SET(CKMI_SOURCES
${PROJECT_SOURCE_DIR}/src/ckm/ckm-common.cpp
- ${CKMI_SOURCES_DIR}/process-settings/change-uid.cpp
- ${CKMI_SOURCES_DIR}/process-settings/create-user.cpp
- ${CKMI_SOURCES_DIR}/process-settings/change-smack.cpp
- ${CKMI_SOURCES_DIR}/process-settings/install-app.cpp
- ${CKMI_SOURCES_DIR}/process-settings/unlock-ckm.cpp
- ${CKMI_SOURCES_DIR}/ckm-policy.cpp
${CKMI_SOURCES_DIR}/group01.cpp
${CKMI_SOURCES_DIR}/group02.cpp
${CKMI_SOURCES_DIR}/main.cpp
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ckm-policy.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <sstream>
-
-#include <ckm-policy.h>
-
-CKMPolicy::CKMPolicy(
- std::string pkgId,
- std::string userName,
- ProcessSettings::PrivilegeVector priv)
- : m_userName(std::move(userName))
- , m_pkgId(pkgId)
- , m_appId(std::move(pkgId))
- , m_privileges(std::move(priv))
-{
- std::stringstream ss;
- ss << "User::Pkg::" << m_pkgId;
- m_smackLabel = ss.str();
-}
-
-std::string CKMPolicy::GetUserName() const {
- return m_userName;
-}
-
-void CKMPolicy::SetUserName(std::string userName) {
- m_userName = std::move(userName);
-}
-
-gid_t CKMPolicy::GetGid() const {
- return m_gid;
-}
-
-void CKMPolicy::SetGid(gid_t gid) {
- m_gid = gid;
-}
-
-uid_t CKMPolicy::GetUid() const {
- return m_uid;
-}
-
-void CKMPolicy::SetUid(uid_t uid) {
- m_uid = uid;
-}
-
-std::string CKMPolicy::GetSmackLabel() const {
- return m_smackLabel;
-}
-
-void CKMPolicy::SetSmackLabel(std::string label) {
- m_smackLabel = std::move(label);
-}
-
-std::string CKMPolicy::GetAppId() const {
- return m_appId;
-}
-
-void CKMPolicy::SetAppId(std::string appId) {
- m_appId = std::move(appId);
-}
-
-std::string CKMPolicy::GetPkgId() const {
- return m_pkgId;
-}
-
-void CKMPolicy::SetPkgId(std::string pkgId) {
- m_pkgId = std::move(pkgId);
-}
-
-ProcessSettings::PrivilegeVector CKMPolicy::GetPrivileges() const {
- return m_privileges;
-}
-
-void CKMPolicy::SetPrivileges(ProcessSettings::PrivilegeVector priv) {
- m_privileges = std::move(priv);
-}
-
-const ProcessSettings::PrivilegeVector PrivNone;
-const ProcessSettings::PrivilegeVector PrivCKMBoth {
- "http://tizen.org/privilege/keymanager",
- "http://tizen.org/privilege/keymanager.admin"};
-const ProcessSettings::PrivilegeVector PrivCKMControl {
- "http://tizen.org/privilege/keymanager.admin"};
-const ProcessSettings::PrivilegeVector PrivCKMStore {
- "http://tizen.org/privilege/keymanager"};
-const ProcessSettings::PrivilegeVector PrivCKMExtended {
- "http://tizen.org/privilege/keymanager.extended"};
-
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ckm-policy.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <process-settings/policy.h>
-#include <process-settings/executor.h>
-#include <process-settings/change-uid.h>
-#include <process-settings/change-smack.h>
-#include <process-settings/install-app.h>
-#include <process-settings/create-user.h>
-#include <process-settings/unlock-ckm.h>
-
-class CKMPolicy : public ProcessSettings::Policy {
-public:
- CKMPolicy(
- std::string pkgId,
- std::string userName,
- ProcessSettings::PrivilegeVector priv);
- virtual std::string GetUserName() const;
- virtual void SetUserName(std::string);
- virtual gid_t GetGid() const;
- virtual void SetGid(gid_t);
- virtual uid_t GetUid() const;
- virtual void SetUid(uid_t);
- virtual std::string GetSmackLabel() const;
- virtual void SetSmackLabel(std::string);
- virtual std::string GetAppId() const;
- virtual void SetAppId(std::string);
- virtual std::string GetPkgId() const;
- virtual void SetPkgId(std::string);
- virtual ProcessSettings::PrivilegeVector GetPrivileges() const;
- virtual void SetPrivileges(ProcessSettings::PrivilegeVector);
- virtual ~CKMPolicy() {}
-private:
- uid_t m_uid;
- gid_t m_gid;
- std::string m_userName;
- std::string m_smackLabel;
