#include <tests_common.h>
#include <ckm-common.h>
-#include <scoped-app-context.h>
+#include <scoped_app_launcher.h>
+#include <scoped_installer.h>
+#include <test_user.h>
#include <ckmc/ckmc-manager.h>
#include <ckmc/ckmc-control.h>
#include <ckm/ckm-type.h>
namespace {
-const uid_t ROOT_USER_ID = 0;
-const uid_t USER_ID_1 = 6000;
-const gid_t GROUP_ID_1 = 6000;
-const uid_t USER_ID_2 = 6200;
-const gid_t GROUP_ID_2 = 6200;
const char * const APP_PASS_1 = "app-pass-1";
const char * const APP_PASS_2 = "app-pass-2";
-const char* APP_LABEL_1 = TEST_LABEL;
-const char* APP_LABEL_2 = TEST_LABEL_2;
-const char* APP_LABEL_3 = TEST_LABEL_3;
-const char* APP_LABEL_4 = TEST_LABEL_4;
-
const char* NO_ALIAS = "definitely-non-existent-alias";
const char* NO_OWNER = "definitely-non-existent-owner";
"zQIDAQAB\n"
"-----END PUBLIC KEY-----";
-void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
+uid_t USER_ID;
+uid_t USER_ID_2;
+constexpr uid_t SYSTEM_USER = 0;
+std::string PKG_ID;
+std::string PKG_ID2;
+std::string PKG_ID3;
+
+void allow_access_deprecated(const std::string &alias,
+ const std::string &accessor,
+ ckmc_access_right_e accessRights)
{
- int ret = ckmc_allow_access(alias, accessor, accessRights);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
+ int ret = ckmc_allow_access(alias.c_str(), accessor.c_str(), accessRights);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
+ "Trying to allow access returned: " << CKMCErrorToString(ret));
}
-void allow_access_deprecated_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, ckmc_access_right_e accessRights)
+void allow_access_deprecated_by_adm(uid_t uid,
+ const std::string &label,
+ const std::string &alias,
+ const std::string &accessor,
+ ckmc_access_right_e accessRights)
{
// data removal should revoke this access
- int ret = ckmc_allow_access_by_adm(uid, label, alias, accessor, accessRights);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
+ int ret = ckmc_allow_access_by_adm(uid,
+ label.c_str(),
+ alias.c_str(),
+ accessor.c_str(),
+ accessRights);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
+ "Trying to allow access returned: " << CKMCErrorToString(ret));
}
-void allow_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, int permissionMask)
+void allow_access_by_adm(uid_t uid,
+ const std::string &label,
+ const std::string &alias,
+ const std::string &accessor,
+ int permissionMask)
{
// data removal should revoke this access
- int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, permissionMask);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
+ int ret = ckmc_set_permission_by_adm(uid,
+ aliasWithLabel(label, alias).c_str(),
+ accessor.c_str(),
+ permissionMask);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
+ "Trying to allow access returned: " << CKMCErrorToString(ret));
}
-void deny_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor)
+void deny_access_by_adm(uid_t uid,
+ const std::string &label,
+ const std::string &alias,
+ const std::string &accessor)
{
- int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(uid,
+ aliasWithLabel(label, alias).c_str(),
+ accessor.c_str(),
+ CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret));
}
RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
}
-void remove_alias(const char *alias)
+void remove_alias(const std::string& alias)
{
- int ret = ckmc_remove_alias(alias);
+ int ret = ckmc_remove_alias(alias.c_str());
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Removing alias failed. " << CKMCErrorToString(ret));
}
-} // namespace anonymous
+std::unique_ptr<AppInstallHelper> USER1_APP1;
+std::unique_ptr<AppInstallHelper> USER1_APP2;
+std::unique_ptr<AppInstallHelper> USER1_APP3;
+std::unique_ptr<AppInstallHelper> USER2_APP1;
-RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_USER_C_API);
+class AppInstallationFixture: public DPL::Test::TestGroup
+{
+public:
+ void Init() override
+ {
+ m_user = std::make_unique<TestUser>(
+ TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false));
+ USER_ID = m_user->getUid();
+ m_user2 = std::make_unique<TestUser>(
+ TestUser::createTemporary("ckm_test_user2", GUM_USERTYPE_NORMAL, false));
+ USER_ID_2 = m_user2->getUid();
-/////////////////////////////////////////////////////////////////////////////
-// Manager
-RUNNER_TEST(T3000_init)
-{
- reset_user_data(USER_ID_1, APP_PASS_1);
- reset_user_data(USER_ID_2, APP_PASS_2);
-}
+ USER1_APP1 = std::make_unique<AppInstallHelper>("ckm_test_user1_app1", m_user->getUid());
+ m_installerU1A1 = std::make_unique<ScopedInstaller>(*USER1_APP1);
-// invalid arguments check
-RUNNER_TEST(T3001_manager_allow_access_invalid)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
+ USER1_APP2 = std::make_unique<AppInstallHelper>("ckm_test_user1_app2", m_user->getUid());
+ m_installerU1A2 = std::make_unique<ScopedInstaller>(*USER1_APP2);
- RUNNER_ASSERT(
- CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
- RUNNER_ASSERT(
- CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_READ));
-}
+ USER1_APP3 = std::make_unique<AppInstallHelper>("ckm_test_user1_app3", m_user->getUid());
+ m_installerU1A3 = std::make_unique<ScopedInstaller>(*USER1_APP3);
-// invalid arguments check
-RUNNER_TEST(T3002_manager_deny_access_invalid)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
+ USER2_APP1 = std::make_unique<AppInstallHelper>("ckm_test_user2_app1", m_user2->getUid());
+ m_installerU2A1 = std::make_unique<ScopedInstaller>(*USER2_APP1);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
-}
+ PKG_ID = USER1_APP1->getPkgId();
+ PKG_ID2 = USER1_APP2->getPkgId();
+ PKG_ID3 = USER1_APP3->getPkgId();
-// tries to allow access for non existing alias
-RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
+ // clean system db just in case
+ remove_user_data(SYSTEM_USER);
+ }
+
+ void Finish() override
+ {
+ m_installerU2A1.reset();
+ m_installerU1A3.reset();
+ m_installerU1A2.reset();
+ m_installerU1A1.reset();
+ m_user2.reset();
+ m_user.reset();
+ }
+
+private:
+ std::unique_ptr<ScopedInstaller> m_installerU1A1;
+ std::unique_ptr<ScopedInstaller> m_installerU1A2;
+ std::unique_ptr<ScopedInstaller> m_installerU1A3;
+ std::unique_ptr<ScopedInstaller> m_installerU2A1;
+ std::unique_ptr<TestUser> m_user2;
+ std::unique_ptr<TestUser> m_user;
+};
+
+template <typename PrepFn, typename TestFn>
+void PrepareAndTest(PrepFn&& app1prepare, TestFn&& app2test)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
