4 #include <dpl/test/test_runner.h>
5 #include <dpl/test/test_runner_child.h>
7 #include <tests_common.h>
8 #include <ckm-common.h>
9 #include <access_provider2.h>
11 #include <ckmc/ckmc-manager.h>
12 #include <ckmc/ckmc-control.h>
13 #include <ckmc/ckmc-type.h>
14 #include <ckmc/ckmc-error.h>
16 #include <ckm/ckm-type.h>
19 const int USER_ROOT = 0;
20 const int APP_1 = 6000;
21 const int GROUP_1 = 6000;
22 const int APP_2 = 6200;
23 const int GROUP_2 = 6200;
24 const char * const APP_PASS_1 = "app-pass-1";
25 const char * const APP_PASS_2 = "app-pass-2";
26 const char* APP_LABEL_1 = "APP_LABEL_1";
27 const char* APP_LABEL_2 = "APP_LABEL_2";
28 const char* APP_LABEL_3 = "APP_LABEL_3";
29 const char* APP_LABEL_4 = "APP_LABEL_4";
32 const char* NO_ALIAS = "definitely-non-existent-alias";
33 const char* NO_OWNER = "definitely-non-existent-owner";
35 const char* TEST_ALIAS = "test-alias";
36 const char* TEST_ALIAS2 = "test-alias2";
37 const char* TEST_ALIAS3 = "test-alias3";
39 const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
41 void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
43 int ret = ckmc_allow_access(alias, accessor, accessRights);
44 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
47 void allow_access_deprecated_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, ckmc_access_right_e accessRights)
49 // data removal should revoke this access
50 int ret = ckmc_allow_access_by_adm(uid, label, alias, accessor, accessRights);
51 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
54 void allow_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, int permissionMask)
56 // data removal should revoke this access
57 int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, permissionMask);
58 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
61 void deny_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor)
63 int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, CKMC_PERMISSION_NONE);
64 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret));
67 void check_alias_count(size_t expected)
69 size_t count = count_aliases(ALIAS_DATA);
70 RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
73 } // namespace anonymous
75 RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_USER_C_API);
78 /////////////////////////////////////////////////////////////////////////////
80 RUNNER_TEST(T3000_init)
82 reset_user_data(APP_1, APP_PASS_1);
83 reset_user_data(APP_2, APP_PASS_2);
86 // invalid arguments check
87 RUNNER_TEST(T3001_manager_allow_access_invalid)
89 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
92 CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
94 CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_READ));
97 // invalid arguments check
98 RUNNER_TEST(T3002_manager_deny_access_invalid)
100 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
102 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
103 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
106 // tries to allow access for non existing alias
107 RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
109 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
111 int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
112 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
113 "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
116 // tries to deny access for non existing alias
117 RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
119 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
121 int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
122 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
123 "Denying access for non existing alias returned " << CKMCErrorToString(ret));
126 // tries to deny access that does not exist in database
127 RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
129 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
131 ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
133 // deny non existing access to existing alias
134 int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
135 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
136 "Denying non existing access returned: " << CKMCErrorToString(ret));
139 // tries to allow access to application own data
140 RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
142 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
144 ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
146 CharPtr label = get_label();
147 int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
148 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
149 "Trying to allow myself returned: " << CKMCErrorToString(ret));
152 // verifies that alias can not contain forbidden characters
153 RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
155 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
157 ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
159 std::string test_alias_playground = std::string("AAA BBB CCC");
160 check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
162 // control: expect success
163 check_read(TEST_ALIAS, 0, TEST_DATA);
164 check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
167 // verifies that label can not contain forbidden characters
168 RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
170 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
172 ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
175 std::string APP_LABEL_1_playground = std::string("AAA BBB CCC");
176 check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
178 // insert part of the separator in the middle
179 APP_LABEL_1_playground = std::string(APP_LABEL_1);
180 APP_LABEL_1_playground.insert(APP_LABEL_1_playground.size()/2, ckmc_label_name_separator);
181 check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
184 APP_LABEL_1_playground = std::string(APP_LABEL_1);
185 APP_LABEL_1_playground.insert(0, ckmc_label_name_separator);
186 check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
189 APP_LABEL_1_playground = std::string(APP_LABEL_1);
190 APP_LABEL_1_playground.append(ckmc_label_name_separator);
191 check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