- std::string m_pkgId;
- std::string m_appId;
- ProcessSettings::PrivilegeVector m_privileges;
-};
-
-extern const ProcessSettings::PrivilegeVector PrivNone;
-extern const ProcessSettings::PrivilegeVector PrivCKMBoth;
-extern const ProcessSettings::PrivilegeVector PrivCKMControl;
-extern const ProcessSettings::PrivilegeVector PrivCKMStore;
-extern const ProcessSettings::PrivilegeVector PrivCKMExtended;
-
#include <ckm/ckm-password.h>
#include <ckm/ckm-type.h>
-#include <ckm-policy.h>
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::CreateUser,
- ProcessSettings::InstallApp,
- ProcessSettings::ChangeSmack,
- ProcessSettings::ChangeUid> ProcSettings;
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::CreateUser,
- ProcessSettings::UnlockCkm,
- ProcessSettings::InstallApp,
- ProcessSettings::ChangeSmack,
- ProcessSettings::ChangeUid> ProcSettingsT03;
+#include <app_install_helper.h>
+#include <scoped_app_launcher.h>
+#include <scoped_installer.h>
+#include <test_user.h>
RUNNER_TEST_GROUP_INIT(GROUP_01_ControlApiAccess);
RUNNER_CHILD_TEST(G01T01_ControlNegative) {
- // Socket is secured with 0700
- // in this test we have no access to this socket
- // DAC should DENIED access to CKM
- ProcSettings ps("PkgIdG01T01", "UserG01T01", PrivNone);
- ps.Apply();
+ auto user = TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false);
- int temp;
- auto control = CKM::Control::create();
+ AppInstallHelper app("PkgIdG01T03", user.getUid());
+ ScopedInstaller installer(app);
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
- "Error=" << CKM::APICodeToString(temp));
+ ScopedDBUnlock unlock(user.getUid(), "DummyPassword");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(),
- "simple-password")),
- "Error=" << CKM::APICodeToString(temp));
+ ScopedAppLauncher(app, [&]{
+ int temp;
+ auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
- "Error=" << CKM::APICodeToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(user.getUid())),
+ "Error=" << CKM::APICodeToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->unlockUserKey(ps.GetUid(), "test-pass")),
- "Error=" << CKM::APICodeToString(temp));
+ temp = control->resetUserPassword(user.getUid(), "simple-password");
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp,
+ "Error=" << CKM::APICodeToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->lockUserKey(ps.GetUid())),
- "Error=" << CKM::APICodeToString(temp));
+ temp = control->resetUserPassword(user.getUid(), "something");
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp,
+ "Error=" << CKM::APICodeToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
- "Error=" << CKM::APICodeToString(temp));
+ temp = control->unlockUserKey(user.getUid(), "test-pass");
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp,
+ "Error=" << CKM::APICodeToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
- "Error=" << CKM::APICodeToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = control->lockUserKey(user.getUid())),
+ "Error=" << CKM::APICodeToString(temp));
+
+ temp = control->resetUserPassword(user.getUid(), "something");
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp,
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(user.getUid())),
+ "Error=" << CKM::APICodeToString(temp));
+ });
}
RUNNER_CHILD_TEST(G01T02_ControlPositive) {
}
RUNNER_CHILD_TEST(G01T03_ProcessIdentificationBySecurityManager) {
- // Socket is secured with 0700
- // in this test we have no access to this socket
- // DAC should DENIED access to CKM
- ProcSettingsT03 ps("PkgIdG01T03", "UserG01T03", PrivCKMStore);
- ps.Apply();
+ auto user = TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false);
+
+ AppInstallHelper app("PkgIdG01T03", user.getUid());
+ app.addPrivilege("http://tizen.org/privilege/keymanager");
