-# Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
############################# subdirectories ##################################
-ADD_SUBDIRECTORY(tests)
+ADD_SUBDIRECTORY(src)
--- /dev/null
+# Copyright (c) 2011-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+INCLUDE(FindPkgConfig)
+
+PKG_CHECK_MODULES(SYS_FRAMEWORK_TEST
+ REQUIRED
+ libxml-2.0
+ libpcrecpp
+ libiri
+ )
+
+PKG_CHECK_MODULES(SYS_FRAMEWORK_TEST_OTHER
+ REQUIRED
+ glib-2.0
+ dlog
+ )
+
+ADD_DEFINITIONS(${SYS_FRAMEWORK_TEST_OTHER_CFLAGS})
+
+include(framework/config.cmake)
+
+SET(DPL_FRAMEWORK_TEST_LIBRARY "dpl-test-framework")
+
+INCLUDE_DIRECTORIES(SYSTEM
+ ${SYS_FRAMEWORK_TEST_OTHER_INCLUDE_DIRS}
+ ${DPL_FRAMEWORK_TEST_INCLUDE_DIR}
+ )
+
+ADD_LIBRARY(${DPL_FRAMEWORK_TEST_LIBRARY} ${DPL_FRAMEWORK_TEST_SOURCES})
+
+TARGET_LINK_LIBRARIES(${DPL_FRAMEWORK_TEST_LIBRARY}
+ ${SYS_FRAMEWORK_TEST_OTHER_LIBRARIES}
+ ${SYS_FRAMEWORK_TEST_LIBRARIES}
+ )
+
+INSTALL(FILES ${PROJECT_SOURCE_DIR}/src/security-tests.sh
+ DESTINATION bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+INSTALL(FILES ${PROJECT_SOURCE_DIR}/src/security-tests-all.sh
+ DESTINATION bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/test-performance-check.sh
+ DESTINATION bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+
+ADD_SUBDIRECTORY(common)
+ADD_SUBDIRECTORY(ckm)
+ADD_SUBDIRECTORY(libprivilege-control-tests)
+ADD_SUBDIRECTORY(libsmack-tests)
+ADD_SUBDIRECTORY(smack-dbus-tests)
+ADD_SUBDIRECTORY(security-server-tests)
+ADD_SUBDIRECTORY(security-manager-tests)
+ADD_SUBDIRECTORY(cynara-tests)
--- /dev/null
+# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @brief
+#
+
+INCLUDE(FindPkgConfig)
+
+# Dependencies
+PKG_CHECK_MODULES(CKM_DEP
+ libsmack
+ key-manager
+ dlog
+ REQUIRED)
+
+# Targets definition
+
+SET(TARGET_CKM_TESTS "ckm-tests")
+
+SET(CKM_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/ckm/main.cpp
+ ${PROJECT_SOURCE_DIR}/src/ckm/capi-testcases.cpp
+)
+
+INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ )
+
+ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} tests-common)
+
+# Installation
+
+INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
+INSTALL(FILES test1801.pkcs12 DESTINATION /usr/share/ckm-test)
--- /dev/null
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <tests_common.h>
+#include <access_provider.h>
+
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-type.h>
+
+#include <ckmc/ckmc-manager.h>
+#include <ckmc/ckmc-control.h>
+#include <ckmc/ckmc-type.h>
+#include <ckmc/ckmc-error.h>
+
+#include <string>
+#include <string.h>
+#include <stdio.h>
+#include <stddef.h>
+#include <stdlib.h>
+
+static const int USER_APP = 5000;
+static const int GROUP_APP = 5000;
+
+RUNNER_TEST_GROUP_INIT (T201_CKMC_CONTROL_C_API);
+
+RUNNER_TEST(T2011_Control_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2012_Control_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2013_Control_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2014_Control_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(14, "simple-password")),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2015_Control_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(20, "test-pass")),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_change_user_password(20, "test-pass", "new-pass")),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(TT2016_Control_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST_GROUP_INIT (T202_CKMC_QUICK_SET_GET_TESTS_C_API);
+
+RUNNER_TEST(T2021_init_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2022_key_C_API)
+{
+ int temp;
+
+ ckmc_key_s test_key, *test_key2;
+ ckmc_policy_s test_policy;
+
+ char* password = NULL;
+ char alias[10] = "mykey";
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ char* char_keypem = new char[keyPem.length() + 1];
+
+ std::strcpy(char_keypem, keyPem.c_str());
+ test_key.raw_key = (unsigned char *)char_keypem;
+ test_key.key_size = keyPem.length();
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = password;
+
+ test_policy.password = password;
+ test_policy.extractable = 1;
+
+ test_key2 = &test_key;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
+ "Error=" << temp);
+
+ // int compareResult;
+ // compareResult = (strcmp((const char *)test_key.raw_key, (const char *)test_key2->raw_key));
+ // printf("compare !! %s \n compare 2 !! = %s\n",test_key.raw_key, test_key2->raw_key);
+ //
+ // RUNNER_ASSERT_MSG(
+ // compareResult == 0,
+ // "Key modified");
+}
+
+RUNNER_TEST(T2023_certificate_C_API)
+{
+ int temp;
+
+ std::string certPem = "-----BEGIN CERTIFICATE-----\n"
+ "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
+ "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+ "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
+ "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+ "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
+ "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
+ "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
+ "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
+ "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
+ "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
+ "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
+ "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
+ "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
+ "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
+ "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
+ "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
+ "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
+ "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
+ "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
+ "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
+ "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
+ "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
+ "rHva8A==\n"
+ "-----END CERTIFICATE-----\n";
+
+ char* password = NULL;
+ ckmc_cert_s *cert2;
+ ckmc_cert_s cert;
+
+ ckmc_policy_s test_policy;
+ test_policy.password = password;
+ test_policy.extractable = 1;
+
+ char* char_certPem = new char[certPem.length() + 1];
+ std::strcpy(char_certPem, certPem.c_str());
+ cert.raw_cert = (unsigned char *)char_certPem;
+ cert.cert_size = certPem.length();
+ cert.data_format = CKMC_FORM_PEM;
+
+ char alias[10] = "myCert";
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ "Error=" << temp);
+
+ // int compareResult;
+ // printf("compare !! %s \n compare 2 !!\n\n %s",cert.raw_cert, cert2->raw_cert);
+ // compareResult = (strcmp((const char *)cert.raw_cert, (const char *)cert2->raw_cert));
+ //
+ // RUNNER_ASSERT_MSG(
+ // compareResult == 0,
+ // "Cert modified");
+}
+
+RUNNER_TEST(T2024_certificate_remove_C_API)
+{
+ int temp;
+
+ char* password = NULL;
+ ckmc_cert_s *cert2;
+ char alias[10] = "myCert";
+
+
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias, password, &cert2)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2025_certificate_list_C_API)
+{
+ int temp;
+
+ std::string certPem = "-----BEGIN CERTIFICATE-----\n"
+ "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
+ "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+ "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
+ "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+ "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
+ "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
+ "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
+ "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
+ "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
+ "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
+ "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
+ "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
+ "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
+ "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
+ "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
+ "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
+ "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
+ "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
+ "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
+ "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
+ "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
+ "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
+ "rHva8A==\n"
+ "-----END CERTIFICATE-----\n";
+
+ char* password = NULL;
+ ckmc_cert_s cert;
+
+ ckmc_policy_s test_policy;
+ test_policy.password = password;
+ test_policy.extractable = 1;
+
+ char* char_certPem = new char[certPem.length() + 1];
+ std::strcpy(char_certPem, certPem.c_str());
+ cert.raw_cert = (unsigned char *)char_certPem;
+ cert.cert_size = certPem.length();
+ cert.data_format = CKMC_FORM_PEM;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)),
+ "Error=" << temp);
+
+ ckmc_alias_list_s *aliasList;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert_alias_list(&aliasList)),
+ "Error=" << temp);
+
+ ckmc_alias_list_s *plist = aliasList;
+ int count_list;
+ count_list = 1;
+
+ while(plist && plist->next!=NULL) {
+ plist = plist->next;
+ count_list +=1;
+ }
+
+ RUNNER_ASSERT_MSG( count_list == 3,
+ "Wrong size of list: " << count_list << " Expected: 3");
+}
+
+
+RUNNER_CHILD_TEST(T2026_user_app_save_key_C_API)
+{
+ SecurityServer::AccessProvider ap("mylabel");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ int temp;
+
+ ckmc_key_s test_key, *test_key2;
+ ckmc_policy_s test_policy;
+
+ char* password = NULL;
+ char passwordPolicy[3] = "x";
+ char alias[10] = "mykey";
+ char* char_keypem = new char[keyPem.length() + 1];
+
+ std::strcpy(char_keypem, keyPem.c_str());
+ test_key.raw_key = (unsigned char *)char_keypem;
+ test_key.key_size = keyPem.length();
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = password;
+
+ test_policy.password = passwordPolicy;
+ test_policy.extractable = 1;
+
+ test_key2 = &test_key;
+
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)),
+ "Error=" << temp);
+
+ // RUNNER_ASSERT_MSG(
+ // key.getDER() == key2.getDER(), "Key value has been changed by service");
+}
+
+RUNNER_CHILD_TEST(T2027_app_user_save_keys_exportable_flag)
+{
+ SecurityServer::AccessProvider ap("mylabel");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ ckmc_policy_s test_policy;
+ ckmc_key_s test_key, *test_key2;
+ char* char_keypem = new char[keyPem.length() + 1];
+ char* password = NULL;
+
+ std::strcpy(char_keypem, keyPem.c_str());
+ test_key.raw_key = (unsigned char *)char_keypem;
+ test_key.key_size = keyPem.length();
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = password;
+
+ test_policy.password = password;
+ test_policy.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("appkey1", test_key, test_policy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key("appkey1", password, &test_key2)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2028_deinit_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ "Error=" << temp);
+}
+
+
+RUNNER_TEST_GROUP_INIT (T2030_CKMC_QUICK_GET_ALIAS_TESTS_C_API);
+
+RUNNER_TEST(T2031_init_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2032_save_keys_get_alias_C_API)
+{
+ int temp;
+
+ char* password = NULL;
+ ckmc_policy_s test_policy1, test_policy2, test_policy3;
+ ckmc_key_s test_key;
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ char* char_keypem = new char[keyPem.length() + 1];
+
+ std::strcpy(char_keypem, keyPem.c_str());
+ test_key.raw_key = (unsigned char *)char_keypem;
+ test_key.key_size = keyPem.length();
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = password;
+ ckmc_alias_list_s *aliasList;
+
+ test_policy1.password = password;
+ test_policy1.extractable = 1;
+
+ test_policy2.password = password;
+ test_policy2.extractable = 0;
+
+ test_policy3.password = password;
+ test_policy3.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key_alias_list(&aliasList)),
+ "Error=" << temp);
+
+ ckmc_alias_list_s *plist = aliasList;
+ int count_list;
+ count_list = 1;
+
+ while(plist && plist->next!=NULL) {
+ plist = plist->next;
+ count_list +=1;
+ }
+
+ RUNNER_ASSERT_MSG( count_list == 3,
+ "Wrong size of list: " << count_list << " Expected: 3");
+}
+
+
+RUNNER_TEST(T2033_remove_key_C_API)
+{
+ int temp;
+
+ char* password = NULL;
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ char* char_keypem = new char[keyPem.length() + 1];
+
+ std::strcpy(char_keypem, keyPem.c_str());
+ ckmc_key_s *test_key2;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2034_deinit_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST_GROUP_INIT (T2040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API);
+
+RUNNER_TEST(T2041_init_C_API)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2042_save_get_bin_data_C_API)
+{
+ int temp;
+
+ ckmc_raw_buffer_s testData1, testData2, testData3;
+ char* password = NULL;
+
+ std::string binData1 = "My bin data1";
+ std::string binData2 = "My bin data2";
+ std::string binData3 = "My bin data3";
+ char* char_binData1 = new char[binData1.length() + 1];
+ char* char_binData2 = new char[binData2.length() + 1];
+ char* char_binData3 = new char[binData3.length() + 1];
+ std::strcpy(char_binData1, binData1.c_str());
+ std::strcpy(char_binData2, binData2.c_str());
+ std::strcpy(char_binData3, binData3.c_str());
+ testData1.data = (unsigned char *) char_binData1;
+ testData2.data = (unsigned char *) char_binData2;
+ testData3.data = (unsigned char *) char_binData3;
+ testData1.size = binData1.length()+1;
+ testData2.size = binData2.length()+1;
+ testData3.size = binData3.length()+1;
+
+ ckmc_policy_s test_policy1, test_policy2, test_policy3;
+
+ test_policy1.password = password;
+ test_policy1.extractable = 1;
+ test_policy2.password = password;
+ test_policy2.extractable = 1;
+ test_policy3.password = password;
+ test_policy3.extractable = 0;
+
+ ckmc_alias_list_s *aliasList;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_data_alias_list(&aliasList)),
+ "Error=" << temp);
+
+ ckmc_alias_list_s *plist = aliasList;
+ int count_list;
+ count_list = 1;
+
+ while(plist && plist->next!=NULL) {
+ plist = plist->next;
+ count_list +=1;
+ }
+
+ RUNNER_ASSERT_MSG( count_list == 3,
+ "Wrong size of list: " << count_list << " Expected: 3");
+
+ ckmc_raw_buffer_s *testData4;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)),
+ "Error=" << temp);
+
+ int compareResult;
+ compareResult = (strcmp((const char *)testData2.data, (const char *)testData4->data));
+ RUNNER_ASSERT_MSG( compareResult == 0,
+ "Data corrupted");
+}
+
+RUNNER_CHILD_TEST(T2043_app_user_save_bin_data_C_API)
+{
+ SecurityServer::AccessProvider ap("mylabel");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ ckmc_raw_buffer_s testData1;
+ char* password = NULL;
+ std::string binData1 = "My bin data";
+ char* char_binData1 = new char[binData1.length() + 1];
+ std::strcpy(char_binData1, binData1.c_str());
+ testData1.data = (unsigned char *) char_binData1;
+ testData1.size = binData1.length()+1;
+
+ ckmc_policy_s test_policy1, test_policy2;
+
+ test_policy1.password = password;
+ test_policy1.extractable = 1;
+
+ test_policy2.password = password;
+ test_policy2.extractable = 1;
+
+ std::string binData = "My bin data";
+
+ ckmc_alias_list_s *aliasList;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata2", testData1, test_policy1)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_data_alias_list(&aliasList)),
+ "Error=" << temp);
+
+ ckmc_alias_list_s *plist = aliasList;
+
+ int count_list;
+ count_list = 1;
+
+ while(plist && plist->next!=NULL) {
+ plist = plist->next;
+ count_list +=1;
+ }
+
+ RUNNER_ASSERT_MSG( count_list == 3,
+ "Wrong size of list: " << count_list << " Expected: 3");
+}
+
+RUNNER_TEST(T2044_remove_bin_data_C_API)
+{
+ int temp;
+
+ ckmc_alias_list_s *aliasList;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_data_alias_list(&aliasList)),
+ "Error=" << temp);
+
+ ckmc_alias_list_s *plist = aliasList;
+ int count_list;
+ count_list = 1;
+
+ while(plist && plist->next!=NULL) {
+ plist = plist->next;
+ count_list +=1;
+ }
+
+ RUNNER_ASSERT_MSG(
+ count_list == 1,
+ "Wrong size of list: " << count_list << " Expected: 1");
+ char* password = NULL;
+
+ ckmc_raw_buffer_s *testData1, testData2;
+
+ std::string testStr = "My bin data2";
+ char* char_testData2 = new char[testStr.length() + 1];
+ std::strcpy(char_testData2, testStr.c_str());
+ testData2.data = (unsigned char *) char_testData2;
+ testData2.size = testStr.length()+1;
+
+ CKM::RawBuffer buffer;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)),
+ "Error=" << temp);
+
+ int compareResult;
+ compareResult = (strcmp((const char *)testData2.data, (const char *)testData1->data));
+ RUNNER_ASSERT_MSG( compareResult == 0,
+ "Data corrupted");
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2045_deinit_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST_GROUP_INIT(T205_CKMC_QUICK_CREATE_PAIR_CAPI);
+
+RUNNER_TEST(T2051_CAPI_init)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
+ "Error=" << temp);
+}
+
+RUNNER_CHILD_TEST(T2052_CAPI_create_rsa_key)
+{
+ int temp;
+
+ SecurityServer::AccessProvider ap("mylabel");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ size_t size = 2048;
+ const char *private_key_alias = "PRV_KEY1";
+ const char *public_key_alias = "PUB_KEY1";
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+
+ policy_private_key.password = NULL;
+ policy_private_key.extractable = 1;
+
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ "Error=" << temp);
+
+ ckmc_key_s *privateKey;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ privateKey->key_type == CKMC_KEY_RSA_PRIVATE,
+ "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
+ RUNNER_ASSERT_MSG(
+ privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
+ "Error=" << temp);
+
+ ckmc_key_s *publicKey;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &publicKey)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ publicKey->key_type == CKMC_KEY_RSA_PUBLIC,
+ "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PUBLIC) << ", actual=" << static_cast<int>(publicKey->key_type));
+ RUNNER_ASSERT_MSG(
+ publicKey != NULL && publicKey->key_size > 0 && publicKey->raw_key != NULL,
+ "Error=" << temp);
+
+ ckmc_alias_list_s *alias_list;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key_alias_list(&alias_list)),
+ "Error=" << temp);
+ int cnt = 0;
+ ckmc_alias_list_s *current;
+ ckmc_alias_list_s *next =alias_list;
+ do{
+ current = next;
+ next = current->next;
+ cnt ++;
+ }while(next != NULL);
+ RUNNER_ASSERT_MSG(cnt == 2, "Error=Invalid Key Number");
+}
+
+RUNNER_TEST(T2053_CAPI_deinit)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ "Error=" << temp);
+}
+
+
+RUNNER_TEST_GROUP_INIT(T206_CKMC_CAPI_CreateKeyPairRSA);
+
+RUNNER_TEST(T2061_CAPI_init)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2062_CAPI_CreateKeyPairRSA)
+{
+ int temp;
+
+ size_t size = 1024;
+ const char *private_key_alias = "rsa-test-1";
+ const char *public_key_alias = "rsa-test-2";
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+
+ policy_private_key.password = const_cast<char *>("privatepassword");
+ policy_private_key.extractable = 0;
+
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ "Error=" << temp);
+
+ sleep(1);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ "Error=" << temp << ", ret=" << temp);
+}
+
+RUNNER_TEST(T2063_CAPI_CreateKeyPairECDSA)
+{
+ int temp;
+
+ ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
+ const char *private_key_alias = "ecdsa-test-1";
+ const char *public_key_alias = "ecdsa-test-2";
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+
+ policy_private_key.password = const_cast<char *>("privatepassword");
+ policy_private_key.extractable = 0;
+
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2064_CAPI_deinit)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+}
+
+// TODO
+//RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
+
+
+
+RUNNER_TEST_GROUP_INIT(T207_CKMC_CAPI_QUICK_SET_GET_TESTS);
+
+RUNNER_TEST(T2071_CAPI_init)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2072_CAPI_get_chain)
+{
+ std::string ee =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string im =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
+ "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
+ "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
+ "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
+ "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
+ "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
+ "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
+ "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
+ "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
+ "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
+ "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
+ "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
+ "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
+ "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
+ "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
+ "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
+ "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
+ "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
+ "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
+ "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
+ "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
+ "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
+ "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
+ "-----END CERTIFICATE-----\n";
+
+ ckmc_cert_s c_cert;
+ c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
+ c_cert.cert_size = ee.size();
+ c_cert.data_format = CKMC_FORM_PEM;
+
+ ckmc_cert_s c_cert1;
+ c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
+ c_cert1.cert_size = im.size();
+ c_cert1.data_format = CKMC_FORM_PEM;
+
+ ckmc_cert_list_s untrustedcerts;
+ untrustedcerts.cert = &c_cert1;
+ untrustedcerts.next = NULL;
+
+ ckmc_cert_list_s *cert_chain_list;
+
+ int tmp;
+
+ tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == tmp, "Error=" << CKM::ErrorToString(tmp));
+
+ int cnt = 0;
+ ckmc_cert_list_s *current;
+ ckmc_cert_list_s *next =cert_chain_list;
+ do{
+ current = next;
+ next = current->next;
+ cnt ++;
+ }while(next != NULL);
+ RUNNER_ASSERT_MSG(cnt == 3, "Wrong size of certificate chain.");
+
+ ckmc_cert_list_s *cert_chain_list2 = NULL;
+ ckmc_cert_list_s *untrustedcerts2 = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (tmp = ckmc_get_cert_chain(&c_cert, untrustedcerts2, &cert_chain_list2)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ cert_chain_list2 == NULL,
+ "Wrong size of certificate chain.");
+}
+
+RUNNER_TEST(T2073_CAPI_deinit)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+}
+
+
+RUNNER_TEST_GROUP_INIT(T208_CAPI_CREATE_AND_VERIFY_SIGNATURE);
+
+RUNNER_TEST(T2081_CAPI__init)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2082_CAPI__rsa_key_create_verify)
+{
+ int temp;
+
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "Proc-Type: 4,ENCRYPTED\n"
+ "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
+ "\n"
+ "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
+ "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
+ "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
+ "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
+ "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
+ "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
+ "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
+ "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
+ "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
+ "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
+ "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
+ "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
+ "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
+ "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
+ "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
+ "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
+ "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
+ "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
+ "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
+ "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
+ "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
+ "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
+ "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
+ "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
+ "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----\n";
+
+ std::string message = "message test";
+ ckmc_raw_buffer_s msg_buff;
+ msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
+ msg_buff.size = message.size();
+
+ const char *pub_alias = "pub1";
+ const char *pri_alias = "prv1";
+ char *key_passwd = (char *) "1234";
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_key_s pubkey;
+ pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.key_size = pub.size();
+ pubkey.key_type = CKMC_KEY_NONE;
+ pubkey.password = NULL;
+
+ ckmc_policy_s pubpolicy;
+ pubpolicy.password = pub_passwd;
+ pubpolicy.extractable = 0;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = key_passwd;
+
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ "Error=" << temp);
+
+}
+
+RUNNER_TEST(T2083_CAPI__rsa_key_create_verify_negative)
+{
+ int temp;
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ ckmc_raw_buffer_s msg_buff;
+ msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
+ msg_buff.size = message.size();
+
+ const char *pub_alias = "pub1";
+ const char *pri_alias = "prv1";
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2084_CAPI__ec_key_create_verify)
+{
+ int temp;
+
+ std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
+ "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
+ "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
+ "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END EC PRIVATE KEY-----\n";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
+ "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END PUBLIC KEY-----\n";
+
+ std::string message = "message test";
+
+ ckmc_raw_buffer_s msg_buff;
+ msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
+ msg_buff.size = message.size();
+
+ const char *pri_alias = "ecprv2";
+ const char *pub_alias = "ecpub2";
+ char *key_passwd = NULL;
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_key_s pubkey;
+ pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.key_size = pub.size();
+ pubkey.key_type = CKMC_KEY_NONE;
+ pubkey.password = NULL;
+
+ ckmc_policy_s pubpolicy;
+ pubpolicy.password = pub_passwd;
+ pubpolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = key_passwd;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = (char *)pri_passwd;
+ pripolicy.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2085_CAPI__rsa_cert_create_verify_signature)
+{
+ int temp;
+
+ std::string prv =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string pub =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
+ "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
+ "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
+ "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
+ "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
+ "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
+ "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
+ "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
+ "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
+ "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
+ "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
+ "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
+ "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
+ "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string message = "message test";
+
+ ckmc_raw_buffer_s msg_buff;
+ msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
+ msg_buff.size = message.size();
+
+ const char *pri_alias = "prv3";
+ const char *pub_alias = "pub3";
+ char *key_passwd = NULL;
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_cert_s cert;
+ cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.cert_size = pub.size();
+ cert.data_format = CKMC_FORM_PEM;
+
+ ckmc_policy_s certpolicy;
+ certpolicy.password = pub_passwd;
+ certpolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = key_passwd;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ "Error=" << temp);
+
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2086_CAPI__ecdsa_cert_create_verify_signature)
+{
+ int temp;
+
+ std::string prv =
+ "-----BEGIN EC PRIVATE KEY-----\n"
+ "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
+ "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
+ "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
+ "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
+ "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
+ "ELyhe7yPCAuOoLZlTLgf\n"
+ "-----END EC PRIVATE KEY-----\n";
+
+ std::string pub =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
+ "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
+ "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
+ "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
+ "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
+ "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
+ "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
+ "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
+ "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
+ "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
+ "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
+ "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
+ "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
+ "Q1oBry6NEc+lLFmWMDesAA==\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string message = "message test";
+
+
+ ckmc_raw_buffer_s msg_buff;
+ msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
+ msg_buff.size = message.size();
+
+ const char *pri_alias = "prv4";
+ const char *pub_alias = "pub4";
+ char *key_passwd = NULL;
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_cert_s cert;
+ cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.cert_size = pub.size();
+ cert.data_format = CKMC_FORM_PEM;
+
+ ckmc_policy_s certpolicy;
+ certpolicy.password = pub_passwd;
+ certpolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = key_passwd;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 0;
+
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2087_CAPI__deinit)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+}
+
+
+//#######################################################################################
+
+void _assertKey(ckmc_key_s *key, unsigned char *raw_key, unsigned int key_size, ckmc_key_type_e key_type, char *password)
+{
+ RUNNER_ASSERT_MSG(key->key_size == key_size, "Key Size Error" );
+ RUNNER_ASSERT_MSG(key->key_type == key_type, "Key Type Error" );
+
+ if(key->password != NULL && password != NULL) {
+ RUNNER_ASSERT_MSG(strcmp(key->password, password) == 0, "Password Error" );
+ }else if(key->password == NULL && password == NULL) {
+ RUNNER_ASSERT_MSG(true, "Password Error" );
+ }else {
+ RUNNER_ASSERT_MSG(false, "Password Error" );
+ }
+
+ if(key->raw_key != NULL && raw_key != NULL) {
+ for(unsigned int i=0; i<key_size; i++) {
+ RUNNER_ASSERT_MSG((key->raw_key)[i] == raw_key[i], "Raw Key Error" );
+ }
+ }else if(key->raw_key == NULL && raw_key == NULL) {
+ RUNNER_ASSERT_MSG(true, "Raw Key Error" );
+ }else {
+ RUNNER_ASSERT_MSG(false, "Raw Key Error" );
+ }
+}
+
+RUNNER_TEST_GROUP_INIT(T209_CKMC_CAPI_TYPES);
+
+RUNNER_TEST(T2091_CAPI_TYPE_init)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T2092_CAPI_TYPE_KEY)
+{
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned int key_size = keyPem.size();
+ ckmc_key_type_e key_type = CKMC_KEY_NONE;
+ char *password = const_cast< char *>("");
+
+ ckmc_key_s *key;
+ ckmc_key_new(raw_key, key_size, key_type, password, &key);
+
+ _assertKey(key, raw_key, key_size, key_type, password);
+ ckmc_key_free(key);
+
+ char *passwordNull = NULL;
+ ckmc_key_s *key2;
+ ckmc_key_new(raw_key, key_size, key_type, passwordNull, &key2);
+ ckmc_key_free(key2);
+}
+
+RUNNER_TEST(T2093_CAPI_TYPE_BUFFER)
+{
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned int size = keyPem.size();
+
+ ckmc_raw_buffer_s *buff;
+ ckmc_buffer_new(data, size, &buff);
+
+ RUNNER_ASSERT_MSG(buff->size == size, "Size Error" );
+
+ if(buff->data != NULL && data != NULL) {
+ for(unsigned int i=0; i<size; i++) {
+ RUNNER_ASSERT_MSG((buff->data)[i] == data[i], "Raw data Error" );
+ }
+ }else if(buff->data == NULL && data == NULL) {
+ RUNNER_ASSERT_MSG(true, "Raw data Error" );
+ }else {
+ RUNNER_ASSERT_MSG(false, "Raw data Error" );
+ }
+
+ ckmc_buffer_free(buff);
+}
+
+RUNNER_TEST(T2094_CAPI_TYPE_CERT)
+{
+ std::string certPem =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
+ "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+ "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
+ "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+ "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
+ "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
+ "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
+ "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
+ "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
+ "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
+ "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
+ "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
+ "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
+ "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
+ "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
+ "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
+ "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
+ "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
+ "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
+ "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
+ "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
+ "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
+ "rHva8A==\n"
+ "-----END CERTIFICATE-----\n";
+
+ unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
+ unsigned int size = certPem.size();
+ ckmc_data_format_e form = CKMC_FORM_PEM;
+
+ ckmc_cert_s *ckmCert;
+ ckmc_cert_new(raw_cert, size, form, &ckmCert);
+
+ RUNNER_ASSERT_MSG(ckmCert->cert_size == size, "Size Error" );
+
+ if(ckmCert->raw_cert != NULL && raw_cert != NULL) {
+ for(unsigned int i=0; i<size; i++) {
+ RUNNER_ASSERT_MSG((ckmCert->raw_cert)[i] == raw_cert[i], "Raw data Error" );
+ }
+ }else if(ckmCert->raw_cert == NULL && raw_cert == NULL) {
+ RUNNER_ASSERT_MSG(true, "raw_cert Error" );
+ }else {
+ RUNNER_ASSERT_MSG(false, "raw_cert Error" );
+ }
+
+ RUNNER_ASSERT_MSG(ckmCert->data_format == form, "ckmc_cert_form Error" );
+
+ ckmc_cert_free(ckmCert);
+}
+
+
+RUNNER_TEST(T2095_CAPI_TYPE_load_cert_file)
+{
+ int ret;
+
+ std::string certStr =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n";
+
+ const char *file_name = "/tmp/ckmc_test_cert.pem";
+ remove(file_name);
+
+ FILE* cert_file;
+ cert_file = fopen(file_name, "w");
+ fprintf(cert_file, "%s",certStr.c_str());
+ fclose(cert_file);
+
+ ckmc_cert_s *pcert;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
+ "Error=" << CKM::ErrorToString(ret));
+
+ RUNNER_ASSERT_MSG(
+ pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
+
+ const char *lcert_alias = "lcert_alias";
+ ckmc_policy_s policy;
+ policy.password = NULL;
+ policy.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias, *pcert, policy)),
+ "Error=" << CKM::ErrorToString(ret));
+
+ remove(file_name);
+}
+
+RUNNER_TEST(T2096_CAPI_TYPE_load_p12_file) {
+ std::string p12Base64 =
+ "MIINaQIBAzCCDS8GCSqGSIb3DQEHAaCCDSAEgg0cMIINGDCCChcGCSqGSIb3DQEH\n"
+ "BqCCCggwggoEAgEAMIIJ/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIvO01\n"
+ "D2ODdkYCAggAgIIJ0NscvWq3hmXai5DQcleOgELPbu2c97d+KJnRGCK7K3eRb0/v\n"
+ "4F3f3LFSFFT9OAK0/OS1ZYCiO+IuZ6Rpc8Baqe89xVcOHrQ0dQ7sIvbq10dnp5nY\n"
+ "fEcrt7qPXcRa3IdOX4PFo4aCOFq5bHv5M3quHldKRh4itosjsAGuF/xtnVnO6lU5\n"
+ "UlPhtAdr2Mpr4SHh+oBbJknLvyd6n/4xZ2elEA8ui4Qt5GfiHwWs2J7KO3Z8M1vW\n"
+ "yukuyVTaZ6RNkj8dkq/RttvVinlgATYLoosjCsH7VVcd+/z9JqD37QQ89pzdjvJg\n"
+ "CtXFVbqsOIbjPMkQMYtMdaPsLDDzw6l+q7BJreGIoJmTHbhTtNOJo03XPEnlVXUq\n"
+ "Q+224ibNKzLAvpSWOo8BUHK7ZDc1oaLODDZ+WAA6jfgHkuhhWYr9dxce6UdhMghJ\n"
+ "M7ixWwa350psdACREdGxNQzxmucmueprbDumVPAnnJfnKfgRXdKpTDFWS4TaYRc/\n"
+ "TE4lKSBZpFFduy/gdpLGCHdklTs33aWZ/mEVZJnk2PggKyvSKH9oL3DxkZIFkGdQ\n"
+ "wcy8gAuLBirdWB/q4JWqW7sH8kMfEwXACEm1z4SzCik8afamQNJEbovA3Pvrhw/P\n"
+ "1HE5KPNvKMaIr9kk5rTnGGTSNrSMqUCnBl4MjVS4HacrZvvt60y0D3RFB8IqlFMt\n"
+ "od2FagxojPyO/wP8jDERnySo2Irz0x0WUjWARtcLLH2FOK7ROkX1/WjRZmDV0jtv\n"
+ "yL8r97XZf/NddVU13Jt13dBJCjxZRvfJZgNI8RybkPQ3Y9J5LIOLVFPU3ZKIi7W7\n"
+ "KtCw/FCUfEdNarLQMWG0Z9bux7vu/eK1+KpF9pfzD3Q1V0sj2M158Q5W2gy9q/u0\n"
+ "gOOuybiZB2AL9kxBv0rqb8h7SF5ZIRoy85PrwtnX7w4Xq+4I7RA68bcEGyqgTWWb\n"
+ "XZxcY65F2slqekXddKeDSTizQk/APgWva/TwgaUeXR9YBCO4o71pla//FNqJ6pRm\n"
+ "tZjEY9ALBCc083gsImc7+LAeubEcYzjhhgRPQwGJfJTMqgC/NOa9wFhvNO4QcFjf\n"
+ "XQxxIFxlQJ64qU316FyeuyxLYGd02uakrLLgYtAGG7nPZCYNkUKvCwICKJYI+wAg\n"
+ "CX0FVwXsR1f33kVuV6sd4YConz80Lk9ayvNJVeCzEOBvhthbMcP3mIn22X+GT3jU\n"
+ "O5Z0bkXAU0C8XTfLQMk2m6Ag3mctrn4iJBPwQ7j12GnlSLko+e7IssRd4Qj4vBZd\n"
+ "KXUIoRcOsXqWoQgXJAtdLJEHVo0SUyxVojXsXqUZ3yYOkVUykvXZUcBnS6xwtaUt\n"
+ "EzdFsEO3NQSLOju5Tpp12lKbrgIToV75zyA3CULEdimEUWD/wA+pDaIS39shNyeE\n"
+ "edtAp3WF3mDkHQFyKG52IVx7hJU8jXXunvY21tshTAx/Gda0X1CtgSU7Q00ROr+L\n"
+ "TaehRiKsSgxQa6/jyJY5KY1hIDzwaem5Y7gDnxotmQuPhIX8MeD5Qdv6AVovfScN\n"
+ "07QuWyUBgFsZzbp79AsnPRLzoiAMQljMn7TXDDLq+uF922OU47BQkzlPfKAuHbyu\n"
+ "R+uZwtDfMD71FqWjCAHMPyENinsnUehCwX2pVxa6KSs61IsTfb3oUPY1TRxfZnfd\n"
+ "8SAUfPjKVss9Eyahuv+kzenPUDZn5LV9E0G0DGNxIf493A5Z29scNkQcCBjTJJvx\n"
+ "4BBJCES6SgkTQl7eFoBGOIqqytpYP9QZW5jy7ramgz/gF2kMKjAfikhbd5vB4Fwd\n"
+ "QlExMlbW+wL/ffr4AGlwenlDzXBFKQM0mYZNKLuB9LrRzw35fVFZ9XY06VCxhbMa\n"
+ "wI9gN4rKA3bNG3DCWTsr1TZ6CvrqFJjlfK4KF/+eNfnkIY8uVYxnPlRRkmPw4dpE\n"
+ "KdaXUiu5WJvZupeYqqNsWdxs+v2KS1E/PcM9BgUFKFD4lW84WbWUHPxvxXoZhSCs\n"
+ "nQ0hsPd53NKBBdEOao5HAAf+T5yFnJzZ3rVkYBEC67gHyWgXB1Zy283yAIihvUXw\n"
+ "DOEVppNHnIqAjQpncQcDpV0/zYCvqOEfU+JPpmepgo737Tq2MlUKLTByhg1mQhKm\n"
+ "2pI63BFiw2/2igImFbmhzJjilWkaM4kwM1uGKOKgjacXI/VSVEajuYAfo37quBxF\n"
+ "ZWyWJoFXBvQ7jolTKXUVbCqnSSaItosZrS3vcDdGUegRm0rf6IzCRPdSIsfCDdZG\n"
+ "9UeChoznNezoLENgmqQJTV3wDo3uSZbztlctoERvZpn457MLZEn8hXEwMLPXx2Ur\n"
+ "HQ5fYAdTBzBpoLiy8ujzFxFJDzW9ytnb7aFF7YVivfj42eVGnCANvVcwkp2/E3MW\n"
+ "Img0OyqKRQHaGGI7iGNO5KYpTk0CdSyErQarH52ZRvr0t2CK6J6vDgrhJnzd5Ayr\n"
+ "6t+coAZBw8eIJqiM5WzAm4mlZRSHL+JcaKkrqoYOo+kewj7wgW2Kk/7S8re38RvP\n"
+ "+V9nqpfr18gIV72G2yZ60C21eRqOFPgl1CYbmWHqYKXatuT4o+kgBmJpez5uvIHz\n"
+ "LSd88An02ow+WQ+KP8YGV38ZtuA6D4FPA3fsMdhNOqjtwWiPei+ILaXD5PsOfDGH\n"
+ "2fZgOWXivFYqq9Cm3B3ffFX/oD/7sFMs+/AWeZOh8XqU8ro73L1HNRXx4HdyRUY/\n"
+ "pInwA0mWaFNGgBRPbNW0A6cZ2dY0Hn8sRRsF+5tIs0hOelpT1y/ZEVyGImTQgEbK\n"
+ "KeggQGT9h9rhrrUK+hE27MorcRi6tVteKlNyGQsCJko0ZoqqctM4o7wT5ce4nWtb\n"
+ "ixzp5xDkDmcP6eldHiVm8TsZn0hkmNDu0xpgIVtb4VDRmWP687EOaGHYhjOBw6X1\n"
+ "GD1d1yyg/VxlUr0lKmbsFVC2mDiWbnWd49+FGsrySc2RO8DlC9xkXLaG+ubjmLpK\n"
+ "lwagiI2P1MzkHuZiz7WlIjFefuYh0yrYvDA5UDiQTDdoZWFuR5r93QWdsUcHlvdF\n"
+ "rYmhQ93F6I4gaT9HSVEDJfisIjIUmIwhh20tdGnf3FC5VyqBYS5GQObq3VnC8stU\n"
+ "b7byCEMlKr5bWslEem6gRGTB9xektKgrsFgS7nb3Geegq9K+mWIBC/iBOInVqFYx\n"
+ "Uw8+s6ywApXPLPEIrVZumkwo7Rl8lJfCTDNni/68XHhhVHY70N0PSdfnCAvV9G41\n"
+ "3wuTZHqLOeQG3Sm8I1JJXkWSuuk0QI7DVKZpmz+x4aFBd+rncfvWOEbN9G0ZqbUT\n"
+ "lGkfxtUWY6pWX/XJpyBzOlv2+fCPi/Yd0csb45IEuFHNG1svgqGMJw5BmFu5v0Qs\n"
+ "0i1zKBrNA/Acd6+uL0UqDZStB6lyPn6+uifh3sMwggL5BgkqhkiG9w0BBwGgggLq\n"
+ "BIIC5jCCAuIwggLeBgsqhkiG9w0BDAoBAqCCAqYwggKiMBwGCiqGSIb3DQEMAQMw\n"
+ "DgQIBJuBj07uHGACAggABIICgJBfOlC99JJjEUBibYLXIJPe53Cy7eDXCtVaPbhX\n"
+ "VHPCsBrUd7+6Ul7Vh/JHMlJL1VA3WvGnX93f0p5FICgZZA3sIZjpxBoeVkZ0Zx6r\n"
+ "ZMnBPIN4GaHYufCGPyAlPXgEGjlBr3g6Sxr8j50vsWtfspwiILsyte+nQ3kE1nV4\n"
+ "TjNBnayXmCMnEkf4kKu+dlLFbd1OY/fQJbiT+f9YtMfcfp2IR+7bXb23UIv8Wt1I\n"
+ "XyqsYTcUjIvnByKSDrvVu941x1EN5DF1964qQbAZb/z5ueTl8tCpaCFlGbZcXz7X\n"
+ "7L3k0YWdymx1J+szd6heQJrzqMjcHK3XWC7YlDytWB59j0eNMx42XEFP0pAO+gt9\n"
+ "Iny2XL+sxJC/xzf6apYMmmGwEXrZkkudsSVMgLCtYyin4zM7PFzLAPK9ryEhsxaP\n"
+ "g077MJ/aIaZ7PLi7cABz/g+gQ1dSXakNOof6EjRUADHpav9UKeKwWdR8ycB/8AQV\n"
+ "XxQTpEsFJ7izdNZDNC/ZeOhc/ohnei169rfH0shVeeckjf++c8zlh/Y5UWIi3V6i\n"
+ "5c7RlIJLMtHrvpB5UxRpZgWSdXvCuTCBEzlZAeWJ11I4DAeioqJ1V3h2KcUjNKf1\n"
+ "z8mTJrzAycuhm8npaC0Gj6JU7jiYPZLvj+cK/e/gjadWggHFYsjAKhACDbAtG64N\n"
+ "Gu9PWJszvhSO8ga7TOVEzdbe2jm4oWtqPe3gb6eYl2Ma6GTfj/PUEDpNAOnr99qV\n"
+ "g3uKIXMBp2115bfUf5sbfPdMbnH12XILXR9Va+JjeQHexa64QWlsiRgtXEAXxoEb\n"
+ "D2aTlfdsJpgilyj31Y45xOdN7FI+Ltfhudxt1kABPdmKwRMxJTAjBgkqhkiG9w0B\n"
+ "CRUxFgQUMvxYuPi3XpEeXbzAkXaNbAw7P5gwMTAhMAkGBSsOAwIaBQAEFOBC4ppE\n"
+ "AXO+xdzSBKimvjBBTLbEBAjlaWiC5IVtmAICCAA=\n";
+
+ // write file
+ const char *p12base64file = "/tmp/ckmc_test_p12.p12.b64";
+ const char *p12file = "/tmp/ckmc_test_p12.p12";
+ const char *password = "password";
+
+ remove(p12base64file);
+ remove(p12file);
+
+ FILE* b64_file;
+ b64_file = fopen(p12base64file, "w");
+ fprintf(b64_file, "%s",p12Base64.c_str());
+ fclose(b64_file);
+
+ std::string cmd("openssl base64 -d -in ");
+ cmd.append(p12base64file);
+ cmd.append(" -out ");
+ cmd.append(p12file);
+ system(cmd.c_str());
+
+ int temp;
+
+ ckmc_key_s *private_key = NULL;
+ ckmc_cert_s *cert = NULL;
+ ckmc_cert_list_s *ca_cert_list = NULL;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file(p12file, password,
+ &private_key, &cert, &ca_cert_list)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(private_key != NULL, "Null private_key");
+ RUNNER_ASSERT_MSG(cert != NULL, "Null cert");
+ RUNNER_ASSERT_MSG(ca_cert_list != NULL, "Null ca_cert_list");
+
+ ckmc_policy_s policy;
+ policy.password = NULL;
+ policy.extractable = 1;
+
+
+ const char *pkey_alias = "pkey_alias";
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *private_key, policy)),
+ "Error=" << temp);
+
+ const char *cert_alias = "cert_alias";
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *cert, policy)),
+ "Error=" << temp);
+ std::string caCertAlias = "ca_cert_alias_";
+ const char *idx = "0";
+ int cnt = 0;
+ ckmc_cert_list_s *tmpList = ca_cert_list;
+ while(tmpList != NULL) {
+ caCertAlias.append(idx);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
+ "Error=" << temp);
+ tmpList = tmpList->next;
+ cnt ++;
+ }
+
+ RUNNER_ASSERT_MSG(cnt == 2,"Invalid CA Cert Count");
+
+ ckmc_key_free(private_key);
+ ckmc_cert_free(cert);
+ ckmc_cert_list_all_free(ca_cert_list);
+
+ remove(p12base64file);
+ remove(p12file);
+}
+
+
+RUNNER_TEST(T2098_CAPI_TYPE_deinit)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ "Error=" << temp);
+}
+
+
+RUNNER_TEST_GROUP_INIT(T2000_CAPI_LOCKTYPE_TESTS);
+
+RUNNER_CHILD_TEST(T2101_CAPI_init_lock_key)
+{
+ int tmp;
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ char *null_password = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_change_user_password(USER_APP,"user-pass",null_password)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T2102_CAPI_unlock_default_passwd)
+{
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+
+ ckmc_key_s test_key, *test_key2;
+ ckmc_policy_s test_policy;
+
+ char* password = NULL;
+ char alias[20] = "mykey_defpasswd";
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ char* char_keypem = new char[keyPem.length() + 1];
+
+ std::strcpy(char_keypem, keyPem.c_str());
+ test_key.raw_key = (unsigned char *)char_keypem;
+ test_key.key_size = keyPem.length();
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = password;
+
+ test_policy.password = password;
+ test_policy.extractable = 1;
+
+ test_key2 = &test_key;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key(alias)),
+ "Error=" << temp);
+}
+
+RUNNER_CHILD_TEST(T2103_CAPI_init_change_user_password)
+{
+ int tmp;
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ char *null_password = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_change_user_password(USER_APP,null_password,"user-pass")),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T2104_CAPI_unlock_default_passwd_negative)
+{
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+
+ ckmc_key_s test_key, *test_key2;
+ ckmc_policy_s test_policy;
+
+ char* password = NULL;
+ char alias[20] = "mykey_defpasswd";
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ char* char_keypem = new char[keyPem.length() + 1];
+
+ std::strcpy(char_keypem, keyPem.c_str());
+ test_key.raw_key = (unsigned char *)char_keypem;
+ test_key.key_size = keyPem.length();
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = password;
+
+ test_policy.password = password;
+ test_policy.extractable = 1;
+
+ test_key2 = &test_key;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_LOCKED == (temp = ckmc_save_key(alias, test_key, test_policy)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key2)),
+ "Error=" << temp);
+}
+
+RUNNER_CHILD_TEST(T2109_CAPI_deinit)
+{
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+}
+
+RUNNER_TEST_GROUP_INIT(T220_CAPI_EMPTY_DATABASE);
+
+RUNNER_TEST(T2201_CAPI_unlock_database)
+{
+ int temp;
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ "Error=" << temp);
+}
+
+RUNNER_CHILD_TEST(T2202_CAPI_get_data_from_empty_database)
+{
+ int temp;
+ char alias[10] = "mykey";
+ char *password = NULL;
+ ckmc_key_s *test_key = NULL;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias, password, &test_key)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
+}
+
+RUNNER_CHILD_TEST(T2203_CAPI_deinit_lock_database)
+{
+ int temp;
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ "Error=" << temp);
+}
+
+RUNNER_CHILD_TEST(T2204_CAPI_get_data_from_locked_database)
+{
+ int temp;
+ char alias[10] = "mykey";
+ char *password = NULL;
+ ckmc_key_s *test_key = NULL;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
+}
--- /dev/null
+#include <netdb.h>
+
+#include <dpl/log/log.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <tests_common.h>
+#include <access_provider.h>
+
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-password.h>
+#include <ckm/ckm-type.h>
+#include <ckm/ckm-pkcs12.h>
+
+#include <fstream>
+
+static const int USER_APP = 5000;
+static const int GROUP_APP = 5000;
+static const int USER_TEST = 5001;
+
+/*
+ * How to numerate tests:
+ * TABCD_NAME
+ * T - test case (always T)
+ * AB - number of test group (always two digits)
+ * C - test number in group (all tests with same TABC must be run in the same time).
+ * D - subtest.
+ */
+
+
+RUNNER_TEST_GROUP_INIT(T0000_CKM_CONTROL);
+
+RUNNER_TEST(T0010_Control)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ control->removeUserData(0);
+ control->removeUserData(20);
+ control->removeUserData(USER_APP);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T0020_Control)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T0030_Control)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T0040_Control)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "simple-password")),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T0050_Control)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(20)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS);
+
+RUNNER_TEST(T1010_init)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1011_key)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::KeyShPtr key2;
+ CKM::Alias alias = "mykey";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key2->getDER(),
+ "Key value has been changed by service");
+}
+
+RUNNER_TEST(T1012_certificate)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string certPem =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
+ "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+ "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
+ "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+ "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
+ "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
+ "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
+ "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
+ "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
+ "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
+ "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
+ "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
+ "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
+ "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
+ "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
+ "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
+ "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
+ "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
+ "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
+ "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
+ "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
+ "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
+ "rHva8A==\n"
+ "-----END CERTIFICATE-----\n";
+
+ CKM::RawBuffer buffer(certPem.begin(), certPem.end());
+ auto cert = CKM::Certificate::create(buffer, CKM::DataFormat::FORM_PEM);
+ CKM::CertificateShPtr cert2;
+ CKM::Alias alias = "myCert";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificate(alias, CKM::Password(), cert2)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ cert->getDER() == cert2->getDER(),
+ "Data has been modified in key manager");
+}
+
+RUNNER_CHILD_TEST(T1013_user_app_save_key)
+{
+ SecurityServer::AccessProvider ap("mylabel");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ int temp;
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::KeyShPtr key2;
+ CKM::Alias alias = "mykey";
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy("x"))),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password("x"), key2)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key2->getDER(), "Key value has been changed by service");
+}
+
+
+RUNNER_TEST(T1014_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS);
+
+RUNNER_TEST(T1020_init)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1021_save_keys_get_alias)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::AliasVector aliasVector;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey("rootkey2", key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ aliasVector.size() == 3,
+ "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+}
+
+RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
+{
+ SecurityServer::AccessProvider ap("mylabel");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::AliasVector aliasVector;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey("appkey2", key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ aliasVector.size() == 3,
+ "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+}
+
+RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
+{
+ SecurityServer::AccessProvider ap("mylabel");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::AliasVector aliasVector;
+ CKM::Policy notExportable(CKM::Password(), false);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey("appkey4", key, notExportable)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getKey("appkey4", CKM::Password(), key)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data3", buffer, notExportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1029_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
+
+RUNNER_TEST(T1030_init)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1031_save_get_bin_data)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string binData1 = "My bin data1";
+ std::string binData2 = "My bin data2";
+ std::string binData3 = "My bin data3";
+
+ CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
+ CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
+ CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
+
+ CKM::AliasVector aliasVector;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer2, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer3, CKM::Policy(CKM::Password(), true))),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ aliasVector.size() == 3,
+ "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+
+ CKM::RawBuffer buffer;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ buffer == buffer2,
+ "Data corrupted");
+}
+
+RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
+{
+ SecurityServer::AccessProvider ap("mylabel");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string binData = "My bin data";
+
+ CKM::RawBuffer buffer(binData.begin(), binData.end());
+
+ CKM::AliasVector aliasVector;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("appdata2", buffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ aliasVector.size() == 3,
+ "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+}
+
+RUNNER_TEST(T1033_remove_bin_data)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string binData2 = "My bin data2";
+ CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
+
+ CKM::AliasVector aliasVector;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->removeData("data1")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->removeData("data3")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ aliasVector.size() == 1,
+ "Wrong size of list: " << aliasVector.size() << " Expected: 1");
+
+ CKM::RawBuffer buffer;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ buffer == buffer2,
+ "Data corrupted");
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("data3", CKM::Password(), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1039_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR);
+
+RUNNER_TEST(T1040_init)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T1041_create_rsa_key)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::AliasVector av;
+
+ SecurityServer::AccessProvider ap("mylabel");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1"), CKM::Alias("PUB_KEY1"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 2 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 2");
+}
+
+RUNNER_TEST(T1049_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPairRSA);
+
+RUNNER_TEST(T1110_init)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1111_CreateKeyPairRSA)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::Alias a1("rsa-test-1");
+ CKM::Alias a2("rsa-test-2");
+ CKM::Policy p1;
+ CKM::Policy p2;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1112_CreateKeyPairECDSA)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::Alias a1("ecdsa-test-1");
+ CKM::Alias a2("ecdsa-test-2");
+ CKM::Policy p1;
+ CKM::Policy p2;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(CKM::ElipticCurve::prime192v1, a1, a2, p1, p2)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1113_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
+
+RUNNER_TEST(T12100_init)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12101_key_exist)
+{
+ int ret;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer);
+ CKM::Alias alias = "rsa-alias-duplication";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+/*
+ * These test cases tests API when empty parameters are passed to functions
+ */
+
+RUNNER_TEST(T12102_saveKey_empty_alias)
+{
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLc\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer);
+ CKM::Alias alias; //alias is not initialized
+
+ int ret;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12103_saveKey_empty_key)
+{
+ CKM::KeyShPtr key; //key is not initialized
+ CKM::Alias alias = "empty-key";
+
+ int ret;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12104_saveCertificate_empty_alias)
+{
+ std::string certPem =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
+ "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+ "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
+ "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+ "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
+ "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
+ "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
+ "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
+ "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
+ "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
+ "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
+ "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
+ "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
+ "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
+ "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
+ "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
+ "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
+ "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
+ "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
+ "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
+ "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
+ "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
+ "rHva8A==\n"
+ "-----END CERTIFICATE-----\n";
+
+ CKM::RawBuffer buffer(certPem.begin(), certPem.end());
+ auto cert = CKM::Certificate::create(buffer, CKM::DataFormat::FORM_PEM);
+ CKM::Alias alias; //alias is not initialized
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12105_saveCertificate_empty_cert)
+{
+ CKM::CertificateShPtr cert; //cert is not initialized
+ CKM::Alias alias = "empty-cert";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12106_saveData_empty_alias)
+{
+ std::string testData = "test data test data test data";
+ CKM::RawBuffer buffer(testData.begin(), testData.end());
+ CKM::Alias alias;
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12107_saveData_empty_data)
+{
+ CKM::RawBuffer buffer;
+ CKM::Alias alias = "empty-data";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+/*
+ * These test cases tests API when trying to get data from not existing alias
+ */
+
+RUNNER_TEST(T12108_getKey_alias_not_exist)
+{
+ CKM::KeyShPtr key;
+ CKM::Alias alias = "this-alias-not-exist";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getKey(alias, "", key)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12109_getCertificate_alias_not_exist)
+{
+ CKM::CertificateShPtr certificate;
+ CKM::Alias alias = "this-alias-not-exist";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getCertificate(alias, CKM::Password(), certificate)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12110_getData_alias_not_exist)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::RawBuffer buffer;
+ CKM::Alias alias("some alias");
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(alias, "", buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+/*
+ * These test cases tests API when damaged keys are used
+ */
+RUNNER_TEST(T12111_rsa_key_damaged)
+{
+ int ret;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ // "BROKENBROKENBROKENBROKENBROKENTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ // "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer);
+ CKM::Alias alias = "damaged-rsa";
+
+ RUNNER_ASSERT_MSG(
+ NULL == key.get(), "Key is broken. It should be empty");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12112_rsa_key_too_short)
+{
+ int ret;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ //"T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer);
+ CKM::Alias alias = "short-rsa";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12113_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
+
+RUNNER_TEST(T1311_init)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(time(0) > 1405343457,
+ "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
+
+ struct hostent* he = gethostbyname("google.com");
+
+ RUNNER_ASSERT_MSG(he != NULL, "There is problem with translate domain google.com into ip address. Probably network "
+ "is not woking on the device. OCSP tests requires network access!");
+}
+
+RUNNER_TEST(T1312_get_chain)
+{
+ std::string ee = "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string im =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
+ "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
+ "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
+ "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
+ "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
+ "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
+ "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
+ "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
+ "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
+ "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
+ "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
+ "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
+ "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
+ "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
+ "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
+ "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
+ "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
+ "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
+ "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
+ "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
+ "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
+ "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
+ "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
+ "-----END CERTIFICATE-----\n";
+
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
+ auto cert1 = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ CKM::CertificateShPtrVector certVector = {cert1};
+ CKM::CertificateShPtrVector certChain;
+
+ int tmp;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
+ RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ 0 == certChain.size(),
+ "Wrong size of certificate chain.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ 3 == certChain.size(),
+ "Wrong size of certificate chain.");
+}
+
+RUNNER_TEST(T1313_get_chain_with_alias)
+{
+ std::string ee = "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string im =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
+ "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
+ "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
+ "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
+ "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
+ "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
+ "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
+ "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
+ "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
+ "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
+ "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
+ "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
+ "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
+ "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
+ "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
+ "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
+ "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
+ "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
+ "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
+ "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
+ "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
+ "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
+ "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
+ "-----END CERTIFICATE-----\n";
+
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
+ auto cert1 = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ CKM::CertificateShPtrVector certChain;
+ CKM::AliasVector aliasVector;
+ CKM::Alias alias("imcert");
+
+ int tmp;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
+ RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ 0 == certChain.size(),
+ "Wrong size of certificate chain.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ aliasVector.push_back(alias);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ 3 == certChain.size(),
+ "Wrong size of certificate chain.");
+}
+
+RUNNER_TEST(T1314_ocsp_check)
+{
+ std::string ee = "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string im =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
+ "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
+ "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
+ "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
+ "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
+ "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
+ "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
+ "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
+ "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
+ "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
+ "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
+ "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
+ "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
+ "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
+ "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
+ "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
+ "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
+ "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
+ "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
+ "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
+ "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
+ "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
+ "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
+ "-----END CERTIFICATE-----\n";
+
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
+ auto cert1 = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ CKM::CertificateShPtrVector certVector = {cert1};
+ CKM::CertificateShPtrVector certChain;
+
+ int tmp;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
+ RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ 0 == certChain.size(),
+ "Wrong size of certificate chain.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ 3 == certChain.size(),
+ "Wrong size of certificate chain.");
+
+ int status;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->ocspCheck(certChain, status)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_GOOD == status, "Verfication failed");
+}
+
+RUNNER_TEST(T1315_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
+
+RUNNER_TEST(T1411_init)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1412_rsa_key_create_verify)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "Proc-Type: 4,ENCRYPTED\n"
+ "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
+ "\n"
+ "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
+ "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
+ "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
+ "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
+ "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
+ "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
+ "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
+ "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
+ "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
+ "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
+ "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
+ "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
+ "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
+ "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
+ "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
+ "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
+ "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
+ "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
+ "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
+ "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
+ "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
+ "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
+ "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
+ "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
+ "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----\n";
+
+ std::string message = "message test";
+
+ CKM::Alias aliasPub = "pub1";
+ CKM::Alias aliasPrv = "prv1";
+ CKM::Password password = "1234";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
+
+ RUNNER_ASSERT_MSG(NULL != keyPub.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1413_rsa_key_create_verify_negative)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub1";
+ CKM::Alias aliasPrv = "prv1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1414_ec_key_create_verify)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
+ "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
+ "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
+ "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END EC PRIVATE KEY-----\n";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
+ "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END PUBLIC KEY-----\n";
+
+ std::string message = "message test";
+
+ CKM::Alias aliasPub = "ecpub2";
+ CKM::Alias aliasPrv = "ecprv2";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
+
+ RUNNER_ASSERT_MSG(NULL != keyPub.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1415_rsa_cert_create_verify_signature)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string prv =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string pub =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
+ "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
+ "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
+ "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
+ "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
+ "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
+ "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
+ "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
+ "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
+ "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
+ "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
+ "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
+ "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
+ "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string message = "message test";
+
+ CKM::Alias aliasPub = "pub3";
+ CKM::Alias aliasPrv = "prv3";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
+
+ RUNNER_ASSERT_MSG(NULL != cert.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1416_ecdsa_cert_create_verify_signature)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string prv =
+ "-----BEGIN EC PRIVATE KEY-----\n"
+ "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
+ "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
+ "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
+ "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
+ "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
+ "ELyhe7yPCAuOoLZlTLgf\n"
+ "-----END EC PRIVATE KEY-----\n";
+
+ std::string pub =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
+ "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
+ "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
+ "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
+ "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
+ "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
+ "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
+ "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
+ "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
+ "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
+ "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
+ "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
+ "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
+ "Q1oBry6NEc+lLFmWMDesAA==\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string message = "message test";
+
+ CKM::Alias aliasPub = "pub4";
+ CKM::Alias aliasPrv = "prv4";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
+
+ RUNNER_ASSERT_MSG(NULL != cert.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1417_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_CHILD_TEST(T1510_init_unlock_key)
+{
+ int tmp;
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1511_init_insert_data)
+{
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ std::string ee = "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string im =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
+ "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
+ "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
+ "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
+ "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
+ "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
+ "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
+ "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
+ "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
+ "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
+ "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
+ "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
+ "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
+ "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
+ "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
+ "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
+ "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
+ "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
+ "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
+ "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
+ "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
+ "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
+ "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
+ "-----END CERTIFICATE-----\n";
+
+ auto manager = CKM::Manager::create();
+ auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
+ auto certim = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+
+ int status1 = manager->saveCertificate(CKM::Alias("CertEE"), certee, CKM::Policy());
+ int status2 = manager->saveCertificate(CKM::Alias("CertIM"), certim, CKM::Policy());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
+ "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
+ "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
+}
+
+RUNNER_CHILD_TEST(T1519_deinit)
+{
+ int tmp;
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+
+RUNNER_TEST_GROUP_INIT(T161_CKM_LOCKTYPE_TESTS);
+
+RUNNER_CHILD_TEST(T1610_init_lock_key)
+{
+ int tmp;
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"user-pass","")),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1611_unlock_default_passwd)
+{
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::KeyShPtr key2;
+ CKM::Alias alias = "mykey_defpasswd";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key2->getDER(),
+ "Key value has been changed by service");
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->removeKey(alias)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T1612_init_change_user_password)
+{
+ int tmp;
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"","user-pass")),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative)
+{
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::KeyShPtr key2;
+ CKM::Alias alias = "mykey_defpasswd";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_LOCKED == (temp = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_LOCKED == (temp = manager->getKey(alias, CKM::Password(), key2)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_LOCKED == (temp = manager->removeKey(alias)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T1619_deinit)
+{
+ SecurityServer::AccessProvider ap("my-label");
+ ap.addObjectRule("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+}
+
+RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_TEST(T1701_init_unlock_key)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1702_init_insert_data)
+{
+ int temp;
+ SecurityServer::AccessProvider ap("t170-special-label");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ std::string ee = "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n";
+
+ auto manager = CKM::Manager::create();
+ auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
+
+ int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == status1,
+ "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
+
+ CKM::AliasVector av;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T1703_removeApplicationData)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1704_data_test)
+{
+ int temp;
+ SecurityServer::AccessProvider ap("t170-special-label");
+ ap.addObjectRule("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_TEST(T1705_deinit)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST_GROUP_INIT(T180_PKCS12);
+
+RUNNER_TEST(T1801) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, "secret");
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 0 == caVector.size(),
+ "Wrong size of vector");
+}
+
+RUNNER_TEST(T1802_negative_wrong_password) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, "error");
+ RUNNER_ASSERT_MSG(
+ NULL == pkcs.get(),
+ "Expected error in PKCS12::create()");
+}
+
+RUNNER_TEST(T1803_negative_broken_buffer) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
+ buffer[4]=0;
+
+ auto pkcs = CKM::PKCS12::create(buffer, "secret");
+ RUNNER_ASSERT_MSG(
+ NULL == pkcs.get(),
+ "Expected error in PKCS12::create()");
+}
+
+RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
+
+RUNNER_TEST(T1901_init_unlock_key)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST(T1902_get_data)
+{
+ auto manager = CKM::Manager::create();
+ CKM::KeyShPtr ptr;
+
+ int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1,
+ "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
+}
+
+RUNNER_TEST(T1903_deinit)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST(T1904_get_data_from_locked_database)
+{
+ auto manager = CKM::Manager::create();
+ CKM::KeyShPtr ptr;
+
+ int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_LOCKED == status1,
+ "Could not get key from locked database. Error=" << CKM::ErrorToString(status1));
+}
+
+int main(int argc, char *argv[])
+{
+ DPL::Log::LogSystemSingleton::Instance().SetTag("CKM_TESTS");
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
--- /dev/null
+INCLUDE(FindPkgConfig)
+SET(COMMON_TARGET_TEST "tests-common")
+
+#dependencies
+PKG_CHECK_MODULES(COMMON_TARGET_DEP
+ libsmack
+ dbus-1
+ sqlite3
+ REQUIRED
+ )
+
+#files to compile
+SET(COMMON_TARGET_TEST_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/common/tests_common.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/access_provider.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/smack_access.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/dbus_connection.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/dbus_message_in.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/dbus_message_out.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/service_manager.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/memory.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/db_sqlite.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/fs_label_manager.cpp
+ )
+
+#system and local includes
+INCLUDE_DIRECTORIES(SYSTEM ${COMMON_TARGET_DEP_INCLUDE_DIRS})
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/framework/include
+ ${PROJECT_SOURCE_DIR}/src/common
+ )
+
+
+#output OBJECT format
+ADD_LIBRARY(${COMMON_TARGET_TEST} ${COMMON_TARGET_TEST_SOURCES})
+
+TARGET_LINK_LIBRARIES(${COMMON_TARGET_TEST} ${COMMON_TARGET_DEP_LIBRARIES}
+ dpl-test-framework)
+
+INSTALL (FILES ${PROJECT_SOURCE_DIR}/src/common/security-tests.conf DESTINATION /etc/dbus-1/system.d)
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file access_provider.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Common functions and macros used in security-tests package.
+ */
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/smack.h>
+
+#include <map>
+
+#include <tests_common.h>
+
+#include <access_provider.h>
+
+namespace SecurityServer {
+
+AccessProvider::AccessProvider(const std::string &mySubject)
+ : m_mySubject(mySubject)
+{}
+
+void AccessProvider::allowSS() {
+ m_smackAccess.add(m_mySubject, "System::Run", "x");
+}
+
+void AccessProvider::addObjectRule(const std::string &object, const std::string &rule) {
+ m_smackAccess.add(m_mySubject, object, rule);
+}
+
+void AccessProvider::apply() {
+ m_smackAccess.apply();
+}
+
+void AccessProvider::applyAndSwithToUser(int uid, int gid) {
+ RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
+ "Error in smack_revoke_subject(" << m_mySubject << ")");
+ apply();
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()),
+ "Error in smack_set_label_for_self.");
+ RUNNER_ASSERT_MSG(0 == setgid(gid),
+ "Error in setgid.");
+ RUNNER_ASSERT_MSG(0 == setuid(uid),
+ "Error in setuid.");
+}
+
+} // namespace SecurityServer
+
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file access_provider.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Common functions and macros used in security-tests package.
+ */
+#ifndef _ACCESS_FOR_DUMMIES_H_
+#define _ACCESS_FOR_DUMMIES_H_
+
+#include <string>
+
+#include <smack_access.h>
+
+namespace SecurityServer {
+
+class AccessProvider {
+public:
+ AccessProvider(const std::string &mySubject);
+
+ AccessProvider(const AccessProvider &second) = delete;
+ AccessProvider& operator=(const AccessProvider &second) = delete;
+
+ void addObjectRule(const std::string &object, const std::string &rule);
+ void allowSS();
+ void apply();
+ void applyAndSwithToUser(int uid, int gid);
+
+ virtual ~AccessProvider(){}
+private:
+ std::string m_mySubject;
+ SmackAccess m_smackAccess;
+};
+
+} // namespace SecurityServer
+
+#endif // _ACCESS_FOR_DUMMIES_H_
+
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file libprivilege-control_test_db_sqlite.cpp
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control tests API for sqlite3 database access
+ */
+
+#include <tests_common.h>
+#include "db_sqlite.h"
+
+Sqlite3DBase::Sqlite3DBase(const std::string& db_path, int flags)
+ : m_db_handle(nullptr), m_db_path(db_path), m_flags(flags)
+{
+}
+
+Sqlite3DBase::~Sqlite3DBase()
+{
+ sqlite3_close(m_db_handle);
+}
+
+#define VFS_NOT_USED nullptr
+
+void Sqlite3DBase::open(void)
+{
+ if (m_db_handle) //database already opened
+ return;
+
+ int ret = sqlite3_open_v2(m_db_path.c_str(), &m_db_handle, m_flags, VFS_NOT_USED);
+ RUNNER_ASSERT_MSG(m_db_handle, "Error opening the database: Unable to allocate memory.");
+ RUNNER_ASSERT_MSG(ret == SQLITE_OK, "Error opening the database: " <<
+ sqlite3_errmsg(m_db_handle));
+}
+
+void Sqlite3DBase::close(void)
+{
+ int ret = sqlite3_close(m_db_handle);
+ RUNNER_ASSERT_MSG(ret == SQLITE_OK, "Error closing the database: " <<
+ sqlite3_errmsg(m_db_handle));
+
+ m_db_handle = nullptr;
+}
+
+bool Sqlite3DBase::is_open(void) const
+{
+ return !!m_db_handle;
+}
+
+void Sqlite3DBase::execute(const std::string& sql_query, Sqlite3DBaseSelectResult& result)
+{
+ char* tmp = nullptr;
+ std::string errmsg;
+
+ int ret = sqlite3_exec(m_db_handle, sql_query.c_str(), callback, &result, &tmp);
+ if (tmp) {
+ errmsg.assign(tmp);
+ }
+ sqlite3_free(tmp);
+
+ RUNNER_ASSERT_MSG(ret == SQLITE_OK || ret == SQLITE_ABORT, "Error executing statement <" <<
+ sql_query << "> : " << errmsg);
+}
+
+int Sqlite3DBase::callback(void* p_result, int cols, char** data, char** header)
+{
+ int i;
+ Sqlite3DBaseSelectResult* result = static_cast<Sqlite3DBaseSelectResult*>(p_result);
+
+ // if this is first record get column names
+ if (result->rows.empty()) {
+ for (i = 0; i < cols; ++i) {
+ result->header.push_back(header[i] ? header[i] : "");
+ }
+ }
+ result->rows.push_back(Sqlite3Row());
+ for (i = 0; i < cols; ++i) {
+ result->rows.back().push_back(data[i] ? data[i] : "");
+ }
+ return SQLITE_OK;
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file libprivilege-control_test_db_sqlite.h
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control tests API for sqlite3 database access
+ */
+
+#ifndef LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_
+#define LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_
+
+#include <vector>
+#include <string>
+#include <sqlite3.h>
+
+/**
+ * @def DB_SQLITE_READONLY_FLAG
+ * @brief Sqlite3 flag set for opening database in RO mode
+ */
+#define DB_SQLITE_READONLY_FLAG SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE \
+ | SQLITE_OPEN_READONLY
+
+/**
+ * @typedef Sqlite3HeaderName
+ * @brief Holds single column name of sqlite select query response.
+ */
+typedef std::string Sqlite3HeaderName;
+
+/**
+ * @typedef Sqlite3HeaderNameVector
+ * @brief Holds column names vector of sqlite select query response.
+ */
+typedef std::vector<Sqlite3HeaderName> Sqlite3HeaderNameVector;
+
+/**
+ * @typedef Sqlite3RowCell
+ * @brief Holds single cell of row of sqlite select query response.
+ */
+typedef std::string Sqlite3RowCell;
+
+/**
+ * @typedef Sqlite3Row
+ * @brief Holds single row of sqlite select query response.
+ */
+typedef std::vector<Sqlite3RowCell> Sqlite3Row;
+
+/**
+ * @typedef Sqlite3RowVector
+ * @brief Holds multiple rows of sqlite select query response.
+ */
+typedef std::vector<Sqlite3Row> Sqlite3RowVector;
+
+/**
+ * @class Sqlite3DBaseSelectResult
+ * @brief Sqlite3 select query response.
+ *
+ * Fields are public as there is no complicated logic to operate on them
+ */
+struct Sqlite3DBaseSelectResult
+{
+/**
+ * @var header
+ * @brief Sqlite select query column names
+ */
+ Sqlite3HeaderNameVector header;
+
+/**
+ * @var rows
+ * @brief Sqlite select query rows vector
+ */
+ Sqlite3RowVector rows;
+};
+
+
+/**
+ * @class Sqlite3DBase
+ * @brief Simple interface for executing select statements on sqlite3 database
+ *
+ * Fields are public as there is no complicated logic to operate on them
+ */
+class Sqlite3DBase
+{
+public:
+/**
+ * @brief A constructor
+ *
+ * @param db_path path to database file
+ * @param flags sqlite3 flags defining database opening mode
+ * (default value DB_SQLITE_READONLY_FLAG)
+ */
+ Sqlite3DBase(const std::string& db_path, int flags = DB_SQLITE_READONLY_FLAG);
+
+/**
+ * @brief A destructor
+ */
+ ~Sqlite3DBase();
+
+/**
+ * @brief Open database.
+ *
+ * If database is already opened do nothing.
+ *
+ * @throw DPL::Test::TestRunner::TestFailed when opening database fails
+ */
+ void open(void);
+
+/**
+ * @brief Close database.
+ *
+ * @throw DPL::Test::TestRunner::TestFailed when closing database fails
+ */
+ void close(void);
+
+/**
+ * @brief Get database connection status.
+ *
+ * @return true if database is open
+ * false if database is closed
+ */
+ bool is_open(void) const;
+
+/**
+ * @brief Execute SQL query on database
+ *
+ * @param sql_query SQL query
+ * @param result returned result
+ *
+ * @throw DPL::Test::TestRunner::TestFailed when execution of query fails
+ */
+ void execute(const std::string& sql_query, Sqlite3DBaseSelectResult& result);
+
+private:
+/**
+ * @var db_handle
+ * @brief Handle to sqlite3 database
+ *
+ * nullptr when database not opened.
+ */
+ sqlite3* m_db_handle;
+
+/**
+ * @var db_path
+ * @brief Path to database file
+ */
+ std::string m_db_path;
+
+/**
+ * @var flags
+ * @brief Sqlite3 flags defining database opening mode
+ */
+ int m_flags;
+
+/**
+ * @brief Callback used to aquire results from SQL query
+ *
+ * It is run by sqlite for every row in query result.
+ *
+ * @param p_result pointer to private data (Sqlite3DBaseSelectResult)
+ * @param cols number of columns in SQL result
+ * @param data array of strings containing single row
+ * @param header array of strings containing column names
+ * @return SQLITE_OK as we always know what to do with data
+ */
+ static int callback(void* p_result, int cols, char** data, char** header);
+};
+
+#endif /* LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file dbus_connection.cpp
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief DBus connection wrapper class source file
+ */
+
+#include <dbus_connection.h>
+
+#include <dpl/test/test_runner.h>
+
+namespace DBus
+{
+
+Connection::Connection(DBusBusType busType, bool busPrivate)
+ : m_busPrivate(busPrivate)
+{
+ DBusError error;
+ dbus_error_init(&error);
+ ErrorPtr errorPtr(&error);
+
+ if (busPrivate)
+ m_connection = dbus_bus_get_private(busType, &error);
+ else
+ m_connection = dbus_bus_get(busType, &error);
+ RUNNER_ASSERT_MSG(m_connection != nullptr,
+ "Failed to open connection on "
+ << (busPrivate ? "private" : "public") << " bus."
+ << " Error: " << error.message);
+ dbus_connection_set_exit_on_disconnect(m_connection, FALSE);
+}
+
+Connection::~Connection()
+{
+ if (m_busPrivate)
+ dbus_connection_close(m_connection);
+ dbus_connection_unref(m_connection);
+}
+
+void Connection::addMatch(const std::string &rule)
+{
+ DBusError error;
+ dbus_error_init(&error);
+ ErrorPtr errorPtr(&error);
+
+ dbus_bus_add_match(m_connection, rule.c_str(), &error);
+ RUNNER_ASSERT_MSG(dbus_error_is_set(&error) != TRUE, "Failed to add match."
+ << " Rule: " << rule << ";"
+ << " Error: " << error.message);
+}
+
+void Connection::addFilter(DBusHandleMessageFunction handleMessageFunction,
+ void *userData,
+ DBusFreeFunction freeDataFunction)
+{
+ if (freeDataFunction == nullptr)
+ freeDataFunction = [](void*)->void {};
+
+ dbus_bool_t ret = dbus_connection_add_filter(m_connection,
+ handleMessageFunction,
+ userData,
+ freeDataFunction);
+ RUNNER_ASSERT_MSG(ret == TRUE, "Failed to add filter. Not enough memory");
+}
+
+void Connection::readWriteDispatch()
+{
+ dbus_bool_t ret = dbus_connection_read_write_dispatch(m_connection, -1);
+ RUNNER_ASSERT_MSG(ret == TRUE, "Failed to read write dispatch. Disconnect message has been processed");
+}
+
+void Connection::flush()
+{
+ dbus_connection_flush(m_connection);
+}
+
+void Connection::requestName(const std::string &name)
+{
+ DBusError error;
+ dbus_error_init(&error);
+ ErrorPtr errorPtr(&error);
+
+ int ret = dbus_bus_request_name(m_connection,
+ name.c_str(),
+ DBUS_NAME_FLAG_REPLACE_EXISTING | DBUS_NAME_FLAG_DO_NOT_QUEUE,
+ &error);
+ switch (ret)
+ {
+ case DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER:
+ case DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER:
+ return;
+ case DBUS_REQUEST_NAME_REPLY_EXISTS:
+ RUNNER_FAIL_MSG("Failed to request name."
+ << " Name: " << name << ";"
+ << " Owner did not specified DBUS_NAME_FLAG_ALLOW_REPLACEMENT flag");
+ case -1:
+ RUNNER_FAIL_MSG("Failed to request name."
+ << " Name: " << name << ";"
+ << " Error: " << error.message);
+ default: // DBUS_REQUEST_NAME_REPLY_IN_QUEUE
+ RUNNER_FAIL_MSG("Should not happen");
+ }
+}
+
+MessageIn Connection::sendWithReplyAndBlock(const MessageOut &messageOut)
+{
+ DBusError error;
+ dbus_error_init(&error);
+ ErrorPtr errorPtr(&error);
+
+ DBusMessage *messageRecv = dbus_connection_send_with_reply_and_block(m_connection,
+ messageOut.getMessage(),
+ -1,
+ &error);
+ RUNNER_ASSERT_MSG(messageRecv != nullptr, "Failed to send with reply and block. "
+ << "Error: " << error.message);
+ return MessageIn(messageRecv);
+}
+
+} // namespace DBus
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file dbus_connection.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief DBus connection wrapper class header
+ */
+
+#ifndef COMMON_DBUS_CONNECTION_H
+#define COMMON_DBUS_CONNECTION_H
+
+#include <dbus/dbus.h>
+
+#include <dbus_message_in.h>
+#include <dbus_message_out.h>
+#include <memory.h>
+
+#include <string>
+
+namespace DBus
+{
+
+DEFINE_SMARTPTR(dbus_error_free, DBusError, ErrorPtr);
+
+class Connection
+{
+public:
+ Connection(DBusBusType busType, bool privateGet);
+ Connection(const Connection &other) = delete;
+ ~Connection();
+
+ Connection& operator=(const Connection &other) = delete;
+
+ void addMatch(const std::string &rule);
+ void addFilter(DBusHandleMessageFunction handleMessageFunction,
+ void *userData,
+ DBusFreeFunction freeDataFunction = nullptr);
+ void readWriteDispatch();
+ void flush();
+ void requestName(const std::string &name);
+ MessageIn sendWithReplyAndBlock(const MessageOut &messageOut);
+
+private:
+ DBusConnection *m_connection;
+ bool m_busPrivate;
+};
+
+} // namespace DBus
+
+#endif // COMMON_DBUS_CONNECTION_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file dbus_message_in.cpp
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief DBus incoming message wrapper class source file
+ */
+
+#include <dbus_message_in.h>
+
+#include <dpl/test/test_runner.h>
+
+namespace DBus
+{
+
+MessageIn::MessageIn(DBusMessage *message, bool ref)
+ : m_message(message)
+{
+ RUNNER_ASSERT(m_message != nullptr);
+ if (ref)
+ dbus_message_ref(m_message);
+}
+
+MessageIn::MessageIn(MessageIn &&other)
+ : m_message(other.m_message)
+{
+ other.m_message = nullptr;
+}
+
+MessageIn::~MessageIn()
+{
+ if (m_message != nullptr)
+ dbus_message_unref(m_message);
+}
+
+int MessageIn::getType()
+{
+ return dbus_message_get_type(m_message);
+}
+
+bool MessageIn::isMethodCall(const std::string &interface, const std::string &method)
+{
+ dbus_bool_t ret = dbus_message_is_method_call(m_message,
+ interface.c_str(),
+ method.c_str());
+ return ret == TRUE;
+}
+
+bool MessageIn::isSignal(const std::string &interface, const std::string &signalName)
+{
+ dbus_bool_t ret = dbus_message_is_signal(m_message,
+ interface.c_str(),
+ signalName.c_str());
+ return ret == TRUE;
+}
+
+bool MessageIn::isError(const std::string &errorName)
+{
+ dbus_bool_t ret = dbus_message_is_error(m_message,
+ errorName.c_str());
+ return ret == TRUE;
+}
+
+MessageIn::Iterator MessageIn::iterInit()
+{
+ return Iterator(this->m_message);
+}
+
+MessageIn::Iterator::Iterator(DBusMessage* message)
+{
+ dbus_message_iter_init(message, &m_iterator);
+}
+
+MessageIn::Iterator::Iterator(DBusMessageIter *iteratorOver)
+{
+ dbus_message_iter_recurse(iteratorOver, &m_iterator);
+}
+
+bool MessageIn::Iterator::next()
+{
+ return dbus_message_iter_next(&m_iterator) != FALSE;
+}
+
+void MessageIn::Iterator::expectNext()
+{
+ RUNNER_ASSERT_MSG(next(), "No next argument in message");
+}
+
+int MessageIn::Iterator::getArgType()
+{
+ return dbus_message_iter_get_arg_type(&m_iterator);
+}
+
+void MessageIn::Iterator::expectArgType(int argType)
+{
+ int argTypeActual = getArgType();
+ RUNNER_ASSERT_MSG(argTypeActual == argType, "Wrong argument type in message"
+ << " Actual: " << argTypeActual
+ << " Expected: " << argType);
+}
+
+void MessageIn::Iterator::expectArgTypeValid()
+{
+ RUNNER_ASSERT_MSG(getArgType() != DBUS_TYPE_INVALID, "Invalid argument type in message");
+}
+
+char MessageIn::Iterator::getArgChar()
+{
+ return getArg<char>();
+}
+
+bool MessageIn::Iterator::getArgBool()
+{
+ dbus_bool_t value;
+ dbus_message_iter_get_basic(&m_iterator, &value);
+ return value != FALSE;
+}
+
+int16_t MessageIn::Iterator::getArgInt16()
+{
+ return getArg<int16_t>();
+}
+
+uint16_t MessageIn::Iterator::getArgUint16()
+{
+ return getArg<uint16_t>();
+}
+
+int32_t MessageIn::Iterator::getArgInt32()
+{
+ return getArg<int32_t>();
+}
+
+uint32_t MessageIn::Iterator::getArgUint32()
+{
+ return getArg<uint32_t>();
+}
+
+int64_t MessageIn::Iterator::getArgInt64()
+{
+ return getArg<int64_t>();
+}
+
+uint64_t MessageIn::Iterator::getArgUint64()
+{
+ return getArg<uint64_t>();
+}
+
+double MessageIn::Iterator::getArgDouble()
+{
+ return getArg<double>();
+}
+
+std::string MessageIn::Iterator::getArgString()
+{
+ char *value;
+ dbus_message_iter_get_basic(&m_iterator, &value);
+ return std::string(value);
+}
+
+MessageIn::Iterator MessageIn::Iterator::recurse()
+{
+ return Iterator(&(this->m_iterator));
+}
+
+} // namespace DBus
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file dbus_message_in.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief DBus incoming message wrapper class header
+ */
+
+#ifndef COMMON_DBUS_MESSAGE_IN_H
+#define COMMON_DBUS_MESSAGE_IN_H
+
+#include <dbus/dbus.h>
+
+#include <cstdint>
+#include <string>
+
+namespace DBus
+{
+
+class MessageIn
+{
+public:
+ MessageIn(DBusMessage *message, bool ref = false);
+ MessageIn(const MessageIn &other) = delete;
+ MessageIn(MessageIn &&other);
+ ~MessageIn();
+
+ MessageIn& operator=(const MessageIn &other) = delete;
+
+ int getType();
+ bool isMethodCall(const std::string &interface, const std::string &method);
+ bool isSignal(const std::string &interface, const std::string &signalName);
+ bool isError(const std::string &errorName);
+
+ class Iterator
+ {
+ public:
+ friend class MessageIn;
+
+ bool next();
+ void expectNext();
+ int getArgType();
+ void expectArgType(int argType);
+ void expectArgTypeValid();
+ char getArgChar();
+ bool getArgBool();
+ int16_t getArgInt16();
+ uint16_t getArgUint16();
+ int32_t getArgInt32();
+ uint32_t getArgUint32();
+ int64_t getArgInt64();
+ uint64_t getArgUint64();
+ double getArgDouble();
+ std::string getArgString();
+ Iterator recurse();
+
+ private:
+ template<class T>
+ T getArg() {
+ T value;
+ dbus_message_iter_get_basic(&m_iterator, &value);
+ return value;
+ }
+
+ // sub constructor
+ Iterator(DBusMessageIter *iteratorOver);
+ // message constructor
+ Iterator(DBusMessage *message);
+ DBusMessageIter m_iterator;
+ };
+
+ Iterator iterInit();
+
+private:
+ DBusMessage *m_message;
+};
+
+} // namespace DBus
+
+#endif // COMMON_DBUS_MESSAGE_IN_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file dbus_message_out.cpp
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief DBus outgoing message wrapper class source file
+ */
+
+#include <dbus_message_out.h>
+
+#include <dpl/test/test_runner.h>
+
+namespace DBus
+{
+
+MessageOut::MessageOut(const std::string &destination,
+ const std::string &path,
+ const std::string &interface,
+ const std::string &method)
+{
+ m_message = dbus_message_new_method_call(destination.c_str(),
+ path.c_str(),
+ interface.c_str(),
+ method.c_str());
+ RUNNER_ASSERT_MSG(nullptr != m_message,
+ "Failed to create new method call. Not enough memory");
+}
+
+MessageOut::MessageOut(MessageOut &&other)
+ : m_message(other.m_message)
+{
+ other.m_message = nullptr;
+}
+
+MessageOut::~MessageOut()
+{
+ if (m_message != nullptr)
+ dbus_message_unref(m_message);
+}
+
+DBusMessage* MessageOut::getMessage() const
+{
+ return m_message;
+}
+
+void MessageOut::append(bool b)
+{
+ DBusMessageIter iter;
+ dbus_message_iter_init_append(m_message, &iter);
+
+ dbus_bool_t bArg = b ? TRUE : FALSE;
+ dbus_bool_t ret = dbus_message_iter_append_basic(&iter,
+ DBUS_TYPE_BOOLEAN,
+ &bArg);
+ RUNNER_ASSERT_MSG(ret != FALSE, "Failed to append basic boolean. Not enough memory");
+}
+
+void MessageOut::append(const char *cstr)
+{
+ DBusMessageIter iter;
+ dbus_message_iter_init_append(m_message, &iter);
+
+ dbus_bool_t ret = dbus_message_iter_append_basic(&iter,
+ DBUS_TYPE_STRING,
+ &cstr);
+ RUNNER_ASSERT_MSG(ret != FALSE, "Failed to append basic string. Not enough memory");
+}
+
+void MessageOut::append(const std::string &str)
+{
+ append(str.c_str());
+}
+
+void MessageOut::append(const std::vector<std::string> &strs)
+{
+ DBusMessageIter iter;
+ dbus_message_iter_init_append(m_message, &iter);
+
+ DBusMessageIter subIter;
+ dbus_bool_t ret = dbus_message_iter_open_container(&iter,
+ DBUS_TYPE_ARRAY,
+ DBUS_TYPE_STRING_AS_STRING,
+ &subIter);
+ RUNNER_ASSERT_MSG(ret != FALSE, "Failed to open container. Not enough memory");
+ for (const auto &str : strs) {
+ const char *cstr = str.c_str();
+ ret = dbus_message_iter_append_basic(&subIter, DBUS_TYPE_STRING, &cstr);
+ if (ret == FALSE) {
+ dbus_message_iter_abandon_container(&iter, &subIter);
+ RUNNER_FAIL_MSG("Failed to append basic string. Not enough memory");
+ }
+ }
+ ret = dbus_message_iter_close_container(&iter, &subIter);
+ RUNNER_ASSERT_MSG(ret != FALSE, "Failed to close container. Not enough memory");
+}
+
+} // namespace DBus
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file dbus_message_out.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief DBus outgoing message wrapper class header
+ */
+
+#ifndef COMMON_DBUS_MESSAGE_OUT_H
+#define COMMON_DBUS_MESSAGE_OUT_H
+
+#include <dbus/dbus.h>
+
+#include <string>
+#include <vector>
+
+namespace DBus
+{
+
+class MessageOut
+{
+public:
+ MessageOut(const std::string &destination,
+ const std::string &path,
+ const std::string &interface,
+ const std::string &method);
+ MessageOut(const MessageOut &other) = delete;
+ MessageOut(MessageOut &&other);
+ ~MessageOut();
+
+ MessageOut& operator=(const MessageOut &other) = delete;
+
+ DBusMessage* getMessage() const;
+
+ void append(bool b);
+ void append(const char *cstr);
+ void append(const std::string &str);
+ void append(const std::vector<std::string> &strs);
+
+private:
+ DBusMessage *m_message;
+};
+
+} // namespace DBus
+
+#endif // COMMON_DBUS_MESSAGE_OUT_H
--- /dev/null
+#include <fs_label_manager.h>
+
+#include <tests_common.h>
+#include <memory.h>
+
+#include <unistd.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/mount.h>
+#include <sys/xattr.h>
+#include <linux/xattr.h>
+
+
+namespace
+{
+static const char* get_xattr_name(enum smack_label_type type)
+{
+ switch (type) {
+ case SMACK_LABEL_ACCESS:
+ return XATTR_NAME_SMACK;
+ case SMACK_LABEL_EXEC:
+ return XATTR_NAME_SMACKEXEC;
+ case SMACK_LABEL_MMAP:
+ return XATTR_NAME_SMACKMMAP;
+ case SMACK_LABEL_TRANSMUTE:
+ return XATTR_NAME_SMACKTRANSMUTE;
+ case SMACK_LABEL_IPIN:
+ return XATTR_NAME_SMACKIPIN;
+ case SMACK_LABEL_IPOUT:
+ return XATTR_NAME_SMACKIPOUT;
+ default:
+ /* Should not reach this point */
+ return nullptr;
+ }
+}
+}
+
+FsLabelManager::FsLabelManager(const std::string &path, const std::string &label)
+ : m_path(path)
+ , m_label(label)
+{
+ umount(m_path.c_str());
+ rmdir(m_path.c_str());
+
+ std::string data = std::string("mode=0777,uid=0,smackfsdef=") + label;
+
+ int ret = mkdir(path.c_str(), S_IRWXU | S_IRWXG | S_IRWXO);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to make directory");
+
+ ret = mount("none", path.c_str(), "tmpfs", 0, data.c_str());
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to mount filesystem");
+
+ if (m_path[m_path.length()-1] != '/')
+ m_path += '/';
+}
+
+FsLabelManager::~FsLabelManager()
+{
+ umount(m_path.c_str());
+ rmdir(m_path.c_str());
+}
+
+void FsLabelManager::createFile(const std::string &relativePath)
+{
+ std::string path = m_path + relativePath;
+
+ mode_t systemMask = umask(0000);
+ int fd = open(path.c_str(), O_RDWR | O_CREAT | O_TRUNC, S_IRWXU | S_IRWXG | S_IRWXO);
+ umask(systemMask);
+ RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests");
+
+ close(fd);
+
+ int ret = chown(path.c_str(), APP_UID, APP_GID);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
+}
+
+void FsLabelManager::createLink(const std::string &relativeLinkPath, const std::string &relativeRealPath)
+{
+ std::string linkPath = m_path + relativeLinkPath;
+ std::string realPath = m_path + relativeRealPath;
+
+ int ret = unlink(linkPath.c_str());
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0 || errno == ENOENT, "Unable to unlink file");
+
+ ret = symlink(realPath.c_str(), linkPath.c_str());
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to create symlink");
+
+ ret = lchown(linkPath.c_str(), APP_UID, APP_GID);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
+}
+
+void FsLabelManager::testSmackSetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType)
+{
+ std::string path = m_path + relativePath;
+
+ int ret = smack_setlabel(path.c_str(), label, labelType);
+ RUNNER_ASSERT_MSG(ret == 0, "Error in normal setting label " << label);
+
+ checkLabel(path, label, labelType);
+}
+
+void FsLabelManager::testSmackLSetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType)
+{
+ std::string path = m_path + relativePath;
+
+ int ret = smack_lsetlabel(path.c_str(), label, labelType);
+ RUNNER_ASSERT_MSG(ret == 0, "Error in link setting label " << label);
+
+ checkLinkLabel(path, label, labelType);
+}
+
+void FsLabelManager::testSmackFSetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType)
+{
+ std::string path = m_path + relativePath;
+
+ int fd = open(path.c_str(), O_WRONLY);
+ RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to open file");
+
+ int ret = smack_fsetlabel(fd, label, labelType);
+ close(fd);
+ RUNNER_ASSERT_MSG(ret == 0, "Error in fd setting " << label);
+
+ checkLabel(path, label, labelType);
+}
+
+void FsLabelManager::testSmackGetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType)
+{
+ std::string path = m_path + relativePath;
+
+ char *tmpLabel;
+ int ret = smack_getlabel(path.c_str(), &tmpLabel, labelType);
+ RUNNER_ASSERT_MSG(ret == 0, "Error in normal getting label");
+ SmackLabelPtr labelPtr(tmpLabel);
+
+ if (label == nullptr && !m_label.compare(tmpLabel))
+ return;
+ RUNNER_ASSERT_MSG(label != nullptr, "Path should be related with file system default label. "
+ << tmpLabel << " != " << m_label);
+
+ ret = strcmp(tmpLabel, label);
+ RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label);
+
+ checkLabel(path, tmpLabel, labelType);
+}
+
+void FsLabelManager::testSmackLGetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType)
+{
+ std::string path = m_path + relativePath;
+
+ char *tmpLabel;
+ int ret = smack_lgetlabel(path.c_str(), &tmpLabel, labelType);
+ RUNNER_ASSERT_MSG(ret == 0, "Error in link getting label");
+ SmackLabelPtr labelPtr(tmpLabel);
+
+ if (label == nullptr && !m_label.compare(tmpLabel))
+ return;
+ RUNNER_ASSERT_MSG(label != nullptr, "Path should be related with file system default label. "
+ << tmpLabel << " != " << m_label);
+
+ ret = strcmp(tmpLabel, label);
+ RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label);
+
+ checkLinkLabel(path, tmpLabel, labelType);
+}
+
+void FsLabelManager::testSmackFGetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType)
+{
+ std::string path = m_path + relativePath;
+ int fd = open(path.c_str(), O_WRONLY);
+ RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to open file");
+
+ char *tmpLabel;
+ int ret = smack_fgetlabel(fd, &tmpLabel, labelType);
+ close(fd);
+ RUNNER_ASSERT_MSG(ret == 0, "Error in fd getting label");
+ SmackLabelPtr labelPtr(tmpLabel);
+
+ if (label == nullptr && !m_label.compare(tmpLabel))
+ return;
+ RUNNER_ASSERT_MSG(label != nullptr, "Fd should be related with file system default label. "
+ << tmpLabel << " != " << m_label);
+
+ ret = strcmp(tmpLabel, label);
+ RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label);
+
+ checkLabel(path, tmpLabel, labelType);
+}
+
+void FsLabelManager::testSmackClearLabels(const std::string &relativePath)
+{
+ testSmackSetLabel(relativePath, nullptr, SMACK_LABEL_ACCESS);
+ testSmackGetLabel(relativePath, nullptr, SMACK_LABEL_ACCESS);
+ testSmackSetLabel(relativePath, nullptr, SMACK_LABEL_EXEC);
+ testSmackGetLabel(relativePath, nullptr, SMACK_LABEL_EXEC);
+}
+
+void FsLabelManager::checkLabel(const std::string &path,
+ const char *label,
+ enum smack_label_type labelType)
+{
+ char buf[SMACK_LABEL_LEN+2] = { 0, };
+ int ret = getxattr(path.c_str(), get_xattr_name(labelType), buf, SMACK_LABEL_LEN+1);
+ RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Error in getting xattr");
+
+ const char *tmpLabel;
+ if (label == nullptr)
+ tmpLabel = m_label.c_str();
+ else
+ tmpLabel = label;
+
+ ret = strncmp(tmpLabel, buf, SMACK_LABEL_LEN+1);
+ RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << buf);
+}
+
+void FsLabelManager::checkLinkLabel(const std::string &path,
+ const char *label,
+ enum smack_label_type labelType)
+{
+ char buf[SMACK_LABEL_LEN+2] = { 0, };
+ int ret = lgetxattr(path.c_str(), get_xattr_name(labelType), buf, SMACK_LABEL_LEN+1);
+ RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Error in getting xattr");
+
+ const char *tmpLabel;
+ if (label == nullptr)
+ tmpLabel = m_label.c_str();
+ else
+ tmpLabel = label;
+
+ ret = strncmp(tmpLabel, buf, SMACK_LABEL_LEN+1);
+ RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << buf);
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file fs_label_manager.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief Class for environment operations on file system.
+ */
+#ifndef _FS_LABEL_MANAGER_H_
+#define _FS_LABEL_MANAGER_H_
+
+#include <string>
+#include <sys/smack.h>
+
+class FsLabelManager
+{
+public:
+ FsLabelManager() = delete;
+ FsLabelManager(const std::string &path, const std::string &label);
+ FsLabelManager(const FsLabelManager &second) = delete;
+ FsLabelManager& operator=(FsLabelManager &second) = delete;
+
+ virtual ~FsLabelManager();
+
+ void createFile(const std::string &relativePath);
+ void createLink(const std::string &relativeLinkPath, const std::string &relativeRealPath);
+
+ void testSmackSetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType);
+ void testSmackLSetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType);
+ void testSmackFSetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType);
+
+ void testSmackGetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType);
+ void testSmackLGetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType);
+ void testSmackFGetLabel(const std::string &relativePath,
+ const char *label,
+ enum smack_label_type labelType);
+
+ void testSmackClearLabels(const std::string &relativePath);
+
+private:
+ void checkLabel(const std::string &path,
+ const char *label,
+ enum smack_label_type labelType);
+ void checkLinkLabel(const std::string &path,
+ const char *label,
+ enum smack_label_type labelType);
+
+ std::string m_path;
+ std::string m_label;
+};
+
+#endif // _FS_LABEL_MANAGER_H_
--- /dev/null
+#include <memory.h>
+#include <unistd.h>
+
+void closePtr(int *p) {
+ close(*p);
+}
--- /dev/null
+#ifndef MEMORY_H
+#define MEMORY_H
+
+#include <memory>
+#include <sys/smack.h>
+#include <dirent.h>
+#include <glob.h>
+
+#define DEFINE_SMARTPTR(func, type, name) \
+ struct deleter_##func { \
+ void operator()(type* p) {\
+ func(p); \
+ } \
+ }; \
+ \
+ typedef std::unique_ptr<type, deleter_##func> name;
+
+// Custom freeing functions
+
+void closePtr(int *fd);
+
+// Defining specializations of unique_ptr
+
+DEFINE_SMARTPTR(free, char, CStringPtr);
+DEFINE_SMARTPTR(closePtr, int, FdUniquePtr);
+DEFINE_SMARTPTR(smack_accesses_free, smack_accesses, SmackAccessesPtr);
+DEFINE_SMARTPTR(closedir, DIR, DirPtr);
+DEFINE_SMARTPTR(globfree, glob_t, GlobPtr);
+
+// Custom typedefs
+
+typedef FdUniquePtr SockUniquePtr;
+typedef CStringPtr SmackLabelPtr;
+typedef CStringPtr CookieUniquePtr;
+
+#endif // MEMORY_H
--- /dev/null
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <!-- Only root can own this service -->
+ <policy user="root">
+ <allow own="tests.dbus.client"/>
+ <allow own="test.method.caller"/>
+ <allow own="test.method.server"/>
+ </policy>
+</busconfig>
--- /dev/null
+/*
+ * Copyright (c) 2013-2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file service_manager.cpp
+ * @author Zbigniew Jasinski <z.jasinski@samsung.com>
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
+ * @version 1.1
+ * @brief Definition of service control class using dbus interface to communicate with systemd
+ */
+
+#include <service_manager.h>
+
+#include <dpl/test/test_runner.h>
+
+#include <sstream>
+#include <unistd.h>
+#include <vector>
+
+namespace {
+
+const std::string DBUS_CLIENT_NAME("tests.dbus.client");
+const std::string DBUS_PROPERTIES_INTERFACE("org.freedesktop.DBus.Properties");
+const std::string SYSTEMD_DESTINATION("org.freedesktop.systemd1");
+const std::string SYSTEMD_PATH("/org/freedesktop/systemd1");
+const std::string SYSTEMD_MANAGER_INTERFACE("org.freedesktop.systemd1.Manager");
+const std::string SYSTEMD_SERVICE_INTERFACE("org.freedesktop.systemd1.Service");
+
+const std::string MATCH_JOB_REMOVED("JobRemoved");
+const std::string MATCH_JOB_NEW("JobNew");
+const std::string MATCH_RELOADING("Reloading");
+
+}
+
+ServiceManager::ServiceManager(const std::string &serviceName)
+ : m_connection(DBUS_BUS_SYSTEM, true)
+ , m_serviceName(serviceName)
+{
+ addBusMatch(MATCH_JOB_REMOVED);
+ addBusMatch(MATCH_JOB_NEW);
+ addBusMatch(MATCH_RELOADING);
+ m_connection.flush();
+ m_connection.addFilter(messageHandler,
+ reinterpret_cast<void*>(this));
+ subscribeSignals();
+ m_connection.requestName(DBUS_CLIENT_NAME);
+ getUnitPath();
+}
+
+void ServiceManager::addBusMatch(const std::string &member)
+{
+ std::ostringstream rule;
+ rule << "type='signal',"
+ << "sender='" << SYSTEMD_DESTINATION << "',"
+ << "interface='" << SYSTEMD_MANAGER_INTERFACE << "',"
+ << "member='" << member << "',"
+ << "path='" << SYSTEMD_PATH << "'";
+
+ m_connection.addMatch(rule.str());
+}
+
+void ServiceManager::subscribeSignals()
+{
+ DBus::MessageOut messageOut = newMethodCall("Subscribe");
+ m_connection.sendWithReplyAndBlock(messageOut);
+}
+
+void ServiceManager::reloadDbusManager()
+{
+ DBus::MessageOut messageOut = newMethodCall("Reload");
+ m_connection.sendWithReplyAndBlock(messageOut);
+ m_runningJobs.insert(MATCH_RELOADING);
+}
+
+void ServiceManager::getUnitPath()
+{
+ DBus::MessageOut messageOut = newMethodCall("GetUnit");
+ messageOut.append(m_serviceName);
+ DBus::MessageIn messageIn = m_connection.sendWithReplyAndBlock(messageOut);
+ m_unitPath = handleObjectPathMsgReply(messageIn);
+}
+
+DBus::MessageOut ServiceManager::newMethodCall(const std::string &method)
+{
+ return DBus::MessageOut(SYSTEMD_DESTINATION.c_str(),
+ SYSTEMD_PATH.c_str(),
+ SYSTEMD_MANAGER_INTERFACE.c_str(),
+ method.c_str());
+}
+
+std::string ServiceManager::handleObjectPathMsgReply(DBus::MessageIn &messageIn)
+{
+ DBus::MessageIn::Iterator iterator = messageIn.iterInit();
+ iterator.expectArgType(DBUS_TYPE_OBJECT_PATH);
+ return iterator.getArgString();
+}
+
+uint32_t ServiceManager::handleVariantUIntMsgReply(DBus::MessageIn &messageIn)
+{
+ DBus::MessageIn::Iterator iterator = messageIn.iterInit();
+ iterator.expectArgType(DBUS_TYPE_VARIANT);
+ DBus::MessageIn::Iterator iteratorSub = iterator.recurse();
+ iteratorSub.expectArgType(DBUS_TYPE_UINT32);
+ return iteratorSub.getArgUint32();
+}
+
+uint64_t ServiceManager::handleVariantUInt64MsgReply(DBus::MessageIn &messageIn)
+{
+ DBus::MessageIn::Iterator iterator = messageIn.iterInit();
+ iterator.expectArgType(DBUS_TYPE_VARIANT);
+ DBus::MessageIn::Iterator iteratorSub = iterator.recurse();
+ iteratorSub.expectArgType(DBUS_TYPE_UINT64);
+ return iteratorSub.getArgUint64();
+}
+
+void ServiceManager::sendToService(const std::string &method)
+{
+ DBus::MessageOut messageOut = newMethodCall(method);
+ messageOut.append(m_serviceName);
+ messageOut.append("fail");
+ DBus::MessageIn messageIn = m_connection.sendWithReplyAndBlock(messageOut);
+ m_runningJobs.insert(handleObjectPathMsgReply(messageIn));
+}
+
+void ServiceManager::sendMaskToService()
+{
+ const std::vector<std::string> mask(1, m_serviceName);
+ DBus::MessageOut messageOut = newMethodCall("MaskUnitFiles");
+ messageOut.append(mask);
+ messageOut.append(true);
+ messageOut.append(true);
+ m_connection.sendWithReplyAndBlock(messageOut);
+}
+
+void ServiceManager::sendUnmaskToService()
+{
+ const std::vector<std::string> mask(1, m_serviceName);
+ DBus::MessageOut messageOut = newMethodCall("UnmaskUnitFiles");
+ messageOut.append(mask);
+ messageOut.append(true);
+ m_connection.sendWithReplyAndBlock(messageOut);
+}
+
+DBus::MessageIn ServiceManager::sendPropertyGetMsg(const std::string &interface,
+ const std::string &property)
+{
+ DBus::MessageOut messageOut(SYSTEMD_DESTINATION,
+ m_unitPath,
+ DBUS_PROPERTIES_INTERFACE,
+ "Get");
+ messageOut.append(interface);
+ messageOut.append(property);
+ return m_connection.sendWithReplyAndBlock(messageOut);
+}
+
+uint32_t ServiceManager::getUIntProperty(const std::string &interface,
+ const std::string &property)
+{
+ DBus::MessageIn messageIn = sendPropertyGetMsg(interface, property);
+ return handleVariantUIntMsgReply(messageIn);
+}
+
+uint64_t ServiceManager::getUInt64Property(const std::string &interface,
+ const std::string &property)
+{
+ DBus::MessageIn messageIn = sendPropertyGetMsg(interface, property);
+ return handleVariantUInt64MsgReply(messageIn);
+}
+
+void ServiceManager::sendResetFailedToService()
+{
+ DBus::MessageOut messageOut = newMethodCall("ResetFailedUnit");
+ messageOut.append(m_serviceName);
+ m_connection.sendWithReplyAndBlock(messageOut);
+}
+
+DBusHandlerResult ServiceManager::messageHandler(DBusConnection *conn, DBusMessage *msg, void *t)
+{
+ (void) conn;
+ ServiceManager* self = reinterpret_cast<ServiceManager*>(t);
+
+ DBus::MessageIn messageIn(msg, true);
+ if (messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_JOB_REMOVED))
+ self->signalJobRemovedHandler(messageIn);
+ else if(messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_JOB_NEW))
+ self->signalJobNewHandler(messageIn);
+ else if(messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_RELOADING))
+ self->signalReloadingHandler(messageIn);
+
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+}
+
+void ServiceManager::signalJobRemovedHandler(DBus::MessageIn &messageIn)
+{
+ DBus::MessageIn::Iterator iterator = messageIn.iterInit();
+
+ iterator.expectArgType(DBUS_TYPE_UINT32);
+ uint32_t id = iterator.getArgUint32();
+ iterator.expectNext();
+
+ iterator.expectArgType(DBUS_TYPE_OBJECT_PATH);
+ std::string path = iterator.getArgString();
+ iterator.expectNext();
+
+ iterator.expectArgType(DBUS_TYPE_STRING);
+ std::string unit = iterator.getArgString();
+ iterator.expectNext();
+
+ iterator.expectArgType(DBUS_TYPE_STRING);
+ std::string result = iterator.getArgString();
+
+ if(m_serviceName == unit) {
+ RUNNER_ASSERT_MSG(result == "done" || result == "canceled",
+ "RemoveJob signal delivered bad news. Job wasn't completed successfully: "
+ << "expected job results = {done, canceled}, "
+ << "received job result = " << result << ", "
+ << "for job with id = " << id << ", "
+ << "and path = " << path);
+ m_runningJobs.erase(path);
+ }
+}
+
+void ServiceManager::signalJobNewHandler(DBus::MessageIn &messageIn)
+{
+ DBus::MessageIn::Iterator iterator = messageIn.iterInit();
+
+ iterator.expectArgTypeValid();
+ iterator.expectNext();
+
+ iterator.expectArgType(DBUS_TYPE_OBJECT_PATH);
+ std::string path = iterator.getArgString();
+ iterator.expectNext();
+
+ iterator.expectArgType(DBUS_TYPE_STRING);
+ std::string unit = iterator.getArgString();
+
+ if(m_serviceName == unit)
+ m_runningJobs.insert(path);
+}
+
+void ServiceManager::signalReloadingHandler(DBus::MessageIn &messageIn)
+{
+ DBus::MessageIn::Iterator iterator = messageIn.iterInit();
+
+ iterator.expectArgType(DBUS_TYPE_BOOLEAN);
+ bool active = iterator.getArgBool();
+
+ if (active)
+ m_runningJobs.insert(MATCH_RELOADING);
+ else
+ m_runningJobs.erase(MATCH_RELOADING);
+}
+
+void ServiceManager::waitForRunningJobsFinish()
+{
+ while (!m_runningJobs.empty())
+ m_connection.readWriteDispatch();
+}
+
+void ServiceManager::startService()
+{
+ sendToService("StartUnit");
+ waitForRunningJobsFinish();
+ sendResetFailedToService();
+}
+
+void ServiceManager::stopService()
+{
+ sendToService("StopUnit");
+ waitForRunningJobsFinish();
+ sendResetFailedToService();
+}
+
+void ServiceManager::restartService()
+{
+ sendToService("RestartUnit");
+ waitForRunningJobsFinish();
+ sendResetFailedToService();
+}
+
+pid_t ServiceManager::getServicePid()
+{
+ return static_cast<pid_t>(getUIntProperty(SYSTEMD_SERVICE_INTERFACE, "MainPID"));
+}
+
+timeval ServiceManager::getServiceStartTimestamp() {
+ uint64_t timestamp = getUInt64Property(SYSTEMD_SERVICE_INTERFACE,
+ "ExecMainStartTimestamp");
+ return {static_cast<long>(timestamp / 1000000), static_cast<long>(timestamp % 1000000)};
+}
+
+void ServiceManager::maskService()
+{
+ sendMaskToService();
+ reloadDbusManager();
+ waitForRunningJobsFinish();
+ sendResetFailedToService();
+}
+
+void ServiceManager::unmaskService()
+{
+ sendUnmaskToService();
+ reloadDbusManager();
+ waitForRunningJobsFinish();
+ sendResetFailedToService();
+}
--- /dev/null
+/*
+ * Copyright (c) 2013-2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file service_manager.h
+ * @author Zbigniew Jasinski <z.jasinski@samsung.com>
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @author Marcin Niesluchowski <m.niesluchow@samsungcom>
+ * @version 1.1
+ * @brief Declaration of service control class using dbus interface to communicate with systemd
+ */
+
+#ifndef COMMON_SERVICE_MANAGER_H
+#define COMMON_SERVICE_MANAGER_H
+
+#include <dbus/dbus.h>
+
+#include <dbus_connection.h>
+#include <dbus_message_in.h>
+#include <dbus_message_out.h>
+
+#include <cstdint>
+#include <set>
+#include <string>
+
+class ServiceManager {
+public:
+ ServiceManager() = delete;
+ ServiceManager(const std::string &serviceName);
+ ~ServiceManager() = default;
+
+ void startService();
+ void stopService();
+ void restartService();
+ pid_t getServicePid();
+ timeval getServiceStartTimestamp();
+ void maskService();
+ void unmaskService();
+
+private:
+ void addBusMatch(const std::string &member);
+ void subscribeSignals();
+ void reloadDbusManager();
+ void getUnitPath();
+ DBus::MessageOut newMethodCall(const std::string &method);
+ std::string handleObjectPathMsgReply(DBus::MessageIn &messageIn);
+ uint32_t handleVariantUIntMsgReply(DBus::MessageIn &messageIn);
+ uint64_t handleVariantUInt64MsgReply(DBus::MessageIn &messageIn);
+
+ void sendToService(const std::string &method);
+ void sendMaskToService();
+ void sendUnmaskToService();
+ DBus::MessageIn sendPropertyGetMsg(const std::string &interface, const std::string &property);
+ uint32_t getUIntProperty(const std::string &interface, const std::string &property);
+ uint64_t getUInt64Property(const std::string &interface, const std::string &property);
+ void sendResetFailedToService();
+
+ static DBusHandlerResult messageHandler(DBusConnection *conn, DBusMessage *msg, void *t);
+ void signalJobRemovedHandler(DBus::MessageIn &messageIn);
+ void signalJobNewHandler(DBus::MessageIn &messageIn);
+ void signalReloadingHandler(DBus::MessageIn &messageIn);
+ void waitForRunningJobsFinish();
+
+ DBus::Connection m_connection;
+
+ const std::string m_serviceName;
+ std::string m_unitPath;
+
+ std::set<std::string> m_runningJobs;
+};
+
+#endif // COMMON_SERVICE_MANAGER_H
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file smack_access.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Common functions and macros used in security-tests package.
+ */
+
+#include <sys/smack.h>
+
+#include <tests_common.h>
+
+#include <smack_access.h>
+
+SmackAccess::SmackAccess()
+ : m_handle(nullptr)
+{
+ RUNNER_ASSERT_MSG(0 == smack_accesses_new(&m_handle),
+ "Error in smack_accesses_new");
+}
+
+void SmackAccess::add(
+ const std::string &subject,
+ const std::string &object,
+ const std::string &rights)
+{
+ RUNNER_ASSERT_MSG(0 == smack_accesses_add(m_handle,
+ subject.c_str(),
+ object.c_str(),
+ rights.c_str()),
+ "Error in smack_accesses_add.");
+}
+
+void SmackAccess::apply() {
+ RUNNER_ASSERT_MSG(0 == smack_accesses_apply(m_handle),
+ "Error in smack_accessses_apply.");
+}
+
+SmackAccess::~SmackAccess() {
+ if (m_handle)
+ smack_accesses_free(m_handle);
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file smack_access.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Common functions and macros used in security-tests package.
+ */
+#ifndef _SMACK_ACCESS_H_
+#define _SMACK_ACCESS_H_
+
+#include <string>
+
+struct smack_accesses;
+
+class SmackAccess {
+public:
+ SmackAccess();
+ SmackAccess(const SmackAccess &second) = delete;
+ SmackAccess& operator=(SmackAccess &second) = delete;
+
+ void add(const std::string &subject,
+ const std::string &object,
+ const std::string &rights);
+ void apply();
+ virtual ~SmackAccess();
+private:
+ struct smack_accesses *m_handle;
+};
+
+#endif // _SMACK_ACCESS_H_
+
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file tests_common.cpp
+ * @author Lukasz Kostyra (l.kostyra@partner.samsung.com)
+ * @version 1.0
+ * @brief Common functions and macros used in security-tests package.
+ */
+
+#include "tests_common.h"
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <grp.h>
+#include <errno.h>
+#include <vector>
+#include <algorithm>
+
+int DB::Transaction::db_result = PC_OPERATION_SUCCESS;
+
+const char *WGT_APP_ID = "QwCqJ0ttyS";
+
+int smack_runtime_check(void)
+{
+ static int smack_present = -1;
+ if (-1 == smack_present) {
+ if (smack_smackfs_path()) {
+ smack_present = 1;
+ } else {
+ smack_present = 0;
+ }
+ }
+ return smack_present;
+}
+
+int smack_check(void)
+{
+#ifndef WRT_SMACK_ENABLED
+ return 0;
+#else
+ return smack_runtime_check();
+#endif
+}
+
+/**
+ * Dropping root privileges
+ * returns 0 on success, 1 on error
+ */
+int drop_root_privileges(uid_t appUid, gid_t appGid)
+{
+ if (getuid() == 0) {
+ /* process is running as root, drop privileges */
+ if (setgid(appGid) != 0)
+ return 1;
+ if (setuid(appUid) != 0)
+ return 1;
+ }
+ uid_t uid = getuid();
+ if (uid == appUid)
+ return 0;
+
+ return 1;
+}
+
+void setLabelForSelf(const int line, const char *label)
+{
+ int ret = smack_set_label_for_self(label);
+ RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self(): " << ret << ", line: " << line);
+}
+
+/*
+ * Add a new group to the current process groups.
+ */
+void add_process_group(const char* group_name)
+{
+ // get group ID by group name
+ group *gr = getgrnam(group_name);
+ RUNNER_ASSERT_ERRNO_MSG(gr != nullptr, "getgrnam failed on '" << group_name << "' group");
+ const gid_t new_group_id = gr->gr_gid;
+
+ // get number of groups that the current process belongs to
+ int ngroups = getgroups(0, nullptr);
+
+ //allocate groups table + space for new group entry
+ std::vector<gid_t> groups(ngroups + 1);
+ getgroups(ngroups, groups.data());
+
+ // check if the process already belongs to the group
+ if (std::find(groups.begin(), groups.end(), new_group_id) != groups.end()) return;
+
+ // add new group & apply change
+ groups[ngroups] = new_group_id;
+ int ret = setgroups(groups.size(), groups.data());
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "setgroups() failed");
+}
+
+/*
+ * Remove specific group from the current process groups.
+ */
+void remove_process_group(const char* group_name)
+{
+ // get group ID by group name
+ group *gr = getgrnam(group_name);
+ RUNNER_ASSERT_ERRNO_MSG(gr != nullptr, "getgrnam failed on '" << group_name << "' group");
+ const gid_t new_group_id = gr->gr_gid;
+
+ int ngroups = getgroups(0, nullptr);
+ std::vector<gid_t> groups(ngroups);
+ getgroups(ngroups, groups.data());
+
+ // remove group from the list
+ groups.erase(std::remove(groups.begin(), groups.end(), new_group_id), groups.end());
+
+ if (groups.size() != (size_t)ngroups) {
+ // apply change
+ int ret = setgroups(groups.size(), groups.data());
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "setgroups() failed");
+ }
+}
+
+std::string formatCstr(const char *cstr)
+{
+ if (!cstr)
+ return std::string("nullptr");
+ return std::string("\"") + cstr + "\"";
+}
+
+int files_compare(int fd1, int fd2)
+{
+ //for getting files sizes
+ struct stat fs1, fs2;
+
+ //handlers for mmap()
+ void *h1 = MAP_FAILED;
+ void *h2 = MAP_FAILED;
+
+ //getting files information
+ RUNNER_ASSERT_ERRNO_MSG(fstat(fd1, &fs1) == 0, "fstat failed");
+ RUNNER_ASSERT_ERRNO_MSG(fstat(fd2, &fs2) == 0, "fstat failed");
+
+ if (fs1.st_size < fs2.st_size) {
+ return -1;
+ }
+
+ if (fs1.st_size > fs2.st_size) {
+ return 1;
+ }
+
+ //since Linux 2.6.12, mmap returns EINVAL if length is 0
+ //if both lengths are 0, files are actually the same
+ if (0 == fs1.st_size && 0 == fs2.st_size) {
+ return 0;
+ }
+
+ //mapping files to process memory
+ RUNNER_ASSERT_ERRNO_MSG((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) != MAP_FAILED,
+ "mmap failed for fd=" << fd1);
+
+ if ((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) {
+ munmap(h1, fs1.st_size);
+ RUNNER_ASSERT_MSG(h2 != MAP_FAILED, "mmap failed for fd=" << fd2
+ << ". " << strerror(errno));
+ }
+
+ int result = memcmp(h1, h2, fs1.st_size);
+ munmap(h1, fs1.st_size);
+ munmap(h2, fs2.st_size);
+
+ return result;
+}
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file tests_common.h
+ * @author Lukasz Kostyra (l.kostyra@partner.samsung.com)
+ * @version 1.0
+ * @brief Common functions and macros used in security-tests package.
+ */
+
+#ifndef _TESTS_COMMON_H_
+#define _TESTS_COMMON_H_
+
+#include <sys/smack.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <privilege-control.h>
+#include <sys/smack.h>
+#include <string>
+#include <errno.h>
+#include <string.h>
+
+const uid_t APP_UID = 5000;
+const gid_t APP_GID = 5000;
+const uid_t DB_ALARM_UID = 6001;
+const gid_t DB_ALARM_GID = 6001;
+const std::string TMP_DIR("/tmp");
+
+int smack_runtime_check(void);
+int smack_check(void);
+int drop_root_privileges(uid_t appUid = APP_UID, gid_t appGid = APP_GID);
+void setLabelForSelf(const int line, const char *label);
+void add_process_group(const char* group_name);
+void remove_process_group(const char* group_name);
+std::string formatCstr(const char *cstr);
+int files_compare(int fd1, int fd2);
+
+#define RUNNER_TEST_SMACK(Proc) \
+ void Proc(); \
+ static int Static##Proc##Init() \
+ { \
+ if(smack_check()) \
+ DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc()
+
+#define RUNNER_TEST_NOSMACK(Proc) \
+ void Proc(); \
+ static int Static##Proc##Init() \
+ { \
+ if(!(smack_check())) \
+ DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc()
+
+#define RUNNER_CHILD_TEST_SMACK(Proc) \
+ void Proc(); \
+ void Proc##Child(); \
+ static int Static##Proc##Init() \
+ { \
+ if(smack_check()) \
+ DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc(){ \
+ DPL::Test::RunChildProc(&Proc##Child); \
+ } \
+ void Proc##Child()
+
+#define RUNNER_CHILD_TEST_NOSMACK(Proc) \
+ void Proc(); \
+ void Proc##Child(); \
+ static int Static##Proc##Init() \
+ { \
+ if(!(smack_check())) \
+ DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc(){ \
+ DPL::Test::RunChildProc(&Proc##Child); \
+ } \
+ void Proc##Child()
+
+#define RUNNER_MULTIPROCESS_TEST_SMACK(Proc) \
+ void Proc(); \
+ void Proc##Multi(); \
+ static int Static##Proc##Init() \
+ { \
+ if(smack_check()) \
+ DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc(){ \
+ DPL::Test::RunMultiProc(&Proc##Multi); \
+ } \
+ void Proc##Multi()
+
+#define RUNNER_MULTIPROCESS_TEST_NOSMACK(Proc) \
+ void Proc(); \
+ void Proc##Multi(); \
+ static int Static##Proc##Init() \
+ { \
+ if(!(smack_check())) \
+ DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc(){ \
+ DPL::Test::RunMultiProc(&Proc##Multi); \
+ } \
+ void Proc##Multi()
+
+namespace DB {
+
+ class Transaction
+ {
+ public:
+
+ static int db_result;
+
+ Transaction() {
+ db_result = perm_begin();
+ RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == db_result,
+ "perm_begin returned: " << db_result);
+ }
+
+ ~Transaction() {
+ db_result = perm_end();
+ }
+ };
+} // namespace DB
+
+// Database Transaction macros
+// PLEASE NOTE Both DB_BEGIN and DB_END need to be called in the same scope.
+// They are used to prevent developer from forgetting to close transaction.
+// Also note that variables defined between these macros will not be visible
+// after DB_END.
+#define DB_BEGIN \
+ { \
+ DB::Transaction db_transaction;
+
+#define DB_END } \
+ RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == DB::Transaction::db_result, \
+ "perm_end returned: " << DB::Transaction::db_result);
+
+// Common macros and labels used in tests
+extern const char *WGT_APP_ID;
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file timeout.h
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @brief Definition of time limited execution of synchronous functions
+ */
+
+#ifndef TIMEOUT_H
+#define TIMEOUT_H
+
+#include <chrono>
+#include <functional>
+#include <future>
+#include <utility>
+
+#include <tests_common.h>
+
+namespace Timeout {
+
+template <class Rep, class Period>
+using Timeout = std::chrono::duration<Rep, Period>;
+
+template <class Ret, class... Args>
+using Function = std::function<Ret(Args...)>;
+
+typedef std::function<void(void)> CancelFunction;
+
+enum ExpectMode {
+ FINISHED,
+ TIMEOUT,
+ IGNORE,
+};
+
+std::ostream& operator<<(std::ostream& os, const std::future_status &status)
+{
+ switch (status) {
+ case std::future_status::ready:
+ os << "<READY>";
+ break;
+ case std::future_status::timeout:
+ os << "<TIMEOUT>";
+ break;
+ case std::future_status::deferred:
+ os << "<DEFERRED>";
+ break;
+ }
+ os << " [" << static_cast<int>(status) << "]";
+ return os;
+}
+
+template <class Rep, class Period, class Ret, class... Args>
+Ret callAndWait(const Timeout<Rep, Period> &timeout,
+ ExpectMode expect,
+ CancelFunction cancelFunction,
+ Function<Ret, Args...> function,
+ Args... args) {
+ RUNNER_ASSERT_MSG(function,
+ "not empty function must be passed to callAndWait");
+
+ std::future<Ret> fut = std::async(std::launch::async, function, std::forward<Args>(args)...);
+ std::future_status status = fut.wait_for(timeout);
+
+ if (status == std::future_status::timeout && cancelFunction)
+ cancelFunction();
+
+ switch (expect) {
+ case FINISHED:
+ RUNNER_ASSERT_MSG(status == std::future_status::ready,
+ "expected future status is " << std::future_status::ready
+ << " received future status is " << status);
+ break;
+ case TIMEOUT:
+ RUNNER_ASSERT_MSG(status == std::future_status::timeout,
+ "expected future status is " << std::future_status::timeout
+ << " received future status is " << status);
+ break;
+ case IGNORE:
+ break;
+ }
+
+ return fut.get();
+}
+
+} // namespace Timeout
+
+#endif // TIMEOUT_H
--- /dev/null
+# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+cmake_minimum_required(VERSION 2.8.3)
+
+INCLUDE(FindPkgConfig)
+SET(CYNARA_TARGET_TEST "cynara-test")
+
+PKG_CHECK_MODULES(CYNARA_TARGET_DEP
+ REQUIRED
+ libprivilege-control
+ cynara-admin
+ cynara-agent
+ cynara-client
+ cynara-client-async
+ cynara-plugin
+ dbus-1
+ )
+
+#files to compile
+SET(CYNARA_TARGET_TEST_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent_request.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent_response.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_client.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_request_monitor.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_status_monitor.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_commons.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_cynara_mask.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_env.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/cynara-test.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_async.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_db.cpp
+ )
+
+#header directories
+INCLUDE_DIRECTORIES(SYSTEM
+ ${CYNARA_TARGET_DEP_INCLUDE_DIRS}
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common/
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
+ )
+
+
+#output format
+ADD_EXECUTABLE(${CYNARA_TARGET_TEST} ${CYNARA_TARGET_TEST_SOURCES})
+
+#linker directories
+TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST}
+ ${CYNARA_TARGET_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+#place for output file
+INSTALL(TARGETS ${CYNARA_TARGET_TEST}
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/WRT_test_for_cynara_rules.smack
+ DESTINATION /usr/share/privilege-control/
+)
+
+INSTALL(DIRECTORY
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/db_patterns
+ DESTINATION /etc/security-tests/
+)
+
+ADD_SUBDIRECTORY(plugins)
--- /dev/null
+~APP~ cynara_test_1 r
+~APP~ cynara_test_2 w
+~APP~ cynara_test_3 x
+~APP~ cynara_test_4 rw
+~APP~ cynara_test_5 rx
+~APP~ cynara_test_6 wx
+~APP~ cynara_test_7 rwx
+cynara_subject_1 ~APP~ r
+cynara_subject_2 ~APP~ w
+cynara_subject_3 ~APP~ x
+cynara_subject_4 ~APP~ rw
+cynara_subject_5 ~APP~ rx
+cynara_subject_6 ~APP~ wx
+cynara_subject_7 ~APP~ rwx
--- /dev/null
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara_test_admin.h>
+#include <memory.h>
+#include <plugins.h>
+#include <tests_common.h>
+
+#include <algorithm>
+#include <cstring>
+#include <cstdlib>
+#include <ostream>
+#include <string>
+#include <sstream>
+
+namespace CynaraTestAdmin {
+
+namespace
+{
+
+std::ostream& operator<<(std::ostream& os, const cynara_admin_policy &policy)
+{
+ os << "{";
+ os << " " << formatCstr(policy.bucket) << ",";
+ os << " " << formatCstr(policy.client) << ",";
+ os << " " << formatCstr(policy.user) << ",";
+ os << " " << formatCstr(policy.privilege) << ",";
+ os << " " << policy.result << ",";
+ os << " " << formatCstr(policy.result_extra);
+ os << " }" << std::endl;
+ return os;
+}
+
+std::ostream& operator<<(std::ostream& os, const cynara_admin_policy *const *policies)
+{
+ os << "{" << std::endl;
+ for (size_t i = 0; policies[i] != nullptr; ++i)
+ os << *policies[i];
+ os << "}";
+ return os;
+}
+
+int string_compare(const char *s1, const char *s2)
+{
+ if (!s2)
+ {
+ if (!s1)
+ return 0;
+ return 1;
+ }
+ if (!s1)
+ return -1;
+ return strcmp(s1, s2);
+}
+
+bool policy_less(const cynara_admin_policy &p1, const cynara_admin_policy &p2)
+{
+ auto sc = string_compare(p1.bucket, p2.bucket);
+ if (sc != 0)
+ return (sc < 0);
+ sc = string_compare(p1.client, p2.client);
+ if (sc != 0)
+ return (sc < 0);
+ sc = string_compare(p1.user, p2.user);
+ if (sc != 0)
+ return (sc < 0);
+ sc = string_compare(p1.privilege, p2.privilege);
+ if (sc != 0)
+ return (sc < 0);
+ sc = string_compare(p1.result_extra, p2.result_extra);
+ if (sc != 0)
+ return (sc < 0);
+ return p1.result < p2.result;
+}
+
+bool policy_equal(const cynara_admin_policy &p1, const cynara_admin_policy &p2)
+{
+ return (p1.result == p2.result
+ && string_compare(p1.bucket, p2.bucket) == 0
+ && string_compare(p1.client, p2.client) == 0
+ && string_compare(p1.user, p2.user) == 0
+ && string_compare(p1.privilege, p2.privilege) == 0
+ && string_compare(p1.result_extra, p2.result_extra) == 0);
+}
+
+std::ostream& operator<<(std::ostream& os, const CynaraTestPlugins::Descriptions &descriptions)
+{
+ os << "{" << std::endl;
+ for (const auto &desc : descriptions)
+ os << "{ [" << desc.type << "], <" << desc.name << "> }" << std::endl;
+ os << "}";
+ return os;
+}
+
+} // namespace anonymous
+
+CynaraPoliciesContainer::CynaraPoliciesContainer()
+{
+}
+
+CynaraPoliciesContainer::CynaraPoliciesContainer(struct cynara_admin_policy **policies)
+{
+ if (!policies)
+ return;
+
+ for (int i = 0; policies[i]; ++i) {
+ auto policyPtr = policies[i];
+ m_policies.push_back(*policyPtr);
+ free(policyPtr);
+ }
+ free(policies);
+}
+
+CynaraPoliciesContainer::~CynaraPoliciesContainer()
+{
+ for (struct cynara_admin_policy &policy : m_policies) {
+ free(policy.bucket);
+ free(policy.client);
+ free(policy.user);
+ free(policy.privilege);
+ free(policy.result_extra);
+ }
+}
+
+void CynaraPoliciesContainer::add(const char *bucket,
+ const char *client,
+ const char *user,
+ const char *privilege,
+ const int result,
+ const char *resultExtra)
+{
+ m_policies.push_back({ nullptr, nullptr, nullptr, nullptr, 0, nullptr });
+ struct cynara_admin_policy &policy = m_policies.back();
+ if (bucket)
+ policy.bucket = strdup(bucket);
+ if (client)
+ policy.client = strdup(client);
+ if (user)
+ policy.user = strdup(user);
+ if (privilege)
+ policy.privilege = strdup(privilege);
+ policy.result = result;
+ if (resultExtra)
+ policy.result_extra = strdup(resultExtra);
+}
+
+void CynaraPoliciesContainer::add(const char *bucket,
+ const CheckKey &checkKey,
+ const int result,
+ const char *resultExtra)
+{
+ add(bucket, checkKey.m_client, checkKey.m_user, checkKey.m_privilege, result, resultExtra);
+}
+
+void CynaraPoliciesContainer::sort()
+{
+ std::sort(m_policies.begin(), m_policies.end(), policy_less);
+}
+
+std::ostream& operator<<(std::ostream& os, const CynaraPoliciesContainer &policies)
+{
+ os << "{" << std::endl;
+ for (const auto & policy : policies.m_policies)
+ os << policy;
+ os << "}";
+ return os;
+}
+
+Admin::Admin()
+ : m_admin(nullptr)
+{
+ int ret = cynara_admin_initialize(&m_admin);
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
+ "cynara_admin_initialize failed. ret: " << ret);
+ RUNNER_ASSERT_MSG(m_admin != nullptr, "cynara_admin struct was not initialized");
+}
+
+Admin::~Admin()
+{
+ cynara_admin_finish(m_admin);
+}
+
+void Admin::setPolicies(const CynaraPoliciesContainer &policiesContainer,
+ int expectedResult)
+{
+ const cynara_admin_policy *policies[policiesContainer.m_policies.size()+1];
+
+ for (size_t i = 0; i < policiesContainer.m_policies.size(); ++i) {
+ policies[i] = &policiesContainer.m_policies[i];
+ }
+ policies[policiesContainer.m_policies.size()] = nullptr;
+
+ int ret = cynara_admin_set_policies(m_admin, policies);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_admin_set_policies returned wrong value: "
+ << ret << " != " << expectedResult << ". "
+ << "policies:\n" << policies);
+}
+
+void Admin::setBucket(const char *bucket, int operation, const char *extra,
+ int expectedResult)
+{
+ int ret = cynara_admin_set_bucket(m_admin, bucket, operation, extra);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_admin_set_bucket returned wrong value: "
+ << ret << " != " << expectedResult << "."
+ << " bucket: " << formatCstr(bucket) << ","
+ << " operation: " << operation << ","
+ << " extra: " << formatCstr(extra));
+}
+
+void Admin::adminCheck(const char *startBucket, int recursive,
+ const char *client, const char *user, const char *privilege,
+ int expectedCheckResult, const char *expectedCheckResultExtra,
+ int expectedResult)
+{
+ int checkResult;
+ char *checkResultExtra = nullptr;
+
+ int ret = cynara_admin_check(m_admin,
+ startBucket, recursive,
+ client, user, privilege,
+ &checkResult, &checkResultExtra);
+ CStringPtr extra(checkResultExtra);
+
+ auto dump = [&]() -> std::string
+ {
+ std::stringstream s;
+ s << " functionReturn: " << ret << ","
+ << " functionExpectedReturn: " << expectedResult << ",";
+
+ s << " startBucket: " << formatCstr(startBucket) << ","
+ << " recursive: " << recursive << ","
+ << " client: " << formatCstr(client) << ","
+ << " user: " << formatCstr(user) << ","
+ << " privilege: " << formatCstr(privilege) << ",";
+
+ s << " checkResult: " << checkResult << ","
+ << " expectedCheckResult: " << expectedCheckResult << ","
+ << " checkResultExtra: " << formatCstr(checkResultExtra) << ","
+ << " expectedCheckResultExtra: " << formatCstr(expectedCheckResultExtra);
+ return s.str();
+ };
+
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_admin_check returned wrong value: "
+ << ret << " != " << expectedResult << "."
+ << dump());
+
+ RUNNER_ASSERT_MSG(checkResult == expectedCheckResult,
+ "cynara_admin_check returned wrong check result: "
+ << checkResult << " != " << expectedCheckResult << "."
+ << dump());
+
+ RUNNER_ASSERT_MSG(formatCstr(checkResultExtra) == formatCstr(expectedCheckResultExtra),
+ "cynara_admin_check returned wrong check result extra: "
+ << formatCstr(checkResultExtra) << " != "
+ << formatCstr(expectedCheckResultExtra) << "."
+ << dump());
+}
+
+void Admin::listPolicies(const char *startBucket,
+ const char *client, const char *user, const char *privilege,
+ CynaraPoliciesContainer &expectedPolicyList,
+ int expectedResult) {
+
+ struct cynara_admin_policy **policies = nullptr;
+
+ int ret = cynara_admin_list_policies(m_admin,
+ startBucket,
+ client, user, privilege,
+ &policies);
+
+ CynaraPoliciesContainer receivedPolicyList(policies);
+ receivedPolicyList.sort();
+ expectedPolicyList.sort();
+
+ auto dump = [&]() -> std::string
+ {
+ std::stringstream s;
+ s << " functionReturn: " << ret << ","
+ << " functionExpectedReturn: " << expectedResult << ",";
+
+ s << " startBucket: " << formatCstr(startBucket) << ","
+ << " client: " << formatCstr(client) << ","
+ << " user: " << formatCstr(user) << ","
+ << " privilege: " << formatCstr(privilege) << ",";
+
+ s << " receivedPolicyList: " << receivedPolicyList << ","
+ << " expectedPolicyList: " << expectedPolicyList;
+ return s.str();
+ };
+
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_admin_list_policies returned wrong value: "
+ << ret << " != " << expectedResult << "."
+ << dump());
+
+ RUNNER_ASSERT_MSG(receivedPolicyList.m_policies.size() == expectedPolicyList.m_policies.size(),
+ "size of list returned by cynara_admin_list_policies: "
+ << receivedPolicyList.m_policies.size()
+ << " doesn't match expected list size: "
+ << expectedPolicyList.m_policies.size() << "."
+ << dump());
+
+ RUNNER_ASSERT_MSG(std::equal(receivedPolicyList.m_policies.begin(),
+ receivedPolicyList.m_policies.end(),
+ expectedPolicyList.m_policies.begin(),
+ policy_equal),
+ "list returned by cynara_admin_list_policies doesn't match expected: "
+ << dump());
+}
+
+void Admin::erasePolicies(const char *startBucket, int recursive,
+ const char *client, const char *user, const char *privilege,
+ int expectedResult)
+{
+ int ret = cynara_admin_erase(m_admin,
+ startBucket, recursive,
+ client, user, privilege);
+
+ auto dump = [&]() -> std::string
+ {
+ std::stringstream s;
+ s << " functionReturn: " << ret << ","
+ << " functionExpectedReturn: " << expectedResult << ",";
+
+ s << " startBucket: " << formatCstr(startBucket) << ","
+ << " recursive: " << recursive << ","
+ << " client: " << formatCstr(client) << ","
+ << " user: " << formatCstr(user) << ","
+ << " privilege: " << formatCstr(privilege);
+
+ return s.str();
+ };
+
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_admin_erase returned wrong value: "
+ << ret << " != " << expectedResult << "."
+ << dump());
+}
+
+CynaraTestPlugins::Descriptions parseAndRelease(cynara_admin_policy_descr **descriptions)
+{
+ CynaraTestPlugins::Descriptions ret;
+
+ if (descriptions) {
+ for (size_t i = 0; descriptions[i] != nullptr; ++i) {
+ auto descPtr = descriptions[i];
+ ret.push_back({ static_cast<Cynara::PolicyType>(descPtr->result),
+ std::string(descPtr->name) });
+ free(descPtr->name);
+ free(descPtr);
+ }
+ free(descriptions);
+ }
+ return ret;
+}
+
+void Admin::listPoliciesDescriptions(CynaraTestPlugins::Descriptions &expectedDescriptions,
+ int expectedResult)
+{
+ struct cynara_admin_policy_descr **descriptions = nullptr;
+
+ int ret = cynara_admin_list_policies_descriptions(m_admin, &descriptions);
+
+ CynaraTestPlugins::Descriptions receivedDescriptions = parseAndRelease(descriptions);
+
+ auto description_less = [](const Cynara::PolicyDescription &d1,
+ const Cynara::PolicyDescription &d2) -> bool {
+ return d1.type != d2.type ? d1.type < d2.type : d1.name < d2.name;
+ };
+
+ auto description_equal = [](const Cynara::PolicyDescription &d1,
+ const Cynara::PolicyDescription &d2) -> bool {
+ return d1.type == d2.type && d1.name == d2.name;
+ };
+
+ std::sort(receivedDescriptions.begin(), receivedDescriptions.end(), description_less);
+ std::sort(expectedDescriptions.begin(), expectedDescriptions.end(), description_less);
+
+ auto dump = [&]() -> std::string
+ {
+ std::stringstream s;
+ s << " functionReturn: " << ret << ","
+ << " functionExpectedReturn: " << expectedResult << ",";
+
+ s << " receivedPolicyDescriptionList: " << receivedDescriptions << ","
+ << " expectedPolicyDescriptionList: " << expectedDescriptions << ".";
+ return s.str();
+ };
+
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_admin_list_policies_descriptions returned wrong value: "
+ << ret << " != " << expectedResult << "."
+ << dump());
+
+ RUNNER_ASSERT_MSG(receivedDescriptions.size() == expectedDescriptions.size(),
+ "size of list returned by cynara_admin_list_policies_descriptions: "
+ << receivedDescriptions.size()
+ << " doesn't match expected list size: "
+ << expectedDescriptions.size() << "."
+ << dump());
+
+ RUNNER_ASSERT_MSG(std::equal(receivedDescriptions.begin(),
+ receivedDescriptions.end(),
+ expectedDescriptions.begin(),
+ description_equal),
+ "list returned by cynara_admin_list_policies_descriptions "
+ "doesn't match expected. " << dump());
+}
+
+} // namespace CynaraTestAdmin
--- /dev/null
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_ADMIN_H
+#define CYNARA_TEST_ADMIN_H
+
+#include <cynara_test_commons.h>
+#include <plugins.h>
+
+#include <cynara-admin.h>
+#include <ostream>
+#include <vector>
+
+namespace CynaraTestAdmin {
+
+class Admin;
+
+class CynaraPoliciesContainer
+{
+public:
+ CynaraPoliciesContainer();
+
+/**
+ * \par Description:
+ * A special constructor stealing all data from all structures cynara_admin_policy
+ * arranged in a null-terminated list.
+ * It moves all data from inside structures to own vector,
+ * but release input list by freeing memory of list elements and list itself.
+ */
+ CynaraPoliciesContainer(struct cynara_admin_policy **policies);
+ CynaraPoliciesContainer(const CynaraPoliciesContainer&) = delete;
+ CynaraPoliciesContainer(const CynaraPoliciesContainer&&) = delete;
+ virtual ~CynaraPoliciesContainer();
+
+ void add(const char *bucket,
+ const char *client,
+ const char *user,
+ const char *privilege,
+ const int result,
+ const char *resultExtra);
+ void add(const char *bucket,
+ const CheckKey &checkKey,
+ const int result,
+ const char *resultExtra = nullptr);
+ void sort();
+
+ friend std::ostream& operator<<(std::ostream& os, const CynaraPoliciesContainer &policies);
+
+private:
+ friend class Admin;
+
+ std::vector<struct cynara_admin_policy> m_policies;
+};
+
+class Admin
+{
+public:
+ Admin();
+ virtual ~Admin();
+
+ void setPolicies(const CynaraPoliciesContainer &policiesContainer,
+ int expectedResult = CYNARA_API_SUCCESS);
+ void setBucket(const char *bucket, int operation, const char *extra,
+ int expectedResult = CYNARA_API_SUCCESS);
+ void adminCheck(const char *startBucket, int recursive,
+ const char *client, const char *user, const char *privilege,
+ int expectedCheckResult, const char *expectedCheckResultExtra,
+ int expectedResult = CYNARA_API_SUCCESS);
+ void listPolicies(const char *startBucket,
+ const char *client, const char *user, const char *privilege,
+ CynaraPoliciesContainer &expectedPolicyList,
+ int expectedResult = CYNARA_API_SUCCESS);
+ void erasePolicies(const char *startBucket, int recursive,
+ const char *client, const char *user, const char *privilege,
+ int expectedResult = CYNARA_API_SUCCESS);
+ void listPoliciesDescriptions(CynaraTestPlugins::Descriptions &expectedDescriptions,
+ int expectedResult = CYNARA_API_SUCCESS);
+private:
+ struct cynara_admin *m_admin;
+};
+
+} // namespace CynaraTestAdmin
+
+#endif // CYNARA_TEST_ADMIN_H
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cstdlib>
+#include <string>
+
+#include <cynara_test_agent.h>
+#include <plugins.h>
+#include <dpl/test/test_runner.h>
+
+namespace CynaraTestAgent {
+
+Agent::Agent()
+ : m_agent(nullptr)
+{
+ int ret = cynara_agent_initialize(&m_agent, CynaraTestPlugins::TEST_AGENT_TYPE.c_str());
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
+ "cynara_agent_initialize failed. ret: " << ret);
+ RUNNER_ASSERT_MSG(m_agent != nullptr,
+ "cynara_agent struct was not initialized");
+}
+
+Agent::~Agent()
+{
+ cynara_agent_finish(m_agent);
+}
+
+void Agent::getRequest(AgentRequest &request, int expectedResult)
+{
+ cynara_agent_msg_type type;
+ cynara_agent_req_id id;
+ void *data = nullptr;
+ size_t dataSize;
+
+ int ret = cynara_agent_get_request(m_agent, &type, &id, &data, &dataSize);
+ if (ret == CYNARA_API_SUCCESS) {
+ RUNNER_ASSERT_MSG(!data == !dataSize,
+ "cynara_agent_get_request returned contradictory values: "
+ << "data = " << data << " ,"
+ << "size = " << dataSize << ".");
+ request.set(type, id, data, dataSize);
+ free(data);
+ }
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_agent_get_request returned wrong value: "
+ << ret << " != " << expectedResult << ".");
+}
+
+void Agent::putResponse(const AgentResponse &response, int expectedResult)
+{
+ int ret = cynara_agent_put_response(m_agent,
+ response.type(),
+ response.id(),
+ reinterpret_cast<const void*>(response.data().data()),
+ response.data().size());
+
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_agent_put_response returned wrong value: "
+ << ret << " != " << expectedResult << "."
+ << "response = " << response);
+}
+
+} // namespace CynaraTestAgent
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_AGENT_H
+#define CYNARA_TEST_AGENT_H
+
+#include <cynara-agent.h>
+
+#include <cynara_test_agent_request.h>
+#include <cynara_test_agent_response.h>
+
+namespace CynaraTestAgent {
+
+class Agent
+{
+public:
+ Agent();
+ ~Agent();
+
+ void getRequest(AgentRequest &request, int expectedResult = CYNARA_API_SUCCESS);
+ void putResponse(const AgentResponse &response, int expectedResult = CYNARA_API_SUCCESS);
+
+private:
+ struct cynara_agent *m_agent;
+};
+
+} // namespace CynaraTestAgent
+
+#endif // CYNARA_TEST_AGENT_H
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara_test_agent_request.h>
+#include <plugins.h>
+#include <dpl/test/test_runner.h>
+
+namespace CynaraTestAgent {
+
+std::ostream& operator<<(std::ostream& os, const AgentRequest &request)
+{
+ os << "{";
+ os << " valid = " << request.m_valid << ",";
+ os << " type = " << request.m_type << ",";
+ os << " id = " << request.m_id << ",";
+ os << " data = " << request.m_data << ",";
+ os << " client = " << request.m_client << ",";
+ os << " user = " << request.m_user << ",";
+ os << " privilege = " << request.m_privilege;
+ os << " }";
+ return os;
+}
+
+void AgentRequest::set(cynara_agent_msg_type type, cynara_agent_req_id id,
+ const void *data, size_t dataSize)
+{
+ m_type = type;
+ m_id = id;
+ m_data = Cynara::PluginData(reinterpret_cast<const char*>(data), dataSize);
+ m_client.clear();
+ m_user.clear();
+ m_privilege.clear();
+
+ if (m_type == CYNARA_MSG_TYPE_ACTION) {
+ CynaraTestPlugins::AgentDataVector parsedData;
+
+ bool unwrapSuccess = CynaraTestPlugins::unwrapAgentData(m_data, parsedData);
+ RUNNER_ASSERT_MSG(unwrapSuccess,
+ "Format error. Cannot succesfully unwrap request. "
+ << *this);
+
+ RUNNER_ASSERT_MSG(parsedData.size() == 3,
+ "Received unexpected [" << parsedData.size() << "] number of units,"
+ << " while expecting 3."
+ << " Cannot succesfully unwrap request. "
+ << *this);
+
+ m_client = parsedData[0];
+ m_user = parsedData[1];
+ m_privilege = parsedData[2];
+ }
+ m_valid = true;
+}
+
+void AgentRequest::assertAction(std::string client, std::string user, std::string privilege)
+{
+ RUNNER_ASSERT_MSG(m_valid,
+ "assertAction failed: request is not valid. "
+ << *this);
+ RUNNER_ASSERT_MSG(m_type == CYNARA_MSG_TYPE_ACTION,
+ "assertAction failed: request's type is " << m_type
+ << ", expected type is " << CYNARA_MSG_TYPE_ACTION << ". "
+ << *this);
+ RUNNER_ASSERT_MSG(!m_data.empty(),
+ "assertAction failed: m_data is empty. "
+ << *this);
+ RUNNER_ASSERT_MSG(m_client == client,
+ "assertAction failed: unexpected client value " << m_client
+ << ", expected value is " << client << ". "
+ << *this);
+ RUNNER_ASSERT_MSG(m_user == user,
+ "assertAction failed: unexpected user value " << m_user
+ << ", expected value is " << user << ". "
+ << *this);
+ RUNNER_ASSERT_MSG(m_privilege == privilege,
+ "assertAction failed: unexpected privilege value " << m_privilege
+ << ", expected value is " << privilege << ". "
+ << *this);
+}
+
+void AgentRequest::assertCancel()
+{
+ RUNNER_ASSERT_MSG(m_valid,
+ "assertCancel failed: request is not valid. "
+ << *this);
+ RUNNER_ASSERT_MSG(m_type == CYNARA_MSG_TYPE_CANCEL,
+ "assertCancel failed: request's type is " << m_type
+ << ", expected type is " << CYNARA_MSG_TYPE_CANCEL << ". "
+ << *this);
+ RUNNER_ASSERT_MSG(m_data.empty(),
+ "assertCancel failed: m_data is not empty. "
+ << *this);
+ RUNNER_ASSERT_MSG(m_client.empty(),
+ "assertCancel failed: m_client is not empty. "
+ << *this);
+ RUNNER_ASSERT_MSG(m_user.empty(),
+ "assertCancel failed: m_user is not empty. "
+ << *this);
+ RUNNER_ASSERT_MSG(m_privilege.empty(),
+ "assertCancel failed: m_privilege is not empty. "
+ << *this);
+}
+
+} // namespace CynaraTestAgent
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_AGENT_REQUEST_H
+#define CYNARA_TEST_AGENT_REQUEST_H
+
+#include <cynara_test_commons.h>
+
+#include <cynara-agent.h>
+#include <cynara-plugin.h>
+#include <ostream>
+#include <string>
+
+namespace CynaraTestAgent {
+
+class AgentRequest
+{
+public:
+ AgentRequest() : m_valid(false), m_type(CYNARA_MSG_TYPE_ACTION), m_id(0)
+ {}
+
+ void set(cynara_agent_msg_type type, cynara_agent_req_id id, const void *data, size_t dataSize);
+
+ bool valid() const
+ {
+ return m_valid;
+ }
+
+ cynara_agent_msg_type type() const
+ {
+ return m_type;
+ }
+
+ cynara_agent_req_id id() const
+ {
+ return m_id;
+ }
+
+ void assertAction(std::string client, std::string user, std::string privilege);
+ void assertCancel();
+
+ friend std::ostream& operator<<(std::ostream& os, const AgentRequest &request);
+
+private:
+ bool m_valid;
+ cynara_agent_msg_type m_type;
+ cynara_agent_req_id m_id;
+ Cynara::PluginData m_data;
+ std::string m_client;
+ std::string m_user;
+ std::string m_privilege;
+};
+
+} // namespace CynaraTestAgent
+
+#endif // CYNARA_TEST_AGENT_REQUEST_H
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara_test_agent_response.h>
+#include <plugins.h>
+#include <cynara-agent.h>
+
+namespace CynaraTestAgent {
+
+std::ostream& operator<<(std::ostream& os, const AgentResponse &response)
+{
+ os << "{";
+ os << " type = " << response.m_type << ",";
+ os << " id = " << response.m_id << ",";
+ os << " data = " << response.m_data;
+ os << " }";
+ return os;
+}
+
+AgentResponse AgentResponse::createAllow(cynara_agent_req_id id)
+{
+ CynaraTestPlugins::AgentDataVector rawData = {CynaraTestPlugins::AGENT_DATA_ALLOW};
+ return AgentResponse(CYNARA_MSG_TYPE_ACTION, id, CynaraTestPlugins::wrapAgentData(rawData));
+}
+
+AgentResponse AgentResponse::createDeny(cynara_agent_req_id id)
+{
+ CynaraTestPlugins::AgentDataVector rawData = {CynaraTestPlugins::AGENT_DATA_DENY};
+ return AgentResponse(CYNARA_MSG_TYPE_ACTION, id, CynaraTestPlugins::wrapAgentData(rawData));
+}
+
+AgentResponse AgentResponse::createCancel(cynara_agent_req_id id)
+{
+ return AgentResponse(CYNARA_MSG_TYPE_CANCEL, id, Cynara::PluginData());
+}
+
+} // namespace CynaraTestAgent
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_AGENT_RESPONSE_H
+#define CYNARA_TEST_AGENT_RESPONSE_H
+
+#include <cynara_test_commons.h>
+
+#include <cynara-agent.h>
+#include <cynara-plugin.h>
+#include <ostream>
+
+namespace CynaraTestAgent {
+
+class AgentResponse
+{
+public:
+ AgentResponse() = delete;
+ static AgentResponse createAllow(cynara_agent_req_id id);
+ static AgentResponse createDeny(cynara_agent_req_id id);
+ static AgentResponse createCancel(cynara_agent_req_id id);
+
+ cynara_agent_msg_type type() const
+ {
+ return m_type;
+ }
+
+ cynara_agent_req_id id() const
+ {
+ return m_id;
+ }
+
+ Cynara::PluginData data() const
+ {
+ return m_data;
+ }
+
+ friend std::ostream& operator<<(std::ostream& os, const AgentResponse &response);
+
+private:
+ AgentResponse(cynara_agent_msg_type type, cynara_agent_req_id id, Cynara::PluginData data)
+ : m_type(type), m_id(id), m_data(data)
+ {}
+
+ cynara_agent_msg_type m_type;
+ cynara_agent_req_id m_id;
+ Cynara::PluginData m_data;
+};
+
+} // namespace CynaraTestAgent
+
+#endif // CYNARA_TEST_AGENT_RESPONSE_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara_test_client.h>
+
+#include <tests_common.h>
+
+namespace CynaraTestClient {
+
+Client::Client()
+ : m_cynara(nullptr)
+{
+ int ret = cynara_initialize(&m_cynara, nullptr);
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
+ "cynara_initialize failed. ret: " << ret);
+ RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara struct was not initialized");
+}
+
+Client::~Client()
+{
+ cynara_finish(m_cynara);
+}
+
+void Client::check(const char *client, const char *session,
+ const char *user, const char *privilege,
+ int expectedResult)
+{
+ int ret = cynara_check(m_cynara, client, session, user, privilege);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_check returned wrong value: "
+ << ret << " != " << expectedResult << "."
+ << " client: " << formatCstr(client) << ","
+ << " session: " << formatCstr(session) << ","
+ << " user: " << formatCstr(user) << ","
+ << " privilege: " << formatCstr(privilege));
+}
+
+} //namespace CynaraTestClient
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_CLIENT_H
+#define CYNARA_TEST_CLIENT_H
+
+#include <cynara-client.h>
+
+namespace CynaraTestClient {
+
+class Client
+{
+public:
+ Client();
+ virtual ~Client();
+
+ void check(const char *client, const char *session,
+ const char *user, const char *privilege,
+ int expectedResult = CYNARA_API_ACCESS_ALLOWED);
+
+private:
+ struct cynara *m_cynara;
+};
+
+} //namespace CynaraTestClient
+
+#endif // CYNARA_TEST_CLIENT_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara_test_client_async_client.h>
+
+#include <dpl/test/test_runner.h>
+
+#include <cynara-client-async.h>
+
+#include <exception>
+#include <unistd.h>
+
+namespace CynaraTestClientAsync {
+
+static std::string suffix(const std::string &major, const std::string &minor)
+{
+ if (minor.empty())
+ return major;
+ return "_" + major + "_" + minor;
+}
+
+CheckData::CheckData(const std::string &major, const std::string &minor) :
+ m_client("client" + suffix(major, minor)),
+ m_session("session" + suffix(major, minor)),
+ m_user("user" + suffix(major, minor)),
+ m_privilege("privilege" + suffix(major, minor))
+{
+}
+
+CheckData::CheckData(const std::string &major, int minor) : CheckData(major, std::to_string(minor))
+{
+}
+
+CheckKey CheckData::toAdminPolicy()
+{
+ return {m_client.c_str(), m_user.c_str(), m_privilege.c_str()};
+}
+
+Client::Client(const StatusFunction &userFunction)
+ : m_cynara(nullptr), m_statusMonitor(userFunction)
+{
+ int ret = cynara_async_initialize(&m_cynara, nullptr, StatusMonitor::updateStatus,
+ reinterpret_cast<void*>(&m_statusMonitor));
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
+ "cynara_async_initialize() failed. ret = " << ret << ".");
+ RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara_async struct was not initialized.");
+
+ assertStatus(DISCONNECTED);
+}
+
+Client::~Client() noexcept(false)
+{
+ bool oops = std::uncaught_exception();
+ try {
+ cynara_async_finish(m_cynara);
+ assertStatus(DISCONNECTED);
+ } catch (...) {
+ if (!oops)
+ throw;
+ RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing CynaraTestAsync::Client.");
+ }
+}
+
+void Client::assertStatus(enum SocketStatus expectedStatus)
+{
+ enum SocketStatus currentStatus = m_statusMonitor.getStatus();
+ RUNNER_ASSERT_MSG(currentStatus == expectedStatus,
+ "SocketStatus mismatch: "
+ << " currentStatus = " << currentStatus << ","
+ << " expectedStatus = " << expectedStatus << ".");
+}
+
+void Client::checkCache(const CheckData &checkData, int expectedResult)
+{
+ int ret = cynara_async_check_cache(m_cynara, checkData.m_client.c_str(),
+ checkData.m_session.c_str(), checkData.m_user.c_str(),
+ checkData.m_privilege.c_str());
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "Cache check returned unexpected value: "
+ << " returned value = " << ret << ","
+ << " expected value = " << expectedResult << ","
+ << " client = " << checkData.m_client << ","
+ << " sesion = " << checkData.m_session << ","
+ << " user = " << checkData.m_user << ","
+ << " privilege = " << checkData.m_privilege << ".");
+}
+
+void Client::createRequest(const CheckData &checkData, cynara_check_id &id,
+ const RequestEntity &callbackData, int expectedResult)
+{
+ int ret = cynara_async_create_request(m_cynara, checkData.m_client.c_str(),
+ checkData.m_session.c_str(), checkData.m_user.c_str(),
+ checkData.m_privilege.c_str(), &id,
+ RequestMonitor::updateResponse,
+ reinterpret_cast<void*>(&m_requestMonitor));
+ if (ret == CYNARA_API_SUCCESS)
+ m_requestMonitor.registerRequest(id, callbackData);
+
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "Create request returned unexpected value: "
+ << " returned value = " << ret << ","
+ << " expected value = " << expectedResult << ","
+ << " client = " << checkData.m_client << ","
+ << " sesion = " << checkData.m_session << ","
+ << " user = " << checkData.m_user << ","
+ << " privilege = " << checkData.m_privilege << ".");
+}
+
+void Client::process(int expectedResult,
+ enum TimeoutExpectation timeoutExpectation,
+ time_t timeoutSeconds) {
+ if (m_statusMonitor.getStatus() == DISCONNECTED)
+ return;
+
+ int fd = m_statusMonitor.getFd();
+ fd_set fds;
+ timeval tv;
+ FD_ZERO(&fds);
+ FD_SET(fd, &fds);
+ tv.tv_sec = timeoutSeconds;
+ tv.tv_usec = 0;
+
+ int ret;
+ if (m_statusMonitor.getStatus() == READ)
+ ret = TEMP_FAILURE_RETRY(select(fd + 1, &fds, NULL, NULL, &tv));
+ else
+ ret = TEMP_FAILURE_RETRY(select(fd + 1, &fds, &fds, NULL, &tv));
+
+ if (ret == 0) {
+ RUNNER_ASSERT_ERRNO_MSG(timeoutExpectation != EXPECT_NO_TIMEOUT,
+ "Unexpected select timeout."
+ << " ret = " << ret);
+ return;
+ }
+ RUNNER_ASSERT_ERRNO_MSG(ret > 0,
+ "Select returned error:"
+ << " ret = " << ret);
+ RUNNER_ASSERT_ERRNO_MSG(timeoutExpectation != EXPECT_TIMEOUT,
+ "Select returned positive value, when timeout was expected."
