CKMI: Add ckm-integration tests. 58/48058/5
authorBartlomiej Grzelewski <b.grzelewski@samsung.com>
Fri, 11 Sep 2015 12:45:43 +0000 (14:45 +0200)
committerBartlomiej Grzelewski <b.grzelewski@samsung.com>
Thu, 17 Sep 2015 13:55:18 +0000 (15:55 +0200)
Change-Id: I6a253a2a763e49d61c4b758b87ac240f06536bff

CMakeLists.txt
packaging/security-tests.manifest
packaging/security-tests.spec
src/CMakeLists.txt
src/ckm-integration/CMakeLists.txt [new file with mode: 0644]
src/ckm-integration/ckm-policy.h
src/ckm-integration/group01.cpp [new file with mode: 0644]
src/ckm-integration/group02.cpp [new file with mode: 0644]
src/ckm-integration/main.cpp [new file with mode: 0644]
src/ckm-integration/process-settings/create-user.cpp

index 8b76681002c9becdd96a48ac8eb0d2319aa9768c..c20c6bc1a58db28a0a3596ecc96a72de608ce9e4 100644 (file)
@@ -81,6 +81,7 @@ ENDIF(SMACK_ENABLE)
 ############################# Targets names ###################################
 
 SET(TARGET_CKM_TESTS "ckm-tests")
+SET(TARGET_CKMI_TESTS "ckm-integration-tests")
 SET(COMMON_TARGET_TEST "tests-common")
 
 ############################# subdirectories ##################################
index 9a62ddcc3062fad07deef02bc762421e844ba69d..dc317950001953083998f37c2f138a4befe6dca7 100644 (file)
@@ -18,6 +18,7 @@
         <filesystem path="/usr/bin/security-manager-tests" exec_label="_" />
         <filesystem path="/usr/bin/cynara-tests" exec_label="_" />
         <filesystem path="/usr/bin/ckm-tests" exec_label="User" />
+        <filesystem path="/usr/bin/ckm-tests" exec_label="System" />
 
         <filesystem path="/usr/bin/test-app-wgt" exec_label="User" />
         <filesystem path="/usr/bin/test-app-efl" exec_label="User" />
index 54174ce39441688843f78793c36f927f29fcfa29..3ecc2302b917f88efb91897ec5304161868b986f 100644 (file)
@@ -105,6 +105,7 @@ echo "security-tests postinst done ..."
 /usr/bin/test-app-wgt
 /usr/bin/cynara-test
 /usr/bin/ckm-tests
+/usr/bin/ckm-integration-tests
 /usr/share/ckm-test/*
 /etc/security-tests
 /usr/lib/security-tests/cynara-tests/plugins/single-policy/*
index dfc23dc5f7c71d6f0a64456790970fe1b6032c0f..a73e120cc1d7768c0d736aaf789b96494cc56290 100644 (file)
@@ -83,6 +83,7 @@ INSTALL(FILES
 
 ADD_SUBDIRECTORY(common)
 ADD_SUBDIRECTORY(ckm)
+ADD_SUBDIRECTORY(ckm-integration)
 ADD_SUBDIRECTORY(libprivilege-control-tests)
 ADD_SUBDIRECTORY(libsmack-tests)
 ADD_SUBDIRECTORY(smack-dbus-tests)
diff --git a/src/ckm-integration/CMakeLists.txt b/src/ckm-integration/CMakeLists.txt
new file mode 100644 (file)
index 0000000..9ee8ce4
--- /dev/null
@@ -0,0 +1,55 @@
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# @file        CMakeLists.txt
+# @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @brief
+#
+
+INCLUDE(FindPkgConfig)
+
+PKG_CHECK_MODULES(CKMI_DEP
+    REQUIRED
+    libsmack
+    libgum
+    key-manager
+    security-manager
+    dbus-1
+    vconf
+    REQUIRED)
+
+SET(CKMI_SOURCES_DIR ${PROJECT_SOURCE_DIR}/src/ckm-integration)
+
+SET(CKMI_SOURCES
+    ${CKMI_SOURCES_DIR}/process-settings/change-uid.cpp
+    ${CKMI_SOURCES_DIR}/process-settings/create-user.cpp
+    ${CKMI_SOURCES_DIR}/process-settings/change-smack.cpp
+    ${CKMI_SOURCES_DIR}/process-settings/install-app.cpp
+    ${CKMI_SOURCES_DIR}/process-settings/unlock-ckm.cpp
+    ${CKMI_SOURCES_DIR}/ckm-policy.cpp
+    ${CKMI_SOURCES_DIR}/group01.cpp
+    ${CKMI_SOURCES_DIR}/group02.cpp
+    ${CKMI_SOURCES_DIR}/main.cpp
+)
+
+INCLUDE_DIRECTORIES(SYSTEM ${CKMI_DEP_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ )
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm-integration/ )
+
+ADD_EXECUTABLE(${TARGET_CKMI_TESTS} ${CKMI_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_CKMI_TESTS} ${CKMI_DEP_LIBRARIES} ${COMMON_TARGET_TEST})
+
+INSTALL(TARGETS ${TARGET_CKMI_TESTS} DESTINATION bin)
+
index 10511417db5ffc4592e2d9a362d8d8a03c35bf63..967e5804262651e351498c17f458d816bc352d6c 100644 (file)
@@ -26,6 +26,7 @@
 #include <process-settings/change-smack.h>
 #include <process-settings/install-app.h>
 #include <process-settings/create-user.h>
+#include <process-settings/unlock-ckm.h>
 