+ ScopedInstaller installer(app);
+
+ ScopedDBUnlock unlock(user.getUid(), "DummyPassword");
- auto manager = CKM::Manager::create();
- std::string someData = "some random data";
- CKM::RawBuffer buffer(someData.begin(), someData.end());
- CKM::RawBuffer buffer2;
+ ScopedAppLauncher(app, [&]{
+ auto manager = CKM::Manager::create();
+ std::string someData = "some random data";
+ CKM::RawBuffer buffer(someData.begin(), someData.end());
+ CKM::RawBuffer buffer2;
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveData("data3", buffer, CKM::Policy()));
+ RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveData("data3", buffer, CKM::Policy()));
+ ScopedRemoveData srd("data3");
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->getData("PkgIdG01T03 data3", CKM::Password(), buffer2));
+ int temp = manager->getData(app.getPkgId() + " data3", CKM::Password(), buffer2);
+ RUNNER_ASSERT(CKM_API_SUCCESS == temp);
- RUNNER_ASSERT(buffer == buffer2);
+ RUNNER_ASSERT(buffer == buffer2);
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->removeAlias("PkgIdG01T03 data3"));
+ RUNNER_ASSERT(CKM_API_SUCCESS == manager->removeAlias(app.getPkgId() + " data3"));
+ });
}
#include <ckm/ckm-password.h>
#include <ckm/ckm-type.h>
-#include <ckm-policy.h>
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::CreateUser,
- ProcessSettings::UnlockCkm,
- ProcessSettings::InstallApp,
- ProcessSettings::ChangeSmack,
- ProcessSettings::ChangeUid> PS;
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::CreateUser,
- ProcessSettings::UnlockCkm,
- ProcessSettings::InstallApp,
- ProcessSettings::ChangeSmack> PSNoUid;
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::ChangeUid> PSUid;
+#include <scoped_app_launcher.h>
+#include <scoped_installer.h>
+#include <test_user.h>
RUNNER_TEST_GROUP_INIT(GROUP_02_IntegrationStorageApiWithCynara);
-RUNNER_CHILD_TEST(G02T01_StorageNegative) {
- RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled.");
- // We are ordinary user without any privileges.
- // Cynara should deny all accesses.
- PS ps("PkgIdG02T01", "UserG02T01", PrivNone);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "dataG02T01";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::APICodeToString(temp));
-}
-
-RUNNER_CHILD_TEST(G02T02_StoragePositive) {
- RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled.");
- // We are root. We will be allowed.
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "/System dataG02T02";
-
- // This funciton may return error.
- manager->removeAlias(alias);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
-}
-
-RUNNER_CHILD_TEST(G02T03_StoragePositive) {
- RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled.");
- // We are oridinary user with proper privileges.
- PS ps("PkgIdG02T03", "UserG02T03", PrivCKMStore);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *dataAlias = "dataG02T03";
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(dataAlias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(dataAlias, CKM::Password(), output)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
-}
-
-RUNNER_CHILD_TEST(G02T04_StorageNegative) {
- RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled.");
- // There is some user with privileges but we are
- // are ordinary user without any.
- // Cynara should deny all accesses.
- PSNoUid ps("PkgIdG02T04", "UserG02T04", PrivCKMBoth);
- ps.Apply();
-
- PSUid ps2("", "", PrivNone);
- ps2.SetUid(ps.GetUid()+1);
- ps2.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "dataG02T04";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::APICodeToString(temp));
-}
-
-RUNNER_CHILD_TEST(G02T05_StorageNegative) {
- RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled.");
- // We have wrong privilege.