+ << " ret = " << ret);
+
+ ret = cynara_async_process(m_cynara);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_async_process returned unexpected value: "
+ << " returned value = " << ret << ","
+ << " expected value = " << expectedResult << ".");
+}
+
+void Client::cancel(cynara_check_id id, int expectedResult)
+{
+ int ret = cynara_async_cancel_request(m_cynara, id);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "Cancel request returned unexpected value: "
+ << " returned value = " << ret << ","
+ << " expected value = " << expectedResult << ","
+ << " id = " << id << ".");
+}
+
+}// namespace CynaraTestClientAsync
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
+#define CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
+
+#include <cynara_test_client_async_request_monitor.h>
+#include <cynara_test_client_async_status_monitor.h>
+#include <cynara_test_commons.h>
+
+#include <cynara-client-async.h>
+
+#include <string>
+#include <sys/types.h>
+
+namespace CynaraTestClientAsync {
+
+struct CheckData
+{
+ std::string m_client;
+ std::string m_session;
+ std::string m_user;
+ std::string m_privilege;
+
+ CheckData(const std::string &major, const std::string &minor = "");
+ CheckData(const std::string &major, int minor);
+
+ CheckKey toAdminPolicy();
+};
+
+class Client
+{
+public:
+ enum TimeoutExpectation {
+ EXPECT_TIMEOUT,
+ EXPECT_NO_TIMEOUT,
+ IGNORE_TIMEOUT,
+ };
+
+ Client(const StatusFunction &userFunction = StatusFunction());
+ ~Client() noexcept(false);
+
+ void assertStatus(enum SocketStatus expectedStatus);
+ void checkCache(const CheckData &checkData, int expectedResult);
+ void createRequest(const CheckData &checkData, cynara_check_id &id,
+ const RequestEntity &callbackData, int expectedResult = CYNARA_API_SUCCESS);
+ void process(int expectedResult = CYNARA_API_SUCCESS,
+ enum TimeoutExpectation timeoutExpectation = EXPECT_NO_TIMEOUT,
+ time_t timeoutSeconds = 3);
+ void cancel(cynara_check_id id, int expectedResult = CYNARA_API_SUCCESS);
+
+private:
+ struct cynara_async *m_cynara;
+
+ StatusMonitor m_statusMonitor;
+ RequestMonitor m_requestMonitor;
+};
+
+}// namespace CynaraTestClientAsync
+
+#endif // CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara_test_client_async_request_monitor.h>
+
+#include <dpl/test/test_runner.h>
+
+#include <exception>
+
+namespace CynaraTestClientAsync {
+
+RequestMonitor::~RequestMonitor() noexcept(false)
+{
+ bool oops = std::uncaught_exception();
+ try {
+ for (auto ent : m_requests)
+ {
+ RUNNER_ERROR_MSG("There was no callback for request with:"
+ << "id = " << ent.first << ","
+ << "expectedResponse = " << ent.second.m_expectedResponse << ","
+ << "expectedCause = " << ent.second.m_expectedCause << ".");
+ }
+ RUNNER_ASSERT_MSG(m_requests.empty(),
+ m_requests.size() << "requests does not receive callback.");
+ } catch (...) {
+ if (!oops)
+ throw;
+ RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing"
+ " CynaraTestAsync::RequestMonitor.");
+ }
+}
+
+void RequestMonitor::registerRequest(cynara_check_id id, const RequestEntity &request)
+{
+ auto p = m_requests.insert({id, request});
+ RUNNER_ASSERT_MSG(p.second,
+ "Request with id = " << p.first->first << " already exists.");
+}
+
+void RequestMonitor::updateResponse(cynara_check_id checkId, cynara_async_call_cause cause,
+ int response, void *data)
+{
+ RequestMonitor *monitor = reinterpret_cast<RequestMonitor*>(data);
+ if (!monitor) {
+ RUNNER_FAIL_MSG("Bad user data (nullptr) in response callback.");
+ return;
+ }
+
+ auto it = monitor->m_requests.find(checkId);
+ if (it == monitor->m_requests.end()) {
+ RUNNER_FAIL_MSG("Received unexpected callback for request:"
+ << "id = " << checkId << ","
+ << "response = " << response << ","
+ << "cause = " << cause << ".");
+ return;
+ }
+
+ //save request data and remove request from monitored requests
+ auto expectedResponse = it->second.m_expectedResponse;
+ auto expectedCause = it->second.m_expectedCause;
+ auto userFunction = it->second.m_userFunction;
+ monitor->m_requests.erase(it);
+
+ RUNNER_ASSERT_MSG(cause == expectedCause,
+ "Unexpected cause in response callback:"
+ << "id = " << checkId << ","
+ << "received response = " << response << ","
+ << "expected response = " << expectedResponse << ","
+ << "received cause = " << cause << ","
+ << "expected cause = " << expectedCause << ".");
+
+ if (cause == CYNARA_CALL_CAUSE_ANSWER)
+ {
+ RUNNER_ASSERT_MSG(response == expectedResponse,
+ "Unexpected response in response callback:"
+ << "id = " << checkId << ","
+ << "received response = " << response << ","
+ << "expected response = " << expectedResponse << ","
+ << "received cause = " << cause << ","
+ << "expected cause = " << expectedCause << ".");
+ }
+
+ if (userFunction)
+ userFunction();
+}
+
+}// namespace CynaraTestClientAsync
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
+#define CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
+
+#include <cynara-client-async.h>
+
+#include <functional>
+#include <unordered_map>
+
+namespace CynaraTestClientAsync {
+
+typedef std::function<void(void)> RequestFunction;
+
+struct RequestEntity
+{
+ RequestFunction m_userFunction;
+ int m_expectedResponse;
+ cynara_async_call_cause m_expectedCause;
+};
+
+class RequestMonitor
+{
+public:
+ ~RequestMonitor() noexcept(false);
+
+ void registerRequest(cynara_check_id id, const RequestEntity &request);
+
+ static void updateResponse(cynara_check_id checkId, cynara_async_call_cause cause, int response,
+ void *data);
+
+private:
+ std::unordered_map<cynara_check_id, RequestEntity> m_requests;
+};
+
+}// namespace CynaraTestClientAsync
+
+#endif // CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara_test_client_async_status_monitor.h>
+
+#include <dpl/test/test_runner.h>
+
+namespace CynaraTestClientAsync {
+
+StatusMonitor::StatusMonitor(const StatusFunction &userFunction)
+ : m_fd(-1), m_status(CYNARA_STATUS_FOR_READ), m_userFunction(userFunction)
+{
+}
+
+void StatusMonitor::updateStatus(int oldFd, int newFd, cynara_async_status status, void *data)
+{
+ StatusMonitor *monitor = reinterpret_cast<StatusMonitor*>(data);
+ if (!monitor) {
+ RUNNER_FAIL_MSG("Bad user data (nullptr) in status callback.");
+ return;
+ }
+
+ RUNNER_ASSERT_MSG(monitor->m_fd == oldFd,
+ "fd value mismatch: "
+ << " last saved fd = " << monitor->m_fd << ","
+ << " callback oldFd = " << oldFd << ".");
+
+ monitor->m_fd = newFd;
+ monitor->m_status = status;
+ if (monitor->m_userFunction)
+ monitor->m_userFunction(oldFd, newFd, status);
+}
+
+int StatusMonitor::getFd(void) const
+{
+ return m_fd;
+}
+
+enum SocketStatus StatusMonitor::getStatus(void) const
+{
+ if (m_fd == -1)
+ return DISCONNECTED;
+
+ switch (m_status) {
+ case CYNARA_STATUS_FOR_READ:
+ return READ;
+ case CYNARA_STATUS_FOR_RW:
+ return READWRITE;
+ }
+ RUNNER_FAIL_MSG("Unknown cynara socket status = " << m_status << ","
+ << " fd = " << m_fd << ".");
+ return UNKNOWN;
+}
+
+}// namespace CynaraTestClientAsync
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
+#define CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
+
+#include <cynara-client-async.h>
+
+#include <functional>
+
+namespace CynaraTestClientAsync {
+
+enum SocketStatus
+{
+ READ,
+ READWRITE,
+ DISCONNECTED,
+ UNKNOWN,
+};
+
+typedef std::function<void(int oldFd, int newFd, cynara_async_status status)> StatusFunction;
+
+class StatusMonitor
+{
+public:
+
+ StatusMonitor(const StatusFunction &userFunction);
+
+ static void updateStatus(int oldFd, int newFd, cynara_async_status status, void *data);
+
+ int getFd(void) const;
+ enum SocketStatus getStatus(void) const;
+
+private:
+ int m_fd;
+ cynara_async_status m_status;
+ StatusFunction m_userFunction;
+};
+
+}// namespace CynaraTestClientAsync
+
+#endif // CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
--- /dev/null
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara_test_commons.h>
+#include <cynara_test_env.h>
+#include <cynara_test_file_operations.h>
+#include <cynara_test_cynara_mask.h>
+
+#include <dpl/exception.h>
+#include <dpl/test/test_runner.h>
+
+#include <exception>
+
+namespace CynaraTestConsts
+{
+
+const std::string DB_DIR(CYNARA_DB_DIR);
+const std::string USER("cynara");
+const std::string LABEL("System");
+const std::string SERVICE("cynara.service");
+const std::string SERVICE_PLUGINS_DIR("/usr/lib/cynara/plugin/service/");
+
+}
+
+void environmentWrap(const char *testName, const std::function<void(void)> &func)
+{
+ CynaraTestEnv env(testName);
+ env.save();
+
+ try {
+ func();
+ } catch (const DPL::Test::TestRunner::TestFailed &e) {
+ env.restore();
+ throw e;
+ } catch (const DPL::Test::TestRunner::Ignored &e) {
+ env.restore();
+ throw e;
+ } catch (const DPL::Exception &e) {
+ env.restore();
+ throw e;
+ } catch (const std::exception &e) {
+ env.restore();
+ throw e;
+ } catch (...) {
+ env.restore();
+ throw std::runtime_error("Unknown exception");
+ }
+ env.restore();
+}
+
+void loadServicePlugins(const DirectoryPaths &pluginDirectories)
+{
+ CynaraMask mask;
+
+ FileOperations::removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR);
+ for (const auto &dir : pluginDirectories)
+ FileOperations::copyCynaraFiles(dir.c_str(), CynaraTestConsts::SERVICE_PLUGINS_DIR);
+}
--- /dev/null
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file cynara_test_commons.h
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @version 1.0
+ * @brief Definition of environment wrap for test cases
+ */
+
+#ifndef CYNARA_TEST_COMMONS_H_
+#define CYNARA_TEST_COMMONS_H_
+
+#include <functional>
+#include <string>
+#include <vector>
+
+namespace CynaraTestConsts
+{
+
+extern const std::string DB_DIR;
+extern const std::string USER;
+extern const std::string LABEL;
+extern const std::string SERVICE;
+extern const std::string SERVICE_PLUGINS_DIR;
+
+}
+
+struct CheckKey
+{
+ const char *m_client;
+ const char *m_user;
+ const char *m_privilege;
+};
+
+void environmentWrap(const char *testName, const std::function<void(void)> &func);
+
+#define RUN_CYNARA_TEST(Proc) \
+ RUNNER_TEST(Proc) \
+ { \
+ environmentWrap(#Proc, Proc##_func); \
+ }
+
+typedef std::vector<std::string> DirectoryPaths;
+void loadServicePlugins(const DirectoryPaths &pluginDirectories);
+
+#endif /* CYNARA_TEST_COMMONS_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file cynara_test_cynara_mask.cpp
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @version 1.0
+ * @brief Implementation of scoped cynara service masker
+ */
+
+#include <exception>
+
+#include <cynara_test_commons.h>
+#include <dpl/test/test_runner.h>
+
+#include <cynara_test_cynara_mask.h>
+
+CynaraMask::CynaraMask() : m_serviceManager(CynaraTestConsts::SERVICE)
+{
+ m_serviceManager.maskService();
+ m_serviceManager.stopService();
+}
+
+CynaraMask::~CynaraMask() noexcept(false)
+{
+ bool oops = std::uncaught_exception();
+ try {
+ m_serviceManager.unmaskService();
+ m_serviceManager.startService();
+ } catch (...) {
+ if (!oops)
+ throw;
+ RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing CynaraMask.");
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file cynara_test_cynara_mask.h
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @version 1.0
+ * @brief Definition of scoped cynara service masker
+ */
+
+#ifndef CYNARA_TEST_CYNARA_MASK_H_
+#define CYNARA_TEST_CYNARA_MASK_H_
+
+#include <service_manager.h>
+
+class CynaraMask
+{
+public:
+ CynaraMask();
+ ~CynaraMask() noexcept(false);
+
+private:
+ ServiceManager m_serviceManager;
+};
+
+#endif // CYNARA_TEST_CYNARA_MASK_H_
--- /dev/null
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara_test_commons.h>
+#include <cynara_test_cynara_mask.h>
+#include <cynara_test_file_operations.h>
+#include <tests_common.h>
+
+#include <cynara_test_env.h>
+
+using namespace FileOperations;
+
+CynaraTestEnv::CynaraTestEnv(const char *dirName)
+ : m_dbPresent(false)
+{
+ m_saveDir = TMP_DIR + "/" + dirName;
+ m_dbSaveDir = m_saveDir + "/db";
+ m_pluginsSaveDir = m_saveDir + "/plugins";
+}
+
+CynaraTestEnv::~CynaraTestEnv()
+{
+}
+
+void CynaraTestEnv::save()
+{
+ CynaraMask mask;
+
+ removeDirFiles(m_dbSaveDir);
+ removeDirIfExists(m_dbSaveDir);
+ removeDirFiles(m_pluginsSaveDir);
+ removeDirIfExists(m_pluginsSaveDir);
+ removeDirIfExists(m_saveDir);
+
+ makeDir(m_saveDir);
+ m_dbPresent = dirExists(CynaraTestConsts::DB_DIR);
+ if (m_dbPresent) {
+ makeDir(m_dbSaveDir);
+ copyCynaraFiles(CynaraTestConsts::DB_DIR, m_dbSaveDir);
+ }
+ makeDir(m_pluginsSaveDir);
+ copyCynaraFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR, m_pluginsSaveDir);
+}
+
+void CynaraTestEnv::restore()
+{
+ CynaraMask mask;
+
+ removeDirFiles(CynaraTestConsts::DB_DIR);
+ if (m_dbPresent)
+ copyCynaraFiles(m_dbSaveDir, CynaraTestConsts::DB_DIR);
+ else
+ removeDirIfExists(CynaraTestConsts::DB_DIR);
+
+ removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR);
+ copyCynaraFiles(m_pluginsSaveDir, CynaraTestConsts::SERVICE_PLUGINS_DIR);
+
+ removeDirFiles(m_dbSaveDir);
+ removeDirIfExists(m_dbSaveDir);
+ removeDirFiles(m_pluginsSaveDir);
+ removeDirIfExists(m_pluginsSaveDir);
+ removeDirIfExists(m_saveDir);
+}
--- /dev/null
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_ENV_H
+#define CYNARA_TEST_ENV_H
+
+#include <string>
+
+class CynaraTestEnv
+{
+public:
+ explicit CynaraTestEnv(const char *dirName);
+ virtual ~CynaraTestEnv();
+
+ void save();
+ void restore();
+
+private:
+ std::string m_saveDir;
+ std::string m_dbSaveDir;
+ std::string m_pluginsSaveDir;
+ bool m_dbPresent;
+};
+
+#endif // CYNARA_TEST_ENV_H
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cstdlib>
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <ftw.h>
+#include <pwd.h>
+#include <sys/sendfile.h>
+#include <sys/smack.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <cynara_test_commons.h>
+#include <dpl/test/test_runner.h>
+#include <memory.h>
+
+#include <cynara_test_file_operations.h>
+
+namespace FileOperations
+{
+
+static int removeFile(const char *fpath, const struct stat * /*sb*/,
+ int tflag, struct FTW * /*ftwbuf*/)
+{
+ if (tflag == FTW_F)
+ RUNNER_ASSERT_ERRNO_MSG(!unlink(fpath), "Unable to unlink " << fpath << " file");
+ else
+ RUNNER_ASSERT_MSG(tflag == FTW_DP, "Visited file should not exist. Path: " << fpath);
+ return 0;
+}
+
+bool dirExists(const std::string &directory)
+{
+ struct stat st;
+ int ret = stat(directory.c_str(), &st);
+ if (ret == -1 && errno == ENOENT) {
+ return false;
+ } else if (ret == -1) {
+ RUNNER_ASSERT_ERRNO_MSG(false, "Cannot stat " << directory
+ << " not due to its nonexistence");
+ }
+ RUNNER_ASSERT_MSG(st.st_mode & S_IFDIR, directory << " is not a directory");
+ return true;
+}
+
+void copyCynaraFile(const std::string &src, const std::string &dst)
+{
+ using PwBufPtr = CStringPtr;
+ int inFd = TEMP_FAILURE_RETRY(open(src.c_str(), O_RDONLY));
+ RUNNER_ASSERT_ERRNO_MSG(inFd > 0, "Opening " << src << " file failed");
+ FdUniquePtr inFdPtr(&inFd);
+
+ int outFd = TEMP_FAILURE_RETRY(creat(dst.c_str(), 0700));
+ RUNNER_ASSERT_ERRNO_MSG(outFd > 0, "Creating " << dst << " file failed");
+ FdUniquePtr outFdPtr(&outFd);
+
+ long int len = sysconf(_SC_GETPW_R_SIZE_MAX);
+ RUNNER_ASSERT_MSG(len != -1, "No suggested buflen");
+ size_t buflen = len;
+ char *buf = static_cast<char*>(malloc(buflen));
+
+ PwBufPtr pwBufPtr(buf);
+
+ struct passwd pwbuf, *pwbufp = nullptr;
+ int ret = TEMP_FAILURE_RETRY(getpwnam_r(CynaraTestConsts::USER.c_str(),
+ &pwbuf, buf, buflen, &pwbufp));
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "getpwnam_r failed on " << CynaraTestConsts::USER << " user");
+ RUNNER_ASSERT_MSG(pwbufp, "User " << CynaraTestConsts::USER << " does not exist");
+
+ ret = fchown(outFd, pwbufp->pw_uid, pwbufp->pw_gid);
+ RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fchown failed");
+
+ ret = smack_fsetlabel(outFd, CynaraTestConsts::LABEL.c_str(), SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(ret == 0, "Setting smack label failed");
+
+ struct stat statSrc;
+ ret = fstat(inFd, &statSrc);
+ RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fstat failed");
+
+ ret = sendfile(outFd, inFd, 0, statSrc.st_size);
+ RUNNER_ASSERT_ERRNO_MSG(ret != -1, "sendfile failed");
+}
+
+void copyCynaraFiles(const std::string &source, const std::string &destination)
+{
+ DIR *dirPtr = nullptr;
+ struct dirent *direntPtr;
+
+ RUNNER_ASSERT_ERRNO_MSG(dirPtr = opendir(source.c_str()),
+ "opening " << source << " dir failed");
+ DirPtr dirScopedPtr(dirPtr);
+
+ while((direntPtr = readdir(dirPtr)) != nullptr) {
+ if (!strcmp(direntPtr->d_name, ".")
+ || !strcmp(direntPtr->d_name, ".."))
+ continue;
+ std::string tempDest = destination + "/" + direntPtr->d_name;
+ std::string tempSrc = source + "/" + direntPtr->d_name;
+ copyCynaraFile(tempSrc, tempDest);
+ }
+}
+
+void makeDir(const std::string &directory)
+{
+ RUNNER_ASSERT_ERRNO_MSG(!mkdir(directory.c_str(), S_IRWXU | S_IRWXG | S_IRWXO),
+ "Unable to make " << directory << " test directory");
+}
+
+void removeDirFiles(const std::string &dir)
+{
+ int ret = nftw(dir.c_str(), removeFile, 2, FTW_DEPTH | FTW_PHYS);
+ if (ret == -1)
+ RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "nftw failed");
+}
+
+void removeDirIfExists(const std::string &dir)
+{
+ RUNNER_ASSERT_ERRNO_MSG(!rmdir(dir.c_str()) || errno == ENOENT,
+ "Removing " << dir << " dir failed");
+}
+
+} // namespace FileOperations
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_FILE_OPERATIONS_H
+#define CYNARA_TEST_FILE_OPERATIONS_H
+
+#include <string>
+
+namespace FileOperations
+{
+
+bool dirExists(const std::string &directory);
+void copyCynaraFile(const std::string &src, const std::string &dst);
+void copyCynaraFiles(const std::string &source, const std::string &destination);
+void makeDir(const std::string &directory);
+void removeDirFiles(const std::string &dir);
+void removeDirIfExists(const std::string &dir);
+
+} // namespace FileOperations
+
+#endif //CYNARA_TEST_FILE_OPERATIONS_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <dpl/test/test_runner.h>
+
+int main (int argc, char *argv[])
+{
+ int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ return status;
+}
--- /dev/null
+client;user;privilege;0x0;
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file BaseCynaraTestPlugin.h
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @brief Definition of base class for cynara test plugins
+ */
+
+#ifndef BASE_CYNARA_TEST_PLUGIN_H
+#define BASE_CYNARA_TEST_PLUGIN_H
+
+#include <string>
+
+#include <cynara-plugin.h>
+#include <cynara/types/PolicyDescription.h>
+#include <plugins.h>
+
+class BaseCynaraTestPlugin : public Cynara::ServicePluginInterface
+{
+public:
+ BaseCynaraTestPlugin(const std::string &name)
+ {
+ m_descriptions = CynaraTestPlugins::POLICY_DESCRIPTIONS.at(name);
+ }
+
+ virtual ~BaseCynaraTestPlugin() {}
+
+ virtual CynaraTestPlugins::Descriptions &getSupportedPolicyDescr()
+ {
+ return m_descriptions;
+ }
+
+ virtual Cynara::ServicePluginInterface::PluginStatus check(const std::string &client,
+ const std::string &user,
+ const std::string &privilege,
+ Cynara::PolicyResult &result,
+ Cynara::AgentType &requiredAgent,
+ Cynara::PluginData &pluginData)
+ noexcept
+ {
+ (void) client;
+ (void) user;
+ (void) privilege;
+ (void) requiredAgent;
+ (void) pluginData;
+
+ result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
+ return Cynara::ServicePluginInterface::PluginStatus::ANSWER_READY;
+ }
+
+ virtual Cynara::ServicePluginInterface::PluginStatus update(const std::string &client,
+ const std::string &user,
+ const std::string &privilege,
+ const Cynara::PluginData &agentData,
+ Cynara::PolicyResult &result)
+ noexcept
+ {
+ (void) client;
+ (void) user;
+ (void) privilege;
+ (void) agentData;
+
+ result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
+ return Cynara::ServicePluginInterface::PluginStatus::ANSWER_READY;
+ }
+
+ virtual void invalidate()
+ {
+ }
+
+private:
+ CynaraTestPlugins::Descriptions m_descriptions;
+};
+
+#endif // BASE_CYNARA_TEST_PLUGIN_H
--- /dev/null
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+ADD_SUBDIRECTORY(single-policy)
+ADD_SUBDIRECTORY(multiple-policy)
+ADD_SUBDIRECTORY(test-agent)
--- /dev/null
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+#
+
+CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
+
+INCLUDE(FindPkgConfig)
+
+SET(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY "cynara-test-plugin-multiple-policy")
+
+PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEP
+ REQUIRED
+ cynara-plugin
+ )
+
+INCLUDE_DIRECTORIES(
+ ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEP_INCLUDE_DIRS}
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
+ )
+
+SET(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/multiple-policy/plugin.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
+ )
+
+ADD_DEFINITIONS("-fvisibility=default")
+
+ADD_LIBRARY(
+ ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
+ SHARED
+ ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_SOURCES}
+ )
+
+TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
+ ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEPS}
+ )
+
+INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
+ DESTINATION /usr/lib/security-tests/cynara-tests/plugins/multiple-policy/)
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file plugin.cpp
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @brief Implementation of cynara test plugin handling multiple policy type
+ */
+
+#include <new>
+
+#include <cynara-plugin.h>
+#include <BaseCynaraTestPlugin.h>
+#include <plugins.h>
+
+class MultiplePolicyPlugin : public BaseCynaraTestPlugin
+{
+public:
+ MultiplePolicyPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::MULTIPLE_POLICY) {}
+ virtual ~MultiplePolicyPlugin() {}
+};
+
+extern "C" {
+Cynara::ExternalPluginInterface *create(void) {
+ return new MultiplePolicyPlugin();
+}
+
+void destroy(Cynara::ExternalPluginInterface *ptr) {
+ delete ptr;
+}
+} // extern "C"
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file plugins.cpp
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @brief Definition of types, constants and functions common for both tests and plugins
+ */
+
+#include <vector>
+#include <sstream>
+#include <string>
+
+#include <plugins.h>
+
+namespace CynaraTestPlugins {
+
+Cynara::PluginData wrapAgentData(const AgentDataVector &data) {
+ std::stringstream wrappedData;
+ wrappedData << AGENT_DATA_RECORD_SEPARATOR;
+ for (size_t i = 0; i < data.size(); ++i) {
+ wrappedData << AGENT_DATA_UNIT_SEPARATOR
+ << data[i]
+ << AGENT_DATA_UNIT_SEPARATOR;
+ }
+ wrappedData << AGENT_DATA_RECORD_SEPARATOR;
+ return wrappedData.str();
+}
+
+static bool unwrapAgentDataFromSeparator(const Cynara::PluginData &wrappedData,
+ const std::string &separator,
+ size_t &pos, std::string &unit) {
+//check if wrapped data starts with separator
+ size_t separatorSize = separator.size();
+ if (wrappedData.compare(pos, separatorSize, separator) != 0)
+ return false;
+
+//find ending separator
+ size_t unitStartIndex = pos + separatorSize;
+ size_t endingSeparatorIndex = wrappedData.find(separator, unitStartIndex);
+ if (endingSeparatorIndex == std::string::npos)
+ return false;
+
+//return found unit
+ pos = endingSeparatorIndex + separatorSize;
+ size_t unitSize = endingSeparatorIndex - unitStartIndex;
+ unit.assign(wrappedData, unitStartIndex, unitSize);
+ return true;
+}
+
+bool unwrapAgentData(const Cynara::PluginData &wrappedData, AgentDataVector& data) {
+ std::string record;
+ size_t pos = 0;
+ if (!unwrapAgentDataFromSeparator(wrappedData, AGENT_DATA_RECORD_SEPARATOR, pos, record))
+ return false;
+
+ pos = 0;
+ while (pos < record.size()) {
+ std::string unit;
+ if (!unwrapAgentDataFromSeparator(record, AGENT_DATA_UNIT_SEPARATOR, pos, unit))
+ return false;
+ data.push_back(unit);
+ }
+ return true;
+}
+
+} // namespace CynaraTestPlugins
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file plugins.h
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @brief Definition of types, constants and functions common for both tests and plugins
+ */
+
+#ifndef CYNARA_TEST_PLUGINS_H
+#define CYNARA_TEST_PLUGINS_H
+
+#include <cstdint>
+#include <vector>
+#include <map>
+#include <string>
+
+#include <cynara-plugin.h>
+#include <cynara/types/PolicyDescription.h>
+#include <cynara/types/PolicyType.h>
+
+namespace CynaraTestPlugins {
+
+typedef std::vector<Cynara::PolicyDescription> Descriptions;
+typedef std::pair<std::string, Descriptions> DescriptionsPair;
+typedef std::map<std::string, Descriptions> DescriptionsMap;
+
+static const std::string TEST_PLUGIN_PATH("/usr/lib/security-tests/cynara-tests/plugins/");
+
+static const std::string DEFAULT_POLICY("");
+static const std::string SINGLE_POLICY("single-policy");
+static const std::string MULTIPLE_POLICY("multiple-policy");
+static const std::string TEST_AGENT("test-agent");
+
+static const DescriptionsMap POLICY_DESCRIPTIONS = {
+ DescriptionsPair(DEFAULT_POLICY, {
+ { Cynara::PredefinedPolicyType::DENY, "Deny" },
+ { Cynara::PredefinedPolicyType::ALLOW, "Allow" },
+ }),
+ DescriptionsPair(SINGLE_POLICY, {
+ { 2001, "Single Policy Type 1" }
+ }),
+ DescriptionsPair(MULTIPLE_POLICY, {
+ { 3001, "Multiple Policy Type 1" },
+ { 3002, "Multiple Policy Type 2" },
+ { 3003, "Multiple Policy Type 3" },
+ }),
+ DescriptionsPair(TEST_AGENT, {
+ { 4001, "Test Agent Type 1" }
+ }),
+};
+
+static const std::string TEST_AGENT_TYPE("SecurityCynaraTestsAgentType");
+
+static const std::string AGENT_DATA_UNIT_SEPARATOR("\31");
+static const std::string AGENT_DATA_RECORD_SEPARATOR("\30");
+static const std::string AGENT_DATA_ALLOW("Allow");
+static const std::string AGENT_DATA_DENY("Deny");
+
+typedef std::vector<std::string> AgentDataVector;
+
+Cynara::PluginData wrapAgentData(const AgentDataVector &data);
+bool unwrapAgentData(const Cynara::PluginData &wrappedData, AgentDataVector& data);
+
+} // namespace CynaraTestPlugins
+
+#endif // CYNARA_TEST_PLUGINS_H
--- /dev/null
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+#
+
+CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
+
+INCLUDE(FindPkgConfig)
+
+SET(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY "cynara-test-plugin-single-policy")
+
+PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEP
+ REQUIRED
+ cynara-plugin
+ )
+
+INCLUDE_DIRECTORIES(
+ ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEP_INCLUDE_DIRS}
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
+ )
+
+SET(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/single-policy/plugin.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
+ )
+
+ADD_DEFINITIONS("-fvisibility=default")
+
+ADD_LIBRARY(
+ ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
+ SHARED
+ ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_SOURCES}
+ )
+
+TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
+ ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEPS}
+ )
+
+INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
+ DESTINATION /usr/lib/security-tests/cynara-tests/plugins/single-policy/)
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file plugin.cpp
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @brief Implementation of cynara test plugin handling single policy type
+ */
+
+#include <new>
+
+#include <cynara-plugin.h>
+#include <BaseCynaraTestPlugin.h>
+#include <plugins.h>
+
+class SinglePolicyPlugin : public BaseCynaraTestPlugin
+{
+public:
+ SinglePolicyPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::SINGLE_POLICY) {}
+ virtual ~SinglePolicyPlugin() {}
+};
+
+extern "C" {
+Cynara::ExternalPluginInterface *create(void) {
+ return new SinglePolicyPlugin();
+}
+
+void destroy(Cynara::ExternalPluginInterface *ptr) {
+ delete ptr;
+}
+} // extern "C"
--- /dev/null
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+#
+
+CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
+
+INCLUDE(FindPkgConfig)
+
+SET(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT "cynara-test-plugin-test-agent")
+
+PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEP
+ REQUIRED
+ cynara-plugin
+ )
+
+INCLUDE_DIRECTORIES(
+ ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEP_INCLUDE_DIRS}
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
+ )
+
+SET(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/test-agent/plugin.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
+ )
+
+ADD_DEFINITIONS("-fvisibility=default")
+
+ADD_LIBRARY(
+ ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
+ SHARED
+ ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_SOURCES}
+ )
+
+TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
+ ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEPS}
+ )
+
+INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
+ DESTINATION /usr/lib/security-tests/cynara-tests/plugins/test-agent/)
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file plugin.cpp
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @brief Implementation of cynara test plugin handling communication with test-agent
+ */
+
+#include <new>
+
+#include <cynara-plugin.h>
+#include <BaseCynaraTestPlugin.h>
+#include <plugins.h>
+
+class TestAgentPlugin : public BaseCynaraTestPlugin
+{
+public:
+ TestAgentPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::TEST_AGENT) {}
+ virtual ~TestAgentPlugin() {}
+
+ virtual Cynara::ServicePluginInterface::PluginStatus check(const std::string &client,
+ const std::string &user,
+ const std::string &privilege,
+ Cynara::PolicyResult &result,
+ Cynara::AgentType &requiredAgent,
+ Cynara::PluginData &pluginData)
+ noexcept
+ {
+ (void) result;
+
+ try {
+ requiredAgent = CynaraTestPlugins::TEST_AGENT_TYPE;
+ pluginData = CynaraTestPlugins::wrapAgentData({client, user, privilege});
+ } catch (...) {
+ return Cynara::ServicePluginInterface::PluginStatus::ERROR;
+ }
+ return Cynara::ServicePluginInterface::PluginStatus::ANSWER_NOTREADY;
+ }
+
+ virtual Cynara::ServicePluginInterface::PluginStatus update(const std::string &client,
+ const std::string &user,
+ const std::string &privilege,
+ const Cynara::PluginData &agentData,
+ Cynara::PolicyResult &result)
+ noexcept
+ {
+ (void) client;
+ (void) user;
+ (void) privilege;
+
+ try {
+ CynaraTestPlugins::AgentDataVector data;
+ if (!CynaraTestPlugins::unwrapAgentData(agentData, data))
+ return Cynara::ServicePluginInterface::PluginStatus::ERROR;
+
+ if (data.size() != 1)
+ return Cynara::ServicePluginInterface::PluginStatus::ERROR;
+
+ if (data[0] == CynaraTestPlugins::AGENT_DATA_ALLOW) {
+ result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::ALLOW);
+ return Cynara::ServicePluginInterface::PluginStatus::SUCCESS;
+ }
+ else if (data[0] == CynaraTestPlugins::AGENT_DATA_DENY) {
+ result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
+ return Cynara::ServicePluginInterface::PluginStatus::SUCCESS;
+ }
+ } catch (...) {
+ return Cynara::ServicePluginInterface::PluginStatus::ERROR;
+ }
+ return Cynara::ServicePluginInterface::PluginStatus::ERROR;
+ }
+};
+
+extern "C" {
+Cynara::ExternalPluginInterface *create(void) {
+ return new TestAgentPlugin();
+}
+
+void destroy(Cynara::ExternalPluginInterface *ptr) {
+ delete ptr;
+}
+} // extern "C"
--- /dev/null
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file test_cases.cpp
+ * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
+ * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @version 1.1
+ * @brief Tests for libcynara-client and libcynara-admin
+ */
+
+#include <cynara_test_commons.h>
+
+#include <tests_common.h>
+#include <cynara_test_client.h>
+#include <cynara_test_admin.h>
+#include <cynara_test_env.h>
+#include <plugins.h>
+
+#include <climits>
+
+using namespace CynaraTestAdmin;
+using namespace CynaraTestClient;
+
+void tc01_cynara_initialize_func()
+{
+ Client();
+}
+
+void tc02_admin_initialize_func()
+{
+ Admin admin;
+}
+
+void tc03_cynara_check_invalid_params_func()
+{
+ Client cynara;
+
+ const char *client = "client03";
+ const char *user = "user03";
+ const char *privilege = "privilege03";
+ const char *session = "session03";
+
+ cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
+ cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
+ cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
+ cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
+}
+
+void checkInvalidPolicy(Admin &admin,
+ const char *bucket,
+ const char *client,
+ const char *user,
+ const char *privilege,
+ const int result,
+ const char *resultExtra)
+{
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, client, user, privilege, result, resultExtra);
+
+ admin.setPolicies(cp, CYNARA_API_INVALID_PARAM);
+}
+
+void tc04_admin_set_policies_invalid_params_func()
+{
+ Admin admin;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *client = "client04";
+ const char *user = "user04";
+ const char *privilege = "privilege04";
+ const int resultAllow = CYNARA_ADMIN_ALLOW;
+ const int resultBucket = CYNARA_ADMIN_BUCKET;
+ const int resultNone = CYNARA_ADMIN_NONE;
+ const char *resultExtra = nullptr;
+
+ checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
+ checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
+ checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
+ checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
+ checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
+ checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
+ checkInvalidPolicy(admin, bucket, client, user, privilege, resultNone, resultExtra);
+}
+
+void tc05_admin_set_bucket_invalid_params_func()
+{
+ Admin admin;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const int operationAllow = CYNARA_ADMIN_ALLOW;
+ const int operationDelete = CYNARA_ADMIN_DELETE;
+ const int operationNone = CYNARA_ADMIN_NONE;
+ const char *extra = nullptr;
+
+ admin.setBucket(nullptr, operationAllow, extra, CYNARA_API_INVALID_PARAM);
+ admin.setBucket(bucket, INT_MAX, extra, CYNARA_API_INVALID_PARAM);
+ admin.setBucket(bucket, operationDelete, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
+ admin.setBucket(bucket, operationNone, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
+}
+
+void tc06_cynara_check_empty_admin1_func()
+{
+ Client cynara;
+
+ const char *client = "client06_1";
+ const char *session = "session06_1";
+ const char *user = "user06_1";
+ const char *privilege = "privilege06_1";
+
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+void tc06_cynara_check_empty_admin2_func()
+{
+ Client cynara;
+
+ const char *client = CYNARA_ADMIN_WILDCARD;
+ const char *session = "session06_2";
+ const char *user = CYNARA_ADMIN_WILDCARD;
+ const char *privilege = CYNARA_ADMIN_WILDCARD;
+
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+void tc07_admin_set_bucket_admin_allow_deny_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *client = "client07";
+ const char *session = "session07";
+ const char *user = "user07";
+ const char *privilege = "privilege07";
+ const char *extra = nullptr;
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
+
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+void tc08_admin_set_policies_allow_remove1_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *session = "session08_1";
+ const int resultAllow = CYNARA_ADMIN_ALLOW;
+ const int resultDelete = CYNARA_ADMIN_DELETE;
+ const char *resultExtra = nullptr;
+
+ const std::vector< std::vector<const char *> > data = {
+ { "client08_1_a", "user08_1_a", "privilege08_1_a" },
+ { "client08_1_b", "user08_1_b", "privilege08_1_b" },
+ };
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ // allow first policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ // allow second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
+
+ // delete first policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
+
+ // delete second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+}
+
+void tc08_admin_set_policies_allow_remove2_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *session = "session08_2";
+ const int resultAllow = CYNARA_ADMIN_ALLOW;
+ const int resultDelete = CYNARA_ADMIN_DELETE;
+ const char *resultExtra = nullptr;
+
+ const std::vector< std::vector<const char *> > data = {
+ { "client08_2_a", "user08_2_a", "privilege08_2_a" },
+ { "client08_2_b", "user08_2_b", "privilege08_2_b" },
+ };
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ // allow first policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ // delete first, allow second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
+
+ // delete second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
+ admin.setPolicies(cp);
+ }
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+}
+
+void tc08_admin_set_policies_allow_remove3_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *session = "session08_3";
+ const int resultAllow = CYNARA_ADMIN_ALLOW;
+ const int resultDelete = CYNARA_ADMIN_DELETE;
+ const char *resultExtra = nullptr;
+
+ const std::vector< std::vector<const char *> > data = {
+ { "client08_3_a", "user08_3_a", "privilege08_3_a" },
+ { "client08_3_b", "user08_3_b", "privilege08_3_b" },
+ };
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ // allow first and second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
+
+ // delete first and second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
+ admin.setPolicies(cp);
+ }
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+}
+
+void checkAllDeny(const std::vector< std::vector<const char *> > &data,
+ const char *session)
+{
+ Client cynara;
+
+ for (auto it = data.begin(); it != data.end(); ++it) {
+ RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
+ }
+
+ for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
+ for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
+ for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
+ cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
+ }
+ }
+ }
+}
+
+void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
+{
+ RUNNER_ASSERT_MSG(data.size() == 3, "Wrong test data size");
+ for (auto it = data.begin(); it != data.end(); ++it) {
+ RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
+ }
+}
+
+void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
+ const char *session)
+{
+ Client cynara;
+
+ checkSingleWildcardData(data);
+
+ for (size_t c = 0; c < data.size(); ++c) {
+ for (size_t u = 0; u < data.size(); ++u) {
+ for (size_t p = 0; p < data.size(); ++p) {
+ if ((u == 0 && p == 0)
+ || (c == 1 && p == 1)
+ || (c == 2 && u == 2)) {
+ cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED);
+ } else {
+ cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
+ }
+ }
+ }
+ }
+}
+
+void setSingleWildcardPolicies(const char *bucket,
+ const std::vector< std::vector<const char *> > &data,
+ const int result, const char* resultExtra)
+{
+ Admin admin;
+ CynaraPoliciesContainer cp;
+
+ checkSingleWildcardData(data);
+
+ cp.add(bucket,
+ CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
+ result, resultExtra);
+ cp.add(bucket,
+ data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
+ result, resultExtra);
+ cp.add(bucket,
+ data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
+ result, resultExtra);
+
+ admin.setPolicies(cp);
+}
+
+void tc09_admin_set_policies_wildcard_accesses_func()
+{
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *session = "session09";
+ const char *resultExtra = nullptr;
+
+ const std::vector< std::vector<const char *> > data = {
+ { "client09_a", "user09_a", "privilege09_a" },
+ { "client09_b", "user09_b", "privilege09_b" },
+ { "client09_c", "user09_c", "privilege09_c" }
+ };
+
+ checkAllDeny(data, session);
+
+ setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra);
+
+ checkSingleWildcardAllowRestDeny(data, session);
+
+ setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra);
+
+ checkAllDeny(data, session);
+}
+
+void tc10_admin_change_extra_bucket_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket10";
+ const char *session = "session10";
+ const char *extra = nullptr;
+ const char *extraResult = nullptr;
+
+
+ const std::vector< std::vector<const char *> > data = {
+ { "client10_a", "user10_a", "privilege10_a" },
+ { "client10_b", "user10_b", "privilege10_b" }
+ };
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ data[0][0], data[0][1], data[0][2],
+ CYNARA_ADMIN_BUCKET, bucket);
+ admin.setPolicies(cp);
+ }
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ data[0][0], data[0][1], data[0][2],
+ CYNARA_ADMIN_DELETE, extraResult);
+ admin.setPolicies(cp);
+ }
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
+}
+
+void tc11_admin_bucket_not_found_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket11";
+ const char *client = "client11";
+ const char *session = "session11";
+ const char *user = "user11";
+ const char *privilege = "privilege11";
+
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket);
+ admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
+ }
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+void tc12_admin_delete_bucket_with_policies_pointing_to_it_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket12";
+ const char *client = "client12";
+ const char *session = "session12";
+ const char *user = "user12";
+ const char *privilege = "privilege12";
+ const char *extra = nullptr;
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket);
+ admin.setPolicies(cp);
+ }
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+void tc13_admin_set_policies_to_extra_bucket_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket13";
+ const char *client = "client13";
+ const char *session = "session13";
+ const char *user = "user13";
+ const char *privilege = "privilege13";
+ const char *extra = nullptr;
+ const char *extraResult = nullptr;
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket);
+ cp.add(bucket,
+ client, user, privilege,
+ CYNARA_ADMIN_ALLOW, extraResult);
+ admin.setPolicies(cp);
+ }
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+void tc14_admin_set_policies_integrity_func()
+{
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket14";
+ const char *client = "client14";
+ const char *session = "session14";
+ const char *user = "user14";
+ const char *privilege = "privilege14";
+ const char *extraResult = nullptr;
+
+ {
+ Client cynara;
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+ }
+
+ {
+ Admin admin;
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_ALLOW, extraResult);
+ cp.add(bucket,
+ client, user, privilege,
+ CYNARA_ADMIN_ALLOW, extraResult);
+ admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
+ }
+
+ {
+ Client cynara;
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+ }
+}
+
+void tc15_admin_set_bucket_admin_none1_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket15_1";
+ const char *client = "client15_1";
+ const char *session = "session15_1";
+ const char *user = "user15_1";
+ const char *privilege = "privilege15_1";
+ const char *extra = nullptr;
+ const char *extraResult = nullptr;
+
+ admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket);
+ cp.add(bucket,
+ client, user, privilege,
+ CYNARA_ADMIN_ALLOW, extraResult);
+ admin.setPolicies(cp);
+ }
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
+}
+
+void tc15_admin_set_bucket_admin_none2_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket15_2";
+ const char *client = "client15_2";
+ const char *session = "session15_2";
+ const char *user = "user15_2";
+ const char *privilege = "privilege15_2";
+ const char *extra = nullptr;
+
+ admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket);
+ admin.setPolicies(cp);
+ }
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+void tc15_admin_set_bucket_admin_none3_func()
+{
+ Admin admin;
+ Client cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket15_3";
+ const char *client = "client15_3";
+ const char *session = "session15_3";
+ const char *user = "user15_3";
+ const char *privilege = "privilege15_3";
+ const char *extra = nullptr;
+ const char *extraResult = nullptr;
+
+ admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket);
+ cp.add(bucketDefault,
+ client, user, CYNARA_ADMIN_WILDCARD,
+ CYNARA_ADMIN_ALLOW, extraResult);
+ admin.setPolicies(cp);
+ }
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
+}
+
+void tc16_admin_check_single_bucket_func()
+{
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *client = "client16";
+ const char *user = "user16";
+ const char *privilege = "privilege16";
+ const char *extraResult = nullptr;
+ int recursive = 1;
+ int notrecursive = 0;
+
+ Admin admin;
+
+ admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+ CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
+
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_ALLOW, extraResult);
+ admin.setPolicies(cp);
+
+ admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+}
+
+void tc17_admin_check_nested_bucket_func()
+{
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket17";
+ const char *client = "client17";
+ const char *user = "user17";
+ const char *privilege = "privilege17";
+ const char *extra = nullptr;
+ const char *extraResult = nullptr;
+ int recursive = 1;
+ int notrecursive = 0;
+
+ Admin admin;
+ admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
+
+ admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+ CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket, recursive, client, user, privilege,
+ CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket);
+ cp.add(bucket,
+ client, user, privilege,
+ CYNARA_ADMIN_ALLOW, extraResult);
+ admin.setPolicies(cp);
+ }
+
+ admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket, recursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+}
+
+void tc18_admin_check_multiple_matches_func()
+{
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *client = "client18";
+ const char *user = "user18";
+ const char *privilege = "privilege18";
+ const char *wildcard = CYNARA_ADMIN_WILDCARD;
+ const char *extra = nullptr;
+ const char *extraResult = nullptr;
+ int recursive = 1;
+ int notrecursive = 0;
+
+ Admin admin;
+
+ auto check = [&](int expected_result)
+ {
+ admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+ expected_result, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+ expected_result, nullptr, CYNARA_API_SUCCESS);
+ };
+
+ check(CYNARA_ADMIN_DENY);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_ALLOW, extraResult);
+ admin.setPolicies(cp);
+ }
+
+ check(CYNARA_ADMIN_ALLOW);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ wildcard, user, privilege,
+ CYNARA_ADMIN_DENY, extraResult);
+ admin.setPolicies(cp);
+ }
+
+ check(CYNARA_ADMIN_DENY);
+
+ admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
+
+ check(CYNARA_ADMIN_DENY);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_DELETE, extraResult);
+ admin.setPolicies(cp);
+ }
+
+ check(CYNARA_ADMIN_DENY);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ wildcard, user, privilege,
+ CYNARA_ADMIN_DELETE, extraResult);
+ admin.setPolicies(cp);
+ }
+
+ check(CYNARA_ADMIN_ALLOW);
+}
+
+void tc19_admin_check_none_bucket_func()
+{
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket1 = "bucket19_a";
+ const char *bucket2 = "bucket19_b";
+ const char *client = "client19";
+ const char *user = "user19";
+ const char *privilege = "privilege19";
+ const char *extra = nullptr;
+ int recursive = 1;
+ int notrecursive = 0;
+
+ Admin admin;
+ admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
+ admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
+
+ admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+ CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket1, recursive, client, user, privilege,
+ CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket1, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket2, recursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket2, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket1);
+ cp.add(bucket1,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket2);
+ admin.setPolicies(cp);
+ }
+
+ admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket1, recursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket1, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket2, recursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+ admin.adminCheck(bucket2, notrecursive, client, user, privilege,
+ CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
+}
+
+void tc20_admin_list_empty_bucket_func()
+{
+ const char *emptyBucket = "empty_bucket20";
+ const char *client = "client20";
+ const char *user = "user20";
+ const char *privilege = "privilege20";
+ const char *extra = nullptr;
+
+ Admin admin;
+ admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
+
+ CynaraPoliciesContainer emptyPolicies;
+
+ admin.listPolicies(emptyBucket, client, user, privilege, emptyPolicies);
+}
+
+void tc21_admin_list_no_bucket_func()
+{
+ const char *emptyBucket = "empty_bucket21";
+ const char *notExistingBucket = "not_existing_bucket21";
+ const char *client = "client21";
+ const char *user = "user21";
+ const char *privilege = "privilege21";
+ const char *extra = nullptr;
+
+ Admin admin;
+ admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
+
+ CynaraPoliciesContainer emptyPolicies;
+
+ admin.listPolicies(notExistingBucket, client, user, privilege, emptyPolicies,
+ CYNARA_API_BUCKET_NOT_FOUND);
+}
+
+void tc22_admin_list_bucket_func()
+{
+ const char *bucket = "bucket22";
+ const char *emptyBucket = "empty_bucket22";
+ const char *client = "client22";
+ const char *user = "user22";
+ const char *privilege = "privilege22";
+ const char *client2 = "client22_2";
+ const char *user2 = "user22_2";
+ const char *privilege2 = "privilege22_2";
+ const char *wildcard = CYNARA_ADMIN_WILDCARD;
+ const char *any = CYNARA_ADMIN_ANY;
+
+ const char *extra = nullptr;
+
+ Admin admin;
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+ admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ admin.setPolicies(cp);
+ }
+
+ CynaraPoliciesContainer expectedPolicies;
+ expectedPolicies.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
+ expectedPolicies.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
+ expectedPolicies.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+
+ admin.listPolicies(bucket, client, wildcard, any, expectedPolicies);
+}
+
+void tc23_admin_erase_empty_bucket_func()
+{
+ const char *emptyBucket = "empty_bucket23";
+ const char *client = "client23";
+ const char *user = "user23";
+ const char *privilege = "privilege23";
+ const char *extra = nullptr;
+ int recursive = 1;
+
+ Admin admin;
+ admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
+
+ admin.erasePolicies(emptyBucket, recursive, client, user, privilege);
+}
+
+void tc24_admin_erase_no_bucket_func()
+{
+ const char *emptyBucket = "empty_bucket24";
+ const char *notExistingBucket = "not_existing_bucket24";
+ const char *client = "client24";
+ const char *user = "user24";
+ const char *privilege = "privilege24";
+ const char *extra = nullptr;
+ int recursive = 1;
+
+ Admin admin;
+ admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
+
+ admin.erasePolicies(notExistingBucket, recursive, client, user, privilege,
+ CYNARA_API_BUCKET_NOT_FOUND);
+}
+
+void tc25_admin_erase_single_bucket_func()
+{
+ const char *bucket = "bucket25";
+ const char *emptyBucket = "empty_bucket25";
+ const char *client = "client25";
+ const char *user = "user25";
+ const char *privilege = "privilege25";
+ const char *client2 = "client25_2";
+ const char *user2 = "user25_2";
+ const char *privilege2 = "privilege25_2";
+ const char *wildcard = CYNARA_ADMIN_WILDCARD;
+ const char *any = CYNARA_ADMIN_ANY;
+ const char *extra = nullptr;
+ int recursive = 1;
+
+ Admin admin;
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+ admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ admin.setPolicies(cp);
+ }
+
+ admin.erasePolicies(bucket, recursive, client, wildcard, any);
+
+ {
+ CynaraPoliciesContainer expPolicies;
+ expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ // WAS ERASED (bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ // WAS ERASED (bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
+ // WAS ERASED (bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ expPolicies.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+ admin.listPolicies(bucket, any, any, any, expPolicies);
+ }
+ {
+ CynaraPoliciesContainer expPolicies;
+ admin.listPolicies(emptyBucket, any, any, any, expPolicies);
+ }
+}
+
+void tc26_admin_erase_recursive_not_linked_buckets_func()
+{
+ const char *bucket = "bucket26";
+ const char *subBucket = "sub_bucket26";
+ const char *client = "client26";
+ const char *user = "user26";
+ const char *privilege = "privilege26";
+ const char *wildcard = CYNARA_ADMIN_WILDCARD;
+ const char *any = CYNARA_ADMIN_ANY;
+ const char *extra = nullptr;
+ int recursive = 1;
+
+ Admin admin;
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+ admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+
+ cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.setPolicies(cp);
+ }
+
+ admin.erasePolicies(bucket, recursive, any, user, wildcard);
+
+ {
+ CynaraPoliciesContainer expPolicies;
+ expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.listPolicies(bucket, any, any, any, expPolicies);
+ }
+ {
+ CynaraPoliciesContainer expPolicies;
+ expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.listPolicies(subBucket, any, any, any, expPolicies);
+ }
+}
+
+void tc27_admin_erase_recursive_linked_buckets_func()
+{
+ const char *bucket = "bucket27";
+ const char *subBucket = "sub_bucket27";
+ const char *client = "client27";
+ const char *user = "user27";
+ const char *privilege = "privilege27";
+ const char *wildcard = CYNARA_ADMIN_WILDCARD;
+ const char *any = CYNARA_ADMIN_ANY;
+ const char *extra = nullptr;
+ int recursive = 1;
+
+ Admin admin;
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+ admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
+
+ cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+
+ cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.setPolicies(cp);
+ }
+
+ admin.erasePolicies(bucket, recursive, any, user, wildcard);
+
+ {
+ CynaraPoliciesContainer expPolicies;
+ expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
+ admin.listPolicies(bucket, any, any, any, expPolicies);
+ }
+ {
+ CynaraPoliciesContainer expPolicies;
+ expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.listPolicies(subBucket, any, any, any, expPolicies);
+ }
+}
+
+void tc28_admin_erase_non_recursive_linked_buckets_func()
+{
+ const char *bucket = "bucket28";
+ const char *subBucket = "sub_bucket28";
+ const char *client = "client28";
+ const char *user = "user28";
+ const char *privilege = "privilege28";
+ const char *wildcard = CYNARA_ADMIN_WILDCARD;
+ const char *any = CYNARA_ADMIN_ANY;
+ const char *extra = nullptr;
+ int recursive = 0;
+
+ Admin admin;
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+ admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
+
+ cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+
+ cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.setPolicies(cp);
+ }
+
+ admin.erasePolicies(bucket, recursive, any, user, wildcard);
+
+ {
+ CynaraPoliciesContainer expPolicies;
+ expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
+ admin.listPolicies(bucket, any, any, any, expPolicies);
+ }
+ {
+ CynaraPoliciesContainer expPolicies;
+ expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.listPolicies(subBucket, any, any, any, expPolicies);
+ }
+}
+
+void tc29_admin_erase_recursive_from_sub_bucket_func()
+{
+ const char *bucket = "bucket29";
+ const char *subBucket = "sub_bucket29";
+ const char *client = "client29";
+ const char *user = "user29";
+ const char *privilege = "privilege29";
+ const char *wildcard = CYNARA_ADMIN_WILDCARD;
+ const char *any = CYNARA_ADMIN_ANY;
+ const char *extra = nullptr;
+ int recursive = 1;
+
+ Admin admin;
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+ admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
+
+ cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+
+ cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.setPolicies(cp);
+ }
+
+ admin.erasePolicies(subBucket, recursive, any, user, wildcard);
+
+ {
+ CynaraPoliciesContainer expPolicies;
+ expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
+ expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
+ expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.listPolicies(bucket, any, any, any, expPolicies);
+ }
+ {
+ CynaraPoliciesContainer expPolicies;
+ expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.listPolicies(subBucket, any, any, any, expPolicies);
+ }
+}
+
+void testPlugins(const std::vector<std::string> &plugins)
+{
+ using namespace CynaraTestPlugins;
+
+ DirectoryPaths paths;
+ Descriptions expectedDescriptions(POLICY_DESCRIPTIONS.at(DEFAULT_POLICY));
+
+ for (auto &plugin : plugins) {
+ paths.push_back(TEST_PLUGIN_PATH + plugin);
+
+ const Descriptions &pluginDescriptions = POLICY_DESCRIPTIONS.at(plugin);
+ expectedDescriptions.insert(expectedDescriptions.end(),
+ pluginDescriptions.begin(), pluginDescriptions.end());
+ }
+
+ loadServicePlugins(paths);
+
+ Admin admin;
+ admin.listPoliciesDescriptions(expectedDescriptions);
+}
+
+void tc30_admin_list_descriptions_no_plugins_func()
+{
+ testPlugins({});
+}
+
+void tc31_admin_list_descriptions_1_plugin_single_policy_func()
+{
+ testPlugins({CynaraTestPlugins::SINGLE_POLICY});
+}
+
+void tc32_admin_list_descriptions_1_plugin_multiple_policy_func()
+{
+ testPlugins({CynaraTestPlugins::MULTIPLE_POLICY});
+}
+
+void tc33_admin_list_descriptions_multiple_plugins_func()
+{
+ testPlugins({CynaraTestPlugins::SINGLE_POLICY,
+ CynaraTestPlugins::MULTIPLE_POLICY});
+}
+
+RUNNER_TEST_GROUP_INIT(cynara_tests)
+
+RUN_CYNARA_TEST(tc01_cynara_initialize)
+RUN_CYNARA_TEST(tc02_admin_initialize)
+RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
+RUN_CYNARA_TEST(tc04_admin_set_policies_invalid_params)
+RUN_CYNARA_TEST(tc05_admin_set_bucket_invalid_params)
+RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
+RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
+RUN_CYNARA_TEST(tc07_admin_set_bucket_admin_allow_deny)
+RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove1)
+RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove2)
+RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove3)
+RUN_CYNARA_TEST(tc09_admin_set_policies_wildcard_accesses)
+RUN_CYNARA_TEST(tc10_admin_change_extra_bucket)
+RUN_CYNARA_TEST(tc11_admin_bucket_not_found)
+RUN_CYNARA_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
+RUN_CYNARA_TEST(tc13_admin_set_policies_to_extra_bucket)
+RUN_CYNARA_TEST(tc14_admin_set_policies_integrity)
+RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none1)
+RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none2)
+RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none3)
+RUN_CYNARA_TEST(tc16_admin_check_single_bucket)
+RUN_CYNARA_TEST(tc17_admin_check_nested_bucket)
+RUN_CYNARA_TEST(tc18_admin_check_multiple_matches)
+RUN_CYNARA_TEST(tc19_admin_check_none_bucket)
+RUN_CYNARA_TEST(tc20_admin_list_empty_bucket)
+RUN_CYNARA_TEST(tc21_admin_list_no_bucket)
+RUN_CYNARA_TEST(tc22_admin_list_bucket)
+RUN_CYNARA_TEST(tc23_admin_erase_empty_bucket)
+RUN_CYNARA_TEST(tc24_admin_erase_no_bucket)
+RUN_CYNARA_TEST(tc25_admin_erase_single_bucket)
+RUN_CYNARA_TEST(tc26_admin_erase_recursive_not_linked_buckets)
+RUN_CYNARA_TEST(tc27_admin_erase_recursive_linked_buckets)
+RUN_CYNARA_TEST(tc28_admin_erase_non_recursive_linked_buckets)
+RUN_CYNARA_TEST(tc29_admin_erase_recursive_from_sub_bucket)
+RUN_CYNARA_TEST(tc30_admin_list_descriptions_no_plugins)
+RUN_CYNARA_TEST(tc31_admin_list_descriptions_1_plugin_single_policy)
+RUN_CYNARA_TEST(tc32_admin_list_descriptions_1_plugin_multiple_policy)
+RUN_CYNARA_TEST(tc33_admin_list_descriptions_multiple_plugins)
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file test_cases_async.cpp
+ * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @version 1.0
+ * @brief Tests for libcynara-client-async
+ */
+
+#include <cynara_test_admin.h>
+#include <cynara_test_commons.h>
+#include <cynara_test_client_async_client.h>
+
+#include <service_manager.h>
+#include <dpl/test/test_runner.h>
+
+#include <cynara-client-async.h>
+
+#include <cstdint>
+#include <unistd.h>
+
+using namespace CynaraTestClientAsync;
+using namespace CynaraTestAdmin;
+
+void tca01_initialize_func()
+{
+ Client client;
+}
+
+void tca02_empty_cache_miss_func()
+{
+ std::string testNo("02");
+ Client client;
+
+ client.checkCache({testNo}, CYNARA_API_CACHE_MISS);
+ client.checkCache({testNo}, CYNARA_API_CACHE_MISS);
+}
+
+void tca03_create_max_requests_func()
+{
+ std::string testNo("03");
+ cynara_check_id id;
+ RequestEntity callbackData = {RequestFunction(), 0, CYNARA_CALL_CAUSE_FINISH};
+
+ Client client;
+
+ for (auto i = 0; i <= UINT16_MAX; ++i) {
+ client.createRequest({testNo, i}, id, callbackData, CYNARA_API_SUCCESS);
+ client.assertStatus(READWRITE);
+ }
+
+ client.createRequest({testNo}, id, callbackData, CYNARA_API_MAX_PENDING_REQUESTS);
+ client.assertStatus(READWRITE);
+}
+
+void tca04_request_and_process_func()
+{
+ std::string testNo("04");
+ cynara_check_id id;
+ RequestEntity callbackData = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+
+ Client client;
+
+ client.createRequest({testNo}, id, callbackData);
+ client.assertStatus(READWRITE);
+
+ //send request
+ client.process();
+ client.assertStatus(READ);
+
+ //get answer
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+}
+
+void tca05_request_and_cancel1_func()
+{
+ std::string testNo("05");
+ int subtest = 1;
+ cynara_check_id id;
+ RequestEntity callbackData = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_CANCEL};
+
+ Client client;
+
+ client.createRequest({testNo, subtest}, id, callbackData);
+ client.assertStatus(READWRITE);
+
+ client.cancel(id);
+ client.assertStatus(READWRITE);
+
+ //send request and cancel
+ client.process();
+ client.assertStatus(READ);
+
+ //get answer
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+}
+
+void tca05_request_and_cancel2_func()
+{
+ std::string testNo("05");
+ int subtest = 2;
+ cynara_check_id id1, id2;
+ Client client;
+
+ RequestEntity callbackData1 = {[&]()->void {client.cancel(id2);},
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+ RequestEntity callbackData2 = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_CANCEL};
+
+ client.createRequest({testNo, subtest}, id1, callbackData1);
+ client.createRequest({testNo, subtest}, id2, callbackData2);
+ client.assertStatus(READWRITE);
+
+ //send requests
+ client.process();
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+}
+
+void tca05_request_and_cancel3_func()
+{
+ std::string testNo("05");
+ int subtest = 3;
+ cynara_check_id id;
+ RequestEntity callbackData = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+
+ Client client;
+
+ client.createRequest({testNo, subtest}, id, callbackData);
+ client.assertStatus(READWRITE);
+
+ //send request
+ client.process();
+ client.assertStatus(READ);
+
+ //get answer
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+ client.assertStatus(READ);
+
+ client.cancel(id, CYNARA_API_INVALID_PARAM);
+}
+
+void tca06_cancel_fail_func()
+{
+ cynara_check_id id = 0xDEAD;
+
+ Client client;
+
+ client.cancel(id, CYNARA_API_INVALID_PARAM);
+}
+
+void tca07_request_with_data_insertion_func()
+{
+ std::string testNo("07");
+ Admin admin;
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const int resultAllow = CYNARA_ADMIN_ALLOW;
+ CheckData data[2] = {{testNo, 1}, {testNo, 2}};
+ RequestEntity callbackAllow = {RequestFunction(),
+ CYNARA_API_ACCESS_ALLOWED,
+ CYNARA_CALL_CAUSE_ANSWER};
+ RequestEntity callbackDeny = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+ cynara_check_id id;
+ Client client;
+
+ client.checkCache(data[0], CYNARA_API_CACHE_MISS);
+ client.checkCache(data[1], CYNARA_API_CACHE_MISS);
+
+ client.createRequest(data[0], id, callbackDeny);
+ client.assertStatus(READWRITE);
+ client.process();
+ client.assertStatus(READ);
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+ client.assertStatus(READ);
+
+ client.checkCache(data[0], CYNARA_API_ACCESS_DENIED);
+ client.checkCache(data[1], CYNARA_API_CACHE_MISS);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0].toAdminPolicy(), resultAllow);
+ admin.setPolicies(cp);
+ }
+
+ client.checkCache(data[0], CYNARA_API_CACHE_MISS);
+ client.checkCache(data[1], CYNARA_API_CACHE_MISS);
+
+ client.createRequest(data[0], id, callbackAllow);
+ client.assertStatus(READWRITE);
+ client.process();
+ client.assertStatus(READ);
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+ client.assertStatus(READ);
+
+ client.checkCache(data[0], CYNARA_API_ACCESS_ALLOWED);
+ client.checkCache(data[1], CYNARA_API_CACHE_MISS);
+}
+
+void tca08_disconnect1_func()
+{
+ std::string testNo("08");
+ int subtest = 1;
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+ cynara_check_id id;
+ RequestEntity callbackData = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+ Client client;
+
+ client.createRequest({testNo, subtest}, id, callbackData);
+ client.assertStatus(READWRITE);
+
+ serviceManager.restartService();
+
+ client.process();
+ client.assertStatus(READ);
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+}
+
+void tca08_disconnect2_func()
+{
+ std::string testNo("08");
+ int subtest = 2;
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+ cynara_check_id id;
+ RequestEntity callbackData = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+ Client client;
+
+ client.createRequest({testNo, subtest}, id, callbackData);
+ client.assertStatus(READWRITE);
+
+ serviceManager.restartService();
+
+ client.process();
+ client.assertStatus(READ);
+
+ serviceManager.restartService();
+
+ client.process();
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+}
+
+void tca08_disconnect3_func()
+{
+ std::string testNo("08");
+ int subtest = 2;
+ cynara_check_id id;
+ RequestEntity callbackData = {[&](){
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+ serviceManager.restartService();
+ },
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+ Client client;
+
+ client.createRequest({testNo, subtest}, id, callbackData);
+ client.assertStatus(READWRITE);
+
+ client.process();
+ client.assertStatus(READ);
+
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+}
+
+void tca09_disconnect_and_cancel1_func()
+{
+ std::string testNo("09");
+ int subtest = 1;
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+ cynara_check_id id;
+ RequestEntity callbackData = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_CANCEL};
+
+ Client client;
+
+ client.createRequest({testNo, subtest}, id, callbackData);
+ client.assertStatus(READWRITE);
+
+ //send request
+ client.process();
+ client.assertStatus(READ);
+
+ serviceManager.restartService();
+
+ client.cancel(id);
+ client.assertStatus(READWRITE);
+
+ //send cancel
+ client.process();
+ client.assertStatus(READ);
+
+ //get answer
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+ client.assertStatus(READ);
+}
+
+void tca09_disconnect_and_cancel2_func()
+{
+ std::string testNo("09");
+ int subtest = 2;
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+ cynara_check_id id;
+ RequestEntity callbackData = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_CANCEL};
+
+ Client client;
+
+ client.createRequest({testNo, subtest}, id, callbackData);
+ client.assertStatus(READWRITE);
+
+ //send request
+ client.process();
+ client.assertStatus(READ);
+
+ client.cancel(id);
+ client.assertStatus(READWRITE);
+
+ serviceManager.restartService();
+
+ //handle reconnect
+ client.process();
+ client.assertStatus(READ);
+
+ //get answer
+ client.process(CYNARA_API_SUCCESS, Client::EXPECT_TIMEOUT);
+ client.assertStatus(READ);
+}
+
+void tca10_double_request_func()
+{
+ std::string testNo("10");
+ cynara_check_id id, id2;
+ Client client;
+
+ RequestEntity callbackData2 = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+
+ RequestEntity callbackData = {[&](){client.createRequest({testNo}, id2, callbackData2);},
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+
+
+ client.createRequest({testNo}, id, callbackData);
+ client.assertStatus(READWRITE);
+
+ client.process();
+ client.process();
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+}
+
+void tca11_double_request_with_restart_func()
+{
+ std::string testNo("11");
+ cynara_check_id id, id2;
+ Client client;
+
+ RequestEntity callbackData2 = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+
+ RequestEntity callbackData = {[&](){
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+ serviceManager.restartService();
+ client.createRequest({testNo}, id2, callbackData2);
+ },
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_ANSWER};
+
+
+ client.createRequest({testNo}, id, callbackData);
+ client.assertStatus(READWRITE);
+
+ client.process();
+ client.process();
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+ client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
+}
+
+void tca12_multiple_connections_without_requests_func()
+{
+ std::string testNo("12");
+
+ cynara_check_id id;
+ RequestEntity callbackData = {RequestFunction(),
+ CYNARA_API_ACCESS_DENIED,
+ CYNARA_CALL_CAUSE_FINISH};
+
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+ pid_t before = serviceManager.getServicePid();
+ timeval beforeTimestamp = serviceManager.getServiceStartTimestamp();
+
+ for (int i = 0; i < 10; ++i)
+ {
+ Client client;
+ client.createRequest({testNo}, id, callbackData);
+ client.assertStatus(READWRITE);
+ }
+
+//wait until cynara possibly restarts
+ sleep(3);
+
+ pid_t after = serviceManager.getServicePid();
+ timeval afterTimestamp = serviceManager.getServiceStartTimestamp();
+ RUNNER_ASSERT_MSG(after != 0,
+ "cynara service not running. After = " << after << ".");
+ RUNNER_ASSERT_MSG(before == after
+ && beforeTimestamp.tv_sec == afterTimestamp.tv_sec
+ && beforeTimestamp.tv_usec == afterTimestamp.tv_usec,
+ "cynara service was restarted during the test. Before pid / timestamp = "
+ << before << " / " << beforeTimestamp.tv_sec << "."
+ << beforeTimestamp.tv_usec << " and after pid / timestamp = "
+ << after << " / " << afterTimestamp.tv_sec << "."
+ << afterTimestamp.tv_usec);
+}
+
+RUNNER_TEST_GROUP_INIT(cynara_async_tests)
+
+RUN_CYNARA_TEST(tca01_initialize)
+RUN_CYNARA_TEST(tca02_empty_cache_miss)
+RUN_CYNARA_TEST(tca03_create_max_requests)
+RUN_CYNARA_TEST(tca04_request_and_process)
+RUN_CYNARA_TEST(tca05_request_and_cancel1)
+RUN_CYNARA_TEST(tca05_request_and_cancel2)
+RUN_CYNARA_TEST(tca05_request_and_cancel3)
+RUN_CYNARA_TEST(tca06_cancel_fail)
+RUN_CYNARA_TEST(tca07_request_with_data_insertion)
+RUN_CYNARA_TEST(tca08_disconnect1)
+RUN_CYNARA_TEST(tca08_disconnect2)
+RUN_CYNARA_TEST(tca08_disconnect3)
+RUN_CYNARA_TEST(tca09_disconnect_and_cancel1)
+RUN_CYNARA_TEST(tca09_disconnect_and_cancel2)
+RUN_CYNARA_TEST(tca10_double_request)
+RUN_CYNARA_TEST(tca11_double_request_with_restart)
+RUN_CYNARA_TEST(tca12_multiple_connections_without_requests)
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file test_cases_db.cpp
+ * @author Pawel Wieczorek <p.wieczorek2@samsung.com>
+ * @version 0.1
+ * @brief Tests for Cynara's mechanism assuring integrity of database
+ */
+
+#include <cynara_test_admin.h>
+#include <cynara_test_client.h>
+#include <cynara_test_commons.h>
+#include <cynara_test_env.h>
+#include <dpl/test/test_runner.h>
+#include <sys/smack.h>
+
+#include <service_manager.h>
+#include <dirent.h>
+#include <fcntl.h>
+#include <fstream>
+#include <glob.h>
+#include <iterator>
+#include <memory.h>
+#include <set>
+#include <string>
+#include <unistd.h>
+#include <vector>
+
+using namespace CynaraTestAdmin;
+using namespace CynaraTestClient;
+
+namespace
+{
+
+const std::string defDb("default");
+const std::string defDbAllow("defaultAllowed");
+const std::string nonEmptyDb("nonEmptyDatabase");
+const std::string cynaraTestPatternsPath("/etc/security-tests/db_patterns/");
+const std::string directoryWildcard("/*");
+
+void createDbFile(const std::string &filename)
+{
+ int fileFd = TEMP_FAILURE_RETRY(creat(filename.c_str(), 0000));
+ RUNNER_ASSERT_ERRNO_MSG(fileFd > 0, "Creating " << filename << " file failed");
+ FdUniquePtr fileFdPtr(&fileFd);
+
+ int ret = smack_fsetlabel(fileFd, CynaraTestConsts::LABEL.c_str(), SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(ret == 0, "Setting smack label failed");
+}
+
+void deleteDbFile(const std::string &filename)
+{
+ RUNNER_ASSERT_ERRNO_MSG(!unlink(filename.c_str()), "Unable to unlink " << filename << " file");
+}
+
+bool unordered_files_match(const std::string &patternFilePath, const std::string &resultFilePath) {
+ std::ifstream patternFile(patternFilePath, std::ifstream::in | std::ifstream::binary);
+ std::ifstream resultFile(resultFilePath, std::ifstream::in | std::ifstream::binary);
+
+ RUNNER_ASSERT_MSG(patternFile.is_open(), "Failed to open " << patternFile << ".");
+ RUNNER_ASSERT_MSG(resultFile.is_open(), "Failed to open " << resultFile << ".");
+
+ auto patternRecords = std::multiset<std::string>(std::istream_iterator<std::string>(patternFile),
+ std::istream_iterator<std::string>());
+
+ auto resultRecords = std::multiset<std::string>(std::istream_iterator<std::string>(resultFile),
+ std::istream_iterator<std::string>());
+
+ return patternRecords == resultRecords;
+}
+
+size_t glob_count(const std::string &source, const std::string &wildcard) {
+ //for counting files in directory
+ glob_t globbuf;
+ std::string pattern = source + wildcard;
+
+ //for freeing allocated memory
+ GlobPtr globbufPtr(&globbuf);
+
+ //actually count files in directory - including dotfiles
+ RUNNER_ASSERT_MSG(0 == glob(pattern.c_str(), GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf),
+ "Failed to search for requested pathnames in " << source << ".");
+
+ return globbuf.gl_pathc;
+}
+
+size_t db_files_count(const std::string &source) {
+ size_t dbFilesCount = 0;
+
+ //database directory must not be empty
+ RUNNER_ASSERT_MSG(0 != (dbFilesCount = glob_count(source, directoryWildcard)),
+ "Unexpected condition: " << source << " was empty.");
+
+ return dbFilesCount;
+}
+
+void compareDbs(const std::string &source)
+{
+ //for accessing files in directory
+ std::string patternDir = cynaraTestPatternsPath + source;
+ DIR *patternDirPtr = nullptr;
+ struct dirent *direntPtr;
+
+ size_t patternFileCount = db_files_count(patternDir);
+ size_t resultFileCount = db_files_count(CynaraTestConsts::DB_DIR);
+
+ //directories do not match if there is different number of files
+ RUNNER_ASSERT_MSG(patternFileCount == resultFileCount,
+ "No match in database and pattern directory file count");
+
+ //compare files in database directory with pattern directory
+ RUNNER_ASSERT_ERRNO_MSG(patternDirPtr = opendir(patternDir.c_str()),
+ "Opening " << patternDir << " directory failed");
+ DirPtr patternDirScopedPtr(patternDirPtr);
+
+ while ((direntPtr = readdir(patternDirPtr)) != nullptr) {
+ if (!strcmp(direntPtr->d_name, ".")
+ || !strcmp(direntPtr->d_name, ".."))
+ continue;
+ std::string patternName = patternDir + "/" + direntPtr->d_name;
+ std::string resultName = CynaraTestConsts::DB_DIR + "/" + direntPtr->d_name;
+
+ //comparing file saved db dir with reference file from patterns dir
+ RUNNER_ASSERT_MSG(true == unordered_files_match(patternName, resultName),
+ "No match in stored file and pattern file");
+ }
+}
+
+} // anonymous namespace
+
+/**
+ * @brief Lockdown initialization failure caused by fake guard existence
+ * @test Expected result: refuse to write data to storage as long as guard file creation fails
+ * 1. Create fake guard file with 0000 attributes in policy database
+ * 2. Try to make a change (ALLOW) in default bucket (data dump should fail)
+ * 3. Delete fake guard file from policy database
+ * 4. Retry to make a change (ALLOW) in default bucket (data dump should proceed)
+ * 5. Check if database is saved correctly
+ */
+void tcdb01_lockdown_init_failure_func()
+{
+ Admin admin;
+ Client cynara;
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *extra = nullptr;
+
+ const auto fakeBackupGuard = CynaraTestConsts::DB_DIR + "/guard";
+
+ createDbFile(fakeBackupGuard);
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra, CYNARA_API_OPERATION_FAILED);
+
+ deleteDbFile(fakeBackupGuard);
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+
+ serviceManager.restartService();
+ compareDbs(defDbAllow);
+}
+
+/**
+ * @brief Failure during writing to backup (before lockdown)
+ * @test Expected result: read from primary policy database
+ * 1. Write ALLOW to default bucket
+ * 2. Check if data is saved correctly
+ * 3. Create fake backup file with 0000 attributes in policy database
+ * 4. Try to make a change (DENY) in default bucket (data dump should fail)
+ * 5. Reload Cynara - policies loaded from default bucket should still be ALLOW
+ */
+void tcdb02_write_to_backup_failure_func()
+{
+ Admin admin;
+ Client cynara;
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *extra = nullptr;
+
+ const auto fakeBucketDumpFile = CynaraTestConsts::DB_DIR + "/_~";
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+ compareDbs(defDbAllow);
+
+ createDbFile(fakeBucketDumpFile);
+ admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra, CYNARA_API_OPERATION_FAILED);
+
+ serviceManager.restartService();
+ compareDbs(defDbAllow);
+}
+
+/**
+ * @brief Check whether both invalid and valid backup databases are removed
+ * @test Expected result: no unnecessary backup files in policy database directory
+ * 1. Fail writing to backup database
+ * 2. Reload Cynara - policies should be loaded from primary (valid) database
+ * 3. Check if all backup files were removed
+ * 4. Successfully write changes to database
+ * 5. Reload Cynara - policies should be loaded from primary (revalidated) database
+ * 6. Check if all backup files were removed
+ */
+void tcdb03_invalid_and_valid_backup_removal_func()
+{
+ Admin admin;
+ Client cynara;
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *extra = nullptr;
+
+ const auto defaultBucketDumpFile = CynaraTestConsts::DB_DIR + "/_~";
+
+ createDbFile(defaultBucketDumpFile);
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra, CYNARA_API_OPERATION_FAILED);
+
+ serviceManager.restartService();
+ compareDbs(defDb);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+
+ serviceManager.restartService();
+ compareDbs(defDbAllow);
+}
+
+/**
+ * @brief Comparison between database modified by Cynara with expected one
+ * @test Expected result: no differences between those files
+ * 1. Write sample policy to database (and let it save to storage)
+ * 2. Compare freshly saved files with samples from test patterns directory
+ */
+void tcdb04_dumped_file_binary_comparison_func()
+{
+ Admin admin;
+ Client cynara;
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *client = "client";
+ const char *user = "user";
+ const char *privilege = "privilege";
+ const char *extra = nullptr;
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+ admin.setPolicies(cp, CYNARA_API_SUCCESS);
+ }
+
+ compareDbs(nonEmptyDb);
+}
+
+/**
+ * @brief Invalid database files removal
+ * @test Expected result: no unnecessary files in policy database directory
+ * 1. Fill Cynara's policy database directory with garbage:
+ * - Sample backup file which should be removed earlier
+ * - Sample bucket file which is not mentioned in index (shouldn't exist at all)
+ * - Sample files which don't belong to database
+ * 2. Reload Cynara
+ * 3. Check if any of mentioned above files still remained
+ */
+void tcdb05_non_indexed_files_removal_func()
+{
+ ServiceManager serviceManager(CynaraTestConsts::SERVICE);
+
+ std::vector<std::string> filenames = { "_broken-backup~", "_non-indexed-bucket",
+ "some-file-that-doesnt-belong-here" };
+
+ for (const auto &filename : filenames) {
+ auto garbageFilename = CynaraTestConsts::DB_DIR + "/" + filename;
+ createDbFile(garbageFilename);
+ }
+
+ serviceManager.restartService();
+ compareDbs(defDb);
+}
+
+RUNNER_TEST_GROUP_INIT(cynara_db_tests)
+
+RUN_CYNARA_TEST(tcdb01_lockdown_init_failure)
+RUN_CYNARA_TEST(tcdb02_write_to_backup_failure)
+RUN_CYNARA_TEST(tcdb03_invalid_and_valid_backup_removal)
+RUN_CYNARA_TEST(tcdb04_dumped_file_binary_comparison)
+RUN_CYNARA_TEST(tcdb05_non_indexed_files_removal)
--- /dev/null
+# Copyright (c) 2011-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# @file config.cmake
+# @author Lukasz Marek (l.marek@samsung.com)
+# @version 1.0
+# @brief
+#
+
+SET(DPL_FRAMEWORK_TEST_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/framework/src/assert.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/atomic.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/binary_queue.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/colors.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/exception.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/gdbbacktrace.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/noncopyable.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/singleton.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/abstract_log_provider.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/dlog_log_provider.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/log.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/old_style_log_provider.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/test_results_collector.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/test_results_collector_commons.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/test_results_collector_console.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/test_results_collector_html.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/test_results_collector_summary.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/test_results_collector_xml.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/test_runner_child.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/test_runner.cpp
+ ${PROJECT_SOURCE_DIR}/src/framework/src/test_runner_multiprocess.cpp
+)
+
+SET(DPL_FRAMEWORK_TEST_INCLUDE_DIR
+ ${PROJECT_SOURCE_DIR}/src/framework/include
+)
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_input.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of abstract input
+ */
+#ifndef DPL_ABSTRACT_INPUT_H
+#define DPL_ABSTRACT_INPUT_H
+
+#include <dpl/exception.h>
+#include <memory>
+
+namespace DPL {
+class BinaryQueue;
+typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
+
+class AbstractInput
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, ReadFailed)
+ };
+
+ public:
+ virtual ~AbstractInput() {}
+
+ /**
+ * Read binary data from input
+ * If no data is available method returns nullptr buffer.
+ * In case connection was successfuly close, method returns empty buffer
+ *
+ * @param[in] size Maximum number of bytes to read from input
+ * @return Buffer containing read bytes
+ * @throw ReadFailed
+ */
+ virtual BinaryQueueAutoPtr Read(size_t size) = 0;
+};
+} // namespace DPL
+
+#endif // DPL_ABSTRACT_INPUT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_output.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of abstract output
+ */
+#ifndef DPL_ABSTRACT_INPUT_OUTPUT_H
+#define DPL_ABSTRACT_INPUT_OUTPUT_H
+
+#include <dpl/abstract_input.h>
+#include <dpl/abstract_output.h>
+
+namespace DPL {
+class AbstractInputOutput :
+ public AbstractInput,
+ public AbstractOutput
+{
+ public:
+ virtual ~AbstractInputOutput() {}
+};
+} // namespace DPL
+
+#endif // DPL_ABSTRACT_INPUT_OUTPUT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_output.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of abstract output
+ */
+#ifndef DPL_ABSTRACT_OUTPUT_H
+#define DPL_ABSTRACT_OUTPUT_H
+
+#include <dpl/exception.h>
+#include <memory>
+
+namespace DPL {
+class BinaryQueue;
+typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
+
+class AbstractOutput
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, WriteFailed)
+ };
+
+ public:
+ virtual ~AbstractOutput() {}
+
+ /**
+ * Write binary data to output
+ * If output is blocked, Write returns zero, if instance is a type of
+ * WaitableAbstractOutput one can wait for writability then
+ *
+ * @param[in] buffer Input buffer with data to be written
+ * @param[in] bufferSize Maximum number of bytes to write from buffer
+ * @return Number of bytes success successfuly written or zero if output is
+ * blocked
+ * @throw WriteFailed
+ */
+ virtual size_t Write(const BinaryQueue &buffer, size_t bufferSize) = 0;
+};
+} // namespace DPL
+
+#endif // DPL_ABSTRACT_OUTPUT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file assert.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of assert
+ */
+#ifndef DPL_ASSERT_H
+#define DPL_ASSERT_H
+
+#include <dpl/noreturn.h>
+
+namespace DPL {
+// Assertion handler procedure
+// Do not call directly
+// Always use Assert macro
+DPL_NORETURN void AssertProc(const char *condition,
+ const char *file,
+ int line,
+ const char *function);
+} // namespace DPL
+
+#define Assert(Condition) do { if (!(Condition)) { DPL::AssertProc(#Condition, \
+ __FILE__, \
+ __LINE__, \
+ __FUNCTION__); \
+ } } while (0)
+
+#endif // DPL_ASSERT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file atomic.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of atomic
+ */
+#ifndef DPL_ATOMIC_H
+#define DPL_ATOMIC_H
+
+#pragma GCC system_header
+#include <glib.h>
+
+namespace DPL {
+class Atomic
+{
+ public:
+ typedef gint ValueType;
+
+ private:
+ volatile ValueType m_value;
+
+ public:
+ Atomic(ValueType value = static_cast<ValueType>(0));
+
+ ValueType ExchangeAndAdd(ValueType value);
+ bool CompareAndExchange(ValueType oldValue, ValueType newValue);
+ bool operator--();
+ void operator++();
+
+ operator ValueType() const;
+};
+} // namespace DPL
+
+#endif // DPL_ATOMIC_H
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file availability.h
+ * @author Jihoon Chung (jihoon.chung@samsung.com)
+ * @version 1.0
+ */
+#ifndef DPL_AVAILABILITY_H
+#define DPL_AVAILABILITY_H
+
+#define DPL_DEPRECATED __attribute__((deprecated))
+#define DPL_DEPRECATED_WITH_MESSAGE(msg) __attribute__((deprecated(msg)))
+
+#define DPL_UNUSED __attribute__((unused))
+#define DPL_UNUSED_PARAM(variable) (void)variable
+
+#endif // DPL_AVAILABILITY_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file binary_queue.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of binary queue
+ */
+#ifndef DPL_BINARY_QUEUE_H
+#define DPL_BINARY_QUEUE_H
+
+#include <dpl/abstract_input_output.h>
+#include <dpl/exception.h>
+#include <dpl/noncopyable.h>
+#include <memory>
+#include <list>
+
+namespace DPL {
+/**
+ * Binary stream implemented as constant size bucket list
+ *
+ * @todo Add optimized implementation for FlattenConsume
+ */
+class BinaryQueue :
+ public AbstractInputOutput
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, OutOfData)
+ };
+
+ typedef void (*BufferDeleter)(const void *buffer, size_t bufferSize,
+ void *userParam);
+ static void BufferDeleterFree(const void *buffer,
+ size_t bufferSize,
+ void *userParam);
+
+ class BucketVisitor
+ {
+ public:
+ /**
+ * Destructor
+ */
+ virtual ~BucketVisitor();
+
+ /**
+ * Visit bucket
+ *
+ * @return none
+ * @param[in] buffer Constant pointer to bucket data buffer
+ * @param[in] bufferSize Number of bytes in bucket
+ */
+ virtual void OnVisitBucket(const void *buffer, size_t bufferSize) = 0;
+ };
+
+ private:
+ struct Bucket :
+ private Noncopyable
+ {
+ const void *buffer;
+ const void *ptr;
+ size_t size;
+ size_t left;
+
+ BufferDeleter deleter;
+ void *param;
+
+ Bucket(const void *buffer,
+ size_t bufferSize,
+ BufferDeleter deleter,
+ void *userParam);
+ virtual ~Bucket();
+ };
+
+ typedef std::list<Bucket *> BucketList;
+ BucketList m_buckets;
+ size_t m_size;
+
+ static void DeleteBucket(Bucket *bucket);
+
+ class BucketVisitorCall
+ {
+ private:
+ BucketVisitor *m_visitor;
+
+ public:
+ BucketVisitorCall(BucketVisitor *visitor);
+ virtual ~BucketVisitorCall();
+
+ void operator()(Bucket *bucket) const;
+ };
+
+ public:
+ /**
+ * Construct empty binary queue
+ */
+ BinaryQueue();
+
+ /**
+ * Construct binary queue via bare copy of other binary queue
+ *
+ * @param[in] other Other binary queue to copy from
+ * @warning One cannot assume that bucket structure is preserved during copy
+ */
+ BinaryQueue(const BinaryQueue &other);
+
+ /**
+ * Destructor
+ */
+ virtual ~BinaryQueue();
+
+ /**
+ * Construct binary queue via bare copy of other binary queue
+ *
+ * @param[in] other Other binary queue to copy from
+ * @warning One cannot assume that bucket structure is preserved during copy
+ */
+ const BinaryQueue &operator=(const BinaryQueue &other);
+
+ /**
+ * Append copy of @a bufferSize bytes from memory pointed by @a buffer
+ * to the end of binary queue. Uses default deleter based on free.
+ *
+ * @return none
+ * @param[in] buffer Pointer to buffer to copy data from
+ * @param[in] bufferSize Number of bytes to copy
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ * @see BinaryQueue::BufferDeleterFree
+ */
+ void AppendCopy(const void *buffer, size_t bufferSize);
+
+ /**
+ * Append @a bufferSize bytes from memory pointed by @a buffer
+ * to the end of binary queue. Uses custom provided deleter.
+ * Responsibility for deleting provided buffer is transfered to BinaryQueue.
+ *
+ * @return none
+ * @param[in] buffer Pointer to data buffer
+ * @param[in] bufferSize Number of bytes available in buffer
+ * @param[in] deleter Pointer to deleter procedure used to free provided
+ * buffer
+ * @param[in] userParam User parameter passed to deleter routine
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ */
+ void AppendUnmanaged(
+ const void *buffer,
+ size_t bufferSize,
+ BufferDeleter deleter =
+ &BinaryQueue::BufferDeleterFree,
+ void *userParam = nullptr);
+
+ /**
+ * Append copy of other binary queue to the end of this binary queue
+ *
+ * @return none
+ * @param[in] other Constant reference to other binary queue to copy data
+ * from
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ * @warning One cannot assume that bucket structure is preserved during copy
+ */
+ void AppendCopyFrom(const BinaryQueue &other);
+
+ /**
+ * Move bytes from other binary queue to the end of this binary queue.
+ * This also removes all bytes from other binary queue.
+ * This method is designed to be as fast as possible (only pointer swaps)
+ * and is suggested over making copies of binary queues.
+ * Bucket structure is preserved after operation.
+ *
+ * @return none
+ * @param[in] other Reference to other binary queue to move data from
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ */
+ void AppendMoveFrom(BinaryQueue &other);
+
+ /**
+ * Append copy of binary queue to the end of other binary queue
+ *
+ * @return none
+ * @param[in] other Constant reference to other binary queue to copy data to
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ * @warning One cannot assume that bucket structure is preserved during copy
+ */
+ void AppendCopyTo(BinaryQueue &other) const;
+
+ /**
+ * Move bytes from binary queue to the end of other binary queue.
+ * This also removes all bytes from binary queue.
+ * This method is designed to be as fast as possible (only pointer swaps)
+ * and is suggested over making copies of binary queues.
+ * Bucket structure is preserved after operation.
+ *
+ * @return none
+ * @param[in] other Reference to other binary queue to move data to
+ * @exception std::bad_alloc Cannot allocate memory to hold additional data
+ */
+ void AppendMoveTo(BinaryQueue &other);
+
+ /**
+ * Retrieve total size of all data contained in binary queue
+ *
+ * @return Number of bytes in binary queue
+ */
+ size_t Size() const;
+
+ /**
+ * Remove all data from binary queue
+ *
+ * @return none
+ */
+ void Clear();
+
+ /**
+ * Check if binary queue is empty
+ *
+ * @return true if binary queue is empty, false otherwise
+ */
+ bool Empty() const;
+
+ /**
+ * Remove @a size bytes from beginning of binary queue
+ *
+ * @return none
+ * @param[in] size Number of bytes to remove
+ * @exception BinaryQueue::Exception::OutOfData Number of bytes is larger
+ * than available bytes in binary queue
+ */
+ void Consume(size_t size);
+
+ /**
+ * Retrieve @a bufferSize bytes from beginning of binary queue and copy them
+ * to user supplied buffer
+ *
+ * @return none
+ * @param[in] buffer Pointer to user buffer to receive bytes
+ * @param[in] bufferSize Size of user buffer pointed by @a buffer
+ * @exception BinaryQueue::Exception::OutOfData Number of bytes to flatten
+ * is larger than available bytes in binary queue
+ */
+ void Flatten(void *buffer, size_t bufferSize) const;
+
+ /**
+ * Retrieve @a bufferSize bytes from beginning of binary queue, copy them
+ * to user supplied buffer, and remove from binary queue
+ *
+ * @return none
+ * @param[in] buffer Pointer to user buffer to receive bytes
+ * @param[in] bufferSize Size of user buffer pointed by @a buffer
+ * @exception BinaryQueue::Exception::OutOfData Number of bytes to flatten
+ * is larger than available bytes in binary queue
+ */
+ void FlattenConsume(void *buffer, size_t bufferSize);
+
+ /**
+ * Visit each buffer with data using visitor object
+ *
+ * @return none
+ * @param[in] visitor Pointer to bucket visitor
+ * @see BinaryQueue::BucketVisitor
+ */
+ void VisitBuckets(BucketVisitor *visitor) const;
+
+ /**
+ * IAbstractInput interface
+ */
+ virtual BinaryQueueAutoPtr Read(size_t size);
+
+ /**
+ * IAbstractOutput interface
+ */
+ virtual size_t Write(const BinaryQueue &buffer, size_t bufferSize);
+};
+
+/**
+ * Binary queue auto pointer
+ */
+typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
+} // namespace DPL
+
+#endif // DPL_BINARY_QUEUE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file colors.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief Some constants with definition of colors for Console
+ * and html output
+ */
+
+#ifndef DPL_COLORS_H
+#define DPL_COLORS_H
+
+namespace DPL {
+namespace Colors {
+namespace Text {
+extern const char* BOLD_GREEN_BEGIN;
+extern const char* BOLD_GREEN_END;
+extern const char* PURPLE_BEGIN;
+extern const char* PURPLE_END;
+extern const char* RED_BEGIN;
+extern const char* RED_END;
+extern const char* GREEN_BEGIN;
+extern const char* GREEN_END;
+extern const char* CYAN_BEGIN;
+extern const char* CYAN_END;
+extern const char* BOLD_RED_BEGIN;
+extern const char* BOLD_RED_END;
+extern const char* BOLD_YELLOW_BEGIN;
+extern const char* BOLD_YELLOW_END;
+extern const char* BOLD_GOLD_BEGIN;
+extern const char* BOLD_GOLD_END;
+extern const char* BOLD_WHITE_BEGIN;
+extern const char* BOLD_WHITE_END;
+} //namespace Text
+
+namespace Html {
+extern const char* BOLD_GREEN_BEGIN;
+extern const char* BOLD_GREEN_END;
+extern const char* PURPLE_BEGIN;
+extern const char* PURPLE_END;
+extern const char* RED_BEGIN;
+extern const char* RED_END;
+extern const char* GREEN_BEGIN;
+extern const char* GREEN_END;
+extern const char* CYAN_BEGIN;
+extern const char* CYAN_END;
+extern const char* BOLD_RED_BEGIN;
+extern const char* BOLD_RED_END;
+extern const char* BOLD_YELLOW_BEGIN;
+extern const char* BOLD_YELLOW_END;
+extern const char* BOLD_GOLD_BEGIN;
+extern const char* BOLD_GOLD_END;
+extern const char* BOLD_WHITE_BEGIN;
+extern const char* BOLD_WHITE_END;
+} //namespace Html
+} //namespace Colors
+} //namespace DPL
+
+#endif /* DPL_COLORS_H */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file exception.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief Header file for base exception
+ */
+#ifndef DPL_EXCEPTION_H
+#define DPL_EXCEPTION_H
+
+#include <string>
+#include <cstring>
+#include <cstdio>
+#include <exception>
+#include <cstdlib>
+#include <sstream>
+
+namespace DPL {
+void LogUnhandledException(const std::string &str);
+void LogUnhandledException(const std::string &str,
+ const char *filename,
+ int line,
+ const char *function);
+}
+
+namespace DPL {
+class Exception
+{
+ private:
+ static unsigned int m_exceptionCount;
+ static Exception* m_lastException;
+ static void (*m_terminateHandler)();
+
+ static void AddRef(Exception* exception)
+ {
+ if (!m_exceptionCount) {
+ m_terminateHandler = std::set_terminate(&TerminateHandler);
+ }
+
+ ++m_exceptionCount;
+ m_lastException = exception;
+ }
+
+ static void UnRef(Exception* e)
+ {
+ if (m_lastException == e) {
+ m_lastException = nullptr;
+ }
+
+ --m_exceptionCount;
+
+ if (!m_exceptionCount) {
+ std::set_terminate(m_terminateHandler);
+ m_terminateHandler = nullptr;
+ }
+ }
+
+ static void TerminateHandler()
+ {
+ if (m_lastException != nullptr) {
+ DisplayKnownException(*m_lastException);
+ abort();
+ } else {
+ DisplayUnknownException();
+ abort();
+ }
+ }
+
+ Exception *m_reason;
+ std::string m_path;
+ std::string m_function;
+ int m_line;
+
+ protected:
+ std::string m_message;
+ std::string m_className;
+
+ public:
+ static std::string KnownExceptionToString(const Exception &e)
+ {
+ std::ostringstream message;
+ message <<
+ "\033[1;5;31m\n=== Unhandled DPL exception occurred ===\033[m\n\n";
+ message << "\033[1;33mException trace:\033[m\n\n";
+ message << e.DumpToString();
+ message << "\033[1;31m\n=== Will now abort ===\033[m\n";
+
+ return message.str();
+ }
+
+ static std::string UnknownExceptionToString()
+ {
+ std::ostringstream message;
+ message <<
+ "\033[1;5;31m\n=== Unhandled non-DPL exception occurred ===\033[m\n\n";
+ message << "\033[1;31m\n=== Will now abort ===\033[m\n";
+
+ return message.str();
+ }
+
+ static void DisplayKnownException(const Exception& e)
+ {
+ LogUnhandledException(KnownExceptionToString(e).c_str());
+ }
+
+ static void DisplayUnknownException()
+ {
+ LogUnhandledException(UnknownExceptionToString().c_str());
+ }
+
+ Exception(const Exception &other)
+ {
+ // Deep copy
+ if (other.m_reason != nullptr) {
+ m_reason = new Exception(*other.m_reason);
+ } else {
+ m_reason = nullptr;
+ }
+
+ m_message = other.m_message;
+ m_path = other.m_path;
+ m_function = other.m_function;
+ m_line = other.m_line;
+
+ m_className = other.m_className;
+
+ AddRef(this);
+ }
+
+ const Exception &operator =(const Exception &other)
+ {
+ if (this == &other) {
+ return *this;
+ }
+
+ // Deep copy
+ if (other.m_reason != nullptr) {
+ m_reason = new Exception(*other.m_reason);
+ } else {
+ m_reason = nullptr;
+ }
+
+ m_message = other.m_message;
+ m_path = other.m_path;
+ m_function = other.m_function;
+ m_line = other.m_line;
+
+ m_className = other.m_className;
+
+ AddRef(this);
+
+ return *this;
+ }
+
+ Exception(const char *path,
+ const char *function,
+ int line,
+ const std::string &message) :
+ m_reason(nullptr),
+ m_path(path),
+ m_function(function),
+ m_line(line),
+ m_message(message)
+ {
+ AddRef(this);
+ }
+
+ Exception(const char *path,
+ const char *function,
+ int line,
+ const Exception &reason,
+ const std::string &message) :
+ m_reason(new Exception(reason)),
+ m_path(path),
+ m_function(function),
+ m_line(line),
+ m_message(message)
+ {
+ AddRef(this);
+ }
+
+ virtual ~Exception() throw()
+ {
+ if (m_reason != nullptr) {
+ delete m_reason;
+ m_reason = nullptr;
+ }
+
+ UnRef(this);
+ }
+
+ void Dump() const
+ {
+ // Show reason first
+ if (m_reason != nullptr) {
+ m_reason->Dump();
+ }
+
+ // Afterward, dump exception
+ const char *file = strchr(m_path.c_str(), '/');
+
+ if (file == nullptr) {
+ file = m_path.c_str();
+ } else {
+ ++file;
+ }
+
+ printf("\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n",
+ file, m_line,
+ m_function.c_str(),
+ m_className.c_str(),
+ m_message.empty() ? "<EMPTY>" : m_message.c_str());
+ }
+
+ std::string DumpToString() const
+ {
+ std::string ret;
+ if (m_reason != nullptr) {
+ ret = m_reason->DumpToString();
+ }
+
+ const char *file = strchr(m_path.c_str(), '/');
+
+ if (file == nullptr) {
+ file = m_path.c_str();
+ } else {
+ ++file;
+ }
+
+ char buf[1024];
+ snprintf(buf,
+ sizeof(buf),
+ "\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n",
+ file,
+ m_line,
+ m_function.c_str(),
+ m_className.c_str(),
+ m_message.empty() ? "<EMPTY>" : m_message.c_str());
+
+ buf[sizeof(buf) - 1] = '\n';
+ ret += buf;
+
+ return ret;
+ }
+
+ Exception *GetReason() const
+ {
+ return m_reason;
+ }
+
+ std::string GetPath() const
+ {
+ return m_path;
+ }
+
+ std::string GetFunction() const
+ {
+ return m_function;
+ }
+
+ int GetLine() const
+ {
+ return m_line;
+ }
+
+ std::string GetMessage() const
+ {
+ return m_message;
+ }
+
+ std::string GetClassName() const
+ {
+ return m_className;
+ }
+};
+} // namespace DPL
+
+#define Try try
+
+#define Throw(ClassName) \
+ throw ClassName(__FILE__, __FUNCTION__, __LINE__)
+
+#define ThrowMsg(ClassName, Message) \
+ do \
+ { \
+ std::ostringstream dplLoggingStream; \
+ dplLoggingStream << Message; \
+ throw ClassName(__FILE__, __FUNCTION__, __LINE__, dplLoggingStream.str()); \
+ } while (0)
+
+#define ReThrow(ClassName) \
+ throw ClassName(__FILE__, __FUNCTION__, __LINE__, _rethrown_exception)
+
+#define ReThrowMsg(ClassName, Message) \
+ throw ClassName(__FILE__, \
+ __FUNCTION__, \
+ __LINE__, \
+ _rethrown_exception, \
+ Message)
+
+#define Catch(ClassName) \
+ catch (const ClassName &_rethrown_exception)
+
+#define DECLARE_EXCEPTION_TYPE(BaseClass, Class) \
+ class Class : \
+ public BaseClass \
+ { \
+ public: \
+ Class(const char *path, \
+ const char *function, \
+ int line, \
+ const std::string & message = std::string()) : \
+ BaseClass(path, function, line, message) \
+ { \
+ BaseClass::m_className = #Class; \
+ } \
+ \
+ Class(const char *path, \
+ const char *function, \
+ int line, \
+ const DPL::Exception & reason, \
+ const std::string & message = std::string()) : \
+ BaseClass(path, function, line, reason, message) \
+ { \
+ BaseClass::m_className = #Class; \
+ } \
+ };
+
+#define UNHANDLED_EXCEPTION_HANDLER_BEGIN try
+
+#define UNHANDLED_EXCEPTION_HANDLER_END \
+ catch (const DPL::Exception &exception) \
+ { \
+ std::ostringstream msg; \
+ msg << DPL::Exception::KnownExceptionToString(exception); \
+ DPL::LogUnhandledException(msg.str(), __FILE__, __LINE__, __FUNCTION__); \
+ abort(); \
+ } \
+ catch (std::exception& e) \
+ { \
+ std::ostringstream msg; \
+ msg << e.what(); \
+ msg << "\n"; \
+ msg << DPL::Exception::UnknownExceptionToString(); \
+ DPL::LogUnhandledException(msg.str(), __FILE__, __LINE__, __FUNCTION__); \
+ abort(); \
+ } \
+ catch (...) \
+ { \
+ std::ostringstream msg; \
+ msg << DPL::Exception::UnknownExceptionToString(); \
+ DPL::LogUnhandledException(msg.str(), __FILE__, __LINE__, __FUNCTION__); \
+ abort(); \
+ }
+
+namespace DPL {
+namespace CommonException {
+/**
+ * Internal exception definitions
+ *
+ * These should normally not happen.
+ * Usually, exception trace with internal error includes
+ * important messages.
+ */
+DECLARE_EXCEPTION_TYPE(Exception, InternalError) ///< Unexpected error from
+ // underlying libraries or
+ // kernel
+}
+}
+
+#endif // DPL_EXCEPTION_H
--- /dev/null
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file gdbbacktrace.h
+ * @author Pawel Broda (p.broda@partner.samsung.com)
+ * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
+ * @version 1.0
+ * @brief API providing backtrace
+ */
+
+#ifndef _GDBBACKTRACE_H_
+#define _GDBBACKTRACE_H_
+
+#include <string>
+
+namespace DPL {
+
+std::string gdbbacktrace(void);
+
+} // namespace DPL
+
+#endif // _GDBBACKTRACE_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_log_provider.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of abstract log provider
+ */
+#ifndef DPL_ABSTRACT_LOG_PROVIDER_H
+#define DPL_ABSTRACT_LOG_PROVIDER_H
+
+namespace DPL {
+namespace Log {
+class AbstractLogProvider
+{
+ public:
+ virtual ~AbstractLogProvider() {}
+
+ virtual void Debug(const char *message,
+ const char *fileName,
+ int line,
+ const char *function) = 0;
+ virtual void Info(const char *message,
+ const char *fileName,
+ int line,
+ const char *function) = 0;
+ virtual void Warning(const char *message,
+ const char *fileName,
+ int line,
+ const char *function) = 0;
+ virtual void Error(const char *message,
+ const char *fileName,
+ int line,
+ const char *function) = 0;
+ virtual void Pedantic(const char *message,
+ const char *fileName,
+ int line,
+ const char *function) = 0;
+
+ protected:
+ static const char *LocateSourceFileName(const char *filename);
+};
+}
+} // namespace DPL
+
+#endif // DPL_ABSTRACT_LOG_PROVIDER_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file dlog_log_provider.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of DLOG log provider
+ */
+#ifndef DPL_DLOG_LOG_PROVIDER_H
+#define DPL_DLOG_LOG_PROVIDER_H
+
+#include <dpl/log/abstract_log_provider.h>
+#include <dpl/scoped_free.h>
+#include <string>
+
+namespace DPL {
+namespace Log {
+class DLOGLogProvider :
+ public AbstractLogProvider
+{
+ private:
+ DPL::ScopedFree<char> m_tag;
+
+ static std::string FormatMessage(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ public:
+ DLOGLogProvider();
+ virtual ~DLOGLogProvider();
+
+ virtual void Debug(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Info(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Warning(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Error(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Pedantic(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+
+ // Set global Tag according to DLOG
+ void SetTag(const char *tag);
+};
+}
+} // namespace DPL
+
+#endif // DPL_DLOG_LOG_PROVIDER_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file log.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of log system
+ */
+#ifndef DPL_LOG_H
+#define DPL_LOG_H
+
+#include <dpl/singleton.h>
+#include <dpl/noncopyable.h>
+#include <dpl/log/abstract_log_provider.h>
+#include <dpl/log/dlog_log_provider.h>
+#include <dpl/log/old_style_log_provider.h>
+#include <sstream>
+#include <list>
+
+namespace DPL {
+namespace Log {
+/**
+ * DPL log system
+ *
+ * To switch logs into old style, export
+ * DPL_USE_OLD_STYLE_LOGS before application start
+ */
+class LogSystem :
+ private Noncopyable
+{
+ private:
+ typedef std::list<AbstractLogProvider *> AbstractLogProviderPtrList;
+ AbstractLogProviderPtrList m_providers;
+
+ DLOGLogProvider *m_dlogProvider;
+ OldStyleLogProvider *m_oldStyleProvider;
+
+ bool m_isLoggingEnabled;
+
+ public:
+ bool IsLoggingEnabled() const;
+ LogSystem();
+ virtual ~LogSystem();
+
+ /**
+ * Log debug message
+ */
+ void Debug(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ /**
+ * Log info message
+ */
+ void Info(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ /**
+ * Log warning message
+ */
+ void Warning(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ /**
+ * Log error message
+ */
+ void Error(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ /**
+ * Log pedantic message
+ */
+ void Pedantic(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ /**
+ * Set default's DLOG provider Tag
+ */
+ void SetTag(const char *tag);
+
+ /**
+ * Add abstract provider to providers list
+ *
+ * @notice Ownership is transfered to LogSystem and deleted upon exit
+ */
+ void AddProvider(AbstractLogProvider *provider);
+
+ /**
+ * Remove abstract provider from providers list
+ */
+ void RemoveProvider(AbstractLogProvider *provider);
+};
+
+/*
+ * Replacement low overhead null logging class
+ */
+class NullStream
+{
+ public:
+ NullStream() {}
+
+ template <typename T>
+ NullStream& operator<<(const T&)
+ {
+ return *this;
+ }
+};
+
+/**
+ * Log system singleton
+ */
+typedef Singleton<LogSystem> LogSystemSingleton;
+}
+} // namespace DPL
+
+//
+// Log support
+//
+//
+
+#ifdef DPL_LOGS_ENABLED
+ #define DPL_MACRO_FOR_LOGGING(message, function) \
+ do \
+ { \
+ if (DPL::Log::LogSystemSingleton::Instance().IsLoggingEnabled()) \
+ { \
+ std::ostringstream platformLog; \
+ platformLog << message; \
+ DPL::Log::LogSystemSingleton::Instance().function( \
+ platformLog.str().c_str(), \
+ __FILE__, __LINE__, __FUNCTION__); \
+ } \
+ } while (0)
+#else
+/* avoid warnings about unused variables */
+ #define DPL_MACRO_FOR_LOGGING(message, function) \
+ do { \
+ DPL::Log::NullStream ns; \
+ ns << message; \
+ } while (0)
+#endif
+
+#define LogDebug(message) DPL_MACRO_FOR_LOGGING(message, Debug)
+#define LogInfo(message) DPL_MACRO_FOR_LOGGING(message, Info)
+#define LogWarning(message) DPL_MACRO_FOR_LOGGING(message, Warning)
+#define LogError(message) DPL_MACRO_FOR_LOGGING(message, Error)
+#define LogPedantic(message) DPL_MACRO_FOR_LOGGING(message, Pedantic)
+
+#endif // DPL_LOG_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file old_style_log_provider.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of old style log provider
+ */
+#ifndef DPL_OLD_STYLE_LOG_PROVIDER_H
+#define DPL_OLD_STYLE_LOG_PROVIDER_H
+
+#include <dpl/log/abstract_log_provider.h>
+#include <string>
+
+namespace DPL {
+namespace Log {
+class OldStyleLogProvider :
+ public AbstractLogProvider
+{
+ private:
+ bool m_showDebug;
+ bool m_showInfo;
+ bool m_showWarning;
+ bool m_showError;
+ bool m_showPedantic;
+ bool m_printStdErr;
+
+ static std::string FormatMessage(const char *message,
+ const char *filename,
+ int line,
+ const char *function);
+
+ public:
+ OldStyleLogProvider(bool showDebug,
+ bool showInfo,
+ bool showWarning,
+ bool showError,
+ bool showPedantic);
+ OldStyleLogProvider(bool showDebug,
+ bool showInfo,
+ bool showWarning,
+ bool showError,
+ bool showPedantic,
+ bool printStdErr);
+ virtual ~OldStyleLogProvider() {}
+
+ virtual void Debug(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Info(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Warning(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Error(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+ virtual void Pedantic(const char *message,
+ const char *fileName,
+ int line,
+ const char *function);
+};
+}
+} // namespace DPL
+
+#endif // DPL_OLD_STYLE_LOG_PROVIDER_H
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file secure_log.h
+ * @author Jihoon Chung(jihoon.chung@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef DPL_SECURE_LOG_H
+#define DPL_SECURE_LOG_H
+
+#include <dlog.h>
+
+#define COLOR_ERROR "\e[1;31m"
+#define COLOR_WARNING "\e[2;31m"
+#define COLOR_END "\e[0m"
+#define COLOR_TAG "\e[0m"
+
+// default TAG
+#undef LOG_TAG
+#define LOG_TAG "WRT_UNDEFINED"
+
+#ifdef WRT_LOG
+#undef LOG_TAG
+#define LOG_TAG "WRT"
+#undef COLOR_TAG
+#define COLOR_TAG "\e[1;32m"
+#endif
+
+#ifdef WRT_BUNDLE_LOG
+#undef LOG_TAG
+#define LOG_TAG "WRT_BUNDLE"
+#undef COLOR_TAG
+#define COLOR_TAG "\e[1;34m"
+#endif
+
+#ifdef WRT_PLUGINS_COMMON_LOG
+#undef LOG_TAG
+#define LOG_TAG "WRT_PLUGINS/COMMON"
+#undef COLOR_TAG
+#define COLOR_TAG "\e[1;36m"
+#endif
+
+#ifdef WRT_PLUGINS_WIDGET_LOG
+#undef LOG_TAG
+#define LOG_TAG "WRT_PLUGINS/WIDGET"
+#undef COLOR_TAG
+#define COLOR_TAG "\e[1;35m"
+#endif
+
+#ifdef WRT_INSTALLER_LOG
+#undef LOG_TAG
+#define LOG_TAG "WRT_INSTALLER"
+#undef COLOR_TAG
+#define COLOR_TAG "\e[1;32m"
+#endif
+
+#ifndef SECURE_SLOGD
+#define SECURE_SLOGD(fmt, arg...) SLOGD(fmt,##arg)
+#endif
+
+#ifndef SECURE_SLOGW
+#define SECURE_SLOGW(fmt, arg...) SLOGW(fmt,##arg)
+#endif
+
+#ifndef SECURE_SLOGE
+#define SECURE_SLOGE(fmt, arg...) SLOGE(fmt,##arg)
+#endif
+
+#define _D(fmt, arg ...) SECURE_SLOGD(COLOR_TAG fmt COLOR_END,##arg)
+#define _W(fmt, arg ...) SECURE_SLOGW(COLOR_WARNING fmt COLOR_END,##arg)
+#define _E(fmt, arg ...) SECURE_SLOGE(COLOR_ERROR fmt COLOR_END,##arg)
+
+#endif // DPL_SECURE_LOG_H
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file noncopyable
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of noncopyable
+ */
+#ifndef DPL_NONCOPYABLE_H
+#define DPL_NONCOPYABLE_H
+
+namespace DPL {
+class Noncopyable
+{
+ private:
+ Noncopyable(const Noncopyable &);
+ const Noncopyable &operator=(const Noncopyable &);
+
+ public:
+ Noncopyable();
+ virtual ~Noncopyable();
+};
+} // namespace DPL
+
+#endif // DPL_NONCOPYABLE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file noreturn.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of noreturn
+ */
+#ifndef DPL_NORETURN_H
+#define DPL_NORETURN_H
+
+#define DPL_NORETURN __attribute__((__noreturn__))
+
+#endif // DPL_NORETURN_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @file scoped_fclose.h
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of scoped fclose RAII
+ */
+#ifndef DPL_SCOPED_FCLOSE_H
+#define DPL_SCOPED_FCLOSE_H
+
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <cerrno>
+#include <cstdio>
+#include <string>
+#include <dpl/log/log.h>
+#include <dpl/scoped_resource.h>
+
+namespace DPL {
+struct ScopedFClosePolicy
+{
+ typedef FILE* Type;
+ static Type NullValue()
+ {
+ return nullptr;
+ }
+ static void Destroy(Type file)
+ {
+ if (file != nullptr) {
+ // Try to flush first
+ if (TEMP_FAILURE_RETRY(fflush(file)) != 0) {
+ std::string errString = strerror(errno);
+ LogPedantic("Failed to fflush scoped fclose error: "
+ << errString);
+ }
+
+ // fclose cannot be retried, try to close once
+ if (fclose(file) != 0) {
+ std::string errString = strerror(errno);
+ LogPedantic("Failed scoped fclose error: " << errString);
+ }
+ }
+ }
+};
+
+class ScopedFClose : public ScopedResource<ScopedFClosePolicy>
+{
+ typedef ScopedFClosePolicy Policy;
+ typedef ScopedResource<Policy> BaseType;
+
+ public:
+ explicit ScopedFClose(FILE* argFileStream = Policy::NullValue()) :
+ BaseType(argFileStream)
+ {}
+};
+} // namespace DPL
+
+#endif // DPL_SCOPED_FCLOSE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*!
+ * @file scoped_free.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of scoped free RAII
+ */
+
+#ifndef DPL_SCOPED_FREE_H
+#define DPL_SCOPED_FREE_H
+
+#include <malloc.h>
+#include <cstddef>
+
+#include <dpl/scoped_resource.h>
+
+namespace DPL {
+template<typename Class>
+struct ScopedFreePolicy
+{
+ typedef Class* Type;
+ static Type NullValue()
+ {
+ return nullptr;
+ }
+ static void Destroy(Type ptr)
+ {
+ free(ptr);
+ }
+};
+
+template<typename Memory>
+class ScopedFree : public ScopedResource<ScopedFreePolicy<Memory> >
+{
+ typedef ScopedFreePolicy<Memory> Policy;
+ typedef ScopedResource<Policy> BaseType;
+
+ public:
+ explicit ScopedFree(Memory *ptr = Policy::NullValue()) : BaseType(ptr) { }
+};
+} // namespace DPL
+
+#endif // DPL_SCOPED_FREE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file scoped_resource.h
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of scoped resource pattern
+ */
+#ifndef DPL_SCOPED_RESOURCE_H
+#define DPL_SCOPED_RESOURCE_H
+
+#include <dpl/noncopyable.h>
+
+namespace DPL {
+template<typename ClassPolicy>
+class ScopedResource :
+ private Noncopyable
+{
+ public:
+ typedef typename ClassPolicy::Type ValueType;
+ typedef ScopedResource<ClassPolicy> ThisType;
+
+ protected:
+ ValueType m_value;
+
+ public:
+ explicit ScopedResource(ValueType value) : m_value(value) { }
+
+ ~ScopedResource()
+ {
+ ClassPolicy::Destroy(m_value);
+ }
+
+ ValueType Get() const
+ {
+ return m_value;
+ }
+
+ void Reset(ValueType value = ClassPolicy::NullValue())
+ {
+ ClassPolicy::Destroy(m_value);
+ m_value = value;
+ }
+
+ ValueType Release()
+ {
+ ValueType value = m_value;
+ m_value = ClassPolicy::NullValue();
+ return value;
+ }
+ typedef ValueType ThisType::*UnknownBoolType;
+
+ operator UnknownBoolType() const
+ {
+ return m_value == ClassPolicy::NullValue() ?
+ 0 : //0 is valid here because it converts to false
+ &ThisType::m_value; //it converts to true
+ }
+
+ bool operator !() const
+ {
+ return m_value == ClassPolicy::NullValue();
+ }
+};
+} // namespace DPL
+
+#endif // DPL_SCOPED_RESOURCE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file singleton.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of singleton
+ */
+#ifndef DPL_SINGLETON_H
+#define DPL_SINGLETON_H
+
+#include <dpl/assert.h>
+
+namespace DPL {
+template<typename Class>
+class Singleton :
+ private Class
+{
+ //
+ // Note:
+ //
+ // To remove posibility of instantiating directly Class,
+ // make Class' default constructor protected
+ //
+
+ private:
+ Singleton()
+ {}
+
+ static Singleton &InternalInstance();
+
+ public:
+ virtual ~Singleton()
+ {}
+
+ static Class &Instance();
+};
+} // namespace DPL
+
+#endif // DPL_SINGLETON_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file singleton_impl.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of singleton
+ */
+#ifndef DPL_SINGLETON_IMPL_H
+#define DPL_SINGLETON_IMPL_H
+
+/*
+ * WARNING!
+ *
+ * If some singleton's implementation uses another singletons implementation,
+ * those templates make the second singleton a dubleton. Be warned. Try to use
+ * singleton_safe_impl.h if possible.
+ */
+
+namespace DPL {
+template<typename Class>
+Singleton<Class>& Singleton<Class>::InternalInstance()
+{
+ static Singleton<Class> instance;
+ return instance;
+}
+
+template<typename Class>
+Class &Singleton<Class>::Instance()
+{
+ Singleton<Class>& instance = Singleton<Class>::InternalInstance();
+ return instance;
+}
+} // namespace DPL
+
+#define IMPLEMENT_SINGLETON(Type) \
+ template DPL::Singleton<Type>&DPL::Singleton<Type>::InternalInstance(); \
+ template Type & DPL::Singleton<Type>::Instance(); \
+
+#endif // DPL_SINGLETON_IMPL_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file singleton_safe_impl.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of singleton
+ */
+#ifndef DPL_SINGLETON_SAFE_IMPL_H
+#define DPL_SINGLETON_SAFE_IMPL_H
+
+#define IMPLEMENT_SAFE_SINGLETON(Class) \
+ namespace DPL { \
+ template<> \
+ Singleton<Class>&Singleton<Class>::InternalInstance() \
+ { \
+ static Singleton<Class> instance; \
+ return instance; \
+ } \
+ \
+ template<> \
+ Class & Singleton<Class>::Instance() \
+ { \
+ Singleton<Class>& instance = Singleton<Class>::InternalInstance(); \
+ return instance; \
+ } \
+ \
+ template Singleton<Class>&Singleton<Class>::InternalInstance(); \
+ template Class & Singleton<Class>::Instance(); \
+ } // namespace DPL
+
+#endif // DPL_SINGLETON_SAFE_IMPL_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file statistic.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief Header file with implementation of Statistic class
+ */
+
+#ifndef DPL_TEST_STATISTIC_H
+#define DPL_TEST_STATISTIC_H
+
+#include <cstddef>
+
+#include <dpl/assert.h>
+#include <dpl/test/test_results_collector.h>
+
+namespace DPL {
+namespace Test {
+
+class Statistic
+{
+ public:
+ Statistic() :
+ m_failed(0),
+ m_ignored(0),
+ m_passed(0),
+ m_count(0)
+ {}
+
+ void AddTest(TestResultsCollectorBase::FailStatus status)
+ {
+ ++m_count;
+ switch (status) {
+ case TestResultsCollectorBase::FailStatus::FAILED: ++m_failed;
+ break;
+ case TestResultsCollectorBase::FailStatus::IGNORED: ++m_ignored;
+ break;
+ case TestResultsCollectorBase::FailStatus::NONE: ++m_passed;
+ break;
+ default:
+ Assert(false && "Bad FailStatus");
+ }
+ }
+
+ std::size_t GetTotal() const
+ {
+ return m_count;
+ }
+ std::size_t GetPassed() const
+ {
+ return m_passed;
+ }
+ std::size_t GetSuccesed() const
+ {
+ return m_passed;
+ }
+ std::size_t GetFailed() const
+ {
+ return m_failed;
+ }
+ std::size_t GetIgnored() const
+ {
+ return m_ignored;
+ }
+ float GetPassedOrIgnoredPercend() const
+ {
+ float passIgnoredPercent =
+ 100.0f * (static_cast<float>(m_passed)
+ + static_cast<float>(m_ignored))
+ / static_cast<float>(m_count);
+ return passIgnoredPercent;
+ }
+
+ private:
+ std::size_t m_failed;
+ std::size_t m_ignored;
+ std::size_t m_passed;
+ std::size_t m_count;
+};
+
+} // namespace Test
+} // namespace DPL
+
+#endif // DPL_TEST_STATISTIC_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief Header file with declaration of TestResultsCollectorBase
+ */
+
+#ifndef DPL_TEST_RESULTS_COLLECTOR_H
+#define DPL_TEST_RESULTS_COLLECTOR_H
+
+#include <dpl/noncopyable.h>
+#include <vector>
+#include <list>
+#include <map>
+#include <chrono>
+#include <string>
+#include <memory>
+
+namespace DPL {
+namespace Test {
+class TestResultsCollectorBase;
+typedef std::shared_ptr<TestResultsCollectorBase>
+TestResultsCollectorBasePtr;
+
+class TestResultsCollectorBase :
+ private DPL::Noncopyable
+{
+ public:
+ typedef TestResultsCollectorBase* (*CollectorConstructorFunc)();
+ typedef std::list<std::string> TestCaseIdList;
+ enum class FailStatus
+ {
+ NONE,
+ FAILED,
+ IGNORED
+ };
+
+ virtual ~TestResultsCollectorBase() {}
+
+ virtual bool Configure()
+ {
+ return true;
+ }
+ virtual void Start() { }
+ virtual void Finish() { }
+ virtual void CollectCurrentTestGroupName(const std::string& /*groupName*/)
+ {}
+
+ virtual void CollectTestsCasesList(const TestCaseIdList& /*list*/) {}
+ virtual void CollectResult(const std::string& id,
+ const FailStatus status = FailStatus::NONE,
+ const std::string& reason = "",
+ const bool& isPerformanceTest = false,
+ const std::chrono::system_clock::duration& performanceTime = std::chrono::microseconds::zero(),
+ const std::chrono::system_clock::duration& performanceMaxTime = std::chrono::microseconds::zero()) = 0;
+ virtual std::string CollectorSpecificHelp() const
+ {
+ return "";
+ }
+ virtual bool ParseCollectorSpecificArg (const std::string& /*arg*/)
+ {
+ return false;
+ }
+
+ static TestResultsCollectorBase* Create(const std::string& name);
+ static void RegisterCollectorConstructor(
+ const std::string& name,
+ CollectorConstructorFunc
+ constructor);
+ static std::vector<std::string> GetCollectorsNames();
+
+ private:
+ typedef std::map<std::string, CollectorConstructorFunc> ConstructorsMap;
+ static ConstructorsMap m_constructorsMap;
+};
+}
+}
+
+#endif /* DPL_TEST_RESULTS_COLLECTOR_H */
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector_commons.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief Header file containing declarations of collectors common
+ * functions and macros
+ */
+
+#ifndef DPL_TEST_RESULTS_COLLECTOR_COMMONS_H
+#define DPL_TEST_RESULTS_COLLECTOR_COMMONS_H
+
+#include <chrono>
+#include <string>
+
+namespace DPL {
+namespace Test {
+
+#define GREEN_RESULT_OK "[%s%s%s]\n", BOLD_GREEN_BEGIN, " OK ", \
+ BOLD_GREEN_END
+#define GREEN_RESULT_OK_TIME "[%s%s%s] [elapsed: %0.3fms]\n", BOLD_GREEN_BEGIN, \
+ " OK ", BOLD_GREEN_END
+#define GREEN_RESULT_OK_TIME_MAX(elapsed, max) \
+ "[%s%s%s] %s[elapsed: %0.3fms, expected < %0.3fms]%s\n", BOLD_GREEN_BEGIN, \
+ " OK ", BOLD_GREEN_END, BOLD_GREEN_BEGIN, elapsed, max, BOLD_GREEN_END
+#define GREEN_RESULT_OK_TIME_TOO_LONG(elapsed, max) \
+ "[%s%s%s] %s[elapsed: %0.3fms, expected < %0.3fms]%s\n", BOLD_GREEN_BEGIN, \
+ " OK ", BOLD_GREEN_END, BOLD_RED_BEGIN, elapsed, max, BOLD_RED_END
+
+// Get duration as a fraction of millisecond (max precision is 1 microsecond)
+double get_milliseconds (const std::chrono::system_clock::duration& performanceTime);
+
+bool ParseCollectorFileArg(const std::string &arg, std::string &filename);
+
+} // namespace Test
+} // namespace DPL
+
+#endif // DPL_TEST_RESULTS_COLLECTOR_COMMONS_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector_console.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief Header file containing ConsoleCollector class declaration
+ */
+
+#ifndef DPL_TEST_RESULTS_COLLECTOR_CONSOLE_H
+#define DPL_TEST_RESULTS_COLLECTOR_CONSOLE_H
+
+#include <map>
+
+#include <dpl/test/statistic.h>
+#include <dpl/test/test_results_collector.h>
+
+namespace DPL {
+namespace Test {
+
+class ConsoleCollector :
+ public TestResultsCollectorBase
+{
+public:
+ static TestResultsCollectorBase* Constructor();
+
+private:
+ ConsoleCollector();
+
+ virtual void CollectCurrentTestGroupName(const std::string& name);
+ virtual void CollectResult(const std::string& id,
+ const FailStatus status = FailStatus::NONE,
+ const std::string& reason = "",
+ const bool& isPerformanceTest = true,
+ const std::chrono::system_clock::duration& performanceTime
+ = std::chrono::microseconds::zero(),
+ const std::chrono::system_clock::duration& performanceMaxTime
+ = std::chrono::microseconds::zero());
+ virtual void Finish();
+
+ void PrintfErrorMessage(const char* type,
+ const std::string& message,
+ bool verbosity);
+ void PrintfIgnoredMessage(const char* type,
+ const std::string& message,
+ bool verbosity);
+ void PrintStats(const std::string& title, const Statistic& stats);
+
+ Statistic m_stats;
+ std::map<std::string, Statistic> m_groupsStats;
+ std::string m_currentGroup;
+};
+
+} // namespace Test
+} // namespace DPL
+
+#endif // DPL_TEST_RESULTS_COLLECTOR_CONSOLE_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector_html.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief Header file containing HtmlCollector class declaration
+ */
+
+#ifndef DPL_TEST_RESULTS_COLLECTOR_HTML_H
+#define DPL_TEST_RESULTS_COLLECTOR_HTML_H
+
+#include <map>
+
+#include <dpl/scoped_fclose.h>
+#include <dpl/test/statistic.h>
+#include <dpl/test/test_results_collector.h>
+
+namespace DPL {
+namespace Test {
+
+class HtmlCollector :
+ public TestResultsCollectorBase
+{
+public:
+ static TestResultsCollectorBase* Constructor();
+
+private:
+ HtmlCollector();
+
+ virtual std::string CollectorSpecificHelp() const;
+ virtual bool ParseCollectorSpecificArg(const std::string& arg);
+ virtual bool Configure();
+ virtual void Start();
+ virtual void CollectCurrentTestGroupName(const std::string& name);
+ virtual void CollectResult(const std::string& id,
+ const FailStatus status = FailStatus::NONE,
+ const std::string& reason = "",
+ const bool& isPerformanceTest = false,
+ const std::chrono::system_clock::duration& performanceTime
+ = std::chrono::microseconds::zero(),
+ const std::chrono::system_clock::duration& performanceMaxTime
+ = std::chrono::microseconds::zero());
+ virtual void Finish();
+
+ void PrintfErrorMessage(const char* type,
+ const std::string& message,
+ bool verbosity);
+ void PrintfIgnoredMessage(const char* type,
+ const std::string& message,
+ bool verbosity);
+ void PrintStats(const std::string& name, const Statistic& stats);
+
+ std::string m_filename;
+ ScopedFClose m_fp;
+ Statistic m_stats;
+ std::string m_currentGroup;
+ std::map<std::string, Statistic> m_groupsStats;
+};
+
+} // namespace Test
+} // namespace DPL
+
+#endif // DPL_TEST_RESULTS_COLLECTOR_HTML_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector_summary.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @author Michal Witanowski (m.witanowski@samsung.com)
+ * @version 1.0
+ * @brief Header file containing SummaryCollector class declaration.
+ */
+
+#ifndef DPL_TEST_RESULTS_COLLECTOR_SUMMARY_H
+#define DPL_TEST_RESULTS_COLLECTOR_SUMMARY_H
+
+#include <fstream>
+#include <string>
+
+#include <dpl/test/statistic.h>
+#include <dpl/test/test_results_collector.h>
+
+namespace DPL {
+namespace Test {
+
+class SummaryCollector
+ : public TestResultsCollectorBase
+{
+public:
+ static TestResultsCollectorBase* Constructor();
+
+private:
+ SummaryCollector();
+
+ virtual std::string CollectorSpecificHelp() const;
+ virtual bool ParseCollectorSpecificArg(const std::string& arg);
+ virtual void Start();
+ virtual void CollectResult(const std::string& id,
+ const FailStatus status = FailStatus::NONE,
+ const std::string& reason = "",
+ const bool& isPerformanceTest = false,
+ const std::chrono::system_clock::duration& performanceTime
+ = std::chrono::microseconds::zero(),
+ const std::chrono::system_clock::duration& performanceMaxTime
+ = std::chrono::microseconds::zero());
+ virtual void Finish();
+
+ void writeStats(bool segfault);
+
+ Statistic m_stats;
+ std::string m_filename;
+ std::ofstream m_output;
+};
+
+} // namespace Test
+} // namespace DPL
+
+#endif // DPL_TEST_RESULTS_COLLECTOR_SUMMARY_H
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector_xml.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief Header file containing XmlCollector class declaration
+ */
+
+#ifndef DPL_TEST_RESULTS_COLLECTOR_XML_H
+#define DPL_TEST_RESULTS_COLLECTOR_XML_H
+
+#include <dpl/scoped_fclose.h>
+#include <dpl/test/statistic.h>
+#include <dpl/test/test_results_collector.h>
+
+namespace DPL {
+namespace Test {
+
+class XmlCollector :
+ public TestResultsCollectorBase
+{
+public:
+ static TestResultsCollectorBase* Constructor();
+
+private:
+ XmlCollector();
+
+ virtual std::string CollectorSpecificHelp() const;
+ virtual bool ParseCollectorSpecificArg(const std::string& arg);
+ virtual bool Configure();
+ virtual void Start();
+ virtual void CollectCurrentTestGroupName(const std::string& name);
+ virtual void CollectResult(const std::string& id,
+ const FailStatus status = FailStatus::NONE,
+ const std::string& reason = "",
+ const bool& isPerformanceTest = false,
+ const std::chrono::system_clock::duration& performanceTime
+ = std::chrono::microseconds::zero(),
+ const std::chrono::system_clock::duration& performanceMaxTime
+ = std::chrono::microseconds::zero());
+ virtual void Finish();
+
+ void GroupStart(const std::size_t pos, const std::string& name);
+ std::size_t GetCurrentGroupPosition() const;
+ void UpdateGroupHeader(const std::size_t groupPosition,
+ const unsigned int tests,
+ const unsigned int failures,
+ const unsigned int skipped);
+ void UpdateElementAttribute(const std::size_t elementPosition,
+ const std::string& name,
+ const std::string& value);
+ std::string UIntToString(const unsigned int value);
+ void GroupFinish(const std::size_t groupPosition);
+ void PrintfErrorMessage(const char* type,
+ const std::string& message,
+ bool verbosity);
+ void PrintfIgnoredMessage(const char* type,
+ const std::string& message,
+ bool verbosity);
+ void FlushOutput();
+ std::string EscapeSpecialCharacters(std::string s);
+
+ std::string m_filename;
+ ScopedFClose m_fp;
+ Statistic m_stats;
+ std::string m_outputBuffer;
+ std::string m_resultBuffer;
+};
+
+} // namespace Test
+} // namespace DPL
+
+#endif // DPL_TEST_RESULTS_COLLECTOR_XML_H
--- /dev/null
+/*
+ * Copyright (c) 2011-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of test runner
+ */
+
+#ifndef DPL_TEST_RUNNER_H
+#define DPL_TEST_RUNNER_H
+
+#include <chrono>
+#include <cstring>
+#include <exception>
+#include <iostream>
+#include <list>
+#include <map>
+#include <queue>
+#include <set>
+#include <sstream>
+#include <string>
+#include <vector>
+
+#include <dpl/atomic.h>
+#include <dpl/availability.h>
+#include <dpl/colors.h>
+#include <dpl/gdbbacktrace.h>
+#include <dpl/singleton.h>
+#include <dpl/test/test_results_collector.h>
+
+namespace DPL {
+namespace Test {
+class TestRunner
+{
+ typedef std::map<std::string, TestResultsCollectorBasePtr>
+ TestResultsCollectors;
+ TestResultsCollectors m_collectors;
+
+ std::string m_startTestId;
+ bool m_runIgnored;
+
+ std::queue<std::string> m_failReason;
+
+ public:
+ TestRunner() :
+ m_currentTestCase(nullptr)
+ , m_terminate(false)
+ , m_allowChildLogs(false)
+ {}
+
+ void beginPerformanceTestTime(std::chrono::system_clock::duration maxTimeInMicroseconds);
+ void endPerformanceTestTime();
+ void getCurrentTestCasePerformanceResult(bool& isPerformanceTest,
+ std::chrono::system_clock::duration& result,
+ std::chrono::system_clock::duration& resultMax);
+ void setCurrentTestCasePerformanceResult(bool isPerformanceTest,
+ std::chrono::system_clock::duration result,
+ std::chrono::system_clock::duration resultMax);
+
+ void addFailReason(const std::string &reason);
+
+ typedef void (*TestCase)();
+
+ private:
+ struct TestCaseStruct
+ {
+ std::string name;
+ TestCase proc;
+
+ bool m_isPerformanceTest;
+ std::chrono::system_clock::time_point m_performanceTestStartTime;
+ std::chrono::system_clock::duration m_performanceTestDurationTime;
+ std::chrono::system_clock::duration m_performanceMaxTime;
+
+ bool operator <(const TestCaseStruct &other) const
+ {
+ return name < other.name;
+ }
+
+ bool operator ==(const TestCaseStruct &other) const
+ {
+ return name == other.name;
+ }
+
+ TestCaseStruct(const std::string &n, TestCase p) :
+ name(n),
+ proc(p),
+ m_isPerformanceTest(false)
+ {}
+ };
+
+ typedef std::list<TestCaseStruct> TestCaseStructList;
+ typedef std::map<std::string, TestCaseStructList> TestCaseGroupMap;
+ TestCaseGroupMap m_testGroups;
+
+ TestCaseStruct * m_currentTestCase;
+
+ typedef std::set<std::string> SelectedTestNameSet;
+ SelectedTestNameSet m_selectedTestNamesSet;
+ typedef std::set<std::string> SelectedTestGroupSet;
+ SelectedTestGroupSet m_selectedTestGroupSet;
+ std::string m_currentGroup;
+
+ DPL::Atomic m_totalAssertions;
+
+ // Terminate without any logs.
+ // Some test requires to call fork function.
+ // Child process must not produce any logs and should die quietly.
+ bool m_terminate;
+ bool m_allowChildLogs;
+
+ void Banner();
+ void InvalidArgs(const std::string& message = "Invalid arguments!");
+ void Usage();
+
+ bool filterGroupsByXmls(const std::vector<std::string> & files);
+ bool filterByXML(std::map<std::string, bool> & casesMap);
+ void normalizeXMLTag(std::string& str, const std::string& testcase);
+
+ enum Status { FAILED, IGNORED, PASS };
+
+ Status RunTestCase(const TestCaseStruct& testCase);
+
+ void setCurrentTestCase(TestCaseStruct* testCase);
+ TestCaseStruct *getCurrentTestCase();
+
+ void RunTests();
+
+ std::string getConcatedFailReason(const std::string &reason);
+
+ void CollectResult(const std::string& id,
+ const TestResultsCollectorBase::FailStatus status
+ = TestResultsCollectorBase::FailStatus::NONE,
+ const std::string& reason = std::string(),
+ const bool& isPerformanceTest = false,
+ const std::chrono::system_clock::duration& performanceTime = std::chrono::microseconds::zero(),
+ const std::chrono::system_clock::duration& performanceMaxTime = std::chrono::microseconds::zero());
+
+ public:
+ class TestFailed
+ {
+ private:
+ std::string m_message;
+
+ public:
+ TestFailed()
+ {}
+
+ //! \brief Failed test message creator
+ //!
+ //! \param[in] aTest string for tested expression
+ //! \param[in] aFile source file name
+ //! \param[in] aLine source file line
+ //! \param[in] aMessage error message
+ TestFailed(const char* aTest,
+ const char* aFile,
+ int aLine,
+ const std::string &aMessage);
+
+ TestFailed(const std::string &message);
+
+ std::string GetMessage() const
+ {
+ return m_message;
+ }
+ };
+
+ class Ignored
+ {
+ private:
+ std::string m_message;
+
+ public:
+ Ignored()
+ {}
+
+ Ignored(const std::string &message) :
+ m_message(message)
+ {}
+
+ std::string GetMessage() const
+ {
+ return m_message;
+ }
+ };
+
+ void MarkAssertion();
+
+ void RegisterTest(const char *testName, TestCase proc);
+ void InitGroup(const char* name);
+
+ int ExecTestRunner(int argc, char *argv[]);
+ typedef std::vector<std::string> ArgsList;
+ int ExecTestRunner(ArgsList args);
+ bool getRunIgnored() const;
+ // The runner will terminate as soon as possible (after current test).
+ void Terminate();
+ bool GetAllowChildLogs();
+};
+
+typedef DPL::Singleton<TestRunner> TestRunnerSingleton;
+}
+} // namespace DPL
+
+#define RUNNER_TEST_GROUP_INIT(GroupName) \
+ static int Static##GroupName##Init() \
+ { \
+ DPL::Test::TestRunnerSingleton::Instance().InitGroup(#GroupName); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##GroupName##InitVar = \
+ Static##GroupName##Init();
+
+#define RUNNER_TEST(Proc) \
+ void Proc(); \
+ static int Static##Proc##Init() \
+ { \
+ DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc()
+
+
+/**
+ * ASSERT MACROS
+ *
+ * Use them to create assertions in test cases. To do that put them inside test
+ * body. Failing assertion indicates failing test.
+ */
+
+#define RUNNER_ASSERT_MSG(test, message) \
+ do \
+ { \
+ DPL::Test::TestRunnerSingleton::Instance().MarkAssertion(); \
+ \
+ if (!(test)) \
+ { \
+ std::ostringstream assertMsg; \
+ assertMsg << message << DPL::gdbbacktrace(); \
+ DPL::Test::TestRunner::TestFailed e(#test, \
+ __FILE__, \
+ __LINE__, \
+ assertMsg.str()); \
+ if (!std::uncaught_exception()) \
+ throw e; \
+ DPL::Test::TestRunnerSingleton::Instance().addFailReason(e.GetMessage()); \
+ } \
+ } while (0)
+
+#define RUNNER_ASSERT_ERRNO_MSG(test, message) \
+ do \
+ { \
+ DPL::Test::TestRunnerSingleton::Instance().MarkAssertion(); \
+ \
+ if (!(test)) \
+ { \
+ const char *err = strerror(errno); \
+ std::ostringstream assertMsg; \
+ assertMsg << message; \
+ if (!assertMsg.str().empty()) \
+ assertMsg << ". "; \
+ assertMsg << err << DPL::gdbbacktrace(); \
+ DPL::Test::TestRunner::TestFailed e(#test, \
+ __FILE__, \
+ __LINE__, \
+ assertMsg.str()); \
+ if (!std::uncaught_exception()) \
+ throw e; \
+ DPL::Test::TestRunnerSingleton::Instance().addFailReason(e.GetMessage()); \
+ } \
+ } while (0)
+
+#define RUNNER_ASSERT_ERRNO(test) \
+ RUNNER_ASSERT_ERRNO_MSG(test, "")
+
+#define RUNNER_FAIL_MSG(message) \
+ RUNNER_ASSERT_MSG(false, message)
+
+#define RUNNER_ASSERT(test) \
+ RUNNER_ASSERT_MSG(test, "")
+
+/**
+ * IGNORE MACRO
+ *
+ * When test reaches this macro call, its furhter code will be ignored.
+ * To ignore whole test, put this macro call at the beginning of this tests
+ * body.
+ */
+
+#define RUNNER_IGNORED_MSG(message) \
+ do \
+ { \
+ std::ostringstream assertMsg; \
+ assertMsg << message; \
+ throw DPL::Test::TestRunner::Ignored(assertMsg.str()); \
+ } while (0)
+
+/**
+ * PERF MACROS
+ *
+ * Use these macros to do the time measurement. The first macro will start time measurement,
+ * the second will gather the result. These macros can be used only once per test-case.
+ * The result of time measurement will be displayed only if the test will pass.
+ * Notice that these macros will work only if will be used in parent process. If these
+ * macros will be used in child process then there will be no time measure results printed.
+ * This macro in multiprocess tests has effect only if used in parent process. This macro
+ * used in child process in multiprocess test has no effect.
+ * The precision of measurement is 1 microsecond - the smallest time value that can be
+ * measured is 0.000001s.
+ * The time measure results will be printed only specific output format:
+ * - text
+ * - html
+ * - xml
+ */
+
+#define RUNNER_PERF_TEST_BEGIN(maxTime) \
+ do { \
+ DPL::Test::TestRunnerSingleton::Instance().beginPerformanceTestTime( \
+ std::chrono::microseconds{static_cast<long long int>(maxTime*1000000.0)}); \
+ } while (0)
+
+#define RUNNER_PERF_TEST_END() \
+ do { \
+ DPL::Test::TestRunnerSingleton::Instance().endPerformanceTestTime(); \
+ } while (0)
+
+/**
+ * MSG MACROS
+ *
+ * Use these macros to print error messages during test run time
+ */
+
+#define RUNNER_ERROR_MSG(message) \
+ do { \
+ std::cerr << DPL::Colors::Text::RED_BEGIN << message \
+ << DPL::Colors::Text::RED_END << std::endl; \
+ } while (0)
+
+#endif // DPL_TEST_RUNNER_H
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner_child.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of test runner
+ */
+#ifndef DPL_TEST_RUNNER_CHILD_H
+#define DPL_TEST_RUNNER_CHILD_H
+
+#include <dpl/test/test_runner.h>
+
+namespace DPL {
+namespace Test {
+
+class PipeWrapper : DPL::Noncopyable
+{
+ public:
+ enum Usage {
+ READONLY,
+ WRITEONLY
+ };
+
+ enum Status {
+ SUCCESS,
+ TIMEOUT,
+ ERROR
+ };
+
+ PipeWrapper();
+
+ bool isReady();
+
+ void setUsage(Usage usage);
+
+ virtual ~PipeWrapper();
+
+ Status send(int code, std::string &message);
+ Status sendTime(int code,
+ std::chrono::system_clock::duration time,
+ std::chrono::system_clock::duration timeMax);
+
+ Status receive(int &code,
+ int &msgType,
+ std::string &data,
+ std::chrono::system_clock::duration &time,
+ std::chrono::system_clock::duration &timeMax,
+ time_t deadline);
+
+ void closeAll();
+
+ protected:
+
+ std::string toBinaryString(int data);
+ std::string toBinaryString(std::chrono::system_clock::duration data);
+
+ void closeHelp(int desc);
+
+ Status writeHelp(const void *buffer, int size);
+
+ Status readHelp(void *buf, int size, time_t deadline);
+
+ static const int PIPE_CLOSED = -1;
+
+ int m_pipefd[2];
+};
+
+void RunChildProc(TestRunner::TestCase procChild);
+} // namespace Test
+} // namespace DPL
+
+#define RUNNER_CHILD_TEST(Proc) \
+ void Proc(); \
+ void Proc##Child(); \
+ static int Static##Proc##Init() \
+ { \
+ DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc(){ \
+ DPL::Test::RunChildProc(&Proc##Child); \
+ } \
+ void Proc##Child()
+
+#endif // DPL_TEST_RUNNER_CHILD_H
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner_multiprocess.h
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief This file is the header file of multiprocess test runner
+ */
+#ifndef DPL_TEST_RUNNER_MULTIPROCESS_H
+#define DPL_TEST_RUNNER_MULTIPROCESS_H
+
+#include <dpl/test/test_runner_child.h>
+
+namespace DPL {
+namespace Test {
+
+class SimplePipeWrapper :
+ public PipeWrapper
+{
+ public:
+ SimplePipeWrapper();
+
+ virtual ~SimplePipeWrapper();
+
+ Status send(std::string &message);
+ Status receive(std::string &data, bool &empty, time_t deadline);
+};
+
+void RunMultiProc(TestRunner::TestCase procMulti);
+} // namespace Test
+} // namespace DPL
+
+#define RUNNER_MULTIPROCESS_TEST(Proc) \
+ void Proc(); \
+ void Proc##Multi(); \
+ static int Static##Proc##Init() \
+ { \
+ DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
+ void Proc(){ \
+ DPL::Test::RunMultiProc(&Proc##Multi); \
+ } \
+ void Proc##Multi()
+
+#endif // DPL_TEST_RUNNER_MULTIPROCESS_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file abstract_log_provider.cpp
+ * @author Pawel Sikorski (p.sikorski@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of abstract log provider
+ */
+#include <stddef.h>
+#include <dpl/log/abstract_log_provider.h>
+#include <cstring>
+
+namespace DPL {
+namespace Log {
+const char *AbstractLogProvider::LocateSourceFileName(const char *filename)
+{
+ const char *ptr = strrchr(filename, '/');
+ return ptr != nullptr ? ptr + 1 : filename;
+}
+}
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file assert.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of assert
+ */
+#include <stddef.h>
+#include <dpl/assert.h>
+#include <dpl/colors.h>
+#include <dpl/exception.h>
+#include <dpl/log/log.h>
+#include <cstdlib>
+
+namespace DPL {
+void AssertProc(const char *condition,
+ const char *file,
+ int line,
+ const char *function)
+{
+#define INTERNAL_LOG(message) \
+ do \
+ { \
+ std::ostringstream platformLog; \
+ platformLog << message; \
+ DPL::Log::LogSystemSingleton::Instance().Pedantic( \
+ platformLog.str().c_str(), \
+ __FILE__, __LINE__, __FUNCTION__); \
+ } \
+ while (0)
+
+ // Try to log failed assertion to log system
+ Try
+ {
+ INTERNAL_LOG(
+ "################################################################################");
+ INTERNAL_LOG(
+ "### DPL assertion failed! ###");
+ INTERNAL_LOG(
+ "################################################################################");
+ INTERNAL_LOG("### Condition: " << condition);
+ INTERNAL_LOG("### File: " << file);
+ INTERNAL_LOG("### Line: " << line);
+ INTERNAL_LOG("### Function: " << function);
+ INTERNAL_LOG(
+ "################################################################################");
+ } catch (Exception) {
+ // Just ignore possible double errors
+ }
+
+ // Fail with c-library abort
+ abort();
+}
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file atomic.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of atomic
+ */
+#include <stddef.h>
+#include <dpl/atomic.h>
+
+namespace DPL {
+Atomic::Atomic(ValueType value) :
+ m_value(value)
+{}
+
+Atomic::ValueType Atomic::ExchangeAndAdd(ValueType value)
+{
+ return g_atomic_int_add(const_cast<gint* >(&m_value), value);
+}
+
+bool Atomic::CompareAndExchange(ValueType oldValue, ValueType newValue)
+{
+ return g_atomic_int_compare_and_exchange(const_cast<gint* >(&m_value),
+ oldValue,
+ newValue);
+}
+
+bool Atomic::operator--()
+{
+ return g_atomic_int_dec_and_test(const_cast<gint* >(&m_value)) != TRUE;
+}
+
+void Atomic::operator++()
+{
+ g_atomic_int_inc(const_cast<gint* >(&m_value));
+}
+
+Atomic::operator ValueType() const
+{
+ return g_atomic_int_get(const_cast<gint* >(&m_value));
+}
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file binary_queue.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of binary queue
+ */
+#include <stddef.h>
+#include <dpl/binary_queue.h>
+#include <dpl/assert.h>
+#include <dpl/scoped_free.h>
+#include <algorithm>
+#include <malloc.h>
+#include <cstring>
+#include <new>
+
+namespace DPL {
+BinaryQueue::BinaryQueue() :
+ m_size(0)
+{}
+
+BinaryQueue::BinaryQueue(const BinaryQueue &other) :
+ m_size(0)
+{
+ AppendCopyFrom(other);
+}
+
+BinaryQueue::~BinaryQueue()
+{
+ // Remove all remainig buckets
+ Clear();
+}
+
+const BinaryQueue &BinaryQueue::operator=(const BinaryQueue &other)
+{
+ if (this != &other) {
+ Clear();
+ AppendCopyFrom(other);
+ }
+
+ return *this;
+}
+
+void BinaryQueue::AppendCopyFrom(const BinaryQueue &other)
+{
+ // To speed things up, always copy as one bucket
+ void *bufferCopy = malloc(other.m_size);
+
+ if (bufferCopy == nullptr) {
+ throw std::bad_alloc();
+ }
+
+ try {
+ other.Flatten(bufferCopy, other.m_size);
+ AppendUnmanaged(bufferCopy, other.m_size, &BufferDeleterFree, nullptr);
+ } catch (const std::bad_alloc &) {
+ // Free allocated memory
+ free(bufferCopy);
+ throw;
+ }
+}
+
+void BinaryQueue::AppendMoveFrom(BinaryQueue &other)
+{
+ // Copy all buckets
+ std::copy(other.m_buckets.begin(),
+ other.m_buckets.end(), std::back_inserter(m_buckets));
+ m_size += other.m_size;
+
+ // Clear other, but do not free memory
+ other.m_buckets.clear();
+ other.m_size = 0;
+}
+
+void BinaryQueue::AppendCopyTo(BinaryQueue &other) const
+{
+ other.AppendCopyFrom(*this);
+}
+
+void BinaryQueue::AppendMoveTo(BinaryQueue &other)
+{
+ other.AppendMoveFrom(*this);
+}
+
+void BinaryQueue::Clear()
+{
+ std::for_each(m_buckets.begin(), m_buckets.end(), &DeleteBucket);
+ m_buckets.clear();
+ m_size = 0;
+}
+
+void BinaryQueue::AppendCopy(const void* buffer, size_t bufferSize)
+{
+ // Create data copy with malloc/free
+ void *bufferCopy = malloc(bufferSize);
+
+ // Check if allocation succeded
+ if (bufferCopy == nullptr) {
+ throw std::bad_alloc();
+ }
+
+ // Copy user data
+ memcpy(bufferCopy, buffer, bufferSize);
+
+ try {
+ // Try to append new bucket
+ AppendUnmanaged(bufferCopy, bufferSize, &BufferDeleterFree, nullptr);
+ } catch (const std::bad_alloc &) {
+ // Free allocated memory
+ free(bufferCopy);
+ throw;
+ }
+}
+
+void BinaryQueue::AppendUnmanaged(const void* buffer,
+ size_t bufferSize,
+ BufferDeleter deleter,
+ void* userParam)
+{
+ // Do not attach empty buckets
+ if (bufferSize == 0) {
+ deleter(buffer, bufferSize, userParam);
+ return;
+ }
+
+ // Just add new bucket with selected deleter
+ m_buckets.push_back(new Bucket(buffer, bufferSize, deleter, userParam));
+
+ // Increase total queue size
+ m_size += bufferSize;
+}
+
+size_t BinaryQueue::Size() const
+{
+ return m_size;
+}
+
+bool BinaryQueue::Empty() const
+{
+ return m_size == 0;
+}
+
+void BinaryQueue::Consume(size_t size)
+{
+ // Check parameters
+ if (size > m_size) {
+ Throw(Exception::OutOfData);
+ }
+
+ size_t bytesLeft = size;
+
+ // Consume data and/or remove buckets
+ while (bytesLeft > 0) {
+ // Get consume size
+ size_t count = std::min(bytesLeft, m_buckets.front()->left);
+
+ m_buckets.front()->ptr =
+ static_cast<const char *>(m_buckets.front()->ptr) + count;
+ m_buckets.front()->left -= count;
+ bytesLeft -= count;
+ m_size -= count;
+
+ if (m_buckets.front()->left == 0) {
+ DeleteBucket(m_buckets.front());
+ m_buckets.pop_front();
+ }
+ }
+}
+
+void BinaryQueue::Flatten(void *buffer, size_t bufferSize) const
+{
+ // Check parameters
+ if (bufferSize == 0) {
+ return;
+ }
+
+ if (bufferSize > m_size) {
+ Throw(Exception::OutOfData);
+ }
+
+ size_t bytesLeft = bufferSize;
+ void *ptr = buffer;
+ BucketList::const_iterator bucketIterator = m_buckets.begin();
+ Assert(m_buckets.end() != bucketIterator);
+
+ // Flatten data
+ while (bytesLeft > 0) {
+ // Get consume size
+ size_t count = std::min(bytesLeft, (*bucketIterator)->left);
+
+ // Copy data to user pointer
+ memcpy(ptr, (*bucketIterator)->ptr, count);
+
+ // Update flattened bytes count
+ bytesLeft -= count;
+ ptr = static_cast<char *>(ptr) + count;
+
+ // Take next bucket
+ ++bucketIterator;
+ }
+}
+
+void BinaryQueue::FlattenConsume(void *buffer, size_t bufferSize)
+{
+ // FIXME: Optimize
+ Flatten(buffer, bufferSize);
+ Consume(bufferSize);
+}
+
+void BinaryQueue::DeleteBucket(BinaryQueue::Bucket *bucket)
+{
+ delete bucket;
+}
+
+void BinaryQueue::BufferDeleterFree(const void* data,
+ size_t dataSize,
+ void* userParam)
+{
+ (void)dataSize;
+ (void)userParam;
+
+ // Default free deleter
+ free(const_cast<void *>(data));
+}
+
+BinaryQueue::Bucket::Bucket(const void* data,
+ size_t dataSize,
+ BufferDeleter dataDeleter,
+ void* userParam) :
+ buffer(data),
+ ptr(data),
+ size(dataSize),
+ left(dataSize),
+ deleter(dataDeleter),
+ param(userParam)
+{
+ Assert(data != nullptr);
+ Assert(deleter != nullptr);
+}
+
+BinaryQueue::Bucket::~Bucket()
+{
+ // Invoke deleter on bucket data
+ deleter(buffer, size, param);
+}
+
+BinaryQueue::BucketVisitor::~BucketVisitor()
+{}
+
+BinaryQueue::BucketVisitorCall::BucketVisitorCall(BucketVisitor *visitor) :
+ m_visitor(visitor)
+{}
+
+BinaryQueue::BucketVisitorCall::~BucketVisitorCall()
+{}
+
+void BinaryQueue::BucketVisitorCall::operator()(Bucket *bucket) const
+{
+ m_visitor->OnVisitBucket(bucket->ptr, bucket->left);
+}
+
+void BinaryQueue::VisitBuckets(BucketVisitor *visitor) const
+{
+ Assert(visitor != nullptr);
+
+ // Visit all buckets
+ std::for_each(m_buckets.begin(), m_buckets.end(), BucketVisitorCall(visitor));
+}
+
+BinaryQueueAutoPtr BinaryQueue::Read(size_t size)
+{
+ // Simulate input stream
+ size_t available = std::min(size, m_size);
+
+ ScopedFree<void> bufferCopy(malloc(available));
+
+ if (!bufferCopy) {
+ throw std::bad_alloc();
+ }
+
+ BinaryQueueAutoPtr result(new BinaryQueue());
+
+ Flatten(bufferCopy.Get(), available);
+ result->AppendUnmanaged(
+ bufferCopy.Get(), available, &BufferDeleterFree, nullptr);
+ bufferCopy.Release();
+ Consume(available);
+
+ return result;
+}
+
+size_t BinaryQueue::Write(const BinaryQueue &buffer, size_t bufferSize)
+{
+ // Simulate output stream
+ AppendCopyFrom(buffer);
+ return bufferSize;
+}
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file colors.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief Some constants with definition of colors for Console
+ * and html output
+ */
+#include <stddef.h>
+#include <dpl/colors.h>
+
+namespace DPL {
+namespace Colors {
+namespace Text {
+const char* BOLD_GREEN_BEGIN = "\033[1;32m";
+const char* BOLD_GREEN_END = "\033[m";
+const char* RED_BEGIN = "\033[0;31m";
+const char* RED_END = "\033[m";
+const char* PURPLE_BEGIN = "\033[0;35m";
+const char* PURPLE_END = "\033[m";
+const char* GREEN_BEGIN = "\033[0;32m";
+const char* GREEN_END = "\033[m";
+const char* CYAN_BEGIN = "\033[0;36m";
+const char* CYAN_END = "\033[m";
+const char* BOLD_RED_BEGIN = "\033[1;31m";
+const char* BOLD_RED_END = "\033[m";
+const char* BOLD_YELLOW_BEGIN = "\033[1;33m";
+const char* BOLD_YELLOW_END = "\033[m";
+const char* BOLD_GOLD_BEGIN = "\033[0;33m";
+const char* BOLD_GOLD_END = "\033[m";
+const char* BOLD_WHITE_BEGIN = "\033[1;37m";
+const char* BOLD_WHITE_END = "\033[m";
+} //namespace Text
+
+namespace Html {
+const char* BOLD_GREEN_BEGIN = "<font color=\"green\"><b>";
+const char* BOLD_GREEN_END = "</b></font>";
+const char* PURPLE_BEGIN = "<font color=\"purple\"><b>";
+const char* PURPLE_END = "</b></font>";
+const char* RED_BEGIN = "<font color=\"red\"><b>";
+const char* RED_END = "</b></font>";
+const char* GREEN_BEGIN = "<font color=\"green\">";
+const char* GREEN_END = "</font>";
+const char* CYAN_BEGIN = "<font color=\"cyan\">";
+const char* CYAN_END = "</font>";
+const char* BOLD_RED_BEGIN = "<font color=\"red\"><b>";
+const char* BOLD_RED_END = "</b></font>";
+const char* BOLD_YELLOW_BEGIN = "<font color=\"yellow\"><b>";
+const char* BOLD_YELLOW_END = "</b></font>";
+const char* BOLD_GOLD_BEGIN = "<font color=\"gold\"><b>";
+const char* BOLD_GOLD_END = "</b></font>";
+const char* BOLD_WHITE_BEGIN = "<font color=\"white\"><b>";
+const char* BOLD_WHITE_END = "</b></font>";
+} //namespace Html
+} //namespace Colors
+} //namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file dlog_log_provider.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of DLOG log provider
+ */
+#include <stddef.h>
+#include <dpl/log/dlog_log_provider.h>
+#include <cstring>
+#include <sstream>
+#include <dlog.h>
+
+namespace DPL {
+namespace Log {
+std::string DLOGLogProvider::FormatMessage(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ std::ostringstream val;
+
+ val << std::string("[") <<
+ LocateSourceFileName(filename) << std::string(":") << line <<
+ std::string("] ") << function << std::string("(): ") << message;
+
+ return val.str();
+}
+
+DLOGLogProvider::DLOGLogProvider()
+{}
+
+DLOGLogProvider::~DLOGLogProvider()
+{}
+
+void DLOGLogProvider::SetTag(const char *tag)
+{
+ m_tag.Reset(strdup(tag));
+}
+
+void DLOGLogProvider::Debug(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+#ifdef SECURE_LOG
+ SECURE_LOG(LOG_DEBUG, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+#else
+ LOG(LOG_DEBUG, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+#endif
+}
+
+void DLOGLogProvider::Info(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+#ifdef SECURE_LOG
+ SECURE_LOG(LOG_INFO, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+#else
+ LOG(LOG_INFO, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+#endif
+}
+
+void DLOGLogProvider::Warning(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+#ifdef SECURE_LOG
+ SECURE_LOG(LOG_WARN, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+#else
+ LOG(LOG_WARN, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+#endif
+}
+
+void DLOGLogProvider::Error(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+#ifdef SECURE_LOG
+ SECURE_LOG(LOG_ERROR, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+#else
+ LOG(LOG_ERROR, m_tag.Get(), "%s",
+ FormatMessage(message, filename, line, function).c_str());
+#endif
+}
+
+void DLOGLogProvider::Pedantic(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+#ifdef SECURE_LOG
+ SECURE_LOG(LOG_DEBUG, "DPL", "%s", FormatMessage(message,
+ filename,
+ line,
+ function).c_str());
+#else
+ LOG(LOG_DEBUG, "DPL", "%s", FormatMessage(message,
+ filename,
+ line,
+ function).c_str());
+#endif
+}
+}
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file exception.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation of exception system
+ */
+#include <stddef.h>
+#include <dpl/exception.h>
+#include <dpl/log/log.h>
+#include <cstdio>
+
+namespace DPL {
+Exception* Exception::m_lastException = nullptr;
+unsigned int Exception::m_exceptionCount = 0;
+void (*Exception::m_terminateHandler)() = nullptr;
+
+void LogUnhandledException(const std::string &str)
+{
+ // Logging to console
+ printf("%s\n", str.c_str());
+
+ // Logging to dlog
+ LogPedantic(str);
+}
+
+void LogUnhandledException(const std::string &str,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ // Logging to console
+ std::ostringstream msg;
+ msg << "\033[1;5;31m\n=== [" << filename << ":" << line << "] " <<
+ function << " ===\033[m";
+ msg << str;
+ printf("%s\n", msg.str().c_str());
+
+ // Logging to dlog
+ DPL::Log::LogSystemSingleton::Instance().Error(
+ str.c_str(), filename, line, function);
+}
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file gdbbacktrace.cpp
+ * @author Pawel Broda (p.broda@partner.samsung.com)
+ * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
+ * @version 1.0
+ * @brief API providing backtrace
+ */
+
+#include <cerrno>
+#include <cstdio>
+#include <cstdlib>
+#include <cstring>
+#include <fcntl.h>
+#include <iomanip>
+#include <iostream>
+#include <regex>
+#include <sstream>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include <dpl/colors.h>
+
+#include <dpl/gdbbacktrace.h>
+
+namespace DPL {
+namespace {
+
+const std::string FRAME_PATTERN_DPL("in DPL::Test");
+const std::string FRAME_GDBBACKTRACE("in DPL::gdbbacktrace");
+const std::string DEV_NULL("/dev/null");
+const std::string TMP_FILE_PREFIX("/tmp/security-tests_gdbbacktrace-");
+
+void printColor(const char *err, int errnoNumber = 0)
+{
+ std::cerr << Colors::Text::RED_BEGIN << "gdbbacktrace() failed: " << err
+ << ((errnoNumber != 0) ? (std::string(". ") + strerror(errnoNumber)) : "")
+ << Colors::Text::RED_END << std::endl;
+}
+
+bool backtraceParseLine(const std::string &line, std::ostream &result, size_t lineNumber)
+{
+ if (line.find(FRAME_PATTERN_DPL, 0) != std::string::npos)
+ return false;
+
+ std::smatch m;
+ std::regex expr("^#\\d+\\s+0x[0-9a-fA-F]+\\s+(.+)");
+ if (!std::regex_search (line, m, expr))
+ return false;
+
+ result << "#" << std::left << std::setw(2) << lineNumber << " " << m[m.size()-1] << std::endl;
+ return true;
+}
+
+std::string backtraceRead(const std::string &filename)
+{
+ errno = 0;
+ FILE *bt_fd = fopen(filename.c_str(), "r");
+ if (bt_fd == nullptr) {
+ printColor("fopen() failed", errno);
+ return "";
+ }
+
+ std::ostringstream result;
+ result << std::endl;
+
+ char * line = nullptr;
+ size_t len = 0;
+
+ while (true) {
+ if (-1 == getline(&line, &len, bt_fd)) {
+ printColor("No backtrace information", errno);
+ free(line);
+ fclose(bt_fd);
+ return "";
+ }
+ if (std::string(line).find(FRAME_GDBBACKTRACE, 0) != std::string::npos)
+ break;
+ }
+
+ size_t lineNumber = 1;
+ while (-1 != getline(&line, &len, bt_fd)) {
+ if (backtraceParseLine(line, result, lineNumber))
+ ++lineNumber;
+ }
+
+ free(line);
+ fclose(bt_fd);
+
+ return result.str();
+}
+
+void runChild()
+{
+ try {
+ std::string filename = TMP_FILE_PREFIX + std::to_string(getpid());
+ int devnullWrite = TEMP_FAILURE_RETRY(open(DEV_NULL.c_str(), O_WRONLY));
+ if (-1 == devnullWrite)
+ exit(EXIT_FAILURE);
+ int writeFd = TEMP_FAILURE_RETRY(creat(filename.c_str(), S_IRUSR | S_IWUSR));
+ if (-1 == writeFd)
+ exit(EXIT_FAILURE);
+ int devnullRead = TEMP_FAILURE_RETRY(open(DEV_NULL.c_str(), O_RDONLY));
+ if (-1 == devnullRead)
+ exit(EXIT_FAILURE);
+ if (-1 == TEMP_FAILURE_RETRY(dup2(devnullWrite, STDERR_FILENO)))
+ exit(EXIT_FAILURE);
+ if (-1 == TEMP_FAILURE_RETRY(dup2(writeFd, STDOUT_FILENO)))
+ exit(EXIT_FAILURE);
+ if (-1 == TEMP_FAILURE_RETRY(dup2(devnullRead, STDIN_FILENO)))
+ exit(EXIT_FAILURE);
+ std::string ppid = std::to_string(getppid());
+ execl("/usr/bin/gdb", "gdb", "--batch", "-n", "-ex", "bt", "--pid", ppid.c_str(),
+ (char*)nullptr);
+ // gdb failed to start...
+ } catch (...) {
+ }
+ exit(EXIT_FAILURE);
+}
+
+} // namespace
+
+std::string gdbbacktrace(void)
+{
+ std::string ret;
+
+ pid_t childPid = fork();
+ switch (childPid) {
+ case -1:
+ printColor("fork() failed", errno);
+ return ret;
+ case 0:
+ runChild();
+ default:
+ break;
+ }
+
+ std::string filename = TMP_FILE_PREFIX + std::to_string(childPid);
+
+ int status;
+ pid_t pid = TEMP_FAILURE_RETRY(waitpid(childPid, &status, 0));
+ if (-1 == pid)
+ printColor("waitpid() failed", errno);
+ else if (!WIFEXITED(status) || WEXITSTATUS(status) != EXIT_SUCCESS)
+ printColor("Error: no gdb or failed to start gdb...");
+ else
+ ret = backtraceRead(filename);
+
+ if (-1 == unlink(filename.c_str()) && errno != ENOENT)
+ printColor("unlink() failed", errno);
+ return ret;
+}
+
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file log.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of log system
+ */
+#include <stddef.h>
+#include <string.h>
+
+#include <dpl/log/log.h>
+#include <dpl/singleton_impl.h>
+
+IMPLEMENT_SINGLETON(DPL::Log::LogSystem)
+
+namespace DPL {
+namespace Log {
+namespace // anonymous
+{
+const char *OLD_STYLE_LOGS_ENV_NAME = "DPL_USE_OLD_STYLE_LOGS";
+const char *OLD_STYLE_PEDANTIC_LOGS_ENV_NAME =
+ "DPL_USE_OLD_STYLE_PEDANTIC_LOGS";
+const char *OLD_STYLE_LOGS_MASK_ENV_NAME = "DPL_USE_OLD_STYLE_LOGS_MASK";
+const char *DPL_LOG_OFF = "DPL_LOG_OFF";
+} // namespace anonymous
+
+bool LogSystem::IsLoggingEnabled() const
+{
+ return m_isLoggingEnabled;
+}
+
+LogSystem::LogSystem() :
+ m_dlogProvider(nullptr),
+ m_oldStyleProvider(nullptr),
+ m_isLoggingEnabled(!getenv(DPL_LOG_OFF))
+{
+ bool oldStyleLogs = false;
+ bool oldStyleDebugLogs = true;
+ bool oldStyleInfoLogs = true;
+ bool oldStyleWarningLogs = true;
+ bool oldStyleErrorLogs = true;
+ bool oldStylePedanticLogs = false;
+
+ // Check environment settings about pedantic logs
+ const char *value = getenv(OLD_STYLE_LOGS_ENV_NAME);
+
+ if (value != nullptr && !strcmp(value, "1")) {
+ oldStyleLogs = true;
+ }
+
+ value = getenv(OLD_STYLE_PEDANTIC_LOGS_ENV_NAME);
+
+ if (value != nullptr && !strcmp(value, "1")) {
+ oldStylePedanticLogs = true;
+ }
+
+ value = getenv(OLD_STYLE_LOGS_MASK_ENV_NAME);
+
+ if (value != nullptr) {
+ size_t len = strlen(value);
+
+ if (len >= 1) {
+ if (value[0] == '0') {
+ oldStyleDebugLogs = false;
+ } else if (value[0] == '1') {
+ oldStyleDebugLogs = true;
+ }
+ }
+
+ if (len >= 2) {
+ if (value[1] == '0') {
+ oldStyleInfoLogs = false;
+ } else if (value[1] == '1') {
+ oldStyleInfoLogs = true;
+ }
+ }
+
+ if (len >= 3) {
+ if (value[2] == '0') {
+ oldStyleWarningLogs = false;
+ } else if (value[2] == '1') {
+ oldStyleWarningLogs = true;
+ }
+ }
+
+ if (len >= 4) {
+ if (value[3] == '0') {
+ oldStyleErrorLogs = false;
+ } else if (value[3] == '1') {
+ oldStyleErrorLogs = true;
+ }
+ }
+ }
+
+ // Setup default DLOG and old style logging
+ if (oldStyleLogs) {
+ // Old style
+ m_oldStyleProvider = new OldStyleLogProvider(oldStyleDebugLogs,
+ oldStyleInfoLogs,
+ oldStyleWarningLogs,
+ oldStyleErrorLogs,
+ oldStylePedanticLogs);
+ AddProvider(m_oldStyleProvider);
+ } else {
+ // DLOG
+ m_dlogProvider = new DLOGLogProvider();
+ AddProvider(m_dlogProvider);
+ }
+}
+
+LogSystem::~LogSystem()
+{
+ // Delete all providers
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ delete *iterator;
+ }
+
+ m_providers.clear();
+
+ // And even default providers
+ m_dlogProvider = nullptr;
+ m_oldStyleProvider = nullptr;
+}
+
+void LogSystem::SetTag(const char* tag)
+{
+ if (m_dlogProvider != nullptr) {
+ m_dlogProvider->SetTag(tag);
+ }
+}
+
+void LogSystem::AddProvider(AbstractLogProvider *provider)
+{
+ m_providers.push_back(provider);
+}
+
+void LogSystem::RemoveProvider(AbstractLogProvider *provider)
+{
+ m_providers.remove(provider);
+}
+
+void LogSystem::Debug(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ (*iterator)->Debug(message, filename, line, function);
+ }
+}
+
+void LogSystem::Info(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ (*iterator)->Info(message, filename, line, function);
+ }
+}
+
+void LogSystem::Warning(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ (*iterator)->Warning(message, filename, line, function);
+ }
+}
+
+void LogSystem::Error(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ (*iterator)->Error(message, filename, line, function);
+ }
+}
+
+void LogSystem::Pedantic(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
+ iterator != m_providers.end();
+ ++iterator)
+ {
+ (*iterator)->Pedantic(message, filename, line, function);
+ }
+}
+}
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file noncopyable.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of noncopyable
+ */
+#include <stddef.h>
+#include <dpl/noncopyable.h>
+
+namespace DPL {
+Noncopyable::Noncopyable()
+{}
+
+Noncopyable::~Noncopyable()
+{}
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file old_style_log_provider.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of old style log provider
+ */
+#include <stddef.h>
+#include <dpl/log/old_style_log_provider.h>
+#include <dpl/colors.h>
+#include <cstdio>
+#include <cstring>
+#include <sstream>
+#include <sys/time.h>
+#include <unistd.h>
+
+namespace DPL {
+namespace Log {
+namespace // anonymous
+{
+using namespace DPL::Colors::Text;
+const char *DEBUG_BEGIN = GREEN_BEGIN;
+const char *DEBUG_END = GREEN_END;
+const char *INFO_BEGIN = CYAN_BEGIN;
+const char *INFO_END = CYAN_END;
+const char *ERROR_BEGIN = RED_BEGIN;
+const char *ERROR_END = RED_END;
+const char *WARNING_BEGIN = BOLD_GOLD_BEGIN;
+const char *WARNING_END = BOLD_GOLD_END;
+const char *PEDANTIC_BEGIN = PURPLE_BEGIN;
+const char *PEDANTIC_END = PURPLE_END;
+
+std::string GetFormattedTime()
+{
+ timeval tv;
+ tm localNowTime;
+
+ gettimeofday(&tv, nullptr);
+ localtime_r(&tv.tv_sec, &localNowTime);
+
+ char format[64];
+ snprintf(format,
+ sizeof(format),
+ "%02i:%02i:%02i.%03i",
+ localNowTime.tm_hour,
+ localNowTime.tm_min,
+ localNowTime.tm_sec,
+ static_cast<int>(tv.tv_usec / 1000));
+ return format;
+}
+} // namespace anonymous
+
+std::string OldStyleLogProvider::FormatMessage(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ std::ostringstream val;
+
+ val << std::string("[") << GetFormattedTime() << std::string("] [") <<
+ static_cast<unsigned long>(pthread_self()) << "/" <<
+ static_cast<int>(getpid()) << std::string("] [") <<
+ LocateSourceFileName(filename) << std::string(":") << line <<
+ std::string("] ") << function << std::string("(): ") << message;
+
+ return val.str();
+}
+
+OldStyleLogProvider::OldStyleLogProvider(bool showDebug,
+ bool showInfo,
+ bool showWarning,
+ bool showError,
+ bool showPedantic) :
+ m_showDebug(showDebug),
+ m_showInfo(showInfo),
+ m_showWarning(showWarning),
+ m_showError(showError),
+ m_showPedantic(showPedantic),
+ m_printStdErr(false)
+{}
+
+OldStyleLogProvider::OldStyleLogProvider(bool showDebug,
+ bool showInfo,
+ bool showWarning,
+ bool showError,
+ bool showPedantic,
+ bool printStdErr) :
+ m_showDebug(showDebug),
+ m_showInfo(showInfo),
+ m_showWarning(showWarning),
+ m_showError(showError),
+ m_showPedantic(showPedantic),
+ m_printStdErr(printStdErr)
+{}
+
+void OldStyleLogProvider::Debug(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ if (m_showDebug) {
+ if (m_printStdErr) {
+ fprintf(stderr, "%s%s%s\n", DEBUG_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), DEBUG_END);
+ } else {
+ fprintf(stdout, "%s%s%s\n", DEBUG_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), DEBUG_END);
+ }
+ }
+}
+
+void OldStyleLogProvider::Info(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ if (m_showInfo) {
+ if (m_printStdErr) {
+ fprintf(stderr, "%s%s%s\n", INFO_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), INFO_END);
+ } else {
+ fprintf(stdout, "%s%s%s\n", INFO_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), INFO_END);
+ }
+ }
+}
+
+void OldStyleLogProvider::Warning(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ if (m_showWarning) {
+ if (m_printStdErr) {
+ fprintf(stderr, "%s%s%s\n", WARNING_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), WARNING_END);
+ } else {
+ fprintf(stdout, "%s%s%s\n", WARNING_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), WARNING_END);
+ }
+ }
+}
+
+void OldStyleLogProvider::Error(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ if (m_showError) {
+ if (m_printStdErr) {
+ fprintf(stderr, "%s%s%s\n", ERROR_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), ERROR_END);
+ } else {
+ fprintf(stdout, "%s%s%s\n", ERROR_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), ERROR_END);
+ }
+ }
+}
+
+void OldStyleLogProvider::Pedantic(const char *message,
+ const char *filename,
+ int line,
+ const char *function)
+{
+ if (m_showPedantic) {
+ if (m_printStdErr) {
+ fprintf(stderr, "%s%s%s\n", PEDANTIC_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), PEDANTIC_END);
+ } else {
+ fprintf(stdout, "%s%s%s\n", PEDANTIC_BEGIN,
+ FormatMessage(message, filename, line,
+ function).c_str(), PEDANTIC_END);
+ }
+ }
+}
+}
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file singleton.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of singleton
+ */
+#include <stddef.h>
+#include <dpl/singleton.h>
+
+//
+// Note:
+//
+// The file here is left blank to enable precompilation
+// of templates in corresponding header file.
+// Do not remove this file.
+//
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief Implementation file some concrete TestResulstsCollector
+ */
+#include <dpl/test/statistic.h>
+#include <dpl/test/test_results_collector.h>
+#include <dpl/test/test_results_collector_console.h>
+#include <dpl/test/test_results_collector_html.h>
+#include <dpl/test/test_results_collector_summary.h>
+#include <dpl/test/test_results_collector_xml.h>
+
+namespace DPL {
+namespace Test {
+
+void TestResultsCollectorBase::RegisterCollectorConstructor(
+ const std::string& name,
+ TestResultsCollectorBase::CollectorConstructorFunc func)
+{
+ Assert(m_constructorsMap.find(name) == m_constructorsMap.end());
+ m_constructorsMap[name] = func;
+}
+
+TestResultsCollectorBase* TestResultsCollectorBase::Create(
+ const std::string& name)
+{
+ ConstructorsMap::iterator found = m_constructorsMap.find(name);
+ if (found != m_constructorsMap.end()) {
+ return found->second();
+ } else {
+ return nullptr;
+ }
+}
+
+std::vector<std::string> TestResultsCollectorBase::GetCollectorsNames()
+{
+ std::vector<std::string> list;
+ for (auto &constructor : m_constructorsMap)
+ {
+ list.push_back(constructor.first);
+ }
+ return list;
+}
+
+TestResultsCollectorBase::ConstructorsMap TestResultsCollectorBase::
+ m_constructorsMap;
+
+namespace {
+static int RegisterCollectorConstructors();
+static const int RegisterHelperVariable = RegisterCollectorConstructors();
+int RegisterCollectorConstructors()
+{
+ (void)RegisterHelperVariable;
+
+ TestResultsCollectorBase::RegisterCollectorConstructor(
+ "text",
+ &ConsoleCollector::Constructor);
+ TestResultsCollectorBase::RegisterCollectorConstructor(
+ "html",
+ &HtmlCollector::Constructor);
+ TestResultsCollectorBase::RegisterCollectorConstructor(
+ "summary",
+ &SummaryCollector::Constructor);
+ TestResultsCollectorBase::RegisterCollectorConstructor(
+ "xml",
+ &XmlCollector::Constructor);
+
+ return 0;
+}
+}
+}
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector_commons.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief Source file containing definitions of collectors common
+ * functions
+ */
+
+#include "dpl/test/test_results_collector_commons.h"
+
+namespace DPL {
+namespace Test {
+
+double get_milliseconds (const std::chrono::system_clock::duration& performanceTime)
+{
+ return (static_cast<double>(std::chrono::duration_cast<std::chrono::microseconds>
+ (performanceTime).count()))/1000.0;
+}
+
+bool ParseCollectorFileArg(const std::string &arg, std::string &filename)
+{
+ const std::string argname = "--file=";
+ if (arg.find(argname) == 0 ) {
+ filename = arg.substr(argname.size());
+ return true;
+ }
+ return false;
+}
+
+} // namespace Test
+} // namespace DPL
+
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector_console.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief Source file containing ConsoleCollector class definition
+ */
+
+#include <fstream>
+#include <sstream>
+
+#include <dpl/assert.h>
+#include <dpl/colors.h>
+#include <dpl/test/test_results_collector_commons.h>
+
+#include "dpl/test/test_results_collector_console.h"
+
+namespace DPL {
+namespace Test {
+
+ConsoleCollector::ConsoleCollector()
+{
+}
+
+TestResultsCollectorBase* ConsoleCollector::Constructor()
+{
+ return new ConsoleCollector();
+}
+
+void ConsoleCollector::CollectCurrentTestGroupName(const std::string& name)
+{
+ printf("Starting group %s\n", name.c_str());
+ m_currentGroup = name;
+}
+
+void ConsoleCollector::Finish()
+{
+ using namespace DPL::Colors::Text;
+
+ // Show result
+ for (auto &group : m_groupsStats) {
+ PrintStats(group.first, group.second);
+ }
+ PrintStats("All tests together", m_stats);
+}
+
+void ConsoleCollector::CollectResult(const std::string& id,
+ const FailStatus status,
+ const std::string& reason,
+ const bool& isPerformanceTest,
+ const std::chrono::system_clock::duration& performanceTime,
+ const std::chrono::system_clock::duration& performanceMaxTime)
+{
+ using namespace DPL::Colors::Text;
+ std::string tmp = "'" + id + "' ...";
+
+ printf("Running test case %-60s", tmp.c_str());
+ switch (status) {
+ case FailStatus::NONE:
+ if (isPerformanceTest) {
+ if (performanceMaxTime <= std::chrono::microseconds::zero()) {
+ printf(GREEN_RESULT_OK_TIME,
+ get_milliseconds(performanceTime));
+ break;
+ }
+ else {
+ if (performanceTime > performanceMaxTime)
+ printf(GREEN_RESULT_OK_TIME_TOO_LONG(
+ get_milliseconds(performanceTime),
+ get_milliseconds(performanceMaxTime)));
+ else
+ printf(GREEN_RESULT_OK_TIME_MAX(
+ get_milliseconds(performanceTime),
+ get_milliseconds(performanceMaxTime)));
+ break;
+ }
+ }
+ printf(GREEN_RESULT_OK);
+ break;
+ case FailStatus::FAILED:
+ PrintfErrorMessage(" FAILED ", reason, true);
+ break;
+ case FailStatus::IGNORED:
+ PrintfIgnoredMessage("Ignored ", reason, true);
+ break;
+ default:
+ Assert(false && "Bad status");
+ }
+ m_stats.AddTest(status);
+ m_groupsStats[m_currentGroup].AddTest(status);
+}
+
+void ConsoleCollector::PrintfErrorMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+{
+ using namespace DPL::Colors::Text;
+ if (verbosity) {
+ printf("[%s%s%s] %s%s%s\n",
+ BOLD_RED_BEGIN,
+ type,
+ BOLD_RED_END,
+ BOLD_YELLOW_BEGIN,
+ message.c_str(),
+ BOLD_YELLOW_END);
+ } else {
+ printf("[%s%s%s]\n",
+ BOLD_RED_BEGIN,
+ type,
+ BOLD_RED_END);
+ }
+}
+
+void ConsoleCollector::PrintfIgnoredMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+{
+ using namespace DPL::Colors::Text;
+ if (verbosity) {
+ printf("[%s%s%s] %s%s%s\n",
+ CYAN_BEGIN,
+ type,
+ CYAN_END,
+ BOLD_GOLD_BEGIN,
+ message.c_str(),
+ BOLD_GOLD_END);
+ } else {
+ printf("[%s%s%s]\n",
+ CYAN_BEGIN,
+ type,
+ CYAN_END);
+ }
+}
+
+void ConsoleCollector::PrintStats(const std::string& title, const Statistic& stats)
+{
+ using namespace DPL::Colors::Text;
+ printf("\n%sResults [%s]: %s\n", BOLD_GREEN_BEGIN,
+ title.c_str(), BOLD_GREEN_END);
+ printf("%s%s%3zu%s\n",
+ CYAN_BEGIN,
+ "Total tests: ",
+ stats.GetTotal(),
+ CYAN_END);
+ printf(" %s%s%3zu%s\n",
+ CYAN_BEGIN,
+ "Succeeded: ",
+ stats.GetPassed(),
+ CYAN_END);
+ printf(" %s%s%3zu%s\n",
+ CYAN_BEGIN,
+ "Failed: ",
+ stats.GetFailed(),
+ CYAN_END);
+ printf(" %s%s%3zu%s\n",
+ CYAN_BEGIN,
+ "Ignored: ",
+ stats.GetIgnored(),
+ CYAN_END);
+}
+
+} // namespace Test
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector_html.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief Source file containing HtmlCollector class definition
+ */
+
+#include <cstdio>
+
+#include <dpl/assert.h>
+#include <dpl/colors.h>
+#include <dpl/test/test_results_collector_commons.h>
+
+#include "dpl/test/test_results_collector_html.h"
+
+namespace DPL {
+namespace Test {
+
+namespace {
+
+const char *DEFAULT_HTML_FILE_NAME = "index.html";
+
+}
+
+HtmlCollector::HtmlCollector()
+ : m_filename(DEFAULT_HTML_FILE_NAME)
+{
+}
+
+TestResultsCollectorBase* HtmlCollector::Constructor()
+{
+ return new HtmlCollector();
+}
+
+void HtmlCollector::CollectCurrentTestGroupName(const std::string& name)
+{
+ fprintf(m_fp.Get(), "<b>Starting group %s", name.c_str());
+ m_currentGroup = name;
+}
+
+bool HtmlCollector::Configure()
+{
+ m_fp.Reset(fopen(m_filename.c_str(), "w"));
+ if (!m_fp) {
+ LogPedantic("Could not open file " << m_filename << " for writing");
+ return false;
+ }
+ return true;
+}
+
+std::string HtmlCollector::CollectorSpecificHelp() const
+{
+ return "--file=<filename> - name of file for output\n"
+ " default - index.html\n";
+}
+
+void HtmlCollector::Start()
+{
+ Assert(!!m_fp && "File handle must not be null");
+ fprintf(m_fp.Get(),
+ "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0"
+ "Transitional//EN\" "
+ "\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\""
+ ">\n");
+ fprintf(m_fp.Get(),
+ "<html xmlns=\"http://www.w3.org/1999/xhtml\" "
+ "lang=\"en\" dir=\"ltr\">\n");
+ fprintf(m_fp.Get(), "<body style=\"background-color: black;\">\n");
+ fprintf(m_fp.Get(), "<pre>\n");
+ fprintf(m_fp.Get(), "<font color=\"white\">\n");
+}
+
+void HtmlCollector::Finish()
+{
+ using namespace DPL::Colors::Html;
+ // Show result
+ for (auto &group : m_groupsStats) {
+ PrintStats(group.first, group.second);
+ }
+ PrintStats("All tests together", m_stats);
+ fprintf(m_fp.Get(), "</font>\n");
+ fprintf(m_fp.Get(), "</pre>\n");
+ fprintf(m_fp.Get(), "</body>\n");
+ fprintf(m_fp.Get(), "</html>\n");
+}
+
+bool HtmlCollector::ParseCollectorSpecificArg(const std::string& arg)
+{
+ return ParseCollectorFileArg(arg, m_filename);
+}
+
+void HtmlCollector::CollectResult(const std::string& id,
+ const FailStatus status,
+ const std::string& reason,
+ const bool& isPerformanceTest,
+ const std::chrono::system_clock::duration& performanceTime,
+ const std::chrono::system_clock::duration& performanceMaxTime)
+{
+ using namespace DPL::Colors::Html;
+ std::string tmp = "'" + id + "' ...";
+
+ fprintf(m_fp.Get(), "Running test case %-100s", tmp.c_str());
+ switch (status) {
+ case FailStatus::NONE:
+ if (isPerformanceTest) {
+ if (performanceMaxTime <= std::chrono::microseconds::zero()) {
+ fprintf(m_fp.Get(), GREEN_RESULT_OK_TIME,
+ get_milliseconds(performanceTime));
+ break;
+ } else {
+ if (performanceTime > performanceMaxTime)
+ fprintf(m_fp.Get(), GREEN_RESULT_OK_TIME_TOO_LONG(
+ get_milliseconds(performanceTime),
+ get_milliseconds(performanceMaxTime)));
+ else
+ fprintf(m_fp.Get(), GREEN_RESULT_OK_TIME_MAX(
+ get_milliseconds(performanceTime),
+ get_milliseconds(performanceMaxTime)));
+ break;
+ }
+ }
+ fprintf(m_fp.Get(), GREEN_RESULT_OK);
+ break;
+ case FailStatus::FAILED:
+ PrintfErrorMessage(" FAILED ", reason, true);
+ break;
+ case FailStatus::IGNORED:
+ PrintfIgnoredMessage("Ignored ", reason, true);
+ break;
+ default:
+ Assert(false && "Bad status");
+ }
+ m_groupsStats[m_currentGroup].AddTest(status);
+ m_stats.AddTest(status);
+}
+
+void HtmlCollector::PrintfErrorMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+{
+ using namespace DPL::Colors::Html;
+ if (verbosity) {
+ fprintf(m_fp.Get(),
+ "[%s%s%s] %s%s%s\n",
+ BOLD_RED_BEGIN,
+ type,
+ BOLD_RED_END,
+ BOLD_YELLOW_BEGIN,
+ message.c_str(),
+ BOLD_YELLOW_END);
+ } else {
+ fprintf(m_fp.Get(),
+ "[%s%s%s]\n",
+ BOLD_RED_BEGIN,
+ type,
+ BOLD_RED_END);
+ }
+}
+
+void HtmlCollector::PrintfIgnoredMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+{
+ using namespace DPL::Colors::Html;
+
+ if (verbosity) {
+ fprintf(m_fp.Get(),
+ "[%s%s%s] %s%s%s\n",
+ CYAN_BEGIN,
+ type,
+ CYAN_END,
+ BOLD_GOLD_BEGIN,
+ message.c_str(),
+ BOLD_GOLD_END);
+ } else {
+ fprintf(m_fp.Get(),
+ "[%s%s%s]\n",
+ CYAN_BEGIN,
+ type,
+ CYAN_END);
+ }
+}
+
+void HtmlCollector::PrintStats(const std::string& name, const Statistic& stats)
+{
+ using namespace DPL::Colors::Html;
+ fprintf(
+ m_fp.Get(), "\n%sResults [%s]:%s\n", BOLD_GREEN_BEGIN,
+ name.c_str(), BOLD_GREEN_END);
+ fprintf(
+ m_fp.Get(), "%s%s%3zu%s\n", CYAN_BEGIN,
+ "Total tests: ", stats.GetTotal(), CYAN_END);
+ fprintf(
+ m_fp.Get(), " %s%s%3zu%s\n", CYAN_BEGIN,
+ "Succeeded: ", stats.GetPassed(), CYAN_END);
+ fprintf(
+ m_fp.Get(), " %s%s%3zu%s\n", CYAN_BEGIN,
+ "Failed: ", stats.GetFailed(), CYAN_END);
+ fprintf(
+ m_fp.Get(), " %s%s%3zu%s\n", CYAN_BEGIN,
+ "Ignored: ", stats.GetIgnored(), CYAN_END);
+}
+
+} // namespace Test
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector_summary.cpp
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @author Michal Witanowski (m.witanowski@samsung.com)
+ * @version 1.0
+ * @brief Source file containing SummaryCollector class definition.
+ */
+
+#include <dpl/availability.h>
+#include <dpl/log/log.h>
+#include <dpl/test/test_results_collector_commons.h>
+
+#include "dpl/test/test_results_collector_summary.h"
+
+namespace DPL {
+namespace Test {
+
+namespace {
+
+const std::string DEFAULT_SUMMARY_FILE_NAME = "summary.txt";
+
+}
+
+SummaryCollector::SummaryCollector()
+ : m_filename(DEFAULT_SUMMARY_FILE_NAME)
+{
+}
+
+TestResultsCollectorBase* SummaryCollector::Constructor()
+{
+ return new SummaryCollector();
+}
+
+std::string SummaryCollector::CollectorSpecificHelp() const
+{
+ return "--file=<filename> - name of file for output\n"
+ " default - " + DEFAULT_SUMMARY_FILE_NAME + "\n";
+}
+
+bool SummaryCollector::ParseCollectorSpecificArg(const std::string& arg)
+{
+ return ParseCollectorFileArg(arg, m_filename);
+}
+
+void SummaryCollector::Start()
+{
+ writeStats(true);
+}
+
+void SummaryCollector::CollectResult(const std::string& id,
+ const FailStatus status,
+ const std::string& reason,
+ const bool& isPerformanceTest,
+ const std::chrono::system_clock::duration& performanceTime,
+ const std::chrono::system_clock::duration& performanceMaxTime)
+{
+ DPL_UNUSED_PARAM(id);
+ DPL_UNUSED_PARAM(reason);
+ DPL_UNUSED_PARAM(isPerformanceTest);
+ DPL_UNUSED_PARAM(performanceTime);
+ DPL_UNUSED_PARAM(performanceMaxTime);
+
+ m_stats.AddTest(status);
+ writeStats(true);
+}
+
+void SummaryCollector::Finish()
+{
+ writeStats(false);
+}
+
+void SummaryCollector::writeStats(bool segfault)
+{
+ m_output.open(m_filename.c_str(), std::ofstream::out | std::ofstream::trunc);
+ if (!m_output) {
+ LogPedantic("Could not open file " << m_filename << " for writing");
+ return;
+ }
+ m_output << m_stats.GetTotal() << ' '
+ << m_stats.GetPassed() << ' '
+ << m_stats.GetFailed() << ' '
+ << m_stats.GetIgnored() << (segfault ? " segfault" : "");
+ if (!m_output)
+ LogPedantic("Writing to " << m_filename << " file failed");
+ m_output.close();
+ if (!m_output)
+ LogPedantic("Failed to close " << m_filename << " file");
+}
+
+} // namespace Test
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_results_collector_xml.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief Source file containing XmlCollector class definition
+ */
+
+#include <cerrno>
+#include <cstdio>
+#include <cstring>
+#include <sstream>
+
+#include <dpl/assert.h>
+#include <dpl/exception.h>
+#include <dpl/test/test_results_collector_commons.h>
+
+#include "dpl/test/test_results_collector_xml.h"
+
+namespace DPL {
+namespace Test {
+
+namespace {
+
+const char *DEFAULT_XML_FILE_NAME = "results.xml";
+
+}
+
+XmlCollector::XmlCollector()
+ : m_filename(DEFAULT_XML_FILE_NAME)
+{
+}
+
+TestResultsCollectorBase* XmlCollector::Constructor()
+{
+ return new XmlCollector();
+}
+
+void XmlCollector::CollectCurrentTestGroupName(const std::string& name)
+{
+ std::size_t pos = GetCurrentGroupPosition();
+ if (std::string::npos != pos) {
+ GroupFinish(pos);
+ FlushOutput();
+ m_stats = Statistic();
+ }
+
+ pos = m_outputBuffer.find("</testsuites>");
+ if (std::string::npos == pos) {
+ ThrowMsg(DPL::Exception, "Could not find test suites closing tag");
+ }
+ GroupStart(pos, name);
+}
+
+void XmlCollector::GroupStart(const std::size_t pos, const std::string& name)
+{
+ std::stringstream groupHeader;
+ groupHeader << "\n\t<testsuite";
+ groupHeader << " name=\"" << EscapeSpecialCharacters(name) << "\"";
+ groupHeader << R"( tests="1")"; // include SegFault
+ groupHeader << R"( failures="1")"; // include SegFault
+ groupHeader << R"( skipped="0")";
+ groupHeader << ">";
+
+ groupHeader << "\n\t\t<testcase name=\"unknown\" status=\"FAILED\">";
+ groupHeader <<
+ "\n\t\t\t<failure type=\"FAILED\" message=\"segmentation fault\"/>";
+ groupHeader << "\n\t\t</testcase>";
+
+ groupHeader << "\n\t</testsuite>";
+
+ m_outputBuffer.insert(pos - 1, groupHeader.str());
+}
+
+bool XmlCollector::Configure()
+{
+ m_fp.Reset(fopen(m_filename.c_str(), "w"));
+ if (!m_fp) {
+ LogPedantic("Could not open file " << m_filename << " for writing");
+ return false;
+ }
+ return true;
+}
+
+std::string XmlCollector::CollectorSpecificHelp() const
+{
+ return "--file=<filename> - name of file for output\n"
+ " default - results.xml\n";
+}
+
+void XmlCollector::Start()
+{
+ Assert(!!m_fp && "File handle must not be null");
+ m_outputBuffer.append("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n");
+ m_outputBuffer.append("<testsuites>\n</testsuites>");
+ FlushOutput();
+}
+
+void XmlCollector::Finish()
+{
+ std::size_t pos = GetCurrentGroupPosition();
+ if (std::string::npos != pos) {
+ GroupFinish(pos);
+ FlushOutput();
+ }
+}
+
+bool XmlCollector::ParseCollectorSpecificArg(const std::string& arg)
+{
+ return ParseCollectorFileArg(arg, m_filename);
+}
+
+void XmlCollector::CollectResult(const std::string& id,
+ const FailStatus status,
+ const std::string& reason,
+ const bool& isPerformanceTest,
+ const std::chrono::system_clock::duration& performanceTime,
+ const std::chrono::system_clock::duration& performanceMaxTime)
+{
+ m_resultBuffer.erase();
+ m_resultBuffer.append("\t\t<testcase name=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(id));
+ m_resultBuffer.append("\"");
+ switch (status) {
+ case FailStatus::NONE:
+ if (isPerformanceTest) {
+ if (performanceMaxTime <= std::chrono::microseconds::zero()) {
+ m_resultBuffer.append(" status=\"OK\" time=\"");
+ std::ostringstream ostr;
+ ostr << performanceTime.count();
+ m_resultBuffer.append(ostr.str());
+ m_resultBuffer.append("\"/>\n");
+ break;
+ } else {
+ m_resultBuffer.append(" status=\"OK\" time=\"");
+ std::ostringstream ostr;
+ ostr << performanceTime.count();
+ m_resultBuffer.append(ostr.str());
+ m_resultBuffer.append("\" time_expected=\"");
+ ostr.str("");
+ ostr << performanceMaxTime.count();
+ m_resultBuffer.append(ostr.str());
+ m_resultBuffer.append("\"/>\n");
+ break;
+ }
+ }
+ m_resultBuffer.append(" status=\"OK\"/>\n");
+ break;
+ case FailStatus::FAILED:
+ m_resultBuffer.append(" status=\"FAILED\">\n");
+ PrintfErrorMessage("FAILED", EscapeSpecialCharacters(reason), true);
+ m_resultBuffer.append("\t\t</testcase>\n");
+ break;
+ case FailStatus::IGNORED:
+ m_resultBuffer.append(" status=\"Ignored\">\n");
+ PrintfIgnoredMessage("Ignored", EscapeSpecialCharacters(
+ reason), true);
+ m_resultBuffer.append("\t\t</testcase>\n");
+ break;
+ default:
+ Assert(false && "Bad status");
+ }
+ std::size_t group_pos = GetCurrentGroupPosition();
+ if (std::string::npos == group_pos) {
+ ThrowMsg(DPL::Exception, "No current group set");
+ }
+
+ std::size_t last_case_pos = m_outputBuffer.find(
+ "<testcase name=\"unknown\"",
+ group_pos);
+ if (std::string::npos == last_case_pos) {
+ ThrowMsg(DPL::Exception, "Could not find SegFault test case");
+ }
+ m_outputBuffer.insert(last_case_pos - 2, m_resultBuffer);
+
+ m_stats.AddTest(status);
+
+ UpdateGroupHeader(group_pos,
+ m_stats.GetTotal() + 1, // include SegFault
+ m_stats.GetFailed() + 1, // include SegFault
+ m_stats.GetIgnored());
+ FlushOutput();
+}
+
+std::size_t XmlCollector::GetCurrentGroupPosition() const
+{
+ return m_outputBuffer.rfind("<testsuite ");
+}
+
+void XmlCollector::UpdateGroupHeader(const std::size_t groupPosition,
+ const unsigned int tests,
+ const unsigned int failures,
+ const unsigned int skipped)
+{
+ UpdateElementAttribute(groupPosition, "tests", UIntToString(tests));
+ UpdateElementAttribute(groupPosition, "failures", UIntToString(failures));
+ UpdateElementAttribute(groupPosition, "skipped", UIntToString(skipped));
+}
+
+void XmlCollector::UpdateElementAttribute(const std::size_t elementPosition,
+ const std::string& name,
+ const std::string& value)
+{
+ std::string pattern = name + "=\"";
+
+ std::size_t start = m_outputBuffer.find(pattern, elementPosition);
+ if (std::string::npos == start) {
+ ThrowMsg(DPL::Exception,
+ "Could not find attribute " << name << " beginning");
+ }
+
+ std::size_t end = m_outputBuffer.find("\"", start + pattern.length());
+ if (std::string::npos == end) {
+ ThrowMsg(DPL::Exception,
+ "Could not find attribute " << name << " end");
+ }
+
+ m_outputBuffer.replace(start + pattern.length(),
+ end - start - pattern.length(),
+ value);
+}
+
+std::string XmlCollector::UIntToString(const unsigned int value)
+{
+ std::stringstream result;
+ result << value;
+ return result.str();
+}
+
+void XmlCollector::GroupFinish(const std::size_t groupPosition)
+{
+ std::size_t segFaultStart =
+ m_outputBuffer.find("<testcase name=\"unknown\"", groupPosition);
+ if (std::string::npos == segFaultStart) {
+ ThrowMsg(DPL::Exception,
+ "Could not find SegFault test case start position");
+ }
+ segFaultStart -= 2; // to erase tabs
+
+ std::string closeTag = "</testcase>";
+ std::size_t segFaultEnd = m_outputBuffer.find(closeTag, segFaultStart);
+ if (std::string::npos == segFaultEnd) {
+ ThrowMsg(DPL::Exception,
+ "Could not find SegFault test case end position");
+ }
+ segFaultEnd += closeTag.length() + 1; // to erase new line
+
+ m_outputBuffer.erase(segFaultStart, segFaultEnd - segFaultStart);
+
+ UpdateGroupHeader(groupPosition,
+ m_stats.GetTotal(),
+ m_stats.GetFailed(),
+ m_stats.GetIgnored());
+}
+
+void XmlCollector::FlushOutput()
+{
+ int fd = fileno(m_fp.Get());
+ if (-1 == fd) {
+ const char* errStr = strerror(errno);
+ ThrowMsg(DPL::Exception, errStr);
+ }
+
+ if (-1 == TEMP_FAILURE_RETRY(ftruncate(fd, 0L))) {
+ const char* errStr = strerror(errno);
+ ThrowMsg(DPL::Exception, errStr);
+ }
+
+ if (-1 == TEMP_FAILURE_RETRY(fseek(m_fp.Get(), 0L, SEEK_SET))) {
+ const char* errStr = strerror(errno);
+ ThrowMsg(DPL::Exception, errStr);
+ }
+
+ if (m_outputBuffer.size() !=
+ fwrite(m_outputBuffer.c_str(), 1, m_outputBuffer.size(),
+ m_fp.Get()))
+ {
+ const char* errStr = strerror(errno);
+ ThrowMsg(DPL::Exception, errStr);
+ }
+
+ if (-1 == TEMP_FAILURE_RETRY(fflush(m_fp.Get()))) {
+ const char* errStr = strerror(errno);
+ ThrowMsg(DPL::Exception, errStr);
+ }
+}
+
+void XmlCollector::PrintfErrorMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+{
+ if (verbosity) {
+ m_resultBuffer.append("\t\t\t<failure type=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(type));
+ m_resultBuffer.append("\" message=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(message));
+ m_resultBuffer.append("\"/>\n");
+ } else {
+ m_resultBuffer.append("\t\t\t<failure type=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(type));
+ m_resultBuffer.append("\"/>\n");
+ }
+}
+
+void XmlCollector::PrintfIgnoredMessage(const char* type,
+ const std::string& message,
+ bool verbosity)
+{
+ if (verbosity) {
+ m_resultBuffer.append("\t\t\t<skipped type=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(type));
+ m_resultBuffer.append("\" message=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(message));
+ m_resultBuffer.append("\"/>\n");
+ } else {
+ m_resultBuffer.append("\t\t\t<skipped type=\"");
+ m_resultBuffer.append(EscapeSpecialCharacters(type));
+ m_resultBuffer.append("\"/>\n");
+ }
+}
+
+std::string XmlCollector::EscapeSpecialCharacters(std::string s)
+{
+ for (unsigned int i = 0; i < s.size();) {
+ switch (s[i]) {
+ case '"':
+ s.erase(i, 1);
+ s.insert(i, """);
+ i += 6;
+ break;
+
+ case '&':
+ s.erase(i, 1);
+ s.insert(i, "&");
+ i += 5;
+ break;
+
+ case '<':
+ s.erase(i, 1);
+ s.insert(i, "<");
+ i += 4;
+ break;
+
+ case '>':
+ s.erase(i, 1);
+ s.insert(i, ">");
+ i += 4;
+ break;
+
+ case '\'':
+ s.erase(i, 1);
+ s.insert(i, "'");
+ i += 5;
+ break;
+ default:
+ ++i;
+ break;
+ }
+ }
+ return s;
+}
+
+} // namespace Test
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of test runner
+ */
+#include <stddef.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_results_collector.h>
+#include <dpl/exception.h>
+#include <dpl/scoped_free.h>
+#include <dpl/log/log.h>
+#include <dpl/colors.h>
+#include <pcrecpp.h>
+#include <algorithm>
+#include <cstdio>
+#include <memory.h>
+#include <libgen.h>
+#include <cstring>
+#include <cstdlib>
+
+#include <libxml/xpath.h>
+#include <libxml/xpathInternals.h>
+#include <libxml/parser.h>
+#include <libxml/tree.h>
+
+#include <dpl/singleton_impl.h>
+IMPLEMENT_SINGLETON(DPL::Test::TestRunner)
+
+namespace {
+
+std::string getXMLNode(xmlNodePtr node)
+{
+ std::string ret;
+ xmlChar * value = xmlNodeGetContent(node);
+ ret = std::string(reinterpret_cast<char*>(value));
+ xmlFree(value);
+ return ret;
+}
+
+}
+
+
+namespace DPL {
+namespace Test {
+namespace // anonymous
+{
+std::string BaseName(std::string aPath)
+{
+ ScopedFree<char> path(strdup(aPath.c_str()));
+ if (nullptr == path.Get()) {
+ throw std::bad_alloc();
+ }
+ char* baseName = basename(path.Get());
+ std::string retValue = baseName;
+ return retValue;
+}
+} // namespace anonymous
+
+//! \brief Failed test message creator
+//!
+//! \param[in] aTest string for tested expression
+//! \param[in] aFile source file name
+//! \param[in] aLine source file line
+//! \param[in] aMessage error message
+TestRunner::TestFailed::TestFailed(const char* aTest,
+ const char* aFile,
+ int aLine,
+ const std::string &aMessage)
+{
+ std::ostringstream assertMsg;
+ assertMsg << "[" << BaseName(aFile) << ":" << aLine
+ << "] Assertion failed ("
+ << aTest << ") " << aMessage;
+ m_message = assertMsg.str();
+}
+
+TestRunner::TestFailed::TestFailed(const std::string &message)
+{
+ m_message = message;
+}
+
+void TestRunner::RegisterTest(const char *testName, TestCase proc)
+{
+ m_testGroups[m_currentGroup].push_back(TestCaseStruct(testName, proc));
+}
+
+void TestRunner::InitGroup(const char* name)
+{
+ m_currentGroup = name;
+}
+
+void TestRunner::normalizeXMLTag(std::string& str, const std::string& testcase)
+{
+ //Add testcase if missing
+ std::string::size_type pos = str.find(testcase);
+ if(pos != 0)
+ {
+ str = testcase + "_" + str;
+ }
+
+ //dpl test runner cannot have '-' character in name so it have to be replaced
+ // for TCT case to make comparision works
+ std::replace(str.begin(), str.end(), '-', '_');
+}
+
+bool TestRunner::filterGroupsByXmls(const std::vector<std::string> & files)
+{
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, XMLError)
+
+ const std::string idPath = "/test_definition/suite/set/testcase/@id";
+
+ bool success = true;
+ std::map<std::string, bool> casesMap;
+
+ std::string testsuite;
+ if(!m_testGroups.empty())
+ {
+ for(TestCaseGroupMap::const_iterator cit = m_testGroups.begin(); cit != m_testGroups.end(); ++cit)
+ {
+ if(!cit->second.empty())
+ {
+ for(TestCaseStructList::const_iterator cj = cit->second.begin(); cj != cit->second.end(); ++cj)
+ {
+ std::string name = cj->name;
+ std::string::size_type st = name.find('_');
+ if(st != std::string::npos)
+ {
+ name = name.substr(0, st);
+ testsuite = name;
+ break;
+ }
+ }
+ if(!testsuite.empty()) break;
+ }
+ }
+ }
+
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlXPathInit();
+
+ Try
+ {
+ for (const std::string &file : files)
+ {
+ xmlDocPtr doc;
+ xmlXPathContextPtr xpathCtx;
+
+ doc = xmlReadFile(file.c_str(), nullptr, 0);
+ if (doc == nullptr) {
+ ThrowMsg(XMLError, "File Problem");
+ } else {
+ //context
+ xpathCtx = xmlXPathNewContext(doc);
+ if (xpathCtx == nullptr) {
+ ThrowMsg(XMLError,
+ "Error: unable to create new XPath context\n");
+ }
+ xpathCtx->node = xmlDocGetRootElement(doc);
+ }
+
+ std::string result;
+ xmlXPathObjectPtr xpathObject;
+ //get requested node's values
+ xpathObject = xmlXPathEvalExpression(BAD_CAST idPath.c_str(), xpathCtx);
+ if (xpathObject == nullptr)
+ {
+ ThrowMsg(XMLError, "XPath evaluation failure: " << idPath);
+ }
+ xmlNodeSetPtr nodes = xpathObject->nodesetval;
+ unsigned size = (nodes) ? nodes->nodeNr : 0;
+ LogDebug("Found " << size << " nodes matching xpath");
+ for(unsigned i = 0; i < size; ++i)
+ {
+ LogPedantic("Type: " << nodes->nodeTab[i]->type);
+ if (nodes->nodeTab[i]->type == XML_ATTRIBUTE_NODE) {
+ xmlNodePtr curNode = nodes->nodeTab[i];
+ result = getXMLNode(curNode);
+ LogPedantic("Result: " << result);
+ normalizeXMLTag(result, testsuite);
+ casesMap.insert(make_pair(result, false));
+ }
+ }
+ //Cleanup of XPath data
+ xmlXPathFreeObject(xpathObject);
+ xmlXPathFreeContext(xpathCtx);
+ xmlFreeDoc(doc);
+ }
+ }
+ Catch(XMLError)
+ {
+ LogError("Libxml error: " << _rethrown_exception.DumpToString());
+ success = false;
+ }
+ xmlCleanupParser();
+
+ if(!filterByXML(casesMap))
+ {
+ success = false;
+ }
+
+ return success;
+}
+
+bool TestRunner::filterByXML(std::map<std::string, bool> & casesMap)
+{
+ for (auto &group : m_testGroups) {
+ TestCaseStructList newList;
+ for (auto &tc : group.second)
+ {
+ if (casesMap.find(tc.name) != casesMap.end()) {
+ casesMap[tc.name] = true;
+ newList.push_back(tc);
+ }
+ }
+ group.second = newList;
+ }
+ for (auto &cs : casesMap)
+ {
+ if(cs.second == false)
+ {
+ LogError("Cannot find testcase from XML file: " << cs.first);
+ return false;
+ }
+ }
+ return true;
+}
+
+TestRunner::Status TestRunner::RunTestCase(const TestCaseStruct& testCase)
+{
+ setCurrentTestCase(&(const_cast<TestCaseStruct &>(testCase)));
+ try {
+ testCase.proc();
+ } catch (const TestFailed &e) {
+ // Simple test failure
+ CollectResult(testCase.name,
+ TestResultsCollectorBase::FailStatus::FAILED,
+ getConcatedFailReason(e.GetMessage()));
+
+ setCurrentTestCase(nullptr);
+ return FAILED;
+ } catch (const Ignored &e) {
+ if (m_runIgnored) {
+ // Simple test have to be implemented
+ CollectResult(testCase.name,
+ TestResultsCollectorBase::FailStatus::IGNORED,
+ e.GetMessage());
+ }
+
+ setCurrentTestCase(nullptr);
+ return IGNORED;
+ } catch (const std::exception &) {
+ // std exception failure
+ CollectResult(testCase.name,
+ TestResultsCollectorBase::FailStatus::FAILED,
+ "std exception");
+
+ setCurrentTestCase(nullptr);
+ return FAILED;
+ } catch (...) {
+ // Unknown exception failure
+ CollectResult(testCase.name,
+ TestResultsCollectorBase::FailStatus::FAILED,
+ "unknown exception");
+
+ setCurrentTestCase(nullptr);
+ return FAILED;
+ }
+
+ CollectResult(testCase.name,
+ TestResultsCollectorBase::FailStatus::NONE,
+ "",
+ testCase.m_isPerformanceTest,
+ testCase.m_performanceTestDurationTime,
+ testCase.m_performanceMaxTime);
+ setCurrentTestCase(nullptr);
+
+ // Everything OK
+ return PASS;
+}
+
+void TestRunner::RunTests()
+{
+ using namespace DPL::Colors::Text;
+
+ Banner();
+ for (auto &collector : m_collectors) {
+ collector.second->Start();
+ }
+
+ unsigned count = 0;
+ for (auto &group : m_testGroups) {
+ count += group.second.size();
+ }
+ fprintf(stderr, "%sFound %d testcases...%s\n", GREEN_BEGIN, count, GREEN_END);
+ fprintf(stderr, "%s%s%s\n", GREEN_BEGIN, "Running tests...", GREEN_END);
+ for (auto &group : m_testGroups) {
+ TestCaseStructList list = group.second;
+ if (!list.empty()) {
+ for (auto &collector : m_collectors) {
+ collector.second->CollectCurrentTestGroupName(group.first);
+ }
+ list.sort();
+
+ for (TestCaseStructList::const_iterator iterator = list.begin();
+ iterator != list.end();
+ ++iterator)
+ {
+ TestCaseStruct test = *iterator;
+ if (m_startTestId == test.name) {
+ m_startTestId = "";
+ }
+
+ if (m_startTestId.empty()) {
+ RunTestCase(test);
+ }
+ if (m_terminate == true) {
+ // Terminate quietly without any logs
+ return;
+ }
+ }
+ }
+ }
+
+ std::for_each(m_collectors.begin(),
+ m_collectors.end(),
+ [] (const TestResultsCollectors::value_type & collector)
+ {
+ collector.second->Finish();
+ });
+
+ // Finished
+ fprintf(stderr, "%s%s%s\n\n", GREEN_BEGIN, "Finished", GREEN_END);
+}
+
+TestRunner::TestCaseStruct *TestRunner::getCurrentTestCase()
+{
+ return m_currentTestCase;
+}
+
+void TestRunner::setCurrentTestCase(TestCaseStruct* testCase)
+{
+ m_currentTestCase = testCase;
+}
+
+void TestRunner::beginPerformanceTestTime(std::chrono::system_clock::duration maxTimeInMicroseconds)
+{
+ TestCaseStruct* testCase = getCurrentTestCase();
+ if (!testCase)
+ return;
+
+ testCase->m_isPerformanceTest = true;
+ testCase->m_performanceMaxTime = maxTimeInMicroseconds;
+ testCase->m_performanceTestStartTime = std::chrono::system_clock::now();
+
+ // Set result to 0 microseconds. Display 0ms result when end macro is missing.
+ testCase->m_performanceTestDurationTime = std::chrono::microseconds::zero();
+}
+
+void TestRunner::endPerformanceTestTime()
+{
+ TestCaseStruct* testCase = getCurrentTestCase();
+ if (!testCase)
+ return;
+
+ testCase->m_performanceTestDurationTime = std::chrono::system_clock::now() -
+ testCase->m_performanceTestStartTime;
+}
+
+void TestRunner::getCurrentTestCasePerformanceResult(bool& isPerformanceTest,
+ std::chrono::system_clock::duration& result,
+ std::chrono::system_clock::duration& resultMax)
+{
+ TestCaseStruct* testCase = getCurrentTestCase();
+ if (!testCase || !(testCase->m_isPerformanceTest)){
+ isPerformanceTest = false;
+ return;
+ }
+
+ isPerformanceTest = testCase->m_isPerformanceTest;
+ result = testCase->m_performanceTestDurationTime;
+ resultMax = testCase->m_performanceMaxTime;
+}
+
+void TestRunner::setCurrentTestCasePerformanceResult(bool isPerformanceTest,
+ std::chrono::system_clock::duration result,
+ std::chrono::system_clock::duration resultMax)
+{
+ TestCaseStruct* testCase = getCurrentTestCase();
+ if (!testCase)
+ return;
+
+ testCase->m_isPerformanceTest = isPerformanceTest;
+ testCase->m_performanceTestDurationTime = result;
+ testCase->m_performanceMaxTime = resultMax;
+}
+
+void TestRunner::addFailReason(const std::string &reason)
+{
+ m_failReason.push(reason);
+}
+
+std::string TestRunner::getConcatedFailReason(const std::string &reason)
+{
+ std::string ret;
+ while (!m_failReason.empty())
+ {
+ ret += m_failReason.front();
+ m_failReason.pop();
+ }
+ return reason + ret;
+}
+
+void TestRunner::CollectResult(
+ const std::string& id,
+ const TestResultsCollectorBase::FailStatus status,
+ const std::string& reason,
+ const bool& isPerformanceTest,
+ const std::chrono::system_clock::duration& performanceTestDurationTime,
+ const std::chrono::system_clock::duration& performanceMaxTime)
+{
+ std::for_each(m_collectors.begin(),
+ m_collectors.end(),
+ [&](const TestResultsCollectors::value_type & collector)
+ {
+ collector.second->CollectResult(id,
+ status,
+ reason,
+ isPerformanceTest,
+ performanceTestDurationTime,
+ performanceMaxTime);
+ });
+}
+
+void TestRunner::Banner()
+{
+ using namespace DPL::Colors::Text;
+ fprintf(stderr,
+ "%s%s%s\n",
+ BOLD_GREEN_BEGIN,
+ "DPL tests runner",
+ BOLD_GREEN_END);
+ fprintf(stderr,
+ "%s%s%s%s\n\n",
+ GREEN_BEGIN,
+ "Build: ",
+ __TIMESTAMP__,
+ GREEN_END);
+}
+
+void TestRunner::InvalidArgs(const std::string& message)
+{
+ using namespace DPL::Colors::Text;
+ fprintf(stderr,
+ "%s%s%s\n",
+ BOLD_RED_BEGIN,
+ message.c_str(),
+ BOLD_RED_END);
+}
+
+void TestRunner::Usage()
+{
+ fprintf(stderr, "Usage: runner [options]\n\n");
+ fprintf(stderr, "Output type:\n");
+ fprintf(stderr, " --output=<output type> --output=<output type> ...\n");
+ fprintf(stderr, "\n possible output types:\n");
+ for (std::string &type : TestResultsCollectorBase::GetCollectorsNames()) {
+ fprintf(stderr, " --output=%s\n", type.c_str());
+ }
+ fprintf(stderr, "\n example:\n");
+ fprintf(stderr,
+ " test-binary --output=text --output=xml --file=output.xml\n\n");
+ fprintf(stderr, "Other parameters:\n");
+ fprintf(stderr,
+ " --regexp='regexp'\t Only selected tests"
+ " which names match regexp run\n\n");
+ fprintf(stderr, " --start=<test id>\tStart from concrete test id");
+ fprintf(stderr, " --group=<group name>\t Run tests only from one group\n");
+ fprintf(stderr, " --runignored\t Run also ignored tests\n");
+ fprintf(stderr, " --list\t Show a list of Test IDs\n");
+ fprintf(stderr, " --listgroups\t Show a list of Test Group names \n");
+ fprintf(stderr, " --only-from-xml=<xml file>\t Run only testcases specified in XML file \n"
+ " XML name is taken from attribute id=\"part1_part2\" as whole.\n"
+ " If part1 is not found (no _) then it is implicitily "
+ "set according to suite part1 from binary tests\n");
+ fprintf(
+ stderr,
+ " --listingroup=<group name>\t Show a list of Test IDS in one group\n");
+ fprintf(stderr, " --allowchildlogs\t Allow to print logs from child process on screen.\n");
+ fprintf(stderr, " When active child process will be able to print logs on stdout and stderr.\n");
+ fprintf(stderr, " Both descriptors will be closed after test.\n");
+ fprintf(stderr, " --help\t This help\n\n");
+ std::for_each(m_collectors.begin(),
+ m_collectors.end(),
+ [] (const TestResultsCollectors::value_type & collector)
+ {
+ fprintf(stderr,
+ "Output %s has specific args:\n",
+ collector.first.c_str());
+ fprintf(stderr,
+ "%s\n",
+ collector.second->
+ CollectorSpecificHelp().c_str());
+ });
+ fprintf(stderr, "For bug reporting, please write to:\n");
+ fprintf(stderr, "<p.dobrowolsk@samsung.com>\n");
+}
+
+int TestRunner::ExecTestRunner(int argc, char *argv[])
+{
+ std::vector<std::string> args;
+ for (int i = 0; i < argc; ++i) {
+ args.push_back(argv[i]);
+ }
+ return ExecTestRunner(args);
+}
+
+void TestRunner::MarkAssertion()
+{
+ ++m_totalAssertions;
+}
+
+int TestRunner::ExecTestRunner(ArgsList args)
+{
+ m_runIgnored = false;
+ // Parse command line
+
+ args.erase(args.begin());
+
+ bool showHelp = false;
+ bool justList = false;
+ std::vector<std::string> xmlFiles;
+
+ TestResultsCollectorBasePtr currentCollector;
+
+ // Parse each argument
+ for(std::string &arg : args)
+ {
+ const std::string regexp = "--regexp=";
+ const std::string output = "--output=";
+ const std::string groupId = "--group=";
+ const std::string runIgnored = "--runignored";
+ const std::string listCmd = "--list";
+ const std::string startCmd = "--start=";
+ const std::string listGroupsCmd = "--listgroups";
+ const std::string listInGroup = "--listingroup=";
+ const std::string allowChildLogs = "--allowchildlogs";
+ const std::string onlyFromXML = "--only-from-xml=";
+
+ if (currentCollector) {
+ if (currentCollector->ParseCollectorSpecificArg(arg)) {
+ continue;
+ }
+ }
+
+ if (arg.find(startCmd) == 0) {
+ arg.erase(0, startCmd.length());
+ for (auto &group : m_testGroups) {
+ for (auto &tc : group.second) {
+ if (tc.name == arg) {
+ m_startTestId = arg;
+ break;
+ }
+ }
+ if (!m_startTestId.empty()) {
+ break;
+ }
+ }
+ if (!m_startTestId.empty()) {
+ continue;
+ }
+ InvalidArgs();
+ fprintf(stderr, "Start test id has not been found\n");
+ Usage();
+ return 0;
+ } else if (arg.find(groupId) == 0) {
+ arg.erase(0, groupId.length());
+ TestCaseGroupMap::iterator found = m_testGroups.find(arg);
+ if (found != m_testGroups.end()) {
+ std::string name = found->first;
+ TestCaseStructList newList = found->second;
+ m_testGroups.clear();
+ m_testGroups[name] = newList;
+ } else {
+ fprintf(stderr, "Group %s not found\n", arg.c_str());
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+ } else if (arg == runIgnored) {
+ m_runIgnored = true;
+ } else if (arg == listCmd) {
+ justList = true;
+ } else if (arg == listGroupsCmd) {
+ for (auto &group : m_testGroups) {
+ printf("GR:%s\n", group.first.c_str());
+ }
+ return 0;
+ } else if (arg.find(listInGroup) == 0) {
+ arg.erase(0, listInGroup.length());
+ for (auto &test : m_testGroups[arg]) {
+ printf("ID:%s\n", test.name.c_str());
+ }
+ return 0;
+ } else if (arg.find(allowChildLogs) == 0) {
+ arg.erase(0, allowChildLogs.length());
+ m_allowChildLogs = true;
+ } else if (arg == "--help") {
+ showHelp = true;
+ } else if (arg.find(output) == 0) {
+ arg.erase(0, output.length());
+ if (m_collectors.find(arg) != m_collectors.end()) {
+ InvalidArgs(
+ "Multiple outputs of the same type are not supported!");
+ Usage();
+ return -1;
+ }
+ currentCollector.reset(TestResultsCollectorBase::Create(arg));
+ if (!currentCollector) {
+ InvalidArgs("Unsupported output type!");
+ Usage();
+ return -1;
+ }
+ m_collectors[arg] = currentCollector;
+ } else if (arg.find(regexp) == 0) {
+ arg.erase(0, regexp.length());
+ if (arg.length() == 0) {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+
+ if (arg[0] == '\'' && arg[arg.length() - 1] == '\'') {
+ arg.erase(0);
+ arg.erase(arg.length() - 1);
+ }
+
+ if (arg.length() == 0) {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+
+ pcrecpp::RE re(arg.c_str());
+ for (auto &group : m_testGroups) {
+ TestCaseStructList newList;
+ for (auto &tc : group.second)
+ {
+ if (re.PartialMatch(tc.name)) {
+ newList.push_back(tc);
+ }
+ }
+ group.second = newList;
+ }
+ } else if(arg.find(onlyFromXML) == 0) {
+ arg.erase(0, onlyFromXML.length());
+ if (arg.length() == 0) {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+
+ if (arg[0] == '\'' && arg[arg.length() - 1] == '\'') {
+ arg.erase(0);
+ arg.erase(arg.length() - 1);
+ }
+
+ if (arg.length() == 0) {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+
+ xmlFiles.push_back(arg);
+ } else {
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+ }
+
+ if(!xmlFiles.empty())
+ {
+ if(!filterGroupsByXmls(xmlFiles))
+ {
+ fprintf(stderr, "XML file is not correct\n");
+ return 0;
+ }
+ }
+
+ if(justList)
+ {
+ for (auto &group : m_testGroups) {
+ for (auto &tc : group.second) {
+ printf("ID:%s:%s\n", group.first.c_str(), tc.name.c_str());
+ }
+ }
+ return 0;
+ }
+
+ currentCollector.reset();
+
+ // Show help
+ if (showHelp) {
+ Usage();
+ return 0;
+ }
+
+ if (m_collectors.empty()) {
+ TestResultsCollectorBasePtr collector(
+ TestResultsCollectorBase::Create("text"));
+ m_collectors["text"] = collector;
+ }
+
+ for (auto &collector : m_collectors) {
+ if (!collector.second->Configure()) {
+ fprintf(stderr, "Could not configure selected output");
+ return 0;
+ }
+ }
+
+ // Run tests
+ RunTests();
+
+ return 0;
+}
+
+bool TestRunner::getRunIgnored() const
+{
+ return m_runIgnored;
+}
+
+void TestRunner::Terminate()
+{
+ m_terminate = true;
+}
+
+bool TestRunner::GetAllowChildLogs()
+{
+ return m_allowChildLogs;
+}
+
+}
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner_child.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of test runner
+ */
+#include <stddef.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/test/test_results_collector.h>
+#include <dpl/binary_queue.h>
+#include <dpl/exception.h>
+#include <dpl/scoped_free.h>
+#include <dpl/colors.h>
+#include <pcrecpp.h>
+#include <algorithm>
+#include <cstdio>
+#include <memory.h>
+#include <libgen.h>
+#include <cstring>
+#include <cstdlib>
+#include <ctime>
+#include <unistd.h>
+#include <poll.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+
+namespace {
+const int CHILD_TEST_FAIL = 0;
+const int CHILD_TEST_PASS = 1;
+const int CHILD_TEST_IGNORED = 2;
+
+const int MSG_TYPE_MESSAGE = 0; // sizeof(Message) + Message
+const int MSG_TYPE_PERF_TIME = 1; // perfTime + maxTime
+
+int closeOutput() {
+ int devnull;
+ int retcode = -1;
+ if (-1 == (devnull = TEMP_FAILURE_RETRY(open("/dev/null", O_WRONLY))))
+ return -1;
+
+ // replace stdout with /dev/null
+ if (-1 == TEMP_FAILURE_RETRY(dup2(devnull, STDOUT_FILENO)))
+ goto end;
+
+ // replace stderr with /dev/null
+ if (-1 == TEMP_FAILURE_RETRY(dup2(devnull, STDERR_FILENO)))
+ goto end;
+
+ retcode = 0;
+
+end:
+ close(devnull);
+ return retcode;
+}
+
+} // namespace anonymous
+
+namespace DPL {
+namespace Test {
+
+PipeWrapper::PipeWrapper()
+{
+ if (-1 == pipe(m_pipefd)) {
+ m_pipefd[0] = PIPE_CLOSED;
+ m_pipefd[1] = PIPE_CLOSED;
+ }
+}
+
+PipeWrapper::~PipeWrapper()
+{
+ closeHelp(0);
+ closeHelp(1);
+}
+
+bool PipeWrapper::isReady()
+{
+ return m_pipefd[0] != PIPE_CLOSED || m_pipefd[1] != PIPE_CLOSED;
+}
+
+void PipeWrapper::setUsage(Usage usage)
+{
+ if (usage == READONLY) {
+ closeHelp(1);
+ }
+ if (usage == WRITEONLY) {
+ closeHelp(0);
+ }
+}
+
+PipeWrapper::Status PipeWrapper::send(int code, std::string &message)
+{
+ if (m_pipefd[1] == PIPE_CLOSED) {
+ return ERROR;
+ }
+
+ std::ostringstream output;
+ output << toBinaryString(code);
+ output << toBinaryString(MSG_TYPE_MESSAGE);
+ output << toBinaryString(static_cast<int>(message.size()));
+ output << message;
+
+ std::string binary = output.str();
+ int size = binary.size();
+
+ if ((writeHelp(&size,
+ sizeof(int)) == ERROR) ||
+ (writeHelp(binary.c_str(), size) == ERROR))
+ {
+ return ERROR;
+ }
+ return SUCCESS;
+}
+
+PipeWrapper::Status PipeWrapper::sendTime(int code,
+ std::chrono::system_clock::duration time,
+ std::chrono::system_clock::duration timeMax)
+{
+ if (m_pipefd[1] == PIPE_CLOSED) {
+ return ERROR;
+ }
+
+ std::ostringstream output;
+ output << toBinaryString(code);
+ output << toBinaryString(MSG_TYPE_PERF_TIME);
+ output << toBinaryString(time);
+ output << toBinaryString(timeMax);
+
+ std::string binary = output.str();
+ int size = binary.size();
+
+ if ((writeHelp(&size,
+ sizeof(int)) == ERROR) ||
+ (writeHelp(binary.c_str(), size) == ERROR))
+ {
+ return ERROR;
+ }
+ return SUCCESS;
+}
+
+PipeWrapper::Status PipeWrapper::receive(int &code,
+ int &msgType,
+ std::string &data,
+ std::chrono::system_clock::duration &time,
+ std::chrono::system_clock::duration &timeMax,
+ time_t deadline)
+{
+ if (m_pipefd[0] == PIPE_CLOSED) {
+ return ERROR;
+ }
+
+ int size;
+ Status ret;
+
+ if ((ret = readHelp(&size, sizeof(int), deadline)) != SUCCESS) {
+ return ret;
+ }
+
+ std::vector<char> buffer;
+ buffer.resize(size);
+
+ if ((ret = readHelp(&buffer[0], size, deadline)) != SUCCESS) {
+ return ret;
+ }
+
+ try {
+ DPL::BinaryQueue queue;
+ queue.AppendCopy(&buffer[0], size);
+
+ queue.FlattenConsume(&code, sizeof(int));
+ queue.FlattenConsume(&msgType, sizeof(int));
+
+ switch (msgType) {
+ case MSG_TYPE_MESSAGE:
+ queue.FlattenConsume(&size, sizeof(int));
+
+ buffer.resize(size);
+
+ queue.FlattenConsume(&buffer[0], size);
+ data.assign(buffer.begin(), buffer.end());
+ break;
+ case MSG_TYPE_PERF_TIME:
+ queue.FlattenConsume(&time, sizeof(std::chrono::system_clock::duration));
+ queue.FlattenConsume(&timeMax, sizeof(std::chrono::system_clock::duration));
+ break;
+ default:
+ return ERROR;
+ }
+ } catch (DPL::BinaryQueue::Exception::Base &e) {
+ return ERROR;
+ }
+ return SUCCESS;
+}
+
+void PipeWrapper::closeAll()
+{
+ closeHelp(0);
+ closeHelp(1);
+}
+
+std::string PipeWrapper::toBinaryString(int data)
+{
+ char buffer[sizeof(int)];
+ memcpy(buffer, &data, sizeof(int));
+ return std::string(buffer, buffer + sizeof(int));
+}
+
+std::string PipeWrapper::toBinaryString(std::chrono::system_clock::duration data)
+{
+ char buffer[sizeof(std::chrono::system_clock::duration)];
+ memcpy(buffer, &data, sizeof(std::chrono::system_clock::duration));
+ return std::string(buffer, buffer + sizeof(std::chrono::system_clock::duration));
+}
+
+void PipeWrapper::closeHelp(int desc)
+{
+ if (m_pipefd[desc] != PIPE_CLOSED) {
+ TEMP_FAILURE_RETRY(close(m_pipefd[desc]));
+ m_pipefd[desc] = PIPE_CLOSED;
+ }
+}
+
+PipeWrapper::Status PipeWrapper::writeHelp(const void *buffer, int size)
+{
+ int ready = 0;
+ const char *p = static_cast<const char *>(buffer);
+ while (ready != size) {
+ int ret = write(m_pipefd[1], &p[ready], size - ready);
+
+ if (ret == -1 && (errno == EAGAIN || errno == EINTR)) {
+ continue;
+ }
+
+ if (ret == -1) {
+ closeHelp(1);
+ return ERROR;
+ }
+
+ ready += ret;
+ }
+ return SUCCESS;
+}
+
+PipeWrapper::Status PipeWrapper::readHelp(void *buf, int size, time_t deadline)
+{
+ int ready = 0;
+ char *buffer = static_cast<char*>(buf);
+ while (ready != size) {
+ time_t wait = deadline - time(0);
+ wait = wait < 1 ? 1 : wait;
+ pollfd fds = { m_pipefd[0], POLLIN, 0 };
+
+ int pollReturn = poll(&fds, 1, wait * 1000);
+
+ if (pollReturn == 0) {
+ return TIMEOUT; // Timeout
+ }
+
+ if (pollReturn < -1) {
+ return ERROR;
+ }
+
+ int ret = read(m_pipefd[0], &buffer[ready], size - ready);
+
+ if (ret == -1 && (errno == EAGAIN || errno == EINTR)) {
+ continue;
+ }
+
+ if (ret == -1 || ret == 0) {
+ closeHelp(0);
+ return ERROR;
+ }
+
+ ready += ret;
+ }
+ return SUCCESS;
+}
+
+void RunChildProc(TestRunner::TestCase procChild)
+{
+ PipeWrapper pipe;
+ if (!pipe.isReady()) {
+ throw TestRunner::TestFailed("Pipe creation failed");
+ }
+
+ pid_t pid = fork();
+
+ if (pid == -1) {
+ throw TestRunner::TestFailed("Child creation failed");
+ }
+
+ if (pid != 0) {
+ // parent code
+ pipe.setUsage(PipeWrapper::READONLY);
+
+ int code;
+ int msgType;
+ std::chrono::system_clock::duration time_m;
+ std::chrono::system_clock::duration timeMax_m;
+ std::string message;
+
+ int pipeReturn = pipe.receive(code, msgType, message, time_m, timeMax_m, time(0) + 10);
+
+ if (pipeReturn != PipeWrapper::SUCCESS) { // Timeout or reading error
+ pipe.closeAll();
+ kill(pid, SIGKILL);
+ }
+
+ int status;
+ waitpid(pid, &status, 0);
+
+ if (pipeReturn == PipeWrapper::TIMEOUT) {
+ throw TestRunner::TestFailed("Timeout");
+ }
+
+ if (pipeReturn == PipeWrapper::ERROR) {
+ throw TestRunner::TestFailed("Reading pipe error");
+ }
+
+ if (code == CHILD_TEST_PASS && msgType == MSG_TYPE_PERF_TIME) {
+ DPL::Test::TestRunnerSingleton::Instance().setCurrentTestCasePerformanceResult(true,
+ time_m,
+ timeMax_m);
+ }
+
+ if (code == CHILD_TEST_FAIL) {
+ throw TestRunner::TestFailed(message);
+ } else if (code == CHILD_TEST_IGNORED) {
+ throw TestRunner::Ignored(message);
+ }
+ } else {
+ // child code
+
+ // End Runner after current test
+ TestRunnerSingleton::Instance().Terminate();
+
+ int code = CHILD_TEST_PASS;
+ std::string msg;
+ bool isPerformanceTest;
+ std::chrono::system_clock::duration time_m;
+ std::chrono::system_clock::duration timeMax_m;
+
+ bool allowLogs = TestRunnerSingleton::Instance().GetAllowChildLogs();
+
+ close(STDIN_FILENO);
+ if (!allowLogs) {
+ closeOutput(); // if fails nothing we can do
+ }
+
+ pipe.setUsage(PipeWrapper::WRITEONLY);
+
+ try {
+ procChild();
+ } catch (const DPL::Test::TestRunner::TestFailed &e) {
+ msg = e.GetMessage();
+ code = CHILD_TEST_FAIL;
+ } catch (const DPL::Test::TestRunner::Ignored &e) {
+ msg = e.GetMessage();
+ code = CHILD_TEST_IGNORED;
+ } catch (...) { // catch all exception generated by "user" code
+ msg = "unhandled exeception";
+ code = CHILD_TEST_FAIL;
+ }
+
+ if (allowLogs) {
+ closeOutput();
+ }
+
+ DPL::Test::TestRunnerSingleton::Instance().getCurrentTestCasePerformanceResult(isPerformanceTest,
+ time_m,
+ timeMax_m);
+
+ if (code == CHILD_TEST_PASS && isPerformanceTest){
+ pipe.sendTime(code,
+ time_m,
+ timeMax_m);
+ } else {
+ pipe.send(code, msg);
+ }
+ }
+}
+} // namespace Test
+} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_runner_multiprocess.cpp
+ * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation file of multiprocess test runner
+ */
+
+#include <sys/file.h>
+#include <dpl/exception.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <poll.h>
+#include <limits.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+namespace {
+
+const int MULTI_TEST_ERROR = -1;
+const int MULTI_TEST_PASS = 0;
+const int MULTI_TEST_FAILED = 1;
+const int MULTI_TEST_IGNORED = 2;
+
+}
+
+namespace DPL {
+namespace Test {
+
+SimplePipeWrapper::SimplePipeWrapper()
+: PipeWrapper()
+{
+
+}
+
+SimplePipeWrapper::~SimplePipeWrapper()
+{
+
+}
+
+PipeWrapper::Status SimplePipeWrapper::send(std::string &message)
+{
+ if (m_pipefd[1] == PIPE_CLOSED) {
+ return ERROR;
+ }
+
+ if (message.size() > PIPE_BUF-1) {
+ return ERROR;
+ }
+
+ char buffer[PIPE_BUF] = { 0 };
+
+
+ for(unsigned int i = 0; i < message.size(); ++i) {
+ buffer[i] = message[i];
+ }
+
+ return writeHelp(buffer, PIPE_BUF);
+}
+
+PipeWrapper::Status SimplePipeWrapper::receive(std::string &data, bool &empty, time_t deadline)
+{
+ if (m_pipefd[0] == PIPE_CLOSED) {
+ return ERROR;
+ }
+
+ empty = false;
+
+ data.resize(PIPE_BUF);
+
+ char buffer[PIPE_BUF] = { 0 };
+
+ int ready = 0;
+ while (ready != PIPE_BUF) {
+ time_t wait = deadline - time(0);
+ wait = wait < 1 ? 1 : wait;
+ pollfd fds = { m_pipefd[0], POLLIN, 0 };
+
+ int pollReturn = poll(&fds, 1, wait * 1000);
+
+ if (pollReturn == 0) {
+ return TIMEOUT; // Timeout
+ }
+
+ if (pollReturn < -1) {
+ return ERROR;
+ }
+ int ret = read(m_pipefd[0], &buffer[ready], PIPE_BUF - ready);
+ if (ret == -1 && (errno == EAGAIN || errno == EINTR)) {
+ continue;
+ }
+
+ if (ret == -1) {
+ closeHelp(0);
+ return ERROR;
+ }
+ if (ret == 0) {
+ empty = true;
+ break;
+ }
+
+ ready += ret;
+ }
+
+
+ for(unsigned int i = 0; i < PIPE_BUF; ++i){
+ if(buffer[i] == 0) {
+ data.resize(i);
+ return SUCCESS;
+ }
+ data[i] = buffer[i];
+ }
+
+ return ERROR;
+}
+
+void RunMultiProc(TestRunner::TestCase procMulti)
+{
+ SimplePipeWrapper pipe;
+ int code = MULTI_TEST_PASS;
+ std::string msg = "";
+ int pipeReturn;
+
+ int waitStatus;
+
+ pid_t top_pid = getpid();
+
+ if (!pipe.isReady()) {
+ throw TestRunner::TestFailed("Pipe creation failed");
+ }
+ // pipe
+
+ try {
+ procMulti();
+ } catch (const TestRunner::TestFailed &e) {
+ code = MULTI_TEST_FAILED;
+ msg = e.GetMessage();
+ } catch (const TestRunner::Ignored &e) {
+ code = MULTI_TEST_IGNORED;
+ msg = e.GetMessage();
+ } catch (const std::exception &) {
+ code = MULTI_TEST_FAILED;
+ msg = "std exception";
+ } catch (...) {
+ // Unknown exception failure
+ code = MULTI_TEST_FAILED;
+ msg = "unknown exception";
+ }
+
+ while (true) {
+ pid_t child_pid = wait(&waitStatus);
+ if (child_pid == -1) {
+ if (errno == ECHILD) {
+ if (top_pid == getpid()) {
+ std::string recMsg="";
+
+ pipe.setUsage(PipeWrapper::READONLY);
+
+ bool empty=false;
+ while(true) {
+ pipeReturn = pipe.receive(recMsg, empty, time(0) + 10);
+
+ if (empty) {
+ break;
+ }
+ if (pipeReturn == PipeWrapper::ERROR) {
+ pipe.closeAll();
+ throw TestRunner::TestFailed("Reading pipe error");
+ } else if (pipeReturn == PipeWrapper::TIMEOUT) {
+ pipe.closeAll();
+ throw TestRunner::TestFailed("Timeout error");
+ }
+ msg = msg + "\n" + recMsg;
+ }
+ pipe.closeAll();
+
+ switch(code) {
+ case MULTI_TEST_PASS:
+ return;
+ case MULTI_TEST_FAILED:
+ throw TestRunner::TestFailed(msg);
+ case MULTI_TEST_IGNORED:
+ throw TestRunner::Ignored(msg);
+ default:
+ throw TestRunner::TestFailed(msg);
+ }
+ } else {
+ pipe.setUsage(PipeWrapper::WRITEONLY);
+
+ pipeReturn = pipe.send(msg);
+
+ if (pipeReturn == PipeWrapper::ERROR) {
+ pipe.closeAll();
+ code = MULTI_TEST_ERROR;
+ }
+
+ exit(code);
+ }
+ }
+ } else if (WIFEXITED(waitStatus)) {
+ if ((signed char)WEXITSTATUS(waitStatus) == MULTI_TEST_FAILED) {
+ switch (code) {
+ case MULTI_TEST_PASS:
+ code = MULTI_TEST_FAILED;
+ break;
+ case MULTI_TEST_FAILED:
+ break;
+ case MULTI_TEST_IGNORED:
+ code = MULTI_TEST_FAILED;
+ break;
+ default:
+ break;
+ }
+ } else if ((signed char)WEXITSTATUS(waitStatus) == MULTI_TEST_IGNORED) {
+ switch (code) {
+ case MULTI_TEST_PASS:
+ code = MULTI_TEST_IGNORED;
+ break;
+ case MULTI_TEST_FAILED:
+ break;
+ case MULTI_TEST_IGNORED:
+ break;
+ default:
+ break;
+ }
+ } else if ((signed char)WEXITSTATUS(waitStatus) != MULTI_TEST_PASS) {
+ code = MULTI_TEST_ERROR;
+ msg = "PROCESS BAD CODE RETURN";
+ }
+ }
+ }
+}
+} // namespace Test
+} // namespace DPL
--- /dev/null
+# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# @file CMakeLists.txt
+# @author Jan Olszak (j.olszak@samsung.com)
+# @author Rafal Krypa (r.krypa@samsung.com)
+# @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+# @version 0.1
+# @brief
+#
+INCLUDE(FindPkgConfig)
+
+SET(TEST_APP_EFL "test-app-efl")
+SET(TEST_APP_WGT "test-app-wgt")
+SET(TEST_APP_OSP "test-app-osp")
+SET(HELLO_TIZEN_TEST_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/hello-tizen.cpp
+ )
+ADD_EXECUTABLE( ${TEST_APP_EFL} ${HELLO_TIZEN_TEST_SOURCES} )
+INSTALL(TARGETS ${TEST_APP_EFL}
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+INSTALL(FILES ${TEST_APP_EFL}
+ DESTINATION /usr/bin
+ RENAME ${TEST_APP_OSP}
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE)
+
+execute_process(COMMAND ln -s /usr/bin/wrt-client ${CMAKE_CURRENT_BINARY_DIR}/${TEST_APP_WGT} )
+
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/${TEST_APP_WGT}
+ DESTINATION /usr/bin)
+
+SET(LPC_TARGET_TEST "libprivilege-control-test")
+
+#dependencies
+PKG_CHECK_MODULES(LPC_TARGET_DEP
+ libsmack
+ libprivilege-control
+ sqlite3
+ libtzplatform-config
+ REQUIRED
+ libiri
+ )
+
+#files to compile
+SET(LPC_TARGET_TEST_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/db.cpp
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/duplicates.cpp
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control-test.cpp
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases.cpp
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_nosmack.cpp
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_incorrect_params.cpp
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_stress.cpp
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
+ )
+
+#header directories
+INCLUDE_DIRECTORIES(SYSTEM
+ ${LPC_TARGET_DEP_INCLUDE_DIRS}
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common/
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
+ )
+
+#preprocessor definitions
+#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+
+#output format
+ADD_EXECUTABLE(${LPC_TARGET_TEST} ${LPC_TARGET_TEST_SOURCES})
+
+#linker directories
+TARGET_LINK_LIBRARIES(${LPC_TARGET_TEST}
+ ${LPC_TARGET_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ -lcrypt
+ )
+
+#place for output file
+INSTALL(TARGETS ${LPC_TARGET_TEST}
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+# Test SMACK rules
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules1.smack
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2.smack
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_no_r.smack
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_r.smack
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(DIRECTORY
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_privilege_control_DIR
+ DESTINATION /etc/smack/
+)
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.dac
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.dac
+ DESTINATION /usr/share/privilege-control/
+ )
+
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.smack
+ DESTINATION /usr/share/privilege-control/
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.dac
+ DESTINATION /usr/share/privilege-control/
+ )
--- /dev/null
+24567
+75678
--- /dev/null
+~APP~ test_book_efl r
--- /dev/null
+56789
+67890
--- /dev/null
+~APP~ test_book_osp_8 r
+~APP~ test_book_osp_9 w
+~APP~ test_book_osp_10 x
+~APP~ test_book_osp_11 rw
+~APP~ test_book_osp_12 rx
+~APP~ test_book_osp_13 wx
+~APP~ test_book_osp_14 rwx
+~APP~ test_book_osp_15 rwxat
+test_subject_osp_8 ~APP~ r
+test_subject_osp_9 ~APP~ w
+test_subject_osp_10 ~APP~ x
+test_subject_osp_11 ~APP~ rw
+test_subject_osp_12 ~APP~ rx
+test_subject_osp_13 ~APP~ wx
+test_subject_osp_14 ~APP~ rwx
+test_subject_osp_15 ~APP~ rwxat
--- /dev/null
+~APP~ test_book_1 r
+~APP~ test_book_2 w
+~APP~ test_book_3 x
+~APP~ test_book_4 rw
+~APP~ test_book_5 rx
+~APP~ test_book_6 wx
+~APP~ test_book_7 rwx
+test_subject_1 ~APP~ r
+test_subject_2 ~APP~ w
+test_subject_3 ~APP~ x
+test_subject_4 ~APP~ rw
+test_subject_5 ~APP~ rx
+test_subject_6 ~APP~ wx
+test_subject_7 ~APP~ rwx
--- /dev/null
+~APP~ test_book_8 r
+~APP~ test_book_9 w
+~APP~ test_book_10 x
+~APP~ test_book_11 rw
+~APP~ test_book_12 rx
+~APP~ test_book_13 wx
+~APP~ test_book_14 rwx
+~APP~ test_book_15 rwxat
+test_subject_8 ~APP~ r
+test_subject_9 ~APP~ w
+test_subject_10 ~APP~ x
+test_subject_11 ~APP~ rw
+test_subject_12 ~APP~ rx
+test_subject_13 ~APP~ wx
+test_subject_14 ~APP~ rwx
+test_subject_15 ~APP~ rwxat
--- /dev/null
+~APP~ test_book_9 w
+~APP~ test_book_10 x
+~APP~ test_book_11 w
+~APP~ test_book_12 x
+~APP~ test_book_13 wx
+~APP~ test_book_14 wx
+~APP~ test_book_15 wxat
+test_subject_9 ~APP~ w
+test_subject_10 ~APP~ x
+test_subject_11 ~APP~ w
+test_subject_12 ~APP~ x
+test_subject_13 ~APP~ wx
+test_subject_14 ~APP~ wx
+test_subject_15 ~APP~ wxat
--- /dev/null
+~APP~ test_book_8 r
+~APP~ test_book_11 r
+~APP~ test_book_12 r
+~APP~ test_book_14 r
+~APP~ test_book_15 r
+test_subject_8 ~APP~ r
+test_subject_11 ~APP~ r
+test_subject_12 ~APP~ r
+test_subject_14 ~APP~ r
+test_subject_15 ~APP~ r
--- /dev/null
+34567
+45678
--- /dev/null
+~APP~ test_book_wgt_8 r
+~APP~ test_book_wgt_9 w
+~APP~ test_book_wgt_10 x
+~APP~ test_book_wgt_11 rw
+~APP~ test_book_wgt_12 rx
+~APP~ test_book_wgt_13 wx
+~APP~ test_book_wgt_14 rwx
+~APP~ test_book_wgt_15 rwxat
+test_subject_wgt_8 ~APP~ r
+test_subject_wgt_9 ~APP~ w
+test_subject_wgt_10 ~APP~ x
+test_subject_wgt_11 ~APP~ rw
+test_subject_wgt_12 ~APP~ rx
+test_subject_wgt_13 ~APP~ wx
+test_subject_wgt_14 ~APP~ rwx
+test_subject_wgt_15 ~APP~ rwxat
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file libprivilege-control_test_db.cpp
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control tests database record check functions
+ */
+
+#include <tests_common.h>
+#include <privilege-control.h>
+#include <tzplatform_config.h>
+#include <sstream>
+#include <string.h>
+#include "db.h"
+#include "db_sqlite.h"
+#include "duplicates.h"
+
+const std::string DBASE_PATH = tzplatform_mkpath(TZ_SYS_DB, ".rules-db.db3");
+const std::string ALL_APPS ="ALL_APPS";
+
+const int PERMISSION_VOLATILE = 1;
+const int PERMISSION_PERSISTENT = 0;
+
+const int PERMISSION_ENABLED = 1;
+const int PERMISSION_DISABLED = 0;
+
+using std::ostringstream;
+using std::string;
+
+TestLibPrivilegeControlDatabase::TestLibPrivilegeControlDatabase() : m_base(DBASE_PATH)
+{
+}
+
+void TestLibPrivilegeControlDatabase::test_db_after__perm_app_install(const char* name)
+{
+ if (!m_base.is_open())
+ m_base.open();
+
+ app_label(name);
+ app_permission(name, ALL_APPS, ALL_APPS, PERMISSION_PERSISTENT, PERMISSION_ENABLED);
+}
+
+void TestLibPrivilegeControlDatabase::test_db_after__perm_app_uninstall(const char* name)
+{
+ if (!m_base.is_open())
+ m_base.open();
+
+ app_not_label(name);
+}
+
+void TestLibPrivilegeControlDatabase::test_db_after__perm_app_enable_permissions(
+ const char* name, app_type_t app_type, const char** perm_list, bool persistent)
+{
+ if (!m_base.is_open())
+ m_base.open();
+
+ string permission_type_name = app_type_name(app_type);
+ string permission_group_type_name = app_type_group_name(app_type);
+ const int is_volatile = persistent ? PERMISSION_PERSISTENT : PERMISSION_VOLATILE;
+ string permission_name;
+ int ret;
+
+ app_permission(name, permission_type_name, permission_type_name, is_volatile,
+ PERMISSION_ENABLED);
+
+ int i;
+ for (i = 0; perm_list[i] != nullptr; ++i) {
+ // Ignore empty lines
+ if (strspn(perm_list[i], " \t\n") == strlen(perm_list[i]))
+ continue;
+
+ ret = base_name_from_perm(perm_list[i], permission_name);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "permission : <" << perm_list[i] <<
+ "> cannot be converted to basename (iri parse error)");
+ app_permission(name, permission_name, permission_group_type_name, is_volatile,
+ PERMISSION_ENABLED);
+ }
+}
+
+void TestLibPrivilegeControlDatabase::app_label(const std::string& app_name)
+{
+ Sqlite3DBaseSelectResult result;
+ ostringstream sql;
+ sql << "SELECT app_id FROM app "
+ "NATURAL JOIN label "
+ "WHERE name == '" << app_name << "' ;";
+ m_base.execute(sql.str(), result);
+
+ RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 1, "query : <" <<
+ sql.str() << "> returned [" << result.rows.size() << "] rows");
+}
+
+void TestLibPrivilegeControlDatabase::app_not_label(const std::string& app_name)
+{
+ Sqlite3DBaseSelectResult result;
+ ostringstream sql;
+ sql << "SELECT label_id FROM label "
+ "WHERE name == '" << app_name << "' ;";
+ m_base.execute(sql.str(), result);
+
+ RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() << "> returned [" <<
+ result.rows.size() << "] rows");
+}
+
+void TestLibPrivilegeControlDatabase::app_permission(const std::string& app_name,
+ const std::string& permission_name, const std::string& permission_type_name,
+ int is_volatile, int is_enabled)
+{
+ Sqlite3DBaseSelectResult result;
+ ostringstream sql;
+ sql << "SELECT * FROM app_permission "
+ "INNER JOIN app USING(app_id) "
+ "INNER JOIN permission USING(permission_id) "
+ "INNER JOIN permission_type USING(permission_type_id)"
+ "INNER JOIN label USING(label_id)"
+ "WHERE "
+ "label.name == '" << app_name << "' "
+ "AND app_permission.is_enabled == " << is_enabled << " "
+ "AND app_permission.is_volatile == " << is_volatile << " "
+ "AND permission.name == '" << permission_name << "' "
+ "AND permission_type.type_name == '" << permission_type_name << "' "
+ ";";
+ m_base.execute(sql.str(), result);
+
+ RUNNER_ASSERT_MSG(result.rows.size() == 1, "query : <" << sql.str() << "> returned [" <<
+ result.rows.size() << "] rows");
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file libprivilege-control_test_db.h
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control tests database record check functions
+ */
+
+#ifndef LIBPRIVILEGE_CONTROL_TEST_DB_H_
+#define LIBPRIVILEGE_CONTROL_TEST_DB_H_
+
+#include <privilege-control.h>
+#include "libprivilege-control_test_common.h"
+#include "db_sqlite.h"
+
+/**
+ * @class TestLibPrivilegeControlDatabase
+ * @brief Class containing methods for testing libprivlege database.
+ */
+class TestLibPrivilegeControlDatabase
+{
+public:
+/**
+ * @brief A constructor
+ */
+ TestLibPrivilegeControlDatabase();
+
+/**
+ * @brief A destructor
+ */
+ ~TestLibPrivilegeControlDatabase() = default;
+
+/**
+ * @brief Method for testing database after "perm_app_install" was run.
+ *
+ * It checks existence of proper: label, app records and permission for ALL_APPS for installed app.
+ *
+ * @param name name of installed app
+ */
+ void test_db_after__perm_app_install(const char* name);
+
+/**
+ * @brief Method for testing database after "perm_app_uninstall" was run.
+ *
+ * It checks absence of proper: label for installed app.
+ *
+ * @param name name of uninstalled app
+ */
+ void test_db_after__perm_app_uninstall(const char* name);
+
+/**
+ * @brief Method for testing database after "perm_app_enable_permissions" was run.
+ *
+ * It checks existence of proper permissions from perm_list and main permission for whole app_type.
+ *
+ * @param name name of application
+ * @param app_type type of application (EFL, WRT, etc. )
+ * @param perm_list list of permission to enable
+ * @param persistent persistence or volatileness of permissions
+ */
+ void test_db_after__perm_app_enable_permissions(const char* name, app_type_t app_type,
+ const char** perm_list, bool persistent);
+
+private:
+/**
+ * @var base
+ * @brief Sqlite3DBase object giving simple access to database
+ *
+ * Connection to database is open first time it is needed
+ * and closed in destructor of TestLibPrivilegeControlDatabase.
+ */
+ Sqlite3DBase m_base;
+
+/**
+ * @brief Check existence of label related records for given app.
+ *
+ * @param app_name name of application
+ */
+ void app_label(const std::string& app_name);
+
+/**
+ * @brief Check absence of label record for given app.
+ *
+ * @param app_name name of application
+ */
+ void app_not_label(const std::string& app_name);
+
+/**
+ * @brief It checks existence of single permission.
+ *
+ * @param app_name name of application
+ * @param permission_name name of permission
+ * @param permission_type_name name of permission type
+ * @param is_volatile persistence or volatileness of permissions
+ * @param is_enabled permission enable flag
+ */
+ void app_permission(const std::string& app_name, const std::string& permission_name,
+ const std::string& permission_type_name, int is_volatile, int is_enabled);
+};
+
+#endif /* LIBPRIVILEGE_CONTROL_TEST_DB_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file libprivilege-control_test_duplicates.cpp
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control private functions duplicates
+ */
+
+#include <stdlib.h>
+#include <iri.h>
+#include <algorithm>
+#include <string>
+#include <set>
+#include <sys/smack.h>
+#ifndef _XOPEN_SOURCE
+#define _XOPEN_SOURCE
+#endif
+#include <unistd.h>
+#include "duplicates.h"
+
+std::string app_type_name(app_type_t app_type)
+{
+ switch(app_type)
+ {
+ case APP_TYPE_WGT:
+ return "WRT";
+ case APP_TYPE_OSP:
+ return "OSP";
+ case APP_TYPE_EFL:
+ return "EFL";
+ default:
+ return "";
+ }
+}
+
+std::string app_type_group_name(app_type_t app_type)
+{
+ switch (app_type)
+ {
+ case APP_TYPE_WGT:
+ return "WRT";
+ case APP_TYPE_OSP:
+ return "OSP";
+ case APP_TYPE_EFL:
+ return "EFL";
+ default:
+ return "";
+ }
+}
+
+
+/*
+ * This function changes permission URI to basename for file name.
+ * For e.g. from http://tizen.org/privilege/contact.read will be
+ * created basename : org.tizen.privilege.contact.read
+ */
+int base_name_from_perm(const char *perm, std::string& name)
+{
+ iri_t *iris = iri_parse(perm);
+ if (iris == nullptr || iris->host == nullptr)
+ {
+ iri_destroy(iris);
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ std::string host_dot;
+ std::string host;
+ std::string path;
+ std::string::size_type pos;
+
+ if (iris->path == nullptr)
+ {
+ path = iris->host;
+ }
+ else
+ {
+ path = iris->path;
+ host = iris->host;
+ pos = host.rfind('.');
+ if (pos != std::string::npos)
+ {
+ host_dot = host.substr(pos + 1) + ".";
+ host = host.substr(0, pos);
+ }
+ }
+
+ iri_destroy(iris);
+
+ std::replace(path.begin(), path.end(), '/', '.');
+
+ name = host_dot + host + path;
+
+ return PC_OPERATION_SUCCESS;
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file libprivilege-control_test_duplicates.h
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control private functions duplicates
+ */
+
+#ifndef LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_
+#define LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_
+
+#include <string>
+#include <privilege-control.h>
+
+/**
+ * @brief Get the permission family type name.
+ *
+ * @ingroup RDB internal functions test duplicate
+ *
+ * @param app_type type of the application
+ * @return PC_OPERATION_SUCCESS on success,
+ * error code otherwise
+ */
+std::string app_type_name(app_type_t app_type);
+
+/**
+ * @brief Get the permission type name
+ *
+ * @ingroup RDB internal functions test duplicate
+ *
+ * @param app_type type of the application
+ * @return PC_OPERATION_SUCCESS on success,
+ * error code otherwise
+ */
+std::string app_type_group_name(app_type_t app_type);
+
+/**
+ * @brief URI to basename conversion
+ *
+ * This function changes permission URI to basename for file name.
+ * For e.g. from http://tizen.org/privilege/contact.read will be
+ * created basename : org.tizen.privilege.contact.read
+ *
+ * @ingroup RDB internal functions test duplicate
+ *
+ * @param perm permission URI
+ * @param name created basename
+ * @return PC_OPERATION_SUCCESS on success,
+ * error code otherwise
+ */
+int base_name_from_perm(const char *perm, std::string& name);
+
+#endif /* LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file test_cases.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control tests commons
+ */
+
+#ifndef LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
+#define LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
+
+#include <vector>
+#include <string>
+#include <set>
+#include <ftw.h>
+#include <privilege-control.h>
+#include <tests_common.h>
+#include <unistd.h>
+
+// How many open file descriptors should ftw() function use?
+#define FTW_MAX_FDS 16
+
+#define SOCK_PATH "/tmp/test-smack-socket"
+
+#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
+#define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
+
+#define APP_ID "test_APP"
+#define APPID_DIR "test_APP_ID_dir"
+#define GENERATED_APP_ID "User" // TODO to be replaced in the future
+
+#define PERM_TO_REDEFINE "Test::RedefinePermission"
+#define PERM_SUB_TO_REDEFINE "Test::RedefinePermission::Sub"
+
+#define APP_1 "app_1"
+#define APP_1_DIR "/tmp/app_1"
+
+#define APP_2 "app_2"
+#define APP_2_DIR "/tmp/app_2"
+
+#define APP_TEST "app_test"
+
+#define EFL_APP_ID "hello-tizen"
+
+#define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac"
+#define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac"
+#define LIBPRIVILEGE_TEST_DAC_FILE_EFL "/usr/share/privilege-control/EFL_test_privilege_control_rules_efl.dac"
+
+#define OSP_APP_ID "uqNfgEjqc7"
+
+#define WGT_APP_PATH "/usr/bin/test-app-wgt"
+#define OSP_APP_PATH "/usr/bin/test-app-osp"
+#define EFL_APP_PATH "/usr/bin/test-app-efl"
+
+#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
+
+extern const char *USER_APP_ID;
+
+extern const char *PRIVS1[];
+extern const char *PRIVS2[];
+extern const char *PRIVS2_NO_R[];
+extern const char *PRIVS2_R[];
+extern const char *PRIVS2_R_AND_NO_R[];
+
+extern const char *PRIVS_WGT[];
+extern const char *PRIVS_OSP[];
+extern const char *PRIVS_EFL[];
+
+extern const char *PRIV_APPSETTING[];
+extern const char *PRIV_APPSETTING_RULES[];
+
+typedef std::vector< std::vector<std::string> > rules_t;
+
+// Rules from WRT_test_privilege_control_rules1.smack for wgt
+const rules_t rules1 = {
+ { USER_APP_ID, "test_book_1", "r" },
+ { USER_APP_ID, "test_book_2", "w" },
+ { USER_APP_ID, "test_book_3", "x" },
+ { USER_APP_ID, "test_book_4", "rw" },
+ { USER_APP_ID, "test_book_5", "rx" },
+ { USER_APP_ID, "test_book_6", "wx" },
+ { USER_APP_ID, "test_book_7", "rwx" },
+ { "test_subject_1", USER_APP_ID, "r" },
+ { "test_subject_2", USER_APP_ID, "w" },
+ { "test_subject_3", USER_APP_ID, "x" },
+ { "test_subject_4", USER_APP_ID, "rw" },
+ { "test_subject_5", USER_APP_ID, "rx" },
+ { "test_subject_6", USER_APP_ID, "wx" },
+ { "test_subject_7", USER_APP_ID, "rwx" }
+};
+
+// Rules from WRT_test_privilege_control_rules2.smack
+const rules_t rules2 = {
+ { USER_APP_ID, "test_book_8", "r" },
+ { USER_APP_ID, "test_book_9", "w" },
+ { USER_APP_ID, "test_book_10", "x" },
+ { USER_APP_ID, "test_book_11", "rw" },
+ { USER_APP_ID, "test_book_12", "rx" },
+ { USER_APP_ID, "test_book_13", "wx" },
+ { USER_APP_ID, "test_book_14", "rwx" },
+ { USER_APP_ID, "test_book_15", "rwxat" },
+ { "test_subject_8", USER_APP_ID, "r" },
+ { "test_subject_9", USER_APP_ID, "w" },
+ { "test_subject_10", USER_APP_ID, "x" },
+ { "test_subject_11", USER_APP_ID, "rw" },
+ { "test_subject_12", USER_APP_ID, "rx" },
+ { "test_subject_13", USER_APP_ID, "wx" },
+ { "test_subject_14", USER_APP_ID, "rwx" },
+ { "test_subject_15", USER_APP_ID, "rwxat" }
+};
+
+// Rules from WRT_test_privilege_control_rules_no_r.smack
+const rules_t rules2_no_r = {
+ { USER_APP_ID, "test_book_9", "w" },
+ { USER_APP_ID, "test_book_10", "x" },
+ { USER_APP_ID, "test_book_11", "w" },
+ { USER_APP_ID, "test_book_12", "x" },
+ { USER_APP_ID, "test_book_13", "x" },
+ { USER_APP_ID, "test_book_14", "wx" },
+ { USER_APP_ID, "test_book_15", "wxat" },
+ { "test_subject_9", USER_APP_ID, "w" },
+ { "test_subject_10", USER_APP_ID, "x" },
+ { "test_subject_11", USER_APP_ID, "w" },
+ { "test_subject_12", USER_APP_ID, "x" },
+ { "test_subject_13", USER_APP_ID, "x" },
+ { "test_subject_14", USER_APP_ID, "wx" },
+ { "test_subject_15", USER_APP_ID, "wxat" }
+};
+
+// Rules from test_privilege_control_rules.smack
+// minus WRT_test_privilege_control_rules_no_r.smack
+const rules_t rules2_r = {
+ { USER_APP_ID, "test_book_8", "r" },
+ { USER_APP_ID, "test_book_11", "r" },
+ { USER_APP_ID, "test_book_12", "r" },
+ { USER_APP_ID, "test_book_14", "r" },
+ { USER_APP_ID, "test_book_15", "r" },
+ { "test_subject_8", USER_APP_ID, "r" },
+ { "test_subject_11", USER_APP_ID, "r" },
+ { "test_subject_12", USER_APP_ID, "r" },
+ { "test_subject_14", USER_APP_ID, "r" },
+ { "test_subject_15", USER_APP_ID, "r" }
+};
+
+// Rules from EFL_test_privilege_control_rules_efl.smack for rpm
+const rules_t rules_efl = {
+ { USER_APP_ID, "test_book_efl", "r" }
+};
+
+// Rules from WRT_test_privilege_control_rules_wgt.smack for wgt
+const rules_t rules_wgt = {
+ { USER_APP_ID, "test_book_wgt_8", "r" },
+ { USER_APP_ID, "test_book_wgt_9", "w" },
+ { USER_APP_ID, "test_book_wgt_10", "x" },
+ { USER_APP_ID, "test_book_wgt_11", "rw" },
+ { USER_APP_ID, "test_book_wgt_12", "rx" },
+ { USER_APP_ID, "test_book_wgt_13", "wx" },
+ { USER_APP_ID, "test_book_wgt_14", "rwx" },
+ { USER_APP_ID, "test_book_wgt_15", "rwxat" },
+ { "test_subject_wgt_8", USER_APP_ID, "r" },
+ { "test_subject_wgt_9", USER_APP_ID, "w" },
+ { "test_subject_wgt_10", USER_APP_ID, "x" },
+ { "test_subject_wgt_11", USER_APP_ID, "rw" },
+ { "test_subject_wgt_12", USER_APP_ID, "rx" },
+ { "test_subject_wgt_13", USER_APP_ID, "wx" },
+ { "test_subject_wgt_14", USER_APP_ID, "rwx" },
+ { "test_subject_wgt_15", USER_APP_ID, "rwxat" }
+};
+
+// Rules from OSP_test_privilege_control_rules_osp.smack for osp
+const rules_t rules_osp = {
+ { USER_APP_ID, "test_book_osp_8", "r" },
+ { USER_APP_ID, "test_book_osp_9", "w" },
+ { USER_APP_ID, "test_book_osp_10", "x" },
+ { USER_APP_ID, "test_book_osp_11", "rw" },
+ { USER_APP_ID, "test_book_osp_12", "rx" },
+ { USER_APP_ID, "test_book_osp_13", "wx" },
+ { USER_APP_ID, "test_book_osp_14", "rwx" },
+ { USER_APP_ID, "test_book_osp_15", "rwxat" },
+ { "test_subject_osp_8", USER_APP_ID, "r" },
+ { "test_subject_osp_9", USER_APP_ID, "w" },
+ { "test_subject_osp_10", USER_APP_ID, "x" },
+ { "test_subject_osp_11", USER_APP_ID, "rw" },
+ { "test_subject_osp_12", USER_APP_ID, "rx" },
+ { "test_subject_osp_13", USER_APP_ID, "wx" },
+ { "test_subject_osp_14", USER_APP_ID, "rwx" },
+ { "test_subject_osp_15", USER_APP_ID, "rwxat" }
+};
+
+int test_have_all_accesses(const rules_t &rules);
+int test_have_any_accesses(const rules_t &rules);
+int test_have_nosmack_accesses(const rules_t &rules);
+
+void read_user_gids(std::set<unsigned> &set, const uid_t user_id);
+void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file);
+
+int file_exists(const char *path);
+void check_app_installed(const char *app_path);
+
+void check_perm_app_has_permission(const char *app_label,
+ const char *permission,
+ bool is_enabled_expected);
+
+int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/);
+int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/);
+int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/);
+int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/);
+int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/);
+
+void test_perm_app_setup_path_PUBLIC_RO(bool smack);
+void test_revoke_permissions(int line_no, const char* app_id);
+void test_app_enable_permissions_efl(bool smack);
+void test_app_disable_permissions_efl(bool smack);
+void test_app_disable_permissions(bool smack);
+bool check_all_accesses(bool smack, const rules_t &rules);
+bool check_no_accesses(bool smack, const rules_t &rules);
+
+#endif /* LIBPRIVILEGE_CONTROL_TEST_COMMON_H_ */
--- /dev/null
+#include <iostream>
+
+int main() {
+ std::cout << "Hello Tizen!" << std::endl;
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file libprivilege-control-test.cpp
+ * @author Jan Olszak (j.olszak@samsung.com)
+ * @version 1.0
+ * @brief Main file for libprivilege-control unit tests.
+ */
+
+#include <dpl/test/test_runner.h>
+#include <dpl/log/log.h>
+
+int main (int argc, char *argv[])
+{
+ LogInfo("Starting libprivilege-control tests");
+
+ int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ return status;
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file libprivilege-control-test.cpp
+ * @author Jan Olszak (j.olszak@samsung.com)
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief Main file for libprivilege-control unit tests.
+ */
+
+#include <fcntl.h>
+#include <fstream>
+#include <iostream>
+#include <set>
+#include <string>
+#include <string.h>
+#include <sys/sendfile.h>
+#include <sys/smack.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <vector>
+#include <grp.h>
+#include <pwd.h>
+
+#include <libprivilege-control_test_common.h>
+#include <tests_common.h>
+#include "common/duplicates.h"
+#include <memory.h>
+
+#define CANARY_LABEL "tiny_yellow_canary"
+
+const char *USER_APP_ID = "User";
+
+const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", nullptr };
+const char *PRIVS2[] = { "test_privilege_control_rules2", nullptr };
+const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", nullptr };
+const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", nullptr };
+const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", nullptr };
+
+const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", nullptr };
+const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", nullptr };
+const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", nullptr };
+
+const char *PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", nullptr};
+const char *PRIV_APPSETTING_RULES[] = { "~APP~ ~SETTINGS_PATH~ rwx",
+ "~APP~ ~ALL_APPS~ rx",
+ nullptr};
+/**
+ * Check if every rule is true.
+ * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
+ */
+int test_have_all_accesses(const rules_t &rules)
+{
+ for (size_t i = 0; i < rules.size(); ++i) {
+ int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
+ if (access <= 0)
+ return 0;
+ }
+ return 1;
+}
+
+/**
+ * Check if every rule is true.
+ * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
+ */
+int test_have_any_accesses(const rules_t &rules)
+{
+ for (size_t i = 0; i < rules.size(); ++i) {
+ int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
+ if (access > 0)
+ return 1;
+ }
+ return 0;
+}
+
+/**
+ * NOSMACK version of test_have_accesses functions.
+ *
+ * This will be used in many tests. Checks if for every rule smack_have_access returns error.
+ * If for any of rules smack_have_access will return something different than error, this result
+ * is being returned to caller.
+ */
+int test_have_nosmack_accesses(const rules_t &rules)
+{
+ int result;
+ for (uint i = 0; i < rules.size(); ++i) {
+ result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
+ if (result != -1)
+ return result;
+ }
+ return -1;
+}
+
+bool check_all_accesses(bool smack, const rules_t &rules)
+{
+ if (smack)
+ return test_have_all_accesses(rules) == 1;
+ else
+ return test_have_nosmack_accesses(rules) == -1;
+}
+
+bool check_no_accesses(bool smack, const rules_t &rules)
+{
+ if (smack)
+ return test_have_any_accesses(rules) == 0;
+ else
+ return test_have_nosmack_accesses(rules) == -1;
+}
+
+void read_gids(std::set<unsigned> &set, const char *file_path)
+{
+ FILE *f = fopen(file_path, "r");
+ RUNNER_ASSERT_ERRNO_MSG(f != nullptr, "Unable to open file " << file_path);
+ unsigned gid;
+ while (fscanf(f, "%u\n", &gid) == 1) {
+ set.insert(gid);
+ }
+ fclose(f);
+}
+
+void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
+{
+ int ret;
+
+ errno = 0;
+ struct passwd *pw = getpwuid(user_id);
+ RUNNER_ASSERT_ERRNO_MSG(pw != nullptr, "getpwuid() failed");
+
+ int groups_cnt = 0;
+ gid_t *groups_list = nullptr;
+ ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
+ RUNNER_ASSERT_MSG(ret == -1, "getgrouplist() failed.");
+ if (groups_cnt == 0)
+ return;
+ groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
+ RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
+
+ ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
+ if (ret == -1) {
+ free(groups_list);
+ RUNNER_FAIL_MSG("getgrouplist() failed.");
+ }
+
+ for (int i = 0; i < groups_cnt; ++i) {
+ set.insert(groups_list[i]);
+ }
+ free(groups_list);
+}
+
+void read_current_gids(std::set<unsigned> &set)
+{
+ int groups_cnt = getgroups(0, nullptr);
+ RUNNER_ASSERT_ERRNO_MSG(groups_cnt > 0, "Wrong number of supplementary groups");
+ gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
+ RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
+ if (getgroups(groups_cnt, groups_list) == -1){
+ free(groups_list);
+ RUNNER_FAIL_MSG("getgroups failed.");
+ }
+
+ for (int i = 0; i < groups_cnt; ++i) {
+ set.insert(groups_list[i]);
+ }
+ free(groups_list);
+}
+
+void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
+{
+ std::set<unsigned> groups_check;
+ std::set<unsigned> groups_current;
+ if(dac_file != nullptr)
+ read_gids(groups_check, dac_file);
+ read_current_gids(groups_current);
+
+ std::string groups_left;
+ for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
+ {
+ (void)groups_check.erase(*it);
+ if(groups_current.erase(*it) == 0)
+ groups_left.append(std::to_string(*it)).append(" ");
+ }
+ RUNNER_ASSERT_MSG(groups_left.empty(),
+ "Application lost some groups: " << groups_left);
+
+ for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
+ {
+ if(groups_current.erase(*it) == 0)
+ groups_left.append(std::to_string(*it)).append(" ");
+ }
+ RUNNER_ASSERT_MSG(groups_left.empty(),
+ "Application doesn't belong to some required groups: " << groups_left);
+
+ for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
+ {
+ groups_left.append(std::to_string(*it)).append(" ");
+ }
+ RUNNER_ASSERT_MSG(groups_left.empty(),
+ "Application belongs to groups it should't belong to: " << groups_left);
+}
+
+int file_exists(const char *path)
+{
+ FILE *file = fopen(path, "r");
+ if (file) {
+ fclose(file);
+ return 0;
+ }
+ return -1;
+}
+
+void check_app_installed(const char *app_path)
+{
+ RUNNER_ASSERT_MSG(file_exists(app_path) == 0,
+ " App not installed: " << app_path);
+}
+
+int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ smack_lsetlabel(fpath, nullptr, SMACK_LABEL_ACCESS);
+ smack_lsetlabel(fpath, nullptr, SMACK_LABEL_EXEC);
+ smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
+
+ return 0;
+}
+
+void check_perm_app_has_permission(const char *app_label,
+ const char *permission,
+ bool is_enabled_expected)
+{
+ int result;
+ bool is_enabled_result;
+
+ result = perm_app_has_permission(app_label, APP_TYPE_WGT, permission, &is_enabled_result);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error calling perm_app_has_permission. Result: " << result);
+
+ RUNNER_ASSERT_MSG(is_enabled_result == is_enabled_expected,
+ " Result of perm_app_has_permission should be: " << is_enabled_expected);
+}
+
+int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
+ const char* correctLabel)
+{
+ int result;
+ CStringPtr labelPtr;
+ char* label = nullptr;
+
+ /* ACCESS */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
+ result = strcmp(correctLabel, label);
+ RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
+
+ /* EXEC */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+ if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
+ RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
+ result = strcmp(correctLabel, label);
+ RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
+ } else
+ RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
+
+ /* TRANSMUTE */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
+
+ return 0;
+}
+
+
+int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ return nftw_check_labels_app_dir(fpath, sb, USER_APP_ID);
+}
+
+int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ return nftw_check_labels_app_dir(fpath, sb, "_");
+}
+
+int nftw_check_labels_app_public_ro_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ int result;
+ CStringPtr labelPtr;
+ char *label;
+
+ /* ACCESS */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
+ result = strcmp(LABEL_FOR_PUBLIC_SHARED_DIRS, label);
+ RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
+
+ /* EXEC */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
+
+ /* TRANSMUTE */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+ if (S_ISDIR(sb->st_mode)) {
+ RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set");
+ result = strcmp("TRUE", label);
+ RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
+ } else
+ RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
+
+ return 0;
+}
+
+int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
+ smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
+ smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
+
+ return 0;
+}
+
+int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ int result;
+ CStringPtr labelPtr;
+ char* label = nullptr;
+
+ /* ACCESS */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ result = strcmp(CANARY_LABEL, labelPtr.get());
+ RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
+
+ /* EXEC */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ result = strcmp(CANARY_LABEL, labelPtr.get());
+ RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
+
+ /* TRANSMUTE */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ RUNNER_ASSERT_MSG(labelPtr.get() == nullptr, "TRANSMUTE label on " << fpath << " is set");
+
+ return 0;
+}
+
+void test_perm_app_setup_path_PUBLIC_RO(bool smack)
+{
+ int result;
+
+ result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
+
+ result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
+
+ DB_BEGIN
+
+ result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
+
+ DB_END
+
+ result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_ro_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
+
+ result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
+
+ RUNNER_ASSERT(check_all_accesses(smack, {{ USER_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "r"}}));
+}
+
+void test_revoke_permissions(int line_no, const char* app_id)
+{
+ int result;
+
+ // Cleanup
+ DB_BEGIN
+
+ result = perm_app_uninstall(app_id);
+ RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ "perm_app_uninstall returned " << result);
+
+ // Close transaction to commit uninstallation before further actions
+ DB_END
+
+ DB_BEGIN
+
+ // Install test apps
+ result = perm_app_install(app_id);
+ RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ "perm_app_install returned " << result);
+
+ // Close transaction to commit installation before further actions
+ DB_END
+
+ DB_BEGIN
+
+ // TEST:
+ // Revoke permissions
+ result = perm_app_revoke_permissions(app_id);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
+ "Error revoking app permissions. Result: " << result);
+
+ DB_END
+
+ DB_BEGIN
+
+ // Cleanup - uninstall test apps
+ result = perm_app_uninstall(app_id);
+ RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
+ "perm_app_uninstall returned " << result);
+
+ DB_END
+}
+
+void test_app_enable_permissions_efl(bool smack)
+{
+ int result;
+
+ DB_BEGIN
+
+ // Prepare
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+ result = perm_app_install(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << result);
+
+ // Register a permission:
+ result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error registering app permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
+ "SMACK accesses not granted for EFL_APP");
+
+ DB_BEGIN
+
+ // Cleanup
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+
+ DB_END
+}
+
+void test_app_disable_permissions_efl(bool smack)
+{
+ int result;
+
+ DB_BEGIN
+
+ // Prepare
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+
+ result = perm_app_install(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << result);
+
+ result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
+ "SMACK accesses not disabled for EFL_APP");
+
+ DB_BEGIN
+
+ // Register a permission
+ result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error registering app permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
+ "SMACK accesses not granted for EFL_APP");
+
+ DB_BEGIN
+
+ // Disable a permission
+ result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
+ "SMACK accesses not disabled for EFL_APP");
+
+ DB_BEGIN
+
+ // Cleanup
+ result = perm_app_uninstall(EFL_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+
+ DB_END
+}
+
+void test_app_disable_permissions(bool smack)
+{
+ int result;
+
+ DB_BEGIN
+
+ // Prepare
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << result);
+
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << result);
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app first permissions. Result: " << result);
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app no r permissions. Result: " << result);
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app r permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2),
+ "SMACK accesses not disabled.");
+
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1),
+ "SMACK accesses not disabled.");
+
+ DB_BEGIN
+
+/**
+ * Test - disable all granted permissions.
+ */
+
+ // Prepare permissions that we want to disable
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
+
+ DB_END
+
+ // Are all the permissions enabled?
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
+
+ DB_BEGIN
+
+ // Disable permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ DB_END
+
+ // Are all the permissions disabled?
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
+
+/**
+ * Test - disable some granted permissions leaving non complementary and then disabling those too.
+ */
+
+ DB_BEGIN
+
+ // Prepare permissions that will not be disabled
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error adding app first permissions. Result: " << result);
+
+ // Prepare permissions that we want to disable
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error adding app second permissions. Result: " << result);
+
+ // Disable second permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app second permissions. Result: " << result);
+
+ DB_END
+
+ // Are all second permissions disabled?
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
+
+ // Are all first permissions not disabled?
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, rules1), "Some of second permissions disabled.");
+
+ DB_BEGIN
+
+ // Disable first permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app first permissions. Result: " << result);
+
+ DB_END
+
+ // Are all second permissions disabled?
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1), "Not all second permisions disabled.");
+
+/**
+ * Test - disable only no r granted permissions.
+ */
+
+ DB_BEGIN
+
+ // Prepare permissions
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app r permissions. Result: " << result);
+
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app no r permissions. Result: " << result);
+
+ // Disable same permissions without r
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app no r permissions. Result: " << result);
+
+ DB_END
+
+ // Is any r permissions disabled?
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
+ // Are all no r permissions disabled?
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
+
+ DB_BEGIN
+
+ // Prepare permissions
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error adding app no r permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
+
+ DB_BEGIN
+
+ // Disable all permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ DB_END
+
+ RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
+
+ DB_BEGIN
+
+ // Clean up after test:
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ DB_END
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file test_cases.cpp
+ * @author Jan Olszak (j.olszak@samsung.com)
+ * @author Rafal Krypa (r.krypa@samsung.com)
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control test runner
+ */
+
+#include <string>
+#include <vector>
+#include <fstream>
+#include <sstream>
+#include <set>
+
+#include <fcntl.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/smack.h>
+
+#include <privilege-control.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <dpl/log/log.h>
+#include <tests_common.h>
+#include <libprivilege-control_test_common.h>
+#include "common/duplicates.h"
+#include "common/db.h"
+#include "memory.h"
+
+// Error codes for test_libprivilege_strerror
+const std::vector<int> error_codes {
+ PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
+ PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
+ PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
+ PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
+};
+
+namespace {
+
+std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
+{
+ std::vector<std::string> names;
+ for(size_t i = 0; i < size; ++i) {
+ names.push_back(prefix + "_" + std::to_string(i) + suffix);
+ }
+ return names;
+}
+
+const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
+const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
+const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
+const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
+const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
+const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
+const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
+
+void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
+{
+ std::ifstream dac_file(dac_file_path);
+ RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
+
+ auto it = gids.begin();
+ std::string line;
+ while (std::getline(dac_file,line)) {
+ std::istringstream is(line);
+ unsigned gid;
+ is >> gid;
+ RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
+ RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
+ it++;
+ }
+
+ RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
+
+ dac_file.close();
+}
+
+void remove_smack_files()
+{
+ // TODO array
+ unlink(OSP_BLAHBLAH);
+ unlink(WRT_BLAHBLAH);
+ unlink(OTHER_BLAHBLAH);
+ unlink(WRT_BLAHBLAH_DAC);
+ unlink(OTHER_BLAHBLAH_DAC);
+
+ for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
+ unlink(OSP_BLAHBLAH_DAC[i].c_str());
+
+ for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
+ unlink(OSP_BLAHBLAH_DAC[i].c_str());
+}
+
+} // namespace
+
+RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
+
+RUNNER_TEST(privilege_control02_perm_app_setup_path_01_PRIVATE)
+{
+ int result;
+
+ result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
+
+ result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
+
+ DB_BEGIN
+
+ result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_PRIVATE failed");
+
+ DB_END
+
+ result = nftw(TEST_APP_DIR, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
+
+ result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
+}
+
+RUNNER_TEST(privilege_control02_perm_app_setup_path_02_FLOOR)
+{
+ int result;
+
+ result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
+
+ result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
+
+ DB_BEGIN
+
+ result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_FLOOR);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_FLOOR type failed");
+
+ DB_END
+
+ result = nftw(TEST_APP_DIR, &nftw_check_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
+
+ result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
+}
+
+
+RUNNER_TEST_SMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO)
+{
+ test_perm_app_setup_path_PUBLIC_RO(true);
+}
+
+/**
+ * Revoke permissions from the list. Should be executed as privileged user.
+ */
+RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
+{
+ test_revoke_permissions(__LINE__, WGT_APP_ID);
+}
+
+/**
+ * Revoke permissions from the list. Should be executed as privileged user.
+ */
+RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
+{
+ test_revoke_permissions(__LINE__, OSP_APP_ID);
+}
+
+void test_set_app_privilege(
+ const char* app_id, app_type_t APP_TYPE,
+ const char** privileges, const char* type,
+ const char* app_path, const char* dac_file,
+ const rules_t &rules) {
+ check_app_installed(app_path);
+
+ int result;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(app_id);
+ RUNNER_ASSERT_MSG(result == 0,
+ " perm_app_uninstall returned " << result << ". "
+ "Errno: " << strerror(errno));
+
+ result = perm_app_install(app_id);
+ RUNNER_ASSERT_MSG(result == 0,
+ " perm_app_install returned " << result << ". "
+ "Errno: " << strerror(errno));
+
+ // TEST:
+ result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
+
+ DB_END
+
+ result = test_have_all_accesses(rules);
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+
+ std::set<unsigned> groups_before;
+ read_user_gids(groups_before, APP_UID);
+
+ result = perm_app_set_privilege(app_id, type, app_path);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error in perm_app_set_privilege. Error: " << result);
+
+ // Check if SMACK label really set
+ char *label;
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result >= 0,
+ " Error getting current process label");
+ RUNNER_ASSERT_MSG(label != nullptr,
+ " Process label is not set");
+
+ result = strcmp(USER_APP_ID, label);
+ RUNNER_ASSERT_MSG(result == 0,
+ " Process label " << label << " is incorrect");
+
+ check_groups(groups_before, dac_file);
+}
+
+/**
+ * Set APP privileges. wgt.
+ */
+RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
+{
+ test_set_app_privilege(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
+}
+
+/**
+ * Set APP privileges. osp app.
+ */
+RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
+{
+ test_set_app_privilege(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
+}
+
+RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_efl)
+{
+ test_set_app_privilege(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
+ "rpm", EFL_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
+}
+
+/**
+ * Add new API feature
+ */
+RUNNER_TEST(privilege_control08_add_api_feature)
+{
+ int result;
+
+ remove_smack_files();
+
+ DB_BEGIN
+
+ // argument validation
+ result = perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0);
+ RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
+
+ result = perm_add_api_feature(APP_TYPE_OSP,"", nullptr, nullptr, 0);
+ RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
+
+
+ // Already existing feature:
+ // TODO: Database will be malformed. (Rules for these features will be removed.)
+ result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", nullptr, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", nullptr, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ // empty features
+ result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", nullptr, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", nullptr, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ // empty rules
+ const char *test1[] = { nullptr };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ const char *test2[] = { "", nullptr };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ const char *test3[] = { " \t\n", "\t \n", "\n\t ", nullptr };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ // malformed rules
+ const char *test4[] = { "malformed", nullptr };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
+
+ const char *test5[] = { "malformed malformed", nullptr };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
+
+ const char *test6[] = { "-malformed malformed rwxat", nullptr };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
+
+ const char *test7[] = { "~/\"\\ malformed rwxat", nullptr };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
+
+ const char *test8[] = { "subject object rwxat something else", nullptr };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
+
+
+ // correct rules
+ const char *test9[] = {
+ "~APP~ object\t rwxatl",
+ " \t \n",
+ "subject2\t~APP~ ltxarw",
+ "",
+ nullptr};
+
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", nullptr };
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", nullptr }; // TODO This fails.
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+
+ // TODO For now identical/complementary rules are not merged.
+ const char *test12[] = {
+ "subject1 ~APP~ rwxatl",
+ " \t \n",
+ "subject2 ~APP~ ltxarw",
+ "",
+ nullptr};
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+
+ // empty group ids
+ const char *test13[] = { "~APP~ b a", nullptr};
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
+ RUNNER_ASSERT(result == -1);
+ remove_smack_files();
+
+
+ // valid group ids
+ result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
+ remove_smack_files();
+
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
+ remove_smack_files();
+
+ result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
+ osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
+ remove_smack_files();
+
+ DB_END
+}
+
+/**
+ * Add new API feature, assign it to an app and redefine the API feature.
+ * Check if app rules has changed after redefinition.
+ */
+RUNNER_TEST_SMACK(privilege_control09_perm_add_api_feature_redefine)
+{
+ int result;
+ const char *permissionName[] = { "org.tizen.test.permtoberedefined", nullptr};
+
+ // Rules to be used with the first check
+ const rules_t test_rules1 = {
+ { GENERATED_APP_ID, PERM_TO_REDEFINE, "rx" },
+ { PERM_TO_REDEFINE, GENERATED_APP_ID, "rwx" },
+ { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
+ };
+
+ // Rules that contain differences - to be used with the second check (after re-def)
+ const rules_t test_rules2 = {
+ { GENERATED_APP_ID, PERM_TO_REDEFINE, "rwx" },
+ { PERM_TO_REDEFINE, GENERATED_APP_ID, "rx" },
+ { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "watl" }
+ };
+
+ // Differences between rules1 and rules2 - should be revoked after re-def)
+ const rules_t diff_rules = {
+ { PERM_TO_REDEFINE, GENERATED_APP_ID, "w" },
+ { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
+ };
+
+ // Rules to be used with the first definition
+ const char *perm_rules1[] = {
+ "~APP~ " PERM_TO_REDEFINE " rx",
+ PERM_TO_REDEFINE " ~APP~ rwx",
+ "~APP~ " PERM_SUB_TO_REDEFINE " rx",
+ nullptr
+ };
+
+ // Rules that contain differences - to be used with the second definition (re-def)
+ const char *perm_rules2[] = {
+ "~APP~ " PERM_TO_REDEFINE " rwx",
+ PERM_TO_REDEFINE " ~APP~ rx",
+ "~APP~ " PERM_SUB_TO_REDEFINE " watl",
+ nullptr
+ };
+
+ DB_BEGIN
+
+ // uninstall app to make sure that all rules and permissions are revoked
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall failed: " << perm_strerror(result));
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install failed: " << perm_strerror(result));
+
+ result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules1, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_add_api_feature failed: " << result);
+
+ result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP, permissionName, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_enable_permissions failed: " << perm_strerror(result));
+
+ DB_END
+
+ // Check if rules are applied
+ result = test_have_all_accesses(test_rules1);
+ RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
+
+ DB_BEGIN
+
+ // Redefine the permission
+ result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules2, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_add_api_feature failed: " << result);
+
+ DB_END
+
+ // Check if rules are updated
+ result = test_have_all_accesses(test_rules2);
+ RUNNER_ASSERT_MSG(result == 1, "Not all permissions added after update.");
+ // The difference between rules1 and rules2 should be revoked!
+ result = test_have_any_accesses(diff_rules);
+ RUNNER_ASSERT_MSG(result == 0, "Permissions are not fully updated.");
+}
+
+/*
+ * Check perm_app_uninstall function
+ */
+void check_perm_app_uninstall(const char* pkg_id)
+{
+ int result;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(pkg_id);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned: " << perm_strerror(result));
+
+ DB_END
+}
+
+RUNNER_TEST(privilege_control07_app_uninstall)
+{
+ check_perm_app_uninstall(APP_ID);
+}
+
+/*
+ * Check perm_app_install function
+ */
+void check_perm_app_install(const char* pkg_id)
+{
+ int result;
+
+ DB_BEGIN
+
+ result = perm_app_install(pkg_id);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
+
+ DB_END
+
+ TestLibPrivilegeControlDatabase db_test;
+ db_test.test_db_after__perm_app_install(USER_APP_ID);
+}
+
+RUNNER_TEST(privilege_control01_app_install)
+{
+ check_perm_app_uninstall(APP_ID);
+ check_perm_app_install(APP_ID);
+ // try install second time app with the same ID - it should pass.
+ check_perm_app_install(APP_ID);
+}
+
+/*
+ * Check perm_rollback function
+ */
+RUNNER_TEST(privilege_control07_app_rollback)
+{
+ check_perm_app_uninstall(APP_ID);
+
+ int result;
+
+ DB_BEGIN
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
+
+ // transaction rollback
+ result = perm_rollback();
+ RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
+
+ DB_END
+}
+
+RUNNER_TEST(privilege_control07_app_rollback_2)
+{
+ check_perm_app_uninstall(APP_ID);
+
+ int result;
+
+ DB_BEGIN
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
+
+ // transaction rollback
+ result = perm_rollback();
+ RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
+
+ // install once again after the rollback
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
+
+ DB_END
+
+ TestLibPrivilegeControlDatabase db_test;
+ db_test.test_db_after__perm_app_install(USER_APP_ID);
+}
+
+/**
+ * Grant SMACK permissions based on permissions list.
+ */
+RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
+{
+ int result;
+
+ // Clean up after test:
+ DB_BEGIN
+
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+/**
+ * Test - Enabling all permissions with persistant mode enabled
+ */
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
+
+ DB_END
+
+ // Check if the accesses are realy applied..
+ result = test_have_all_accesses(rules2);
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+
+ DB_BEGIN
+
+ // Clean up
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+
+ DB_END
+
+/**
+ * Test - Enabling all permissions with persistant mode disabled
+ */
+
+ DB_BEGIN
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
+
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error enabling app permissions. Result: " << result);
+
+ DB_END
+
+ // Check if the accesses are realy applied..
+ result = test_have_all_accesses(rules2);
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+
+ DB_BEGIN
+
+ // Clean up
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+
+ DB_END
+
+/**
+ * Test - Registering new permissions in two complementary files
+ */
+
+ DB_BEGIN
+
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
+
+ DB_END
+
+ // Check if the accesses are realy applied..
+ result = test_have_all_accesses(rules2_no_r);
+ RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
+
+ DB_BEGIN
+
+ // Clean up
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+
+ DB_END
+
+/**
+ * Test - Enabling some permissions and then enabling complementary permissions
+ */
+
+ DB_BEGIN
+
+ // Register permission for rules 2 no r
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions without r. Result: " << result);
+
+ DB_END
+
+ // Check if the accesses are realy applied..
+ result = test_have_all_accesses(rules2_no_r);
+ RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
+
+ DB_BEGIN
+
+ // Register permission for rules 2
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app all permissions. Result: " << result);
+
+ DB_END
+
+ // Check if the accesses are realy applied..
+ result = test_have_all_accesses(rules2);
+ RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
+
+ DB_BEGIN
+
+ // Clean up
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+
+/**
+ * Test - Enabling some permissions and then enabling all permissions
+ */
+
+ // Enable permission for rules 2 no r
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions without r. Result: " << result);
+
+ DB_END
+
+ // Check if the accesses are realy applied..
+ result = test_have_all_accesses(rules2_no_r);
+ RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
+
+ DB_BEGIN
+
+ // Enable permission for rules 2
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions with only r. Result: " << result);
+
+ DB_END
+
+ // Check if the accesses are realy applied..
+ result = test_have_all_accesses(rules2_r);
+ RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
+
+ DB_BEGIN
+
+ // Clean up
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+
+
+
+ // Clean up after test:
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ DB_END
+}
+
+RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
+{
+ test_app_enable_permissions_efl(true);
+}
+
+/*
+ * Check perm_app_install function
+ */
+RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
+{
+ test_app_disable_permissions_efl(true);
+}
+
+
+/**
+ * Remove previously granted SMACK permissions based on permissions list.
+ */
+RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
+{
+ test_app_disable_permissions(true);
+}
+
+/**
+ * Reset SMACK permissions for an application by revoking all previously
+ * granted rules and enabling them again from a rules file from disk.
+ */
+// TODO: This test is incomplete.
+RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
+{
+ int result;
+
+/**
+ * Test - doing reset and checking if rules exist again.
+ */
+
+ DB_BEGIN
+
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+ // Disable permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ // Prepare permissions to reset
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error registering app permissions. Result: " << result);
+
+ // Reset permissions
+ result = perm_app_reset_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error reseting app permissions. Result: " << result);
+
+ DB_END
+
+ // Are all second permissions not disabled?
+ result = test_have_all_accesses(rules2);
+ RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
+
+ DB_BEGIN
+
+ // Disable permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ DB_END
+}
+
+static void smack_set_random_label_based_on_pid_on_self(void)
+{
+ int result;
+ std::stringstream ss;
+
+ ss << "s-" << getpid() << "-" << getppid();
+ result = smack_set_label_for_self(ss.str().c_str());
+ RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
+ << ss.str().c_str() << ") failed");
+}
+
+static void smack_unix_sock_server(int sock)
+{
+ int fd, result;
+ char *smack_label;
+
+ alarm(2);
+ fd = accept(sock, nullptr, nullptr);
+ alarm(0);
+ if (fd < 0)
+ return;
+
+ FdUniquePtr fdPtr(&fd);
+
+ result = smack_new_label_from_self(&smack_label);
+ RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
+ SmackLabelPtr smackLabelPtr(smack_label);
+
+ ssize_t bitsNum = write(fd, smack_label, strlen(smack_label));
+ RUNNER_ASSERT_ERRNO_MSG(bitsNum >= 0 && static_cast<size_t>(bitsNum) == strlen(smack_label),
+ "write() failed");
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
+{
+ int pid;
+ struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
+
+ unlink(SOCK_PATH);
+ pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+
+ smack_set_random_label_based_on_pid_on_self();
+
+ if (!pid) { /* child process, server */
+ int sock, result;
+
+ /* Set the process label before creating a socket */
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ SockUniquePtr sockPtr(&sock);
+
+ result = bind(sock,
+ (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
+
+ result = listen(sock, 1);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
+ smack_unix_sock_server(sock);
+
+ /* Change the process label with listening socket */
+ smack_unix_sock_server(sock);
+
+ pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ /* Now running two concurrent servers.
+ Test if socket label was unaffected by fork() */
+ smack_unix_sock_server(sock);
+ /* Let's give the two servers different labels */
+ smack_unix_sock_server(sock);
+
+ exit(0);
+ } else { /* parent process, client */
+ sleep(1); /* Give server some time to setup listening socket */
+ int i;
+ for (i = 0; i < 4; ++i) {
+ int sock;
+ int result;
+ char smack_label1[SMACK_LABEL_LEN + 1];
+ char *smack_label2;
+
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ SockUniquePtr sockPtr(&sock);
+
+ result = connect(sock,
+ (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
+
+ alarm(2);
+ result = read(sock, smack_label1, SMACK_LABEL_LEN);
+ alarm(0);
+ RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
+
+ smack_label1[result] = '\0';
+ smack_label2 = perm_app_id_from_socket(sock);
+ RUNNER_ASSERT_MSG(smack_label2 != nullptr, "perm_app_id_from_socket failed");
+ result = strcmp(smack_label1, smack_label2);
+ RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
+ << "' != '" << smack_label2 << "-" << random() << "'");
+ }
+ }
+}
+
+RUNNER_TEST(privilege_control20_perm_app_has_permission)
+{
+ int result;
+ const char *other_app_label = "test_other_app_label";
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error uninstalling app. Result" << result);
+
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error installing app. Result" << result);
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app r and no r permissions. Result: " << result);
+
+ DB_END
+
+ check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
+ check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
+ check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
+ check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
+
+ DB_BEGIN
+
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error registering app r permissions. Result: " << result);
+
+ DB_END
+
+ check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
+ check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
+ check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
+ check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
+
+ DB_BEGIN
+
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error registering app r permissions. Result: " << result);
+
+ DB_END
+
+ check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
+ check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
+ check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
+ check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
+
+ DB_BEGIN
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app r and no r permissions. Result: " << result);
+
+ DB_END
+
+ check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
+ check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
+ check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
+ check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
+
+ DB_BEGIN
+
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app r and no r permissions. Result: " << result);
+
+ DB_END
+
+ check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
+ check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
+ check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
+ check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
+}
+
+RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
+ int POSITIVE_ERROR_CODE = 1;
+ int NONEXISTING_ERROR_CODE = -239042;
+ const char *result;
+
+ for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
+ RUNNER_ASSERT_MSG(strcmp(perm_strerror(*itr), "Unknown error") != 0,
+ "Returned invalid error code description.");
+ }
+
+ result = perm_strerror(POSITIVE_ERROR_CODE);
+ RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
+ "Bad message returned for invalid error code: \"" << result << "\"");
+
+ result = perm_strerror(NONEXISTING_ERROR_CODE);
+ RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
+ "Bad message returned for invalid error code: \"" << result << "\"");
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file test_cases.cpp
+ * @author Jan Olszak (j.olszak@samsung.com)
+ * @author Rafal Krypa (r.krypa@samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control test runner
+ */
+
+#include <dpl/test/test_runner.h>
+#include <tests_common.h>
+#include <sys/smack.h>
+#include <privilege-control.h>
+#include <tests_common.h>
+#include <libprivilege-control_test_common.h>
+
+
+
+//////////////////////////////////////////////////////
+//TEST FOR INCORRECT PARAMS CHECK IN LIBPRIVILEGE APIS
+//////////////////////////////////////////////////////
+
+RUNNER_TEST_GROUP_INIT(libprivilegecontrol_incorrect_params)
+
+RUNNER_TEST(privilege_control21c_incorrect_params_perm_app_set_privilege)
+{
+ RUNNER_ASSERT_MSG(perm_app_set_privilege(nullptr, nullptr, APP_SET_PRIV_PATH) == PC_ERR_INVALID_PARAM,
+ "perm_app_set_privilege didn't check if package name isn't nullptr.");
+}
+
+RUNNER_TEST(privilege_control21d_incorrect_params_perm_app_install)
+{
+ RUNNER_ASSERT_MSG(perm_app_install(nullptr) == PC_ERR_INVALID_PARAM,
+ "perm_app_install didn't check if pkg_id isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_install("") == PC_ERR_INVALID_PARAM,
+ "perm_app_install didn't check if pkg_id isn't empty.");
+}
+
+RUNNER_TEST(privilege_control21e_incorrect_params_perm_app_uninstall)
+{
+ RUNNER_ASSERT_MSG(perm_app_uninstall(nullptr) == PC_ERR_INVALID_PARAM,
+ "perm_app_uninstall didn't check if pkg_id isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_uninstall("") == PC_ERR_INVALID_PARAM,
+ "perm_app_uninstall didn't check if pkg_id isn't empty.");
+}
+
+RUNNER_TEST(privilege_control21f_incorrect_params_perm_app_enable_permissions)
+{
+ RUNNER_ASSERT_MSG(perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, nullptr, 1) == PC_ERR_INVALID_PARAM,
+ "perm_app_enable_permissions didn't check if perm_list isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_enable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
+ "perm_app_enable_permissions didn't check if pkg_id isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_enable_permissions("", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
+ "perm_app_enable_permissions didn't check if pkg_id isn't empty.");
+ RUNNER_ASSERT_MSG(perm_app_enable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
+ "perm_app_enable_permissions didn't check if pkg_id is valid");
+}
+
+RUNNER_TEST(privilege_control21g_incorrect_params_app_revoke_permissions)
+{
+ RUNNER_ASSERT_MSG(perm_app_revoke_permissions(nullptr) == PC_ERR_INVALID_PARAM,
+ "perm_app_revoke_permissions didn't check if pkg_id isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_revoke_permissions("") == PC_ERR_INVALID_PARAM,
+ "perm_app_revoke_permissions didn't check if pkg_id isn't empty.");
+ RUNNER_ASSERT_MSG(perm_app_revoke_permissions("~APP~") == PC_ERR_INVALID_PARAM,
+ "perm_app_revoke_permissions didn't check if pkg_id is valid.");
+}
+
+RUNNER_TEST(privilege_control21h_incorrect_params_app_reset_permissions)
+{
+ RUNNER_ASSERT_MSG(perm_app_reset_permissions(nullptr) == PC_ERR_INVALID_PARAM,
+ "perm_app_reset_permissions didn't check if pkg_id isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_reset_permissions("") == PC_ERR_INVALID_PARAM,
+ "perm_app_reset_permissions didn't check if pkg_id isn't empty.");
+ RUNNER_ASSERT_MSG(perm_app_reset_permissions("~APP~") == PC_ERR_INVALID_PARAM,
+ "perm_app_reset_permissions didn't check if pkg_id is valid.");
+}
+
+RUNNER_TEST(privilege_control21i_incorrect_params_app_setup_path)
+{
+ RUNNER_ASSERT_MSG(perm_app_setup_path(APPID_DIR, nullptr, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
+ "perm_app_setup_path didn't check if path isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_setup_path(nullptr, TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
+ "perm_app_setup_path didn't check if pkg_id isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_setup_path("", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
+ "perm_app_setup_path didn't check if pkg_id isn't empty.");
+ RUNNER_ASSERT_MSG(perm_app_setup_path("~APP~", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
+ "perm_app_setup_path didn't check if pkg_id is valid.");
+}
+
+RUNNER_TEST(privilege_control21k_incorrect_params_add_api_feature)
+{
+ RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM,
+ "perm_add_api_feature didn't check if api_feature_name isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, "", nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM,
+ "perm_add_api_feature didn't check if api_feature_name isn't empty.");
+}
+
+RUNNER_TEST(privilege_control21l_incorrect_params_ignored_disable_permissions)
+{
+ RUNNER_ASSERT_MSG(perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, nullptr) == PC_ERR_INVALID_PARAM,
+ "perm_app_disable_permissions didn't check if perm_list isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_disable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
+ "perm_app_disable_permissions didn't check if pkg_id isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_disable_permissions("", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
+ "perm_app_disable_permissions didn't check if pkg_id isn't empty.");
+ RUNNER_ASSERT_MSG(perm_app_disable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
+ "perm_app_disable_permissions didn't check if pkg_id is valid.");
+}
+
+RUNNER_TEST(privilege_control21m_incorrect_params_perm_app_has_permission)
+{
+ bool has_permission;
+ const char *app_label = "test_app_label";
+
+ RUNNER_ASSERT_MSG(perm_app_has_permission(nullptr, APP_TYPE_WGT,
+ PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM,
+ "perm_app_has_permission didn't check if pkg_id isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_OTHER,
+ PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM,
+ "perm_app_has_permission should not accept app_type = OTHER.");
+ RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT,
+ nullptr, &has_permission) == PC_ERR_INVALID_PARAM,
+ "perm_app_has_permission didn't check if permission_name isn't nullptr.");
+ RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT,
+ PRIVS2[0], nullptr) == PC_ERR_INVALID_PARAM,
+ "perm_app_has_permission didn't check if has_permission isn't nullptr.");
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file test_cases.cpp
+ * @author Jan Olszak (j.olszak@samsung.com)
+ * @author Rafal Krypa (r.krypa@samsung.com)
+ * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control test runner
+ */
+
+#include <memory>
+#include <functional>
+#include <fstream>
+#include <set>
+
+#include <string.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/wait.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <sys/smack.h>
+#include <privilege-control.h>
+#include <tests_common.h>
+#include <libprivilege-control_test_common.h>
+#include "common/db.h"
+#include <memory.h>
+
+#define APP_USER_NAME "app"
+#define APP_HOME_DIR "/opt/home/app"
+
+
+#define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
+
+
+/////////////////////////////////////////
+//////NOSMACK ENVIRONMENT TESTS//////////
+/////////////////////////////////////////
+
+RUNNER_TEST_GROUP_INIT(libprivilegecontrol_nosmack)
+
+RUNNER_TEST_NOSMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO_nosmack)
+{
+ test_perm_app_setup_path_PUBLIC_RO(false);
+}
+
+/**
+ * NOSMACK version of privilege_control04 test.
+ *
+ * Tries to add permisions from test_privilege_control_rules template and checks if
+ * smack_have_access returns -1 on check between every rule.
+ */
+RUNNER_TEST_NOSMACK(privilege_control04_add_permissions_nosmack)
+{
+ int result;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0,
+ "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == 0,
+ "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+ //Add permissions
+ result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error adding app permissions. Result: " << result);
+
+ DB_END
+
+ //Check if smack_have_access always fails on every rule
+ result = test_have_nosmack_accesses(rules_efl);
+ RUNNER_ASSERT_MSG(result == -1,
+ "Despite SMACK being off some accesses were added. Result: " << result);
+
+ TestLibPrivilegeControlDatabase db_test;
+ db_test.test_db_after__perm_app_install(USER_APP_ID);
+ db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
+
+ DB_BEGIN
+
+ result = perm_app_disable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling permissions: " << perm_strerror(result));
+ DB_END
+}
+
+void test_set_app_privilege_nosmack(
+ const char* app_id, app_type_t app_type,
+ const char** privileges, const char* type,
+ const char* app_path, const char* dac_file,
+ const rules_t &rules)
+{
+ check_app_installed(app_path);
+
+ int result;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(app_id);
+ RUNNER_ASSERT_MSG(result == 0,
+ "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ result = perm_app_install(app_id);
+ RUNNER_ASSERT_MSG(result == 0,
+ "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+ result = perm_app_enable_permissions(app_id, app_type, privileges, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error enabling app permissions. Result: " << result);
+
+ DB_END
+
+ result = test_have_nosmack_accesses(rules);
+ RUNNER_ASSERT_MSG(result == -1,
+ " Permissions shouldn't be added. Result: " << result);
+
+ std::set<unsigned> groups_before;
+ read_user_gids(groups_before, APP_UID);
+
+ result = perm_app_set_privilege(app_id, type, app_path);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error in perm_app_set_privilege. Error: " << result);
+
+ //Even though app privileges are set, no smack label should be extracted.
+ char* label = nullptr;
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result == -1,
+ " new_label_from_self should return error (SMACK is off). Result: " << result);
+ RUNNER_ASSERT_MSG(label == nullptr,
+ " new_label_from_self shouldn't allocate memory for label.");
+
+ check_groups(groups_before, dac_file);
+}
+
+/**
+ * NOSMACK version of privilege_control05_set_app_privilege test.
+ *
+ * Another very similar test to it's SMACK version, this time smack_new_label_from_self is
+ * expected to return different result.
+ */
+RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_nosmack)
+{
+ int result;
+
+ check_app_installed(APP_SET_PRIV_PATH);
+
+ //Preset exec label
+ smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
+ smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
+
+ DB_BEGIN
+ perm_app_uninstall(APP_ID);
+ DB_END
+
+ std::set<unsigned> groups_before;
+ read_user_gids(groups_before, APP_UID);
+
+ //Set app privileges
+ result = perm_app_set_privilege(APP_ID, nullptr, APP_SET_PRIV_PATH);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_set_privilege. Error: " << result);
+
+ //Even though app privileges are set, no smack label should be extracted.
+ char* label = nullptr;
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result == -1,
+ "new_label_from_self should return error (SMACK is off). Result: " << result);
+ RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory for label.");
+
+ //Check if DAC privileges really set
+ RUNNER_ASSERT_MSG(getuid() == APP_UID, "Wrong UID");
+ RUNNER_ASSERT_MSG(getgid() == APP_GID, "Wrong GID");
+
+ result = strcmp(getenv("HOME"), APP_HOME_DIR);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR. Result: " << result);
+
+ result = strcmp(getenv("USER"), APP_USER_NAME);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME. Result: " << result);
+
+ check_groups(groups_before, nullptr);
+}
+
+/**
+ * NOSMACK version of privilege_control05_set_app_privilege_wgt test.
+ *
+ * Same as the above, plus uses test_have_nosmack_accesses instead of test_have_all_accesses.
+ */
+RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_nosmack)
+{
+ test_set_app_privilege_nosmack(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
+}
+
+/**
+ * NOSMACK version of privilege_control05_set_app_privilege_osp test.
+ *
+ * Same as the above.
+ */
+RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_nosmack)
+{
+ test_set_app_privilege_nosmack(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
+}
+
+RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_efl_nosmack)
+{
+ test_set_app_privilege_nosmack(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
+ "rpm", EFL_APP_PATH,
+ LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
+}
+
+/**
+ * Revoke permissions from the list. Should be executed as privileged user.
+ */
+RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack)
+{
+ test_revoke_permissions(__LINE__, WGT_APP_ID);
+}
+
+/**
+ * Revoke permissions from the list. Should be executed as privileged user.
+ */
+RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_nosmack)
+{
+ test_revoke_permissions(__LINE__, OSP_APP_ID);
+}
+
+/**
+ * NOSMACK version of privilege_control11_app_enable_permissions test.
+ *
+ * Since the original test did the same thing around five times, there is no need to redo the
+ * same test for perm_app_enable_permissions. perm_app_enable_permissions will be called once,
+ * test_have_nosmack_accesses will check if smack_have_access still returns error and then
+ * we will check if SMACK file was correctly created.
+ */
+RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack)
+{
+ int result;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error enabling app permissions. Result: " << result);
+
+ DB_END
+
+ //Check if accesses aren't added
+ result = test_have_nosmack_accesses(rules2);
+ RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
+
+ TestLibPrivilegeControlDatabase db_test;
+ db_test.test_db_after__perm_app_install(USER_APP_ID);
+ db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+
+ DB_BEGIN
+
+ //Clean up
+ result = perm_app_revoke_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error revoking app permissions. Result: " << result);
+
+ DB_END
+
+ db_test.test_db_after__perm_app_install(USER_APP_ID);
+}
+
+RUNNER_CHILD_TEST_NOSMACK(privilege_control11_app_enable_permissions_efl_nosmack)
+{
+ test_app_enable_permissions_efl(false);
+}
+
+/*
+ * Check perm_app_install function
+ */
+RUNNER_CHILD_TEST_NOSMACK(privilege_control12_app_disable_permissions_efl_nosmack)
+{
+ test_app_disable_permissions_efl(false);
+}
+
+/**
+ * Remove previously granted SMACK permissions based on permissions list.
+ */
+RUNNER_TEST_NOSMACK(privilege_control12_app_disable_permissions_nosmack)
+{
+ test_app_disable_permissions(false);
+}
+
+/**
+ * NOSMACK version of privilege_control13 test.
+ *
+ * Uses perm_app_reset_permissions and checks with test_have_nosmack_accesses if nothing has
+ * changed.
+ */
+RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack)
+{
+ int result;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
+
+ result = perm_app_install(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "perm_app_install returned " << result << ". Errno: " << strerror(errno));
+
+ // Disable permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ // Prepare permissions to reset
+ result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error adding app permissions. Result: " << result);
+
+ // Reset permissions
+ result = perm_app_reset_permissions(WGT_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error reseting app permissions. Result: " << result);
+
+ DB_END
+
+ result = test_have_nosmack_accesses(rules2);
+ RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be changed. Result: " << result);
+
+ DB_BEGIN
+
+ // Disable permissions
+ result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app permissions. Result: " << result);
+
+ DB_END
+}
+
+/**
+ * NOSMACK version of privilege_control15_app_id_from_socket.
+ *
+ * SMACK version of this test case utilized smack_new_label_from_self and smack_set_label_for_self.
+ * Those functions rely on /proc/self/attr/current file, which is unreadable and has no contents on
+ * NOSMACK environment. Functions mentioned above were tested during libsmack tests, so they are
+ * assumed to react correctly and are not tested in this test case.
+ *
+ * This test works similarly to libsmack test smack09_new_label_from_socket. At first server and
+ * client are created then sockets are set up and perm_app_id_from_socket is used. On NOSMACK env
+ * correct behavior for perm_app_id_from_socket would be returning nullptr label.
+ */
+RUNNER_MULTIPROCESS_TEST_NOSMACK(privilege_control15_app_id_from_socket_nosmack)
+{
+ int pid;
+ struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
+
+ //Clean up before creating socket
+ unlink(SOCK_PATH);
+
+ //Create our server and client with fork
+ pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+
+ if (!pid) { //child (server)
+ int sock, result, fd;
+
+ //Create a socket
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ SockUniquePtr sockPtr(&sock);
+
+ //Bind socket to address
+ result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
+
+ //Prepare for listening
+ result = listen(sock, 1);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
+
+ //Accept connection
+ alarm(2);
+ fd = accept(sock, nullptr, nullptr);
+ alarm(0);
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "accept failed");
+
+ //Wait a little bit for client to use perm_app_id_from_socket
+ usleep(200);
+
+ //cleanup
+ exit(0);
+ } else { //parent (client)
+ // Give server some time to setup listening socket
+ sleep(1);
+ int sock, result;
+ char* smack_label = nullptr;
+
+ //Create socket
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ SockUniquePtr sockPtr(&sock);
+
+ //Try connecting to address
+ result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
+
+ //Use perm_app_id_from_socket. Should fail and return nullptr smack_label.
+ smack_label = perm_app_id_from_socket(sock);
+ RUNNER_ASSERT_MSG(!smack_label, "perm_app_id_from_socket should fail.");
+
+ //cleanup
+ RUNNER_ASSERT_MSG(smack_label == nullptr, "perm_app_id_from_socket should fail.");
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file test_cases.cpp
+ * @author Jan Olszak (j.olszak@samsung.com)
+ * @author Rafal Krypa (r.krypa@samsung.com)
+ * @version 1.0
+ * @brief libprivilege-control test runner
+ */
+
+#include <vector>
+#include <ftw.h>
+#include <dpl/test/test_runner.h>
+#include <privilege-control.h>
+#include <libprivilege-control_test_common.h>
+#include <tests_common.h>
+#include <sys/smack.h>
+
+// ---- Macros and arrays used in stress tests ----
+#define TEST_OSP_FEATURE_APP_ID "test-osp-feature-app"
+#define TEST_WGT_FEATURE_APP_ID "test-wgt-feature-app"
+#define TEST_OSP_FEATURE "OSP_test-feature.osp_rxl"
+#define TEST_WGT_FEATURE "WGT_test-feature.wgt_rxl"
+
+#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1"
+// OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also!
+const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl",
+ "~APP~ " TEST_WGT_FEATURE_APP_ID " rl",
+ nullptr };
+const char *TEST_OSP_FEATURE_PRIVS[] = { TEST_OSP_FEATURE, nullptr };
+// WGT Api Feature Test data - rwx access only to WGT app
+const char *test_wgt_feature_rule_set[] = { "~APP~ " TEST_WGT_FEATURE_APP_ID " rwx",
+ nullptr };
+const char *TEST_WGT_FEATURE_PRIVS[] = { TEST_WGT_FEATURE, nullptr };
+
+rules_t rules_to_test_any_access1 = {
+ { TEST_OSP_FEATURE_APP_ID, APP_ID, "r" },
+ { TEST_OSP_FEATURE_APP_ID, APP_ID, "w" },
+ { TEST_OSP_FEATURE_APP_ID, APP_ID, "x" },
+ { TEST_OSP_FEATURE_APP_ID, APP_ID, "a" },
+ { TEST_OSP_FEATURE_APP_ID, APP_ID, "t" },
+ { TEST_OSP_FEATURE_APP_ID, APP_ID, "l" }
+};
+
+rules_t rules_to_test_any_access2 = {
+ { APP_ID, TEST_OSP_FEATURE_APP_ID, "r" },
+ { APP_ID, TEST_OSP_FEATURE_APP_ID, "x" },
+ { APP_ID, TEST_OSP_FEATURE_APP_ID, "l" },
+ { APP_ID, TEST_WGT_FEATURE_APP_ID, "r" },
+ { APP_ID, TEST_WGT_FEATURE_APP_ID, "w" },
+ { APP_ID, TEST_WGT_FEATURE_APP_ID, "x" },
+ { APP_ID, TEST_WGT_FEATURE_APP_ID, "l" }
+};
+
+#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \
+ (const rules_t) { \
+ { sub, obj, "r" }, \
+ { sub, obj, "w" }, \
+ { sub, obj, "x" }, \
+ { sub, obj, "a" }, \
+ { sub, obj, "t" }, \
+ { sub, obj, "l" } }
+
+RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress)
+
+/**
+ * Test - Simulation of 100 installations and uninstallations of one application.
+ * Installed application will have various kind of permissions from api
+ * features and shared folders.
