BuildRequires: libattr-devel
BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(libsmack)
+BuildRequires: pkgconfig(tef-libteec)
BuildRequires: pkgconfig(security-manager)
BuildRequires: pkgconfig(key-manager)
BuildRequires: pkgconfig(yaca)
%global ckm_test_dir %{?TZ_SYS_SHARE:%TZ_SYS_SHARE/ckm-test/}%{!?TZ_SYS_SHARE:/usr/share/ckm-test/}
%global ckm_rw_data_dir %{?TZ_SYS_DATA:%TZ_SYS_DATA/ckm/}%{!?TZ_SYS_DATA:/opt/data/ckm/}
+%global ta_files_dir %{?TZ_SYS_SHARE:%TZ_SYS_SHARE/libteec-tests/ta-files/}%{!?TZ_SYS_SHARE:/usr/share/libteec-tests/ta-files/}
%description
Security tests repository - for tests that can't be kept together with code.
%if "%{sec_product_feature_security_mdfpp_enable}" == "1"
-DSECURITY_MDFPP_STATE_ENABLE=1 \
%endif
+ -DTARGET_ARCH=%{target} \
-DCMAKE_VERBOSE_MAKEFILE=ON \
-DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \
-DAPP_USER="security_test_user" \
-DCKM_TEST_DIR=%{ckm_test_dir} \
+ -DTA_FILES_DIR=%{ta_files_dir} \
-DCKM_RW_DATA_DIR=%{ckm_rw_data_dir} \
-DGLOBAL_APP_DIR=%{TZ_SYS_RW_APP} \
-DLOCAL_APP_DIR="%{TZ_SYS_HOME}/security_test_user/apps_rw"
/usr/bin/ckm-tests
/usr/bin/ckm-integration-tests
/usr/bin/yaca-test
+%{_bindir}/libteec-tests
%{ckm_test_dir}/*
/etc/security-tests
/usr/lib/security-tests/cynara-tests/plugins/single-policy/*
%{_prefix}/share/yaca-test
%dir %{_prefix}/share/security-tests-cleanup-test
%{_prefix}/share/security-tests-cleanup-test/*
+%{ta_files_dir}/*
%postun
id -u security_test_user 1>/dev/null 2>&1 && gum-utils -o -d --uid=`id -u security_test_user`
--- /dev/null
+# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+INCLUDE(FindPkgConfig)
+SET(LIBTEEC_TARGET_TEST "libteec-tests")
+
+#files to compile
+SET(LIBTEEC_TARGET_TEST_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/libteec-tests/libteec_tests.cpp
+ ${PROJECT_SOURCE_DIR}/src/libteec-tests/test_cases.cpp
+ )
+
+#dependencies
+PKG_CHECK_MODULES(LIBTEEC_TARGET_DEP
+ REQUIRED
+ tef-libteec
+ libgum
+ security-manager
+ )
+
+#header directories
+INCLUDE_DIRECTORIES(SYSTEM
+ ${LIBTEEC_TARGET_DEP_INCLUDE_DIRS}
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common/
+ )
+
+ADD_DEFINITIONS("-DTA_FILES_DIR=\"${TA_FILES_DIR}\"")
+
+ADD_EXECUTABLE(${LIBTEEC_TARGET_TEST} ${LIBTEEC_TARGET_TEST_SOURCES})
+
+#linker directories
+TARGET_LINK_LIBRARIES(${LIBTEEC_TARGET_TEST}
+ ${LIBTEEC_TARGET_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+#place for output file
+INSTALL(TARGETS ${LIBTEEC_TARGET_TEST}
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+if(${TARGET_ARCH} STREQUAL "armv7l")
+ SET(PROJECT_TA_FILES_DIR
+ ${PROJECT_SOURCE_DIR}/src/libteec-tests/ta-files/optee/
+ )
+else(${TARGET_ARCH} STREQUAL "armv7l")
+ SET(PROJECT_TA_FILES_DIR
+ ${PROJECT_SOURCE_DIR}/src/libteec-tests/ta-files/simulator/
+ )
+endif(${TARGET_ARCH} STREQUAL "armv7l")
+
+INSTALL(DIRECTORY
+ ${PROJECT_TA_FILES_DIR}
+ DESTINATION ${TA_FILES_DIR}
+)
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <sm_api.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <app_install_helper.h>
+#include <scoped_installer.h>
+#include <tests_common.h>
+
+#include <tee_client_api.h>
+
+#include <string>
+#include <sstream>
+#include <memory>
+#include <fstream>
+#include <unistd.h>
+#include <iostream>
+#include <iomanip>
+#include <exception>
+
+#define DEFINETOSTR(name) case name: return #name
+
+std::string errToString(TEEC_Result err)
+{
+ switch(err) {
+ DEFINETOSTR(TEEC_SUCCESS);
+ DEFINETOSTR(TEEC_ERROR_GENERIC);
+ DEFINETOSTR(TEEC_ERROR_ACCESS_DENIED);
+ DEFINETOSTR(TEEC_ERROR_CANCEL);
+ DEFINETOSTR(TEEC_ERROR_ACCESS_CONFLICT);
+ DEFINETOSTR(TEEC_ERROR_EXCESS_DATA);
+ DEFINETOSTR(TEEC_ERROR_BAD_FORMAT);
+ DEFINETOSTR(TEEC_ERROR_BAD_PARAMETERS);
+ DEFINETOSTR(TEEC_ERROR_BAD_STATE);
+ DEFINETOSTR(TEEC_ERROR_ITEM_NOT_FOUND);
+ DEFINETOSTR(TEEC_ERROR_NOT_IMPLEMENTED);
+ DEFINETOSTR(TEEC_ERROR_NOT_SUPPORTED);
+ DEFINETOSTR(TEEC_ERROR_NO_DATA);
+ DEFINETOSTR(TEEC_ERROR_OUT_OF_MEMORY);
+ DEFINETOSTR(TEEC_ERROR_BUSY);
+ DEFINETOSTR(TEEC_ERROR_COMMUNICATION);
+ DEFINETOSTR(TEEC_ERROR_SECURITY);
+ DEFINETOSTR(TEEC_ERROR_SHORT_BUFFER);
+ DEFINETOSTR(TEEC_ERROR_EXTERNAL_CANCEL);
+ DEFINETOSTR(TEEC_ERROR_TARGET_DEAD);
+ default:
+ return "Error code not recognised";
+ }
+}
+
+std::string originToString(uint32_t origin)
+{
+ switch(origin) {
+ DEFINETOSTR(TEEC_ORIGIN_API);
+ DEFINETOSTR(TEEC_ORIGIN_COMMS);
+ DEFINETOSTR(TEEC_ORIGIN_TEE);
+ DEFINETOSTR(TEEC_ORIGIN_TRUSTED_APP);
+ default:
+ return "Return origin not recognised";
+ }
+}
+
+#undef DEFINETOSTR
+
+template <typename T>
+void toString(std::ostream& stream, T t)
+{
+ stream << std::hex << std::setw(sizeof(T)*2) << std::setfill('0') << t;
+}
+
+template <>
+void toString<unsigned char>(std::ostream& stream, unsigned char t)
+{
+ stream << std::hex << std::setw(2) << std::setfill('0') << static_cast<unsigned short>(t);
+}
+
+template <typename T, size_t N>
+void toString(std::ostream& stream, const T (&t)[N])
+{
+ for (size_t i = 0; i < N; i++)
+ toString(stream, t[i]);
+}
+
+std::string uuidToString(const TEEC_UUID& uuid)
+{
+ std::stringstream ss;
+ toString(ss, uuid.timeLow);
+ toString(ss, uuid.timeMid);
+ toString(ss, uuid.timeHiAndVersion);
+ toString(ss, uuid.clockSeqAndNode);
+ return ss.str();
+}
+
+class Ta
+{
+public:
+ explicit Ta(const TEEC_UUID& uuid)
+ : m_uuidStr(uuidToString(uuid))
+ {
+ m_path = "/usr/lib/tastore/";
+ RUNNER_ASSERT_MSG(std::ifstream(m_path).good(), "tastore folder not found");
+
+ std::string src_path = TA_FILES_DIR + m_uuidStr;
+ std::string dest_path = m_path + m_uuidStr;
+ RUNNER_ASSERT_MSG(std::ifstream(src_path).good(), "TA file not found in test assets");
+
+ std::ifstream src(src_path, std::ios::binary);
+ std::ofstream dest(dest_path, std::ios::binary);
+ dest << src.rdbuf();
+
+ RUNNER_ASSERT_MSG(isInstalled(), "Installing test TA failed");
+ int res = smack_set_label_for_path(dest_path.c_str(), XATTR_NAME_SMACK, 1, "_");
+ RUNNER_ASSERT_MSG(res >= 0, "Failed to set smack label on TA file");
+ }
+
+ ~Ta()
+ {
+ try {
+ std::string rmPath = m_path + m_uuidStr;
+ std::remove(rmPath.c_str());
+
+ std::string extPath = m_path + m_uuidStr + "-ext/";
+ std::string extPathUuid = extPath + m_uuidStr;
+
+ rmPath = extPathUuid + ".image";
+ std::remove(rmPath.c_str());
+ rmPath = extPathUuid + ".manifest";
+ std::remove(rmPath.c_str());
+ rmPath = extPath;
+ std::remove(rmPath.c_str());
+ } catch (std::exception& e) {
+ std::cerr << "Exception thrown in SystemTa destructor: " << e.what() << std::endl;
+ } catch (...) {
+ std::cerr << "Unknown exception thrown in SystemTa destructor" << std::endl;
+ }
+ }
+
+ bool isInstalled() const
+ {
+ return std::ifstream(m_path + m_uuidStr).good();
+ }
+
+protected:
+ std::string m_uuidStr;
+ std::string m_path;
+};
+
+RUNNER_TEST_GROUP_INIT(LIBTEEC)
+
+RUNNER_CHILD_TEST(libteec_01_load_TA_as_app)
+{
+ const TEEC_UUID taUuid =
+ { 0x00000000, 0x0000, 0x0000, {0x00, 0x00, 0x74, 0x63, 0x74, 0x65, 0x73, 0x74} };
+
+ Ta ta(taUuid);
+
+ TemporaryTestUser tmpUser("libteec_01_test_user", GUM_USERTYPE_NORMAL);
+ tmpUser.create();
+
+ const std::string privilege = "http://tizen.org/privilege/tee.client";
+ AppInstallHelper app("libteec_01_test_app", tmpUser.getUid());
+ app.addPrivilege(privilege);
+ ScopedInstaller appInstall(app);
+
+ auto fun = [&]()
+ {
+ auto contextPtr = std::unique_ptr<TEEC_Context, decltype(&TEEC_FinalizeContext)>
+ (NULL, &TEEC_FinalizeContext);
+ auto sessionPtr = std::unique_ptr<TEEC_Session, decltype(&TEEC_CloseSession)>
+ (NULL, &TEEC_CloseSession);
+
+ TEEC_Context context;
+ TEEC_Session session;
+
+ SecurityManagerTest::Api::setProcessLabel(app.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
+ "drop_root_privileges failed");
+
+ TEEC_Result res;
+ res = TEEC_InitializeContext(NULL, &context);
+ contextPtr.reset(&context);
+
+ RUNNER_ASSERT_MSG(res == TEEC_SUCCESS,
+ "Failed to initialize context. Error code: " << errToString(res));
+
+ uint32_t returnOrigin;
+ res = TEEC_OpenSession(&context,
+ &session, &taUuid, TEEC_LOGIN_PUBLIC, NULL, NULL, &returnOrigin);
+ sessionPtr.reset(&session);
+
+ RUNNER_ASSERT_MSG(res == TEEC_SUCCESS,
+ "Opening libteec session returned wrong value: " << errToString(res));
+
+ RUNNER_ASSERT_MSG(returnOrigin == TEEC_ORIGIN_TEE,
+ "Wrong return origin from TEEC_OpenSession: " << originToString(returnOrigin));
+ };
+
+ runInChildParentWait(fun);
+}
projects / platform / core / test / security-tests.git / commitdiff