- // Cynara should deny all accesses to storage.
- PSNoUid ps("PkgIdG02T05", "UserG02T05", PrivCKMControl);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "dataG02T05";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::APICodeToString(temp));
-}
-
RUNNER_CHILD_TEST(G02T06_ExtendedPositive) {
// We are oridinary user with proper privileges.
- PS ps("PkgIdG02T06", "UserG02T06", PrivCKMExtended);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- const CKM::CryptoAlgorithm params;
- const CKM::Alias wrappingKeyAlias;
- const CKM::Password wrappingKeyPassword;
- const CKM::Alias alias;
- const CKM::Password password;
- CKM::RawBuffer data;
- CKM::RawBuffer wrappedKey;
-
- const CKM::KemType type = CKM::KemType::ML_KEM_768;
- const CKM::Alias privateKeyAlias;
- const CKM::Alias publicKeyAlias;
- const CKM::Alias firstSharedSecretAlias;
- const CKM::Alias secondSharedSecretAlias;
- const CKM::Alias newSharedSecretAlias;
- CKM::RawBuffer ciphertext;
-
- // We pass invalid data so we expect an error but it should not be ACCESS_DENIED as we have
- // proper privileges
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED != (temp = manager->wrapConcatenatedData(
- params, wrappingKeyAlias, wrappingKeyPassword, alias, password, data, wrappedKey)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED != (temp = manager->unwrapConcatenatedData(
- params, wrappingKeyAlias, wrappingKeyPassword, wrappedKey, alias, 0, CKM::Policy(), data)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED != (temp = manager->createKeyPairKEM(
- type, privateKeyAlias, publicKeyAlias, CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED != (temp = manager->encapsulateKey(
- params, publicKeyAlias, password, firstSharedSecretAlias, CKM::Policy(), ciphertext)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED != (temp = manager->decapsulateKey(
- params, privateKeyAlias, password, secondSharedSecretAlias, CKM::Policy(), ciphertext)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED != (temp = manager->deriveHybrid(
- params, firstSharedSecretAlias, password, secondSharedSecretAlias, password, newSharedSecretAlias, CKM::Policy())),
- "Error=" << CKM::APICodeToString(temp));
+ auto user = TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false);
+
+ AppInstallHelper app("PkgIdG01T03", user.getUid());
+ app.addPrivilege("http://tizen.org/privilege/keymanager.extended");
+ ScopedInstaller installer(app);
+
+ ScopedDBUnlock unlock(user.getUid(), "DummyPassword");
+
+ ScopedAppLauncher(app, [&]{
+ int temp;
+ auto manager = CKM::Manager::create();
+ const CKM::CryptoAlgorithm params;
+ const CKM::Alias wrappingKeyAlias;
+ const CKM::Password wrappingKeyPassword;
+ const CKM::Alias alias;
+ const CKM::Password password;
+ CKM::RawBuffer data;
+ CKM::RawBuffer wrappedKey;
+
+ const CKM::KemType type = CKM::KemType::ML_KEM_768;
+ const CKM::Alias privateKeyAlias;
+ const CKM::Alias publicKeyAlias;
+ const CKM::Alias firstSharedSecretAlias;
+ const CKM::Alias secondSharedSecretAlias;
+ const CKM::Alias newSharedSecretAlias;
+ CKM::RawBuffer ciphertext;
+
+ // We pass invalid data so we expect an error but it should not be ACCESS_DENIED as we have
+ // proper privileges
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED != (temp = manager->wrapConcatenatedData(
+ params, wrappingKeyAlias, wrappingKeyPassword, alias, password, data, wrappedKey)),
+ "Error=" << CKM::APICodeToString(temp));
+
+ temp = manager->unwrapConcatenatedData(params,
+ wrappingKeyAlias,
+ wrappingKeyPassword,
+ wrappedKey,
+ alias,
+ 0,
+ CKM::Policy(),
+ data);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED != temp,
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED != (temp = manager->createKeyPairKEM(
+ type, privateKeyAlias, publicKeyAlias, CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::APICodeToString(temp));
+
+ temp = manager->encapsulateKey(
+ params, publicKeyAlias, password, firstSharedSecretAlias, CKM::Policy(), ciphertext);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED != temp,
+ "Error=" << CKM::APICodeToString(temp));
+
+ temp = manager->decapsulateKey(params,
+ privateKeyAlias,
+ password,
+ secondSharedSecretAlias,
+ CKM::Policy(),
+ ciphertext);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED != temp,
+ "Error=" << CKM::APICodeToString(temp));
+
+ temp = manager->deriveHybrid(params,
+ firstSharedSecretAlias,
+ password,
+ secondSharedSecretAlias,
+ password,
+ newSharedSecretAlias,
+ CKM::Policy());
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED != temp,
+ "Error=" << CKM::APICodeToString(temp));
+ });
}
RUNNER_CHILD_TEST(G02T07_ExtendedNegative) {
// We have wrong privilege.
