From: Krzysztof Jackiewicz Date: Tue, 13 May 2025 09:10:21 +0000 (+0200) Subject: Adjust ckm-integration-tests to no-smack X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b0ccaf37fb0c1eb0f15da2d0ee203f198eb825c0;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Adjust ckm-integration-tests to no-smack All should pass Change-Id: I10a10cf92170197ae538ce3eb970d6d9f069dd6a --- diff --git a/src/ckm-integration/CMakeLists.txt b/src/ckm-integration/CMakeLists.txt index 69e88687..a9e14af2 100644 --- a/src/ckm-integration/CMakeLists.txt +++ b/src/ckm-integration/CMakeLists.txt @@ -28,12 +28,6 @@ SET(CKMI_SOURCES_DIR ${PROJECT_SOURCE_DIR}/src/ckm-integration) SET(CKMI_SOURCES ${PROJECT_SOURCE_DIR}/src/ckm/ckm-common.cpp - ${CKMI_SOURCES_DIR}/process-settings/change-uid.cpp - ${CKMI_SOURCES_DIR}/process-settings/create-user.cpp - ${CKMI_SOURCES_DIR}/process-settings/change-smack.cpp - ${CKMI_SOURCES_DIR}/process-settings/install-app.cpp - ${CKMI_SOURCES_DIR}/process-settings/unlock-ckm.cpp - ${CKMI_SOURCES_DIR}/ckm-policy.cpp ${CKMI_SOURCES_DIR}/group01.cpp ${CKMI_SOURCES_DIR}/group02.cpp ${CKMI_SOURCES_DIR}/main.cpp diff --git a/src/ckm-integration/ckm-policy.cpp b/src/ckm-integration/ckm-policy.cpp deleted file mode 100644 index e5525820..00000000 --- a/src/ckm-integration/ckm-policy.cpp +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file ckm-policy.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include - -#include - -CKMPolicy::CKMPolicy( - std::string pkgId, - std::string userName, - ProcessSettings::PrivilegeVector priv) - : m_userName(std::move(userName)) - , m_pkgId(pkgId) - , m_appId(std::move(pkgId)) - , m_privileges(std::move(priv)) -{ - std::stringstream ss; - ss << "User::Pkg::" << m_pkgId; - m_smackLabel = ss.str(); -} - -std::string CKMPolicy::GetUserName() const { - return m_userName; -} - -void CKMPolicy::SetUserName(std::string userName) { - m_userName = std::move(userName); -} - -gid_t CKMPolicy::GetGid() const { - return m_gid; -} - -void CKMPolicy::SetGid(gid_t gid) { - m_gid = gid; -} - -uid_t CKMPolicy::GetUid() const { - return m_uid; -} - -void CKMPolicy::SetUid(uid_t uid) { - m_uid = uid; -} - -std::string CKMPolicy::GetSmackLabel() const { - return m_smackLabel; -} - -void CKMPolicy::SetSmackLabel(std::string label) { - m_smackLabel = std::move(label); -} - -std::string CKMPolicy::GetAppId() const { - return m_appId; -} - -void CKMPolicy::SetAppId(std::string appId) { - m_appId = std::move(appId); -} - -std::string CKMPolicy::GetPkgId() const { - return m_pkgId; -} - -void CKMPolicy::SetPkgId(std::string pkgId) { - m_pkgId = std::move(pkgId); -} - -ProcessSettings::PrivilegeVector CKMPolicy::GetPrivileges() const { - return m_privileges; -} - -void CKMPolicy::SetPrivileges(ProcessSettings::PrivilegeVector priv) { - m_privileges = std::move(priv); -} - -const ProcessSettings::PrivilegeVector PrivNone; -const ProcessSettings::PrivilegeVector PrivCKMBoth { - "http://tizen.org/privilege/keymanager", - "http://tizen.org/privilege/keymanager.admin"}; -const ProcessSettings::PrivilegeVector PrivCKMControl { - "http://tizen.org/privilege/keymanager.admin"}; -const ProcessSettings::PrivilegeVector PrivCKMStore { - "http://tizen.org/privilege/keymanager"}; -const ProcessSettings::PrivilegeVector PrivCKMExtended { - "http://tizen.org/privilege/keymanager.extended"}; - - diff --git a/src/ckm-integration/ckm-policy.h b/src/ckm-integration/ckm-policy.h deleted file mode 100644 index 2f37be80..00000000 --- a/src/ckm-integration/ckm-policy.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file ckm-policy.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include -#include -#include -#include -#include -#include -#include - -class CKMPolicy : public ProcessSettings::Policy { -public: - CKMPolicy( - std::string pkgId, - std::string userName, - ProcessSettings::PrivilegeVector priv); - virtual std::string GetUserName() const; - virtual void SetUserName(std::string); - virtual gid_t GetGid() const; - virtual void SetGid(gid_t); - virtual uid_t GetUid() const; - virtual void SetUid(uid_t); - virtual std::string GetSmackLabel() const; - virtual void SetSmackLabel(std::string); - virtual std::string GetAppId() const; - virtual void SetAppId(std::string); - virtual std::string GetPkgId() const; - virtual void SetPkgId(std::string); - virtual ProcessSettings::PrivilegeVector GetPrivileges() const; - virtual void SetPrivileges(ProcessSettings::PrivilegeVector); - virtual ~CKMPolicy() {} -private: - uid_t m_uid; - gid_t m_gid; - std::string m_userName; - std::string m_smackLabel; - std::string m_pkgId; - std::string m_appId; - ProcessSettings::PrivilegeVector m_privileges; -}; - -extern const ProcessSettings::PrivilegeVector PrivNone; -extern const ProcessSettings::PrivilegeVector PrivCKMBoth; -extern const ProcessSettings::PrivilegeVector PrivCKMControl; -extern const ProcessSettings::PrivilegeVector PrivCKMStore; -extern const ProcessSettings::PrivilegeVector PrivCKMExtended; - diff --git a/src/ckm-integration/group01.cpp b/src/ckm-integration/group01.cpp index e7db45df..3e768efb 100644 --- a/src/ckm-integration/group01.cpp +++ b/src/ckm-integration/group01.cpp @@ -30,63 +30,53 @@ #include #include -#include - -typedef ProcessSettings::Executor< - CKMPolicy, - ProcessSettings::CreateUser, - ProcessSettings::InstallApp, - ProcessSettings::ChangeSmack, - ProcessSettings::ChangeUid> ProcSettings; - -typedef ProcessSettings::Executor< - CKMPolicy, - ProcessSettings::CreateUser, - ProcessSettings::UnlockCkm, - ProcessSettings::InstallApp, - ProcessSettings::ChangeSmack, - ProcessSettings::ChangeUid> ProcSettingsT03; +#include +#include +#include +#include RUNNER_TEST_GROUP_INIT(GROUP_01_ControlApiAccess); RUNNER_CHILD_TEST(G01T01_ControlNegative) { - // Socket is secured with 0700 - // in this test we have no access to this socket - // DAC should DENIED access to CKM - ProcSettings ps("PkgIdG01T01", "UserG01T01", PrivNone); - ps.Apply(); + auto user = TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false); - int temp; - auto control = CKM::Control::create(); + AppInstallHelper app("PkgIdG01T03", user.getUid()); + ScopedInstaller installer(app); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())), - "Error=" << CKM::APICodeToString(temp)); + ScopedDBUnlock unlock(user.getUid(), "DummyPassword"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), - "simple-password")), - "Error=" << CKM::APICodeToString(temp)); + ScopedAppLauncher(app, [&]{ + int temp; + auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")), - "Error=" << CKM::APICodeToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(user.getUid())), + "Error=" << CKM::APICodeToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->unlockUserKey(ps.GetUid(), "test-pass")), - "Error=" << CKM::APICodeToString(temp)); + temp = control->resetUserPassword(user.getUid(), "simple-password"); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp, + "Error=" << CKM::APICodeToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->lockUserKey(ps.GetUid())), - "Error=" << CKM::APICodeToString(temp)); + temp = control->resetUserPassword(user.getUid(), "something"); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp, + "Error=" << CKM::APICodeToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")), - "Error=" << CKM::APICodeToString(temp)); + temp = control->unlockUserKey(user.getUid(), "test-pass"); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp, + "Error=" << CKM::APICodeToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())), - "Error=" << CKM::APICodeToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (temp = control->lockUserKey(user.getUid())), + "Error=" << CKM::APICodeToString(temp)); + + temp = control->resetUserPassword(user.getUid(), "something"); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp, + "Error=" << CKM::APICodeToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(user.getUid())), + "Error=" << CKM::APICodeToString(temp)); + }); } RUNNER_CHILD_TEST(G01T02_ControlPositive) { @@ -128,23 +118,29 @@ RUNNER_CHILD_TEST(G01T02_ControlPositive) { } RUNNER_CHILD_TEST(G01T03_ProcessIdentificationBySecurityManager) { - // Socket is secured with 0700 - // in this test we have no access to this socket - // DAC should DENIED access to CKM - ProcSettingsT03 ps("PkgIdG01T03", "UserG01T03", PrivCKMStore); - ps.Apply(); + auto user = TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false); + + AppInstallHelper app("PkgIdG01T03", user.getUid()); + app.addPrivilege("http://tizen.org/privilege/keymanager"); + ScopedInstaller installer(app); + + ScopedDBUnlock unlock(user.getUid(), "DummyPassword"); - auto manager = CKM::Manager::create(); - std::string someData = "some random data"; - CKM::RawBuffer buffer(someData.begin(), someData.end()); - CKM::RawBuffer buffer2; + ScopedAppLauncher(app, [&]{ + auto manager = CKM::Manager::create(); + std::string someData = "some random data"; + CKM::RawBuffer buffer(someData.begin(), someData.end()); + CKM::RawBuffer buffer2; - RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveData("data3", buffer, CKM::Policy())); + RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveData("data3", buffer, CKM::Policy())); + ScopedRemoveData srd("data3"); - RUNNER_ASSERT(CKM_API_SUCCESS == manager->getData("PkgIdG01T03 data3", CKM::Password(), buffer2)); + int temp = manager->getData(app.getPkgId() + " data3", CKM::Password(), buffer2); + RUNNER_ASSERT(CKM_API_SUCCESS == temp); - RUNNER_ASSERT(buffer == buffer2); + RUNNER_ASSERT(buffer == buffer2); - RUNNER_ASSERT(CKM_API_SUCCESS == manager->removeAlias("PkgIdG01T03 data3")); + RUNNER_ASSERT(CKM_API_SUCCESS == manager->removeAlias(app.getPkgId() + " data3")); + }); } diff --git a/src/ckm-integration/group02.cpp b/src/ckm-integration/group02.cpp index 2e6bcfd4..656df770 100644 --- a/src/ckm-integration/group02.cpp +++ b/src/ckm-integration/group02.cpp @@ -31,261 +31,164 @@ #include #include -#include - -typedef ProcessSettings::Executor< - CKMPolicy, - ProcessSettings::CreateUser, - ProcessSettings::UnlockCkm, - ProcessSettings::InstallApp, - ProcessSettings::ChangeSmack, - ProcessSettings::ChangeUid> PS; - -typedef ProcessSettings::Executor< - CKMPolicy, - ProcessSettings::CreateUser, - ProcessSettings::UnlockCkm, - ProcessSettings::InstallApp, - ProcessSettings::ChangeSmack> PSNoUid; - -typedef ProcessSettings::Executor< - CKMPolicy, - ProcessSettings::ChangeUid> PSUid; +#include +#include +#include RUNNER_TEST_GROUP_INIT(GROUP_02_IntegrationStorageApiWithCynara); -RUNNER_CHILD_TEST(G02T01_StorageNegative) { - RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled."); - // We are ordinary user without any privileges. - // Cynara should deny all accesses. - PS ps("PkgIdG02T01", "UserG02T01", PrivNone); - ps.Apply(); - - int temp; - auto manager = CKM::Manager::create(); - std::string data = "Custom data"; - CKM::RawBuffer rawBuffer(data.begin(), data.end()); - CKM::RawBuffer output; - const char *alias = "dataG02T01"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)), - "Error=" << CKM::APICodeToString(temp)); -} - -RUNNER_CHILD_TEST(G02T02_StoragePositive) { - RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled."); - // We are root. We will be allowed. - int temp; - auto manager = CKM::Manager::create(); - std::string data = "Custom data"; - CKM::RawBuffer rawBuffer(data.begin(), data.end()); - CKM::RawBuffer output; - const char *alias = "/System dataG02T02"; - - // This funciton may return error. - manager->removeAlias(alias); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData(alias, CKM::Password(), output)), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch."); -} - -RUNNER_CHILD_TEST(G02T03_StoragePositive) { - RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled."); - // We are oridinary user with proper privileges. - PS ps("PkgIdG02T03", "UserG02T03", PrivCKMStore); - ps.Apply(); - - int temp; - auto manager = CKM::Manager::create(); - std::string data = "Custom data"; - CKM::RawBuffer rawBuffer(data.begin(), data.end()); - CKM::RawBuffer output; - const char *dataAlias = "dataG02T03"; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData(dataAlias, rawBuffer, CKM::Policy())), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData(dataAlias, CKM::Password(), output)), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch."); -} - -RUNNER_CHILD_TEST(G02T04_StorageNegative) { - RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled."); - // There is some user with privileges but we are - // are ordinary user without any. - // Cynara should deny all accesses. - PSNoUid ps("PkgIdG02T04", "UserG02T04", PrivCKMBoth); - ps.Apply(); - - PSUid ps2("", "", PrivNone); - ps2.SetUid(ps.GetUid()+1); - ps2.Apply(); - - int temp; - auto manager = CKM::Manager::create(); - std::string data = "Custom data"; - CKM::RawBuffer rawBuffer(data.begin(), data.end()); - CKM::RawBuffer output; - const char *alias = "dataG02T04"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)), - "Error=" << CKM::APICodeToString(temp)); -} - -RUNNER_CHILD_TEST(G02T05_StorageNegative) { - RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled."); - // We have wrong privilege. - // Cynara should deny all accesses to storage. - PSNoUid ps("PkgIdG02T05", "UserG02T05", PrivCKMControl); - ps.Apply(); - - int temp; - auto manager = CKM::Manager::create(); - std::string data = "Custom data"; - CKM::RawBuffer rawBuffer(data.begin(), data.end()); - CKM::RawBuffer output; - const char *alias = "dataG02T05"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)), - "Error=" << CKM::APICodeToString(temp)); -} - RUNNER_CHILD_TEST(G02T06_ExtendedPositive) { // We are oridinary user with proper privileges. - PS ps("PkgIdG02T06", "UserG02T06", PrivCKMExtended); - ps.Apply(); - - int temp; - auto manager = CKM::Manager::create(); - const CKM::CryptoAlgorithm params; - const CKM::Alias wrappingKeyAlias; - const CKM::Password wrappingKeyPassword; - const CKM::Alias alias; - const CKM::Password password; - CKM::RawBuffer data; - CKM::RawBuffer wrappedKey; - - const CKM::KemType type = CKM::KemType::ML_KEM_768; - const CKM::Alias privateKeyAlias; - const CKM::Alias publicKeyAlias; - const CKM::Alias firstSharedSecretAlias; - const CKM::Alias secondSharedSecretAlias; - const CKM::Alias newSharedSecretAlias; - CKM::RawBuffer ciphertext; - - // We pass invalid data so we expect an error but it should not be ACCESS_DENIED as we have - // proper privileges - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED != (temp = manager->wrapConcatenatedData( - params, wrappingKeyAlias, wrappingKeyPassword, alias, password, data, wrappedKey)), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED != (temp = manager->unwrapConcatenatedData( - params, wrappingKeyAlias, wrappingKeyPassword, wrappedKey, alias, 0, CKM::Policy(), data)), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED != (temp = manager->createKeyPairKEM( - type, privateKeyAlias, publicKeyAlias, CKM::Policy(), CKM::Policy())), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED != (temp = manager->encapsulateKey( - params, publicKeyAlias, password, firstSharedSecretAlias, CKM::Policy(), ciphertext)), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED != (temp = manager->decapsulateKey( - params, privateKeyAlias, password, secondSharedSecretAlias, CKM::Policy(), ciphertext)), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED != (temp = manager->deriveHybrid( - params, firstSharedSecretAlias, password, secondSharedSecretAlias, password, newSharedSecretAlias, CKM::Policy())), - "Error=" << CKM::APICodeToString(temp)); + auto user = TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false); + + AppInstallHelper app("PkgIdG01T03", user.getUid()); + app.addPrivilege("http://tizen.org/privilege/keymanager.extended"); + ScopedInstaller installer(app); + + ScopedDBUnlock unlock(user.getUid(), "DummyPassword"); + + ScopedAppLauncher(app, [&]{ + int temp; + auto manager = CKM::Manager::create(); + const CKM::CryptoAlgorithm params; + const CKM::Alias wrappingKeyAlias; + const CKM::Password wrappingKeyPassword; + const CKM::Alias alias; + const CKM::Password password; + CKM::RawBuffer data; + CKM::RawBuffer wrappedKey; + + const CKM::KemType type = CKM::KemType::ML_KEM_768; + const CKM::Alias privateKeyAlias; + const CKM::Alias publicKeyAlias; + const CKM::Alias firstSharedSecretAlias; + const CKM::Alias secondSharedSecretAlias; + const CKM::Alias newSharedSecretAlias; + CKM::RawBuffer ciphertext; + + // We pass invalid data so we expect an error but it should not be ACCESS_DENIED as we have + // proper privileges + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED != (temp = manager->wrapConcatenatedData( + params, wrappingKeyAlias, wrappingKeyPassword, alias, password, data, wrappedKey)), + "Error=" << CKM::APICodeToString(temp)); + + temp = manager->unwrapConcatenatedData(params, + wrappingKeyAlias, + wrappingKeyPassword, + wrappedKey, + alias, + 0, + CKM::Policy(), + data); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED != temp, + "Error=" << CKM::APICodeToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED != (temp = manager->createKeyPairKEM( + type, privateKeyAlias, publicKeyAlias, CKM::Policy(), CKM::Policy())), + "Error=" << CKM::APICodeToString(temp)); + + temp = manager->encapsulateKey( + params, publicKeyAlias, password, firstSharedSecretAlias, CKM::Policy(), ciphertext); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED != temp, + "Error=" << CKM::APICodeToString(temp)); + + temp = manager->decapsulateKey(params, + privateKeyAlias, + password, + secondSharedSecretAlias, + CKM::Policy(), + ciphertext); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED != temp, + "Error=" << CKM::APICodeToString(temp)); + + temp = manager->deriveHybrid(params, + firstSharedSecretAlias, + password, + secondSharedSecretAlias, + password, + newSharedSecretAlias, + CKM::Policy()); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED != temp, + "Error=" << CKM::APICodeToString(temp)); + }); } RUNNER_CHILD_TEST(G02T07_ExtendedNegative) { // We have wrong privilege. // Cynara should deny all accesses to the extended API. - PS ps("PkgIdG02T07", "UserG02T07", PrivCKMStore); - ps.Apply(); - - int temp; - auto manager = CKM::Manager::create(); - const CKM::CryptoAlgorithm params; - const CKM::Alias wrappingKeyAlias; - const CKM::Password wrappingKeyPassword; - const CKM::Alias alias; - const CKM::Password password; - CKM::RawBuffer data; - CKM::RawBuffer wrappedKey; - - const CKM::KemType type = CKM::KemType::ML_KEM_768; - const CKM::Alias privateKeyAlias; - const CKM::Alias publicKeyAlias; - const CKM::Alias firstSharedSecretAlias; - const CKM::Alias secondSharedSecretAlias; - const CKM::Alias newSharedSecretAlias; - CKM::RawBuffer ciphertext; - - // We expect to receive ACCESS_DENIED before the actual logic function is called (which would - // return a different error because we pass invalid parameters) - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->wrapConcatenatedData( - params, wrappingKeyAlias, wrappingKeyPassword, alias, password, data, wrappedKey)), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->unwrapConcatenatedData( - params, wrappingKeyAlias, wrappingKeyPassword, wrappedKey, alias, 0, - CKM::Policy(), data)), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairKEM( - type, privateKeyAlias, publicKeyAlias, CKM::Policy(), CKM::Policy())), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->encapsulateKey( - params, publicKeyAlias, password, firstSharedSecretAlias, CKM::Policy(), ciphertext)), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->decapsulateKey( - params, privateKeyAlias, password, secondSharedSecretAlias, CKM::Policy(), ciphertext)), - "Error=" << CKM::APICodeToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->deriveHybrid( - params, firstSharedSecretAlias, password, secondSharedSecretAlias, password, newSharedSecretAlias, CKM::Policy())), - "Error=" << CKM::APICodeToString(temp)); + auto user = TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false); + + AppInstallHelper app("PkgIdG01T03", user.getUid()); + app.addPrivilege("http://tizen.org/privilege/keymanager"); + ScopedInstaller installer(app); + + ScopedDBUnlock unlock(user.getUid(), "DummyPassword"); + + ScopedAppLauncher(app, [&]{ + int temp; + auto manager = CKM::Manager::create(); + const CKM::CryptoAlgorithm params; + const CKM::Alias wrappingKeyAlias; + const CKM::Password wrappingKeyPassword; + const CKM::Alias alias; + const CKM::Password password; + CKM::RawBuffer data; + CKM::RawBuffer wrappedKey; + + const CKM::KemType type = CKM::KemType::ML_KEM_768; + const CKM::Alias privateKeyAlias; + const CKM::Alias publicKeyAlias; + const CKM::Alias firstSharedSecretAlias; + const CKM::Alias secondSharedSecretAlias; + const CKM::Alias newSharedSecretAlias; + CKM::RawBuffer ciphertext; + + // We expect to receive ACCESS_DENIED before the actual logic function is called (which + // would return a different error because we pass invalid parameters) + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (temp = manager->wrapConcatenatedData( + params, wrappingKeyAlias, wrappingKeyPassword, alias, password, data, wrappedKey)), + "Error=" << CKM::APICodeToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (temp = manager->unwrapConcatenatedData( + params, wrappingKeyAlias, wrappingKeyPassword, wrappedKey, alias, 0, + CKM::Policy(), data)), + "Error=" << CKM::APICodeToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairKEM( + type, privateKeyAlias, publicKeyAlias, CKM::Policy(), CKM::Policy())), + "Error=" << CKM::APICodeToString(temp)); + + temp = manager->encapsulateKey(params, + publicKeyAlias, + password, + firstSharedSecretAlias, + CKM::Policy(), + ciphertext); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp, + "Error=" << CKM::APICodeToString(temp)); + + temp = manager->decapsulateKey(params, + privateKeyAlias, + password, + secondSharedSecretAlias, + CKM::Policy(), + ciphertext); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp, + "Error=" << CKM::APICodeToString(temp)); + + temp = manager->deriveHybrid(params, + firstSharedSecretAlias, + password, + secondSharedSecretAlias, + password, + newSharedSecretAlias, + CKM::Policy()); + RUNNER_ASSERT_MSG(CKM_API_ERROR_ACCESS_DENIED == temp, + "Error=" << CKM::APICodeToString(temp)); + }); } diff --git a/src/ckm-integration/process-settings/change-smack.cpp b/src/ckm-integration/process-settings/change-smack.cpp deleted file mode 100644 index f83aec4f..00000000 --- a/src/ckm-integration/process-settings/change-smack.cpp +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file change-smack.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ -#include - -#include - -#include -#include - -namespace ProcessSettings { - -ChangeSmack::ChangeSmack(const Policy &policy) - : m_policy(policy) -{} - -void ChangeSmack::Apply() { - m_processLabel.reset(new ScopedProcessLabel(m_policy.GetSmackLabel())); -} - -void ChangeSmack::Revoke() { - m_processLabel.reset(); -} - -ChangeSmack::~ChangeSmack() {} - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/change-smack.h b/src/ckm-integration/process-settings/change-smack.h deleted file mode 100644 index 937c1015..00000000 --- a/src/ckm-integration/process-settings/change-smack.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file change-smack.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ -#pragma once - -#include -#include - -#include - -class ScopedProcessLabel; - -namespace ProcessSettings { - -class ChangeSmack { -public: - ChangeSmack(const Policy &policy); - void Apply(); - void Revoke(); - virtual ~ChangeSmack(); -private: - const Policy &m_policy; - std::unique_ptr m_processLabel; -}; - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/change-uid.cpp b/src/ckm-integration/process-settings/change-uid.cpp deleted file mode 100644 index 70bb32f1..00000000 --- a/src/ckm-integration/process-settings/change-uid.cpp +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file change-uid.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include - -#include - -#include - -namespace ProcessSettings { - -ChangeUid::ChangeUid(const Policy &policy) - : m_policy(policy) -{} - -void ChangeUid::Apply() { - m_originalUid = getuid(); - m_originalGid = getgid(); - - RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_policy.GetGid()), - "Error in setegid(" << m_policy.GetGid() << ")"); - RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_policy.GetUid()), - "Error in seteuid(" << m_policy.GetUid() << ")"); -} - -void ChangeUid::Revoke() { - RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_originalUid), - "Error in seteuid(" << m_originalUid << ")"); - RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_originalGid), - "Error in setegid(" << m_originalGid << ")"); -} - -ChangeUid::~ChangeUid() {} - -} // namespace ProcessSettings - - - diff --git a/src/ckm-integration/process-settings/change-uid.h b/src/ckm-integration/process-settings/change-uid.h deleted file mode 100644 index 4830e241..00000000 --- a/src/ckm-integration/process-settings/change-uid.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file change-uid.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include - -#include - -namespace ProcessSettings { - -class ChangeUid { -public: - ChangeUid(const Policy &policy); - - void Apply(); - void Revoke(); - - virtual ~ChangeUid(); -private: - const Policy &m_policy; - uid_t m_originalUid; - gid_t m_originalGid; -}; - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/create-user.cpp b/src/ckm-integration/process-settings/create-user.cpp deleted file mode 100644 index 0a5b05cb..00000000 --- a/src/ckm-integration/process-settings/create-user.cpp +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file create-user.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ - -#include -#include - -#include - -#include - -namespace ProcessSettings { - -CreateUser::CreateUser(Policy &policy) - : m_policy(policy) - , m_userType(GUM_USERTYPE_NORMAL) - , m_guser(nullptr) -{} - -void CreateUser::Apply() -{ - m_userName = m_policy.GetUserName(); - m_guser = gum_user_create_sync(false); - RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object"); - g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL); - g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL); - gboolean added = gum_user_add_sync(m_guser); - RUNNER_ASSERT_MSG(added, "Failed to add user: " << m_userName); - g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL); - RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0."); - g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL); - RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0."); - - m_policy.SetUid(m_uid); - m_policy.SetGid(m_gid); -} - -void CreateUser::Revoke() { - if (m_guser) { - gum_user_delete_sync(m_guser, TRUE); - g_object_unref(m_guser); - m_guser = nullptr; - } -} - -CreateUser::~CreateUser(){ - if (m_guser) - g_object_unref(m_guser); -} - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/create-user.h b/src/ckm-integration/process-settings/create-user.h deleted file mode 100644 index c78f6fc1..00000000 --- a/src/ckm-integration/process-settings/create-user.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file create-user.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include -#include -#include - -#include - -#include - -namespace ProcessSettings { - -class CreateUser { -public: - CreateUser(Policy &policy); - void Apply(); - void Revoke(); - virtual ~CreateUser(); -private: - Policy &m_policy; - uid_t m_uid; - gid_t m_gid; - std::string m_userName; - GumUserType m_userType; - GumUser *m_guser; -}; - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/executor.h b/src/ckm-integration/process-settings/executor.h deleted file mode 100644 index bd6114b3..00000000 --- a/src/ckm-integration/process-settings/executor.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file executor.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include - -#include - -#include - -#include - -namespace ProcessSettings { - -template -class Executor : public PolicyArg, public Args... { -public: - template - Executor(T&&... t) - : PolicyArg(std::forward(t)...) - , Args(static_cast(*this))... - , m_applied(false) - {} - - void Apply() { - if (!m_applied) { - m_applied = true; - InternalApply(); - } - } - - void Revoke() { - if (m_applied) { - m_applied = false; - InternalRevoke(); - } - } - - virtual ~Executor() { - try { - Revoke(); - } catch (const DPL::Test::TestException &e) { - // This is bad. The rest of test will not work properly! - std::cerr << "Error during cleaning up environment. " - "The rest of test will probably fail." << e.GetMessage() << std::endl; - } - } - -private: - - template - void InternalApply() { - First::Apply(); - } - - template - void InternalApply() { - First::Apply(); - InternalApply(); - } - - template - void InternalRevoke() { - First::Revoke(); - } - - template - void InternalRevoke() { - InternalRevoke(); - First::Revoke(); - } - - bool m_applied; -}; - -} // namespace ProcessSetings - diff --git a/src/ckm-integration/process-settings/install-app.cpp b/src/ckm-integration/process-settings/install-app.cpp deleted file mode 100644 index 005b49ef..00000000 --- a/src/ckm-integration/process-settings/install-app.cpp +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file install-app.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include - -#include - -#include - -#define ERRORDESCRIBE(name) case name: return #name - -namespace { - -const char *ToString(int code) { - switch(static_cast(code)) { - ERRORDESCRIBE(SECURITY_MANAGER_SUCCESS); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_UNKNOWN); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_INPUT_PARAM); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_MEMORY); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_ACCESS_DENIED); - default: - return "Unknown code"; - } -} - -} // namespace anonymous - -#undef ERRORDESCRIBE - -namespace ProcessSettings { - -InstallApp::InstallApp(const Policy &policy) - : m_policy(policy) - , m_req(nullptr, security_manager_app_inst_req_free) -{} - -void InstallApp::Apply() { - app_inst_req *whatever = nullptr; - - int retcode = security_manager_app_inst_req_new(&whatever); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_inst_req_new. Error: " << ToString(retcode)); - - m_req.reset(whatever); - - retcode = security_manager_app_inst_req_set_app_id(m_req.get(), m_policy.GetAppId().c_str()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_inst_req_set_app_id. Error: " << ToString(retcode)); - - retcode = security_manager_app_inst_req_set_pkg_id(m_req.get(), m_policy.GetPkgId().c_str()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_inst_req_set_pkg_id. Error: " << ToString(retcode)); - - for(auto &e : m_policy.GetPrivileges()) { - retcode = security_manager_app_inst_req_add_privilege(m_req.get(), e.c_str()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_inst_req_add_privilege. Error: " << ToString(retcode)); - } - - retcode = security_manager_app_inst_req_set_uid(m_req.get(), m_policy.GetUid()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_inst_req_set_uid. Error: " << ToString(retcode)); - - retcode = security_manager_app_install(m_req.get()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_install. Error: " << ToString(retcode)); -} - -void InstallApp::Revoke() { - if (m_req.get()) { - int retcode = security_manager_app_uninstall(m_req.get()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_uninstall. Error: " << ToString(retcode)); - } -} - -InstallApp::~InstallApp() {} - -} // ProcessSettings - diff --git a/src/ckm-integration/process-settings/install-app.h b/src/ckm-integration/process-settings/install-app.h deleted file mode 100644 index fe724c02..00000000 --- a/src/ckm-integration/process-settings/install-app.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file install-app.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ - - -#pragma once - -#include -#include - -#include - -extern "C" { -struct app_inst_req; -typedef struct app_inst_req app_inst_req; -} // extern "C" - -namespace ProcessSettings { - -class InstallApp { -public: - InstallApp(const Policy &policy); - - void Apply(); - void Revoke(); - - virtual ~InstallApp(); -private: - const Policy &m_policy; - std::unique_ptr> m_req; -}; - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/policy.h b/src/ckm-integration/process-settings/policy.h deleted file mode 100644 index 8001968d..00000000 --- a/src/ckm-integration/process-settings/policy.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file policy.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include - -#include -#include - -namespace ProcessSettings { -typedef std::vector PrivilegeVector; - -class Policy { -public: - virtual std::string GetUserName() const = 0; - virtual void SetUserName(std::string) = 0; - virtual gid_t GetGid() const = 0; - virtual void SetGid(gid_t) = 0; - virtual uid_t GetUid() const = 0; - virtual void SetUid(uid_t) = 0; - virtual std::string GetSmackLabel() const = 0; - virtual void SetSmackLabel(std::string) = 0; - virtual std::string GetAppId() const = 0; - virtual void SetAppId(std::string) = 0; - virtual std::string GetPkgId() const = 0; - virtual void SetPkgId(std::string) = 0; - virtual PrivilegeVector GetPrivileges() const = 0; - virtual void SetPrivileges(PrivilegeVector) = 0; - virtual ~Policy() {} -}; - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/unlock-ckm.cpp b/src/ckm-integration/process-settings/unlock-ckm.cpp deleted file mode 100644 index 94ad3711..00000000 --- a/src/ckm-integration/process-settings/unlock-ckm.cpp +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file unlock-ckm.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include - -#include -#include - -#include - -namespace ProcessSettings { - -UnlockCkm::UnlockCkm(const Policy &policy) - : m_policy(policy) -{} - -void UnlockCkm::Apply() { - int temp; - - m_uid = m_policy.GetUid(); - - auto control = CKM::Control::create(); - - // Let's clean up environment. - // It will usually fails. - control->removeUserData(m_uid); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(m_uid, "DummyPassword")), - "Error=" << CKM::APICodeToString(temp)); - -} - -void UnlockCkm::Revoke() { - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(m_uid)), - "Error=" << CKM::APICodeToString(temp)); -} - -UnlockCkm::~UnlockCkm() {} - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/unlock-ckm.h b/src/ckm-integration/process-settings/unlock-ckm.h deleted file mode 100644 index 9e12c3fd..00000000 --- a/src/ckm-integration/process-settings/unlock-ckm.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file unlock-ckm.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include - -#include - -#include - -namespace ProcessSettings { - -class UnlockCkm { -public: - UnlockCkm(const Policy &policy); - void Apply(); - void Revoke(); - virtual ~UnlockCkm(); -private: - const Policy &m_policy; - uid_t m_uid; -}; - -} // namespace ProcessSettings - -