############################# Targets names ###################################
SET(TARGET_CKM_TESTS "ckm-tests")
+SET(TARGET_CKMI_TESTS "ckm-integration-tests")
SET(COMMON_TARGET_TEST "tests-common")
############################# subdirectories ##################################
<filesystem path="/usr/bin/security-manager-tests" exec_label="_" />
<filesystem path="/usr/bin/cynara-tests" exec_label="_" />
<filesystem path="/usr/bin/ckm-tests" exec_label="User" />
+ <filesystem path="/usr/bin/ckm-tests" exec_label="System" />
<filesystem path="/usr/bin/test-app-wgt" exec_label="User" />
<filesystem path="/usr/bin/test-app-efl" exec_label="User" />
/usr/bin/test-app-wgt
/usr/bin/cynara-test
/usr/bin/ckm-tests
+/usr/bin/ckm-integration-tests
/usr/share/ckm-test/*
/etc/security-tests
/usr/lib/security-tests/cynara-tests/plugins/single-policy/*
ADD_SUBDIRECTORY(common)
ADD_SUBDIRECTORY(ckm)
+ADD_SUBDIRECTORY(ckm-integration)
ADD_SUBDIRECTORY(libprivilege-control-tests)
ADD_SUBDIRECTORY(libsmack-tests)
ADD_SUBDIRECTORY(smack-dbus-tests)
--- /dev/null
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @brief
+#
+
+INCLUDE(FindPkgConfig)
+
+PKG_CHECK_MODULES(CKMI_DEP
+ REQUIRED
+ libsmack
+ libgum
+ key-manager
+ security-manager
+ dbus-1
+ vconf
+ REQUIRED)
+
+SET(CKMI_SOURCES_DIR ${PROJECT_SOURCE_DIR}/src/ckm-integration)
+
+SET(CKMI_SOURCES
+ ${CKMI_SOURCES_DIR}/process-settings/change-uid.cpp
+ ${CKMI_SOURCES_DIR}/process-settings/create-user.cpp
+ ${CKMI_SOURCES_DIR}/process-settings/change-smack.cpp
+ ${CKMI_SOURCES_DIR}/process-settings/install-app.cpp
+ ${CKMI_SOURCES_DIR}/process-settings/unlock-ckm.cpp
+ ${CKMI_SOURCES_DIR}/ckm-policy.cpp
+ ${CKMI_SOURCES_DIR}/group01.cpp
+ ${CKMI_SOURCES_DIR}/group02.cpp
+ ${CKMI_SOURCES_DIR}/main.cpp
+)
+
+INCLUDE_DIRECTORIES(SYSTEM ${CKMI_DEP_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ )
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm-integration/ )
+
+ADD_EXECUTABLE(${TARGET_CKMI_TESTS} ${CKMI_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_CKMI_TESTS} ${CKMI_DEP_LIBRARIES} ${COMMON_TARGET_TEST})
+
+INSTALL(TARGETS ${TARGET_CKMI_TESTS} DESTINATION bin)
+
#include <process-settings/change-smack.h>
#include <process-settings/install-app.h>
#include <process-settings/create-user.h>
+#include <process-settings/unlock-ckm.h>
class CKMPolicy : public ProcessSettings::Policy {
public:
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file group01.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-password.h>
+#include <ckm/ckm-type.h>
+
+#include <ckm-policy.h>
+
+typedef ProcessSettings::Executor<
+ CKMPolicy,
+ ProcessSettings::CreateUser,
+ ProcessSettings::InstallApp,
+ ProcessSettings::ChangeSmack,
+ ProcessSettings::ChangeUid> ProcSettings;
+
+RUNNER_TEST_GROUP_INIT(GROUP_01_ControlApiAccess);
+
+RUNNER_CHILD_TEST(G01T01_ControlNegative) {
+ // Socket is secured with 0700
+ // in this test we have no access to this socket
+ // DAC should DENIED access to CKM
+ ProcSettings ps("PkgIdG01T01", "UserG01T01", PrivNone);
+ ps.Apply();
+
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(),
+ "simple-password")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = control->unlockUserKey(ps.GetUid(), "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = control->lockUserKey(ps.GetUid())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(G01T02_ControlPositive) {
+ // We have root privileges.
