2 * Copyright (c) 2000 - 2015 Samsung Electronics Co.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
20 #include <dpl/test/test_runner.h>
21 #include <dpl/test/test_runner_child.h>
22 #include <tests_common.h>
23 #include <ckm-common.h>
24 #include <ckm/ckm-control.h>
25 #include <ckmc/ckmc-manager.h>
26 #include <ckmc/ckmc-type.h>
27 #include <access_provider2.h>
29 #include <sys/types.h>
33 const uid_t USER_SERVICE = 0;
34 const uid_t USER_SERVICE_2 = 1234;
35 const uid_t GROUP_SERVICE_2 = 1234;
36 const uid_t USER_SERVICE_MAX = 4999;
37 const uid_t GROUP_SERVICE_MAX = 4999;
38 const uid_t USER_SERVICE_FAIL = 5000;
39 const uid_t GROUP_SERVICE_FAIL = 5000;
40 const uid_t USER_APP = 5050;
41 const uid_t GROUP_APP = 5050;
42 const char* APP_PASS = "user-pass";
44 const char* TEST_ALIAS = "test-alias";
45 const char* SYSTEM_LABEL = "/";
46 const char* TEST_SYSTEM_ALIAS = "/ test-alias";
47 const char* TEST_SYSTEM_ALIAS_2 = "/ test-alias-2";
48 const char* TEST_LABEL = "test-label";
49 const char* TEST_LABEL_2 = "test-label-2";
51 const char* TEST_DATA =
52 "Lorem Ipsum. At vero eos et accusamus et iusto odio dignissimos ducimus "
53 "qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores "
54 "et quas molestias excepturi sint occaecati cupiditate non provident, "
55 "similique sunt in culpa qui officia deserunt mollitia animi, id est "
56 "laborum et dolorum fuga. ";
60 RUNNER_TEST_GROUP_INIT(T50_SYSTEM_DB);
62 RUNNER_TEST(T5010_CLIENT_APP_LOCKED_PRIVATE_DB)
64 RUNNER_IGNORED_MSG("This test is turn off because fix "
65 "from tizen 2.4 that unlock db with empty password");
67 // start as system service
68 // add resource to the system DB
69 // add permission to the resource to a user app
71 // switch to user app, leave DB locked
72 // try to access system DB item - expect success
75 remove_user_data(USER_APP);
77 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
78 allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
82 ScopedAccessProvider ap(TEST_LABEL);
83 ap.allowAPI("key-manager::api-storage", "rw");
84 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
86 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
90 RUNNER_TEST(T5020_CLIENT_APP_ADD_TO_PRIVATE_DB)
93 // switch to user app, unlock DB
94 // when accessing private DB - owner==me
95 // try to write to private DB - expect success
96 // try to get item from private DB - expect success
100 remove_user_data(USER_APP);
101 ScopedDBUnlock unlock(USER_APP, APP_PASS);
102 ScopedAccessProvider ap(TEST_LABEL);
103 ap.allowAPI("key-manager::api-storage", "rw");
104 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
106 ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
107 check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
111 RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION)
114 // start as system service
115 // add resource to the system DB
116 // add permission to the resource to a user app
118 // switch to user app, unlock DB
119 // try to access the system item - expect success
122 remove_user_data(USER_APP);
124 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
125 allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
129 ScopedDBUnlock unlock(USER_APP, APP_PASS);
130 ScopedAccessProvider ap(TEST_LABEL);
131 ap.allowAPI("key-manager::api-storage", "rw");
132 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
134 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
138 RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION)
141 // start as system service
142 // add resource to the system DB
144 // switch to user app, unlock DB
145 // try to access the system item - expect fail
148 remove_user_data(USER_APP);
150 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
154 ScopedDBUnlock unlock(USER_APP, APP_PASS);
155 ScopedAccessProvider ap(TEST_LABEL);
156 ap.allowAPI("key-manager::api-storage", "rw");
157 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
159 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
163 RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL)
166 // start as system service
167 // add resource to the system DB
168 // add permission to the resource to a user app
170 // switch to user app, unlock DB
171 // try to access the system item - expect success
173 // as system service, remove the item (expecting to remove permission)
174 // add item again, do not add permission
176 // switch to user app, unlock DB
177 // try to access the system item - expect fail
180 remove_user_data(USER_APP);
182 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
183 allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
187 ScopedDBUnlock unlock(USER_APP, APP_PASS);
188 ScopedAccessProvider ap(TEST_LABEL);
189 ap.allowAPI("key-manager::api-storage", "rw");
190 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
192 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
196 check_remove_allowed(TEST_SYSTEM_ALIAS);
200 ScopedDBUnlock unlock(USER_APP, APP_PASS);
201 ScopedAccessProvider ap(TEST_LABEL);
202 ap.allowAPI("key-manager::api-storage", "rw");
203 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
205 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
209 RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS)
212 // switch to user app, unlock DB
213 // try to write to private DB - expect success
214 // try to write to system DB - expect fail
218 remove_user_data(USER_APP);
219 ScopedDBUnlock unlock(USER_APP, APP_PASS);
220 ScopedAccessProvider ap(TEST_LABEL);
221 ap.allowAPI("key-manager::api-storage", "rw");
222 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
224 ScopedSaveData ssdsystem_user(TEST_ALIAS, TEST_DATA);
225 ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS, TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
226 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
230 RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM)
233 // start as system service
234 // add resource to the system DB
235 // add permission to the resource to a user app
237 // switch to user app, unlock DB
238 // try to remove item from system DB - expect fail
241 remove_user_data(USER_APP);
243 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
244 allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
248 ScopedAccessProvider ap(TEST_LABEL);
249 ap.allowAPI("key-manager::api-storage", "rw");
