const Privilege clientPrivilegeLicense( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem"); + const std::string providerAppId = "app_def_provider_01"; + const std::string clientAppId = "app_def_client_01"; const std::string ownerId = "5001"; const std::string session = "S0M33S3SSI0N"; AppInstallHelper provider(providerAppId); - AppInstallHelper consumer(consumerAppId); + AppInstallHelper client(clientAppId); - std::string consumerLabel = consumer.generateAppLabel(); + std::string clientLabel = client.generateAppLabel(); - provider.addAppDefinedPrivilege(privilege); - consumer.addPrivilege(privilege); + provider.addAppDefinedPrivilege(providerPrivilegeLicense); + client.addPrivilege(clientPrivilegeLicense); ScopedInstaller req1(provider); - ScopedInstaller req2(consumer); + ScopedInstaller req2(client); CynaraTestClient::Client cynara; - cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_ALLOWED); // uninstall provider req1.uninstallApp(); - cynara.check(consumerLabel, session, ownerId, privilege, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED); } RUNNER_CHILD_TEST(app_defined_03_database_update) { - // Because of a bug in implementation during installation of - // providerB privileges of providerA were deleted from cynara - // database. This test should check if bug was fixed. - Privilege privilegeA("http://tizen.org/licensedPrivilege/app_defined_03a", - "/opt/data/app_defined_03a/res/license"); - Privilege privilegeB("http://tizen.org/licensedPrivilege/app_defined_03b", - "/opt/data/app_defined_03b/res/license"); - const std::string providerAppIdA = "app_def_03a_provider_appid"; - const std::string providerAppIdB = "app_def_03b_provider_appid"; - const std::string consumerAppId = "app_def_03_client_appid"; + const Privilege providerPrivilegeLicenseA( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem"); + const Privilege clientPrivilegeLicenseA( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem"); + const Privilege providerPrivilegeLicenseB( + "http://tizen.org/licensed/xyzsoftware/camera", + "/opt/usr/globalapps/app_def_provider_02_pkg_id/cert/xyzsoftware.pem"); + const Privilege clientPrivilegeLicenseB( + "http://tizen.org/licensed/xyzsoftware/camera", + "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der"); + + const std::string providerAppIdA = "app_def_provider_01"; + const std::string providerAppIdB = "app_def_provider_02"; + const std::string clientAppId = "app_def_client_01"; const std::string ownerId = "5001"; const std::string session = "S0M33S3SSI0N"; AppInstallHelper providerA(providerAppIdA); AppInstallHelper providerB(providerAppIdB); - AppInstallHelper consumer(consumerAppId); - - std::string consumerLabel = consumer.generateAppLabel(); + AppInstallHelper client(clientAppId); + client.setHybrid(); + std::string clientLabel = client.generateAppLabel(); - providerA.addAppDefinedPrivilege(privilegeA); - providerB.addAppDefinedPrivilege(privilegeB); - consumer.addPrivilege(privilegeA); - consumer.addPrivilege(privilegeB); + providerA.addAppDefinedPrivilege(providerPrivilegeLicenseA); + providerB.addAppDefinedPrivilege(providerPrivilegeLicenseB); + client.addPrivilege(clientPrivilegeLicenseA); + client.addPrivilege(clientPrivilegeLicenseB); ScopedInstaller req1(providerA); ScopedInstaller req2(providerB); - ScopedInstaller req3(consumer); + ScopedInstaller req3(client); CynaraTestClient::Client cynara; - cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED); // uninstall providerA req1.uninstallApp(); - cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED); // uninstall providerB req2.uninstallApp(); - cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED); } RUNNER_CHILD_TEST(app_defined_04_app_update) { - const Privilege privilegeA("http://tizen.org/licensedPrivilege/app_defined_04a", - "/opt/data/app_defined_04a/res/license"); - const Privilege privilegeB("http://tizen.org/applicationDefinedPrivilege/app_defined_04b", - Privilege::UNTRUSTED); - const Privilege privilegeC("http://tizen.org/licensedPrivilege/app_defined_04c", - "/opt/data/app_defined_04c/res/license"); - const std::string providerAppId = "app_def_04_provider_appid"; - const std::string consumerAppId = "app_def_04_client_appid"; + const Privilege providerPrivilegeLicenseA( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem"); + const Privilege clientPrivilegeLicenseA( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem"); + const Privilege privilegeB( + "http://tizen.org/untrusted/devstudio/statistic", + Privilege::UNTRUSTED); + const Privilege providerPrivilegeLicenseC( + "http://tizen.org/licensed/xyzsoftware/camera", + "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der"); + const Privilege clientPrivilegeLicenseC( + "http://tizen.org/licensed/xyzsoftware/camera", + "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der"); + + const std::string providerAppId = "app_def_provider_01"; + const std::string clientAppId = "app_def_client_01"; const std::string ownerId = "5001"; const std::string session = "S0M33S3SSI0N"; AppInstallHelper providerV1(providerAppId); AppInstallHelper providerV2(providerAppId); - AppInstallHelper consumer(consumerAppId); + AppInstallHelper client(clientAppId); - std::string consumerLabel = consumer.generateAppLabel(); + std::string clientLabel = client.generateAppLabel(); - providerV1.addAppDefinedPrivilege(privilegeA); + providerV1.addAppDefinedPrivilege(providerPrivilegeLicenseA); providerV1.addAppDefinedPrivilege(privilegeB); - consumer.addPrivilege(privilegeA); - consumer.addPrivilege(privilegeB); - consumer.addPrivilege(privilegeC); + client.addPrivilege(clientPrivilegeLicenseA); + client.addPrivilege(privilegeB); + client.addPrivilege(clientPrivilegeLicenseC); ScopedInstaller req1(providerV1); - ScopedInstaller req2(consumer); + ScopedInstaller req2(client); CynaraTestClient::Client cynara; - cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_DENIED); // update provider version, remove privilegeA, add privilegeC providerV2.addAppDefinedPrivilege(privilegeB); - providerV2.addAppDefinedPrivilege(privilegeC); + providerV2.addAppDefinedPrivilege(providerPrivilegeLicenseC); ScopedInstaller req3(providerV2); - cynara.check(consumerLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseA, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicenseC, CYNARA_API_ACCESS_ALLOWED); } RUNNER_CHILD_TEST(app_defined_05_global_local_install) { - const Privilege privilegeA("http://tizen.org/licensedPrivilege/app_defined_05a", - Privilege::UNTRUSTED); - const Privilege privilegeB("http://tizen.org/applicationDefinedPrivilege/app_defined_05b", - "/opt/data/app_defined_05b/res/license"); - const Privilege privilegeC("http://tizen.org/applicationDefinedPrivilege/app_defined_05c", - Privilege::UNTRUSTED); - const std::string providerAppId = "app_def_05_provider_appid"; - const std::string consumerAppId = "app_def_05_client_appid"; + const Privilege privilegeA( + "http://tizen.org/untrusted/devstudio/statistic", + Privilege::UNTRUSTED); + const Privilege providerLocalPrivilegeLicenseB( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem"); + const Privilege clientGlobalPrivilegeLicenseB( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/softwaremind.pem"); + const Privilege clientLocalPrivilegeLicenseB( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem"); + const Privilege privilegeC( + "http://tizen.org/untrusted/gamestudio/football", + Privilege::UNTRUSTED); + + const std::string providerAppId = "app_def_provider_01"; + const std::string clientAppId = "app_def_client_01"; const std::string ownerId = "5001"; const std::string bobId = "5002"; const std::string session = "S0M33S3SSI0N"; AppInstallHelper providerGlobal(providerAppId); AppInstallHelper providerLocal(providerAppId, 5002); - AppInstallHelper consumerGlobal(consumerAppId); - AppInstallHelper consumerLocal(consumerAppId, 5002); + AppInstallHelper clientGlobal(clientAppId); + AppInstallHelper clientLocal(clientAppId, 5002); - std::string consumerGlobalLabel = consumerGlobal.generateAppLabel(); - std::string consumerLocalLabel = consumerLocal.generateAppLabel(); + std::string clientGlobalLabel = clientGlobal.generateAppLabel(); + std::string clientLocalLabel = clientLocal.generateAppLabel(); providerGlobal.addAppDefinedPrivilege(privilegeA); providerGlobal.addAppDefinedPrivilege(privilegeC); providerLocal.addAppDefinedPrivilege(privilegeA); - providerLocal.addAppDefinedPrivilege(privilegeB); + providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseB); - consumerGlobal.addPrivilege(privilegeA); - consumerGlobal.addPrivilege(privilegeB); - consumerGlobal.addPrivilege(privilegeC); - - consumerLocal.addPrivilege(privilegeB); - consumerLocal.addPrivilege(privilegeC); + clientGlobal.addPrivilege(privilegeA); + clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB); + clientGlobal.addPrivilege(privilegeC); + clientLocal.addPrivilege(clientLocalPrivilegeLicenseB); + clientLocal.addPrivilege(privilegeC); CynaraTestClient::Client cynara; // local provider only and global consumer only ScopedInstaller req1(providerLocal); - ScopedInstaller req2(consumerGlobal); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerGlobalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED); + ScopedInstaller req2(clientGlobal); + cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_DENIED); + cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED); + cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_DENIED); + cynara.check(clientGlobalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientGlobalLabel, session, bobId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientGlobalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED); // local provider only and global/local consumer - ScopedInstaller req3(consumerLocal); - cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED); + ScopedInstaller req3(clientLocal); + cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED); // global/local provider and global/local consumer ScopedInstaller req4(providerGlobal); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_ALLOWED); - //cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED); + cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED); + cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_ALLOWED); + //cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_DENIED); // global provider only and global/local consumer req1.uninstallApp(); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerLocalLabel, session, bobId, privilegeB, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED); + cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientLocalLabel, session, bobId, privilegeA, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLocalLabel, session, bobId, clientLocalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED); + cynara.check(clientLocalLabel, session, bobId, privilegeC, CYNARA_API_ACCESS_ALLOWED); // global provider only and global consumer only req3.uninstallApp(); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeB, CYNARA_API_ACCESS_DENIED); - cynara.check(consumerGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientGlobalLabel, session, ownerId, privilegeA, CYNARA_API_ACCESS_ALLOWED); + cynara.check(clientGlobalLabel, session, ownerId, clientGlobalPrivilegeLicenseB, CYNARA_API_ACCESS_DENIED); + cynara.check(clientGlobalLabel, session, ownerId, privilegeC, CYNARA_API_ACCESS_ALLOWED); } RUNNER_CHILD_TEST(app_defined_06_get_provider) @@ -265,15 +295,17 @@ RUNNER_CHILD_TEST(app_defined_06_get_provider) int result; char *pkgId = nullptr; char *appId = nullptr; - const Privilege privilegeA("http://tizen.org/applicationDefinedPrivilege/app_defined_06a", - Privilege::UNTRUSTED); - const Privilege privilegeB("http://tizen.org/applicationDefinedPrivilege/app_defined_06b", - Privilege::UNTRUSTED); - const std::string providerId = "app_def_06_provider"; + const Privilege privilegeA( + "http://tizen.org/untrusted/devstudio/statistic", + Privilege::UNTRUSTED); + const Privilege privilegeB( + "http://tizen.org/untrusted/gamestudio/running", + Privilege::UNTRUSTED); + const std::string providerAppId = "app_def_06_provider"; uid_t uid = 5001; - AppInstallHelper providerGlobal(providerId); - AppInstallHelper providerLocal(providerId, uid); + AppInstallHelper providerGlobal(providerAppId); + AppInstallHelper providerLocal(providerAppId, uid); providerGlobal.addAppDefinedPrivilege(privilegeB); providerLocal.addAppDefinedPrivilege(privilegeA); ScopedInstaller req1(providerGlobal); @@ -334,22 +366,23 @@ RUNNER_CHILD_TEST(app_defined_07_get_provider_license) { int result; char *license = nullptr; - const Privilege privilegeA("http://tizen.org/applicationDefinedPrivilege/app_defined_07a", - "/opt/data/app_defined_07a/res/license"); - const Privilege privilegeB("http://tizen.org/applicationDefinedPrivilege/app_defined_07b", - "/opt/data/app_defined_07b/res/license"); - const Privilege privilegeC("http://tizen.org/applicationDefinedPrivilege/app_defined_07c", - "/opt/data/app_defined_07c/res/license"); - const Privilege privilegeCuntrusted(privilegeC.getName(), Privilege::UNTRUSTED); - const std::string providerId = "app_def_07_provider"; - uid_t uid = 5001; + const Privilege providerLocalPrivilegeLicenseA( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/home/security_test_user/apps_rw/app_def_provider_01_pkg_id/cert/abcsoftware.pem"); + const Privilege providerGlobalPrivilegeLicenseB( + "http://tizen.org/licensed/xyzsoftware/camera", + "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/xyzsoftware.der"); + const Privilege privilegeBuntrusted( + providerGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED); + + const std::string providerAppId = "app_def_provider_01"; + uid_t uid = 5002; - AppInstallHelper providerGlobal(providerId); - AppInstallHelper providerLocal(providerId, uid); - providerGlobal.addAppDefinedPrivilege(privilegeB); - providerGlobal.addAppDefinedPrivilege(privilegeC); - providerLocal.addAppDefinedPrivilege(privilegeA); - providerLocal.addAppDefinedPrivilege(privilegeCuntrusted); + AppInstallHelper providerGlobal(providerAppId); + AppInstallHelper providerLocal(providerAppId, uid); + providerGlobal.addAppDefinedPrivilege(providerGlobalPrivilegeLicenseB); + providerLocal.addAppDefinedPrivilege(providerLocalPrivilegeLicenseA); + providerLocal.addAppDefinedPrivilege(privilegeBuntrusted); ScopedInstaller req1(providerGlobal); ScopedInstaller req2(providerLocal); @@ -358,37 +391,31 @@ RUNNER_CHILD_TEST(app_defined_07_get_provider_license) RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM); RUNNER_ASSERT(license == nullptr); - result = security_manager_get_app_defined_privilege_license(privilegeA, uid, nullptr); + result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, nullptr); RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM); result = security_manager_get_app_defined_privilege_license("noExistingPrivilege", uid, &license); RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); RUNNER_ASSERT(license == nullptr); - result = security_manager_get_app_defined_privilege_license(privilegeC, uid, &license); + result = security_manager_get_app_defined_privilege_license(privilegeBuntrusted, uid, &license); RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); RUNNER_ASSERT(license == nullptr); - result = security_manager_get_app_defined_privilege_license(privilegeA, uid+1, &license); + result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid+1, &license); RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); RUNNER_ASSERT(license == nullptr); - result = security_manager_get_app_defined_privilege_license(privilegeB, uid, &license); - RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed"); - RUNNER_ASSERT(license && privilegeB.getLicense() == license); - free(license); - license = nullptr; - - result = security_manager_get_app_defined_privilege_license(privilegeA, uid, &license); + result = security_manager_get_app_defined_privilege_license(providerLocalPrivilegeLicenseA, uid, &license); RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed"); - RUNNER_ASSERT(license && privilegeA.getLicense() == license); + RUNNER_ASSERT(license && providerLocalPrivilegeLicenseA.getLicense() == license); free(license); license = nullptr; req2.uninstallApp(); - result = security_manager_get_app_defined_privilege_license(privilegeC, uid, &license); + result = security_manager_get_app_defined_privilege_license(providerGlobalPrivilegeLicenseB, uid, &license); RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege provider license failed"); - RUNNER_ASSERT(license && privilegeC.getLicense() == license); + RUNNER_ASSERT(license && providerGlobalPrivilegeLicenseB.getLicense() == license); free(license); license = nullptr; } @@ -397,24 +424,23 @@ RUNNER_CHILD_TEST(app_defined_08_add_get_client_license) { int result; char *license = nullptr; - - const Privilege privilegeA("http://tizen.org/applicationDefinedPrivilege/app_defined_08a", - "/opt/data/app_defined_08a/res/license"); - const Privilege privilegeB("http://tizen.org/applicationDefinedPrivilege/app_defined_08b", - "/opt/data/app_defined_08b/res/license"); - const Privilege privilegeC("http://tizen.org/applicationDefinedPrivilege/app_defined_08c", - "/opt/data/app_defined_08c/res/license"); - const Privilege privilegeCunset(privilegeC.getName(), Privilege::UNTRUSTED); - - const std::string clientId = "app_def_08_client"; - uid_t uid = 5001; - - AppInstallHelper clientGlobal(clientId); - AppInstallHelper clientLocal(clientId, uid); - clientGlobal.addPrivilege(privilegeB); - clientGlobal.addPrivilege(privilegeC); - clientLocal.addPrivilege(privilegeA); - clientLocal.addPrivilege(privilegeCunset); + const Privilege clientLocalPrivilegeLicenseA( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/home/security_test_user/apps_rw/app_def_client_01_pkg_id/cert/softwaremind.pem"); + const Privilege clientGlobalPrivilegeLicenseB( + "http://tizen.org/licensed/xyzsoftware/camera", + "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der"); + const Privilege privilegeBuntrusted( + clientGlobalPrivilegeLicenseB.getName(), Privilege::UNTRUSTED); + + const std::string clientAppId = "app_def_client_01"; + uid_t uid = 5002; + + AppInstallHelper clientGlobal(clientAppId); + AppInstallHelper clientLocal(clientAppId, uid); + clientGlobal.addPrivilege(clientGlobalPrivilegeLicenseB); + clientLocal.addPrivilege(clientLocalPrivilegeLicenseA); + clientLocal.addPrivilege(privilegeBuntrusted); ScopedInstaller req1(clientGlobal); ScopedInstaller req2(clientLocal); @@ -424,12 +450,12 @@ RUNNER_CHILD_TEST(app_defined_08_add_get_client_license) RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM); RUNNER_ASSERT(license == nullptr); - result = security_manager_get_client_privilege_license(privilegeA, nullptr, + result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, nullptr, uid, &license); RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM); RUNNER_ASSERT(license == nullptr); - result = security_manager_get_client_privilege_license(privilegeA, + result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, clientLocal.getAppId().c_str(), uid, nullptr); RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_INPUT_PARAM); @@ -440,50 +466,78 @@ RUNNER_CHILD_TEST(app_defined_08_add_get_client_license) RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); RUNNER_ASSERT(license == nullptr); - result = security_manager_get_client_privilege_license(privilegeA, "noExistingApp", + result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, "noExistingApp", uid, &license); RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); RUNNER_ASSERT(license == nullptr); - result = security_manager_get_client_privilege_license(privilegeC, + result = security_manager_get_client_privilege_license(privilegeBuntrusted, clientLocal.getAppId().c_str(), uid, &license); RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); RUNNER_ASSERT(license == nullptr); - result = security_manager_get_client_privilege_license(privilegeA, + result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, clientLocal.getAppId().c_str(), uid+1, &license); RUNNER_ASSERT(result == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT); RUNNER_ASSERT(license == nullptr); - result = security_manager_get_client_privilege_license(privilegeA, + result = security_manager_get_client_privilege_license(clientLocalPrivilegeLicenseA, clientLocal.getAppId().c_str(), uid, &license); RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed"); - RUNNER_ASSERT(license && privilegeA.getLicense() == license); + RUNNER_ASSERT(license && clientLocalPrivilegeLicenseA.getLicense() == license); free(license); license = nullptr; req2.uninstallApp(); - result = security_manager_get_client_privilege_license(privilegeB, + result = security_manager_get_client_privilege_license(clientGlobalPrivilegeLicenseB, clientGlobal.getAppId().c_str(), uid, &license); RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS, "getting privilege license failed"); - RUNNER_ASSERT(license && privilegeB.getLicense() == license); + RUNNER_ASSERT(license && clientGlobalPrivilegeLicenseB.getLicense() == license); free(license); license = nullptr; } RUNNER_CHILD_TEST(app_defined_09_check_system_privileges) { - const std::string providerId = "app_def_09_provider"; + const std::string providerAppId = "app_def_09_provider"; const Privilege privilege("http://tizen.org/privilege/internet", Privilege::UNTRUSTED); InstallRequest requestInst; - requestInst.setAppId(providerId); - requestInst.setPkgId(providerId); + requestInst.setAppId(providerAppId); + requestInst.setPkgId(providerAppId); requestInst.addAppDefinedPrivilege(privilege); Api::install(requestInst, SECURITY_MANAGER_ERROR_INPUT_PARAM); Api::uninstall(requestInst); +} + +RUNNER_CHILD_TEST(app_defined_10_invalid_license) +{ + const Privilege providerPrivilegeLicense( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/globalapps/app_def_provider_01_pkg_id/cert/abcsoftware.pem"); + const Privilege clientPrivilegeLicense( + "http://tizen.org/licensed/abcsoftware/calendar", + "/opt/usr/globalapps/app_def_client_01_pkg_id/cert/futuremind.der"); + const std::string providerAppId = "app_def_provider_01"; + const std::string clientAppId = "app_def_client_01"; + const std::string ownerId = "5001"; + const std::string session = "S0M33S3SSI0N"; + + AppInstallHelper provider(providerAppId); + AppInstallHelper client(clientAppId); + client.setHybrid(); + std::string clientLabel = client.generateAppLabel(); + + provider.addAppDefinedPrivilege(providerPrivilegeLicense); + client.addPrivilege(clientPrivilegeLicense); + + ScopedInstaller req1(provider); + ScopedInstaller req2(client); + + CynaraTestClient::Client cynara; + cynara.check(clientLabel, session, ownerId, clientPrivilegeLicense, CYNARA_API_ACCESS_DENIED); } \ No newline at end of file