 class CKMPolicy : public ProcessSettings::Policy {
 public:
diff --git a/src/ckm-integration/group01.cpp b/src/ckm-integration/group01.cpp
new file mode 100644 (file)
index 0000000..3b75177
--- /dev/null
@@ -0,0 +1,120 @@
+/*
+ *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file       group01.cpp
+ * @author     Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version    1.0
+ */
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-password.h>
+#include <ckm/ckm-type.h>
+
+#include <ckm-policy.h>
+
+typedef ProcessSettings::Executor<
+    CKMPolicy,
+    ProcessSettings::CreateUser,
+    ProcessSettings::InstallApp,
+    ProcessSettings::ChangeSmack,
+    ProcessSettings::ChangeUid> ProcSettings;
+
+RUNNER_TEST_GROUP_INIT(GROUP_01_ControlApiAccess);
+
+RUNNER_CHILD_TEST(G01T01_ControlNegative) {
+    // Socket is secured with 0700
+    // in this test we have no access to this socket
+    // DAC should DENIED access to CKM
+    ProcSettings ps("PkgIdG01T01", "UserG01T01", PrivNone);
+    ps.Apply();
+
+    int temp;
+    auto control = CKM::Control::create();
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(),
+        "simple-password")),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = control->unlockUserKey(ps.GetUid(), "test-pass")),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = control->lockUserKey(ps.GetUid())),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
+        "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(G01T02_ControlPositive) {
+    // We have root privileges.
+    // We should be able to control data.
+    // The cynara should give us an access.
+    uid_t USER_UID = 5102;
+    int temp;
+    auto control = CKM::Control::create();
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID,
+        "simple-password")),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID, "something")),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_UID, "test-pass")),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_UID)),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_UID, "something")),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
+        "Error=" << CKM::ErrorToString(temp));
+}
+
diff --git a/src/ckm-integration/group02.cpp b/src/ckm-integration/group02.cpp
new file mode 100644 (file)
index 0000000..98320c6
--- /dev/null
@@ -0,0 +1,173 @@
+/*
+ *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file       group02.cpp
+ * @author     Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version    1.0
+ */
+
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-password.h>
+#include <ckm/ckm-type.h>
+
+#include <ckm-policy.h>
+
+typedef ProcessSettings::Executor<
+    CKMPolicy,
+    ProcessSettings::CreateUser,
+    ProcessSettings::UnlockCkm,
+    ProcessSettings::InstallApp,
+    ProcessSettings::ChangeSmack,
+    ProcessSettings::ChangeUid> PS;
+
+typedef ProcessSettings::Executor<
+    CKMPolicy,
+    ProcessSettings::CreateUser,
+    ProcessSettings::UnlockCkm,
+    ProcessSettings::InstallApp,
+    ProcessSettings::ChangeSmack> PSNoUid;
+
+typedef ProcessSettings::Executor<
+    CKMPolicy,
+    ProcessSettings::ChangeUid> PSUid;
+
+RUNNER_TEST_GROUP_INIT(GROUP_02_StorageApiAccess);
+
+RUNNER_CHILD_TEST(G02T01_StorageNegative) {
+    // We are ordinary user without any privileges.
+    // Cynara should deny all accesses.
+    PS ps("PkgIdG02T01", "UserG02T01", PrivNone);
+    ps.Apply();
+
+    int temp;
+    auto manager = CKM::Manager::create();
+    std::string data = "Custom data";
+    CKM::RawBuffer rawBuffer(data.begin(), data.end());
+    CKM::RawBuffer output;
+    const char *alias = "dataG02T01";
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
+        "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(G02T02_StoragePositive) {
+    // We are root. We will be allowed.
+    int temp;
+    auto manager = CKM::Manager::create();
+    std::string data = "Custom data";
+    CKM::RawBuffer rawBuffer(data.begin(), data.end());
+    CKM::RawBuffer output;
+    const char *alias = "/System dataG02T02";
+
+    // This funciton may return error.
+    manager->removeAlias(alias);
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = manager->getData(alias, CKM::Password(), output)),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
+}
+
+RUNNER_CHILD_TEST(G02T03_StoragePositive) {
+    // We are oridinary user with proper privileges.
+    PS ps("PkgIdG02T03", "UserG02T03", PrivCKMStore);
+    ps.Apply();
+
+    int temp;
+    auto manager = CKM::Manager::create();
+    std::string data = "Custom data";
+    CKM::RawBuffer rawBuffer(data.begin(), data.end());
+    CKM::RawBuffer output;
+    const char *dataAlias = "dataG02T03";
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = manager->saveData(dataAlias, rawBuffer, CKM::Policy())),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = manager->getData(dataAlias, CKM::Password(), output)),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
+}
+
+RUNNER_CHILD_TEST(G02T04_StorageNegative) {
+    // There is some user with privileges but we are
+    // are ordinary user without any.
+    // Cynara should deny all accesses.
+    PSNoUid ps("PkgIdG02T04", "UserG02T04", PrivCKMBoth);
+    ps.Apply();
+
+    PSUid ps2("", "", PrivNone);
+    ps2.SetUid(ps.GetUid()+1);
+    ps2.Apply();
+
+    int temp;
+    auto manager = CKM::Manager::create();
+    std::string data = "Custom data";
+    CKM::RawBuffer rawBuffer(data.begin(), data.end());
+    CKM::RawBuffer output;
+    const char *alias = "dataG02T04";
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
+        "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(G02T05_StorageNegative) {
+    // We have wrong privilege.
+    // Cynara should deny all accesses to storage.
+    PSNoUid ps("PkgIdG02T05", "UserG02T05", PrivCKMControl);
+    ps.Apply();
+
+    int temp;
+    auto manager = CKM::Manager::create();
+    std::string data = "Custom data";
+    CKM::RawBuffer rawBuffer(data.begin(), data.end());
+    CKM::RawBuffer output;
+    const char *alias = "dataG02T05";
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
+        "Error=" << CKM::ErrorToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
+        "Error=" << CKM::ErrorToString(temp));
+}
+
+
diff --git a/src/ckm-integration/main.cpp b/src/ckm-integration/main.cpp
new file mode 100644 (file)
index 0000000..6c5ea6b
--- /dev/null
@@ -0,0 +1,27 @@
+/*
+ *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file       main.cpp
+ * @author     Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version    1.0
+ */
+#include <dpl/test/test_runner.h>
+
+int main (int argc, char *argv[]) {
+    return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
+
+
index 48c9f3f75563a1ddf4db9e427e91386a65dd6daa..0a5b05cb8ce11e405f53fab197c31528cf15a11d 100644 (file)
@@ -42,7 +42,7 @@ void CreateUser::Apply()
     g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL);
     g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL);
     gboolean added = gum_user_add_sync(m_guser);
-    RUNNER_ASSERT_MSG(added, "Failed to add user");
+    RUNNER_ASSERT_MSG(added, "Failed to add user: " << m_userName);
     g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL);
     RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0.");
     g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL);