From: Krzysztof Jackiewicz Date: Wed, 2 Apr 2025 14:25:34 +0000 (+0200) Subject: Adjust "permanent" tests to no-smack X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=86e10b5d63ec6343a046aa093679cb3438c94b90;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Adjust "permanent" tests to no-smack ckm-privileged-tests --group=T151_CKM_STORAGE_PERMANENT_TESTS Change-Id: I50c25c59257586708c575ff443e9b480b1b1b72e --- diff --git a/src/ckm/privileged/main.cpp b/src/ckm/privileged/main.cpp index 11cdda3e..9172ced1 100644 --- a/src/ckm/privileged/main.cpp +++ b/src/ckm/privileged/main.cpp @@ -16,348 +16,265 @@ #include #include -#include -#include - -#include +#include #include #include #include #include -#include #include #include #include +#include +#include +#include #include #include -#include #include -#include - -#include -#include namespace { -const gid_t GROUP_ID = 5000; - const char * const APP_PASS = "user-pass"; -const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR; -const CKM::AliasVector EMPTY_ALIAS_VECTOR; -} // namespace anonymous - -/* - * How to numerate tests: - * TABCD_NAME - * T - test case (always T) - * AB - number of test group (always two digits) - * C - test number in group (all tests with same TABC must be run in the same time). - * D - subtest. - */ - -RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS); +uid_t USER_ID; +uid_t USER_ID2; +std::string PKG_ID; -RUNNER_TEST(T1510_init_unlock_key) -{ - reset_user_data(OWNER_USER_ID, APP_PASS); -} +std::unique_ptr USER1_APP1; +std::unique_ptr USER1_APP2; +std::unique_ptr USER2_APP1; +std::unique_ptr USER2_APP2; -RUNNER_TEST(T1511_insert_data) +class AppInstallationFixture: public DPL::Test::TestGroup { - auto certee = TestData::getTestCertificate(TestData::TEST_LEAF); - auto certim = TestData::getTestCertificate(TestData::TEST_IM_CA); - CKM::Alias certeeAlias("CertEE"); - CKM::Alias certimAlias("CertIM"); +public: + void Init() override { - ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS); - ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID, GROUP_ID); + m_user = std::make_unique( + TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false)); + USER_ID = m_user->getUid(); - auto manager = CKM::Manager::create(); - RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy())); - RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy())); - } - - // restart CKM - stop_service(MANAGER); - start_service(MANAGER); + m_user2 = std::make_unique( + TestUser::createTemporary("ckm_test_user2", GUM_USERTYPE_NORMAL, false)); + USER_ID2 = m_user2->getUid(); - // actual test - { - ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS); - ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID, GROUP_ID); - - auto manager = CKM::Manager::create(); - int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy()); - int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy()); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_EXISTS == status1, - "Certificate should be in database already. Error=" << CKM::APICodeToString(status1)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_EXISTS == status2, - "Certificate should be in database already. Error=" << CKM::APICodeToString(status2)); - } -} + USER1_APP1 = std::make_unique("ckm_test_app", m_user->getUid()); + m_installer = std::make_unique(*USER1_APP1); -RUNNER_TEST(T1519_deinit) -{ - remove_user_data(OWNER_USER_ID); -} + USER1_APP2 = std::make_unique("ckm_test_app2", m_user->getUid()); + m_installer2 = std::make_unique(*USER1_APP2); -RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS); + USER2_APP1 = std::make_unique("ckm_test_app", m_user2->getUid()); -RUNNER_TEST(T1701_init_unlock_key) -{ - unlock_user_data(OWNER_USER_ID+1, "t170-special-password"); + USER2_APP2 = std::make_unique("ckm_test_app2", m_user2->getUid()); - ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+1, GROUP_ID); -} + PKG_ID = USER1_APP1->getPkgId(); + } -RUNNER_CHILD_TEST(T1702_insert_data) -{ - int temp; - ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+1, GROUP_ID); + void Finish() override + { + m_installer2.reset(); + m_installer.reset(); + m_user2.reset(); + m_user.reset(); + } - auto certee = TestData::getTestCertificate(TestData::TEST_LEAF); +private: + std::unique_ptr m_installer; + std::unique_ptr m_installer2; + std::unique_ptr m_user2; + std::unique_ptr m_user; +}; +void checkAppDataPresence(bool present) { + size_t expected = present ? 1 : 0; + CKM::AliasVector av; + int err; auto manager = CKM::Manager::create(); - size_t current_aliases_num = count_aliases(ALIAS_CERT); - int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy()); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == status1, - "Could not put certificate in datbase. Error=" << CKM::APICodeToString(status1)); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (err = manager->getDataAliasVector(av)), + "Error=" << CKM::APICodeToString(err)); + RUNNER_ASSERT_MSG(expected == av.size(), + "Vector size: " << av.size() << ". Expected: " << expected); +}; - CKM::AliasVector av; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)), - "Error=" << CKM::APICodeToString(temp)); - RUNNER_ASSERT_MSG( - (current_aliases_num+1) == static_cast(temp = av.size()), - "Vector size: " << temp << ". Expected: " << (current_aliases_num+1)); +CKM::CertificateShPtr certEE() { + static auto cert = TestData::getTestCertificate(TestData::TEST_LEAF); + return cert; } - -RUNNER_TEST(T1703_removeApplicationData) -{ - int tmp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)), - "Error=" << CKM::APICodeToString(tmp)); +CKM::CertificateShPtr certIM() { + static auto cert = TestData::getTestCertificate(TestData::TEST_IM_CA); + return cert; } +const CKM::Alias CERT_EE_ALIAS("CertEE"); +const CKM::Alias CERT_IM_ALIAS("CertIM"); -RUNNER_CHILD_TEST(T1704_data_test) +class RestartFixture { - int temp; - ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+1, GROUP_ID); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); +public: + void init(const std::string &) { + auto unlock = std::make_unique(USER_ID, APP_PASS); + ScopedAppLauncher(*USER1_APP1, [&]{ + auto manager = CKM::Manager::create(); + auto ret = manager->saveCertificate(CERT_EE_ALIAS, certEE(), CKM::Policy()); + if (ret != CKM_API_SUCCESS) + RUNNER_ERROR_MSG("CERT_EE saving failed: " << ret); + + ret = manager->saveCertificate(CERT_IM_ALIAS, certIM(), CKM::Policy()); + if (ret != CKM_API_SUCCESS) + RUNNER_ERROR_MSG("CERT_IM saving failed: " << ret); + }); + } + void finish() { + auto unlock = std::make_unique(USER_ID, APP_PASS); + ScopedAppLauncher(*USER1_APP1, [&]{ + auto manager = CKM::Manager::create(); + auto ret = manager->removeAlias(CERT_EE_ALIAS); + if (ret != CKM_API_SUCCESS) + RUNNER_ERROR_MSG("CERT_EE removal failed: " << ret); + + ret = manager->removeAlias(CERT_IM_ALIAS); + if (ret != CKM_API_SUCCESS) + RUNNER_ERROR_MSG("CERT_IM removal failed: " << ret); + }); + } +}; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)), - "Error=" << CKM::APICodeToString(temp)); - RUNNER_ASSERT_MSG( - 0 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 0"); -} +} // namespace anonymous -RUNNER_TEST(T1705_deinit) -{ - remove_user_data(OWNER_USER_ID+1); -} +RUNNER_TEST_GROUP_INIT_ENV(T151_CKM_STORAGE_PERMANENT_TESTS, AppInstallationFixture); -RUNNER_TEST(T17101_init) +RUNNER_CHILD_TEST(T1510_restart_test, RestartFixture) { - int tmp; - - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(OWNER_USER_ID+2)), - "Error=" << CKM::APICodeToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(OWNER_USER_ID+2)), - "Error=" << CKM::APICodeToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(OWNER_USER_ID+2, "t1706-special-password")), - "Error=" << CKM::APICodeToString(tmp)); + stop_service(MANAGER); + start_service(MANAGER); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(OWNER_USER_ID+3)), - "Error=" << CKM::APICodeToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(OWNER_USER_ID+3)), - "Error=" << CKM::APICodeToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(OWNER_USER_ID+3, "t1706-special-password")), - "Error=" << CKM::APICodeToString(tmp)); + auto unlock = std::make_unique(USER_ID, APP_PASS); + ScopedAppLauncher(*USER1_APP1, [&]{ + auto manager = CKM::Manager::create(); + int status1 = manager->saveCertificate(CERT_EE_ALIAS, certEE(), CKM::Policy()); + int status2 = manager->saveCertificate(CERT_IM_ALIAS, certIM(), CKM::Policy()); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_EXISTS == status1, + "Certificate should be in database already. Error=" << CKM::APICodeToString(status1)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_EXISTS == status2, + "Certificate should be in database already. Error=" << CKM::APICodeToString(status2)); + }); } -RUNNER_CHILD_TEST(T17102_prep_data_01) +RUNNER_CHILD_TEST(T1520_remove_app_cert) { + SynchronizationPipe syncPipe; int temp; - ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+2, GROUP_ID); + ScopedDBUnlock unlock(USER_ID, APP_PASS); + ScopedAppLauncher app1(*USER1_APP1, [&]{ + auto certee = TestData::getTestCertificate(TestData::TEST_LEAF); - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4"; + auto manager = CKM::Manager::create(); + int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy()); - CKM::RawBuffer buffer(data.begin(), data.end()); - CKM::Policy exportable(CKM::Password(), true); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == status1, + "Could not put certificate in datbase. Error=" << CKM::APICodeToString(status1)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)), - "Error=" << CKM::APICodeToString(temp)); -} + ScopedRemoveData srd("CertEEE"); -RUNNER_CHILD_TEST(T17103_prep_data_02) -{ - int temp; - ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+2, GROUP_ID); + CKM::AliasVector av; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)), + "Error=" << CKM::APICodeToString(temp)); + RUNNER_ASSERT_MSG(1 == av.size(), "Vector size: " << av.size() << ". Expected: " << 1); - CKM::AliasVector av; - auto manager = CKM::Manager::create(); + syncPipe.claimChildEp(); + syncPipe.post(); + syncPipe.wait(); // wait for removal - std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4"; + av.clear(); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)), + "Error=" << CKM::APICodeToString(temp)); + RUNNER_ASSERT_MSG(av.empty(), "Vector size: " << av.size() << ". Expected: 0"); + }); - CKM::RawBuffer buffer(data.begin(), data.end()); - CKM::Policy exportable(CKM::Password(), true); + syncPipe.claimParentEp(); + syncPipe.wait(); // wait for save & get + auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)), + CKM_API_SUCCESS == (temp = control->removeApplicationData(PKG_ID)), "Error=" << CKM::APICodeToString(temp)); -} - -RUNNER_CHILD_TEST(T17104_prep_data_03) -{ - int temp; - ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+3, GROUP_ID); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4"; - - CKM::RawBuffer buffer(data.begin(), data.end()); - CKM::Policy exportable(CKM::Password(), true); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)), - "Error=" << CKM::APICodeToString(temp)); + syncPipe.post(); } -RUNNER_CHILD_TEST(T17105_prep_data_04) +RUNNER_CHILD_TEST(T1530_remove_app_data) { int temp; - ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+3, GROUP_ID); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4"; + std::array syncPipe; - CKM::RawBuffer buffer(data.begin(), data.end()); - CKM::Policy exportable(CKM::Password(), true); + ScopedDBUnlock unlock(USER_ID, APP_PASS); + ScopedDBUnlock unlock2(USER_ID2, APP_PASS); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)), - "Error=" << CKM::APICodeToString(temp)); -} + ScopedAppLauncher user1_app1(*USER1_APP1, [&]{ + // user1 app1 + ScopedSaveData ssd("data1", data.c_str()); -RUNNER_TEST(T17106_remove_application) -{ - int tmp; + syncPipe[0].claimChildEp(); + syncPipe[0].post(); + syncPipe[0].wait(); // wait for app removal - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(OWNER_USER_ID+3)), - "Error=" << CKM::APICodeToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)), - "Error=" << CKM::APICodeToString(tmp)); -} + checkAppDataPresence(false); + }); -RUNNER_CHILD_TEST(T17107_check_data_01) -{ - int temp; - ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+2, GROUP_ID); + ScopedAppLauncher user1_app2(*USER1_APP2, [&]{ + // user1 app2 + ScopedSaveData ssd("data2", data.c_str()); - CKM::AliasVector av; - auto manager = CKM::Manager::create(); + syncPipe[1].claimChildEp(); + syncPipe[1].post(); + syncPipe[1].wait(); // wait for app removal - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)), - "Error=" << CKM::APICodeToString(temp)); - RUNNER_ASSERT_MSG( - 0 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 0"); -} + checkAppDataPresence(true); + }); -RUNNER_CHILD_TEST(T17108_check_data_02) -{ - int temp; - ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+2, GROUP_ID); + ScopedAppLauncher user2_app1(*USER2_APP1, [&]{ + // user2 app1 + ScopedSaveData ssd("data3", data.c_str()); - CKM::AliasVector av; - auto manager = CKM::Manager::create(); + syncPipe[2].claimChildEp(); + syncPipe[2].post(); + syncPipe[2].wait(); // wait for app removal - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)), - "Error=" << CKM::APICodeToString(temp)); - RUNNER_ASSERT_MSG( - 1 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 1"); -} + checkAppDataPresence(false); + }); -RUNNER_TEST(T17109_unlock_user2) -{ - int tmp; + ScopedAppLauncher user2_app2(*USER2_APP2, [&]{ + // user2 app2 + ScopedSaveData ssd("data4", data.c_str()); - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(OWNER_USER_ID+3, "t1706-special-password")), - "Error=" << CKM::APICodeToString(tmp)); -} + syncPipe[3].claimChildEp(); + syncPipe[3].post(); + syncPipe[3].wait(); // wait for app removal -RUNNER_CHILD_TEST(T17110_check_data_03) -{ - int temp; - ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+3, GROUP_ID); + checkAppDataPresence(true); + }); - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)), - "Error=" << CKM::APICodeToString(temp)); - RUNNER_ASSERT_MSG( - 0 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 0"); -} - -RUNNER_CHILD_TEST(T17111_check_data_04) -{ - int temp; - ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+3, GROUP_ID); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); + for (size_t i = 0; i < sizeof(syncPipe) / sizeof(syncPipe[0]); ++i) { + syncPipe[i].claimParentEp(); + syncPipe[i].wait(); // wait for save + } - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)), - "Error=" << CKM::APICodeToString(temp)); - RUNNER_ASSERT_MSG( - 1 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 1"); -} + // remove app1 as root + auto control = CKM::Control::create(); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeApplicationData(PKG_ID)), + "Error=" << CKM::APICodeToString(temp)); -RUNNER_TEST(T17112_deinit) -{ - remove_user_data(OWNER_USER_ID+2); - remove_user_data(OWNER_USER_ID+3); + for (size_t i = 0; i < syncPipe.size(); ++i) { + syncPipe[i].post(); + } } int main(int argc, char *argv[])