+ */
+void privilege_control22_app_installation_1x100(bool smack)
+{
+ int result;
+ const int expected_smack_result = smack ? 1:-1;
+ std::string shared_dir_auto_label;
+
+ // Clear any previously created apps, files, labels and permissions
+ result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0,
+ "Unable to clean up Smack labels in: " << TEST_APP_DIR
+ << ". Result: " << result);
+
+ result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0,
+ "Unable to clean up Smack labels in: " << TEST_NON_APP_DIR
+ << ". Result: " << result);
+
+ DB_BEGIN
+
+ result = perm_app_revoke_permissions(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_revoke_permissions. Result: " << result);
+
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_uninstall. Result: " << result);
+
+ // Install setting app and give it app-setting permissions
+ result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_revoke_permissions. Result: " << result);
+ result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_uninstall. Result: " << result);
+ result = perm_app_install(APP_TEST_SETTINGS_ASP1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_install. Result: " << result);
+
+ // Register appsettings feature
+ result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error while registering api feature. Result: " << result);
+
+ result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
+ APP_TYPE_OSP, PRIV_APPSETTING, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error enabling App-Setting permissions. Result: " << result);
+
+ // Install one additional app (used to check perm to shared directories)
+ result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_revoke_permissions. Result: " << result);
+ result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_uninstall. Result: " << result);
+ result = perm_app_install(TEST_OSP_FEATURE_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_install. Result: " << result);
+ const char *test1[] = { nullptr };
+ result = perm_app_enable_permissions(TEST_OSP_FEATURE_APP_ID,
+ APP_TYPE_OSP, test1, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error enabling permissions. Result: " << result);
+
+ // Register two valid api features
+ result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
+ test_osp_feature_rule_set, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
+ << TEST_OSP_FEATURE << ". Result: " << result);
+
+ result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
+ test_wgt_feature_rule_set, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
+ << TEST_WGT_FEATURE << ". Result: " << result);
+
+ DB_END
+
+
+ // Install app loop
+ for (int i = 0; i < 100; ++i)
+ {
+ DB_BEGIN
+
+ // Add application
+ result = perm_app_install(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_install. Loop index: " << i
+ << ". Result: " << result);
+
+ // Add persistent permissions
+ result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP,
+ TEST_OSP_FEATURE_PRIVS, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_enable_permissions from OSP Feature. Loop index: "
+ << i << ". Result: " << result);
+
+ result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT,
+ TEST_WGT_FEATURE_PRIVS, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_enable_permissions from WGT Feature. Loop index: "
+ << i << ". Result: " << result);
+
+ DB_END
+
+ // add shared dirs
+ switch (i%2) // separate odd and even loop runs
+ {
+ case 0: // Shared dirs: APP_PATH_PRIVATE & APP_PATH_PUBLIC_RO
+ {
+ DB_BEGIN
+
+ // Add app shared dir - APP_PATH_PRIVATE
+ result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
+ APP_PATH_PRIVATE);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. Loop index: " << i
+ << ". Result: " << result);
+
+ // Add app shared dir - APP_PATH_PUBLIC_RO
+ result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
+ APP_PATH_PUBLIC_RO);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. Loop index: " << i
+ << ". Result: " << result);
+
+ DB_END
+
+ // Verify that some previously installed app does not have any access
+ // to APP_ID private label
+ result = check_no_accesses(smack, rules_to_test_any_access1);
+ RUNNER_ASSERT_MSG(result == 1,
+ "Error - other app has access to private label. Loop index: "
+ << i);
+
+ // Get autogenerated Public RO label
+ char *label;
+ result = smack_getlabel(TEST_NON_APP_DIR, &label,
+ SMACK_LABEL_ACCESS );
+ RUNNER_ASSERT_MSG(result == 0,
+ "Cannot get access label from Public RO shared dir. Loop index: "
+ << i << ". Result: " << result);
+ shared_dir_auto_label = label;
+ free(label);
+
+ // Verify that all permissions to public dir have been added
+ // correctly, also to other app
+ result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
+
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to Public RO dir are granted. Loop index: "
+ << i);
+
+ result = smack_have_access(TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" );
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to Public RO dir are granted. Loop index: "
+ << i);
+
+ break;
+ }
+ case 1: // Shared dirs: APP_PATH_APPSETTING_RW & APP_PATH_GROUP_RW
+ {
+ DB_BEGIN
+
+ // Add app shared dir - APP_PATH_SETTINGS_RW
+ result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
+ APP_PATH_SETTINGS_RW);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. Loop index: " << i
+ << ". Result: " << result);
+
+ // Add app shared dir - APP_PATH_GROUP_RW
+ result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
+ APP_PATH_GROUP_RW);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. Loop index: " << i
+ << ". Result: " << result);
+
+ DB_END
+
+ // Get autogenerated App-Setting label
+ char *label;
+ result = smack_getlabel(TEST_APP_DIR, &label,
+ SMACK_LABEL_ACCESS );
+ RUNNER_ASSERT_MSG(result == 0,
+ "Cannot get access label from App-Setting shared dir. Loop index: "
+ << i << ". Result: " << result);
+ shared_dir_auto_label = label;
+ free(label);
+
+ // Verify that setting app has rwx permission to app dir
+ // and rx permissions to app
+ result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to App-Setting dir are granted. "
+ << APP_ID << " "<< shared_dir_auto_label << " rwxatl "
+ << "Loop index: " << i);
+
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx");
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to App-Setting dir are granted. "
+ << APP_TEST_SETTINGS_ASP1 << " " << shared_dir_auto_label << " rwx. "
+ << "Loop index: " << i);
+
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, APP_ID, "rx");
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to App-Setting dir are granted. "
+ << APP_TEST_SETTINGS_ASP1 << " " << APP_ID << " rx"
+ << "Loop index: " << i);
+
+ // Verify that all permissions to public dir have been added
+ // correctly, also to other app
+ result = smack_have_access(APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl");
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to Group RW dir are granted. Loop index: "
+ << i);
+
+ break;
+ }
+ } // END switch
+
+ // check if api-features permissions are added properly
+ result = check_all_accesses(smack,
+ (const rules_t) {
+ { APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" },
+ { APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all permisions from api features added. Loop index: "
+ << i);
+
+ // revoke permissions
+ result = perm_app_revoke_permissions(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_revoke_permissions. Loop index: " << i
+ << ". Result: " << result);
+
+ // check if api-features permissions are removed properly
+ result = check_no_accesses(smack, rules_to_test_any_access2);
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all permisions revoked. Loop index: " << i);
+
+ // remove labels from app folder
+ result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0,
+ "Unable to clean up Smack labels in " << TEST_APP_DIR
+ << " . Loop index: " << i << ". Result: " << result);
+ // remove labels from shared folder
+ result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels,
+ FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0,
+ "Unable to clean up Smack labels in " << TEST_NON_APP_DIR
+ << " . Loop index: " << i << ". Result: " << result);
+
+ // uninstall app
+ result = perm_app_uninstall(APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_uninstall. Loop index: " << i
+ << ". Result: " << result);
+ } // END Install app loop
+
+ DB_BEGIN
+
+ // Uninstall setting app and additional app
+ result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_uninstall. Result: " << result);
+ result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_uninstall. Result: " << result);
+
+ DB_END
+}
+
+/**
+ * Test - Simulation of 10 installations and uninstallations of set of 10 applications.
+ * Installed applications will have various kind of permissions to each other
+ * from api-features and shared folders.
+ *
+ * APP_TEST_SETTINGS_ASP1 ("test-app-settings-asp1") - registered as setting app
+ *
+ * Permissions:
+ * test_APP0-4 - receive test_osp_feature_rule_set2
+ * test_APP5-9 - receive test_wgt_feature_rule_set2
+ *
+ * During this test there is one directory created for each app for each loop run,
+ * dir name syntax is: /tmp/<app_name>_<i-loop_run>
+ *
+ * test_APP0 & test_APP5 register their directories as APP_PATH_PRIVATE
+ * test_APP1, test_APP2 & test_APP6 register their directories as
+ * APP_PATH_GROUP_RW using the same label
+ * LABEL_FOR_PUBLIC_SHARED_DIRS
+ * test_APP3, test_APP7 & test_APP8 register their directories as
+ * APP_PATH_PUBLIC_RO
+ * test_APP4 & test_APP9 register their directories as
+ * APP_PATH_SETTINGS_RW
+ */
+void privilege_control23_app_installation2_10x10(bool smack)
+{
+ int result;
+ const int expected_smack_result = smack ? 1:-1;
+ const int app_count = 10;
+ std::string shared_dir3_auto_label;
+ std::string shared_dir7_auto_label;
+ std::string shared_dir8_auto_label;
+ std::string setting_dir4_auto_label;
+ std::string setting_dir9_auto_label;
+ char app_ids[app_count][strlen(APP_ID) + 3];
+ char app_dirs[app_count][strlen(APP_ID) + 12];
+ const char *test_osp_feature_rule_set2[] = { "~APP~ " APP_ID "6 r",
+ "~APP~ " APP_ID "7 rxl",
+ "~APP~ " APP_ID "8 rwxal",
+ "~APP~ " APP_ID "9 rwxatl",
+ nullptr };
+ const char *test_wgt_feature_rule_set2[] = { "~APP~ " APP_ID "1 r",
+ "~APP~ " APP_ID "2 rxl",
+ "~APP~ " APP_ID "3 rwxal",
+ "~APP~ " APP_ID "4 rwxatl",
+ nullptr };
+
+
+ // generate app ids: test_APP0, test_APP1, test_APP2 etc.:
+ for (int i = 0; i < app_count; ++i)
+ {
+ result = sprintf(app_ids[i], APP_ID "%d", i);
+ RUNNER_ASSERT_MSG(result > 0, "Cannot generate name for app nr: " << i);
+ }
+
+ DB_BEGIN
+
+ // Clear any previously created apps, files, labels and permissions
+ for (int i = 0; i < app_count; ++i)
+ {
+ result = perm_app_revoke_permissions(app_ids[i]);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_revoke_permissions for app: "
+ << app_ids[i] << ". Result: " << result);
+
+ result = perm_app_uninstall(app_ids[i]);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_uninstall for app: "
+ << app_ids[i] << ". Result: " << result);
+ }
+
+ // Install setting app and give it app-setting permissions
+ result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_revoke_permissions."
+ << " Result: " << result);
+ result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_uninstall."
+ << " Result: " << result);
+ result = perm_app_install(APP_TEST_SETTINGS_ASP1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_install."
+ << " Result: " << result);
+
+ // Register appsettings feature
+ result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ " Error while registering api feature. Result: " << result);
+
+ result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
+ APP_TYPE_OSP, PRIV_APPSETTING, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error registering App-Setting permissions."
+ << " Result: " << result);
+
+ // Register two valid api features
+ result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
+ test_osp_feature_rule_set2, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
+ << TEST_OSP_FEATURE << ". Result: " << result);
+
+ result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
+ test_wgt_feature_rule_set2, nullptr, 0);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
+ << TEST_WGT_FEATURE << ". Result: " << result);
+
+ DB_END
+
+
+ // Install apps loop
+ for (int i = 0; i < 10; ++i)
+ {
+ DB_BEGIN
+
+ // Install 10 apps
+ for (int j = 0; j < app_count; ++j)
+ {
+ result = perm_app_install(app_ids[j]);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_install. App id: "
+ << app_ids[j]
+ << " Loop index: " << i
+ << ". Result: " << result);
+
+ // Create 10 directories
+ result = sprintf(app_dirs[j],"/tmp/" APP_ID "%d_%d", j, i);
+ RUNNER_ASSERT_MSG(result > 0,
+ "Cannot generate directory name for app nr: " << j
+ << " Loop index: " << i);
+ result = mkdir(app_dirs[j], S_IRWXU | S_IRGRP | S_IXGRP);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0 || errno == EEXIST,
+ "Cannot create directory: " << app_dirs[j]);
+ result = nftw(app_dirs[j], &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0,
+ "Unable to clean up Smack labels in: " << app_dirs[j]
+ << ". Result: " << result);
+ }
+
+ // Give permissions from api-features
+ for (int j = 0; j < (app_count/2); ++j)
+ {
+ // add persistent api feature permissions
+ result = perm_app_enable_permissions(app_ids[j], APP_TYPE_OSP,
+ TEST_OSP_FEATURE_PRIVS, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app__permissions from OSP Feature. App id: "
+ << app_ids[j] << " Loop index: " << i << ". Result: " << result);
+
+ result = perm_app_enable_permissions(app_ids[j+5], APP_TYPE_WGT,
+ TEST_WGT_FEATURE_PRIVS, true);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_enable_permissions from WGT Feature. App id: "
+ << app_ids[j+5] << " Loop index: " << i << ". Result: " << result);
+ }
+
+ // Add app shared dirs - APP_PATH_PRIVATE (apps 0, 5)
+ result = perm_app_setup_path(app_ids[0], app_dirs[0], APP_PATH_PRIVATE);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. App id: " << app_ids[0]
+ << " Loop index: " << i << ". Result: " << result);
+ result = perm_app_setup_path(app_ids[5], app_dirs[5], APP_PATH_PRIVATE);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. App id: " << app_ids[5]
+ << " Loop index: " << i << ". Result: " << result);
+
+ // Add app shared dir - APP_PATH_GROUP_RW (apps 1, 2, 6)
+ result = perm_app_setup_path(app_ids[1], app_dirs[1],
+ APP_PATH_GROUP_RW);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. App id: " << app_ids[1]
+ << " Loop index: " << i << ". Result: " << result);
+ result = perm_app_setup_path(app_ids[2], app_dirs[2],
+ APP_PATH_GROUP_RW);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. App id: " << app_ids[2]
+ << " Loop index: " << i << ". Result: " << result);
+ result = perm_app_setup_path(app_ids[6], app_dirs[6],
+ APP_PATH_GROUP_RW);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. App id: " << app_ids[6]
+ << " Loop index: " << i << ". Result: " << result);
+
+ // Add app shared dir - APP_PATH_PUBLIC_RO (apps 3, 7, 8)
+ result = perm_app_setup_path(app_ids[3], app_dirs[3],
+ APP_PATH_PUBLIC_RO);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. App id: " << app_ids[1]
+ << " Loop index: " << i << ". Result: " << result);
+ result = perm_app_setup_path(app_ids[7], app_dirs[7],
+ APP_PATH_PUBLIC_RO);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. App id: " << app_ids[7]
+ << " Loop index: " << i << ". Result: " << result);
+ result = perm_app_setup_path(app_ids[8], app_dirs[8],
+ APP_PATH_PUBLIC_RO);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. App id: " << app_ids[8]
+ << " Loop index: " << i << ". Result: " << result);
+
+ // Add app shared dir - APP_PATH_SETTINGS_RW (apps ,4, 9)
+ result = perm_app_setup_path(app_ids[4], app_dirs[4],
+ APP_PATH_SETTINGS_RW);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. App id: " << app_ids[4]
+ << " Loop index: " << i << ". Result: " << result);
+ result = perm_app_setup_path(app_ids[9], app_dirs[9],
+ APP_PATH_SETTINGS_RW);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_setup_path. App id: " << app_ids[9]
+ << " Loop index: " << i << ". Result: " << result);
+
+ DB_END
+
+ // Verify that some previously installed app does not have
+ // any acces to app 0 and app 5 PRIVATE folders
+ for (int j = 0; j < app_count; ++j)
+ {
+ // Apps 1-9 should not have any access to app 0
+ if (j != 0)
+ {
+ result = check_no_accesses(smack,
+ FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0])
+ );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Other app (app id: " << app_ids[j] <<
+ ") has access to private label of: " << app_ids[0] <<
+ ". It may not be shared. Loop index: " << i << ".");
+ }
+
+ // Apps 0-4 and 6-9 should not have any access to app 5
+ if (j != 5)
+ {
+ result = check_no_accesses(smack,
+ FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5])
+ );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Other app (app id: " << app_ids[j] <<
+ ") has access to private label of: " << app_ids[5] <<
+ ". It may not be shared. Loop index: " << i << ".");
+ }
+ } // End for Verify PRIVATE
+
+ // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders
+ result = check_all_accesses(smack,
+ (const rules_t) {
+ { app_ids[1], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" },
+ { app_ids[2], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" },
+ { app_ids[6], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to Group RW dir are granted. Loop index: "
+ << i);
+
+ // Get autogenerated Public_RO labels
+ char *label;
+ result = smack_getlabel(app_dirs[3], &label,
+ SMACK_LABEL_ACCESS );
+ RUNNER_ASSERT_MSG(result == 0,
+ "Cannot get access label from Public RO shared dir: " << app_dirs[3]
+ << " . Loop index: " << i << ". Result: " << result);
+ shared_dir3_auto_label = label;
+ free(label);
+
+ result = smack_getlabel(app_dirs[7], &label,
+ SMACK_LABEL_ACCESS );
+ RUNNER_ASSERT_MSG(result == 0,
+ "Cannot get access label from Public RO shared dir: " << app_dirs[7]
+ << " . Loop index: " << i << ". Result: " << result);
+ shared_dir7_auto_label = label;
+ free(label);
+
+ result = smack_getlabel(app_dirs[8], &label,
+ SMACK_LABEL_ACCESS );
+ RUNNER_ASSERT_MSG(result == 0,
+ "Cannot get access label from Public RO shared dir: " << app_dirs[8]
+ << " . Loop index: " << i << ". Result: " << result);
+ shared_dir8_auto_label = label;
+ free(label);
+
+ // Verify that all apps have ro permissions to public folders of apps 3, 7 and 8
+ // Also apps 3, 7 and 8 should have all permisisons to their own PUBLIC_RO dirs
+ for (int j = 0; j < app_count; ++j)
+ {
+ if (j == 3)
+ {
+ result = check_all_accesses(smack,
+ (const rules_t) {
+ { app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to owned Public RO dir are granted. App id: "
+ << app_ids[j] << " Loop index: " << i);
+ // Verify that there are no extra permissions to public dirs
+ result = check_no_accesses(smack,
+ (const rules_t) {
+ { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
+ { app_ids[j], shared_dir7_auto_label.c_str(), "t" },
+ { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
+ { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Unexpected extra permissions added for app:" << app_ids[j]
+ << ". Loop index: " << i);
+ }
+ if (j == 7)
+ {
+ result = check_all_accesses(smack,
+ (const rules_t) {
+ { app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to owned Public RO dir are granted. App id: "
+ << app_ids[j] << " Loop index: " << i);
+ // Verify that there are no extra permissions to public dirs
+ result = check_no_accesses(smack,
+ (const rules_t) {
+ { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
+ { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
+ { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
+ { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Unexpected extra permissions added for app:" << app_ids[j]
+ << ". Loop index: " << i);
+ }
+ if (j == 8)
+ {
+ result = check_all_accesses(smack,
+ (const rules_t) {
+ { app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to owned Public RO dir are granted. App id: "
+ << app_ids[j] << " Loop index: " << i);
+ // Verify that there are no extra permissions to other public dirs
+ result = check_no_accesses(smack,
+ (const rules_t) {
+ { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
+ { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
+ { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
+ { app_ids[j], shared_dir7_auto_label.c_str(), "t" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Unexpected extra permissions added for app:" << app_ids[j]
+ << ". Loop index: " << i);
+ }
+
+ result = check_all_accesses(smack,
+ (const rules_t) {
+ { app_ids[j], shared_dir3_auto_label.c_str(), "rx" },
+ { app_ids[j], shared_dir7_auto_label.c_str(), "rx" },
+ { app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all accesses to Public RO dirs are granted. App id: "
+ << app_ids[j] << ". Loop index: " << i);
+ } // End for Verify PUBLIC_RO
+
+ // Get autogenerated SETTING_RW labels
+ result = smack_getlabel(app_dirs[4], &label,
+ SMACK_LABEL_ACCESS );
+ RUNNER_ASSERT_MSG(result == 0,
+ "Cannot get access label from App-Setting shared dir: "
+ << app_dirs[4] << " . Loop index: " << i
+ << ". Result: " << result);
+ setting_dir4_auto_label = label;
+ free(label);
+
+ result = smack_getlabel(app_dirs[9], &label,
+ SMACK_LABEL_ACCESS );
+ RUNNER_ASSERT_MSG(result == 0,
+ "Cannot get access label from App-Setting shared dir: "
+ << app_dirs[9] << " . Loop index: " << i
+ << ". Result: " << result);
+ setting_dir9_auto_label = label;
+ free(label);
+
+ // Verify that setting app has rwx permission to app-settings dirs and rx to apps
+ result = smack_have_access(app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl");
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to App-Setting dir are granted."
+ << app_ids[4] << " " << setting_dir4_auto_label
+ << " Loop index: " << i);
+ result = smack_have_access(app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl");
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to App-Setting dir are granted."
+ << app_ids[9] << " " << setting_dir9_auto_label
+ << " Loop index: " << i);
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[4], "rx");
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to App-Setting dir are granted."
+ << APP_TEST_SETTINGS_ASP1 << " " << app_ids[4]
+ << " Loop index: " << i);
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[9], "rx");
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to App-Setting dir are granted."
+ << APP_TEST_SETTINGS_ASP1 << " " << app_ids[9]
+ << " Loop index: " << i);
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx");
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to App-Setting dir are granted."
+ << APP_TEST_SETTINGS_ASP1 << " " << setting_dir4_auto_label
+ << " Loop index: " << i);
+ result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx");
+ RUNNER_ASSERT_MSG(result == expected_smack_result,
+ "Not all accesses to App-Setting dir are granted."
+ << APP_TEST_SETTINGS_ASP1 << " " << setting_dir9_auto_label
+ << " Loop index: " << i);
+
+
+
+ // Check if api-features permissions are added properly
+ for (int j = 0; j < 5; ++j)
+ {
+ result = check_all_accesses(smack,
+ (const rules_t) {
+ { app_ids[j], app_ids[6], "r" },
+ { app_ids[j], app_ids[7], "rxl" },
+ { app_ids[j], app_ids[8], "rwxal" },
+ { app_ids[j], app_ids[9], "rwxatl" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all permisions from api features added for app id: "
+ << app_ids[j] << ". Loop index: " << i);
+ }
+
+ for (int j = 5; j < app_count; ++j)
+ {
+ result = check_all_accesses(smack,
+ (const rules_t) {
+ { app_ids[j], app_ids[1], "r" },
+ { app_ids[j], app_ids[2], "rxl" },
+ { app_ids[j], app_ids[3], "rwxal" },
+ { app_ids[j], app_ids[4], "rwxatl" } } );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all permisions from api features added for app id: "
+ << app_ids[j] << ". Loop index: " << i);
+ }
+
+ DB_BEGIN
+
+ // Revoke permissions
+ for (int j = 0; j < app_count; ++j)
+ {
+ result = perm_app_revoke_permissions(app_ids[j]);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_revoke_permissions. App id: "
+ << app_ids[j] << " Loop index: " << i
+ << ". Result: " << result);
+ }
+
+ DB_END
+
+ // Check if permissions are removed properly
+ for (int j = 0; j < app_count; ++j)
+ {
+ // To all other apps
+ for (int k = 0; k < app_count; ++k)
+ if (j != k)
+ {
+ result = check_no_accesses(smack,
+ FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k])
+ );
+ RUNNER_ASSERT_MSG(result == 1,
+ "Not all permisions revoked. Subject: " << app_ids[j]
+ << " Object: " << app_ids[k] << " Loop index: " << i);
+ }
+ }
+
+ DB_BEGIN
+
+ // Remove labels from folders and uninstall all apps
+ for (int j = 0; j < app_count; ++j)
+ {
+ result = nftw(app_dirs[j], &nftw_remove_labels,
+ FTW_MAX_FDS, FTW_PHYS); // rm labels from app folder
+ RUNNER_ASSERT_MSG(result == 0,
+ "Unable to clean up Smack labels in: "
+ << app_dirs[j] << " . Loop index: " << i
+ << ". Result: " << result);
+
+ result = perm_app_uninstall(app_ids[j]);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_uninstall for app: "
+ << app_ids[j] << " . Loop index: " << i
+ << ". Result: " << result);
+ }
+
+ DB_END
+
+ // Remove created dirs
+ for (int j = 0; j < app_count; ++j)
+ {
+ result = rmdir(app_dirs[j]);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0,
+ "Cannot remove directory: " << app_dirs[j]);
+ }
+ } // END Install app loop
+
+ // Uninstall setting app
+ result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error in perm_app_uninstall. Result: " << result);
+
+}
+
+RUNNER_TEST_SMACK(privilege_control22_app_installation_1x100_smack)
+{
+ privilege_control22_app_installation_1x100(true);
+}
+
+RUNNER_TEST_NOSMACK(privilege_control22_app_installation_1x100_nosmack)
+{
+ privilege_control22_app_installation_1x100(false);
+}
+
+RUNNER_TEST_SMACK(privilege_control23_app_installation2_10x10_smack)
+{
+ privilege_control23_app_installation2_10x10(true);
+}
+
+RUNNER_TEST_NOSMACK(privilege_control23_app_installation2_10x10_nosmack)
+{
+ privilege_control23_app_installation2_10x10(false);
+}
--- /dev/null
+.
\ No newline at end of file
--- /dev/null
+../
\ No newline at end of file
--- /dev/null
+../../
\ No newline at end of file
--- /dev/null
+../../../non_app_dir/
\ No newline at end of file
--- /dev/null
+../../../non_app_dir/normal
\ No newline at end of file
--- /dev/null
+../../non_app_dir/
\ No newline at end of file
--- /dev/null
+../../non_app_dir/normal
\ No newline at end of file
--- /dev/null
+../non_app_dir/exec
\ No newline at end of file
--- /dev/null
+../non_app_dir/
\ No newline at end of file
--- /dev/null
+../non_app_dir/normal
\ No newline at end of file
--- /dev/null
+test_APP_REAL
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# @file CMakeLists.txt
+# @author Pawel Polawski (p.polawski@samsung.com)
+# @version 0.1
+# @brief
+#
+INCLUDE(FindPkgConfig)
+SET(TARGET_TEST "libsmack-test")
+
+#dependencies
+PKG_CHECK_MODULES(TARGET_DEP
+ libsmack
+ REQUIRED
+ )
+
+#files to compile
+SET(TARGET_TEST_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/libsmack-tests/libsmack-test.cpp
+ ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_cases.cpp
+ )
+
+#header directories
+INCLUDE_DIRECTORIES(SYSTEM
+ ${TARGET_DEP_INCLUDE_DIRS}
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common/
+ )
+
+#preprocessor definitions
+#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+
+#output format
+ADD_EXECUTABLE(${TARGET_TEST} ${TARGET_TEST_SOURCES})
+
+#linker directories
+TARGET_LINK_LIBRARIES(${TARGET_TEST}
+ ${TARGET_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+#place for output file
+INSTALL(TARGETS ${TARGET_TEST}
+ DESTINATION /usr/bin
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+#place for additional files
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules
+ DESTINATION /etc/smack
+ PERMISSIONS
+ OWNER_READ
+ OWNER_EXECUTE
+ GROUP_READ
+ GROUP_EXECUTE
+ WORLD_READ
+ WORLD_EXECUTE
+ )
+
+#place for full rules
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules_full
+ DESTINATION /etc/smack
+ PERMISSIONS
+ OWNER_READ
+ GROUP_READ
+ WORLD_READ
+ )
+
+#place for rules2
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules2
+ DESTINATION /etc/smack
+ PERMISSIONS
+ OWNER_READ
+ GROUP_READ
+ WORLD_READ
+ )
+
+#place for rules3
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules3
+ DESTINATION /etc/smack
+ PERMISSIONS
+ OWNER_READ
+ GROUP_READ
+ WORLD_READ
+ )
+
+#place for rules4
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules4
+ DESTINATION /etc/smack
+ PERMISSIONS
+ OWNER_READ
+ GROUP_READ
+ WORLD_READ
+ )
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file libprivilege-test.cpp
+ * @author Pawel Polawski (p.polawski@samsung.com)
+ * @version 1.0
+ * @brief libsmack test runer
+ */
+#include <dpl/test/test_runner.h>
+
+int main (int argc, char *argv[])
+{
+ int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ return status;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file test_cases.cpp
+ * @author Pawel Polawski (p.polawski@samsung.com)
+ * @author Jan Olszak (j.olszak@samsung.com)
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief libsmack test runner
+ */
+
+#include <string>
+#include <sstream>
+#include <fcntl.h>
+#include <unistd.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <dpl/log/log.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/smack.h>
+#include <sys/xattr.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/file.h>
+#include <sys/wait.h>
+#include "tests_common.h"
+#include <access_provider.h>
+#include <fs_label_manager.h>
+#include "memory.h"
+
+const char* const TEST_SUBJECT = "test_subject";
+const char* const TEST_OBJECT = "test_object";
+const char* const TEST_OBJECT_2 = "test_object_2";
+
+const std::string testDir = "/tmp/";
+const std::vector<std::string> accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" };
+
+//This one define is required for sockaddr_un initialization
+#define SOCK_PATH "/tmp/test-smack-socket"
+
+RUNNER_TEST_GROUP_INIT(libsmack)
+/**
+ * Helper method to reset privileges at the begginning of tests.
+ */
+void clean_up()
+{
+ smack_revoke_subject(TEST_SUBJECT);
+}
+
+/**
+ * Checking if subject has any access to object
+ */
+bool checkNoAccesses(const char *subject, const char *object)
+{
+ int result;
+
+ for(const auto &perm : std::vector<std::string> {"r", "w", "a","t", "l"}) {
+ result = smack_have_access(subject, object, perm.c_str());
+ if (result == 1) {
+ return false;
+ }
+ }
+ return true;
+}
+
+void removeAccessesAll()
+{
+ for(int i = 1; i <=3; i++)
+ //smack_revoke_subject will fail, when subject does not exist in kernel
+ //as this function is called at test beginning we cannot check return value
+ smack_revoke_subject(("test_subject_0" + std::to_string(i)).c_str());
+}
+
+/**
+ * Add a new access with smack_accesses_add_modify()
+ */
+RUNNER_TEST_SMACK(smack_accesses_add_modify_test_1){
+ int result;
+
+ clean_up();
+
+ struct smack_accesses *rules = nullptr;
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ // THE TEST
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"xr","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify by empty rules");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"xr");
+ RUNNER_ASSERT_MSG(result == 1, "Rule modified (added 'xr'), but no change made.");
+
+ // CLEAN UP
+ clean_up();
+}
+
+
+/**
+ * Test if rules are applied in the right order, and modification works.
+ */
+RUNNER_TEST_SMACK(smack_accesses_add_modify_test_2){
+ int result;
+ struct smack_accesses *rules = nullptr;
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ clean_up();
+
+ // THE TEST
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 0,
+ "Modification didn't work");
+
+ // CLEAN UP
+ clean_up();
+}
+
+
+/**
+ * Test if rules are applied in the right order, and modification works.
+ * Using different smack_accesses list to add and delete.
+ */
+RUNNER_TEST_SMACK(smack_accesses_add_modify_test_3){
+ int result;
+ struct smack_accesses *rules = nullptr;
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ clean_up();
+
+ // THE TEST
+ // Add r privilage
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+ RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 1,
+ "Adding privileges didn't work");
+
+ // Revoke r privilege
+ rules_ptr.release();
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
+ RUNNER_ASSERT_MSG(result == 0, "Modification didn't work, rule has still 'r' privileges.");
+
+ // CLEAN UP
+ clean_up();
+}
+
+/**
+ * Add a list of privileges and then revoke just ONE of them.
+ */
+RUNNER_TEST_SMACK(smack_accesses_add_modify_test_4){
+ int result;
+ struct smack_accesses *rules = nullptr;
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ clean_up();
+
+ // THE TEST
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
+ RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
+
+ // CLEAN UP
+ clean_up();
+}
+
+/**
+ * Add a list of privileges and then revoke just ONE of them.
+ * Without applying privileges in between those actions.
+ */
+RUNNER_TEST_SMACK(smack_accesses_add_modify_test_5){
+ int result;
+ struct smack_accesses *rules = nullptr;
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ clean_up();
+
+ // THE TEST
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
+ RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
+
+ // CLEAN UP
+ clean_up();
+}
+
+
+/**
+ * Add a list of privileges and then revoke just TWO of them.
+ */
+RUNNER_TEST_SMACK(smack_accesses_add_modify_test_6){
+ int result;
+ struct smack_accesses *rules = nullptr;
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ clean_up();
+
+ // THE TEST
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwt","");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"ax","rt");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"wax");
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'wax' privileges.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
+ RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
+
+ // CLEAN UP
+ clean_up();
+}
+
+/**
+ * Run smack_accesses_add_modify with the same accesses_add and accesses_del.
+ */
+RUNNER_TEST_SMACK(smack_accesses_add_modify_test_7){
+ unsigned int i;
+ int result;
+
+ struct smack_accesses *rules = nullptr;
+
+ for (i = 0; i < accessesBasic.size(); ++i) {
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i].c_str(), accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
+ " Error while checking smack access. Accesses exist.");
+
+ // CLEAN UP
+ clean_up();
+ }
+}
+
+/**
+ * Revoke subject with previously added rules and revoke it again.
+ */
+RUNNER_TEST_SMACK(smack_revoke_subject_test_1){
+ unsigned int i;
+ int result;
+
+ struct smack_accesses *rules = nullptr;
+
+ for (i = 0; i < accessesBasic.size(); ++i) {
+ // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i].c_str(),"");
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
+ accessesBasic[i].c_str(),"");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. "
+ "Rule " << accessesBasic[i].c_str() << " does not exist.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. "
+ "Rule " << accessesBasic[i].c_str() << " does not exist.");
+
+ // Revoking subject
+ result = smack_revoke_subject(TEST_SUBJECT);
+ RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work.");
+
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
+ " Revoke didn't work. Accesses exist.");
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
+ " Revoke didn't work. Accesses exist.");
+
+
+ // Revoking subject again
+ result = smack_revoke_subject(TEST_SUBJECT);
+ RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work.");
+
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
+ " Revoke didn't work. Accesses exist.");
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
+ " Revoke didn't work. Accesses exist.");
+
+ }
+}
+
+/**
+ * Clearing accesses
+ */
+RUNNER_TEST_SMACK(smack_accesses_clear_test_1){
+ unsigned int i;
+ int result;
+
+ struct smack_accesses *rules = nullptr;
+
+ for (i = 0; i < accessesBasic.size(); ++i) {
+ // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+ result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
+ accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule "
+ << accessesBasic[i].c_str() << " does not exist.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule "
+ << accessesBasic[i].c_str() << " does not exist.");
+
+ // Creating and clearing rules with TEST_OBJECT
+ rules_ptr.release();
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
+ result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ result = smack_accesses_clear(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work. Rule "
+ << accessesBasic[i].c_str() << " does exist.");
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1, "Clearing rules didn't work. Rule "
+ << accessesBasic[i].c_str() << " does not exist.");
+
+ // Creating and clearing rules with TEST_OBJECT
+ rules_ptr.release();
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
+
+ result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
+ accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
+ result = smack_accesses_clear(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
+
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
+ " Clear didn't work. Accesses exist.");
+ RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
+ " Clear didn't work. Accesses exist.");
+ }
+}
+
+RUNNER_TEST(smack01_storing_and_restoring_rules)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_accesses_new, smack_accesses_add, smack_accesses_add_modify, smack_accesses_add_from_file,
+ * smack_accesses_free, smack_accesses_save
+ * description: This test case will create structure holding SMACK rules and add new one to it. Next rules will be
+ * stored and restored from file.
+ * expect: Rules created and stored in file should be identical to predefined template.
+ */
+
+ struct smack_accesses *rules = nullptr; //rules prepared in this test case
+ struct smack_accesses *import_test = nullptr; //rules imported from file
+
+ int result; //result of each operation to be tested by RUNNER_ASSERT
+ int fd, tmp, sample; //file descripptors for save / restore rules tests
+
+ //int smack_accesses_new(struct smack_accesses **accesses);
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+ RUNNER_ASSERT(smack_accesses_new(&import_test) == 0);
+ SmackAccessesPtr import_ptr(import_test);
+
+ //opening files
+ fd = open("/tmp/smack01_rules", O_RDWR | O_CREAT | O_TRUNC, 0644); //for export prepared rules
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to create /tmp/smack01_rules");
+ FdUniquePtr fd_ptr(&fd);
+ tmp = open("/tmp/smack01_tmp", O_RDWR | O_CREAT | O_TRUNC, 0644); //for import rules exported before
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to create /tmp/smack01_tmp");
+ FdUniquePtr tmp_ptr(&tmp);
+ sample = open("/etc/smack/test_smack_rules", O_RDONLY, 0644); //reference preinstalled rules
+ RUNNER_ASSERT_ERRNO_MSG(sample >= 0, "Unable to open /etc/smack/test_smack_rules");
+ FdUniquePtr sample_ptr(&sample);
+
+ result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rw");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+ result = smack_accesses_add(rules_ptr.get(), "reader", "book", "wx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+
+ result = smack_accesses_add_modify(rules_ptr.get(), "reader", "book", "r", "wx");
+ RUNNER_ASSERT_MSG(0 == result, "Unable to modify smack rules");
+
+ result = smack_accesses_save(rules_ptr.get(), fd);
+ RUNNER_ASSERT_MSG(0 == result, "Unable to save smack_accesses instance in file");
+
+ result = lseek(fd, 0, SEEK_SET);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
+ result = smack_accesses_add_from_file(import_ptr.get(), fd);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to import rules from file");
+
+ result = smack_accesses_save(import_ptr.get(), tmp);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to save smack_accesses instance in file");
+
+ //comparing rules saved in file, restored from it and stored one more time
+ result = files_compare(fd, tmp);
+ RUNNER_ASSERT_MSG(result == 0, "No match in stored and restored rules");
+
+ //comparing rules stored in file with reference preinstalled rules
+ result = files_compare(tmp, sample);
+ RUNNER_ASSERT_MSG(result == 0, "No match in stored rules and pattern file");
+}
+
+RUNNER_TEST_SMACK(smack02_aplying_rules_into_kernel)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_accesses_apply, smack_have_access, smack_revoke_subject, smack_accesses_clear, smack_accesses_new,
+ * smack_accesses_add, smack_accesses_free
+ * description: In this test case aplying rules to kernel will be tested. After that function for test
+ * accesses will be used.
+ * expect: In case of correct rules access should be granted.
+ */
+
+ //CAP_MAC_ADMIN needed for process to be able to change rules in kernel (apllying, removing)
+
+ struct smack_accesses *rules = nullptr; //rules prepared in this test case
+ int result; //for storing functions results
+
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ //adding test rules to struct
+ result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+ result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+ result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+
+ result = smack_accesses_apply(rules_ptr.get()); //applying rules to kernel
+ RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
+
+ //should have access - rule exist
+ result = smack_have_access("spy", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
+ //should have no access - wrong rule, should be "r" only
+ result = smack_have_access("reader", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
+ //should have no access - rule not exist
+ result = smack_have_access("s02badsubjectlabel", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
+
+ //this subject do not exist in kernel rules
+ result = smack_revoke_subject("s02nonexistinglabel");
+ RUNNER_ASSERT_MSG(result == 0, "Error in removing not existing subject from kernel");
+ result = smack_revoke_subject("spy"); //this subject exist in kernel rules
+ RUNNER_ASSERT_MSG(result == 0, "Error in removing existing subject from kernel");
+
+ //testing access after revoke_subject() from kernel
+ result = smack_have_access("spy", "book", "rwx");
+ //now spy should have no access
+ RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel");
+
+ //for create new rule as a consequence of use accesses_clear() below
+ result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+
+ //"spy" removed before by using smack_revoke_subject()
+ result = smack_accesses_clear(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
+
+ //testing acces after acces_clear()
+ result = smack_have_access("writer", "book", "rwx");
+ //now writer also should have no access
+ RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel");
+
+}
+
+//pairs of rules for test with mixed cases, different length and mixed order
+std::vector< std::vector<std::string> > correct_rules = {
+ { "reader1", "-", "------" },
+ { "reader2", "--------", "------" },
+ { "reader3", "RwXaTl", "rwxatl" },
+ { "reader4", "RrrXXXXTTT", "r-x-t-" },
+ { "reader5", "-r-w-a-t-", "rw-at-" },
+ { "reader6", "", "------" },
+ { "reader7", "xa--Rt---W--L", "rwxatl" },
+};
+
+RUNNER_TEST_SMACK(smack03_mixed_rule_string_add)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_have_access, smack_accesses_new, smack_accesses_add, smack_accesses_apply, smack_accesses_free
+ * description: In thist test case rules based on mixed string are added to kernel.
+ * Strings are presented above and contains lower / upper case alpha, numbers and special signs.
+ * expect: Rules should be parsed correct and aplied to kernel.
+ */
+
+ //In thist test case mixed string are used as rules applied to kernel, next they are
+ //readed and compared with correct form of rules
+
+ struct smack_accesses *rules = nullptr; //rules prepared in this test case
+ int result; //for storing functions results
+ int expected;
+
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ //adding test rules with mixed string
+ for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
+ //using mixed rules from table
+ result = smack_accesses_add(rules_ptr.get(),
+ (*rule)[0].c_str(),
+ "book",
+ (*rule)[1].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+ }
+
+ //clearing
+ //FIXME: Using clear() here can cover error in accesses_apply() function
+ //result = smack_accesses_clear(rules);
+ //RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
+
+ //applying rules to kernel
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
+
+ //checking accesses using normal rules
+ for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
+ if ((*rule)[2] == "------")
+ expected = 0;
+ else
+ expected = 1;
+ //using normal rules from table
+ result = smack_have_access((*rule)[0].c_str(),
+ "book",
+ (*rule)[2].c_str());
+ RUNNER_ASSERT_MSG(result == expected, "Error while checking Smack access");
+ }
+}
+
+RUNNER_TEST_SMACK(smack04_mixed_rule_string_have_access)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_have_access
+ * description: In this test case we testing aplied before SMACK rules and comparing them using mixed strings.
+ * expect: Subjects should have accesses to the objects.
+ */
+
+ //In this test case we checking previous aplied rules but for compare mixed strings are used
+
+ int result;
+ int expected;
+
+ //rules were added in previous RUNNER_TEST section
+ //checking accesses using mixed rules
+ for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
+ if ((*rule)[2] == "------")
+ expected = 0;
+ else
+ expected = 1;
+ //using mixed rules from table
+ result = smack_have_access((*rule)[0].c_str(),
+ "book",
+ (*rule)[1].c_str());
+ RUNNER_ASSERT_MSG(result == expected, "Error while checking Smack access");
+ }
+}
+
+//RUNNER_TEST(smackXX_accesses_add_modify)
+//{
+//IDEAS FOR TESTS
+// - what if we want to apply rule that is already in kernel?
+// - tests for smack_accesses_add_modify() + smack_have_access() (check if add_modify sets the proper rule)
+// - smack_accesses_add_modify("subject", "object", "rwx", "rwx") should create empty rule
+//}
+
+RUNNER_TEST_SMACK(smack05_self_label)
+{
+ /*
+ * author: Pawel Polawski
+ * test: smack_set_label_for_self, smack_new_label_from_self
+ * description: In this test case process test it own default label. Next label is changed
+ * and tested one more time if change was successfull.
+ * expect: Proces should have default "-" label and can change it to the oter one.
+ */
+
+ //In this test case process will manipulate it own label
+
+ char *label = nullptr;
+ int result;
+ int fd;
+
+ const int B_SIZE = 8;
+ char buff[B_SIZE];
+
+ const char *def_rule = "_";
+
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result >= 0, "Error in getting self label");
+ //comparing this label with default one "_"
+ result = strcmp(label, def_rule);
+ free(label);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong default process label");
+
+ //comparing this rule with received from /proc/self/attr/current
+ fd = open("/proc/self/attr/current", O_RDONLY, 0644);
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /proc/self/attr/current");
+ FdUniquePtr fd_ptr(&fd);
+ result = read(fd, buff, B_SIZE);
+ RUNNER_ASSERT_ERRNO_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
+ result = strncmp(buff, def_rule, result);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong default process rule");
+
+ //now time for setting labels:
+
+ result = smack_set_label_for_self("cola");
+ RUNNER_ASSERT_MSG(result == 0, "Error in setting self label");
+
+ //checking new label using smack function
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result >= 0, "Error in getting self label");
+ result = strcmp(label, "cola");
+ free(label);
+ RUNNER_ASSERT_MSG(result == 0, "Wrong process label");
+
+ //checking new label using /proc/self/attr/current
+ result = lseek(fd, 0, SEEK_SET); //going to the file beginning
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
+ result = read(fd, buff, B_SIZE);
+ RUNNER_ASSERT_ERRNO_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
+ result = strncmp(buff, "cola", result);
+ RUNNER_ASSERT_MSG(result == 0, "Proces rule in /proc/self/attr/current other than set");
+}
+
+RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_0)
+{
+ RUNNER_IGNORED_MSG("Upstream does not support label removal yet");
+ const std::string fsLabel = "smack06_setlabel_getlabel_test_0";
+ const std::string fsPath = std::string("/tmp/") + fsLabel;
+
+ const std::string filePath = "file";
+
+ FsLabelManager fs(fsPath, fsLabel);
+ fs.createFile(filePath);
+
+ // reset labels first time
+ fs.testSmackClearLabels(filePath);
+
+ // reset labels second time
+ fs.testSmackClearLabels(filePath);
+}
+
+RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_1)
+{
+ const std::string fsLabel = "smack06_setlabel_getlabel_test_1";
+ const std::string fsPath = std::string("/tmp/") + fsLabel;
+
+ const char* testLabelAccess = "access";
+ const char* testLabelExec = "exec";
+ const std::string filePath = "file";
+
+ FsLabelManager fs(fsPath, fsLabel);
+ fs.createFile(filePath);
+
+ // set and get labels first time
+ fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+
+ fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+
+ // set and get same labels second time
+ fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+
+ fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+}
+
+RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_2)
+{
+ RUNNER_IGNORED_MSG("Upstream does not support label removal yet");
+ const std::string fsLabel = "smack06_setlabel_getlabel_test_2";
+ const std::string fsPath = std::string("/tmp/") + fsLabel;
+
+ const char* testLabelAccess = "access";
+ const char* testLabelExec = "exec";
+ const std::string filePath = "file";
+ const std::string linkPath = "link";
+
+ FsLabelManager fs(fsPath, fsLabel);
+ fs.createFile(filePath);
+ fs.createLink(linkPath, filePath);
+
+ // set and get labels for file to which link points
+ fs.testSmackSetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackGetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC);
+
+ // link labels should not be changed
+ fs.testSmackLGetLabel(linkPath, nullptr, SMACK_LABEL_ACCESS);
+ fs.testSmackLGetLabel(linkPath, nullptr, SMACK_LABEL_EXEC);
+}
+
+RUNNER_TEST_SMACK(smack06_lsetlabel_lgetlabel_test_1)
+{
+ const std::string fsLabel = "smack06_lsetlabel_lgetlabel_test_1";
+ const std::string fsPath = std::string("/tmp/") + fsLabel;
+
+ const char* testLabelAccess = "fileAccess";
+ const char* testLabelExec = "fileExec";
+ const char* testLinkLabelAccess = "linkAccess";
+ const char* testLinkLabelExec = "linkExec";
+ const std::string filePath = "file";
+ const std::string linkPath = "link";
+
+ FsLabelManager fs(fsPath, fsLabel);
+ fs.createFile(filePath);
+ fs.createLink(linkPath, filePath);
+
+ // set different labels for link and file
+ fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackLSetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackLSetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC);
+
+ // get those labels
+ fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackLGetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackLGetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC);
+}
+
+RUNNER_TEST_SMACK(smack06_fsetlabel_fgetlabel_test_1)
+{
+ const std::string fsLabel = "smack06_fsetlabel_fgetlabel_test_1";
+ const std::string fsPath = std::string("/tmp/") + fsLabel;
+
+ const char* testLabelAccess = "access";
+ const char* testLabelExec = "exec";
+ const std::string filePath = "file";
+
+ FsLabelManager fs(fsPath, fsLabel);
+ fs.createFile(filePath);
+
+ // set and get labels for fd
+ fs.testSmackFSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackFSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+ fs.testSmackFGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
+ fs.testSmackFGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
+}
+
+RUNNER_TEST_SMACK(smack10_adding_removing_rules)
+{
+ unsigned int i;
+ int result;
+
+ struct smack_accesses *rules = nullptr;
+
+ for (i = 0; i < accessesBasic.size(); ++i)
+ {
+ // Creating rules
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ // Adding accesses
+ result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Deleting all rules
+ clean_up();
+ }
+
+ for (i = 0; i < 3; ++i)
+ {
+ // --- Creating rules (r or w or x)
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ // Adding accesses
+ result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Checking if wrong accesses were not created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
+ RUNNER_ASSERT_MSG(result == 0,
+ " Error while checking smack access. Result: " << result);
+
+ // --- Modifying accesses (r for wx or w for rx or x for rw)
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i + 3].c_str(),accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Checking if wrong accesses were not created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0,
+ " Error while checking smack access. Result: " << result);
+
+ rules_ptr.release();
+ // --- Creating complementary rules (r or w or x)
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
+
+ // Adding accesses
+ result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // --- Modifying accesses (adding rwx and removing r or w or x)
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwx",
+ accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Checking if wrong accesses were not created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
+ RUNNER_ASSERT_MSG(result == 0,
+ " Error while checking smack access. Result: " << result);
+
+ // --- Adding crossing accesses (rx or rw or wx)
+ result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[3 + ((i + 1) % 3)].c_str(),"");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
+
+ // Applying rules
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking if accesses were created
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,
+ accessesBasic[3 + ((i + 1) % 3)].c_str());
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access. Result: " << result);
+
+ // Deleting all rules
+ result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
+
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Error while checking smack access. Result: " << result);
+
+ // Deleting all rules
+ clean_up();
+ }
+}
+
+RUNNER_TEST_SMACK(smack11_saving_loading_rules)
+{
+ int result;
+ int fd;
+
+ struct smack_accesses *rules = nullptr;
+
+ // Pre-cleanup
+ removeAccessesAll();
+
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ SmackAccessesPtr rules_ptr(rules);
+
+ // Loading file with rwxat rules - test_smack_rules_full
+ fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full");
+
+ // Adding rules from file
+ result = smack_accesses_add_from_file(rules_ptr.get(), fd);
+ close(fd);
+ RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file");
+
+ // Applying rules
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking rules
+ result = smack_have_access("test_subject_01", "test_object_02", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_01", "test_object_03", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_02", "test_object_01", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_02", "test_object_02", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_02", "test_object_03", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_03", "test_object_01", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_03", "test_object_02", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+ result = smack_have_access("test_subject_03", "test_object_03", "rwxat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack accesses.");
+
+ // Removing rules
+ removeAccessesAll();
+
+ // Creating rules
+ rules_ptr.release();
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
+
+ // Loading file with partial wrong rules - test_smack_rules2
+ fd = open("/etc/smack/test_smack_rules2", O_RDONLY, 0644);
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules2");
+
+ // Adding rules from file
+ result = smack_accesses_add_from_file(rules_ptr.get(), fd);
+ close(fd);
+ RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file");
+
+ // Applying rules
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
+
+ // Checking rules
+ RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_01"),
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
+ result = smack_have_access("test_subject_01", "test_object_02", "rwatl");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ result = smack_have_access("test_subject_01", "test_object_03", "wat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_02", "test_object_01"),
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
+ result = smack_have_access("test_subject_02", "test_object_02", "wa-lt");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ result = smack_have_access("test_subject_02", "test_object_03", "wr");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ result = smack_have_access("test_subject_03", "test_object_01", "a");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ result = smack_have_access("test_subject_03", "test_object_02", "rwat");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+ result = smack_have_access("test_subject_03", "test_object_03", "w---l-");
+ RUNNER_ASSERT_MSG(result == 1,
+ " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
+
+ // Removing rules
+ removeAccessesAll();
+
+ // Creating rules
+ rules_ptr.release();
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
+
+ // Loading file with partial wrong rules - test_smack_rules3
+ fd = open("/etc/smack/test_smack_rules3", O_RDONLY, 0644);
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules3");
+
+ // Adding rules from file
+ result = smack_accesses_add_from_file(rules_ptr.get(), fd);
+ close(fd);
+ RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file");
+
+ // Removing rules
+ removeAccessesAll();
+
+ // Creating rules
+ rules_ptr.release();
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ rules_ptr.reset(rules);
+
+ // Loading file with partial wrong rules - test_smack_rules4
+ fd = open("/etc/smack/test_smack_rules4", O_RDONLY, 0644);
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules4");
+
+ // Adding rules from file
+ result = smack_accesses_add_from_file(rules_ptr.get(), fd);
+ close(fd);
+ RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file");
+
+ // Removing rules
+ removeAccessesAll();
+}
+
+//int smack_new_label_from_socket(int fd, char **label);
+
+
+static void smack_set_another_label_for_self(void)
+{
+ static int number = time(nullptr);
+
+ number++;
+ std::string smack_label("s" + std::to_string(number));
+
+ int result = smack_set_label_for_self(smack_label.c_str());
+ RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self(" << smack_label << ") failed");
+}
+
+static void smack_unix_sock_server(int sock)
+{
+ int fd, result;
+ char *label;
+
+ alarm(2);
+ fd = accept(sock, nullptr, nullptr);
+ alarm(0);
+ RUNNER_ASSERT_ERRNO(fd >= 0);
+ FdUniquePtr fd_ptr(&fd);
+
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
+ CStringPtr label_ptr(label);
+ result = write(fd, label, strlen(label));
+ RUNNER_ASSERT_ERRNO_MSG(result == (int)strlen(label), "write() failed");
+
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(smack09_new_label_from_socket)
+{
+ int pid;
+ struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
+ unlink(SOCK_PATH);
+ smack_set_another_label_for_self();
+ pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (!pid) { /* child process, server */
+ int sock, result;
+
+
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ SockUniquePtr sock_ptr(&sock);
+ result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
+ result = listen(sock, 1);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
+ smack_unix_sock_server(sock);
+
+ pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ /* Test if socket label was unaffected by fork() */
+ smack_unix_sock_server(sock);
+ if (!pid) {
+ usleep (100);
+ smack_set_another_label_for_self();
+ smack_unix_sock_server(sock);
+ }
+
+ exit(0);
+ } else { /* parent process, client */
+ sleep(1); /* Give server some time to setup listening socket */
+ for (int i = 0; i < 4; ++i) {
+ int sock, result;
+ char smack_label1[SMACK_LABEL_LEN + 1];
+ char *smack_label2;
+
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ SockUniquePtr sock_ptr(&sock);
+ result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
+ alarm(2);
+ result = read(sock, smack_label1, SMACK_LABEL_LEN);
+ alarm(0);
+ RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
+ smack_label1[result] = '\0';
+ result = smack_new_label_from_socket(sock, &smack_label2);
+ SmackLabelPtr label2_ptr(smack_label2);
+ RUNNER_ASSERT_MSG(result >= 0, "smack_label_from_socket failed");
+ result = strcmp(smack_label1, label2_ptr.get());
+ if (i < 3)
+ RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
+ << "' != '" << smack_label2 << "' i == " << i);
+ else
+ RUNNER_ASSERT_MSG(result != 0, "smack labels do not differ: '" << smack_label1
+ << "' != '" << smack_label2 << "' i == " << i);
+ }
+ }
+}
+
+void createFileWithLabel(const std::string &filePath, const std::string &fileLabel)
+{
+ //create temporary file and set label for it
+ mode_t systemMask;
+
+ unlink(filePath.c_str());
+ //allow to create file with 777 rights
+ systemMask = umask(0000);
+ int fd = open(filePath.c_str(), O_RDWR | O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO);
+ //restore system mask
+ umask(systemMask);
+ RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests");
+
+ //for descriptor protection
+ FdUniquePtr fd_ptr(&fd);
+
+ //change owner and group to user APP
+ int ret = chown(filePath.c_str(), APP_UID, APP_GID);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
+
+ //set smack label on file
+ ret = smack_setlabel(filePath.c_str(), fileLabel.c_str(), SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(ret == 0, "Unable to set label for file: " << ret);
+
+ char *label = nullptr;
+ ret = smack_getlabel(filePath.c_str(), &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(ret == 0, "Unable to get label from file");
+ std::string label_str(label ? label : "");
+ free(label);
+ RUNNER_ASSERT_MSG(label_str == fileLabel, "File label not match set label");
+}
+
+void prepareEnvironment(const std::string &subject, const std::string &object, const std::string &access)
+{
+ const std::string ruleAll = "x";
+
+ SecurityServer::AccessProvider provider(subject);
+ provider.addObjectRule("User", ruleAll);
+ provider.addObjectRule(object, access);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+}
+
+//- Add "l" rule to system
+//
+//Should be able to add "l" rule to system
+RUNNER_CHILD_TEST_SMACK(smack13_0_checking_laccess_mode_enabled_on_device)
+{
+ std::string selfLabel = "smack13_0";
+ std::string filename = "smack13_0_file";
+
+ //function inside checks if rule exist after add it
+ SecurityServer::AccessProvider provider(selfLabel);
+ provider.addObjectRule(filename, "l");
+ provider.apply();
+
+ int ret = smack_have_access(selfLabel.c_str(), filename.c_str(), "l");
+ RUNNER_ASSERT_MSG(ret == 1, "Error in adding laccess rule - l");
+}
+
+//- Create file
+//- Set label for file and self
+//- Drop privileges
+//
+//Should have no access due to missing SMACK rule
+RUNNER_CHILD_TEST_SMACK(smack13_1_checking_laccess_mode)
+{
+ std::string selfLabel = "smack13_1";
+ std::string filename = "smack13_1_file";
+ std::string filePath = testDir + filename;
+
+ createFileWithLabel(filePath, filename);
+ int fd = open(filePath.c_str(), O_RDWR, 0);
+ FdUniquePtr fd_ptr(&fd);
+
+ SecurityServer::AccessProvider provider(selfLabel);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = flock(fd, LOCK_EX | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
+ ret = flock(fd, LOCK_UN | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
+ ret = flock(fd, LOCK_SH | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
+}
+
+//- Create file
+//- Set label for file and self
+//- Add SMACK rule "l"
+//- Drop privileges
+//
+//Should be able to lock file even without "w" rule
+RUNNER_CHILD_TEST_SMACK(smack13_2_checking_laccess_mode_with_l_rule)
+{
+ std::string selfLabel = "smack13_2";
+ std::string filename = "smack13_2_file";
+ std::string filePath = testDir + filename;
+
+ createFileWithLabel(filePath, filename);
+ int fd = open(filePath.c_str(), O_RDWR, 0);
+ FdUniquePtr fd_ptr(&fd);
+
+ prepareEnvironment(selfLabel, filename, "l");
+
+ int ret = flock(fd, LOCK_EX | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
+ ret = flock(fd, LOCK_UN | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to unlock file");
+ ret = flock(fd, LOCK_SH | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
+}
+
+//- Create file
+//- Set label for file and self
+//- Add SMACK rule "w"
+//- Drop privileges
+//
+//Should be able to lock file even without "l" rule
+RUNNER_CHILD_TEST_SMACK(smack13_3_checking_laccess_mode_with_w_rule)
+{
+ std::string selfLabel = "smack13_3";
+ std::string filename = "smack13_3_file";
+ std::string filePath = testDir + filename;
+
+ createFileWithLabel(filePath, filename);
+ int fd = open(filePath.c_str(), O_RDWR, 0);
+ FdUniquePtr fd_ptr(&fd);
+
+ prepareEnvironment(selfLabel, filename, "w");
+
+ int ret = flock(fd, LOCK_EX | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
+ ret = flock(fd, LOCK_UN | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to unlock file");
+ ret = flock(fd, LOCK_SH | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
+}
+
+//- Create file
+//- Set label for file and self
+//- Add SMACK rule "rw"
+//- Drop privileges
+//- Lock file (shared lock)
+//- Spawn child process
+//- Child tries to lock file (shared)
+//
+//Child should be able to lock file due to shared lock
+RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_0_checking_laccess_mode_w_rule_child)
+{
+ std::string selfLabel = "smack13_4_0";
+ std::string filename = "smack13_4_0_file";
+ std::string filePath = testDir + filename;
+
+ createFileWithLabel(filePath, filename);
+ int fd = open(filePath.c_str(), O_RDWR);
+ FdUniquePtr fd_ptr(&fd);
+ int ret = flock(fd, LOCK_SH | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
+
+ pid_t pid = fork();
+ if (pid == 0) {
+ //child process
+ prepareEnvironment(selfLabel, filename, "rw");
+
+ int child_fd = open(filePath.c_str(), O_RDWR);
+ RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
+ //for descriptor protection
+ FdUniquePtr child_fd_ptr(&child_fd);
+
+ ret = flock(child_fd, LOCK_SH | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to lock file with shared lock");
+ }
+}
+
+//- Create file
+//- Set label for file and self
+//- Add SMACK rule "l"
+//- Drop privileges
+//- Lock file (shared lock)
+//- Spawn child process
+//- Child tries to lock file (shared)
+//
+//Child should be able to lock file due to shared lock
+RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_1_checking_laccess_mode_l_rule_child)
+{
+ std::string selfLabel = "smack13_4_1";
+ std::string filename = "smack13_4_1_file";
+ std::string filePath = testDir + filename;
+
+ createFileWithLabel(filePath, filename);
+ int fd = open(filePath.c_str(), O_RDWR);
+ FdUniquePtr fd_str(&fd);
+ int ret = flock(fd, LOCK_SH | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
+
+ pid_t pid = fork();
+ if (pid == 0) {
+ //child process
+ //"r" is only for open in O_RDONLY mode
+ prepareEnvironment(selfLabel, filename, "rl");
+
+ int child_fd = open(filePath.c_str(), O_RDONLY, 0);
+ RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
+ //for descriptor protection
+ FdUniquePtr child_fd_ptr(&child_fd);
+
+ ret = flock(child_fd, LOCK_SH | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to lock file with shared lock");
+ }
+}
+
+//- Create file
+//- Set label for file and self
+//- Add SMACK rule "rw"
+//- Drop privileges
+//- Lock file (exclusive lock)
+//- Spawn child process
+//- Child tries to lock file (exclusive / shared)
+//
+//Child should not be able to lock file due to exclusive lock
+RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_2_checking_laccess_mode_w_rule_child)
+{
+ std::string selfLabel = "smack13_4_2";
+ std::string filename = "smack13_4_2_file";
+ std::string filePath = testDir + filename;
+
+ createFileWithLabel(filePath, filename);
+ int fd = open(filePath.c_str(), O_RDWR);
+ FdUniquePtr fd_ptr(&fd);
+ int ret = flock(fd, LOCK_EX | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
+
+ pid_t pid = fork();
+ if (pid == 0) {
+ //child process
+ prepareEnvironment(selfLabel, filename, "rw");
+
+ int child_fd = open(filePath.c_str(), O_RDWR, 0);
+ RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
+ //for descriptor protection
+ FdUniquePtr child_fd_ptr(&child_fd);
+
+ ret = flock(child_fd, LOCK_EX | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file with exclusive lock");
+ }
+}
+
+//- Create file
+//- Set label for file and self
+//- Add SMACK rule "l"
+//- Drop privileges
+//- Lock file (exclusive lock)
+//- Spawn child process
+//- Child tries to lock file (exclusive / shared)
+//
+//Child should not be able to lock file due to exclusive lock
+RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_3_checking_laccess_mode_l_rule_child)
+{
+ std::string selfLabel = "smack13_4_3";
+ std::string filename = "smack13_4_3_file";
+ std::string filePath = testDir + filename;
+
+ createFileWithLabel(filePath, filename);
+ int fd = open(filePath.c_str(), O_RDWR, 0);
+ FdUniquePtr fd_ptr(&fd);
+ int ret = flock(fd, LOCK_EX | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
+
+ pid_t pid = fork();
+ if (pid == 0) {
+ //child process
+ //"r" is only for open in O_RDONLY mode
+ prepareEnvironment(selfLabel, filename, "rl");
+
+ int child_fd = open(filePath.c_str(), O_RDONLY, 0);
+ RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
+ //for descriptor protection
+ FdUniquePtr child_fd_ptr(&child_fd);
+
+ ret = flock(child_fd, LOCK_EX | LOCK_NB);
+ RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file with eclusive lock");
+ }
+}
+
+
+/////////////////////////////////////////
+//////NOSMACK ENVIRONMENT TESTS//////////
+/////////////////////////////////////////
+
+/**
+ * NOSMACK version of smack02 test. Functions, that should return error instead of success:
+ * - smack_accesses_apply
+ * - smack_have_access
+ * - smack_revoke_subject
+ * - smack_acceesses_clear
+ *
+ * Tests smack03, smack04, smack10, smack_accesses_clear, smack_revoke_subject all use functions
+ * tested in smack02 test. Results from those functions (smack_have_access, smack_accesses_apply,
+ * smack_accesses_clear, smack_revoke_subject) would be the same as in this test. Tests mentioned
+ * above doesn't make much sense on NOSMACK environment when test smack02 exists and passes
+ * correctly, thus those tests are are not implemented.
+ */
+RUNNER_TEST_NOSMACK(smack02_aplying_rules_into_kernel_nosmack)
+{
+
+ smack_accesses *rules = nullptr;
+ int result;
+
+ //init rules
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+ //pass rules to unique_ptr
+ SmackAccessesPtr rules_ptr(rules);
+
+ //adding test rules to struct (same as SMACK version of smack02 test)
+ result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+ result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+ result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+
+ //applying rules to kernel (should fail)
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == -1, "Unable to apply rules into kernel");
+
+ //calls from SMACK version of this test - all should fail because of SMACK being turned off
+ result = smack_have_access("spy", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
+ result = smack_have_access("reader", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
+ result = smack_have_access("s02badsubjectlabel", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
+
+ //testing subject revoking - should return error (no accesses applied = no subjects to revoke)
+ result = smack_revoke_subject("s02nonexistinglabel");
+ RUNNER_ASSERT_MSG(result == -1, "smack_revoke_subject error - subject doesn't exist.");
+ result = smack_revoke_subject("spy");
+ RUNNER_ASSERT_MSG(result == -1, "smack_revoke_subject error - subject doesn't exist.");
+
+ //after revoking smack_have_access still should return error
+ result = smack_have_access("spy", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off).");
+
+ result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
+
+ //smack_accesses_clear should return error aswell
+ result = smack_accesses_clear(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == -1, "Clearing rules should return error - no SMACK on system.");
+
+ result = smack_have_access("writer", "book", "rwx");
+ RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off).");
+}
+
+/**
+ * NOSMACK version of smack11 test. Tests functions:
+ * - smack_accesses_add_from_file
+ *
+ * Since other SMACK functions were tested in smack02 test, the only function needed to be checked
+ * is applying rules loaded from file.
+ */
+RUNNER_TEST_NOSMACK(smack03_saving_loading_rules_nosmack)
+{
+ int result;
+ int fd;
+
+ smack_accesses* tmp = nullptr;
+
+ RUNNER_ASSERT(smack_accesses_new(&tmp) == 0);
+ SmackAccessesPtr rules(tmp);
+
+ //open file with rules
+ fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full");
+
+ //load accesses from file
+ result = smack_accesses_add_from_file(rules.get(), fd);
+ close(fd);
+ RUNNER_ASSERT_MSG(result == 0, "Error while importing accesses from file. Result: " << result);
+}
+
+/**
+ * NOSMACK version of smack05 test. Tests if functions getting, or
+ * setting self label work correctly (that is, return error).
+ */
+RUNNER_TEST_NOSMACK(smack04_self_label_nosmack)
+{
+ char* label = nullptr;
+ int result;
+ int fd;
+
+ char buff[SMACK_LABEL_LEN+1];
+
+ //smack_new_label_from_self should fail
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result == -1, "new_label_from_self should return error (SMACK is off).");
+ RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory to label.");
+ //We don't need to remember about freeing label - smack_new_label_from_self must return nullptr
+ //label if it's working properly.
+
+ // /proc/self/attr/current shouldn't keep any rules inside
+ fd = open("/proc/self/attr/current", O_RDONLY, 0644); //file exists, so it should open
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "/proc/self/attr/current failed to open");
+ FdUniquePtr fd_ptr(&fd);
+
+ result = read(fd, buff, SMACK_LABEL_LEN); //however reading it should return error
+ RUNNER_ASSERT_ERRNO_MSG(result < 0, "Reading /proc/self/attr/current should return error");
+
+ //setting label for self should fail
+ result = smack_set_label_for_self("s04testlabel");
+ RUNNER_ASSERT_MSG(result == -1, "set_label_for_self should return error (SMACK is off).");
+
+ //getting previously set label should also fail
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result == -1, "new_label_from_self should return error (SMACK is off).");
+ RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory to label.");
+
+ // /proc/self/attr/current still shouldn't keep any rules inside
+ result = lseek(fd, 0, SEEK_SET); //going to the file beginning
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
+
+ result = read(fd, buff, SMACK_LABEL_LEN); //however it should return error
+ RUNNER_ASSERT_ERRNO_MSG(result < 0, "Reading /proc/self/attr/current should return error");
+}
+
+/**
+ * NOSMACK version of smack_accesses_add_modify_x tests.
+ *
+ * Because all smack_accesses_add_modify tests are basically the same (all use smack_accesses_apply
+ * and smack_have_access, which return -1 when SMACK is turned off), it makes much more sense to
+ * write one test which will create rules using smack_accesses_add_modify and then check if
+ * smack_accesses_apply and smack_have_access indeed return -1 when SMACK is turned off.
+ */
+RUNNER_TEST_NOSMACK(smack05_accesses_add_modify_nosmack)
+{
+ int result;
+ smack_accesses* rules = nullptr;
+
+ RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
+
+ SmackAccessesPtr rules_ptr(rules);
+
+ //Not doing clean_up() every RUNNER_ASSERT_MSG - what clean_up does is just a creation of new
+ //rule struct and removal of currenctly added and applied rules. clean_up() must be done only
+ //after smack_accesses_apply().
+ result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule. Result: " << result);
+
+ result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
+ RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule. Result: " << result);
+
+ result = smack_accesses_apply(rules_ptr.get());
+ RUNNER_ASSERT_MSG(result == -1,
+ "smack_accesses_apply should return error (SMACK is off). Result: " << result);
+
+ result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx");
+ if(result != -1) {
+ clean_up();
+ RUNNER_FAIL_MSG("smack_have_access should return error (SMACK is off). Result: "
+ << result);
+ }
+
+ clean_up();
+}
+
+/**
+ * NOSMACK version of smack09 test.
+ *
+ * This test checks if smack_new_label_from_socket reacts correctly. Since label should be
+ * acquired from getsockopt, and it should fail, we must only set up socket and call
+ * smack_new_label_from_socket. It should return error.
+ */
+RUNNER_MULTIPROCESS_TEST_NOSMACK(smack09_new_label_from_socket_nosmack)
+{
+ int pid;
+ struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
+ unlink(SOCK_PATH);
+ char* smack_label;
+
+ pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (!pid) { //child (server)
+ int sock, result;
+ int fd;
+
+ //Create new socket
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ SockUniquePtr sock_ptr(&sock);
+
+ //Bind it to sockaddr
+ result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
+
+ //Prepare for listening
+ result = listen(sock, 1);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
+
+ //Accept client
+ alarm(2);
+ fd = accept(sock, nullptr, nullptr);
+ alarm(0);
+ RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Failed when accepting connection from client");
+ FdUniquePtr fd_ptr(&fd);
+
+ //wait for smack_new_label_from_socket execution
+ usleep(200);
+
+ //Close server
+ exit(0);
+ }
+ else { //parent (client)
+ //Wait a little bit until server is set up
+ sleep(1);
+ int sock, result;
+
+ //Create socket
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ SockUniquePtr sock_ptr(&sock);
+
+ //Connect to sockaddr
+ result = connect(sock, (struct sockaddr*) &sockaddr,
+ sizeof(struct sockaddr_un));
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
+
+ //Try getting label, should fail beacuse getsockopt won't get anything
+ result = smack_new_label_from_socket(sock, &smack_label);
+ RUNNER_ASSERT_MSG(result == -1, "smack_new_label_from_socket should fail.");
+ }
+}
--- /dev/null
+writer book rw----
+reader book r-----
--- /dev/null
+test_subject_01 test_object_01 ---
+test_subject_01 test_object_02 rwatl
+test_subject_01 test_object_03 wat
+test_subject_02 test_object_01 -------
+test_subject_02 test_object_02 wa-lt
+test_subject_02 test_object_03 -rw--r------
+test_subject_03 test_object_01 aaaaaa ------
+test_subject_03 test_object_02 rwat
+test_subject_03 test_object_03 w---l-
--- /dev/null
+test_subject_01 test_object_01 rwatl
+test_subject_01 test_object_02
+test_subject_01 test_object_03 xxxxx
--- /dev/null
+test_subject_01 test_object_01 rwxatl
+test_subject_01 test_object_02 +rwh4r9d32!@#$ 49$%^x2 rwxat
+test_subject_01 test_object_03 aaaaaa xxxxxx
--- /dev/null
+test_subject_01 test_object_01 rwxatl
+test_subject_01 test_object_02 rwxatl
+test_subject_01 test_object_03 rwxatl
+test_subject_02 test_object_01 rwxatl
+test_subject_02 test_object_02 rwxatl
+test_subject_02 test_object_03 rwxatl
+test_subject_03 test_object_01 rwxatl
+test_subject_03 test_object_02 rwxatl
+test_subject_03 test_object_03 rwxatl
--- /dev/null
+# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Marcin Niesluchowski (m.niesluchow@samsung.com)
+# @brief
+#
+
+INCLUDE(FindPkgConfig)
+
+# Dependencies
+PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP
+ REQUIRED
+ libsmack
+ libprivilege-control
+ cynara-client
+ security-manager
+ libtzplatform-config
+ sqlite3
+ libcap)
+
+
+SET(TARGET_SEC_MGR_TESTS "security-manager-tests")
+
+SET(SEC_MGR_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/security-manager-tests/security_manager_tests.cpp
+ ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_db.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
+ )
+
+INCLUDE_DIRECTORIES(SYSTEM
+ ${SEC_MGR_TESTS_DEP_INCLUDE_DIRS}
+ )
+
+INCLUDE_DIRECTORIES(SYSTEM
+ ${CYNARA_TARGET_DEP_INCLUDE_DIRS}
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common/
+ ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
+ )
+
+ADD_EXECUTABLE(${TARGET_SEC_MGR_TESTS} ${SEC_MGR_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_SEC_MGR_TESTS}
+ ${SEC_MGR_TESTS_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+INSTALL(TARGETS ${TARGET_SEC_MGR_TESTS} DESTINATION /usr/bin)
+
+INSTALL(DIRECTORY
+ ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_DIR
+ DESTINATION /usr/apps/
+)
+
+INSTALL(DIRECTORY
+ ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_DIR
+ DESTINATION /home/${APP_USER}/
+)
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file sm_db.cpp
+ * @author Marcin Lis (m.lis@samsung.com)
+ * @version 1.0
+ * @brief security-manager tests database record check functions
+ */
+
+#include <tests_common.h>
+#include <tzplatform_config.h>
+#include <sstream>
+#include "sm_db.h"
+#include "db_sqlite.h"
+
+/* Keep this consistent with the database file path used in the security-manager */
+const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
+
+/* Initialize static constants */
+const bool TestSecurityManagerDatabase::NOT_REMOVED = false;
+const bool TestSecurityManagerDatabase::REMOVED = true;
+
+TestSecurityManagerDatabase::TestSecurityManagerDatabase() : m_base(PRIVILEGE_DB_PATH, SQLITE_OPEN_READWRITE)
+{
+}
+
+void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name,
+ const std::string &pkg_name)
+{
+ const privileges_t dummy; /* just some empty privileges set */
+
+ test_db_after__app_install(app_name, pkg_name, dummy);
+}
+
+void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name,
+ const std::string &pkg_name,
+ const privileges_t &privileges)
+{
+ if (!m_base.is_open())
+ m_base.open();
+
+ RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
+ RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
+
+ check_app_and_pkg(app_name, pkg_name, NOT_REMOVED);
+
+ if (!privileges.empty()) {
+ check_privileges(app_name, pkg_name, privileges);
+ }
+}
+
+void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name,
+ const std::string &pkg_name,
+ const bool is_pkg_removed)
+{
+ const privileges_t dummy; /* just some empty privileges set */
+
+ test_db_after__app_uninstall(app_name, pkg_name, dummy, is_pkg_removed);
+}
+
+void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name,
+ const std::string &pkg_name,
+ const privileges_t &privileges,
+ const bool is_pkg_removed)
+{
+ if (!m_base.is_open())
+ m_base.open();
+
+ RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
+ RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
+
+ check_app_and_pkg(app_name, pkg_name, REMOVED);
+ check_pkg(pkg_name, is_pkg_removed);
+
+ if (!privileges.empty()) {
+ check_privileges_removed(app_name, pkg_name, privileges);
+ }
+}
+
+void TestSecurityManagerDatabase::check_privileges(const std::string &app_name,
+ const std::string &pkg_name,
+ const privileges_t &privileges)
+{
+ bool result;
+
+ RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
+ RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
+
+ for (auto it = privileges.begin(); it != privileges.end(); ++it) {
+ result = check_privilege(app_name, pkg_name, *it);
+
+ RUNNER_ASSERT_MSG(result == true, "privilege: <" << *it << "> not added to app: <" <<
+ app_name << "> from pkg_id: <" << pkg_name << ">");
+ }
+}
+
+void TestSecurityManagerDatabase::check_privileges_removed(const std::string &app_name,
+ const std::string &pkg_name,
+ const privileges_t &privileges)
+{
+ bool result;
+
+ RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
+ RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
+
+ for (auto it = privileges.begin(); it != privileges.end(); ++it) {
+ result = check_privilege(app_name, pkg_name, *it);
+
+ RUNNER_ASSERT_MSG(result == false, "privilege: <" << *it << "> not removed for app: <" <<
+ app_name << "> from pkg_id: <" << pkg_name << ">");
+ }
+}
+
+void TestSecurityManagerDatabase::check_app_and_pkg(const std::string &app_name, const std::string &pkg_name,
+ const bool is_app_removed)
+{
+ Sqlite3DBaseSelectResult result;
+ std::ostringstream sql;
+ sql << "SELECT app_name, pkg_name FROM app_pkg_view"
+ " WHERE app_name == '" << app_name << "' "
+ " AND pkg_name == '" << pkg_name << "' ;";
+ m_base.execute(sql.str(), result);
+
+ if (is_app_removed) /* expect 0 results */
+ RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() <<
+ "> returned [" << result.rows.size() << "] rows, expected [0]");
+ else /* expect exactly 1 result with 2 columns */
+ RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 2, "query : <" <<
+ sql.str() << "> returned [" << result.rows.size() << "] rows, expected [1]");
+}
+
+void TestSecurityManagerDatabase::check_pkg(const std::string &pkg_name,
+ const bool is_pkg_removed)
+{
+ const unsigned expected_rows = is_pkg_removed ? 0 : 1;
+ Sqlite3DBaseSelectResult result;
+ std::ostringstream sql;
+ sql << "SELECT pkg_id FROM pkg"
+ " WHERE name == '" << pkg_name << "' ;";
+ m_base.execute(sql.str(), result);
+
+ RUNNER_ASSERT_MSG(result.rows.size() == expected_rows, "query : <" <<
+ sql.str() << "> returned [" << result.rows.size() << "] rows, expected [" <<
+ expected_rows << "] rows");
+}
+
+bool TestSecurityManagerDatabase::check_privilege(const std::string &app_name,
+ const std::string &pkg_name,
+ const std::string &privilege)
+{
+ Sqlite3DBaseSelectResult result;
+ std::ostringstream sql;
+ sql << "SELECT privilege_id FROM app_privilege_view"
+ " WHERE app_name == '" << app_name << "' "
+ " AND pkg_name == '" << pkg_name << "' "
+ " AND privilege_name == '" << privilege << "' "
+ ";";
+ m_base.execute(sql.str(), result);
+
+ /* only 0 or 1 resulting rows are alowed */
+ RUNNER_ASSERT_MSG(result.rows.size() == 0 || result.rows.size() == 1, "query : <" << sql.str() << "> returned [" <<
+ result.rows.size() << "] rows");
+
+ return result.rows.size() == 1;
+}
+
+void TestSecurityManagerDatabase::setup_privilege_groups(const std::string &privilege,
+ const std::vector<std::string> &groups)
+{
+ Sqlite3DBaseSelectResult result;
+ std::ostringstream sql;
+
+ if (!m_base.is_open())
+ m_base.open();
+
+ sql << "INSERT OR IGNORE INTO privilege (name) VALUES ('" << privilege << "')";
+ m_base.execute(sql.str(), result);
+
+ for (const auto &group : groups) {
+ sql.clear();
+ sql.str("");
+ sql << "INSERT OR IGNORE INTO privilege_group (privilege_id, name) "
+ "VALUES ((SELECT privilege_id FROM privilege WHERE name = '"
+ << privilege << "'), '" << group << "')";
+ m_base.execute(sql.str(), result);
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file sm_db.h
+ * @author Marcin Lis (m.lis@samsung.com)
+ * @version 1.0
+ * @brief security-manager tests database record check functions
+ */
+
+#ifndef SECURITY_MANAGER_TEST_DB_H_
+#define SECURITY_MANAGER_TEST_DB_H_
+
+#include <string>
+#include "db_sqlite.h"
+
+typedef std::vector<std::string> privileges_t;
+
+/**
+ * @class TestSecurityManagerDatabase
+ * @brief Class containing methods for testing libprivlege database.
+ */
+class TestSecurityManagerDatabase
+{
+public:
+/**
+ * @brief A usefull constant to indicate that app/pkg should be present in db
+ */
+ const static bool NOT_REMOVED;
+/**
+ * @brief A usefull constant to indicate that app/pkg should not be present in db
+ */
+ const static bool REMOVED;
+/**
+ * @brief A constructor
+ */
+ TestSecurityManagerDatabase();
+
+/**
+ * @brief A destructor
+ */
+ ~TestSecurityManagerDatabase() = default;
+
+/**
+ * @brief Method for testing database after "security_manager_app_install" was run.
+ *
+ * It checks existence of proper: - app_name
+ * - pkg_name
+ *
+ * @param app_name name of the app previously used in security_manager_app_install.
+ * @param pkg_name name of the pkg previously used in security_manager_app_install.
+ */
+ void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name);
+
+/**
+ * @brief Method for testing database after "security_manager_app_install" was run.
+ *
+ * It checks existence of proper: - app_name
+ * - pkg_name
+ * - privileges
+ * TODO: appPaths are currently not handled directly by security-manager, so they are not tested.
+ *
+ * @param app_name name of the app previously used in security_manager_app_install.
+ * @param pkg_name name of the pkg previously used in security_manager_app_install.
+ * @param privileges vector of privileges previously used in security_manager_app_install.
+ */
+ void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name,
+ const privileges_t &privileges);
+
+/**
+ * @brief Method for testing database after "security_manager_app_uninstall" was run.
+ *
+ * It checks absence of proper: - app_name
+ * - optionally pkg_name
+ *
+ * @param app_name name of the app previously used in security_manager_app_uninstall.
+ * @param pkg_name name of the pkg previously used in security_manager_app_uninstall.
+ * @param is_pkg_removed tells if pkg_id is expected to remain in db or not.
+ */
+ void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name,
+ const bool is_pkg_removed);
+
+/**
+ * @brief Method for testing database after "security_manager_app_uninstall" was run.
+ *
+ * It checks absence of proper: - app_name
+ * - optionally pkg_name
+ * - app privileges
+ * TODO: appPaths are currently not handled directly by security-manager, so they are not tested.
+ *
+ * @param app_name name of the app previously used in security_manager_app_uninstall.
+ * @param pkg_name name of the pkg previously used in security_manager_app_uninstall.
+ * @param privileges vector of privileges previously used in security_manager_app_uninstall.
+ * @param is_pkg_removed tells if pkg_id is expected to remain in db or not.
+ */
+ void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name,
+ const privileges_t &privileges, const bool is_pkg_removed);
+
+/**
+ * @brief It checks db for existence of a all privileges from install request.
+ *
+ * @param app_name name of the app previously used i.e. in security_manager_app_install.
+ * @param pkg_name name of the pkg previously used i.e. in security_manager_app_install.
+ * @param privileges vector of privileges previously used i.e. in security_manager_app_install.
+ */
+ void check_privileges(const std::string &app_name, const std::string &pkg_name,
+ const privileges_t &privileges);
+
+/**
+ * @brief It checks in db if all app privileges from install request are removed.
+ *
+ * @param app_name name of the app previously used i.e. in security_manager_app_uninstall.
+ * @param pkg_name name of the pkg previously used i.e. in security_manager_app_uninstall.
+ * @param privileges vector of privileges previously used i.e. in security_manager_app_uninstall.
+ */
+ void check_privileges_removed(const std::string &app_name, const std::string &pkg_name,
+ const privileges_t &privileges);
+
+/**
+ * @brief Method for setting privilege to groups mapping in security-manager database
+ *
+ * @param privilege name of the privilege
+ * @param groups vector of group names
+ */
+ void setup_privilege_groups(const std::string &privilege,
+ const std::vector<std::string> &groups);
+
+private:
+/**
+ * @var base
+ * @brief Sqlite3DBase object giving simple access to database
+ *
+ * Connection to database is open first time it is needed
+ * and closed in destructor of TestSecurityManagerDatabase.
+ */
+ Sqlite3DBase m_base;
+
+/**
+ * @brief Check db for [non]existence of given app_name in pkg_name
+ *
+ * @param app_name name of application
+ * @param pkg_name name of package
+ * @param is_app_removed tells if app is expected in db
+ */
+ void check_app_and_pkg(const std::string &app_name, const std::string &pkg_name,
+ const bool is_app_removed);
+
+/**
+ * @brief Check db for [non]existence of given pkg_name
+ *
+ * @param pkg_name name of the package
+ * @param is_pkg_removed tells if pkg is expected in db
+ */
+ void check_pkg(const std::string &pkg_name,
+ const bool is_pkg_removed);
+
+/**
+ * @brief Check db for existence of a single privilege.
+ *
+ * @param app_name name of application
+ * @param pkg_name application's package name
+ * @param privilege name of the privilege
+ *
+ * @return true when privilege present
+ * false when privilege not present
+ */
+ bool check_privilege(const std::string &app_name, const std::string &pkg_name,
+ const std::string &privilege);
+};
+
+#endif /* SECURITY_MANAGER_TEST_DB_H_ */
--- /dev/null
+#include <dpl/test/test_runner.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <memory.h>
+#include <string>
+#include <unordered_set>
+#include <sys/capability.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <attr/xattr.h>
+#include <linux/xattr.h>
+
+#include <grp.h>
+#include <pwd.h>
+
+#include <libprivilege-control_test_common.h>
+#include <tests_common.h>
+
+#include <security-manager.h>
+#include <sm_db.h>
+#include <cynara_test_client.h>
+
+DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
+DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
+
+static const char *const SM_APP_ID1 = "sm_test_app_id_double";
+static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
+
+static const char *const SM_APP_ID2 = "sm_test_app_id_full";
+static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
+
+static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
+static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
+
+static const privileges_t SM_ALLOWED_PRIVILEGES = {
+ "security_manager_test_rules2_r",
+ "security_manager_test_rules2_no_r"
+};
+
+static const privileges_t SM_DENIED_PRIVILEGES = {
+ "security_manager_test_rules1",
+ "security_manager_test_rules2"
+};
+
+static const privileges_t SM_NO_PRIVILEGES = {
+};
+
+static const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
+
+static const char *const SM_PRIVATE_PATH = "/usr/apps/test_DIR/app_dir";
+static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro";
+static const char *const SM_DENIED_PATH = "/usr/apps/test_DIR/non_app_dir";
+static const char *const SM_PRIVATE_PATH_FOR_USER = "/home/" APP_USER "/test_DIR";
+static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
+
+static void generateAppLabel(const std::string &pkgId, std::string &label)
+{
+ (void) pkgId;
+ label = "User";
+}
+
+static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
+ const char* correctLabel, bool transmute_test, bool exec_test)
+{
+ int result;
+ CStringPtr labelPtr;
+ char* label = nullptr;
+
+ /* ACCESS */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+ RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
+ result = strcmp(correctLabel, label);
+ RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
+ " (should be '" << correctLabel << "' and is '" << label << "')");
+
+
+ /* EXEC */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+
+ if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
+ RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
+ result = strcmp(correctLabel, label);
+ RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
+ } else
+ RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
+
+
+ /* TRANSMUTE */
+ result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
+ RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
+ labelPtr.reset(label);
+
+ if (S_ISDIR(sb->st_mode) && transmute_test == true) {
+ RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
+ RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
+ "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
+ } else {
+ RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
+ }
+
+ return 0;
+}
+
+
+static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+ return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
+}
+
+static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
+ int /*typeflag*/, struct FTW* /*ftwbuf*/)
+{
+
+ return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
+}
+
+static app_inst_req* do_app_inst_req_new()
+{
+ int result;
+ app_inst_req *req = nullptr;
+
+ result = security_manager_app_inst_req_new(&req);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "creation of new request failed. Result: " << result);
+ RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory");
+ return req;
+}
+
+static void prepare_app_path()
+{
+ int result;
+
+ result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
+
+ result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
+
+ result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
+}
+
+static void prepare_app_env()
+{
+ prepare_app_path();
+}
+
+/* TODO: add parameters to this function */
+static void check_app_path_after_install()
+{
+ int result;
+
+ result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
+
+ result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
+
+ result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
+ RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
+}
+
+
+static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
+ const privileges_t &allowed_privs, const privileges_t &denied_privs)
+{
+ (void) app_id;
+ std::string smackLabel;
+ generateAppLabel(pkg_id, smackLabel);
+
+ CynaraTestClient::Client ctc;
+
+ for (auto &priv : allowed_privs) {
+ ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_ALLOWED);
+ }
+
+ for (auto &priv : denied_privs) {
+ ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
+ }
+}
+
+static void check_app_gids(const char *const app_id, const std::vector<gid_t> &allowed_gids)
+{
+ int ret;
+ gid_t main_gid = getgid();
+ std::unordered_set<gid_t> reference_gids(allowed_gids.begin(), allowed_gids.end());
+
+ // Reset supplementary groups
+ ret = setgroups(0, NULL);
+ RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
+
+ ret = security_manager_set_process_groups_from_appid(app_id);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS,
+ "security_manager_set_process_groups_from_appid(" <<
+ app_id << ") failed. Result: " << ret);
+
+ ret = getgroups(0, nullptr);
+ RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
+
+ std::vector<gid_t> actual_gids(ret);
+ ret = getgroups(ret, actual_gids.data());
+ RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
+
+ for (const auto &gid : actual_gids) {
+ RUNNER_ASSERT_MSG(gid == main_gid || reference_gids.count(gid) > 0,
+ "Application shouldn't get access to group " << gid);
+ reference_gids.erase(gid);
+ }
+
+ RUNNER_ASSERT_MSG(reference_gids.empty(), "Application didn't get access to some groups");
+}
+
+static void check_app_after_install(const char *const app_id, const char *const pkg_id,
+ const privileges_t &allowed_privs,
+ const privileges_t &denied_privs,
+ const std::vector<std::string> &allowed_groups)
+{
+ TestSecurityManagerDatabase dbtest;
+ dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
+ dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
+
+ /*Privileges should be granted to all users if root installs app*/
+ check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
+
+ /* Setup mapping of gids to privileges */
+ /* Do this for each privilege for extra check */
+ for (const auto &privilege : allowed_privs) {
+ dbtest.setup_privilege_groups(privilege, allowed_groups);
+ }
+
+ std::vector<gid_t> allowed_gids;
+
+ for (const auto &groupName : allowed_groups) {
+ errno = 0;
+ struct group* grp = getgrnam(groupName.c_str());
+ RUNNER_ASSERT_ERRNO_MSG(grp, "Group: " << groupName << " not found");
+ allowed_gids.push_back(grp->gr_gid);
+ }
+
+ check_app_gids(app_id, allowed_gids);
+}
+
+static void check_app_after_install(const char *const app_id, const char *const pkg_id)
+{
+ TestSecurityManagerDatabase dbtest;
+ dbtest.test_db_after__app_install(app_id, pkg_id);
+}
+
+static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
+ const privileges_t &privileges, const bool is_pkg_removed)
+{
+ TestSecurityManagerDatabase dbtest;
+ dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
+
+
+ /*Privileges should not be granted anymore to any user*/
+ check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
+}
+
+static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
+ const bool is_pkg_removed)
+{
+ TestSecurityManagerDatabase dbtest;
+ dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
+}
+
+static void install_app(const char *app_id, const char *pkg_id)
+{
+ int result;
+ AppInstReqUniquePtr request;
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting pkg id failed. Result: " << result);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing app failed. Result: " << result);
+
+ check_app_after_install(app_id, pkg_id);
+
+}
+
+static void uninstall_app(const char *app_id, const char *pkg_id,
+ bool expect_installed, bool expect_pkg_removed)
+{
+ int result;
+ AppInstReqUniquePtr request;
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling app failed. Result: " << result);
+
+ check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
+}
+
+
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
+
+
+RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
+{
+ int result;
+ AppInstReqUniquePtr request;
+
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting pkg id failed. Result: " << result);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing app failed. Result: " << result);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing already installed app failed. Result: " << result);
+
+ /* Check records in the security-manager database */
+ check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
+
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling app failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling already uninstalled app failed. Result: " << result);
+
+ /* Check records in the security-manager database */
+ check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
+}
+
+RUNNER_TEST(security_manager_02_app_install_uninstall_full)
+{
+ int result;
+ AppInstReqUniquePtr request;
+
+ prepare_app_env();
+
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting pkg id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed permission failed. Result: " << result);
+ result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed permission failed. Result: " << result);
+
+ result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
+ SECURITY_MANAGER_PATH_PRIVATE);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed path failed. Result: " << result);
+
+ result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
+ SECURITY_MANAGER_PATH_PUBLIC_RO);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed path failed. Result: " << result);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing app failed. Result: " << result);
+
+ /* Check records in the security-manager database */
+ check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
+ SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
+
+ /* TODO: add parameters to this function */
+ check_app_path_after_install();
+
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling app failed. Result: " << result);
+
+ /* Check records in the security-manager database,
+ * all previously allowed privileges should be removed */
+ check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
+ SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
+}
+
+RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
+{
+ const char *const app_id = "sm_test_app_id_set_label_from_appid";
+ const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
+ const char *const expected_label = USER_APP_ID;
+ const char *const socketLabel = "not_expected_label";
+ char *label = nullptr;
+ CStringPtr labelPtr;
+ int result;
+
+ uninstall_app(app_id, pkg_id, false, true);
+ install_app(app_id, pkg_id);
+
+ struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
+ //Clean up before creating socket
+ unlink(SOCK_PATH);
+ int sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
+ SockUniquePtr sockPtr(&sock);
+ //Bind socket to address
+ result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
+ RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
+ //Set socket label to something different than expecedLabel
+ result = fsetxattr(sock, XATTR_NAME_SMACKIPIN, socketLabel,
+ strlen(socketLabel), 0);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0,
+ "Can't set socket label. Result: " << result);
+ result = fsetxattr(sock, XATTR_NAME_SMACKIPOUT, socketLabel,
+ strlen(socketLabel), 0);
+ RUNNER_ASSERT_ERRNO_MSG(result == 0,
+ "Can't set socket label. Result: " << result);
+
+ result = security_manager_set_process_label_from_appid(app_id);
+ RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
+ "security_manager_set_process_label_from_appid(" <<
+ app_id << ") failed. Result: " << result);
+
+ char value[SMACK_LABEL_LEN + 1];
+ ssize_t size;
+ size = fgetxattr(sock, XATTR_NAME_SMACKIPIN, value, sizeof(value));
+ RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
+ result = strcmp(expected_label, value);
+ RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
+ expected_label << " Actual: " << value);
+
+ size = fgetxattr(sock, XATTR_NAME_SMACKIPOUT, value, sizeof(value));
+ RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
+ result = strcmp(expected_label, value);
+ RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
+ expected_label << " Actual: " << value);
+
+ result = smack_new_label_from_self(&label);
+ RUNNER_ASSERT_MSG(result >= 0,
+ " Error getting current process label");
+ RUNNER_ASSERT_MSG(label != nullptr,
+ " Process label is not set");
+ labelPtr.reset(label);
+
+ result = strcmp(expected_label, label);
+ RUNNER_ASSERT_MSG(result == 0,
+ " Process label is incorrect. Expected: \"" << expected_label <<
+ "\" Actual: \"" << label << "\"");
+
+ uninstall_app(app_id, pkg_id, true, true);
+}
+
+RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
+{
+ const char *const app_id = "sm_test_app_id_set_label_from_appid";
+ const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
+ int result;
+
+ uninstall_app(app_id, pkg_id, false, true);
+ install_app(app_id, pkg_id);
+
+ result = security_manager_set_process_label_from_appid(app_id);
+ RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
+ "security_manager_set_process_label_from_appid(" <<
+ app_id << ") failed. Result: " << result);
+
+ uninstall_app(app_id, pkg_id, true, true);
+}
+
+
+
+static void prepare_request(AppInstReqUniquePtr &request,
+ const char *const app_id,
+ const char *const pkg_id,
+ app_install_path_type pathType,
+ const char *const path)
+{
+ int result;
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting pkg id failed. Result: " << result);
+
+ result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed path failed. Result: " << result);
+}
+
+
+static struct passwd* get_app_pw()
+{
+ struct passwd *pw = nullptr;
+ errno = 0;
+ while(!(pw = getpwnam(APP_USER))) {
+ RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
+ }
+ return pw;
+}
+
+RUNNER_CHILD_TEST(security_manager_04_app_install_uninstall_by_app_user)
+{
+ int result;
+ AppInstReqUniquePtr request;
+ struct passwd *pw = get_app_pw();
+ const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
+
+ //switch user to non-root
+ result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
+ RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
+
+ //install app as non-root user and try to register public path (should fail)
+ prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
+ "installing app not failed. Result: " << result);
+
+ //install app as non-root user
+ //should fail (non-root users may only register folders inside their home)
+ prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
+ "installing app not failed. Result: " << result);
+
+ //install app as non-root user
+ //should succeed - this time i register folder inside user's home dir
+ prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER);
+
+ for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
+ result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting allowed permission failed. Result: " << result);
+ }
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "installing app failed. Result: " << result);
+
+ check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
+
+ //uninstall app as non-root user
+ request.reset(do_app_inst_req_new());
+
+ result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "setting app id failed. Result: " << result);
+
+ result = security_manager_app_uninstall(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "uninstalling app failed. Result: " << result);
+
+ check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
+}
+
+RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
+{
+ int result;
+ CapsSetsUniquePtr caps, caps_empty(cap_init());
+
+ caps.reset(cap_from_text("all=eip"));
+ RUNNER_ASSERT_MSG(caps, "can't convert capabilities from text");
+ result = cap_set_proc(caps.get());
+ RUNNER_ASSERT_MSG(result == 0,
+ "can't set capabilities. Result: " << result);
+
+ result = security_manager_drop_process_privileges();
+ RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
+ "dropping caps failed. Result: " << result);
+
+ caps.reset(cap_get_proc());
+ RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
+
+ result = cap_compare(caps.get(), caps_empty.get());
+ RUNNER_ASSERT_MSG(result == 0,
+ "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
+}
+
+int main(int argc, char *argv[])
+{
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
--- /dev/null
+../../non_app_dir/exec
\ No newline at end of file
--- /dev/null
+../../non_app_dir/normal
\ No newline at end of file
--- /dev/null
+exec
\ No newline at end of file
--- /dev/null
+normal
\ No newline at end of file
--- /dev/null
+exec
\ No newline at end of file
--- /dev/null
+normal
\ No newline at end of file
--- /dev/null
+exec
\ No newline at end of file
--- /dev/null
+../non_app_dir
\ No newline at end of file
--- /dev/null
+../non_app_dir/exec
\ No newline at end of file
--- /dev/null
+../non_app_dir/normal
\ No newline at end of file
--- /dev/null
+normal
\ No newline at end of file
--- /dev/null
+exec
\ No newline at end of file
--- /dev/null
+normal
\ No newline at end of file
--- /dev/null
+exec
\ No newline at end of file
--- /dev/null
+normal
\ No newline at end of file
--- /dev/null
+exec
\ No newline at end of file
--- /dev/null
+../non_app_dir
\ No newline at end of file
--- /dev/null
+../non_app_dir/exec
\ No newline at end of file
--- /dev/null
+../non_app_dir/normal
\ No newline at end of file
--- /dev/null
+normal
\ No newline at end of file
--- /dev/null
+exec
\ No newline at end of file
--- /dev/null
+normal
\ No newline at end of file
--- /dev/null
+exec
\ No newline at end of file
--- /dev/null
+normal
\ No newline at end of file
--- /dev/null
+exec
\ No newline at end of file
--- /dev/null
+normal
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Tomasz Swierczek (t.swierczek@samsung.com)
+# @author Mariusz Domanski (m.domanski@samsung.com)
+# @brief
+#
+
+INCLUDE(FindPkgConfig)
+
+# Dependencies
+PKG_CHECK_MODULES(SEC_SRV_TESTS_DEP
+ libsmack
+ libprivilege-control
+ security-server
+ dlog
+ dbus-1
+ REQUIRED)
+
+# Targets definition
+
+SET(TARGET_SEC_SRV_COMMON "security-server-tests-common")
+SET(TARGET_SEC_SRV_CLIENT_SMACK_TESTS "security-server-tests-client-smack")
+SET(TARGET_SEC_SRV_TC_SERVER_TESTS "security-server-tests-server")
+SET(TARGET_SEC_SRV_PWD_TESTS "security-server-tests-password")
+SET(TARGET_SEC_SRV_PRIVILEGE_TESTS "security-server-tests-privilege")
+SET(TARGET_SEC_SRV_STRESS_TESTS "security-server-tests-stress")
+SET(TARGET_SEC_SRV_MT_TESTS "security-server-tests-mt")
+SET(TARGET_SEC_SRV_MEASURER "security-server-tests-api-speed")
+
+
+# Sources definition
+
+SET(SEC_SRV_COMMON_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/common/security_server_tests_common.cpp
+ )
+
+SET(SEC_SRV_CLIENT_SMACK_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_client_smack.cpp
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_mockup.cpp
+ )
+
+SET(SEC_SRV_TC_SERVER_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/server.cpp
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/cookie_api.cpp
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/weird_arguments.cpp
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_clean_env.cpp
+ )
+
+SET(SEC_SRV_PWD_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_password.cpp
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_clean_env.cpp
+ )
+
+SET(SEC_SRV_PRIVILEGE_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_privilege.cpp
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
+ )
+
+SET(SEC_SRV_STRESS_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_stress.cpp
+ )
+
+SET(SEC_SRV_MT_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_mt.cpp
+ )
+
+SET(SEC_SRV_MEASURER_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_measurer_API_speed.cpp
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_mockup.cpp
+ )
+
+INCLUDE_DIRECTORIES(SYSTEM
+ ${SEC_SRV_TESTS_DEP_INCLUDE_DIRS}
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common/
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/common/
+ ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
+ )
+
+#LINK_DIRECTORIES(${SEC_SRV_PKGS_LIBRARY_DIRS})
+
+ADD_LIBRARY(${TARGET_SEC_SRV_COMMON} STATIC ${SEC_SRV_COMMON_SOURCES})
+ADD_EXECUTABLE(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} ${SEC_SRV_CLIENT_SMACK_SOURCES})
+ADD_EXECUTABLE(${TARGET_SEC_SRV_TC_SERVER_TESTS} ${SEC_SRV_TC_SERVER_SOURCES})
+ADD_EXECUTABLE(${TARGET_SEC_SRV_PWD_TESTS} ${SEC_SRV_PWD_SOURCES})
+ADD_EXECUTABLE(${TARGET_SEC_SRV_PRIVILEGE_TESTS} ${SEC_SRV_PRIVILEGE_SOURCES})
+ADD_EXECUTABLE(${TARGET_SEC_SRV_STRESS_TESTS} ${SEC_SRV_STRESS_SOURCES})
+ADD_EXECUTABLE(${TARGET_SEC_SRV_MT_TESTS} ${SEC_SRV_MT_SOURCES})
+ADD_EXECUTABLE(${TARGET_SEC_SRV_MEASURER} ${SEC_SRV_MEASURER_SOURCES})
+
+
+TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS}
+ ${SEC_SRV_TESTS_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_TC_SERVER_TESTS}
+ ${TARGET_SEC_SRV_COMMON}
+ ${SEC_SRV_TESTS_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PWD_TESTS}
+ ${TARGET_SEC_SRV_COMMON}
+ ${SEC_SRV_TESTS_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PRIVILEGE_TESTS}
+ ${SEC_SRV_TESTS_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_STRESS_TESTS}
+ ${SEC_SRV_TESTS_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MT_TESTS}
+ ${SEC_SRV_TESTS_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MEASURER}
+ ${TARGET_SEC_SRV_COMMON}
+ ${SEC_SRV_TESTS_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+# Installation
+
+INSTALL(TARGETS ${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} DESTINATION /usr/bin)
+INSTALL(TARGETS ${TARGET_SEC_SRV_TC_SERVER_TESTS} DESTINATION /usr/bin)
+INSTALL(TARGETS ${TARGET_SEC_SRV_PWD_TESTS} DESTINATION /usr/bin)
+INSTALL(TARGETS ${TARGET_SEC_SRV_PRIVILEGE_TESTS} DESTINATION /usr/bin)
+INSTALL(TARGETS ${TARGET_SEC_SRV_STRESS_TESTS} DESTINATION /usr/bin)
+INSTALL(TARGETS ${TARGET_SEC_SRV_MT_TESTS} DESTINATION /usr/bin)
+INSTALL(TARGETS ${TARGET_SEC_SRV_MEASURER} DESTINATION /usr/bin)
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/WRT_sstp_test_rules1.smack
+ DESTINATION /usr/share/privilege-control/
+)
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/security-server-tests/WRT_sstp_test_rules2.smack
+ DESTINATION /usr/share/privilege-control/
+)
--- /dev/null
+~APP~ sstp_test_book_1 rwxatl
+sstp_test_subject_1 ~APP~ rwxatl
--- /dev/null
+~APP~ sstp_test_book_1 rwxatl
+sstp_test_subject_1 ~APP~ rwxatl
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file security_server_tests_common.cpp
+ * @author Marcin Lis (m.lis@samsung.com)
+ * @version 1.0
+ * @brief security-server tests commons
+ */
+
+#include "security_server_tests_common.h"
+
+const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
+
+Cookie getCookieFromSS() {
+ Cookie cookie(security_server_get_cookie_size());
+
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS ==
+ security_server_request_cookie(cookie.data(), cookie.size()),
+ "Error in security_server_request_cookie.");
+
+ return cookie;
+}
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/*
+ * @file security_server_tests_common.h
+ * @author Marcin Lis (m.lis@samsung.com)
+ * @version 1.0
+ * @brief security-server tests commons
+ */
+
+#include <security-server.h>
+#include <tests_common.h>
+
+#ifndef SECURITY_SERVER_TESTS_COMMON_H_
+#define SECURITY_SERVER_TESTS_COMMON_H_
+
+extern const unsigned int PASSWORD_RETRY_TIMEOUT_US;
+typedef std::vector<char> Cookie;
+
+Cookie getCookieFromSS();
+
+#endif /* SECURITY_SERVER_TESTS_COMMON_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+
+/*
+ * @file security_server_tests_cookie_api.cpp
+ * @author Pawel Polawski (p.polawski@partner.samsung.com)
+ * @version 1.0
+ * @brief Test cases for security server cookie api
+ *
+ */
+
+/*
+Tested API functions in this file:
+
+ int security_server_get_cookie_size(void);
+ int security_server_request_cookie(char *cookie, size_t bufferSize);
+
+ int security_server_check_privilege(const char *cookie, gid_t privilege);
+ int security_server_check_privilege_by_cookie(const char *cookie,
+ const char *object,
+ const char *access_rights);
+ int security_server_get_cookie_pid(const char *cookie);
+ char *security_server_get_smacklabel_cookie(const char *cookie);
+ int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
+ int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
+*/
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <tests_common.h>
+#include <sys/smack.h>
+#include <cstddef>
+#include <sys/types.h>
+#include <unistd.h>
+#include <access_provider.h>
+#include <security-server.h>
+#include <smack_access.h>
+#include <security_server_tests_common.h>
+#include <memory.h>
+
+const char *ROOT_USER = "root";
+const char *PROC_AUDIO_GROUP_NAME = "audio";
+
+const int KNOWN_COOKIE_SIZE = 20;
+
+RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
+
+/*
+ * **************************************************************************
+ * Test cases fot check various functions input params cases
+ * **************************************************************************
+ */
+
+//---------------------------------------------------------------------------
+//passing nullptr as a buffer pointer
+RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
+{
+ int ret = security_server_request_cookie(nullptr, KNOWN_COOKIE_SIZE);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ "Error in security_server_request_cookie() argument checking: " << ret);
+}
+
+//passing too small value as a buffer size
+RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
+{
+ Cookie cookie(KNOWN_COOKIE_SIZE);
+
+ int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
+ "Error in security_server_request_cookie() argument checking: " << ret);
+}
+
+//---------------------------------------------------------------------------
+//passing nullptr as a cookie pointer
+RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
+{
+ int ret = security_server_check_privilege(nullptr, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ "Error in security_server_check_privilege() argument checking: " << ret);
+}
+
+//---------------------------------------------------------------------------
+//passing nullptr as a cookie pointer
+RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ int ret = security_server_check_privilege_by_cookie(nullptr, "wiadro", "rwx");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ "Error in security_server_check_privilege_by_cookie() argument checking: "
+ << ret);
+}
+
+//passing nullptr as an object pointer
+RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ Cookie cookie = getCookieFromSS();
+
+ int ret = security_server_check_privilege_by_cookie(cookie.data(), nullptr, "rwx");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ "Error in security_server_check_privilege_by_cookie() argument checking: "
+ << ret);
+}
+
+//passing nullptr as an access pointer
+RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ Cookie cookie = getCookieFromSS();
+
+ int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", nullptr);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ "Error in security_server_check_privilege_by_cookie() argument checking: "
+ << ret);
+}
+
+//---------------------------------------------------------------------------
+//passing nullptr as a cookie pointer
+RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
+{
+ int ret = security_server_get_cookie_pid(nullptr);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
+ "Error in security_server_get_cookie_pid() argument checking: " << ret);
+}
+
+//getting pid of non existing cookie
+RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
+{
+ const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
+ RUNNER_ASSERT(security_server_get_cookie_pid(wrong_cookie) ==
+ SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
+}
+
+//---------------------------------------------------------------------------
+//passing nullptr as a cookie pointer
+RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
+{
+ char *label = nullptr;
+ label = security_server_get_smacklabel_cookie(nullptr);
+ RUNNER_ASSERT_MSG(label == nullptr,
+ "Error in security_server_get_smacklabel_cookie() argument checking");
+}
+
+
+
+/*
+ * **************************************************************************
+ * Unit tests for each function from API
+ * **************************************************************************
+ */
+
+//---------------------------------------------------------------------------
+//root has access to API
+RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
+{
+ int ret = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
+ "Error in security_server_get_cookie_size(): " << ret);
+}
+
+//---------------------------------------------------------------------------
+// Get cookie size when smack is not loaded
+RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
+{
+ int ret;
+
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+ ret = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
+}
+
+//---------------------------------------------------------------------------
+// Test setting up a cookie in normal case when smack is not loaded
+RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
+{
+ int ret;
+ int cookieSize = security_server_get_cookie_size();
+ Cookie cookie(cookieSize);
+
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+
+ ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+//---------------------------------------------------------------------------
+// Test setting up a cookie when smack is not loaded but with too small
+// buffer size
+RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
+{
+ int ret;
+ int cookieSize = security_server_get_cookie_size();
+ Cookie cookie(cookieSize);
+
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+
+ ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
+}
+
+//---------------------------------------------------------------------------
+// Get cookie size when smack is loaded
+RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
+{
+ SecurityServer::AccessProvider provider("selflabel_01_05");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
+ "Error in security_server_get_cookie_size(): " << ret);
+}
+
+//---------------------------------------------------------------------------
+//root has access to API
+RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
+ "Error in security_server_get_cookie_size(): " << cookieSize);
+
+ Cookie cookie(cookieSize);
+ int ret = security_server_request_cookie(cookie.data(), cookie.size());
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "Error in security_server_request_cookie(): " << ret);
+}
+
+//---------------------------------------------------------------------------
+// Test setting up a cookie in normal case when smack is loaded
+RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
+ "Error in security_server_get_cookie_size(): " << cookieSize);
+
+ SecurityServer::AccessProvider provider("selflabel_02_01");
+ provider.allowSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ Cookie cookie(cookieSize);
+ int ret = security_server_request_cookie(cookie.data(), cookie.size());
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "Error in security_server_request_cookie(): " << ret);
+}
+
+//---------------------------------------------------------------------------
+// Test setting up a cookie when smack is loaded but with too small buffer
+// size
+RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
+{
+ int cookieSize = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
+ "Error in security_server_get_cookie_size(): " << cookieSize);
+ cookieSize >>= 1;
+
+ SecurityServer::AccessProvider provider("selflabel_02_02");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ Cookie cookie(cookieSize);
+ int ret = security_server_request_cookie(cookie.data(), cookie.size());
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
+ "Error in security_server_request_cookie(): " << ret);
+}
+
+//---------------------------------------------------------------------------
+//root has access to API
+RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
+{
+ Cookie cookie = getCookieFromSS();
+
+ int ret = security_server_check_privilege(cookie.data(), 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "Error in security_server_check_privilege(): " << ret);
+}
+
+//privileges drop and no smack rule
+RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
+{
+ Cookie cookie = getCookieFromSS();
+
+ SecurityServer::AccessProvider provider("selflabel_03_02");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = security_server_check_privilege(cookie.data(), 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ "security_server_check_privilege() should return access denied: " << ret);
+}
+
+//privileges drop and added smack rule
+RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
+{
+ Cookie cookie = getCookieFromSS();
+
+ SecurityServer::AccessProvider provider("selflabel_03_03");
+ provider.allowSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = security_server_check_privilege(cookie.data(), 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "Error in security_server_check_privilege(): " << ret);
+}
+
+// invalid gid
+RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg)
+{
+ remove_process_group(PROC_AUDIO_GROUP_NAME);
+
+ Cookie cookie = getCookieFromSS();
+ int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
+ RUNNER_ASSERT_MSG(audio_gid > -1,
+ "security_server_get_gid() failed. result = " << audio_gid);
+
+ int ret = security_server_check_privilege(cookie.data(), audio_gid);
+
+ // security_server_check_privilege fails, because the process does not belong to "audio" group
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
+}
+
+// add gid
+RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege)
+{
+ add_process_group(PROC_AUDIO_GROUP_NAME);
+
+ Cookie cookie = getCookieFromSS();
+ int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
+ RUNNER_ASSERT_MSG(audio_gid > -1,
+ "security_server_get_gid() failed. result = " << audio_gid);
+
+ int ret = security_server_check_privilege(cookie.data(), audio_gid);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+}
+
+// test invalid cookie name
+RUNNER_TEST(tc_unit_03_06_security_server_check_privilege)
+{
+ // create invalid cookie
+ int size = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
+
+ Cookie cookie(size);
+ cookie[0] = 'a';
+ int ret = security_server_check_privilege(cookie.data(), 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
+}
+
+//---------------------------------------------------------------------------
+//root has access to API
+RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
+{
+ Cookie cookie = getCookieFromSS();
+
+ int ret = security_server_get_cookie_pid(cookie.data());
+ RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
+
+ int pid = getpid();
+ RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
+}
+
+//privileges drop and no smack rule
+RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
+{
+ Cookie cookie = getCookieFromSS();
+
+ SecurityServer::AccessProvider provider("selflabel_05_02");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = security_server_get_cookie_pid(cookie.data());
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ "security_server_get_cookie_pid() should return access denied: " << ret);
+}
+
+//privileges drop and added smack rule
+RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
+{
+ Cookie cookie = getCookieFromSS();
+
+ SecurityServer::AccessProvider provider("selflabel_05_03");
+ provider.allowSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = security_server_get_cookie_pid(cookie.data());
+ RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
+
+ int pid = getpid();
+ RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
+}
+
+//---------------------------------------------------------------------------
+//root has access to API
+RUNNER_CHILD_TEST_SMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_smack)
+{
+ setLabelForSelf(__LINE__, "selflabel_06_01");
+
+ Cookie cookie = getCookieFromSS();
+
+ CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_01") == 0,
+ "No match in smack label received from cookie, received label: "
+ << label.get());
+}
+
+//---------------------------------------------------------------------------
+//root has access to API
+RUNNER_CHILD_TEST_NOSMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_nosmack)
+{
+ Cookie cookie = getCookieFromSS();
+
+ char *receivedLabel = security_server_get_smacklabel_cookie(cookie.data());
+ RUNNER_ASSERT_MSG(receivedLabel != nullptr,
+ "security_server_get_smacklabel_cookie returned nullptr");
+ std::string label(receivedLabel);
+ free(receivedLabel);
+ RUNNER_ASSERT_MSG(label.empty(),
+ "security_server_get_smacklabel_cookie returned: "
+ << label);
+}
+
+//privileges drop and no smack rule
+RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
+{
+ Cookie cookie = getCookieFromSS();
+
+ SecurityServer::AccessProvider provider("selflabel_06_02");
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(label.get() == nullptr,
+ "nullptr should be received due to access denied, received label: "
+ << label.get());
+}
+
+//privileges drop and added smack rule
+RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
+{
+ SecurityServer::AccessProvider provider("selflabel_06_03");
+ provider.allowSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ Cookie cookie = getCookieFromSS();
+
+ CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_03") == 0,
+ "No match in smack label received from cookie, received label: "
+ << label.get());
+}
+
+//---------------------------------------------------------------------------
+// apply smack labels and drop privileges
+RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
+{
+ add_process_group(PROC_AUDIO_GROUP_NAME);
+
+ SecurityServer::AccessProvider provider("subject_1d6eda7d");
+ provider.allowSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ Cookie cookie = getCookieFromSS();
+
+ int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
+ RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
+ << "\" gid. Result: " << ret);
+
+ ret = security_server_check_privilege(cookie.data(), ret);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+
+ int root_gid = security_server_get_gid(ROOT_USER);
+ RUNNER_ASSERT_MSG(root_gid > -1, "root_gid: " << root_gid);
+
+ ret = security_server_get_cookie_pid(cookie.data());
+ RUNNER_ASSERT_MSG(ret == getpid(), "ret: " << ret);
+
+ CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "ss_label: " << ss_label.get());
+
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+
+ ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+}
+
+// disable access and drop privileges
+RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny)
+{
+ SecurityServer::AccessProvider provider("subject_1d414140");
+
+ Cookie cookie = getCookieFromSS();
+
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ "security_server_check_privilege should return access denied, "
+ "ret: " << ret);
+
+ ret = security_server_get_gid(ROOT_USER);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ "security_server_get_gid should return access denied, "
+ "ret: " << ret);
+
+ ret = security_server_get_cookie_pid(cookie.data());
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ "security_server_get_cookie_pid should return access denied, "
+ "ret: " << ret);
+
+ CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(ss_label.get() == nullptr,
+ "access should be denied so label should be nullptr: " << ss_label.get());
+
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+
+ ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ "security_server_check_privilege_by_pid should return access denied, "
+ "ret: " << ret);
+}
+
+// NOSMACK version of the test above
+RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
+{
+ add_process_group(PROC_AUDIO_GROUP_NAME);
+
+ // drop root privileges
+ int ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+
+ Cookie cookie = getCookieFromSS();
+
+ ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
+ RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
+ << "\" gid. Result: " << ret);
+
+ ret = security_server_check_privilege(cookie.data(), ret);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "check_privilege failed. Result: " << ret);
+
+ ret = security_server_get_gid(ROOT_USER);
+ RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
+
+ ret = security_server_get_cookie_pid(cookie.data());
+ RUNNER_ASSERT_MSG(ret == getpid(),
+ "get_cookie_pid returned different pid than it should. Result: " << ret);
+
+ CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
+ RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "get_smacklabel_cookie failed.");
+
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+
+ ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "check_privilege_by_pid failed. Result: " << ret);
+}
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_tests_clean_env.cpp
+ * @author Zbigniew Jasinski (z.jasinski@samsung.com)
+ * @version 1.0
+ * @brief Functions to prepare clean env for tests.
+ *
+ */
+
+#include <ftw.h>
+#include <unistd.h>
+
+#include <service_manager.h>
+
+int restart_security_server() {
+ ServiceManager serviceManager("security-server.service");
+ serviceManager.restartService();
+
+ return 0;
+}
+
+static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
+ int tflag, struct FTW *ftwbuf)
+{
+ if (tflag == FTW_F)
+ unlink(fpath);
+ else if (tflag == FTW_DP && ftwbuf->level != 0)
+ rmdir(fpath);
+
+ return 0;
+}
+
+/**
+ * This function should be called at the begining of every SS test, so all the tests
+ * are independent of each other.
+ */
+int reset_security_server()
+{
+ const char* path = "/opt/data/security-server/";
+ const int max_descriptors = 10; //max number of open file descriptors by nftw function
+
+ // Clear /opt/data/security-server/ directory
+ if (access(path, F_OK) == 0) {
+ if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) {
+ return 1;
+ }
+ sync();
+ }
+
+ restart_security_server();
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_clean_env.h
+ * @author Zbigniew Jasinski (z.jasinski@samsung.com)
+ * @version 1.0
+ * @brief Functions definitions to prepare clean env for tests.
+ */
+
+#ifndef SECURITY_SERVER_CLEAN_ENV_H
+#define SECURITY_SERVER_CLEAN_ENV_H
+
+int reset_security_server();
+int restart_security_server();
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Bumjin Im <bj.im@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+/*
+ * @file security_server_measurer_API_speed.cpp
+ * @author Radoslaw Bartosiak (radoslaw.bartosiak@samsung.com)
+ * @version 1.0
+ * @brief Log security server API functions average execution times and some aproximation of maximal and minimal execution time.
+ * @details The functions are run at least NUMBER_OF_CALLS times (time is measured at the beginning and at the end, the difference is taken as the execution time).
+ * @details One test case for one function of security-server. Test pass always when there was no connection error (API calls themselves may fail).
+ * @details Measured times are logged using DLP testing framework logging functions. Calls each API function many times to take the average.
+ * @details This file contains TEST_CASEs. Each TEST_CASE consist of one or more RUNs, each RUN consist of one or more function calls.
+ * @details Each test case contains RUNs of one function only. The time is being measured before & after each run.
+ */
+
+#include <dpl/log/log.h>
+#include <dpl/singleton.h>
+#include <dpl/singleton_safe_impl.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <errno.h>
+#include <float.h>
+#include <fcntl.h>
+#include <security-server.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/smack.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <memory.h>
+#include "security_server_mockup.h"
+#include <smack_access.h>
+
+IMPLEMENT_SAFE_SINGLETON(DPL::Log::LogSystem);
+#include <security_server_tests_common.h>
+#include <tests_common.h>
+
+/*Number of calls in a single test*/
+#define NUMBER_OF_CALLS (5)
+#define MICROSECS_PER_SEC (1000000)
+/* number of miliseconds, process will be suspended for multiplications of this quantum */
+#define QUANTUM (10000)
+/*Strings used in tests*/
+/*name of existing user group on test device like "tel_gprs"*/
+#define EXISTING_GROUP_NAME "telephony_makecall"
+/*below labels should not be used in the system*/
+#define M60_OBJECT_LABEL "tc060MeasurerLabel"
+#define M60_SUBJECT_LABEL "tc060Subject"
+#define M70_OBJECT_LABEL "tc070MeasurerLabel"
+#define M70_SUBJECT_LABEL "tc070Subject"
+#define M160_CUSTOMER_LABEL "my_customer_label"
+#define M170_OBJECT_LABEL "myObject"
+
+namespace {
+void securityClientEnableLogSystem(void) {
+ DPL::Log::LogSystemSingleton::Instance().SetTag("SEC_SRV_API_SPEED");
+}
+}
+
+/** Store statistics from a set of function calls
+*/
+struct readwrite_stats
+{
+ timeval current_start_time; /*of last API call*/
+ timeval current_end_time; /*of last API call*/
+ int number_of_calls; /*till now*/
+ double total_duration; /*of all API calls*/
+ double average_duration;
+ double minimal_duration; /*minimum of averages*/
+ double maximal_duration; /*maximum of averages*/
+};
+
+/*Auxiliary functions*/
+
+/**Sleep for the given time
+ @param seconds
+ @param nanoseconds
+ @return 0 on success, -1 on error if process woken earlier
+*/
+int my_nanosecsleep(long nanoseconds) {
+ timespec sleep_spec;
+ sleep_spec.tv_sec = 0;
+ sleep_spec.tv_nsec = nanoseconds;
+ return nanosleep(&sleep_spec, nullptr);
+}
+
+/**Read from pipe descriptor to buffer; retries if less than count bytes were read.
+ @param fd descriptor
+ @param buf start of buffer
+ @param count number of bytes read
+ @return number of bytes read (count)
+*/
+int my_pipe_read(int fd, void *buf, size_t count) {
+ ssize_t readf = 0;
+ ssize_t rest = count;
+ ssize_t s;
+ while (rest > 0) {
+ RUNNER_ASSERT_ERRNO_MSG(0 < (s = TEMP_FAILURE_RETRY(read(fd, ((char*)buf) + readf, rest))),
+ "Error in read from pipe");
+ rest -= s;
+ readf += s;
+ }
+ return readf;
+}
+
+/**Write from buffer to a pipe ; retries if less than count bytes were written.
+ @param fd descriptor
+ @param buf start of buffer
+ @param count number of bytes to write
+ @return number of bytes written (count)
+*/
+int my_pipe_write(int fd, void *buf, size_t count) {
+ ssize_t writef = 0;
+ ssize_t rest = count;
+ ssize_t s;
+ while (rest > 0) {
+ RUNNER_ASSERT_ERRNO_MSG(0 <= (s = TEMP_FAILURE_RETRY(write(fd, ((char*)buf) + writef, rest))),
+ "Error in write to pipe");
+ rest -= s;
+ writef += s;
+ }
+ return writef;
+}
+
+
+/** Check whether there was connection error during function call (Security Server API) based on exit code
+ @param result_code the exit code of a function
+ @return -1 if the function result code indicated network error, 0 otherwise
+*/
+int communication_succeeded(int result_code) {
+ switch(result_code)
+ {
+ case SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE:
+ case SECURITY_SERVER_API_ERROR_SOCKET:
+ case SECURITY_SERVER_API_ERROR_BAD_REQUEST:
+ case SECURITY_SERVER_API_ERROR_BAD_RESPONSE:
+ return -1;
+ default:
+ return 0;
+ }
+}
+
+/** Returns current system time (wrapper for standard system function)
+ @return current system time
+*/
+timeval my_gettime() {
+ timeval t;
+ int res = gettimeofday(&t, nullptr);
+ RUNNER_ASSERT_ERRNO_MSG(res == 0, "gettimeofday() returned error value: " << res);
+ return t;
+}
+
+/** Return a difference between two times (wrapper for standard system function)
+ @param time t1
+ @param time t2
+ @return t1 - t2
+*/
+timeval my_timersub(timeval t1, timeval t2) {
+ timeval result;
+ timersub(&t1, &t2, &result);
+ return result;
+}
+
+double timeval_to_microsecs(timeval t) {
+ return ((double)t.tv_sec * (double)MICROSECS_PER_SEC) + ((double)t.tv_usec);
+}
+
+/** Initialize statistics at the beginning of a TEST_CASE
+ @param stats [in/out] statistics to be initialized
+*/
+void initialize_stats(readwrite_stats *stats) {
+ stats->number_of_calls = 0;
+ stats->total_duration = 0.0;
+ stats->average_duration = 0.0;
+ stats->minimal_duration = DBL_MAX;
+ stats->maximal_duration = 0.0;
+}
+
+/** Save time at the beginning of a RUN
+ @param stats [in/out] statistics
+*/
+void start_stats_update(readwrite_stats *stats) {
+ stats->current_start_time = my_gettime();
+ //LogDebug("start_stats_update at: %ld.%06ld\n", stats->current_start_time.tv_sec, stats->current_start_time.tv_usec);
+}
+
+/** Save time at the end of a RUN and updates the statistics (current_end_time, number_of_calls, total_duration, minimal_duration, maximal_duration)
+ @param stats [in/out] statistics
+*/
+void end_stats_update(readwrite_stats *stats) {
+ stats->current_end_time = my_gettime();
+ double current_duration = timeval_to_microsecs(my_timersub(stats->current_end_time, stats->current_start_time));
+ stats->total_duration += current_duration;
+ stats->number_of_calls += 1;
+ if (current_duration < stats->minimal_duration)
+ (stats->minimal_duration) = current_duration;
+ if (current_duration > stats->maximal_duration)
+ (stats->maximal_duration) = current_duration;
+}
+
+/** Updates the statistics (average_duration, number_of_new_calls, total_duration, minimal_duration, maximal_duration)
+ Function is used instead of start_stats_update and end_stats_update (e.g when current_duration and number_of_new_calls are reported by child process.
+ @param stats [in/out] statistics
+ @param number_of_new_calls number of function calls in the RUN
+ @param current_duration (total) of number_of_new calls
+*/
+void stats_update(readwrite_stats *stats, int number_of_new_calls, double current_duration) {
+ if (number_of_new_calls > 0) {
+ double current_average = (double)current_duration / (double)number_of_new_calls;
+ stats->average_duration = (double)((stats->total_duration) / (stats->number_of_calls));
+ stats->total_duration += current_duration;
+ stats->number_of_calls += number_of_new_calls;
+ if (current_average < stats->minimal_duration)
+ (stats->minimal_duration) = current_average;
+ if (current_average > stats->maximal_duration)
+ (stats->maximal_duration) = current_average;
+ }
+ else
+ LogDebug("stats_update called after zero successful function calls \n");
+}
+
+/** Calculate the average time and calculates statistics taken by a single function call.
+ Called at the end of a TEST_CASE.
+ @param stats [in/out] statistics
+ @param function_name of the function called in tests (to be printed)
+*/
+void finish_stats(readwrite_stats *stats, const char* function_name) {
+ if ((stats->number_of_calls) > 0) {
+ stats->average_duration = (double)((stats->total_duration) / (stats->number_of_calls));
+ printf("The approx (min, max, avg) execution times for function:\n%s are: \n---(%'.2fus, %'.2fus, %'.2fus)\n", function_name, stats->minimal_duration, stats->maximal_duration, stats->average_duration);
+ }
+ else
+ LogDebug("No function call succeeded\n");
+}
+
+/*TEST CASES*/
+RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_API_SPEED_MEASURER)
+
+/*
+ * test: Tests the tests
+ * expected: The minimum shall be about (QUANTUM) = 10^-2s = 10000 us, max about (NUMBER_OF_CALLS*QUANTUM) = 5*10^-2s = 50000us, avg (average) about (0.5*NUMBER_OF_CALLS+1*QUANTUM)=3*10^-2s = 30000us. Max is no more than 50% bigger than minimum.
+ */
+RUNNER_TEST(m000_security_server_test_the_tests) {
+ int ret;
+ readwrite_stats stats;
+ double expected_min_min = QUANTUM;
+ double expected_min_max = 1.5 * expected_min_min;
+ double expected_avarage_min = (((double)(NUMBER_OF_CALLS + 1)) / 2.0) * expected_min_min;
+ double expected_avarage_max = 1.5 * expected_avarage_min;
+ double expected_max_min = ((double)(NUMBER_OF_CALLS)) * expected_min_min;
+ double expected_max_max = 1.5 * expected_max_min;
+ initialize_stats(&stats);
+ for (int i=0; i < NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = my_nanosecsleep((long) ((i+1)*QUANTUM*1000));
+ RUNNER_ASSERT_MSG(ret == 0, "system sleep function returned premature wake-up; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "my_nanosecsleep");
+ RUNNER_ASSERT_MSG((stats.average_duration>expected_avarage_min) && (stats.average_duration<expected_avarage_max), "Avarage time is suspicious - check the issue; stats.average_duration=" << stats.average_duration);
+ RUNNER_ASSERT_MSG((stats.minimal_duration>expected_min_min) && (stats.minimal_duration<expected_min_max), "Minimal time is suspicious - check the issue; stats.minimal_duration=" << stats.minimal_duration);
+ RUNNER_ASSERT_MSG((stats.maximal_duration>expected_max_min) && (stats.maximal_duration<expected_max_max), "Maximal time is suspicious - check the issue; stats.maximal_duration=" << stats.maximal_duration);
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m010_security_server_security_server_get_gid) {
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_get_gid(EXISTING_GROUP_NAME);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_get_gid");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m030_security_server_request_cookie) {
+ int ret;
+ size_t cookie_size;
+ cookie_size = security_server_get_cookie_size();
+ char cookie[cookie_size];
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_request_cookie(cookie, cookie_size);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_request_cookie");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ * Create new processes and measures times of first calls of security_server_request_cookie in them
+ *
+ */
+RUNNER_MULTIPROCESS_TEST(m031_security_server_request_cookie_first_time_only) {
+ int ret;
+ size_t cookie_size;
+ cookie_size = security_server_get_cookie_size();
+ char cookie[cookie_size];
+ readwrite_stats stats;
+
+ int pipefd[2];
+ int cpid;
+ int number_of_calls;
+ double duration_of_calls;
+ /*initialize pipes - one pipe for one child process*/
+ RUNNER_ASSERT_ERRNO_MSG(0 == pipe(pipefd), "error in pipe");
+ initialize_stats(&stats);
+ for (int i = 0; i < NUMBER_OF_CALLS; i++) {
+ RUNNER_ASSERT_ERRNO_MSG(-1 != (cpid = fork()), "error in fork #i = " << i);
+ if (cpid == 0) { /* Child*/
+ close(pipefd[0]); /* Close unused read end */
+ timeval start_time;
+ timeval end_time;
+ start_time = my_gettime();
+ ret = security_server_request_cookie(cookie, cookie_size);
+ end_time = my_gettime();
+ if (communication_succeeded(ret) == 0) {
+ number_of_calls = 1;
+ duration_of_calls = timeval_to_microsecs(my_timersub(end_time, start_time));
+
+ } else
+ {
+ number_of_calls = 0;
+ duration_of_calls = 0.0;
+ }
+ RUNNER_ASSERT_MSG(my_pipe_write(pipefd[1], &number_of_calls, sizeof(number_of_calls)) == sizeof(number_of_calls), "error in write number of calls to pipe");
+ RUNNER_ASSERT_MSG(my_pipe_write(pipefd[1], &duration_of_calls, sizeof(duration_of_calls)) == sizeof(duration_of_calls), "error in write duration of calls to pipe");
+ close(pipefd[1]);
+ exit(EXIT_SUCCESS);
+ } else
+ { /* Parent */
+ RUNNER_ASSERT_MSG(my_pipe_read(pipefd[0], &number_of_calls, sizeof(number_of_calls)) == sizeof(number_of_calls), "error in read number of calls to pipe");
+ RUNNER_ASSERT_MSG(my_pipe_read(pipefd[0], &duration_of_calls, sizeof(duration_of_calls)) == sizeof(duration_of_calls), "error in read duration of calls to pipe");
+
+ RUNNER_ASSERT_MSG(number_of_calls > 0, "commmunication error");
+ stats_update(&stats, number_of_calls, duration_of_calls);
+ }
+ /*parent*/
+ }
+ close(pipefd[1]); /* Close parent descriptors */
+ close(pipefd[0]);
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m040_security_server_get_cookie_size) {
+ size_t cookie_size;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ cookie_size = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(cookie_size > 0, "cookie_size = " << cookie_size);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_get_cookie_size");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m050_security_server_check_privilege) {
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ const char *existing_group_name = EXISTING_GROUP_NAME;
+ size_t cookie_size;
+ int call_gid;
+ // we use existing group name for the measurment, however this is not neccessary
+ call_gid = security_server_get_gid(existing_group_name);
+ cookie_size = security_server_get_cookie_size();
+ char recved_cookie[cookie_size];
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_check_privilege(recved_cookie, (gid_t)call_gid);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_check_privilege");
+}
+
+void testSecurityServerCheckPrivilegeByCookie(bool smack) {
+ const char *object_label = M60_OBJECT_LABEL;
+ const char *access_rights = "r";
+ const char *access_rights_ext = "rw";
+ const char *subject_label = M60_SUBJECT_LABEL;
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+
+ if (smack) {
+ SmackAccess smackAccess;
+ smackAccess.add(subject_label, object_label, access_rights);
+ smackAccess.apply();
+ RUNNER_ASSERT_MSG(0 == (ret = smack_set_label_for_self(subject_label)),
+ "Error in smack_set_label_for_self(); ret = " << ret);
+ }
+
+ Cookie cookie = getCookieFromSS();
+
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ /*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */
+ if (i%2)
+ ret = security_server_check_privilege_by_cookie(
+ cookie.data(),
+ object_label,
+ access_rights);
+ else
+ ret = security_server_check_privilege_by_cookie(
+ cookie.data(),
+ object_label,
+ access_rights_ext);
+
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_check_privilege_by_cookie");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+
+RUNNER_TEST_SMACK(m060_security_server_check_privilege_by_cookie_smack) {
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ testSecurityServerCheckPrivilegeByCookie(true);
+}
+
+RUNNER_TEST_NOSMACK(m060_security_server_check_privilege_by_cookie_nosmack) {
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ testSecurityServerCheckPrivilegeByCookie(false);
+}
+
+void testSecurityServerCheckPrivilegeBySockfd(bool smack) {
+ const char *object_label = M70_OBJECT_LABEL;
+ const char *access_rights = "r";
+ const char *access_rights_ext = "rw";
+ const char *subject_label = M70_SUBJECT_LABEL;
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+
+ if (smack) {
+ SmackAccess smackAccess;
+ smackAccess.add(subject_label, object_label, access_rights);
+ smackAccess.apply();
+ }
+
+ int pid = fork();
+ RUNNER_ASSERT_ERRNO(-1 != pid);
+ if (0 == pid) {
+ // child
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
+
+ SockUniquePtr sockfd_ptr(&sockfd);
+
+ if (smack)
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
+
+ RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
+ int csockfd;
+ RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
+ "child accept failed");
+
+ close(csockfd);
+ exit(EXIT_SUCCESS);
+ //end child
+ } else {
+ //parent
+ sleep(2);
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
+
+ SockUniquePtr sockfd_ptr(&sockfd);
+
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ /*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */
+ if (i%2)
+ ret = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights_ext);
+ else
+ ret = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+
+ finish_stats(&stats, "check_privilege_by_sockfd");
+ }
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+
+RUNNER_MULTIPROCESS_TEST_SMACK(m070_security_server_check_privilege_by_sockfd_smack) {
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+ testSecurityServerCheckPrivilegeBySockfd(true);
+}
+
+RUNNER_MULTIPROCESS_TEST_NOSMACK(m070_security_server_check_privilege_by_sockfd_nosmack) {
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+ testSecurityServerCheckPrivilegeBySockfd(false);
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m080_security_server_get_cookie_pid) {
+ int ret;
+ size_t cookie_size;
+ cookie_size = security_server_get_cookie_size();
+ char cookie[cookie_size];
+ ret = security_server_request_cookie(cookie, cookie_size);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "security_server_request_cookie failed; ret = " << ret);
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_get_cookie_pid(cookie);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_request_cookie");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m090_security_server_is_pwd_valid) {
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_is_pwd_valid");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m100_security_server_set_pwd) {
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_set_pwd("this_is_current_pwd", "this_is_new_pwd", 20, 365);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_set_pwd");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m110_security_server_set_pwd_validity) {
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_set_pwd_validity(2);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_set_pwd_validity");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m120_security_server_set_pwd_max_challenge) {
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_set_pwd_max_challenge(3);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_set_pwd_max_challenge");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m130_security_server_reset_pwd) {
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_reset_pwd("apud", 1, 2);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_reset_pwd");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m140_security_server_chk_pwd) {
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_chk_pwd("is_this_password", &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_chk_pwd");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m150_security_server_set_pwd_history) {
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_set_pwd_history(100);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_set_pwd_history");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m160_security_server_app_give_access) {
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ const char* customer_label = M160_CUSTOMER_LABEL;
+ int customer_pid = getpid();
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_app_give_access(customer_label, customer_pid);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_app_give_access");
+}
+
+/*
+ * measurer: Fails only on connection error.
+ */
+RUNNER_TEST(m170_security_server_check_privilege_by_pid) {
+
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
+ int ret;
+ readwrite_stats stats;
+ initialize_stats(&stats);
+ int pid = getpid();
+ const char *object = M170_OBJECT_LABEL;
+ const char *access_rights = "rw";
+ for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
+ start_stats_update(&stats);
+ ret = security_server_check_privilege_by_pid(pid, object, access_rights);
+ RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
+ end_stats_update(&stats);
+ }
+ finish_stats(&stats, "security_server_check_privilege_by_pid");
+}
+
+
+int main(int argc, char *argv[])
+{
+ securityClientEnableLogSystem();
+ DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_mockup.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief All mockups required in security-server tests.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <fcntl.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <poll.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <security-server.h>
+
+#include <dpl/log/log.h>
+
+#define SECURITY_SERVER_TEST_SOCK_PATH "/tmp/.security_server_sock_mockup"
+
+/* Create a Unix domain socket and bind */
+int create_new_socket()
+{
+ int localsockfd = -1, flags;
+ struct sockaddr_un serveraddr;
+ mode_t sock_mode;
+
+ if (-1 == remove(SECURITY_SERVER_TEST_SOCK_PATH)) {
+ LogDebug("Unable to remove " << SECURITY_SERVER_TEST_SOCK_PATH);
+ }
+
+ /* Create Unix domain socket */
+ if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
+ {
+ localsockfd = -1;
+ LogDebug("Socket creation failed");
+ goto error;
+ }
+
+ /* Make socket as non blocking */
+ if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
+ fcntl(localsockfd, F_SETFL, flags) < 0)
+ {
+ close(localsockfd);
+ localsockfd = -1;
+ LogDebug("Cannot go to nonblocking mode");
+ goto error;
+ }
+
+ bzero (&serveraddr, sizeof(serveraddr));
+ serveraddr.sun_family = AF_UNIX;
+ strncpy(serveraddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH,
+ strlen(SECURITY_SERVER_TEST_SOCK_PATH) + 1);
+
+ /* Bind the socket */
+ if ((bind(localsockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0)
+ {
+ LogDebug("Cannot bind");
+ close(localsockfd);
+ localsockfd = -1;
+ goto error;
+ }
+
+ /* Change permission to accept all processes that has different uID/gID */
+ sock_mode = (S_IRWXU | S_IRWXG | S_IRWXO);
+
+ /* Flawfinder hits this chmod function as level 5 CRITICAL as race condition flaw *
+ * * Flawfinder recommends to user fchmod insted of chmod
+ * * But, fchmod doesn't work on socket file so there is no other choice at this point */
+ if (chmod(SECURITY_SERVER_TEST_SOCK_PATH, sock_mode) < 0) /* Flawfinder: ignore */
+ {
+ LogDebug("chmod() error");
+ close(localsockfd);
+ localsockfd = -1;
+ goto error;
+ }
+error:
+ return localsockfd;
+}
+
+int connect_to_testserver()
+{
+ struct sockaddr_un clientaddr;
+ int client_len = 0, localsockfd;
+
+ /* Create a socket */
+ if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
+ {
+ LogDebug("Error on socket. Errno: " << errno);
+ return -1;
+ }
+
+ bzero(&clientaddr, sizeof(clientaddr));
+ clientaddr.sun_family = AF_UNIX;
+ strncpy(clientaddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH, strlen(SECURITY_SERVER_TEST_SOCK_PATH));
+ clientaddr.sun_path[strlen(SECURITY_SERVER_TEST_SOCK_PATH)] = 0;
+ client_len = sizeof(clientaddr);
+ if (connect(localsockfd, (struct sockaddr*)&clientaddr, client_len) < 0)
+ {
+ LogDebug("Error on connect. Errno: " << errno);
+ close(localsockfd);
+ return -1;
+ }
+ return localsockfd;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_tests_client_smack.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Mockups.
+ */
+
+#ifndef _SS_CLIENT_SERVER_
+#define _SS_CLIENT_SERVER_
+
+int create_new_socket();
+int connect_to_testserver();
+
+#endif
+
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_tests_client_smack.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.1
+ * @brief Test cases for security-server-client-smack.
+ */
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/smack.h>
+#include <sys/wait.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <memory>
+#include <functional>
+
+#include <dpl/log/log.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include "security_server_mockup.h"
+
+#include <security-server.h>
+#include <access_provider.h>
+#include "tests_common.h"
+#include <memory.h>
+
+#define PROPER_COOKIE_SIZE 20
+
+
+RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_CLIENT_SMACK)
+
+/*
+ * test: tc04_security_server_get_gid
+ * description: Checking for security_server_get_gid
+ * with nonexisting gid and existing one
+ * expected: security_server_get_gid should return
+ * SECURITY_SERVER_ERROR_NO_SUCH_OBJECT with first call
+ * and group id with second call
+ */
+RUNNER_CHILD_TEST_SMACK(tc04_security_server_get_gid)
+{
+ SecurityServer::AccessProvider provider("tc04mylabel");
+ provider.allowSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = security_server_get_gid("abc123xyz_pysiaczek");
+ LogDebug("ret = " << ret);
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT == ret, "Ret: " << ret);
+ ret = security_server_get_gid("root");
+ LogDebug("ret = " << ret);
+ RUNNER_ASSERT_MSG(0 == ret, "Ret: " << ret);
+}
+
+/*
+ * test: tc05_check_privilege_by_cookie
+ * description: Function security_server_check_privilege_by_cookie should
+ * return status of access rights of cookie owner. In this case cookie owner
+ * is the same process that ask for the rights.
+ * expected: Function call with access rights set to "r" should return SUCCESS,
+ * with "rw" should return ACCESS DENIED.
+ */
+RUNNER_CHILD_TEST_SMACK(tc05_check_privilege_by_cookie)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ char cookie[20];
+ const char *object_label = "tc05objectlabel";
+ const char *access_rights = "r";
+ const char *access_rights_ext = "rw";
+ const char *subject_label = "tc05subjectlabel";
+
+ SecurityServer::AccessProvider provider(subject_label);
+ provider.allowSS();
+ provider.addObjectRule(object_label, access_rights);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
+ security_server_request_cookie(cookie,20));
+
+ RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
+ security_server_check_privilege_by_cookie(
+ cookie,
+ object_label,
+ access_rights));
+
+ RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
+ security_server_check_privilege_by_cookie(
+ cookie,
+ object_label,
+ access_rights_ext));
+}
+
+/*
+ * test: security_server_check_privilege_by_sockfd
+ * description: This test will create dummy server that will accept connection
+ * and die. The client will try to check access rights using connection descriptor.
+ * expected: Function call with access rights set to "r" should return SUCCESS,
+ * with "rw" should return ACCESS DENIED.
+ */
+RUNNER_MULTIPROCESS_TEST_SMACK(tc06_check_privilege_by_sockfd)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+ const char *object_label = "tc06objectlabel";
+ const char *access_rights = "r";
+ const char *access_rights_ext = "rw";
+ const char *subject_label = "tc06subjectlabel";
+
+ int result1 = -1;
+ int result2 = -1;
+
+ smack_accesses *handle;
+ RUNNER_ASSERT(0 == smack_accesses_new(&handle));
+ RUNNER_ASSERT(0 == smack_accesses_add(handle,
+ subject_label,
+ object_label,
+ access_rights));
+ RUNNER_ASSERT(0 == smack_accesses_apply(handle));
+ smack_accesses_free(handle);
+
+ int pid = fork();
+ char *label;
+ RUNNER_ASSERT_ERRNO(-1 != pid);
+
+ if (0 == pid) {
+ // child
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
+
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
+
+ SockUniquePtr sockfd_ptr(&sockfd);
+
+ label = security_server_get_smacklabel_sockfd(sockfd);
+ RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
+ RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\"");
+ free(label);
+
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+
+ RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+
+ label = security_server_get_smacklabel_sockfd(sockfd);
+ RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
+ RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\"");
+ free(label);
+
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
+ int csockfd;
+ RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
+ "child accept failed");
+
+ usleep(500);
+
+ close(csockfd);
+ exit(0);
+ } else {
+ // parent
+ sleep(1);
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
+
+ SockUniquePtr sockfd_ptr(&sockfd);
+
+ label = security_server_get_smacklabel_sockfd(sockfd);
+ RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
+ RUNNER_ASSERT_MSG(strcmp(label,subject_label) == 0, "label is \"" << label << "\"" << ", subject_label is \"" << subject_label << "\"" );
+ free(label);
+
+ result1 = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights);
+ result2 = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights_ext);
+ }
+
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result = " << result1);
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, "result = " << result2);
+}
+
+/*
+ * test: security_server_check_privilege_by_sockfd
+ * description: This test will create dummy server that will accept connection
+ * and die. The client will try to check access rights using connection descriptor.
+ * Because we read a smack label not from socket directly, but from from pid of process
+ * on the other end of socket - that's why smack label will be updated.
+ * In this test client is running under root and server is not - to test the extreme case.
+ * expected: Function call with access rights set to "r" should return SUCCESS,
+ * with "rw" should return ACCESS DENIED.
+ */
+RUNNER_MULTIPROCESS_TEST_SMACK(tc07_check_privilege_by_sockfd)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+ const char *object_label = "tc07objectlabel";
+ const char *access_rights = "r";
+ const char *access_rights_ext = "rw";
+ const char *subject_label = "tc07subjectlabel";
+
+ int result1 = -1;
+ int result2 = -1;
+
+ SmackAccess access;
+ access.add(subject_label, object_label, access_rights);
+ access.apply();
+
+ int pid = fork();
+ RUNNER_ASSERT_ERRNO(-1 != pid);
+
+ if (0 == pid) {
+
+ pid = fork();
+ RUNNER_ASSERT_ERRNO(-1 != pid);
+
+ if (0 == pid) {
+ // child
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
+
+ SockUniquePtr sockfd_ptr(&sockfd);
+
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
+
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+
+ RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
+ int csockfd = TEMP_FAILURE_RETRY(accept(sockfd,(struct sockaddr*)&client_addr, &client_len));
+ if (csockfd >= 0)
+ close(csockfd);
+ LogDebug("Exit!");
+ exit(0);
+ } else {
+ // parent
+ sleep(1);
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
+
+ result1 = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights);
+ result2 = security_server_check_privilege_by_sockfd(
+ sockfd,
+ object_label,
+ access_rights_ext);
+
+ close(sockfd);
+
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, " result2 = " << result2);
+ }
+ }
+}
+
+///////////////////////////
+/////NOSMACK ENV TESTS/////
+///////////////////////////
+
+RUNNER_CHILD_TEST_NOSMACK(tc04_security_server_get_gid_nosmack)
+{
+ int ret;
+
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+
+ ret = security_server_get_gid("definitely_not_existing_object");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret = " << ret);
+ ret = security_server_get_gid("root");
+ RUNNER_ASSERT_MSG(ret == 0, "ret = " << ret);
+}
+
+/*
+ * NOSMACK version of tc05 test.
+ *
+ * Correct behaviour of smack_accesses_apply and smack_set_label_for_self was checked by libsmack
+ * tests. We assume, that those tests pass. Additionally security_server_check_privilege_by_cookie
+ * should return SUCCESS no matter what access_rights we give to this function.
+ */
+RUNNER_CHILD_TEST_NOSMACK(tc05_check_privilege_by_cookie_nosmack)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ char cookie[20];
+ const char* object_label = "tc05objectlabel";
+
+ RUNNER_ASSERT(security_server_request_cookie(cookie,20) == SECURITY_SERVER_API_SUCCESS);
+
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+
+ RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
+ security_server_check_privilege_by_cookie(cookie, object_label, "r"));
+
+ //On NOSMACK env security server should return success on any accesses, even those that are
+ //incorrect.
+ RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
+ security_server_check_privilege_by_cookie(cookie, object_label, "rw"));
+}
+
+/**
+ * NOSMACK version of tc06 test.
+ *
+ * Differences between this and SMACK version (server):
+ * - Skipped setting access_rights
+ * - Skipped setting label for server
+ * - get_smacklabel_sockfd is called only once for server, almost right after fork and creation
+ * of socket (because it should do nothing when SMACK is off)
+ * - After get_smacklabel_sockfd privileges are dropped and server is prepared to accept connections
+ * from client
+ *
+ * For client the only difference are expected results from check_privilege_by_sockfd - both should
+ * return SUCCESS.
+ */
+RUNNER_MULTIPROCESS_TEST_NOSMACK(tc06_check_privilege_by_sockfd_nosmack)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+ const char* object_label = "tc06objectlabel";
+
+ int result1 = -1;
+ int result2 = -1;
+
+ int pid = fork();
+ char* label;
+ RUNNER_ASSERT_ERRNO(pid >= 0);
+
+ int ret;
+
+ if (pid == 0) { //child process - server
+ //create new socket
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
+
+ SockUniquePtr sockfd_ptr(&sockfd);
+
+ //check if get_smacklabel_sockfd works correctly
+ label = security_server_get_smacklabel_sockfd(sockfd);
+ RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
+ ret = strcmp(label, "");
+ free(label);
+ RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\"");
+
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+
+ RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
+
+ int csockfd;
+ RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
+ "child accept failed");
+
+ //wait a little bit for parent to do it's job
+ usleep(200);
+
+ //if everything works, cleanup and return 0
+ close(csockfd);
+ exit(0);
+ } else {
+ //parent
+ sleep(1);
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to connect to server.");
+
+ SockUniquePtr sockfd_ptr(&sockfd);
+
+ label = security_server_get_smacklabel_sockfd(sockfd);
+ RUNNER_ASSERT_MSG(label != nullptr, "get_smacklabel_sockfd failed.");
+ ret = strcmp(label, "");
+ free(label);
+ RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\"");
+
+ result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
+ result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
+ }
+
+ RUNNER_ASSERT_MSG(result1 == SECURITY_SERVER_API_SUCCESS, "result = " << result1);
+ RUNNER_ASSERT_MSG(result2 == SECURITY_SERVER_API_SUCCESS, "result = " << result2);
+}
+
+/**
+ * NOSMACK version of tc07 test.
+ */
+RUNNER_MULTIPROCESS_TEST_NOSMACK(tc07_check_privilege_by_sockfd_nosmack)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+ const char* object_label = "tc07objectlabel";
+
+ int result1 = -1;
+ int result2 = -1;
+
+ int pid = fork();
+ RUNNER_ASSERT_ERRNO(-1 != pid);
+
+ if (pid == 0) {
+
+ pid = fork();
+ RUNNER_ASSERT_ERRNO(-1 != pid);
+
+ if (pid == 0) { //child process
+ //Create socket
+ int sockfd = create_new_socket();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
+
+ SockUniquePtr sockfd_ptr(&sockfd);
+
+ //Drop privileges
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+
+ //Prepare for accepting
+ RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
+
+ struct sockaddr_un client_addr;
+ socklen_t client_len = sizeof(client_addr);
+
+ //Accept connections
+ int csockfd;
+ RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
+ "child accept failed");
+
+ //wait a little bit for parent to do it's job
+ usleep(200);
+
+ //cleanup and kill child
+ close(csockfd);
+ exit(0);
+ } else { //parent process
+ //Drop root privileges
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+
+ //Wait for server to set up
+ sleep(1);
+
+ //Connect and check privileges
+ int sockfd = connect_to_testserver();
+ RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to create socket fd.");
+
+ result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
+ result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
+
+ close(sockfd);
+
+ //Both results (just like in the previous test case) should return success.
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
+ RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2);
+ }
+ }
+}
+
+RUNNER_TEST_SMACK(tc18_security_server_get_smacklabel_cookie) {
+ int res;
+
+ char *label_smack = nullptr;
+ char *label_ss = nullptr;
+ char *cookie = nullptr;
+
+ int cookie_size = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size, "Wrong cookie size from security-server");
+
+ cookie = (char*) calloc(cookie_size, 1);
+ RUNNER_ASSERT_MSG(nullptr != cookie, "Memory allocation error");
+
+ res = security_server_request_cookie(cookie, cookie_size);
+ if (res != SECURITY_SERVER_API_SUCCESS) {
+ free(cookie);
+ RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS, "Error in requesting cookie from security-server");
+ }
+
+ label_ss = security_server_get_smacklabel_cookie(cookie);
+ free(cookie);
+ RUNNER_ASSERT_MSG(label_ss != nullptr, "Error in getting label by cookie");
+
+
+ std::string label_cookie(label_ss);
+ free(label_ss);
+
+ res = smack_new_label_from_self(&label_smack);
+ if (res < 0) {
+ free(label_smack);
+ RUNNER_ASSERT_MSG(res == 0, "Error in getting self SMACK label");
+ }
+ std::string label_self(label_smack ? label_smack : "");
+ free(label_smack);
+
+ RUNNER_ASSERT_MSG(label_self == label_cookie, "No match in SMACK labels");
+
+
+ //TODO: here could be label change using SMACK API and checking if it
+ //is changed using security-server API function based on the same cookie
+}
+
+/**
+ * NOSMACK version of tc_security_server_get_smacklabel_cookie test.
+ *
+ * Most of this test goes exactly as the original one. The only difference are the labels:
+ * - We assume that libsmack tests passed and smack_new_label_from_self will return -1 and nullptr
+ * label - there is no need to re-check it.
+ * - Label acquired from security_server_get_smacklabel_cookie should be an empty string.
+ */
+RUNNER_TEST_NOSMACK(tc18_security_server_get_smacklabel_cookie_nosmack) {
+ int res;
+
+ char* label_ss = nullptr;
+ char* cookie = nullptr;
+
+ int cookie_size = security_server_get_cookie_size();
+ RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size,
+ "Wrong cookie size from security-server. Size: " << cookie_size);
+
+ cookie = (char*) calloc(cookie_size, sizeof(char));
+ RUNNER_ASSERT_MSG(nullptr != cookie, "Memory allocation error");
+
+ //Request cookie from SS
+ res = security_server_request_cookie(cookie, cookie_size);
+ CookieUniquePtr cookie_ptr(cookie);
+ cookie = nullptr;
+ RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS,
+ "Error in requesting cookie from security-server. Result: " << res);
+
+ label_ss = security_server_get_smacklabel_cookie(cookie_ptr.get());
+ RUNNER_ASSERT_MSG(label_ss != nullptr, "Error in getting label by cookie");
+
+ std::string label(label_ss);
+ free(label_ss);
+ RUNNER_ASSERT_MSG(label.empty(), "label_ss is not an empty string.");
+
+}
+
+////////////////////
+/////MAIN///////////
+////////////////////
+
+int main(int argc, char *argv[])
+{
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file security_server_tests_mt.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ * @brief This test creates multiple processes that connect to security
+ * server and perform random operations using its API. The purpose
+ * of this test is to check if security-server crashes when under
+ * heavy load. Test succeeds if all processes finish.
+ */
+
+#include <dpl/log/log.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <security-server.h>
+#include <sys/wait.h>
+#include <random>
+#include <functional>
+#include <chrono>
+
+namespace {
+const size_t PROC_TOTAL = 1000; // total number of processes to spawn
+const size_t PROC_MAX = 10; // max number of processes working at the same time
+const size_t LOOPS = 50; // number of loop repeats
+
+std::default_random_engine generator(std::chrono::system_clock::now().time_since_epoch().count());
+
+// common function data
+struct Data {
+ char *cookie; // not owned
+
+ Data(char *c) : cookie(c) {}
+};
+
+
+// test functions
+void request_cookie(const Data&)
+{
+ char cookie[20];
+ security_server_request_cookie(cookie, 20);
+}
+
+void check_privilege(const Data &d)
+{
+ int ret = security_server_get_gid("audio");
+ security_server_check_privilege(d.cookie, ret);
+}
+
+void check_privilege_by_cookie(const Data &d)
+{
+ security_server_check_privilege_by_cookie(d.cookie, "label", "rwxat");
+}
+
+void get_cookie_pid(const Data &d)
+{
+ security_server_get_cookie_pid(d.cookie);
+}
+
+void get_smack_label(const Data &d)
+{
+ char *label = security_server_get_smacklabel_cookie(d.cookie);
+ free(label);
+}
+
+void random_sleep(const Data&)
+{
+ std::uniform_int_distribution<size_t> distribution(0,100);
+ usleep(distribution(generator));
+}
+
+
+// list of test functions
+std::vector<std::function<void(const Data&)> > functions = {
+ random_sleep,
+ request_cookie,
+ check_privilege,
+ check_privilege_by_cookie,
+ get_cookie_pid,
+ get_smack_label
+};
+} // namespace
+
+// randomly calls test functions
+void security_server_magic()
+{
+ char cookie[20];
+ security_server_request_cookie(cookie, 20);
+ Data d(cookie);
+
+ // random loop number
+ std::uniform_int_distribution<size_t> l_dist(0,LOOPS);
+ size_t loops = l_dist(generator);
+
+ // random function call
+ std::uniform_int_distribution<size_t> distribution(0,functions.size() - 1);
+ auto rnd = std::bind(distribution, generator);
+ for (size_t i = 0; i < loops; ++i) {
+ functions[rnd()](d);
+ }
+}
+
+int main()
+{
+ size_t current = 0;
+ size_t spawned = 0;
+ for (;;) {
+ if (current >= PROC_MAX || spawned >= PROC_TOTAL) {
+ int status;
+ int ret = wait(&status);
+
+ // all processes spawned, no more children to wait for
+ if (spawned >= PROC_TOTAL && ret <= 0)
+ break;
+
+ current--;
+ }
+
+ // spawn predefined number of processes
+ if (spawned < PROC_TOTAL) {
+ pid_t pid = fork();
+ if (pid == 0) {
+ LogDebug("START " << spawned);
+ security_server_magic();
+ LogError("STOP " << spawned);
+ exit(0);
+ }
+ else {
+ //LogWarning("PID " << pid);
+ spawned++;
+ current++;
+ }
+ }
+ }
+ LogInfo("Finished");
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_tests_password.cpp
+ * @author Bumjin Im (bj.im@samsung.com)
+ * @author Pawel Polawski (p.polawski@partner.samsung.com)
+ * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
+ * @author Jan Olszak (j.olszak@samsung.com)
+ * @version 2.0
+ * @brief Test cases for security server
+ *
+ * WARNING: In this file test order is very important. They have to always be run
+ * in correct order. This is done by correct test case names ("tcXX_").
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <fcntl.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <dirent.h>
+#include "security-server.h"
+#include <dpl/test/test_runner.h>
+#include <tests_common.h>
+#include <dlog.h>
+#include "security_server_clean_env.h"
+#include "security_server_tests_common.h"
+
+
+// the maximum time (in seconds) passwords can expire in
+const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
+
+// test passwords
+const char* TEST_PASSWORD = "IDLEPASS";
+const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
+const char* THIRD_TEST_PASSWORD = "THIRDPASS";
+const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
+
+RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
+
+struct SystemClock {
+ SystemClock(time_t sft)
+ : m_original(time(0))
+ , m_shift(0)
+ {
+ shift(sft);
+ }
+
+ SystemClock()
+ : m_original(time(0))
+ , m_shift(0)
+ {}
+
+ void shift(time_t sft) {
+ m_shift += sft;
+ time_t shifted = m_original + m_shift;
+ RUNNER_ASSERT_ERRNO(0 == stime(&shifted));
+ }
+
+ ~SystemClock() {
+ if (std::uncaught_exception()) {
+ stime(&m_original);
+ return;
+ }
+
+ RUNNER_ASSERT_ERRNO(0 == stime(&m_original));
+ }
+private:
+ time_t m_original;
+ time_t m_shift;
+};
+
+
+/**
+ * Confirm there is no password before tests are run.
+ */
+RUNNER_TEST(tc01_clear_environment)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ if (getuid() == 0)
+ {
+ reset_security_server();
+
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+
+ RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
+ RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
+ RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ }
+ else
+ {
+ SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
+ SLOGD("If not, you will see some failures\n");
+
+ RUNNER_IGNORED_MSG("I'm not root");
+ }
+}
+
+/**
+ * Basic test of setting validity period.
+ */
+RUNNER_TEST(tc02_security_server_set_pwd_validity)
+{
+ int ret;
+
+ // Prepare environment
+ reset_security_server();
+
+ // TESTS:
+ // WITHOUT password
+ ret = security_server_set_pwd_validity(10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+
+ ret = security_server_set_pwd_validity(11);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+
+ // WITH password
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_validity(10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_validity(11);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Basic test of setting maximum number of password challenges.
+ */
+RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
+{
+ int ret;
+
+ // Prepare environment
+ reset_security_server();
+
+ // TESTS:
+ // WITHOUT password
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+
+ ret = security_server_set_pwd_max_challenge(6);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+
+ // WITH password
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_max_challenge(6);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Test checking a too long password.
+ */
+RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // 33 char password
+ ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+}
+
+/**
+ * Test various parameter values when checking a password.
+ */
+RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ ret = security_server_chk_pwd(nullptr, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+
+ ret = security_server_chk_pwd("password", nullptr, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+
+ ret = security_server_chk_pwd("password", &attempt, nullptr, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+
+ ret = security_server_chk_pwd("password", &attempt, &max_attempt, nullptr);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+}
+
+/**
+ * Check the given password when no password is set.
+ */
+RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // Prepare environment - there is no password now!
+ reset_security_server();
+
+ // TEST
+ ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
+
+ RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
+ RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+}
+
+/**
+ * Checks various parameter values.
+ */
+RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
+{
+ int ret;
+
+ // Prepare environment
+ reset_security_server();
+
+ // TEST
+ ret = security_server_set_pwd(nullptr, nullptr, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+}
+
+/**
+ * Test setting too long password.
+ */
+RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
+{
+ int ret;
+
+ // Prepare environment
+ reset_security_server();
+
+ // TEST
+ // 33 char password
+ ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+}
+
+/**
+ * Basic password setting.
+ */
+RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
+{
+ int ret;
+
+ // Prepare environment
+ reset_security_server();
+
+ // TEST
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Set a maximum password period.
+ */
+RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
+{
+ int ret;
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ // UINT_MAX will cause api error, it is to big value
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ // calculate max applicable valid days that will not be rejected by ss
+ // ensure, that after conversion from days to seconds in ss there will be no uint overflow
+ unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1;
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Set a maximum password challenge number.
+ */
+RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
+{
+ int ret;
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Set empty password.
+ */
+RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
+{
+ int ret;
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+}
+
+/**
+ * Change password to a too long password.
