X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=tests%2Fckm%2Fcapi-access_control.cpp;h=9295a07c222130bc5f3d2d4824215fcf7bd0441b;hb=9b8ba07965343bf6b4024fdecce78e36e3a3fab9;hp=14fccff75ec2300df1c0917083b4c0a9b67c7366;hpb=d809178e1f11602965e98a9e78f8dc5df9e40f09;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git diff --git a/tests/ckm/capi-access_control.cpp b/tests/ckm/capi-access_control.cpp index 14fccff..9295a07 100644 --- a/tests/ckm/capi-access_control.cpp +++ b/tests/ckm/capi-access_control.cpp @@ -132,6 +132,12 @@ void check_read_not_visible(const char* alias) } } +void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights) +{ + int ret = ckmc_allow_access(alias, accessor, accessRights); + RUNNER_ASSERT_MSG_BT(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret); +} + void allow_access(const char* alias, const char* accessor, int permissionMask) { // data removal should revoke this access @@ -158,6 +164,13 @@ void deny_access_negative(const char* alias, const char* accessor, int expectedC RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. Error: " << ret << ", while expected: " << expectedCode); } +void allow_access_deprecated_by_adm(const char* alias, const char* accessor, ckmc_access_right_e accessRights) +{ + // data removal should revoke this access + int ret = ckmc_allow_access_by_adm(USER_ROOT, get_label().get(), alias, accessor, accessRights); + RUNNER_ASSERT_MSG_BT(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret); +} + void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask) { // data removal should revoke this access @@ -562,6 +575,64 @@ RUNNER_TEST(T3031_manager_test_decrypt_from_another_label) } } +// tries to access other application data with permission +RUNNER_TEST(T3032_manager_deprecated_access_allowed) +{ + CharPtr top_label = get_label(); + ScopedSaveData ssd(TEST_ALIAS); + + allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + { + ScopedLabel sl(TEST_LABEL2); + + check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + } +} + +// tries to read other application data with permission for read/remove +RUNNER_TEST(T3033_manager_deprecated_access_allowed_with_remove) +{ + CharPtr top_label = get_label(); + ScopedSaveData ssd(TEST_ALIAS); + + allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + { + ScopedLabel sl(TEST_LABEL2); + + check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + } +} + +// tries to remove other application data with permission for reading only +RUNNER_TEST(T3034_manager_deprecated_access_allowed_remove_denied) +{ + CharPtr top_label = get_label(); + ScopedSaveData ssd(TEST_ALIAS); + + allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + { + ScopedLabel sl(TEST_LABEL2); + + std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS); + check_remove_denied(TEST_ALIAS_adr.c_str()); + check_read_allowed(TEST_ALIAS_adr.c_str()); + } +} + +// tries to remove other application data with permission +RUNNER_TEST(T3035_manager_deprecated_remove_allowed) +{ + CharPtr top_label = get_label(); + ScopedSaveData ssd(TEST_ALIAS); + + allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + { + ScopedLabel sl(TEST_LABEL2); + + check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + } +} + ///////////////////////////////////////////////////////////////////////////// // Control @@ -804,6 +875,62 @@ RUNNER_TEST(T3141_control_deny_invalid_user) "Trying to deny access to invalid user returned: " << ret); } +// tries to read other application data with permission +RUNNER_TEST(T3142_control_deprecated_access_allowed) +{ + CharPtr top_label = get_label(); + ScopedSaveData ssd(TEST_ALIAS); + + allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + { + ScopedLabel sl(TEST_LABEL2); + + check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + } +} + +// tries to read other application data with permission to read/remove +RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove) +{ + CharPtr top_label = get_label(); + ScopedSaveData ssd(TEST_ALIAS); + + allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + { + ScopedLabel sl(TEST_LABEL2); + + check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + } +} + +// tries to remove other application data with permission to read +RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied) +{ + CharPtr top_label = get_label(); + ScopedSaveData ssd(TEST_ALIAS); + + allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + { + ScopedLabel sl(TEST_LABEL2); + + check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + } +} + +// tries to remove other application data with permission +RUNNER_TEST(T3145_control_deprecated_remove_allowed) +{ + CharPtr top_label = get_label(); + ScopedSaveData ssd(TEST_ALIAS); + + allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + { + ScopedLabel sl(TEST_LABEL2); + + check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + } +} + RUNNER_TEST(T3999_deinit) {