From 697f7e62ffd5232565e8d9a06c9181650935166a Mon Sep 17 00:00:00 2001 From: Tomasz Swierczek Date: Mon, 17 Oct 2016 10:12:03 +0200 Subject: [PATCH] SM : added ASKUSER policy test cases to privacy_manager test suite Change-Id: I8a2c2e430c25e52880847ca3351042754f4871e8 --- CMakeLists.txt | 4 + packaging/security-tests.spec | 1 + src/security-manager-tests/CMakeLists.txt | 1 + .../common/policy_configuration.cpp | 8 ++ .../common/policy_configuration.h | 2 + .../test_cases_privacy_manager.cpp | 156 +++++++++++++++++++++ 6 files changed, 172 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1c898a3..a89c09c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -86,6 +86,10 @@ ADD_DEFINITIONS("-Wno-deprecated-declarations") # No warnings abou ADD_DEFINITIONS("-DCYNARA_DB_DIR=\"${CYNARA_DB_DIR}\"") ADD_DEFINITIONS("-DAPP_USER=\"${APP_USER}\"") +# Enabler for popups; this should be done on system-level somewhere, but since it isn't +# and we already have such definition in security-manager, lets have it also here +ADD_DEFINITIONS("-DASKUSER_ENABLED") + IF(SMACK_ENABLE) ADD_DEFINITIONS("-DWRT_SMACK_ENABLED") ENDIF(SMACK_ENABLE) diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec index 4be1f8d..5e3f9fe 100644 --- a/packaging/security-tests.spec +++ b/packaging/security-tests.spec @@ -28,6 +28,7 @@ BuildRequires: pkgconfig(libtzplatform-config) BuildRequires: boost-devel BuildRequires: pkgconfig(vconf) BuildRequires: pkgconfig(libgum) >= 1.0.5 +BuildRequires: pkgconfig(security-privilege-manager) Requires: perf Requires: gdb diff --git a/src/security-manager-tests/CMakeLists.txt b/src/security-manager-tests/CMakeLists.txt index 32776a7..6171e89 100644 --- a/src/security-manager-tests/CMakeLists.txt +++ b/src/security-manager-tests/CMakeLists.txt @@ -26,6 +26,7 @@ PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP cynara-client cynara-admin security-manager + security-privilege-manager libtzplatform-config sqlite3 libcap diff --git a/src/security-manager-tests/common/policy_configuration.cpp b/src/security-manager-tests/common/policy_configuration.cpp index 184017b..be7636d 100644 --- a/src/security-manager-tests/common/policy_configuration.cpp +++ b/src/security-manager-tests/common/policy_configuration.cpp @@ -102,6 +102,14 @@ PolicyConfiguration::GidVector PolicyConfiguration::groupToGid(const PolicyConfi return result; } +bool PolicyConfiguration::getIsAskuserEnabled() { +#ifdef ASKUSER_ENABLED + return true; +#else + return false; +#endif +} + PolicyConfiguration::UserDescription PolicyConfiguration::loadUserDescription(PolicyConfiguration::UserType userType) { UserDescription result; std::string path = getConfigFilePath(userType); diff --git a/src/security-manager-tests/common/policy_configuration.h b/src/security-manager-tests/common/policy_configuration.h index 0a7af24..6062e73 100644 --- a/src/security-manager-tests/common/policy_configuration.h +++ b/src/security-manager-tests/common/policy_configuration.h @@ -49,6 +49,8 @@ public: UserDescription& getUserDescription(UserType userType); gid_t groupToGid(const std::string &gname); +static bool getIsAskuserEnabled(); + private: GidVector groupToGid(const GroupVector &groupVector); UserDescription loadUserDescription(UserType userType); diff --git a/src/security-manager-tests/test_cases_privacy_manager.cpp b/src/security-manager-tests/test_cases_privacy_manager.cpp index 0c1d494..7d81a2f 100644 --- a/src/security-manager-tests/test_cases_privacy_manager.cpp +++ b/src/security-manager-tests/test_cases_privacy_manager.cpp @@ -29,7 +29,10 @@ #include #include #include +#include +#include #include +#include #include #include #include @@ -1229,3 +1232,156 @@ RUNNER_CHILD_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_sel RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size()); } } + +RUNNER_CHILD_TEST(security_manager_18_privacy_manager_privacy_related_privileges_policy_install_remove) +{ + TemporaryTestUser user("sm_test_18_username", GUM_USERTYPE_NORMAL); + user.create(); + + AppInstallHelper helper("sm_test_18", + user.getUid()); + helper.addPrivileges({ + "http://tizen.org/privilege/telephony", + "http://tizen.org/privilege/led", + "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here + "http://tizen.org/privilege/account.read", + "http://tizen.org/privilege/healthinfo" + }); + + PolicyEntry filter (helper.getAppId(), user.getUidString(), SECURITY_MANAGER_ANY); + std::vector policyEntries; + + { + ScopedInstaller installer(helper); + unsigned int privacyNum = 0; + for (auto &priv : helper.getPrivileges()) { + if (1 == privilege_info_is_privacy(priv.c_str())) + ++privacyNum; + }; + + Api::getPolicy(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() == helper.getPrivileges().size(), + "Number of policy entries doesn't match; should be " << helper.getPrivileges().size() << " but is " << policyEntries.size()); + + if (PolicyConfiguration::getIsAskuserEnabled() ) { + unsigned int privacyActNum = 0; + for (auto &entry : policyEntries) + if (1 == privilege_info_is_privacy(entry.getPrivilege().c_str())) { + RUNNER_ASSERT_MSG(entry.getCurrentLevel() == "Ask user", "Invalid policy setup; policy should be \"Ask user\" but is " << entry.getCurrentLevel()); + ++privacyActNum; + } + RUNNER_ASSERT_MSG(privacyActNum == privacyNum, "Should be " << privacyNum << " privacy privileges, but is " << privacyActNum); + } + } + + policyEntries.clear(); + + Api::getPolicy(filter, policyEntries); + + RUNNER_ASSERT_MSG(policyEntries.size() == 0, "After deinstallation, policy entries size should be 0, but is: " << policyEntries.size()); +} + +RUNNER_CHILD_TEST(security_manager_19_privacy_manager_privacy_related_privileges_policy_hybrid) +{ + TemporaryTestUser user("sm_test_19_username", GUM_USERTYPE_NORMAL); + user.create(); + + AppInstallHelper helper1("sm_test_19_app_id_1", + "sm_test_19_pkg_id", + true, + user.getUid(), + "3.0", + true); // hybrid package + + helper1.addPrivileges({ + "http://tizen.org/privilege/telephony", + "http://tizen.org/privilege/led", + "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here + "http://tizen.org/privilege/account.read", + "http://tizen.org/privilege/healthinfo" + }); + + AppInstallHelper helper2("sm_test_19_app_id_2", + "sm_test_19_pkg_id", + true, + user.getUid(), + "3.0", + true); // hybrid package + + helper2.addPrivileges({ + "http://tizen.org/privilege/telephony", + "http://tizen.org/privilege/led", + "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here + }); + + std::vector policyEntries; + + PolicyEntry filter(SECURITY_MANAGER_ANY, user.getUidString(), SECURITY_MANAGER_ANY); + { + ScopedInstaller installer1(helper1); + ScopedInstaller installer2(helper2); + + unsigned int privacyNum1 = 0, privacyNum2 = 0; + + for (auto &priv : helper1.getPrivileges()) { + if (1 == privilege_info_is_privacy(priv.c_str())) + ++privacyNum1; + }; + + for (auto &priv : helper2.getPrivileges()) { + if (1 == privilege_info_is_privacy(priv.c_str())) + ++privacyNum2; + }; + + Api::getPolicy(filter, policyEntries); + + if (PolicyConfiguration::getIsAskuserEnabled() ) { + unsigned int privacyAct1 = 0, privacyAct2 = 0; + for (auto &entry : policyEntries) { + RUNNER_ASSERT_MSG(entry.getAppId() == helper1.getAppId() || entry.getAppId() == helper2.getAppId(), + "Invalid appId: should be either " << helper1.getAppId() << " or " << helper2.getAppId() << " but is " << entry.getAppId()); + if (1 == privilege_info_is_privacy(entry.getPrivilege().c_str())) { + RUNNER_ASSERT_MSG(entry.getCurrentLevel() == "Ask user", + "Invalid policy setup; policy should be \"Ask user\" but is " << entry.getCurrentLevel()); + if (entry.getAppId() == helper1.getAppId()) + ++privacyAct1; + else + ++privacyAct2; + } + } + RUNNER_ASSERT_MSG(privacyNum1 == privacyAct1, "Should be " << privacyNum1 << " privacy privileges, but is " << privacyAct1); + RUNNER_ASSERT_MSG(privacyNum2 == privacyAct2, "Should be " << privacyNum2 << " privacy privileges, but is " << privacyAct2); + } + } +} + +RUNNER_CHILD_TEST(security_manager_20_privacy_manager_privacy_related_privielges_policy_admin_check) +{ + TemporaryTestUser user("sm_test_20_username", GUM_USERTYPE_NORMAL); + user.create(); + + AppInstallHelper helper("sm_test_20", + user.getUid()); + + helper.addPrivileges({ + "http://tizen.org/privilege/telephony", + "http://tizen.org/privilege/led", + "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here + "http://tizen.org/privilege/account.read", + "http://tizen.org/privilege/healthinfo" + }); + + ScopedInstaller installer(helper); + + if (PolicyConfiguration::getIsAskuserEnabled() ) { + CynaraTestAdmin::Admin admin; + int policyType = 0; + admin.getPolicyTypeForDescription("Ask user", policyType); + for (auto &priv : helper.getPrivileges()) { + if (1 == privilege_info_is_privacy(priv.c_str())) { + admin.adminCheck("", true, helper.generateAppLabel().c_str(), user.getUidString().c_str(), priv.c_str(), policyType, nullptr); + } + } + } +} -- 2.7.4