- int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
+ // prepare
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+
+ app1prepare();
+
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for test
+ });
+
+ // test accessibility from another app
+ ScopedAppLauncher(*USER1_APP2, [&]{
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for preparation
+
+ app2test();
+
+ syncPipe.post();
+ });
}
-// tries to deny access for non existing alias
-RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
+} // namespace anonymous
+
+RUNNER_TEST_GROUP_INIT_ENV(T300_CKMC_ACCESS_CONTROL_USER_C_API, AppInstallationFixture);
+
+// invalid arguments check
+RUNNER_CHILD_TEST(T3001_manager_set_permission_invalid)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(nullptr,
+ "accessor",
+ CKMC_PERMISSION_READ));
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias",
+ nullptr,
+ CKMC_PERMISSION_READ));
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(nullptr,
+ "accessor",
+ CKMC_PERMISSION_NONE));
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias",
+ nullptr,
+ CKMC_PERMISSION_NONE));
+ });
+}
- int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Denying access for non existing alias returned " << CKMCErrorToString(ret));
+// tries to set permission for non existing alias
+RUNNER_CHILD_TEST(T3003_manager_set_permission_non_existing)
+{
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
+
+ ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "Denying access for non existing alias returned " << CKMCErrorToString(ret));
+ });
}
// tries to deny access that does not exist in database
RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- // deny non existing access to existing alias
- int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
- "Denying non existing access returned: " << CKMCErrorToString(ret));
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+
+ // deny non existing access to existing alias
+ int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
+ "Denying non existing access returned: " << CKMCErrorToString(ret));
+ });
}
// tries to allow access to application own data
RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- std::string ownerId = getOwnerIdFromSelf();
- int ret = ckmc_set_permission(TEST_ALIAS, ownerId.c_str(), CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Trying to allow myself returned: " << CKMCErrorToString(ret));
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+
+ int ret = ckmc_set_permission(TEST_ALIAS, PKG_ID.c_str(), CKMC_PERMISSION_READ);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
+ "Trying to allow myself returned: " << CKMCErrorToString(ret));
+ });
}
// verifies that alias can not contain forbidden characters
RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ std::string test_alias_playground = std::string("AAA BBB CCC");
+ check_read(test_alias_playground, "", TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
- std::string test_alias_playground = std::string("AAA BBB CCC");
- check_read(test_alias_playground, "", TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // control: expect success
- check_read(TEST_ALIAS, "", TEST_DATA);
- check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
+ // control: expect success
+ check_read(TEST_ALIAS, "", TEST_DATA);
+ check_read(TEST_ALIAS, PKG_ID, TEST_DATA);
+ });
}
// verifies that label can not contain forbidden characters
RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- // basic test
- std::string APP_LABEL_1_playground = std::string("AAA BBB CCC");
- check_read(TEST_ALIAS, APP_LABEL_1_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // insert part of the separator in the middle
- APP_LABEL_1_playground = std::string(APP_LABEL_1);
- APP_LABEL_1_playground.insert(APP_LABEL_1_playground.size()/2, ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // prepend separator
- APP_LABEL_1_playground = std::string(APP_LABEL_1);
- APP_LABEL_1_playground.insert(0, ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // append separator
- APP_LABEL_1_playground = std::string(APP_LABEL_1);
- APP_LABEL_1_playground.append(ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // control: expect success
- check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+
+ // basic test
+ std::string PKG_ID_playground = std::string("AAA BBB CCC");
+ check_read(TEST_ALIAS, PKG_ID_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // insert part of the separator in the middle
+ PKG_ID_playground = PKG_ID;
+ PKG_ID_playground.insert(PKG_ID_playground.size()/2, ckmc_label_name_separator);
+ check_read(TEST_ALIAS, PKG_ID_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // prepend separator
+ PKG_ID_playground = PKG_ID;
+ PKG_ID_playground.insert(0, ckmc_label_name_separator);
+ check_read(TEST_ALIAS, PKG_ID_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // append separator
+ PKG_ID_playground = PKG_ID;
+ PKG_ID_playground.append(ckmc_label_name_separator);
+ check_read(TEST_ALIAS, PKG_ID_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // control: expect success
+ check_read(TEST_ALIAS, PKG_ID, TEST_DATA);
+ });
}
-
// tries to access other application data without permission
-RUNNER_TEST(T3020_manager_access_not_allowed, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3020_manager_access_not_allowed)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+ PrepareAndTest([]{
+ }, []{
+ std::string TEST_ALIAS_adr = aliasWithLabel(PKG_ID, TEST_ALIAS);
check_read_not_visible(TEST_ALIAS_adr);
check_remove_not_visible(TEST_ALIAS_adr);
- }
+ });
}
// tries to access other application data with permission
-RUNNER_TEST(T3021_manager_access_allowed, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3021_manager_access_allowed)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
- }
+ PrepareAndTest([]{
+ allow_access(TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
+ }, []{
+ check_read_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS), TEST_DATA);
+ });
}
// tries to read other application data with permission for read/remove
-RUNNER_TEST(T3022_manager_access_allowed_with_remove, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3022_manager_access_allowed_with_remove)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
- }
+ PrepareAndTest([]{
+ allow_access(TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ }, []{
+ check_read_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS), TEST_DATA);
+ });
}
// tries to remove other application data with permission for reading only
-RUNNER_TEST(T3023_manager_access_allowed_remove_denied, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3023_manager_access_allowed_remove_denied)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+ PrepareAndTest([]{
+ allow_access(TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
+ }, []{
+ std::string TEST_ALIAS_adr = aliasWithLabel(PKG_ID, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr);
check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
- }
+ });
}
// tries to remove other application data with permission
-RUNNER_TEST(T3025_manager_remove_allowed, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3025_manager_remove_allowed)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
- }
+ PrepareAndTest([]{
+ allow_access(TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ }, []{
+ check_remove_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS));
+ });
}
// tries to access other application data after allow function was called twice with different
// rights
-RUNNER_TEST(T3026_manager_double_allow, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3026_manager_double_allow)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
+ PrepareAndTest([]{
// access should be overwritten
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+ allow_access(TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access(TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
+ }, []{
+ std::string TEST_ALIAS_adr = aliasWithLabel(PKG_ID, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr);
check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
- }
+ });
}
// tries to access application data with permission and after permission has been revoked
-RUNNER_TEST(T3027_manager_allow_deny, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3027_manager_allow_deny)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
- // prepare: add data
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ // prepare: add data
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ allow_access(TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for 1st check
+
+ // remove permission
+ deny_access(TEST_ALIAS, PKG_ID2);
+
+ syncPipe.post();
+ syncPipe.wait(); // wait for 2nd check
+ });
// test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ ScopedAppLauncher(*USER1_APP2, [&]{
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save + perm
+
+ std::string TEST_ALIAS_adr = aliasWithLabel(PKG_ID, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr);
check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
- }
- // remove permission
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
-
- deny_access(TEST_ALIAS, APP_LABEL_2);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ syncPipe.post();
+ syncPipe.wait(); // wait for denial
check_remove_not_visible(TEST_ALIAS_adr);
check_read_not_visible(TEST_ALIAS_adr);
- }
+
+ syncPipe.post();
+ });
}
-RUNNER_TEST(T3028_manager_access_by_label, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3028_manager_access_by_label)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
// prepare: add data
const char *additional_data = "label-2-data";
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- // add data as app 2
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, additional_data);
+ allow_access(TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
- allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for save + perm
- // test if accessing valid alias (of label2 domain)
- check_read_allowed(TEST_ALIAS, additional_data);
- }
+ // test if can access label2 alias from label1 domain - should succeed
+ check_read_allowed(aliasWithLabel(PKG_ID2, TEST_ALIAS), additional_data);
- // test accessibility to app 2 from app 1
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
+ syncPipe.post();
+ syncPipe.wait(); // wait for access check
+ });
- // test if can access label2 alias from label1 domain - should succeed
- check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS), additional_data);
- }
-}
+ // add data as app 2
+ ScopedAppLauncher(*USER1_APP2, [&]{
+ ScopedSaveData ssd2(TEST_ALIAS, additional_data);
-// tries to modify another label's permission
-RUNNER_TEST(T3029_manager_access_modification_by_foreign_label, RemoveDataEnv<USER_ID_1>)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ allow_access(TEST_ALIAS, PKG_ID, CKMC_PERMISSION_READ);
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save + perm
+ syncPipe.post();
- allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- }
+ // test if accessing valid alias (of USER1_APP2 domain)
+ check_read_allowed(TEST_ALIAS, additional_data);
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ syncPipe.wait(); // wait for access check
+ syncPipe.post();
+ });
+}
- allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
- deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
- }
+// tries to modify another label's permission
+RUNNER_CHILD_TEST(T3029_manager_access_modification_by_foreign_label)
+{
+ PrepareAndTest([]{
+ }, []{
+ allow_access_negative(aliasWithLabel(PKG_ID, TEST_ALIAS),
+ PKG_ID2,
+ CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE,
+ CKMC_ERROR_PERMISSION_DENIED);
+ deny_access_negative(aliasWithLabel(PKG_ID, TEST_ALIAS),
+ PKG_ID2,
+ CKMC_ERROR_PERMISSION_DENIED);
+ });
}
// checks if only aliases readable by given app are returned
-RUNNER_TEST(T3030_manager_get_all_aliases, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3030_manager_get_all_aliases)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
// prepare: add data
size_t count;
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- save_data(TEST_ALIAS2, TEST_DATA);
+
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ ScopedSaveData ssd2(TEST_ALIAS2, TEST_DATA);
count = count_aliases(ALIAS_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
+ allow_access(TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
+
+ syncPipe.claimChildEp();
+ syncPipe.post(&count, sizeof(count));
+ syncPipe.wait(); // wait for first check
+
+ // remove permission
+ deny_access(TEST_ALIAS, PKG_ID2);
+
+ syncPipe.post();
+ syncPipe.wait(); // wait for second check
+ });
// test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ ScopedAppLauncher(*USER1_APP2, [&]{
+ syncPipe.claimParentEp();
+ syncPipe.wait(&count, sizeof(count)); // wait for save + perm
// check that app can access other aliases when it has permission
check_alias_count(count - 1);
- ScopedSaveData ssd3(TEST_ALIAS3, TEST_DATA);
+ {
+ ScopedSaveData ssd3(TEST_ALIAS3, TEST_DATA);
- // check that app can access its own aliases
- check_alias_count(count - 1 + 1);
- }
+ // check that app can access its own aliases
+ check_alias_count(count - 1 + 1);
- // remove permission
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- deny_access(TEST_ALIAS, APP_LABEL_2);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ syncPipe.post();
+ syncPipe.wait(); // wait for denial
+ }
// check that app can't access other aliases for which permission has been revoked
check_alias_count(count - 2);
- }
-}
-
-// tries to access other application data with permission
-RUNNER_TEST(T3031_manager_deprecated_access_allowed, RemoveDataEnv<USER_ID_1>)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
- }
+ syncPipe.post();
+ });
}
// tries to read other application data with permission for read/remove
-RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3032_manager_deprecated_access_allowed_with_remove)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
- }
+ PrepareAndTest([]{
+ allow_access_deprecated(TEST_ALIAS, PKG_ID2, CKMC_AR_READ_REMOVE);
+ }, []{
+ check_read_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS), TEST_DATA);
+ check_remove_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS));
+ });
}
// tries to remove other application data with permission for reading only
-RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3033_manager_deprecated_access_allowed_remove_denied)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+ PrepareAndTest([]{
+ allow_access_deprecated(TEST_ALIAS, PKG_ID2, CKMC_AR_READ);
+ }, []{
+ std::string TEST_ALIAS_adr = aliasWithLabel(PKG_ID, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr);
check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission
-RUNNER_TEST(T3034_manager_deprecated_remove_allowed, RemoveDataEnv<USER_ID_1>)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
-
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
- }
+ });
}
// tries to get alias list and alias info list of other application data
// with permission for read or remove
-RUNNER_TEST(T3035_manager_gets_alias_info_list_with_read_or_remove, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3035_manager_gets_alias_info_list_with_read_or_remove)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_REMOVE);
- }
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ allow_access(TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
+ allow_access(TEST_ALIAS, PKG_ID3, CKMC_PERMISSION_REMOVE);
+
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait();
+ });
+
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save + perm
// test getting alias from another label with read permission
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ ScopedAppLauncher(*USER1_APP2, [&]{
check_alias_count(1);
- }
+ });
// test getting and removing alias from another label with remove permission
- {
- ScopedAppContext ctx(APP_LABEL_3, USER_ID_1, GROUP_ID_1);
+ ScopedAppLauncher(*USER1_APP3, [&]{
check_alias_count(0);
- remove_alias(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
+ remove_alias(aliasWithLabel(PKG_ID, TEST_ALIAS));
+ });
+
+ syncPipe.post();
}
/////////////////////////////////////////////////////////////////////////////
// Control
-RUNNER_TEST_GROUP_INIT (T310_CKMC_ACCESS_CONTROL_ROOT_C_API);
-
-RUNNER_TEST(T3100_init)
-{
- reset_user_data(USER_ID_1, APP_PASS_1);
- reset_user_data(USER_ID_2, APP_PASS_2);
-}
+RUNNER_TEST_GROUP_INIT_ENV(T310_CKMC_ACCESS_CONTROL_ROOT_C_API, AppInstallationFixture);
// invalid argument check
-RUNNER_TEST(T3101_control_allow_access_invalid, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3101_control_set_permission_invalid)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
+
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait();
+ });
+
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
int ret;
- ret = ckmc_set_permission_by_adm(USER_ID_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(USER_ID, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
- ret = ckmc_set_permission_by_adm(USER_ID_1, "owner alias", NULL, CKMC_PERMISSION_READ);
+
+ ret = ckmc_set_permission_by_adm(USER_ID, "owner alias", nullptr, CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
// double owner
std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf(), TEST_ALIAS);
- ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("another-owner", aliasLabel).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(USER_ID,
+ aliasWithLabel("another-owner", aliasLabel).c_str(),
+ PKG_ID.c_str(),
+ CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
-}
-// invalid argument check
-RUNNER_TEST(T3102_control_deny_access_invalid, RemoveDataEnv<USER_ID_1>)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ ret = ckmc_set_permission_by_adm(
+ USER_ID,
+ aliasWithLabel("", TEST_ALIAS).c_str(),
+ "accessor",
+ CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("", TEST_ALIAS).c_str(),
- "accessor", CKMC_PERMISSION_NONE));
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("owner", TEST_ALIAS).c_str(),
- NULL, CKMC_PERMISSION_NONE));
+ ret = ckmc_set_permission_by_adm(
+ USER_ID,
+ aliasWithLabel("owner", TEST_ALIAS).c_str(),
+ nullptr,
+ CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
// double owner
- std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf(), TEST_ALIAS);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("another-owner",
- aliasLabel).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
+ ret = ckmc_set_permission_by_adm(
+ USER_ID,
+ aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(),
+ PKG_ID.c_str(),
+ CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
+
+ syncPipe.post();
}
-// tries to allow access for non existing alias
+// tries to set permission for non existing alias
RUNNER_TEST(T3103_control_allow_access_non_existing)
{
- reset_user_data(USER_ID_1, APP_PASS_1);
- int ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+
+ int ret = ckmc_set_permission_by_adm(USER_ID,
+ aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(),
+ "label",
+ CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
-}
+ "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
-// tries to deny access for non existing alias
-RUNNER_TEST(T3104_control_deny_access_non_existing)
-{
- reset_user_data(USER_ID_1, APP_PASS_1);
- int ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
+ ret = ckmc_set_permission_by_adm(USER_ID,
+ aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(),
+ "label",
+ CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Denying access for non existing alias returned " << CKMCErrorToString(ret));
+ "Denying access for non existing alias returned " << CKMCErrorToString(ret));
}
// tries to deny non existing access
-RUNNER_TEST(T3105_control_remove_non_existing_access, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3105_control_remove_non_existing_access)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait();
+ });
- int ret = ckmc_set_permission_by_adm(USER_ID_1,
- aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
+
+ int ret = ckmc_set_permission_by_adm(USER_ID,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(), PKG_ID2.c_str(), CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
- "Denying non existing access returned: " << CKMCErrorToString(ret));
+ "Denying non existing access returned: " << CKMCErrorToString(ret));
+
+ syncPipe.post();
}
// tries to allow application to access its own data
-RUNNER_TEST(T3106_control_allow_access_to_myself, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3106_control_allow_access_to_myself)
{
// prepare: add data
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- // test
- int ret = ckmc_set_permission(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Trying to allow myself returned: " << CKMCErrorToString(ret));
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+
+ // test
+ int ret = ckmc_set_permission(TEST_ALIAS, PKG_ID.c_str(), CKMC_PERMISSION_READ);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
+ "Trying to allow myself returned: " << CKMCErrorToString(ret));
+ });
}
// tries to use admin API as a user
-RUNNER_CHILD_TEST(T3110_control_allow_access_as_user, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
{
RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
// prepare: add data
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- // test
- int ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+
+ // test
+ int ret = ckmc_set_permission_by_adm(USER_ID,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ PKG_ID2.c_str(),
+ CKMC_PERMISSION_READ);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
+ "Ordinary user should not be able to use control API. Error " <<
+ CKMCErrorToString(ret));
+
+ ret = ckmc_set_permission_by_adm(USER_ID,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ PKG_ID2.c_str(),
+ CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
+ "Ordinary user should not be able to use control API. Error " <<
+ CKMCErrorToString(ret));
+ });
}
-// tries to use admin API as a user
-RUNNER_CHILD_TEST(T3111_control_deny_access_as_user, RemoveDataEnv<USER_ID_1>)
+// tries to use update API from another app
+RUNNER_CHILD_TEST(T3112_control_allow_update_as_user)
{
- RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedDBUnlock unlock2(USER_ID_2, APP_PASS_2);
+ SynchronizationPipe syncPipe;
// prepare: add data
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
+ ScopedAppLauncher user1_app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- // test
- int ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
-}
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait();
-// tries to use update API from another app
-RUNNER_CHILD_TEST(T3112_control_allow_update_as_user, RemoveDataEnv<USER_ID_1>)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ckmc_policy_s policy { nullptr, true };
- ckmc_raw_buffer_s data { (unsigned char*)TEST_DATA, strlen(TEST_DATA) };
+ // add data permissions
+ assert_positive(ckmc_set_permission,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ PKG_ID2.c_str(),
+ CKMC_PERMISSION_REMOVE | CKMC_PERMISSION_READ);
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ syncPipe.post();
+ syncPipe.wait();
+ });
- // test
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_2, GROUP_ID_2);
- assert_result(CKMC_ERROR_PERMISSION_DENIED, ckmc_update_data,
- aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- data, policy);
- }
+ auto test = []{
+ ckmc_policy_s policy { nullptr, true };
+ ckmc_raw_buffer_s data { (unsigned char*)TEST_DATA, strlen(TEST_DATA) };
- // test
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_2, GROUP_ID_1);
- assert_result(CKMC_ERROR_PERMISSION_DENIED, ckmc_update_data,
- aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- data, policy);
- }
+ // test as user 1 app 2
+ ScopedAppLauncher(*USER1_APP2, [&]{
+ assert_result(CKMC_ERROR_PERMISSION_DENIED,
+ ckmc_update_data,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ data,
+ policy);
+ });
- // test
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- assert_result(CKMC_ERROR_PERMISSION_DENIED, ckmc_update_data,
- aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- data, policy);
- }
+ // test as user 2 app 4
+ ScopedAppLauncher(*USER2_APP1, [&]{
+ assert_result(CKMC_ERROR_PERMISSION_DENIED,
+ ckmc_update_data,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ data,
+ policy);
+ });
+ };
- // add data permissions
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- assert_positive(ckmc_set_permission, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- APP_LABEL_2, CKMC_PERMISSION_REMOVE | CKMC_PERMISSION_READ);
- }
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
- // test
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- assert_result(CKMC_ERROR_PERMISSION_DENIED, ckmc_update_data,
- aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- data, policy);
- }
+ test();
+
+ syncPipe.post();
+ syncPipe.wait(); // wait for perms
+
+ test();
+
+ syncPipe.post();
}
// tries to get data after updating it from another app
-RUNNER_CHILD_TEST(T3113_control_allow_access_after_update_as_user, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3113_control_allow_access_after_update_as_user)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
ckmc_policy_s policy { nullptr, true };
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- // test