// Cynara should deny all accesses to the extended API.
- PS ps("PkgIdG02T07", "UserG02T07", PrivCKMStore);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- const CKM::CryptoAlgorithm params;
- const CKM::Alias wrappingKeyAlias;
- const CKM::Password wrappingKeyPassword;
- const CKM::Alias alias;
- const CKM::Password password;
- CKM::RawBuffer data;
- CKM::RawBuffer wrappedKey;
-
- const CKM::KemType type = CKM::KemType::ML_KEM_768;
- const CKM::Alias privateKeyAlias;
- const CKM::Alias publicKeyAlias;
- const CKM::Alias firstSharedSecretAlias;
- const CKM::Alias secondSharedSecretAlias;
- const CKM::Alias newSharedSecretAlias;
- CKM::RawBuffer ciphertext;
-
- // We expect to receive ACCESS_DENIED before the actual logic function is called (which would
- // return a different error because we pass invalid parameters)
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->wrapConcatenatedData(
- params, wrappingKeyAlias, wrappingKeyPassword, alias, password, data, wrappedKey)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->unwrapConcatenatedData(
- params, wrappingKeyAlias, wrappingKeyPassword, wrappedKey, alias, 0,
- CKM::Policy(), data)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairKEM(
- type, privateKeyAlias, publicKeyAlias, CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->encapsulateKey(
- params, publicKeyAlias, password, firstSharedSecretAlias, CKM::Policy(), ciphertext)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->decapsulateKey(
- params, privateKeyAlias, password, secondSharedSecretAlias, CKM::Policy(), ciphertext)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->deriveHybrid(
- params, firstSharedSecretAlias, password, secondSharedSecretAlias, password, newSharedSecretAlias, CKM::Policy())),
- "Error=" << CKM::APICodeToString(temp));
+ auto user = TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false);
+
+ AppInstallHelper app("PkgIdG01T03", user.getUid());
+ app.addPrivilege("http://tizen.org/privilege/keymanager");
+ ScopedInstaller installer(app);
+
+ ScopedDBUnlock unlock(user.getUid(), "DummyPassword");
+
+ ScopedAppLauncher(app, [&]{
+ int temp;
+ auto manager = CKM::Manager::create();
+ const CKM::CryptoAlgorithm params;
+ const CKM::Alias wrappingKeyAlias;
+ const CKM::Password wrappingKeyPassword;
+ const CKM::Alias alias;
+ const CKM::Password password;
+ CKM::RawBuffer data;
+ CKM::RawBuffer wrappedKey;
+
+ const CKM::KemType type = CKM::KemType::ML_KEM_768;
+ const CKM::Alias privateKeyAlias;
+ const CKM::Alias publicKeyAlias;
+ const CKM::Alias firstSharedSecretAlias;
+ const CKM::Alias secondSharedSecretAlias;
+ const CKM::Alias newSharedSecretAlias;
+ CKM::RawBuffer ciphertext;
+
+ // We expect to receive ACCESS_DENIED before the actual logic function is called (which
+ // would return a different error because we pass invalid parameters)
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->wrapConcatenatedData(
+ params, wrappingKeyAlias, wrappingKeyPassword, alias, password, data, wrappedKey)),
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->unwrapConcatenatedData(
+ params, wrappingKeyAlias, wrappingKeyPassword, wrappedKey, alias, 0,
+ CKM::Policy(), data)),
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairKEM(
+ type, privateKeyAlias, publicKeyAlias, CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::APICodeToString(temp));
+
+ temp = manager->encapsulateKey(params,
+ publicKeyAlias,
+ password,
+ firstSharedSecretAlias,
+ CKM::Policy(),
+ ciphertext);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp,
+ "Error=" << CKM::APICodeToString(temp));
+
+ temp = manager->decapsulateKey(params,
+ privateKeyAlias,
+ password,
+ secondSharedSecretAlias,
+ CKM::Policy(),
