const char* const ENABLED = "Enabled";
const char* const ENFORCING = "Enforcing";
const char* const DISABLED = "Disabled";
+const char* const READY = "Ready";
+const char* const UNSET = "Unset"; // Meaningless value for unset.
+const char* const USER_LABEL = "User";
const char* const CKM_LOCK = "/var/run/key-manager.pid";
-// disable CC
-int _unset_mdpp_key = vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
-
// Wrapper for mdpp state that restores the original value upon destruction
class MdppState
{
MdppState::MdppState()
{
+ ScopedLabel sl(USER_LABEL);
m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
}
MdppState::~MdppState()
{
+ ScopedLabel sl(USER_LABEL);
if (!m_original)
- vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
+ vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
else {
vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
- free(m_original);
}
}
void MdppState::set(const char* const value)
{
+ ScopedLabel sl(USER_LABEL);
if (value)
- RUNNER_ASSERT_MSG(0 == vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value),
- "vconf_set() failed");
+ {
+ int ret = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value);
+ RUNNER_ASSERT_MSG(0 == ret,
+ "vconf_set() failed, ec: " << ret);
+ }
else
- vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
+ vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
}
void remove_user_data()
void read_keys(int expected)
{
+// if mdpp is disabled at compilation time we expect that read_key always succeeds
+#ifndef DSECURITY_MDFPP_STATE_ENABLE
+ expected = CKM_API_SUCCESS;
+#endif
auto manager = Manager::create();
read_key(manager, rsa_pri_alias, expected);
mdpp.set(DISABLED);
update_cc_mode();
+ mdpp.set(READY);
+ update_cc_mode();
+
mdpp.set("whatever");
update_cc_mode();
}
update_cc_mode();
read_keys(CKM_API_ERROR_BAD_REQUEST);
+ mdpp.set(READY);
+ update_cc_mode();
+ read_keys(CKM_API_SUCCESS);
+
mdpp.set("whatever");
update_cc_mode();
read_keys(CKM_API_SUCCESS);
usleep(SLEEP); // give some time for notification to reach ckm
read_keys(CKM_API_ERROR_BAD_REQUEST);
+ mdpp.set(READY);
+ usleep(SLEEP); // give some time for notification to reach ckm
+ read_keys(CKM_API_SUCCESS);
+
mdpp.set(ENFORCING);
usleep(SLEEP); // give some time for notification to reach ckm
read_keys(CKM_API_ERROR_BAD_REQUEST);
}
// run ckm manually and see if it properly loads mdpp setting
+RUNNER_TEST(TCC_0075_manualCkmReady)
+{
+ restart_ckm(READY);
+
+ remove_user_data();
+ save_keys();
+ read_keys(CKM_API_SUCCESS);
+}
+
+// run ckm manually and see if it properly loads mdpp setting
RUNNER_TEST(TCC_0080_manualCkmWhatever)
{
restart_ckm("whatever");