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- ckmc_raw_buffer_s* data = nullptr;
- assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN, ckmc_get_data,
- aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- policy.password, &data);
- }
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for 1st get
- // add data permissions
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- assert_positive(ckmc_set_permission, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- APP_LABEL_2, CKMC_PERMISSION_READ);
- }
+ // add data permissions
+ assert_positive(ckmc_set_permission,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ PKG_ID2.c_str(),
+ CKMC_PERMISSION_READ);
- // test
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- ckmc_raw_buffer_s* data = nullptr;
- assert_positive(ckmc_get_data,
- aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- policy.password, &data);
- ckmc_buffer_free(data);
- }
+ syncPipe.post();
+ syncPipe.wait(); // wait for 2nd get
- // update
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
+ // update
ckmc_raw_buffer_s data { (unsigned char*)TEST_DATA, strlen(TEST_DATA) };
assert_positive(ckmc_update_data,
- aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- data, policy);
- }
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ data,
+ policy);
+
+ syncPipe.post();
+ syncPipe.wait(); // wait for 3rd get
+
+ // add data permissions
+ assert_positive(ckmc_set_permission,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ PKG_ID2.c_str(),
+ CKMC_PERMISSION_READ);
+
+ syncPipe.post();
+ syncPipe.wait(); // wait for 4th get
+ });
// test
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ ScopedAppLauncher(*USER1_APP2, [&]{
ckmc_raw_buffer_s* data = nullptr;
- assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN, ckmc_get_data,
- aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- policy.password, &data);
+
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
+
+ assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
+ ckmc_get_data,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ policy.password,
+ &data);
ckmc_buffer_free(data);
- }
+ data = nullptr;
- // add data permissions
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- assert_positive(ckmc_set_permission, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- APP_LABEL_2, CKMC_PERMISSION_READ);
- }
+ syncPipe.post();
+ syncPipe.wait(); // wait for perms
- // test
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- ckmc_raw_buffer_s* data = nullptr;
assert_positive(ckmc_get_data,
- aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(),
- policy.password, &data);
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ policy.password,
+ &data);
ckmc_buffer_free(data);
- }
-}
+ data = nullptr;
-// tries to read other application data with permission
-RUNNER_TEST(T3121_control_access_allowed, RemoveDataEnv<USER_ID_1>)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ syncPipe.post();
+ syncPipe.wait(); // wait for update
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
+ ckmc_get_data,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ policy.password,
+ &data);
+ ckmc_buffer_free(data);
+ data = nullptr;
- allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ syncPipe.post();
+ syncPipe.wait(); // wait for perms
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ assert_positive(ckmc_get_data,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ policy.password,
+ &data);
+ ckmc_buffer_free(data);
+ data = nullptr;
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
- }
+ syncPipe.post();
+ });
}
-// tries to read other application data with permission to read/remove
-RUNNER_TEST(T3122_control_access_allowed_with_remove, RemoveDataEnv<USER_ID_1>)
+// tries to read other application data with permission
+RUNNER_CHILD_TEST(T3121_control_access_allowed)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
-
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
- }
-}
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-// tries to remove other application data with permission to read
-RUNNER_TEST(T3122_control_access_allowed_remove_denied, RemoveDataEnv<USER_ID_1>)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for access check
+ });
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
- allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(USER_ID, PKG_ID, TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ ScopedAppLauncher(*USER1_APP2, [&]{
+ check_read_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS), TEST_DATA);
+ check_remove_denied(aliasWithLabel(PKG_ID, TEST_ALIAS));
+ });
- check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
- }
+ syncPipe.post();
}
-// tries to remove other application data with permission
-RUNNER_TEST(T3125_control_remove_allowed, RemoveDataEnv<USER_ID_1>)
+// tries to read other application data with permission to read/remove
+RUNNER_CHILD_TEST(T3122_control_access_allowed_with_remove)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for access check
+ });
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
- }
+ allow_access_by_adm(USER_ID,
+ PKG_ID,
+ TEST_ALIAS,
+ PKG_ID2,
+ CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+
+ ScopedAppLauncher(*USER1_APP2, [&]{
+ check_read_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS), TEST_DATA);
+ check_remove_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS));
+ });
+
+ syncPipe.post();
}
// tries to access other application data after allow function has been called twice with different
// rights
-RUNNER_TEST(T3126_control_double_allow, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3126_control_double_allow)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- // access should be overwritten
- allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for access check
+ });
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+ // access should be overwritten
+ allow_access_by_adm(USER_ID,
+ PKG_ID,
+ TEST_ALIAS,
+ PKG_ID2,
+ CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(USER_ID, PKG_ID, TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
+
+ ScopedAppLauncher(*USER1_APP2, [&]{
+ std::string TEST_ALIAS_adr = aliasWithLabel(PKG_ID, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr);
check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
- }
+ });
+
+ syncPipe.post();
}
// tries to access other application data with permission and after permission has been revoked
