From: r.tyminski <r.tyminski@partner.samsung.com>
Date: Wed, 22 Nov 2017 16:08:51 +0000 (+0100)
Subject: Modify libteec-tests to work with OpTEE backend.
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=eec148735b268ff6ebf976aaa467f7ff84ccae35;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git

Modify libteec-tests to work with OpTEE backend.

Expect correct returnOrigin value. For TEEC_SUCCESS
it can be only TEE_ORIGIN_TRUSTED_APP.
OpTEE use RFC4122 as uuid format.
Dropping priv_tee_client group.

Change-Id: I50c1d09bf072a88b230d3af3edad66b54013d4f6
---

diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec
index 2d305524..d8c7c13c 100644
--- a/packaging/security-tests.spec
+++ b/packaging/security-tests.spec
@@ -57,7 +57,7 @@ cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \
 %if "%{sec_product_feature_security_mdfpp_enable}" == "1"
         -DSECURITY_MDFPP_STATE_ENABLE=1 \
 %endif
-        -DTARGET_ARCH=%{target} \
+        -DTARGET_ARCH=%{_target} \
         -DCMAKE_VERBOSE_MAKEFILE=ON       \
         -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \
         -DAPP_USER="security_test_user" \
diff --git a/src/libteec-tests/CMakeLists.txt b/src/libteec-tests/CMakeLists.txt
index 2b2418af..a2e96634 100644
--- a/src/libteec-tests/CMakeLists.txt
+++ b/src/libteec-tests/CMakeLists.txt
@@ -62,17 +62,18 @@ INSTALL(TARGETS ${LIBTEEC_TARGET_TEST}
                 WORLD_EXECUTE
     )
 
-if(${TARGET_ARCH} STREQUAL "armv7l")
+IF(${TARGET_ARCH} STREQUAL "armv7l-linux" OR ${TARGET_ARCH} STREQUAL "aarch64-linux")
+    ADD_DEFINITIONS("-DTEF_BACKEND_OPTEE=1")
     SET(PROJECT_TA_FILES_DIR
         ${PROJECT_SOURCE_DIR}/src/libteec-tests/ta-files/optee/
         )
-else(${TARGET_ARCH} STREQUAL "armv7l")
+ELSE(${TARGET_ARCH} STREQUAL "armv7l-linux" OR ${TARGET_ARCH} STREQUAL "aarch64-linux")
     SET(PROJECT_TA_FILES_DIR
         ${PROJECT_SOURCE_DIR}/src/libteec-tests/ta-files/simulator/
         )
-endif(${TARGET_ARCH} STREQUAL "armv7l")
+ENDIF(${TARGET_ARCH} STREQUAL "armv7l-linux" OR ${TARGET_ARCH} STREQUAL "aarch64-linux")
 
 INSTALL(DIRECTORY
     ${PROJECT_TA_FILES_DIR}
     DESTINATION ${TA_FILES_DIR}
-)
\ No newline at end of file
+)
diff --git a/src/libteec-tests/test_cases.cpp b/src/libteec-tests/test_cases.cpp
index 338b3db3..4449a6d1 100644
--- a/src/libteec-tests/test_cases.cpp
+++ b/src/libteec-tests/test_cases.cpp
@@ -32,6 +32,7 @@
 #include <iostream>
 #include <iomanip>
 #include <exception>
+#include <grp.h>
 
 #define DEFINETOSTR(name) case name: return #name
 
@@ -112,9 +113,28 @@ std::string uuidToString(const TEEC_UUID& uuid)
 {
     std::stringstream ss;
     toString(ss, uuid.timeLow);
+#ifdef TEF_BACKEND_OPTEE
+    // OpTEE use uuid format defined in RFC4122
+    ss << "-";
+    toString(ss, uuid.timeMid);
+    ss << "-";
+    toString(ss, uuid.timeHiAndVersion);
+    ss << "-";
+    toString(ss, uuid.clockSeqAndNode[0]);
+    toString(ss, uuid.clockSeqAndNode[1]);
+    ss << "-";
+    toString(ss, uuid.clockSeqAndNode[2]);
+    toString(ss, uuid.clockSeqAndNode[3]);
+    toString(ss, uuid.clockSeqAndNode[4]);
+    toString(ss, uuid.clockSeqAndNode[5]);
+    toString(ss, uuid.clockSeqAndNode[6]);
+    toString(ss, uuid.clockSeqAndNode[7]);
+    ss << ".ta";
+#else // TEF_BACKEND_OPTEE
     toString(ss, uuid.timeMid);
     toString(ss, uuid.timeHiAndVersion);
     toString(ss, uuid.clockSeqAndNode);
+#endif // TEF_BACKEND_OPTEE
     return ss.str();
 }
 
@@ -135,13 +155,14 @@ public:
 
         std::string src_path = TA_FILES_DIR + m_uuidStr;
         std::string dest_path = m_path + m_uuidStr;
-        RUNNER_ASSERT_MSG(std::ifstream(src_path).good(), "TA file not found in test assets");
+        RUNNER_ASSERT_MSG(std::ifstream(src_path).good(), "TA file not found in test assets: "
+				<< TA_FILES_DIR + m_uuidStr);
 
         std::ifstream src(src_path, std::ios::binary);
         std::ofstream dest(dest_path, std::ios::binary);
         dest << src.rdbuf();
 
-        RUNNER_ASSERT_MSG(isInstalled(), "Installing test TA failed");
+        RUNNER_ASSERT_MSG(isInstalled(), "Installing test TA failed: " << dest_path);
         int res = smack_set_label_for_path(dest_path.c_str(), XATTR_NAME_SMACK, 1, "_");
         RUNNER_ASSERT_MSG(res >= 0, "Failed to set smack label on TA file");
     }
@@ -152,6 +173,7 @@ public:
             std::string rmPath = m_path + m_uuidStr;
             std::remove(rmPath.c_str());
 
+#ifndef TEF_BACKEND_OPTEE
             std::string extPath = m_path + m_uuidStr + "-ext/";
             std::string extPathUuid = extPath + m_uuidStr;
 
@@ -161,6 +183,8 @@ public:
             std::remove(rmPath.c_str());
             rmPath = extPath;
             std::remove(rmPath.c_str());
+#endif // TEF_BACKEND_OPTEE
+
         } catch (std::exception& e) {
             std::cerr << "Exception thrown in SystemTa destructor: " << e.what() << std::endl;
         } catch (...) {
@@ -242,7 +266,7 @@ RUNNER_CHILD_TEST(libteec_01_load_TA_as_app)
             "Opening libteec session returned wrong value: " << errToString(res)
             << ", expected: " << errToString(desiredResult));
 
-        uint32_t desiredOrigin = isTeeEnabled ? TEEC_ORIGIN_TEE : TEEC_ORIGIN_API;
+        uint32_t desiredOrigin = isTeeEnabled ? TEEC_ORIGIN_TRUSTED_APP : TEEC_ORIGIN_API;
         RUNNER_ASSERT_MSG(returnOrigin == desiredOrigin,
             "Wrong return origin from TEEC_OpenSession: " << originToString(returnOrigin)
             << ", expected: " << originToString(desiredOrigin));
@@ -288,7 +312,7 @@ RUNNER_CHILD_TEST(libteec_02_load_TA_as_system)
             "Opening libteec session returned wrong value: " << errToString(res)
             << ", expected: " << errToString(desiredResult));
 
-        uint32_t desiredOrigin = isTeeEnabled ? TEEC_ORIGIN_TEE : TEEC_ORIGIN_API;
+        uint32_t desiredOrigin = isTeeEnabled ? TEEC_ORIGIN_TRUSTED_APP : TEEC_ORIGIN_API;
         RUNNER_ASSERT_MSG(returnOrigin == desiredOrigin,
             "Wrong return origin from TEEC_OpenSession: " << originToString(returnOrigin)
             << ", expected: " << originToString(desiredOrigin));
@@ -297,6 +321,34 @@ RUNNER_CHILD_TEST(libteec_02_load_TA_as_system)
     runInChildParentWait(fun);
 }
 
+static int removeGroup(size_t group_id)
+{
+    gid_t *group;
+    int ngroups, ret;
+    long ngroups_max;
+
+    ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
+    group = (gid_t *) malloc(ngroups_max *sizeof(gid_t));
+
+    ngroups = getgroups(ngroups_max, group);
+    if (ngroups <= 0) {
+        ret = ngroups;
+        goto exit;
+    }
+    for (int i = 0; i  < ngroups - 1; ++i) {
+        if (group[i] == group_id) {
+            group[i] = group[i + 1];
+            group[i + 1] = group_id;
+        }
+    }
+
+    ret = setgroups(ngroups - 1, group);
+
+exit:
+    free(group);
+    return ret;
+}
+
 RUNNER_CHILD_TEST(libteec_03_try_use_libteec_with_no_cynara_perm_as_app)
 {
     TemporaryTestUser tmpUser("libteec_03_test_user", GUM_USERTYPE_NORMAL, false);
@@ -314,6 +366,10 @@ RUNNER_CHILD_TEST(libteec_03_try_use_libteec_with_no_cynara_perm_as_app)
             (NULL, &TEEC_FinalizeContext);
 
         SecurityManagerTest::Api::setProcessLabel(app.getAppId());
+
+        RUNNER_ASSERT_MSG(0 == removeGroup(10013),
+            "Dropping priv_tee_client(10013) group failed");
+
         RUNNER_ASSERT_ERRNO_MSG(
             drop_root_privileges(tmpUser.getUid(), tmpUser.getGid()) == 0,
             "drop_root_privileges failed");
@@ -321,6 +377,7 @@ RUNNER_CHILD_TEST(libteec_03_try_use_libteec_with_no_cynara_perm_as_app)
         TEEC_Result res = TEEC_InitializeContext(NULL, &context);
         contextPtr.reset(&context);
 
+        // OpTEE return TEEC_ERROR_ITEM_NOT_FOUND, when cannot access to /dev/tee
         TEEC_Result desiredResult = isTeeEnabled ? TEEC_ERROR_ACCESS_DENIED : TEEC_ERROR_NOT_SUPPORTED;
         RUNNER_ASSERT_MSG(res == desiredResult,
             "Initializing context returned wrong error code: " << errToString(res)
@@ -363,4 +420,4 @@ RUNNER_CHILD_TEST(libteec_04_invalid_context_name)
     };
 
     runInChildParentWait(fun);
-}
\ No newline at end of file
+}