From: Krzysztof Jackiewicz Date: Wed, 8 Mar 2017 12:41:22 +0000 (+0100) Subject: Test for app reading/writing sensitive content X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cf1c6bf192a4f49030b82fc34d487b9c72f247f9;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git Test for app reading/writing sensitive content Change-Id: I443a655f91098f6367d93257f7e3aa70d8eaa8a7 --- diff --git a/test/app_encryption/launcher_user.cpp b/test/app_encryption/launcher_user.cpp index 0d3300a6..1364328d 100644 --- a/test/app_encryption/launcher_user.cpp +++ b/test/app_encryption/launcher_user.cpp @@ -34,6 +34,7 @@ #include "security-manager.h" #include "common.h" +#include "tzplatform-config.h" void usage() { @@ -78,7 +79,8 @@ int prepare_app(const char* app, bool first) // first run if (first) { if ((status & SM_APP_ENCR_HAS_PASSWORD) != 0) { - std::cerr << "Application already has a password during first launch. Aborting" << std::endl; + std::cerr << "Application already has a password during first launch. Aborting" + << std::endl; return 1; } @@ -166,9 +168,39 @@ int wait_for_key() return 0; } -int run_app() +int run_app(const std::string& pkgName) { - // TODO try to read / write sensitive dirs as an application + // try to read / write sensitive file as an application + try { + SecurityManager::TizenPlatformConfig tpc(getuid()); + std::string filePath = tpc.makePath(TZ_USER_APP, + pkgName, + std::string("path_1/sensitive_file")); + + std::fstream fs(filePath, std::ios_base::in | std::ios_base::out | std::ios_base::app); + if (!fs) { + std::cerr << "Failed to open " << filePath << std::endl; + return 1; + } + + std::string contents((std::istreambuf_iterator(fs)), + std::istreambuf_iterator()); + std::cout << "Reading data from sensitive file:" << std::endl << contents << std::endl; + std::cout << "File size: " << fs.tellg() << "B" << std::endl; + std::cout << "Appending '#' to sensitive file" << std::endl; + fs << "#"; + fs.close(); + } catch (const SecurityManager::TizenPlatformConfig::Exception::Base& e) { + std::cerr << "Failed to get variable from tzplatform-config " << e.DumpToString() + << std::endl; + return 1; + } catch (const std::exception& e) { + std::cerr << e.what() << std::endl; + return 1; + } catch (...) { + std::cerr << "Unknown exception" << std::endl; + return 1; + } // Quit the app if (wait_for_key() != 0) { @@ -213,7 +245,5 @@ int main(int argc, char* argv[]) std::cout << "Application " << app << " launched successfully." << std::endl; - return run_app(); - - // TODO drop cache? + return run_app(app); } diff --git a/test/app_encryption/scripts/install.sh b/test/app_encryption/scripts/install.sh index 968bc039..09f4c7ae 100755 --- a/test/app_encryption/scripts/install.sh +++ b/test/app_encryption/scripts/install.sh @@ -10,22 +10,29 @@ fi source common.sh # create app dirs -mkdir -p $BASE_DIR -chown $OWNER:$OWNER_GROUP $BASE_DIR +mkdir -p $BASE_DIR || (echo "Failed"; exit 1) PATHS="" for DIR in "${SENSITIVE_DIRS[@]}" do mkdir -p $DIR - chown $OWNER:$OWNER_GROUP $DIR PATHS="$PATHS -p $DIR rw_sensitive " done +# write sample data +SENSITIVE_FILE=${SENSITIVE_DIRS[0]}/sensitive_file +echo "Creating sensitive file $SENSITIVE_FILE" +echo -n "Sensitive file content " > $SENSITIVE_FILE || (echo "Failed"; exit 1) + +chown -R $OWNER:$OWNER_GROUP $BASE_DIR + # install app -echo "security-manager-cmd -i -u $OWNER_UID -a $1 -g $1" -security-manager-cmd -i -u $OWNER_UID -a $1 -g $1 || exit 1 +INSTALL="security-manager-cmd -i -u $OWNER_UID -a $1 -g $1" +echo $INSTALL +$INSTALL || (echo "Failed"; exit 1) # register paths -echo "security-manager-cmd -q -u $OWNER_UID -g $1 $PATHS" -security-manager-cmd -q -u $OWNER_UID -g $1 $PATHS || exit 1 +REGISTER="security-manager-cmd -q -u $OWNER_UID -g $1 $PATHS" +echo $REGISTER +$REGISTER || (echo "Failed"; exit 1)