-RUNNER_TEST(T3127_control_allow_deny, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3127_control_allow_deny)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for access check
+ });
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
+
+ std::string TEST_ALIAS_adr = aliasWithLabel(PKG_ID, TEST_ALIAS);
+ allow_access_by_adm(USER_ID, PKG_ID, TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
+ ScopedAppLauncher(*USER1_APP2, [&]{
check_remove_denied(TEST_ALIAS_adr);
check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
- }
-
- deny_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
+ });
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ deny_access_by_adm(USER_ID, PKG_ID, TEST_ALIAS, PKG_ID2);
+ ScopedAppLauncher(*USER1_APP2, [&]{
check_remove_not_visible(TEST_ALIAS_adr);
check_read_not_visible(TEST_ALIAS_adr);
- }
+ });
+
+ syncPipe.post();
}
// checks if only aliases readable by given app are returned
-RUNNER_TEST(T3130_control_get_all_aliases, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(T3130_control_get_all_aliases)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
+ size_t count;
// prepare: add data
- size_t count;
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- save_data(TEST_ALIAS2, TEST_DATA);
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ ScopedSaveData ssd2(TEST_ALIAS2, TEST_DATA);
count = count_aliases(ALIAS_DATA);
- }
- allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ syncPipe.claimChildEp();
+ syncPipe.post(&count, sizeof(count));
+ syncPipe.wait(); // wait for access check
+ });
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ syncPipe.claimParentEp();
+ syncPipe.wait(&count, sizeof(count)); // wait for save
+ allow_access_by_adm(USER_ID, PKG_ID, TEST_ALIAS, PKG_ID2, CKMC_PERMISSION_READ);
+
+ ScopedAppLauncher(*USER1_APP2, [&]{
// check that app can access other aliases when it has permission
check_alias_count(count - 1);
// check that app can access its own aliases
check_alias_count(count - 1 + 1);
- }
-
- deny_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
+ });
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ deny_access_by_adm(USER_ID, PKG_ID, TEST_ALIAS, PKG_ID2);
+ ScopedAppLauncher(*USER1_APP2, [&]{
// check that app can't access other aliases for which permission has been revoked
check_alias_count(count - 2);
- }
-}
+ });
-// tries to add access to data in a database of invalid user
-RUNNER_TEST(T3140_control_allow_invalid_user, RemoveDataEnv<USER_ID_1>)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- int ret = ckmc_set_permission_by_adm(USER_ID_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
+ syncPipe.post();
}
-// tries to revoke access to data in a database of invalid user
-RUNNER_TEST(T3141_control_deny_invalid_user, RemoveDataEnv<USER_ID_1>)
+// tries to set permission to data in a database of invalid user
+RUNNER_CHILD_TEST(T3140_control_set_permission_invalid_user)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedDBUnlock unlock2(USER_ID_2, APP_PASS_2);
+ SynchronizationPipe syncPipe;
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- int ret = ckmc_set_permission_by_adm(USER_ID_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for access check
+ });
+
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
+
+ int ret = ckmc_set_permission_by_adm(USER_ID_2,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ PKG_ID2.c_str(),
+ CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
+
+ ret = ckmc_set_permission_by_adm(USER_ID_2,
+ aliasWithLabel(PKG_ID, TEST_ALIAS).c_str(),
+ PKG_ID2.c_str(),
+ CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
+
+ syncPipe.post();
}
-// tries to read other application data with permission
-RUNNER_TEST(T3142_control_deprecated_access_allowed, RemoveDataEnv<USER_ID_1>)
+// tries to read/remove other application data with permission
+RUNNER_CHILD_TEST(T3142_control_deprecated_access_allowed)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- allow_access_deprecated_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for access check
+ });
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
- }
-}
-
-// tries to read other application data with permission to read/remove
-RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove, RemoveDataEnv<USER_ID_1>)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
-
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
- allow_access_deprecated_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+ allow_access_deprecated_by_adm(USER_ID, PKG_ID, TEST_ALIAS, PKG_ID2, CKMC_AR_READ);
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ ScopedAppLauncher(*USER1_APP2, [&]{
+ check_read_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS), TEST_DATA);
+ check_remove_denied(aliasWithLabel(PKG_ID, TEST_ALIAS));
+ });
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
- }
+ syncPipe.post();
}
-// tries to remove other application data with permission to read
-RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied, RemoveDataEnv<USER_ID_1>)
+// tries to read/remove other application data with permission to read/remove
+RUNNER_CHILD_TEST(T3143_control_deprecated_access_allowed_with_remove)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ SynchronizationPipe syncPipe;
// prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_deprecated_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
-
- check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
- }
-}
-
-// tries to remove other application data with permission
-RUNNER_TEST(T3145_control_deprecated_remove_allowed, RemoveDataEnv<USER_ID_1>)
-{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for access check
+ });
- // prepare: add data
- {
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save
- allow_access_deprecated_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+ allow_access_deprecated_by_adm(USER_ID, PKG_ID, TEST_ALIAS, PKG_ID2, CKMC_AR_READ_REMOVE);
- {
- ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
+ ScopedAppLauncher(*USER1_APP2, [&]{
+ check_read_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS), TEST_DATA);
+ check_remove_allowed(aliasWithLabel(PKG_ID, TEST_ALIAS));
+ });
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
- }
+ syncPipe.post();
}
RUNNER_TEST(utc_ckmc_get_key_alias_info_list_p)
{
- ckmc_alias_info_list_s* ppalias_list = NULL;
