4 #include <dpl/test/test_runner.h>
5 #include <dpl/test/test_runner_child.h>
7 #include <tests_common.h>
8 #include <ckm-common.h>
9 #include <access_provider2.h>
11 #include <ckmc/ckmc-manager.h>
12 #include <ckmc/ckmc-control.h>
13 #include <ckmc/ckmc-type.h>
14 #include <ckmc/ckmc-error.h>
16 #include <ckm/ckm-type.h>
20 const uid_t USER_ROOT = 0;
21 const char* APP_PASS = "user-pass";
22 const char* ROOT_PASS = "test-pass";
24 const char* NO_ALIAS = "definitely-non-existent-alias";
25 const char* NO_OWNER = "definitely-non-existent-owner";
27 const char* TEST_ALIAS = "test-alias";
28 const char* TEST_ALIAS2 = "test-alias2";
29 const char* TEST_ALIAS3 = "test-alias3";
31 const char* TEST_LABEL = "test-label";
32 const char* TEST_LABEL2 = "test-label2";
34 const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
36 void save_data(const char* alias)
38 ckmc_raw_buffer_s buffer;
39 buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(TEST_DATA));
40 buffer.size = strlen(TEST_DATA);
42 policy.password = NULL;
43 policy.extractable = true;
45 int ret = ckmc_save_data(alias, buffer, policy);
46 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Saving data failed. Error: " << ret);
49 void check_remove_allowed(const char* alias)
51 int ret = ckmc_remove_data(alias);
52 // remove, but ignore non existing
53 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret || CKMC_ERROR_DB_ALIAS_UNKNOWN,
54 "Removing data failed: " << ret);
57 void check_remove_denied(const char* alias)
59 int ret = ckmc_remove_data(alias);
61 CKMC_ERROR_PERMISSION_DENIED == ret,
62 "App with different label shouldn't have rights to remove this data. Error: " << ret);
65 void check_read_allowed(const char* alias)
67 // try to read previously saved data
68 ckmc_raw_buffer_s* buffer = NULL;
69 int ret = ckmc_get_data(alias, NULL, &buffer);
70 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Getting data failed. Error: " << ret);
72 // compare data with expected
74 buffer->size == strlen(TEST_DATA),
75 "Extracted data length do not match expected data length (encrypted?).");
78 memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)), TEST_DATA, buffer->size) == 0,
79 "Extracted data do not match expected data (encrypted?).");
80 ckmc_buffer_free(buffer);
83 void check_read_denied(const char* alias)
85 // try to read previously saved data
86 ckmc_raw_buffer_s* buffer = NULL;
87 int ret = ckmc_get_data(alias, NULL, &buffer);
88 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
89 "App with different label shouldn't have rights to read this data. Error: "
91 ckmc_buffer_free(buffer);
94 void allow_access(const char* alias, const char* accessor, ckmc_access_right_e rights)
96 // data removal should revoke this access
97 int ret = ckmc_allow_access(alias, accessor, rights);
98 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret);
101 void deny_access(const char* alias, const char* accessor)
103 int ret = ckmc_deny_access(alias, accessor);
104 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << ret);
107 void allow_access_by_adm(const char* alias, const char* accessor, ckmc_access_right_e rights)
109 // data removal should revoke this access
110 CharPtr label = get_label();
111 int ret = ckmc_allow_access_by_adm(USER_ROOT, label.get(), alias, accessor, rights);
112 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret);
115 void deny_access_by_adm(const char* alias, const char* accessor)
117 CharPtr label = get_label();
118 int ret = ckmc_deny_access_by_adm(USER_ROOT, label.get(), alias, accessor);
119 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << ret);
124 ckmc_alias_list_s *aliasList = NULL;
125 int ret = ckmc_get_data_alias_list(&aliasList);
126 if (ret == CKMC_ERROR_DB_ALIAS_UNKNOWN)
129 RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. Error: " << ret);
131 ckmc_alias_list_s *plist = aliasList;
138 ckmc_alias_list_all_free(aliasList);
142 void check_alias_count(int expected)
144 int count = count_aliases();
145 RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
148 // saves data upon construction and deletes it upon destruction
152 ScopedSaveData(const char* alias) : m_alias(alias)
160 * Let it throw. If we can't remove data then remaining tests results will be
