From: Krzysztof Jackiewicz Date: Thu, 23 Apr 2020 08:24:07 +0000 (+0200) Subject: Add smack-privilege checkers to AppInstallHelperExt X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Ftest%2Fsecurity-tests.git;a=commitdiff_plain;h=928d4f71c25676a31149db45ee3feab07f31f59f Add smack-privilege checkers to AppInstallHelperExt Change-Id: I814dc54983ebcd4c42db8e8fbca36df71e732f54 --- diff --git a/src/security-manager-tests/common/app_install_helper_ext.cpp b/src/security-manager-tests/common/app_install_helper_ext.cpp index 2f4e0ee..cec5434 100644 --- a/src/security-manager-tests/common/app_install_helper_ext.cpp +++ b/src/security-manager-tests/common/app_install_helper_ext.cpp @@ -140,6 +140,27 @@ void AppInstallHelperExt::checkPrivilegeGroups(const PrivilegeVector &allowedPri checkGids(allowed_gids); } +void AppInstallHelperExt:: checkSmackPrivileges(const PrivilegeVector &allowedPrivs, + const PrivilegeVector &deniedPrivs) const +{ + auto& smackPrivilegeRules = PolicyConfiguration::getSmackPrivRulesMap(); + + auto getPrivilegeRules = [&](const PrivilegeVector &privs) { + std::vector rules; + + for (auto &priv : privs) { + auto it = smackPrivilegeRules.find(priv); + RUNNER_ASSERT_MSG(it != smackPrivilegeRules.end(), priv << " is not a smack privilege"); + + rules.insert(rules.end(), it->second.begin(), it->second.end()); + } + return rules; + }; + + checkSmackAccesses(getPrivilegeRules(allowedPrivs)); + checkSmackAccesses(getPrivilegeRules(deniedPrivs), false); +} + void AppInstallHelperExt::checkAfterInstall() const { static const std::vector staticRules[] = diff --git a/src/security-manager-tests/common/app_install_helper_ext.h b/src/security-manager-tests/common/app_install_helper_ext.h index 00c5c49..5b89d11 100644 --- a/src/security-manager-tests/common/app_install_helper_ext.h +++ b/src/security-manager-tests/common/app_install_helper_ext.h @@ -33,6 +33,8 @@ public: const PrivilegeVector &deniedPrivs) const; void checkDeniedPrivileges(const PrivilegeVector &deniedPrivs) const; void checkPrivilegeGroups(const PrivilegeVector &allowedPrivs) const; + void checkSmackPrivileges(const PrivilegeVector &allowedPrivs, + const PrivilegeVector &deniedPrivs = {}) const; void checkAfterInstall() const; void checkAfterUninstall(bool removePkg = true) const;