#include <iostream>
#include <iomanip>
#include <exception>
+#include <grp.h>
#define DEFINETOSTR(name) case name: return #name
{
std::stringstream ss;
toString(ss, uuid.timeLow);
+#ifdef TEF_BACKEND_OPTEE
+ // OpTEE use uuid format defined in RFC4122
+ ss << "-";
+ toString(ss, uuid.timeMid);
+ ss << "-";
+ toString(ss, uuid.timeHiAndVersion);
+ ss << "-";
+ toString(ss, uuid.clockSeqAndNode[0]);
+ toString(ss, uuid.clockSeqAndNode[1]);
+ ss << "-";
+ toString(ss, uuid.clockSeqAndNode[2]);
+ toString(ss, uuid.clockSeqAndNode[3]);
+ toString(ss, uuid.clockSeqAndNode[4]);
+ toString(ss, uuid.clockSeqAndNode[5]);
+ toString(ss, uuid.clockSeqAndNode[6]);
+ toString(ss, uuid.clockSeqAndNode[7]);
+ ss << ".ta";
+#else // TEF_BACKEND_OPTEE
toString(ss, uuid.timeMid);
toString(ss, uuid.timeHiAndVersion);
toString(ss, uuid.clockSeqAndNode);
+#endif // TEF_BACKEND_OPTEE
return ss.str();
}
std::string src_path = TA_FILES_DIR + m_uuidStr;
std::string dest_path = m_path + m_uuidStr;
- RUNNER_ASSERT_MSG(std::ifstream(src_path).good(), "TA file not found in test assets");
+ RUNNER_ASSERT_MSG(std::ifstream(src_path).good(), "TA file not found in test assets: "
+ << TA_FILES_DIR + m_uuidStr);
std::ifstream src(src_path, std::ios::binary);
std::ofstream dest(dest_path, std::ios::binary);
dest << src.rdbuf();
- RUNNER_ASSERT_MSG(isInstalled(), "Installing test TA failed");
+ RUNNER_ASSERT_MSG(isInstalled(), "Installing test TA failed: " << dest_path);
int res = smack_set_label_for_path(dest_path.c_str(), XATTR_NAME_SMACK, 1, "_");
RUNNER_ASSERT_MSG(res >= 0, "Failed to set smack label on TA file");
}
std::string rmPath = m_path + m_uuidStr;
std::remove(rmPath.c_str());
+#ifndef TEF_BACKEND_OPTEE
std::string extPath = m_path + m_uuidStr + "-ext/";
std::string extPathUuid = extPath + m_uuidStr;
std::remove(rmPath.c_str());
rmPath = extPath;
std::remove(rmPath.c_str());
+#endif // TEF_BACKEND_OPTEE
+
} catch (std::exception& e) {
std::cerr << "Exception thrown in SystemTa destructor: " << e.what() << std::endl;
} catch (...) {
"Opening libteec session returned wrong value: " << errToString(res)
<< ", expected: " << errToString(desiredResult));
- uint32_t desiredOrigin = isTeeEnabled ? TEEC_ORIGIN_TEE : TEEC_ORIGIN_API;
+ uint32_t desiredOrigin = isTeeEnabled ? TEEC_ORIGIN_TRUSTED_APP : TEEC_ORIGIN_API;
RUNNER_ASSERT_MSG(returnOrigin == desiredOrigin,
"Wrong return origin from TEEC_OpenSession: " << originToString(returnOrigin)
<< ", expected: " << originToString(desiredOrigin));
"Opening libteec session returned wrong value: " << errToString(res)
<< ", expected: " << errToString(desiredResult));
- uint32_t desiredOrigin = isTeeEnabled ? TEEC_ORIGIN_TEE : TEEC_ORIGIN_API;
+ uint32_t desiredOrigin = isTeeEnabled ? TEEC_ORIGIN_TRUSTED_APP : TEEC_ORIGIN_API;
RUNNER_ASSERT_MSG(returnOrigin == desiredOrigin,
"Wrong return origin from TEEC_OpenSession: " << originToString(returnOrigin)
<< ", expected: " << originToString(desiredOrigin));
runInChildParentWait(fun);
}
+static int removeGroup(size_t group_id)
+{
+ gid_t *group;
+ int ngroups, ret;
+ long ngroups_max;
+
+ ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
+ group = (gid_t *) malloc(ngroups_max *sizeof(gid_t));
+
+ ngroups = getgroups(ngroups_max, group);
+ if (ngroups <= 0) {
+ ret = ngroups;
+ goto exit;
+ }
+ for (int i = 0; i < ngroups - 1; ++i) {
+ if (group[i] == group_id) {
+ group[i] = group[i + 1];
+ group[i + 1] = group_id;
+ }
+ }
+
+ ret = setgroups(ngroups - 1, group);
+
+exit:
+ free(group);
+ return ret;
+}
+
RUNNER_CHILD_TEST(libteec_03_try_use_libteec_with_no_cynara_perm_as_app)
{
TemporaryTestUser tmpUser("libteec_03_test_user", GUM_USERTYPE_NORMAL, false);
(NULL, &TEEC_FinalizeContext);
SecurityManagerTest::Api::setProcessLabel(app.getAppId());
+
+ RUNNER_ASSERT_MSG(0 == removeGroup(10013),
+ "Dropping priv_tee_client(10013) group failed");
+
RUNNER_ASSERT_ERRNO_MSG(
drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
"drop_root_privileges failed");
TEEC_Result res = TEEC_InitializeContext(NULL, &context);
contextPtr.reset(&context);
+ // OpTEE return TEEC_ERROR_ITEM_NOT_FOUND, when cannot access to /dev/tee
TEEC_Result desiredResult = isTeeEnabled ? TEEC_ERROR_ACCESS_DENIED : TEEC_ERROR_NOT_SUPPORTED;
RUNNER_ASSERT_MSG(res == desiredResult,
"Initializing context returned wrong error code: " << errToString(res)
};
runInChildParentWait(fun);
-}
\ No newline at end of file
+}
projects / platform / core / test / security-tests.git / commitdiff