+ */
+RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
+{
+ int ret;
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ std::string lng_pwd(5000, 'A');
+ ret = security_server_set_pwd(TEST_PASSWORD,lng_pwd.c_str(), 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+}
+
+/**
+ * Check empty password.
+ */
+RUNNER_TEST(tc15_security_server_chk_pwd_empty_password)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+}
+
+/**
+ * Various validity parameter values.
+ */
+RUNNER_TEST(tc16_security_server_set_pwd_validity)
+{
+ int ret;
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ ret = security_server_set_pwd_validity(0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_validity(1);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //When trying to set UINT_MAX we should get error.
+ ret = security_server_set_pwd_validity(UINT_MAX);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+
+ ret = security_server_set_pwd_validity(2);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Check passwords validity
+ */
+RUNNER_TEST(tc17_security_server_is_pwd_valid)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 2);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST:
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
+}
+
+/**
+ * Various numbers of challenges.
+ */
+RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
+{
+ int ret;
+ // Prepare environment
+ reset_security_server();
+ // calculate max applicable valid days that will not be rejected by ss
+ // ensure, that after conversion from days to seconds in ss there will be no uint overflow
+ unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1;
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, valid_days);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TESTS
+ ret = security_server_set_pwd_max_challenge(0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_max_challenge(UINT_MAX);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_max_challenge(6);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+
+/**
+ * Check the max number of challenges.
+ */
+RUNNER_TEST(tc19_security_server_is_pwd_valid)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_max_challenge(6);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
+}
+
+/**
+ * Basic password check.
+ */
+RUNNER_TEST(tc20_security_server_chk_pwd)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
+
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+}
+
+/**
+ * Check an incorrect password.
+ */
+RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //TEST
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+}
+
+/**
+ * Check an incorrect password
+ */
+RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
+{
+ int ret;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+}
+
+/**
+ * Change password
+ */
+RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
+{
+ int ret;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Check wrong password multiple times and then check a correct one.
+ */
+RUNNER_TEST(tc24_security_server_attempt_exceeding)
+{
+ int ret;
+ unsigned int i, attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ printf("5 subtests started...");
+ for (i = 1; i <= 5; i++) {
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
+ }
+ printf("DONE\n");
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
+ RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
+}
+
+/**
+ * Try to exceed maximum number of challenges.
+ */
+RUNNER_TEST(tc25_security_server_attempt_exceeding)
+{
+ int ret;
+ unsigned int i, attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 1);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ printf("10 subtests started...");
+ for (i = 1; i <= 10; i++) {
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
+ }
+
+ // The check, that exceeds max number
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
+ printf("DONE\n");
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
+}
+
+/**
+ * Reset password
+ */
+RUNNER_TEST(tc26_security_server_reset_pwd)
+{
+ int ret;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Check too long password.
+ */
+RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ std::string lng_pwd(5000, 'A');
+ ret = security_server_chk_pwd(lng_pwd.c_str(), &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+}
+
+/**
+ * Check passwords expiration (not expired)
+ */
+RUNNER_TEST(tc28_security_server_check_expiration)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
+}
+
+/**
+ * Use various parameter values of parameters.
+ */
+RUNNER_TEST(tc29_security_server_set_pwd_history)
+{
+ int ret;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TESTS
+ ret = security_server_set_pwd_history(100);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+
+ ret = security_server_set_pwd_history(51);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+
+ ret = security_server_set_pwd_history(-5);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+
+ ret = security_server_set_pwd_history(50);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_history(0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_set_pwd_history(INT_MAX);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+
+ ret = security_server_set_pwd_history(INT_MIN);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+
+ ret = security_server_set_pwd_history(10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+
+
+int dir_filter(const struct dirent *entry)
+{
+ if ((strcmp(entry->d_name, ".") == 0) ||
+ (strcmp(entry->d_name, "..") == 0) ||
+ (strcmp(entry->d_name, "attempts") == 0) ||
+ (strcmp(entry->d_name, "history") == 0))
+ return (0);
+ else
+ return (1);
+}
+
+void clean_password_dir(void)
+{
+ int ret;
+ int i;
+ struct dirent **mydirent;
+
+ ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
+ i = ret;
+ while (i--)
+ free(mydirent[i]);
+ free(mydirent);
+}
+
+
+/**
+ * Check password history.
+ */
+RUNNER_TEST(tc30_security_server_check_history)
+{
+ int ret;
+ int i;
+ char buf1[33], buf2[33];
+
+ // Prepare environment
+ reset_security_server();
+
+ clean_password_dir();
+
+ ret = security_server_set_pwd_history(9);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_reset_pwd("history0", 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ printf("11 subtests started...");
+ for (i = 0; i < 11; i++) {
+ sprintf(buf1, "history%d", i);
+ sprintf(buf2, "history%d", i + 1);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(buf1, buf2, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ }
+ printf("DONE\n");
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd("history11", "history1", 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd("history1", "history8", 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd("history1", "history12", 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ printf("48 subtests started...");
+ for (i = 12; i < 60; i++) {
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ sprintf(buf1, "history%d", i);
+ sprintf(buf2, "history%d", i + 1);
+
+ ret = security_server_set_pwd(buf1, buf2, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ }
+ printf("DONE\n");
+
+ clean_password_dir();
+}
+
+/**
+ * Replay attack
+ */
+RUNNER_TEST(tc31_security_server_replay_attack)
+{
+ int ret;
+ int i = 0;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
+
+ while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
+ i += 100000;
+
+ ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
+ usleep(i);
+ }
+
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+}
+
+/**
+ * Expired password
+ */
+RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+ struct timeval cur_time;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 4, 1);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = gettimeofday(&cur_time, nullptr);
+ RUNNER_ASSERT_ERRNO(ret != -1);
+
+ cur_time.tv_sec += (expire_sec + 1);
+ ret = settimeofday(&cur_time, nullptr);
+ RUNNER_ASSERT_ERRNO(ret != -1);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+}
+
+/**
+ * Reset password
+ */
+RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
+{
+ int ret;
+
+ // Prepare environment
+ reset_security_server();
+
+ // TEST
+ ret = security_server_reset_pwd(nullptr, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+}
+
+/*
+ * Use this instead of security_server_chk_pwd directly to verify the function output.
+ * For example:
+ * verify_chk_pwd("password", SECURITY_SERVER_API_SUCCESS, 2, 5, "debug string")
+ */
+void verify_chk_pwd (
+ const char* challenge,
+ int expected_result,
+ unsigned int expected_current_attempt,
+ unsigned int expected_max_attempt,
+ const std::string &info = std::string())
+{
+ /* ensure that initial values differ from expected ones */
+ unsigned int attempt = expected_current_attempt - 1;
+ unsigned int max_attempt = expected_max_attempt - 1;
+ unsigned int expire_sec = PASSWORD_INFINITE_EXPIRATION_TIME - 1;
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
+
+ // validate returned value
+ RUNNER_ASSERT_MSG(ret == expected_result,
+ info << "security_server_chk_pwd returned "
+ << ret << " (expected: " << expected_result << ")");
+
+ // validate current attempts value
+ RUNNER_ASSERT_MSG(attempt == expected_current_attempt,
+ info << "security_server_chk_pwd returned attempt = " << attempt <<
+ " (expected: " << expected_current_attempt << ")");
+
+ // validate max attempt value
+ RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt,
+ info << "security_server_chk_pwd returned max_attempt = " << max_attempt <<
+ " (expected: " << expected_max_attempt << ")");
+
+ RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
+ info << "security_server_chk_pwd returned expire_sec = " << expire_sec <<
+ " (expected: " << PASSWORD_INFINITE_EXPIRATION_TIME << ")");
+}
+
+/**
+ * Reach last attempt few times in a row (before exceeding max_attempt).
+ */
+RUNNER_TEST(tc34_security_server_max_attempts)
+{
+ // Prepare environment
+ reset_security_server();
+
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // change max attempts number few times
+ std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
+
+ for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
+ unsigned int max_challenges = max_challenge_tab[pass];
+
+ ret = security_server_set_pwd_max_challenge(max_challenges);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // max_challenges-1 wrong password attempts
+ for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
+ verify_chk_pwd(SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt_nr,
+ max_challenges,
+ std::string("pass = ") + std::to_string(pass) +
+ ", attempt = " + std::to_string(attempt_nr));
+
+ // Check correct password finally
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
+ max_challenges, max_challenges);
+ }
+}
+
+/**
+ * Decrease 'max challenge' number after several missed attempts.
+ */
+RUNNER_TEST(tc35_security_server_decrease_max_attempts)
+{
+ const unsigned int max_challenge_more = 10;
+ const unsigned int max_challenge_less = 5;
+
+ // Prepare environment
+ reset_security_server();
+
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge_more, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // missed attempts
+ for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
+ verify_chk_pwd(SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt,
+ max_challenge_more,
+ std::string("attempt = ") + std::to_string(attempt));
+
+ // lower max_challenge
+ ret = security_server_set_pwd_max_challenge(max_challenge_less);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // try valid password - should pass (curr attempts is reset)
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less);
+
+ // remove max attempts limit
+ ret = security_server_set_pwd_max_challenge(0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // try valid password again - should pass
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
+
+ // try to change the password - should pass
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // validate new password
+ verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
+}
+
+/**
+ * Change password few times and challenge previous passwords - checks if security_server_set_pwd
+ * works as it should.
+ */
+RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
+{
+ const int history_depth = 5;
+ const unsigned int max_challenge = 3;
+ std::string prev_pass, new_pass = TEST_PASSWORD;
+
+ // Prepare environment
+ reset_security_server();
+
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ for (int depth = 0; depth < history_depth; ++depth) {
+ prev_pass = new_pass;
+
+ //generate password name
+ new_pass = "history" + std::to_string(depth+1);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // challenge initial password
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 1,
+ max_challenge,
+ std::string("depth = ") + std::to_string(depth));
+
+ // challenge previous password
+ verify_chk_pwd(
+ prev_pass.c_str(),
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 2,
+ max_challenge,
+ std::string("depth = ") + std::to_string(depth));
+ }
+}
+
+/**
+ * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
+ * This test simulates user's behaviour - challenges valid and invalid passwords
+ * in various combinations.
+ */
+RUNNER_TEST(tc37_security_server_challenge_mixed)
+{
+ // Prepare environment
+ reset_security_server();
+
+ const unsigned int max_challenge = 2;
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
+ for (unsigned int i = 0; i < max_challenge; ++i)
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 1,
+ max_challenge,
+ std::string("i = ") + std::to_string(i));
+
+ // Ensure that challenging valid password resets 'cuurrent attempt' value.
+ // If it didn't, the test would fail in third loop pass.
+ for (unsigned int i = 0; i < max_challenge + 1; ++i) {
+ // incorrect pwd
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 1,
+ max_challenge,
+ std::string("i = ") + std::to_string(i));
+
+ // correct pwd
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 2,
+ max_challenge,
+ std::string("i = ") + std::to_string(i));
+ }
+
+ // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
+ // any further attempts (even correct) are blocked
+ for (unsigned int i = 1; i <= max_challenge; ++i)
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ i,
+ max_challenge,
+ std::string("i = ") + std::to_string(i));
+
+ // correct - refused
+ for (unsigned int i = 1; i <= max_challenge; ++i)
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
+ max_challenge + i,
+ max_challenge,
+ std::string("i = ") + std::to_string(i));
+}
+
+/*
+ * Pasword change mixed with history depth change.
+ */
+RUNNER_TEST(tc38_security_server_history_depth_change)
+{
+ int ret;
+ const int initial_history_depth = 2;
+ const int decreased_history_depth = 1;
+ const int increased_history_depth = 3;
+
+ // Prepare environment
+ reset_security_server();
+
+ ret = security_server_set_pwd_history(initial_history_depth);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ /*
+ * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
+ * and SECOND_TEST_PASSWORD as a part of history.
+ */
+ ret = security_server_set_pwd_history(decreased_history_depth);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ /*
+ * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
+ * and THIRD_TEST_PASSWORD only.
+ */
+ ret = security_server_set_pwd_history(increased_history_depth);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+}
+
+/**
+ * Challenge invalid password, reset server and check if 'current attempts' is restored.
+ */
+RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
+{
+ unsigned int attempt, max_attempt, expire_sec;
+ const unsigned int max_challenge = 10;
+ const unsigned int invalid_attempts_num = 3;
+
+ // Prepare environment
+ reset_security_server();
+
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // missed attempts
+ for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt,
+ max_challenge);
+
+ attempt = max_attempt = expire_sec = UINT_MAX;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt);
+ RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt);
+ RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
+ expire_sec);
+
+ // restart server - triggers loading password data from file
+ restart_security_server();
+
+ // challenge invalid password
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ invalid_attempts_num + 1,
+ max_challenge);
+
+ // challenge valid password
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ invalid_attempts_num + 2,
+ max_challenge);
+}
+
+/**
+ * Validate passwords history after security server reset.
+ */
+RUNNER_TEST(tc40_security_server_history_check_after_reset)
+{
+ const unsigned int history_depth = 2;
+
+ // Prepare environment
+ reset_security_server();
+
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // restart server - triggers loading password data from file
+ restart_security_server();
+
+ // try to reuse history passwords
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Check if SS has correct behaviour when changing history depth to 0.
+ */
+RUNNER_TEST(tc41_security_server_empty_history_check)
+{
+ const unsigned int history_depth = 2;
+ const unsigned int empty_history_depth = 0;
+
+ //prepare environment
+ reset_security_server();
+
+ //set new history count
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //set new password and fill history
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //make sure, that everything went OK - try setting something that would cause reuse error
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ //reset history limit to no history at all
+ ret = security_server_set_pwd_history(empty_history_depth);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //make sure, that current password still exists in memory
+ //expected attempt 3 because our previous tries increased attempt counter
+ verify_chk_pwd(
+ THIRD_TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 3,
+ 0);
+
+ //make sure that it's possible to reuse old password once history limit is set to 0
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //once again try setting earlier used passwords - now API should return success
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //try setting different password and giving nullptr as current once again
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(nullptr, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+}
+
+RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ unsigned int attempt, max_attempt, expire_sec;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+}
+
+RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ unsigned int attempt, max_attempt, expire_sec;
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+}
+
+RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+ ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+}
+
+RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_validity(11);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_validity(11);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_history(5);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_history(5);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc50_security_server_set_pwd_current_pwd_with_infinite_expiration_time)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ // Assert security server sets infinite expiration time
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
+ "invalid expiration time " << expire_sec);
+
+ clean_password_dir();
+}
+
+RUNNER_TEST(tc51_security_server_is_pwd_valid)
+{
+ reset_security_server();
+
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 1);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ unsigned int attempt, maxAttempt, validSec;
+ attempt = maxAttempt = validSec = 0;
+
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret <<
+ " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
+
+
+ SystemClock clock(60*60*24*2);
+
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0),
+ "ret = " << ret << " atempt=" << attempt << " maxAttempt=" << maxAttempt
+ << " validSec=" << validSec);
+}
+
+RUNNER_TEST(tc52_security_server_is_pwd_valid)
+{
+ reset_security_server();
+
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ unsigned int attempt, maxAttempt, validSec;
+ attempt = maxAttempt = validSec = 0;
+
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0xffffffff), "ret = " << ret <<
+ " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
+}
+
+RUNNER_TEST(tc53_security_server_is_pwd_valid)
+{
+ reset_security_server();
+
+ int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 3);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ unsigned int attempt, maxAttempt, validSec;
+ attempt = maxAttempt = validSec = 0;
+
+ // password shoudl be valid for 3 days == (60*60*24*3) 259200 seconds
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG((validSec > 259000) && (validSec < 260000), "validSec = " << validSec);
+
+ SystemClock clock;
+ clock.shift(-60*60*24); // one day back
+
+ // password should be valid for 4 days == (60*60*24*4) 345600 seconds
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG((validSec > 345000) && (validSec < 346000), "validSec = " << validSec);
+
+ clock.shift(-60*60*24*2); // 3 days back
+
+ // password shoudl be valid for 6 days == (60*60*24*6) 518400 seconds
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG((validSec > 518000) && (validSec < 519000), "validSec = " << validSec);
+}
+
+int main(int argc, char *argv[])
+{
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
--- /dev/null
+#include <dpl/test/test_runner.h>
+
+#include <libprivilege-control_test_common.h>
+
+#include <security-server.h>
+#include <privilege-control.h>
+
+const char *SSTP_APP_ID = "sstp_test_app";
+const char *SSTP_OTHER_LABEL = "sstp_test_other_label";
+
+const char *SSTP_PERMS[] = {
+ "sstp_test_rules1",
+ "sstp_test_rules2",
+ nullptr
+};
+
+const char *SSTP_PERMS1[] = {
+ SSTP_PERMS[0],
+ nullptr
+};
+
+const char *SSTP_PERMS2[] = {
+ SSTP_PERMS[1],
+ nullptr
+};
+
+void check_security_server_app_has_privilege(const char *app_label,
+ const char *permission,
+ int is_enabled_expected)
+{
+ int result;
+ int is_enabled;
+
+ result = security_server_app_has_privilege(app_label, APP_TYPE_WGT, permission, &is_enabled);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error calling security_server_app_has_privilege. Result: " << result);
+
+ RUNNER_ASSERT_MSG(is_enabled == is_enabled_expected,
+ "Result of security_server_app_has_privilege should be: " << is_enabled_expected);
+}
+
+RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PRIVILEGE);
+
+RUNNER_TEST(sstp_01_security_server_app_has_privilege)
+{
+ int result;
+
+ DB_BEGIN
+
+ result = perm_app_uninstall(SSTP_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error uninstalling app. Result" << result);
+
+ result = perm_app_install(SSTP_APP_ID);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error installing app. Result" << result);
+
+ result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app r and no r permissions. Result: " << result);
+
+ DB_END
+
+ check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
+ check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
+ check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
+ check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
+
+ DB_BEGIN
+
+ result = perm_app_enable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS1, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error registering app r permissions. Result: " << result);
+
+ DB_END
+
+ check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 1);
+ check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
+ check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
+ check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
+
+ DB_BEGIN
+
+ result = perm_app_enable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS2, false);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error registering app r permissions. Result: " << result);
+
+ DB_END
+
+ check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 1);
+ check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 1);
+ check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
+ check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
+
+ DB_BEGIN
+
+ result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS1);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app r and no r permissions. Result: " << result);
+
+ DB_END
+
+ check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
+ check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 1);
+ check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
+ check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
+
+ DB_BEGIN
+
+ result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS2);
+ RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
+ "Error disabling app r and no r permissions. Result: " << result);
+
+ DB_END
+
+ check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
+ check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
+ check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
+ check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
+}
+
+int main(int argc, char *argv[])
+{
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_tests_stress.cpp
+ * @author Pawel Polawski (p.polawski@partner.samsung.com)
+ * @version 1.0
+ * @brief Test cases for security server stress tests
+ *
+ */
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <tests_common.h>
+#include <iostream>
+#include <sys/smack.h>
+#include <cstddef>
+#include <thread>
+#include <mutex>
+#include <string>
+#include <sys/types.h>
+#include <unistd.h>
+#include "security-server.h"
+#include <memory.h>
+
+std::mutex g_mutex;
+std::mutex g_msgMutex;
+size_t g_successes = 0;
+
+//number of threads
+const size_t g_threadsNumber = 5;
+
+//environment setup
+const std::string g_subject("woda");
+const std::string g_object("wiadro");
+const std::string g_rule("rwx");
+
+//for storing errors
+std::string g_errors;
+
+
+void appendError(const std::string &message)
+{
+ std::lock_guard<std::mutex> lock(g_msgMutex);
+ g_errors += message;
+ g_errors += "\n";
+}
+
+void cookie_api_thread_function(bool isSmack)
+{
+ /*
+ Tested API functions:
+
+ int security_server_get_cookie_size(void);
+ int security_server_request_cookie(char *cookie, size_t bufferSize);
+ int security_server_check_privilege(const char *cookie, gid_t privilege);
+ int security_server_check_privilege_by_cookie(const char *cookie,
+ const char *object,
+ const char *access_rights);
+ int security_server_get_cookie_pid(const char *cookie);
+ char *security_server_get_smacklabel_cookie(const char *cookie);
+ */
+
+ int ret;
+ size_t COOKIE_SIZE;
+
+ //security_server_get_cookie_size()
+ COOKIE_SIZE = security_server_get_cookie_size();
+ if (COOKIE_SIZE != 20) {
+ appendError("Error in security_server_get_cookie_size(): " + std::to_string(COOKIE_SIZE));
+ return;
+ }
+
+ //security_server_request_cookie()
+ std::vector<char> cookie(COOKIE_SIZE);
+ ret = security_server_request_cookie(cookie.data(), COOKIE_SIZE);
+ if (ret < 0) {
+ appendError("Error in security_server_request_cookie(): " + std::to_string(ret));
+ return;
+ }
+
+ //security_server_check_privilege()
+ ret = security_server_check_privilege(cookie.data(), 0);
+ if (ret < 0) {
+ appendError("Error in security_server_check_privilege(): " + std::to_string(ret));
+ return;
+ }
+
+ //security_server_check_privilege_by_cookie()
+ ret = security_server_check_privilege_by_cookie(cookie.data(), g_object.data(), g_rule.data());
+ if (ret < 0) {
+ appendError("Error in security_server_check_privilege_by_cookie(): " + std::to_string(ret));
+ return;
+ }
+
+ //security_server_get_cookie_pid
+ ret = security_server_get_cookie_pid(cookie.data());
+ if (ret < 0) {
+ appendError("Error in security_server_get_cookie_pid(): " + std::to_string(ret));
+ return;
+ }
+
+ if (isSmack) {
+ //security_server_get_smacklabel_cookie()
+ char *tmp = security_server_get_smacklabel_cookie(cookie.data());
+ std::string labelFromCookie(tmp ? tmp : "");
+ free(tmp);
+ if (labelFromCookie.size() == 0) {
+ appendError("Error in security_server_get_smacklabel_cookie(): " + labelFromCookie);
+ return;
+ }
+
+ char *labelFromSelfTmp = nullptr;
+ ret = smack_new_label_from_self(&labelFromSelfTmp);
+ if (ret < 0) {
+ appendError("Error in smack_new_label_from_self(): " + std::to_string(ret));
+ return;
+ }
+
+ std::string labelFromSelf(labelFromSelfTmp ? labelFromSelfTmp : "");
+ free(labelFromSelfTmp);
+ if (labelFromSelf != labelFromCookie) {
+ appendError("Error in comparing SMACK label: " + std::to_string(ret));
+ return;
+ }
+ }
+
+ std::lock_guard<std::mutex> lock(g_mutex);
+ ++g_successes;
+}
+
+void testFunction(bool isSmack)
+{
+ std::vector<std::thread> threadsVector;
+
+ if (isSmack) {
+ //preapre environment
+ int ret = smack_set_label_for_self(g_subject.data());
+ RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self()");
+
+ struct smack_accesses *rulesRaw = nullptr;
+ ret = smack_accesses_new(&rulesRaw);
+ RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_new()");
+ SmackAccessesPtr rules(rulesRaw);
+ ret = smack_accesses_add(rules.get(), g_subject.data(), g_object.data(), g_rule.data());
+ RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_add()");
+ ret = smack_accesses_apply(rules.get());
+ RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_apply()");
+ }
+
+ //spawning threads
+ for (size_t i = 0 ; i < g_threadsNumber; ++i)
+ threadsVector.push_back(std::thread(cookie_api_thread_function, isSmack));
+
+ //waiting for threads end
+ for (auto itr = threadsVector.begin(); itr != threadsVector.end(); ++itr)
+ itr->join();
+}
+
+
+RUNNER_TEST_GROUP_INIT(stress_tests)
+
+RUNNER_CHILD_TEST_SMACK(tc_stress_cookie_api_smack)
+{
+ testFunction(true);
+
+ RUNNER_ASSERT_MSG(g_successes == g_threadsNumber,
+ "Not all threads exit with success: "
+ << g_successes << "/ " << g_threadsNumber
+ << std::endl << "Errors:" << std::endl << g_errors);
+}
+
+RUNNER_CHILD_TEST_NOSMACK(tc_stress_cookie_api_no_smack)
+{
+ testFunction(false);
+
+ RUNNER_ASSERT_MSG(g_successes == g_threadsNumber,
+ "Not all threads exit with success: "
+ << g_successes << "/ " << g_threadsNumber
+ << std::endl << "Errors:" << std::endl << g_errors);
+}
+
+
+
+int main (int argc, char *argv[])
+{
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_tests_server.cpp
+ * @author Bumjin Im (bj.im@samsung.com)
+ * @author Mariusz Domanski (m.domanski@samsung.com)
+ * @version 1.0
+ * @brief Test cases for security server
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <fcntl.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <poll.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/smack.h>
+#include <sys/wait.h>
+#include "security-server.h"
+#include "security_server_clean_env.h"
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dlog.h>
+#include <privilege-control.h>
+#include <ftw.h>
+#include "security_server_tests_common.h"
+#include "tests_common.h"
+#include <smack_access.h>
+#include <access_provider.h>
+
+const char *TEST03_SUBJECT = "subject_0f09f7cc";
+const char *TEST04_SUBJECT = "subject_57dfbfc5";
+const char *TEST07_SUBJECT = "subject_cd738844";
+const char *TEST08_SUBJECT = "subject_fd84ba7f";
+
+void clear_password()
+{
+ int ret = -1;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ reset_security_server();
+
+ attempt = max_attempt = expire_sec = UINT_MAX;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
+ RUNNER_ASSERT(expire_sec == 0);
+ RUNNER_ASSERT(max_attempt == 0);
+ RUNNER_ASSERT(attempt == 0);
+
+ sleep(1);
+}
+
+void check_API_passwd(bool smack) {
+ int ret = -1;
+ int err, err_is_pwd_valid;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ err = smack ? SECURITY_SERVER_API_ERROR_ACCESS_DENIED : SECURITY_SERVER_API_SUCCESS;
+ err_is_pwd_valid = smack ? SECURITY_SERVER_API_ERROR_ACCESS_DENIED : SECURITY_SERVER_API_ERROR_PASSWORD_EXIST;
+ attempt = max_attempt = expire_sec = 0;
+
+ if (smack) {
+ SecurityServer::AccessProvider privider(TEST04_SUBJECT);
+ privider.applyAndSwithToUser(APP_UID, APP_GID);
+ } else {
+ RUNNER_ASSERT_MSG((ret = drop_root_privileges()) == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+ }
+
+ ret = security_server_set_pwd_validity(APP_UID);
+ RUNNER_ASSERT_MSG(ret == err,
+ "security_server_set_pwd_validity has failed,"
+ " ret: " << ret);
+
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG(ret == err,
+ "security_server_set_pwd_max_challenge has failed,"
+ " ret: " << ret);
+
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == err_is_pwd_valid,
+ "security_server_is_pwd_valid should return password exist,"
+ " ret: " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd("12345", "12346", 0, 0);
+ RUNNER_ASSERT_MSG(ret == err,
+ "security_server_set_pwd has failed, ret: " << ret);
+
+ ret = security_server_reset_pwd("12346",0, 0);
+ RUNNER_ASSERT_MSG(ret == err,
+ "security_server_reset_pwd has failed, ret: " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd("12346", &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == err,
+ "security_server_chk_pwd has failed, ret: " << ret);
+
+ ret = security_server_set_pwd_history(10);
+ RUNNER_ASSERT_MSG(ret == err,
+ "security_server_set_pwd_history has failed, ret: " << ret);
+}
+
+RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_SERVER);
+
+RUNNER_TEST(tc_security_server_get_gid_normal_case_trying_to_get_gid_of_tel_gprs)
+{
+ RUNNER_ASSERT(security_server_get_gid("tel_gprs") >= 0);
+}
+
+RUNNER_TEST(tc_security_server_get_gid_empty_object_name)
+{
+ RUNNER_ASSERT(security_server_get_gid("") == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
+}
+
+RUNNER_TEST(tc_security_server_get_gid_wrong_object_name_teltel)
+{
+ RUNNER_ASSERT(security_server_get_gid("teltel") == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc01a_security_server_app_give_access)
+{
+ const char *subject = "abc345v34sfa";
+ const char *object = "efg678x2lkjz";
+
+ SecurityServer::AccessProvider provider(object);
+ provider.allowSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ security_server_app_give_access(subject, getpid());
+
+ RUNNER_ASSERT(1 == smack_have_access(subject, object, "rwxat"));
+}
+
+/*
+ * Currently we are NOT revoking any permissions given by
+ * security_server_app_give_access function
+ */
+/*RUNNER_TEST(tc01b_security_server_app_give_access)
+{
+ const char *subject = "abc345v34sfa";
+ const char *object = "efg678x2lkjz";
+
+ // After part A thread from security-server will be notified about
+ // process end and revoke permissions. We need to give him some
+ // time.
+ sleep(1);
+
+ RUNNER_ASSERT(0 == smack_have_access(subject, object, "r----"));
+ RUNNER_ASSERT(0 == smack_have_access(subject, object, "-w---"));
+ RUNNER_ASSERT(0 == smack_have_access(subject, object, "--x--"));
+ RUNNER_ASSERT(0 == smack_have_access(subject, object, "---a-"));
+ RUNNER_ASSERT(0 == smack_have_access(subject, object, "----t"));
+}*/
+
+RUNNER_CHILD_TEST_SMACK(tc01c_security_server_app_give_access_no_access)
+{
+ const char *subject = "xxx45v34sfa";
+ const char *object = "yyy78x2lkjz";
+
+ SmackAccess smack;
+ smack.add(subject, object, "-----");
+ smack.apply();
+
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(object), "Error in smack_label_for_self");
+
+ RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
+
+ RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
+ security_server_app_give_access(subject, getpid()));
+
+ RUNNER_ASSERT(0 == smack_have_access(subject, object, "r"));
+}
+
+RUNNER_TEST_SMACK(tc02_check_privilege_by_pid)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
+ int ret;
+ int pid;
+
+ pid = getpid();
+
+ //we checking existing rule, it should return positive
+ ret = security_server_check_privilege_by_pid(pid, "_", "rx");
+ RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
+
+ //we checking rule with label that not exist
+ ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
+ RUNNER_ASSERT(ret != SECURITY_SERVER_API_SUCCESS);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc03_check_API_passwd_allow)
+{
+ int ret = -1;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ attempt = max_attempt = expire_sec = 0;
+
+ clear_password();
+
+ SecurityServer::AccessProvider provider(TEST03_SUBJECT);
+ provider.allowSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ ret = security_server_set_pwd_validity(10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
+
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
+
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(nullptr, "12345", 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+
+ ret = security_server_reset_pwd("12345",0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+
+ ret = security_server_set_pwd_history(10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc04_check_API_passwd_denied)
+{
+ check_API_passwd(true);
+}
+
+RUNNER_CHILD_TEST_NOSMACK(tc04_check_API_app_user_passwd_allow_nosmack)
+{
+ check_API_passwd(false);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow)
+{
+ SecurityServer::AccessProvider provider(TEST07_SUBJECT);
+ provider.allowSS();
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+}
+
+RUNNER_CHILD_TEST_SMACK(tc08_check_API_data_share_denied)
+{
+ SecurityServer::AccessProvider provider(TEST08_SUBJECT);
+ provider.applyAndSwithToUser(APP_UID, APP_GID);
+
+ int ret = security_server_app_give_access(TEST08_SUBJECT, getpid());
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
+ "security_server_app_give_access should return access denied,"
+ " ret: " << ret);
+}
+
+//////////////////////////////////////////
+/////////NOSMACK ENV TESTS////////////////
+//////////////////////////////////////////
+
+/**
+ * NOSMACK version of tc01a and tc01c tests.
+ *
+ * SMACK is turned off - that means for us, that we don't need any accesses added to our process
+ * in SMACK before dropping root privileges. This test drops root privileges, calls
+ * security_server_app_give_access and then checks if smack_have_access returns error (because
+ * SMACK is off).
+ *
+ * security_server_app_give_access shouldn't return anything else than success when SMACK is off,
+ * hence there is only one test that replaces tests tc01a and tc01c.
+ */
+RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_app_give_access_nosmack)
+{
+ const char* subject = "abc345v34sfa";
+ const char* object = "efg678x2lkjz";
+ int result = 0;
+
+ result = drop_root_privileges();
+ RUNNER_ASSERT_MSG(result == 0,
+ "Failed to drop root privileges. Result: " << result << "uid = " << getuid());
+
+ result = security_server_app_give_access(subject, getpid());
+ RUNNER_ASSERT_MSG(result == SECURITY_SERVER_API_SUCCESS,
+ "Error in security_server_app_give_access. Result: " << result);
+
+ result = smack_have_access(subject, object, "rwxat");
+ RUNNER_ASSERT_MSG(result == -1,
+ "smack_have_access should return error when SMACK is off. Result: " << result);
+}
+
+/**
+ * NOSMACK version of tc02 test.
+ *
+ * check_privilege_by_pid should always return success when SMACK is off, no matter if label is
+ * real or not.
+ */
+RUNNER_TEST_NOSMACK(tc02_check_privilege_by_pid_nosmack)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
+ int ret;
+ int pid;
+
+ pid = getpid();
+
+ //we checking existing rule, it should return positive
+ ret = security_server_check_privilege_by_pid(pid, "_", "rx");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "check_privilege_by_pid for existing label failed. Result: " << ret);
+
+ //we checking rule with label that not exist
+ ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "check_privilege_by_pid for nonexisting label failed. Result: " << ret);
+}
+
+/**
+ * NOSMACK version of clear_password function.
+ *
+ * Compared to SMACK version of this function, this one skips adding rules and setting label.
+ */
+int clear_password_nosmack()
+{
+ int ret = -1;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ if (getuid() == 0) {
+ reset_security_server();
+
+ attempt = max_attempt = expire_sec = UINT_MAX;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
+ "is_pwd_faild should return no password error. Result: " << ret);
+ RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec << ", should be 0.");
+ RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt << ", should be 0.");
+ RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt << ", should be 0.");
+
+ return 0;
+ }
+ return -1;
+}
+
+/**
+ * NOSMACK version of tc03 test.
+ *
+ * Just as tc01a/tc01c NOSMACK replacement, we don't need to do anything with SMACK because most
+ * important functions will return errors (that is smack_accesses_apply/smack_have_access etc.).
+ * First clear password, then drop privileges and proceed to regular testing.
+ */
+
+RUNNER_CHILD_TEST_NOSMACK(tc03_check_API_passwd_allow_nosmack)
+{
+ int ret = -1;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ attempt = max_attempt = expire_sec = 0;
+
+ clear_password_nosmack();
+
+ // drop root privileges
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+
+ ret = security_server_set_pwd_validity(10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
+ "set_pwd_validity should return no password error. Result: " << ret);
+
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
+ "set_pwd_max_challenge should return no password error. Result: " << ret);
+
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
+ "is_pwd_valid should return no password error. Result: " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(nullptr, "12345", 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "set_pwd failed. Result: " << ret);
+
+ ret = security_server_reset_pwd("12345",0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "reset_pwd failed. Result: " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "chk_pwd failed. Result: " << ret);
+
+ ret = security_server_set_pwd_history(10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "set_pwd_history failed. Result: " << ret);
+}
+
+/**
+ * NOSMACK version of tc07 test.
+ *
+ * Similarily to previous tests - no need to set self label because SMACK is off. Just as
+ * tc01a/tc01c replacement, security_server_app_give_access should return only success. Hence the
+ * NOSMACK version of tc08 test is skipped.
+ */
+RUNNER_CHILD_TEST_NOSMACK(tc07_check_API_data_share_allow_nosmack)
+{
+ int ret = -1;
+
+ // drop root privileges
+ ret = drop_root_privileges();
+ RUNNER_ASSERT_MSG(ret == 0,
+ "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
+
+ ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "app_give_access failed. Result: " << ret);
+}
+
+int main(int argc, char *argv[]) {
+ if (0 != getuid()) {
+ printf("Error: %s must be executed by root\n", argv[0]);
+ exit(1);
+ }
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_tests_weird_arguments.cpp
+ * @author Zbigniew Jasinski (z.jasinski@samsung.com)
+ * @version 1.0
+ * @brief Test cases for security server
+ *
+ */
+#include "tests_common.h"
+#include "security-server.h"
+#include <dpl/test/test_runner.h>
+#include <dpl/log/log.h>
+
+RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_WEIRD_ARGUMENTS);
+
+RUNNER_TEST(tc01_security_server_get_gid_weird_input_case)
+{
+ int ret = 0;
+ char weird[] = {static_cast <char> (0xe3), 0x79, static_cast <char> (0x82), 0x0};
+
+ /* normal param case */
+ ret = security_server_get_gid("tel_sim");
+ RUNNER_ASSERT_MSG(ret > -1, "ret: " << ret);
+
+ /* wrong param case */
+ ret = security_server_get_gid("elephony_akecall");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret: " << ret);
+
+ /* weird param case */
+ ret = security_server_get_gid(weird);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret: " << ret);
+
+ /* null param case */
+ ret = security_server_get_gid(nullptr);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+
+ /* param too long case */
+ ret = security_server_get_gid("abcdefghijklmnopqrstuvwxyz01234");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+
+ /* empty param case */
+ ret = security_server_get_gid("");
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+}
+
+/* from security_server_tests_server.cpp */
+
+RUNNER_TEST(tc03_security_server_request_cookie_weird_input_case)
+{
+ int ret = 0;
+ size_t cookie_size = security_server_get_cookie_size();
+
+ /* null cookie case */
+ char *cookie = nullptr;
+
+ ret = security_server_request_cookie(cookie, cookie_size);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+
+ /* buffer size too small case */
+ cookie_size = 19;
+ char cookie2[cookie_size];
+
+ ret = security_server_request_cookie(cookie2, cookie_size);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret: " << ret);
+}
+
+RUNNER_TEST(tc04_security_server_check_privilege_weird_input_case)
+{
+ int ret = 0;
+ size_t cookie_size = security_server_get_cookie_size();
+ gid_t gid = DB_ALARM_GID;
+
+ /* null cookie case */
+ char *cookie = nullptr;
+
+ ret = security_server_check_privilege(cookie, gid);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+
+ char cookie2[cookie_size];
+
+ ret = security_server_request_cookie(cookie2, cookie_size);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+
+ /* big gid case */
+ gid = 70666;
+
+ ret = security_server_check_privilege(cookie2, gid);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
+}
+RUNNER_TEST(tc05_security_server_check_privilege_by_cookie_weird_input_case)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
+ int ret = 0;
+ size_t cookie_size = security_server_get_cookie_size();;
+ const char *object = "telephony_makecall";
+ const char *access_rights = "r";
+
+ /* null cookie case */
+ char *cookie = nullptr;
+ ret = security_server_check_privilege_by_cookie(cookie, object, access_rights);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+
+ /* null object case */
+ char *object2 = nullptr;
+ char cookie2[cookie_size];
+
+ ret = security_server_request_cookie(cookie2, cookie_size);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
+
+ ret = security_server_check_privilege_by_cookie(cookie2, object2, access_rights);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+
+ /* null access rights case */
+ access_rights = nullptr;
+ ret = security_server_check_privilege_by_cookie(cookie2, object, access_rights);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+}
+
+RUNNER_TEST_SMACK(tc06_security_server_check_privilege_by_sockfd_weird_input_case)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+ int ret = 0;
+ int sockfd = -1;
+ const char *object = "telephony_makecall";
+ const char *access_rights = "r";
+
+ /* invalid sockfd case */
+ ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+ sockfd = 0;
+
+ /* null object case */
+ char *object2 = nullptr;
+ ret = security_server_check_privilege_by_sockfd(sockfd, object2, access_rights);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+
+ /* null access rights case */
+ access_rights = nullptr;
+ ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
+}
+
+RUNNER_TEST(tc07_security_server_get_cookie_pid_weird_input_case)
+{
+ int ret = 0;
+ char *cookie = nullptr;
+
+ ret = security_server_get_cookie_pid(cookie);
+ RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
+}
+
+///////////////////////////
+/////NOSMACK ENV TESTS/////
+///////////////////////////
+
+/**
+ * NOSMACK version of tc06 test.
+ *
+ * security_server_check_privilege_by_sockfd at first checks if SMACK exists and then checks if
+ * params are correct. Even with incorrect params we should expect SUCCESS instead of
+ * ERROR_INPUT_PARAM.
+ */
+
+RUNNER_TEST_NOSMACK(tc06_security_server_check_privilege_by_sockfd_weird_input_case_nosmack)
+{
+ RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
+ int ret = 0;
+ int sockfd = -1;
+ const char* object = "telephony_makecall";
+ const char* access_rights = "r";
+
+ //invalid sockfd case
+ ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "check_privilege_by_sockfd failed. Result: " << ret);
+ sockfd = 0;
+
+ //null object case
+ char *object2 = nullptr;
+ ret = security_server_check_privilege_by_sockfd(sockfd, object2, access_rights);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "check_privilege_by_sockfd failed. Result: " << ret);
+
+ //null access rights case
+ access_rights = nullptr;
+ ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
+ "check_privilege_by_sockfd failed. Result: " << ret);
+}
+
--- /dev/null
+#!/bin/sh
+echo "[Trigerring all tests...]"
+
+total=0
+passed=0
+failed=0
+ignored=0
+
+ign="--runignored"
+if [ $# -gt 0 ]; then
+ if [ "$1" = "--noignored" ]; then
+ ign=""
+ fi
+fi
+
+function addSummary
+{
+ read -a words < summary.txt
+ total=$((total + words[0]))
+ passed=$((passed + words[1]))
+ failed=$((failed + words[2]))
+ ignored=$((ignored + words[3]))
+
+ rm summary.txt
+}
+
+function runTest
+{
+ # 'text' - console output
+ # 'summary' - used for summary view
+ security-tests.sh "$1" --output=text --output=summary "$ign"
+ addSummary
+}
+
+function printSummary
+{
+ COLOR_GREEN_START="\033[1;32m"
+ COLOR_DARK_GREEN_START="\033[0;36m"
+ COLOR_END="\033[m"
+
+ printf "\n"
+ printf "$COLOR_GREEN_START"
+ printf "Summary\n"
+ printf "$COLOR_END"
+
+ printf "$COLOR_DARK_GREEN_START"
+ printf " Total: %i\n" "$total"
+ printf " Passed: %i\n" "$passed"
+ printf " Failed: %i\n" "$failed"
+ printf " Ignored: %i\n" "$ignored"
+ printf "$COLOR_END"
+ printf "\n"
+}
+
+runTest smack
+runTest smack-dbus
+#runTest libprivilege-control
+#runTest ss-clientsmack
+#runTest ss-server
+#runTest ss-password
+#runTest ss-privilege
+#runTest ss-stress
+runTest security-manager
+runTest cynara
+
+printSummary
+
+echo "[Done]"
--- /dev/null
+#!/bin/sh
+
+#####################################################################
+# Copyright (c) 2012-2014 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#####################################################################
+
+#testing internet access and date on the target
+
+echo "### Starting tests ######################################################"
+
+case $1 in
+
+"smack")
+ echo "========================================================================="
+ echo $1
+ echo
+ libsmack-test "${@:2}" # propagate all remaining arguments (except first)
+ ;;
+"smack-dbus")
+ echo "========================================================================="
+ echo "SMACK DBUS TEST"
+ echo
+ smack-dbus-tests "${@:2}"
+ ;;
+"libprivilege-control")
+ echo "========================================================================="
+ echo $1
+ echo
+ libprivilege-control-test "${@:2}"
+ ;;
+"ss-clientsmack")
+ echo "========================================================================="
+ echo "SECURITY SERVER TEST CLIENT SMACK"
+ echo
+ security-server-tests-client-smack "${@:2}"
+ ;;
+"ss-stress")
+ echo "========================================================================="
+ echo "SECURITY SERVER TEST STRESS"
+ echo
+ security-server-tests-stress "${@:2}"
+ ;;
+"ss-server")
+ echo "========================================================================="
+ echo "SECURITY SERVER TEST SERVER"
+ echo
+ security-server-tests-server "${@:2}"
+ ;;
+"ss-api-speed")
+ echo "========================================================================="
+ echo "SECURITY SERVER MEASURER SERVER"
+ echo
+ security-server-tests-api-speed "${@:2}"
+ ;;
+"ss-password")
+ echo "========================================================================="
+ echo "SECURITY SERVER TEST PASSWORD"
+ echo
+ security-server-tests-password "${@:2}"
+ ;;
+"ss-privilege")
+ echo "========================================================================="
+ echo "SECURITY SERVER TEST PRIVILEGE"
+ echo
+ security-server-tests-privilege "${@:2}"
+ ;;
+"security-manager")
+ echo "========================================================================="
+ echo "SECURITY MANAGER TESTS"
+ echo
+ security-manager-tests "${@:2}"
+ ;;
+"cynara")
+ echo "========================================================================="
+ echo "CYNARA TEST"
+ echo
+ cynara-test "${@:2}"
+ ;;
+*)
+ echo "Correct using:"
+ echo " security_test.sh <module> <args_for_module>"
+ echo
+ echo "modules: smack, smack-dbus, libprivilege-control, ss-clientsmack"
+ echo " ss-server, ss-api-speed, ss-password, ss-stress"
+ echo " ss-privilege, security-manager, cynara"
+ ;;
+
+esac
+
+echo "### Tests done ##########################################################"
--- /dev/null
+# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Michal Eljasiewicz (m.eljasiewic@samsung.com)
+# @brief
+#
+
+INCLUDE(FindPkgConfig)
+
+# Dependencies
+PKG_CHECK_MODULES(SMACK_DBUS_TESTS_DEP
+ libsmack
+ dbus-1
+ REQUIRED)
+
+# Targets definition
+
+INCLUDE_DIRECTORIES(SYSTEM
+ ${SMACK_DBUS_TESTS_DEP_INCLUDE_DIRS}
+ )
+
+SET(TARGET_SMACK_DBUS_TESTS "smack-dbus-tests")
+
+# Sources definition
+
+SET(SMACK_DBUS_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/smack-dbus-tests/smack_dbus_tests.cpp
+ )
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common/
+ )
+
+ADD_EXECUTABLE(${TARGET_SMACK_DBUS_TESTS} ${SMACK_DBUS_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_SMACK_DBUS_TESTS}
+ ${SMACK_DBUS_TESTS_DEP_LIBRARIES}
+ dpl-test-framework
+ tests-common
+ )
+
+# Installation
+
+INSTALL(TARGETS ${TARGET_SMACK_DBUS_TESTS} DESTINATION /usr/bin)
--- /dev/null
+#include <cstring>
+#include <unistd.h>
+#include <sys/smack.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_multiprocess.h>
+#include <dbus/dbus.h>
+#include "tests_common.h"
+
+#define DBUS_SERVER_NAME "test.method.server"
+#define DBUS_CALLER_NAME "test.method.caller"
+
+#define DBUS_SMACK_NAME "org.freedesktop.DBus"
+#define DBUS_SMACK_OBJECT "/org/freedesktop/DBus"
+#define DBUS_SMACK_INTERFACE "org.freedesktop.DBus"
+#define DBUS_SMACK_METHOD "GetConnectionCredentials"
+
+RUNNER_TEST_GROUP_INIT(SMACK_DBUS);
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tc01_smack_context_from_DBus)
+{
+ RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method"
+ " yet.");
+
+ int ret = -1;
+ const char *subject_parent = "subject_parent";
+ const char *subject_child = "subject_child";
+
+ DBusMessage* msg = nullptr;
+ DBusMessageIter args, iter, var, var_iter, var_value;
+ DBusConnection* conn = nullptr;
+ DBusError err;
+ DBusPendingCall *pending = nullptr;
+ const char *dbus_server_name = DBUS_SERVER_NAME;
+ char *smack_context = nullptr;
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed");
+
+ if (pid == 0) {
+ // child
+ ret = smack_set_label_for_self(subject_child);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
+ "smack_set__label_for_self() failed, ret: " << ret);
+
+ // initialize the errors
+ dbus_error_init(&err);
+
+ // connect to the system bus and check for errors
+ conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
+ ret = dbus_error_is_set(&err);
+ if (1 == ret) {
+ dbus_error_free(&err);
+ RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
+ }
+
+ // request our name on the bus
+ ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
+ if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
+ dbus_error_free(&err);
+ RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
+ "dbus_bus_request_name() failed, ret: " << ret);
+ }
+
+ // crate a new method call for checking SMACK context from DBus interface
+ msg = dbus_message_new_method_call(DBUS_SMACK_NAME,
+ DBUS_SMACK_OBJECT,
+ DBUS_SMACK_INTERFACE,
+ DBUS_SMACK_METHOD);
+
+ RUNNER_ASSERT_MSG(nullptr != msg,
+ "dbus_message_new_method_call() failed, ret: " << ret);
+
+ // append arguments, we need SMACK context for our parent process "test.method.server"
+ dbus_message_iter_init_append(msg, &args);
+ ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name);
+ RUNNER_ASSERT_MSG(1 == ret, "Out of memory");
+
+ // wait for parent to connect to DBus
+ sleep(3);
+
+ // send message and get a handle for a reply
+ // -1 is default timeout
+ ret = dbus_connection_send_with_reply (conn, msg, &pending, -1);
+ RUNNER_ASSERT_MSG(1 == ret, "Out of memory");
+ RUNNER_ASSERT_MSG(nullptr != pending, "Pending call null");
+
+ dbus_connection_flush(conn);
+
+ // free message
+ dbus_message_unref(msg);
+
+ // block until reply
+ dbus_pending_call_block(pending);
+
+ // get the reply
+ msg = dbus_pending_call_steal_reply(pending);
+ RUNNER_ASSERT_MSG(nullptr != msg, "Reply null");
+
+ // free message handle
+ dbus_pending_call_unref(pending);
+
+ ret = dbus_message_iter_init(msg, &iter);
+ RUNNER_ASSERT_MSG(0 != ret, "Message has no arguments");
+
+ dbus_message_iter_recurse(&iter, &var);
+
+ while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) {
+ dbus_message_iter_recurse(&var, &var_iter);
+ while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) {
+ dbus_message_iter_recurse(&var_iter, &var_value);
+ switch(dbus_message_iter_get_arg_type(&var_value)) {
+ case DBUS_TYPE_STRING:
+ dbus_message_iter_get_basic(&var_value, &smack_context);
+ break;
+ default:
+ ;
+ }
+ dbus_message_iter_next(&var_iter);
+ }
+ dbus_message_iter_next(&var);
+ }
+
+ // free reply and close connection
+ dbus_message_unref(msg);
+ dbus_connection_unref(conn);
+
+ RUNNER_ASSERT(smack_context != nullptr);
+ ret = strcmp(smack_context, subject_parent);
+ RUNNER_ASSERT_MSG(0 == ret,
+ "Context mismatch! context from dbus: " << smack_context);
+
+ exit(0);
+
+ } else {
+ // parent
+ ret = smack_set_label_for_self(subject_parent);
+ RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
+ "smack_set_label_for_self() failed, ret: " << ret);
+
+ // initialise the error
+ dbus_error_init(&err);
+
+ // connect to the bus and check for errors
+ conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
+ ret = dbus_error_is_set(&err);
+ if (1 == ret) {
+ dbus_error_free(&err);
+ RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
+ }
+
+ // request our name on the bus and check for errors
+ ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
+ if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
+ dbus_error_free(&err);
+ RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
+ "dbus_bus_request_name() failed, ret: " << ret);
+ }
+
+ // close the connection
+ dbus_connection_unref(conn);
+ }
+}
+
+///////////////////////////////////////
+//////NOSMACK ENV TESTS////////////////
+///////////////////////////////////////
+
+RUNNER_MULTIPROCESS_TEST_NOSMACK(tc01_smack_context_from_DBus_nosmack)
+{
+ RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method"
+ " yet.");
+
+ int ret = -1;
+ const char* subject_parent = "subject_parent";
+
+ DBusMessage* msg = nullptr;
+ DBusMessageIter args, iter, var, var_iter, var_value;
+ DBusConnection* conn = nullptr;
+ DBusError err;
+ DBusPendingCall *pending = nullptr;
+ const char *dbus_server_name = DBUS_SERVER_NAME;
+ char *smack_context = nullptr;
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed");
+
+ if (pid == 0) {
+ // child
+
+ // initialize the errors
+ dbus_error_init(&err);
+
+ // connect to the system bus and check for errors; failure = exit with result 1
+ conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
+ ret = dbus_error_is_set(&err);
+ if (1 == ret) {
+ dbus_error_free(&err);
+ RUNNER_FAIL_MSG("Failed to connect to system bus. Ret " << ret);
+ }
+
+ // request our name on the bus; failure = exit with result 2
+ ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
+ if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
+ dbus_error_free(&err);
+ RUNNER_FAIL_MSG("Failed to request name on the bus. Ret " << ret);
+ }
+
+ // crate a new method call for checking SMACK context from DBus interface
+ msg = dbus_message_new_method_call(DBUS_SMACK_NAME,
+ DBUS_SMACK_OBJECT,
+ DBUS_SMACK_INTERFACE,
+ DBUS_SMACK_METHOD);
+
+ RUNNER_ASSERT_MSG(msg != nullptr, "dbus_message_new_method_call() failed.");
+
+ // append arguments, we need SMACK context for our parent process "test.method.server"
+ dbus_message_iter_init_append(msg, &args);
+ ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name);
+ RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret);
+
+ // wait for parent to connect to DBus
+ sleep(3);
+
+ // send message and get a handle for a reply
+ // -1 is default timeout
+ ret = dbus_connection_send_with_reply (conn, msg, &pending, -1);
+ RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret);
+ RUNNER_ASSERT_MSG(pending != nullptr, "Pending call is nullptr.");
+
+ dbus_connection_flush(conn);
+
+ // free message
+ dbus_message_unref(msg);
+
+ // block until reply
+ dbus_pending_call_block(pending);
+
+ // get the reply
+ msg = dbus_pending_call_steal_reply(pending);
+ RUNNER_ASSERT_MSG(msg != nullptr, "Failed to get the reply from bus.");
+
+ // free message handle
+ dbus_pending_call_unref(pending);
+
+ ret = dbus_message_iter_init(msg, &iter);
+ RUNNER_ASSERT_MSG(ret != 0, "DBus message has no arguments. Ret " << ret);
+
+ dbus_message_iter_recurse(&iter, &var);
+ while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) {
+ dbus_message_iter_recurse(&var, &var_iter);
+ while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) {
+ dbus_message_iter_recurse(&var_iter, &var_value);
+ switch(dbus_message_iter_get_arg_type(&var_value)) {
+ case DBUS_TYPE_STRING:
+ dbus_message_iter_get_basic(&var_value, &smack_context);
+ break;
+ default:
+ ;
+ }
+ dbus_message_iter_next(&var_iter);
+ }
+ dbus_message_iter_next(&var);
+ }
+
+ // free reply and close connection
+ dbus_message_unref(msg);
+ dbus_connection_unref(conn);
+
+ RUNNER_ASSERT(smack_context != nullptr);
+ ret = strcmp(smack_context, subject_parent);
+ RUNNER_ASSERT_MSG(ret == 0, "Context mismatch. Context " << smack_context);
+
+ exit(0);
+
+ } else {
+ // parent
+
+ // initialise the error
+ dbus_error_init(&err);
+
+ // connect to the bus and check for errors
+ conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
+ ret = dbus_error_is_set(&err);
+ if (1 == ret) {
+ dbus_error_free(&err);
+ RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
+ }
+
+ // request our name on the bus and check for errors
+ ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
+ if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
+ dbus_error_free(&err);
+ RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
+ "dbus_bus_request_name() failed, ret: " << ret);
+ }
+
+ // close the connection
+ dbus_connection_unref(conn);
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
--- /dev/null
+#!/bin/sh
+
+NOF_TRIES=3
+i=$NOF_TRIES
+ERR_FILE=error.log
+RESULTS_FILE=results.log
+
+SUM=0
+
+black="\033[0;30m";
+red="\033[0;31m";
+green="\033[0;32m";
+brown="\033[0;33m";
+blue="\033[0;34m";
+purple="\033[0;35m";
+grey="\033[1;30m";
+yellow="\033[1;33m";
+default="\033[0m";
+
+
+function echo_as_percent () {
+full=$(( $1 / 100 ))
+rest_full=$(( $1 % 100 ))
+dec=$(($rest_full / 10 ))
+rest_dec=$(($rest_full % 10 ))
+echo "$full.$dec$rest_dec%"
+echo "$full.$dec$rest_dec%" >> $RESULTS_FILE
+
+}
+
+date >> $RESULTS_FILE
+date >> $ERR_FILE
+
+while [ $((i--)) -gt 0 ]
+do
+echo -e "$blue==============test no $i=============$default"
+
+perf record -a -g & > /dev/null 2> /dev/null
+sleep 1
+security-tests-all.sh > /dev/null 2> /dev/null
+pkill -SIGINT perf
+
+sleep 2
+
+echo "perf results:"
+perf report -U -s symbol -gflat,1,caller 2>> $ERR_FILE | grep smk
+OUTPUT=$(perf report -U -s symbol -gflat,1,caller 2>> $ERR_FILE | grep smk | sed "s:%.*$::g;s:^[ \t]::g;s:[^0-9]::g;s:^0::g;s:^0::g;s:$:+:g;$ s:+::" | tr -d "\n")
+
+echo -e "$blue sum:"
+echo_as_percent $(($OUTPUT))
+echo -e "$default"
+
+SUM=$(($SUM + $OUTPUT))
+
+done
+echo -e "$blue==============done============="
+OUTPUT=$(($SUM/3))
+echo "average:"
+echo "average:" >> $RESULTS_FILE
+echo_as_percent $OUTPUT
+echo -e "$default"
+
+
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-INCLUDE(FindPkgConfig)
-
-PKG_CHECK_MODULES(SYS_FRAMEWORK_TEST
- REQUIRED
- libxml-2.0
- libpcrecpp
- libiri
- )
-
-PKG_CHECK_MODULES(SYS_FRAMEWORK_TEST_OTHER
- REQUIRED
- glib-2.0
- dlog
- )
-
-ADD_DEFINITIONS(${SYS_FRAMEWORK_TEST_OTHER_CFLAGS})
-
-include(framework/config.cmake)
-
-SET(DPL_FRAMEWORK_TEST_LIBRARY "dpl-test-framework")
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SYS_FRAMEWORK_TEST_OTHER_INCLUDE_DIRS}
- ${DPL_FRAMEWORK_TEST_INCLUDE_DIR}
- )
-
-ADD_LIBRARY(${DPL_FRAMEWORK_TEST_LIBRARY} ${DPL_FRAMEWORK_TEST_SOURCES})
-
-TARGET_LINK_LIBRARIES(${DPL_FRAMEWORK_TEST_LIBRARY}
- ${SYS_FRAMEWORK_TEST_OTHER_LIBRARIES}
- ${SYS_FRAMEWORK_TEST_LIBRARIES}
- )
-
-INSTALL(FILES ${PROJECT_SOURCE_DIR}/tests/security-tests.sh
- DESTINATION bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES ${PROJECT_SOURCE_DIR}/tests/security-tests-all.sh
- DESTINATION bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/test-performance-check.sh
- DESTINATION bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-
-ADD_SUBDIRECTORY(common)
-ADD_SUBDIRECTORY(ckm)
-ADD_SUBDIRECTORY(libprivilege-control-tests)
-ADD_SUBDIRECTORY(libsmack-tests)
-ADD_SUBDIRECTORY(smack-dbus-tests)
-ADD_SUBDIRECTORY(security-server-tests)
-ADD_SUBDIRECTORY(security-manager-tests)
-ADD_SUBDIRECTORY(cynara-tests)
+++ /dev/null
-#
-#Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(CKM_DEP
- libsmack
- key-manager
- dlog
- REQUIRED)
-
-# Targets definition
-
-SET(TARGET_CKM_TESTS "ckm-tests")
-
-SET(CKM_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/ckm/main.cpp
- ${PROJECT_SOURCE_DIR}/tests/ckm/capi-testcases.cpp
-)
-
-INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/tests/common/ )
-
-ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} tests-common)
-
-# Installation
-
-INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
-INSTALL(FILES test1801.pkcs12 DESTINATION /usr/share/ckm-test)
+++ /dev/null
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-#include <access_provider.h>
-
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-type.h>
-
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-control.h>
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-error.h>
-
-#include <string>
-#include <string.h>
-#include <stdio.h>
-#include <stddef.h>
-#include <stdlib.h>
-
-static const int USER_APP = 5000;
-static const int GROUP_APP = 5000;
-
-RUNNER_TEST_GROUP_INIT (T201_CKMC_CONTROL_C_API);
-
-RUNNER_TEST(T2011_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2012_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2013_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2014_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(14, "simple-password")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2015_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(20, "test-pass")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_change_user_password(20, "test-pass", "new-pass")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(TT2016_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
- "Error=" << temp);
-}
-
-RUNNER_TEST_GROUP_INIT (T202_CKMC_QUICK_SET_GET_TESTS_C_API);
-
-RUNNER_TEST(T2021_init_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2022_key_C_API)
-{
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- char alias[10] = "mykey";
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = password;
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
- "Error=" << temp);
-
- // int compareResult;
- // compareResult = (strcmp((const char *)test_key.raw_key, (const char *)test_key2->raw_key));
- // printf("compare !! %s \n compare 2 !! = %s\n",test_key.raw_key, test_key2->raw_key);
- //
- // RUNNER_ASSERT_MSG(
- // compareResult == 0,
- // "Key modified");
-}
-
-RUNNER_TEST(T2023_certificate_C_API)
-{
- int temp;
-
- std::string certPem = "-----BEGIN CERTIFICATE-----\n"
- "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
- "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
- "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
- "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
- "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
- "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
- "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
- "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
- "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
- "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
- "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
- "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
- "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
- "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
- "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
- "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
- "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
- "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
- "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
- "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
- "rHva8A==\n"
- "-----END CERTIFICATE-----\n";
-
- char* password = NULL;
- ckmc_cert_s *cert2;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- char alias[10] = "myCert";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
- "Error=" << temp);
-
- // int compareResult;
- // printf("compare !! %s \n compare 2 !!\n\n %s",cert.raw_cert, cert2->raw_cert);
- // compareResult = (strcmp((const char *)cert.raw_cert, (const char *)cert2->raw_cert));
- //
- // RUNNER_ASSERT_MSG(
- // compareResult == 0,
- // "Cert modified");
-}
-
-RUNNER_TEST(T2024_certificate_remove_C_API)
-{
- int temp;
-
- char* password = NULL;
- ckmc_cert_s *cert2;
- char alias[10] = "myCert";
-
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias, password, &cert2)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2025_certificate_list_C_API)
-{
- int temp;
-
- std::string certPem = "-----BEGIN CERTIFICATE-----\n"
- "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
- "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
- "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
- "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
- "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
- "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
- "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
- "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
- "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
- "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
- "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
- "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
- "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
- "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
- "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
- "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
- "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
- "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
- "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
- "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
- "rHva8A==\n"
- "-----END CERTIFICATE-----\n";
-
- char* password = NULL;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)),
- "Error=" << temp);
-
- ckmc_alias_list_s *aliasList;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert_alias_list(&aliasList)),
- "Error=" << temp);
-
- ckmc_alias_list_s *plist = aliasList;
- int count_list;
- count_list = 1;
-
- while(plist && plist->next!=NULL) {
- plist = plist->next;
- count_list +=1;
- }
-
- RUNNER_ASSERT_MSG( count_list == 3,
- "Wrong size of list: " << count_list << " Expected: 3");
-}
-
-
-RUNNER_CHILD_TEST(T2026_user_app_save_key_C_API)
-{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- char passwordPolicy[3] = "x";
- char alias[10] = "mykey";
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = passwordPolicy;
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)),
- "Error=" << temp);
-
- // RUNNER_ASSERT_MSG(
- // key.getDER() == key2.getDER(), "Key value has been changed by service");
-}
-
-RUNNER_CHILD_TEST(T2027_app_user_save_keys_exportable_flag)
-{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- ckmc_policy_s test_policy;
- ckmc_key_s test_key, *test_key2;
- char* char_keypem = new char[keyPem.length() + 1];
- char* password = NULL;
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = password;
- test_policy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("appkey1", test_key, test_policy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key("appkey1", password, &test_key2)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2028_deinit_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
-}
-
-
-RUNNER_TEST_GROUP_INIT (T2030_CKMC_QUICK_GET_ALIAS_TESTS_C_API);
-
-RUNNER_TEST(T2031_init_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2032_save_keys_get_alias_C_API)
-{
- int temp;
-
- char* password = NULL;
- ckmc_policy_s test_policy1, test_policy2, test_policy3;
- ckmc_key_s test_key;
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
- ckmc_alias_list_s *aliasList;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
-
- test_policy2.password = password;
- test_policy2.extractable = 0;
-
- test_policy3.password = password;
- test_policy3.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key_alias_list(&aliasList)),
- "Error=" << temp);
-
- ckmc_alias_list_s *plist = aliasList;
- int count_list;
- count_list = 1;
-
- while(plist && plist->next!=NULL) {
- plist = plist->next;
- count_list +=1;
- }
-
- RUNNER_ASSERT_MSG( count_list == 3,
- "Wrong size of list: " << count_list << " Expected: 3");
-}
-
-
-RUNNER_TEST(T2033_remove_key_C_API)
-{
- int temp;
-
- char* password = NULL;
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- ckmc_key_s *test_key2;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2034_deinit_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
-}
-
-RUNNER_TEST_GROUP_INIT (T2040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API);
-
-RUNNER_TEST(T2041_init_C_API)
-{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2042_save_get_bin_data_C_API)
-{
- int temp;
-
- ckmc_raw_buffer_s testData1, testData2, testData3;
- char* password = NULL;
-
- std::string binData1 = "My bin data1";
- std::string binData2 = "My bin data2";
- std::string binData3 = "My bin data3";
- char* char_binData1 = new char[binData1.length() + 1];
- char* char_binData2 = new char[binData2.length() + 1];
- char* char_binData3 = new char[binData3.length() + 1];
- std::strcpy(char_binData1, binData1.c_str());
- std::strcpy(char_binData2, binData2.c_str());
- std::strcpy(char_binData3, binData3.c_str());
- testData1.data = (unsigned char *) char_binData1;
- testData2.data = (unsigned char *) char_binData2;
- testData3.data = (unsigned char *) char_binData3;
- testData1.size = binData1.length()+1;
- testData2.size = binData2.length()+1;
- testData3.size = binData3.length()+1;
-
- ckmc_policy_s test_policy1, test_policy2, test_policy3;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
- test_policy2.password = password;
- test_policy2.extractable = 1;
- test_policy3.password = password;
- test_policy3.extractable = 0;
-
- ckmc_alias_list_s *aliasList;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data_alias_list(&aliasList)),
- "Error=" << temp);
-
- ckmc_alias_list_s *plist = aliasList;
- int count_list;
- count_list = 1;
-
- while(plist && plist->next!=NULL) {
- plist = plist->next;
- count_list +=1;
- }
-
- RUNNER_ASSERT_MSG( count_list == 3,
- "Wrong size of list: " << count_list << " Expected: 3");
-
- ckmc_raw_buffer_s *testData4;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)),
- "Error=" << temp);
-
- int compareResult;
- compareResult = (strcmp((const char *)testData2.data, (const char *)testData4->data));
- RUNNER_ASSERT_MSG( compareResult == 0,
- "Data corrupted");
-}
-
-RUNNER_CHILD_TEST(T2043_app_user_save_bin_data_C_API)
-{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- ckmc_raw_buffer_s testData1;
- char* password = NULL;
- std::string binData1 = "My bin data";
- char* char_binData1 = new char[binData1.length() + 1];
- std::strcpy(char_binData1, binData1.c_str());
- testData1.data = (unsigned char *) char_binData1;
- testData1.size = binData1.length()+1;
-
- ckmc_policy_s test_policy1, test_policy2;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
-
- test_policy2.password = password;
- test_policy2.extractable = 1;
-
- std::string binData = "My bin data";
-
- ckmc_alias_list_s *aliasList;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata2", testData1, test_policy1)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data_alias_list(&aliasList)),
- "Error=" << temp);
-
- ckmc_alias_list_s *plist = aliasList;
-
- int count_list;
- count_list = 1;
-
- while(plist && plist->next!=NULL) {
- plist = plist->next;
- count_list +=1;
- }
-
- RUNNER_ASSERT_MSG( count_list == 3,
- "Wrong size of list: " << count_list << " Expected: 3");
-}
-
-RUNNER_TEST(T2044_remove_bin_data_C_API)
-{
- int temp;
-
- ckmc_alias_list_s *aliasList;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data_alias_list(&aliasList)),
- "Error=" << temp);
-
- ckmc_alias_list_s *plist = aliasList;
- int count_list;
- count_list = 1;
-
- while(plist && plist->next!=NULL) {
- plist = plist->next;
- count_list +=1;
- }
-
- RUNNER_ASSERT_MSG(
- count_list == 1,
- "Wrong size of list: " << count_list << " Expected: 1");
- char* password = NULL;
-
- ckmc_raw_buffer_s *testData1, testData2;
-
- std::string testStr = "My bin data2";
- char* char_testData2 = new char[testStr.length() + 1];
- std::strcpy(char_testData2, testStr.c_str());
- testData2.data = (unsigned char *) char_testData2;
- testData2.size = testStr.length()+1;
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)),
- "Error=" << temp);
-
- int compareResult;
- compareResult = (strcmp((const char *)testData2.data, (const char *)testData1->data));
- RUNNER_ASSERT_MSG( compareResult == 0,
- "Data corrupted");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2045_deinit_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
-}
-
-RUNNER_TEST_GROUP_INIT(T205_CKMC_QUICK_CREATE_PAIR_CAPI);
-
-RUNNER_TEST(T2051_CAPI_init)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
- "Error=" << temp);
-}
-
-RUNNER_CHILD_TEST(T2052_CAPI_create_rsa_key)
-{
- int temp;
-
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- size_t size = 2048;
- const char *private_key_alias = "PRV_KEY1";
- const char *public_key_alias = "PUB_KEY1";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- "Error=" << temp);
-
- ckmc_key_s *privateKey;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- privateKey->key_type == CKMC_KEY_RSA_PRIVATE,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
- RUNNER_ASSERT_MSG(
- privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
- "Error=" << temp);
-
- ckmc_key_s *publicKey;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &publicKey)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- publicKey->key_type == CKMC_KEY_RSA_PUBLIC,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PUBLIC) << ", actual=" << static_cast<int>(publicKey->key_type));
- RUNNER_ASSERT_MSG(
- publicKey != NULL && publicKey->key_size > 0 && publicKey->raw_key != NULL,
- "Error=" << temp);
-
- ckmc_alias_list_s *alias_list;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key_alias_list(&alias_list)),
- "Error=" << temp);
- int cnt = 0;
- ckmc_alias_list_s *current;
- ckmc_alias_list_s *next =alias_list;
- do{
- current = next;
- next = current->next;
- cnt ++;
- }while(next != NULL);
- RUNNER_ASSERT_MSG(cnt == 2, "Error=Invalid Key Number");
-}
-
-RUNNER_TEST(T2053_CAPI_deinit)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T206_CKMC_CAPI_CreateKeyPairRSA);
-
-RUNNER_TEST(T2061_CAPI_init)
-{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2062_CAPI_CreateKeyPairRSA)
-{
- int temp;
-
- size_t size = 1024;
- const char *private_key_alias = "rsa-test-1";
- const char *public_key_alias = "rsa-test-2";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- "Error=" << temp);
-
- sleep(1);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- "Error=" << temp << ", ret=" << temp);
-}
-
-RUNNER_TEST(T2063_CAPI_CreateKeyPairECDSA)
-{
- int temp;
-
- ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
- const char *private_key_alias = "ecdsa-test-1";
- const char *public_key_alias = "ecdsa-test-2";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2064_CAPI_deinit)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
-}
-
-// TODO
-//RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
-
-
-
-RUNNER_TEST_GROUP_INIT(T207_CKMC_CAPI_QUICK_SET_GET_TESTS);
-
-RUNNER_TEST(T2071_CAPI_init)
-{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2072_CAPI_get_chain)
-{
- std::string ee =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
-
- ckmc_cert_s c_cert;
- c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
- c_cert.cert_size = ee.size();
- c_cert.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_s c_cert1;
- c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
- c_cert1.cert_size = im.size();
- c_cert1.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_list_s untrustedcerts;
- untrustedcerts.cert = &c_cert1;
- untrustedcerts.next = NULL;
-
- ckmc_cert_list_s *cert_chain_list;
-
- int tmp;
-
- tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == tmp, "Error=" << CKM::ErrorToString(tmp));
-
- int cnt = 0;
- ckmc_cert_list_s *current;
- ckmc_cert_list_s *next =cert_chain_list;
- do{
- current = next;
- next = current->next;
- cnt ++;
- }while(next != NULL);
- RUNNER_ASSERT_MSG(cnt == 3, "Wrong size of certificate chain.");
-
- ckmc_cert_list_s *cert_chain_list2 = NULL;
- ckmc_cert_list_s *untrustedcerts2 = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (tmp = ckmc_get_cert_chain(&c_cert, untrustedcerts2, &cert_chain_list2)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- cert_chain_list2 == NULL,
- "Wrong size of certificate chain.");
-}
-
-RUNNER_TEST(T2073_CAPI_deinit)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T208_CAPI_CREATE_AND_VERIFY_SIGNATURE);
-
-RUNNER_TEST(T2081_CAPI__init)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2082_CAPI__rsa_key_create_verify)
-{
- int temp;
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "Proc-Type: 4,ENCRYPTED\n"
- "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
- "\n"
- "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
- "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
- "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
- "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
- "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
- "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
- "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
- "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
- "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
- "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
- "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
- "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
- "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
- "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
- "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
- "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
- "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
- "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
- "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
- "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
- "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
- "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
- "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
- "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
- "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----\n";
-
- std::string message = "message test";
- ckmc_raw_buffer_s msg_buff;
- msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
- msg_buff.size = message.size();
-
- const char *pub_alias = "pub1";
- const char *pri_alias = "prv1";
- char *key_passwd = (char *) "1234";
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 0;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-
-}
-
-RUNNER_TEST(T2083_CAPI__rsa_key_create_verify_negative)
-{
- int temp;
- std::string message = "message asdfaslkdfjlksadjf test";
-
- ckmc_raw_buffer_s msg_buff;
- msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
- msg_buff.size = message.size();
-
- const char *pub_alias = "pub1";
- const char *pri_alias = "prv1";
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2084_CAPI__ec_key_create_verify)
-{
- int temp;
-
- std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
- "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
- "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
- "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
- "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END PUBLIC KEY-----\n";
-
- std::string message = "message test";
-
- ckmc_raw_buffer_s msg_buff;
- msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
- msg_buff.size = message.size();
-
- const char *pri_alias = "ecprv2";
- const char *pub_alias = "ecpub2";
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = (char *)pri_passwd;
- pripolicy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2085_CAPI__rsa_cert_create_verify_signature)
-{
- int temp;
-
- std::string prv =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
- "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
- "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
- "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
- "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
- "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
- "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
- "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
- "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
- "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
- "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
- "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
- "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
- "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
- "-----END CERTIFICATE-----\n";
-
- std::string message = "message test";
-
- ckmc_raw_buffer_s msg_buff;
- msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
- msg_buff.size = message.size();
-
- const char *pri_alias = "prv3";
- const char *pub_alias = "pub3";
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- cert.cert_size = pub.size();
- cert.data_format = CKMC_FORM_PEM;
-
- ckmc_policy_s certpolicy;
- certpolicy.password = pub_passwd;
- certpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
- "Error=" << temp);
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2086_CAPI__ecdsa_cert_create_verify_signature)
-{
- int temp;
-
- std::string prv =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
- "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
- "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
- "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
- "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
- "ELyhe7yPCAuOoLZlTLgf\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
- "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
- "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
- "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
- "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
- "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
- "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
- "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
- "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
- "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
- "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
- "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
- "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
- "Q1oBry6NEc+lLFmWMDesAA==\n"
- "-----END CERTIFICATE-----\n";
-
- std::string message = "message test";
-
-
- ckmc_raw_buffer_s msg_buff;
- msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
- msg_buff.size = message.size();
-
- const char *pri_alias = "prv4";
- const char *pub_alias = "pub4";
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- cert.cert_size = pub.size();
- cert.data_format = CKMC_FORM_PEM;
-
- ckmc_policy_s certpolicy;
- certpolicy.password = pub_passwd;
- certpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 0;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2087_CAPI__deinit)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
-}
-
-
-//#######################################################################################
-
-void _assertKey(ckmc_key_s *key, unsigned char *raw_key, unsigned int key_size, ckmc_key_type_e key_type, char *password)
-{
- RUNNER_ASSERT_MSG(key->key_size == key_size, "Key Size Error" );
- RUNNER_ASSERT_MSG(key->key_type == key_type, "Key Type Error" );
-
- if(key->password != NULL && password != NULL) {
- RUNNER_ASSERT_MSG(strcmp(key->password, password) == 0, "Password Error" );
- }else if(key->password == NULL && password == NULL) {
- RUNNER_ASSERT_MSG(true, "Password Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Password Error" );
- }
-
- if(key->raw_key != NULL && raw_key != NULL) {
- for(unsigned int i=0; i<key_size; i++) {
- RUNNER_ASSERT_MSG((key->raw_key)[i] == raw_key[i], "Raw Key Error" );
- }
- }else if(key->raw_key == NULL && raw_key == NULL) {
- RUNNER_ASSERT_MSG(true, "Raw Key Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Raw Key Error" );
- }
-}
-
-RUNNER_TEST_GROUP_INIT(T209_CKMC_CAPI_TYPES);
-
-RUNNER_TEST(T2091_CAPI_TYPE_init)
-{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2092_CAPI_TYPE_KEY)
-{
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
- unsigned int key_size = keyPem.size();
- ckmc_key_type_e key_type = CKMC_KEY_NONE;
- char *password = const_cast< char *>("");
-
- ckmc_key_s *key;
- ckmc_key_new(raw_key, key_size, key_type, password, &key);
-
- _assertKey(key, raw_key, key_size, key_type, password);
- ckmc_key_free(key);
-
- char *passwordNull = NULL;
- ckmc_key_s *key2;
- ckmc_key_new(raw_key, key_size, key_type, passwordNull, &key2);
- ckmc_key_free(key2);
-}
-
-RUNNER_TEST(T2093_CAPI_TYPE_BUFFER)
-{
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
- unsigned int size = keyPem.size();
-
- ckmc_raw_buffer_s *buff;
- ckmc_buffer_new(data, size, &buff);
-
- RUNNER_ASSERT_MSG(buff->size == size, "Size Error" );
-
- if(buff->data != NULL && data != NULL) {
- for(unsigned int i=0; i<size; i++) {
- RUNNER_ASSERT_MSG((buff->data)[i] == data[i], "Raw data Error" );
- }
- }else if(buff->data == NULL && data == NULL) {
- RUNNER_ASSERT_MSG(true, "Raw data Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Raw data Error" );
- }
-
- ckmc_buffer_free(buff);
-}
-
-RUNNER_TEST(T2094_CAPI_TYPE_CERT)
-{
- std::string certPem =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
- "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
- "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
- "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
- "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
- "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
- "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
- "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
- "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
- "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
- "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
- "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
- "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
- "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
- "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
- "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
- "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
- "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
- "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
- "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
- "rHva8A==\n"
- "-----END CERTIFICATE-----\n";
-
- unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
- unsigned int size = certPem.size();
- ckmc_data_format_e form = CKMC_FORM_PEM;
-
- ckmc_cert_s *ckmCert;
- ckmc_cert_new(raw_cert, size, form, &ckmCert);
-
- RUNNER_ASSERT_MSG(ckmCert->cert_size == size, "Size Error" );
-
- if(ckmCert->raw_cert != NULL && raw_cert != NULL) {
- for(unsigned int i=0; i<size; i++) {
- RUNNER_ASSERT_MSG((ckmCert->raw_cert)[i] == raw_cert[i], "Raw data Error" );
- }
- }else if(ckmCert->raw_cert == NULL && raw_cert == NULL) {
- RUNNER_ASSERT_MSG(true, "raw_cert Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "raw_cert Error" );
- }
-
- RUNNER_ASSERT_MSG(ckmCert->data_format == form, "ckmc_cert_form Error" );
-
- ckmc_cert_free(ckmCert);
-}
-
-
-RUNNER_TEST(T2095_CAPI_TYPE_load_cert_file)
-{
- int ret;
-
- std::string certStr =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- const char *file_name = "/tmp/ckmc_test_cert.pem";
- remove(file_name);
-
- FILE* cert_file;
- cert_file = fopen(file_name, "w");
- fprintf(cert_file, "%s",certStr.c_str());
- fclose(cert_file);
-
- ckmc_cert_s *pcert;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
- "Error=" << CKM::ErrorToString(ret));
-
- RUNNER_ASSERT_MSG(
- pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
-
- const char *lcert_alias = "lcert_alias";
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias, *pcert, policy)),
- "Error=" << CKM::ErrorToString(ret));
-
- remove(file_name);
-}
-
-RUNNER_TEST(T2096_CAPI_TYPE_load_p12_file) {
- std::string p12Base64 =
- "MIINaQIBAzCCDS8GCSqGSIb3DQEHAaCCDSAEgg0cMIINGDCCChcGCSqGSIb3DQEH\n"
- "BqCCCggwggoEAgEAMIIJ/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIvO01\n"
- "D2ODdkYCAggAgIIJ0NscvWq3hmXai5DQcleOgELPbu2c97d+KJnRGCK7K3eRb0/v\n"
- "4F3f3LFSFFT9OAK0/OS1ZYCiO+IuZ6Rpc8Baqe89xVcOHrQ0dQ7sIvbq10dnp5nY\n"
- "fEcrt7qPXcRa3IdOX4PFo4aCOFq5bHv5M3quHldKRh4itosjsAGuF/xtnVnO6lU5\n"
- "UlPhtAdr2Mpr4SHh+oBbJknLvyd6n/4xZ2elEA8ui4Qt5GfiHwWs2J7KO3Z8M1vW\n"
- "yukuyVTaZ6RNkj8dkq/RttvVinlgATYLoosjCsH7VVcd+/z9JqD37QQ89pzdjvJg\n"
- "CtXFVbqsOIbjPMkQMYtMdaPsLDDzw6l+q7BJreGIoJmTHbhTtNOJo03XPEnlVXUq\n"
- "Q+224ibNKzLAvpSWOo8BUHK7ZDc1oaLODDZ+WAA6jfgHkuhhWYr9dxce6UdhMghJ\n"
- "M7ixWwa350psdACREdGxNQzxmucmueprbDumVPAnnJfnKfgRXdKpTDFWS4TaYRc/\n"
- "TE4lKSBZpFFduy/gdpLGCHdklTs33aWZ/mEVZJnk2PggKyvSKH9oL3DxkZIFkGdQ\n"
- "wcy8gAuLBirdWB/q4JWqW7sH8kMfEwXACEm1z4SzCik8afamQNJEbovA3Pvrhw/P\n"
- "1HE5KPNvKMaIr9kk5rTnGGTSNrSMqUCnBl4MjVS4HacrZvvt60y0D3RFB8IqlFMt\n"
- "od2FagxojPyO/wP8jDERnySo2Irz0x0WUjWARtcLLH2FOK7ROkX1/WjRZmDV0jtv\n"
- "yL8r97XZf/NddVU13Jt13dBJCjxZRvfJZgNI8RybkPQ3Y9J5LIOLVFPU3ZKIi7W7\n"
- "KtCw/FCUfEdNarLQMWG0Z9bux7vu/eK1+KpF9pfzD3Q1V0sj2M158Q5W2gy9q/u0\n"
- "gOOuybiZB2AL9kxBv0rqb8h7SF5ZIRoy85PrwtnX7w4Xq+4I7RA68bcEGyqgTWWb\n"
- "XZxcY65F2slqekXddKeDSTizQk/APgWva/TwgaUeXR9YBCO4o71pla//FNqJ6pRm\n"
- "tZjEY9ALBCc083gsImc7+LAeubEcYzjhhgRPQwGJfJTMqgC/NOa9wFhvNO4QcFjf\n"
- "XQxxIFxlQJ64qU316FyeuyxLYGd02uakrLLgYtAGG7nPZCYNkUKvCwICKJYI+wAg\n"
- "CX0FVwXsR1f33kVuV6sd4YConz80Lk9ayvNJVeCzEOBvhthbMcP3mIn22X+GT3jU\n"
- "O5Z0bkXAU0C8XTfLQMk2m6Ag3mctrn4iJBPwQ7j12GnlSLko+e7IssRd4Qj4vBZd\n"
- "KXUIoRcOsXqWoQgXJAtdLJEHVo0SUyxVojXsXqUZ3yYOkVUykvXZUcBnS6xwtaUt\n"
- "EzdFsEO3NQSLOju5Tpp12lKbrgIToV75zyA3CULEdimEUWD/wA+pDaIS39shNyeE\n"
- "edtAp3WF3mDkHQFyKG52IVx7hJU8jXXunvY21tshTAx/Gda0X1CtgSU7Q00ROr+L\n"
- "TaehRiKsSgxQa6/jyJY5KY1hIDzwaem5Y7gDnxotmQuPhIX8MeD5Qdv6AVovfScN\n"
- "07QuWyUBgFsZzbp79AsnPRLzoiAMQljMn7TXDDLq+uF922OU47BQkzlPfKAuHbyu\n"
- "R+uZwtDfMD71FqWjCAHMPyENinsnUehCwX2pVxa6KSs61IsTfb3oUPY1TRxfZnfd\n"
- "8SAUfPjKVss9Eyahuv+kzenPUDZn5LV9E0G0DGNxIf493A5Z29scNkQcCBjTJJvx\n"
- "4BBJCES6SgkTQl7eFoBGOIqqytpYP9QZW5jy7ramgz/gF2kMKjAfikhbd5vB4Fwd\n"
- "QlExMlbW+wL/ffr4AGlwenlDzXBFKQM0mYZNKLuB9LrRzw35fVFZ9XY06VCxhbMa\n"
- "wI9gN4rKA3bNG3DCWTsr1TZ6CvrqFJjlfK4KF/+eNfnkIY8uVYxnPlRRkmPw4dpE\n"
- "KdaXUiu5WJvZupeYqqNsWdxs+v2KS1E/PcM9BgUFKFD4lW84WbWUHPxvxXoZhSCs\n"
- "nQ0hsPd53NKBBdEOao5HAAf+T5yFnJzZ3rVkYBEC67gHyWgXB1Zy283yAIihvUXw\n"
- "DOEVppNHnIqAjQpncQcDpV0/zYCvqOEfU+JPpmepgo737Tq2MlUKLTByhg1mQhKm\n"
- "2pI63BFiw2/2igImFbmhzJjilWkaM4kwM1uGKOKgjacXI/VSVEajuYAfo37quBxF\n"
- "ZWyWJoFXBvQ7jolTKXUVbCqnSSaItosZrS3vcDdGUegRm0rf6IzCRPdSIsfCDdZG\n"
- "9UeChoznNezoLENgmqQJTV3wDo3uSZbztlctoERvZpn457MLZEn8hXEwMLPXx2Ur\n"
- "HQ5fYAdTBzBpoLiy8ujzFxFJDzW9ytnb7aFF7YVivfj42eVGnCANvVcwkp2/E3MW\n"
- "Img0OyqKRQHaGGI7iGNO5KYpTk0CdSyErQarH52ZRvr0t2CK6J6vDgrhJnzd5Ayr\n"
- "6t+coAZBw8eIJqiM5WzAm4mlZRSHL+JcaKkrqoYOo+kewj7wgW2Kk/7S8re38RvP\n"
- "+V9nqpfr18gIV72G2yZ60C21eRqOFPgl1CYbmWHqYKXatuT4o+kgBmJpez5uvIHz\n"
- "LSd88An02ow+WQ+KP8YGV38ZtuA6D4FPA3fsMdhNOqjtwWiPei+ILaXD5PsOfDGH\n"
- "2fZgOWXivFYqq9Cm3B3ffFX/oD/7sFMs+/AWeZOh8XqU8ro73L1HNRXx4HdyRUY/\n"
- "pInwA0mWaFNGgBRPbNW0A6cZ2dY0Hn8sRRsF+5tIs0hOelpT1y/ZEVyGImTQgEbK\n"
- "KeggQGT9h9rhrrUK+hE27MorcRi6tVteKlNyGQsCJko0ZoqqctM4o7wT5ce4nWtb\n"
- "ixzp5xDkDmcP6eldHiVm8TsZn0hkmNDu0xpgIVtb4VDRmWP687EOaGHYhjOBw6X1\n"
- "GD1d1yyg/VxlUr0lKmbsFVC2mDiWbnWd49+FGsrySc2RO8DlC9xkXLaG+ubjmLpK\n"
- "lwagiI2P1MzkHuZiz7WlIjFefuYh0yrYvDA5UDiQTDdoZWFuR5r93QWdsUcHlvdF\n"
- "rYmhQ93F6I4gaT9HSVEDJfisIjIUmIwhh20tdGnf3FC5VyqBYS5GQObq3VnC8stU\n"
- "b7byCEMlKr5bWslEem6gRGTB9xektKgrsFgS7nb3Geegq9K+mWIBC/iBOInVqFYx\n"
- "Uw8+s6ywApXPLPEIrVZumkwo7Rl8lJfCTDNni/68XHhhVHY70N0PSdfnCAvV9G41\n"
- "3wuTZHqLOeQG3Sm8I1JJXkWSuuk0QI7DVKZpmz+x4aFBd+rncfvWOEbN9G0ZqbUT\n"
- "lGkfxtUWY6pWX/XJpyBzOlv2+fCPi/Yd0csb45IEuFHNG1svgqGMJw5BmFu5v0Qs\n"
- "0i1zKBrNA/Acd6+uL0UqDZStB6lyPn6+uifh3sMwggL5BgkqhkiG9w0BBwGgggLq\n"
- "BIIC5jCCAuIwggLeBgsqhkiG9w0BDAoBAqCCAqYwggKiMBwGCiqGSIb3DQEMAQMw\n"
- "DgQIBJuBj07uHGACAggABIICgJBfOlC99JJjEUBibYLXIJPe53Cy7eDXCtVaPbhX\n"
- "VHPCsBrUd7+6Ul7Vh/JHMlJL1VA3WvGnX93f0p5FICgZZA3sIZjpxBoeVkZ0Zx6r\n"
- "ZMnBPIN4GaHYufCGPyAlPXgEGjlBr3g6Sxr8j50vsWtfspwiILsyte+nQ3kE1nV4\n"
- "TjNBnayXmCMnEkf4kKu+dlLFbd1OY/fQJbiT+f9YtMfcfp2IR+7bXb23UIv8Wt1I\n"
- "XyqsYTcUjIvnByKSDrvVu941x1EN5DF1964qQbAZb/z5ueTl8tCpaCFlGbZcXz7X\n"
- "7L3k0YWdymx1J+szd6heQJrzqMjcHK3XWC7YlDytWB59j0eNMx42XEFP0pAO+gt9\n"
- "Iny2XL+sxJC/xzf6apYMmmGwEXrZkkudsSVMgLCtYyin4zM7PFzLAPK9ryEhsxaP\n"
- "g077MJ/aIaZ7PLi7cABz/g+gQ1dSXakNOof6EjRUADHpav9UKeKwWdR8ycB/8AQV\n"
- "XxQTpEsFJ7izdNZDNC/ZeOhc/ohnei169rfH0shVeeckjf++c8zlh/Y5UWIi3V6i\n"
- "5c7RlIJLMtHrvpB5UxRpZgWSdXvCuTCBEzlZAeWJ11I4DAeioqJ1V3h2KcUjNKf1\n"
- "z8mTJrzAycuhm8npaC0Gj6JU7jiYPZLvj+cK/e/gjadWggHFYsjAKhACDbAtG64N\n"
- "Gu9PWJszvhSO8ga7TOVEzdbe2jm4oWtqPe3gb6eYl2Ma6GTfj/PUEDpNAOnr99qV\n"
- "g3uKIXMBp2115bfUf5sbfPdMbnH12XILXR9Va+JjeQHexa64QWlsiRgtXEAXxoEb\n"
- "D2aTlfdsJpgilyj31Y45xOdN7FI+Ltfhudxt1kABPdmKwRMxJTAjBgkqhkiG9w0B\n"
- "CRUxFgQUMvxYuPi3XpEeXbzAkXaNbAw7P5gwMTAhMAkGBSsOAwIaBQAEFOBC4ppE\n"
- "AXO+xdzSBKimvjBBTLbEBAjlaWiC5IVtmAICCAA=\n";
-
- // write file
- const char *p12base64file = "/tmp/ckmc_test_p12.p12.b64";
- const char *p12file = "/tmp/ckmc_test_p12.p12";
- const char *password = "password";
-
- remove(p12base64file);
- remove(p12file);
-
- FILE* b64_file;
- b64_file = fopen(p12base64file, "w");
- fprintf(b64_file, "%s",p12Base64.c_str());
- fclose(b64_file);
-
- std::string cmd("openssl base64 -d -in ");
- cmd.append(p12base64file);
- cmd.append(" -out ");
- cmd.append(p12file);
- system(cmd.c_str());
-
- int temp;
-
- ckmc_key_s *private_key = NULL;
- ckmc_cert_s *cert = NULL;
- ckmc_cert_list_s *ca_cert_list = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file(p12file, password,
- &private_key, &cert, &ca_cert_list)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(private_key != NULL, "Null private_key");
- RUNNER_ASSERT_MSG(cert != NULL, "Null cert");
- RUNNER_ASSERT_MSG(ca_cert_list != NULL, "Null ca_cert_list");
-
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
-
-
- const char *pkey_alias = "pkey_alias";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *private_key, policy)),
- "Error=" << temp);
-
- const char *cert_alias = "cert_alias";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *cert, policy)),
- "Error=" << temp);
- std::string caCertAlias = "ca_cert_alias_";
- const char *idx = "0";
- int cnt = 0;
- ckmc_cert_list_s *tmpList = ca_cert_list;
- while(tmpList != NULL) {
- caCertAlias.append(idx);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
- "Error=" << temp);
- tmpList = tmpList->next;
- cnt ++;
- }
-
- RUNNER_ASSERT_MSG(cnt == 2,"Invalid CA Cert Count");
-
- ckmc_key_free(private_key);
- ckmc_cert_free(cert);
- ckmc_cert_list_all_free(ca_cert_list);
-
- remove(p12base64file);
- remove(p12file);
-}
-
-
-RUNNER_TEST(T2098_CAPI_TYPE_deinit)
-{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T2000_CAPI_LOCKTYPE_TESTS);
-
-RUNNER_CHILD_TEST(T2101_CAPI_init_lock_key)
-{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- char *null_password = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_change_user_password(USER_APP,"user-pass",null_password)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T2102_CAPI_unlock_default_passwd)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- char alias[20] = "mykey_defpasswd";
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = password;
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(alias)),
- "Error=" << temp);
-}
-
-RUNNER_CHILD_TEST(T2103_CAPI_init_change_user_password)
-{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- char *null_password = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_change_user_password(USER_APP,null_password,"user-pass")),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T2104_CAPI_unlock_default_passwd_negative)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- char alias[20] = "mykey_defpasswd";
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = password;
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_save_key(alias, test_key, test_policy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key2)),
- "Error=" << temp);
-}
-
-RUNNER_CHILD_TEST(T2109_CAPI_deinit)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T220_CAPI_EMPTY_DATABASE);
-
-RUNNER_TEST(T2201_CAPI_unlock_database)
-{
- int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- "Error=" << temp);
-}
-
-RUNNER_CHILD_TEST(T2202_CAPI_get_data_from_empty_database)
-{
- int temp;
- char alias[10] = "mykey";
- char *password = NULL;
- ckmc_key_s *test_key = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias, password, &test_key)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
-}
-
-RUNNER_CHILD_TEST(T2203_CAPI_deinit_lock_database)
-{
- int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
-}
-
-RUNNER_CHILD_TEST(T2204_CAPI_get_data_from_locked_database)
-{
- int temp;
- char alias[10] = "mykey";
- char *password = NULL;
- ckmc_key_s *test_key = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
-}
+++ /dev/null
-#include <netdb.h>
-
-#include <dpl/log/log.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-#include <access_provider.h>
-
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-password.h>
-#include <ckm/ckm-type.h>
-#include <ckm/ckm-pkcs12.h>
-
-#include <fstream>
-
-static const int USER_APP = 5000;
-static const int GROUP_APP = 5000;
-static const int USER_TEST = 5001;
-
-/*
- * How to numerate tests:
- * TABCD_NAME
- * T - test case (always T)
- * AB - number of test group (always two digits)
- * C - test number in group (all tests with same TABC must be run in the same time).
- * D - subtest.
- */
-
-
-RUNNER_TEST_GROUP_INIT(T0000_CKM_CONTROL);
-
-RUNNER_TEST(T0010_Control)
-{
- int temp;
- auto control = CKM::Control::create();
-
- control->removeUserData(0);
- control->removeUserData(20);
- control->removeUserData(USER_APP);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0020_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0030_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0040_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0050_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(20)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS);
-
-RUNNER_TEST(T1010_init)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1011_key)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey";
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(),
- "Key value has been changed by service");
-}
-
-RUNNER_TEST(T1012_certificate)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string certPem =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
- "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
- "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
- "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
- "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
- "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
- "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
- "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
- "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
- "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
- "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
- "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
- "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
- "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
- "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
- "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
- "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
- "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
- "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
- "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
- "rHva8A==\n"
- "-----END CERTIFICATE-----\n";
-
- CKM::RawBuffer buffer(certPem.begin(), certPem.end());
- auto cert = CKM::Certificate::create(buffer, CKM::DataFormat::FORM_PEM);
- CKM::CertificateShPtr cert2;
- CKM::Alias alias = "myCert";
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificate(alias, CKM::Password(), cert2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- cert->getDER() == cert2->getDER(),
- "Data has been modified in key manager");
-}
-
-RUNNER_CHILD_TEST(T1013_user_app_save_key)
-{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- int temp;
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey";
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy("x"))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password("x"), key2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(), "Key value has been changed by service");
-}
-
-
-RUNNER_TEST(T1014_deinit)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS);
-
-RUNNER_TEST(T1020_init)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1021_save_keys_get_alias)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("rootkey2", key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
-}
-
-RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
-{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey2", key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
-}
-
-RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
-{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
- CKM::Policy notExportable(CKM::Password(), false);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey4", key, notExportable)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getKey("appkey4", CKM::Password(), key)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data3", buffer, notExportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1029_deinit)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
-
-RUNNER_TEST(T1030_init)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1031_save_get_bin_data)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData1 = "My bin data1";
- std::string binData2 = "My bin data2";
- std::string binData3 = "My bin data3";
-
- CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
-
- CKM::AliasVector aliasVector;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer2, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer3, CKM::Policy(CKM::Password(), true))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
-}
-
-RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
-{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData = "My bin data";
-
- CKM::RawBuffer buffer(binData.begin(), binData.end());
-
- CKM::AliasVector aliasVector;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("appdata2", buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
-}
-
-RUNNER_TEST(T1033_remove_bin_data)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData2 = "My bin data2";
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
-
- CKM::AliasVector aliasVector;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeData("data1")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeData("data3")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- aliasVector.size() == 1,
- "Wrong size of list: " << aliasVector.size() << " Expected: 1");
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("data3", CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1039_deinit)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR);
-
-RUNNER_TEST(T1040_init)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1041_create_rsa_key)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::AliasVector av;
-
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1"), CKM::Alias("PUB_KEY1"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 2 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 2");
-}
-
-RUNNER_TEST(T1049_deinit)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-
-RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPairRSA);
-
-RUNNER_TEST(T1110_init)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1111_CreateKeyPairRSA)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::Alias a1("rsa-test-1");
- CKM::Alias a2("rsa-test-2");
- CKM::Policy p1;
- CKM::Policy p2;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1112_CreateKeyPairECDSA)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::Alias a1("ecdsa-test-1");
- CKM::Alias a2("ecdsa-test-2");
- CKM::Policy p1;
- CKM::Policy p2;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(CKM::ElipticCurve::prime192v1, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1113_deinit)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
-
-RUNNER_TEST(T12100_init)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12101_key_exist)
-{
- int ret;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "rsa-alias-duplication";
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-/*
- * These test cases tests API when empty parameters are passed to functions
- */
-
-RUNNER_TEST(T12102_saveKey_empty_alias)
-{
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLc\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias; //alias is not initialized
-
- int ret;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12103_saveKey_empty_key)
-{
- CKM::KeyShPtr key; //key is not initialized
- CKM::Alias alias = "empty-key";
-
- int ret;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12104_saveCertificate_empty_alias)
-{
- std::string certPem =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
- "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
- "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
- "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
- "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
- "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
- "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
- "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
- "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
- "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
- "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
- "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
- "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
- "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
- "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
- "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
- "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
- "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
- "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
- "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
- "rHva8A==\n"
- "-----END CERTIFICATE-----\n";
-
- CKM::RawBuffer buffer(certPem.begin(), certPem.end());
- auto cert = CKM::Certificate::create(buffer, CKM::DataFormat::FORM_PEM);
- CKM::Alias alias; //alias is not initialized
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12105_saveCertificate_empty_cert)
-{
- CKM::CertificateShPtr cert; //cert is not initialized
- CKM::Alias alias = "empty-cert";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12106_saveData_empty_alias)
-{
- std::string testData = "test data test data test data";
- CKM::RawBuffer buffer(testData.begin(), testData.end());
- CKM::Alias alias;
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12107_saveData_empty_data)
-{
- CKM::RawBuffer buffer;
- CKM::Alias alias = "empty-data";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-/*
- * These test cases tests API when trying to get data from not existing alias
- */
-
-RUNNER_TEST(T12108_getKey_alias_not_exist)
-{
- CKM::KeyShPtr key;
- CKM::Alias alias = "this-alias-not-exist";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getKey(alias, "", key)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12109_getCertificate_alias_not_exist)
-{
- CKM::CertificateShPtr certificate;
- CKM::Alias alias = "this-alias-not-exist";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getCertificate(alias, CKM::Password(), certificate)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12110_getData_alias_not_exist)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::RawBuffer buffer;
- CKM::Alias alias("some alias");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(alias, "", buffer)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-/*
- * These test cases tests API when damaged keys are used
- */
-RUNNER_TEST(T12111_rsa_key_damaged)
-{
- int ret;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- // "BROKENBROKENBROKENBROKENBROKENTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- // "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "damaged-rsa";
-
- RUNNER_ASSERT_MSG(
- NULL == key.get(), "Key is broken. It should be empty");
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12112_rsa_key_too_short)
-{
- int ret;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- //"T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "short-rsa";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12113_deinit)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
-
-RUNNER_TEST(T1311_init)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(time(0) > 1405343457,
- "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
-
- struct hostent* he = gethostbyname("google.com");
-
- RUNNER_ASSERT_MSG(he != NULL, "There is problem with translate domain google.com into ip address. Probably network "
- "is not woking on the device. OCSP tests requires network access!");
-}
-
-RUNNER_TEST(T1312_get_chain)
-{
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- auto cert1 = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
- CKM::CertificateShPtrVector certVector = {cert1};
- CKM::CertificateShPtrVector certChain;
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
- "Wrong size of certificate chain.");
-}
-
-RUNNER_TEST(T1313_get_chain_with_alias)
-{
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- auto cert1 = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
- CKM::CertificateShPtrVector certChain;
- CKM::AliasVector aliasVector;
- CKM::Alias alias("imcert");
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
- "Error=" << CKM::ErrorToString(tmp));
-
- aliasVector.push_back(alias);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
- "Wrong size of certificate chain.");
-}
-
-RUNNER_TEST(T1314_ocsp_check)
-{
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- auto cert1 = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
- CKM::CertificateShPtrVector certVector = {cert1};
- CKM::CertificateShPtrVector certChain;
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
- "Wrong size of certificate chain.");
-
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->ocspCheck(certChain, status)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_GOOD == status, "Verfication failed");
-}
-
-RUNNER_TEST(T1315_deinit)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
-
-RUNNER_TEST(T1411_init)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1412_rsa_key_create_verify)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "Proc-Type: 4,ENCRYPTED\n"
- "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
- "\n"
- "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
- "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
- "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
- "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
- "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
- "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
- "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
- "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
- "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
- "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
- "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
- "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
- "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
- "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
- "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
- "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
- "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
- "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
- "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
- "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
- "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
- "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
- "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
- "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
- "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = "pub1";
- CKM::Alias aliasPrv = "prv1";
- CKM::Password password = "1234";
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
-
- RUNNER_ASSERT_MSG(NULL != keyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1413_rsa_key_create_verify_negative)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
-
- CKM::Alias aliasPub = "pub1";
- CKM::Alias aliasPrv = "prv1";
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1414_ec_key_create_verify)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
- "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
- "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
- "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
- "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END PUBLIC KEY-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = "ecpub2";
- CKM::Alias aliasPrv = "ecprv2";
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != keyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1415_rsa_cert_create_verify_signature)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
- "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
- "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
- "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
- "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
- "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
- "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
- "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
- "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
- "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
- "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
- "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
- "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
- "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
- "-----END CERTIFICATE-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = "pub3";
- CKM::Alias aliasPrv = "prv3";
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != cert.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1416_ecdsa_cert_create_verify_signature)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
- "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
- "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
- "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
- "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
- "ELyhe7yPCAuOoLZlTLgf\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
- "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
- "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
- "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
- "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
- "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
- "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
- "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
- "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
- "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
- "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
- "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
- "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
- "Q1oBry6NEc+lLFmWMDesAA==\n"
- "-----END CERTIFICATE-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = "pub4";
- CKM::Alias aliasPrv = "prv4";
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != cert.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1417_deinit)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_CHILD_TEST(T1510_init_unlock_key)
-{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1511_init_insert_data)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
-
- auto manager = CKM::Manager::create();
- auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- auto certim = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
-
- int status1 = manager->saveCertificate(CKM::Alias("CertEE"), certee, CKM::Policy());
- int status2 = manager->saveCertificate(CKM::Alias("CertIM"), certim, CKM::Policy());
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
-}
-
-RUNNER_CHILD_TEST(T1519_deinit)
-{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-
-RUNNER_TEST_GROUP_INIT(T161_CKM_LOCKTYPE_TESTS);
-
-RUNNER_CHILD_TEST(T1610_init_lock_key)
-{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"user-pass","")),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1611_unlock_default_passwd)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey_defpasswd";
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(),
- "Key value has been changed by service");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeKey(alias)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1612_init_change_user_password)
-{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"","user-pass")),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey_defpasswd";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->getKey(alias, CKM::Password(), key2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->removeKey(alias)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1619_deinit)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_TEST(T1701_init_unlock_key)
-{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1702_init_insert_data)
-{
- int temp;
- SecurityServer::AccessProvider ap("t170-special-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- auto manager = CKM::Manager::create();
- auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
-
- int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == status1,
- "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
-
- CKM::AliasVector av;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
-
-RUNNER_TEST(T1703_removeApplicationData)
-{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1704_data_test)
-{
- int temp;
- SecurityServer::AccessProvider ap("t170-special-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_TEST(T1705_deinit)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_TEST_GROUP_INIT(T180_PKCS12);
-
-RUNNER_TEST(T1801) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- auto cert = pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 0 == caVector.size(),
- "Wrong size of vector");
-}
-
-RUNNER_TEST(T1802_negative_wrong_password) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, "error");
- RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
-}
-
-RUNNER_TEST(T1803_negative_broken_buffer) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
- buffer[4]=0;
-
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
- RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
-}
-
-RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
-
-RUNNER_TEST(T1901_init_unlock_key)
-{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_TEST(T1902_get_data)
-{
- auto manager = CKM::Manager::create();
- CKM::KeyShPtr ptr;
-
- int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1,
- "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
-}
-
-RUNNER_TEST(T1903_deinit)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_TEST(T1904_get_data_from_locked_database)
-{
- auto manager = CKM::Manager::create();
- CKM::KeyShPtr ptr;
-
- int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == status1,
- "Could not get key from locked database. Error=" << CKM::ErrorToString(status1));
-}
-
-int main(int argc, char *argv[])
-{
- DPL::Log::LogSystemSingleton::Instance().SetTag("CKM_TESTS");
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-INCLUDE(FindPkgConfig)
-SET(COMMON_TARGET_TEST "tests-common")
-
-#dependencies
-PKG_CHECK_MODULES(COMMON_TARGET_DEP
- libsmack
- dbus-1
- sqlite3
- REQUIRED
- )
-
-#files to compile
-SET(COMMON_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/common/tests_common.cpp
- ${PROJECT_SOURCE_DIR}/tests/common/access_provider.cpp
- ${PROJECT_SOURCE_DIR}/tests/common/smack_access.cpp
- ${PROJECT_SOURCE_DIR}/tests/common/dbus_connection.cpp
- ${PROJECT_SOURCE_DIR}/tests/common/dbus_message_in.cpp
- ${PROJECT_SOURCE_DIR}/tests/common/dbus_message_out.cpp
- ${PROJECT_SOURCE_DIR}/tests/common/service_manager.cpp
- ${PROJECT_SOURCE_DIR}/tests/common/memory.cpp
- ${PROJECT_SOURCE_DIR}/tests/common/db_sqlite.cpp
- ${PROJECT_SOURCE_DIR}/tests/common/fs_label_manager.cpp
- )
-
-#system and local includes
-INCLUDE_DIRECTORIES(SYSTEM ${COMMON_TARGET_DEP_INCLUDE_DIRS})
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/tests/framework/include
- ${PROJECT_SOURCE_DIR}/tests/common
- )
-
-
-#output OBJECT format
-ADD_LIBRARY(${COMMON_TARGET_TEST} ${COMMON_TARGET_TEST_SOURCES})
-
-TARGET_LINK_LIBRARIES(${COMMON_TARGET_TEST} ${COMMON_TARGET_DEP_LIBRARIES}
- dpl-test-framework)
-
-INSTALL (FILES ${PROJECT_SOURCE_DIR}/tests/common/security-tests.conf DESTINATION /etc/dbus-1/system.d)
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file access_provider.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/smack.h>
-
-#include <map>
-
-#include <tests_common.h>
-
-#include <access_provider.h>
-
-namespace SecurityServer {
-
-AccessProvider::AccessProvider(const std::string &mySubject)
- : m_mySubject(mySubject)
-{}
-
-void AccessProvider::allowSS() {
- m_smackAccess.add(m_mySubject, "System::Run", "x");
-}
-
-void AccessProvider::addObjectRule(const std::string &object, const std::string &rule) {
- m_smackAccess.add(m_mySubject, object, rule);
-}
-
-void AccessProvider::apply() {
- m_smackAccess.apply();
-}
-
-void AccessProvider::applyAndSwithToUser(int uid, int gid) {
- RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
- "Error in smack_revoke_subject(" << m_mySubject << ")");
- apply();
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()),
- "Error in smack_set_label_for_self.");
- RUNNER_ASSERT_MSG(0 == setgid(gid),
- "Error in setgid.");
- RUNNER_ASSERT_MSG(0 == setuid(uid),
- "Error in setuid.");
-}
-
-} // namespace SecurityServer
-
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file access_provider.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#ifndef _ACCESS_FOR_DUMMIES_H_
-#define _ACCESS_FOR_DUMMIES_H_
-
-#include <string>
-
-#include <smack_access.h>
-
-namespace SecurityServer {
-
-class AccessProvider {
-public:
- AccessProvider(const std::string &mySubject);
-
- AccessProvider(const AccessProvider &second) = delete;
- AccessProvider& operator=(const AccessProvider &second) = delete;
-
- void addObjectRule(const std::string &object, const std::string &rule);
- void allowSS();
- void apply();
- void applyAndSwithToUser(int uid, int gid);
-
- virtual ~AccessProvider(){}
-private:
- std::string m_mySubject;
- SmackAccess m_smackAccess;
-};
-
-} // namespace SecurityServer
-
-#endif // _ACCESS_FOR_DUMMIES_H_
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db_sqlite.cpp
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests API for sqlite3 database access
- */
-
-#include <tests_common.h>
-#include "db_sqlite.h"
-
-Sqlite3DBase::Sqlite3DBase(const std::string& db_path, int flags)
- : m_db_handle(nullptr), m_db_path(db_path), m_flags(flags)
-{
-}
-
-Sqlite3DBase::~Sqlite3DBase()
-{
- sqlite3_close(m_db_handle);
-}
-
-#define VFS_NOT_USED nullptr
-
-void Sqlite3DBase::open(void)
-{
- if (m_db_handle) //database already opened
- return;
-
- int ret = sqlite3_open_v2(m_db_path.c_str(), &m_db_handle, m_flags, VFS_NOT_USED);
- RUNNER_ASSERT_MSG(m_db_handle, "Error opening the database: Unable to allocate memory.");
- RUNNER_ASSERT_MSG(ret == SQLITE_OK, "Error opening the database: " <<
- sqlite3_errmsg(m_db_handle));
-}
-
-void Sqlite3DBase::close(void)
-{
- int ret = sqlite3_close(m_db_handle);
- RUNNER_ASSERT_MSG(ret == SQLITE_OK, "Error closing the database: " <<
- sqlite3_errmsg(m_db_handle));
-
- m_db_handle = nullptr;
-}
-
-bool Sqlite3DBase::is_open(void) const
-{
- return !!m_db_handle;
-}
-
-void Sqlite3DBase::execute(const std::string& sql_query, Sqlite3DBaseSelectResult& result)
-{
- char* tmp = nullptr;
- std::string errmsg;
-
- int ret = sqlite3_exec(m_db_handle, sql_query.c_str(), callback, &result, &tmp);
- if (tmp) {
- errmsg.assign(tmp);
- }
- sqlite3_free(tmp);
-
- RUNNER_ASSERT_MSG(ret == SQLITE_OK || ret == SQLITE_ABORT, "Error executing statement <" <<
- sql_query << "> : " << errmsg);
-}
-
-int Sqlite3DBase::callback(void* p_result, int cols, char** data, char** header)
-{
- int i;
- Sqlite3DBaseSelectResult* result = static_cast<Sqlite3DBaseSelectResult*>(p_result);
-
- // if this is first record get column names
- if (result->rows.empty()) {
- for (i = 0; i < cols; ++i) {
- result->header.push_back(header[i] ? header[i] : "");
- }
- }
- result->rows.push_back(Sqlite3Row());
- for (i = 0; i < cols; ++i) {
- result->rows.back().push_back(data[i] ? data[i] : "");
- }
- return SQLITE_OK;
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db_sqlite.h
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests API for sqlite3 database access
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_
-#define LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_
-
-#include <vector>
-#include <string>
-#include <sqlite3.h>
-
-/**
- * @def DB_SQLITE_READONLY_FLAG
- * @brief Sqlite3 flag set for opening database in RO mode
- */
-#define DB_SQLITE_READONLY_FLAG SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE \
- | SQLITE_OPEN_READONLY
-
-/**
- * @typedef Sqlite3HeaderName
- * @brief Holds single column name of sqlite select query response.
- */
-typedef std::string Sqlite3HeaderName;
-
-/**
- * @typedef Sqlite3HeaderNameVector
- * @brief Holds column names vector of sqlite select query response.
- */
-typedef std::vector<Sqlite3HeaderName> Sqlite3HeaderNameVector;
-
-/**
- * @typedef Sqlite3RowCell
- * @brief Holds single cell of row of sqlite select query response.
- */
-typedef std::string Sqlite3RowCell;
-
-/**
- * @typedef Sqlite3Row
- * @brief Holds single row of sqlite select query response.
- */
-typedef std::vector<Sqlite3RowCell> Sqlite3Row;
-
-/**
- * @typedef Sqlite3RowVector
- * @brief Holds multiple rows of sqlite select query response.
- */
-typedef std::vector<Sqlite3Row> Sqlite3RowVector;
-
-/**
- * @class Sqlite3DBaseSelectResult
- * @brief Sqlite3 select query response.
- *
- * Fields are public as there is no complicated logic to operate on them
- */
-struct Sqlite3DBaseSelectResult
-{
-/**
- * @var header
- * @brief Sqlite select query column names
- */
- Sqlite3HeaderNameVector header;
-
-/**
- * @var rows
- * @brief Sqlite select query rows vector
- */
- Sqlite3RowVector rows;
-};
-
-
-/**
- * @class Sqlite3DBase
- * @brief Simple interface for executing select statements on sqlite3 database
- *
- * Fields are public as there is no complicated logic to operate on them
- */
-class Sqlite3DBase
-{
-public:
-/**
- * @brief A constructor
- *
- * @param db_path path to database file
- * @param flags sqlite3 flags defining database opening mode
- * (default value DB_SQLITE_READONLY_FLAG)
- */
- Sqlite3DBase(const std::string& db_path, int flags = DB_SQLITE_READONLY_FLAG);
-
-/**
- * @brief A destructor
- */
- ~Sqlite3DBase();
-
-/**
- * @brief Open database.
- *
- * If database is already opened do nothing.
- *
- * @throw DPL::Test::TestRunner::TestFailed when opening database fails
- */
- void open(void);
-
-/**
- * @brief Close database.
- *
- * @throw DPL::Test::TestRunner::TestFailed when closing database fails
- */
- void close(void);
-
-/**
- * @brief Get database connection status.
- *
- * @return true if database is open
- * false if database is closed
- */
- bool is_open(void) const;
-
-/**
- * @brief Execute SQL query on database
- *
- * @param sql_query SQL query
- * @param result returned result
- *
- * @throw DPL::Test::TestRunner::TestFailed when execution of query fails
- */
- void execute(const std::string& sql_query, Sqlite3DBaseSelectResult& result);
-
-private:
-/**
- * @var db_handle
- * @brief Handle to sqlite3 database
- *
- * nullptr when database not opened.
- */
- sqlite3* m_db_handle;
-
-/**
- * @var db_path
- * @brief Path to database file
- */
- std::string m_db_path;
-
-/**
- * @var flags
- * @brief Sqlite3 flags defining database opening mode
- */
- int m_flags;
-
-/**
- * @brief Callback used to aquire results from SQL query
- *
- * It is run by sqlite for every row in query result.
- *
- * @param p_result pointer to private data (Sqlite3DBaseSelectResult)
- * @param cols number of columns in SQL result
- * @param data array of strings containing single row
- * @param header array of strings containing column names
- * @return SQLITE_OK as we always know what to do with data
- */
- static int callback(void* p_result, int cols, char** data, char** header);
-};
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_connection.cpp
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus connection wrapper class source file
- */
-
-#include <dbus_connection.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace DBus
-{
-
-Connection::Connection(DBusBusType busType, bool busPrivate)
- : m_busPrivate(busPrivate)
-{
- DBusError error;
- dbus_error_init(&error);
- ErrorPtr errorPtr(&error);
-
- if (busPrivate)
- m_connection = dbus_bus_get_private(busType, &error);
- else
- m_connection = dbus_bus_get(busType, &error);
- RUNNER_ASSERT_MSG(m_connection != nullptr,
- "Failed to open connection on "
- << (busPrivate ? "private" : "public") << " bus."
- << " Error: " << error.message);
- dbus_connection_set_exit_on_disconnect(m_connection, FALSE);
-}
-
-Connection::~Connection()
-{
- if (m_busPrivate)
- dbus_connection_close(m_connection);
- dbus_connection_unref(m_connection);
-}
-
-void Connection::addMatch(const std::string &rule)
-{
- DBusError error;
- dbus_error_init(&error);
- ErrorPtr errorPtr(&error);
-
- dbus_bus_add_match(m_connection, rule.c_str(), &error);
- RUNNER_ASSERT_MSG(dbus_error_is_set(&error) != TRUE, "Failed to add match."
- << " Rule: " << rule << ";"
- << " Error: " << error.message);
-}
-
-void Connection::addFilter(DBusHandleMessageFunction handleMessageFunction,
- void *userData,
- DBusFreeFunction freeDataFunction)
-{
- if (freeDataFunction == nullptr)
- freeDataFunction = [](void*)->void {};
-
- dbus_bool_t ret = dbus_connection_add_filter(m_connection,
- handleMessageFunction,
- userData,
- freeDataFunction);
- RUNNER_ASSERT_MSG(ret == TRUE, "Failed to add filter. Not enough memory");
-}
-
-void Connection::readWriteDispatch()
-{
- dbus_bool_t ret = dbus_connection_read_write_dispatch(m_connection, -1);
- RUNNER_ASSERT_MSG(ret == TRUE, "Failed to read write dispatch. Disconnect message has been processed");
-}
-
-void Connection::flush()
-{
- dbus_connection_flush(m_connection);
-}
-
-void Connection::requestName(const std::string &name)
-{
- DBusError error;
- dbus_error_init(&error);
- ErrorPtr errorPtr(&error);
-
- int ret = dbus_bus_request_name(m_connection,
- name.c_str(),
- DBUS_NAME_FLAG_REPLACE_EXISTING | DBUS_NAME_FLAG_DO_NOT_QUEUE,
- &error);
- switch (ret)
- {
- case DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER:
- case DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER:
- return;
- case DBUS_REQUEST_NAME_REPLY_EXISTS:
- RUNNER_FAIL_MSG("Failed to request name."
- << " Name: " << name << ";"
- << " Owner did not specified DBUS_NAME_FLAG_ALLOW_REPLACEMENT flag");
- case -1:
- RUNNER_FAIL_MSG("Failed to request name."
- << " Name: " << name << ";"
- << " Error: " << error.message);
- default: // DBUS_REQUEST_NAME_REPLY_IN_QUEUE
- RUNNER_FAIL_MSG("Should not happen");
- }
-}
-
-MessageIn Connection::sendWithReplyAndBlock(const MessageOut &messageOut)
-{
- DBusError error;
- dbus_error_init(&error);
- ErrorPtr errorPtr(&error);
-
- DBusMessage *messageRecv = dbus_connection_send_with_reply_and_block(m_connection,
- messageOut.getMessage(),
- -1,
- &error);
- RUNNER_ASSERT_MSG(messageRecv != nullptr, "Failed to send with reply and block. "
- << "Error: " << error.message);
- return MessageIn(messageRecv);
-}
-
-} // namespace DBus
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_connection.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus connection wrapper class header
- */
-
-#ifndef COMMON_DBUS_CONNECTION_H
-#define COMMON_DBUS_CONNECTION_H
-
-#include <dbus/dbus.h>
-
-#include <dbus_message_in.h>
-#include <dbus_message_out.h>
-#include <memory.h>
-
-#include <string>
-
-namespace DBus
-{
-
-DEFINE_SMARTPTR(dbus_error_free, DBusError, ErrorPtr);
-
-class Connection
-{
-public:
- Connection(DBusBusType busType, bool privateGet);
- Connection(const Connection &other) = delete;
- ~Connection();
-
- Connection& operator=(const Connection &other) = delete;
-
- void addMatch(const std::string &rule);
- void addFilter(DBusHandleMessageFunction handleMessageFunction,
- void *userData,
- DBusFreeFunction freeDataFunction = nullptr);
- void readWriteDispatch();
- void flush();
- void requestName(const std::string &name);
- MessageIn sendWithReplyAndBlock(const MessageOut &messageOut);
-
-private:
- DBusConnection *m_connection;
- bool m_busPrivate;
-};
-
-} // namespace DBus
-
-#endif // COMMON_DBUS_CONNECTION_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_message_in.cpp
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus incoming message wrapper class source file
- */
-
-#include <dbus_message_in.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace DBus
-{
-
-MessageIn::MessageIn(DBusMessage *message, bool ref)
- : m_message(message)
-{
- RUNNER_ASSERT(m_message != nullptr);
- if (ref)
- dbus_message_ref(m_message);
-}
-
-MessageIn::MessageIn(MessageIn &&other)
- : m_message(other.m_message)
-{
- other.m_message = nullptr;
-}
-
-MessageIn::~MessageIn()
-{
- if (m_message != nullptr)
- dbus_message_unref(m_message);
-}
-
-int MessageIn::getType()
-{
- return dbus_message_get_type(m_message);
-}
-
-bool MessageIn::isMethodCall(const std::string &interface, const std::string &method)
-{
- dbus_bool_t ret = dbus_message_is_method_call(m_message,
- interface.c_str(),
- method.c_str());
- return ret == TRUE;
-}
-
-bool MessageIn::isSignal(const std::string &interface, const std::string &signalName)
-{
- dbus_bool_t ret = dbus_message_is_signal(m_message,
- interface.c_str(),
- signalName.c_str());
- return ret == TRUE;
-}
-
-bool MessageIn::isError(const std::string &errorName)
-{
- dbus_bool_t ret = dbus_message_is_error(m_message,
- errorName.c_str());
- return ret == TRUE;
-}
-
-MessageIn::Iterator MessageIn::iterInit()
-{
- return Iterator(this->m_message);
-}
-
-MessageIn::Iterator::Iterator(DBusMessage* message)
-{
- dbus_message_iter_init(message, &m_iterator);
-}
-
-MessageIn::Iterator::Iterator(DBusMessageIter *iteratorOver)
-{
- dbus_message_iter_recurse(iteratorOver, &m_iterator);
-}
-
-bool MessageIn::Iterator::next()
-{
- return dbus_message_iter_next(&m_iterator) != FALSE;
-}
-
-void MessageIn::Iterator::expectNext()
-{
- RUNNER_ASSERT_MSG(next(), "No next argument in message");
-}
-
-int MessageIn::Iterator::getArgType()
-{
- return dbus_message_iter_get_arg_type(&m_iterator);
-}
-
-void MessageIn::Iterator::expectArgType(int argType)
-{
- int argTypeActual = getArgType();
- RUNNER_ASSERT_MSG(argTypeActual == argType, "Wrong argument type in message"
- << " Actual: " << argTypeActual
- << " Expected: " << argType);
-}
-
-void MessageIn::Iterator::expectArgTypeValid()
-{
- RUNNER_ASSERT_MSG(getArgType() != DBUS_TYPE_INVALID, "Invalid argument type in message");
-}
-
-char MessageIn::Iterator::getArgChar()
-{
- return getArg<char>();
-}
-
-bool MessageIn::Iterator::getArgBool()
-{
- dbus_bool_t value;
- dbus_message_iter_get_basic(&m_iterator, &value);
- return value != FALSE;
-}
-
-int16_t MessageIn::Iterator::getArgInt16()
-{
- return getArg<int16_t>();
-}
-
-uint16_t MessageIn::Iterator::getArgUint16()
-{
- return getArg<uint16_t>();
-}
-
-int32_t MessageIn::Iterator::getArgInt32()
-{
- return getArg<int32_t>();
-}
-
-uint32_t MessageIn::Iterator::getArgUint32()
-{
- return getArg<uint32_t>();
-}
-
-int64_t MessageIn::Iterator::getArgInt64()
-{
- return getArg<int64_t>();
-}
-
-uint64_t MessageIn::Iterator::getArgUint64()
-{
- return getArg<uint64_t>();
-}
-
-double MessageIn::Iterator::getArgDouble()
-{
- return getArg<double>();
-}
-
-std::string MessageIn::Iterator::getArgString()
-{
- char *value;
- dbus_message_iter_get_basic(&m_iterator, &value);
- return std::string(value);
-}
-
-MessageIn::Iterator MessageIn::Iterator::recurse()
-{
- return Iterator(&(this->m_iterator));
-}
-
-} // namespace DBus
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_message_in.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus incoming message wrapper class header
- */
-
-#ifndef COMMON_DBUS_MESSAGE_IN_H
-#define COMMON_DBUS_MESSAGE_IN_H
-
-#include <dbus/dbus.h>
-
-#include <cstdint>
-#include <string>
-
-namespace DBus
-{
-
-class MessageIn
-{
-public:
- MessageIn(DBusMessage *message, bool ref = false);
- MessageIn(const MessageIn &other) = delete;
- MessageIn(MessageIn &&other);
- ~MessageIn();
-
- MessageIn& operator=(const MessageIn &other) = delete;
-
- int getType();
- bool isMethodCall(const std::string &interface, const std::string &method);
- bool isSignal(const std::string &interface, const std::string &signalName);
- bool isError(const std::string &errorName);
-
- class Iterator
- {
- public:
- friend class MessageIn;
-
- bool next();
- void expectNext();
- int getArgType();
- void expectArgType(int argType);
- void expectArgTypeValid();
- char getArgChar();
- bool getArgBool();
- int16_t getArgInt16();
- uint16_t getArgUint16();
- int32_t getArgInt32();
- uint32_t getArgUint32();
- int64_t getArgInt64();
- uint64_t getArgUint64();
- double getArgDouble();
- std::string getArgString();
- Iterator recurse();
-
- private:
- template<class T>
- T getArg() {
- T value;
- dbus_message_iter_get_basic(&m_iterator, &value);
- return value;
- }
-
- // sub constructor
- Iterator(DBusMessageIter *iteratorOver);
- // message constructor
- Iterator(DBusMessage *message);
- DBusMessageIter m_iterator;
- };
-
- Iterator iterInit();
-
-private:
- DBusMessage *m_message;
-};
-
-} // namespace DBus
-
-#endif // COMMON_DBUS_MESSAGE_IN_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_message_out.cpp
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus outgoing message wrapper class source file
- */
-
-#include <dbus_message_out.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace DBus
-{
-
-MessageOut::MessageOut(const std::string &destination,
- const std::string &path,
- const std::string &interface,
- const std::string &method)
-{
- m_message = dbus_message_new_method_call(destination.c_str(),
- path.c_str(),
- interface.c_str(),
- method.c_str());
- RUNNER_ASSERT_MSG(nullptr != m_message,
- "Failed to create new method call. Not enough memory");
-}
-
-MessageOut::MessageOut(MessageOut &&other)
- : m_message(other.m_message)
-{
- other.m_message = nullptr;
-}
-
-MessageOut::~MessageOut()
-{
- if (m_message != nullptr)
- dbus_message_unref(m_message);
-}
-
-DBusMessage* MessageOut::getMessage() const
-{
- return m_message;
-}
-
-void MessageOut::append(bool b)
-{
- DBusMessageIter iter;
- dbus_message_iter_init_append(m_message, &iter);
-
- dbus_bool_t bArg = b ? TRUE : FALSE;
- dbus_bool_t ret = dbus_message_iter_append_basic(&iter,
- DBUS_TYPE_BOOLEAN,
- &bArg);
- RUNNER_ASSERT_MSG(ret != FALSE, "Failed to append basic boolean. Not enough memory");
-}
-
-void MessageOut::append(const char *cstr)
-{
- DBusMessageIter iter;
- dbus_message_iter_init_append(m_message, &iter);
-
- dbus_bool_t ret = dbus_message_iter_append_basic(&iter,
- DBUS_TYPE_STRING,
- &cstr);
- RUNNER_ASSERT_MSG(ret != FALSE, "Failed to append basic string. Not enough memory");
-}
-
-void MessageOut::append(const std::string &str)
-{
- append(str.c_str());
-}
-
-void MessageOut::append(const std::vector<std::string> &strs)
-{
- DBusMessageIter iter;
- dbus_message_iter_init_append(m_message, &iter);
-
- DBusMessageIter subIter;
- dbus_bool_t ret = dbus_message_iter_open_container(&iter,
- DBUS_TYPE_ARRAY,
- DBUS_TYPE_STRING_AS_STRING,
- &subIter);
- RUNNER_ASSERT_MSG(ret != FALSE, "Failed to open container. Not enough memory");
- for (const auto &str : strs) {
- const char *cstr = str.c_str();
- ret = dbus_message_iter_append_basic(&subIter, DBUS_TYPE_STRING, &cstr);
- if (ret == FALSE) {
- dbus_message_iter_abandon_container(&iter, &subIter);
- RUNNER_FAIL_MSG("Failed to append basic string. Not enough memory");
- }
- }
- ret = dbus_message_iter_close_container(&iter, &subIter);
- RUNNER_ASSERT_MSG(ret != FALSE, "Failed to close container. Not enough memory");
-}
-
-} // namespace DBus
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_message_out.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus outgoing message wrapper class header
- */
-
-#ifndef COMMON_DBUS_MESSAGE_OUT_H
-#define COMMON_DBUS_MESSAGE_OUT_H
-
-#include <dbus/dbus.h>
-
-#include <string>
-#include <vector>
-
-namespace DBus
-{
-
-class MessageOut
-{
-public:
- MessageOut(const std::string &destination,
- const std::string &path,
- const std::string &interface,
- const std::string &method);
- MessageOut(const MessageOut &other) = delete;
- MessageOut(MessageOut &&other);
- ~MessageOut();
-
- MessageOut& operator=(const MessageOut &other) = delete;
-
- DBusMessage* getMessage() const;
-
- void append(bool b);
- void append(const char *cstr);
- void append(const std::string &str);
- void append(const std::vector<std::string> &strs);
-
-private:
- DBusMessage *m_message;
-};
-
-} // namespace DBus
-
-#endif // COMMON_DBUS_MESSAGE_OUT_H
+++ /dev/null
-#include <fs_label_manager.h>
-
-#include <tests_common.h>
-#include <memory.h>
-
-#include <unistd.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/mount.h>
-#include <sys/xattr.h>
-#include <linux/xattr.h>
-
-
-namespace
-{
-static const char* get_xattr_name(enum smack_label_type type)
-{
- switch (type) {
- case SMACK_LABEL_ACCESS:
- return XATTR_NAME_SMACK;
- case SMACK_LABEL_EXEC:
- return XATTR_NAME_SMACKEXEC;
- case SMACK_LABEL_MMAP:
- return XATTR_NAME_SMACKMMAP;
- case SMACK_LABEL_TRANSMUTE:
- return XATTR_NAME_SMACKTRANSMUTE;
- case SMACK_LABEL_IPIN:
- return XATTR_NAME_SMACKIPIN;
- case SMACK_LABEL_IPOUT:
- return XATTR_NAME_SMACKIPOUT;
- default:
- /* Should not reach this point */
- return nullptr;
- }
-}
-}
-
-FsLabelManager::FsLabelManager(const std::string &path, const std::string &label)
- : m_path(path)
- , m_label(label)
-{
- umount(m_path.c_str());
- rmdir(m_path.c_str());
-
- std::string data = std::string("mode=0777,uid=0,smackfsdef=") + label;
-
- int ret = mkdir(path.c_str(), S_IRWXU | S_IRWXG | S_IRWXO);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to make directory");
-
- ret = mount("none", path.c_str(), "tmpfs", 0, data.c_str());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to mount filesystem");
-
- if (m_path[m_path.length()-1] != '/')
- m_path += '/';
-}
-
-FsLabelManager::~FsLabelManager()
-{
- umount(m_path.c_str());
- rmdir(m_path.c_str());
-}
-
-void FsLabelManager::createFile(const std::string &relativePath)
-{
- std::string path = m_path + relativePath;
-
- mode_t systemMask = umask(0000);
- int fd = open(path.c_str(), O_RDWR | O_CREAT | O_TRUNC, S_IRWXU | S_IRWXG | S_IRWXO);
- umask(systemMask);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests");
-
- close(fd);
-
- int ret = chown(path.c_str(), APP_UID, APP_GID);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
-}
-
-void FsLabelManager::createLink(const std::string &relativeLinkPath, const std::string &relativeRealPath)
-{
- std::string linkPath = m_path + relativeLinkPath;
- std::string realPath = m_path + relativeRealPath;
-
- int ret = unlink(linkPath.c_str());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0 || errno == ENOENT, "Unable to unlink file");
-
- ret = symlink(realPath.c_str(), linkPath.c_str());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to create symlink");
-
- ret = lchown(linkPath.c_str(), APP_UID, APP_GID);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
-}
-
-void FsLabelManager::testSmackSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
-
- int ret = smack_setlabel(path.c_str(), label, labelType);
- RUNNER_ASSERT_MSG(ret == 0, "Error in normal setting label " << label);
-
- checkLabel(path, label, labelType);
-}
-
-void FsLabelManager::testSmackLSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
-
- int ret = smack_lsetlabel(path.c_str(), label, labelType);
- RUNNER_ASSERT_MSG(ret == 0, "Error in link setting label " << label);
-
- checkLinkLabel(path, label, labelType);
-}
-
-void FsLabelManager::testSmackFSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
-
- int fd = open(path.c_str(), O_WRONLY);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to open file");
-
- int ret = smack_fsetlabel(fd, label, labelType);
- close(fd);
- RUNNER_ASSERT_MSG(ret == 0, "Error in fd setting " << label);
-
- checkLabel(path, label, labelType);
-}
-
-void FsLabelManager::testSmackGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
-
- char *tmpLabel;
- int ret = smack_getlabel(path.c_str(), &tmpLabel, labelType);
- RUNNER_ASSERT_MSG(ret == 0, "Error in normal getting label");
- SmackLabelPtr labelPtr(tmpLabel);
-
- if (label == nullptr && !m_label.compare(tmpLabel))
- return;
- RUNNER_ASSERT_MSG(label != nullptr, "Path should be related with file system default label. "
- << tmpLabel << " != " << m_label);
-
- ret = strcmp(tmpLabel, label);
- RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label);
-
- checkLabel(path, tmpLabel, labelType);
-}
-
-void FsLabelManager::testSmackLGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
-
- char *tmpLabel;
- int ret = smack_lgetlabel(path.c_str(), &tmpLabel, labelType);
- RUNNER_ASSERT_MSG(ret == 0, "Error in link getting label");
- SmackLabelPtr labelPtr(tmpLabel);
-
- if (label == nullptr && !m_label.compare(tmpLabel))
- return;
- RUNNER_ASSERT_MSG(label != nullptr, "Path should be related with file system default label. "
- << tmpLabel << " != " << m_label);
-
- ret = strcmp(tmpLabel, label);
- RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label);
-
- checkLinkLabel(path, tmpLabel, labelType);
-}
-
-void FsLabelManager::testSmackFGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
- int fd = open(path.c_str(), O_WRONLY);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to open file");
-
- char *tmpLabel;
- int ret = smack_fgetlabel(fd, &tmpLabel, labelType);
- close(fd);
- RUNNER_ASSERT_MSG(ret == 0, "Error in fd getting label");
- SmackLabelPtr labelPtr(tmpLabel);
-
- if (label == nullptr && !m_label.compare(tmpLabel))
- return;
- RUNNER_ASSERT_MSG(label != nullptr, "Fd should be related with file system default label. "
- << tmpLabel << " != " << m_label);
-
- ret = strcmp(tmpLabel, label);
- RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label);
-
- checkLabel(path, tmpLabel, labelType);
-}
-
-void FsLabelManager::testSmackClearLabels(const std::string &relativePath)
-{
- testSmackSetLabel(relativePath, nullptr, SMACK_LABEL_ACCESS);
- testSmackGetLabel(relativePath, nullptr, SMACK_LABEL_ACCESS);
- testSmackSetLabel(relativePath, nullptr, SMACK_LABEL_EXEC);
- testSmackGetLabel(relativePath, nullptr, SMACK_LABEL_EXEC);
-}
-
-void FsLabelManager::checkLabel(const std::string &path,
- const char *label,
- enum smack_label_type labelType)
-{
- char buf[SMACK_LABEL_LEN+2] = { 0, };
- int ret = getxattr(path.c_str(), get_xattr_name(labelType), buf, SMACK_LABEL_LEN+1);
- RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Error in getting xattr");
-
- const char *tmpLabel;
- if (label == nullptr)
- tmpLabel = m_label.c_str();
- else
- tmpLabel = label;
-
- ret = strncmp(tmpLabel, buf, SMACK_LABEL_LEN+1);
- RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << buf);
-}
-
-void FsLabelManager::checkLinkLabel(const std::string &path,
- const char *label,
- enum smack_label_type labelType)
-{
- char buf[SMACK_LABEL_LEN+2] = { 0, };
- int ret = lgetxattr(path.c_str(), get_xattr_name(labelType), buf, SMACK_LABEL_LEN+1);
- RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Error in getting xattr");
-
- const char *tmpLabel;
- if (label == nullptr)
- tmpLabel = m_label.c_str();
- else
- tmpLabel = label;
-
- ret = strncmp(tmpLabel, buf, SMACK_LABEL_LEN+1);
- RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << buf);
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file fs_label_manager.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Class for environment operations on file system.
- */
-#ifndef _FS_LABEL_MANAGER_H_
-#define _FS_LABEL_MANAGER_H_
-
-#include <string>
-#include <sys/smack.h>
-
-class FsLabelManager
-{
-public:
- FsLabelManager() = delete;
- FsLabelManager(const std::string &path, const std::string &label);
- FsLabelManager(const FsLabelManager &second) = delete;
- FsLabelManager& operator=(FsLabelManager &second) = delete;
-
- virtual ~FsLabelManager();
-
- void createFile(const std::string &relativePath);
- void createLink(const std::string &relativeLinkPath, const std::string &relativeRealPath);
-
- void testSmackSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
- void testSmackLSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
- void testSmackFSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
-
- void testSmackGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
- void testSmackLGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
- void testSmackFGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
-
- void testSmackClearLabels(const std::string &relativePath);
-
-private:
- void checkLabel(const std::string &path,
- const char *label,
- enum smack_label_type labelType);
- void checkLinkLabel(const std::string &path,
- const char *label,
- enum smack_label_type labelType);
-
- std::string m_path;
- std::string m_label;
-};
-
-#endif // _FS_LABEL_MANAGER_H_
+++ /dev/null
-#include <memory.h>
-#include <unistd.h>
-
-void closePtr(int *p) {
- close(*p);
-}
+++ /dev/null
-#ifndef MEMORY_H
-#define MEMORY_H
-
-#include <memory>
-#include <sys/smack.h>
-#include <dirent.h>
-#include <glob.h>
-
-#define DEFINE_SMARTPTR(func, type, name) \
- struct deleter_##func { \
- void operator()(type* p) {\
- func(p); \
- } \
- }; \
- \
- typedef std::unique_ptr<type, deleter_##func> name;
-
-// Custom freeing functions
-
-void closePtr(int *fd);
-
-// Defining specializations of unique_ptr
-
-DEFINE_SMARTPTR(free, char, CStringPtr);
-DEFINE_SMARTPTR(closePtr, int, FdUniquePtr);
-DEFINE_SMARTPTR(smack_accesses_free, smack_accesses, SmackAccessesPtr);
-DEFINE_SMARTPTR(closedir, DIR, DirPtr);
-DEFINE_SMARTPTR(globfree, glob_t, GlobPtr);
-
-// Custom typedefs
-
-typedef FdUniquePtr SockUniquePtr;
-typedef CStringPtr SmackLabelPtr;
-typedef CStringPtr CookieUniquePtr;
-
-#endif // MEMORY_H
+++ /dev/null
-<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
- <!-- Only root can own this service -->
- <policy user="root">
- <allow own="tests.dbus.client"/>
- <allow own="test.method.caller"/>
- <allow own="test.method.server"/>
- </policy>
-</busconfig>
+++ /dev/null
-/*
- * Copyright (c) 2013-2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file service_manager.cpp
- * @author Zbigniew Jasinski <z.jasinski@samsung.com>
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
- * @version 1.1
- * @brief Definition of service control class using dbus interface to communicate with systemd
- */
-
-#include <service_manager.h>
-
-#include <dpl/test/test_runner.h>
-
-#include <sstream>
-#include <unistd.h>
-#include <vector>
-
-namespace {
-
-const std::string DBUS_CLIENT_NAME("tests.dbus.client");
-const std::string DBUS_PROPERTIES_INTERFACE("org.freedesktop.DBus.Properties");
-const std::string SYSTEMD_DESTINATION("org.freedesktop.systemd1");
-const std::string SYSTEMD_PATH("/org/freedesktop/systemd1");
-const std::string SYSTEMD_MANAGER_INTERFACE("org.freedesktop.systemd1.Manager");
-const std::string SYSTEMD_SERVICE_INTERFACE("org.freedesktop.systemd1.Service");
-
-const std::string MATCH_JOB_REMOVED("JobRemoved");
-const std::string MATCH_JOB_NEW("JobNew");
-const std::string MATCH_RELOADING("Reloading");
-
-}
-
-ServiceManager::ServiceManager(const std::string &serviceName)
- : m_connection(DBUS_BUS_SYSTEM, true)
- , m_serviceName(serviceName)
-{
- addBusMatch(MATCH_JOB_REMOVED);
- addBusMatch(MATCH_JOB_NEW);
- addBusMatch(MATCH_RELOADING);
- m_connection.flush();
- m_connection.addFilter(messageHandler,
- reinterpret_cast<void*>(this));
- subscribeSignals();
- m_connection.requestName(DBUS_CLIENT_NAME);
- getUnitPath();
-}
-
-void ServiceManager::addBusMatch(const std::string &member)
-{
- std::ostringstream rule;
- rule << "type='signal',"
- << "sender='" << SYSTEMD_DESTINATION << "',"
- << "interface='" << SYSTEMD_MANAGER_INTERFACE << "',"
- << "member='" << member << "',"
- << "path='" << SYSTEMD_PATH << "'";
-
- m_connection.addMatch(rule.str());
-}
-
-void ServiceManager::subscribeSignals()
-{
- DBus::MessageOut messageOut = newMethodCall("Subscribe");
- m_connection.sendWithReplyAndBlock(messageOut);
-}
-
-void ServiceManager::reloadDbusManager()
-{
- DBus::MessageOut messageOut = newMethodCall("Reload");
- m_connection.sendWithReplyAndBlock(messageOut);
- m_runningJobs.insert(MATCH_RELOADING);
-}
-
-void ServiceManager::getUnitPath()
-{
- DBus::MessageOut messageOut = newMethodCall("GetUnit");
- messageOut.append(m_serviceName);
- DBus::MessageIn messageIn = m_connection.sendWithReplyAndBlock(messageOut);
- m_unitPath = handleObjectPathMsgReply(messageIn);
-}
-
-DBus::MessageOut ServiceManager::newMethodCall(const std::string &method)
-{
- return DBus::MessageOut(SYSTEMD_DESTINATION.c_str(),
- SYSTEMD_PATH.c_str(),
- SYSTEMD_MANAGER_INTERFACE.c_str(),
- method.c_str());
-}
-
-std::string ServiceManager::handleObjectPathMsgReply(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
- iterator.expectArgType(DBUS_TYPE_OBJECT_PATH);
- return iterator.getArgString();
-}
-
-uint32_t ServiceManager::handleVariantUIntMsgReply(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
- iterator.expectArgType(DBUS_TYPE_VARIANT);
- DBus::MessageIn::Iterator iteratorSub = iterator.recurse();
- iteratorSub.expectArgType(DBUS_TYPE_UINT32);
- return iteratorSub.getArgUint32();
-}
-
-uint64_t ServiceManager::handleVariantUInt64MsgReply(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
- iterator.expectArgType(DBUS_TYPE_VARIANT);
- DBus::MessageIn::Iterator iteratorSub = iterator.recurse();
- iteratorSub.expectArgType(DBUS_TYPE_UINT64);
- return iteratorSub.getArgUint64();
-}
-
-void ServiceManager::sendToService(const std::string &method)
-{
- DBus::MessageOut messageOut = newMethodCall(method);
- messageOut.append(m_serviceName);
- messageOut.append("fail");
- DBus::MessageIn messageIn = m_connection.sendWithReplyAndBlock(messageOut);
- m_runningJobs.insert(handleObjectPathMsgReply(messageIn));
-}
-
-void ServiceManager::sendMaskToService()
-{
- const std::vector<std::string> mask(1, m_serviceName);
- DBus::MessageOut messageOut = newMethodCall("MaskUnitFiles");
- messageOut.append(mask);
- messageOut.append(true);
- messageOut.append(true);
- m_connection.sendWithReplyAndBlock(messageOut);
-}
-
-void ServiceManager::sendUnmaskToService()
-{
- const std::vector<std::string> mask(1, m_serviceName);
- DBus::MessageOut messageOut = newMethodCall("UnmaskUnitFiles");
- messageOut.append(mask);
- messageOut.append(true);
- m_connection.sendWithReplyAndBlock(messageOut);
-}
-
-DBus::MessageIn ServiceManager::sendPropertyGetMsg(const std::string &interface,
- const std::string &property)
-{
- DBus::MessageOut messageOut(SYSTEMD_DESTINATION,
- m_unitPath,
- DBUS_PROPERTIES_INTERFACE,
- "Get");
- messageOut.append(interface);
- messageOut.append(property);
- return m_connection.sendWithReplyAndBlock(messageOut);
-}
-
-uint32_t ServiceManager::getUIntProperty(const std::string &interface,
- const std::string &property)
-{
- DBus::MessageIn messageIn = sendPropertyGetMsg(interface, property);
- return handleVariantUIntMsgReply(messageIn);
-}
-
-uint64_t ServiceManager::getUInt64Property(const std::string &interface,
- const std::string &property)
-{
- DBus::MessageIn messageIn = sendPropertyGetMsg(interface, property);
- return handleVariantUInt64MsgReply(messageIn);
-}
-
-void ServiceManager::sendResetFailedToService()
-{
- DBus::MessageOut messageOut = newMethodCall("ResetFailedUnit");
- messageOut.append(m_serviceName);
- m_connection.sendWithReplyAndBlock(messageOut);
-}
-
-DBusHandlerResult ServiceManager::messageHandler(DBusConnection *conn, DBusMessage *msg, void *t)
-{
- (void) conn;
- ServiceManager* self = reinterpret_cast<ServiceManager*>(t);
-
- DBus::MessageIn messageIn(msg, true);
- if (messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_JOB_REMOVED))
- self->signalJobRemovedHandler(messageIn);
- else if(messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_JOB_NEW))
- self->signalJobNewHandler(messageIn);
- else if(messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_RELOADING))
- self->signalReloadingHandler(messageIn);
-
- return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-}
-
-void ServiceManager::signalJobRemovedHandler(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
-
- iterator.expectArgType(DBUS_TYPE_UINT32);
- uint32_t id = iterator.getArgUint32();
- iterator.expectNext();
-
- iterator.expectArgType(DBUS_TYPE_OBJECT_PATH);
- std::string path = iterator.getArgString();
- iterator.expectNext();
-
- iterator.expectArgType(DBUS_TYPE_STRING);
- std::string unit = iterator.getArgString();
- iterator.expectNext();
-
- iterator.expectArgType(DBUS_TYPE_STRING);
- std::string result = iterator.getArgString();
-
- if(m_serviceName == unit) {
- RUNNER_ASSERT_MSG(result == "done" || result == "canceled",
- "RemoveJob signal delivered bad news. Job wasn't completed successfully: "
- << "expected job results = {done, canceled}, "
- << "received job result = " << result << ", "
- << "for job with id = " << id << ", "
- << "and path = " << path);
- m_runningJobs.erase(path);
- }
-}
-
-void ServiceManager::signalJobNewHandler(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
-
- iterator.expectArgTypeValid();
- iterator.expectNext();
-
- iterator.expectArgType(DBUS_TYPE_OBJECT_PATH);
- std::string path = iterator.getArgString();
- iterator.expectNext();
-
- iterator.expectArgType(DBUS_TYPE_STRING);
- std::string unit = iterator.getArgString();
-
- if(m_serviceName == unit)
- m_runningJobs.insert(path);
-}
-
-void ServiceManager::signalReloadingHandler(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
-
- iterator.expectArgType(DBUS_TYPE_BOOLEAN);
- bool active = iterator.getArgBool();
-
- if (active)
- m_runningJobs.insert(MATCH_RELOADING);
- else
- m_runningJobs.erase(MATCH_RELOADING);
-}
-
-void ServiceManager::waitForRunningJobsFinish()
-{
- while (!m_runningJobs.empty())
- m_connection.readWriteDispatch();
-}
-
-void ServiceManager::startService()
-{
- sendToService("StartUnit");
- waitForRunningJobsFinish();
- sendResetFailedToService();
-}
-
-void ServiceManager::stopService()
-{
- sendToService("StopUnit");
- waitForRunningJobsFinish();
- sendResetFailedToService();
-}
-
-void ServiceManager::restartService()
-{
- sendToService("RestartUnit");
- waitForRunningJobsFinish();
- sendResetFailedToService();
-}
-
-pid_t ServiceManager::getServicePid()
-{
- return static_cast<pid_t>(getUIntProperty(SYSTEMD_SERVICE_INTERFACE, "MainPID"));
-}
-
-timeval ServiceManager::getServiceStartTimestamp() {
- uint64_t timestamp = getUInt64Property(SYSTEMD_SERVICE_INTERFACE,
- "ExecMainStartTimestamp");
- return {static_cast<long>(timestamp / 1000000), static_cast<long>(timestamp % 1000000)};
-}
-
-void ServiceManager::maskService()
-{
- sendMaskToService();
- reloadDbusManager();
- waitForRunningJobsFinish();
- sendResetFailedToService();
-}
-
-void ServiceManager::unmaskService()
-{
- sendUnmaskToService();
- reloadDbusManager();
- waitForRunningJobsFinish();
- sendResetFailedToService();
-}
+++ /dev/null
-/*
- * Copyright (c) 2013-2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file service_manager.h
- * @author Zbigniew Jasinski <z.jasinski@samsung.com>
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @author Marcin Niesluchowski <m.niesluchow@samsungcom>
- * @version 1.1
- * @brief Declaration of service control class using dbus interface to communicate with systemd
- */
-
-#ifndef COMMON_SERVICE_MANAGER_H
-#define COMMON_SERVICE_MANAGER_H
-
-#include <dbus/dbus.h>
-
-#include <dbus_connection.h>
-#include <dbus_message_in.h>
-#include <dbus_message_out.h>
-
-#include <cstdint>
-#include <set>
-#include <string>
-
-class ServiceManager {
-public:
- ServiceManager() = delete;
- ServiceManager(const std::string &serviceName);
- ~ServiceManager() = default;
-
- void startService();
- void stopService();
- void restartService();
- pid_t getServicePid();
- timeval getServiceStartTimestamp();
- void maskService();
- void unmaskService();
-
-private:
- void addBusMatch(const std::string &member);
- void subscribeSignals();
- void reloadDbusManager();
- void getUnitPath();
- DBus::MessageOut newMethodCall(const std::string &method);
- std::string handleObjectPathMsgReply(DBus::MessageIn &messageIn);
- uint32_t handleVariantUIntMsgReply(DBus::MessageIn &messageIn);
- uint64_t handleVariantUInt64MsgReply(DBus::MessageIn &messageIn);
-
- void sendToService(const std::string &method);
- void sendMaskToService();
- void sendUnmaskToService();
- DBus::MessageIn sendPropertyGetMsg(const std::string &interface, const std::string &property);
- uint32_t getUIntProperty(const std::string &interface, const std::string &property);
- uint64_t getUInt64Property(const std::string &interface, const std::string &property);
- void sendResetFailedToService();
-
- static DBusHandlerResult messageHandler(DBusConnection *conn, DBusMessage *msg, void *t);
- void signalJobRemovedHandler(DBus::MessageIn &messageIn);
- void signalJobNewHandler(DBus::MessageIn &messageIn);
- void signalReloadingHandler(DBus::MessageIn &messageIn);
- void waitForRunningJobsFinish();
-
- DBus::Connection m_connection;
-
- const std::string m_serviceName;
- std::string m_unitPath;
-
- std::set<std::string> m_runningJobs;
-};
-
-#endif // COMMON_SERVICE_MANAGER_H
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file smack_access.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-
-#include <sys/smack.h>
-
-#include <tests_common.h>
-
-#include <smack_access.h>
-
-SmackAccess::SmackAccess()
- : m_handle(nullptr)
-{
- RUNNER_ASSERT_MSG(0 == smack_accesses_new(&m_handle),
- "Error in smack_accesses_new");
-}
-
-void SmackAccess::add(
- const std::string &subject,
- const std::string &object,
- const std::string &rights)
-{
- RUNNER_ASSERT_MSG(0 == smack_accesses_add(m_handle,
- subject.c_str(),
- object.c_str(),
- rights.c_str()),
- "Error in smack_accesses_add.");
-}
-
-void SmackAccess::apply() {
- RUNNER_ASSERT_MSG(0 == smack_accesses_apply(m_handle),
- "Error in smack_accessses_apply.");
-}
-
-SmackAccess::~SmackAccess() {
- if (m_handle)
- smack_accesses_free(m_handle);
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file smack_access.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#ifndef _SMACK_ACCESS_H_
-#define _SMACK_ACCESS_H_
-
-#include <string>
-
-struct smack_accesses;
-
-class SmackAccess {
-public:
- SmackAccess();
- SmackAccess(const SmackAccess &second) = delete;
- SmackAccess& operator=(SmackAccess &second) = delete;
-
- void add(const std::string &subject,
- const std::string &object,
- const std::string &rights);
- void apply();
- virtual ~SmackAccess();
-private:
- struct smack_accesses *m_handle;
-};
-
-#endif // _SMACK_ACCESS_H_
-
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file tests_common.cpp
- * @author Lukasz Kostyra (l.kostyra@partner.samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-
-#include "tests_common.h"
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <grp.h>
-#include <errno.h>
-#include <vector>
-#include <algorithm>
-
-int DB::Transaction::db_result = PC_OPERATION_SUCCESS;
-
-const char *WGT_APP_ID = "QwCqJ0ttyS";
-
-int smack_runtime_check(void)
-{
- static int smack_present = -1;
- if (-1 == smack_present) {
- if (smack_smackfs_path()) {
- smack_present = 1;
- } else {
- smack_present = 0;
- }
- }
- return smack_present;
-}
-
-int smack_check(void)
-{
-#ifndef WRT_SMACK_ENABLED
- return 0;
-#else
- return smack_runtime_check();
-#endif
-}
-
-/**
- * Dropping root privileges
- * returns 0 on success, 1 on error
- */
-int drop_root_privileges(uid_t appUid, gid_t appGid)
-{
- if (getuid() == 0) {
- /* process is running as root, drop privileges */
- if (setgid(appGid) != 0)
- return 1;
- if (setuid(appUid) != 0)
- return 1;
- }
- uid_t uid = getuid();
- if (uid == appUid)
- return 0;
-
- return 1;
-}
-
-void setLabelForSelf(const int line, const char *label)
-{
- int ret = smack_set_label_for_self(label);
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self(): " << ret << ", line: " << line);
-}
-
-/*
- * Add a new group to the current process groups.
- */
-void add_process_group(const char* group_name)
-{
- // get group ID by group name
- group *gr = getgrnam(group_name);
- RUNNER_ASSERT_ERRNO_MSG(gr != nullptr, "getgrnam failed on '" << group_name << "' group");
- const gid_t new_group_id = gr->gr_gid;
-
- // get number of groups that the current process belongs to
- int ngroups = getgroups(0, nullptr);
-
- //allocate groups table + space for new group entry
- std::vector<gid_t> groups(ngroups + 1);
- getgroups(ngroups, groups.data());
-
- // check if the process already belongs to the group
- if (std::find(groups.begin(), groups.end(), new_group_id) != groups.end()) return;
-
- // add new group & apply change
- groups[ngroups] = new_group_id;
- int ret = setgroups(groups.size(), groups.data());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "setgroups() failed");
-}
-
-/*
- * Remove specific group from the current process groups.
- */
-void remove_process_group(const char* group_name)
-{
- // get group ID by group name
- group *gr = getgrnam(group_name);
- RUNNER_ASSERT_ERRNO_MSG(gr != nullptr, "getgrnam failed on '" << group_name << "' group");
- const gid_t new_group_id = gr->gr_gid;
-
- int ngroups = getgroups(0, nullptr);
- std::vector<gid_t> groups(ngroups);
- getgroups(ngroups, groups.data());
-
- // remove group from the list
- groups.erase(std::remove(groups.begin(), groups.end(), new_group_id), groups.end());
-
- if (groups.size() != (size_t)ngroups) {
- // apply change
- int ret = setgroups(groups.size(), groups.data());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "setgroups() failed");
- }
-}
-
-std::string formatCstr(const char *cstr)
-{
- if (!cstr)
- return std::string("nullptr");
- return std::string("\"") + cstr + "\"";
-}
-
-int files_compare(int fd1, int fd2)
-{
- //for getting files sizes
- struct stat fs1, fs2;
-
- //handlers for mmap()
- void *h1 = MAP_FAILED;
- void *h2 = MAP_FAILED;
-
- //getting files information
- RUNNER_ASSERT_ERRNO_MSG(fstat(fd1, &fs1) == 0, "fstat failed");
- RUNNER_ASSERT_ERRNO_MSG(fstat(fd2, &fs2) == 0, "fstat failed");
-
- if (fs1.st_size < fs2.st_size) {
- return -1;
- }
-
- if (fs1.st_size > fs2.st_size) {
- return 1;
- }
-
- //since Linux 2.6.12, mmap returns EINVAL if length is 0
- //if both lengths are 0, files are actually the same
- if (0 == fs1.st_size && 0 == fs2.st_size) {
- return 0;
- }
-
- //mapping files to process memory
- RUNNER_ASSERT_ERRNO_MSG((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) != MAP_FAILED,
- "mmap failed for fd=" << fd1);
-
- if ((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) {
- munmap(h1, fs1.st_size);
- RUNNER_ASSERT_MSG(h2 != MAP_FAILED, "mmap failed for fd=" << fd2
- << ". " << strerror(errno));
- }
-
- int result = memcmp(h1, h2, fs1.st_size);
- munmap(h1, fs1.st_size);
- munmap(h2, fs2.st_size);
-
- return result;
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file tests_common.h
- * @author Lukasz Kostyra (l.kostyra@partner.samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-
-#ifndef _TESTS_COMMON_H_
-#define _TESTS_COMMON_H_
-
-#include <sys/smack.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <privilege-control.h>
-#include <sys/smack.h>
-#include <string>
-#include <errno.h>
-#include <string.h>
-
-const uid_t APP_UID = 5000;
-const gid_t APP_GID = 5000;
-const uid_t DB_ALARM_UID = 6001;
-const gid_t DB_ALARM_GID = 6001;
-const std::string TMP_DIR("/tmp");
-
-int smack_runtime_check(void);
-int smack_check(void);
-int drop_root_privileges(uid_t appUid = APP_UID, gid_t appGid = APP_GID);
-void setLabelForSelf(const int line, const char *label);
-void add_process_group(const char* group_name);
-void remove_process_group(const char* group_name);
-std::string formatCstr(const char *cstr);
-int files_compare(int fd1, int fd2);
-
-#define RUNNER_TEST_SMACK(Proc) \
- void Proc(); \
- static int Static##Proc##Init() \
- { \
- if(smack_check()) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
- \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc()
-
-#define RUNNER_TEST_NOSMACK(Proc) \
- void Proc(); \
- static int Static##Proc##Init() \
- { \
- if(!(smack_check())) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
- \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc()
-
-#define RUNNER_CHILD_TEST_SMACK(Proc) \
- void Proc(); \
- void Proc##Child(); \
- static int Static##Proc##Init() \
- { \
- if(smack_check()) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(){ \
- DPL::Test::RunChildProc(&Proc##Child); \
- } \
- void Proc##Child()
-
-#define RUNNER_CHILD_TEST_NOSMACK(Proc) \
- void Proc(); \
- void Proc##Child(); \
- static int Static##Proc##Init() \
- { \
- if(!(smack_check())) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(){ \
- DPL::Test::RunChildProc(&Proc##Child); \
- } \
- void Proc##Child()
-
-#define RUNNER_MULTIPROCESS_TEST_SMACK(Proc) \
- void Proc(); \
- void Proc##Multi(); \
- static int Static##Proc##Init() \
- { \
- if(smack_check()) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(){ \
- DPL::Test::RunMultiProc(&Proc##Multi); \
- } \
- void Proc##Multi()
-
-#define RUNNER_MULTIPROCESS_TEST_NOSMACK(Proc) \
- void Proc(); \
- void Proc##Multi(); \
- static int Static##Proc##Init() \
- { \
- if(!(smack_check())) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(){ \
- DPL::Test::RunMultiProc(&Proc##Multi); \
- } \
- void Proc##Multi()
-
-namespace DB {
-
- class Transaction
- {
- public:
-
- static int db_result;
-
- Transaction() {
- db_result = perm_begin();
- RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == db_result,
- "perm_begin returned: " << db_result);
- }
-
- ~Transaction() {
- db_result = perm_end();
- }
- };
-} // namespace DB
-
-// Database Transaction macros
-// PLEASE NOTE Both DB_BEGIN and DB_END need to be called in the same scope.
