From: Marcin Lis Date: Wed, 2 Jul 2014 13:38:41 +0000 (+0200) Subject: Add new class to test security-manager database records. X-Git-Tag: security-manager_5.5_testing~232 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ba6c5d3186e25420c910a7531d6f39439a533b5d;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Add new class to test security-manager database records. Reuse the concept implemented in libprivilege-control tests. The interface of the introduced class may be used in security-manager tests. Currently it allows to check if app and pkg have been successfully installed along with all requested privileges. Checking application uninstallation is possible as well. Change-Id: I1eb95312c7ace890402533ef17645b91485ad443 Signed-off-by: Marcin Lis --- diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec index 47cf9d3..95ae4f4 100644 --- a/packaging/security-tests.spec +++ b/packaging/security-tests.spec @@ -19,6 +19,7 @@ BuildRequires: pkgconfig(dbus-glib-1) BuildRequires: pkgconfig(libiri) BuildRequires: pkgconfig(sqlite3) BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(libtzplatform-config) Requires: smack Requires: libprivilege-control diff --git a/tests/security-manager-tests/CMakeLists.txt b/tests/security-manager-tests/CMakeLists.txt index 0ade860..854642c 100644 --- a/tests/security-manager-tests/CMakeLists.txt +++ b/tests/security-manager-tests/CMakeLists.txt @@ -26,6 +26,8 @@ PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP libsmack libprivilege-control security-manager + libtzplatform-config + sqlite3 dpl-test-efl) @@ -33,6 +35,7 @@ SET(TARGET_SEC_MGR_TESTS "security-manager-tests") SET(SEC_MGR_SOURCES ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/security_manager_tests.cpp + ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/sm_db.cpp ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/libprivilege-control_test_common.cpp ) @@ -42,6 +45,7 @@ INCLUDE_DIRECTORIES(SYSTEM INCLUDE_DIRECTORIES( ${PROJECT_SOURCE_DIR}/tests/common/ + ${PROJECT_SOURCE_DIR}/tests/security-manager-tests/common/ ${PROJECT_SOURCE_DIR}/tests/libprivilege-control-tests/common/ ) diff --git a/tests/security-manager-tests/common/sm_db.cpp b/tests/security-manager-tests/common/sm_db.cpp new file mode 100644 index 0000000..4bdc8bf --- /dev/null +++ b/tests/security-manager-tests/common/sm_db.cpp @@ -0,0 +1,179 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +*/ + +/* + * @file sm_db.cpp + * @author Marcin Lis (m.lis@samsung.com) + * @version 1.0 + * @brief security-manager tests database record check functions + */ + +#include +#include +#include +#include "sm_db.h" +#include "db_sqlite.h" + +/* Keep this consistent with the database file path used in the security-manager */ +const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db"); + +/* Initialize static constants */ +const bool TestSecurityManagerDatabase::NOT_REMOVED = false; +const bool TestSecurityManagerDatabase::REMOVED = true; + +TestSecurityManagerDatabase::TestSecurityManagerDatabase() : m_base(PRIVILEGE_DB_PATH) +{ +} + +void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name, + const std::string &pkg_name) +{ + const privileges_t dummy; /* just some empty privileges set */ + + test_db_after__app_install(app_name, pkg_name, dummy); +} + +void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name, + const std::string &pkg_name, + const privileges_t &privileges) +{ + if (!m_base.is_open()) + m_base.open(); + + RUNNER_ASSERT_MSG_BT(!app_name.empty(), "Request is corrupted, appId is empty"); + RUNNER_ASSERT_MSG_BT(!pkg_name.empty(), "Request is corrupted, pkgId is empty"); + + check_app_and_pkg(app_name, pkg_name, NOT_REMOVED); + + if (!privileges.empty()) { + check_privileges(app_name, pkg_name, privileges); + } +} + +void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name, + const std::string &pkg_name, + const bool is_pkg_removed) +{ + const privileges_t dummy; /* just some empty privileges set */ + + test_db_after__app_uninstall(app_name, pkg_name, dummy, is_pkg_removed); +} + +void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name, + const std::string &pkg_name, + const privileges_t &privileges, + const bool is_pkg_removed) +{ + if (!m_base.is_open()) + m_base.open(); + + RUNNER_ASSERT_MSG_BT(!app_name.empty(), "Request is corrupted, appId is empty"); + RUNNER_ASSERT_MSG_BT(!pkg_name.empty(), "Request is corrupted, pkgId is empty"); + + check_app_and_pkg(app_name, pkg_name, REMOVED); + check_pkg(pkg_name, is_pkg_removed); + + if (!privileges.empty()) { + check_privileges_removed(app_name, pkg_name, privileges); + } +} + +void TestSecurityManagerDatabase::check_privileges(const std::string &app_name, + const std::string &pkg_name, + const privileges_t &privileges) +{ + bool result; + + RUNNER_ASSERT_MSG_BT(!app_name.empty(), "Request is corrupted, appId is empty"); + RUNNER_ASSERT_MSG_BT(!pkg_name.empty(), "Request is corrupted, pkgId is empty"); + + for (auto it = privileges.begin(); it != privileges.end(); ++it) { + result = check_privilege(app_name, pkg_name, *it); + + RUNNER_ASSERT_MSG_BT(result == true, "privilege: <" << *it << "> not added to app: <" << + app_name << "> from pkg_id: <" << pkg_name << ">"); + } +} + +void TestSecurityManagerDatabase::check_privileges_removed(const std::string &app_name, + const std::string &pkg_name, + const privileges_t &privileges) +{ + bool result; + + RUNNER_ASSERT_MSG_BT(!app_name.empty(), "Request is corrupted, appId is empty"); + RUNNER_ASSERT_MSG_BT(!pkg_name.empty(), "Request is corrupted, pkgId is empty"); + + for (auto it = privileges.begin(); it != privileges.end(); ++it) { + result = check_privilege(app_name, pkg_name, *it); + + RUNNER_ASSERT_MSG_BT(result == false, "privilege: <" << *it << "> not removed for app: <" << + app_name << "> from pkg_id: <" << pkg_name << ">"); + } +} + +void TestSecurityManagerDatabase::check_app_and_pkg(const std::string &app_name, const std::string &pkg_name, + const bool is_app_removed) +{ + Sqlite3DBaseSelectResult result; + std::ostringstream sql; + sql << "SELECT app_name, pkg_name FROM app_pkg_view" + " WHERE app_name == '" << app_name << "' " + " AND pkg_name == '" << pkg_name << "' ;"; + m_base.execute(sql.str(), result); + + if (is_app_removed) /* expect 0 results */ + RUNNER_ASSERT_MSG_BT(result.rows.size() == 0, "query : <" << sql.str() << + "> returned [" << result.rows.size() << "] rows, expected [0]"); + else /* expect exactly 1 result with 2 columns */ + RUNNER_ASSERT_MSG_BT(result.rows.size() == 1 && result.rows[0].size() == 2, "query : <" << + sql.str() << "> returned [" << result.rows.size() << "] rows, expected [1]"); +} + +void TestSecurityManagerDatabase::check_pkg(const std::string &pkg_name, + const bool is_pkg_removed) +{ + const unsigned expected_rows = is_pkg_removed ? 0 : 1; + Sqlite3DBaseSelectResult result; + std::ostringstream sql; + sql << "SELECT pkg_id FROM pkg" + " WHERE name == '" << pkg_name << "' ;"; + m_base.execute(sql.str(), result); + + RUNNER_ASSERT_MSG_BT(result.rows.size() == expected_rows, "query : <" << + sql.str() << "> returned [" << result.rows.size() << "] rows, expected [" << + expected_rows << "] rows"); +} + +bool TestSecurityManagerDatabase::check_privilege(const std::string &app_name, + const std::string &pkg_name, + const std::string &privilege) +{ + Sqlite3DBaseSelectResult result; + std::ostringstream sql; + sql << "SELECT privilege_id FROM app_privilege_view" + " WHERE app_name == '" << app_name << "' " + " AND pkg_name == '" << pkg_name << "' " + " AND privilege_name == '" << privilege << "' " + ";"; + m_base.execute(sql.str(), result); + + /* only 0 or 1 resulting rows are alowed */ + RUNNER_ASSERT_MSG_BT(result.rows.size() == 0 || result.rows.size() == 1, "query : <" << sql.str() << "> returned [" << + result.rows.size() << "] rows"); + + return result.rows.size() == 1; +} diff --git a/tests/security-manager-tests/common/sm_db.h b/tests/security-manager-tests/common/sm_db.h new file mode 100644 index 0000000..21a419a --- /dev/null +++ b/tests/security-manager-tests/common/sm_db.h @@ -0,0 +1,175 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +*/ + +/* + * @file sm_db.h + * @author Marcin Lis (m.lis@samsung.com) + * @version 1.0 + * @brief security-manager tests database record check functions + */ + +#ifndef SECURITY_MANAGER_TEST_DB_H_ +#define SECURITY_MANAGER_TEST_DB_H_ + +#include +#include "db_sqlite.h" + +typedef std::vector privileges_t; + +/** + * @class TestSecurityManagerDatabase + * @brief Class containing methods for testing libprivlege database. + */ +class TestSecurityManagerDatabase +{ +public: +/** + * @brief A usefull constant to indicate that app/pkg should be present in db + */ + const static bool NOT_REMOVED; +/** + * @brief A usefull constant to indicate that app/pkg should not be present in db + */ + const static bool REMOVED; +/** + * @brief A constructor + */ + TestSecurityManagerDatabase(); + +/** + * @brief A destructor + */ + ~TestSecurityManagerDatabase() = default; + +/** + * @brief Method for testing database after "security_manager_app_install" was run. + * + * It checks existence of proper: - app_name + * - pkg_name + * + * @param app_name name of the app previously used in security_manager_app_install. + * @param pkg_name name of the pkg previously used in security_manager_app_install. + */ + void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name); + +/** + * @brief Method for testing database after "security_manager_app_install" was run. + * + * It checks existence of proper: - app_name + * - pkg_name + * - privileges + * TODO: appPaths are currently not handled directly by security-manager, so they are not tested. + * + * @param app_name name of the app previously used in security_manager_app_install. + * @param pkg_name name of the pkg previously used in security_manager_app_install. + * @param privileges vector of privileges previously used in security_manager_app_install. + */ + void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name, + const privileges_t &privileges); + +/** + * @brief Method for testing database after "security_manager_app_uninstall" was run. + * + * It checks absence of proper: - app_name + * - optionally pkg_name + * + * @param app_name name of the app previously used in security_manager_app_uninstall. + * @param pkg_name name of the pkg previously used in security_manager_app_uninstall. + * @param is_pkg_removed tells if pkg_id is expected to remain in db or not. + */ + void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name, + const bool is_pkg_removed); + +/** + * @brief Method for testing database after "security_manager_app_uninstall" was run. + * + * It checks absence of proper: - app_name + * - optionally pkg_name + * - app privileges + * TODO: appPaths are currently not handled directly by security-manager, so they are not tested. + * + * @param app_name name of the app previously used in security_manager_app_uninstall. + * @param pkg_name name of the pkg previously used in security_manager_app_uninstall. + * @param privileges vector of privileges previously used in security_manager_app_uninstall. + * @param is_pkg_removed tells if pkg_id is expected to remain in db or not. + */ + void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name, + const privileges_t &privileges, const bool is_pkg_removed); + +/** + * @brief It checks db for existence of a all privileges from install request. + * + * @param app_name name of the app previously used i.e. in security_manager_app_install. + * @param pkg_name name of the pkg previously used i.e. in security_manager_app_install. + * @param privileges vector of privileges previously used i.e. in security_manager_app_install. + */ + void check_privileges(const std::string &app_name, const std::string &pkg_name, + const privileges_t &privileges); + +/** + * @brief It checks in db if all app privileges from install request are removed. + * + * @param app_name name of the app previously used i.e. in security_manager_app_uninstall. + * @param pkg_name name of the pkg previously used i.e. in security_manager_app_uninstall. + * @param privileges vector of privileges previously used i.e. in security_manager_app_uninstall. + */ + void check_privileges_removed(const std::string &app_name, const std::string &pkg_name, + const privileges_t &privileges); + +private: +/** + * @var base + * @brief Sqlite3DBase object giving simple access to database + * + * Connection to database is open first time it is needed + * and closed in destructor of TestSecurityManagerDatabase. + */ + Sqlite3DBase m_base; + +/** + * @brief Check db for [non]existence of given app_name in pkg_name + * + * @param app_name name of application + * @param pkg_name name of package + * @param is_app_removed tells if app is expected in db + */ + void check_app_and_pkg(const std::string &app_name, const std::string &pkg_name, + const bool is_app_removed); + +/** + * @brief Check db for [non]existence of given pkg_name + * + * @param pkg_name name of the package + * @param is_pkg_removed tells if pkg is expected in db + */ + void check_pkg(const std::string &pkg_name, + const bool is_pkg_removed); + +/** + * @brief Check db for existence of a single privilege. + * + * @param app_name name of application + * @param pkg_name application's package name + * @param privilege name of the privilege + * + * @return true when privilege present + * false when privilege not present + */ + bool check_privilege(const std::string &app_name, const std::string &pkg_name, + const std::string &privilege); +}; + +#endif /* SECURITY_MANAGER_TEST_DB_H_ */