193 // control: expect success
194 check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
198 // tries to access other application data without permission
199 RUNNER_TEST(T3020_manager_access_not_allowed)
204 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
205 gc.save(TEST_ALIAS, TEST_DATA);
208 // test accessibility from another label
210 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
212 std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
213 check_read_not_visible(TEST_ALIAS_adr.c_str());
214 check_remove_not_visible(TEST_ALIAS_adr.c_str());
218 // tries to access other application data with permission
219 RUNNER_TEST(T3021_manager_access_allowed)
224 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
225 gc.save(TEST_ALIAS, TEST_DATA);
226 allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
229 // test accessibility from another label
231 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
232 check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
236 // tries to read other application data with permission for read/remove
237 RUNNER_TEST(T3022_manager_access_allowed_with_remove)
242 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
243 gc.save(TEST_ALIAS, TEST_DATA);
244 allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
247 // test accessibility from another label
249 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
250 check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
254 // tries to remove other application data with permission for reading only
255 RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
260 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
261 gc.save(TEST_ALIAS, TEST_DATA);
262 allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
265 // test accessibility from another label
267 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
268 std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
269 check_remove_denied(TEST_ALIAS_adr.c_str());
270 check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
274 // tries to remove other application data with permission
275 RUNNER_TEST(T3025_manager_remove_allowed)
280 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
281 gc.save(TEST_ALIAS, TEST_DATA);
282 allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
285 // test accessibility from another label
287 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
288 check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
292 // tries to access other application data after allow function was called twice with different
294 RUNNER_TEST(T3026_manager_double_allow)
299 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
300 gc.save(TEST_ALIAS, TEST_DATA);
302 // access should be overwritten
303 allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
304 allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
307 // test accessibility from another label
309 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
311 std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
312 check_remove_denied(TEST_ALIAS_adr.c_str());
313 check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
317 // tries to access application data with permission and after permission has been revoked
318 RUNNER_TEST(T3027_manager_allow_deny)
322 std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
324 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
325 gc.save(TEST_ALIAS, TEST_DATA);
327 allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
330 // test accessibility from another label
332 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
334 check_remove_denied(TEST_ALIAS_adr.c_str());
335 check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
340 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
342 deny_access(TEST_ALIAS, APP_LABEL_2);
345 // test accessibility from another label
347 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
349 check_remove_not_visible(TEST_ALIAS_adr.c_str());
350 check_read_not_visible(TEST_ALIAS_adr.c_str());
354 RUNNER_TEST(T3028_manager_access_by_label)
358 const char *additional_data = "label-2-data";
360 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
361 gc.save(TEST_ALIAS, TEST_DATA);
363 allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
368 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
369 save_data(TEST_ALIAS, additional_data);
371 allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
373 // test if accessing valid alias (of label2 domain)
374 check_read_allowed(TEST_ALIAS, additional_data);
377 // test accessibility to app 2 from app 1
379 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
381 // test if can access label2 alias from label1 domain - should succeed
382 check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data);
386 // tries to modify another label's permission
387 RUNNER_TEST(T3029_manager_access_modification_by_foreign_label)
392 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
393 gc.save(TEST_ALIAS, TEST_DATA);
395 allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
398 // test accessibility from another label
400 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
402 allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
403 deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
407 // checks if only aliases readable by given app are returned
408 RUNNER_TEST(T3030_manager_get_all_aliases)
414 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
415 gc.save(TEST_ALIAS, TEST_DATA);
416 gc.save(TEST_ALIAS2, TEST_DATA);
418 count = count_aliases(ALIAS_DATA);
419 allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
422 // test accessibility from another label
424 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
426 // check that app can access other aliases when it has permission
427 check_alias_count(count - 1);
429 ScopedSaveData ssd3(TEST_ALIAS3, TEST_DATA);
431 // check that app can access its own aliases
432 check_alias_count(count - 1 + 1);
437 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
438 deny_access(TEST_ALIAS, APP_LABEL_2);
441 // test accessibility from another label