+ ciphertext);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp,
+ "Error=" << CKM::APICodeToString(temp));
+
+ temp = manager->deriveHybrid(params,
+ firstSharedSecretAlias,
+ password,
+ secondSharedSecretAlias,
+ password,
+ newSharedSecretAlias,
+ CKM::Policy());
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp,
+ "Error=" << CKM::APICodeToString(temp));
+ });
}
+++ /dev/null
-/*
- * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-smack.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-#include <sys/smack.h>
-
-#include <tests_common.h>
-
-#include <process-settings/change-smack.h>
-#include <scoped_process_label.h>
-
-namespace ProcessSettings {
-
-ChangeSmack::ChangeSmack(const Policy &policy)
- : m_policy(policy)
-{}
-
-void ChangeSmack::Apply() {
- m_processLabel.reset(new ScopedProcessLabel(m_policy.GetSmackLabel()));
-}
-
-void ChangeSmack::Revoke() {
- m_processLabel.reset();
-}
-
-ChangeSmack::~ChangeSmack() {}
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-smack.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <string>
-#include <memory>
-
-#include <process-settings/policy.h>
-
-class ScopedProcessLabel;
-
-namespace ProcessSettings {
-
-class ChangeSmack {
-public:
- ChangeSmack(const Policy &policy);
- void Apply();
- void Revoke();
- virtual ~ChangeSmack();
-private:
- const Policy &m_policy;
- std::unique_ptr<ScopedProcessLabel> m_processLabel;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-uid.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <unistd.h>
-
-#include <tests_common.h>
-
-#include <process-settings/change-uid.h>
-
-namespace ProcessSettings {
-
-ChangeUid::ChangeUid(const Policy &policy)
- : m_policy(policy)
-{}
-
-void ChangeUid::Apply() {
- m_originalUid = getuid();
- m_originalGid = getgid();
-
- RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_policy.GetGid()),
- "Error in setegid(" << m_policy.GetGid() << ")");
- RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_policy.GetUid()),
- "Error in seteuid(" << m_policy.GetUid() << ")");
-}
-
-void ChangeUid::Revoke() {
- RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_originalUid),
- "Error in seteuid(" << m_originalUid << ")");
- RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_originalGid),
- "Error in setegid(" << m_originalGid << ")");
-}
-
-ChangeUid::~ChangeUid() {}
-
-} // namespace ProcessSettings
-
-
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-uid.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class ChangeUid {
-public:
- ChangeUid(const Policy &policy);
-
- void Apply();
- void Revoke();
-
- virtual ~ChangeUid();
-private:
- const Policy &m_policy;
- uid_t m_originalUid;
- gid_t m_originalGid;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file create-user.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-
-#include <glib-object.h>
-#include <common/gum-user-types.h>
-
-#include <tests_common.h>
-
-#include <process-settings/create-user.h>
-
-namespace ProcessSettings {
-
-CreateUser::CreateUser(Policy &policy)
- : m_policy(policy)
- , m_userType(GUM_USERTYPE_NORMAL)
- , m_guser(nullptr)
-{}
-
-void CreateUser::Apply()
-{
- m_userName = m_policy.GetUserName();
- m_guser = gum_user_create_sync(false);
- RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object");
- g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL);
- g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL);
- gboolean added = gum_user_add_sync(m_guser);
- RUNNER_ASSERT_MSG(added, "Failed to add user: " << m_userName);
- g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL);
- RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0.");
- g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL);
- RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0.");