163 check_remove_allowed(m_alias);
169 } // namespace anonymous
171 RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API);
174 /////////////////////////////////////////////////////////////////////////////
176 RUNNER_TEST(T3000_init)
179 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)),
181 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)),
183 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)),
185 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)),
190 // invalid arguments check
191 RUNNER_TEST(T3001_manager_allow_access_invalid)
194 CKMC_ERROR_INVALID_PARAMETER == ckmc_allow_access(NULL, "accessor", CKMC_AR_READ));
196 CKMC_ERROR_INVALID_PARAMETER == ckmc_allow_access("alias", NULL, CKMC_AR_READ));
199 // invalid arguments check
200 RUNNER_TEST(T3002_manager_deny_access_invalid)
202 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access(NULL, "accessor"));
203 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access("alias", NULL));
206 // tries to allow access for non existing alias
207 RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
209 switch_to_storage_user(TEST_LABEL);
211 int ret = ckmc_allow_access(NO_ALIAS, "label", CKMC_AR_READ);
212 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
213 "Allowing access for non existing alias returned " << ret);
216 // tries to deny access for non existing alias
217 RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
219 switch_to_storage_user(TEST_LABEL);
221 int ret = ckmc_deny_access(NO_ALIAS, "label");
222 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
223 "Denying access for non existing alias returned " << ret);
226 // tries to deny access that does not exist in database
227 RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
229 switch_to_storage_user(TEST_LABEL);
231 ScopedSaveData ssd(TEST_ALIAS);
233 // deny non existing access to existing alias
234 int ret = ckmc_deny_access(TEST_ALIAS, "label");
235 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
236 "Denying non existing access returned: " << ret);
239 // tries to allow access to application own data
240 RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
242 switch_to_storage_user(TEST_LABEL);
244 ScopedSaveData ssd(TEST_ALIAS);
246 CharPtr label = get_label();
247 int ret = ckmc_allow_access(TEST_ALIAS, label.get(), CKMC_AR_READ);
248 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
249 "Trying to allow myself returned: " << ret);
252 // tries to access other application data without permission
253 RUNNER_TEST(T3020_manager_access_not_allowed)
255 ScopedSaveData ssd(TEST_ALIAS);
257 ScopedLabel sl(TEST_LABEL2);
259 check_read_denied(TEST_ALIAS);
261 check_remove_denied(TEST_ALIAS);
265 // tries to access other application data with permission
266 RUNNER_TEST(T3021_manager_access_allowed)
268 ScopedSaveData ssd(TEST_ALIAS);
270 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
272 ScopedLabel sl(TEST_LABEL2);
274 check_read_allowed(TEST_ALIAS);
278 // tries to read other application data with permission for read/remove
279 RUNNER_TEST(T3022_manager_access_allowed_with_remove)
281 ScopedSaveData ssd(TEST_ALIAS);
283 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
285 ScopedLabel sl(TEST_LABEL2);
287 check_read_allowed(TEST_ALIAS);
291 // tries to remove other application data with permission for reading only
292 RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
294 ScopedSaveData ssd(TEST_ALIAS);
296 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
298 ScopedLabel sl(TEST_LABEL2);
300 check_remove_denied(TEST_ALIAS);
302 check_read_allowed(TEST_ALIAS);
306 // tries to remove other application data with permission
307 RUNNER_TEST(T3025_manager_remove_allowed)
309 ScopedSaveData ssd(TEST_ALIAS);
311 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
313 ScopedLabel sl(TEST_LABEL2);
315 check_remove_allowed(TEST_ALIAS);
319 // tries to access other application data after allow funciton was called twice with different
321 RUNNER_TEST(T3026_manager_double_allow)
323 ScopedSaveData ssd(TEST_ALIAS);
325 // access should be overwritten
326 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
327 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