250 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
251 ScopedDBUnlock unlock(USER_APP, APP_PASS);
253 check_remove_denied(TEST_SYSTEM_ALIAS);
257 RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS)
260 // start as system service
261 // add data A to the system DB
262 // add data B to the system DB
263 // add permission to data A to a user app
265 // system service list items - expect both items to appear
267 // switch to user app, unlock DB
269 // user lists items - expect system item A and private item
272 remove_user_data(USER_APP);
274 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
275 gc.save(TEST_SYSTEM_ALIAS_2, TEST_DATA);
276 allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
279 check_alias_list({TEST_SYSTEM_ALIAS, TEST_SYSTEM_ALIAS_2});
283 ScopedDBUnlock unlock(USER_APP, APP_PASS);
284 ScopedAccessProvider ap(TEST_LABEL);
285 ap.allowAPI("key-manager::api-storage", "rw");
286 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
287 ScopedSaveData user_data(TEST_ALIAS, TEST_DATA);
289 check_alias_list({TEST_SYSTEM_ALIAS,
290 aliasWithLabel(TEST_LABEL, TEST_ALIAS)});
294 RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB)
297 // switch to user app, unlock DB
298 // try to generate a key in system DB - expect fail
302 remove_user_data(USER_APP);
303 ScopedDBUnlock unlock(USER_APP, APP_PASS);
304 ScopedAccessProvider ap(TEST_LABEL);
305 ap.allowAPI("key-manager::api-storage", "rw");
306 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
308 const char *private_key_alias = "/ sys-db-priv";
309 const char *public_key_alias = "/ sys-db-pub";
310 ckmc_policy_s policy_private_key;
311 ckmc_policy_s policy_public_key;
312 policy_private_key.password = NULL;
313 policy_private_key.extractable = 1;
314 policy_public_key.password = NULL;
315 policy_public_key.extractable = 1;
318 CKMC_ERROR_PERMISSION_DENIED ==
319 (temp = ckmc_create_key_pair_rsa(1024,
324 CKMCReadableError(temp));
328 RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB)
331 // start as system service
332 // generate RSA key in system DB
334 // try to create and verify signature in system DB - expect success
336 // switch to user app, unlock DB
337 // try to create signature in system DB - expect fail
340 remove_user_data(USER_APP);
342 const char *private_key_alias = "/ sys-db-priv";
343 const char *public_key_alias = "/ sys-db-pub";
344 gc.add(private_key_alias);
345 gc.add(public_key_alias);
346 ckmc_policy_s policy_private_key;
347 ckmc_policy_s policy_public_key;
348 policy_private_key.password = NULL;
349 policy_private_key.extractable = 1;
350 policy_public_key.password = NULL;
351 policy_public_key.extractable = 1;
355 (temp = ckmc_create_key_pair_rsa(1024,
360 CKMCReadableError(temp));
364 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
365 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
366 ckmc_raw_buffer_s *signature;
367 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
370 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
377 CKMCReadableError(temp));
380 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
387 CKMCReadableError(temp));
392 ScopedDBUnlock unlock(USER_APP, APP_PASS);
393 ScopedAccessProvider ap(TEST_LABEL);
394 ap.allowAPI("key-manager::api-storage", "rw");
395 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
397 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
398 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
399 ckmc_raw_buffer_s *signature;
400 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
403 CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_create_signature(
410 CKMCReadableError(temp));
414 RUNNER_TEST(T5039_SYSTEM_APP_SET_REMOVE_ACCESS)
417 // start as system service
418 // add resource to the system DB
420 // add remove permission to a user app - expect fail
424 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
427 allow_access_negative(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER);
430 RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB)
433 // start as system service
434 // add resource to the system DB
436 // try to access the item - expect success
440 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
443 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
446 RUNNER_TEST(T5041_SYSTEM_SVC_1234_ACCESS_DB)
449 // start as system service
450 // add resource to the system DB
452 // switch to another system service
453 // try to access the item - expect success
457 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
461 ScopedAccessProvider ap(TEST_LABEL_2);
462 ap.allowAPI("key-manager::api-storage", "rw");
463 ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2);
465 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
469 RUNNER_TEST(T5042_SYSTEM_SVC_1234_ADD_ITEM_TO_DB)
472 // start as system service 1234
473 // add resource to the system DB
475 // switch to another system service
476 // try to access the item - expect success
480 ScopedAccessProvider ap(TEST_LABEL_2);
481 ap.allowAPI("key-manager::api-storage", "rw");
482 ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2);
485 ScopedSaveData ssd(TEST_SYSTEM_ALIAS, TEST_DATA);
486 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
490 RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB)
493 // start as system service
494 // add resource to the system DB
496 // switch to system service having uid maximum for system svcs
497 // try to access the item - expect success
501 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
505 ScopedAccessProvider ap(TEST_LABEL_2);
506 ap.allowAPI("key-manager::api-storage", "rw");
507 ap.applyAndSwithToUser(USER_SERVICE_MAX, GROUP_SERVICE_MAX);
509 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
513 RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB)
515 RUNNER_IGNORED_MSG("This test is turn off because fix "
516 "from tizen 2.4 that unlock db with empty password");
518 // start as system service
519 // add resource to the system DB
521 // switch to another, faulty system service with user-land uid==5000
522 // try to access the item - expect fail (no system service)
526 gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
530 ScopedAccessProvider ap(TEST_LABEL_2);
531 ap.allowAPI("key-manager::api-storage", "rw");
532 ap.applyAndSwithToUser(USER_SERVICE_FAIL, GROUP_SERVICE_FAIL);
534 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);