-
- m_policy.SetUid(m_uid);
- m_policy.SetGid(m_gid);
-}
-
-void CreateUser::Revoke() {
- if (m_guser) {
- gum_user_delete_sync(m_guser, TRUE);
- g_object_unref(m_guser);
- m_guser = nullptr;
- }
-}
-
-CreateUser::~CreateUser(){
- if (m_guser)
- g_object_unref(m_guser);
-}
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file create-user.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-#include <gum-user.h>
-#include <common/gum-user-types.h>
-
-#include <string>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class CreateUser {
-public:
- CreateUser(Policy &policy);
- void Apply();
- void Revoke();
- virtual ~CreateUser();
-private:
- Policy &m_policy;
- uid_t m_uid;
- gid_t m_gid;
- std::string m_userName;
- GumUserType m_userType;
- GumUser *m_guser;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file executor.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <stdlib.h>
-
-#include <iostream>
-
-#include <dpl/test/test_exception.h>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-template <typename PolicyArg, typename... Args>
-class Executor : public PolicyArg, public Args... {
-public:
- template <typename... T>
- Executor(T&&... t)
- : PolicyArg(std::forward<T>(t)...)
- , Args(static_cast<Policy&>(*this))...
- , m_applied(false)
- {}
-
- void Apply() {
- if (!m_applied) {
- m_applied = true;
- InternalApply<Args...>();
- }
- }
-
- void Revoke() {
- if (m_applied) {
- m_applied = false;
- InternalRevoke<Args...>();
- }
- }
-
- virtual ~Executor() {
- try {
- Revoke();
- } catch (const DPL::Test::TestException &e) {
- // This is bad. The rest of test will not work properly!
- std::cerr << "Error during cleaning up environment. "
- "The rest of test will probably fail." << e.GetMessage() << std::endl;
- }
- }
-
-private:
-
- template <typename First>
- void InternalApply() {
- First::Apply();
- }
-
- template <typename First, typename Second, typename... Rest>
- void InternalApply() {
- First::Apply();
- InternalApply<Second, Rest...>();
- }
-
- template <typename First>
- void InternalRevoke() {
- First::Revoke();
- }
-
- template <typename First, typename Second, typename... Rest>
- void InternalRevoke() {
- InternalRevoke<Second, Rest...>();
- First::Revoke();
- }
-
- bool m_applied;
-};
-
-} // namespace ProcessSetings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file install-app.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <security-manager.h>
-
-#include <tests_common.h>
-
-#include <process-settings/install-app.h>
-
-#define ERRORDESCRIBE(name) case name: return #name
-
-namespace {
-
-const char *ToString(int code) {
- switch(static_cast<lib_retcode>(code)) {
- ERRORDESCRIBE(SECURITY_MANAGER_SUCCESS);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_UNKNOWN);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_INPUT_PARAM);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_MEMORY);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_ACCESS_DENIED);
- default:
- return "Unknown code";
- }
-}
-
-} // namespace anonymous
-
-#undef ERRORDESCRIBE
-
-namespace ProcessSettings {
-
-InstallApp::InstallApp(const Policy &policy)
- : m_policy(policy)
- , m_req(nullptr, security_manager_app_inst_req_free)
-{}
-
-void InstallApp::Apply() {
- app_inst_req *whatever = nullptr;
-
- int retcode = security_manager_app_inst_req_new(&whatever);
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_new. Error: " << ToString(retcode));
-
- m_req.reset(whatever);
-
- retcode = security_manager_app_inst_req_set_app_id(m_req.get(), m_policy.GetAppId().c_str());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_set_app_id. Error: " << ToString(retcode));
-
