#include <dpl/test/test_runner.h>
#include <tests_common.h>
-#include <dbus_access.h>
-
+#include <ckm-common.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
const char* const ENABLED = "Enabled";
const char* const ENFORCING = "Enforcing";
const char* const DISABLED = "Disabled";
+const char* const READY = "Ready";
+const char* const UNSET = "Unset"; // Meaningless value for unset.
+const char* const USER_LABEL = "User";
const char* const CKM_LOCK = "/var/run/key-manager.pid";
-const char* SERVICE[] = {
- "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2dlistener_2eservice",
- "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2eservice" };
-
-enum ServiceIdx {
- LISTENER,
- MANAGER
-};
-// disable CC
-int _unset_mdpp_key = vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
// Wrapper for mdpp state that restores the original value upon destruction
class MdppState
MdppState::MdppState()
{
+ ScopedLabel sl(USER_LABEL);
m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
}
MdppState::~MdppState()
{
+ ScopedLabel sl(USER_LABEL);
if (!m_original)
- vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
+ vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
else {
vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
- free(m_original);
}
}
void MdppState::set(const char* const value)
{
+ ScopedLabel sl(USER_LABEL);
if (value)
- RUNNER_ASSERT_MSG(0 == vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value),
- "vconf_set() failed");
+ {
+ int ret = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value);
+ RUNNER_ASSERT_MSG(0 == ret,
+ "vconf_set() failed, ec: " << ret);
+ }
else
- vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
-}
-
-void start_service(ServiceIdx idx)
-{
- DBusAccess dbus(SERVICE[idx]);
- dbus.start();
-}
-
-void stop_service(ServiceIdx idx)
-{
- DBusAccess dbus(SERVICE[idx]);
- dbus.stop();
+ vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
}
void remove_user_data()
void read_keys(int expected)
{
+// if mdpp is disabled at compilation time we expect that read_key always succeeds
+#ifndef DSECURITY_MDFPP_STATE_ENABLE
+ expected = CKM_API_SUCCESS;
+#endif
auto manager = Manager::create();
read_key(manager, rsa_pri_alias, expected);
mdpp.set(DISABLED);
update_cc_mode();
+ mdpp.set(READY);
+ update_cc_mode();
+
mdpp.set("whatever");
update_cc_mode();
}
mdpp.set(DISABLED);
update_cc_mode();
- read_keys(CKM_API_SUCCESS);
+ // MJK, it's counter-intuitive: Disabled does not mean
+ // that CC mode is disabled, but that device
+ // self-test failed "device DISABLED"
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
mdpp.set("whatever");
update_cc_mode();
update_cc_mode();
read_keys(CKM_API_ERROR_BAD_REQUEST);
- mdpp.set(DISABLED);
+ mdpp.set(READY);
+ update_cc_mode();
+ read_keys(CKM_API_SUCCESS);
+
+ mdpp.set("whatever");
update_cc_mode();
read_keys(CKM_API_SUCCESS);
+
+ mdpp.set(DISABLED);
+ update_cc_mode();
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
}
// when listener is started with mdpp key unset it should not update mdpp status in ckm
remove_user_data();
save_keys();
- read_keys(CKM_API_SUCCESS);
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
mdpp.set("whatever");
usleep(SLEEP); // give some time for notification to reach ckm
mdpp.set(DISABLED);
usleep(SLEEP); // give some time for notification to reach ckm
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+
+ mdpp.set(READY);
+ usleep(SLEEP); // give some time for notification to reach ckm
read_keys(CKM_API_SUCCESS);
mdpp.set(ENFORCING);
remove_user_data();
save_keys();
- read_keys(CKM_API_SUCCESS);
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
}
// run ckm manually and see if it properly loads mdpp setting
}
// run ckm manually and see if it properly loads mdpp setting
+RUNNER_TEST(TCC_0075_manualCkmReady)
+{
+ restart_ckm(READY);
+
+ remove_user_data();
+ save_keys();
+ read_keys(CKM_API_SUCCESS);
+}
+
+// run ckm manually and see if it properly loads mdpp setting
RUNNER_TEST(TCC_0080_manualCkmWhatever)
{
restart_ckm("whatever");
projects / platform / core / test / security-tests.git / blobdiff