+ // We should be able to control data.
+ // The cynara should give us an access.
+ uid_t USER_UID = 5102;
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID,
+ "simple-password")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID, "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_UID, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_UID)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_UID, "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file group02.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-password.h>
+#include <ckm/ckm-type.h>
+
+#include <ckm-policy.h>
+
+typedef ProcessSettings::Executor<
+ CKMPolicy,
+ ProcessSettings::CreateUser,
+ ProcessSettings::UnlockCkm,
+ ProcessSettings::InstallApp,
+ ProcessSettings::ChangeSmack,
+ ProcessSettings::ChangeUid> PS;
+
+typedef ProcessSettings::Executor<
+ CKMPolicy,
+ ProcessSettings::CreateUser,
+ ProcessSettings::UnlockCkm,
+ ProcessSettings::InstallApp,
+ ProcessSettings::ChangeSmack> PSNoUid;
+
+typedef ProcessSettings::Executor<
+ CKMPolicy,
+ ProcessSettings::ChangeUid> PSUid;
+
+RUNNER_TEST_GROUP_INIT(GROUP_02_StorageApiAccess);
+
+RUNNER_CHILD_TEST(G02T01_StorageNegative) {
+ // We are ordinary user without any privileges.
+ // Cynara should deny all accesses.
+ PS ps("PkgIdG02T01", "UserG02T01", PrivNone);
+ ps.Apply();
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string data = "Custom data";
+ CKM::RawBuffer rawBuffer(data.begin(), data.end());
+ CKM::RawBuffer output;
+ const char *alias = "dataG02T01";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(G02T02_StoragePositive) {
+ // We are root. We will be allowed.
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string data = "Custom data";
+ CKM::RawBuffer rawBuffer(data.begin(), data.end());
+ CKM::RawBuffer output;
+ const char *alias = "/System dataG02T02";
+
+ // This funciton may return error.
+ manager->removeAlias(alias);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData(alias, CKM::Password(), output)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
+}
+
+RUNNER_CHILD_TEST(G02T03_StoragePositive) {
+ // We are oridinary user with proper privileges.
+ PS ps("PkgIdG02T03", "UserG02T03", PrivCKMStore);
+ ps.Apply();
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string data = "Custom data";
+ CKM::RawBuffer rawBuffer(data.begin(), data.end());
+ CKM::RawBuffer output;
+ const char *dataAlias = "dataG02T03";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData(dataAlias, rawBuffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData(dataAlias, CKM::Password(), output)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
+}
+
+RUNNER_CHILD_TEST(G02T04_StorageNegative) {
+ // There is some user with privileges but we are
+ // are ordinary user without any.
+ // Cynara should deny all accesses.
+ PSNoUid ps("PkgIdG02T04", "UserG02T04", PrivCKMBoth);
+ ps.Apply();
+
+ PSUid ps2("", "", PrivNone);
+ ps2.SetUid(ps.GetUid()+1);
+ ps2.Apply();
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string data = "Custom data";
+ CKM::RawBuffer rawBuffer(data.begin(), data.end());
+ CKM::RawBuffer output;
+ const char *alias = "dataG02T04";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(G02T05_StorageNegative) {
+ // We have wrong privilege.
+ // Cynara should deny all accesses to storage.
+ PSNoUid ps("PkgIdG02T05", "UserG02T05", PrivCKMControl);
+ ps.Apply();
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string data = "Custom data";
+ CKM::RawBuffer rawBuffer(data.begin(), data.end());
+ CKM::RawBuffer output;
+ const char *alias = "dataG02T05";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file main.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#include <dpl/test/test_runner.h>
+
+int main (int argc, char *argv[]) {
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
+
+
g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL);
g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL);
gboolean added = gum_user_add_sync(m_guser);
- RUNNER_ASSERT_MSG(added, "Failed to add user");
+ RUNNER_ASSERT_MSG(added, "Failed to add user: " << m_userName);
g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL);
RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0.");
g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL);