SET(TARGET_CKM_TESTS "ckm-tests")
SET(CKM_SOURCES
+ ${PROJECT_SOURCE_DIR}/tests/ckm/access_provider2.cpp
${PROJECT_SOURCE_DIR}/tests/ckm/main.cpp
${PROJECT_SOURCE_DIR}/tests/ckm/capi-testcases.cpp
${PROJECT_SOURCE_DIR}/tests/ckm/capi-access_control.cpp
)
INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/tests/common/
- ${PROJECT_SOURCE_DIR}/tests/ckm/)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/tests/common/ )
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/tests/ckm/ )
ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file access_provider.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Common functions and macros used in security-tests package.
+ */
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/smack.h>
+
+#include <access_provider2.h>
+
+#include <tests_common.h>
+
+AccessProvider::AccessProvider(const std::string &mySubject)
+ : m_mySubject(mySubject)
+{}
+
+void AccessProvider::allowAPI(const std::string &api, const std::string &rule) {
+ m_smackAccess.add(m_mySubject, api, rule);
+}
+
+void AccessProvider::apply() {
+ m_smackAccess.apply();
+}
+
+void AccessProvider::applyAndSwithToUser(int uid, int gid) {
+ RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
+ "Error in smack_revoke_subject(" << m_mySubject << ")");
+ apply();
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()),
+ "Error in smack_set_label_for_self.");
+ RUNNER_ASSERT_MSG(0 == setgid(gid),
+ "Error in setgid.");
+ RUNNER_ASSERT_MSG(0 == setuid(uid),
+ "Error in setuid.");
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file access_provider.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Common functions and macros used in security-tests package.
+ */
+#ifndef _ACCESS_FOR_DUMMIES_H_
+#define _ACCESS_FOR_DUMMIES_H_
+
+#include <string>
+
+#include <smack_access.h>
+
+class AccessProvider {
+public:
+ AccessProvider(const std::string &mySubject);
+
+ AccessProvider(const AccessProvider &second) = delete;
+ AccessProvider& operator=(const AccessProvider &second) = delete;
+
+ void allowAPI(const std::string &api, const std::string &rules);
+ void apply();
+ void applyAndSwithToUser(int uid, int gid);
+
+ virtual ~AccessProvider(){}
+private:
+ std::string m_mySubject;
+ SmackAccess m_smackAccess;
+};
+
+#endif // _ACCESS_FOR_DUMMIES_H_
+
#include <tests_common.h>
#include <ckm-common.h>
+#include <access_provider2.h>
#include <ckmc/ckmc-manager.h>
#include <ckmc/ckmc-control.h>
const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
-
void save_data(const char* alias)
{
ckmc_raw_buffer_s buffer;
// invalid arguments check
RUNNER_TEST(T3001_manager_allow_access_invalid)
{
- RUNNER_ASSERT_BT(
+ RUNNER_ASSERT(
CKMC_ERROR_INVALID_PARAMETER == ckmc_allow_access(NULL, "accessor", CKMC_AR_READ));
- RUNNER_ASSERT_BT(
+ RUNNER_ASSERT(
CKMC_ERROR_INVALID_PARAMETER == ckmc_allow_access("alias", NULL, CKMC_AR_READ));
}
// invalid arguments check
RUNNER_TEST(T3002_manager_deny_access_invalid)
{
- RUNNER_ASSERT_BT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access(NULL, "accessor"));
- RUNNER_ASSERT_BT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access("alias", NULL));
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access(NULL, "accessor"));
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access("alias", NULL));
}
// tries to allow access for non existing alias
{
int ret;
ret = ckmc_allow_access_by_adm(USER_ROOT, NULL, "alias", "accessor", CKMC_AR_READ);
- RUNNER_ASSERT_BT(CKMC_ERROR_INVALID_PARAMETER == ret);
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", NULL, "accessor", CKMC_AR_READ);
- RUNNER_ASSERT_BT(CKMC_ERROR_INVALID_PARAMETER == ret);
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", "alias", NULL, CKMC_AR_READ);
- RUNNER_ASSERT_BT(CKMC_ERROR_INVALID_PARAMETER == ret);
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
}
// invalid argument check
RUNNER_TEST(T3102_control_deny_access_invalid)
{
- RUNNER_ASSERT_BT(CKMC_ERROR_INVALID_PARAMETER ==
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
ckmc_deny_access_by_adm(USER_ROOT, NULL, "alias", "accessor"));
- RUNNER_ASSERT_BT(CKMC_ERROR_INVALID_PARAMETER ==
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
ckmc_deny_access_by_adm(USER_ROOT, "owner", NULL, "accessor"));
- RUNNER_ASSERT_BT(CKMC_ERROR_INVALID_PARAMETER ==
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
ckmc_deny_access_by_adm(USER_ROOT, "owner", "alias", NULL));
}
#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
-#include <access_provider.h>
+#include <access_provider2.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
RUNNER_CHILD_TEST(T3026_user_app_save_key_C_API)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T3027_app_user_save_keys_exportable_flag)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
{
int temp;
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T3101_CAPI_init_lock_key)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T3102_CAPI_unlock_default_passwd)
{
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T3103_CAPI_init_change_user_password)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T3104_CAPI_unlock_default_passwd_negative)
{
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T3109_CAPI_deinit)
{
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
}
#include <sys/smack.h>
#include <ckm-common.h>
#include <tests_common.h>
-#include <access_provider.h>
+#include <access_provider2.h>
#include <ckm/ckm-manager.h>
void switch_to_storage_user(const char* label)
{
- SecurityServer::AccessProvider ap(label);
+ AccessProvider ap(label);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(APP_UID, APP_GID);
}
void switch_to_storage_ocsp_user(const char* label)
{
- SecurityServer::AccessProvider ap(label);
+ AccessProvider ap(label);
ap.allowAPI("key-manager::api-storage", "rw");
ap.allowAPI("key-manager::api-ocsp", "rw");
ap.applyAndSwithToUser(APP_UID, APP_GID);
#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
-#include <access_provider.h>
+#include <access_provider2.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
RUNNER_CHILD_TEST(T1013_user_app_save_key)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- SecurityServer::AccessProvider ap("mylabel-rsa");
+ AccessProvider ap("mylabel-rsa");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- SecurityServer::AccessProvider ap("mylabel-dsa");
+ AccessProvider ap("mylabel-dsa");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1510_init_unlock_key)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
RUNNER_CHILD_TEST(T1511_init_insert_data)
{
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
RUNNER_CHILD_TEST(T1519_deinit)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1610_init_lock_key)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1611_unlock_default_passwd)
{
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1612_init_change_user_password)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative)
{
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1619_deinit)
{
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
}
RUNNER_CHILD_TEST(T1702_init_insert_data)
{
int temp;
- SecurityServer::AccessProvider ap("t170-special-label");
+ AccessProvider ap("t170-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
RUNNER_CHILD_TEST(T1704_data_test)
{
int temp;
- SecurityServer::AccessProvider ap("t170-special-label");
+ AccessProvider ap("t170-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
RUNNER_CHILD_TEST(T17102_prep_data_01)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label");
+ AccessProvider ap("t1706-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17103_prep_data_02)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label2");
+ AccessProvider ap("t1706-special-label2");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17104_prep_data_03)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label");
+ AccessProvider ap("t1706-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
RUNNER_CHILD_TEST(T17105_prep_data_04)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label2");
+ AccessProvider ap("t1706-special-label2");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
RUNNER_CHILD_TEST(T17107_check_data_01)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label");
+ AccessProvider ap("t1706-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17108_check_data_02)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label2");
+ AccessProvider ap("t1706-special-label2");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17110_check_data_03)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label");
+ AccessProvider ap("t1706-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
RUNNER_CHILD_TEST(T17111_check_data_04)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label2");
+ AccessProvider ap("t1706-special-label2");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);