- retcode = security_manager_app_inst_req_set_pkg_id(m_req.get(), m_policy.GetPkgId().c_str());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_set_pkg_id. Error: " << ToString(retcode));
-
- for(auto &e : m_policy.GetPrivileges()) {
- retcode = security_manager_app_inst_req_add_privilege(m_req.get(), e.c_str());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_add_privilege. Error: " << ToString(retcode));
- }
-
- retcode = security_manager_app_inst_req_set_uid(m_req.get(), m_policy.GetUid());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_set_uid. Error: " << ToString(retcode));
-
- retcode = security_manager_app_install(m_req.get());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_install. Error: " << ToString(retcode));
-}
-
-void InstallApp::Revoke() {
- if (m_req.get()) {
- int retcode = security_manager_app_uninstall(m_req.get());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_uninstall. Error: " << ToString(retcode));
- }
-}
-
-InstallApp::~InstallApp() {}
-
-} // ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file install-app.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-
-
-#pragma once
-
-#include <memory>
-#include <functional>
-
-#include <process-settings/policy.h>
-
-extern "C" {
-struct app_inst_req;
-typedef struct app_inst_req app_inst_req;
-} // extern "C"
-
-namespace ProcessSettings {
-
-class InstallApp {
-public:
- InstallApp(const Policy &policy);
-
- void Apply();
- void Revoke();
-
- virtual ~InstallApp();
-private:
- const Policy &m_policy;
- std::unique_ptr<app_inst_req, std::function<void(app_inst_req*)>> m_req;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file policy.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-
-#include <string>
-#include <vector>
-
-namespace ProcessSettings {
-typedef std::vector<std::string> PrivilegeVector;
-
-class Policy {
-public:
- virtual std::string GetUserName() const = 0;
- virtual void SetUserName(std::string) = 0;
- virtual gid_t GetGid() const = 0;
- virtual void SetGid(gid_t) = 0;
- virtual uid_t GetUid() const = 0;
- virtual void SetUid(uid_t) = 0;
- virtual std::string GetSmackLabel() const = 0;
- virtual void SetSmackLabel(std::string) = 0;
- virtual std::string GetAppId() const = 0;
- virtual void SetAppId(std::string) = 0;
- virtual std::string GetPkgId() const = 0;
- virtual void SetPkgId(std::string) = 0;
- virtual PrivilegeVector GetPrivileges() const = 0;
- virtual void SetPrivileges(PrivilegeVector) = 0;
- virtual ~Policy() {}
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file unlock-ckm.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <ckm/ckm-control.h>
-
-#include <ckm-common.h>
-#include <tests_common.h>
-
-#include <process-settings/unlock-ckm.h>
-
-namespace ProcessSettings {
-
-UnlockCkm::UnlockCkm(const Policy &policy)
- : m_policy(policy)
-{}
-
-void UnlockCkm::Apply() {
- int temp;
-
- m_uid = m_policy.GetUid();
-
- auto control = CKM::Control::create();
-
- // Let's clean up environment.
- // It will usually fails.
- control->removeUserData(m_uid);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(m_uid, "DummyPassword")),
- "Error=" << CKM::APICodeToString(temp));
-
-}
-
-void UnlockCkm::Revoke() {
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(m_uid)),
- "Error=" << CKM::APICodeToString(temp));
-}
-
-UnlockCkm::~UnlockCkm() {}
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file unlock-ckm.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-
-#include <string>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class UnlockCkm {
-public:
- UnlockCkm(const Policy &policy);
- void Apply();
- void Revoke();
- virtual ~UnlockCkm();
-private:
- const Policy &m_policy;
- uid_t m_uid;
-};
-
-} // namespace ProcessSettings
-
-
projects / platform / core / test / security-tests.git / commitdiff