443 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
445 // check that app can't access other aliases for which permission has been revoked
446 check_alias_count(count - 2);
450 // tries to access other application data with permission
451 RUNNER_TEST(T3031_manager_deprecated_access_allowed)
456 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
457 gc.save(TEST_ALIAS, TEST_DATA);
459 allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
462 // test accessibility from another label
464 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
466 check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
470 // tries to read other application data with permission for read/remove
471 RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove)
476 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
477 gc.save(TEST_ALIAS, TEST_DATA);
479 allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
482 // test accessibility from another label
484 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
486 check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
490 // tries to remove other application data with permission for reading only
491 RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied)
496 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
497 gc.save(TEST_ALIAS, TEST_DATA);
499 allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
502 // test accessibility from another label
504 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
506 std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
507 check_remove_denied(TEST_ALIAS_adr.c_str());
508 check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
512 // tries to remove other application data with permission
513 RUNNER_TEST(T3034_manager_deprecated_remove_allowed)
518 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
519 gc.save(TEST_ALIAS, TEST_DATA);
521 allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
524 // test accessibility from another label
526 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
528 check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
532 /////////////////////////////////////////////////////////////////////////////
535 RUNNER_TEST_GROUP_INIT (T310_CKMC_ACCESS_CONTROL_ROOT_C_API);
537 RUNNER_TEST(T3100_init)
539 reset_user_data(APP_1, APP_PASS_1);
540 reset_user_data(APP_2, APP_PASS_2);
543 // invalid argument check
544 RUNNER_TEST(T3101_control_allow_access_invalid)
549 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
550 gc.save(TEST_ALIAS, TEST_DATA);
554 ret = ckmc_set_permission_by_adm(APP_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ);
555 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
556 ret = ckmc_set_permission_by_adm(APP_1, "owner alias", NULL, CKMC_PERMISSION_READ);
557 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
560 std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
561 ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
562 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
565 // invalid argument check
566 RUNNER_TEST(T3102_control_deny_access_invalid)
571 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
572 gc.save(TEST_ALIAS, TEST_DATA);
575 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
576 ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(), "accessor", CKMC_PERMISSION_NONE));
577 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
578 ckmc_set_permission_by_adm(APP_1, aliasWithLabel("owner", TEST_ALIAS).c_str(), NULL, CKMC_PERMISSION_NONE));
581 std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
582 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
583 ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
586 // tries to allow access for non existing alias
587 RUNNER_TEST(T3103_control_allow_access_non_existing)
589 int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
590 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
591 "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
594 // tries to deny access for non existing alias
595 RUNNER_TEST(T3104_control_deny_access_non_existing)
597 int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
598 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
599 "Denying access for non existing alias returned " << CKMCErrorToString(ret));
602 // tries to deny non existing access
603 RUNNER_TEST(T3105_control_deny_access_non_existing_access)
608 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
609 gc.save(TEST_ALIAS, TEST_DATA);
612 int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
613 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
614 "Denying non existing access returned: " << CKMCErrorToString(ret));
617 // tries to allow application to access its own data
618 RUNNER_TEST(T3106_control_allow_access_to_myself)
622 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
623 gc.save(TEST_ALIAS, TEST_DATA);
626 int ret = ckmc_set_permission(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
627 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
628 "Trying to allow myself returned: " << CKMCErrorToString(ret));
631 // tries to use admin API as a user
632 RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
634 RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
638 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
639 gc.save(TEST_ALIAS, TEST_DATA);
642 int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ);
643 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
644 "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
647 // tries to use admin API as a user
648 RUNNER_CHILD_TEST(T3111_control_deny_access_as_user)
650 RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
654 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
655 gc.save(TEST_ALIAS, TEST_DATA);
658 int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
659 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
660 "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
663 // tries to read other application data with permission
664 RUNNER_TEST(T3121_control_access_allowed)
669 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