329 ScopedLabel sl(TEST_LABEL2);
331 check_remove_denied(TEST_ALIAS);
333 check_read_allowed(TEST_ALIAS);
337 // tries to access application data with permission and after permission has been revoked
338 RUNNER_TEST(T3027_manager_allow_deny)
340 ScopedSaveData ssd(TEST_ALIAS);
342 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
344 ScopedLabel sl(TEST_LABEL2);
346 check_remove_denied(TEST_ALIAS);
348 check_read_allowed(TEST_ALIAS);
351 deny_access(TEST_ALIAS, TEST_LABEL2);
353 ScopedLabel sl(TEST_LABEL2);
355 check_remove_denied(TEST_ALIAS);
357 check_read_denied(TEST_ALIAS);
362 // checks if only aliases readable by given app are returned
363 RUNNER_TEST(T3030_manager_get_all_aliases)
365 ScopedSaveData ssd1(TEST_ALIAS);
366 ScopedSaveData ssd2(TEST_ALIAS2);
368 int count = count_aliases();
370 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
372 ScopedLabel sl(TEST_LABEL2);
374 // check that app can access other aliases when it has permission
375 check_alias_count(count - 1);
377 ScopedSaveData ssd3(TEST_ALIAS3);
379 // check that app can access its own aliases
380 check_alias_count(count - 1 + 1);
383 deny_access(TEST_ALIAS, TEST_LABEL2);
385 ScopedLabel sl(TEST_LABEL2);
387 // check that app can't access other aliases for which permission has been revoked
388 check_alias_count(count - 2);
392 /////////////////////////////////////////////////////////////////////////////
395 // invalid argument check
396 RUNNER_TEST(T3101_control_allow_access_invalid)
399 ret = ckmc_allow_access_by_adm(USER_ROOT, NULL, "alias", "accessor", CKMC_AR_READ);
400 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
401 ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", NULL, "accessor", CKMC_AR_READ);
402 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
403 ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", "alias", NULL, CKMC_AR_READ);
404 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
407 // invalid argument check
408 RUNNER_TEST(T3102_control_deny_access_invalid)
410 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
411 ckmc_deny_access_by_adm(USER_ROOT, NULL, "alias", "accessor"));
412 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
413 ckmc_deny_access_by_adm(USER_ROOT, "owner", NULL, "accessor"));
414 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
415 ckmc_deny_access_by_adm(USER_ROOT, "owner", "alias", NULL));
418 // tries to allow access for non existing alias
419 RUNNER_TEST(T3103_control_allow_access_non_existing)
421 int ret = ckmc_allow_access_by_adm(USER_ROOT, NO_OWNER, NO_ALIAS, "label", CKMC_AR_READ);
422 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
423 "Allowing access for non existing alias returned " << ret);
426 // tries to deny access for non existing alias
427 RUNNER_TEST(T3104_control_deny_access_non_existing)
429 int ret = ckmc_deny_access_by_adm(USER_ROOT, NO_OWNER, NO_ALIAS, "label");
430 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
431 "Denying access for non existing alias returned " << ret);
434 // tries to deny non existing access
435 RUNNER_TEST(T3105_control_deny_access_non_existing_access)
437 ScopedSaveData ssd(TEST_ALIAS);
439 CharPtr label = get_label();
441 // deny non existing access to existing alias
442 int ret = ckmc_deny_access_by_adm(USER_ROOT, label.get(), TEST_ALIAS, "label");
443 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
444 "Denying non existing access returned: " << ret);
447 // tries to allow application to access its own data
448 RUNNER_TEST(T3106_control_allow_access_to_myself)
450 ScopedSaveData ssd(TEST_ALIAS);
452 CharPtr label = get_label();
453 int ret = ckmc_allow_access(TEST_ALIAS, label.get(), CKMC_AR_READ);
454 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
455 "Trying to allow myself returned: " << ret);
458 // tries to use admin API as a user
459 RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
461 switch_to_storage_user(TEST_LABEL);
462 int ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", "alias", "accessor", CKMC_AR_READ);
463 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
464 "Ordinary user should not be able to use control API. Error " << ret);
467 // tries to use admin API as a user
468 RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