+ ckmc_alias_info_list_s* ppalias_list = nullptr;
int ret = ckmc_get_key_alias_info_list(&ppalias_list);
ckmc_alias_info_list_all_free(ppalias_list);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_DB_ALIAS_UNKNOWN, "Expected CKMC_ERROR_DB_ALIAS_UNKNOWN, returned: " << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_DB_ALIAS_UNKNOWN,
+ "Expected CKMC_ERROR_DB_ALIAS_UNKNOWN, returned: " << CKMCErrorToString(ret));
}
RUNNER_TEST(utc_ckmc_get_key_alias_info_list_n)
{
- int ret = ckmc_get_key_alias_info_list(NULL);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_INVALID_PARAMETER, "Expected invalid parameter error, returned: " << CKMCErrorToString(ret));
+ int ret = ckmc_get_key_alias_info_list(nullptr);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_INVALID_PARAMETER,
+ "Expected invalid parameter error, returned: " << CKMCErrorToString(ret));
}
RUNNER_TEST(utc_ckmc_get_cert_alias_info_list_p)
{
- ckmc_alias_info_list_s* ppalias_list = NULL;
+ ckmc_alias_info_list_s* ppalias_list = nullptr;
int ret = ckmc_get_cert_alias_info_list(&ppalias_list);
ckmc_alias_info_list_all_free(ppalias_list);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_DB_ALIAS_UNKNOWN, "Expected CKMC_ERROR_DB_ALIAS_UNKNOWN, returned: " << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(
+ ret == CKMC_ERROR_DB_ALIAS_UNKNOWN,
+ "Expected CKMC_ERROR_DB_ALIAS_UNKNOWN, returned: " << CKMCErrorToString(ret));
}
RUNNER_TEST(utc_ckmc_get_cert_alias_info_list_n)
{
- int ret = ckmc_get_cert_alias_info_list(NULL);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_INVALID_PARAMETER, "Expected invalid parameter error, returned: " << CKMCErrorToString(ret));
+ int ret = ckmc_get_cert_alias_info_list(nullptr);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_INVALID_PARAMETER,
+ "Expected invalid parameter error, returned: " << CKMCErrorToString(ret));
}
RUNNER_TEST(utc_ckmc_get_data_alias_info_list_p1)
{
- ckmc_alias_info_list_s* ppalias_list = NULL;
+ ckmc_alias_info_list_s* ppalias_list = nullptr;
int ret = ckmc_get_data_alias_info_list(&ppalias_list);
ckmc_alias_info_list_all_free(ppalias_list);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_DB_ALIAS_UNKNOWN, "Expected CKMC_ERROR_DB_ALIAS_UNKNOWN, returned: " << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(
+ ret == CKMC_ERROR_DB_ALIAS_UNKNOWN,
+ "Expected CKMC_ERROR_DB_ALIAS_UNKNOWN, returned: " << CKMCErrorToString(ret));
}
-RUNNER_TEST(utc_ckmc_get_data_alias_info_list_p2, RemoveDataEnv<USER_ID_1>)
+RUNNER_CHILD_TEST(utc_ckmc_get_data_alias_info_list_p2)
{
- ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
- ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- ckmc_alias_info_list_s* ppalias_list = NULL;
-
- int ret = ckmc_get_data_alias_info_list(&ppalias_list);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, returned: " << CKMCErrorToString(ret));
-
- char* alias = NULL;
- ret = ckmc_alias_info_get_alias(ppalias_list->info, &alias);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get alias, returned: " << CKMCErrorToString(ret));
- RUNNER_ASSERT_MSG(ppalias_list->next == NULL, "More elements returned");
- std::string aliasOrig = std::string(APP_LABEL_1) + " " + std::string(TEST_ALIAS);
- RUNNER_ASSERT_MSG(strcmp(alias, aliasOrig.c_str()) == 0, "Invalid aliast returned : " << alias);
-
- ckmc_alias_info_list_all_free(ppalias_list);
-
+ ScopedDBUnlock unlock(USER_ID, APP_PASS_1);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+
+ ckmc_alias_info_list_s* ppalias_list = nullptr;
+
+ int ret = ckmc_get_data_alias_info_list(&ppalias_list);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
+ "Expected no error, returned: " << CKMCErrorToString(ret));
+
+ char* alias = nullptr;
+ ret = ckmc_alias_info_get_alias(ppalias_list->info, &alias);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
+ "Failed to get alias, returned: " << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(ppalias_list->next == nullptr, "More elements returned");
+ std::string aliasOrig = std::string(PKG_ID) + " " + std::string(TEST_ALIAS);
+ RUNNER_ASSERT_MSG(strcmp(alias, aliasOrig.c_str()) == 0,
+ "Invalid aliast returned : " << alias);
+
+ ckmc_alias_info_list_all_free(ppalias_list);
+ });
}
RUNNER_TEST(utc_ckmc_get_data_alias_info_list_n)
{
- int ret = ckmc_get_data_alias_info_list(NULL);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_INVALID_PARAMETER, "Expected invalid parameter error, returned: " << CKMCErrorToString(ret));
+ int ret = ckmc_get_data_alias_info_list(nullptr);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_INVALID_PARAMETER,
+ "Expected invalid parameter error, returned: " << CKMCErrorToString(ret));
}
RUNNER_TEST(utc_ckmc_alias_info_get_alias_p)
test_key.raw_key = (unsigned char *)RSA_PUB_KEY_PEM;
test_key.key_size = strlen(RSA_PUB_KEY_PEM);
test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = NULL;
+ test_key.password = nullptr;
- test_policy.password = NULL;
+ test_policy.password = nullptr;
test_policy.extractable = true;
ret = ckmc_save_key(alias, test_key, test_policy);
while (tmp) {
ret = ckmc_alias_info_get_alias(tmp->info, ¤t_alias);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, got " << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
+ "Expected no error, got " << CKMCErrorToString(ret));
if (strstr(current_alias, alias)) {
foundAlias = true;
break;
test_key.raw_key = (unsigned char *)RSA_PUB_KEY_PEM;
test_key.key_size = strlen(RSA_PUB_KEY_PEM);
test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = NULL;
+ test_key.password = nullptr;
- test_policy.password = NULL;
+ test_policy.password = nullptr;
test_policy.extractable = true;
ret = ckmc_save_key(alias, test_key, test_policy);
while (tmp) {
ret = ckmc_alias_info_get_alias(tmp->info, ¤t_alias);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, got " << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
+ "Expected no error, got " << CKMCErrorToString(ret));
if (strstr(current_alias, alias)) {
foundAlias = true;
bool is_password_protected;
ret = ckmc_alias_info_is_password_protected(tmp->info, &is_password_protected);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, got " << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
+ "Expected no error, got " << CKMCErrorToString(ret));
RUNNER_ASSERT(is_password_protected == false);
break;
}
projects / platform / core / test / security-tests.git / commitdiff