-// They are used to prevent developer from forgetting to close transaction.
-// Also note that variables defined between these macros will not be visible
-// after DB_END.
-#define DB_BEGIN \
- { \
- DB::Transaction db_transaction;
-
-#define DB_END } \
- RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == DB::Transaction::db_result, \
- "perm_end returned: " << DB::Transaction::db_result);
-
-// Common macros and labels used in tests
-extern const char *WGT_APP_ID;
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file timeout.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of time limited execution of synchronous functions
- */
-
-#ifndef TIMEOUT_H
-#define TIMEOUT_H
-
-#include <chrono>
-#include <functional>
-#include <future>
-#include <utility>
-
-#include <tests_common.h>
-
-namespace Timeout {
-
-template <class Rep, class Period>
-using Timeout = std::chrono::duration<Rep, Period>;
-
-template <class Ret, class... Args>
-using Function = std::function<Ret(Args...)>;
-
-typedef std::function<void(void)> CancelFunction;
-
-enum ExpectMode {
- FINISHED,
- TIMEOUT,
- IGNORE,
-};
-
-std::ostream& operator<<(std::ostream& os, const std::future_status &status)
-{
- switch (status) {
- case std::future_status::ready:
- os << "<READY>";
- break;
- case std::future_status::timeout:
- os << "<TIMEOUT>";
- break;
- case std::future_status::deferred:
- os << "<DEFERRED>";
- break;
- }
- os << " [" << static_cast<int>(status) << "]";
- return os;
-}
-
-template <class Rep, class Period, class Ret, class... Args>
-Ret callAndWait(const Timeout<Rep, Period> &timeout,
- ExpectMode expect,
- CancelFunction cancelFunction,
- Function<Ret, Args...> function,
- Args... args) {
- RUNNER_ASSERT_MSG(function,
- "not empty function must be passed to callAndWait");
-
- std::future<Ret> fut = std::async(std::launch::async, function, std::forward<Args>(args)...);
- std::future_status status = fut.wait_for(timeout);
-
- if (status == std::future_status::timeout && cancelFunction)
- cancelFunction();
-
- switch (expect) {
- case FINISHED:
- RUNNER_ASSERT_MSG(status == std::future_status::ready,
- "expected future status is " << std::future_status::ready
- << " received future status is " << status);
- break;
- case TIMEOUT:
- RUNNER_ASSERT_MSG(status == std::future_status::timeout,
- "expected future status is " << std::future_status::timeout
- << " received future status is " << status);
- break;
- case IGNORE:
- break;
- }
-
- return fut.get();
-}
-
-} // namespace Timeout
-
-#endif // TIMEOUT_H
+++ /dev/null
-# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-cmake_minimum_required(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-SET(CYNARA_TARGET_TEST "cynara-test")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_DEP
- REQUIRED
- libprivilege-control
- cynara-admin
- cynara-agent
- cynara-client
- cynara-client-async
- cynara-plugin
- dbus-1
- )
-
-#files to compile
-SET(CYNARA_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_admin.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_agent.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_agent_request.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_agent_response.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_client.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_client_async_client.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_client_async_request_monitor.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_client_async_status_monitor.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_commons.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_cynara_mask.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_env.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_file_operations.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/plugins.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/cynara-test.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/test_cases.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/test_cases_async.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/test_cases_db.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${CYNARA_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/tests/common/
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/
- )
-
-
-#output format
-ADD_EXECUTABLE(${CYNARA_TARGET_TEST} ${CYNARA_TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST}
- ${CYNARA_TARGET_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-#place for output file
-INSTALL(TARGETS ${CYNARA_TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/WRT_test_for_cynara_rules.smack
- DESTINATION /usr/share/privilege-control/
-)
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/db_patterns
- DESTINATION /etc/security-tests/
-)
-
-ADD_SUBDIRECTORY(plugins)
+++ /dev/null
-~APP~ cynara_test_1 r
-~APP~ cynara_test_2 w
-~APP~ cynara_test_3 x
-~APP~ cynara_test_4 rw
-~APP~ cynara_test_5 rx
-~APP~ cynara_test_6 wx
-~APP~ cynara_test_7 rwx
-cynara_subject_1 ~APP~ r
-cynara_subject_2 ~APP~ w
-cynara_subject_3 ~APP~ x
-cynara_subject_4 ~APP~ rw
-cynara_subject_5 ~APP~ rx
-cynara_subject_6 ~APP~ wx
-cynara_subject_7 ~APP~ rwx
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_admin.h>
-#include <memory.h>
-#include <plugins.h>
-#include <tests_common.h>
-
-#include <algorithm>
-#include <cstring>
-#include <cstdlib>
-#include <ostream>
-#include <string>
-#include <sstream>
-
-namespace CynaraTestAdmin {
-
-namespace
-{
-
-std::ostream& operator<<(std::ostream& os, const cynara_admin_policy &policy)
-{
- os << "{";
- os << " " << formatCstr(policy.bucket) << ",";
- os << " " << formatCstr(policy.client) << ",";
- os << " " << formatCstr(policy.user) << ",";
- os << " " << formatCstr(policy.privilege) << ",";
- os << " " << policy.result << ",";
- os << " " << formatCstr(policy.result_extra);
- os << " }" << std::endl;
- return os;
-}
-
-std::ostream& operator<<(std::ostream& os, const cynara_admin_policy *const *policies)
-{
- os << "{" << std::endl;
- for (size_t i = 0; policies[i] != nullptr; ++i)
- os << *policies[i];
- os << "}";
- return os;
-}
-
-int string_compare(const char *s1, const char *s2)
-{
- if (!s2)
- {
- if (!s1)
- return 0;
- return 1;
- }
- if (!s1)
- return -1;
- return strcmp(s1, s2);
-}
-
-bool policy_less(const cynara_admin_policy &p1, const cynara_admin_policy &p2)
-{
- auto sc = string_compare(p1.bucket, p2.bucket);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.client, p2.client);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.user, p2.user);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.privilege, p2.privilege);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.result_extra, p2.result_extra);
- if (sc != 0)
- return (sc < 0);
- return p1.result < p2.result;
-}
-
-bool policy_equal(const cynara_admin_policy &p1, const cynara_admin_policy &p2)
-{
- return (p1.result == p2.result
- && string_compare(p1.bucket, p2.bucket) == 0
- && string_compare(p1.client, p2.client) == 0
- && string_compare(p1.user, p2.user) == 0
- && string_compare(p1.privilege, p2.privilege) == 0
- && string_compare(p1.result_extra, p2.result_extra) == 0);
-}
-
-std::ostream& operator<<(std::ostream& os, const CynaraTestPlugins::Descriptions &descriptions)
-{
- os << "{" << std::endl;
- for (const auto &desc : descriptions)
- os << "{ [" << desc.type << "], <" << desc.name << "> }" << std::endl;
- os << "}";
- return os;
-}
-
-} // namespace anonymous
-
-CynaraPoliciesContainer::CynaraPoliciesContainer()
-{
-}
-
-CynaraPoliciesContainer::CynaraPoliciesContainer(struct cynara_admin_policy **policies)
-{
- if (!policies)
- return;
-
- for (int i = 0; policies[i]; ++i) {
- auto policyPtr = policies[i];
- m_policies.push_back(*policyPtr);
- free(policyPtr);
- }
- free(policies);
-}
-
-CynaraPoliciesContainer::~CynaraPoliciesContainer()
-{
- for (struct cynara_admin_policy &policy : m_policies) {
- free(policy.bucket);
- free(policy.client);
- free(policy.user);
- free(policy.privilege);
- free(policy.result_extra);
- }
-}
-
-void CynaraPoliciesContainer::add(const char *bucket,
- const char *client,
- const char *user,
- const char *privilege,
- const int result,
- const char *resultExtra)
-{
- m_policies.push_back({ nullptr, nullptr, nullptr, nullptr, 0, nullptr });
- struct cynara_admin_policy &policy = m_policies.back();
- if (bucket)
- policy.bucket = strdup(bucket);
- if (client)
- policy.client = strdup(client);
- if (user)
- policy.user = strdup(user);
- if (privilege)
- policy.privilege = strdup(privilege);
- policy.result = result;
- if (resultExtra)
- policy.result_extra = strdup(resultExtra);
-}
-
-void CynaraPoliciesContainer::add(const char *bucket,
- const CheckKey &checkKey,
- const int result,
- const char *resultExtra)
-{
- add(bucket, checkKey.m_client, checkKey.m_user, checkKey.m_privilege, result, resultExtra);
-}
-
-void CynaraPoliciesContainer::sort()
-{
- std::sort(m_policies.begin(), m_policies.end(), policy_less);
-}
-
-std::ostream& operator<<(std::ostream& os, const CynaraPoliciesContainer &policies)
-{
- os << "{" << std::endl;
- for (const auto & policy : policies.m_policies)
- os << policy;
- os << "}";
- return os;
-}
-
-Admin::Admin()
- : m_admin(nullptr)
-{
- int ret = cynara_admin_initialize(&m_admin);
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_admin_initialize failed. ret: " << ret);
- RUNNER_ASSERT_MSG(m_admin != nullptr, "cynara_admin struct was not initialized");
-}
-
-Admin::~Admin()
-{
- cynara_admin_finish(m_admin);
-}
-
-void Admin::setPolicies(const CynaraPoliciesContainer &policiesContainer,
- int expectedResult)
-{
- const cynara_admin_policy *policies[policiesContainer.m_policies.size()+1];
-
- for (size_t i = 0; i < policiesContainer.m_policies.size(); ++i) {
- policies[i] = &policiesContainer.m_policies[i];
- }
- policies[policiesContainer.m_policies.size()] = nullptr;
-
- int ret = cynara_admin_set_policies(m_admin, policies);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_set_policies returned wrong value: "
- << ret << " != " << expectedResult << ". "
- << "policies:\n" << policies);
-}
-
-void Admin::setBucket(const char *bucket, int operation, const char *extra,
- int expectedResult)
-{
- int ret = cynara_admin_set_bucket(m_admin, bucket, operation, extra);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_set_bucket returned wrong value: "
- << ret << " != " << expectedResult << "."
- << " bucket: " << formatCstr(bucket) << ","
- << " operation: " << operation << ","
- << " extra: " << formatCstr(extra));
-}
-
-void Admin::adminCheck(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedCheckResult, const char *expectedCheckResultExtra,
- int expectedResult)
-{
- int checkResult;
- char *checkResultExtra = nullptr;
-
- int ret = cynara_admin_check(m_admin,
- startBucket, recursive,
- client, user, privilege,
- &checkResult, &checkResultExtra);
- CStringPtr extra(checkResultExtra);
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " startBucket: " << formatCstr(startBucket) << ","
- << " recursive: " << recursive << ","
- << " client: " << formatCstr(client) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege) << ",";
-
- s << " checkResult: " << checkResult << ","
- << " expectedCheckResult: " << expectedCheckResult << ","
- << " checkResultExtra: " << formatCstr(checkResultExtra) << ","
- << " expectedCheckResultExtra: " << formatCstr(expectedCheckResultExtra);
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_check returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(checkResult == expectedCheckResult,
- "cynara_admin_check returned wrong check result: "
- << checkResult << " != " << expectedCheckResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(formatCstr(checkResultExtra) == formatCstr(expectedCheckResultExtra),
- "cynara_admin_check returned wrong check result extra: "
- << formatCstr(checkResultExtra) << " != "
- << formatCstr(expectedCheckResultExtra) << "."
- << dump());
-}
-
-void Admin::listPolicies(const char *startBucket,
- const char *client, const char *user, const char *privilege,
- CynaraPoliciesContainer &expectedPolicyList,
- int expectedResult) {
-
- struct cynara_admin_policy **policies = nullptr;
-
- int ret = cynara_admin_list_policies(m_admin,
- startBucket,
- client, user, privilege,
- &policies);
-
- CynaraPoliciesContainer receivedPolicyList(policies);
- receivedPolicyList.sort();
- expectedPolicyList.sort();
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " startBucket: " << formatCstr(startBucket) << ","
- << " client: " << formatCstr(client) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege) << ",";
-
- s << " receivedPolicyList: " << receivedPolicyList << ","
- << " expectedPolicyList: " << expectedPolicyList;
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_list_policies returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(receivedPolicyList.m_policies.size() == expectedPolicyList.m_policies.size(),
- "size of list returned by cynara_admin_list_policies: "
- << receivedPolicyList.m_policies.size()
- << " doesn't match expected list size: "
- << expectedPolicyList.m_policies.size() << "."
- << dump());
-
- RUNNER_ASSERT_MSG(std::equal(receivedPolicyList.m_policies.begin(),
- receivedPolicyList.m_policies.end(),
- expectedPolicyList.m_policies.begin(),
- policy_equal),
- "list returned by cynara_admin_list_policies doesn't match expected: "
- << dump());
-}
-
-void Admin::erasePolicies(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedResult)
-{
- int ret = cynara_admin_erase(m_admin,
- startBucket, recursive,
- client, user, privilege);
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " startBucket: " << formatCstr(startBucket) << ","
- << " recursive: " << recursive << ","
- << " client: " << formatCstr(client) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege);
-
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_erase returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-}
-
-CynaraTestPlugins::Descriptions parseAndRelease(cynara_admin_policy_descr **descriptions)
-{
- CynaraTestPlugins::Descriptions ret;
-
- if (descriptions) {
- for (size_t i = 0; descriptions[i] != nullptr; ++i) {
- auto descPtr = descriptions[i];
- ret.push_back({ static_cast<Cynara::PolicyType>(descPtr->result),
- std::string(descPtr->name) });
- free(descPtr->name);
- free(descPtr);
- }
- free(descriptions);
- }
- return ret;
-}
-
-void Admin::listPoliciesDescriptions(CynaraTestPlugins::Descriptions &expectedDescriptions,
- int expectedResult)
-{
- struct cynara_admin_policy_descr **descriptions = nullptr;
-
- int ret = cynara_admin_list_policies_descriptions(m_admin, &descriptions);
-
- CynaraTestPlugins::Descriptions receivedDescriptions = parseAndRelease(descriptions);
-
- auto description_less = [](const Cynara::PolicyDescription &d1,
- const Cynara::PolicyDescription &d2) -> bool {
- return d1.type != d2.type ? d1.type < d2.type : d1.name < d2.name;
- };
-
- auto description_equal = [](const Cynara::PolicyDescription &d1,
- const Cynara::PolicyDescription &d2) -> bool {
- return d1.type == d2.type && d1.name == d2.name;
- };
-
- std::sort(receivedDescriptions.begin(), receivedDescriptions.end(), description_less);
- std::sort(expectedDescriptions.begin(), expectedDescriptions.end(), description_less);
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " receivedPolicyDescriptionList: " << receivedDescriptions << ","
- << " expectedPolicyDescriptionList: " << expectedDescriptions << ".";
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_list_policies_descriptions returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(receivedDescriptions.size() == expectedDescriptions.size(),
- "size of list returned by cynara_admin_list_policies_descriptions: "
- << receivedDescriptions.size()
- << " doesn't match expected list size: "
- << expectedDescriptions.size() << "."
- << dump());
-
- RUNNER_ASSERT_MSG(std::equal(receivedDescriptions.begin(),
- receivedDescriptions.end(),
- expectedDescriptions.begin(),
- description_equal),
- "list returned by cynara_admin_list_policies_descriptions "
- "doesn't match expected. " << dump());
-}
-
-} // namespace CynaraTestAdmin
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_ADMIN_H
-#define CYNARA_TEST_ADMIN_H
-
-#include <cynara_test_commons.h>
-#include <plugins.h>
-
-#include <cynara-admin.h>
-#include <ostream>
-#include <vector>
-
-namespace CynaraTestAdmin {
-
-class Admin;
-
-class CynaraPoliciesContainer
-{
-public:
- CynaraPoliciesContainer();
-
-/**
- * \par Description:
- * A special constructor stealing all data from all structures cynara_admin_policy
- * arranged in a null-terminated list.
- * It moves all data from inside structures to own vector,
- * but release input list by freeing memory of list elements and list itself.
- */
- CynaraPoliciesContainer(struct cynara_admin_policy **policies);
- CynaraPoliciesContainer(const CynaraPoliciesContainer&) = delete;
- CynaraPoliciesContainer(const CynaraPoliciesContainer&&) = delete;
- virtual ~CynaraPoliciesContainer();
-
- void add(const char *bucket,
- const char *client,
- const char *user,
- const char *privilege,
- const int result,
- const char *resultExtra);
- void add(const char *bucket,
- const CheckKey &checkKey,
- const int result,
- const char *resultExtra = nullptr);
- void sort();
-
- friend std::ostream& operator<<(std::ostream& os, const CynaraPoliciesContainer &policies);
-
-private:
- friend class Admin;
-
- std::vector<struct cynara_admin_policy> m_policies;
-};
-
-class Admin
-{
-public:
- Admin();
- virtual ~Admin();
-
- void setPolicies(const CynaraPoliciesContainer &policiesContainer,
- int expectedResult = CYNARA_API_SUCCESS);
- void setBucket(const char *bucket, int operation, const char *extra,
- int expectedResult = CYNARA_API_SUCCESS);
- void adminCheck(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedCheckResult, const char *expectedCheckResultExtra,
- int expectedResult = CYNARA_API_SUCCESS);
- void listPolicies(const char *startBucket,
- const char *client, const char *user, const char *privilege,
- CynaraPoliciesContainer &expectedPolicyList,
- int expectedResult = CYNARA_API_SUCCESS);
- void erasePolicies(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedResult = CYNARA_API_SUCCESS);
- void listPoliciesDescriptions(CynaraTestPlugins::Descriptions &expectedDescriptions,
- int expectedResult = CYNARA_API_SUCCESS);
-private:
- struct cynara_admin *m_admin;
-};
-
-} // namespace CynaraTestAdmin
-
-#endif // CYNARA_TEST_ADMIN_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cstdlib>
-#include <string>
-
-#include <cynara_test_agent.h>
-#include <plugins.h>
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestAgent {
-
-Agent::Agent()
- : m_agent(nullptr)
-{
- int ret = cynara_agent_initialize(&m_agent, CynaraTestPlugins::TEST_AGENT_TYPE.c_str());
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_agent_initialize failed. ret: " << ret);
- RUNNER_ASSERT_MSG(m_agent != nullptr,
- "cynara_agent struct was not initialized");
-}
-
-Agent::~Agent()
-{
- cynara_agent_finish(m_agent);
-}
-
-void Agent::getRequest(AgentRequest &request, int expectedResult)
-{
- cynara_agent_msg_type type;
- cynara_agent_req_id id;
- void *data = nullptr;
- size_t dataSize;
-
- int ret = cynara_agent_get_request(m_agent, &type, &id, &data, &dataSize);
- if (ret == CYNARA_API_SUCCESS) {
- RUNNER_ASSERT_MSG(!data == !dataSize,
- "cynara_agent_get_request returned contradictory values: "
- << "data = " << data << " ,"
- << "size = " << dataSize << ".");
- request.set(type, id, data, dataSize);
- free(data);
- }
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_agent_get_request returned wrong value: "
- << ret << " != " << expectedResult << ".");
-}
-
-void Agent::putResponse(const AgentResponse &response, int expectedResult)
-{
- int ret = cynara_agent_put_response(m_agent,
- response.type(),
- response.id(),
- reinterpret_cast<const void*>(response.data().data()),
- response.data().size());
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_agent_put_response returned wrong value: "
- << ret << " != " << expectedResult << "."
- << "response = " << response);
-}
-
-} // namespace CynaraTestAgent
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_AGENT_H
-#define CYNARA_TEST_AGENT_H
-
-#include <cynara-agent.h>
-
-#include <cynara_test_agent_request.h>
-#include <cynara_test_agent_response.h>
-
-namespace CynaraTestAgent {
-
-class Agent
-{
-public:
- Agent();
- ~Agent();
-
- void getRequest(AgentRequest &request, int expectedResult = CYNARA_API_SUCCESS);
- void putResponse(const AgentResponse &response, int expectedResult = CYNARA_API_SUCCESS);
-
-private:
- struct cynara_agent *m_agent;
-};
-
-} // namespace CynaraTestAgent
-
-#endif // CYNARA_TEST_AGENT_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_agent_request.h>
-#include <plugins.h>
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestAgent {
-
-std::ostream& operator<<(std::ostream& os, const AgentRequest &request)
-{
- os << "{";
- os << " valid = " << request.m_valid << ",";
- os << " type = " << request.m_type << ",";
- os << " id = " << request.m_id << ",";
- os << " data = " << request.m_data << ",";
- os << " client = " << request.m_client << ",";
- os << " user = " << request.m_user << ",";
- os << " privilege = " << request.m_privilege;
- os << " }";
- return os;
-}
-
-void AgentRequest::set(cynara_agent_msg_type type, cynara_agent_req_id id,
- const void *data, size_t dataSize)
-{
- m_type = type;
- m_id = id;
- m_data = Cynara::PluginData(reinterpret_cast<const char*>(data), dataSize);
- m_client.clear();
- m_user.clear();
- m_privilege.clear();
-
- if (m_type == CYNARA_MSG_TYPE_ACTION) {
- CynaraTestPlugins::AgentDataVector parsedData;
-
- bool unwrapSuccess = CynaraTestPlugins::unwrapAgentData(m_data, parsedData);
- RUNNER_ASSERT_MSG(unwrapSuccess,
- "Format error. Cannot succesfully unwrap request. "
- << *this);
-
- RUNNER_ASSERT_MSG(parsedData.size() == 3,
- "Received unexpected [" << parsedData.size() << "] number of units,"
- << " while expecting 3."
- << " Cannot succesfully unwrap request. "
- << *this);
-
- m_client = parsedData[0];
- m_user = parsedData[1];
- m_privilege = parsedData[2];
- }
- m_valid = true;
-}
-
-void AgentRequest::assertAction(std::string client, std::string user, std::string privilege)
-{
- RUNNER_ASSERT_MSG(m_valid,
- "assertAction failed: request is not valid. "
- << *this);
- RUNNER_ASSERT_MSG(m_type == CYNARA_MSG_TYPE_ACTION,
- "assertAction failed: request's type is " << m_type
- << ", expected type is " << CYNARA_MSG_TYPE_ACTION << ". "
- << *this);
- RUNNER_ASSERT_MSG(!m_data.empty(),
- "assertAction failed: m_data is empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_client == client,
- "assertAction failed: unexpected client value " << m_client
- << ", expected value is " << client << ". "
- << *this);
- RUNNER_ASSERT_MSG(m_user == user,
- "assertAction failed: unexpected user value " << m_user
- << ", expected value is " << user << ". "
- << *this);
- RUNNER_ASSERT_MSG(m_privilege == privilege,
- "assertAction failed: unexpected privilege value " << m_privilege
- << ", expected value is " << privilege << ". "
- << *this);
-}
-
-void AgentRequest::assertCancel()
-{
- RUNNER_ASSERT_MSG(m_valid,
- "assertCancel failed: request is not valid. "
- << *this);
- RUNNER_ASSERT_MSG(m_type == CYNARA_MSG_TYPE_CANCEL,
- "assertCancel failed: request's type is " << m_type
- << ", expected type is " << CYNARA_MSG_TYPE_CANCEL << ". "
- << *this);
- RUNNER_ASSERT_MSG(m_data.empty(),
- "assertCancel failed: m_data is not empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_client.empty(),
- "assertCancel failed: m_client is not empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_user.empty(),
- "assertCancel failed: m_user is not empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_privilege.empty(),
- "assertCancel failed: m_privilege is not empty. "
- << *this);
-}
-
-} // namespace CynaraTestAgent
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_AGENT_REQUEST_H
-#define CYNARA_TEST_AGENT_REQUEST_H
-
-#include <cynara_test_commons.h>
-
-#include <cynara-agent.h>
-#include <cynara-plugin.h>
-#include <ostream>
-#include <string>
-
-namespace CynaraTestAgent {
-
-class AgentRequest
-{
-public:
- AgentRequest() : m_valid(false), m_type(CYNARA_MSG_TYPE_ACTION), m_id(0)
- {}
-
- void set(cynara_agent_msg_type type, cynara_agent_req_id id, const void *data, size_t dataSize);
-
- bool valid() const
- {
- return m_valid;
- }
-
- cynara_agent_msg_type type() const
- {
- return m_type;
- }
-
- cynara_agent_req_id id() const
- {
- return m_id;
- }
-
- void assertAction(std::string client, std::string user, std::string privilege);
- void assertCancel();
-
- friend std::ostream& operator<<(std::ostream& os, const AgentRequest &request);
-
-private:
- bool m_valid;
- cynara_agent_msg_type m_type;
- cynara_agent_req_id m_id;
- Cynara::PluginData m_data;
- std::string m_client;
- std::string m_user;
- std::string m_privilege;
-};
-
-} // namespace CynaraTestAgent
-
-#endif // CYNARA_TEST_AGENT_REQUEST_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_agent_response.h>
-#include <plugins.h>
-#include <cynara-agent.h>
-
-namespace CynaraTestAgent {
-
-std::ostream& operator<<(std::ostream& os, const AgentResponse &response)
-{
- os << "{";
- os << " type = " << response.m_type << ",";
- os << " id = " << response.m_id << ",";
- os << " data = " << response.m_data;
- os << " }";
- return os;
-}
-
-AgentResponse AgentResponse::createAllow(cynara_agent_req_id id)
-{
- CynaraTestPlugins::AgentDataVector rawData = {CynaraTestPlugins::AGENT_DATA_ALLOW};
- return AgentResponse(CYNARA_MSG_TYPE_ACTION, id, CynaraTestPlugins::wrapAgentData(rawData));
-}
-
-AgentResponse AgentResponse::createDeny(cynara_agent_req_id id)
-{
- CynaraTestPlugins::AgentDataVector rawData = {CynaraTestPlugins::AGENT_DATA_DENY};
- return AgentResponse(CYNARA_MSG_TYPE_ACTION, id, CynaraTestPlugins::wrapAgentData(rawData));
-}
-
-AgentResponse AgentResponse::createCancel(cynara_agent_req_id id)
-{
- return AgentResponse(CYNARA_MSG_TYPE_CANCEL, id, Cynara::PluginData());
-}
-
-} // namespace CynaraTestAgent
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_AGENT_RESPONSE_H
-#define CYNARA_TEST_AGENT_RESPONSE_H
-
-#include <cynara_test_commons.h>
-
-#include <cynara-agent.h>
-#include <cynara-plugin.h>
-#include <ostream>
-
-namespace CynaraTestAgent {
-
-class AgentResponse
-{
-public:
- AgentResponse() = delete;
- static AgentResponse createAllow(cynara_agent_req_id id);
- static AgentResponse createDeny(cynara_agent_req_id id);
- static AgentResponse createCancel(cynara_agent_req_id id);
-
- cynara_agent_msg_type type() const
- {
- return m_type;
- }
-
- cynara_agent_req_id id() const
- {
- return m_id;
- }
-
- Cynara::PluginData data() const
- {
- return m_data;
- }
-
- friend std::ostream& operator<<(std::ostream& os, const AgentResponse &response);
-
-private:
- AgentResponse(cynara_agent_msg_type type, cynara_agent_req_id id, Cynara::PluginData data)
- : m_type(type), m_id(id), m_data(data)
- {}
-
- cynara_agent_msg_type m_type;
- cynara_agent_req_id m_id;
- Cynara::PluginData m_data;
-};
-
-} // namespace CynaraTestAgent
-
-#endif // CYNARA_TEST_AGENT_RESPONSE_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client.h>
-
-#include <tests_common.h>
-
-namespace CynaraTestClient {
-
-Client::Client()
- : m_cynara(nullptr)
-{
- int ret = cynara_initialize(&m_cynara, nullptr);
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_initialize failed. ret: " << ret);
- RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara struct was not initialized");
-}
-
-Client::~Client()
-{
- cynara_finish(m_cynara);
-}
-
-void Client::check(const char *client, const char *session,
- const char *user, const char *privilege,
- int expectedResult)
-{
- int ret = cynara_check(m_cynara, client, session, user, privilege);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_check returned wrong value: "
- << ret << " != " << expectedResult << "."
- << " client: " << formatCstr(client) << ","
- << " session: " << formatCstr(session) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege));
-}
-
-} //namespace CynaraTestClient
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_H
-#define CYNARA_TEST_CLIENT_H
-
-#include <cynara-client.h>
-
-namespace CynaraTestClient {
-
-class Client
-{
-public:
- Client();
- virtual ~Client();
-
- void check(const char *client, const char *session,
- const char *user, const char *privilege,
- int expectedResult = CYNARA_API_ACCESS_ALLOWED);
-
-private:
- struct cynara *m_cynara;
-};
-
-} //namespace CynaraTestClient
-
-#endif // CYNARA_TEST_CLIENT_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client_async_client.h>
-
-#include <dpl/test/test_runner.h>
-
-#include <cynara-client-async.h>
-
-#include <exception>
-#include <unistd.h>
-
-namespace CynaraTestClientAsync {
-
-static std::string suffix(const std::string &major, const std::string &minor)
-{
- if (minor.empty())
- return major;
- return "_" + major + "_" + minor;
-}
-
-CheckData::CheckData(const std::string &major, const std::string &minor) :
- m_client("client" + suffix(major, minor)),
- m_session("session" + suffix(major, minor)),
- m_user("user" + suffix(major, minor)),
- m_privilege("privilege" + suffix(major, minor))
-{
-}
-
-CheckData::CheckData(const std::string &major, int minor) : CheckData(major, std::to_string(minor))
-{
-}
-
-CheckKey CheckData::toAdminPolicy()
-{
- return {m_client.c_str(), m_user.c_str(), m_privilege.c_str()};
-}
-
-Client::Client(const StatusFunction &userFunction)
- : m_cynara(nullptr), m_statusMonitor(userFunction)
-{
- int ret = cynara_async_initialize(&m_cynara, nullptr, StatusMonitor::updateStatus,
- reinterpret_cast<void*>(&m_statusMonitor));
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_async_initialize() failed. ret = " << ret << ".");
- RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara_async struct was not initialized.");
-
- assertStatus(DISCONNECTED);
-}
-
-Client::~Client() noexcept(false)
-{
- bool oops = std::uncaught_exception();
- try {
- cynara_async_finish(m_cynara);
- assertStatus(DISCONNECTED);
- } catch (...) {
- if (!oops)
- throw;
- RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing CynaraTestAsync::Client.");
- }
-}
-
-void Client::assertStatus(enum SocketStatus expectedStatus)
-{
- enum SocketStatus currentStatus = m_statusMonitor.getStatus();
- RUNNER_ASSERT_MSG(currentStatus == expectedStatus,
- "SocketStatus mismatch: "
- << " currentStatus = " << currentStatus << ","
- << " expectedStatus = " << expectedStatus << ".");
-}
-
-void Client::checkCache(const CheckData &checkData, int expectedResult)
-{
- int ret = cynara_async_check_cache(m_cynara, checkData.m_client.c_str(),
- checkData.m_session.c_str(), checkData.m_user.c_str(),
- checkData.m_privilege.c_str());
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "Cache check returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ","
- << " client = " << checkData.m_client << ","
- << " sesion = " << checkData.m_session << ","
- << " user = " << checkData.m_user << ","
- << " privilege = " << checkData.m_privilege << ".");
-}
-
-void Client::createRequest(const CheckData &checkData, cynara_check_id &id,
- const RequestEntity &callbackData, int expectedResult)
-{
- int ret = cynara_async_create_request(m_cynara, checkData.m_client.c_str(),
- checkData.m_session.c_str(), checkData.m_user.c_str(),
- checkData.m_privilege.c_str(), &id,
- RequestMonitor::updateResponse,
- reinterpret_cast<void*>(&m_requestMonitor));
- if (ret == CYNARA_API_SUCCESS)
- m_requestMonitor.registerRequest(id, callbackData);
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "Create request returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ","
- << " client = " << checkData.m_client << ","
- << " sesion = " << checkData.m_session << ","
- << " user = " << checkData.m_user << ","
- << " privilege = " << checkData.m_privilege << ".");
-}
-
-void Client::process(int expectedResult,
- enum TimeoutExpectation timeoutExpectation,
- time_t timeoutSeconds) {
- if (m_statusMonitor.getStatus() == DISCONNECTED)
- return;
-
- int fd = m_statusMonitor.getFd();
- fd_set fds;
- timeval tv;
- FD_ZERO(&fds);
- FD_SET(fd, &fds);
- tv.tv_sec = timeoutSeconds;
- tv.tv_usec = 0;
-
- int ret;
- if (m_statusMonitor.getStatus() == READ)
- ret = TEMP_FAILURE_RETRY(select(fd + 1, &fds, NULL, NULL, &tv));
- else
- ret = TEMP_FAILURE_RETRY(select(fd + 1, &fds, &fds, NULL, &tv));
-
- if (ret == 0) {
- RUNNER_ASSERT_ERRNO_MSG(timeoutExpectation != EXPECT_NO_TIMEOUT,
- "Unexpected select timeout."
- << " ret = " << ret);
- return;
- }
- RUNNER_ASSERT_ERRNO_MSG(ret > 0,
- "Select returned error:"
- << " ret = " << ret);
- RUNNER_ASSERT_ERRNO_MSG(timeoutExpectation != EXPECT_TIMEOUT,
- "Select returned positive value, when timeout was expected."
- << " ret = " << ret);
-
- ret = cynara_async_process(m_cynara);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_async_process returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ".");
-}
-
-void Client::cancel(cynara_check_id id, int expectedResult)
-{
- int ret = cynara_async_cancel_request(m_cynara, id);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "Cancel request returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ","
- << " id = " << id << ".");
-}
-
-}// namespace CynaraTestClientAsync
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
-#define CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
-
-#include <cynara_test_client_async_request_monitor.h>
-#include <cynara_test_client_async_status_monitor.h>
-#include <cynara_test_commons.h>
-
-#include <cynara-client-async.h>
-
-#include <string>
-#include <sys/types.h>
-
-namespace CynaraTestClientAsync {
-
-struct CheckData
-{
- std::string m_client;
- std::string m_session;
- std::string m_user;
- std::string m_privilege;
-
- CheckData(const std::string &major, const std::string &minor = "");
- CheckData(const std::string &major, int minor);
-
- CheckKey toAdminPolicy();
-};
-
-class Client
-{
-public:
- enum TimeoutExpectation {
- EXPECT_TIMEOUT,
- EXPECT_NO_TIMEOUT,
- IGNORE_TIMEOUT,
- };
-
- Client(const StatusFunction &userFunction = StatusFunction());
- ~Client() noexcept(false);
-
- void assertStatus(enum SocketStatus expectedStatus);
- void checkCache(const CheckData &checkData, int expectedResult);
- void createRequest(const CheckData &checkData, cynara_check_id &id,
- const RequestEntity &callbackData, int expectedResult = CYNARA_API_SUCCESS);
- void process(int expectedResult = CYNARA_API_SUCCESS,
- enum TimeoutExpectation timeoutExpectation = EXPECT_NO_TIMEOUT,
- time_t timeoutSeconds = 3);
- void cancel(cynara_check_id id, int expectedResult = CYNARA_API_SUCCESS);
-
-private:
- struct cynara_async *m_cynara;
-
- StatusMonitor m_statusMonitor;
- RequestMonitor m_requestMonitor;
-};
-
-}// namespace CynaraTestClientAsync
-
-#endif // CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client_async_request_monitor.h>
-
-#include <dpl/test/test_runner.h>
-
-#include <exception>
-
-namespace CynaraTestClientAsync {
-
-RequestMonitor::~RequestMonitor() noexcept(false)
-{
- bool oops = std::uncaught_exception();
- try {
- for (auto ent : m_requests)
- {
- RUNNER_ERROR_MSG("There was no callback for request with:"
- << "id = " << ent.first << ","
- << "expectedResponse = " << ent.second.m_expectedResponse << ","
- << "expectedCause = " << ent.second.m_expectedCause << ".");
- }
- RUNNER_ASSERT_MSG(m_requests.empty(),
- m_requests.size() << "requests does not receive callback.");
- } catch (...) {
- if (!oops)
- throw;
- RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing"
- " CynaraTestAsync::RequestMonitor.");
- }
-}
-
-void RequestMonitor::registerRequest(cynara_check_id id, const RequestEntity &request)
-{
- auto p = m_requests.insert({id, request});
- RUNNER_ASSERT_MSG(p.second,
- "Request with id = " << p.first->first << " already exists.");
-}
-
-void RequestMonitor::updateResponse(cynara_check_id checkId, cynara_async_call_cause cause,
- int response, void *data)
-{
- RequestMonitor *monitor = reinterpret_cast<RequestMonitor*>(data);
- if (!monitor) {
- RUNNER_FAIL_MSG("Bad user data (nullptr) in response callback.");
- return;
- }
-
- auto it = monitor->m_requests.find(checkId);
- if (it == monitor->m_requests.end()) {
- RUNNER_FAIL_MSG("Received unexpected callback for request:"
- << "id = " << checkId << ","
- << "response = " << response << ","
- << "cause = " << cause << ".");
- return;
- }
-
- //save request data and remove request from monitored requests
- auto expectedResponse = it->second.m_expectedResponse;
- auto expectedCause = it->second.m_expectedCause;
- auto userFunction = it->second.m_userFunction;
- monitor->m_requests.erase(it);
-
- RUNNER_ASSERT_MSG(cause == expectedCause,
- "Unexpected cause in response callback:"
- << "id = " << checkId << ","
- << "received response = " << response << ","
- << "expected response = " << expectedResponse << ","
- << "received cause = " << cause << ","
- << "expected cause = " << expectedCause << ".");
-
- if (cause == CYNARA_CALL_CAUSE_ANSWER)
- {
- RUNNER_ASSERT_MSG(response == expectedResponse,
- "Unexpected response in response callback:"
- << "id = " << checkId << ","
- << "received response = " << response << ","
- << "expected response = " << expectedResponse << ","
- << "received cause = " << cause << ","
- << "expected cause = " << expectedCause << ".");
- }
-
- if (userFunction)
- userFunction();
-}
-
-}// namespace CynaraTestClientAsync
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
-#define CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
-
-#include <cynara-client-async.h>
-
-#include <functional>
-#include <unordered_map>
-
-namespace CynaraTestClientAsync {
-
-typedef std::function<void(void)> RequestFunction;
-
-struct RequestEntity
-{
- RequestFunction m_userFunction;
- int m_expectedResponse;
- cynara_async_call_cause m_expectedCause;
-};
-
-class RequestMonitor
-{
-public:
- ~RequestMonitor() noexcept(false);
-
- void registerRequest(cynara_check_id id, const RequestEntity &request);
-
- static void updateResponse(cynara_check_id checkId, cynara_async_call_cause cause, int response,
- void *data);
-
-private:
- std::unordered_map<cynara_check_id, RequestEntity> m_requests;
-};
-
-}// namespace CynaraTestClientAsync
-
-#endif // CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client_async_status_monitor.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestClientAsync {
-
-StatusMonitor::StatusMonitor(const StatusFunction &userFunction)
- : m_fd(-1), m_status(CYNARA_STATUS_FOR_READ), m_userFunction(userFunction)
-{
-}
-
-void StatusMonitor::updateStatus(int oldFd, int newFd, cynara_async_status status, void *data)
-{
- StatusMonitor *monitor = reinterpret_cast<StatusMonitor*>(data);
- if (!monitor) {
- RUNNER_FAIL_MSG("Bad user data (nullptr) in status callback.");
- return;
- }
-
- RUNNER_ASSERT_MSG(monitor->m_fd == oldFd,
- "fd value mismatch: "
- << " last saved fd = " << monitor->m_fd << ","
- << " callback oldFd = " << oldFd << ".");
-
- monitor->m_fd = newFd;
- monitor->m_status = status;
- if (monitor->m_userFunction)
- monitor->m_userFunction(oldFd, newFd, status);
-}
-
-int StatusMonitor::getFd(void) const
-{
- return m_fd;
-}
-
-enum SocketStatus StatusMonitor::getStatus(void) const
-{
- if (m_fd == -1)
- return DISCONNECTED;
-
- switch (m_status) {
- case CYNARA_STATUS_FOR_READ:
- return READ;
- case CYNARA_STATUS_FOR_RW:
- return READWRITE;
- }
- RUNNER_FAIL_MSG("Unknown cynara socket status = " << m_status << ","
- << " fd = " << m_fd << ".");
- return UNKNOWN;
-}
-
-}// namespace CynaraTestClientAsync
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
-#define CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
-
-#include <cynara-client-async.h>
-
-#include <functional>
-
-namespace CynaraTestClientAsync {
-
-enum SocketStatus
-{
- READ,
- READWRITE,
- DISCONNECTED,
- UNKNOWN,
-};
-
-typedef std::function<void(int oldFd, int newFd, cynara_async_status status)> StatusFunction;
-
-class StatusMonitor
-{
-public:
-
- StatusMonitor(const StatusFunction &userFunction);
-
- static void updateStatus(int oldFd, int newFd, cynara_async_status status, void *data);
-
- int getFd(void) const;
- enum SocketStatus getStatus(void) const;
-
-private:
- int m_fd;
- cynara_async_status m_status;
- StatusFunction m_userFunction;
-};
-
-}// namespace CynaraTestClientAsync
-
-#endif // CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_commons.h>
-#include <cynara_test_env.h>
-#include <cynara_test_file_operations.h>
-#include <cynara_test_cynara_mask.h>
-
-#include <dpl/exception.h>
-#include <dpl/test/test_runner.h>
-
-#include <exception>
-
-namespace CynaraTestConsts
-{
-
-const std::string DB_DIR(CYNARA_DB_DIR);
-const std::string USER("cynara");
-const std::string LABEL("System");
-const std::string SERVICE("cynara.service");
-const std::string SERVICE_PLUGINS_DIR("/usr/lib/cynara/plugin/service/");
-
-}
-
-void environmentWrap(const char *testName, const std::function<void(void)> &func)
-{
- CynaraTestEnv env(testName);
- env.save();
-
- try {
- func();
- } catch (const DPL::Test::TestRunner::TestFailed &e) {
- env.restore();
- throw e;
- } catch (const DPL::Test::TestRunner::Ignored &e) {
- env.restore();
- throw e;
- } catch (const DPL::Exception &e) {
- env.restore();
- throw e;
- } catch (const std::exception &e) {
- env.restore();
- throw e;
- } catch (...) {
- env.restore();
- throw std::runtime_error("Unknown exception");
- }
- env.restore();
-}
-
-void loadServicePlugins(const DirectoryPaths &pluginDirectories)
-{
- CynaraMask mask;
-
- FileOperations::removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR);
- for (const auto &dir : pluginDirectories)
- FileOperations::copyCynaraFiles(dir.c_str(), CynaraTestConsts::SERVICE_PLUGINS_DIR);
-}
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file cynara_test_commons.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Definition of environment wrap for test cases
- */
-
-#ifndef CYNARA_TEST_COMMONS_H_
-#define CYNARA_TEST_COMMONS_H_
-
-#include <functional>
-#include <string>
-#include <vector>
-
-namespace CynaraTestConsts
-{
-
-extern const std::string DB_DIR;
-extern const std::string USER;
-extern const std::string LABEL;
-extern const std::string SERVICE;
-extern const std::string SERVICE_PLUGINS_DIR;
-
-}
-
-struct CheckKey
-{
- const char *m_client;
- const char *m_user;
- const char *m_privilege;
-};
-
-void environmentWrap(const char *testName, const std::function<void(void)> &func);
-
-#define RUN_CYNARA_TEST(Proc) \
- RUNNER_TEST(Proc) \
- { \
- environmentWrap(#Proc, Proc##_func); \
- }
-
-typedef std::vector<std::string> DirectoryPaths;
-void loadServicePlugins(const DirectoryPaths &pluginDirectories);
-
-#endif /* CYNARA_TEST_COMMONS_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file cynara_test_cynara_mask.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Implementation of scoped cynara service masker
- */
-
-#include <exception>
-
-#include <cynara_test_commons.h>
-#include <dpl/test/test_runner.h>
-
-#include <cynara_test_cynara_mask.h>
-
-CynaraMask::CynaraMask() : m_serviceManager(CynaraTestConsts::SERVICE)
-{
- m_serviceManager.maskService();
- m_serviceManager.stopService();
-}
-
-CynaraMask::~CynaraMask() noexcept(false)
-{
- bool oops = std::uncaught_exception();
- try {
- m_serviceManager.unmaskService();
- m_serviceManager.startService();
- } catch (...) {
- if (!oops)
- throw;
- RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing CynaraMask.");
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file cynara_test_cynara_mask.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Definition of scoped cynara service masker
- */
-
-#ifndef CYNARA_TEST_CYNARA_MASK_H_
-#define CYNARA_TEST_CYNARA_MASK_H_
-
-#include <service_manager.h>
-
-class CynaraMask
-{
-public:
- CynaraMask();
- ~CynaraMask() noexcept(false);
-
-private:
- ServiceManager m_serviceManager;
-};
-
-#endif // CYNARA_TEST_CYNARA_MASK_H_
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_commons.h>
-#include <cynara_test_cynara_mask.h>
-#include <cynara_test_file_operations.h>
-#include <tests_common.h>
-
-#include <cynara_test_env.h>
-
-using namespace FileOperations;
-
-CynaraTestEnv::CynaraTestEnv(const char *dirName)
- : m_dbPresent(false)
-{
- m_saveDir = TMP_DIR + "/" + dirName;
- m_dbSaveDir = m_saveDir + "/db";
- m_pluginsSaveDir = m_saveDir + "/plugins";
-}
-
-CynaraTestEnv::~CynaraTestEnv()
-{
-}
-
-void CynaraTestEnv::save()
-{
- CynaraMask mask;
-
- removeDirFiles(m_dbSaveDir);
- removeDirIfExists(m_dbSaveDir);
- removeDirFiles(m_pluginsSaveDir);
- removeDirIfExists(m_pluginsSaveDir);
- removeDirIfExists(m_saveDir);
-
- makeDir(m_saveDir);
- m_dbPresent = dirExists(CynaraTestConsts::DB_DIR);
- if (m_dbPresent) {
- makeDir(m_dbSaveDir);
- copyCynaraFiles(CynaraTestConsts::DB_DIR, m_dbSaveDir);
- }
- makeDir(m_pluginsSaveDir);
- copyCynaraFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR, m_pluginsSaveDir);
-}
-
-void CynaraTestEnv::restore()
-{
- CynaraMask mask;
-
- removeDirFiles(CynaraTestConsts::DB_DIR);
- if (m_dbPresent)
- copyCynaraFiles(m_dbSaveDir, CynaraTestConsts::DB_DIR);
- else
- removeDirIfExists(CynaraTestConsts::DB_DIR);
-
- removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR);
- copyCynaraFiles(m_pluginsSaveDir, CynaraTestConsts::SERVICE_PLUGINS_DIR);
-
- removeDirFiles(m_dbSaveDir);
- removeDirIfExists(m_dbSaveDir);
- removeDirFiles(m_pluginsSaveDir);
- removeDirIfExists(m_pluginsSaveDir);
- removeDirIfExists(m_saveDir);
-}
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_ENV_H
-#define CYNARA_TEST_ENV_H
-
-#include <string>
-
-class CynaraTestEnv
-{
-public:
- explicit CynaraTestEnv(const char *dirName);
- virtual ~CynaraTestEnv();
-
- void save();
- void restore();
-
-private:
- std::string m_saveDir;
- std::string m_dbSaveDir;
- std::string m_pluginsSaveDir;
- bool m_dbPresent;
-};
-
-#endif // CYNARA_TEST_ENV_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cstdlib>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <ftw.h>
-#include <pwd.h>
-#include <sys/sendfile.h>
-#include <sys/smack.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <cynara_test_commons.h>
-#include <dpl/test/test_runner.h>
-#include <memory.h>
-
-#include <cynara_test_file_operations.h>
-
-namespace FileOperations
-{
-
-static int removeFile(const char *fpath, const struct stat * /*sb*/,
- int tflag, struct FTW * /*ftwbuf*/)
-{
- if (tflag == FTW_F)
- RUNNER_ASSERT_ERRNO_MSG(!unlink(fpath), "Unable to unlink " << fpath << " file");
- else
- RUNNER_ASSERT_MSG(tflag == FTW_DP, "Visited file should not exist. Path: " << fpath);
- return 0;
-}
-
-bool dirExists(const std::string &directory)
-{
- struct stat st;
- int ret = stat(directory.c_str(), &st);
- if (ret == -1 && errno == ENOENT) {
- return false;
- } else if (ret == -1) {
- RUNNER_ASSERT_ERRNO_MSG(false, "Cannot stat " << directory
- << " not due to its nonexistence");
- }
- RUNNER_ASSERT_MSG(st.st_mode & S_IFDIR, directory << " is not a directory");
- return true;
-}
-
-void copyCynaraFile(const std::string &src, const std::string &dst)
-{
- using PwBufPtr = CStringPtr;
- int inFd = TEMP_FAILURE_RETRY(open(src.c_str(), O_RDONLY));
- RUNNER_ASSERT_ERRNO_MSG(inFd > 0, "Opening " << src << " file failed");
- FdUniquePtr inFdPtr(&inFd);
-
- int outFd = TEMP_FAILURE_RETRY(creat(dst.c_str(), 0700));
- RUNNER_ASSERT_ERRNO_MSG(outFd > 0, "Creating " << dst << " file failed");
- FdUniquePtr outFdPtr(&outFd);
-
- long int len = sysconf(_SC_GETPW_R_SIZE_MAX);
- RUNNER_ASSERT_MSG(len != -1, "No suggested buflen");
- size_t buflen = len;
- char *buf = static_cast<char*>(malloc(buflen));
-
- PwBufPtr pwBufPtr(buf);
-
- struct passwd pwbuf, *pwbufp = nullptr;
- int ret = TEMP_FAILURE_RETRY(getpwnam_r(CynaraTestConsts::USER.c_str(),
- &pwbuf, buf, buflen, &pwbufp));
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "getpwnam_r failed on " << CynaraTestConsts::USER << " user");
- RUNNER_ASSERT_MSG(pwbufp, "User " << CynaraTestConsts::USER << " does not exist");
-
- ret = fchown(outFd, pwbufp->pw_uid, pwbufp->pw_gid);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fchown failed");
-
- ret = smack_fsetlabel(outFd, CynaraTestConsts::LABEL.c_str(), SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Setting smack label failed");
-
- struct stat statSrc;
- ret = fstat(inFd, &statSrc);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fstat failed");
-
- ret = sendfile(outFd, inFd, 0, statSrc.st_size);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "sendfile failed");
-}
-
-void copyCynaraFiles(const std::string &source, const std::string &destination)
-{
- DIR *dirPtr = nullptr;
- struct dirent *direntPtr;
-
- RUNNER_ASSERT_ERRNO_MSG(dirPtr = opendir(source.c_str()),
- "opening " << source << " dir failed");
- DirPtr dirScopedPtr(dirPtr);
-
- while((direntPtr = readdir(dirPtr)) != nullptr) {
- if (!strcmp(direntPtr->d_name, ".")
- || !strcmp(direntPtr->d_name, ".."))
- continue;
- std::string tempDest = destination + "/" + direntPtr->d_name;
- std::string tempSrc = source + "/" + direntPtr->d_name;
- copyCynaraFile(tempSrc, tempDest);
- }
-}
-
-void makeDir(const std::string &directory)
-{
- RUNNER_ASSERT_ERRNO_MSG(!mkdir(directory.c_str(), S_IRWXU | S_IRWXG | S_IRWXO),
- "Unable to make " << directory << " test directory");
-}
-
-void removeDirFiles(const std::string &dir)
-{
- int ret = nftw(dir.c_str(), removeFile, 2, FTW_DEPTH | FTW_PHYS);
- if (ret == -1)
- RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "nftw failed");
-}
-
-void removeDirIfExists(const std::string &dir)
-{
- RUNNER_ASSERT_ERRNO_MSG(!rmdir(dir.c_str()) || errno == ENOENT,
- "Removing " << dir << " dir failed");
-}
-
-} // namespace FileOperations
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_FILE_OPERATIONS_H
-#define CYNARA_TEST_FILE_OPERATIONS_H
-
-#include <string>
-
-namespace FileOperations
-{
-
-bool dirExists(const std::string &directory);
-void copyCynaraFile(const std::string &src, const std::string &dst);
-void copyCynaraFiles(const std::string &source, const std::string &destination);
-void makeDir(const std::string &directory);
-void removeDirFiles(const std::string &dir);
-void removeDirIfExists(const std::string &dir);
-
-} // namespace FileOperations
-
-#endif //CYNARA_TEST_FILE_OPERATIONS_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[])
-{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
+++ /dev/null
-client;user;privilege;0x0;
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file BaseCynaraTestPlugin.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of base class for cynara test plugins
- */
-
-#ifndef BASE_CYNARA_TEST_PLUGIN_H
-#define BASE_CYNARA_TEST_PLUGIN_H
-
-#include <string>
-
-#include <cynara-plugin.h>
-#include <cynara/types/PolicyDescription.h>
-#include <plugins.h>
-
-class BaseCynaraTestPlugin : public Cynara::ServicePluginInterface
-{
-public:
- BaseCynaraTestPlugin(const std::string &name)
- {
- m_descriptions = CynaraTestPlugins::POLICY_DESCRIPTIONS.at(name);
- }
-
- virtual ~BaseCynaraTestPlugin() {}
-
- virtual CynaraTestPlugins::Descriptions &getSupportedPolicyDescr()
- {
- return m_descriptions;
- }
-
- virtual Cynara::ServicePluginInterface::PluginStatus check(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- Cynara::PolicyResult &result,
- Cynara::AgentType &requiredAgent,
- Cynara::PluginData &pluginData)
- noexcept
- {
- (void) client;
- (void) user;
- (void) privilege;
- (void) requiredAgent;
- (void) pluginData;
-
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
- return Cynara::ServicePluginInterface::PluginStatus::ANSWER_READY;
- }
-
- virtual Cynara::ServicePluginInterface::PluginStatus update(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- const Cynara::PluginData &agentData,
- Cynara::PolicyResult &result)
- noexcept
- {
- (void) client;
- (void) user;
- (void) privilege;
- (void) agentData;
-
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
- return Cynara::ServicePluginInterface::PluginStatus::ANSWER_READY;
- }
-
- virtual void invalidate()
- {
- }
-
-private:
- CynaraTestPlugins::Descriptions m_descriptions;
-};
-
-#endif // BASE_CYNARA_TEST_PLUGIN_H
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-ADD_SUBDIRECTORY(single-policy)
-ADD_SUBDIRECTORY(multiple-policy)
-ADD_SUBDIRECTORY(test-agent)
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
-#
-
-CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-
-SET(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY "cynara-test-plugin-multiple-policy")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEP
- REQUIRED
- cynara-plugin
- )
-
-INCLUDE_DIRECTORIES(
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEP_INCLUDE_DIRS}
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/
- )
-
-SET(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/multiple-policy/plugin.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/plugins.cpp
- )
-
-ADD_DEFINITIONS("-fvisibility=default")
-
-ADD_LIBRARY(
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
- SHARED
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_SOURCES}
- )
-
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEPS}
- )
-
-INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
- DESTINATION /usr/lib/security-tests/cynara-tests/plugins/multiple-policy/)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugin.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Implementation of cynara test plugin handling multiple policy type
- */
-
-#include <new>
-
-#include <cynara-plugin.h>
-#include <BaseCynaraTestPlugin.h>
-#include <plugins.h>
-
-class MultiplePolicyPlugin : public BaseCynaraTestPlugin
-{
-public:
- MultiplePolicyPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::MULTIPLE_POLICY) {}
- virtual ~MultiplePolicyPlugin() {}
-};
-
-extern "C" {
-Cynara::ExternalPluginInterface *create(void) {
- return new MultiplePolicyPlugin();
-}
-
-void destroy(Cynara::ExternalPluginInterface *ptr) {
- delete ptr;
-}
-} // extern "C"
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugins.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of types, constants and functions common for both tests and plugins
- */
-
-#include <vector>
-#include <sstream>
-#include <string>
-
-#include <plugins.h>
-
-namespace CynaraTestPlugins {
-
-Cynara::PluginData wrapAgentData(const AgentDataVector &data) {
- std::stringstream wrappedData;
- wrappedData << AGENT_DATA_RECORD_SEPARATOR;
- for (size_t i = 0; i < data.size(); ++i) {
- wrappedData << AGENT_DATA_UNIT_SEPARATOR
- << data[i]
- << AGENT_DATA_UNIT_SEPARATOR;
- }
- wrappedData << AGENT_DATA_RECORD_SEPARATOR;
- return wrappedData.str();
-}
-
-static bool unwrapAgentDataFromSeparator(const Cynara::PluginData &wrappedData,
- const std::string &separator,
- size_t &pos, std::string &unit) {
-//check if wrapped data starts with separator
- size_t separatorSize = separator.size();
- if (wrappedData.compare(pos, separatorSize, separator) != 0)
- return false;
-
-//find ending separator
- size_t unitStartIndex = pos + separatorSize;
- size_t endingSeparatorIndex = wrappedData.find(separator, unitStartIndex);
- if (endingSeparatorIndex == std::string::npos)
- return false;
-
-//return found unit
- pos = endingSeparatorIndex + separatorSize;
- size_t unitSize = endingSeparatorIndex - unitStartIndex;
- unit.assign(wrappedData, unitStartIndex, unitSize);
- return true;
-}
-
-bool unwrapAgentData(const Cynara::PluginData &wrappedData, AgentDataVector& data) {
- std::string record;
- size_t pos = 0;
- if (!unwrapAgentDataFromSeparator(wrappedData, AGENT_DATA_RECORD_SEPARATOR, pos, record))
- return false;
-
- pos = 0;
- while (pos < record.size()) {
- std::string unit;
- if (!unwrapAgentDataFromSeparator(record, AGENT_DATA_UNIT_SEPARATOR, pos, unit))
- return false;
- data.push_back(unit);
- }
- return true;
-}
-
-} // namespace CynaraTestPlugins
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugins.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of types, constants and functions common for both tests and plugins
- */
-
-#ifndef CYNARA_TEST_PLUGINS_H
-#define CYNARA_TEST_PLUGINS_H
-
-#include <cstdint>
-#include <vector>
-#include <map>
-#include <string>
-
-#include <cynara-plugin.h>
-#include <cynara/types/PolicyDescription.h>
-#include <cynara/types/PolicyType.h>
-
-namespace CynaraTestPlugins {
-
-typedef std::vector<Cynara::PolicyDescription> Descriptions;
-typedef std::pair<std::string, Descriptions> DescriptionsPair;
-typedef std::map<std::string, Descriptions> DescriptionsMap;
-
-static const std::string TEST_PLUGIN_PATH("/usr/lib/security-tests/cynara-tests/plugins/");
-
-static const std::string DEFAULT_POLICY("");
-static const std::string SINGLE_POLICY("single-policy");
-static const std::string MULTIPLE_POLICY("multiple-policy");
-static const std::string TEST_AGENT("test-agent");
-
-static const DescriptionsMap POLICY_DESCRIPTIONS = {
- DescriptionsPair(DEFAULT_POLICY, {
- { Cynara::PredefinedPolicyType::DENY, "Deny" },
- { Cynara::PredefinedPolicyType::ALLOW, "Allow" },
- }),
- DescriptionsPair(SINGLE_POLICY, {
- { 2001, "Single Policy Type 1" }
- }),
- DescriptionsPair(MULTIPLE_POLICY, {
- { 3001, "Multiple Policy Type 1" },
- { 3002, "Multiple Policy Type 2" },
- { 3003, "Multiple Policy Type 3" },
- }),
- DescriptionsPair(TEST_AGENT, {
- { 4001, "Test Agent Type 1" }
- }),
-};
-
-static const std::string TEST_AGENT_TYPE("SecurityCynaraTestsAgentType");
-
-static const std::string AGENT_DATA_UNIT_SEPARATOR("\31");
-static const std::string AGENT_DATA_RECORD_SEPARATOR("\30");
-static const std::string AGENT_DATA_ALLOW("Allow");
-static const std::string AGENT_DATA_DENY("Deny");
-
-typedef std::vector<std::string> AgentDataVector;
-
-Cynara::PluginData wrapAgentData(const AgentDataVector &data);
-bool unwrapAgentData(const Cynara::PluginData &wrappedData, AgentDataVector& data);
-
-} // namespace CynaraTestPlugins
-
-#endif // CYNARA_TEST_PLUGINS_H
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
-#
-
-CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-
-SET(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY "cynara-test-plugin-single-policy")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEP
- REQUIRED
- cynara-plugin
- )
-
-INCLUDE_DIRECTORIES(
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEP_INCLUDE_DIRS}
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/
- )
-
-SET(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/single-policy/plugin.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/plugins.cpp
- )
-
-ADD_DEFINITIONS("-fvisibility=default")
-
-ADD_LIBRARY(
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
- SHARED
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_SOURCES}
- )
-
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEPS}
- )
-
-INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
- DESTINATION /usr/lib/security-tests/cynara-tests/plugins/single-policy/)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugin.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Implementation of cynara test plugin handling single policy type
- */
-
-#include <new>
-
-#include <cynara-plugin.h>
-#include <BaseCynaraTestPlugin.h>
-#include <plugins.h>
-
-class SinglePolicyPlugin : public BaseCynaraTestPlugin
-{
-public:
- SinglePolicyPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::SINGLE_POLICY) {}
- virtual ~SinglePolicyPlugin() {}
-};
-
-extern "C" {
-Cynara::ExternalPluginInterface *create(void) {
- return new SinglePolicyPlugin();
-}
-
-void destroy(Cynara::ExternalPluginInterface *ptr) {
- delete ptr;
-}
-} // extern "C"
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
-#
-
-CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-
-SET(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT "cynara-test-plugin-test-agent")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEP
- REQUIRED
- cynara-plugin
- )
-
-INCLUDE_DIRECTORIES(
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEP_INCLUDE_DIRS}
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/
- )
-
-SET(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/test-agent/plugin.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/plugins/plugins.cpp
- )
-
-ADD_DEFINITIONS("-fvisibility=default")
-
-ADD_LIBRARY(
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
- SHARED
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_SOURCES}
- )
-
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEPS}
- )
-
-INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
- DESTINATION /usr/lib/security-tests/cynara-tests/plugins/test-agent/)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugin.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Implementation of cynara test plugin handling communication with test-agent
- */
-
-#include <new>
-
-#include <cynara-plugin.h>
-#include <BaseCynaraTestPlugin.h>
-#include <plugins.h>
-
-class TestAgentPlugin : public BaseCynaraTestPlugin
-{
-public:
- TestAgentPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::TEST_AGENT) {}
- virtual ~TestAgentPlugin() {}
-
- virtual Cynara::ServicePluginInterface::PluginStatus check(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- Cynara::PolicyResult &result,
- Cynara::AgentType &requiredAgent,
- Cynara::PluginData &pluginData)
- noexcept
- {
- (void) result;
-
- try {
- requiredAgent = CynaraTestPlugins::TEST_AGENT_TYPE;
- pluginData = CynaraTestPlugins::wrapAgentData({client, user, privilege});
- } catch (...) {
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
- }
- return Cynara::ServicePluginInterface::PluginStatus::ANSWER_NOTREADY;
- }
-
- virtual Cynara::ServicePluginInterface::PluginStatus update(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- const Cynara::PluginData &agentData,
- Cynara::PolicyResult &result)
- noexcept
- {
- (void) client;
- (void) user;
- (void) privilege;
-
- try {
- CynaraTestPlugins::AgentDataVector data;
- if (!CynaraTestPlugins::unwrapAgentData(agentData, data))
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
-
- if (data.size() != 1)
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
-
- if (data[0] == CynaraTestPlugins::AGENT_DATA_ALLOW) {
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::ALLOW);
- return Cynara::ServicePluginInterface::PluginStatus::SUCCESS;
- }
- else if (data[0] == CynaraTestPlugins::AGENT_DATA_DENY) {
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
- return Cynara::ServicePluginInterface::PluginStatus::SUCCESS;
- }
- } catch (...) {
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
- }
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
- }
-};
-
-extern "C" {
-Cynara::ExternalPluginInterface *create(void) {
- return new TestAgentPlugin();
-}
-
-void destroy(Cynara::ExternalPluginInterface *ptr) {
- delete ptr;
-}
-} // extern "C"
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases.cpp
- * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
- * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.1
- * @brief Tests for libcynara-client and libcynara-admin
- */
-
-#include <cynara_test_commons.h>
-
-#include <tests_common.h>
-#include <cynara_test_client.h>
-#include <cynara_test_admin.h>
-#include <cynara_test_env.h>
-#include <plugins.h>
-
-#include <climits>
-
-using namespace CynaraTestAdmin;
-using namespace CynaraTestClient;
-
-void tc01_cynara_initialize_func()
-{
- Client();
-}
-
-void tc02_admin_initialize_func()
-{
- Admin admin;
-}
-
-void tc03_cynara_check_invalid_params_func()
-{
- Client cynara;
-
- const char *client = "client03";
- const char *user = "user03";
- const char *privilege = "privilege03";
- const char *session = "session03";
-
- cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
- cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
- cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
- cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
-}
-
-void checkInvalidPolicy(Admin &admin,
- const char *bucket,
- const char *client,
- const char *user,
- const char *privilege,
- const int result,
- const char *resultExtra)
-{
- CynaraPoliciesContainer cp;
- cp.add(bucket, client, user, privilege, result, resultExtra);
-
- admin.setPolicies(cp, CYNARA_API_INVALID_PARAM);
-}
-
-void tc04_admin_set_policies_invalid_params_func()
-{
- Admin admin;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client04";
- const char *user = "user04";
- const char *privilege = "privilege04";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultBucket = CYNARA_ADMIN_BUCKET;
- const int resultNone = CYNARA_ADMIN_NONE;
- const char *resultExtra = nullptr;
-
- checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
- checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
- checkInvalidPolicy(admin, bucket, client, user, privilege, resultNone, resultExtra);
-}
-
-void tc05_admin_set_bucket_invalid_params_func()
-{
- Admin admin;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const int operationAllow = CYNARA_ADMIN_ALLOW;
- const int operationDelete = CYNARA_ADMIN_DELETE;
- const int operationNone = CYNARA_ADMIN_NONE;
- const char *extra = nullptr;
-
- admin.setBucket(nullptr, operationAllow, extra, CYNARA_API_INVALID_PARAM);
- admin.setBucket(bucket, INT_MAX, extra, CYNARA_API_INVALID_PARAM);
- admin.setBucket(bucket, operationDelete, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
- admin.setBucket(bucket, operationNone, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
-}
-
-void tc06_cynara_check_empty_admin1_func()
-{
- Client cynara;
-
- const char *client = "client06_1";
- const char *session = "session06_1";
- const char *user = "user06_1";
- const char *privilege = "privilege06_1";
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc06_cynara_check_empty_admin2_func()
-{
- Client cynara;
-
- const char *client = CYNARA_ADMIN_WILDCARD;
- const char *session = "session06_2";
- const char *user = CYNARA_ADMIN_WILDCARD;
- const char *privilege = CYNARA_ADMIN_WILDCARD;
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc07_admin_set_bucket_admin_allow_deny_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client07";
- const char *session = "session07";
- const char *user = "user07";
- const char *privilege = "privilege07";
- const char *extra = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc08_admin_set_policies_allow_remove1_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session08_1";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultDelete = CYNARA_ADMIN_DELETE;
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client08_1_a", "user08_1_a", "privilege08_1_a" },
- { "client08_1_b", "user08_1_b", "privilege08_1_b" },
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow first policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete first policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-}
-
-void tc08_admin_set_policies_allow_remove2_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session08_2";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultDelete = CYNARA_ADMIN_DELETE;
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client08_2_a", "user08_2_a", "privilege08_2_a" },
- { "client08_2_b", "user08_2_b", "privilege08_2_b" },
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow first policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // delete first, allow second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-}
-
-void tc08_admin_set_policies_allow_remove3_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session08_3";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultDelete = CYNARA_ADMIN_DELETE;
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client08_3_a", "user08_3_a", "privilege08_3_a" },
- { "client08_3_b", "user08_3_b", "privilege08_3_b" },
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow first and second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete first and second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-}
-
-void checkAllDeny(const std::vector< std::vector<const char *> > &data,
- const char *session)
-{
- Client cynara;
-
- for (auto it = data.begin(); it != data.end(); ++it) {
- RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
- }
-
- for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
- for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
- for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
- cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
- }
- }
- }
-}
-
-void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
-{
- RUNNER_ASSERT_MSG(data.size() == 3, "Wrong test data size");
- for (auto it = data.begin(); it != data.end(); ++it) {
- RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
- }
-}
-
-void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
- const char *session)
-{
- Client cynara;
-
- checkSingleWildcardData(data);
-
- for (size_t c = 0; c < data.size(); ++c) {
- for (size_t u = 0; u < data.size(); ++u) {
- for (size_t p = 0; p < data.size(); ++p) {
- if ((u == 0 && p == 0)
- || (c == 1 && p == 1)
- || (c == 2 && u == 2)) {
- cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED);
- } else {
- cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
- }
- }
- }
- }
-}
-
-void setSingleWildcardPolicies(const char *bucket,
- const std::vector< std::vector<const char *> > &data,
- const int result, const char* resultExtra)
-{
- Admin admin;
- CynaraPoliciesContainer cp;
-
- checkSingleWildcardData(data);
-
- cp.add(bucket,
- CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
- result, resultExtra);
- cp.add(bucket,
- data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
- result, resultExtra);
- cp.add(bucket,
- data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
- result, resultExtra);
-
- admin.setPolicies(cp);
-}
-
-void tc09_admin_set_policies_wildcard_accesses_func()
-{
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session09";
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client09_a", "user09_a", "privilege09_a" },
- { "client09_b", "user09_b", "privilege09_b" },
- { "client09_c", "user09_c", "privilege09_c" }
- };
-
- checkAllDeny(data, session);
-
- setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra);
-
- checkSingleWildcardAllowRestDeny(data, session);
-
- setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra);
-
- checkAllDeny(data, session);
-}
-
-void tc10_admin_change_extra_bucket_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket10";
- const char *session = "session10";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
-
- const std::vector< std::vector<const char *> > data = {
- { "client10_a", "user10_a", "privilege10_a" },
- { "client10_b", "user10_b", "privilege10_b" }
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- data[0][0], data[0][1], data[0][2],
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- data[0][0], data[0][1], data[0][2],
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
-}
-
-void tc11_admin_bucket_not_found_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket11";
- const char *client = "client11";
- const char *session = "session11";
- const char *user = "user11";
- const char *privilege = "privilege11";
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc12_admin_delete_bucket_with_policies_pointing_to_it_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket12";
- const char *client = "client12";
- const char *session = "session12";
- const char *user = "user12";
- const char *privilege = "privilege12";
- const char *extra = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc13_admin_set_policies_to_extra_bucket_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket13";
- const char *client = "client13";
- const char *session = "session13";
- const char *user = "user13";
- const char *privilege = "privilege13";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc14_admin_set_policies_integrity_func()
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket14";
- const char *client = "client14";
- const char *session = "session14";
- const char *user = "user14";
- const char *privilege = "privilege14";
- const char *extraResult = nullptr;
-
- {
- Client cynara;
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
- }
-
- {
- Admin admin;
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
- }
-
- {
- Client cynara;
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
- }
-}
-
-void tc15_admin_set_bucket_admin_none1_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_1";
- const char *client = "client15_1";
- const char *session = "session15_1";
- const char *user = "user15_1";
- const char *privilege = "privilege15_1";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-}
-
-void tc15_admin_set_bucket_admin_none2_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_2";
- const char *client = "client15_2";
- const char *session = "session15_2";
- const char *user = "user15_2";
- const char *privilege = "privilege15_2";
- const char *extra = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc15_admin_set_bucket_admin_none3_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_3";
- const char *client = "client15_3";
- const char *session = "session15_3";
- const char *user = "user15_3";
- const char *privilege = "privilege15_3";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucketDefault,
- client, user, CYNARA_ADMIN_WILDCARD,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-}
-
-void tc16_admin_check_single_bucket_func()
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client16";
- const char *user = "user16";
- const char *privilege = "privilege16";
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin;
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
-
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-}
-
-void tc17_admin_check_nested_bucket_func()
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket17";
- const char *client = "client17";
- const char *user = "user17";
- const char *privilege = "privilege17";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin;
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-}
-
-void tc18_admin_check_multiple_matches_func()
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client18";
- const char *user = "user18";
- const char *privilege = "privilege18";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *extra = nullptr;
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin;
-
- auto check = [&](int expected_result)
- {
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- expected_result, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- expected_result, nullptr, CYNARA_API_SUCCESS);
- };
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_ALLOW);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- wildcard, user, privilege,
- CYNARA_ADMIN_DENY, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_DENY);
-
- admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- wildcard, user, privilege,
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_ALLOW);
-}
-
-void tc19_admin_check_none_bucket_func()
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket1 = "bucket19_a";
- const char *bucket2 = "bucket19_b";
- const char *client = "client19";
- const char *user = "user19";
- const char *privilege = "privilege19";
- const char *extra = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin;
- admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
- admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, recursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, notrecursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket1);
- cp.add(bucket1,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket2);
- admin.setPolicies(cp);
- }
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, notrecursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-}
-
-void tc20_admin_list_empty_bucket_func()
-{
- const char *emptyBucket = "empty_bucket20";
- const char *client = "client20";
- const char *user = "user20";
- const char *privilege = "privilege20";
- const char *extra = nullptr;
-
- Admin admin;
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- CynaraPoliciesContainer emptyPolicies;
-
- admin.listPolicies(emptyBucket, client, user, privilege, emptyPolicies);
-}
-
-void tc21_admin_list_no_bucket_func()
-{
- const char *emptyBucket = "empty_bucket21";
- const char *notExistingBucket = "not_existing_bucket21";
- const char *client = "client21";
- const char *user = "user21";
- const char *privilege = "privilege21";
- const char *extra = nullptr;
-
- Admin admin;
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- CynaraPoliciesContainer emptyPolicies;
-
- admin.listPolicies(notExistingBucket, client, user, privilege, emptyPolicies,
- CYNARA_API_BUCKET_NOT_FOUND);
-}
-
-void tc22_admin_list_bucket_func()
-{
- const char *bucket = "bucket22";
- const char *emptyBucket = "empty_bucket22";
- const char *client = "client22";
- const char *user = "user22";
- const char *privilege = "privilege22";
- const char *client2 = "client22_2";
- const char *user2 = "user22_2";
- const char *privilege2 = "privilege22_2";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
-
- const char *extra = nullptr;
-
- Admin admin;
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- admin.setPolicies(cp);
- }
-
- CynaraPoliciesContainer expectedPolicies;
- expectedPolicies.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- expectedPolicies.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- expectedPolicies.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
-
- admin.listPolicies(bucket, client, wildcard, any, expectedPolicies);
-}
-
-void tc23_admin_erase_empty_bucket_func()
-{
- const char *emptyBucket = "empty_bucket23";
- const char *client = "client23";
- const char *user = "user23";
- const char *privilege = "privilege23";
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin;
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- admin.erasePolicies(emptyBucket, recursive, client, user, privilege);
-}
-
-void tc24_admin_erase_no_bucket_func()
-{
- const char *emptyBucket = "empty_bucket24";
- const char *notExistingBucket = "not_existing_bucket24";
- const char *client = "client24";
- const char *user = "user24";
- const char *privilege = "privilege24";
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin;
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- admin.erasePolicies(notExistingBucket, recursive, client, user, privilege,
- CYNARA_API_BUCKET_NOT_FOUND);
-}
-
-void tc25_admin_erase_single_bucket_func()
-{
- const char *bucket = "bucket25";
- const char *emptyBucket = "empty_bucket25";
- const char *client = "client25";
- const char *user = "user25";
- const char *privilege = "privilege25";
- const char *client2 = "client25_2";
- const char *user2 = "user25_2";
- const char *privilege2 = "privilege25_2";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin;
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, client, wildcard, any);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- // WAS ERASED (bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- // WAS ERASED (bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- // WAS ERASED (bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- admin.listPolicies(emptyBucket, any, any, any, expPolicies);
- }
-}
-
-void tc26_admin_erase_recursive_not_linked_buckets_func()
-{
- const char *bucket = "bucket26";
- const char *subBucket = "sub_bucket26";
- const char *client = "client26";
- const char *user = "user26";
- const char *privilege = "privilege26";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin;
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void tc27_admin_erase_recursive_linked_buckets_func()
-{
- const char *bucket = "bucket27";
- const char *subBucket = "sub_bucket27";
- const char *client = "client27";
- const char *user = "user27";
- const char *privilege = "privilege27";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin;
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
-
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void tc28_admin_erase_non_recursive_linked_buckets_func()
-{
- const char *bucket = "bucket28";
- const char *subBucket = "sub_bucket28";
- const char *client = "client28";
- const char *user = "user28";
- const char *privilege = "privilege28";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 0;
-
- Admin admin;
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
-
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void tc29_admin_erase_recursive_from_sub_bucket_func()
-{
- const char *bucket = "bucket29";
- const char *subBucket = "sub_bucket29";
- const char *client = "client29";
- const char *user = "user29";
- const char *privilege = "privilege29";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin;
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
-
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(subBucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
- expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void testPlugins(const std::vector<std::string> &plugins)
-{
- using namespace CynaraTestPlugins;
-
- DirectoryPaths paths;
- Descriptions expectedDescriptions(POLICY_DESCRIPTIONS.at(DEFAULT_POLICY));
-
- for (auto &plugin : plugins) {
- paths.push_back(TEST_PLUGIN_PATH + plugin);
-
- const Descriptions &pluginDescriptions = POLICY_DESCRIPTIONS.at(plugin);
- expectedDescriptions.insert(expectedDescriptions.end(),
- pluginDescriptions.begin(), pluginDescriptions.end());
- }
-
- loadServicePlugins(paths);
-
- Admin admin;
- admin.listPoliciesDescriptions(expectedDescriptions);
-}
-
-void tc30_admin_list_descriptions_no_plugins_func()
-{
- testPlugins({});
-}
-
-void tc31_admin_list_descriptions_1_plugin_single_policy_func()
-{
- testPlugins({CynaraTestPlugins::SINGLE_POLICY});
-}
-
-void tc32_admin_list_descriptions_1_plugin_multiple_policy_func()
-{
- testPlugins({CynaraTestPlugins::MULTIPLE_POLICY});
-}
-
-void tc33_admin_list_descriptions_multiple_plugins_func()
-{
- testPlugins({CynaraTestPlugins::SINGLE_POLICY,
- CynaraTestPlugins::MULTIPLE_POLICY});
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_tests)
-
-RUN_CYNARA_TEST(tc01_cynara_initialize)
-RUN_CYNARA_TEST(tc02_admin_initialize)
-RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
-RUN_CYNARA_TEST(tc04_admin_set_policies_invalid_params)
-RUN_CYNARA_TEST(tc05_admin_set_bucket_invalid_params)
-RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
-RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
-RUN_CYNARA_TEST(tc07_admin_set_bucket_admin_allow_deny)
-RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove1)
-RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove2)
-RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove3)
-RUN_CYNARA_TEST(tc09_admin_set_policies_wildcard_accesses)
-RUN_CYNARA_TEST(tc10_admin_change_extra_bucket)
-RUN_CYNARA_TEST(tc11_admin_bucket_not_found)
-RUN_CYNARA_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
-RUN_CYNARA_TEST(tc13_admin_set_policies_to_extra_bucket)
-RUN_CYNARA_TEST(tc14_admin_set_policies_integrity)
-RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none1)
-RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none2)
-RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none3)
-RUN_CYNARA_TEST(tc16_admin_check_single_bucket)
-RUN_CYNARA_TEST(tc17_admin_check_nested_bucket)
-RUN_CYNARA_TEST(tc18_admin_check_multiple_matches)
-RUN_CYNARA_TEST(tc19_admin_check_none_bucket)
-RUN_CYNARA_TEST(tc20_admin_list_empty_bucket)
-RUN_CYNARA_TEST(tc21_admin_list_no_bucket)
-RUN_CYNARA_TEST(tc22_admin_list_bucket)
-RUN_CYNARA_TEST(tc23_admin_erase_empty_bucket)
-RUN_CYNARA_TEST(tc24_admin_erase_no_bucket)
-RUN_CYNARA_TEST(tc25_admin_erase_single_bucket)
-RUN_CYNARA_TEST(tc26_admin_erase_recursive_not_linked_buckets)
-RUN_CYNARA_TEST(tc27_admin_erase_recursive_linked_buckets)
-RUN_CYNARA_TEST(tc28_admin_erase_non_recursive_linked_buckets)
-RUN_CYNARA_TEST(tc29_admin_erase_recursive_from_sub_bucket)
-RUN_CYNARA_TEST(tc30_admin_list_descriptions_no_plugins)
-RUN_CYNARA_TEST(tc31_admin_list_descriptions_1_plugin_single_policy)
-RUN_CYNARA_TEST(tc32_admin_list_descriptions_1_plugin_multiple_policy)
-RUN_CYNARA_TEST(tc33_admin_list_descriptions_multiple_plugins)
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases_async.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Tests for libcynara-client-async
- */
-
-#include <cynara_test_admin.h>
-#include <cynara_test_commons.h>
-#include <cynara_test_client_async_client.h>
-
-#include <service_manager.h>
-#include <dpl/test/test_runner.h>
-
-#include <cynara-client-async.h>
-
-#include <cstdint>
-#include <unistd.h>
-
-using namespace CynaraTestClientAsync;
-using namespace CynaraTestAdmin;
-
-void tca01_initialize_func()
-{
- Client client;
-}
-
-void tca02_empty_cache_miss_func()
-{
- std::string testNo("02");
- Client client;
-
- client.checkCache({testNo}, CYNARA_API_CACHE_MISS);
- client.checkCache({testNo}, CYNARA_API_CACHE_MISS);
-}
-
-void tca03_create_max_requests_func()
-{
- std::string testNo("03");
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(), 0, CYNARA_CALL_CAUSE_FINISH};
-
- Client client;
-
- for (auto i = 0; i <= UINT16_MAX; ++i) {
- client.createRequest({testNo, i}, id, callbackData, CYNARA_API_SUCCESS);
- client.assertStatus(READWRITE);
- }
-
- client.createRequest({testNo}, id, callbackData, CYNARA_API_MAX_PENDING_REQUESTS);
- client.assertStatus(READWRITE);
-}
-
-void tca04_request_and_process_func()
-{
- std::string testNo("04");
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- Client client;
-
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca05_request_and_cancel1_func()
-{
- std::string testNo("05");
- int subtest = 1;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.cancel(id);
- client.assertStatus(READWRITE);
-
- //send request and cancel
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca05_request_and_cancel2_func()
-{
- std::string testNo("05");
- int subtest = 2;
- cynara_check_id id1, id2;
- Client client;
-
- RequestEntity callbackData1 = {[&]()->void {client.cancel(id2);},
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- client.createRequest({testNo, subtest}, id1, callbackData1);
- client.createRequest({testNo, subtest}, id2, callbackData2);
- client.assertStatus(READWRITE);
-
- //send requests
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca05_request_and_cancel3_func()
-{
- std::string testNo("05");
- int subtest = 3;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-
- client.cancel(id, CYNARA_API_INVALID_PARAM);
-}
-
-void tca06_cancel_fail_func()
-{
- cynara_check_id id = 0xDEAD;
-
- Client client;
-
- client.cancel(id, CYNARA_API_INVALID_PARAM);
-}
-
-void tca07_request_with_data_insertion_func()
-{
- std::string testNo("07");
- Admin admin;
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- CheckData data[2] = {{testNo, 1}, {testNo, 2}};
- RequestEntity callbackAllow = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_ANSWER};
- RequestEntity callbackDeny = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- cynara_check_id id;
- Client client;
-
- client.checkCache(data[0], CYNARA_API_CACHE_MISS);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-
- client.createRequest(data[0], id, callbackDeny);
- client.assertStatus(READWRITE);
- client.process();
- client.assertStatus(READ);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-
- client.checkCache(data[0], CYNARA_API_ACCESS_DENIED);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0].toAdminPolicy(), resultAllow);
- admin.setPolicies(cp);
- }
-
- client.checkCache(data[0], CYNARA_API_CACHE_MISS);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-
- client.createRequest(data[0], id, callbackAllow);
- client.assertStatus(READWRITE);
- client.process();
- client.assertStatus(READ);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-
- client.checkCache(data[0], CYNARA_API_ACCESS_ALLOWED);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-}
-
-void tca08_disconnect1_func()
-{
- std::string testNo("08");
- int subtest = 1;
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- serviceManager.restartService();
-
- client.process();
- client.assertStatus(READ);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca08_disconnect2_func()
-{
- std::string testNo("08");
- int subtest = 2;
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- serviceManager.restartService();
-
- client.process();
- client.assertStatus(READ);
-
- serviceManager.restartService();
-
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca08_disconnect3_func()
-{
- std::string testNo("08");
- int subtest = 2;
- cynara_check_id id;
- RequestEntity callbackData = {[&](){
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
- serviceManager.restartService();
- },
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.process();
- client.assertStatus(READ);
-
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca09_disconnect_and_cancel1_func()
-{
- std::string testNo("09");
- int subtest = 1;
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- serviceManager.restartService();
-
- client.cancel(id);
- client.assertStatus(READWRITE);
-
- //send cancel
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-}
-
-void tca09_disconnect_and_cancel2_func()
-{
- std::string testNo("09");
- int subtest = 2;
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- client.cancel(id);
- client.assertStatus(READWRITE);
-
- serviceManager.restartService();
-
- //handle reconnect
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::EXPECT_TIMEOUT);
- client.assertStatus(READ);
-}
-
-void tca10_double_request_func()
-{
- std::string testNo("10");
- cynara_check_id id, id2;
- Client client;
-
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- RequestEntity callbackData = {[&](){client.createRequest({testNo}, id2, callbackData2);},
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
-
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.process();
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca11_double_request_with_restart_func()
-{
- std::string testNo("11");
- cynara_check_id id, id2;
- Client client;
-
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- RequestEntity callbackData = {[&](){
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
- serviceManager.restartService();
- client.createRequest({testNo}, id2, callbackData2);
- },
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
-
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.process();
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca12_multiple_connections_without_requests_func()
-{
- std::string testNo("12");
-
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_FINISH};
-
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
- pid_t before = serviceManager.getServicePid();
- timeval beforeTimestamp = serviceManager.getServiceStartTimestamp();
-
- for (int i = 0; i < 10; ++i)
- {
- Client client;
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
- }
-
-//wait until cynara possibly restarts
- sleep(3);
-
- pid_t after = serviceManager.getServicePid();
- timeval afterTimestamp = serviceManager.getServiceStartTimestamp();
- RUNNER_ASSERT_MSG(after != 0,
- "cynara service not running. After = " << after << ".");
- RUNNER_ASSERT_MSG(before == after
- && beforeTimestamp.tv_sec == afterTimestamp.tv_sec
- && beforeTimestamp.tv_usec == afterTimestamp.tv_usec,
- "cynara service was restarted during the test. Before pid / timestamp = "
- << before << " / " << beforeTimestamp.tv_sec << "."
- << beforeTimestamp.tv_usec << " and after pid / timestamp = "
- << after << " / " << afterTimestamp.tv_sec << "."
- << afterTimestamp.tv_usec);
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_async_tests)
-
-RUN_CYNARA_TEST(tca01_initialize)
-RUN_CYNARA_TEST(tca02_empty_cache_miss)
-RUN_CYNARA_TEST(tca03_create_max_requests)
-RUN_CYNARA_TEST(tca04_request_and_process)
-RUN_CYNARA_TEST(tca05_request_and_cancel1)
-RUN_CYNARA_TEST(tca05_request_and_cancel2)
-RUN_CYNARA_TEST(tca05_request_and_cancel3)
-RUN_CYNARA_TEST(tca06_cancel_fail)
-RUN_CYNARA_TEST(tca07_request_with_data_insertion)
-RUN_CYNARA_TEST(tca08_disconnect1)
-RUN_CYNARA_TEST(tca08_disconnect2)
-RUN_CYNARA_TEST(tca08_disconnect3)
-RUN_CYNARA_TEST(tca09_disconnect_and_cancel1)
-RUN_CYNARA_TEST(tca09_disconnect_and_cancel2)
-RUN_CYNARA_TEST(tca10_double_request)
-RUN_CYNARA_TEST(tca11_double_request_with_restart)
-RUN_CYNARA_TEST(tca12_multiple_connections_without_requests)
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * @file test_cases_db.cpp
- * @author Pawel Wieczorek <p.wieczorek2@samsung.com>
- * @version 0.1
- * @brief Tests for Cynara's mechanism assuring integrity of database
- */
-
-#include <cynara_test_admin.h>
-#include <cynara_test_client.h>
-#include <cynara_test_commons.h>
-#include <cynara_test_env.h>
-#include <dpl/test/test_runner.h>
-#include <sys/smack.h>
-
-#include <service_manager.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <fstream>
-#include <glob.h>
-#include <iterator>
-#include <memory.h>
-#include <set>
-#include <string>
-#include <unistd.h>
-#include <vector>
-
-using namespace CynaraTestAdmin;
-using namespace CynaraTestClient;
-
-namespace
-{
-
-const std::string defDb("default");
-const std::string defDbAllow("defaultAllowed");
-const std::string nonEmptyDb("nonEmptyDatabase");
-const std::string cynaraTestPatternsPath("/etc/security-tests/db_patterns/");
-const std::string directoryWildcard("/*");
-
-void createDbFile(const std::string &filename)
-{
- int fileFd = TEMP_FAILURE_RETRY(creat(filename.c_str(), 0000));
- RUNNER_ASSERT_ERRNO_MSG(fileFd > 0, "Creating " << filename << " file failed");
- FdUniquePtr fileFdPtr(&fileFd);
-
- int ret = smack_fsetlabel(fileFd, CynaraTestConsts::LABEL.c_str(), SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Setting smack label failed");
-}
-
-void deleteDbFile(const std::string &filename)
-{
- RUNNER_ASSERT_ERRNO_MSG(!unlink(filename.c_str()), "Unable to unlink " << filename << " file");
-}
-
-bool unordered_files_match(const std::string &patternFilePath, const std::string &resultFilePath) {
- std::ifstream patternFile(patternFilePath, std::ifstream::in | std::ifstream::binary);
- std::ifstream resultFile(resultFilePath, std::ifstream::in | std::ifstream::binary);
-
- RUNNER_ASSERT_MSG(patternFile.is_open(), "Failed to open " << patternFile << ".");
- RUNNER_ASSERT_MSG(resultFile.is_open(), "Failed to open " << resultFile << ".");
-
- auto patternRecords = std::multiset<std::string>(std::istream_iterator<std::string>(patternFile),
- std::istream_iterator<std::string>());
-
- auto resultRecords = std::multiset<std::string>(std::istream_iterator<std::string>(resultFile),
- std::istream_iterator<std::string>());
-
- return patternRecords == resultRecords;
-}
-
-size_t glob_count(const std::string &source, const std::string &wildcard) {
- //for counting files in directory
- glob_t globbuf;
- std::string pattern = source + wildcard;
-
- //for freeing allocated memory
- GlobPtr globbufPtr(&globbuf);
-
- //actually count files in directory - including dotfiles
- RUNNER_ASSERT_MSG(0 == glob(pattern.c_str(), GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf),
- "Failed to search for requested pathnames in " << source << ".");
-
- return globbuf.gl_pathc;
-}
-
-size_t db_files_count(const std::string &source) {
- size_t dbFilesCount = 0;
-
- //database directory must not be empty
- RUNNER_ASSERT_MSG(0 != (dbFilesCount = glob_count(source, directoryWildcard)),
- "Unexpected condition: " << source << " was empty.");
-
- return dbFilesCount;
-}
-
-void compareDbs(const std::string &source)
-{
- //for accessing files in directory
- std::string patternDir = cynaraTestPatternsPath + source;
- DIR *patternDirPtr = nullptr;
- struct dirent *direntPtr;
-
- size_t patternFileCount = db_files_count(patternDir);
- size_t resultFileCount = db_files_count(CynaraTestConsts::DB_DIR);
-
- //directories do not match if there is different number of files
- RUNNER_ASSERT_MSG(patternFileCount == resultFileCount,
- "No match in database and pattern directory file count");
-
- //compare files in database directory with pattern directory
- RUNNER_ASSERT_ERRNO_MSG(patternDirPtr = opendir(patternDir.c_str()),
- "Opening " << patternDir << " directory failed");
- DirPtr patternDirScopedPtr(patternDirPtr);
-
- while ((direntPtr = readdir(patternDirPtr)) != nullptr) {
- if (!strcmp(direntPtr->d_name, ".")
- || !strcmp(direntPtr->d_name, ".."))
- continue;
- std::string patternName = patternDir + "/" + direntPtr->d_name;
- std::string resultName = CynaraTestConsts::DB_DIR + "/" + direntPtr->d_name;
-
- //comparing file saved db dir with reference file from patterns dir
- RUNNER_ASSERT_MSG(true == unordered_files_match(patternName, resultName),
- "No match in stored file and pattern file");
- }
-}
-
-} // anonymous namespace
-
-/**
- * @brief Lockdown initialization failure caused by fake guard existence
- * @test Expected result: refuse to write data to storage as long as guard file creation fails
- * 1. Create fake guard file with 0000 attributes in policy database
- * 2. Try to make a change (ALLOW) in default bucket (data dump should fail)
- * 3. Delete fake guard file from policy database
- * 4. Retry to make a change (ALLOW) in default bucket (data dump should proceed)
- * 5. Check if database is saved correctly
- */
-void tcdb01_lockdown_init_failure_func()
-{
- Admin admin;
- Client cynara;
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *extra = nullptr;
-
- const auto fakeBackupGuard = CynaraTestConsts::DB_DIR + "/guard";
-
- createDbFile(fakeBackupGuard);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra, CYNARA_API_OPERATION_FAILED);
-
- deleteDbFile(fakeBackupGuard);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- serviceManager.restartService();
- compareDbs(defDbAllow);
-}
-
-/**
- * @brief Failure during writing to backup (before lockdown)
- * @test Expected result: read from primary policy database
- * 1. Write ALLOW to default bucket
- * 2. Check if data is saved correctly
- * 3. Create fake backup file with 0000 attributes in policy database
- * 4. Try to make a change (DENY) in default bucket (data dump should fail)
- * 5. Reload Cynara - policies loaded from default bucket should still be ALLOW
- */
-void tcdb02_write_to_backup_failure_func()
-{
- Admin admin;
- Client cynara;
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *extra = nullptr;
-
- const auto fakeBucketDumpFile = CynaraTestConsts::DB_DIR + "/_~";
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- compareDbs(defDbAllow);
-
- createDbFile(fakeBucketDumpFile);
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra, CYNARA_API_OPERATION_FAILED);
-
- serviceManager.restartService();
- compareDbs(defDbAllow);
-}
-
-/**
- * @brief Check whether both invalid and valid backup databases are removed
- * @test Expected result: no unnecessary backup files in policy database directory
- * 1. Fail writing to backup database
- * 2. Reload Cynara - policies should be loaded from primary (valid) database
- * 3. Check if all backup files were removed
- * 4. Successfully write changes to database
- * 5. Reload Cynara - policies should be loaded from primary (revalidated) database
- * 6. Check if all backup files were removed
- */
-void tcdb03_invalid_and_valid_backup_removal_func()
-{
- Admin admin;
- Client cynara;
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *extra = nullptr;
-
- const auto defaultBucketDumpFile = CynaraTestConsts::DB_DIR + "/_~";
-
- createDbFile(defaultBucketDumpFile);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra, CYNARA_API_OPERATION_FAILED);
-
- serviceManager.restartService();
- compareDbs(defDb);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- serviceManager.restartService();
- compareDbs(defDbAllow);
-}
-
-/**
- * @brief Comparison between database modified by Cynara with expected one
- * @test Expected result: no differences between those files
- * 1. Write sample policy to database (and let it save to storage)
- * 2. Compare freshly saved files with samples from test patterns directory
- */
-void tcdb04_dumped_file_binary_comparison_func()
-{
- Admin admin;
- Client cynara;
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client";
- const char *user = "user";
- const char *privilege = "privilege";
- const char *extra = nullptr;
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp, CYNARA_API_SUCCESS);
- }
-
- compareDbs(nonEmptyDb);
-}
-
-/**
- * @brief Invalid database files removal
- * @test Expected result: no unnecessary files in policy database directory
- * 1. Fill Cynara's policy database directory with garbage:
- * - Sample backup file which should be removed earlier
- * - Sample bucket file which is not mentioned in index (shouldn't exist at all)
- * - Sample files which don't belong to database
- * 2. Reload Cynara
- * 3. Check if any of mentioned above files still remained
- */
-void tcdb05_non_indexed_files_removal_func()
-{
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
-
- std::vector<std::string> filenames = { "_broken-backup~", "_non-indexed-bucket",
- "some-file-that-doesnt-belong-here" };
-
- for (const auto &filename : filenames) {
- auto garbageFilename = CynaraTestConsts::DB_DIR + "/" + filename;
- createDbFile(garbageFilename);
- }
-
- serviceManager.restartService();
- compareDbs(defDb);
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_db_tests)
-
-RUN_CYNARA_TEST(tcdb01_lockdown_init_failure)
-RUN_CYNARA_TEST(tcdb02_write_to_backup_failure)
-RUN_CYNARA_TEST(tcdb03_invalid_and_valid_backup_removal)
-RUN_CYNARA_TEST(tcdb04_dumped_file_binary_comparison)
-RUN_CYNARA_TEST(tcdb05_non_indexed_files_removal)
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# @file config.cmake
-# @author Lukasz Marek (l.marek@samsung.com)
-# @version 1.0
-# @brief
-#
-
-SET(DPL_FRAMEWORK_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/framework/src/assert.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/atomic.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/binary_queue.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/colors.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/exception.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/gdbbacktrace.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/noncopyable.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/singleton.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/abstract_log_provider.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/dlog_log_provider.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/log.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/old_style_log_provider.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/test_results_collector.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/test_results_collector_commons.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/test_results_collector_console.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/test_results_collector_html.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/test_results_collector_summary.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/test_results_collector_xml.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/test_runner_child.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/test_runner.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/src/test_runner_multiprocess.cpp
-)
-
-SET(DPL_FRAMEWORK_TEST_INCLUDE_DIR
- ${PROJECT_SOURCE_DIR}/tests/framework/include
-)
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file abstract_input.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the header file of abstract input
- */
-#ifndef DPL_ABSTRACT_INPUT_H
-#define DPL_ABSTRACT_INPUT_H
-
-#include <dpl/exception.h>
-#include <memory>
-
-namespace DPL {
-class BinaryQueue;
-typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
-
-class AbstractInput
-{
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, ReadFailed)
- };
-
- public:
- virtual ~AbstractInput() {}
-
- /**
- * Read binary data from input
- * If no data is available method returns nullptr buffer.
- * In case connection was successfuly close, method returns empty buffer
- *
- * @param[in] size Maximum number of bytes to read from input
- * @return Buffer containing read bytes
- * @throw ReadFailed
- */
- virtual BinaryQueueAutoPtr Read(size_t size) = 0;
-};
-} // namespace DPL
-
-#endif // DPL_ABSTRACT_INPUT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file abstract_output.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the header file of abstract output
- */
-#ifndef DPL_ABSTRACT_INPUT_OUTPUT_H
-#define DPL_ABSTRACT_INPUT_OUTPUT_H
-
-#include <dpl/abstract_input.h>
-#include <dpl/abstract_output.h>
-
-namespace DPL {
-class AbstractInputOutput :
- public AbstractInput,
- public AbstractOutput
-{
- public:
- virtual ~AbstractInputOutput() {}
-};
-} // namespace DPL
-
-#endif // DPL_ABSTRACT_INPUT_OUTPUT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file abstract_output.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the header file of abstract output
- */
-#ifndef DPL_ABSTRACT_OUTPUT_H
-#define DPL_ABSTRACT_OUTPUT_H
-
-#include <dpl/exception.h>
-#include <memory>
-
-namespace DPL {
-class BinaryQueue;
-typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
-
-class AbstractOutput
-{
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, WriteFailed)
- };
-
- public:
- virtual ~AbstractOutput() {}
-
- /**
- * Write binary data to output
- * If output is blocked, Write returns zero, if instance is a type of
- * WaitableAbstractOutput one can wait for writability then
- *
- * @param[in] buffer Input buffer with data to be written
- * @param[in] bufferSize Maximum number of bytes to write from buffer
- * @return Number of bytes success successfuly written or zero if output is
- * blocked
- * @throw WriteFailed
- */
- virtual size_t Write(const BinaryQueue &buffer, size_t bufferSize) = 0;
-};
-} // namespace DPL
-
-#endif // DPL_ABSTRACT_OUTPUT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file assert.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of assert
- */
-#ifndef DPL_ASSERT_H
-#define DPL_ASSERT_H
-
-#include <dpl/noreturn.h>
-
-namespace DPL {
-// Assertion handler procedure
-// Do not call directly
-// Always use Assert macro
-DPL_NORETURN void AssertProc(const char *condition,
- const char *file,
- int line,
- const char *function);
-} // namespace DPL
-
-#define Assert(Condition) do { if (!(Condition)) { DPL::AssertProc(#Condition, \
- __FILE__, \
- __LINE__, \
- __FUNCTION__); \
- } } while (0)
-
-#endif // DPL_ASSERT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file atomic.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the header file of atomic
- */
-#ifndef DPL_ATOMIC_H
-#define DPL_ATOMIC_H
-
-#pragma GCC system_header
-#include <glib.h>
-
-namespace DPL {
-class Atomic
-{
- public:
- typedef gint ValueType;
-
- private:
- volatile ValueType m_value;
-
- public:
- Atomic(ValueType value = static_cast<ValueType>(0));
-
- ValueType ExchangeAndAdd(ValueType value);
- bool CompareAndExchange(ValueType oldValue, ValueType newValue);
- bool operator--();
- void operator++();
-
- operator ValueType() const;
-};
-} // namespace DPL
-
-#endif // DPL_ATOMIC_H
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file availability.h
- * @author Jihoon Chung (jihoon.chung@samsung.com)
- * @version 1.0
- */
-#ifndef DPL_AVAILABILITY_H
-#define DPL_AVAILABILITY_H
-
-#define DPL_DEPRECATED __attribute__((deprecated))
-#define DPL_DEPRECATED_WITH_MESSAGE(msg) __attribute__((deprecated(msg)))
-
-#define DPL_UNUSED __attribute__((unused))
-#define DPL_UNUSED_PARAM(variable) (void)variable
-
-#endif // DPL_AVAILABILITY_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file binary_queue.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the header file of binary queue
- */
-#ifndef DPL_BINARY_QUEUE_H
-#define DPL_BINARY_QUEUE_H
-
-#include <dpl/abstract_input_output.h>
-#include <dpl/exception.h>
-#include <dpl/noncopyable.h>
-#include <memory>
-#include <list>
-
-namespace DPL {
-/**
- * Binary stream implemented as constant size bucket list
- *
- * @todo Add optimized implementation for FlattenConsume
- */
-class BinaryQueue :
- public AbstractInputOutput
-{
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, OutOfData)
- };
-
- typedef void (*BufferDeleter)(const void *buffer, size_t bufferSize,
- void *userParam);
- static void BufferDeleterFree(const void *buffer,
- size_t bufferSize,
- void *userParam);
-
- class BucketVisitor
- {
- public:
- /**
- * Destructor
- */
- virtual ~BucketVisitor();
-
- /**
- * Visit bucket
- *
- * @return none
- * @param[in] buffer Constant pointer to bucket data buffer
- * @param[in] bufferSize Number of bytes in bucket
- */
- virtual void OnVisitBucket(const void *buffer, size_t bufferSize) = 0;
- };
-
- private:
- struct Bucket :
- private Noncopyable
- {
- const void *buffer;
- const void *ptr;
- size_t size;
- size_t left;
-
- BufferDeleter deleter;
- void *param;
-
- Bucket(const void *buffer,
- size_t bufferSize,
- BufferDeleter deleter,
- void *userParam);
- virtual ~Bucket();
- };
-
- typedef std::list<Bucket *> BucketList;
- BucketList m_buckets;
- size_t m_size;
-
- static void DeleteBucket(Bucket *bucket);
-
- class BucketVisitorCall
- {
- private:
- BucketVisitor *m_visitor;
-
- public:
- BucketVisitorCall(BucketVisitor *visitor);
- virtual ~BucketVisitorCall();
-
- void operator()(Bucket *bucket) const;
- };
-
- public:
- /**
- * Construct empty binary queue
- */
- BinaryQueue();
-
- /**
- * Construct binary queue via bare copy of other binary queue
- *
- * @param[in] other Other binary queue to copy from
- * @warning One cannot assume that bucket structure is preserved during copy
- */
- BinaryQueue(const BinaryQueue &other);
-
- /**
- * Destructor
- */
- virtual ~BinaryQueue();
-
- /**
- * Construct binary queue via bare copy of other binary queue
- *
- * @param[in] other Other binary queue to copy from
- * @warning One cannot assume that bucket structure is preserved during copy
- */
- const BinaryQueue &operator=(const BinaryQueue &other);
-
- /**
- * Append copy of @a bufferSize bytes from memory pointed by @a buffer
- * to the end of binary queue. Uses default deleter based on free.
- *
- * @return none
- * @param[in] buffer Pointer to buffer to copy data from
- * @param[in] bufferSize Number of bytes to copy
- * @exception std::bad_alloc Cannot allocate memory to hold additional data
- * @see BinaryQueue::BufferDeleterFree
- */
- void AppendCopy(const void *buffer, size_t bufferSize);
-
- /**
- * Append @a bufferSize bytes from memory pointed by @a buffer
- * to the end of binary queue. Uses custom provided deleter.
- * Responsibility for deleting provided buffer is transfered to BinaryQueue.
- *
- * @return none
- * @param[in] buffer Pointer to data buffer
- * @param[in] bufferSize Number of bytes available in buffer
- * @param[in] deleter Pointer to deleter procedure used to free provided
- * buffer
- * @param[in] userParam User parameter passed to deleter routine
- * @exception std::bad_alloc Cannot allocate memory to hold additional data
- */
- void AppendUnmanaged(
- const void *buffer,
- size_t bufferSize,
- BufferDeleter deleter =
- &BinaryQueue::BufferDeleterFree,
- void *userParam = nullptr);
-
- /**
- * Append copy of other binary queue to the end of this binary queue
- *
- * @return none
- * @param[in] other Constant reference to other binary queue to copy data
- * from
- * @exception std::bad_alloc Cannot allocate memory to hold additional data
- * @warning One cannot assume that bucket structure is preserved during copy
- */
- void AppendCopyFrom(const BinaryQueue &other);
-
- /**
- * Move bytes from other binary queue to the end of this binary queue.
- * This also removes all bytes from other binary queue.
- * This method is designed to be as fast as possible (only pointer swaps)
- * and is suggested over making copies of binary queues.
- * Bucket structure is preserved after operation.
- *
- * @return none
- * @param[in] other Reference to other binary queue to move data from
- * @exception std::bad_alloc Cannot allocate memory to hold additional data
- */
- void AppendMoveFrom(BinaryQueue &other);
-
- /**
- * Append copy of binary queue to the end of other binary queue
- *
- * @return none
- * @param[in] other Constant reference to other binary queue to copy data to
- * @exception std::bad_alloc Cannot allocate memory to hold additional data
- * @warning One cannot assume that bucket structure is preserved during copy
- */
- void AppendCopyTo(BinaryQueue &other) const;
-
- /**
- * Move bytes from binary queue to the end of other binary queue.
- * This also removes all bytes from binary queue.
- * This method is designed to be as fast as possible (only pointer swaps)
- * and is suggested over making copies of binary queues.
- * Bucket structure is preserved after operation.
- *
- * @return none
- * @param[in] other Reference to other binary queue to move data to
- * @exception std::bad_alloc Cannot allocate memory to hold additional data
- */
- void AppendMoveTo(BinaryQueue &other);
-
- /**
- * Retrieve total size of all data contained in binary queue
- *
- * @return Number of bytes in binary queue
- */
- size_t Size() const;
-
- /**
- * Remove all data from binary queue
- *
- * @return none
- */
- void Clear();
-
- /**
- * Check if binary queue is empty
- *
- * @return true if binary queue is empty, false otherwise
- */
- bool Empty() const;
-
- /**
- * Remove @a size bytes from beginning of binary queue
- *
- * @return none
- * @param[in] size Number of bytes to remove
- * @exception BinaryQueue::Exception::OutOfData Number of bytes is larger
- * than available bytes in binary queue
- */
- void Consume(size_t size);
-
- /**
- * Retrieve @a bufferSize bytes from beginning of binary queue and copy them
- * to user supplied buffer
- *
- * @return none
- * @param[in] buffer Pointer to user buffer to receive bytes
- * @param[in] bufferSize Size of user buffer pointed by @a buffer
- * @exception BinaryQueue::Exception::OutOfData Number of bytes to flatten
- * is larger than available bytes in binary queue
- */
- void Flatten(void *buffer, size_t bufferSize) const;
-
- /**
- * Retrieve @a bufferSize bytes from beginning of binary queue, copy them
- * to user supplied buffer, and remove from binary queue
- *
- * @return none
- * @param[in] buffer Pointer to user buffer to receive bytes
- * @param[in] bufferSize Size of user buffer pointed by @a buffer
- * @exception BinaryQueue::Exception::OutOfData Number of bytes to flatten
- * is larger than available bytes in binary queue
- */
- void FlattenConsume(void *buffer, size_t bufferSize);
-
- /**
- * Visit each buffer with data using visitor object
- *
- * @return none
- * @param[in] visitor Pointer to bucket visitor
- * @see BinaryQueue::BucketVisitor
- */
- void VisitBuckets(BucketVisitor *visitor) const;
-
- /**
- * IAbstractInput interface
- */
- virtual BinaryQueueAutoPtr Read(size_t size);
-
- /**
- * IAbstractOutput interface
- */
- virtual size_t Write(const BinaryQueue &buffer, size_t bufferSize);
-};
-
-/**
- * Binary queue auto pointer
- */
-typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr;
-} // namespace DPL
-
-#endif // DPL_BINARY_QUEUE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file colors.h
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief Some constants with definition of colors for Console
- * and html output
- */
-
-#ifndef DPL_COLORS_H
-#define DPL_COLORS_H
-
-namespace DPL {
-namespace Colors {
-namespace Text {
-extern const char* BOLD_GREEN_BEGIN;
-extern const char* BOLD_GREEN_END;
-extern const char* PURPLE_BEGIN;
-extern const char* PURPLE_END;
-extern const char* RED_BEGIN;
-extern const char* RED_END;
-extern const char* GREEN_BEGIN;
-extern const char* GREEN_END;
-extern const char* CYAN_BEGIN;
-extern const char* CYAN_END;
-extern const char* BOLD_RED_BEGIN;
-extern const char* BOLD_RED_END;
-extern const char* BOLD_YELLOW_BEGIN;
-extern const char* BOLD_YELLOW_END;
-extern const char* BOLD_GOLD_BEGIN;
-extern const char* BOLD_GOLD_END;
-extern const char* BOLD_WHITE_BEGIN;
-extern const char* BOLD_WHITE_END;
-} //namespace Text
-
-namespace Html {
-extern const char* BOLD_GREEN_BEGIN;
-extern const char* BOLD_GREEN_END;
-extern const char* PURPLE_BEGIN;
-extern const char* PURPLE_END;
-extern const char* RED_BEGIN;
-extern const char* RED_END;
-extern const char* GREEN_BEGIN;
-extern const char* GREEN_END;
-extern const char* CYAN_BEGIN;
-extern const char* CYAN_END;
-extern const char* BOLD_RED_BEGIN;
-extern const char* BOLD_RED_END;
-extern const char* BOLD_YELLOW_BEGIN;
-extern const char* BOLD_YELLOW_END;
-extern const char* BOLD_GOLD_BEGIN;
-extern const char* BOLD_GOLD_END;
-extern const char* BOLD_WHITE_BEGIN;
-extern const char* BOLD_WHITE_END;
-} //namespace Html
-} //namespace Colors
-} //namespace DPL
-
-#endif /* DPL_COLORS_H */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file exception.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief Header file for base exception
- */
-#ifndef DPL_EXCEPTION_H
-#define DPL_EXCEPTION_H
-
-#include <string>
-#include <cstring>
-#include <cstdio>
-#include <exception>
-#include <cstdlib>
-#include <sstream>
-
-namespace DPL {
-void LogUnhandledException(const std::string &str);
-void LogUnhandledException(const std::string &str,
- const char *filename,
- int line,
- const char *function);
-}
-
-namespace DPL {
-class Exception
-{
- private:
- static unsigned int m_exceptionCount;
- static Exception* m_lastException;
- static void (*m_terminateHandler)();
-
- static void AddRef(Exception* exception)
- {
- if (!m_exceptionCount) {
- m_terminateHandler = std::set_terminate(&TerminateHandler);
- }
-
- ++m_exceptionCount;
- m_lastException = exception;
- }
-
- static void UnRef(Exception* e)
- {
- if (m_lastException == e) {
- m_lastException = nullptr;
- }
-
- --m_exceptionCount;
-
- if (!m_exceptionCount) {
- std::set_terminate(m_terminateHandler);
- m_terminateHandler = nullptr;
- }
- }
-
- static void TerminateHandler()
- {
- if (m_lastException != nullptr) {
- DisplayKnownException(*m_lastException);
- abort();
- } else {
- DisplayUnknownException();
- abort();
- }
- }
-
- Exception *m_reason;
- std::string m_path;
- std::string m_function;
- int m_line;
-
- protected:
- std::string m_message;
- std::string m_className;
-
- public:
- static std::string KnownExceptionToString(const Exception &e)
- {
- std::ostringstream message;
- message <<
- "\033[1;5;31m\n=== Unhandled DPL exception occurred ===\033[m\n\n";
- message << "\033[1;33mException trace:\033[m\n\n";
- message << e.DumpToString();
- message << "\033[1;31m\n=== Will now abort ===\033[m\n";
-
- return message.str();
- }
-
- static std::string UnknownExceptionToString()
- {
- std::ostringstream message;
- message <<
- "\033[1;5;31m\n=== Unhandled non-DPL exception occurred ===\033[m\n\n";
- message << "\033[1;31m\n=== Will now abort ===\033[m\n";
-
- return message.str();
- }
-
- static void DisplayKnownException(const Exception& e)
- {
- LogUnhandledException(KnownExceptionToString(e).c_str());
- }
-
- static void DisplayUnknownException()
- {
- LogUnhandledException(UnknownExceptionToString().c_str());
- }
-
- Exception(const Exception &other)
- {
- // Deep copy
- if (other.m_reason != nullptr) {
- m_reason = new Exception(*other.m_reason);
- } else {
- m_reason = nullptr;
- }
-
- m_message = other.m_message;
- m_path = other.m_path;
- m_function = other.m_function;
- m_line = other.m_line;
-
- m_className = other.m_className;
-
- AddRef(this);
- }
-
- const Exception &operator =(const Exception &other)
- {
- if (this == &other) {
- return *this;
- }
-
- // Deep copy
- if (other.m_reason != nullptr) {
- m_reason = new Exception(*other.m_reason);
- } else {
- m_reason = nullptr;
- }
-
- m_message = other.m_message;
- m_path = other.m_path;
- m_function = other.m_function;
- m_line = other.m_line;
-
- m_className = other.m_className;
-
- AddRef(this);
-
- return *this;
- }
-
- Exception(const char *path,
- const char *function,
- int line,
- const std::string &message) :
- m_reason(nullptr),
- m_path(path),
- m_function(function),
- m_line(line),
- m_message(message)
- {
- AddRef(this);
- }
-
- Exception(const char *path,
- const char *function,
- int line,
- const Exception &reason,
- const std::string &message) :
- m_reason(new Exception(reason)),
- m_path(path),
- m_function(function),
- m_line(line),
- m_message(message)
- {
- AddRef(this);
- }
-
- virtual ~Exception() throw()
- {
- if (m_reason != nullptr) {
- delete m_reason;
- m_reason = nullptr;
- }
-
- UnRef(this);
- }
-
- void Dump() const
- {
- // Show reason first
- if (m_reason != nullptr) {
- m_reason->Dump();
- }
-
- // Afterward, dump exception
- const char *file = strchr(m_path.c_str(), '/');
-
- if (file == nullptr) {
- file = m_path.c_str();
- } else {
- ++file;
- }
-
- printf("\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n",
- file, m_line,
- m_function.c_str(),
- m_className.c_str(),
- m_message.empty() ? "<EMPTY>" : m_message.c_str());
- }
-
- std::string DumpToString() const
- {
- std::string ret;
- if (m_reason != nullptr) {
- ret = m_reason->DumpToString();
- }
-
- const char *file = strchr(m_path.c_str(), '/');
-
- if (file == nullptr) {
- file = m_path.c_str();
- } else {
- ++file;
- }
-
- char buf[1024];
- snprintf(buf,
- sizeof(buf),
- "\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n",
- file,
- m_line,
- m_function.c_str(),
- m_className.c_str(),
- m_message.empty() ? "<EMPTY>" : m_message.c_str());
-
- buf[sizeof(buf) - 1] = '\n';
- ret += buf;
-
- return ret;
- }
-
- Exception *GetReason() const
- {
- return m_reason;
- }
-
- std::string GetPath() const
- {
- return m_path;
- }
-
- std::string GetFunction() const
- {
- return m_function;
- }
-
- int GetLine() const
- {
- return m_line;
- }
-
- std::string GetMessage() const
- {
- return m_message;
- }
-
- std::string GetClassName() const
- {
- return m_className;
- }
-};
-} // namespace DPL
-
-#define Try try
-
-#define Throw(ClassName) \
- throw ClassName(__FILE__, __FUNCTION__, __LINE__)
-
-#define ThrowMsg(ClassName, Message) \
- do \
- { \
- std::ostringstream dplLoggingStream; \
- dplLoggingStream << Message; \
- throw ClassName(__FILE__, __FUNCTION__, __LINE__, dplLoggingStream.str()); \
- } while (0)
-
-#define ReThrow(ClassName) \
- throw ClassName(__FILE__, __FUNCTION__, __LINE__, _rethrown_exception)
-
-#define ReThrowMsg(ClassName, Message) \
- throw ClassName(__FILE__, \
- __FUNCTION__, \
- __LINE__, \
- _rethrown_exception, \
- Message)
-
-#define Catch(ClassName) \
- catch (const ClassName &_rethrown_exception)
-
-#define DECLARE_EXCEPTION_TYPE(BaseClass, Class) \
- class Class : \
- public BaseClass \
- { \
- public: \
- Class(const char *path, \
- const char *function, \
- int line, \
- const std::string & message = std::string()) : \
- BaseClass(path, function, line, message) \
- { \
- BaseClass::m_className = #Class; \
- } \
- \
- Class(const char *path, \
- const char *function, \
- int line, \
- const DPL::Exception & reason, \
- const std::string & message = std::string()) : \
- BaseClass(path, function, line, reason, message) \
- { \
- BaseClass::m_className = #Class; \
- } \
- };
-
-#define UNHANDLED_EXCEPTION_HANDLER_BEGIN try
-
-#define UNHANDLED_EXCEPTION_HANDLER_END \
- catch (const DPL::Exception &exception) \
- { \
- std::ostringstream msg; \
- msg << DPL::Exception::KnownExceptionToString(exception); \
- DPL::LogUnhandledException(msg.str(), __FILE__, __LINE__, __FUNCTION__); \
- abort(); \
- } \
- catch (std::exception& e) \
- { \
- std::ostringstream msg; \
- msg << e.what(); \
- msg << "\n"; \
- msg << DPL::Exception::UnknownExceptionToString(); \
- DPL::LogUnhandledException(msg.str(), __FILE__, __LINE__, __FUNCTION__); \
- abort(); \
- } \
- catch (...) \
- { \
- std::ostringstream msg; \
- msg << DPL::Exception::UnknownExceptionToString(); \
- DPL::LogUnhandledException(msg.str(), __FILE__, __LINE__, __FUNCTION__); \
- abort(); \
- }
-
-namespace DPL {
-namespace CommonException {
-/**
- * Internal exception definitions
- *
- * These should normally not happen.
- * Usually, exception trace with internal error includes
- * important messages.
- */
-DECLARE_EXCEPTION_TYPE(Exception, InternalError) ///< Unexpected error from
- // underlying libraries or
- // kernel
-}
-}
-
-#endif // DPL_EXCEPTION_H
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file gdbbacktrace.h
- * @author Pawel Broda (p.broda@partner.samsung.com)
- * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
- * @version 1.0
- * @brief API providing backtrace
- */
-
-#ifndef _GDBBACKTRACE_H_
-#define _GDBBACKTRACE_H_
-
-#include <string>
-
-namespace DPL {
-
-std::string gdbbacktrace(void);
-
-} // namespace DPL
-
-#endif // _GDBBACKTRACE_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file abstract_log_provider.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of abstract log provider
- */
-#ifndef DPL_ABSTRACT_LOG_PROVIDER_H
-#define DPL_ABSTRACT_LOG_PROVIDER_H
-
-namespace DPL {
-namespace Log {
-class AbstractLogProvider
-{
- public:
- virtual ~AbstractLogProvider() {}
-
- virtual void Debug(const char *message,
- const char *fileName,
- int line,
- const char *function) = 0;
- virtual void Info(const char *message,
- const char *fileName,
- int line,
- const char *function) = 0;
- virtual void Warning(const char *message,
- const char *fileName,
- int line,
- const char *function) = 0;
- virtual void Error(const char *message,
- const char *fileName,
- int line,
- const char *function) = 0;
- virtual void Pedantic(const char *message,
- const char *fileName,
- int line,
- const char *function) = 0;
-
- protected:
- static const char *LocateSourceFileName(const char *filename);
-};
-}
-} // namespace DPL
-
-#endif // DPL_ABSTRACT_LOG_PROVIDER_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dlog_log_provider.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of DLOG log provider
- */
-#ifndef DPL_DLOG_LOG_PROVIDER_H
-#define DPL_DLOG_LOG_PROVIDER_H
-
-#include <dpl/log/abstract_log_provider.h>
-#include <dpl/scoped_free.h>
-#include <string>
-
-namespace DPL {
-namespace Log {
-class DLOGLogProvider :
- public AbstractLogProvider
-{
- private:
- DPL::ScopedFree<char> m_tag;
-
- static std::string FormatMessage(const char *message,
- const char *filename,
- int line,
- const char *function);
-
- public:
- DLOGLogProvider();
- virtual ~DLOGLogProvider();
-
- virtual void Debug(const char *message,
- const char *fileName,
- int line,
- const char *function);
- virtual void Info(const char *message,
- const char *fileName,
- int line,
- const char *function);
- virtual void Warning(const char *message,
- const char *fileName,
- int line,
- const char *function);
- virtual void Error(const char *message,
- const char *fileName,
- int line,
- const char *function);
- virtual void Pedantic(const char *message,
- const char *fileName,
- int line,
- const char *function);
-
- // Set global Tag according to DLOG
- void SetTag(const char *tag);
-};
-}
-} // namespace DPL
-
-#endif // DPL_DLOG_LOG_PROVIDER_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file log.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of log system
- */
-#ifndef DPL_LOG_H
-#define DPL_LOG_H
-
-#include <dpl/singleton.h>
-#include <dpl/noncopyable.h>
-#include <dpl/log/abstract_log_provider.h>
-#include <dpl/log/dlog_log_provider.h>
-#include <dpl/log/old_style_log_provider.h>
-#include <sstream>
-#include <list>
-
-namespace DPL {
-namespace Log {
-/**
- * DPL log system
- *
- * To switch logs into old style, export
- * DPL_USE_OLD_STYLE_LOGS before application start
- */
-class LogSystem :
- private Noncopyable
-{
- private:
- typedef std::list<AbstractLogProvider *> AbstractLogProviderPtrList;
- AbstractLogProviderPtrList m_providers;
-
- DLOGLogProvider *m_dlogProvider;
- OldStyleLogProvider *m_oldStyleProvider;
-
- bool m_isLoggingEnabled;
-
- public:
- bool IsLoggingEnabled() const;
- LogSystem();
- virtual ~LogSystem();
-
- /**
- * Log debug message
- */
- void Debug(const char *message,
- const char *filename,
- int line,
- const char *function);
-
- /**
- * Log info message
- */
- void Info(const char *message,
- const char *filename,
- int line,
- const char *function);
-
- /**
- * Log warning message
- */
- void Warning(const char *message,
- const char *filename,
- int line,
- const char *function);
-
- /**
- * Log error message
- */
- void Error(const char *message,
- const char *filename,
- int line,
- const char *function);
-
- /**
- * Log pedantic message
- */
- void Pedantic(const char *message,
- const char *filename,
- int line,
- const char *function);
-
- /**
- * Set default's DLOG provider Tag
- */
- void SetTag(const char *tag);
-
- /**
- * Add abstract provider to providers list
- *
- * @notice Ownership is transfered to LogSystem and deleted upon exit
- */
- void AddProvider(AbstractLogProvider *provider);
-
- /**
- * Remove abstract provider from providers list
- */
- void RemoveProvider(AbstractLogProvider *provider);
-};
-
-/*
- * Replacement low overhead null logging class
- */
-class NullStream
-{
- public:
- NullStream() {}
-
- template <typename T>
- NullStream& operator<<(const T&)
- {
- return *this;
- }
-};
-
-/**
- * Log system singleton
- */
-typedef Singleton<LogSystem> LogSystemSingleton;
-}
-} // namespace DPL
-
-//
-// Log support
-//
-//
-
-#ifdef DPL_LOGS_ENABLED
- #define DPL_MACRO_FOR_LOGGING(message, function) \
- do \
- { \
- if (DPL::Log::LogSystemSingleton::Instance().IsLoggingEnabled()) \
- { \
- std::ostringstream platformLog; \
- platformLog << message; \
- DPL::Log::LogSystemSingleton::Instance().function( \
- platformLog.str().c_str(), \
- __FILE__, __LINE__, __FUNCTION__); \
- } \
- } while (0)
-#else
-/* avoid warnings about unused variables */
- #define DPL_MACRO_FOR_LOGGING(message, function) \
- do { \
- DPL::Log::NullStream ns; \
- ns << message; \
- } while (0)
-#endif
-
-#define LogDebug(message) DPL_MACRO_FOR_LOGGING(message, Debug)
-#define LogInfo(message) DPL_MACRO_FOR_LOGGING(message, Info)
-#define LogWarning(message) DPL_MACRO_FOR_LOGGING(message, Warning)
-#define LogError(message) DPL_MACRO_FOR_LOGGING(message, Error)
-#define LogPedantic(message) DPL_MACRO_FOR_LOGGING(message, Pedantic)
-
-#endif // DPL_LOG_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file old_style_log_provider.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of old style log provider
- */
-#ifndef DPL_OLD_STYLE_LOG_PROVIDER_H
-#define DPL_OLD_STYLE_LOG_PROVIDER_H
-
-#include <dpl/log/abstract_log_provider.h>
-#include <string>
-
-namespace DPL {
-namespace Log {
-class OldStyleLogProvider :
- public AbstractLogProvider
-{
- private:
- bool m_showDebug;
- bool m_showInfo;
- bool m_showWarning;
- bool m_showError;
- bool m_showPedantic;
- bool m_printStdErr;
-
- static std::string FormatMessage(const char *message,
- const char *filename,
- int line,
- const char *function);
-
- public:
- OldStyleLogProvider(bool showDebug,
- bool showInfo,
- bool showWarning,
- bool showError,
- bool showPedantic);
- OldStyleLogProvider(bool showDebug,
- bool showInfo,
- bool showWarning,
- bool showError,
- bool showPedantic,
- bool printStdErr);
- virtual ~OldStyleLogProvider() {}
-
- virtual void Debug(const char *message,
- const char *fileName,
- int line,
- const char *function);
- virtual void Info(const char *message,
- const char *fileName,
- int line,
- const char *function);
- virtual void Warning(const char *message,
- const char *fileName,
- int line,
- const char *function);
- virtual void Error(const char *message,
- const char *fileName,
- int line,
- const char *function);
- virtual void Pedantic(const char *message,
- const char *fileName,
- int line,
- const char *function);
-};
-}
-} // namespace DPL
-
-#endif // DPL_OLD_STYLE_LOG_PROVIDER_H
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file secure_log.h
- * @author Jihoon Chung(jihoon.chung@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef DPL_SECURE_LOG_H
-#define DPL_SECURE_LOG_H
-
-#include <dlog.h>
-
-#define COLOR_ERROR "\e[1;31m"
-#define COLOR_WARNING "\e[2;31m"
-#define COLOR_END "\e[0m"
-#define COLOR_TAG "\e[0m"
-
-// default TAG
-#undef LOG_TAG
-#define LOG_TAG "WRT_UNDEFINED"
-
-#ifdef WRT_LOG
-#undef LOG_TAG
-#define LOG_TAG "WRT"
-#undef COLOR_TAG
-#define COLOR_TAG "\e[1;32m"
-#endif
-
-#ifdef WRT_BUNDLE_LOG
-#undef LOG_TAG
-#define LOG_TAG "WRT_BUNDLE"
-#undef COLOR_TAG
-#define COLOR_TAG "\e[1;34m"
-#endif
-
-#ifdef WRT_PLUGINS_COMMON_LOG
-#undef LOG_TAG
-#define LOG_TAG "WRT_PLUGINS/COMMON"
-#undef COLOR_TAG
-#define COLOR_TAG "\e[1;36m"
-#endif
-
-#ifdef WRT_PLUGINS_WIDGET_LOG
-#undef LOG_TAG
-#define LOG_TAG "WRT_PLUGINS/WIDGET"
-#undef COLOR_TAG
-#define COLOR_TAG "\e[1;35m"
-#endif
-
-#ifdef WRT_INSTALLER_LOG
-#undef LOG_TAG
-#define LOG_TAG "WRT_INSTALLER"
-#undef COLOR_TAG
-#define COLOR_TAG "\e[1;32m"
-#endif
-
-#ifndef SECURE_SLOGD
-#define SECURE_SLOGD(fmt, arg...) SLOGD(fmt,##arg)
-#endif
-
-#ifndef SECURE_SLOGW
-#define SECURE_SLOGW(fmt, arg...) SLOGW(fmt,##arg)
-#endif
-
-#ifndef SECURE_SLOGE
-#define SECURE_SLOGE(fmt, arg...) SLOGE(fmt,##arg)
-#endif
-
-#define _D(fmt, arg ...) SECURE_SLOGD(COLOR_TAG fmt COLOR_END,##arg)
-#define _W(fmt, arg ...) SECURE_SLOGW(COLOR_WARNING fmt COLOR_END,##arg)
-#define _E(fmt, arg ...) SECURE_SLOGE(COLOR_ERROR fmt COLOR_END,##arg)
-
-#endif // DPL_SECURE_LOG_H
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file noncopyable
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of noncopyable
- */
-#ifndef DPL_NONCOPYABLE_H
-#define DPL_NONCOPYABLE_H
-
-namespace DPL {
-class Noncopyable
-{
- private:
- Noncopyable(const Noncopyable &);
- const Noncopyable &operator=(const Noncopyable &);
-
- public:
- Noncopyable();
- virtual ~Noncopyable();
-};
-} // namespace DPL
-
-#endif // DPL_NONCOPYABLE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file noreturn.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of noreturn
- */
-#ifndef DPL_NORETURN_H
-#define DPL_NORETURN_H
-
-#define DPL_NORETURN __attribute__((__noreturn__))
-
-#endif // DPL_NORETURN_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*!
- * @file scoped_fclose.h
- * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of scoped fclose RAII
- */
-#ifndef DPL_SCOPED_FCLOSE_H
-#define DPL_SCOPED_FCLOSE_H
-
-#include <unistd.h>
-#include <string.h>
-#include <errno.h>
-#include <cerrno>
-#include <cstdio>
-#include <string>
-#include <dpl/log/log.h>
-#include <dpl/scoped_resource.h>
-
-namespace DPL {
-struct ScopedFClosePolicy
-{
- typedef FILE* Type;
- static Type NullValue()
- {
- return nullptr;
- }
- static void Destroy(Type file)
- {
- if (file != nullptr) {
- // Try to flush first
- if (TEMP_FAILURE_RETRY(fflush(file)) != 0) {
- std::string errString = strerror(errno);
- LogPedantic("Failed to fflush scoped fclose error: "
- << errString);
- }
-
- // fclose cannot be retried, try to close once
- if (fclose(file) != 0) {
- std::string errString = strerror(errno);
- LogPedantic("Failed scoped fclose error: " << errString);
- }
- }
- }
-};
-
-class ScopedFClose : public ScopedResource<ScopedFClosePolicy>
-{
- typedef ScopedFClosePolicy Policy;
- typedef ScopedResource<Policy> BaseType;
-
- public:
- explicit ScopedFClose(FILE* argFileStream = Policy::NullValue()) :
- BaseType(argFileStream)
- {}
-};
-} // namespace DPL
-
-#endif // DPL_SCOPED_FCLOSE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*!
- * @file scoped_free.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of scoped free RAII
- */
-
-#ifndef DPL_SCOPED_FREE_H
-#define DPL_SCOPED_FREE_H
-
-#include <malloc.h>
-#include <cstddef>
-
-#include <dpl/scoped_resource.h>
-
-namespace DPL {
-template<typename Class>
-struct ScopedFreePolicy
-{
- typedef Class* Type;
- static Type NullValue()
- {
- return nullptr;
- }
- static void Destroy(Type ptr)
- {
- free(ptr);
- }
-};
-
-template<typename Memory>
-class ScopedFree : public ScopedResource<ScopedFreePolicy<Memory> >
-{
- typedef ScopedFreePolicy<Memory> Policy;
- typedef ScopedResource<Policy> BaseType;
-
- public:
- explicit ScopedFree(Memory *ptr = Policy::NullValue()) : BaseType(ptr) { }
-};
-} // namespace DPL
-
-#endif // DPL_SCOPED_FREE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file scoped_resource.h
- * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of scoped resource pattern
- */
-#ifndef DPL_SCOPED_RESOURCE_H
-#define DPL_SCOPED_RESOURCE_H
-
-#include <dpl/noncopyable.h>
-
-namespace DPL {
-template<typename ClassPolicy>
-class ScopedResource :
- private Noncopyable
-{
- public:
- typedef typename ClassPolicy::Type ValueType;
- typedef ScopedResource<ClassPolicy> ThisType;
-
- protected:
- ValueType m_value;
-
- public:
- explicit ScopedResource(ValueType value) : m_value(value) { }
-
- ~ScopedResource()
- {
- ClassPolicy::Destroy(m_value);
- }
-
- ValueType Get() const
- {
- return m_value;
- }
-
- void Reset(ValueType value = ClassPolicy::NullValue())
- {
- ClassPolicy::Destroy(m_value);
- m_value = value;
- }
-
- ValueType Release()
- {
- ValueType value = m_value;
- m_value = ClassPolicy::NullValue();
- return value;
- }
- typedef ValueType ThisType::*UnknownBoolType;
-
- operator UnknownBoolType() const
- {
- return m_value == ClassPolicy::NullValue() ?
- 0 : //0 is valid here because it converts to false
- &ThisType::m_value; //it converts to true
- }
-
- bool operator !() const
- {
- return m_value == ClassPolicy::NullValue();
- }
-};
-} // namespace DPL
-
-#endif // DPL_SCOPED_RESOURCE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file singleton.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of singleton
- */
-#ifndef DPL_SINGLETON_H
-#define DPL_SINGLETON_H
-
-#include <dpl/assert.h>
-
-namespace DPL {
-template<typename Class>
-class Singleton :
- private Class
-{
- //
- // Note:
- //
- // To remove posibility of instantiating directly Class,
- // make Class' default constructor protected
- //
-
- private:
- Singleton()
- {}
-
- static Singleton &InternalInstance();
-
- public:
- virtual ~Singleton()
- {}
-
- static Class &Instance();
-};
-} // namespace DPL
-
-#endif // DPL_SINGLETON_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file singleton_impl.h
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of singleton
- */
-#ifndef DPL_SINGLETON_IMPL_H
-#define DPL_SINGLETON_IMPL_H
-
-/*
- * WARNING!
- *
- * If some singleton's implementation uses another singletons implementation,
- * those templates make the second singleton a dubleton. Be warned. Try to use
- * singleton_safe_impl.h if possible.
- */
-
-namespace DPL {
-template<typename Class>
-Singleton<Class>& Singleton<Class>::InternalInstance()
-{
- static Singleton<Class> instance;
- return instance;
-}
-
-template<typename Class>
-Class &Singleton<Class>::Instance()
-{
- Singleton<Class>& instance = Singleton<Class>::InternalInstance();
- return instance;
-}
-} // namespace DPL
-
-#define IMPLEMENT_SINGLETON(Type) \
- template DPL::Singleton<Type>&DPL::Singleton<Type>::InternalInstance(); \
- template Type & DPL::Singleton<Type>::Instance(); \
-
-#endif // DPL_SINGLETON_IMPL_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file singleton_safe_impl.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of singleton
- */
-#ifndef DPL_SINGLETON_SAFE_IMPL_H
-#define DPL_SINGLETON_SAFE_IMPL_H
-
-#define IMPLEMENT_SAFE_SINGLETON(Class) \
- namespace DPL { \
- template<> \
- Singleton<Class>&Singleton<Class>::InternalInstance() \
- { \
- static Singleton<Class> instance; \
- return instance; \
- } \
- \
- template<> \
- Class & Singleton<Class>::Instance() \
- { \
- Singleton<Class>& instance = Singleton<Class>::InternalInstance(); \
- return instance; \
- } \
- \
- template Singleton<Class>&Singleton<Class>::InternalInstance(); \
- template Class & Singleton<Class>::Instance(); \
- } // namespace DPL
-
-#endif // DPL_SINGLETON_SAFE_IMPL_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file statistic.h
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Header file with implementation of Statistic class
- */
-
-#ifndef DPL_TEST_STATISTIC_H
-#define DPL_TEST_STATISTIC_H
-
-#include <cstddef>
-
-#include <dpl/assert.h>
-#include <dpl/test/test_results_collector.h>
-
-namespace DPL {
-namespace Test {
-
-class Statistic
-{
- public:
- Statistic() :
- m_failed(0),
- m_ignored(0),
- m_passed(0),
- m_count(0)
- {}
-
- void AddTest(TestResultsCollectorBase::FailStatus status)
- {
- ++m_count;
- switch (status) {
- case TestResultsCollectorBase::FailStatus::FAILED: ++m_failed;
- break;
- case TestResultsCollectorBase::FailStatus::IGNORED: ++m_ignored;
- break;
- case TestResultsCollectorBase::FailStatus::NONE: ++m_passed;
- break;
- default:
- Assert(false && "Bad FailStatus");
- }
- }
-
- std::size_t GetTotal() const
- {
- return m_count;
- }
- std::size_t GetPassed() const
- {
- return m_passed;
- }
- std::size_t GetSuccesed() const
- {
- return m_passed;
- }
- std::size_t GetFailed() const
- {
- return m_failed;
- }
- std::size_t GetIgnored() const
- {
- return m_ignored;
- }
- float GetPassedOrIgnoredPercend() const
- {
- float passIgnoredPercent =
- 100.0f * (static_cast<float>(m_passed)
- + static_cast<float>(m_ignored))
- / static_cast<float>(m_count);
- return passIgnoredPercent;
- }
-
- private:
- std::size_t m_failed;
- std::size_t m_ignored;
- std::size_t m_passed;
- std::size_t m_count;
-};
-
-} // namespace Test
-} // namespace DPL
-
-#endif // DPL_TEST_STATISTIC_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector.h
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief Header file with declaration of TestResultsCollectorBase
- */
-
-#ifndef DPL_TEST_RESULTS_COLLECTOR_H
-#define DPL_TEST_RESULTS_COLLECTOR_H
-
-#include <dpl/noncopyable.h>
-#include <vector>
-#include <list>
-#include <map>
-#include <chrono>
-#include <string>
-#include <memory>
-
-namespace DPL {
-namespace Test {
-class TestResultsCollectorBase;
-typedef std::shared_ptr<TestResultsCollectorBase>
-TestResultsCollectorBasePtr;
-
-class TestResultsCollectorBase :
- private DPL::Noncopyable
-{
- public:
- typedef TestResultsCollectorBase* (*CollectorConstructorFunc)();
- typedef std::list<std::string> TestCaseIdList;
- enum class FailStatus
- {
- NONE,
- FAILED,
- IGNORED
- };
-
- virtual ~TestResultsCollectorBase() {}
-
- virtual bool Configure()
- {
- return true;
- }
- virtual void Start() { }
- virtual void Finish() { }
- virtual void CollectCurrentTestGroupName(const std::string& /*groupName*/)
- {}
-
- virtual void CollectTestsCasesList(const TestCaseIdList& /*list*/) {}
- virtual void CollectResult(const std::string& id,
- const FailStatus status = FailStatus::NONE,
- const std::string& reason = "",
- const bool& isPerformanceTest = false,
- const std::chrono::system_clock::duration& performanceTime = std::chrono::microseconds::zero(),
- const std::chrono::system_clock::duration& performanceMaxTime = std::chrono::microseconds::zero()) = 0;
- virtual std::string CollectorSpecificHelp() const
- {
- return "";
- }
- virtual bool ParseCollectorSpecificArg (const std::string& /*arg*/)
- {
- return false;
- }
-
- static TestResultsCollectorBase* Create(const std::string& name);
- static void RegisterCollectorConstructor(
- const std::string& name,
- CollectorConstructorFunc
- constructor);
- static std::vector<std::string> GetCollectorsNames();
-
- private:
- typedef std::map<std::string, CollectorConstructorFunc> ConstructorsMap;
- static ConstructorsMap m_constructorsMap;
-};
-}
-}
-
-#endif /* DPL_TEST_RESULTS_COLLECTOR_H */
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector_commons.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Header file containing declarations of collectors common
- * functions and macros
- */
-
-#ifndef DPL_TEST_RESULTS_COLLECTOR_COMMONS_H
-#define DPL_TEST_RESULTS_COLLECTOR_COMMONS_H
-
-#include <chrono>
-#include <string>
-
-namespace DPL {
-namespace Test {
-
-#define GREEN_RESULT_OK "[%s%s%s]\n", BOLD_GREEN_BEGIN, " OK ", \
- BOLD_GREEN_END
-#define GREEN_RESULT_OK_TIME "[%s%s%s] [elapsed: %0.3fms]\n", BOLD_GREEN_BEGIN, \
- " OK ", BOLD_GREEN_END
-#define GREEN_RESULT_OK_TIME_MAX(elapsed, max) \
- "[%s%s%s] %s[elapsed: %0.3fms, expected < %0.3fms]%s\n", BOLD_GREEN_BEGIN, \
- " OK ", BOLD_GREEN_END, BOLD_GREEN_BEGIN, elapsed, max, BOLD_GREEN_END
-#define GREEN_RESULT_OK_TIME_TOO_LONG(elapsed, max) \
- "[%s%s%s] %s[elapsed: %0.3fms, expected < %0.3fms]%s\n", BOLD_GREEN_BEGIN, \
- " OK ", BOLD_GREEN_END, BOLD_RED_BEGIN, elapsed, max, BOLD_RED_END
-
-// Get duration as a fraction of millisecond (max precision is 1 microsecond)
-double get_milliseconds (const std::chrono::system_clock::duration& performanceTime);
-
-bool ParseCollectorFileArg(const std::string &arg, std::string &filename);
-
-} // namespace Test
-} // namespace DPL
-
-#endif // DPL_TEST_RESULTS_COLLECTOR_COMMONS_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector_console.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Header file containing ConsoleCollector class declaration
- */
-
-#ifndef DPL_TEST_RESULTS_COLLECTOR_CONSOLE_H
-#define DPL_TEST_RESULTS_COLLECTOR_CONSOLE_H
-
-#include <map>
-
-#include <dpl/test/statistic.h>
-#include <dpl/test/test_results_collector.h>
-
-namespace DPL {
-namespace Test {
-
-class ConsoleCollector :
- public TestResultsCollectorBase
-{
-public:
- static TestResultsCollectorBase* Constructor();
-
-private:
- ConsoleCollector();
-
- virtual void CollectCurrentTestGroupName(const std::string& name);
- virtual void CollectResult(const std::string& id,
- const FailStatus status = FailStatus::NONE,
- const std::string& reason = "",
- const bool& isPerformanceTest = true,
- const std::chrono::system_clock::duration& performanceTime
- = std::chrono::microseconds::zero(),
- const std::chrono::system_clock::duration& performanceMaxTime
- = std::chrono::microseconds::zero());
- virtual void Finish();
-
- void PrintfErrorMessage(const char* type,
- const std::string& message,
- bool verbosity);
- void PrintfIgnoredMessage(const char* type,
- const std::string& message,
- bool verbosity);
- void PrintStats(const std::string& title, const Statistic& stats);
-
- Statistic m_stats;
- std::map<std::string, Statistic> m_groupsStats;
- std::string m_currentGroup;
-};
-
-} // namespace Test
-} // namespace DPL
-
-#endif // DPL_TEST_RESULTS_COLLECTOR_CONSOLE_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector_html.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Header file containing HtmlCollector class declaration
- */
-
-#ifndef DPL_TEST_RESULTS_COLLECTOR_HTML_H
-#define DPL_TEST_RESULTS_COLLECTOR_HTML_H
-
-#include <map>
-
-#include <dpl/scoped_fclose.h>
-#include <dpl/test/statistic.h>
-#include <dpl/test/test_results_collector.h>
-
-namespace DPL {
-namespace Test {
-
-class HtmlCollector :
- public TestResultsCollectorBase
-{
-public:
- static TestResultsCollectorBase* Constructor();
-
-private:
- HtmlCollector();
-
- virtual std::string CollectorSpecificHelp() const;
- virtual bool ParseCollectorSpecificArg(const std::string& arg);
- virtual bool Configure();
- virtual void Start();
- virtual void CollectCurrentTestGroupName(const std::string& name);
- virtual void CollectResult(const std::string& id,
- const FailStatus status = FailStatus::NONE,
- const std::string& reason = "",
- const bool& isPerformanceTest = false,
- const std::chrono::system_clock::duration& performanceTime
- = std::chrono::microseconds::zero(),
- const std::chrono::system_clock::duration& performanceMaxTime
- = std::chrono::microseconds::zero());
- virtual void Finish();
-
- void PrintfErrorMessage(const char* type,
- const std::string& message,
- bool verbosity);
- void PrintfIgnoredMessage(const char* type,
- const std::string& message,
- bool verbosity);
- void PrintStats(const std::string& name, const Statistic& stats);
-
- std::string m_filename;
- ScopedFClose m_fp;
- Statistic m_stats;
- std::string m_currentGroup;
- std::map<std::string, Statistic> m_groupsStats;
-};
-
-} // namespace Test
-} // namespace DPL
-
-#endif // DPL_TEST_RESULTS_COLLECTOR_HTML_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector_summary.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @author Michal Witanowski (m.witanowski@samsung.com)
- * @version 1.0
- * @brief Header file containing SummaryCollector class declaration.
- */
-
-#ifndef DPL_TEST_RESULTS_COLLECTOR_SUMMARY_H
-#define DPL_TEST_RESULTS_COLLECTOR_SUMMARY_H
-
-#include <fstream>
-#include <string>
-
-#include <dpl/test/statistic.h>
-#include <dpl/test/test_results_collector.h>
-
-namespace DPL {
-namespace Test {
-
-class SummaryCollector
- : public TestResultsCollectorBase
-{
-public:
- static TestResultsCollectorBase* Constructor();
-
-private:
- SummaryCollector();
-
- virtual std::string CollectorSpecificHelp() const;
- virtual bool ParseCollectorSpecificArg(const std::string& arg);
- virtual void Start();
- virtual void CollectResult(const std::string& id,
- const FailStatus status = FailStatus::NONE,
- const std::string& reason = "",
- const bool& isPerformanceTest = false,
- const std::chrono::system_clock::duration& performanceTime
- = std::chrono::microseconds::zero(),
- const std::chrono::system_clock::duration& performanceMaxTime
- = std::chrono::microseconds::zero());
- virtual void Finish();
-
- void writeStats(bool segfault);
-
- Statistic m_stats;
- std::string m_filename;
- std::ofstream m_output;
-};
-
-} // namespace Test
-} // namespace DPL
-
-#endif // DPL_TEST_RESULTS_COLLECTOR_SUMMARY_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector_xml.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Header file containing XmlCollector class declaration
- */
-
-#ifndef DPL_TEST_RESULTS_COLLECTOR_XML_H
-#define DPL_TEST_RESULTS_COLLECTOR_XML_H
-
-#include <dpl/scoped_fclose.h>
-#include <dpl/test/statistic.h>
-#include <dpl/test/test_results_collector.h>
-
-namespace DPL {
-namespace Test {
-
-class XmlCollector :
- public TestResultsCollectorBase
-{
-public:
- static TestResultsCollectorBase* Constructor();
-
-private:
- XmlCollector();
-
- virtual std::string CollectorSpecificHelp() const;
- virtual bool ParseCollectorSpecificArg(const std::string& arg);
- virtual bool Configure();
- virtual void Start();
- virtual void CollectCurrentTestGroupName(const std::string& name);
- virtual void CollectResult(const std::string& id,
- const FailStatus status = FailStatus::NONE,
- const std::string& reason = "",
- const bool& isPerformanceTest = false,
- const std::chrono::system_clock::duration& performanceTime
- = std::chrono::microseconds::zero(),
- const std::chrono::system_clock::duration& performanceMaxTime
- = std::chrono::microseconds::zero());
- virtual void Finish();
-
- void GroupStart(const std::size_t pos, const std::string& name);
- std::size_t GetCurrentGroupPosition() const;
- void UpdateGroupHeader(const std::size_t groupPosition,
- const unsigned int tests,
- const unsigned int failures,
- const unsigned int skipped);
- void UpdateElementAttribute(const std::size_t elementPosition,
- const std::string& name,
- const std::string& value);
- std::string UIntToString(const unsigned int value);
- void GroupFinish(const std::size_t groupPosition);
- void PrintfErrorMessage(const char* type,
- const std::string& message,
- bool verbosity);
- void PrintfIgnoredMessage(const char* type,
- const std::string& message,
- bool verbosity);
- void FlushOutput();
- std::string EscapeSpecialCharacters(std::string s);
-
- std::string m_filename;
- ScopedFClose m_fp;
- Statistic m_stats;
- std::string m_outputBuffer;
- std::string m_resultBuffer;
-};
-
-} // namespace Test
-} // namespace DPL
-
-#endif // DPL_TEST_RESULTS_COLLECTOR_XML_H
+++ /dev/null
-/*
- * Copyright (c) 2011-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_runner.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This file is the header file of test runner
- */
-
-#ifndef DPL_TEST_RUNNER_H
-#define DPL_TEST_RUNNER_H
-
-#include <chrono>
-#include <cstring>
-#include <exception>
-#include <iostream>
-#include <list>
-#include <map>
-#include <queue>
-#include <set>
-#include <sstream>
-#include <string>
-#include <vector>
-
-#include <dpl/atomic.h>
-#include <dpl/availability.h>
-#include <dpl/colors.h>
-#include <dpl/gdbbacktrace.h>
-#include <dpl/singleton.h>
-#include <dpl/test/test_results_collector.h>
-
-namespace DPL {
-namespace Test {
-class TestRunner
-{
- typedef std::map<std::string, TestResultsCollectorBasePtr>
- TestResultsCollectors;
- TestResultsCollectors m_collectors;
-
- std::string m_startTestId;
- bool m_runIgnored;
-
- std::queue<std::string> m_failReason;
-
- public:
- TestRunner() :
- m_currentTestCase(nullptr)
- , m_terminate(false)
- , m_allowChildLogs(false)
- {}
-
- void beginPerformanceTestTime(std::chrono::system_clock::duration maxTimeInMicroseconds);
- void endPerformanceTestTime();
- void getCurrentTestCasePerformanceResult(bool& isPerformanceTest,
- std::chrono::system_clock::duration& result,
- std::chrono::system_clock::duration& resultMax);
- void setCurrentTestCasePerformanceResult(bool isPerformanceTest,
- std::chrono::system_clock::duration result,
- std::chrono::system_clock::duration resultMax);
-
- void addFailReason(const std::string &reason);
-
- typedef void (*TestCase)();
-
- private:
- struct TestCaseStruct
- {
- std::string name;
- TestCase proc;
-
- bool m_isPerformanceTest;
- std::chrono::system_clock::time_point m_performanceTestStartTime;
- std::chrono::system_clock::duration m_performanceTestDurationTime;
- std::chrono::system_clock::duration m_performanceMaxTime;
-
- bool operator <(const TestCaseStruct &other) const
- {
- return name < other.name;
- }
-
- bool operator ==(const TestCaseStruct &other) const
- {
- return name == other.name;
- }
-
- TestCaseStruct(const std::string &n, TestCase p) :
- name(n),
- proc(p),
- m_isPerformanceTest(false)
- {}
- };
-
- typedef std::list<TestCaseStruct> TestCaseStructList;
- typedef std::map<std::string, TestCaseStructList> TestCaseGroupMap;
- TestCaseGroupMap m_testGroups;
-
- TestCaseStruct * m_currentTestCase;
-
- typedef std::set<std::string> SelectedTestNameSet;
- SelectedTestNameSet m_selectedTestNamesSet;
- typedef std::set<std::string> SelectedTestGroupSet;
- SelectedTestGroupSet m_selectedTestGroupSet;
- std::string m_currentGroup;
-
- DPL::Atomic m_totalAssertions;
-
- // Terminate without any logs.
- // Some test requires to call fork function.
- // Child process must not produce any logs and should die quietly.
- bool m_terminate;
- bool m_allowChildLogs;
-
- void Banner();
- void InvalidArgs(const std::string& message = "Invalid arguments!");
- void Usage();
-
- bool filterGroupsByXmls(const std::vector<std::string> & files);
- bool filterByXML(std::map<std::string, bool> & casesMap);
- void normalizeXMLTag(std::string& str, const std::string& testcase);
-
- enum Status { FAILED, IGNORED, PASS };
-
- Status RunTestCase(const TestCaseStruct& testCase);
-
- void setCurrentTestCase(TestCaseStruct* testCase);
- TestCaseStruct *getCurrentTestCase();
-
- void RunTests();
-
- std::string getConcatedFailReason(const std::string &reason);
-
- void CollectResult(const std::string& id,
- const TestResultsCollectorBase::FailStatus status
- = TestResultsCollectorBase::FailStatus::NONE,
- const std::string& reason = std::string(),
- const bool& isPerformanceTest = false,
- const std::chrono::system_clock::duration& performanceTime = std::chrono::microseconds::zero(),
- const std::chrono::system_clock::duration& performanceMaxTime = std::chrono::microseconds::zero());
-
- public:
- class TestFailed
- {
- private:
- std::string m_message;
-
- public:
- TestFailed()
- {}
-
- //! \brief Failed test message creator
- //!
- //! \param[in] aTest string for tested expression
- //! \param[in] aFile source file name
- //! \param[in] aLine source file line
- //! \param[in] aMessage error message
- TestFailed(const char* aTest,
- const char* aFile,
- int aLine,
- const std::string &aMessage);
-
- TestFailed(const std::string &message);
-
- std::string GetMessage() const
- {
- return m_message;
- }
- };
-
- class Ignored
- {
- private:
- std::string m_message;
-
- public:
- Ignored()
- {}
-
- Ignored(const std::string &message) :
- m_message(message)
- {}
-
- std::string GetMessage() const
- {
- return m_message;
- }
- };
-
- void MarkAssertion();
-
- void RegisterTest(const char *testName, TestCase proc);
- void InitGroup(const char* name);
-
- int ExecTestRunner(int argc, char *argv[]);
- typedef std::vector<std::string> ArgsList;
- int ExecTestRunner(ArgsList args);
- bool getRunIgnored() const;
- // The runner will terminate as soon as possible (after current test).
- void Terminate();
- bool GetAllowChildLogs();
-};
-
-typedef DPL::Singleton<TestRunner> TestRunnerSingleton;
-}
-} // namespace DPL
-
-#define RUNNER_TEST_GROUP_INIT(GroupName) \
- static int Static##GroupName##Init() \
- { \
- DPL::Test::TestRunnerSingleton::Instance().InitGroup(#GroupName); \
- return 0; \
- } \
- const int DPL_UNUSED Static##GroupName##InitVar = \
- Static##GroupName##Init();
-
-#define RUNNER_TEST(Proc) \
- void Proc(); \
- static int Static##Proc##Init() \
- { \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc()
-
-
-/**
- * ASSERT MACROS
- *
- * Use them to create assertions in test cases. To do that put them inside test
- * body. Failing assertion indicates failing test.
- */
-
-#define RUNNER_ASSERT_MSG(test, message) \
- do \
- { \
- DPL::Test::TestRunnerSingleton::Instance().MarkAssertion(); \
- \
- if (!(test)) \
- { \
- std::ostringstream assertMsg; \
- assertMsg << message << DPL::gdbbacktrace(); \
- DPL::Test::TestRunner::TestFailed e(#test, \
- __FILE__, \
- __LINE__, \
- assertMsg.str()); \
- if (!std::uncaught_exception()) \
- throw e; \
- DPL::Test::TestRunnerSingleton::Instance().addFailReason(e.GetMessage()); \
- } \
- } while (0)
-
-#define RUNNER_ASSERT_ERRNO_MSG(test, message) \
- do \
- { \
- DPL::Test::TestRunnerSingleton::Instance().MarkAssertion(); \
- \
- if (!(test)) \
- { \
- const char *err = strerror(errno); \
- std::ostringstream assertMsg; \
- assertMsg << message; \
- if (!assertMsg.str().empty()) \
- assertMsg << ". "; \
- assertMsg << err << DPL::gdbbacktrace(); \
- DPL::Test::TestRunner::TestFailed e(#test, \
- __FILE__, \
- __LINE__, \
- assertMsg.str()); \
- if (!std::uncaught_exception()) \
- throw e; \
- DPL::Test::TestRunnerSingleton::Instance().addFailReason(e.GetMessage()); \
- } \
- } while (0)
-
-#define RUNNER_ASSERT_ERRNO(test) \
- RUNNER_ASSERT_ERRNO_MSG(test, "")
-
-#define RUNNER_FAIL_MSG(message) \
- RUNNER_ASSERT_MSG(false, message)
-
-#define RUNNER_ASSERT(test) \
- RUNNER_ASSERT_MSG(test, "")
-
-/**
- * IGNORE MACRO
- *
- * When test reaches this macro call, its furhter code will be ignored.
- * To ignore whole test, put this macro call at the beginning of this tests
- * body.
- */
-
-#define RUNNER_IGNORED_MSG(message) \
- do \
- { \
- std::ostringstream assertMsg; \
- assertMsg << message; \
- throw DPL::Test::TestRunner::Ignored(assertMsg.str()); \
- } while (0)
-
-/**
- * PERF MACROS
- *
- * Use these macros to do the time measurement. The first macro will start time measurement,
- * the second will gather the result. These macros can be used only once per test-case.
- * The result of time measurement will be displayed only if the test will pass.
- * Notice that these macros will work only if will be used in parent process. If these
- * macros will be used in child process then there will be no time measure results printed.
- * This macro in multiprocess tests has effect only if used in parent process. This macro
- * used in child process in multiprocess test has no effect.
- * The precision of measurement is 1 microsecond - the smallest time value that can be
- * measured is 0.000001s.
- * The time measure results will be printed only specific output format:
- * - text
- * - html
- * - xml
- */
-
-#define RUNNER_PERF_TEST_BEGIN(maxTime) \
- do { \
- DPL::Test::TestRunnerSingleton::Instance().beginPerformanceTestTime( \
- std::chrono::microseconds{static_cast<long long int>(maxTime*1000000.0)}); \
- } while (0)
-
-#define RUNNER_PERF_TEST_END() \
- do { \
- DPL::Test::TestRunnerSingleton::Instance().endPerformanceTestTime(); \
- } while (0)
-
-/**
- * MSG MACROS
- *
- * Use these macros to print error messages during test run time
- */
-
-#define RUNNER_ERROR_MSG(message) \
- do { \
- std::cerr << DPL::Colors::Text::RED_BEGIN << message \
- << DPL::Colors::Text::RED_END << std::endl; \
- } while (0)
-
-#endif // DPL_TEST_RUNNER_H
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_runner_child.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief This file is the header file of test runner
- */
-#ifndef DPL_TEST_RUNNER_CHILD_H
-#define DPL_TEST_RUNNER_CHILD_H
-
-#include <dpl/test/test_runner.h>
-
-namespace DPL {
-namespace Test {
-
-class PipeWrapper : DPL::Noncopyable
-{
- public:
- enum Usage {
- READONLY,
- WRITEONLY
- };
-
- enum Status {
- SUCCESS,
- TIMEOUT,
- ERROR
- };
-
- PipeWrapper();
-
- bool isReady();
-
- void setUsage(Usage usage);
-
- virtual ~PipeWrapper();
-
- Status send(int code, std::string &message);
- Status sendTime(int code,
- std::chrono::system_clock::duration time,
- std::chrono::system_clock::duration timeMax);
-
- Status receive(int &code,
- int &msgType,
- std::string &data,
- std::chrono::system_clock::duration &time,
- std::chrono::system_clock::duration &timeMax,
- time_t deadline);
-
- void closeAll();
-
- protected:
-
- std::string toBinaryString(int data);
- std::string toBinaryString(std::chrono::system_clock::duration data);
-
- void closeHelp(int desc);
-
- Status writeHelp(const void *buffer, int size);
-
- Status readHelp(void *buf, int size, time_t deadline);
-
- static const int PIPE_CLOSED = -1;
-
- int m_pipefd[2];
-};
-
-void RunChildProc(TestRunner::TestCase procChild);
-} // namespace Test
-} // namespace DPL
-
-#define RUNNER_CHILD_TEST(Proc) \
- void Proc(); \
- void Proc##Child(); \
- static int Static##Proc##Init() \
- { \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(){ \
- DPL::Test::RunChildProc(&Proc##Child); \
- } \
- void Proc##Child()
-
-#endif // DPL_TEST_RUNNER_CHILD_H
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_runner_multiprocess.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief This file is the header file of multiprocess test runner
- */
-#ifndef DPL_TEST_RUNNER_MULTIPROCESS_H
-#define DPL_TEST_RUNNER_MULTIPROCESS_H
-
-#include <dpl/test/test_runner_child.h>
-
-namespace DPL {
-namespace Test {
-
-class SimplePipeWrapper :
- public PipeWrapper
-{
- public:
- SimplePipeWrapper();
-
- virtual ~SimplePipeWrapper();
-
- Status send(std::string &message);
- Status receive(std::string &data, bool &empty, time_t deadline);
-};
-
-void RunMultiProc(TestRunner::TestCase procMulti);
-} // namespace Test
-} // namespace DPL
-
-#define RUNNER_MULTIPROCESS_TEST(Proc) \
- void Proc(); \
- void Proc##Multi(); \
- static int Static##Proc##Init() \
- { \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(){ \
- DPL::Test::RunMultiProc(&Proc##Multi); \
- } \
- void Proc##Multi()
-
-#endif // DPL_TEST_RUNNER_MULTIPROCESS_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file abstract_log_provider.cpp
- * @author Pawel Sikorski (p.sikorski@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of abstract log provider
- */
-#include <stddef.h>
-#include <dpl/log/abstract_log_provider.h>
-#include <cstring>
-
-namespace DPL {
-namespace Log {
-const char *AbstractLogProvider::LocateSourceFileName(const char *filename)
-{
- const char *ptr = strrchr(filename, '/');
- return ptr != nullptr ? ptr + 1 : filename;
-}
-}
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file assert.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of assert
- */
-#include <stddef.h>
-#include <dpl/assert.h>
-#include <dpl/colors.h>
-#include <dpl/exception.h>
-#include <dpl/log/log.h>
-#include <cstdlib>
-
-namespace DPL {
-void AssertProc(const char *condition,
- const char *file,
- int line,
- const char *function)
-{
-#define INTERNAL_LOG(message) \
- do \
- { \
- std::ostringstream platformLog; \
- platformLog << message; \
- DPL::Log::LogSystemSingleton::Instance().Pedantic( \
- platformLog.str().c_str(), \
- __FILE__, __LINE__, __FUNCTION__); \
- } \
- while (0)
-
- // Try to log failed assertion to log system
- Try
- {
- INTERNAL_LOG(
- "################################################################################");
- INTERNAL_LOG(
- "### DPL assertion failed! ###");
- INTERNAL_LOG(
- "################################################################################");
- INTERNAL_LOG("### Condition: " << condition);
- INTERNAL_LOG("### File: " << file);
- INTERNAL_LOG("### Line: " << line);
- INTERNAL_LOG("### Function: " << function);
- INTERNAL_LOG(
- "################################################################################");
- } catch (Exception) {
- // Just ignore possible double errors
- }
-
- // Fail with c-library abort
- abort();
-}
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file atomic.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of atomic
- */
-#include <stddef.h>
-#include <dpl/atomic.h>
-
-namespace DPL {
-Atomic::Atomic(ValueType value) :
- m_value(value)
-{}
-
-Atomic::ValueType Atomic::ExchangeAndAdd(ValueType value)
-{
- return g_atomic_int_add(const_cast<gint* >(&m_value), value);
-}
-
-bool Atomic::CompareAndExchange(ValueType oldValue, ValueType newValue)
-{
- return g_atomic_int_compare_and_exchange(const_cast<gint* >(&m_value),
- oldValue,
- newValue);
-}
-
-bool Atomic::operator--()
-{
- return g_atomic_int_dec_and_test(const_cast<gint* >(&m_value)) != TRUE;
-}
-
-void Atomic::operator++()
-{
- g_atomic_int_inc(const_cast<gint* >(&m_value));
-}
-
-Atomic::operator ValueType() const
-{
- return g_atomic_int_get(const_cast<gint* >(&m_value));
-}
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file binary_queue.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of binary queue
- */
-#include <stddef.h>
-#include <dpl/binary_queue.h>
-#include <dpl/assert.h>
-#include <dpl/scoped_free.h>
-#include <algorithm>
-#include <malloc.h>
-#include <cstring>
-#include <new>
-
-namespace DPL {
-BinaryQueue::BinaryQueue() :
- m_size(0)
-{}
-
-BinaryQueue::BinaryQueue(const BinaryQueue &other) :
- m_size(0)
-{
- AppendCopyFrom(other);
-}
-
-BinaryQueue::~BinaryQueue()
-{
- // Remove all remainig buckets
- Clear();
-}
-
-const BinaryQueue &BinaryQueue::operator=(const BinaryQueue &other)
-{
- if (this != &other) {
- Clear();
- AppendCopyFrom(other);
- }
-
- return *this;
-}
-
-void BinaryQueue::AppendCopyFrom(const BinaryQueue &other)
-{
- // To speed things up, always copy as one bucket
- void *bufferCopy = malloc(other.m_size);
-
- if (bufferCopy == nullptr) {
- throw std::bad_alloc();
- }
-
- try {
- other.Flatten(bufferCopy, other.m_size);
- AppendUnmanaged(bufferCopy, other.m_size, &BufferDeleterFree, nullptr);
- } catch (const std::bad_alloc &) {
- // Free allocated memory
- free(bufferCopy);
- throw;
- }
-}
-
-void BinaryQueue::AppendMoveFrom(BinaryQueue &other)
-{
- // Copy all buckets
- std::copy(other.m_buckets.begin(),
- other.m_buckets.end(), std::back_inserter(m_buckets));
- m_size += other.m_size;
-
- // Clear other, but do not free memory
- other.m_buckets.clear();
- other.m_size = 0;
-}
-
-void BinaryQueue::AppendCopyTo(BinaryQueue &other) const
-{
- other.AppendCopyFrom(*this);
-}
-
-void BinaryQueue::AppendMoveTo(BinaryQueue &other)
-{
- other.AppendMoveFrom(*this);
-}
-
-void BinaryQueue::Clear()
-{
- std::for_each(m_buckets.begin(), m_buckets.end(), &DeleteBucket);
- m_buckets.clear();
- m_size = 0;
-}
-
-void BinaryQueue::AppendCopy(const void* buffer, size_t bufferSize)
-{
- // Create data copy with malloc/free
- void *bufferCopy = malloc(bufferSize);
-
- // Check if allocation succeded
- if (bufferCopy == nullptr) {
- throw std::bad_alloc();
- }
-
- // Copy user data
- memcpy(bufferCopy, buffer, bufferSize);
-
- try {
- // Try to append new bucket
- AppendUnmanaged(bufferCopy, bufferSize, &BufferDeleterFree, nullptr);
- } catch (const std::bad_alloc &) {
- // Free allocated memory
- free(bufferCopy);
- throw;
- }
-}
-
-void BinaryQueue::AppendUnmanaged(const void* buffer,
- size_t bufferSize,
- BufferDeleter deleter,
- void* userParam)
-{
- // Do not attach empty buckets
- if (bufferSize == 0) {
- deleter(buffer, bufferSize, userParam);
- return;
- }
-
- // Just add new bucket with selected deleter
- m_buckets.push_back(new Bucket(buffer, bufferSize, deleter, userParam));
-
- // Increase total queue size
- m_size += bufferSize;
-}
-
-size_t BinaryQueue::Size() const
-{
- return m_size;
-}
-
-bool BinaryQueue::Empty() const
-{
- return m_size == 0;
-}
-
-void BinaryQueue::Consume(size_t size)
-{
- // Check parameters
- if (size > m_size) {
- Throw(Exception::OutOfData);
- }
-
- size_t bytesLeft = size;
-
- // Consume data and/or remove buckets
- while (bytesLeft > 0) {
- // Get consume size
- size_t count = std::min(bytesLeft, m_buckets.front()->left);
-
- m_buckets.front()->ptr =
- static_cast<const char *>(m_buckets.front()->ptr) + count;
- m_buckets.front()->left -= count;
- bytesLeft -= count;
- m_size -= count;
-
- if (m_buckets.front()->left == 0) {
- DeleteBucket(m_buckets.front());
- m_buckets.pop_front();
- }
- }
-}
-
-void BinaryQueue::Flatten(void *buffer, size_t bufferSize) const
-{
- // Check parameters
- if (bufferSize == 0) {
- return;
- }
-
- if (bufferSize > m_size) {
- Throw(Exception::OutOfData);
- }
-
- size_t bytesLeft = bufferSize;
- void *ptr = buffer;
- BucketList::const_iterator bucketIterator = m_buckets.begin();
- Assert(m_buckets.end() != bucketIterator);
-
- // Flatten data
- while (bytesLeft > 0) {
- // Get consume size
- size_t count = std::min(bytesLeft, (*bucketIterator)->left);
-
- // Copy data to user pointer
- memcpy(ptr, (*bucketIterator)->ptr, count);
-
- // Update flattened bytes count
- bytesLeft -= count;
- ptr = static_cast<char *>(ptr) + count;
-
- // Take next bucket
- ++bucketIterator;
- }
-}
-
-void BinaryQueue::FlattenConsume(void *buffer, size_t bufferSize)
-{
- // FIXME: Optimize
- Flatten(buffer, bufferSize);
- Consume(bufferSize);
-}
-
-void BinaryQueue::DeleteBucket(BinaryQueue::Bucket *bucket)
-{
- delete bucket;
-}
-
-void BinaryQueue::BufferDeleterFree(const void* data,
- size_t dataSize,
- void* userParam)
-{
- (void)dataSize;
- (void)userParam;
-
- // Default free deleter
- free(const_cast<void *>(data));
-}
-
-BinaryQueue::Bucket::Bucket(const void* data,
- size_t dataSize,
- BufferDeleter dataDeleter,
- void* userParam) :
- buffer(data),
- ptr(data),
- size(dataSize),
- left(dataSize),
- deleter(dataDeleter),
- param(userParam)
-{
- Assert(data != nullptr);
- Assert(deleter != nullptr);
-}
-
-BinaryQueue::Bucket::~Bucket()
-{
- // Invoke deleter on bucket data
- deleter(buffer, size, param);
-}
-
-BinaryQueue::BucketVisitor::~BucketVisitor()
-{}
-
-BinaryQueue::BucketVisitorCall::BucketVisitorCall(BucketVisitor *visitor) :
- m_visitor(visitor)
-{}
-
-BinaryQueue::BucketVisitorCall::~BucketVisitorCall()
-{}
-
-void BinaryQueue::BucketVisitorCall::operator()(Bucket *bucket) const
-{
- m_visitor->OnVisitBucket(bucket->ptr, bucket->left);
-}
-
-void BinaryQueue::VisitBuckets(BucketVisitor *visitor) const
-{
- Assert(visitor != nullptr);
-
- // Visit all buckets
- std::for_each(m_buckets.begin(), m_buckets.end(), BucketVisitorCall(visitor));
-}
-
-BinaryQueueAutoPtr BinaryQueue::Read(size_t size)
-{
- // Simulate input stream
- size_t available = std::min(size, m_size);
-
- ScopedFree<void> bufferCopy(malloc(available));
-
- if (!bufferCopy) {
- throw std::bad_alloc();
- }
-
- BinaryQueueAutoPtr result(new BinaryQueue());
-
- Flatten(bufferCopy.Get(), available);
- result->AppendUnmanaged(
- bufferCopy.Get(), available, &BufferDeleterFree, nullptr);
- bufferCopy.Release();
- Consume(available);
-
- return result;
-}
-
-size_t BinaryQueue::Write(const BinaryQueue &buffer, size_t bufferSize)
-{
- // Simulate output stream
- AppendCopyFrom(buffer);
- return bufferSize;
-}
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file colors.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief Some constants with definition of colors for Console
- * and html output
- */
-#include <stddef.h>
-#include <dpl/colors.h>
-
-namespace DPL {
-namespace Colors {
-namespace Text {
-const char* BOLD_GREEN_BEGIN = "\033[1;32m";
-const char* BOLD_GREEN_END = "\033[m";
-const char* RED_BEGIN = "\033[0;31m";
-const char* RED_END = "\033[m";
-const char* PURPLE_BEGIN = "\033[0;35m";
-const char* PURPLE_END = "\033[m";
-const char* GREEN_BEGIN = "\033[0;32m";
-const char* GREEN_END = "\033[m";
-const char* CYAN_BEGIN = "\033[0;36m";
-const char* CYAN_END = "\033[m";
-const char* BOLD_RED_BEGIN = "\033[1;31m";
-const char* BOLD_RED_END = "\033[m";
-const char* BOLD_YELLOW_BEGIN = "\033[1;33m";
-const char* BOLD_YELLOW_END = "\033[m";
-const char* BOLD_GOLD_BEGIN = "\033[0;33m";
-const char* BOLD_GOLD_END = "\033[m";
-const char* BOLD_WHITE_BEGIN = "\033[1;37m";
-const char* BOLD_WHITE_END = "\033[m";
-} //namespace Text
-
-namespace Html {
-const char* BOLD_GREEN_BEGIN = "<font color=\"green\"><b>";
-const char* BOLD_GREEN_END = "</b></font>";
-const char* PURPLE_BEGIN = "<font color=\"purple\"><b>";
-const char* PURPLE_END = "</b></font>";
-const char* RED_BEGIN = "<font color=\"red\"><b>";
-const char* RED_END = "</b></font>";
-const char* GREEN_BEGIN = "<font color=\"green\">";
-const char* GREEN_END = "</font>";
-const char* CYAN_BEGIN = "<font color=\"cyan\">";
-const char* CYAN_END = "</font>";
-const char* BOLD_RED_BEGIN = "<font color=\"red\"><b>";
-const char* BOLD_RED_END = "</b></font>";
-const char* BOLD_YELLOW_BEGIN = "<font color=\"yellow\"><b>";
-const char* BOLD_YELLOW_END = "</b></font>";
-const char* BOLD_GOLD_BEGIN = "<font color=\"gold\"><b>";
-const char* BOLD_GOLD_END = "</b></font>";
-const char* BOLD_WHITE_BEGIN = "<font color=\"white\"><b>";
-const char* BOLD_WHITE_END = "</b></font>";
-} //namespace Html
-} //namespace Colors
-} //namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dlog_log_provider.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of DLOG log provider
- */
-#include <stddef.h>
-#include <dpl/log/dlog_log_provider.h>
-#include <cstring>
-#include <sstream>
-#include <dlog.h>
-
-namespace DPL {
-namespace Log {
-std::string DLOGLogProvider::FormatMessage(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- std::ostringstream val;
-
- val << std::string("[") <<
- LocateSourceFileName(filename) << std::string(":") << line <<
- std::string("] ") << function << std::string("(): ") << message;
-
- return val.str();
-}
-
-DLOGLogProvider::DLOGLogProvider()
-{}
-
-DLOGLogProvider::~DLOGLogProvider()
-{}
-
-void DLOGLogProvider::SetTag(const char *tag)
-{
- m_tag.Reset(strdup(tag));
-}
-
-void DLOGLogProvider::Debug(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
-#ifdef SECURE_LOG
- SECURE_LOG(LOG_DEBUG, m_tag.Get(), "%s",
- FormatMessage(message, filename, line, function).c_str());
-#else
- LOG(LOG_DEBUG, m_tag.Get(), "%s",
- FormatMessage(message, filename, line, function).c_str());
-#endif
-}
-
-void DLOGLogProvider::Info(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
-#ifdef SECURE_LOG
- SECURE_LOG(LOG_INFO, m_tag.Get(), "%s",
- FormatMessage(message, filename, line, function).c_str());
-#else
- LOG(LOG_INFO, m_tag.Get(), "%s",
- FormatMessage(message, filename, line, function).c_str());
-#endif
-}
-
-void DLOGLogProvider::Warning(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
-#ifdef SECURE_LOG
- SECURE_LOG(LOG_WARN, m_tag.Get(), "%s",
- FormatMessage(message, filename, line, function).c_str());
-#else
- LOG(LOG_WARN, m_tag.Get(), "%s",
- FormatMessage(message, filename, line, function).c_str());
-#endif
-}
-
-void DLOGLogProvider::Error(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
-#ifdef SECURE_LOG
- SECURE_LOG(LOG_ERROR, m_tag.Get(), "%s",
- FormatMessage(message, filename, line, function).c_str());
-#else
- LOG(LOG_ERROR, m_tag.Get(), "%s",
- FormatMessage(message, filename, line, function).c_str());
-#endif
-}
-
-void DLOGLogProvider::Pedantic(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
-#ifdef SECURE_LOG
- SECURE_LOG(LOG_DEBUG, "DPL", "%s", FormatMessage(message,
- filename,
- line,
- function).c_str());
-#else
- LOG(LOG_DEBUG, "DPL", "%s", FormatMessage(message,
- filename,
- line,
- function).c_str());
-#endif
-}
-}
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file exception.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation of exception system
- */
-#include <stddef.h>
-#include <dpl/exception.h>
-#include <dpl/log/log.h>
-#include <cstdio>
-
-namespace DPL {
-Exception* Exception::m_lastException = nullptr;
-unsigned int Exception::m_exceptionCount = 0;
-void (*Exception::m_terminateHandler)() = nullptr;
-
-void LogUnhandledException(const std::string &str)
-{
- // Logging to console
- printf("%s\n", str.c_str());
-
- // Logging to dlog
- LogPedantic(str);
-}
-
-void LogUnhandledException(const std::string &str,
- const char *filename,
- int line,
- const char *function)
-{
- // Logging to console
- std::ostringstream msg;
- msg << "\033[1;5;31m\n=== [" << filename << ":" << line << "] " <<
- function << " ===\033[m";
- msg << str;
- printf("%s\n", msg.str().c_str());
-
- // Logging to dlog
- DPL::Log::LogSystemSingleton::Instance().Error(
- str.c_str(), filename, line, function);
-}
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file gdbbacktrace.cpp
- * @author Pawel Broda (p.broda@partner.samsung.com)
- * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
- * @version 1.0
- * @brief API providing backtrace
- */
-
-#include <cerrno>
-#include <cstdio>
-#include <cstdlib>
-#include <cstring>
-#include <fcntl.h>
-#include <iomanip>
-#include <iostream>
-#include <regex>
-#include <sstream>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-
-#include <dpl/colors.h>
-
-#include <dpl/gdbbacktrace.h>
-
-namespace DPL {
-namespace {
-
-const std::string FRAME_PATTERN_DPL("in DPL::Test");
-const std::string FRAME_GDBBACKTRACE("in DPL::gdbbacktrace");
-const std::string DEV_NULL("/dev/null");
-const std::string TMP_FILE_PREFIX("/tmp/security-tests_gdbbacktrace-");
-
-void printColor(const char *err, int errnoNumber = 0)
-{
- std::cerr << Colors::Text::RED_BEGIN << "gdbbacktrace() failed: " << err
- << ((errnoNumber != 0) ? (std::string(". ") + strerror(errnoNumber)) : "")
- << Colors::Text::RED_END << std::endl;
-}
-
-bool backtraceParseLine(const std::string &line, std::ostream &result, size_t lineNumber)
-{
- if (line.find(FRAME_PATTERN_DPL, 0) != std::string::npos)
- return false;
-
- std::smatch m;
- std::regex expr("^#\\d+\\s+0x[0-9a-fA-F]+\\s+(.+)");
- if (!std::regex_search (line, m, expr))
- return false;
-
- result << "#" << std::left << std::setw(2) << lineNumber << " " << m[m.size()-1] << std::endl;
- return true;
-}
-
-std::string backtraceRead(const std::string &filename)
-{
- errno = 0;
- FILE *bt_fd = fopen(filename.c_str(), "r");
- if (bt_fd == nullptr) {
- printColor("fopen() failed", errno);
- return "";
- }
-
- std::ostringstream result;
- result << std::endl;
-
- char * line = nullptr;
- size_t len = 0;
-
- while (true) {
- if (-1 == getline(&line, &len, bt_fd)) {
- printColor("No backtrace information", errno);
- free(line);
- fclose(bt_fd);
- return "";
- }
- if (std::string(line).find(FRAME_GDBBACKTRACE, 0) != std::string::npos)
- break;
- }
-
- size_t lineNumber = 1;
- while (-1 != getline(&line, &len, bt_fd)) {
- if (backtraceParseLine(line, result, lineNumber))
- ++lineNumber;
- }
-
- free(line);
- fclose(bt_fd);
-
- return result.str();
-}
-
-void runChild()
-{
- try {
- std::string filename = TMP_FILE_PREFIX + std::to_string(getpid());
- int devnullWrite = TEMP_FAILURE_RETRY(open(DEV_NULL.c_str(), O_WRONLY));
- if (-1 == devnullWrite)
- exit(EXIT_FAILURE);
- int writeFd = TEMP_FAILURE_RETRY(creat(filename.c_str(), S_IRUSR | S_IWUSR));
- if (-1 == writeFd)
- exit(EXIT_FAILURE);
- int devnullRead = TEMP_FAILURE_RETRY(open(DEV_NULL.c_str(), O_RDONLY));
- if (-1 == devnullRead)
- exit(EXIT_FAILURE);
- if (-1 == TEMP_FAILURE_RETRY(dup2(devnullWrite, STDERR_FILENO)))
- exit(EXIT_FAILURE);
- if (-1 == TEMP_FAILURE_RETRY(dup2(writeFd, STDOUT_FILENO)))
- exit(EXIT_FAILURE);
- if (-1 == TEMP_FAILURE_RETRY(dup2(devnullRead, STDIN_FILENO)))
- exit(EXIT_FAILURE);
- std::string ppid = std::to_string(getppid());
- execl("/usr/bin/gdb", "gdb", "--batch", "-n", "-ex", "bt", "--pid", ppid.c_str(),
- (char*)nullptr);
- // gdb failed to start...
- } catch (...) {
- }
- exit(EXIT_FAILURE);
-}
-
-} // namespace
-
-std::string gdbbacktrace(void)
-{
- std::string ret;
-
- pid_t childPid = fork();
- switch (childPid) {
- case -1:
- printColor("fork() failed", errno);
- return ret;
- case 0:
- runChild();
- default:
- break;
- }
-
- std::string filename = TMP_FILE_PREFIX + std::to_string(childPid);
-
- int status;
- pid_t pid = TEMP_FAILURE_RETRY(waitpid(childPid, &status, 0));
- if (-1 == pid)
- printColor("waitpid() failed", errno);
- else if (!WIFEXITED(status) || WEXITSTATUS(status) != EXIT_SUCCESS)
- printColor("Error: no gdb or failed to start gdb...");
- else
- ret = backtraceRead(filename);
-
- if (-1 == unlink(filename.c_str()) && errno != ENOENT)
- printColor("unlink() failed", errno);
- return ret;
-}
-
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file log.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of log system
- */
-#include <stddef.h>
-#include <string.h>
-
-#include <dpl/log/log.h>
-#include <dpl/singleton_impl.h>
-
-IMPLEMENT_SINGLETON(DPL::Log::LogSystem)
-
-namespace DPL {
-namespace Log {
-namespace // anonymous
-{
-const char *OLD_STYLE_LOGS_ENV_NAME = "DPL_USE_OLD_STYLE_LOGS";
-const char *OLD_STYLE_PEDANTIC_LOGS_ENV_NAME =
- "DPL_USE_OLD_STYLE_PEDANTIC_LOGS";
-const char *OLD_STYLE_LOGS_MASK_ENV_NAME = "DPL_USE_OLD_STYLE_LOGS_MASK";
-const char *DPL_LOG_OFF = "DPL_LOG_OFF";
-} // namespace anonymous
-
-bool LogSystem::IsLoggingEnabled() const
-{
- return m_isLoggingEnabled;
-}
-
-LogSystem::LogSystem() :
- m_dlogProvider(nullptr),
- m_oldStyleProvider(nullptr),
- m_isLoggingEnabled(!getenv(DPL_LOG_OFF))
-{
- bool oldStyleLogs = false;
- bool oldStyleDebugLogs = true;
- bool oldStyleInfoLogs = true;
- bool oldStyleWarningLogs = true;
- bool oldStyleErrorLogs = true;
- bool oldStylePedanticLogs = false;
-
- // Check environment settings about pedantic logs
- const char *value = getenv(OLD_STYLE_LOGS_ENV_NAME);
-
- if (value != nullptr && !strcmp(value, "1")) {
- oldStyleLogs = true;
- }
-
- value = getenv(OLD_STYLE_PEDANTIC_LOGS_ENV_NAME);
-
- if (value != nullptr && !strcmp(value, "1")) {
- oldStylePedanticLogs = true;
- }
-
- value = getenv(OLD_STYLE_LOGS_MASK_ENV_NAME);
-
- if (value != nullptr) {
- size_t len = strlen(value);
-
- if (len >= 1) {
- if (value[0] == '0') {
- oldStyleDebugLogs = false;
- } else if (value[0] == '1') {
- oldStyleDebugLogs = true;
- }
- }
-
- if (len >= 2) {
- if (value[1] == '0') {
- oldStyleInfoLogs = false;
- } else if (value[1] == '1') {
- oldStyleInfoLogs = true;
- }
- }
-
- if (len >= 3) {
- if (value[2] == '0') {
- oldStyleWarningLogs = false;
- } else if (value[2] == '1') {
- oldStyleWarningLogs = true;
- }
- }
-
- if (len >= 4) {
- if (value[3] == '0') {
- oldStyleErrorLogs = false;
- } else if (value[3] == '1') {
- oldStyleErrorLogs = true;
- }
- }
- }
-
- // Setup default DLOG and old style logging
- if (oldStyleLogs) {
- // Old style
- m_oldStyleProvider = new OldStyleLogProvider(oldStyleDebugLogs,
- oldStyleInfoLogs,
- oldStyleWarningLogs,
- oldStyleErrorLogs,
- oldStylePedanticLogs);
- AddProvider(m_oldStyleProvider);
- } else {
- // DLOG
- m_dlogProvider = new DLOGLogProvider();
- AddProvider(m_dlogProvider);
- }
-}
-
-LogSystem::~LogSystem()
-{
- // Delete all providers
- for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
- iterator != m_providers.end();
- ++iterator)
- {
- delete *iterator;
- }
-
- m_providers.clear();
-
- // And even default providers
- m_dlogProvider = nullptr;
- m_oldStyleProvider = nullptr;
-}
-
-void LogSystem::SetTag(const char* tag)
-{
- if (m_dlogProvider != nullptr) {
- m_dlogProvider->SetTag(tag);
- }
-}
-
-void LogSystem::AddProvider(AbstractLogProvider *provider)
-{
- m_providers.push_back(provider);
-}
-
-void LogSystem::RemoveProvider(AbstractLogProvider *provider)
-{
- m_providers.remove(provider);
-}
-
-void LogSystem::Debug(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
- iterator != m_providers.end();
- ++iterator)
- {
- (*iterator)->Debug(message, filename, line, function);
- }
-}
-
-void LogSystem::Info(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
- iterator != m_providers.end();
- ++iterator)
- {
- (*iterator)->Info(message, filename, line, function);
- }
-}
-
-void LogSystem::Warning(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
- iterator != m_providers.end();
- ++iterator)
- {
- (*iterator)->Warning(message, filename, line, function);
- }
-}
-
-void LogSystem::Error(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
- iterator != m_providers.end();
- ++iterator)
- {
- (*iterator)->Error(message, filename, line, function);
- }
-}
-
-void LogSystem::Pedantic(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin();
- iterator != m_providers.end();
- ++iterator)
- {
- (*iterator)->Pedantic(message, filename, line, function);
- }
-}
-}
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file noncopyable.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of noncopyable
- */
-#include <stddef.h>
-#include <dpl/noncopyable.h>
-
-namespace DPL {
-Noncopyable::Noncopyable()
-{}
-
-Noncopyable::~Noncopyable()
-{}
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file old_style_log_provider.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of old style log provider
- */
-#include <stddef.h>
-#include <dpl/log/old_style_log_provider.h>
-#include <dpl/colors.h>
-#include <cstdio>
-#include <cstring>
-#include <sstream>
-#include <sys/time.h>
-#include <unistd.h>
-
-namespace DPL {
-namespace Log {
-namespace // anonymous
-{
-using namespace DPL::Colors::Text;
-const char *DEBUG_BEGIN = GREEN_BEGIN;
-const char *DEBUG_END = GREEN_END;
-const char *INFO_BEGIN = CYAN_BEGIN;
-const char *INFO_END = CYAN_END;
-const char *ERROR_BEGIN = RED_BEGIN;
-const char *ERROR_END = RED_END;
-const char *WARNING_BEGIN = BOLD_GOLD_BEGIN;
-const char *WARNING_END = BOLD_GOLD_END;
-const char *PEDANTIC_BEGIN = PURPLE_BEGIN;
-const char *PEDANTIC_END = PURPLE_END;
-
-std::string GetFormattedTime()
-{
- timeval tv;
- tm localNowTime;
-
- gettimeofday(&tv, nullptr);
- localtime_r(&tv.tv_sec, &localNowTime);
-
- char format[64];
- snprintf(format,
- sizeof(format),
- "%02i:%02i:%02i.%03i",
- localNowTime.tm_hour,
- localNowTime.tm_min,
- localNowTime.tm_sec,
- static_cast<int>(tv.tv_usec / 1000));
- return format;
-}
-} // namespace anonymous
-
-std::string OldStyleLogProvider::FormatMessage(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- std::ostringstream val;
-
- val << std::string("[") << GetFormattedTime() << std::string("] [") <<
- static_cast<unsigned long>(pthread_self()) << "/" <<
- static_cast<int>(getpid()) << std::string("] [") <<
- LocateSourceFileName(filename) << std::string(":") << line <<
- std::string("] ") << function << std::string("(): ") << message;
-
- return val.str();
-}
-
-OldStyleLogProvider::OldStyleLogProvider(bool showDebug,
- bool showInfo,
- bool showWarning,
- bool showError,
- bool showPedantic) :
- m_showDebug(showDebug),
- m_showInfo(showInfo),
- m_showWarning(showWarning),
- m_showError(showError),
- m_showPedantic(showPedantic),
- m_printStdErr(false)
-{}
-
-OldStyleLogProvider::OldStyleLogProvider(bool showDebug,
- bool showInfo,
- bool showWarning,
- bool showError,
- bool showPedantic,
- bool printStdErr) :
- m_showDebug(showDebug),
- m_showInfo(showInfo),
- m_showWarning(showWarning),
- m_showError(showError),
- m_showPedantic(showPedantic),
- m_printStdErr(printStdErr)
-{}
-
-void OldStyleLogProvider::Debug(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- if (m_showDebug) {
- if (m_printStdErr) {
- fprintf(stderr, "%s%s%s\n", DEBUG_BEGIN,
- FormatMessage(message, filename, line,
- function).c_str(), DEBUG_END);
- } else {
- fprintf(stdout, "%s%s%s\n", DEBUG_BEGIN,
- FormatMessage(message, filename, line,
- function).c_str(), DEBUG_END);
- }
- }
-}
-
-void OldStyleLogProvider::Info(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- if (m_showInfo) {
- if (m_printStdErr) {
- fprintf(stderr, "%s%s%s\n", INFO_BEGIN,
- FormatMessage(message, filename, line,
- function).c_str(), INFO_END);
- } else {
- fprintf(stdout, "%s%s%s\n", INFO_BEGIN,
- FormatMessage(message, filename, line,
- function).c_str(), INFO_END);
- }
- }
-}
-
-void OldStyleLogProvider::Warning(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- if (m_showWarning) {
- if (m_printStdErr) {
- fprintf(stderr, "%s%s%s\n", WARNING_BEGIN,
- FormatMessage(message, filename, line,
- function).c_str(), WARNING_END);
- } else {
- fprintf(stdout, "%s%s%s\n", WARNING_BEGIN,
- FormatMessage(message, filename, line,
- function).c_str(), WARNING_END);
- }
- }
-}
-
-void OldStyleLogProvider::Error(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- if (m_showError) {
- if (m_printStdErr) {
- fprintf(stderr, "%s%s%s\n", ERROR_BEGIN,
- FormatMessage(message, filename, line,
- function).c_str(), ERROR_END);
- } else {
- fprintf(stdout, "%s%s%s\n", ERROR_BEGIN,
- FormatMessage(message, filename, line,
- function).c_str(), ERROR_END);
- }
- }
-}
-
-void OldStyleLogProvider::Pedantic(const char *message,
- const char *filename,
- int line,
- const char *function)
-{
- if (m_showPedantic) {
- if (m_printStdErr) {
- fprintf(stderr, "%s%s%s\n", PEDANTIC_BEGIN,
- FormatMessage(message, filename, line,
- function).c_str(), PEDANTIC_END);
- } else {
- fprintf(stdout, "%s%s%s\n", PEDANTIC_BEGIN,
- FormatMessage(message, filename, line,
- function).c_str(), PEDANTIC_END);
- }
- }
-}
-}
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file singleton.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of singleton
- */
-#include <stddef.h>
-#include <dpl/singleton.h>
-
-//
-// Note:
-//
-// The file here is left blank to enable precompilation
-// of templates in corresponding header file.
-// Do not remove this file.
-//
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector.h
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief Implementation file some concrete TestResulstsCollector
- */
-#include <dpl/test/statistic.h>
-#include <dpl/test/test_results_collector.h>
-#include <dpl/test/test_results_collector_console.h>
-#include <dpl/test/test_results_collector_html.h>
-#include <dpl/test/test_results_collector_summary.h>
-#include <dpl/test/test_results_collector_xml.h>
-
-namespace DPL {
-namespace Test {
-
-void TestResultsCollectorBase::RegisterCollectorConstructor(
- const std::string& name,
- TestResultsCollectorBase::CollectorConstructorFunc func)
-{
- Assert(m_constructorsMap.find(name) == m_constructorsMap.end());
- m_constructorsMap[name] = func;
-}
-
-TestResultsCollectorBase* TestResultsCollectorBase::Create(
- const std::string& name)
-{
- ConstructorsMap::iterator found = m_constructorsMap.find(name);
- if (found != m_constructorsMap.end()) {
- return found->second();
- } else {
- return nullptr;
- }
-}
-
-std::vector<std::string> TestResultsCollectorBase::GetCollectorsNames()
-{
- std::vector<std::string> list;
- for (auto &constructor : m_constructorsMap)
- {
- list.push_back(constructor.first);
- }
- return list;
-}
-
-TestResultsCollectorBase::ConstructorsMap TestResultsCollectorBase::
- m_constructorsMap;
-
-namespace {
-static int RegisterCollectorConstructors();
-static const int RegisterHelperVariable = RegisterCollectorConstructors();
-int RegisterCollectorConstructors()
-{
- (void)RegisterHelperVariable;
-
- TestResultsCollectorBase::RegisterCollectorConstructor(
- "text",
- &ConsoleCollector::Constructor);
- TestResultsCollectorBase::RegisterCollectorConstructor(
- "html",
- &HtmlCollector::Constructor);
- TestResultsCollectorBase::RegisterCollectorConstructor(
- "summary",
- &SummaryCollector::Constructor);
- TestResultsCollectorBase::RegisterCollectorConstructor(
- "xml",
- &XmlCollector::Constructor);
-
- return 0;
-}
-}
-}
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector_commons.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Source file containing definitions of collectors common
- * functions
- */
-
-#include "dpl/test/test_results_collector_commons.h"
-
-namespace DPL {
-namespace Test {
-
-double get_milliseconds (const std::chrono::system_clock::duration& performanceTime)
-{
- return (static_cast<double>(std::chrono::duration_cast<std::chrono::microseconds>
- (performanceTime).count()))/1000.0;
-}
-
-bool ParseCollectorFileArg(const std::string &arg, std::string &filename)
-{
- const std::string argname = "--file=";
- if (arg.find(argname) == 0 ) {
- filename = arg.substr(argname.size());
- return true;
- }
- return false;
-}
-
-} // namespace Test
-} // namespace DPL
-
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector_console.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Source file containing ConsoleCollector class definition
- */
-
-#include <fstream>
-#include <sstream>
-
-#include <dpl/assert.h>
-#include <dpl/colors.h>
-#include <dpl/test/test_results_collector_commons.h>
-
-#include "dpl/test/test_results_collector_console.h"
-
-namespace DPL {
-namespace Test {
-
-ConsoleCollector::ConsoleCollector()
-{
-}
-
-TestResultsCollectorBase* ConsoleCollector::Constructor()
-{
- return new ConsoleCollector();
-}
-
-void ConsoleCollector::CollectCurrentTestGroupName(const std::string& name)
-{
- printf("Starting group %s\n", name.c_str());
- m_currentGroup = name;
-}
-
-void ConsoleCollector::Finish()
-{
- using namespace DPL::Colors::Text;
-
- // Show result
- for (auto &group : m_groupsStats) {
- PrintStats(group.first, group.second);
- }
- PrintStats("All tests together", m_stats);
-}
-
-void ConsoleCollector::CollectResult(const std::string& id,
- const FailStatus status,
- const std::string& reason,
- const bool& isPerformanceTest,
- const std::chrono::system_clock::duration& performanceTime,
- const std::chrono::system_clock::duration& performanceMaxTime)
-{
- using namespace DPL::Colors::Text;
- std::string tmp = "'" + id + "' ...";
-
- printf("Running test case %-60s", tmp.c_str());
- switch (status) {
- case FailStatus::NONE:
- if (isPerformanceTest) {
- if (performanceMaxTime <= std::chrono::microseconds::zero()) {
- printf(GREEN_RESULT_OK_TIME,
- get_milliseconds(performanceTime));
- break;
- }
- else {
- if (performanceTime > performanceMaxTime)
- printf(GREEN_RESULT_OK_TIME_TOO_LONG(
- get_milliseconds(performanceTime),
- get_milliseconds(performanceMaxTime)));
- else
- printf(GREEN_RESULT_OK_TIME_MAX(
- get_milliseconds(performanceTime),
- get_milliseconds(performanceMaxTime)));
- break;
- }
- }
- printf(GREEN_RESULT_OK);
- break;
- case FailStatus::FAILED:
- PrintfErrorMessage(" FAILED ", reason, true);
- break;
- case FailStatus::IGNORED:
- PrintfIgnoredMessage("Ignored ", reason, true);
- break;
- default:
- Assert(false && "Bad status");
- }
- m_stats.AddTest(status);
- m_groupsStats[m_currentGroup].AddTest(status);
-}
-
-void ConsoleCollector::PrintfErrorMessage(const char* type,
- const std::string& message,
- bool verbosity)
-{
- using namespace DPL::Colors::Text;
- if (verbosity) {
- printf("[%s%s%s] %s%s%s\n",
- BOLD_RED_BEGIN,
- type,
- BOLD_RED_END,
- BOLD_YELLOW_BEGIN,
- message.c_str(),
- BOLD_YELLOW_END);
- } else {
- printf("[%s%s%s]\n",
- BOLD_RED_BEGIN,
- type,
- BOLD_RED_END);
- }
-}
-
-void ConsoleCollector::PrintfIgnoredMessage(const char* type,
- const std::string& message,
- bool verbosity)
-{
- using namespace DPL::Colors::Text;
- if (verbosity) {
- printf("[%s%s%s] %s%s%s\n",
- CYAN_BEGIN,
- type,
- CYAN_END,
- BOLD_GOLD_BEGIN,
- message.c_str(),
- BOLD_GOLD_END);
- } else {
- printf("[%s%s%s]\n",
- CYAN_BEGIN,
- type,
- CYAN_END);
- }
-}
-
-void ConsoleCollector::PrintStats(const std::string& title, const Statistic& stats)
-{
- using namespace DPL::Colors::Text;
- printf("\n%sResults [%s]: %s\n", BOLD_GREEN_BEGIN,
- title.c_str(), BOLD_GREEN_END);
- printf("%s%s%3zu%s\n",
- CYAN_BEGIN,
- "Total tests: ",
- stats.GetTotal(),
- CYAN_END);
- printf(" %s%s%3zu%s\n",
- CYAN_BEGIN,
- "Succeeded: ",
- stats.GetPassed(),
- CYAN_END);
- printf(" %s%s%3zu%s\n",
- CYAN_BEGIN,
- "Failed: ",
- stats.GetFailed(),
- CYAN_END);
- printf(" %s%s%3zu%s\n",
- CYAN_BEGIN,
- "Ignored: ",
- stats.GetIgnored(),
- CYAN_END);
-}
-
-} // namespace Test
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector_html.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Source file containing HtmlCollector class definition
- */
-
-#include <cstdio>
-
-#include <dpl/assert.h>
-#include <dpl/colors.h>
-#include <dpl/test/test_results_collector_commons.h>
-
-#include "dpl/test/test_results_collector_html.h"
-
-namespace DPL {
-namespace Test {
-
-namespace {
-
-const char *DEFAULT_HTML_FILE_NAME = "index.html";
-
-}
-
-HtmlCollector::HtmlCollector()
- : m_filename(DEFAULT_HTML_FILE_NAME)
-{
-}
-
-TestResultsCollectorBase* HtmlCollector::Constructor()
-{
- return new HtmlCollector();
-}
-
-void HtmlCollector::CollectCurrentTestGroupName(const std::string& name)
-{
- fprintf(m_fp.Get(), "<b>Starting group %s", name.c_str());
- m_currentGroup = name;
-}
-
-bool HtmlCollector::Configure()
-{
- m_fp.Reset(fopen(m_filename.c_str(), "w"));
- if (!m_fp) {
- LogPedantic("Could not open file " << m_filename << " for writing");
- return false;
- }
- return true;
-}
-
-std::string HtmlCollector::CollectorSpecificHelp() const
-{
- return "--file=<filename> - name of file for output\n"
- " default - index.html\n";
-}
-
-void HtmlCollector::Start()
-{
- Assert(!!m_fp && "File handle must not be null");
- fprintf(m_fp.Get(),
- "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0"
- "Transitional//EN\" "
- "\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\""
- ">\n");
- fprintf(m_fp.Get(),
- "<html xmlns=\"http://www.w3.org/1999/xhtml\" "
- "lang=\"en\" dir=\"ltr\">\n");
- fprintf(m_fp.Get(), "<body style=\"background-color: black;\">\n");
- fprintf(m_fp.Get(), "<pre>\n");
- fprintf(m_fp.Get(), "<font color=\"white\">\n");
-}
-
-void HtmlCollector::Finish()
-{
- using namespace DPL::Colors::Html;
- // Show result
- for (auto &group : m_groupsStats) {
- PrintStats(group.first, group.second);
- }
- PrintStats("All tests together", m_stats);
- fprintf(m_fp.Get(), "</font>\n");
- fprintf(m_fp.Get(), "</pre>\n");
- fprintf(m_fp.Get(), "</body>\n");
- fprintf(m_fp.Get(), "</html>\n");
-}
-
-bool HtmlCollector::ParseCollectorSpecificArg(const std::string& arg)
-{
- return ParseCollectorFileArg(arg, m_filename);
-}
-
-void HtmlCollector::CollectResult(const std::string& id,
- const FailStatus status,
- const std::string& reason,
- const bool& isPerformanceTest,
- const std::chrono::system_clock::duration& performanceTime,
- const std::chrono::system_clock::duration& performanceMaxTime)
-{
- using namespace DPL::Colors::Html;
- std::string tmp = "'" + id + "' ...";
-
- fprintf(m_fp.Get(), "Running test case %-100s", tmp.c_str());
- switch (status) {
- case FailStatus::NONE:
- if (isPerformanceTest) {
- if (performanceMaxTime <= std::chrono::microseconds::zero()) {
- fprintf(m_fp.Get(), GREEN_RESULT_OK_TIME,
- get_milliseconds(performanceTime));
- break;
- } else {
- if (performanceTime > performanceMaxTime)
- fprintf(m_fp.Get(), GREEN_RESULT_OK_TIME_TOO_LONG(
- get_milliseconds(performanceTime),
- get_milliseconds(performanceMaxTime)));
- else
- fprintf(m_fp.Get(), GREEN_RESULT_OK_TIME_MAX(
- get_milliseconds(performanceTime),
- get_milliseconds(performanceMaxTime)));
- break;
- }
- }
- fprintf(m_fp.Get(), GREEN_RESULT_OK);
- break;
- case FailStatus::FAILED:
- PrintfErrorMessage(" FAILED ", reason, true);
- break;
- case FailStatus::IGNORED:
- PrintfIgnoredMessage("Ignored ", reason, true);
- break;
- default:
- Assert(false && "Bad status");
- }
- m_groupsStats[m_currentGroup].AddTest(status);
- m_stats.AddTest(status);
-}
-
-void HtmlCollector::PrintfErrorMessage(const char* type,
- const std::string& message,
- bool verbosity)
-{
- using namespace DPL::Colors::Html;
- if (verbosity) {
- fprintf(m_fp.Get(),
- "[%s%s%s] %s%s%s\n",
- BOLD_RED_BEGIN,
- type,
- BOLD_RED_END,
- BOLD_YELLOW_BEGIN,
- message.c_str(),
- BOLD_YELLOW_END);
- } else {
- fprintf(m_fp.Get(),
- "[%s%s%s]\n",
- BOLD_RED_BEGIN,
- type,
- BOLD_RED_END);
- }
-}
-
-void HtmlCollector::PrintfIgnoredMessage(const char* type,
- const std::string& message,
- bool verbosity)
-{
- using namespace DPL::Colors::Html;
-
- if (verbosity) {
- fprintf(m_fp.Get(),
- "[%s%s%s] %s%s%s\n",
- CYAN_BEGIN,
- type,
- CYAN_END,
- BOLD_GOLD_BEGIN,
- message.c_str(),
- BOLD_GOLD_END);
- } else {
- fprintf(m_fp.Get(),
- "[%s%s%s]\n",
- CYAN_BEGIN,
- type,
- CYAN_END);
- }
-}
-
-void HtmlCollector::PrintStats(const std::string& name, const Statistic& stats)
-{
- using namespace DPL::Colors::Html;
- fprintf(
- m_fp.Get(), "\n%sResults [%s]:%s\n", BOLD_GREEN_BEGIN,
- name.c_str(), BOLD_GREEN_END);
- fprintf(
- m_fp.Get(), "%s%s%3zu%s\n", CYAN_BEGIN,
- "Total tests: ", stats.GetTotal(), CYAN_END);
- fprintf(
- m_fp.Get(), " %s%s%3zu%s\n", CYAN_BEGIN,
- "Succeeded: ", stats.GetPassed(), CYAN_END);
- fprintf(
- m_fp.Get(), " %s%s%3zu%s\n", CYAN_BEGIN,
- "Failed: ", stats.GetFailed(), CYAN_END);
- fprintf(
- m_fp.Get(), " %s%s%3zu%s\n", CYAN_BEGIN,
- "Ignored: ", stats.GetIgnored(), CYAN_END);
-}
-
-} // namespace Test
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector_summary.cpp
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @author Michal Witanowski (m.witanowski@samsung.com)
- * @version 1.0
- * @brief Source file containing SummaryCollector class definition.
- */
-
-#include <dpl/availability.h>
-#include <dpl/log/log.h>
-#include <dpl/test/test_results_collector_commons.h>
-
-#include "dpl/test/test_results_collector_summary.h"
-
-namespace DPL {
-namespace Test {
-
-namespace {
-
-const std::string DEFAULT_SUMMARY_FILE_NAME = "summary.txt";
-
-}
-
-SummaryCollector::SummaryCollector()
- : m_filename(DEFAULT_SUMMARY_FILE_NAME)
-{
-}
-
-TestResultsCollectorBase* SummaryCollector::Constructor()
-{
- return new SummaryCollector();
-}
-
-std::string SummaryCollector::CollectorSpecificHelp() const
-{
- return "--file=<filename> - name of file for output\n"
- " default - " + DEFAULT_SUMMARY_FILE_NAME + "\n";
-}
-
-bool SummaryCollector::ParseCollectorSpecificArg(const std::string& arg)
-{
- return ParseCollectorFileArg(arg, m_filename);
-}
-
-void SummaryCollector::Start()
-{
- writeStats(true);
-}
-
-void SummaryCollector::CollectResult(const std::string& id,
- const FailStatus status,
- const std::string& reason,
- const bool& isPerformanceTest,
- const std::chrono::system_clock::duration& performanceTime,
- const std::chrono::system_clock::duration& performanceMaxTime)
-{
- DPL_UNUSED_PARAM(id);
- DPL_UNUSED_PARAM(reason);
- DPL_UNUSED_PARAM(isPerformanceTest);
- DPL_UNUSED_PARAM(performanceTime);
- DPL_UNUSED_PARAM(performanceMaxTime);
-
- m_stats.AddTest(status);
- writeStats(true);
-}
-
-void SummaryCollector::Finish()
-{
- writeStats(false);
-}
-
-void SummaryCollector::writeStats(bool segfault)
-{
- m_output.open(m_filename.c_str(), std::ofstream::out | std::ofstream::trunc);
- if (!m_output) {
- LogPedantic("Could not open file " << m_filename << " for writing");
- return;
- }
- m_output << m_stats.GetTotal() << ' '
- << m_stats.GetPassed() << ' '
- << m_stats.GetFailed() << ' '
- << m_stats.GetIgnored() << (segfault ? " segfault" : "");
- if (!m_output)
- LogPedantic("Writing to " << m_filename << " file failed");
- m_output.close();
- if (!m_output)
- LogPedantic("Failed to close " << m_filename << " file");
-}
-
-} // namespace Test
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_results_collector_xml.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Source file containing XmlCollector class definition
- */
-
-#include <cerrno>
-#include <cstdio>
-#include <cstring>
-#include <sstream>
-
-#include <dpl/assert.h>
-#include <dpl/exception.h>
-#include <dpl/test/test_results_collector_commons.h>
-
-#include "dpl/test/test_results_collector_xml.h"
-
-namespace DPL {
-namespace Test {
-
-namespace {
-
-const char *DEFAULT_XML_FILE_NAME = "results.xml";
-
-}
-
-XmlCollector::XmlCollector()
- : m_filename(DEFAULT_XML_FILE_NAME)
-{
-}
-
-TestResultsCollectorBase* XmlCollector::Constructor()
-{
- return new XmlCollector();
-}
-
-void XmlCollector::CollectCurrentTestGroupName(const std::string& name)
-{
- std::size_t pos = GetCurrentGroupPosition();
- if (std::string::npos != pos) {
- GroupFinish(pos);
- FlushOutput();
- m_stats = Statistic();
- }
-
- pos = m_outputBuffer.find("</testsuites>");
- if (std::string::npos == pos) {
- ThrowMsg(DPL::Exception, "Could not find test suites closing tag");
- }
- GroupStart(pos, name);
-}
-
-void XmlCollector::GroupStart(const std::size_t pos, const std::string& name)
-{
- std::stringstream groupHeader;
- groupHeader << "\n\t<testsuite";
- groupHeader << " name=\"" << EscapeSpecialCharacters(name) << "\"";
- groupHeader << R"( tests="1")"; // include SegFault
- groupHeader << R"( failures="1")"; // include SegFault
- groupHeader << R"( skipped="0")";
- groupHeader << ">";
-
- groupHeader << "\n\t\t<testcase name=\"unknown\" status=\"FAILED\">";
- groupHeader <<
- "\n\t\t\t<failure type=\"FAILED\" message=\"segmentation fault\"/>";
- groupHeader << "\n\t\t</testcase>";
-
- groupHeader << "\n\t</testsuite>";
-
- m_outputBuffer.insert(pos - 1, groupHeader.str());
-}
-
-bool XmlCollector::Configure()
-{
- m_fp.Reset(fopen(m_filename.c_str(), "w"));
- if (!m_fp) {
- LogPedantic("Could not open file " << m_filename << " for writing");
- return false;
- }
- return true;
-}
-
-std::string XmlCollector::CollectorSpecificHelp() const
-{
- return "--file=<filename> - name of file for output\n"
- " default - results.xml\n";
-}
-
-void XmlCollector::Start()
-{
- Assert(!!m_fp && "File handle must not be null");
- m_outputBuffer.append("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n");
- m_outputBuffer.append("<testsuites>\n</testsuites>");
- FlushOutput();
-}
-
-void XmlCollector::Finish()
-{
- std::size_t pos = GetCurrentGroupPosition();
- if (std::string::npos != pos) {
- GroupFinish(pos);
- FlushOutput();
- }
-}
-
-bool XmlCollector::ParseCollectorSpecificArg(const std::string& arg)
-{
- return ParseCollectorFileArg(arg, m_filename);
-}
-
-void XmlCollector::CollectResult(const std::string& id,
- const FailStatus status,
- const std::string& reason,
- const bool& isPerformanceTest,
- const std::chrono::system_clock::duration& performanceTime,
- const std::chrono::system_clock::duration& performanceMaxTime)
-{
- m_resultBuffer.erase();
- m_resultBuffer.append("\t\t<testcase name=\"");
- m_resultBuffer.append(EscapeSpecialCharacters(id));
- m_resultBuffer.append("\"");
- switch (status) {
- case FailStatus::NONE:
- if (isPerformanceTest) {
- if (performanceMaxTime <= std::chrono::microseconds::zero()) {
- m_resultBuffer.append(" status=\"OK\" time=\"");
- std::ostringstream ostr;
- ostr << performanceTime.count();
- m_resultBuffer.append(ostr.str());
- m_resultBuffer.append("\"/>\n");
- break;
- } else {
- m_resultBuffer.append(" status=\"OK\" time=\"");
- std::ostringstream ostr;
- ostr << performanceTime.count();
- m_resultBuffer.append(ostr.str());
- m_resultBuffer.append("\" time_expected=\"");
- ostr.str("");
- ostr << performanceMaxTime.count();
- m_resultBuffer.append(ostr.str());
- m_resultBuffer.append("\"/>\n");
- break;
- }
- }
- m_resultBuffer.append(" status=\"OK\"/>\n");
- break;
- case FailStatus::FAILED:
- m_resultBuffer.append(" status=\"FAILED\">\n");
- PrintfErrorMessage("FAILED", EscapeSpecialCharacters(reason), true);
- m_resultBuffer.append("\t\t</testcase>\n");
- break;
- case FailStatus::IGNORED:
- m_resultBuffer.append(" status=\"Ignored\">\n");
- PrintfIgnoredMessage("Ignored", EscapeSpecialCharacters(
- reason), true);
- m_resultBuffer.append("\t\t</testcase>\n");
- break;
- default:
- Assert(false && "Bad status");
- }
- std::size_t group_pos = GetCurrentGroupPosition();
- if (std::string::npos == group_pos) {
- ThrowMsg(DPL::Exception, "No current group set");
- }
-
- std::size_t last_case_pos = m_outputBuffer.find(
- "<testcase name=\"unknown\"",
- group_pos);
- if (std::string::npos == last_case_pos) {
- ThrowMsg(DPL::Exception, "Could not find SegFault test case");
- }
- m_outputBuffer.insert(last_case_pos - 2, m_resultBuffer);
-
- m_stats.AddTest(status);
-
- UpdateGroupHeader(group_pos,
- m_stats.GetTotal() + 1, // include SegFault
- m_stats.GetFailed() + 1, // include SegFault
- m_stats.GetIgnored());
- FlushOutput();
-}
-
-std::size_t XmlCollector::GetCurrentGroupPosition() const
-{
- return m_outputBuffer.rfind("<testsuite ");
-}
-
-void XmlCollector::UpdateGroupHeader(const std::size_t groupPosition,
- const unsigned int tests,
- const unsigned int failures,
- const unsigned int skipped)
-{
- UpdateElementAttribute(groupPosition, "tests", UIntToString(tests));
- UpdateElementAttribute(groupPosition, "failures", UIntToString(failures));
- UpdateElementAttribute(groupPosition, "skipped", UIntToString(skipped));
-}
-
-void XmlCollector::UpdateElementAttribute(const std::size_t elementPosition,
- const std::string& name,
- const std::string& value)
-{
- std::string pattern = name + "=\"";
-
- std::size_t start = m_outputBuffer.find(pattern, elementPosition);
- if (std::string::npos == start) {
- ThrowMsg(DPL::Exception,
- "Could not find attribute " << name << " beginning");
- }
-
- std::size_t end = m_outputBuffer.find("\"", start + pattern.length());
- if (std::string::npos == end) {
- ThrowMsg(DPL::Exception,
- "Could not find attribute " << name << " end");
- }
-
- m_outputBuffer.replace(start + pattern.length(),
- end - start - pattern.length(),
- value);
-}
-
-std::string XmlCollector::UIntToString(const unsigned int value)
-{
- std::stringstream result;
- result << value;
- return result.str();
-}
-
-void XmlCollector::GroupFinish(const std::size_t groupPosition)
-{
- std::size_t segFaultStart =
- m_outputBuffer.find("<testcase name=\"unknown\"", groupPosition);
- if (std::string::npos == segFaultStart) {
- ThrowMsg(DPL::Exception,
- "Could not find SegFault test case start position");
- }
- segFaultStart -= 2; // to erase tabs
-
- std::string closeTag = "</testcase>";
- std::size_t segFaultEnd = m_outputBuffer.find(closeTag, segFaultStart);
- if (std::string::npos == segFaultEnd) {
- ThrowMsg(DPL::Exception,
- "Could not find SegFault test case end position");
- }
- segFaultEnd += closeTag.length() + 1; // to erase new line
-
- m_outputBuffer.erase(segFaultStart, segFaultEnd - segFaultStart);
-
- UpdateGroupHeader(groupPosition,
- m_stats.GetTotal(),
- m_stats.GetFailed(),
- m_stats.GetIgnored());
-}
-
-void XmlCollector::FlushOutput()
-{
- int fd = fileno(m_fp.Get());
- if (-1 == fd) {
- const char* errStr = strerror(errno);
- ThrowMsg(DPL::Exception, errStr);
- }
-
- if (-1 == TEMP_FAILURE_RETRY(ftruncate(fd, 0L))) {
- const char* errStr = strerror(errno);
- ThrowMsg(DPL::Exception, errStr);
- }
-
- if (-1 == TEMP_FAILURE_RETRY(fseek(m_fp.Get(), 0L, SEEK_SET))) {
- const char* errStr = strerror(errno);
- ThrowMsg(DPL::Exception, errStr);
- }
-
- if (m_outputBuffer.size() !=
- fwrite(m_outputBuffer.c_str(), 1, m_outputBuffer.size(),
- m_fp.Get()))
- {
- const char* errStr = strerror(errno);
- ThrowMsg(DPL::Exception, errStr);
- }
-
- if (-1 == TEMP_FAILURE_RETRY(fflush(m_fp.Get()))) {
- const char* errStr = strerror(errno);
- ThrowMsg(DPL::Exception, errStr);
- }
-}
-
-void XmlCollector::PrintfErrorMessage(const char* type,
- const std::string& message,
- bool verbosity)
-{
- if (verbosity) {
- m_resultBuffer.append("\t\t\t<failure type=\"");
- m_resultBuffer.append(EscapeSpecialCharacters(type));
- m_resultBuffer.append("\" message=\"");
- m_resultBuffer.append(EscapeSpecialCharacters(message));
- m_resultBuffer.append("\"/>\n");
- } else {
- m_resultBuffer.append("\t\t\t<failure type=\"");
- m_resultBuffer.append(EscapeSpecialCharacters(type));
- m_resultBuffer.append("\"/>\n");
- }
-}
-
-void XmlCollector::PrintfIgnoredMessage(const char* type,
- const std::string& message,
- bool verbosity)
-{
- if (verbosity) {
- m_resultBuffer.append("\t\t\t<skipped type=\"");
- m_resultBuffer.append(EscapeSpecialCharacters(type));
- m_resultBuffer.append("\" message=\"");
- m_resultBuffer.append(EscapeSpecialCharacters(message));
- m_resultBuffer.append("\"/>\n");
- } else {
- m_resultBuffer.append("\t\t\t<skipped type=\"");
- m_resultBuffer.append(EscapeSpecialCharacters(type));
- m_resultBuffer.append("\"/>\n");
- }
-}
-
-std::string XmlCollector::EscapeSpecialCharacters(std::string s)
-{
- for (unsigned int i = 0; i < s.size();) {
- switch (s[i]) {
- case '"':
- s.erase(i, 1);
- s.insert(i, """);
- i += 6;
- break;
-
- case '&':
- s.erase(i, 1);
- s.insert(i, "&");
- i += 5;
- break;
-
- case '<':
- s.erase(i, 1);
- s.insert(i, "<");
- i += 4;
- break;
-
- case '>':
- s.erase(i, 1);
- s.insert(i, ">");
- i += 4;
- break;
-
- case '\'':
- s.erase(i, 1);
- s.insert(i, "'");
- i += 5;
- break;
- default:
- ++i;
- break;
- }
- }
- return s;
-}
-
-} // namespace Test
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_runner.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of test runner
- */
-#include <stddef.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_results_collector.h>
-#include <dpl/exception.h>
-#include <dpl/scoped_free.h>
-#include <dpl/log/log.h>
-#include <dpl/colors.h>
-#include <pcrecpp.h>
-#include <algorithm>
-#include <cstdio>
-#include <memory.h>
-#include <libgen.h>
-#include <cstring>
-#include <cstdlib>
-
-#include <libxml/xpath.h>
-#include <libxml/xpathInternals.h>
-#include <libxml/parser.h>
-#include <libxml/tree.h>
-
-#include <dpl/singleton_impl.h>
-IMPLEMENT_SINGLETON(DPL::Test::TestRunner)
-
-namespace {
-
-std::string getXMLNode(xmlNodePtr node)
-{
- std::string ret;
- xmlChar * value = xmlNodeGetContent(node);
- ret = std::string(reinterpret_cast<char*>(value));
- xmlFree(value);
- return ret;
-}
-
-}
-
-
-namespace DPL {
-namespace Test {
-namespace // anonymous
-{
-std::string BaseName(std::string aPath)
-{
- ScopedFree<char> path(strdup(aPath.c_str()));
- if (nullptr == path.Get()) {
- throw std::bad_alloc();
- }
- char* baseName = basename(path.Get());
- std::string retValue = baseName;
- return retValue;
-}
-} // namespace anonymous
-
-//! \brief Failed test message creator
-//!
-//! \param[in] aTest string for tested expression
-//! \param[in] aFile source file name
-//! \param[in] aLine source file line
-//! \param[in] aMessage error message
-TestRunner::TestFailed::TestFailed(const char* aTest,
- const char* aFile,
- int aLine,
- const std::string &aMessage)
-{
- std::ostringstream assertMsg;
- assertMsg << "[" << BaseName(aFile) << ":" << aLine
- << "] Assertion failed ("
- << aTest << ") " << aMessage;
- m_message = assertMsg.str();
-}
-
-TestRunner::TestFailed::TestFailed(const std::string &message)
-{
- m_message = message;
-}
-
-void TestRunner::RegisterTest(const char *testName, TestCase proc)
-{
- m_testGroups[m_currentGroup].push_back(TestCaseStruct(testName, proc));
-}
-
-void TestRunner::InitGroup(const char* name)
-{
- m_currentGroup = name;
-}
-
-void TestRunner::normalizeXMLTag(std::string& str, const std::string& testcase)
-{
- //Add testcase if missing
- std::string::size_type pos = str.find(testcase);
- if(pos != 0)
- {
- str = testcase + "_" + str;
- }
-
- //dpl test runner cannot have '-' character in name so it have to be replaced
- // for TCT case to make comparision works
- std::replace(str.begin(), str.end(), '-', '_');
-}
-
-bool TestRunner::filterGroupsByXmls(const std::vector<std::string> & files)
-{
- DECLARE_EXCEPTION_TYPE(DPL::Exception, XMLError)
-
- const std::string idPath = "/test_definition/suite/set/testcase/@id";
-
- bool success = true;
- std::map<std::string, bool> casesMap;
-
- std::string testsuite;
- if(!m_testGroups.empty())
- {
- for(TestCaseGroupMap::const_iterator cit = m_testGroups.begin(); cit != m_testGroups.end(); ++cit)
- {
- if(!cit->second.empty())
- {
- for(TestCaseStructList::const_iterator cj = cit->second.begin(); cj != cit->second.end(); ++cj)
- {
- std::string name = cj->name;
- std::string::size_type st = name.find('_');
- if(st != std::string::npos)
- {
- name = name.substr(0, st);
- testsuite = name;
- break;
- }
- }
- if(!testsuite.empty()) break;
- }
- }
- }
-
- xmlInitParser();
- LIBXML_TEST_VERSION
- xmlXPathInit();
-
- Try
- {
- for (const std::string &file : files)
- {
- xmlDocPtr doc;
- xmlXPathContextPtr xpathCtx;
-
- doc = xmlReadFile(file.c_str(), nullptr, 0);
- if (doc == nullptr) {
- ThrowMsg(XMLError, "File Problem");
- } else {
- //context
- xpathCtx = xmlXPathNewContext(doc);
- if (xpathCtx == nullptr) {
- ThrowMsg(XMLError,
- "Error: unable to create new XPath context\n");
- }
- xpathCtx->node = xmlDocGetRootElement(doc);
- }
-
- std::string result;
- xmlXPathObjectPtr xpathObject;
- //get requested node's values
- xpathObject = xmlXPathEvalExpression(BAD_CAST idPath.c_str(), xpathCtx);
- if (xpathObject == nullptr)
- {
- ThrowMsg(XMLError, "XPath evaluation failure: " << idPath);
- }
- xmlNodeSetPtr nodes = xpathObject->nodesetval;
- unsigned size = (nodes) ? nodes->nodeNr : 0;
- LogDebug("Found " << size << " nodes matching xpath");
- for(unsigned i = 0; i < size; ++i)
- {
- LogPedantic("Type: " << nodes->nodeTab[i]->type);
- if (nodes->nodeTab[i]->type == XML_ATTRIBUTE_NODE) {
- xmlNodePtr curNode = nodes->nodeTab[i];
- result = getXMLNode(curNode);
- LogPedantic("Result: " << result);
- normalizeXMLTag(result, testsuite);
- casesMap.insert(make_pair(result, false));
- }
- }
- //Cleanup of XPath data
- xmlXPathFreeObject(xpathObject);
- xmlXPathFreeContext(xpathCtx);
- xmlFreeDoc(doc);
- }
- }
- Catch(XMLError)
- {
- LogError("Libxml error: " << _rethrown_exception.DumpToString());
- success = false;
- }
- xmlCleanupParser();
-
- if(!filterByXML(casesMap))
- {
- success = false;
- }
-
- return success;
-}
-
-bool TestRunner::filterByXML(std::map<std::string, bool> & casesMap)
-{
- for (auto &group : m_testGroups) {
- TestCaseStructList newList;
- for (auto &tc : group.second)
- {
- if (casesMap.find(tc.name) != casesMap.end()) {
- casesMap[tc.name] = true;
- newList.push_back(tc);
- }
- }
- group.second = newList;
- }
- for (auto &cs : casesMap)
- {
- if(cs.second == false)
- {
- LogError("Cannot find testcase from XML file: " << cs.first);
- return false;
- }
- }
- return true;
-}
-
-TestRunner::Status TestRunner::RunTestCase(const TestCaseStruct& testCase)
-{
- setCurrentTestCase(&(const_cast<TestCaseStruct &>(testCase)));
- try {
- testCase.proc();
- } catch (const TestFailed &e) {
- // Simple test failure
- CollectResult(testCase.name,
- TestResultsCollectorBase::FailStatus::FAILED,
- getConcatedFailReason(e.GetMessage()));
-
- setCurrentTestCase(nullptr);
- return FAILED;
- } catch (const Ignored &e) {
- if (m_runIgnored) {
- // Simple test have to be implemented
- CollectResult(testCase.name,
- TestResultsCollectorBase::FailStatus::IGNORED,
- e.GetMessage());
- }
-
- setCurrentTestCase(nullptr);
- return IGNORED;
- } catch (const std::exception &) {
- // std exception failure
- CollectResult(testCase.name,
- TestResultsCollectorBase::FailStatus::FAILED,
- "std exception");
-
- setCurrentTestCase(nullptr);
- return FAILED;
- } catch (...) {
- // Unknown exception failure
- CollectResult(testCase.name,
- TestResultsCollectorBase::FailStatus::FAILED,
- "unknown exception");
-
- setCurrentTestCase(nullptr);
- return FAILED;
- }
-
- CollectResult(testCase.name,
- TestResultsCollectorBase::FailStatus::NONE,
- "",
- testCase.m_isPerformanceTest,
- testCase.m_performanceTestDurationTime,
- testCase.m_performanceMaxTime);
- setCurrentTestCase(nullptr);
-
- // Everything OK
- return PASS;
-}
-
-void TestRunner::RunTests()
-{
- using namespace DPL::Colors::Text;
-
- Banner();
- for (auto &collector : m_collectors) {
- collector.second->Start();
- }
-
- unsigned count = 0;
- for (auto &group : m_testGroups) {
- count += group.second.size();
- }
- fprintf(stderr, "%sFound %d testcases...%s\n", GREEN_BEGIN, count, GREEN_END);
- fprintf(stderr, "%s%s%s\n", GREEN_BEGIN, "Running tests...", GREEN_END);
- for (auto &group : m_testGroups) {
- TestCaseStructList list = group.second;
- if (!list.empty()) {
- for (auto &collector : m_collectors) {
- collector.second->CollectCurrentTestGroupName(group.first);
- }
- list.sort();
-
- for (TestCaseStructList::const_iterator iterator = list.begin();
- iterator != list.end();
- ++iterator)
- {
- TestCaseStruct test = *iterator;
- if (m_startTestId == test.name) {
- m_startTestId = "";
- }
-
- if (m_startTestId.empty()) {
- RunTestCase(test);
- }
- if (m_terminate == true) {
- // Terminate quietly without any logs
- return;
- }
- }
- }
- }
-
- std::for_each(m_collectors.begin(),
- m_collectors.end(),
- [] (const TestResultsCollectors::value_type & collector)
- {
- collector.second->Finish();
- });
-
- // Finished
- fprintf(stderr, "%s%s%s\n\n", GREEN_BEGIN, "Finished", GREEN_END);
-}
-
-TestRunner::TestCaseStruct *TestRunner::getCurrentTestCase()
-{
- return m_currentTestCase;
-}
-
-void TestRunner::setCurrentTestCase(TestCaseStruct* testCase)
-{
- m_currentTestCase = testCase;
-}
-
-void TestRunner::beginPerformanceTestTime(std::chrono::system_clock::duration maxTimeInMicroseconds)
-{
- TestCaseStruct* testCase = getCurrentTestCase();
- if (!testCase)
- return;
-
- testCase->m_isPerformanceTest = true;
- testCase->m_performanceMaxTime = maxTimeInMicroseconds;
- testCase->m_performanceTestStartTime = std::chrono::system_clock::now();
-
- // Set result to 0 microseconds. Display 0ms result when end macro is missing.
- testCase->m_performanceTestDurationTime = std::chrono::microseconds::zero();
-}
-
-void TestRunner::endPerformanceTestTime()
-{
- TestCaseStruct* testCase = getCurrentTestCase();
- if (!testCase)
- return;
-
- testCase->m_performanceTestDurationTime = std::chrono::system_clock::now() -
- testCase->m_performanceTestStartTime;
-}
-
-void TestRunner::getCurrentTestCasePerformanceResult(bool& isPerformanceTest,
- std::chrono::system_clock::duration& result,
- std::chrono::system_clock::duration& resultMax)
-{
- TestCaseStruct* testCase = getCurrentTestCase();
- if (!testCase || !(testCase->m_isPerformanceTest)){
- isPerformanceTest = false;
- return;
- }
-
- isPerformanceTest = testCase->m_isPerformanceTest;
- result = testCase->m_performanceTestDurationTime;
- resultMax = testCase->m_performanceMaxTime;
-}
-
-void TestRunner::setCurrentTestCasePerformanceResult(bool isPerformanceTest,
- std::chrono::system_clock::duration result,
- std::chrono::system_clock::duration resultMax)
-{
- TestCaseStruct* testCase = getCurrentTestCase();
- if (!testCase)
- return;
-
- testCase->m_isPerformanceTest = isPerformanceTest;
- testCase->m_performanceTestDurationTime = result;
- testCase->m_performanceMaxTime = resultMax;
-}
-
-void TestRunner::addFailReason(const std::string &reason)
-{
- m_failReason.push(reason);
-}
-
-std::string TestRunner::getConcatedFailReason(const std::string &reason)
-{
- std::string ret;
- while (!m_failReason.empty())
- {
- ret += m_failReason.front();
- m_failReason.pop();
- }
- return reason + ret;
-}
-
-void TestRunner::CollectResult(
- const std::string& id,
- const TestResultsCollectorBase::FailStatus status,
- const std::string& reason,
- const bool& isPerformanceTest,
- const std::chrono::system_clock::duration& performanceTestDurationTime,
- const std::chrono::system_clock::duration& performanceMaxTime)
-{
- std::for_each(m_collectors.begin(),
- m_collectors.end(),
- [&](const TestResultsCollectors::value_type & collector)
- {
- collector.second->CollectResult(id,
- status,
- reason,
- isPerformanceTest,
- performanceTestDurationTime,
- performanceMaxTime);
- });
-}
-
-void TestRunner::Banner()
-{
- using namespace DPL::Colors::Text;
- fprintf(stderr,
- "%s%s%s\n",
- BOLD_GREEN_BEGIN,
- "DPL tests runner",
- BOLD_GREEN_END);
- fprintf(stderr,
- "%s%s%s%s\n\n",
- GREEN_BEGIN,
- "Build: ",
- __TIMESTAMP__,
- GREEN_END);
-}
-
-void TestRunner::InvalidArgs(const std::string& message)
-{
- using namespace DPL::Colors::Text;
- fprintf(stderr,
- "%s%s%s\n",
- BOLD_RED_BEGIN,
- message.c_str(),
- BOLD_RED_END);
-}
-
-void TestRunner::Usage()
-{
- fprintf(stderr, "Usage: runner [options]\n\n");
- fprintf(stderr, "Output type:\n");
- fprintf(stderr, " --output=<output type> --output=<output type> ...\n");
- fprintf(stderr, "\n possible output types:\n");
- for (std::string &type : TestResultsCollectorBase::GetCollectorsNames()) {
- fprintf(stderr, " --output=%s\n", type.c_str());
- }
- fprintf(stderr, "\n example:\n");
- fprintf(stderr,
- " test-binary --output=text --output=xml --file=output.xml\n\n");
- fprintf(stderr, "Other parameters:\n");
- fprintf(stderr,
- " --regexp='regexp'\t Only selected tests"
- " which names match regexp run\n\n");
- fprintf(stderr, " --start=<test id>\tStart from concrete test id");
- fprintf(stderr, " --group=<group name>\t Run tests only from one group\n");
- fprintf(stderr, " --runignored\t Run also ignored tests\n");
- fprintf(stderr, " --list\t Show a list of Test IDs\n");
- fprintf(stderr, " --listgroups\t Show a list of Test Group names \n");
- fprintf(stderr, " --only-from-xml=<xml file>\t Run only testcases specified in XML file \n"
- " XML name is taken from attribute id=\"part1_part2\" as whole.\n"
- " If part1 is not found (no _) then it is implicitily "
- "set according to suite part1 from binary tests\n");
- fprintf(
- stderr,
- " --listingroup=<group name>\t Show a list of Test IDS in one group\n");
- fprintf(stderr, " --allowchildlogs\t Allow to print logs from child process on screen.\n");
- fprintf(stderr, " When active child process will be able to print logs on stdout and stderr.\n");
- fprintf(stderr, " Both descriptors will be closed after test.\n");
- fprintf(stderr, " --help\t This help\n\n");
- std::for_each(m_collectors.begin(),
- m_collectors.end(),
- [] (const TestResultsCollectors::value_type & collector)
- {
- fprintf(stderr,
- "Output %s has specific args:\n",
- collector.first.c_str());
- fprintf(stderr,
- "%s\n",
- collector.second->
- CollectorSpecificHelp().c_str());
- });
- fprintf(stderr, "For bug reporting, please write to:\n");
- fprintf(stderr, "<p.dobrowolsk@samsung.com>\n");
-}
-
-int TestRunner::ExecTestRunner(int argc, char *argv[])
-{
- std::vector<std::string> args;
- for (int i = 0; i < argc; ++i) {
- args.push_back(argv[i]);
- }
- return ExecTestRunner(args);
-}
-
-void TestRunner::MarkAssertion()
-{
- ++m_totalAssertions;
-}
-
-int TestRunner::ExecTestRunner(ArgsList args)
-{
- m_runIgnored = false;
- // Parse command line
-
- args.erase(args.begin());
-
- bool showHelp = false;
- bool justList = false;
- std::vector<std::string> xmlFiles;
-
- TestResultsCollectorBasePtr currentCollector;
-
- // Parse each argument
- for(std::string &arg : args)
- {
- const std::string regexp = "--regexp=";
- const std::string output = "--output=";
- const std::string groupId = "--group=";
- const std::string runIgnored = "--runignored";
- const std::string listCmd = "--list";
- const std::string startCmd = "--start=";
- const std::string listGroupsCmd = "--listgroups";
- const std::string listInGroup = "--listingroup=";
- const std::string allowChildLogs = "--allowchildlogs";
- const std::string onlyFromXML = "--only-from-xml=";
-
- if (currentCollector) {
- if (currentCollector->ParseCollectorSpecificArg(arg)) {
- continue;
- }
- }
-
- if (arg.find(startCmd) == 0) {
- arg.erase(0, startCmd.length());
- for (auto &group : m_testGroups) {
- for (auto &tc : group.second) {
- if (tc.name == arg) {
- m_startTestId = arg;
- break;
- }
- }
- if (!m_startTestId.empty()) {
- break;
- }
- }
- if (!m_startTestId.empty()) {
- continue;
- }
- InvalidArgs();
- fprintf(stderr, "Start test id has not been found\n");
- Usage();
- return 0;
- } else if (arg.find(groupId) == 0) {
- arg.erase(0, groupId.length());
- TestCaseGroupMap::iterator found = m_testGroups.find(arg);
- if (found != m_testGroups.end()) {
- std::string name = found->first;
- TestCaseStructList newList = found->second;
- m_testGroups.clear();
- m_testGroups[name] = newList;
- } else {
- fprintf(stderr, "Group %s not found\n", arg.c_str());
- InvalidArgs();
- Usage();
- return -1;
- }
- } else if (arg == runIgnored) {
- m_runIgnored = true;
- } else if (arg == listCmd) {
- justList = true;
- } else if (arg == listGroupsCmd) {
- for (auto &group : m_testGroups) {
- printf("GR:%s\n", group.first.c_str());
- }
- return 0;
- } else if (arg.find(listInGroup) == 0) {
- arg.erase(0, listInGroup.length());
- for (auto &test : m_testGroups[arg]) {
- printf("ID:%s\n", test.name.c_str());
- }
- return 0;
- } else if (arg.find(allowChildLogs) == 0) {
- arg.erase(0, allowChildLogs.length());
- m_allowChildLogs = true;
- } else if (arg == "--help") {
- showHelp = true;
- } else if (arg.find(output) == 0) {
- arg.erase(0, output.length());
- if (m_collectors.find(arg) != m_collectors.end()) {
- InvalidArgs(
- "Multiple outputs of the same type are not supported!");
- Usage();
- return -1;
- }
- currentCollector.reset(TestResultsCollectorBase::Create(arg));
- if (!currentCollector) {
- InvalidArgs("Unsupported output type!");
- Usage();
- return -1;
- }
- m_collectors[arg] = currentCollector;
- } else if (arg.find(regexp) == 0) {
- arg.erase(0, regexp.length());
- if (arg.length() == 0) {
- InvalidArgs();
- Usage();
- return -1;
- }
-
- if (arg[0] == '\'' && arg[arg.length() - 1] == '\'') {
- arg.erase(0);
- arg.erase(arg.length() - 1);
- }
-
- if (arg.length() == 0) {
- InvalidArgs();
- Usage();
- return -1;
- }
-
- pcrecpp::RE re(arg.c_str());
- for (auto &group : m_testGroups) {
- TestCaseStructList newList;
- for (auto &tc : group.second)
- {
- if (re.PartialMatch(tc.name)) {
- newList.push_back(tc);
- }
- }
- group.second = newList;
- }
- } else if(arg.find(onlyFromXML) == 0) {
- arg.erase(0, onlyFromXML.length());
- if (arg.length() == 0) {
- InvalidArgs();
- Usage();
- return -1;
- }
-
- if (arg[0] == '\'' && arg[arg.length() - 1] == '\'') {
- arg.erase(0);
- arg.erase(arg.length() - 1);
- }
-
- if (arg.length() == 0) {
- InvalidArgs();
- Usage();
- return -1;
- }
-
- xmlFiles.push_back(arg);
- } else {
- InvalidArgs();
- Usage();
- return -1;
- }
- }
-
- if(!xmlFiles.empty())
- {
- if(!filterGroupsByXmls(xmlFiles))
- {
- fprintf(stderr, "XML file is not correct\n");
- return 0;
- }
- }
-
- if(justList)
- {
- for (auto &group : m_testGroups) {
- for (auto &tc : group.second) {
- printf("ID:%s:%s\n", group.first.c_str(), tc.name.c_str());
- }
- }
- return 0;
- }
-
- currentCollector.reset();
-
- // Show help
- if (showHelp) {
- Usage();
- return 0;
- }
-
- if (m_collectors.empty()) {
- TestResultsCollectorBasePtr collector(
- TestResultsCollectorBase::Create("text"));
- m_collectors["text"] = collector;
- }
-
- for (auto &collector : m_collectors) {
- if (!collector.second->Configure()) {
- fprintf(stderr, "Could not configure selected output");
- return 0;
- }
- }
-
- // Run tests
- RunTests();
-
- return 0;
-}
-
-bool TestRunner::getRunIgnored() const
-{
- return m_runIgnored;
-}
-
-void TestRunner::Terminate()
-{
- m_terminate = true;
-}
-
-bool TestRunner::GetAllowChildLogs()
-{
- return m_allowChildLogs;
-}
-
-}
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_runner_child.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of test runner
- */
-#include <stddef.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_results_collector.h>
-#include <dpl/binary_queue.h>
-#include <dpl/exception.h>
-#include <dpl/scoped_free.h>
-#include <dpl/colors.h>
-#include <pcrecpp.h>
-#include <algorithm>
-#include <cstdio>
-#include <memory.h>
-#include <libgen.h>
-#include <cstring>
-#include <cstdlib>
-#include <ctime>
-#include <unistd.h>
-#include <poll.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/stat.h>
-
-namespace {
-const int CHILD_TEST_FAIL = 0;
-const int CHILD_TEST_PASS = 1;
-const int CHILD_TEST_IGNORED = 2;
-
-const int MSG_TYPE_MESSAGE = 0; // sizeof(Message) + Message
-const int MSG_TYPE_PERF_TIME = 1; // perfTime + maxTime
-
-int closeOutput() {
- int devnull;
- int retcode = -1;
- if (-1 == (devnull = TEMP_FAILURE_RETRY(open("/dev/null", O_WRONLY))))
- return -1;
-
- // replace stdout with /dev/null
- if (-1 == TEMP_FAILURE_RETRY(dup2(devnull, STDOUT_FILENO)))
- goto end;
-
- // replace stderr with /dev/null
- if (-1 == TEMP_FAILURE_RETRY(dup2(devnull, STDERR_FILENO)))
- goto end;
-
- retcode = 0;
-
-end:
- close(devnull);
- return retcode;
-}
-
-} // namespace anonymous
-
-namespace DPL {
-namespace Test {
-
-PipeWrapper::PipeWrapper()
-{
- if (-1 == pipe(m_pipefd)) {
- m_pipefd[0] = PIPE_CLOSED;
- m_pipefd[1] = PIPE_CLOSED;
- }
-}
-
-PipeWrapper::~PipeWrapper()
-{
- closeHelp(0);
- closeHelp(1);
-}
-
-bool PipeWrapper::isReady()
-{
- return m_pipefd[0] != PIPE_CLOSED || m_pipefd[1] != PIPE_CLOSED;
-}
-
-void PipeWrapper::setUsage(Usage usage)
-{
- if (usage == READONLY) {
- closeHelp(1);
- }
- if (usage == WRITEONLY) {
- closeHelp(0);
- }
-}
-
-PipeWrapper::Status PipeWrapper::send(int code, std::string &message)
-{
- if (m_pipefd[1] == PIPE_CLOSED) {
- return ERROR;
- }
-
- std::ostringstream output;
- output << toBinaryString(code);
- output << toBinaryString(MSG_TYPE_MESSAGE);
- output << toBinaryString(static_cast<int>(message.size()));
- output << message;
-
- std::string binary = output.str();
- int size = binary.size();
-
- if ((writeHelp(&size,
- sizeof(int)) == ERROR) ||
- (writeHelp(binary.c_str(), size) == ERROR))
- {
- return ERROR;
- }
- return SUCCESS;
-}
-
-PipeWrapper::Status PipeWrapper::sendTime(int code,
- std::chrono::system_clock::duration time,
- std::chrono::system_clock::duration timeMax)
-{
- if (m_pipefd[1] == PIPE_CLOSED) {
- return ERROR;
- }
-
- std::ostringstream output;
- output << toBinaryString(code);
- output << toBinaryString(MSG_TYPE_PERF_TIME);
- output << toBinaryString(time);
- output << toBinaryString(timeMax);
-
- std::string binary = output.str();
- int size = binary.size();
-
- if ((writeHelp(&size,
- sizeof(int)) == ERROR) ||
- (writeHelp(binary.c_str(), size) == ERROR))
- {
- return ERROR;
- }
- return SUCCESS;
-}
-
-PipeWrapper::Status PipeWrapper::receive(int &code,
- int &msgType,
- std::string &data,
- std::chrono::system_clock::duration &time,
- std::chrono::system_clock::duration &timeMax,
- time_t deadline)
-{
- if (m_pipefd[0] == PIPE_CLOSED) {
- return ERROR;
- }
-
- int size;
- Status ret;
-
- if ((ret = readHelp(&size, sizeof(int), deadline)) != SUCCESS) {
- return ret;
- }
-
- std::vector<char> buffer;
- buffer.resize(size);
-
- if ((ret = readHelp(&buffer[0], size, deadline)) != SUCCESS) {
- return ret;
- }
-
- try {
- DPL::BinaryQueue queue;
- queue.AppendCopy(&buffer[0], size);
-
- queue.FlattenConsume(&code, sizeof(int));
- queue.FlattenConsume(&msgType, sizeof(int));
-
- switch (msgType) {
- case MSG_TYPE_MESSAGE:
- queue.FlattenConsume(&size, sizeof(int));
-
- buffer.resize(size);
-
- queue.FlattenConsume(&buffer[0], size);
- data.assign(buffer.begin(), buffer.end());
- break;
- case MSG_TYPE_PERF_TIME:
- queue.FlattenConsume(&time, sizeof(std::chrono::system_clock::duration));
- queue.FlattenConsume(&timeMax, sizeof(std::chrono::system_clock::duration));
- break;
- default:
- return ERROR;
- }
- } catch (DPL::BinaryQueue::Exception::Base &e) {
- return ERROR;
- }
- return SUCCESS;
-}
-
-void PipeWrapper::closeAll()
-{
- closeHelp(0);
- closeHelp(1);
-}
-
-std::string PipeWrapper::toBinaryString(int data)
-{
- char buffer[sizeof(int)];
- memcpy(buffer, &data, sizeof(int));
- return std::string(buffer, buffer + sizeof(int));
-}
-
-std::string PipeWrapper::toBinaryString(std::chrono::system_clock::duration data)
-{
- char buffer[sizeof(std::chrono::system_clock::duration)];
- memcpy(buffer, &data, sizeof(std::chrono::system_clock::duration));
- return std::string(buffer, buffer + sizeof(std::chrono::system_clock::duration));
-}
-
-void PipeWrapper::closeHelp(int desc)
-{
- if (m_pipefd[desc] != PIPE_CLOSED) {
- TEMP_FAILURE_RETRY(close(m_pipefd[desc]));
- m_pipefd[desc] = PIPE_CLOSED;
- }
-}
-
-PipeWrapper::Status PipeWrapper::writeHelp(const void *buffer, int size)
-{
- int ready = 0;
- const char *p = static_cast<const char *>(buffer);
- while (ready != size) {
- int ret = write(m_pipefd[1], &p[ready], size - ready);
-
- if (ret == -1 && (errno == EAGAIN || errno == EINTR)) {
- continue;
- }
-
- if (ret == -1) {
- closeHelp(1);
- return ERROR;
- }
-
- ready += ret;
- }
- return SUCCESS;
-}
-
-PipeWrapper::Status PipeWrapper::readHelp(void *buf, int size, time_t deadline)
-{
- int ready = 0;
- char *buffer = static_cast<char*>(buf);
- while (ready != size) {
- time_t wait = deadline - time(0);
- wait = wait < 1 ? 1 : wait;
- pollfd fds = { m_pipefd[0], POLLIN, 0 };
-
- int pollReturn = poll(&fds, 1, wait * 1000);
-
- if (pollReturn == 0) {
- return TIMEOUT; // Timeout
- }
-
- if (pollReturn < -1) {
- return ERROR;
- }
-
- int ret = read(m_pipefd[0], &buffer[ready], size - ready);
-
- if (ret == -1 && (errno == EAGAIN || errno == EINTR)) {
- continue;
- }
-
- if (ret == -1 || ret == 0) {
- closeHelp(0);
- return ERROR;
- }
-
- ready += ret;
- }
- return SUCCESS;
-}
-
-void RunChildProc(TestRunner::TestCase procChild)
-{
- PipeWrapper pipe;
- if (!pipe.isReady()) {
- throw TestRunner::TestFailed("Pipe creation failed");
- }
-
- pid_t pid = fork();
-
- if (pid == -1) {
- throw TestRunner::TestFailed("Child creation failed");
- }
-
- if (pid != 0) {
- // parent code
- pipe.setUsage(PipeWrapper::READONLY);
-
- int code;
- int msgType;
- std::chrono::system_clock::duration time_m;
- std::chrono::system_clock::duration timeMax_m;
- std::string message;
-
- int pipeReturn = pipe.receive(code, msgType, message, time_m, timeMax_m, time(0) + 10);
-
- if (pipeReturn != PipeWrapper::SUCCESS) { // Timeout or reading error
- pipe.closeAll();
- kill(pid, SIGKILL);
- }
-
- int status;
- waitpid(pid, &status, 0);
-
- if (pipeReturn == PipeWrapper::TIMEOUT) {
- throw TestRunner::TestFailed("Timeout");
- }
-
- if (pipeReturn == PipeWrapper::ERROR) {
- throw TestRunner::TestFailed("Reading pipe error");
- }
-
- if (code == CHILD_TEST_PASS && msgType == MSG_TYPE_PERF_TIME) {
- DPL::Test::TestRunnerSingleton::Instance().setCurrentTestCasePerformanceResult(true,
- time_m,
- timeMax_m);
- }
-
- if (code == CHILD_TEST_FAIL) {
- throw TestRunner::TestFailed(message);
- } else if (code == CHILD_TEST_IGNORED) {
- throw TestRunner::Ignored(message);
- }
- } else {
- // child code
-
- // End Runner after current test
- TestRunnerSingleton::Instance().Terminate();
-
- int code = CHILD_TEST_PASS;
- std::string msg;
- bool isPerformanceTest;
- std::chrono::system_clock::duration time_m;
- std::chrono::system_clock::duration timeMax_m;
-
- bool allowLogs = TestRunnerSingleton::Instance().GetAllowChildLogs();
-
- close(STDIN_FILENO);
- if (!allowLogs) {
- closeOutput(); // if fails nothing we can do
- }
-
- pipe.setUsage(PipeWrapper::WRITEONLY);
-
- try {
- procChild();
- } catch (const DPL::Test::TestRunner::TestFailed &e) {
- msg = e.GetMessage();
- code = CHILD_TEST_FAIL;
- } catch (const DPL::Test::TestRunner::Ignored &e) {
- msg = e.GetMessage();
- code = CHILD_TEST_IGNORED;
- } catch (...) { // catch all exception generated by "user" code
- msg = "unhandled exeception";
- code = CHILD_TEST_FAIL;
- }
-
- if (allowLogs) {
- closeOutput();
- }
-
- DPL::Test::TestRunnerSingleton::Instance().getCurrentTestCasePerformanceResult(isPerformanceTest,
- time_m,
- timeMax_m);
-
- if (code == CHILD_TEST_PASS && isPerformanceTest){
- pipe.sendTime(code,
- time_m,
- timeMax_m);
- } else {
- pipe.send(code, msg);
- }
- }
-}
-} // namespace Test
-} // namespace DPL
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file test_runner_multiprocess.cpp
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief This file is the implementation file of multiprocess test runner
- */
-
-#include <sys/file.h>
-#include <dpl/exception.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <poll.h>
-#include <limits.h>
-#include <sys/wait.h>
-#include <unistd.h>
-
-namespace {
-
-const int MULTI_TEST_ERROR = -1;
-const int MULTI_TEST_PASS = 0;
-const int MULTI_TEST_FAILED = 1;
-const int MULTI_TEST_IGNORED = 2;
-
-}
-
-namespace DPL {
-namespace Test {
-
-SimplePipeWrapper::SimplePipeWrapper()
-: PipeWrapper()
-{
-
-}
-
-SimplePipeWrapper::~SimplePipeWrapper()
-{
-
-}
-
-PipeWrapper::Status SimplePipeWrapper::send(std::string &message)
-{
- if (m_pipefd[1] == PIPE_CLOSED) {
- return ERROR;
- }
-
- if (message.size() > PIPE_BUF-1) {
- return ERROR;
- }
-
- char buffer[PIPE_BUF] = { 0 };
-
-
- for(unsigned int i = 0; i < message.size(); ++i) {
- buffer[i] = message[i];
- }
-
- return writeHelp(buffer, PIPE_BUF);
-}
-
-PipeWrapper::Status SimplePipeWrapper::receive(std::string &data, bool &empty, time_t deadline)
-{
- if (m_pipefd[0] == PIPE_CLOSED) {
- return ERROR;
- }
-
- empty = false;
-
- data.resize(PIPE_BUF);
-
- char buffer[PIPE_BUF] = { 0 };
-
- int ready = 0;
- while (ready != PIPE_BUF) {
- time_t wait = deadline - time(0);
- wait = wait < 1 ? 1 : wait;
- pollfd fds = { m_pipefd[0], POLLIN, 0 };
-
- int pollReturn = poll(&fds, 1, wait * 1000);
-
- if (pollReturn == 0) {
- return TIMEOUT; // Timeout
- }
-
- if (pollReturn < -1) {
- return ERROR;
- }
- int ret = read(m_pipefd[0], &buffer[ready], PIPE_BUF - ready);
- if (ret == -1 && (errno == EAGAIN || errno == EINTR)) {
- continue;
- }
-
- if (ret == -1) {
- closeHelp(0);
- return ERROR;
- }
- if (ret == 0) {
- empty = true;
- break;
- }
-
- ready += ret;
- }
-
-
- for(unsigned int i = 0; i < PIPE_BUF; ++i){
- if(buffer[i] == 0) {
- data.resize(i);
- return SUCCESS;
- }
- data[i] = buffer[i];
- }
-
- return ERROR;
-}
-
-void RunMultiProc(TestRunner::TestCase procMulti)
-{
- SimplePipeWrapper pipe;
- int code = MULTI_TEST_PASS;
- std::string msg = "";
- int pipeReturn;
-
- int waitStatus;
-
- pid_t top_pid = getpid();
-
- if (!pipe.isReady()) {
- throw TestRunner::TestFailed("Pipe creation failed");
- }
- // pipe
-
- try {
- procMulti();
- } catch (const TestRunner::TestFailed &e) {
- code = MULTI_TEST_FAILED;
- msg = e.GetMessage();
- } catch (const TestRunner::Ignored &e) {
- code = MULTI_TEST_IGNORED;
- msg = e.GetMessage();
- } catch (const std::exception &) {
- code = MULTI_TEST_FAILED;
- msg = "std exception";
- } catch (...) {
- // Unknown exception failure
- code = MULTI_TEST_FAILED;
- msg = "unknown exception";
- }
-
- while (true) {
- pid_t child_pid = wait(&waitStatus);
- if (child_pid == -1) {
- if (errno == ECHILD) {
- if (top_pid == getpid()) {
- std::string recMsg="";
-
- pipe.setUsage(PipeWrapper::READONLY);
-
- bool empty=false;
- while(true) {
- pipeReturn = pipe.receive(recMsg, empty, time(0) + 10);
-
- if (empty) {
- break;
- }
- if (pipeReturn == PipeWrapper::ERROR) {
- pipe.closeAll();
- throw TestRunner::TestFailed("Reading pipe error");
- } else if (pipeReturn == PipeWrapper::TIMEOUT) {
- pipe.closeAll();
- throw TestRunner::TestFailed("Timeout error");
- }
- msg = msg + "\n" + recMsg;
- }
- pipe.closeAll();
-
- switch(code) {
- case MULTI_TEST_PASS:
- return;
- case MULTI_TEST_FAILED:
- throw TestRunner::TestFailed(msg);
- case MULTI_TEST_IGNORED:
- throw TestRunner::Ignored(msg);
- default:
- throw TestRunner::TestFailed(msg);
- }
- } else {
- pipe.setUsage(PipeWrapper::WRITEONLY);
-
- pipeReturn = pipe.send(msg);
-
- if (pipeReturn == PipeWrapper::ERROR) {
- pipe.closeAll();
- code = MULTI_TEST_ERROR;
- }
-
- exit(code);
- }
- }
- } else if (WIFEXITED(waitStatus)) {
- if ((signed char)WEXITSTATUS(waitStatus) == MULTI_TEST_FAILED) {
- switch (code) {
- case MULTI_TEST_PASS:
- code = MULTI_TEST_FAILED;
- break;
- case MULTI_TEST_FAILED:
- break;
- case MULTI_TEST_IGNORED:
- code = MULTI_TEST_FAILED;
- break;
- default:
- break;
- }
- } else if ((signed char)WEXITSTATUS(waitStatus) == MULTI_TEST_IGNORED) {
- switch (code) {
- case MULTI_TEST_PASS:
- code = MULTI_TEST_IGNORED;
- break;
- case MULTI_TEST_FAILED:
- break;
- case MULTI_TEST_IGNORED:
- break;
- default:
- break;
- }
- } else if ((signed char)WEXITSTATUS(waitStatus) != MULTI_TEST_PASS) {
- code = MULTI_TEST_ERROR;
- msg = "PROCESS BAD CODE RETURN";
- }
- }
- }
-}
-} // namespace Test
-} // namespace DPL
+++ /dev/null
-#Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# @file CMakeLists.txt
-# @author Jan Olszak (j.olszak@samsung.com)
-# @author Rafal Krypa (r.krypa@samsung.com)
-# @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
-# @version 0.1
-# @brief
-#
-INCLUDE(FindPkgConfig)
-
-SET(TEST_APP_EFL "test-app-efl")
-SET(TEST_APP_WGT "test-app-wgt")
-SET(TEST_APP_OSP "test-app-osp")
-SET(HELLO_TIZEN_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/hello-tizen.cpp
- )
-ADD_EXECUTABLE( ${TEST_APP_EFL} ${HELLO_TIZEN_TEST_SOURCES} )
-INSTALL(TARGETS ${TEST_APP_EFL}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES ${TEST_APP_EFL}
- DESTINATION /usr/bin
- RENAME ${TEST_APP_OSP}
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE)
-
-execute_process(COMMAND ln -s /usr/bin/wrt-client ${CMAKE_CURRENT_BINARY_DIR}/${TEST_APP_WGT} )
-
-INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/${TEST_APP_WGT}
- DESTINATION /usr/bin)
-
-SET(LPC_TARGET_TEST "libprivilege-control-test")
-
-#dependencies
-PKG_CHECK_MODULES(LPC_TARGET_DEP
- libsmack
- libprivilege-control
- sqlite3
- libtzplatform-config
- REQUIRED
- libiri
- )
-
-#files to compile
-SET(LPC_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/common/db.cpp
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/common/duplicates.cpp
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/libprivilege-control-test.cpp
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/test_cases.cpp
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/test_cases_nosmack.cpp
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/test_cases_incorrect_params.cpp
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/test_cases_stress.cpp
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${LPC_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/tests/common/
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/common/
- )
-
-#preprocessor definitions
-#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-
-#output format
-ADD_EXECUTABLE(${LPC_TARGET_TEST} ${LPC_TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${LPC_TARGET_TEST}
- ${LPC_TARGET_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- -lcrypt
- )
-
-#place for output file
-INSTALL(TARGETS ${LPC_TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-# Test SMACK rules
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/WRT_test_privilege_control_rules1.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/WRT_test_privilege_control_rules2.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/WRT_test_privilege_control_rules2_no_r.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/WRT_test_privilege_control_rules2_r.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/test_privilege_control_DIR
- DESTINATION /etc/smack/
-)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.dac
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.dac
- DESTINATION /usr/share/privilege-control/
- )
-
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.dac
- DESTINATION /usr/share/privilege-control/
- )
+++ /dev/null
-24567
-75678
+++ /dev/null
-~APP~ test_book_efl r
+++ /dev/null
-56789
-67890
+++ /dev/null
-~APP~ test_book_osp_8 r
-~APP~ test_book_osp_9 w
-~APP~ test_book_osp_10 x
-~APP~ test_book_osp_11 rw
-~APP~ test_book_osp_12 rx
-~APP~ test_book_osp_13 wx
-~APP~ test_book_osp_14 rwx
-~APP~ test_book_osp_15 rwxat
-test_subject_osp_8 ~APP~ r
-test_subject_osp_9 ~APP~ w
-test_subject_osp_10 ~APP~ x
-test_subject_osp_11 ~APP~ rw
-test_subject_osp_12 ~APP~ rx
-test_subject_osp_13 ~APP~ wx
-test_subject_osp_14 ~APP~ rwx
-test_subject_osp_15 ~APP~ rwxat
+++ /dev/null
-~APP~ test_book_1 r
-~APP~ test_book_2 w
-~APP~ test_book_3 x
-~APP~ test_book_4 rw
-~APP~ test_book_5 rx
-~APP~ test_book_6 wx
-~APP~ test_book_7 rwx
-test_subject_1 ~APP~ r
-test_subject_2 ~APP~ w
-test_subject_3 ~APP~ x
-test_subject_4 ~APP~ rw
-test_subject_5 ~APP~ rx
-test_subject_6 ~APP~ wx
-test_subject_7 ~APP~ rwx
+++ /dev/null
-~APP~ test_book_8 r
-~APP~ test_book_9 w
-~APP~ test_book_10 x
-~APP~ test_book_11 rw
-~APP~ test_book_12 rx
-~APP~ test_book_13 wx
-~APP~ test_book_14 rwx
-~APP~ test_book_15 rwxat
-test_subject_8 ~APP~ r
-test_subject_9 ~APP~ w
-test_subject_10 ~APP~ x
-test_subject_11 ~APP~ rw
-test_subject_12 ~APP~ rx
-test_subject_13 ~APP~ wx
-test_subject_14 ~APP~ rwx
-test_subject_15 ~APP~ rwxat
+++ /dev/null
-~APP~ test_book_9 w
-~APP~ test_book_10 x
-~APP~ test_book_11 w
-~APP~ test_book_12 x
-~APP~ test_book_13 wx
-~APP~ test_book_14 wx
-~APP~ test_book_15 wxat
-test_subject_9 ~APP~ w
-test_subject_10 ~APP~ x
-test_subject_11 ~APP~ w
-test_subject_12 ~APP~ x
-test_subject_13 ~APP~ wx
-test_subject_14 ~APP~ wx
-test_subject_15 ~APP~ wxat
+++ /dev/null
-~APP~ test_book_8 r
-~APP~ test_book_11 r
-~APP~ test_book_12 r
-~APP~ test_book_14 r
-~APP~ test_book_15 r
-test_subject_8 ~APP~ r
-test_subject_11 ~APP~ r
-test_subject_12 ~APP~ r
-test_subject_14 ~APP~ r
-test_subject_15 ~APP~ r
+++ /dev/null
-34567
-45678
+++ /dev/null
-~APP~ test_book_wgt_8 r
-~APP~ test_book_wgt_9 w
-~APP~ test_book_wgt_10 x
-~APP~ test_book_wgt_11 rw
-~APP~ test_book_wgt_12 rx
-~APP~ test_book_wgt_13 wx
-~APP~ test_book_wgt_14 rwx
-~APP~ test_book_wgt_15 rwxat
-test_subject_wgt_8 ~APP~ r
-test_subject_wgt_9 ~APP~ w
-test_subject_wgt_10 ~APP~ x
-test_subject_wgt_11 ~APP~ rw
-test_subject_wgt_12 ~APP~ rx
-test_subject_wgt_13 ~APP~ wx
-test_subject_wgt_14 ~APP~ rwx
-test_subject_wgt_15 ~APP~ rwxat
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db.cpp
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests database record check functions
- */
-
-#include <tests_common.h>
-#include <privilege-control.h>
-#include <tzplatform_config.h>
-#include <sstream>
-#include <string.h>
-#include "db.h"
-#include "db_sqlite.h"
-#include "duplicates.h"
-
-const std::string DBASE_PATH = tzplatform_mkpath(TZ_SYS_DB, ".rules-db.db3");
-const std::string ALL_APPS ="ALL_APPS";
-
-const int PERMISSION_VOLATILE = 1;
-const int PERMISSION_PERSISTENT = 0;
-
-const int PERMISSION_ENABLED = 1;
-const int PERMISSION_DISABLED = 0;
-
-using std::ostringstream;
-using std::string;
-
-TestLibPrivilegeControlDatabase::TestLibPrivilegeControlDatabase() : m_base(DBASE_PATH)
-{
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_install(const char* name)
-{
- if (!m_base.is_open())
- m_base.open();
-
- app_label(name);
- app_permission(name, ALL_APPS, ALL_APPS, PERMISSION_PERSISTENT, PERMISSION_ENABLED);
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_uninstall(const char* name)
-{
- if (!m_base.is_open())
- m_base.open();
-
- app_not_label(name);
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_enable_permissions(
- const char* name, app_type_t app_type, const char** perm_list, bool persistent)
-{
- if (!m_base.is_open())
- m_base.open();
-
- string permission_type_name = app_type_name(app_type);
- string permission_group_type_name = app_type_group_name(app_type);
- const int is_volatile = persistent ? PERMISSION_PERSISTENT : PERMISSION_VOLATILE;
- string permission_name;
- int ret;
-
- app_permission(name, permission_type_name, permission_type_name, is_volatile,
- PERMISSION_ENABLED);
-
- int i;
- for (i = 0; perm_list[i] != nullptr; ++i) {
- // Ignore empty lines
- if (strspn(perm_list[i], " \t\n") == strlen(perm_list[i]))
- continue;
-
- ret = base_name_from_perm(perm_list[i], permission_name);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "permission : <" << perm_list[i] <<
- "> cannot be converted to basename (iri parse error)");
- app_permission(name, permission_name, permission_group_type_name, is_volatile,
- PERMISSION_ENABLED);
- }
-}
-
-void TestLibPrivilegeControlDatabase::app_label(const std::string& app_name)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT app_id FROM app "
- "NATURAL JOIN label "
- "WHERE name == '" << app_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 1, "query : <" <<
- sql.str() << "> returned [" << result.rows.size() << "] rows");
-}
-
-void TestLibPrivilegeControlDatabase::app_not_label(const std::string& app_name)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT label_id FROM label "
- "WHERE name == '" << app_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-}
-
-void TestLibPrivilegeControlDatabase::app_permission(const std::string& app_name,
- const std::string& permission_name, const std::string& permission_type_name,
- int is_volatile, int is_enabled)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT * FROM app_permission "
- "INNER JOIN app USING(app_id) "
- "INNER JOIN permission USING(permission_id) "
- "INNER JOIN permission_type USING(permission_type_id)"
- "INNER JOIN label USING(label_id)"
- "WHERE "
- "label.name == '" << app_name << "' "
- "AND app_permission.is_enabled == " << is_enabled << " "
- "AND app_permission.is_volatile == " << is_volatile << " "
- "AND permission.name == '" << permission_name << "' "
- "AND permission_type.type_name == '" << permission_type_name << "' "
- ";";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 1, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db.h
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests database record check functions
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_DB_H_
-#define LIBPRIVILEGE_CONTROL_TEST_DB_H_
-
-#include <privilege-control.h>
-#include "libprivilege-control_test_common.h"
-#include "db_sqlite.h"
-
-/**
- * @class TestLibPrivilegeControlDatabase
- * @brief Class containing methods for testing libprivlege database.
- */
-class TestLibPrivilegeControlDatabase
-{
-public:
-/**
- * @brief A constructor
- */
- TestLibPrivilegeControlDatabase();
-
-/**
- * @brief A destructor
- */
- ~TestLibPrivilegeControlDatabase() = default;
-
-/**
- * @brief Method for testing database after "perm_app_install" was run.
- *
- * It checks existence of proper: label, app records and permission for ALL_APPS for installed app.
- *
- * @param name name of installed app
- */
- void test_db_after__perm_app_install(const char* name);
-
-/**
- * @brief Method for testing database after "perm_app_uninstall" was run.
- *
- * It checks absence of proper: label for installed app.
- *
- * @param name name of uninstalled app
- */
- void test_db_after__perm_app_uninstall(const char* name);
-
-/**
- * @brief Method for testing database after "perm_app_enable_permissions" was run.
- *
- * It checks existence of proper permissions from perm_list and main permission for whole app_type.
- *
- * @param name name of application
- * @param app_type type of application (EFL, WRT, etc. )
- * @param perm_list list of permission to enable
- * @param persistent persistence or volatileness of permissions
- */
- void test_db_after__perm_app_enable_permissions(const char* name, app_type_t app_type,
- const char** perm_list, bool persistent);
-
-private:
-/**
- * @var base
- * @brief Sqlite3DBase object giving simple access to database
- *
- * Connection to database is open first time it is needed
- * and closed in destructor of TestLibPrivilegeControlDatabase.
- */
- Sqlite3DBase m_base;
-
-/**
- * @brief Check existence of label related records for given app.
- *
- * @param app_name name of application
- */
- void app_label(const std::string& app_name);
-
-/**
- * @brief Check absence of label record for given app.
- *
- * @param app_name name of application
- */
- void app_not_label(const std::string& app_name);
-
-/**
- * @brief It checks existence of single permission.
- *
- * @param app_name name of application
- * @param permission_name name of permission
- * @param permission_type_name name of permission type
- * @param is_volatile persistence or volatileness of permissions
- * @param is_enabled permission enable flag
- */
- void app_permission(const std::string& app_name, const std::string& permission_name,
- const std::string& permission_type_name, int is_volatile, int is_enabled);
-};
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_DB_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_duplicates.cpp
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control private functions duplicates
- */
-
-#include <stdlib.h>
-#include <iri.h>
-#include <algorithm>
-#include <string>
-#include <set>
-#include <sys/smack.h>
-#ifndef _XOPEN_SOURCE
-#define _XOPEN_SOURCE
-#endif
-#include <unistd.h>
-#include "duplicates.h"
-
-std::string app_type_name(app_type_t app_type)
-{
- switch(app_type)
- {
- case APP_TYPE_WGT:
- return "WRT";
- case APP_TYPE_OSP:
- return "OSP";
- case APP_TYPE_EFL:
- return "EFL";
- default:
- return "";
- }
-}
-
-std::string app_type_group_name(app_type_t app_type)
-{
- switch (app_type)
- {
- case APP_TYPE_WGT:
- return "WRT";
- case APP_TYPE_OSP:
- return "OSP";
- case APP_TYPE_EFL:
- return "EFL";
- default:
- return "";
- }
-}
-
-
-/*
- * This function changes permission URI to basename for file name.
- * For e.g. from http://tizen.org/privilege/contact.read will be
- * created basename : org.tizen.privilege.contact.read
- */
-int base_name_from_perm(const char *perm, std::string& name)
-{
- iri_t *iris = iri_parse(perm);
- if (iris == nullptr || iris->host == nullptr)
- {
- iri_destroy(iris);
- return PC_ERR_INVALID_PARAM;
- }
-
- std::string host_dot;
- std::string host;
- std::string path;
- std::string::size_type pos;
-
- if (iris->path == nullptr)
- {
- path = iris->host;
- }
- else
- {
- path = iris->path;
- host = iris->host;
- pos = host.rfind('.');
- if (pos != std::string::npos)
- {
- host_dot = host.substr(pos + 1) + ".";
- host = host.substr(0, pos);
- }
- }
-
- iri_destroy(iris);
-
- std::replace(path.begin(), path.end(), '/', '.');
-
- name = host_dot + host + path;
-
- return PC_OPERATION_SUCCESS;
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_duplicates.h
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control private functions duplicates
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_
-#define LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_
-
-#include <string>
-#include <privilege-control.h>
-
-/**
- * @brief Get the permission family type name.
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param app_type type of the application
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-std::string app_type_name(app_type_t app_type);
-
-/**
- * @brief Get the permission type name
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param app_type type of the application
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-std::string app_type_group_name(app_type_t app_type);
-
-/**
- * @brief URI to basename conversion
- *
- * This function changes permission URI to basename for file name.
- * For e.g. from http://tizen.org/privilege/contact.read will be
- * created basename : org.tizen.privilege.contact.read
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param perm permission URI
- * @param name created basename
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-int base_name_from_perm(const char *perm, std::string& name);
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests commons
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
-#define LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
-
-#include <vector>
-#include <string>
-#include <set>
-#include <ftw.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <unistd.h>
-
-// How many open file descriptors should ftw() function use?
-#define FTW_MAX_FDS 16
-
-#define SOCK_PATH "/tmp/test-smack-socket"
-
-#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
-#define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
-
-#define APP_ID "test_APP"
-#define APPID_DIR "test_APP_ID_dir"
-#define GENERATED_APP_ID "User" // TODO to be replaced in the future
-
-#define PERM_TO_REDEFINE "Test::RedefinePermission"
-#define PERM_SUB_TO_REDEFINE "Test::RedefinePermission::Sub"
-
-#define APP_1 "app_1"
-#define APP_1_DIR "/tmp/app_1"
-
-#define APP_2 "app_2"
-#define APP_2_DIR "/tmp/app_2"
-
-#define APP_TEST "app_test"
-
-#define EFL_APP_ID "hello-tizen"
-
-#define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac"
-#define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac"
-#define LIBPRIVILEGE_TEST_DAC_FILE_EFL "/usr/share/privilege-control/EFL_test_privilege_control_rules_efl.dac"
-
-#define OSP_APP_ID "uqNfgEjqc7"
-
-#define WGT_APP_PATH "/usr/bin/test-app-wgt"
-#define OSP_APP_PATH "/usr/bin/test-app-osp"
-#define EFL_APP_PATH "/usr/bin/test-app-efl"
-
-#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
-
-extern const char *USER_APP_ID;
-
-extern const char *PRIVS1[];
-extern const char *PRIVS2[];
-extern const char *PRIVS2_NO_R[];
-extern const char *PRIVS2_R[];
-extern const char *PRIVS2_R_AND_NO_R[];
-
-extern const char *PRIVS_WGT[];
-extern const char *PRIVS_OSP[];
-extern const char *PRIVS_EFL[];
-
-extern const char *PRIV_APPSETTING[];
-extern const char *PRIV_APPSETTING_RULES[];
-
-typedef std::vector< std::vector<std::string> > rules_t;
-
-// Rules from WRT_test_privilege_control_rules1.smack for wgt
-const rules_t rules1 = {
- { USER_APP_ID, "test_book_1", "r" },
- { USER_APP_ID, "test_book_2", "w" },
- { USER_APP_ID, "test_book_3", "x" },
- { USER_APP_ID, "test_book_4", "rw" },
- { USER_APP_ID, "test_book_5", "rx" },
- { USER_APP_ID, "test_book_6", "wx" },
- { USER_APP_ID, "test_book_7", "rwx" },
- { "test_subject_1", USER_APP_ID, "r" },
- { "test_subject_2", USER_APP_ID, "w" },
- { "test_subject_3", USER_APP_ID, "x" },
- { "test_subject_4", USER_APP_ID, "rw" },
- { "test_subject_5", USER_APP_ID, "rx" },
- { "test_subject_6", USER_APP_ID, "wx" },
- { "test_subject_7", USER_APP_ID, "rwx" }
-};
-
-// Rules from WRT_test_privilege_control_rules2.smack
-const rules_t rules2 = {
- { USER_APP_ID, "test_book_8", "r" },
- { USER_APP_ID, "test_book_9", "w" },
- { USER_APP_ID, "test_book_10", "x" },
- { USER_APP_ID, "test_book_11", "rw" },
- { USER_APP_ID, "test_book_12", "rx" },
- { USER_APP_ID, "test_book_13", "wx" },
- { USER_APP_ID, "test_book_14", "rwx" },
- { USER_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", USER_APP_ID, "r" },
- { "test_subject_9", USER_APP_ID, "w" },
- { "test_subject_10", USER_APP_ID, "x" },
- { "test_subject_11", USER_APP_ID, "rw" },
- { "test_subject_12", USER_APP_ID, "rx" },
- { "test_subject_13", USER_APP_ID, "wx" },
- { "test_subject_14", USER_APP_ID, "rwx" },
- { "test_subject_15", USER_APP_ID, "rwxat" }
-};
-
-// Rules from WRT_test_privilege_control_rules_no_r.smack
-const rules_t rules2_no_r = {
- { USER_APP_ID, "test_book_9", "w" },
- { USER_APP_ID, "test_book_10", "x" },
- { USER_APP_ID, "test_book_11", "w" },
- { USER_APP_ID, "test_book_12", "x" },
- { USER_APP_ID, "test_book_13", "x" },
- { USER_APP_ID, "test_book_14", "wx" },
- { USER_APP_ID, "test_book_15", "wxat" },
- { "test_subject_9", USER_APP_ID, "w" },
- { "test_subject_10", USER_APP_ID, "x" },
- { "test_subject_11", USER_APP_ID, "w" },
- { "test_subject_12", USER_APP_ID, "x" },
- { "test_subject_13", USER_APP_ID, "x" },
- { "test_subject_14", USER_APP_ID, "wx" },
- { "test_subject_15", USER_APP_ID, "wxat" }
-};
-
-// Rules from test_privilege_control_rules.smack
-// minus WRT_test_privilege_control_rules_no_r.smack
-const rules_t rules2_r = {
- { USER_APP_ID, "test_book_8", "r" },
- { USER_APP_ID, "test_book_11", "r" },
- { USER_APP_ID, "test_book_12", "r" },
- { USER_APP_ID, "test_book_14", "r" },
- { USER_APP_ID, "test_book_15", "r" },
- { "test_subject_8", USER_APP_ID, "r" },
- { "test_subject_11", USER_APP_ID, "r" },
- { "test_subject_12", USER_APP_ID, "r" },
- { "test_subject_14", USER_APP_ID, "r" },
- { "test_subject_15", USER_APP_ID, "r" }
-};
-
-// Rules from EFL_test_privilege_control_rules_efl.smack for rpm
-const rules_t rules_efl = {
- { USER_APP_ID, "test_book_efl", "r" }
-};
-
-// Rules from WRT_test_privilege_control_rules_wgt.smack for wgt
-const rules_t rules_wgt = {
- { USER_APP_ID, "test_book_wgt_8", "r" },
- { USER_APP_ID, "test_book_wgt_9", "w" },
- { USER_APP_ID, "test_book_wgt_10", "x" },
- { USER_APP_ID, "test_book_wgt_11", "rw" },
- { USER_APP_ID, "test_book_wgt_12", "rx" },
- { USER_APP_ID, "test_book_wgt_13", "wx" },
- { USER_APP_ID, "test_book_wgt_14", "rwx" },
- { USER_APP_ID, "test_book_wgt_15", "rwxat" },
- { "test_subject_wgt_8", USER_APP_ID, "r" },
- { "test_subject_wgt_9", USER_APP_ID, "w" },
- { "test_subject_wgt_10", USER_APP_ID, "x" },
- { "test_subject_wgt_11", USER_APP_ID, "rw" },
- { "test_subject_wgt_12", USER_APP_ID, "rx" },
- { "test_subject_wgt_13", USER_APP_ID, "wx" },
- { "test_subject_wgt_14", USER_APP_ID, "rwx" },
- { "test_subject_wgt_15", USER_APP_ID, "rwxat" }
-};
-
-// Rules from OSP_test_privilege_control_rules_osp.smack for osp
-const rules_t rules_osp = {
- { USER_APP_ID, "test_book_osp_8", "r" },
- { USER_APP_ID, "test_book_osp_9", "w" },
- { USER_APP_ID, "test_book_osp_10", "x" },
- { USER_APP_ID, "test_book_osp_11", "rw" },
- { USER_APP_ID, "test_book_osp_12", "rx" },
- { USER_APP_ID, "test_book_osp_13", "wx" },
- { USER_APP_ID, "test_book_osp_14", "rwx" },
- { USER_APP_ID, "test_book_osp_15", "rwxat" },
- { "test_subject_osp_8", USER_APP_ID, "r" },
- { "test_subject_osp_9", USER_APP_ID, "w" },
- { "test_subject_osp_10", USER_APP_ID, "x" },
- { "test_subject_osp_11", USER_APP_ID, "rw" },
- { "test_subject_osp_12", USER_APP_ID, "rx" },
- { "test_subject_osp_13", USER_APP_ID, "wx" },
- { "test_subject_osp_14", USER_APP_ID, "rwx" },
- { "test_subject_osp_15", USER_APP_ID, "rwxat" }
-};
-
-int test_have_all_accesses(const rules_t &rules);
-int test_have_any_accesses(const rules_t &rules);
-int test_have_nosmack_accesses(const rules_t &rules);
-
-void read_user_gids(std::set<unsigned> &set, const uid_t user_id);
-void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file);
-
-int file_exists(const char *path);
-void check_app_installed(const char *app_path);
-
-void check_perm_app_has_permission(const char *app_label,
- const char *permission,
- bool is_enabled_expected);
-
-int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-
-void test_perm_app_setup_path_PUBLIC_RO(bool smack);
-void test_revoke_permissions(int line_no, const char* app_id);
-void test_app_enable_permissions_efl(bool smack);
-void test_app_disable_permissions_efl(bool smack);
-void test_app_disable_permissions(bool smack);
-bool check_all_accesses(bool smack, const rules_t &rules);
-bool check_no_accesses(bool smack, const rules_t &rules);
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_COMMON_H_ */
+++ /dev/null
-#include <iostream>
-
-int main() {
- std::cout << "Hello Tizen!" << std::endl;
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file libprivilege-control-test.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @version 1.0
- * @brief Main file for libprivilege-control unit tests.
- */
-
-#include <dpl/test/test_runner.h>
-#include <dpl/log/log.h>
-
-int main (int argc, char *argv[])
-{
- LogInfo("Starting libprivilege-control tests");
-
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file libprivilege-control-test.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief Main file for libprivilege-control unit tests.
- */
-
-#include <fcntl.h>
-#include <fstream>
-#include <iostream>
-#include <set>
-#include <string>
-#include <string.h>
-#include <sys/sendfile.h>
-#include <sys/smack.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <vector>
-#include <grp.h>
-#include <pwd.h>
-
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-#include "common/duplicates.h"
-#include <memory.h>
-
-#define CANARY_LABEL "tiny_yellow_canary"
-
-const char *USER_APP_ID = "User";
-
-const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", nullptr };
-const char *PRIVS2[] = { "test_privilege_control_rules2", nullptr };
-const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", nullptr };
-const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", nullptr };
-const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", nullptr };
-
-const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", nullptr };
-const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", nullptr };
-const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", nullptr };
-
-const char *PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", nullptr};
-const char *PRIV_APPSETTING_RULES[] = { "~APP~ ~SETTINGS_PATH~ rwx",
- "~APP~ ~ALL_APPS~ rx",
- nullptr};
-/**
- * Check if every rule is true.
- * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
- */
-int test_have_all_accesses(const rules_t &rules)
-{
- for (size_t i = 0; i < rules.size(); ++i) {
- int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (access <= 0)
- return 0;
- }
- return 1;
-}
-
-/**
- * Check if every rule is true.
- * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
- */
-int test_have_any_accesses(const rules_t &rules)
-{
- for (size_t i = 0; i < rules.size(); ++i) {
- int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (access > 0)
- return 1;
- }
- return 0;
-}
-
-/**
- * NOSMACK version of test_have_accesses functions.
- *
- * This will be used in many tests. Checks if for every rule smack_have_access returns error.
- * If for any of rules smack_have_access will return something different than error, this result
- * is being returned to caller.
- */
-int test_have_nosmack_accesses(const rules_t &rules)
-{
- int result;
- for (uint i = 0; i < rules.size(); ++i) {
- result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result != -1)
- return result;
- }
- return -1;
-}
-
-bool check_all_accesses(bool smack, const rules_t &rules)
-{
- if (smack)
- return test_have_all_accesses(rules) == 1;
- else
- return test_have_nosmack_accesses(rules) == -1;
-}
-
-bool check_no_accesses(bool smack, const rules_t &rules)
-{
- if (smack)
- return test_have_any_accesses(rules) == 0;
- else
- return test_have_nosmack_accesses(rules) == -1;
-}
-
-void read_gids(std::set<unsigned> &set, const char *file_path)
-{
- FILE *f = fopen(file_path, "r");
- RUNNER_ASSERT_ERRNO_MSG(f != nullptr, "Unable to open file " << file_path);
- unsigned gid;
- while (fscanf(f, "%u\n", &gid) == 1) {
- set.insert(gid);
- }
- fclose(f);
-}
-
-void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
-{
- int ret;
-
- errno = 0;
- struct passwd *pw = getpwuid(user_id);
- RUNNER_ASSERT_ERRNO_MSG(pw != nullptr, "getpwuid() failed");
-
- int groups_cnt = 0;
- gid_t *groups_list = nullptr;
- ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
- RUNNER_ASSERT_MSG(ret == -1, "getgrouplist() failed.");
- if (groups_cnt == 0)
- return;
- groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
-
- ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
- if (ret == -1) {
- free(groups_list);
- RUNNER_FAIL_MSG("getgrouplist() failed.");
- }
-
- for (int i = 0; i < groups_cnt; ++i) {
- set.insert(groups_list[i]);
- }
- free(groups_list);
-}
-
-void read_current_gids(std::set<unsigned> &set)
-{
- int groups_cnt = getgroups(0, nullptr);
- RUNNER_ASSERT_ERRNO_MSG(groups_cnt > 0, "Wrong number of supplementary groups");
- gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
- if (getgroups(groups_cnt, groups_list) == -1){
- free(groups_list);
- RUNNER_FAIL_MSG("getgroups failed.");
- }
-
- for (int i = 0; i < groups_cnt; ++i) {
- set.insert(groups_list[i]);
- }
- free(groups_list);
-}
-
-void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
-{
- std::set<unsigned> groups_check;
- std::set<unsigned> groups_current;
- if(dac_file != nullptr)
- read_gids(groups_check, dac_file);
- read_current_gids(groups_current);
-
- std::string groups_left;
- for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
- {
- (void)groups_check.erase(*it);
- if(groups_current.erase(*it) == 0)
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application lost some groups: " << groups_left);
-
- for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
- {
- if(groups_current.erase(*it) == 0)
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application doesn't belong to some required groups: " << groups_left);
-
- for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
- {
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application belongs to groups it should't belong to: " << groups_left);
-}
-
-int file_exists(const char *path)
-{
- FILE *file = fopen(path, "r");
- if (file) {
- fclose(file);
- return 0;
- }
- return -1;
-}
-
-void check_app_installed(const char *app_path)
-{
- RUNNER_ASSERT_MSG(file_exists(app_path) == 0,
- " App not installed: " << app_path);
-}
-
-int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
-void check_perm_app_has_permission(const char *app_label,
- const char *permission,
- bool is_enabled_expected)
-{
- int result;
- bool is_enabled_result;
-
- result = perm_app_has_permission(app_label, APP_TYPE_WGT, permission, &is_enabled_result);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error calling perm_app_has_permission. Result: " << result);
-
- RUNNER_ASSERT_MSG(is_enabled_result == is_enabled_expected,
- " Result of perm_app_has_permission should be: " << is_enabled_expected);
-}
-
-int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
- const char* correctLabel)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
- RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-
-int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_labels_app_dir(fpath, sb, USER_APP_ID);
-}
-
-int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_labels_app_dir(fpath, sb, "_");
-}
-
-int nftw_check_labels_app_public_ro_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- CStringPtr labelPtr;
- char *label;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(LABEL_FOR_PUBLIC_SHARED_DIRS, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- if (S_ISDIR(sb->st_mode)) {
- RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set");
- result = strcmp("TRUE", label);
- RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
-int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(labelPtr.get() == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-void test_perm_app_setup_path_PUBLIC_RO(bool smack)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_ro_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-
- RUNNER_ASSERT(check_all_accesses(smack, {{ USER_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "r"}}));
-}
-
-void test_revoke_permissions(int line_no, const char* app_id)
-{
- int result;
-
- // Cleanup
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_uninstall returned " << result);
-
- // Close transaction to commit uninstallation before further actions
- DB_END
-
- DB_BEGIN
-
- // Install test apps
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_install returned " << result);
-
- // Close transaction to commit installation before further actions
- DB_END
-
- DB_BEGIN
-
- // TEST:
- // Revoke permissions
- result = perm_app_revoke_permissions(app_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
- DB_BEGIN
-
- // Cleanup - uninstall test apps
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_uninstall returned " << result);
-
- DB_END
-}
-
-void test_app_enable_permissions_efl(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
- result = perm_app_install(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- // Register a permission:
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not granted for EFL_APP");
-
- DB_BEGIN
-
- // Cleanup
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- DB_END
-}
-
-void test_app_disable_permissions_efl(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- result = perm_app_install(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not disabled for EFL_APP");
-
- DB_BEGIN
-
- // Register a permission
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not granted for EFL_APP");
-
- DB_BEGIN
-
- // Disable a permission
- result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not disabled for EFL_APP");
-
- DB_BEGIN
-
- // Cleanup
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- DB_END
-}
-
-void test_app_disable_permissions(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app first permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app no r permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2),
- "SMACK accesses not disabled.");
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1),
- "SMACK accesses not disabled.");
-
- DB_BEGIN
-
-/**
- * Test - disable all granted permissions.
- */
-
- // Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Are all the permissions enabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- // Are all the permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
-
-/**
- * Test - disable some granted permissions leaving non complementary and then disabling those too.
- */
-
- DB_BEGIN
-
- // Prepare permissions that will not be disabled
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app first permissions. Result: " << result);
-
- // Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app second permissions. Result: " << result);
-
- // Disable second permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app second permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
-
- // Are all first permissions not disabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules1), "Some of second permissions disabled.");
-
- DB_BEGIN
-
- // Disable first permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app first permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1), "Not all second permisions disabled.");
-
-/**
- * Test - disable only no r granted permissions.
- */
-
- DB_BEGIN
-
- // Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app r permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app no r permissions. Result: " << result);
-
- // Disable same permissions without r
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app no r permissions. Result: " << result);
-
- DB_END
-
- // Is any r permissions disabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
- // Are all no r permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
-
- DB_BEGIN
-
- // Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app no r permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
-
- DB_BEGIN
-
- // Disable all permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
-
- DB_BEGIN
-
- // Clean up after test:
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <string>
-#include <vector>
-#include <fstream>
-#include <sstream>
-#include <set>
-
-#include <fcntl.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/smack.h>
-
-#include <privilege-control.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dpl/log/log.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-#include "common/duplicates.h"
-#include "common/db.h"
-#include "memory.h"
-
-// Error codes for test_libprivilege_strerror
-const std::vector<int> error_codes {
- PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
- PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
- PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
- PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
-};
-
-namespace {
-
-std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
-{
- std::vector<std::string> names;
- for(size_t i = 0; i < size; ++i) {
- names.push_back(prefix + "_" + std::to_string(i) + suffix);
- }
- return names;
-}
-
-const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
-const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
-const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
-const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
-const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
-const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
-const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
-
-void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
-{
- std::ifstream dac_file(dac_file_path);
- RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
-
- auto it = gids.begin();
- std::string line;
- while (std::getline(dac_file,line)) {
- std::istringstream is(line);
- unsigned gid;
- is >> gid;
- RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
- RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
- it++;
- }
-
- RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
-
- dac_file.close();
-}
-
-void remove_smack_files()
-{
- // TODO array
- unlink(OSP_BLAHBLAH);
- unlink(WRT_BLAHBLAH);
- unlink(OTHER_BLAHBLAH);
- unlink(WRT_BLAHBLAH_DAC);
- unlink(OTHER_BLAHBLAH_DAC);
-
- for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
- unlink(OSP_BLAHBLAH_DAC[i].c_str());
-
- for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
- unlink(OSP_BLAHBLAH_DAC[i].c_str());
-}
-
-} // namespace
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
-
-RUNNER_TEST(privilege_control02_perm_app_setup_path_01_PRIVATE)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_PRIVATE failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-}
-
-RUNNER_TEST(privilege_control02_perm_app_setup_path_02_FLOOR)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_FLOOR);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_FLOOR type failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-}
-
-
-RUNNER_TEST_SMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO)
-{
- test_perm_app_setup_path_PUBLIC_RO(true);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
-{
- test_revoke_permissions(__LINE__, WGT_APP_ID);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
-{
- test_revoke_permissions(__LINE__, OSP_APP_ID);
-}
-
-void test_set_app_privilege(
- const char* app_id, app_type_t APP_TYPE,
- const char** privileges, const char* type,
- const char* app_path, const char* dac_file,
- const rules_t &rules) {
- check_app_installed(app_path);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- " perm_app_uninstall returned " << result << ". "
- "Errno: " << strerror(errno));
-
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- " perm_app_install returned " << result << ". "
- "Errno: " << strerror(errno));
-
- // TEST:
- result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_all_accesses(rules);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, APP_UID);
-
- result = perm_app_set_privilege(app_id, type, app_path);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0,
- " Error getting current process label");
- RUNNER_ASSERT_MSG(label != nullptr,
- " Process label is not set");
-
- result = strcmp(USER_APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0,
- " Process label " << label << " is incorrect");
-
- check_groups(groups_before, dac_file);
-}
-
-/**
- * Set APP privileges. wgt.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
-{
- test_set_app_privilege(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
-}
-
-/**
- * Set APP privileges. osp app.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
-{
- test_set_app_privilege(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
-}
-
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_efl)
-{
- test_set_app_privilege(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
- "rpm", EFL_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
-}
-
-/**
- * Add new API feature
- */
-RUNNER_TEST(privilege_control08_add_api_feature)
-{
- int result;
-
- remove_smack_files();
-
- DB_BEGIN
-
- // argument validation
- result = perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
-
- result = perm_add_api_feature(APP_TYPE_OSP,"", nullptr, nullptr, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
-
-
- // Already existing feature:
- // TODO: Database will be malformed. (Rules for these features will be removed.)
- result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty features
- result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty rules
- const char *test1[] = { nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test2[] = { "", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test3[] = { " \t\n", "\t \n", "\n\t ", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // malformed rules
- const char *test4[] = { "malformed", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test5[] = { "malformed malformed", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test6[] = { "-malformed malformed rwxat", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test7[] = { "~/\"\\ malformed rwxat", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test8[] = { "subject object rwxat something else", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
-
- // correct rules
- const char *test9[] = {
- "~APP~ object\t rwxatl",
- " \t \n",
- "subject2\t~APP~ ltxarw",
- "",
- nullptr};
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", nullptr }; // TODO This fails.
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
-
- // TODO For now identical/complementary rules are not merged.
- const char *test12[] = {
- "subject1 ~APP~ rwxatl",
- " \t \n",
- "subject2 ~APP~ ltxarw",
- "",
- nullptr};
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty group ids
- const char *test13[] = { "~APP~ b a", nullptr};
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
- RUNNER_ASSERT(result == -1);
- remove_smack_files();
-
-
- // valid group ids
- result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
- remove_smack_files();
-
- DB_END
-}
-
-/**
- * Add new API feature, assign it to an app and redefine the API feature.
- * Check if app rules has changed after redefinition.
- */
-RUNNER_TEST_SMACK(privilege_control09_perm_add_api_feature_redefine)
-{
- int result;
- const char *permissionName[] = { "org.tizen.test.permtoberedefined", nullptr};
-
- // Rules to be used with the first check
- const rules_t test_rules1 = {
- { GENERATED_APP_ID, PERM_TO_REDEFINE, "rx" },
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "rwx" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
- };
-
- // Rules that contain differences - to be used with the second check (after re-def)
- const rules_t test_rules2 = {
- { GENERATED_APP_ID, PERM_TO_REDEFINE, "rwx" },
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "rx" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "watl" }
- };
-
- // Differences between rules1 and rules2 - should be revoked after re-def)
- const rules_t diff_rules = {
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "w" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
- };
-
- // Rules to be used with the first definition
- const char *perm_rules1[] = {
- "~APP~ " PERM_TO_REDEFINE " rx",
- PERM_TO_REDEFINE " ~APP~ rwx",
- "~APP~ " PERM_SUB_TO_REDEFINE " rx",
- nullptr
- };
-
- // Rules that contain differences - to be used with the second definition (re-def)
- const char *perm_rules2[] = {
- "~APP~ " PERM_TO_REDEFINE " rwx",
- PERM_TO_REDEFINE " ~APP~ rx",
- "~APP~ " PERM_SUB_TO_REDEFINE " watl",
- nullptr
- };
-
- DB_BEGIN
-
- // uninstall app to make sure that all rules and permissions are revoked
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << perm_strerror(result));
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << perm_strerror(result));
-
- result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules1, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_add_api_feature failed: " << result);
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP, permissionName, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_enable_permissions failed: " << perm_strerror(result));
-
- DB_END
-
- // Check if rules are applied
- result = test_have_all_accesses(test_rules1);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
-
- DB_BEGIN
-
- // Redefine the permission
- result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_add_api_feature failed: " << result);
-
- DB_END
-
- // Check if rules are updated
- result = test_have_all_accesses(test_rules2);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added after update.");
- // The difference between rules1 and rules2 should be revoked!
- result = test_have_any_accesses(diff_rules);
- RUNNER_ASSERT_MSG(result == 0, "Permissions are not fully updated.");
-}
-
-/*
- * Check perm_app_uninstall function
- */
-void check_perm_app_uninstall(const char* pkg_id)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(pkg_id);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned: " << perm_strerror(result));
-
- DB_END
-}
-
-RUNNER_TEST(privilege_control07_app_uninstall)
-{
- check_perm_app_uninstall(APP_ID);
-}
-
-/*
- * Check perm_app_install function
- */
-void check_perm_app_install(const char* pkg_id)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(pkg_id);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- DB_END
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-RUNNER_TEST(privilege_control01_app_install)
-{
- check_perm_app_uninstall(APP_ID);
- check_perm_app_install(APP_ID);
- // try install second time app with the same ID - it should pass.
- check_perm_app_install(APP_ID);
-}
-
-/*
- * Check perm_rollback function
- */
-RUNNER_TEST(privilege_control07_app_rollback)
-{
- check_perm_app_uninstall(APP_ID);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- // transaction rollback
- result = perm_rollback();
- RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
-
- DB_END
-}
-
-RUNNER_TEST(privilege_control07_app_rollback_2)
-{
- check_perm_app_uninstall(APP_ID);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- // transaction rollback
- result = perm_rollback();
- RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
-
- // install once again after the rollback
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- DB_END
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-/**
- * Grant SMACK permissions based on permissions list.
- */
-RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
-{
- int result;
-
- // Clean up after test:
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
-/**
- * Test - Enabling all permissions with persistant mode enabled
- */
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Enabling all permissions with persistant mode disabled
- */
-
- DB_BEGIN
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Registering new permissions in two complementary files
- */
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Enabling some permissions and then enabling complementary permissions
- */
-
- DB_BEGIN
-
- // Register permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions without r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
-
- DB_BEGIN
-
- // Register permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app all permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
-/**
- * Test - Enabling some permissions and then enabling all permissions
- */
-
- // Enable permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions without r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
-
- DB_BEGIN
-
- // Enable permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions with only r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
-
-
- // Clean up after test:
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
-
-RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
-{
- test_app_enable_permissions_efl(true);
-}
-
-/*
- * Check perm_app_install function
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
-{
- test_app_disable_permissions_efl(true);
-}
-
-
-/**
- * Remove previously granted SMACK permissions based on permissions list.
- */
-RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
-{
- test_app_disable_permissions(true);
-}
-
-/**
- * Reset SMACK permissions for an application by revoking all previously
- * granted rules and enabling them again from a rules file from disk.
- */
-// TODO: This test is incomplete.
-RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
-{
- int result;
-
-/**
- * Test - doing reset and checking if rules exist again.
- */
-
- DB_BEGIN
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- // Prepare permissions to reset
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- // Reset permissions
- result = perm_app_reset_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error reseting app permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions not disabled?
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
-
-static void smack_set_random_label_based_on_pid_on_self(void)
-{
- int result;
- std::stringstream ss;
-
- ss << "s-" << getpid() << "-" << getppid();
- result = smack_set_label_for_self(ss.str().c_str());
- RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
- << ss.str().c_str() << ") failed");
-}
-
-static void smack_unix_sock_server(int sock)
-{
- int fd, result;
- char *smack_label;
-
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- if (fd < 0)
- return;
-
- FdUniquePtr fdPtr(&fd);
-
- result = smack_new_label_from_self(&smack_label);
- RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
- SmackLabelPtr smackLabelPtr(smack_label);
-
- ssize_t bitsNum = write(fd, smack_label, strlen(smack_label));
- RUNNER_ASSERT_ERRNO_MSG(bitsNum >= 0 && static_cast<size_t>(bitsNum) == strlen(smack_label),
- "write() failed");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
-
- unlink(SOCK_PATH);
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
-
- smack_set_random_label_based_on_pid_on_self();
-
- if (!pid) { /* child process, server */
- int sock, result;
-
- /* Set the process label before creating a socket */
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- result = bind(sock,
- (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
- smack_unix_sock_server(sock);
-
- /* Change the process label with listening socket */
- smack_unix_sock_server(sock);
-
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- /* Now running two concurrent servers.
- Test if socket label was unaffected by fork() */
- smack_unix_sock_server(sock);
- /* Let's give the two servers different labels */
- smack_unix_sock_server(sock);
-
- exit(0);
- } else { /* parent process, client */
- sleep(1); /* Give server some time to setup listening socket */
- int i;
- for (i = 0; i < 4; ++i) {
- int sock;
- int result;
- char smack_label1[SMACK_LABEL_LEN + 1];
- char *smack_label2;
-
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- result = connect(sock,
- (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- alarm(2);
- result = read(sock, smack_label1, SMACK_LABEL_LEN);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
-
- smack_label1[result] = '\0';
- smack_label2 = perm_app_id_from_socket(sock);
- RUNNER_ASSERT_MSG(smack_label2 != nullptr, "perm_app_id_from_socket failed");
- result = strcmp(smack_label1, smack_label2);
- RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
- << "' != '" << smack_label2 << "-" << random() << "'");
- }
- }
-}
-
-RUNNER_TEST(privilege_control20_perm_app_has_permission)
-{
- int result;
- const char *other_app_label = "test_other_app_label";
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error uninstalling app. Result" << result);
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error installing app. Result" << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-}
-
-RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
- int POSITIVE_ERROR_CODE = 1;
- int NONEXISTING_ERROR_CODE = -239042;
- const char *result;
-
- for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
- RUNNER_ASSERT_MSG(strcmp(perm_strerror(*itr), "Unknown error") != 0,
- "Returned invalid error code description.");
- }
-
- result = perm_strerror(POSITIVE_ERROR_CODE);
- RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
- "Bad message returned for invalid error code: \"" << result << "\"");
-
- result = perm_strerror(NONEXISTING_ERROR_CODE);
- RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
- "Bad message returned for invalid error code: \"" << result << "\"");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <dpl/test/test_runner.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-
-
-
-//////////////////////////////////////////////////////
-//TEST FOR INCORRECT PARAMS CHECK IN LIBPRIVILEGE APIS
-//////////////////////////////////////////////////////
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_incorrect_params)
-
-RUNNER_TEST(privilege_control21c_incorrect_params_perm_app_set_privilege)
-{
- RUNNER_ASSERT_MSG(perm_app_set_privilege(nullptr, nullptr, APP_SET_PRIV_PATH) == PC_ERR_INVALID_PARAM,
- "perm_app_set_privilege didn't check if package name isn't nullptr.");
-}
-
-RUNNER_TEST(privilege_control21d_incorrect_params_perm_app_install)
-{
- RUNNER_ASSERT_MSG(perm_app_install(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_install didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_install("") == PC_ERR_INVALID_PARAM,
- "perm_app_install didn't check if pkg_id isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21e_incorrect_params_perm_app_uninstall)
-{
- RUNNER_ASSERT_MSG(perm_app_uninstall(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_uninstall didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_uninstall("") == PC_ERR_INVALID_PARAM,
- "perm_app_uninstall didn't check if pkg_id isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21f_incorrect_params_perm_app_enable_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, nullptr, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if perm_list isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions("", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id is valid");
-}
-
-RUNNER_TEST(privilege_control21g_incorrect_params_app_revoke_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions("") == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions("~APP~") == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21h_incorrect_params_app_reset_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_reset_permissions(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_reset_permissions("") == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_reset_permissions("~APP~") == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21i_incorrect_params_app_setup_path)
-{
- RUNNER_ASSERT_MSG(perm_app_setup_path(APPID_DIR, nullptr, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if path isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_setup_path(nullptr, TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_setup_path("", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_setup_path("~APP~", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21k_incorrect_params_add_api_feature)
-{
- RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM,
- "perm_add_api_feature didn't check if api_feature_name isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, "", nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM,
- "perm_add_api_feature didn't check if api_feature_name isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21l_incorrect_params_ignored_disable_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if perm_list isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions("", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21m_incorrect_params_perm_app_has_permission)
-{
- bool has_permission;
- const char *app_label = "test_app_label";
-
- RUNNER_ASSERT_MSG(perm_app_has_permission(nullptr, APP_TYPE_WGT,
- PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_OTHER,
- PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission should not accept app_type = OTHER.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT,
- nullptr, &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if permission_name isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT,
- PRIVS2[0], nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if has_permission isn't nullptr.");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <memory>
-#include <functional>
-#include <fstream>
-#include <set>
-
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/wait.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <sys/smack.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-#include "common/db.h"
-#include <memory.h>
-
-#define APP_USER_NAME "app"
-#define APP_HOME_DIR "/opt/home/app"
-
-
-#define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
-
-
-/////////////////////////////////////////
-//////NOSMACK ENVIRONMENT TESTS//////////
-/////////////////////////////////////////
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_nosmack)
-
-RUNNER_TEST_NOSMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO_nosmack)
-{
- test_perm_app_setup_path_PUBLIC_RO(false);
-}
-
-/**
- * NOSMACK version of privilege_control04 test.
- *
- * Tries to add permisions from test_privilege_control_rules template and checks if
- * smack_have_access returns -1 on check between every rule.
- */
-RUNNER_TEST_NOSMACK(privilege_control04_add_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- //Add permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error adding app permissions. Result: " << result);
-
- DB_END
-
- //Check if smack_have_access always fails on every rule
- result = test_have_nosmack_accesses(rules_efl);
- RUNNER_ASSERT_MSG(result == -1,
- "Despite SMACK being off some accesses were added. Result: " << result);
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
- db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling permissions: " << perm_strerror(result));
- DB_END
-}
-
-void test_set_app_privilege_nosmack(
- const char* app_id, app_type_t app_type,
- const char** privileges, const char* type,
- const char* app_path, const char* dac_file,
- const rules_t &rules)
-{
- check_app_installed(app_path);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_enable_permissions(app_id, app_type, privileges, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_nosmack_accesses(rules);
- RUNNER_ASSERT_MSG(result == -1,
- " Permissions shouldn't be added. Result: " << result);
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, APP_UID);
-
- result = perm_app_set_privilege(app_id, type, app_path);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error in perm_app_set_privilege. Error: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = nullptr;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- " new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == nullptr,
- " new_label_from_self shouldn't allocate memory for label.");
-
- check_groups(groups_before, dac_file);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege test.
- *
- * Another very similar test to it's SMACK version, this time smack_new_label_from_self is
- * expected to return different result.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_nosmack)
-{
- int result;
-
- check_app_installed(APP_SET_PRIV_PATH);
-
- //Preset exec label
- smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
- smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
-
- DB_BEGIN
- perm_app_uninstall(APP_ID);
- DB_END
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, APP_UID);
-
- //Set app privileges
- result = perm_app_set_privilege(APP_ID, nullptr, APP_SET_PRIV_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Error: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = nullptr;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory for label.");
-
- //Check if DAC privileges really set
- RUNNER_ASSERT_MSG(getuid() == APP_UID, "Wrong UID");
- RUNNER_ASSERT_MSG(getgid() == APP_GID, "Wrong GID");
-
- result = strcmp(getenv("HOME"), APP_HOME_DIR);
- RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR. Result: " << result);
-
- result = strcmp(getenv("USER"), APP_USER_NAME);
- RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME. Result: " << result);
-
- check_groups(groups_before, nullptr);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_wgt test.
- *
- * Same as the above, plus uses test_have_nosmack_accesses instead of test_have_all_accesses.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_nosmack)
-{
- test_set_app_privilege_nosmack(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_osp test.
- *
- * Same as the above.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_nosmack)
-{
- test_set_app_privilege_nosmack(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_efl_nosmack)
-{
- test_set_app_privilege_nosmack(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
- "rpm", EFL_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack)
-{
- test_revoke_permissions(__LINE__, WGT_APP_ID);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_nosmack)
-{
- test_revoke_permissions(__LINE__, OSP_APP_ID);
-}
-
-/**
- * NOSMACK version of privilege_control11_app_enable_permissions test.
- *
- * Since the original test did the same thing around five times, there is no need to redo the
- * same test for perm_app_enable_permissions. perm_app_enable_permissions will be called once,
- * test_have_nosmack_accesses will check if smack_have_access still returns error and then
- * we will check if SMACK file was correctly created.
- */
-RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling app permissions. Result: " << result);
-
- DB_END
-
- //Check if accesses aren't added
- result = test_have_nosmack_accesses(rules2);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
- db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_WGT, PRIVS2, true);
-
- DB_BEGIN
-
- //Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(privilege_control11_app_enable_permissions_efl_nosmack)
-{
- test_app_enable_permissions_efl(false);
-}
-
-/*
- * Check perm_app_install function
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control12_app_disable_permissions_efl_nosmack)
-{
- test_app_disable_permissions_efl(false);
-}
-
-/**
- * Remove previously granted SMACK permissions based on permissions list.
- */
-RUNNER_TEST_NOSMACK(privilege_control12_app_disable_permissions_nosmack)
-{
- test_app_disable_permissions(false);
-}
-
-/**
- * NOSMACK version of privilege_control13 test.
- *
- * Uses perm_app_reset_permissions and checks with test_have_nosmack_accesses if nothing has
- * changed.
- */
-RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- // Prepare permissions to reset
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
-
- // Reset permissions
- result = perm_app_reset_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error reseting app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_nosmack_accesses(rules2);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be changed. Result: " << result);
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-}
-
-/**
- * NOSMACK version of privilege_control15_app_id_from_socket.
- *
- * SMACK version of this test case utilized smack_new_label_from_self and smack_set_label_for_self.
- * Those functions rely on /proc/self/attr/current file, which is unreadable and has no contents on
- * NOSMACK environment. Functions mentioned above were tested during libsmack tests, so they are
- * assumed to react correctly and are not tested in this test case.
- *
- * This test works similarly to libsmack test smack09_new_label_from_socket. At first server and
- * client are created then sockets are set up and perm_app_id_from_socket is used. On NOSMACK env
- * correct behavior for perm_app_id_from_socket would be returning nullptr label.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(privilege_control15_app_id_from_socket_nosmack)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
-
- //Clean up before creating socket
- unlink(SOCK_PATH);
-
- //Create our server and client with fork
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
-
- if (!pid) { //child (server)
- int sock, result, fd;
-
- //Create a socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- //Bind socket to address
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- //Prepare for listening
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
-
- //Accept connection
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "accept failed");
-
- //Wait a little bit for client to use perm_app_id_from_socket
- usleep(200);
-
- //cleanup
- exit(0);
- } else { //parent (client)
- // Give server some time to setup listening socket
- sleep(1);
- int sock, result;
- char* smack_label = nullptr;
-
- //Create socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- //Try connecting to address
- result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- //Use perm_app_id_from_socket. Should fail and return nullptr smack_label.
- smack_label = perm_app_id_from_socket(sock);
- RUNNER_ASSERT_MSG(!smack_label, "perm_app_id_from_socket should fail.");
-
- //cleanup
- RUNNER_ASSERT_MSG(smack_label == nullptr, "perm_app_id_from_socket should fail.");
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <vector>
-#include <ftw.h>
-#include <dpl/test/test_runner.h>
-#include <privilege-control.h>
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-
-// ---- Macros and arrays used in stress tests ----
-#define TEST_OSP_FEATURE_APP_ID "test-osp-feature-app"
-#define TEST_WGT_FEATURE_APP_ID "test-wgt-feature-app"
-#define TEST_OSP_FEATURE "OSP_test-feature.osp_rxl"
-#define TEST_WGT_FEATURE "WGT_test-feature.wgt_rxl"
-
-#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1"
-// OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also!
-const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl",
- "~APP~ " TEST_WGT_FEATURE_APP_ID " rl",
- nullptr };
-const char *TEST_OSP_FEATURE_PRIVS[] = { TEST_OSP_FEATURE, nullptr };
-// WGT Api Feature Test data - rwx access only to WGT app
-const char *test_wgt_feature_rule_set[] = { "~APP~ " TEST_WGT_FEATURE_APP_ID " rwx",
- nullptr };
-const char *TEST_WGT_FEATURE_PRIVS[] = { TEST_WGT_FEATURE, nullptr };
-
-rules_t rules_to_test_any_access1 = {
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "r" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "w" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "x" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "a" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "t" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "l" }
-};
-
-rules_t rules_to_test_any_access2 = {
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "r" },
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "x" },
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "l" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "r" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "w" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "x" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "l" }
-};
-
-#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \
- (const rules_t) { \
- { sub, obj, "r" }, \
- { sub, obj, "w" }, \
- { sub, obj, "x" }, \
- { sub, obj, "a" }, \
- { sub, obj, "t" }, \
- { sub, obj, "l" } }
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress)
-
-/**
- * Test - Simulation of 100 installations and uninstallations of one application.
- * Installed application will have various kind of permissions from api
- * features and shared folders.
- */
-void privilege_control22_app_installation_1x100(bool smack)
-{
- int result;
- const int expected_smack_result = smack ? 1:-1;
- std::string shared_dir_auto_label;
-
- // Clear any previously created apps, files, labels and permissions
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_APP_DIR
- << ". Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_NON_APP_DIR
- << ". Result: " << result);
-
- DB_BEGIN
-
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
-
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
-
- // Register appsettings feature
- result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error while registering api feature. Result: " << result);
-
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling App-Setting permissions. Result: " << result);
-
- // Install one additional app (used to check perm to shared directories)
- result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
- const char *test1[] = { nullptr };
- result = perm_app_enable_permissions(TEST_OSP_FEATURE_APP_ID,
- APP_TYPE_OSP, test1, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling permissions. Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
- DB_END
-
-
- // Install app loop
- for (int i = 0; i < 100; ++i)
- {
- DB_BEGIN
-
- // Add application
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Loop index: " << i
- << ". Result: " << result);
-
- // Add persistent permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from OSP Feature. Loop index: "
- << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. Loop index: "
- << i << ". Result: " << result);
-
- DB_END
-
- // add shared dirs
- switch (i%2) // separate odd and even loop runs
- {
- case 0: // Shared dirs: APP_PATH_PRIVATE & APP_PATH_PUBLIC_RO
- {
- DB_BEGIN
-
- // Add app shared dir - APP_PATH_PRIVATE
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- DB_END
-
- // Verify that some previously installed app does not have any access
- // to APP_ID private label
- result = check_no_accesses(smack, rules_to_test_any_access1);
- RUNNER_ASSERT_MSG(result == 1,
- "Error - other app has access to private label. Loop index: "
- << i);
-
- // Get autogenerated Public RO label
- char *label;
- result = smack_getlabel(TEST_NON_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
-
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Public RO dir are granted. Loop index: "
- << i);
-
- result = smack_have_access(TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" );
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Public RO dir are granted. Loop index: "
- << i);
-
- break;
- }
- case 1: // Shared dirs: APP_PATH_APPSETTING_RW & APP_PATH_GROUP_RW
- {
- DB_BEGIN
-
- // Add app shared dir - APP_PATH_SETTINGS_RW
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- DB_END
-
- // Get autogenerated App-Setting label
- char *label;
- result = smack_getlabel(TEST_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app dir
- // and rx permissions to app
- result = smack_have_access(APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_ID << " "<< shared_dir_auto_label << " rwxatl "
- << "Loop index: " << i);
-
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_TEST_SETTINGS_ASP1 << " " << shared_dir_auto_label << " rwx. "
- << "Loop index: " << i);
-
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, APP_ID, "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_TEST_SETTINGS_ASP1 << " " << APP_ID << " rx"
- << "Loop index: " << i);
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = smack_have_access(APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- break;
- }
- } // END switch
-
- // check if api-features permissions are added properly
- result = check_all_accesses(smack,
- (const rules_t) {
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added. Loop index: "
- << i);
-
- // revoke permissions
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
-
- // check if api-features permissions are removed properly
- result = check_no_accesses(smack, rules_to_test_any_access2);
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions revoked. Loop index: " << i);
-
- // remove labels from app folder
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
- // remove labels from shared folder
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
-
- // uninstall app
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Loop index: " << i
- << ". Result: " << result);
- } // END Install app loop
-
- DB_BEGIN
-
- // Uninstall setting app and additional app
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
- DB_END
-}
-
-/**
- * Test - Simulation of 10 installations and uninstallations of set of 10 applications.
- * Installed applications will have various kind of permissions to each other
- * from api-features and shared folders.
- *
- * APP_TEST_SETTINGS_ASP1 ("test-app-settings-asp1") - registered as setting app
- *
- * Permissions:
- * test_APP0-4 - receive test_osp_feature_rule_set2
- * test_APP5-9 - receive test_wgt_feature_rule_set2
- *
- * During this test there is one directory created for each app for each loop run,
- * dir name syntax is: /tmp/<app_name>_<i-loop_run>
- *
- * test_APP0 & test_APP5 register their directories as APP_PATH_PRIVATE
- * test_APP1, test_APP2 & test_APP6 register their directories as
- * APP_PATH_GROUP_RW using the same label
- * LABEL_FOR_PUBLIC_SHARED_DIRS
- * test_APP3, test_APP7 & test_APP8 register their directories as
- * APP_PATH_PUBLIC_RO
- * test_APP4 & test_APP9 register their directories as
- * APP_PATH_SETTINGS_RW
- */
-void privilege_control23_app_installation2_10x10(bool smack)
-{
- int result;
- const int expected_smack_result = smack ? 1:-1;
- const int app_count = 10;
- std::string shared_dir3_auto_label;
- std::string shared_dir7_auto_label;
- std::string shared_dir8_auto_label;
- std::string setting_dir4_auto_label;
- std::string setting_dir9_auto_label;
- char app_ids[app_count][strlen(APP_ID) + 3];
- char app_dirs[app_count][strlen(APP_ID) + 12];
- const char *test_osp_feature_rule_set2[] = { "~APP~ " APP_ID "6 r",
- "~APP~ " APP_ID "7 rxl",
- "~APP~ " APP_ID "8 rwxal",
- "~APP~ " APP_ID "9 rwxatl",
- nullptr };
- const char *test_wgt_feature_rule_set2[] = { "~APP~ " APP_ID "1 r",
- "~APP~ " APP_ID "2 rxl",
- "~APP~ " APP_ID "3 rwxal",
- "~APP~ " APP_ID "4 rwxatl",
- nullptr };
-
-
- // generate app ids: test_APP0, test_APP1, test_APP2 etc.:
- for (int i = 0; i < app_count; ++i)
- {
- result = sprintf(app_ids[i], APP_ID "%d", i);
- RUNNER_ASSERT_MSG(result > 0, "Cannot generate name for app nr: " << i);
- }
-
- DB_BEGIN
-
- // Clear any previously created apps, files, labels and permissions
- for (int i = 0; i < app_count; ++i)
- {
- result = perm_app_revoke_permissions(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions for app: "
- << app_ids[i] << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[i] << ". Result: " << result);
- }
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions."
- << " Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall."
- << " Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install."
- << " Result: " << result);
-
- // Register appsettings feature
- result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error while registering api feature. Result: " << result);
-
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering App-Setting permissions."
- << " Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
- DB_END
-
-
- // Install apps loop
- for (int i = 0; i < 10; ++i)
- {
- DB_BEGIN
-
- // Install 10 apps
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_install(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. App id: "
- << app_ids[j]
- << " Loop index: " << i
- << ". Result: " << result);
-
- // Create 10 directories
- result = sprintf(app_dirs[j],"/tmp/" APP_ID "%d_%d", j, i);
- RUNNER_ASSERT_MSG(result > 0,
- "Cannot generate directory name for app nr: " << j
- << " Loop index: " << i);
- result = mkdir(app_dirs[j], S_IRWXU | S_IRGRP | S_IXGRP);
- RUNNER_ASSERT_ERRNO_MSG(result == 0 || errno == EEXIST,
- "Cannot create directory: " << app_dirs[j]);
- result = nftw(app_dirs[j], &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << app_dirs[j]
- << ". Result: " << result);
- }
-
- // Give permissions from api-features
- for (int j = 0; j < (app_count/2); ++j)
- {
- // add persistent api feature permissions
- result = perm_app_enable_permissions(app_ids[j], APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app__permissions from OSP Feature. App id: "
- << app_ids[j] << " Loop index: " << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(app_ids[j+5], APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. App id: "
- << app_ids[j+5] << " Loop index: " << i << ". Result: " << result);
- }
-
- // Add app shared dirs - APP_PATH_PRIVATE (apps 0, 5)
- result = perm_app_setup_path(app_ids[0], app_dirs[0], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[0]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[5], app_dirs[5], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[5]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW (apps 1, 2, 6)
- result = perm_app_setup_path(app_ids[1], app_dirs[1],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[2], app_dirs[2],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[2]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[6], app_dirs[6],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[6]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO (apps 3, 7, 8)
- result = perm_app_setup_path(app_ids[3], app_dirs[3],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[7], app_dirs[7],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[7]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[8], app_dirs[8],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[8]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_SETTINGS_RW (apps ,4, 9)
- result = perm_app_setup_path(app_ids[4], app_dirs[4],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[4]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[9], app_dirs[9],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[9]
- << " Loop index: " << i << ". Result: " << result);
-
- DB_END
-
- // Verify that some previously installed app does not have
- // any acces to app 0 and app 5 PRIVATE folders
- for (int j = 0; j < app_count; ++j)
- {
- // Apps 1-9 should not have any access to app 0
- if (j != 0)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[0] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
-
- // Apps 0-4 and 6-9 should not have any access to app 5
- if (j != 5)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[5] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
- } // End for Verify PRIVATE
-
- // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[1], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" },
- { app_ids[2], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" },
- { app_ids[6], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- // Get autogenerated Public_RO labels
- char *label;
- result = smack_getlabel(app_dirs[3], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[3]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir3_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[7], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[7]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir7_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[8], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[8]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir8_auto_label = label;
- free(label);
-
- // Verify that all apps have ro permissions to public folders of apps 3, 7 and 8
- // Also apps 3, 7 and 8 should have all permisisons to their own PUBLIC_RO dirs
- for (int j = 0; j < app_count; ++j)
- {
- if (j == 3)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // Verify that there are no extra permissions to public dirs
- result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);
- }
- if (j == 7)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // Verify that there are no extra permissions to public dirs
- result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);
- }
- if (j == 8)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // Verify that there are no extra permissions to other public dirs
- result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);
- }
-
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Public RO dirs are granted. App id: "
- << app_ids[j] << ". Loop index: " << i);
- } // End for Verify PUBLIC_RO
-
- // Get autogenerated SETTING_RW labels
- result = smack_getlabel(app_dirs[4], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[4] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir4_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[9], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[9] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir9_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app-settings dirs and rx to apps
- result = smack_have_access(app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << app_ids[4] << " " << setting_dir4_auto_label
- << " Loop index: " << i);
- result = smack_have_access(app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << app_ids[9] << " " << setting_dir9_auto_label
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[4], "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << app_ids[4]
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[9], "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << app_ids[9]
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << setting_dir4_auto_label
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << setting_dir9_auto_label
- << " Loop index: " << i);
-
-
-
- // Check if api-features permissions are added properly
- for (int j = 0; j < 5; ++j)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], app_ids[6], "r" },
- { app_ids[j], app_ids[7], "rxl" },
- { app_ids[j], app_ids[8], "rwxal" },
- { app_ids[j], app_ids[9], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- for (int j = 5; j < app_count; ++j)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], app_ids[1], "r" },
- { app_ids[j], app_ids[2], "rxl" },
- { app_ids[j], app_ids[3], "rwxal" },
- { app_ids[j], app_ids[4], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- DB_BEGIN
-
- // Revoke permissions
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_revoke_permissions(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. App id: "
- << app_ids[j] << " Loop index: " << i
- << ". Result: " << result);
- }
-
- DB_END
-
- // Check if permissions are removed properly
- for (int j = 0; j < app_count; ++j)
- {
- // To all other apps
- for (int k = 0; k < app_count; ++k)
- if (j != k)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions revoked. Subject: " << app_ids[j]
- << " Object: " << app_ids[k] << " Loop index: " << i);
- }
- }
-
- DB_BEGIN
-
- // Remove labels from folders and uninstall all apps
- for (int j = 0; j < app_count; ++j)
- {
- result = nftw(app_dirs[j], &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS); // rm labels from app folder
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: "
- << app_dirs[j] << " . Loop index: " << i
- << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[j] << " . Loop index: " << i
- << ". Result: " << result);
- }
-
- DB_END
-
- // Remove created dirs
- for (int j = 0; j < app_count; ++j)
- {
- result = rmdir(app_dirs[j]);
- RUNNER_ASSERT_ERRNO_MSG(result == 0,
- "Cannot remove directory: " << app_dirs[j]);
- }
- } // END Install app loop
-
- // Uninstall setting app
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
-}
-
-RUNNER_TEST_SMACK(privilege_control22_app_installation_1x100_smack)
-{
- privilege_control22_app_installation_1x100(true);
-}
-
-RUNNER_TEST_NOSMACK(privilege_control22_app_installation_1x100_nosmack)
-{
- privilege_control22_app_installation_1x100(false);
-}
-
-RUNNER_TEST_SMACK(privilege_control23_app_installation2_10x10_smack)
-{
- privilege_control23_app_installation2_10x10(true);
-}
-
-RUNNER_TEST_NOSMACK(privilege_control23_app_installation2_10x10_nosmack)
-{
- privilege_control23_app_installation2_10x10(false);
-}
+++ /dev/null
-.
\ No newline at end of file
+++ /dev/null
-../
\ No newline at end of file
+++ /dev/null
-../../
\ No newline at end of file
+++ /dev/null
-../../../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-test_APP_REAL
\ No newline at end of file
+++ /dev/null
-#Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# @file CMakeLists.txt
-# @author Pawel Polawski (p.polawski@samsung.com)
-# @version 0.1
-# @brief
-#
-INCLUDE(FindPkgConfig)
-SET(TARGET_TEST "libsmack-test")
-
-#dependencies
-PKG_CHECK_MODULES(TARGET_DEP
- libsmack
- REQUIRED
- )
-
-#files to compile
-SET(TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/libsmack-test.cpp
- ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_cases.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/tests/common/
- )
-
-#preprocessor definitions
-#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-
-#output format
-ADD_EXECUTABLE(${TARGET_TEST} ${TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${TARGET_TEST}
- ${TARGET_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-#place for output file
-INSTALL(TARGETS ${TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-#place for additional files
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_smack_rules
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-#place for full rules
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_smack_rules_full
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
-
-#place for rules2
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_smack_rules2
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
-
-#place for rules3
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_smack_rules3
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
-
-#place for rules4
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/libsmack-tests/test_smack_rules4
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file libprivilege-test.cpp
- * @author Pawel Polawski (p.polawski@samsung.com)
- * @version 1.0
- * @brief libsmack test runer
- */
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[])
-{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases.cpp
- * @author Pawel Polawski (p.polawski@samsung.com)
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief libsmack test runner
- */
-
-#include <string>
-#include <sstream>
-#include <fcntl.h>
-#include <unistd.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dpl/log/log.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/smack.h>
-#include <sys/xattr.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/file.h>
-#include <sys/wait.h>
-#include "tests_common.h"
-#include <access_provider.h>
-#include <fs_label_manager.h>
-#include "memory.h"
-
-const char* const TEST_SUBJECT = "test_subject";
-const char* const TEST_OBJECT = "test_object";
-const char* const TEST_OBJECT_2 = "test_object_2";
-
-const std::string testDir = "/tmp/";
-const std::vector<std::string> accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" };
-
-//This one define is required for sockaddr_un initialization
-#define SOCK_PATH "/tmp/test-smack-socket"
-
-RUNNER_TEST_GROUP_INIT(libsmack)
-/**
- * Helper method to reset privileges at the begginning of tests.
- */
-void clean_up()
-{
- smack_revoke_subject(TEST_SUBJECT);
-}
-
-/**
- * Checking if subject has any access to object
- */
-bool checkNoAccesses(const char *subject, const char *object)
-{
- int result;
-
- for(const auto &perm : std::vector<std::string> {"r", "w", "a","t", "l"}) {
- result = smack_have_access(subject, object, perm.c_str());
- if (result == 1) {
- return false;
- }
- }
- return true;
-}
-
-void removeAccessesAll()
-{
- for(int i = 1; i <=3; i++)
- //smack_revoke_subject will fail, when subject does not exist in kernel
- //as this function is called at test beginning we cannot check return value
- smack_revoke_subject(("test_subject_0" + std::to_string(i)).c_str());
-}
-
-/**
- * Add a new access with smack_accesses_add_modify()
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_1){
- int result;
-
- clean_up();
-
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // THE TEST
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"xr","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify by empty rules");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"xr");
- RUNNER_ASSERT_MSG(result == 1, "Rule modified (added 'xr'), but no change made.");
-
- // CLEAN UP
- clean_up();
-}
-
-
-/**
- * Test if rules are applied in the right order, and modification works.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_2){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
-
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 0,
- "Modification didn't work");
-
- // CLEAN UP
- clean_up();
-}
-
-
-/**
- * Test if rules are applied in the right order, and modification works.
- * Using different smack_accesses list to add and delete.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_3){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- // Add r privilage
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 1,
- "Adding privileges didn't work");
-
- // Revoke r privilege
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result == 0, "Modification didn't work, rule has still 'r' privileges.");
-
- // CLEAN UP
- clean_up();
-}
-
-/**
- * Add a list of privileges and then revoke just ONE of them.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_4){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
-
- // CLEAN UP
- clean_up();
-}
-
-/**
- * Add a list of privileges and then revoke just ONE of them.
- * Without applying privileges in between those actions.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_5){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
-
- // CLEAN UP
- clean_up();
-}
-
-
-/**
- * Add a list of privileges and then revoke just TWO of them.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_6){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwt","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"ax","rt");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"wax");
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'wax' privileges.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
-
- // CLEAN UP
- clean_up();
-}
-
-/**
- * Run smack_accesses_add_modify with the same accesses_add and accesses_del.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_7){
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i) {
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str(), accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Error while checking smack access. Accesses exist.");
-
- // CLEAN UP
- clean_up();
- }
-}
-
-/**
- * Revoke subject with previously added rules and revoke it again.
- */
-RUNNER_TEST_SMACK(smack_revoke_subject_test_1){
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i) {
- // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str(),"");
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
- accessesBasic[i].c_str(),"");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. "
- "Rule " << accessesBasic[i].c_str() << " does not exist.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. "
- "Rule " << accessesBasic[i].c_str() << " does not exist.");
-
- // Revoking subject
- result = smack_revoke_subject(TEST_SUBJECT);
- RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work.");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Revoke didn't work. Accesses exist.");
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
- " Revoke didn't work. Accesses exist.");
-
-
- // Revoking subject again
- result = smack_revoke_subject(TEST_SUBJECT);
- RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work.");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Revoke didn't work. Accesses exist.");
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
- " Revoke didn't work. Accesses exist.");
-
- }
-}
-
-/**
- * Clearing accesses
- */
-RUNNER_TEST_SMACK(smack_accesses_clear_test_1){
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i) {
- // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule "
- << accessesBasic[i].c_str() << " does not exist.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule "
- << accessesBasic[i].c_str() << " does not exist.");
-
- // Creating and clearing rules with TEST_OBJECT
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work. Rule "
- << accessesBasic[i].c_str() << " does exist.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Clearing rules didn't work. Rule "
- << accessesBasic[i].c_str() << " does not exist.");
-
- // Creating and clearing rules with TEST_OBJECT
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Clear didn't work. Accesses exist.");
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
- " Clear didn't work. Accesses exist.");
- }
-}
-
-RUNNER_TEST(smack01_storing_and_restoring_rules)
-{
- /*
- * author: Pawel Polawski
- * test: smack_accesses_new, smack_accesses_add, smack_accesses_add_modify, smack_accesses_add_from_file,
- * smack_accesses_free, smack_accesses_save
- * description: This test case will create structure holding SMACK rules and add new one to it. Next rules will be
- * stored and restored from file.
- * expect: Rules created and stored in file should be identical to predefined template.
- */
-
- struct smack_accesses *rules = nullptr; //rules prepared in this test case
- struct smack_accesses *import_test = nullptr; //rules imported from file
-
- int result; //result of each operation to be tested by RUNNER_ASSERT
- int fd, tmp, sample; //file descripptors for save / restore rules tests
-
- //int smack_accesses_new(struct smack_accesses **accesses);
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
- RUNNER_ASSERT(smack_accesses_new(&import_test) == 0);
- SmackAccessesPtr import_ptr(import_test);
-
- //opening files
- fd = open("/tmp/smack01_rules", O_RDWR | O_CREAT | O_TRUNC, 0644); //for export prepared rules
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to create /tmp/smack01_rules");
- FdUniquePtr fd_ptr(&fd);
- tmp = open("/tmp/smack01_tmp", O_RDWR | O_CREAT | O_TRUNC, 0644); //for import rules exported before
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to create /tmp/smack01_tmp");
- FdUniquePtr tmp_ptr(&tmp);
- sample = open("/etc/smack/test_smack_rules", O_RDONLY, 0644); //reference preinstalled rules
- RUNNER_ASSERT_ERRNO_MSG(sample >= 0, "Unable to open /etc/smack/test_smack_rules");
- FdUniquePtr sample_ptr(&sample);
-
- result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rw");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "reader", "book", "wx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- result = smack_accesses_add_modify(rules_ptr.get(), "reader", "book", "r", "wx");
- RUNNER_ASSERT_MSG(0 == result, "Unable to modify smack rules");
-
- result = smack_accesses_save(rules_ptr.get(), fd);
- RUNNER_ASSERT_MSG(0 == result, "Unable to save smack_accesses instance in file");
-
- result = lseek(fd, 0, SEEK_SET);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
- result = smack_accesses_add_from_file(import_ptr.get(), fd);
- RUNNER_ASSERT_MSG(result == 0, "Unable to import rules from file");
-
- result = smack_accesses_save(import_ptr.get(), tmp);
- RUNNER_ASSERT_MSG(result == 0, "Unable to save smack_accesses instance in file");
-
- //comparing rules saved in file, restored from it and stored one more time
- result = files_compare(fd, tmp);
- RUNNER_ASSERT_MSG(result == 0, "No match in stored and restored rules");
-
- //comparing rules stored in file with reference preinstalled rules
- result = files_compare(tmp, sample);
- RUNNER_ASSERT_MSG(result == 0, "No match in stored rules and pattern file");
-}
-
-RUNNER_TEST_SMACK(smack02_aplying_rules_into_kernel)
-{
- /*
- * author: Pawel Polawski
- * test: smack_accesses_apply, smack_have_access, smack_revoke_subject, smack_accesses_clear, smack_accesses_new,
- * smack_accesses_add, smack_accesses_free
- * description: In this test case aplying rules to kernel will be tested. After that function for test
- * accesses will be used.
- * expect: In case of correct rules access should be granted.
- */
-
- //CAP_MAC_ADMIN needed for process to be able to change rules in kernel (apllying, removing)
-
- struct smack_accesses *rules = nullptr; //rules prepared in this test case
- int result; //for storing functions results
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- //adding test rules to struct
- result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- result = smack_accesses_apply(rules_ptr.get()); //applying rules to kernel
- RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
-
- //should have access - rule exist
- result = smack_have_access("spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
- //should have no access - wrong rule, should be "r" only
- result = smack_have_access("reader", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
- //should have no access - rule not exist
- result = smack_have_access("s02badsubjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
-
- //this subject do not exist in kernel rules
- result = smack_revoke_subject("s02nonexistinglabel");
- RUNNER_ASSERT_MSG(result == 0, "Error in removing not existing subject from kernel");
- result = smack_revoke_subject("spy"); //this subject exist in kernel rules
- RUNNER_ASSERT_MSG(result == 0, "Error in removing existing subject from kernel");
-
- //testing access after revoke_subject() from kernel
- result = smack_have_access("spy", "book", "rwx");
- //now spy should have no access
- RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel");
-
- //for create new rule as a consequence of use accesses_clear() below
- result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- //"spy" removed before by using smack_revoke_subject()
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
-
- //testing acces after acces_clear()
- result = smack_have_access("writer", "book", "rwx");
- //now writer also should have no access
- RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel");
-
-}
-
-//pairs of rules for test with mixed cases, different length and mixed order
-std::vector< std::vector<std::string> > correct_rules = {
- { "reader1", "-", "------" },
- { "reader2", "--------", "------" },
- { "reader3", "RwXaTl", "rwxatl" },
- { "reader4", "RrrXXXXTTT", "r-x-t-" },
- { "reader5", "-r-w-a-t-", "rw-at-" },
- { "reader6", "", "------" },
- { "reader7", "xa--Rt---W--L", "rwxatl" },
-};
-
-RUNNER_TEST_SMACK(smack03_mixed_rule_string_add)
-{
- /*
- * author: Pawel Polawski
- * test: smack_have_access, smack_accesses_new, smack_accesses_add, smack_accesses_apply, smack_accesses_free
- * description: In thist test case rules based on mixed string are added to kernel.
- * Strings are presented above and contains lower / upper case alpha, numbers and special signs.
- * expect: Rules should be parsed correct and aplied to kernel.
- */
-
- //In thist test case mixed string are used as rules applied to kernel, next they are
- //readed and compared with correct form of rules
-
- struct smack_accesses *rules = nullptr; //rules prepared in this test case
- int result; //for storing functions results
- int expected;
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- //adding test rules with mixed string
- for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
- //using mixed rules from table
- result = smack_accesses_add(rules_ptr.get(),
- (*rule)[0].c_str(),
- "book",
- (*rule)[1].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- }
-
- //clearing
- //FIXME: Using clear() here can cover error in accesses_apply() function
- //result = smack_accesses_clear(rules);
- //RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
-
- //applying rules to kernel
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
-
- //checking accesses using normal rules
- for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
- if ((*rule)[2] == "------")
- expected = 0;
- else
- expected = 1;
- //using normal rules from table
- result = smack_have_access((*rule)[0].c_str(),
- "book",
- (*rule)[2].c_str());
- RUNNER_ASSERT_MSG(result == expected, "Error while checking Smack access");
- }
-}
-
-RUNNER_TEST_SMACK(smack04_mixed_rule_string_have_access)
-{
- /*
- * author: Pawel Polawski
- * test: smack_have_access
- * description: In this test case we testing aplied before SMACK rules and comparing them using mixed strings.
- * expect: Subjects should have accesses to the objects.
- */
-
- //In this test case we checking previous aplied rules but for compare mixed strings are used
-
- int result;
- int expected;
-
- //rules were added in previous RUNNER_TEST section
- //checking accesses using mixed rules
- for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
- if ((*rule)[2] == "------")
- expected = 0;
- else
- expected = 1;
- //using mixed rules from table
- result = smack_have_access((*rule)[0].c_str(),
- "book",
- (*rule)[1].c_str());
- RUNNER_ASSERT_MSG(result == expected, "Error while checking Smack access");
- }
-}
-
-//RUNNER_TEST(smackXX_accesses_add_modify)
-//{
-//IDEAS FOR TESTS
-// - what if we want to apply rule that is already in kernel?
-// - tests for smack_accesses_add_modify() + smack_have_access() (check if add_modify sets the proper rule)
-// - smack_accesses_add_modify("subject", "object", "rwx", "rwx") should create empty rule
-//}
-
-RUNNER_TEST_SMACK(smack05_self_label)
-{
- /*
- * author: Pawel Polawski
- * test: smack_set_label_for_self, smack_new_label_from_self
- * description: In this test case process test it own default label. Next label is changed
- * and tested one more time if change was successfull.
- * expect: Proces should have default "-" label and can change it to the oter one.
- */
-
- //In this test case process will manipulate it own label
-
- char *label = nullptr;
- int result;
- int fd;
-
- const int B_SIZE = 8;
- char buff[B_SIZE];
-
- const char *def_rule = "_";
-
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error in getting self label");
- //comparing this label with default one "_"
- result = strcmp(label, def_rule);
- free(label);
- RUNNER_ASSERT_MSG(result == 0, "Wrong default process label");
-
- //comparing this rule with received from /proc/self/attr/current
- fd = open("/proc/self/attr/current", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /proc/self/attr/current");
- FdUniquePtr fd_ptr(&fd);
- result = read(fd, buff, B_SIZE);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
- result = strncmp(buff, def_rule, result);
- RUNNER_ASSERT_MSG(result == 0, "Wrong default process rule");
-
- //now time for setting labels:
-
- result = smack_set_label_for_self("cola");
- RUNNER_ASSERT_MSG(result == 0, "Error in setting self label");
-
- //checking new label using smack function
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error in getting self label");
- result = strcmp(label, "cola");
- free(label);
- RUNNER_ASSERT_MSG(result == 0, "Wrong process label");
-
- //checking new label using /proc/self/attr/current
- result = lseek(fd, 0, SEEK_SET); //going to the file beginning
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
- result = read(fd, buff, B_SIZE);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
- result = strncmp(buff, "cola", result);
- RUNNER_ASSERT_MSG(result == 0, "Proces rule in /proc/self/attr/current other than set");
-}
-
-RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_0)
-{
- RUNNER_IGNORED_MSG("Upstream does not support label removal yet");
- const std::string fsLabel = "smack06_setlabel_getlabel_test_0";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const std::string filePath = "file";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
-
- // reset labels first time
- fs.testSmackClearLabels(filePath);
-
- // reset labels second time
- fs.testSmackClearLabels(filePath);
-}
-
-RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_1)
-{
- const std::string fsLabel = "smack06_setlabel_getlabel_test_1";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "access";
- const char* testLabelExec = "exec";
- const std::string filePath = "file";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
-
- // set and get labels first time
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-
- // set and get same labels second time
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_2)
-{
- RUNNER_IGNORED_MSG("Upstream does not support label removal yet");
- const std::string fsLabel = "smack06_setlabel_getlabel_test_2";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "access";
- const char* testLabelExec = "exec";
- const std::string filePath = "file";
- const std::string linkPath = "link";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
- fs.createLink(linkPath, filePath);
-
- // set and get labels for file to which link points
- fs.testSmackSetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC);
-
- // link labels should not be changed
- fs.testSmackLGetLabel(linkPath, nullptr, SMACK_LABEL_ACCESS);
- fs.testSmackLGetLabel(linkPath, nullptr, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack06_lsetlabel_lgetlabel_test_1)
-{
- const std::string fsLabel = "smack06_lsetlabel_lgetlabel_test_1";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "fileAccess";
- const char* testLabelExec = "fileExec";
- const char* testLinkLabelAccess = "linkAccess";
- const char* testLinkLabelExec = "linkExec";
- const std::string filePath = "file";
- const std::string linkPath = "link";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
- fs.createLink(linkPath, filePath);
-
- // set different labels for link and file
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackLSetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackLSetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC);
-
- // get those labels
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackLGetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackLGetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack06_fsetlabel_fgetlabel_test_1)
-{
- const std::string fsLabel = "smack06_fsetlabel_fgetlabel_test_1";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "access";
- const char* testLabelExec = "exec";
- const std::string filePath = "file";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
-
- // set and get labels for fd
- fs.testSmackFSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackFSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackFGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackFGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack10_adding_removing_rules)
-{
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i)
- {
- // Creating rules
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // Adding accesses
- result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Deleting all rules
- clean_up();
- }
-
- for (i = 0; i < 3; ++i)
- {
- // --- Creating rules (r or w or x)
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // Adding accesses
- result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Checking if wrong accesses were not created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
-
- // --- Modifying accesses (r for wx or w for rx or x for rw)
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i + 3].c_str(),accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Checking if wrong accesses were not created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
-
- rules_ptr.release();
- // --- Creating complementary rules (r or w or x)
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Adding accesses
- result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // --- Modifying accesses (adding rwx and removing r or w or x)
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwx",
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Checking if wrong accesses were not created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
-
- // --- Adding crossing accesses (rx or rw or wx)
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[3 + ((i + 1) % 3)].c_str(),"");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[3 + ((i + 1) % 3)].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Deleting all rules
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while checking smack access. Result: " << result);
-
- // Deleting all rules
- clean_up();
- }
-}
-
-RUNNER_TEST_SMACK(smack11_saving_loading_rules)
-{
- int result;
- int fd;
-
- struct smack_accesses *rules = nullptr;
-
- // Pre-cleanup
- removeAccessesAll();
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // Loading file with rwxat rules - test_smack_rules_full
- fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file");
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking rules
- result = smack_have_access("test_subject_01", "test_object_02", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_01", "test_object_03", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_02", "test_object_01", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_02", "test_object_02", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_02", "test_object_03", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_03", "test_object_01", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_03", "test_object_02", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_03", "test_object_03", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
-
- // Removing rules
- removeAccessesAll();
-
- // Creating rules
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Loading file with partial wrong rules - test_smack_rules2
- fd = open("/etc/smack/test_smack_rules2", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules2");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file");
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking rules
- RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_01"),
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
- result = smack_have_access("test_subject_01", "test_object_02", "rwatl");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_01", "test_object_03", "wat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_02", "test_object_01"),
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
- result = smack_have_access("test_subject_02", "test_object_02", "wa-lt");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_02", "test_object_03", "wr");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_03", "test_object_01", "a");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_03", "test_object_02", "rwat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_03", "test_object_03", "w---l-");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
-
- // Removing rules
- removeAccessesAll();
-
- // Creating rules
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Loading file with partial wrong rules - test_smack_rules3
- fd = open("/etc/smack/test_smack_rules3", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules3");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file");
-
- // Removing rules
- removeAccessesAll();
-
- // Creating rules
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Loading file with partial wrong rules - test_smack_rules4
- fd = open("/etc/smack/test_smack_rules4", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules4");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file");
-
- // Removing rules
- removeAccessesAll();
-}
-
-//int smack_new_label_from_socket(int fd, char **label);
-
-
-static void smack_set_another_label_for_self(void)
-{
- static int number = time(nullptr);
-
- number++;
- std::string smack_label("s" + std::to_string(number));
-
- int result = smack_set_label_for_self(smack_label.c_str());
- RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self(" << smack_label << ") failed");
-}
-
-static void smack_unix_sock_server(int sock)
-{
- int fd, result;
- char *label;
-
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- RUNNER_ASSERT_ERRNO(fd >= 0);
- FdUniquePtr fd_ptr(&fd);
-
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
- CStringPtr label_ptr(label);
- result = write(fd, label, strlen(label));
- RUNNER_ASSERT_ERRNO_MSG(result == (int)strlen(label), "write() failed");
-
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(smack09_new_label_from_socket)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
- unlink(SOCK_PATH);
- smack_set_another_label_for_self();
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- if (!pid) { /* child process, server */
- int sock, result;
-
-
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
- smack_unix_sock_server(sock);
-
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- /* Test if socket label was unaffected by fork() */
- smack_unix_sock_server(sock);
- if (!pid) {
- usleep (100);
- smack_set_another_label_for_self();
- smack_unix_sock_server(sock);
- }
-
- exit(0);
- } else { /* parent process, client */
- sleep(1); /* Give server some time to setup listening socket */
- for (int i = 0; i < 4; ++i) {
- int sock, result;
- char smack_label1[SMACK_LABEL_LEN + 1];
- char *smack_label2;
-
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
- result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
- alarm(2);
- result = read(sock, smack_label1, SMACK_LABEL_LEN);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
- smack_label1[result] = '\0';
- result = smack_new_label_from_socket(sock, &smack_label2);
- SmackLabelPtr label2_ptr(smack_label2);
- RUNNER_ASSERT_MSG(result >= 0, "smack_label_from_socket failed");
- result = strcmp(smack_label1, label2_ptr.get());
- if (i < 3)
- RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
- << "' != '" << smack_label2 << "' i == " << i);
- else
- RUNNER_ASSERT_MSG(result != 0, "smack labels do not differ: '" << smack_label1
- << "' != '" << smack_label2 << "' i == " << i);
- }
- }
-}
-
-void createFileWithLabel(const std::string &filePath, const std::string &fileLabel)
-{
- //create temporary file and set label for it
- mode_t systemMask;
-
- unlink(filePath.c_str());
- //allow to create file with 777 rights
- systemMask = umask(0000);
- int fd = open(filePath.c_str(), O_RDWR | O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO);
- //restore system mask
- umask(systemMask);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests");
-
- //for descriptor protection
- FdUniquePtr fd_ptr(&fd);
-
- //change owner and group to user APP
- int ret = chown(filePath.c_str(), APP_UID, APP_GID);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
-
- //set smack label on file
- ret = smack_setlabel(filePath.c_str(), fileLabel.c_str(), SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Unable to set label for file: " << ret);
-
- char *label = nullptr;
- ret = smack_getlabel(filePath.c_str(), &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Unable to get label from file");
- std::string label_str(label ? label : "");
- free(label);
- RUNNER_ASSERT_MSG(label_str == fileLabel, "File label not match set label");
-}
-
-void prepareEnvironment(const std::string &subject, const std::string &object, const std::string &access)
-{
- const std::string ruleAll = "x";
-
- SecurityServer::AccessProvider provider(subject);
- provider.addObjectRule("User", ruleAll);
- provider.addObjectRule(object, access);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-}
-
-//- Add "l" rule to system
-//
-//Should be able to add "l" rule to system
-RUNNER_CHILD_TEST_SMACK(smack13_0_checking_laccess_mode_enabled_on_device)
-{
- std::string selfLabel = "smack13_0";
- std::string filename = "smack13_0_file";
-
- //function inside checks if rule exist after add it
- SecurityServer::AccessProvider provider(selfLabel);
- provider.addObjectRule(filename, "l");
- provider.apply();
-
- int ret = smack_have_access(selfLabel.c_str(), filename.c_str(), "l");
- RUNNER_ASSERT_MSG(ret == 1, "Error in adding laccess rule - l");
-}
-
-//- Create file
-//- Set label for file and self
-//- Drop privileges
-//
-//Should have no access due to missing SMACK rule
-RUNNER_CHILD_TEST_SMACK(smack13_1_checking_laccess_mode)
-{
- std::string selfLabel = "smack13_1";
- std::string filename = "smack13_1_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
-
- SecurityServer::AccessProvider provider(selfLabel);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
- ret = flock(fd, LOCK_UN | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
- ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "l"
-//- Drop privileges
-//
-//Should be able to lock file even without "w" rule
-RUNNER_CHILD_TEST_SMACK(smack13_2_checking_laccess_mode_with_l_rule)
-{
- std::string selfLabel = "smack13_2";
- std::string filename = "smack13_2_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
-
- prepareEnvironment(selfLabel, filename, "l");
-
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
- ret = flock(fd, LOCK_UN | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to unlock file");
- ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "w"
-//- Drop privileges
-//
-//Should be able to lock file even without "l" rule
-RUNNER_CHILD_TEST_SMACK(smack13_3_checking_laccess_mode_with_w_rule)
-{
- std::string selfLabel = "smack13_3";
- std::string filename = "smack13_3_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
-
- prepareEnvironment(selfLabel, filename, "w");
-
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
- ret = flock(fd, LOCK_UN | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to unlock file");
- ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "rw"
-//- Drop privileges
-//- Lock file (shared lock)
-//- Spawn child process
-//- Child tries to lock file (shared)
-//
-//Child should be able to lock file due to shared lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_0_checking_laccess_mode_w_rule_child)
-{
- std::string selfLabel = "smack13_4_0";
- std::string filename = "smack13_4_0_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR);
- FdUniquePtr fd_ptr(&fd);
- int ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- prepareEnvironment(selfLabel, filename, "rw");
-
- int child_fd = open(filePath.c_str(), O_RDWR);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to lock file with shared lock");
- }
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "l"
-//- Drop privileges
-//- Lock file (shared lock)
-//- Spawn child process
-//- Child tries to lock file (shared)
-//
-//Child should be able to lock file due to shared lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_1_checking_laccess_mode_l_rule_child)
-{
- std::string selfLabel = "smack13_4_1";
- std::string filename = "smack13_4_1_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR);
- FdUniquePtr fd_str(&fd);
- int ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- //"r" is only for open in O_RDONLY mode
- prepareEnvironment(selfLabel, filename, "rl");
-
- int child_fd = open(filePath.c_str(), O_RDONLY, 0);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to lock file with shared lock");
- }
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "rw"
-//- Drop privileges
-//- Lock file (exclusive lock)
-//- Spawn child process
-//- Child tries to lock file (exclusive / shared)
-//
-//Child should not be able to lock file due to exclusive lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_2_checking_laccess_mode_w_rule_child)
-{
- std::string selfLabel = "smack13_4_2";
- std::string filename = "smack13_4_2_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR);
- FdUniquePtr fd_ptr(&fd);
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- prepareEnvironment(selfLabel, filename, "rw");
-
- int child_fd = open(filePath.c_str(), O_RDWR, 0);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file with exclusive lock");
- }
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "l"
-//- Drop privileges
-//- Lock file (exclusive lock)
-//- Spawn child process
-//- Child tries to lock file (exclusive / shared)
-//
-//Child should not be able to lock file due to exclusive lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_3_checking_laccess_mode_l_rule_child)
-{
- std::string selfLabel = "smack13_4_3";
- std::string filename = "smack13_4_3_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- //"r" is only for open in O_RDONLY mode
- prepareEnvironment(selfLabel, filename, "rl");
-
- int child_fd = open(filePath.c_str(), O_RDONLY, 0);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file with eclusive lock");
- }
-}
-
-
-/////////////////////////////////////////
-//////NOSMACK ENVIRONMENT TESTS//////////
-/////////////////////////////////////////
-
-/**
- * NOSMACK version of smack02 test. Functions, that should return error instead of success:
- * - smack_accesses_apply
- * - smack_have_access
- * - smack_revoke_subject
- * - smack_acceesses_clear
- *
- * Tests smack03, smack04, smack10, smack_accesses_clear, smack_revoke_subject all use functions
- * tested in smack02 test. Results from those functions (smack_have_access, smack_accesses_apply,
- * smack_accesses_clear, smack_revoke_subject) would be the same as in this test. Tests mentioned
- * above doesn't make much sense on NOSMACK environment when test smack02 exists and passes
- * correctly, thus those tests are are not implemented.
- */
-RUNNER_TEST_NOSMACK(smack02_aplying_rules_into_kernel_nosmack)
-{
-
- smack_accesses *rules = nullptr;
- int result;
-
- //init rules
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- //pass rules to unique_ptr
- SmackAccessesPtr rules_ptr(rules);
-
- //adding test rules to struct (same as SMACK version of smack02 test)
- result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- //applying rules to kernel (should fail)
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == -1, "Unable to apply rules into kernel");
-
- //calls from SMACK version of this test - all should fail because of SMACK being turned off
- result = smack_have_access("spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
- result = smack_have_access("reader", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
- result = smack_have_access("s02badsubjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
-
- //testing subject revoking - should return error (no accesses applied = no subjects to revoke)
- result = smack_revoke_subject("s02nonexistinglabel");
- RUNNER_ASSERT_MSG(result == -1, "smack_revoke_subject error - subject doesn't exist.");
- result = smack_revoke_subject("spy");
- RUNNER_ASSERT_MSG(result == -1, "smack_revoke_subject error - subject doesn't exist.");
-
- //after revoking smack_have_access still should return error
- result = smack_have_access("spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off).");
-
- result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- //smack_accesses_clear should return error aswell
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == -1, "Clearing rules should return error - no SMACK on system.");
-
- result = smack_have_access("writer", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off).");
-}
-
-/**
- * NOSMACK version of smack11 test. Tests functions:
- * - smack_accesses_add_from_file
- *
- * Since other SMACK functions were tested in smack02 test, the only function needed to be checked
- * is applying rules loaded from file.
- */
-RUNNER_TEST_NOSMACK(smack03_saving_loading_rules_nosmack)
-{
- int result;
- int fd;
-
- smack_accesses* tmp = nullptr;
-
- RUNNER_ASSERT(smack_accesses_new(&tmp) == 0);
- SmackAccessesPtr rules(tmp);
-
- //open file with rules
- fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full");
-
- //load accesses from file
- result = smack_accesses_add_from_file(rules.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result == 0, "Error while importing accesses from file. Result: " << result);
-}
-
-/**
- * NOSMACK version of smack05 test. Tests if functions getting, or
- * setting self label work correctly (that is, return error).
- */
-RUNNER_TEST_NOSMACK(smack04_self_label_nosmack)
-{
- char* label = nullptr;
- int result;
- int fd;
-
- char buff[SMACK_LABEL_LEN+1];
-
- //smack_new_label_from_self should fail
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1, "new_label_from_self should return error (SMACK is off).");
- RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory to label.");
- //We don't need to remember about freeing label - smack_new_label_from_self must return nullptr
- //label if it's working properly.
-
- // /proc/self/attr/current shouldn't keep any rules inside
- fd = open("/proc/self/attr/current", O_RDONLY, 0644); //file exists, so it should open
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "/proc/self/attr/current failed to open");
- FdUniquePtr fd_ptr(&fd);
-
- result = read(fd, buff, SMACK_LABEL_LEN); //however reading it should return error
- RUNNER_ASSERT_ERRNO_MSG(result < 0, "Reading /proc/self/attr/current should return error");
-
- //setting label for self should fail
- result = smack_set_label_for_self("s04testlabel");
- RUNNER_ASSERT_MSG(result == -1, "set_label_for_self should return error (SMACK is off).");
-
- //getting previously set label should also fail
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1, "new_label_from_self should return error (SMACK is off).");
- RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory to label.");
-
- // /proc/self/attr/current still shouldn't keep any rules inside
- result = lseek(fd, 0, SEEK_SET); //going to the file beginning
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
-
- result = read(fd, buff, SMACK_LABEL_LEN); //however it should return error
- RUNNER_ASSERT_ERRNO_MSG(result < 0, "Reading /proc/self/attr/current should return error");
-}
-
-/**
- * NOSMACK version of smack_accesses_add_modify_x tests.
- *
- * Because all smack_accesses_add_modify tests are basically the same (all use smack_accesses_apply
- * and smack_have_access, which return -1 when SMACK is turned off), it makes much more sense to
- * write one test which will create rules using smack_accesses_add_modify and then check if
- * smack_accesses_apply and smack_have_access indeed return -1 when SMACK is turned off.
- */
-RUNNER_TEST_NOSMACK(smack05_accesses_add_modify_nosmack)
-{
- int result;
- smack_accesses* rules = nullptr;
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
-
- SmackAccessesPtr rules_ptr(rules);
-
- //Not doing clean_up() every RUNNER_ASSERT_MSG - what clean_up does is just a creation of new
- //rule struct and removal of currenctly added and applied rules. clean_up() must be done only
- //after smack_accesses_apply().
- result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule. Result: " << result);
-
- result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule. Result: " << result);
-
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == -1,
- "smack_accesses_apply should return error (SMACK is off). Result: " << result);
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx");
- if(result != -1) {
- clean_up();
- RUNNER_FAIL_MSG("smack_have_access should return error (SMACK is off). Result: "
- << result);
- }
-
- clean_up();
-}
-
-/**
- * NOSMACK version of smack09 test.
- *
- * This test checks if smack_new_label_from_socket reacts correctly. Since label should be
- * acquired from getsockopt, and it should fail, we must only set up socket and call
- * smack_new_label_from_socket. It should return error.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(smack09_new_label_from_socket_nosmack)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
- unlink(SOCK_PATH);
- char* smack_label;
-
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- if (!pid) { //child (server)
- int sock, result;
- int fd;
-
- //Create new socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
-
- //Bind it to sockaddr
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- //Prepare for listening
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
-
- //Accept client
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Failed when accepting connection from client");
- FdUniquePtr fd_ptr(&fd);
-
- //wait for smack_new_label_from_socket execution
- usleep(200);
-
- //Close server
- exit(0);
- }
- else { //parent (client)
- //Wait a little bit until server is set up
- sleep(1);
- int sock, result;
-
- //Create socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
-
- //Connect to sockaddr
- result = connect(sock, (struct sockaddr*) &sockaddr,
- sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- //Try getting label, should fail beacuse getsockopt won't get anything
- result = smack_new_label_from_socket(sock, &smack_label);
- RUNNER_ASSERT_MSG(result == -1, "smack_new_label_from_socket should fail.");
- }
-}
+++ /dev/null
-writer book rw----
-reader book r-----
+++ /dev/null
-test_subject_01 test_object_01 ---
-test_subject_01 test_object_02 rwatl
-test_subject_01 test_object_03 wat
-test_subject_02 test_object_01 -------
-test_subject_02 test_object_02 wa-lt
-test_subject_02 test_object_03 -rw--r------
-test_subject_03 test_object_01 aaaaaa ------
-test_subject_03 test_object_02 rwat
-test_subject_03 test_object_03 w---l-
+++ /dev/null
-test_subject_01 test_object_01 rwatl
-test_subject_01 test_object_02
-test_subject_01 test_object_03 xxxxx
+++ /dev/null
-test_subject_01 test_object_01 rwxatl
-test_subject_01 test_object_02 +rwh4r9d32!@#$ 49$%^x2 rwxat
-test_subject_01 test_object_03 aaaaaa xxxxxx
+++ /dev/null
-test_subject_01 test_object_01 rwxatl
-test_subject_01 test_object_02 rwxatl
-test_subject_01 test_object_03 rwxatl
-test_subject_02 test_object_01 rwxatl
-test_subject_02 test_object_02 rwxatl
-test_subject_02 test_object_03 rwxatl
-test_subject_03 test_object_01 rwxatl
-test_subject_03 test_object_02 rwxatl
-test_subject_03 test_object_03 rwxatl
+++ /dev/null
-#
-#Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Marcin Niesluchowski (m.niesluchow@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP
- REQUIRED
- libsmack
- libprivilege-control
- cynara-client
- security-manager
- libtzplatform-config
- sqlite3
- libcap)
-
-
-SET(TARGET_SEC_MGR_TESTS "security-manager-tests")
-
-SET(SEC_MGR_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/security_manager_tests.cpp
- ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/sm_db.cpp
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/cynara_test_client.cpp
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp
- )
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SEC_MGR_TESTS_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${CYNARA_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/tests/common/
- ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/
- ${PROJECT_SOURCE_DIR}/tests/cynara-tests/common/
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/common/
- )
-
-ADD_EXECUTABLE(${TARGET_SEC_MGR_TESTS} ${SEC_MGR_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_MGR_TESTS}
- ${SEC_MGR_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-INSTALL(TARGETS ${TARGET_SEC_MGR_TESTS} DESTINATION /usr/bin)
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/test_DIR
- DESTINATION /usr/apps/
-)
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/test_DIR
- DESTINATION /home/${APP_USER}/
-)
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file sm_db.cpp
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-manager tests database record check functions
- */
-
-#include <tests_common.h>
-#include <tzplatform_config.h>
-#include <sstream>
-#include "sm_db.h"
-#include "db_sqlite.h"
-
-/* Keep this consistent with the database file path used in the security-manager */
-const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
-
-/* Initialize static constants */
-const bool TestSecurityManagerDatabase::NOT_REMOVED = false;
-const bool TestSecurityManagerDatabase::REMOVED = true;
-
-TestSecurityManagerDatabase::TestSecurityManagerDatabase() : m_base(PRIVILEGE_DB_PATH, SQLITE_OPEN_READWRITE)
-{
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name,
- const std::string &pkg_name)
-{
- const privileges_t dummy; /* just some empty privileges set */
-
- test_db_after__app_install(app_name, pkg_name, dummy);
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges)
-{
- if (!m_base.is_open())
- m_base.open();
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- check_app_and_pkg(app_name, pkg_name, NOT_REMOVED);
-
- if (!privileges.empty()) {
- check_privileges(app_name, pkg_name, privileges);
- }
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name,
- const std::string &pkg_name,
- const bool is_pkg_removed)
-{
- const privileges_t dummy; /* just some empty privileges set */
-
- test_db_after__app_uninstall(app_name, pkg_name, dummy, is_pkg_removed);
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges,
- const bool is_pkg_removed)
-{
- if (!m_base.is_open())
- m_base.open();
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- check_app_and_pkg(app_name, pkg_name, REMOVED);
- check_pkg(pkg_name, is_pkg_removed);
-
- if (!privileges.empty()) {
- check_privileges_removed(app_name, pkg_name, privileges);
- }
-}
-
-void TestSecurityManagerDatabase::check_privileges(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges)
-{
- bool result;
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- for (auto it = privileges.begin(); it != privileges.end(); ++it) {
- result = check_privilege(app_name, pkg_name, *it);
-
- RUNNER_ASSERT_MSG(result == true, "privilege: <" << *it << "> not added to app: <" <<
- app_name << "> from pkg_id: <" << pkg_name << ">");
- }
-}
-
-void TestSecurityManagerDatabase::check_privileges_removed(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges)
-{
- bool result;
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- for (auto it = privileges.begin(); it != privileges.end(); ++it) {
- result = check_privilege(app_name, pkg_name, *it);
-
- RUNNER_ASSERT_MSG(result == false, "privilege: <" << *it << "> not removed for app: <" <<
- app_name << "> from pkg_id: <" << pkg_name << ">");
- }
-}
-
-void TestSecurityManagerDatabase::check_app_and_pkg(const std::string &app_name, const std::string &pkg_name,
- const bool is_app_removed)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
- sql << "SELECT app_name, pkg_name FROM app_pkg_view"
- " WHERE app_name == '" << app_name << "' "
- " AND pkg_name == '" << pkg_name << "' ;";
- m_base.execute(sql.str(), result);
-
- if (is_app_removed) /* expect 0 results */
- RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() <<
- "> returned [" << result.rows.size() << "] rows, expected [0]");
- else /* expect exactly 1 result with 2 columns */
- RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 2, "query : <" <<
- sql.str() << "> returned [" << result.rows.size() << "] rows, expected [1]");
-}
-
-void TestSecurityManagerDatabase::check_pkg(const std::string &pkg_name,
- const bool is_pkg_removed)
-{
- const unsigned expected_rows = is_pkg_removed ? 0 : 1;
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
- sql << "SELECT pkg_id FROM pkg"
- " WHERE name == '" << pkg_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == expected_rows, "query : <" <<
- sql.str() << "> returned [" << result.rows.size() << "] rows, expected [" <<
- expected_rows << "] rows");
-}
-
-bool TestSecurityManagerDatabase::check_privilege(const std::string &app_name,
- const std::string &pkg_name,
- const std::string &privilege)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
- sql << "SELECT privilege_id FROM app_privilege_view"
- " WHERE app_name == '" << app_name << "' "
- " AND pkg_name == '" << pkg_name << "' "
- " AND privilege_name == '" << privilege << "' "
- ";";
- m_base.execute(sql.str(), result);
-
- /* only 0 or 1 resulting rows are alowed */
- RUNNER_ASSERT_MSG(result.rows.size() == 0 || result.rows.size() == 1, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-
- return result.rows.size() == 1;
-}
-
-void TestSecurityManagerDatabase::setup_privilege_groups(const std::string &privilege,
- const std::vector<std::string> &groups)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
-
- if (!m_base.is_open())
- m_base.open();
-
- sql << "INSERT OR IGNORE INTO privilege (name) VALUES ('" << privilege << "')";
- m_base.execute(sql.str(), result);
-
- for (const auto &group : groups) {
- sql.clear();
- sql.str("");
- sql << "INSERT OR IGNORE INTO privilege_group (privilege_id, name) "
- "VALUES ((SELECT privilege_id FROM privilege WHERE name = '"
- << privilege << "'), '" << group << "')";
- m_base.execute(sql.str(), result);
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file sm_db.h
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-manager tests database record check functions
- */
-
-#ifndef SECURITY_MANAGER_TEST_DB_H_
-#define SECURITY_MANAGER_TEST_DB_H_
-
-#include <string>
-#include "db_sqlite.h"
-
-typedef std::vector<std::string> privileges_t;
-
-/**
- * @class TestSecurityManagerDatabase
- * @brief Class containing methods for testing libprivlege database.
- */
-class TestSecurityManagerDatabase
-{
-public:
-/**
- * @brief A usefull constant to indicate that app/pkg should be present in db
- */
- const static bool NOT_REMOVED;
-/**
- * @brief A usefull constant to indicate that app/pkg should not be present in db
- */
- const static bool REMOVED;
-/**
- * @brief A constructor
- */
- TestSecurityManagerDatabase();
-
-/**
- * @brief A destructor
- */
- ~TestSecurityManagerDatabase() = default;
-
-/**
- * @brief Method for testing database after "security_manager_app_install" was run.
- *
- * It checks existence of proper: - app_name
- * - pkg_name
- *
- * @param app_name name of the app previously used in security_manager_app_install.
- * @param pkg_name name of the pkg previously used in security_manager_app_install.
- */
- void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name);
-
-/**
- * @brief Method for testing database after "security_manager_app_install" was run.
- *
- * It checks existence of proper: - app_name
- * - pkg_name
- * - privileges
- * TODO: appPaths are currently not handled directly by security-manager, so they are not tested.
- *
- * @param app_name name of the app previously used in security_manager_app_install.
- * @param pkg_name name of the pkg previously used in security_manager_app_install.
- * @param privileges vector of privileges previously used in security_manager_app_install.
- */
- void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges);
-
-/**
- * @brief Method for testing database after "security_manager_app_uninstall" was run.
- *
- * It checks absence of proper: - app_name
- * - optionally pkg_name
- *
- * @param app_name name of the app previously used in security_manager_app_uninstall.
- * @param pkg_name name of the pkg previously used in security_manager_app_uninstall.
- * @param is_pkg_removed tells if pkg_id is expected to remain in db or not.
- */
- void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name,
- const bool is_pkg_removed);
-
-/**
- * @brief Method for testing database after "security_manager_app_uninstall" was run.
- *
- * It checks absence of proper: - app_name
- * - optionally pkg_name
- * - app privileges
- * TODO: appPaths are currently not handled directly by security-manager, so they are not tested.
- *
- * @param app_name name of the app previously used in security_manager_app_uninstall.
- * @param pkg_name name of the pkg previously used in security_manager_app_uninstall.
- * @param privileges vector of privileges previously used in security_manager_app_uninstall.
- * @param is_pkg_removed tells if pkg_id is expected to remain in db or not.
- */
- void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges, const bool is_pkg_removed);
-
-/**
- * @brief It checks db for existence of a all privileges from install request.
- *
- * @param app_name name of the app previously used i.e. in security_manager_app_install.
- * @param pkg_name name of the pkg previously used i.e. in security_manager_app_install.
- * @param privileges vector of privileges previously used i.e. in security_manager_app_install.
- */
- void check_privileges(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges);
-
-/**
- * @brief It checks in db if all app privileges from install request are removed.
- *
- * @param app_name name of the app previously used i.e. in security_manager_app_uninstall.
- * @param pkg_name name of the pkg previously used i.e. in security_manager_app_uninstall.
- * @param privileges vector of privileges previously used i.e. in security_manager_app_uninstall.
- */
- void check_privileges_removed(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges);
-
-/**
- * @brief Method for setting privilege to groups mapping in security-manager database
- *
- * @param privilege name of the privilege
- * @param groups vector of group names
- */
- void setup_privilege_groups(const std::string &privilege,
- const std::vector<std::string> &groups);
-
-private:
-/**
- * @var base
- * @brief Sqlite3DBase object giving simple access to database
- *
- * Connection to database is open first time it is needed
- * and closed in destructor of TestSecurityManagerDatabase.
- */
- Sqlite3DBase m_base;
-
-/**
- * @brief Check db for [non]existence of given app_name in pkg_name
- *
- * @param app_name name of application
- * @param pkg_name name of package
- * @param is_app_removed tells if app is expected in db
- */
- void check_app_and_pkg(const std::string &app_name, const std::string &pkg_name,
- const bool is_app_removed);
-
-/**
- * @brief Check db for [non]existence of given pkg_name
- *
- * @param pkg_name name of the package
- * @param is_pkg_removed tells if pkg is expected in db
- */
- void check_pkg(const std::string &pkg_name,
- const bool is_pkg_removed);
-
-/**
- * @brief Check db for existence of a single privilege.
- *
- * @param app_name name of application
- * @param pkg_name application's package name
- * @param privilege name of the privilege
- *
- * @return true when privilege present
- * false when privilege not present
- */
- bool check_privilege(const std::string &app_name, const std::string &pkg_name,
- const std::string &privilege);
-};
-
-#endif /* SECURITY_MANAGER_TEST_DB_H_ */
+++ /dev/null
-#include <dpl/test/test_runner.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <memory.h>
-#include <string>
-#include <unordered_set>
-#include <sys/capability.h>
-
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <attr/xattr.h>
-#include <linux/xattr.h>
-
-#include <grp.h>
-#include <pwd.h>
-
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-
-#include <security-manager.h>
-#include <sm_db.h>
-#include <cynara_test_client.h>
-
-DEFINE_SMARTPTR(security_manager_app_inst_req_free, app_inst_req, AppInstReqUniquePtr);
-DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
-
-static const char *const SM_APP_ID1 = "sm_test_app_id_double";
-static const char *const SM_PKG_ID1 = "sm_test_pkg_id_double";
-
-static const char *const SM_APP_ID2 = "sm_test_app_id_full";
-static const char *const SM_PKG_ID2 = "sm_test_pkg_id_full";
-
-static const char *const SM_APP_ID3 = "sm_test_app_id_uid";
-static const char *const SM_PKG_ID3 = "sm_test_pkg_id_uid";
-
-static const privileges_t SM_ALLOWED_PRIVILEGES = {
- "security_manager_test_rules2_r",
- "security_manager_test_rules2_no_r"
-};
-
-static const privileges_t SM_DENIED_PRIVILEGES = {
- "security_manager_test_rules1",
- "security_manager_test_rules2"
-};
-
-static const privileges_t SM_NO_PRIVILEGES = {
-};
-
-static const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
-
-static const char *const SM_PRIVATE_PATH = "/usr/apps/test_DIR/app_dir";
-static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/test_DIR/app_dir_public_ro";
-static const char *const SM_DENIED_PATH = "/usr/apps/test_DIR/non_app_dir";
-static const char *const SM_PRIVATE_PATH_FOR_USER = "/home/" APP_USER "/test_DIR";
-static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
-
-static void generateAppLabel(const std::string &pkgId, std::string &label)
-{
- (void) pkgId;
- label = "User";
-}
-
-static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
- const char* correctLabel, bool transmute_test, bool exec_test)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
- " (should be '" << correctLabel << "' and is '" << label << "')");
-
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
-
- if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
- RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
-
- if (S_ISDIR(sb->st_mode) && transmute_test == true) {
- RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
- RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
- "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
- } else {
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
- }
-
- return 0;
-}
-
-
-static int nftw_check_sm_labels_app_private_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_sm_labels_app_dir(fpath, sb, USER_APP_ID, false, true);
-}
-
-static int nftw_check_sm_labels_app_floor_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
-
- return nftw_check_sm_labels_app_dir(fpath, sb, "_", false, false);
-}
-
-static app_inst_req* do_app_inst_req_new()
-{
- int result;
- app_inst_req *req = nullptr;
-
- result = security_manager_app_inst_req_new(&req);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new request failed. Result: " << result);
- RUNNER_ASSERT_MSG(req != nullptr, "creation of new request did not allocate memory");
- return req;
-}
-
-static void prepare_app_path()
-{
- int result;
-
- result = nftw(SM_PRIVATE_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PRIVATE_PATH);
-
- result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
-
- result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
-}
-
-static void prepare_app_env()
-{
- prepare_app_path();
-}
-
-/* TODO: add parameters to this function */
-static void check_app_path_after_install()
-{
- int result;
-
- result = nftw(SM_PRIVATE_PATH, &nftw_check_sm_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PRIVATE_PATH);
-
- result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
-
- result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
-}
-
-
-static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
- const privileges_t &allowed_privs, const privileges_t &denied_privs)
-{
- (void) app_id;
- std::string smackLabel;
- generateAppLabel(pkg_id, smackLabel);
-
- CynaraTestClient::Client ctc;
-
- for (auto &priv : allowed_privs) {
- ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_ALLOWED);
- }
-
- for (auto &priv : denied_privs) {
- ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
- }
-}
-
-static void check_app_gids(const char *const app_id, const std::vector<gid_t> &allowed_gids)
-{
- int ret;
- gid_t main_gid = getgid();
- std::unordered_set<gid_t> reference_gids(allowed_gids.begin(), allowed_gids.end());
-
- // Reset supplementary groups
- ret = setgroups(0, NULL);
- RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
-
- ret = security_manager_set_process_groups_from_appid(app_id);
- RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_groups_from_appid(" <<
- app_id << ") failed. Result: " << ret);
-
- ret = getgroups(0, nullptr);
- RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
-
- std::vector<gid_t> actual_gids(ret);
- ret = getgroups(ret, actual_gids.data());
- RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
-
- for (const auto &gid : actual_gids) {
- RUNNER_ASSERT_MSG(gid == main_gid || reference_gids.count(gid) > 0,
- "Application shouldn't get access to group " << gid);
- reference_gids.erase(gid);
- }
-
- RUNNER_ASSERT_MSG(reference_gids.empty(), "Application didn't get access to some groups");
-}
-
-static void check_app_after_install(const char *const app_id, const char *const pkg_id,
- const privileges_t &allowed_privs,
- const privileges_t &denied_privs,
- const std::vector<std::string> &allowed_groups)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
- dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
-
- /*Privileges should be granted to all users if root installs app*/
- check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
-
- /* Setup mapping of gids to privileges */
- /* Do this for each privilege for extra check */
- for (const auto &privilege : allowed_privs) {
- dbtest.setup_privilege_groups(privilege, allowed_groups);
- }
-
- std::vector<gid_t> allowed_gids;
-
- for (const auto &groupName : allowed_groups) {
- errno = 0;
- struct group* grp = getgrnam(groupName.c_str());
- RUNNER_ASSERT_ERRNO_MSG(grp, "Group: " << groupName << " not found");
- allowed_gids.push_back(grp->gr_gid);
- }
-
- check_app_gids(app_id, allowed_gids);
-}
-
-static void check_app_after_install(const char *const app_id, const char *const pkg_id)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_install(app_id, pkg_id);
-}
-
-static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
- const privileges_t &privileges, const bool is_pkg_removed)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
-
-
- /*Privileges should not be granted anymore to any user*/
- check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
-}
-
-static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
- const bool is_pkg_removed)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
-}
-
-static void install_app(const char *app_id, const char *pkg_id)
-{
- int result;
- AppInstReqUniquePtr request;
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
-
- check_app_after_install(app_id, pkg_id);
-
-}
-
-static void uninstall_app(const char *app_id, const char *pkg_id,
- bool expect_installed, bool expect_pkg_removed)
-{
- int result;
- AppInstReqUniquePtr request;
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG(!expect_installed || (lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
-
- check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
-}
-
-
-RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
-
-
-RUNNER_TEST(security_manager_01_app_double_install_double_uninstall)
-{
- int result;
- AppInstReqUniquePtr request;
-
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID1);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing already installed app failed. Result: " << result);
-
- /* Check records in the security-manager database */
- check_app_after_install(SM_APP_ID1, SM_PKG_ID1);
-
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID1);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling already uninstalled app failed. Result: " << result);
-
- /* Check records in the security-manager database */
- check_app_after_uninstall(SM_APP_ID1, SM_PKG_ID1, TestSecurityManagerDatabase::REMOVED);
-}
-
-RUNNER_TEST(security_manager_02_app_install_uninstall_full)
-{
- int result;
- AppInstReqUniquePtr request;
-
- prepare_app_env();
-
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), SM_PKG_ID2);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
-
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[0].c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
- result = security_manager_app_inst_req_add_privilege(request.get(), SM_ALLOWED_PRIVILEGES[1].c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
-
- result = security_manager_app_inst_req_add_path(request.get(), SM_PRIVATE_PATH,
- SECURITY_MANAGER_PATH_PRIVATE);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
-
- result = security_manager_app_inst_req_add_path(request.get(), SM_PUBLIC_RO_PATH,
- SECURITY_MANAGER_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
-
- /* Check records in the security-manager database */
- check_app_after_install(SM_APP_ID2, SM_PKG_ID2,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
-
- /* TODO: add parameters to this function */
- check_app_path_after_install();
-
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID2);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
-
- /* Check records in the security-manager database,
- * all previously allowed privileges should be removed */
- check_app_after_uninstall(SM_APP_ID2, SM_PKG_ID2,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
-}
-
-RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
-{
- const char *const app_id = "sm_test_app_id_set_label_from_appid";
- const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
- const char *const expected_label = USER_APP_ID;
- const char *const socketLabel = "not_expected_label";
- char *label = nullptr;
- CStringPtr labelPtr;
- int result;
-
- uninstall_app(app_id, pkg_id, false, true);
- install_app(app_id, pkg_id);
-
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
- //Clean up before creating socket
- unlink(SOCK_PATH);
- int sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
- //Bind socket to address
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
- //Set socket label to something different than expecedLabel
- result = fsetxattr(sock, XATTR_NAME_SMACKIPIN, socketLabel,
- strlen(socketLabel), 0);
- RUNNER_ASSERT_ERRNO_MSG(result == 0,
- "Can't set socket label. Result: " << result);
- result = fsetxattr(sock, XATTR_NAME_SMACKIPOUT, socketLabel,
- strlen(socketLabel), 0);
- RUNNER_ASSERT_ERRNO_MSG(result == 0,
- "Can't set socket label. Result: " << result);
-
- result = security_manager_set_process_label_from_appid(app_id);
- RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_label_from_appid(" <<
- app_id << ") failed. Result: " << result);
-
- char value[SMACK_LABEL_LEN + 1];
- ssize_t size;
- size = fgetxattr(sock, XATTR_NAME_SMACKIPIN, value, sizeof(value));
- RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
- result = strcmp(expected_label, value);
- RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
- expected_label << " Actual: " << value);
-
- size = fgetxattr(sock, XATTR_NAME_SMACKIPOUT, value, sizeof(value));
- RUNNER_ASSERT_ERRNO_MSG(size != -1, "fgetxattr failed: " << value);
- result = strcmp(expected_label, value);
- RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
- expected_label << " Actual: " << value);
-
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0,
- " Error getting current process label");
- RUNNER_ASSERT_MSG(label != nullptr,
- " Process label is not set");
- labelPtr.reset(label);
-
- result = strcmp(expected_label, label);
- RUNNER_ASSERT_MSG(result == 0,
- " Process label is incorrect. Expected: \"" << expected_label <<
- "\" Actual: \"" << label << "\"");
-
- uninstall_app(app_id, pkg_id, true, true);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
-{
- const char *const app_id = "sm_test_app_id_set_label_from_appid";
- const char *const pkg_id = "sm_test_pkg_id_set_label_from_appid";
- int result;
-
- uninstall_app(app_id, pkg_id, false, true);
- install_app(app_id, pkg_id);
-
- result = security_manager_set_process_label_from_appid(app_id);
- RUNNER_ASSERT_MSG(result == SECURITY_MANAGER_SUCCESS,
- "security_manager_set_process_label_from_appid(" <<
- app_id << ") failed. Result: " << result);
-
- uninstall_app(app_id, pkg_id, true, true);
-}
-
-
-
-static void prepare_request(AppInstReqUniquePtr &request,
- const char *const app_id,
- const char *const pkg_id,
- app_install_path_type pathType,
- const char *const path)
-{
- int result;
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), app_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_inst_req_set_pkg_id(request.get(), pkg_id);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting pkg id failed. Result: " << result);
-
- result = security_manager_app_inst_req_add_path(request.get(), path, pathType);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed path failed. Result: " << result);
-}
-
-
-static struct passwd* get_app_pw()
-{
- struct passwd *pw = nullptr;
- errno = 0;
- while(!(pw = getpwnam(APP_USER))) {
- RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
- }
- return pw;
-}
-
-RUNNER_CHILD_TEST(security_manager_04_app_install_uninstall_by_app_user)
-{
- int result;
- AppInstReqUniquePtr request;
- struct passwd *pw = get_app_pw();
- const std::string user = std::to_string(static_cast<unsigned int>(pw->pw_uid));
-
- //switch user to non-root
- result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- //install app as non-root user and try to register public path (should fail)
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PUBLIC, SM_PRIVATE_PATH_FOR_USER);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- "installing app not failed. Result: " << result);
-
- //install app as non-root user
- //should fail (non-root users may only register folders inside their home)
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH);
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- "installing app not failed. Result: " << result);
-
- //install app as non-root user
- //should succeed - this time i register folder inside user's home dir
- prepare_request(request, SM_APP_ID3, SM_PKG_ID3, SECURITY_MANAGER_PATH_PRIVATE, SM_PRIVATE_PATH_FOR_USER);
-
- for (auto &privilege : SM_ALLOWED_PRIVILEGES) {
- result = security_manager_app_inst_req_add_privilege(request.get(), privilege.c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting allowed permission failed. Result: " << result);
- }
-
- result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "installing app failed. Result: " << result);
-
- check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
-
- //uninstall app as non-root user
- request.reset(do_app_inst_req_new());
-
- result = security_manager_app_inst_req_set_app_id(request.get(), SM_APP_ID3);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "setting app id failed. Result: " << result);
-
- result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "uninstalling app failed. Result: " << result);
-
- check_app_permissions(SM_APP_ID3, SM_PKG_ID3, user.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
-}
-
-RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
-{
- int result;
- CapsSetsUniquePtr caps, caps_empty(cap_init());
-
- caps.reset(cap_from_text("all=eip"));
- RUNNER_ASSERT_MSG(caps, "can't convert capabilities from text");
- result = cap_set_proc(caps.get());
- RUNNER_ASSERT_MSG(result == 0,
- "can't set capabilities. Result: " << result);
-
- result = security_manager_drop_process_privileges();
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "dropping caps failed. Result: " << result);
-
- caps.reset(cap_get_proc());
- RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
-
- result = cap_compare(caps.get(), caps_empty.get());
- RUNNER_ASSERT_MSG(result == 0,
- "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-../non_app_dir
\ No newline at end of file
+++ /dev/null
-../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-../non_app_dir
\ No newline at end of file
+++ /dev/null
-../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-#
-#Copyright (c) 2013-2014 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @author Mariusz Domanski (m.domanski@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(SEC_SRV_TESTS_DEP
- libsmack
- libprivilege-control
- security-server
- dlog
- dbus-1
- REQUIRED)
-
-# Targets definition
-
-SET(TARGET_SEC_SRV_COMMON "security-server-tests-common")
-SET(TARGET_SEC_SRV_CLIENT_SMACK_TESTS "security-server-tests-client-smack")
-SET(TARGET_SEC_SRV_TC_SERVER_TESTS "security-server-tests-server")
-SET(TARGET_SEC_SRV_PWD_TESTS "security-server-tests-password")
-SET(TARGET_SEC_SRV_PRIVILEGE_TESTS "security-server-tests-privilege")
-SET(TARGET_SEC_SRV_STRESS_TESTS "security-server-tests-stress")
-SET(TARGET_SEC_SRV_MT_TESTS "security-server-tests-mt")
-SET(TARGET_SEC_SRV_MEASURER "security-server-tests-api-speed")
-
-
-# Sources definition
-
-SET(SEC_SRV_COMMON_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/common/security_server_tests_common.cpp
- )
-
-SET(SEC_SRV_CLIENT_SMACK_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_tests_client_smack.cpp
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_mockup.cpp
- )
-
-SET(SEC_SRV_TC_SERVER_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/server.cpp
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/cookie_api.cpp
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/weird_arguments.cpp
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_clean_env.cpp
- )
-
-SET(SEC_SRV_PWD_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_tests_password.cpp
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_clean_env.cpp
- )
-
-SET(SEC_SRV_PRIVILEGE_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_tests_privilege.cpp
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp
- )
-
-SET(SEC_SRV_STRESS_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_tests_stress.cpp
- )
-
-SET(SEC_SRV_MT_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_tests_mt.cpp
- )
-
-SET(SEC_SRV_MEASURER_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_measurer_API_speed.cpp
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_mockup.cpp
- )
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SEC_SRV_TESTS_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/tests/common/
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/common/
- ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/common/
- )
-
-#LINK_DIRECTORIES(${SEC_SRV_PKGS_LIBRARY_DIRS})
-
-ADD_LIBRARY(${TARGET_SEC_SRV_COMMON} STATIC ${SEC_SRV_COMMON_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} ${SEC_SRV_CLIENT_SMACK_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_TC_SERVER_TESTS} ${SEC_SRV_TC_SERVER_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_PWD_TESTS} ${SEC_SRV_PWD_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_PRIVILEGE_TESTS} ${SEC_SRV_PRIVILEGE_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_STRESS_TESTS} ${SEC_SRV_STRESS_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_MT_TESTS} ${SEC_SRV_MT_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_MEASURER} ${SEC_SRV_MEASURER_SOURCES})
-
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_TC_SERVER_TESTS}
- ${TARGET_SEC_SRV_COMMON}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PWD_TESTS}
- ${TARGET_SEC_SRV_COMMON}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PRIVILEGE_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_STRESS_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MT_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MEASURER}
- ${TARGET_SEC_SRV_COMMON}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-# Installation
-
-INSTALL(TARGETS ${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_TC_SERVER_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_PWD_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_PRIVILEGE_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_STRESS_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_MT_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_MEASURER} DESTINATION /usr/bin)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/WRT_sstp_test_rules1.smack
- DESTINATION /usr/share/privilege-control/
-)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/security-server-tests/WRT_sstp_test_rules2.smack
- DESTINATION /usr/share/privilege-control/
-)
+++ /dev/null
-~APP~ sstp_test_book_1 rwxatl
-sstp_test_subject_1 ~APP~ rwxatl
+++ /dev/null
-~APP~ sstp_test_book_1 rwxatl
-sstp_test_subject_1 ~APP~ rwxatl
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file security_server_tests_common.cpp
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-server tests commons
- */
-
-#include "security_server_tests_common.h"
-
-const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
-
-Cookie getCookieFromSS() {
- Cookie cookie(security_server_get_cookie_size());
-
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS ==
- security_server_request_cookie(cookie.data(), cookie.size()),
- "Error in security_server_request_cookie.");
-
- return cookie;
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file security_server_tests_common.h
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-server tests commons
- */
-
-#include <security-server.h>
-#include <tests_common.h>
-
-#ifndef SECURITY_SERVER_TESTS_COMMON_H_
-#define SECURITY_SERVER_TESTS_COMMON_H_
-
-extern const unsigned int PASSWORD_RETRY_TIMEOUT_US;
-typedef std::vector<char> Cookie;
-
-Cookie getCookieFromSS();
-
-#endif /* SECURITY_SERVER_TESTS_COMMON_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-
-/*
- * @file security_server_tests_cookie_api.cpp
- * @author Pawel Polawski (p.polawski@partner.samsung.com)
- * @version 1.0
- * @brief Test cases for security server cookie api
- *
- */
-
-/*
-Tested API functions in this file:
-
- int security_server_get_cookie_size(void);
- int security_server_request_cookie(char *cookie, size_t bufferSize);
-
- int security_server_check_privilege(const char *cookie, gid_t privilege);
- int security_server_check_privilege_by_cookie(const char *cookie,
- const char *object,
- const char *access_rights);
- int security_server_get_cookie_pid(const char *cookie);
- char *security_server_get_smacklabel_cookie(const char *cookie);
- int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
- int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
-*/
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-#include <cstddef>
-#include <sys/types.h>
-#include <unistd.h>
-#include <access_provider.h>
-#include <security-server.h>
-#include <smack_access.h>
-#include <security_server_tests_common.h>
-#include <memory.h>
-
-const char *ROOT_USER = "root";
-const char *PROC_AUDIO_GROUP_NAME = "audio";
-
-const int KNOWN_COOKIE_SIZE = 20;
-
-RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
-
-/*
- * **************************************************************************
- * Test cases fot check various functions input params cases
- * **************************************************************************
- */
-
-//---------------------------------------------------------------------------
-//passing nullptr as a buffer pointer
-RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
-{
- int ret = security_server_request_cookie(nullptr, KNOWN_COOKIE_SIZE);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_request_cookie() argument checking: " << ret);
-}
-
-//passing too small value as a buffer size
-RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
-{
- Cookie cookie(KNOWN_COOKIE_SIZE);
-
- int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
- "Error in security_server_request_cookie() argument checking: " << ret);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
-{
- int ret = security_server_check_privilege(nullptr, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege() argument checking: " << ret);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- int ret = security_server_check_privilege_by_cookie(nullptr, "wiadro", "rwx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege_by_cookie() argument checking: "
- << ret);
-}
-
-//passing nullptr as an object pointer
-RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_check_privilege_by_cookie(cookie.data(), nullptr, "rwx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege_by_cookie() argument checking: "
- << ret);
-}
-
-//passing nullptr as an access pointer
-RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege_by_cookie() argument checking: "
- << ret);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
-{
- int ret = security_server_get_cookie_pid(nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_get_cookie_pid() argument checking: " << ret);
-}
-
-//getting pid of non existing cookie
-RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
-{
- const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
- RUNNER_ASSERT(security_server_get_cookie_pid(wrong_cookie) ==
- SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
-{
- char *label = nullptr;
- label = security_server_get_smacklabel_cookie(nullptr);
- RUNNER_ASSERT_MSG(label == nullptr,
- "Error in security_server_get_smacklabel_cookie() argument checking");
-}
-
-
-
-/*
- * **************************************************************************
- * Unit tests for each function from API
- * **************************************************************************
- */
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
-{
- int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Get cookie size when smack is not loaded
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
-{
- int ret;
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
- ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie in normal case when smack is not loaded
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
-{
- int ret;
- int cookieSize = security_server_get_cookie_size();
- Cookie cookie(cookieSize);
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie when smack is not loaded but with too small
-// buffer size
-RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
-{
- int ret;
- int cookieSize = security_server_get_cookie_size();
- Cookie cookie(cookieSize);
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Get cookie size when smack is loaded
-RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
-{
- SecurityServer::AccessProvider provider("selflabel_01_05");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << cookieSize);
-
- Cookie cookie(cookieSize);
- int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_request_cookie(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie in normal case when smack is loaded
-RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << cookieSize);
-
- SecurityServer::AccessProvider provider("selflabel_02_01");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie(cookieSize);
- int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_request_cookie(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie when smack is loaded but with too small buffer
-// size
-RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << cookieSize);
- cookieSize >>= 1;
-
- SecurityServer::AccessProvider provider("selflabel_02_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie(cookieSize);
- int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
- "Error in security_server_request_cookie(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
-{
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_check_privilege(): " << ret);
-}
-
-//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_03_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_check_privilege() should return access denied: " << ret);
-}
-
-//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_03_03");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_check_privilege(): " << ret);
-}
-
-// invalid gid
-RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg)
-{
- remove_process_group(PROC_AUDIO_GROUP_NAME);
-
- Cookie cookie = getCookieFromSS();
- int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(audio_gid > -1,
- "security_server_get_gid() failed. result = " << audio_gid);
-
- int ret = security_server_check_privilege(cookie.data(), audio_gid);
-
- // security_server_check_privilege fails, because the process does not belong to "audio" group
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
-}
-
-// add gid
-RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege)
-{
- add_process_group(PROC_AUDIO_GROUP_NAME);
-
- Cookie cookie = getCookieFromSS();
- int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(audio_gid > -1,
- "security_server_get_gid() failed. result = " << audio_gid);
-
- int ret = security_server_check_privilege(cookie.data(), audio_gid);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-// test invalid cookie name
-RUNNER_TEST(tc_unit_03_06_security_server_check_privilege)
-{
- // create invalid cookie
- int size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
-
- Cookie cookie(size);
- cookie[0] = 'a';
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
-{
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
-
- int pid = getpid();
- RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
-}
-
-//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_05_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_get_cookie_pid() should return access denied: " << ret);
-}
-
-//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_05_03");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
-
- int pid = getpid();
- RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_smack)
-{
- setLabelForSelf(__LINE__, "selflabel_06_01");
-
- Cookie cookie = getCookieFromSS();
-
- CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_01") == 0,
- "No match in smack label received from cookie, received label: "
- << label.get());
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_nosmack)
-{
- Cookie cookie = getCookieFromSS();
-
- char *receivedLabel = security_server_get_smacklabel_cookie(cookie.data());
- RUNNER_ASSERT_MSG(receivedLabel != nullptr,
- "security_server_get_smacklabel_cookie returned nullptr");
- std::string label(receivedLabel);
- free(receivedLabel);
- RUNNER_ASSERT_MSG(label.empty(),
- "security_server_get_smacklabel_cookie returned: "
- << label);
-}
-
-//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_06_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(label.get() == nullptr,
- "nullptr should be received due to access denied, received label: "
- << label.get());
-}
-
-//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
-{
- SecurityServer::AccessProvider provider("selflabel_06_03");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie = getCookieFromSS();
-
- CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_03") == 0,
- "No match in smack label received from cookie, received label: "
- << label.get());
-}
-
-//---------------------------------------------------------------------------
-// apply smack labels and drop privileges
-RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
-{
- add_process_group(PROC_AUDIO_GROUP_NAME);
-
- SecurityServer::AccessProvider provider("subject_1d6eda7d");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
- << "\" gid. Result: " << ret);
-
- ret = security_server_check_privilege(cookie.data(), ret);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- int root_gid = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG(root_gid > -1, "root_gid: " << root_gid);
-
- ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == getpid(), "ret: " << ret);
-
- CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "ss_label: " << ss_label.get());
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
-
- ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-// disable access and drop privileges
-RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny)
-{
- SecurityServer::AccessProvider provider("subject_1d414140");
-
- Cookie cookie = getCookieFromSS();
-
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_check_privilege should return access denied, "
- "ret: " << ret);
-
- ret = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_get_gid should return access denied, "
- "ret: " << ret);
-
- ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_get_cookie_pid should return access denied, "
- "ret: " << ret);
-
- CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(ss_label.get() == nullptr,
- "access should be denied so label should be nullptr: " << ss_label.get());
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
-
- ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_check_privilege_by_pid should return access denied, "
- "ret: " << ret);
-}
-
-// NOSMACK version of the test above
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
-{
- add_process_group(PROC_AUDIO_GROUP_NAME);
-
- // drop root privileges
- int ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- Cookie cookie = getCookieFromSS();
-
- ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
- << "\" gid. Result: " << ret);
-
- ret = security_server_check_privilege(cookie.data(), ret);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege failed. Result: " << ret);
-
- ret = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
-
- ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == getpid(),
- "get_cookie_pid returned different pid than it should. Result: " << ret);
-
- CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "get_smacklabel_cookie failed.");
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
-
- ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_pid failed. Result: " << ret);
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_clean_env.cpp
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Functions to prepare clean env for tests.
- *
- */
-
-#include <ftw.h>
-#include <unistd.h>
-
-#include <service_manager.h>
-
-int restart_security_server() {
- ServiceManager serviceManager("security-server.service");
- serviceManager.restartService();
-
- return 0;
-}
-
-static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
- int tflag, struct FTW *ftwbuf)
-{
- if (tflag == FTW_F)
- unlink(fpath);
- else if (tflag == FTW_DP && ftwbuf->level != 0)
- rmdir(fpath);
-
- return 0;
-}
-
-/**
- * This function should be called at the begining of every SS test, so all the tests
- * are independent of each other.
- */
-int reset_security_server()
-{
- const char* path = "/opt/data/security-server/";
- const int max_descriptors = 10; //max number of open file descriptors by nftw function
-
- // Clear /opt/data/security-server/ directory
- if (access(path, F_OK) == 0) {
- if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) {
- return 1;
- }
- sync();
- }
-
- restart_security_server();
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_clean_env.h
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Functions definitions to prepare clean env for tests.
- */
-
-#ifndef SECURITY_SERVER_CLEAN_ENV_H
-#define SECURITY_SERVER_CLEAN_ENV_H
-
-int reset_security_server();
-int restart_security_server();
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-/*
- * @file security_server_measurer_API_speed.cpp
- * @author Radoslaw Bartosiak (radoslaw.bartosiak@samsung.com)
- * @version 1.0
- * @brief Log security server API functions average execution times and some aproximation of maximal and minimal execution time.
- * @details The functions are run at least NUMBER_OF_CALLS times (time is measured at the beginning and at the end, the difference is taken as the execution time).
- * @details One test case for one function of security-server. Test pass always when there was no connection error (API calls themselves may fail).
- * @details Measured times are logged using DLP testing framework logging functions. Calls each API function many times to take the average.
- * @details This file contains TEST_CASEs. Each TEST_CASE consist of one or more RUNs, each RUN consist of one or more function calls.
- * @details Each test case contains RUNs of one function only. The time is being measured before & after each run.
- */
-
-#include <dpl/log/log.h>
-#include <dpl/singleton.h>
-#include <dpl/singleton_safe_impl.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <errno.h>
-#include <float.h>
-#include <fcntl.h>
-#include <security-server.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/smack.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <memory.h>
-#include "security_server_mockup.h"
-#include <smack_access.h>
-
-IMPLEMENT_SAFE_SINGLETON(DPL::Log::LogSystem);
-#include <security_server_tests_common.h>
-#include <tests_common.h>
-
-/*Number of calls in a single test*/
-#define NUMBER_OF_CALLS (5)
-#define MICROSECS_PER_SEC (1000000)
-/* number of miliseconds, process will be suspended for multiplications of this quantum */
-#define QUANTUM (10000)
-/*Strings used in tests*/
-/*name of existing user group on test device like "tel_gprs"*/
-#define EXISTING_GROUP_NAME "telephony_makecall"
-/*below labels should not be used in the system*/
-#define M60_OBJECT_LABEL "tc060MeasurerLabel"
-#define M60_SUBJECT_LABEL "tc060Subject"
-#define M70_OBJECT_LABEL "tc070MeasurerLabel"
-#define M70_SUBJECT_LABEL "tc070Subject"
-#define M160_CUSTOMER_LABEL "my_customer_label"
-#define M170_OBJECT_LABEL "myObject"
-
-namespace {
-void securityClientEnableLogSystem(void) {
- DPL::Log::LogSystemSingleton::Instance().SetTag("SEC_SRV_API_SPEED");
-}
-}
-
-/** Store statistics from a set of function calls
-*/
-struct readwrite_stats
-{
- timeval current_start_time; /*of last API call*/
- timeval current_end_time; /*of last API call*/
- int number_of_calls; /*till now*/
- double total_duration; /*of all API calls*/
- double average_duration;
- double minimal_duration; /*minimum of averages*/
- double maximal_duration; /*maximum of averages*/
-};
-
-/*Auxiliary functions*/
-
-/**Sleep for the given time
- @param seconds
- @param nanoseconds
- @return 0 on success, -1 on error if process woken earlier
-*/
-int my_nanosecsleep(long nanoseconds) {
- timespec sleep_spec;
- sleep_spec.tv_sec = 0;
- sleep_spec.tv_nsec = nanoseconds;
- return nanosleep(&sleep_spec, nullptr);
-}
-
-/**Read from pipe descriptor to buffer; retries if less than count bytes were read.
- @param fd descriptor
- @param buf start of buffer
- @param count number of bytes read
- @return number of bytes read (count)
-*/
-int my_pipe_read(int fd, void *buf, size_t count) {
- ssize_t readf = 0;
- ssize_t rest = count;
- ssize_t s;
- while (rest > 0) {
- RUNNER_ASSERT_ERRNO_MSG(0 < (s = TEMP_FAILURE_RETRY(read(fd, ((char*)buf) + readf, rest))),
- "Error in read from pipe");
- rest -= s;
- readf += s;
- }
- return readf;
-}
-
-/**Write from buffer to a pipe ; retries if less than count bytes were written.
- @param fd descriptor
- @param buf start of buffer
- @param count number of bytes to write
- @return number of bytes written (count)
-*/
-int my_pipe_write(int fd, void *buf, size_t count) {
- ssize_t writef = 0;
- ssize_t rest = count;
- ssize_t s;
- while (rest > 0) {
- RUNNER_ASSERT_ERRNO_MSG(0 <= (s = TEMP_FAILURE_RETRY(write(fd, ((char*)buf) + writef, rest))),
- "Error in write to pipe");
- rest -= s;
- writef += s;
- }
- return writef;
-}
-
-
-/** Check whether there was connection error during function call (Security Server API) based on exit code
- @param result_code the exit code of a function
- @return -1 if the function result code indicated network error, 0 otherwise
-*/
-int communication_succeeded(int result_code) {
- switch(result_code)
- {
- case SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE:
- case SECURITY_SERVER_API_ERROR_SOCKET:
- case SECURITY_SERVER_API_ERROR_BAD_REQUEST:
- case SECURITY_SERVER_API_ERROR_BAD_RESPONSE:
- return -1;
- default:
- return 0;
- }
-}
-
-/** Returns current system time (wrapper for standard system function)
- @return current system time
-*/
-timeval my_gettime() {
- timeval t;
- int res = gettimeofday(&t, nullptr);
- RUNNER_ASSERT_ERRNO_MSG(res == 0, "gettimeofday() returned error value: " << res);
- return t;
-}
-
-/** Return a difference between two times (wrapper for standard system function)
- @param time t1
- @param time t2
- @return t1 - t2
-*/
-timeval my_timersub(timeval t1, timeval t2) {
- timeval result;
- timersub(&t1, &t2, &result);
- return result;
-}
-
-double timeval_to_microsecs(timeval t) {
- return ((double)t.tv_sec * (double)MICROSECS_PER_SEC) + ((double)t.tv_usec);
-}
-
-/** Initialize statistics at the beginning of a TEST_CASE
- @param stats [in/out] statistics to be initialized
-*/
-void initialize_stats(readwrite_stats *stats) {
- stats->number_of_calls = 0;
- stats->total_duration = 0.0;
- stats->average_duration = 0.0;
- stats->minimal_duration = DBL_MAX;
- stats->maximal_duration = 0.0;
-}
-
-/** Save time at the beginning of a RUN
- @param stats [in/out] statistics
-*/
-void start_stats_update(readwrite_stats *stats) {
- stats->current_start_time = my_gettime();
- //LogDebug("start_stats_update at: %ld.%06ld\n", stats->current_start_time.tv_sec, stats->current_start_time.tv_usec);
-}
-
-/** Save time at the end of a RUN and updates the statistics (current_end_time, number_of_calls, total_duration, minimal_duration, maximal_duration)
- @param stats [in/out] statistics
-*/
-void end_stats_update(readwrite_stats *stats) {
- stats->current_end_time = my_gettime();
- double current_duration = timeval_to_microsecs(my_timersub(stats->current_end_time, stats->current_start_time));
- stats->total_duration += current_duration;
- stats->number_of_calls += 1;
- if (current_duration < stats->minimal_duration)
- (stats->minimal_duration) = current_duration;
- if (current_duration > stats->maximal_duration)
- (stats->maximal_duration) = current_duration;
-}
-
-/** Updates the statistics (average_duration, number_of_new_calls, total_duration, minimal_duration, maximal_duration)
- Function is used instead of start_stats_update and end_stats_update (e.g when current_duration and number_of_new_calls are reported by child process.
- @param stats [in/out] statistics
- @param number_of_new_calls number of function calls in the RUN
- @param current_duration (total) of number_of_new calls
-*/
-void stats_update(readwrite_stats *stats, int number_of_new_calls, double current_duration) {
- if (number_of_new_calls > 0) {
- double current_average = (double)current_duration / (double)number_of_new_calls;
- stats->average_duration = (double)((stats->total_duration) / (stats->number_of_calls));
- stats->total_duration += current_duration;
- stats->number_of_calls += number_of_new_calls;
- if (current_average < stats->minimal_duration)
- (stats->minimal_duration) = current_average;
- if (current_average > stats->maximal_duration)
- (stats->maximal_duration) = current_average;
- }
- else
- LogDebug("stats_update called after zero successful function calls \n");
-}
-
-/** Calculate the average time and calculates statistics taken by a single function call.
- Called at the end of a TEST_CASE.
- @param stats [in/out] statistics
- @param function_name of the function called in tests (to be printed)
-*/
-void finish_stats(readwrite_stats *stats, const char* function_name) {
- if ((stats->number_of_calls) > 0) {
- stats->average_duration = (double)((stats->total_duration) / (stats->number_of_calls));
- printf("The approx (min, max, avg) execution times for function:\n%s are: \n---(%'.2fus, %'.2fus, %'.2fus)\n", function_name, stats->minimal_duration, stats->maximal_duration, stats->average_duration);
- }
- else
- LogDebug("No function call succeeded\n");
-}
-
-/*TEST CASES*/
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_API_SPEED_MEASURER)
-
-/*
- * test: Tests the tests
- * expected: The minimum shall be about (QUANTUM) = 10^-2s = 10000 us, max about (NUMBER_OF_CALLS*QUANTUM) = 5*10^-2s = 50000us, avg (average) about (0.5*NUMBER_OF_CALLS+1*QUANTUM)=3*10^-2s = 30000us. Max is no more than 50% bigger than minimum.
- */
-RUNNER_TEST(m000_security_server_test_the_tests) {
- int ret;
- readwrite_stats stats;
- double expected_min_min = QUANTUM;
- double expected_min_max = 1.5 * expected_min_min;
- double expected_avarage_min = (((double)(NUMBER_OF_CALLS + 1)) / 2.0) * expected_min_min;
- double expected_avarage_max = 1.5 * expected_avarage_min;
- double expected_max_min = ((double)(NUMBER_OF_CALLS)) * expected_min_min;
- double expected_max_max = 1.5 * expected_max_min;
- initialize_stats(&stats);
- for (int i=0; i < NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = my_nanosecsleep((long) ((i+1)*QUANTUM*1000));
- RUNNER_ASSERT_MSG(ret == 0, "system sleep function returned premature wake-up; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "my_nanosecsleep");
- RUNNER_ASSERT_MSG((stats.average_duration>expected_avarage_min) && (stats.average_duration<expected_avarage_max), "Avarage time is suspicious - check the issue; stats.average_duration=" << stats.average_duration);
- RUNNER_ASSERT_MSG((stats.minimal_duration>expected_min_min) && (stats.minimal_duration<expected_min_max), "Minimal time is suspicious - check the issue; stats.minimal_duration=" << stats.minimal_duration);
- RUNNER_ASSERT_MSG((stats.maximal_duration>expected_max_min) && (stats.maximal_duration<expected_max_max), "Maximal time is suspicious - check the issue; stats.maximal_duration=" << stats.maximal_duration);
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m010_security_server_security_server_get_gid) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_get_gid(EXISTING_GROUP_NAME);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_get_gid");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m030_security_server_request_cookie) {
- int ret;
- size_t cookie_size;
- cookie_size = security_server_get_cookie_size();
- char cookie[cookie_size];
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_request_cookie(cookie, cookie_size);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_request_cookie");
-}
-
-/*
- * measurer: Fails only on connection error.
- * Create new processes and measures times of first calls of security_server_request_cookie in them
- *
- */
-RUNNER_MULTIPROCESS_TEST(m031_security_server_request_cookie_first_time_only) {
- int ret;
- size_t cookie_size;
- cookie_size = security_server_get_cookie_size();
- char cookie[cookie_size];
- readwrite_stats stats;
-
- int pipefd[2];
- int cpid;
- int number_of_calls;
- double duration_of_calls;
- /*initialize pipes - one pipe for one child process*/
- RUNNER_ASSERT_ERRNO_MSG(0 == pipe(pipefd), "error in pipe");
- initialize_stats(&stats);
- for (int i = 0; i < NUMBER_OF_CALLS; i++) {
- RUNNER_ASSERT_ERRNO_MSG(-1 != (cpid = fork()), "error in fork #i = " << i);
- if (cpid == 0) { /* Child*/
- close(pipefd[0]); /* Close unused read end */
- timeval start_time;
- timeval end_time;
- start_time = my_gettime();
- ret = security_server_request_cookie(cookie, cookie_size);
- end_time = my_gettime();
- if (communication_succeeded(ret) == 0) {
- number_of_calls = 1;
- duration_of_calls = timeval_to_microsecs(my_timersub(end_time, start_time));
-
- } else
- {
- number_of_calls = 0;
- duration_of_calls = 0.0;
- }
- RUNNER_ASSERT_MSG(my_pipe_write(pipefd[1], &number_of_calls, sizeof(number_of_calls)) == sizeof(number_of_calls), "error in write number of calls to pipe");
- RUNNER_ASSERT_MSG(my_pipe_write(pipefd[1], &duration_of_calls, sizeof(duration_of_calls)) == sizeof(duration_of_calls), "error in write duration of calls to pipe");
- close(pipefd[1]);
- exit(EXIT_SUCCESS);
- } else
- { /* Parent */
- RUNNER_ASSERT_MSG(my_pipe_read(pipefd[0], &number_of_calls, sizeof(number_of_calls)) == sizeof(number_of_calls), "error in read number of calls to pipe");
- RUNNER_ASSERT_MSG(my_pipe_read(pipefd[0], &duration_of_calls, sizeof(duration_of_calls)) == sizeof(duration_of_calls), "error in read duration of calls to pipe");
-
- RUNNER_ASSERT_MSG(number_of_calls > 0, "commmunication error");
- stats_update(&stats, number_of_calls, duration_of_calls);
- }
- /*parent*/
- }
- close(pipefd[1]); /* Close parent descriptors */
- close(pipefd[0]);
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m040_security_server_get_cookie_size) {
- size_t cookie_size;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookie_size > 0, "cookie_size = " << cookie_size);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_get_cookie_size");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m050_security_server_check_privilege) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- const char *existing_group_name = EXISTING_GROUP_NAME;
- size_t cookie_size;
- int call_gid;
- // we use existing group name for the measurment, however this is not neccessary
- call_gid = security_server_get_gid(existing_group_name);
- cookie_size = security_server_get_cookie_size();
- char recved_cookie[cookie_size];
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_check_privilege(recved_cookie, (gid_t)call_gid);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_check_privilege");
-}
-
-void testSecurityServerCheckPrivilegeByCookie(bool smack) {
- const char *object_label = M60_OBJECT_LABEL;
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = M60_SUBJECT_LABEL;
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
-
- if (smack) {
- SmackAccess smackAccess;
- smackAccess.add(subject_label, object_label, access_rights);
- smackAccess.apply();
- RUNNER_ASSERT_MSG(0 == (ret = smack_set_label_for_self(subject_label)),
- "Error in smack_set_label_for_self(); ret = " << ret);
- }
-
- Cookie cookie = getCookieFromSS();
-
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- /*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */
- if (i%2)
- ret = security_server_check_privilege_by_cookie(
- cookie.data(),
- object_label,
- access_rights);
- else
- ret = security_server_check_privilege_by_cookie(
- cookie.data(),
- object_label,
- access_rights_ext);
-
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_check_privilege_by_cookie");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-
-RUNNER_TEST_SMACK(m060_security_server_check_privilege_by_cookie_smack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeByCookie(true);
-}
-
-RUNNER_TEST_NOSMACK(m060_security_server_check_privilege_by_cookie_nosmack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeByCookie(false);
-}
-
-void testSecurityServerCheckPrivilegeBySockfd(bool smack) {
- const char *object_label = M70_OBJECT_LABEL;
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = M70_SUBJECT_LABEL;
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
-
- if (smack) {
- SmackAccess smackAccess;
- smackAccess.add(subject_label, object_label, access_rights);
- smackAccess.apply();
- }
-
- int pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
- if (0 == pid) {
- // child
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- if (smack)
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- close(csockfd);
- exit(EXIT_SUCCESS);
- //end child
- } else {
- //parent
- sleep(2);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- /*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */
- if (i%2)
- ret = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights_ext);
- else
- ret = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
-
- finish_stats(&stats, "check_privilege_by_sockfd");
- }
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-
-RUNNER_MULTIPROCESS_TEST_SMACK(m070_security_server_check_privilege_by_sockfd_smack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeBySockfd(true);
-}
-
-RUNNER_MULTIPROCESS_TEST_NOSMACK(m070_security_server_check_privilege_by_sockfd_nosmack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeBySockfd(false);
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m080_security_server_get_cookie_pid) {
- int ret;
- size_t cookie_size;
- cookie_size = security_server_get_cookie_size();
- char cookie[cookie_size];
- ret = security_server_request_cookie(cookie, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "security_server_request_cookie failed; ret = " << ret);
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_get_cookie_pid(cookie);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_request_cookie");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m090_security_server_is_pwd_valid) {
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_is_pwd_valid");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m100_security_server_set_pwd) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd("this_is_current_pwd", "this_is_new_pwd", 20, 365);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m110_security_server_set_pwd_validity) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd_validity(2);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd_validity");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m120_security_server_set_pwd_max_challenge) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd_max_challenge(3);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd_max_challenge");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m130_security_server_reset_pwd) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_reset_pwd("apud", 1, 2);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_reset_pwd");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m140_security_server_chk_pwd) {
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_chk_pwd("is_this_password", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_chk_pwd");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m150_security_server_set_pwd_history) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd_history(100);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd_history");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m160_security_server_app_give_access) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- const char* customer_label = M160_CUSTOMER_LABEL;
- int customer_pid = getpid();
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_app_give_access(customer_label, customer_pid);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_app_give_access");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m170_security_server_check_privilege_by_pid) {
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- int pid = getpid();
- const char *object = M170_OBJECT_LABEL;
- const char *access_rights = "rw";
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_check_privilege_by_pid(pid, object, access_rights);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_check_privilege_by_pid");
-}
-
-
-int main(int argc, char *argv[])
-{
- securityClientEnableLogSystem();
- DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_mockup.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief All mockups required in security-server tests.
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <poll.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <security-server.h>
-
-#include <dpl/log/log.h>
-
-#define SECURITY_SERVER_TEST_SOCK_PATH "/tmp/.security_server_sock_mockup"
-
-/* Create a Unix domain socket and bind */
-int create_new_socket()
-{
- int localsockfd = -1, flags;
- struct sockaddr_un serveraddr;
- mode_t sock_mode;
-
- if (-1 == remove(SECURITY_SERVER_TEST_SOCK_PATH)) {
- LogDebug("Unable to remove " << SECURITY_SERVER_TEST_SOCK_PATH);
- }
-
- /* Create Unix domain socket */
- if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
- {
- localsockfd = -1;
- LogDebug("Socket creation failed");
- goto error;
- }
-
- /* Make socket as non blocking */
- if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
- fcntl(localsockfd, F_SETFL, flags) < 0)
- {
- close(localsockfd);
- localsockfd = -1;
- LogDebug("Cannot go to nonblocking mode");
- goto error;
- }
-
- bzero (&serveraddr, sizeof(serveraddr));
- serveraddr.sun_family = AF_UNIX;
- strncpy(serveraddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH,
- strlen(SECURITY_SERVER_TEST_SOCK_PATH) + 1);
-
- /* Bind the socket */
- if ((bind(localsockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0)
- {
- LogDebug("Cannot bind");
- close(localsockfd);
- localsockfd = -1;
- goto error;
- }
-
- /* Change permission to accept all processes that has different uID/gID */
- sock_mode = (S_IRWXU | S_IRWXG | S_IRWXO);
-
- /* Flawfinder hits this chmod function as level 5 CRITICAL as race condition flaw *
- * * Flawfinder recommends to user fchmod insted of chmod
- * * But, fchmod doesn't work on socket file so there is no other choice at this point */
- if (chmod(SECURITY_SERVER_TEST_SOCK_PATH, sock_mode) < 0) /* Flawfinder: ignore */
- {
- LogDebug("chmod() error");
- close(localsockfd);
- localsockfd = -1;
- goto error;
- }
-error:
- return localsockfd;
-}
-
-int connect_to_testserver()
-{
- struct sockaddr_un clientaddr;
- int client_len = 0, localsockfd;
-
- /* Create a socket */
- if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
- {
- LogDebug("Error on socket. Errno: " << errno);
- return -1;
- }
-
- bzero(&clientaddr, sizeof(clientaddr));
- clientaddr.sun_family = AF_UNIX;
- strncpy(clientaddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH, strlen(SECURITY_SERVER_TEST_SOCK_PATH));
- clientaddr.sun_path[strlen(SECURITY_SERVER_TEST_SOCK_PATH)] = 0;
- client_len = sizeof(clientaddr);
- if (connect(localsockfd, (struct sockaddr*)&clientaddr, client_len) < 0)
- {
- LogDebug("Error on connect. Errno: " << errno);
- close(localsockfd);
- return -1;
- }
- return localsockfd;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_client_smack.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Mockups.
- */
-
-#ifndef _SS_CLIENT_SERVER_
-#define _SS_CLIENT_SERVER_
-
-int create_new_socket();
-int connect_to_testserver();
-
-#endif
-
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_client_smack.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.1
- * @brief Test cases for security-server-client-smack.
- */
-
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/smack.h>
-#include <sys/wait.h>
-#include <sys/un.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-
-#include <memory>
-#include <functional>
-
-#include <dpl/log/log.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include "security_server_mockup.h"
-
-#include <security-server.h>
-#include <access_provider.h>
-#include "tests_common.h"
-#include <memory.h>
-
-#define PROPER_COOKIE_SIZE 20
-
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_CLIENT_SMACK)
-
-/*
- * test: tc04_security_server_get_gid
- * description: Checking for security_server_get_gid
- * with nonexisting gid and existing one
- * expected: security_server_get_gid should return
- * SECURITY_SERVER_ERROR_NO_SUCH_OBJECT with first call
- * and group id with second call
- */
-RUNNER_CHILD_TEST_SMACK(tc04_security_server_get_gid)
-{
- SecurityServer::AccessProvider provider("tc04mylabel");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_gid("abc123xyz_pysiaczek");
- LogDebug("ret = " << ret);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT == ret, "Ret: " << ret);
- ret = security_server_get_gid("root");
- LogDebug("ret = " << ret);
- RUNNER_ASSERT_MSG(0 == ret, "Ret: " << ret);
-}
-
-/*
- * test: tc05_check_privilege_by_cookie
- * description: Function security_server_check_privilege_by_cookie should
- * return status of access rights of cookie owner. In this case cookie owner
- * is the same process that ask for the rights.
- * expected: Function call with access rights set to "r" should return SUCCESS,
- * with "rw" should return ACCESS DENIED.
- */
-RUNNER_CHILD_TEST_SMACK(tc05_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- char cookie[20];
- const char *object_label = "tc05objectlabel";
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = "tc05subjectlabel";
-
- SecurityServer::AccessProvider provider(subject_label);
- provider.allowSS();
- provider.addObjectRule(object_label, access_rights);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_request_cookie(cookie,20));
-
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_check_privilege_by_cookie(
- cookie,
- object_label,
- access_rights));
-
- RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
- security_server_check_privilege_by_cookie(
- cookie,
- object_label,
- access_rights_ext));
-}
-
-/*
- * test: security_server_check_privilege_by_sockfd
- * description: This test will create dummy server that will accept connection
- * and die. The client will try to check access rights using connection descriptor.
- * expected: Function call with access rights set to "r" should return SUCCESS,
- * with "rw" should return ACCESS DENIED.
- */
-RUNNER_MULTIPROCESS_TEST_SMACK(tc06_check_privilege_by_sockfd)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char *object_label = "tc06objectlabel";
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = "tc06subjectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- smack_accesses *handle;
- RUNNER_ASSERT(0 == smack_accesses_new(&handle));
- RUNNER_ASSERT(0 == smack_accesses_add(handle,
- subject_label,
- object_label,
- access_rights));
- RUNNER_ASSERT(0 == smack_accesses_apply(handle));
- smack_accesses_free(handle);
-
- int pid = fork();
- char *label;
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (0 == pid) {
- // child
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
-
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\"");
- free(label);
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\"");
- free(label);
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- usleep(500);
-
- close(csockfd);
- exit(0);
- } else {
- // parent
- sleep(1);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,subject_label) == 0, "label is \"" << label << "\"" << ", subject_label is \"" << subject_label << "\"" );
- free(label);
-
- result1 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights);
- result2 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights_ext);
- }
-
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, "result = " << result2);
-}
-
-/*
- * test: security_server_check_privilege_by_sockfd
- * description: This test will create dummy server that will accept connection
- * and die. The client will try to check access rights using connection descriptor.
- * Because we read a smack label not from socket directly, but from from pid of process
- * on the other end of socket - that's why smack label will be updated.
- * In this test client is running under root and server is not - to test the extreme case.
- * expected: Function call with access rights set to "r" should return SUCCESS,
- * with "rw" should return ACCESS DENIED.
- */
-RUNNER_MULTIPROCESS_TEST_SMACK(tc07_check_privilege_by_sockfd)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char *object_label = "tc07objectlabel";
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = "tc07subjectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- SmackAccess access;
- access.add(subject_label, object_label, access_rights);
- access.apply();
-
- int pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (0 == pid) {
-
- pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (0 == pid) {
- // child
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
- int csockfd = TEMP_FAILURE_RETRY(accept(sockfd,(struct sockaddr*)&client_addr, &client_len));
- if (csockfd >= 0)
- close(csockfd);
- LogDebug("Exit!");
- exit(0);
- } else {
- // parent
- sleep(1);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
-
- result1 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights);
- result2 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights_ext);
-
- close(sockfd);
-
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, " result2 = " << result2);
- }
- }
-}
-
-///////////////////////////
-/////NOSMACK ENV TESTS/////
-///////////////////////////
-
-RUNNER_CHILD_TEST_NOSMACK(tc04_security_server_get_gid_nosmack)
-{
- int ret;
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_get_gid("definitely_not_existing_object");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret = " << ret);
- ret = security_server_get_gid("root");
- RUNNER_ASSERT_MSG(ret == 0, "ret = " << ret);
-}
-
-/*
- * NOSMACK version of tc05 test.
- *
- * Correct behaviour of smack_accesses_apply and smack_set_label_for_self was checked by libsmack
- * tests. We assume, that those tests pass. Additionally security_server_check_privilege_by_cookie
- * should return SUCCESS no matter what access_rights we give to this function.
- */
-RUNNER_CHILD_TEST_NOSMACK(tc05_check_privilege_by_cookie_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- char cookie[20];
- const char* object_label = "tc05objectlabel";
-
- RUNNER_ASSERT(security_server_request_cookie(cookie,20) == SECURITY_SERVER_API_SUCCESS);
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_check_privilege_by_cookie(cookie, object_label, "r"));
-
- //On NOSMACK env security server should return success on any accesses, even those that are
- //incorrect.
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_check_privilege_by_cookie(cookie, object_label, "rw"));
-}
-
-/**
- * NOSMACK version of tc06 test.
- *
- * Differences between this and SMACK version (server):
- * - Skipped setting access_rights
- * - Skipped setting label for server
- * - get_smacklabel_sockfd is called only once for server, almost right after fork and creation
- * of socket (because it should do nothing when SMACK is off)
- * - After get_smacklabel_sockfd privileges are dropped and server is prepared to accept connections
- * from client
- *
- * For client the only difference are expected results from check_privilege_by_sockfd - both should
- * return SUCCESS.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(tc06_check_privilege_by_sockfd_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char* object_label = "tc06objectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- int pid = fork();
- char* label;
- RUNNER_ASSERT_ERRNO(pid >= 0);
-
- int ret;
-
- if (pid == 0) { //child process - server
- //create new socket
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- //check if get_smacklabel_sockfd works correctly
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- ret = strcmp(label, "");
- free(label);
- RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\"");
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
-
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- //wait a little bit for parent to do it's job
- usleep(200);
-
- //if everything works, cleanup and return 0
- close(csockfd);
- exit(0);
- } else {
- //parent
- sleep(1);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to connect to server.");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "get_smacklabel_sockfd failed.");
- ret = strcmp(label, "");
- free(label);
- RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\"");
-
- result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
- result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
- }
-
- RUNNER_ASSERT_MSG(result1 == SECURITY_SERVER_API_SUCCESS, "result = " << result1);
- RUNNER_ASSERT_MSG(result2 == SECURITY_SERVER_API_SUCCESS, "result = " << result2);
-}
-
-/**
- * NOSMACK version of tc07 test.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(tc07_check_privilege_by_sockfd_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char* object_label = "tc07objectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- int pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (pid == 0) {
-
- pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (pid == 0) { //child process
- //Create socket
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- //Drop privileges
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- //Prepare for accepting
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
-
- //Accept connections
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- //wait a little bit for parent to do it's job
- usleep(200);
-
- //cleanup and kill child
- close(csockfd);
- exit(0);
- } else { //parent process
- //Drop root privileges
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- //Wait for server to set up
- sleep(1);
-
- //Connect and check privileges
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to create socket fd.");
-
- result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
- result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
-
- close(sockfd);
-
- //Both results (just like in the previous test case) should return success.
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2);
- }
- }
-}
-
-RUNNER_TEST_SMACK(tc18_security_server_get_smacklabel_cookie) {
- int res;
-
- char *label_smack = nullptr;
- char *label_ss = nullptr;
- char *cookie = nullptr;
-
- int cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size, "Wrong cookie size from security-server");
-
- cookie = (char*) calloc(cookie_size, 1);
- RUNNER_ASSERT_MSG(nullptr != cookie, "Memory allocation error");
-
- res = security_server_request_cookie(cookie, cookie_size);
- if (res != SECURITY_SERVER_API_SUCCESS) {
- free(cookie);
- RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS, "Error in requesting cookie from security-server");
- }
-
- label_ss = security_server_get_smacklabel_cookie(cookie);
- free(cookie);
- RUNNER_ASSERT_MSG(label_ss != nullptr, "Error in getting label by cookie");
-
-
- std::string label_cookie(label_ss);
- free(label_ss);
-
- res = smack_new_label_from_self(&label_smack);
- if (res < 0) {
- free(label_smack);
- RUNNER_ASSERT_MSG(res == 0, "Error in getting self SMACK label");
- }
- std::string label_self(label_smack ? label_smack : "");
- free(label_smack);
-
- RUNNER_ASSERT_MSG(label_self == label_cookie, "No match in SMACK labels");
-
-
- //TODO: here could be label change using SMACK API and checking if it
- //is changed using security-server API function based on the same cookie
-}
-
-/**
- * NOSMACK version of tc_security_server_get_smacklabel_cookie test.
- *
- * Most of this test goes exactly as the original one. The only difference are the labels:
- * - We assume that libsmack tests passed and smack_new_label_from_self will return -1 and nullptr
- * label - there is no need to re-check it.
- * - Label acquired from security_server_get_smacklabel_cookie should be an empty string.
- */
-RUNNER_TEST_NOSMACK(tc18_security_server_get_smacklabel_cookie_nosmack) {
- int res;
-
- char* label_ss = nullptr;
- char* cookie = nullptr;
-
- int cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size,
- "Wrong cookie size from security-server. Size: " << cookie_size);
-
- cookie = (char*) calloc(cookie_size, sizeof(char));
- RUNNER_ASSERT_MSG(nullptr != cookie, "Memory allocation error");
-
- //Request cookie from SS
- res = security_server_request_cookie(cookie, cookie_size);
- CookieUniquePtr cookie_ptr(cookie);
- cookie = nullptr;
- RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS,
- "Error in requesting cookie from security-server. Result: " << res);
-
- label_ss = security_server_get_smacklabel_cookie(cookie_ptr.get());
- RUNNER_ASSERT_MSG(label_ss != nullptr, "Error in getting label by cookie");
-
- std::string label(label_ss);
- free(label_ss);
- RUNNER_ASSERT_MSG(label.empty(), "label_ss is not an empty string.");
-
-}
-
-////////////////////
-/////MAIN///////////
-////////////////////
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file security_server_tests_mt.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- * @brief This test creates multiple processes that connect to security
- * server and perform random operations using its API. The purpose
- * of this test is to check if security-server crashes when under
- * heavy load. Test succeeds if all processes finish.
- */
-
-#include <dpl/log/log.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <security-server.h>
-#include <sys/wait.h>
-#include <random>
-#include <functional>
-#include <chrono>
-
-namespace {
-const size_t PROC_TOTAL = 1000; // total number of processes to spawn
-const size_t PROC_MAX = 10; // max number of processes working at the same time
-const size_t LOOPS = 50; // number of loop repeats
-
-std::default_random_engine generator(std::chrono::system_clock::now().time_since_epoch().count());
-
-// common function data
-struct Data {
- char *cookie; // not owned
-
- Data(char *c) : cookie(c) {}
-};
-
-
-// test functions
-void request_cookie(const Data&)
-{
- char cookie[20];
- security_server_request_cookie(cookie, 20);
-}
-
-void check_privilege(const Data &d)
-{
- int ret = security_server_get_gid("audio");
- security_server_check_privilege(d.cookie, ret);
-}
-
-void check_privilege_by_cookie(const Data &d)
-{
- security_server_check_privilege_by_cookie(d.cookie, "label", "rwxat");
-}
-
-void get_cookie_pid(const Data &d)
-{
- security_server_get_cookie_pid(d.cookie);
-}
-
-void get_smack_label(const Data &d)
-{
- char *label = security_server_get_smacklabel_cookie(d.cookie);
- free(label);
-}
-
-void random_sleep(const Data&)
-{
- std::uniform_int_distribution<size_t> distribution(0,100);
- usleep(distribution(generator));
-}
-
-
-// list of test functions
-std::vector<std::function<void(const Data&)> > functions = {
- random_sleep,
- request_cookie,
- check_privilege,
- check_privilege_by_cookie,
- get_cookie_pid,
- get_smack_label
-};
-} // namespace
-
-// randomly calls test functions
-void security_server_magic()
-{
- char cookie[20];
- security_server_request_cookie(cookie, 20);
- Data d(cookie);
-
- // random loop number
- std::uniform_int_distribution<size_t> l_dist(0,LOOPS);
- size_t loops = l_dist(generator);
-
- // random function call
- std::uniform_int_distribution<size_t> distribution(0,functions.size() - 1);
- auto rnd = std::bind(distribution, generator);
- for (size_t i = 0; i < loops; ++i) {
- functions[rnd()](d);
- }
-}
-
-int main()
-{
- size_t current = 0;
- size_t spawned = 0;
- for (;;) {
- if (current >= PROC_MAX || spawned >= PROC_TOTAL) {
- int status;
- int ret = wait(&status);
-
- // all processes spawned, no more children to wait for
- if (spawned >= PROC_TOTAL && ret <= 0)
- break;
-
- current--;
- }
-
- // spawn predefined number of processes
- if (spawned < PROC_TOTAL) {
- pid_t pid = fork();
- if (pid == 0) {
- LogDebug("START " << spawned);
- security_server_magic();
- LogError("STOP " << spawned);
- exit(0);
- }
- else {
- //LogWarning("PID " << pid);
- spawned++;
- current++;
- }
- }
- }
- LogInfo("Finished");
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_password.cpp
- * @author Bumjin Im (bj.im@samsung.com)
- * @author Pawel Polawski (p.polawski@partner.samsung.com)
- * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
- * @author Jan Olszak (j.olszak@samsung.com)
- * @version 2.0
- * @brief Test cases for security server
- *
- * WARNING: In this file test order is very important. They have to always be run
- * in correct order. This is done by correct test case names ("tcXX_").
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-#include <dirent.h>
-#include "security-server.h"
-#include <dpl/test/test_runner.h>
-#include <tests_common.h>
-#include <dlog.h>
-#include "security_server_clean_env.h"
-#include "security_server_tests_common.h"
-
-
-// the maximum time (in seconds) passwords can expire in
-const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
-
-// test passwords
-const char* TEST_PASSWORD = "IDLEPASS";
-const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
-const char* THIRD_TEST_PASSWORD = "THIRDPASS";
-const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
-
-struct SystemClock {
- SystemClock(time_t sft)
- : m_original(time(0))
- , m_shift(0)
- {
- shift(sft);
- }
-
- SystemClock()
- : m_original(time(0))
- , m_shift(0)
- {}
-
- void shift(time_t sft) {
- m_shift += sft;
- time_t shifted = m_original + m_shift;
- RUNNER_ASSERT_ERRNO(0 == stime(&shifted));
- }
-
- ~SystemClock() {
- if (std::uncaught_exception()) {
- stime(&m_original);
- return;
- }
-
- RUNNER_ASSERT_ERRNO(0 == stime(&m_original));
- }
-private:
- time_t m_original;
- time_t m_shift;
-};
-
-
-/**
- * Confirm there is no password before tests are run.
- */
-RUNNER_TEST(tc01_clear_environment)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- if (getuid() == 0)
- {
- reset_security_server();
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
- RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
- RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
- }
- else
- {
- SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
- SLOGD("If not, you will see some failures\n");
-
- RUNNER_IGNORED_MSG("I'm not root");
- }
-}
-
-/**
- * Basic test of setting validity period.
- */
-RUNNER_TEST(tc02_security_server_set_pwd_validity)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TESTS:
- // WITHOUT password
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- // WITH password
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Basic test of setting maximum number of password challenges.
- */
-RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TESTS:
- // WITHOUT password
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- // WITH password
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Test checking a too long password.
- */
-RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // 33 char password
- ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Test various parameter values when checking a password.
- */
-RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- ret = security_server_chk_pwd(nullptr, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_chk_pwd("password", nullptr, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_chk_pwd("password", &attempt, nullptr, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_chk_pwd("password", &attempt, &max_attempt, nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Check the given password when no password is set.
- */
-RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment - there is no password now!
- reset_security_server();
-
- // TEST
- ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
- RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-}
-
-/**
- * Checks various parameter values.
- */
-RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- ret = security_server_set_pwd(nullptr, nullptr, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Test setting too long password.
- */
-RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- // 33 char password
- ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Basic password setting.
- */
-RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Set a maximum password period.
- */
-RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- // UINT_MAX will cause api error, it is to big value
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- // calculate max applicable valid days that will not be rejected by ss
- // ensure, that after conversion from days to seconds in ss there will be no uint overflow
- unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1;
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Set a maximum password challenge number.
- */
-RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Set empty password.
- */
-RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Change password to a too long password.
- */
-RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- std::string lng_pwd(5000, 'A');
- ret = security_server_set_pwd(TEST_PASSWORD,lng_pwd.c_str(), 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Check empty password.
- */
-RUNNER_TEST(tc15_security_server_chk_pwd_empty_password)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Various validity parameter values.
- */
-RUNNER_TEST(tc16_security_server_set_pwd_validity)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_set_pwd_validity(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //When trying to set UINT_MAX we should get error.
- ret = security_server_set_pwd_validity(UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(2);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check passwords validity
- */
-RUNNER_TEST(tc17_security_server_is_pwd_valid)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 2);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST:
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
-}
-
-/**
- * Various numbers of challenges.
- */
-RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- // calculate max applicable valid days that will not be rejected by ss
- // ensure, that after conversion from days to seconds in ss there will be no uint overflow
- unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1;
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, valid_days);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TESTS
- ret = security_server_set_pwd_max_challenge(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-
-/**
- * Check the max number of challenges.
- */
-RUNNER_TEST(tc19_security_server_is_pwd_valid)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
-}
-
-/**
- * Basic password check.
- */
-RUNNER_TEST(tc20_security_server_chk_pwd)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
-}
-
-/**
- * Check an incorrect password.
- */
-RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Check an incorrect password
- */
-RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Change password
- */
-RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check wrong password multiple times and then check a correct one.
- */
-RUNNER_TEST(tc24_security_server_attempt_exceeding)
-{
- int ret;
- unsigned int i, attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- printf("5 subtests started...");
- for (i = 1; i <= 5; i++) {
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
- }
- printf("DONE\n");
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
-}
-
-/**
- * Try to exceed maximum number of challenges.
- */
-RUNNER_TEST(tc25_security_server_attempt_exceeding)
-{
- int ret;
- unsigned int i, attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- printf("10 subtests started...");
- for (i = 1; i <= 10; i++) {
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
- }
-
- // The check, that exceeds max number
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
- printf("DONE\n");
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
-}
-
-/**
- * Reset password
- */
-RUNNER_TEST(tc26_security_server_reset_pwd)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check too long password.
- */
-RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- std::string lng_pwd(5000, 'A');
- ret = security_server_chk_pwd(lng_pwd.c_str(), &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Check passwords expiration (not expired)
- */
-RUNNER_TEST(tc28_security_server_check_expiration)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
-}
-
-/**
- * Use various parameter values of parameters.
- */
-RUNNER_TEST(tc29_security_server_set_pwd_history)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TESTS
- ret = security_server_set_pwd_history(100);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(51);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(-5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(50);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_history(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_history(INT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(INT_MIN);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-
-
-int dir_filter(const struct dirent *entry)
-{
- if ((strcmp(entry->d_name, ".") == 0) ||
- (strcmp(entry->d_name, "..") == 0) ||
- (strcmp(entry->d_name, "attempts") == 0) ||
- (strcmp(entry->d_name, "history") == 0))
- return (0);
- else
- return (1);
-}
-
-void clean_password_dir(void)
-{
- int ret;
- int i;
- struct dirent **mydirent;
-
- ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
- i = ret;
- while (i--)
- free(mydirent[i]);
- free(mydirent);
-}
-
-
-/**
- * Check password history.
- */
-RUNNER_TEST(tc30_security_server_check_history)
-{
- int ret;
- int i;
- char buf1[33], buf2[33];
-
- // Prepare environment
- reset_security_server();
-
- clean_password_dir();
-
- ret = security_server_set_pwd_history(9);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd("history0", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- printf("11 subtests started...");
- for (i = 0; i < 11; i++) {
- sprintf(buf1, "history%d", i);
- sprintf(buf2, "history%d", i + 1);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(buf1, buf2, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- }
- printf("DONE\n");
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("history11", "history1", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("history1", "history8", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("history1", "history12", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- printf("48 subtests started...");
- for (i = 12; i < 60; i++) {
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- sprintf(buf1, "history%d", i);
- sprintf(buf2, "history%d", i + 1);
-
- ret = security_server_set_pwd(buf1, buf2, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- }
- printf("DONE\n");
-
- clean_password_dir();
-}
-
-/**
- * Replay attack
- */
-RUNNER_TEST(tc31_security_server_replay_attack)
-{
- int ret;
- int i = 0;
- unsigned int attempt, max_attempt, expire_sec;
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
-
- while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
- i += 100000;
-
- ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
- usleep(i);
- }
-
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Expired password
- */
-RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- struct timeval cur_time;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 4, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = gettimeofday(&cur_time, nullptr);
- RUNNER_ASSERT_ERRNO(ret != -1);
-
- cur_time.tv_sec += (expire_sec + 1);
- ret = settimeofday(&cur_time, nullptr);
- RUNNER_ASSERT_ERRNO(ret != -1);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Reset password
- */
-RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- ret = security_server_reset_pwd(nullptr, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/*
- * Use this instead of security_server_chk_pwd directly to verify the function output.
- * For example:
- * verify_chk_pwd("password", SECURITY_SERVER_API_SUCCESS, 2, 5, "debug string")
- */
-void verify_chk_pwd (
- const char* challenge,
- int expected_result,
- unsigned int expected_current_attempt,
- unsigned int expected_max_attempt,
- const std::string &info = std::string())
-{
- /* ensure that initial values differ from expected ones */
- unsigned int attempt = expected_current_attempt - 1;
- unsigned int max_attempt = expected_max_attempt - 1;
- unsigned int expire_sec = PASSWORD_INFINITE_EXPIRATION_TIME - 1;
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
-
- // validate returned value
- RUNNER_ASSERT_MSG(ret == expected_result,
- info << "security_server_chk_pwd returned "
- << ret << " (expected: " << expected_result << ")");
-
- // validate current attempts value
- RUNNER_ASSERT_MSG(attempt == expected_current_attempt,
- info << "security_server_chk_pwd returned attempt = " << attempt <<
- " (expected: " << expected_current_attempt << ")");
-
- // validate max attempt value
- RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt,
- info << "security_server_chk_pwd returned max_attempt = " << max_attempt <<
- " (expected: " << expected_max_attempt << ")");
-
- RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
- info << "security_server_chk_pwd returned expire_sec = " << expire_sec <<
- " (expected: " << PASSWORD_INFINITE_EXPIRATION_TIME << ")");
-}
-
-/**
- * Reach last attempt few times in a row (before exceeding max_attempt).
- */
-RUNNER_TEST(tc34_security_server_max_attempts)
-{
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // change max attempts number few times
- std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
-
- for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
- unsigned int max_challenges = max_challenge_tab[pass];
-
- ret = security_server_set_pwd_max_challenge(max_challenges);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // max_challenges-1 wrong password attempts
- for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
- verify_chk_pwd(SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt_nr,
- max_challenges,
- std::string("pass = ") + std::to_string(pass) +
- ", attempt = " + std::to_string(attempt_nr));
-
- // Check correct password finally
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
- max_challenges, max_challenges);
- }
-}
-
-/**
- * Decrease 'max challenge' number after several missed attempts.
- */
-RUNNER_TEST(tc35_security_server_decrease_max_attempts)
-{
- const unsigned int max_challenge_more = 10;
- const unsigned int max_challenge_less = 5;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge_more, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // missed attempts
- for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
- verify_chk_pwd(SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt,
- max_challenge_more,
- std::string("attempt = ") + std::to_string(attempt));
-
- // lower max_challenge
- ret = security_server_set_pwd_max_challenge(max_challenge_less);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // try valid password - should pass (curr attempts is reset)
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less);
-
- // remove max attempts limit
- ret = security_server_set_pwd_max_challenge(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // try valid password again - should pass
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
-
- // try to change the password - should pass
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // validate new password
- verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
-}
-
-/**
- * Change password few times and challenge previous passwords - checks if security_server_set_pwd
- * works as it should.
- */
-RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
-{
- const int history_depth = 5;
- const unsigned int max_challenge = 3;
- std::string prev_pass, new_pass = TEST_PASSWORD;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd_history(history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- for (int depth = 0; depth < history_depth; ++depth) {
- prev_pass = new_pass;
-
- //generate password name
- new_pass = "history" + std::to_string(depth+1);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // challenge initial password
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 1,
- max_challenge,
- std::string("depth = ") + std::to_string(depth));
-
- // challenge previous password
- verify_chk_pwd(
- prev_pass.c_str(),
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 2,
- max_challenge,
- std::string("depth = ") + std::to_string(depth));
- }
-}
-
-/**
- * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
- * This test simulates user's behaviour - challenges valid and invalid passwords
- * in various combinations.
- */
-RUNNER_TEST(tc37_security_server_challenge_mixed)
-{
- // Prepare environment
- reset_security_server();
-
- const unsigned int max_challenge = 2;
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
- for (unsigned int i = 0; i < max_challenge; ++i)
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- 1,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-
- // Ensure that challenging valid password resets 'cuurrent attempt' value.
- // If it didn't, the test would fail in third loop pass.
- for (unsigned int i = 0; i < max_challenge + 1; ++i) {
- // incorrect pwd
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 1,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-
- // correct pwd
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- 2,
- max_challenge,
- std::string("i = ") + std::to_string(i));
- }
-
- // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
- // any further attempts (even correct) are blocked
- for (unsigned int i = 1; i <= max_challenge; ++i)
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- i,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-
- // correct - refused
- for (unsigned int i = 1; i <= max_challenge; ++i)
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
- max_challenge + i,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-}
-
-/*
- * Pasword change mixed with history depth change.
- */
-RUNNER_TEST(tc38_security_server_history_depth_change)
-{
- int ret;
- const int initial_history_depth = 2;
- const int decreased_history_depth = 1;
- const int increased_history_depth = 3;
-
- // Prepare environment
- reset_security_server();
-
- ret = security_server_set_pwd_history(initial_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- /*
- * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
- * and SECOND_TEST_PASSWORD as a part of history.
- */
- ret = security_server_set_pwd_history(decreased_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- /*
- * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
- * and THIRD_TEST_PASSWORD only.
- */
- ret = security_server_set_pwd_history(increased_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-}
-
-/**
- * Challenge invalid password, reset server and check if 'current attempts' is restored.
- */
-RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
-{
- unsigned int attempt, max_attempt, expire_sec;
- const unsigned int max_challenge = 10;
- const unsigned int invalid_attempts_num = 3;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // missed attempts
- for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt,
- max_challenge);
-
- attempt = max_attempt = expire_sec = UINT_MAX;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt);
- RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt);
- RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
- expire_sec);
-
- // restart server - triggers loading password data from file
- restart_security_server();
-
- // challenge invalid password
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- invalid_attempts_num + 1,
- max_challenge);
-
- // challenge valid password
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- invalid_attempts_num + 2,
- max_challenge);
-}
-
-/**
- * Validate passwords history after security server reset.
- */
-RUNNER_TEST(tc40_security_server_history_check_after_reset)
-{
- const unsigned int history_depth = 2;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd_history(history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // restart server - triggers loading password data from file
- restart_security_server();
-
- // try to reuse history passwords
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check if SS has correct behaviour when changing history depth to 0.
- */
-RUNNER_TEST(tc41_security_server_empty_history_check)
-{
- const unsigned int history_depth = 2;
- const unsigned int empty_history_depth = 0;
-
- //prepare environment
- reset_security_server();
-
- //set new history count
- int ret = security_server_set_pwd_history(history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //set new password and fill history
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //make sure, that everything went OK - try setting something that would cause reuse error
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- //reset history limit to no history at all
- ret = security_server_set_pwd_history(empty_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //make sure, that current password still exists in memory
- //expected attempt 3 because our previous tries increased attempt counter
- verify_chk_pwd(
- THIRD_TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- 3,
- 0);
-
- //make sure that it's possible to reuse old password once history limit is set to 0
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //once again try setting earlier used passwords - now API should return success
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //try setting different password and giving nullptr as current once again
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(nullptr, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
-}
-
-RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- unsigned int attempt, max_attempt, expire_sec;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
-}
-
-RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- unsigned int attempt, max_attempt, expire_sec;
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
-}
-
-RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
- ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
-}
-
-RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd_history(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_set_pwd_history(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc50_security_server_set_pwd_current_pwd_with_infinite_expiration_time)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- // Assert security server sets infinite expiration time
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
- "invalid expiration time " << expire_sec);
-
- clean_password_dir();
-}
-
-RUNNER_TEST(tc51_security_server_is_pwd_valid)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- unsigned int attempt, maxAttempt, validSec;
- attempt = maxAttempt = validSec = 0;
-
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret <<
- " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
-
-
- SystemClock clock(60*60*24*2);
-
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0),
- "ret = " << ret << " atempt=" << attempt << " maxAttempt=" << maxAttempt
- << " validSec=" << validSec);
-}
-
-RUNNER_TEST(tc52_security_server_is_pwd_valid)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- unsigned int attempt, maxAttempt, validSec;
- attempt = maxAttempt = validSec = 0;
-
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0xffffffff), "ret = " << ret <<
- " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
-}
-
-RUNNER_TEST(tc53_security_server_is_pwd_valid)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 3);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- unsigned int attempt, maxAttempt, validSec;
- attempt = maxAttempt = validSec = 0;
-
- // password shoudl be valid for 3 days == (60*60*24*3) 259200 seconds
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((validSec > 259000) && (validSec < 260000), "validSec = " << validSec);
-
- SystemClock clock;
- clock.shift(-60*60*24); // one day back
-
- // password should be valid for 4 days == (60*60*24*4) 345600 seconds
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((validSec > 345000) && (validSec < 346000), "validSec = " << validSec);
-
- clock.shift(-60*60*24*2); // 3 days back
-
- // password shoudl be valid for 6 days == (60*60*24*6) 518400 seconds
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((validSec > 518000) && (validSec < 519000), "validSec = " << validSec);
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-#include <dpl/test/test_runner.h>
-
-#include <libprivilege-control_test_common.h>
-
-#include <security-server.h>
-#include <privilege-control.h>
-
-const char *SSTP_APP_ID = "sstp_test_app";
-const char *SSTP_OTHER_LABEL = "sstp_test_other_label";
-
-const char *SSTP_PERMS[] = {
- "sstp_test_rules1",
- "sstp_test_rules2",
- nullptr
-};
-
-const char *SSTP_PERMS1[] = {
- SSTP_PERMS[0],
- nullptr
-};
-
-const char *SSTP_PERMS2[] = {
- SSTP_PERMS[1],
- nullptr
-};
-
-void check_security_server_app_has_privilege(const char *app_label,
- const char *permission,
- int is_enabled_expected)
-{
- int result;
- int is_enabled;
-
- result = security_server_app_has_privilege(app_label, APP_TYPE_WGT, permission, &is_enabled);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error calling security_server_app_has_privilege. Result: " << result);
-
- RUNNER_ASSERT_MSG(is_enabled == is_enabled_expected,
- "Result of security_server_app_has_privilege should be: " << is_enabled_expected);
-}
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PRIVILEGE);
-
-RUNNER_TEST(sstp_01_security_server_app_has_privilege)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(SSTP_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error uninstalling app. Result" << result);
-
- result = perm_app_install(SSTP_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error installing app. Result" << result);
-
- result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS1, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 1);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 1);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 1);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 1);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_stress.cpp
- * @author Pawel Polawski (p.polawski@partner.samsung.com)
- * @version 1.0
- * @brief Test cases for security server stress tests
- *
- */
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <tests_common.h>
-#include <iostream>
-#include <sys/smack.h>
-#include <cstddef>
-#include <thread>
-#include <mutex>
-#include <string>
-#include <sys/types.h>
-#include <unistd.h>
-#include "security-server.h"
-#include <memory.h>
-
-std::mutex g_mutex;
-std::mutex g_msgMutex;
-size_t g_successes = 0;
-
-//number of threads
-const size_t g_threadsNumber = 5;
-
-//environment setup
-const std::string g_subject("woda");
-const std::string g_object("wiadro");
-const std::string g_rule("rwx");
-
-//for storing errors
-std::string g_errors;
-
-
-void appendError(const std::string &message)
-{
- std::lock_guard<std::mutex> lock(g_msgMutex);
- g_errors += message;
- g_errors += "\n";
-}
-
-void cookie_api_thread_function(bool isSmack)
-{
- /*
- Tested API functions:
-
- int security_server_get_cookie_size(void);
- int security_server_request_cookie(char *cookie, size_t bufferSize);
- int security_server_check_privilege(const char *cookie, gid_t privilege);
- int security_server_check_privilege_by_cookie(const char *cookie,
- const char *object,
- const char *access_rights);
- int security_server_get_cookie_pid(const char *cookie);
- char *security_server_get_smacklabel_cookie(const char *cookie);
- */
-
- int ret;
- size_t COOKIE_SIZE;
-
- //security_server_get_cookie_size()
- COOKIE_SIZE = security_server_get_cookie_size();
- if (COOKIE_SIZE != 20) {
- appendError("Error in security_server_get_cookie_size(): " + std::to_string(COOKIE_SIZE));
- return;
- }
-
- //security_server_request_cookie()
- std::vector<char> cookie(COOKIE_SIZE);
- ret = security_server_request_cookie(cookie.data(), COOKIE_SIZE);
- if (ret < 0) {
- appendError("Error in security_server_request_cookie(): " + std::to_string(ret));
- return;
- }
-
- //security_server_check_privilege()
- ret = security_server_check_privilege(cookie.data(), 0);
- if (ret < 0) {
- appendError("Error in security_server_check_privilege(): " + std::to_string(ret));
- return;
- }
-
- //security_server_check_privilege_by_cookie()
- ret = security_server_check_privilege_by_cookie(cookie.data(), g_object.data(), g_rule.data());
- if (ret < 0) {
- appendError("Error in security_server_check_privilege_by_cookie(): " + std::to_string(ret));
- return;
- }
-
- //security_server_get_cookie_pid
- ret = security_server_get_cookie_pid(cookie.data());
- if (ret < 0) {
- appendError("Error in security_server_get_cookie_pid(): " + std::to_string(ret));
- return;
- }
-
- if (isSmack) {
- //security_server_get_smacklabel_cookie()
- char *tmp = security_server_get_smacklabel_cookie(cookie.data());
- std::string labelFromCookie(tmp ? tmp : "");
- free(tmp);
- if (labelFromCookie.size() == 0) {
- appendError("Error in security_server_get_smacklabel_cookie(): " + labelFromCookie);
- return;
- }
-
- char *labelFromSelfTmp = nullptr;
- ret = smack_new_label_from_self(&labelFromSelfTmp);
- if (ret < 0) {
- appendError("Error in smack_new_label_from_self(): " + std::to_string(ret));
- return;
- }
-
- std::string labelFromSelf(labelFromSelfTmp ? labelFromSelfTmp : "");
- free(labelFromSelfTmp);
- if (labelFromSelf != labelFromCookie) {
- appendError("Error in comparing SMACK label: " + std::to_string(ret));
- return;
- }
- }
-
- std::lock_guard<std::mutex> lock(g_mutex);
- ++g_successes;
-}
-
-void testFunction(bool isSmack)
-{
- std::vector<std::thread> threadsVector;
-
- if (isSmack) {
- //preapre environment
- int ret = smack_set_label_for_self(g_subject.data());
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self()");
-
- struct smack_accesses *rulesRaw = nullptr;
- ret = smack_accesses_new(&rulesRaw);
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_new()");
- SmackAccessesPtr rules(rulesRaw);
- ret = smack_accesses_add(rules.get(), g_subject.data(), g_object.data(), g_rule.data());
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_add()");
- ret = smack_accesses_apply(rules.get());
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_apply()");
- }
-
- //spawning threads
- for (size_t i = 0 ; i < g_threadsNumber; ++i)
- threadsVector.push_back(std::thread(cookie_api_thread_function, isSmack));
-
- //waiting for threads end
- for (auto itr = threadsVector.begin(); itr != threadsVector.end(); ++itr)
- itr->join();
-}
-
-
-RUNNER_TEST_GROUP_INIT(stress_tests)
-
-RUNNER_CHILD_TEST_SMACK(tc_stress_cookie_api_smack)
-{
- testFunction(true);
-
- RUNNER_ASSERT_MSG(g_successes == g_threadsNumber,
- "Not all threads exit with success: "
- << g_successes << "/ " << g_threadsNumber
- << std::endl << "Errors:" << std::endl << g_errors);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc_stress_cookie_api_no_smack)
-{
- testFunction(false);
-
- RUNNER_ASSERT_MSG(g_successes == g_threadsNumber,
- "Not all threads exit with success: "
- << g_successes << "/ " << g_threadsNumber
- << std::endl << "Errors:" << std::endl << g_errors);
-}
-
-
-
-int main (int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_server.cpp
- * @author Bumjin Im (bj.im@samsung.com)
- * @author Mariusz Domanski (m.domanski@samsung.com)
- * @version 1.0
- * @brief Test cases for security server
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <poll.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/smack.h>
-#include <sys/wait.h>
-#include "security-server.h"
-#include "security_server_clean_env.h"
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dlog.h>
-#include <privilege-control.h>
-#include <ftw.h>
-#include "security_server_tests_common.h"
-#include "tests_common.h"
-#include <smack_access.h>
-#include <access_provider.h>
-
-const char *TEST03_SUBJECT = "subject_0f09f7cc";
-const char *TEST04_SUBJECT = "subject_57dfbfc5";
-const char *TEST07_SUBJECT = "subject_cd738844";
-const char *TEST08_SUBJECT = "subject_fd84ba7f";
-
-void clear_password()
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- reset_security_server();
-
- attempt = max_attempt = expire_sec = UINT_MAX;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
- RUNNER_ASSERT(expire_sec == 0);
- RUNNER_ASSERT(max_attempt == 0);
- RUNNER_ASSERT(attempt == 0);
-
- sleep(1);
-}
-
-void check_API_passwd(bool smack) {
- int ret = -1;
- int err, err_is_pwd_valid;
- unsigned int attempt, max_attempt, expire_sec;
-
- err = smack ? SECURITY_SERVER_API_ERROR_ACCESS_DENIED : SECURITY_SERVER_API_SUCCESS;
- err_is_pwd_valid = smack ? SECURITY_SERVER_API_ERROR_ACCESS_DENIED : SECURITY_SERVER_API_ERROR_PASSWORD_EXIST;
- attempt = max_attempt = expire_sec = 0;
-
- if (smack) {
- SecurityServer::AccessProvider privider(TEST04_SUBJECT);
- privider.applyAndSwithToUser(APP_UID, APP_GID);
- } else {
- RUNNER_ASSERT_MSG((ret = drop_root_privileges()) == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
- }
-
- ret = security_server_set_pwd_validity(APP_UID);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd_validity has failed,"
- " ret: " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd_max_challenge has failed,"
- " ret: " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == err_is_pwd_valid,
- "security_server_is_pwd_valid should return password exist,"
- " ret: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("12345", "12346", 0, 0);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd has failed, ret: " << ret);
-
- ret = security_server_reset_pwd("12346",0, 0);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_reset_pwd has failed, ret: " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("12346", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_chk_pwd has failed, ret: " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd_history has failed, ret: " << ret);
-}
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_SERVER);
-
-RUNNER_TEST(tc_security_server_get_gid_normal_case_trying_to_get_gid_of_tel_gprs)
-{
- RUNNER_ASSERT(security_server_get_gid("tel_gprs") >= 0);
-}
-
-RUNNER_TEST(tc_security_server_get_gid_empty_object_name)
-{
- RUNNER_ASSERT(security_server_get_gid("") == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
-}
-
-RUNNER_TEST(tc_security_server_get_gid_wrong_object_name_teltel)
-{
- RUNNER_ASSERT(security_server_get_gid("teltel") == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc01a_security_server_app_give_access)
-{
- const char *subject = "abc345v34sfa";
- const char *object = "efg678x2lkjz";
-
- SecurityServer::AccessProvider provider(object);
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- security_server_app_give_access(subject, getpid());
-
- RUNNER_ASSERT(1 == smack_have_access(subject, object, "rwxat"));
-}
-
-/*
- * Currently we are NOT revoking any permissions given by
- * security_server_app_give_access function
- */
-/*RUNNER_TEST(tc01b_security_server_app_give_access)
-{
- const char *subject = "abc345v34sfa";
- const char *object = "efg678x2lkjz";
-
- // After part A thread from security-server will be notified about
- // process end and revoke permissions. We need to give him some
- // time.
- sleep(1);
-
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "r----"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "-w---"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "--x--"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "---a-"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "----t"));
-}*/
-
-RUNNER_CHILD_TEST_SMACK(tc01c_security_server_app_give_access_no_access)
-{
- const char *subject = "xxx45v34sfa";
- const char *object = "yyy78x2lkjz";
-
- SmackAccess smack;
- smack.add(subject, object, "-----");
- smack.apply();
-
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(object), "Error in smack_label_for_self");
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
- security_server_app_give_access(subject, getpid()));
-
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "r"));
-}
-
-RUNNER_TEST_SMACK(tc02_check_privilege_by_pid)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
- int ret;
- int pid;
-
- pid = getpid();
-
- //we checking existing rule, it should return positive
- ret = security_server_check_privilege_by_pid(pid, "_", "rx");
- RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
-
- //we checking rule with label that not exist
- ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
- RUNNER_ASSERT(ret != SECURITY_SERVER_API_SUCCESS);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc03_check_API_passwd_allow)
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- attempt = max_attempt = expire_sec = 0;
-
- clear_password();
-
- SecurityServer::AccessProvider provider(TEST03_SUBJECT);
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(nullptr, "12345", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- ret = security_server_reset_pwd("12345",0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc04_check_API_passwd_denied)
-{
- check_API_passwd(true);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc04_check_API_app_user_passwd_allow_nosmack)
-{
- check_API_passwd(false);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow)
-{
- SecurityServer::AccessProvider provider(TEST07_SUBJECT);
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc08_check_API_data_share_denied)
-{
- SecurityServer::AccessProvider provider(TEST08_SUBJECT);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_app_give_access(TEST08_SUBJECT, getpid());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_app_give_access should return access denied,"
- " ret: " << ret);
-}
-
-//////////////////////////////////////////
-/////////NOSMACK ENV TESTS////////////////
-//////////////////////////////////////////
-
-/**
- * NOSMACK version of tc01a and tc01c tests.
- *
- * SMACK is turned off - that means for us, that we don't need any accesses added to our process
- * in SMACK before dropping root privileges. This test drops root privileges, calls
- * security_server_app_give_access and then checks if smack_have_access returns error (because
- * SMACK is off).
- *
- * security_server_app_give_access shouldn't return anything else than success when SMACK is off,
- * hence there is only one test that replaces tests tc01a and tc01c.
- */
-RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_app_give_access_nosmack)
-{
- const char* subject = "abc345v34sfa";
- const char* object = "efg678x2lkjz";
- int result = 0;
-
- result = drop_root_privileges();
- RUNNER_ASSERT_MSG(result == 0,
- "Failed to drop root privileges. Result: " << result << "uid = " << getuid());
-
- result = security_server_app_give_access(subject, getpid());
- RUNNER_ASSERT_MSG(result == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_app_give_access. Result: " << result);
-
- result = smack_have_access(subject, object, "rwxat");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error when SMACK is off. Result: " << result);
-}
-
-/**
- * NOSMACK version of tc02 test.
- *
- * check_privilege_by_pid should always return success when SMACK is off, no matter if label is
- * real or not.
- */
-RUNNER_TEST_NOSMACK(tc02_check_privilege_by_pid_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
- int ret;
- int pid;
-
- pid = getpid();
-
- //we checking existing rule, it should return positive
- ret = security_server_check_privilege_by_pid(pid, "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_pid for existing label failed. Result: " << ret);
-
- //we checking rule with label that not exist
- ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_pid for nonexisting label failed. Result: " << ret);
-}
-
-/**
- * NOSMACK version of clear_password function.
- *
- * Compared to SMACK version of this function, this one skips adding rules and setting label.
- */
-int clear_password_nosmack()
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- if (getuid() == 0) {
- reset_security_server();
-
- attempt = max_attempt = expire_sec = UINT_MAX;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "is_pwd_faild should return no password error. Result: " << ret);
- RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec << ", should be 0.");
- RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt << ", should be 0.");
- RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt << ", should be 0.");
-
- return 0;
- }
- return -1;
-}
-
-/**
- * NOSMACK version of tc03 test.
- *
- * Just as tc01a/tc01c NOSMACK replacement, we don't need to do anything with SMACK because most
- * important functions will return errors (that is smack_accesses_apply/smack_have_access etc.).
- * First clear password, then drop privileges and proceed to regular testing.
- */
-
-RUNNER_CHILD_TEST_NOSMACK(tc03_check_API_passwd_allow_nosmack)
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- attempt = max_attempt = expire_sec = 0;
-
- clear_password_nosmack();
-
- // drop root privileges
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "set_pwd_validity should return no password error. Result: " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "set_pwd_max_challenge should return no password error. Result: " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "is_pwd_valid should return no password error. Result: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(nullptr, "12345", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "set_pwd failed. Result: " << ret);
-
- ret = security_server_reset_pwd("12345",0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "reset_pwd failed. Result: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "chk_pwd failed. Result: " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "set_pwd_history failed. Result: " << ret);
-}
-
-/**
- * NOSMACK version of tc07 test.
- *
- * Similarily to previous tests - no need to set self label because SMACK is off. Just as
- * tc01a/tc01c replacement, security_server_app_give_access should return only success. Hence the
- * NOSMACK version of tc08 test is skipped.
- */
-RUNNER_CHILD_TEST_NOSMACK(tc07_check_API_data_share_allow_nosmack)
-{
- int ret = -1;
-
- // drop root privileges
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "app_give_access failed. Result: " << ret);
-}
-
-int main(int argc, char *argv[]) {
- if (0 != getuid()) {
- printf("Error: %s must be executed by root\n", argv[0]);
- exit(1);
- }
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_weird_arguments.cpp
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Test cases for security server
- *
- */
-#include "tests_common.h"
-#include "security-server.h"
-#include <dpl/test/test_runner.h>
-#include <dpl/log/log.h>
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_WEIRD_ARGUMENTS);
-
-RUNNER_TEST(tc01_security_server_get_gid_weird_input_case)
-{
- int ret = 0;
- char weird[] = {static_cast <char> (0xe3), 0x79, static_cast <char> (0x82), 0x0};
-
- /* normal param case */
- ret = security_server_get_gid("tel_sim");
- RUNNER_ASSERT_MSG(ret > -1, "ret: " << ret);
-
- /* wrong param case */
- ret = security_server_get_gid("elephony_akecall");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret: " << ret);
-
- /* weird param case */
- ret = security_server_get_gid(weird);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret: " << ret);
-
- /* null param case */
- ret = security_server_get_gid(nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* param too long case */
- ret = security_server_get_gid("abcdefghijklmnopqrstuvwxyz01234");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* empty param case */
- ret = security_server_get_gid("");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-}
-
-/* from security_server_tests_server.cpp */
-
-RUNNER_TEST(tc03_security_server_request_cookie_weird_input_case)
-{
- int ret = 0;
- size_t cookie_size = security_server_get_cookie_size();
-
- /* null cookie case */
- char *cookie = nullptr;
-
- ret = security_server_request_cookie(cookie, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* buffer size too small case */
- cookie_size = 19;
- char cookie2[cookie_size];
-
- ret = security_server_request_cookie(cookie2, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret: " << ret);
-}
-
-RUNNER_TEST(tc04_security_server_check_privilege_weird_input_case)
-{
- int ret = 0;
- size_t cookie_size = security_server_get_cookie_size();
- gid_t gid = DB_ALARM_GID;
-
- /* null cookie case */
- char *cookie = nullptr;
-
- ret = security_server_check_privilege(cookie, gid);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- char cookie2[cookie_size];
-
- ret = security_server_request_cookie(cookie2, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- /* big gid case */
- gid = 70666;
-
- ret = security_server_check_privilege(cookie2, gid);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
-}
-RUNNER_TEST(tc05_security_server_check_privilege_by_cookie_weird_input_case)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- int ret = 0;
- size_t cookie_size = security_server_get_cookie_size();;
- const char *object = "telephony_makecall";
- const char *access_rights = "r";
-
- /* null cookie case */
- char *cookie = nullptr;
- ret = security_server_check_privilege_by_cookie(cookie, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* null object case */
- char *object2 = nullptr;
- char cookie2[cookie_size];
-
- ret = security_server_request_cookie(cookie2, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- ret = security_server_check_privilege_by_cookie(cookie2, object2, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* null access rights case */
- access_rights = nullptr;
- ret = security_server_check_privilege_by_cookie(cookie2, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-}
-
-RUNNER_TEST_SMACK(tc06_security_server_check_privilege_by_sockfd_weird_input_case)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- int ret = 0;
- int sockfd = -1;
- const char *object = "telephony_makecall";
- const char *access_rights = "r";
-
- /* invalid sockfd case */
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
- sockfd = 0;
-
- /* null object case */
- char *object2 = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object2, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* null access rights case */
- access_rights = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-}
-
-RUNNER_TEST(tc07_security_server_get_cookie_pid_weird_input_case)
-{
- int ret = 0;
- char *cookie = nullptr;
-
- ret = security_server_get_cookie_pid(cookie);
- RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
-}
-
-///////////////////////////
-/////NOSMACK ENV TESTS/////
-///////////////////////////
-
-/**
- * NOSMACK version of tc06 test.
- *
- * security_server_check_privilege_by_sockfd at first checks if SMACK exists and then checks if
- * params are correct. Even with incorrect params we should expect SUCCESS instead of
- * ERROR_INPUT_PARAM.
- */
-
-RUNNER_TEST_NOSMACK(tc06_security_server_check_privilege_by_sockfd_weird_input_case_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- int ret = 0;
- int sockfd = -1;
- const char* object = "telephony_makecall";
- const char* access_rights = "r";
-
- //invalid sockfd case
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_sockfd failed. Result: " << ret);
- sockfd = 0;
-
- //null object case
- char *object2 = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object2, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_sockfd failed. Result: " << ret);
-
- //null access rights case
- access_rights = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_sockfd failed. Result: " << ret);
-}
-
+++ /dev/null
-#!/bin/sh
-echo "[Trigerring all tests...]"
-
-total=0
-passed=0
-failed=0
-ignored=0
-
-ign="--runignored"
-if [ $# -gt 0 ]; then
- if [ "$1" = "--noignored" ]; then
- ign=""
- fi
-fi
-
-function addSummary
-{
- read -a words < summary.txt
- total=$((total + words[0]))
- passed=$((passed + words[1]))
- failed=$((failed + words[2]))
- ignored=$((ignored + words[3]))
-
- rm summary.txt
-}
-
-function runTest
-{
- # 'text' - console output
- # 'summary' - used for summary view
- security-tests.sh "$1" --output=text --output=summary "$ign"
- addSummary
-}
-
-function printSummary
-{
- COLOR_GREEN_START="\033[1;32m"
- COLOR_DARK_GREEN_START="\033[0;36m"
- COLOR_END="\033[m"
-
- printf "\n"
- printf "$COLOR_GREEN_START"
- printf "Summary\n"
- printf "$COLOR_END"
-
- printf "$COLOR_DARK_GREEN_START"
- printf " Total: %i\n" "$total"
- printf " Passed: %i\n" "$passed"
- printf " Failed: %i\n" "$failed"
- printf " Ignored: %i\n" "$ignored"
- printf "$COLOR_END"
- printf "\n"
-}
-
-runTest smack
-runTest smack-dbus
-#runTest libprivilege-control
-#runTest ss-clientsmack
-#runTest ss-server
-#runTest ss-password
-#runTest ss-privilege
-#runTest ss-stress
-runTest security-manager
-runTest cynara
-
-printSummary
-
-echo "[Done]"
+++ /dev/null
-#!/bin/sh
-
-#####################################################################
-# Copyright (c) 2012-2014 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#####################################################################
-
-#testing internet access and date on the target
-
-echo "### Starting tests ######################################################"
-
-case $1 in
-
-"smack")
- echo "========================================================================="
- echo $1
- echo
- libsmack-test "${@:2}" # propagate all remaining arguments (except first)
- ;;
-"smack-dbus")
- echo "========================================================================="
- echo "SMACK DBUS TEST"
- echo
- smack-dbus-tests "${@:2}"
- ;;
-"libprivilege-control")
- echo "========================================================================="
- echo $1
- echo
- libprivilege-control-test "${@:2}"
- ;;
-"ss-clientsmack")
- echo "========================================================================="
- echo "SECURITY SERVER TEST CLIENT SMACK"
- echo
- security-server-tests-client-smack "${@:2}"
- ;;
-"ss-stress")
- echo "========================================================================="
- echo "SECURITY SERVER TEST STRESS"
- echo
- security-server-tests-stress "${@:2}"
- ;;
-"ss-server")
- echo "========================================================================="
- echo "SECURITY SERVER TEST SERVER"
- echo
- security-server-tests-server "${@:2}"
- ;;
-"ss-api-speed")
- echo "========================================================================="
- echo "SECURITY SERVER MEASURER SERVER"
- echo
- security-server-tests-api-speed "${@:2}"
- ;;
-"ss-password")
- echo "========================================================================="
- echo "SECURITY SERVER TEST PASSWORD"
- echo
- security-server-tests-password "${@:2}"
- ;;
-"ss-privilege")
- echo "========================================================================="
- echo "SECURITY SERVER TEST PRIVILEGE"
- echo
- security-server-tests-privilege "${@:2}"
- ;;
-"security-manager")
- echo "========================================================================="
- echo "SECURITY MANAGER TESTS"
- echo
- security-manager-tests "${@:2}"
- ;;
-"cynara")
- echo "========================================================================="
- echo "CYNARA TEST"
- echo
- cynara-test "${@:2}"
- ;;
-*)
- echo "Correct using:"
- echo " security_test.sh <module> <args_for_module>"
- echo
- echo "modules: smack, smack-dbus, libprivilege-control, ss-clientsmack"
- echo " ss-server, ss-api-speed, ss-password, ss-stress"
- echo " ss-privilege, security-manager, cynara"
- ;;
-
-esac
-
-echo "### Tests done ##########################################################"
+++ /dev/null
-#
-#Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Michal Eljasiewicz (m.eljasiewic@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(SMACK_DBUS_TESTS_DEP
- libsmack
- dbus-1
- REQUIRED)
-
-# Targets definition
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SMACK_DBUS_TESTS_DEP_INCLUDE_DIRS}
- )
-
-SET(TARGET_SMACK_DBUS_TESTS "smack-dbus-tests")
-
-# Sources definition
-
-SET(SMACK_DBUS_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/smack-dbus-tests/smack_dbus_tests.cpp
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/tests/common/
- )
-
-ADD_EXECUTABLE(${TARGET_SMACK_DBUS_TESTS} ${SMACK_DBUS_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_SMACK_DBUS_TESTS}
- ${SMACK_DBUS_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-# Installation
-
-INSTALL(TARGETS ${TARGET_SMACK_DBUS_TESTS} DESTINATION /usr/bin)
+++ /dev/null
-#include <cstring>
-#include <unistd.h>
-#include <sys/smack.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dbus/dbus.h>
-#include "tests_common.h"
-
-#define DBUS_SERVER_NAME "test.method.server"
-#define DBUS_CALLER_NAME "test.method.caller"
-
-#define DBUS_SMACK_NAME "org.freedesktop.DBus"
-#define DBUS_SMACK_OBJECT "/org/freedesktop/DBus"
-#define DBUS_SMACK_INTERFACE "org.freedesktop.DBus"
-#define DBUS_SMACK_METHOD "GetConnectionCredentials"
-
-RUNNER_TEST_GROUP_INIT(SMACK_DBUS);
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tc01_smack_context_from_DBus)
-{
- RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method"
- " yet.");
-
- int ret = -1;
- const char *subject_parent = "subject_parent";
- const char *subject_child = "subject_child";
-
- DBusMessage* msg = nullptr;
- DBusMessageIter args, iter, var, var_iter, var_value;
- DBusConnection* conn = nullptr;
- DBusError err;
- DBusPendingCall *pending = nullptr;
- const char *dbus_server_name = DBUS_SERVER_NAME;
- char *smack_context = nullptr;
-
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed");
-
- if (pid == 0) {
- // child
- ret = smack_set_label_for_self(subject_child);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- "smack_set__label_for_self() failed, ret: " << ret);
-
- // initialize the errors
- dbus_error_init(&err);
-
- // connect to the system bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus
- ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // crate a new method call for checking SMACK context from DBus interface
- msg = dbus_message_new_method_call(DBUS_SMACK_NAME,
- DBUS_SMACK_OBJECT,
- DBUS_SMACK_INTERFACE,
- DBUS_SMACK_METHOD);
-
- RUNNER_ASSERT_MSG(nullptr != msg,
- "dbus_message_new_method_call() failed, ret: " << ret);
-
- // append arguments, we need SMACK context for our parent process "test.method.server"
- dbus_message_iter_init_append(msg, &args);
- ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name);
- RUNNER_ASSERT_MSG(1 == ret, "Out of memory");
-
- // wait for parent to connect to DBus
- sleep(3);
-
- // send message and get a handle for a reply
- // -1 is default timeout
- ret = dbus_connection_send_with_reply (conn, msg, &pending, -1);
- RUNNER_ASSERT_MSG(1 == ret, "Out of memory");
- RUNNER_ASSERT_MSG(nullptr != pending, "Pending call null");
-
- dbus_connection_flush(conn);
-
- // free message
- dbus_message_unref(msg);
-
- // block until reply
- dbus_pending_call_block(pending);
-
- // get the reply
- msg = dbus_pending_call_steal_reply(pending);
- RUNNER_ASSERT_MSG(nullptr != msg, "Reply null");
-
- // free message handle
- dbus_pending_call_unref(pending);
-
- ret = dbus_message_iter_init(msg, &iter);
- RUNNER_ASSERT_MSG(0 != ret, "Message has no arguments");
-
- dbus_message_iter_recurse(&iter, &var);
-
- while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var, &var_iter);
- while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var_iter, &var_value);
- switch(dbus_message_iter_get_arg_type(&var_value)) {
- case DBUS_TYPE_STRING:
- dbus_message_iter_get_basic(&var_value, &smack_context);
- break;
- default:
- ;
- }
- dbus_message_iter_next(&var_iter);
- }
- dbus_message_iter_next(&var);
- }
-
- // free reply and close connection
- dbus_message_unref(msg);
- dbus_connection_unref(conn);
-
- RUNNER_ASSERT(smack_context != nullptr);
- ret = strcmp(smack_context, subject_parent);
- RUNNER_ASSERT_MSG(0 == ret,
- "Context mismatch! context from dbus: " << smack_context);
-
- exit(0);
-
- } else {
- // parent
- ret = smack_set_label_for_self(subject_parent);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- "smack_set_label_for_self() failed, ret: " << ret);
-
- // initialise the error
- dbus_error_init(&err);
-
- // connect to the bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus and check for errors
- ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // close the connection
- dbus_connection_unref(conn);
- }
-}
-
-///////////////////////////////////////
-//////NOSMACK ENV TESTS////////////////
-///////////////////////////////////////
-
-RUNNER_MULTIPROCESS_TEST_NOSMACK(tc01_smack_context_from_DBus_nosmack)
-{
- RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method"
- " yet.");
-
- int ret = -1;
- const char* subject_parent = "subject_parent";
-
- DBusMessage* msg = nullptr;
- DBusMessageIter args, iter, var, var_iter, var_value;
- DBusConnection* conn = nullptr;
- DBusError err;
- DBusPendingCall *pending = nullptr;
- const char *dbus_server_name = DBUS_SERVER_NAME;
- char *smack_context = nullptr;
-
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed");
-
- if (pid == 0) {
- // child
-
- // initialize the errors
- dbus_error_init(&err);
-
- // connect to the system bus and check for errors; failure = exit with result 1
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_FAIL_MSG("Failed to connect to system bus. Ret " << ret);
- }
-
- // request our name on the bus; failure = exit with result 2
- ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_FAIL_MSG("Failed to request name on the bus. Ret " << ret);
- }
-
- // crate a new method call for checking SMACK context from DBus interface
- msg = dbus_message_new_method_call(DBUS_SMACK_NAME,
- DBUS_SMACK_OBJECT,
- DBUS_SMACK_INTERFACE,
- DBUS_SMACK_METHOD);
-
- RUNNER_ASSERT_MSG(msg != nullptr, "dbus_message_new_method_call() failed.");
-
- // append arguments, we need SMACK context for our parent process "test.method.server"
- dbus_message_iter_init_append(msg, &args);
- ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name);
- RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret);
-
- // wait for parent to connect to DBus
- sleep(3);
-
- // send message and get a handle for a reply
- // -1 is default timeout
- ret = dbus_connection_send_with_reply (conn, msg, &pending, -1);
- RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret);
- RUNNER_ASSERT_MSG(pending != nullptr, "Pending call is nullptr.");
-
- dbus_connection_flush(conn);
-
- // free message
- dbus_message_unref(msg);
-
- // block until reply
- dbus_pending_call_block(pending);
-
- // get the reply
- msg = dbus_pending_call_steal_reply(pending);
- RUNNER_ASSERT_MSG(msg != nullptr, "Failed to get the reply from bus.");
-
- // free message handle
- dbus_pending_call_unref(pending);
-
- ret = dbus_message_iter_init(msg, &iter);
- RUNNER_ASSERT_MSG(ret != 0, "DBus message has no arguments. Ret " << ret);
-
- dbus_message_iter_recurse(&iter, &var);
- while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var, &var_iter);
- while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var_iter, &var_value);
- switch(dbus_message_iter_get_arg_type(&var_value)) {
- case DBUS_TYPE_STRING:
- dbus_message_iter_get_basic(&var_value, &smack_context);
- break;
- default:
- ;
- }
- dbus_message_iter_next(&var_iter);
- }
- dbus_message_iter_next(&var);
- }
-
- // free reply and close connection
- dbus_message_unref(msg);
- dbus_connection_unref(conn);
-
- RUNNER_ASSERT(smack_context != nullptr);
- ret = strcmp(smack_context, subject_parent);
- RUNNER_ASSERT_MSG(ret == 0, "Context mismatch. Context " << smack_context);
-
- exit(0);
-
- } else {
- // parent
-
- // initialise the error
- dbus_error_init(&err);
-
- // connect to the bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus and check for errors
- ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // close the connection
- dbus_connection_unref(conn);
- }
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-#!/bin/sh
-
-NOF_TRIES=3
-i=$NOF_TRIES
-ERR_FILE=error.log
-RESULTS_FILE=results.log
-
-SUM=0
-
-black="\033[0;30m";
-red="\033[0;31m";
-green="\033[0;32m";
-brown="\033[0;33m";
-blue="\033[0;34m";
-purple="\033[0;35m";
-grey="\033[1;30m";
-yellow="\033[1;33m";
-default="\033[0m";
-
-
-function echo_as_percent () {
-full=$(( $1 / 100 ))
-rest_full=$(( $1 % 100 ))
-dec=$(($rest_full / 10 ))
-rest_dec=$(($rest_full % 10 ))
-echo "$full.$dec$rest_dec%"
-echo "$full.$dec$rest_dec%" >> $RESULTS_FILE
-
-}
-
-date >> $RESULTS_FILE
-date >> $ERR_FILE
-
-while [ $((i--)) -gt 0 ]
-do
-echo -e "$blue==============test no $i=============$default"
-
-perf record -a -g & > /dev/null 2> /dev/null
-sleep 1
-security-tests-all.sh > /dev/null 2> /dev/null
-pkill -SIGINT perf
-
-sleep 2
-
-echo "perf results:"
-perf report -U -s symbol -gflat,1,caller 2>> $ERR_FILE | grep smk
-OUTPUT=$(perf report -U -s symbol -gflat,1,caller 2>> $ERR_FILE | grep smk | sed "s:%.*$::g;s:^[ \t]::g;s:[^0-9]::g;s:^0::g;s:^0::g;s:$:+:g;$ s:+::" | tr -d "\n")
-
-echo -e "$blue sum:"
-echo_as_percent $(($OUTPUT))
-echo -e "$default"
-
-SUM=$(($SUM + $OUTPUT))
-
-done
-echo -e "$blue==============done============="
-OUTPUT=$(($SUM/3))
-echo "average:"
-echo "average:" >> $RESULTS_FILE
-echo_as_percent $OUTPUT
-echo -e "$default"
-
-
projects / platform / core / test / security-tests.git / commitdiff