470 switch_to_storage_user(TEST_LABEL);
471 int ret = ckmc_deny_access_by_adm(USER_ROOT, "owner", "alias", "accessor");
472 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
473 "Ordinary user should not be able to use control API. Error " << ret);
476 // tries to read other application data with permission
477 RUNNER_TEST(T3121_control_access_allowed)
479 ScopedSaveData ssd(TEST_ALIAS);
481 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
483 ScopedLabel sl(TEST_LABEL2);
485 check_read_allowed(TEST_ALIAS);
489 // tries to read other application data with permission to read/remove
490 RUNNER_TEST(T3122_control_access_allowed_with_remove)
492 ScopedSaveData ssd(TEST_ALIAS);
494 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
496 ScopedLabel sl(TEST_LABEL2);
498 check_read_allowed(TEST_ALIAS);
502 // tries to remove other application data with permission to read
503 RUNNER_TEST(T3122_control_access_allowed_remove_denied)
505 ScopedSaveData ssd(TEST_ALIAS);
507 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
509 ScopedLabel sl(TEST_LABEL2);
511 check_remove_denied(TEST_ALIAS);
515 // tries to remove other application data with permission
516 RUNNER_TEST(T3125_control_remove_allowed)
518 ScopedSaveData ssd(TEST_ALIAS);
520 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
522 ScopedLabel sl(TEST_LABEL2);
524 check_remove_allowed(TEST_ALIAS);
528 // tries to access other application data after allow function has been called twice with different
530 RUNNER_TEST(T3126_control_double_allow)
532 ScopedSaveData ssd(TEST_ALIAS);
534 // access should be overwritten
535 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
536 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
538 ScopedLabel sl(TEST_LABEL2);
540 check_remove_denied(TEST_ALIAS);
542 check_read_allowed(TEST_ALIAS);
546 // tries to access other application data with permission and after permission has been revoked
547 RUNNER_TEST(T3127_control_allow_deny)
549 ScopedSaveData ssd(TEST_ALIAS);
551 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
553 ScopedLabel sl(TEST_LABEL2);
555 check_remove_denied(TEST_ALIAS);
557 check_read_allowed(TEST_ALIAS);
559 CharPtr label = get_label();
560 deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
562 ScopedLabel sl(TEST_LABEL2);
564 check_remove_denied(TEST_ALIAS);
566 check_read_denied(TEST_ALIAS);
570 // checks if only aliases readable by given app are returned
571 RUNNER_TEST(T3130_control_get_all_aliases)
573 ScopedSaveData ssd1(TEST_ALIAS);
574 ScopedSaveData ssd2(TEST_ALIAS2);
576 int count = count_aliases();
578 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
580 ScopedLabel sl(TEST_LABEL2);
582 // check that app can access other aliases when it has permission
583 check_alias_count(count - 1);
585 ScopedSaveData ssd3(TEST_ALIAS3);
587 // check that app can access its own aliases
588 check_alias_count(count - 1 + 1);
591 deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
593 ScopedLabel sl(TEST_LABEL2);
595 // check that app can't access other aliases for which permission has been revoked
596 check_alias_count(count - 2);
600 // tries to add access to data in a database of invalid user
601 RUNNER_TEST(T3140_control_allow_invalid_user)
603 ScopedSaveData ssd(TEST_ALIAS);
605 CharPtr label = get_label();
606 int ret = ckmc_allow_access_by_adm(
607 APP_UID, label.get(), TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
608 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
609 "Trying to allow access to invalid user returned: " << ret);
612 // tries to revoke access to data in a database of invalid user
613 RUNNER_TEST(T3141_control_deny_invalid_user)
615 ScopedSaveData ssd(TEST_ALIAS);
617 CharPtr label = get_label();
618 int ret = ckmc_deny_access_by_adm(APP_UID, label.get(), TEST_ALIAS, TEST_LABEL2);
619 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
620 "Trying to deny access to invalid user returned: " << ret);
624 RUNNER_TEST(T3999_deinit)
627 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)),
629 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)),
631 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)),
633 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)),