670 gc.save(TEST_ALIAS, TEST_DATA);
673 allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
675 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
677 check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
681 // tries to read other application data with permission to read/remove
682 RUNNER_TEST(T3122_control_access_allowed_with_remove)
687 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
688 gc.save(TEST_ALIAS, TEST_DATA);
691 allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
693 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
695 check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
699 // tries to remove other application data with permission to read
700 RUNNER_TEST(T3122_control_access_allowed_remove_denied)
705 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
706 gc.save(TEST_ALIAS, TEST_DATA);
709 allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
711 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
713 check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
717 // tries to remove other application data with permission
718 RUNNER_TEST(T3125_control_remove_allowed)
723 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
724 gc.save(TEST_ALIAS, TEST_DATA);
727 allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
729 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
731 check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
735 // tries to access other application data after allow function has been called twice with different
737 RUNNER_TEST(T3126_control_double_allow)
742 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
743 gc.save(TEST_ALIAS, TEST_DATA);
746 // access should be overwritten
747 allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
748 allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
750 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
752 std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
753 check_remove_denied(TEST_ALIAS_adr.c_str());
754 check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
758 // tries to access other application data with permission and after permission has been revoked
759 RUNNER_TEST(T3127_control_allow_deny)
764 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
765 gc.save(TEST_ALIAS, TEST_DATA);
768 std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
769 allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
771 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
773 check_remove_denied(TEST_ALIAS_adr.c_str());
774 check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
777 deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
779 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
781 check_remove_not_visible(TEST_ALIAS_adr.c_str());
782 check_read_not_visible(TEST_ALIAS_adr.c_str());
786 // checks if only aliases readable by given app are returned
787 RUNNER_TEST(T3130_control_get_all_aliases)
793 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
794 gc.save(TEST_ALIAS, TEST_DATA);
795 gc.save(TEST_ALIAS2, TEST_DATA);
797 count = count_aliases(ALIAS_DATA);
800 allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
802 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
804 // check that app can access other aliases when it has permission
805 check_alias_count(count - 1);
807 ScopedSaveData ssd(TEST_ALIAS3, TEST_DATA);
809 // check that app can access its own aliases
810 check_alias_count(count - 1 + 1);
813 deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
815 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
817 // check that app can't access other aliases for which permission has been revoked
818 check_alias_count(count - 2);
822 // tries to add access to data in a database of invalid user
823 RUNNER_TEST(T3140_control_allow_invalid_user)
828 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
829 gc.save(TEST_ALIAS, TEST_DATA);
832 int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
833 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
834 "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
837 // tries to revoke access to data in a database of invalid user
838 RUNNER_TEST(T3141_control_deny_invalid_user)
843 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
844 gc.save(TEST_ALIAS, TEST_DATA);
847 int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
848 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
849 "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
852 // tries to read other application data with permission
853 RUNNER_TEST(T3142_control_deprecated_access_allowed)
858 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
859 gc.save(TEST_ALIAS, TEST_DATA);
862 allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
864 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
866 check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
870 // tries to read other application data with permission to read/remove
871 RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove)
876 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
877 gc.save(TEST_ALIAS, TEST_DATA);
880 allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
882 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
884 check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
888 // tries to remove other application data with permission to read
889 RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied)
894 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
895 gc.save(TEST_ALIAS, TEST_DATA);
898 allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
900 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
902 check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
906 // tries to remove other application data with permission
907 RUNNER_TEST(T3145_control_deprecated_remove_allowed)
912 ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
913 gc.save(TEST_ALIAS, TEST_DATA);
916 allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
918 ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
920 check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());