Marcin Niesluchowski [Tue, 21 Oct 2014 09:34:12 +0000 (11:34 +0200)]
Revert commits to cynara tests
Some commits to cynara tests making security-tests not buildable
with cynara release.
This reverts commits:
1c357c2 "Fix cynara_check return codes"
d2eb84f "Add tests for cynara_admin_check function"
a58d784 "Enhance CynaraTestAdmin with adminCheck() method"
e0b08a3 "Add tests for none bucket"
Change-Id: If344771ef62de103c24cd551cd40a6b9b8be44a3
Marcin Niesluchowski [Tue, 21 Oct 2014 09:43:03 +0000 (11:43 +0200)]
Revert commits to security-manager tests
Some commits to security-manager tests making security-tests not buildable
with security-manager release.
This reverts commits:
e3e2809 "security-manager: test security_manager_set_process_groups_from_appid"
Change-Id: I009c33811a3af23451e5cac6db142a555f248408
José Bollo [Tue, 14 Oct 2014 15:39:19 +0000 (17:39 +0200)]
Building: better handling of deprecated
It is useful to keep deprecated items as warning.
For doing that, this new option is needed.
Change-Id: Iaf140652f40d8a990d246741091119106c7b132b
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Lukasz Wojciechowski [Thu, 9 Oct 2014 16:28:29 +0000 (18:28 +0200)]
Fix cynara_check return codes
After merging "151ad89 Change client API error codes"
into cynara values returned by cynara_check() changed.
In case of access allowed cynara_check returns
CYNARA_API_ACCESS_ALLOWED instead of CYNARA_API_SUCCESS.
Change-Id: I98ff68068c9c67648601c339b0ff51af7e3e1280
Lukasz Wojciechowski [Tue, 23 Sep 2014 15:56:03 +0000 (17:56 +0200)]
Add tests for cynara_admin_check function
cynara_admin_check() function provides simmilar functionality to
cynara_check() from client's API. Differences between those two are:
* admin version can start check search in any given bucket;
* admin version can constrain search to single bucket (no recursion);
* in admin version policy types are returned without being interpreted
by plugins in cynara service (e.g. no UI popups are launched).
There are 4 tests added:
* tc16_admin_check_single_bucket - for trivial single bucket checks;
* tc17_admin_check_nested_bucket - for testing proper check search
scope (recursion and start bucket);
* tc18_admin_check_multiple_matches - for testing if minimum policy
is found, when there is more than a single policy matching;
* tc19_admin_check_none_bucket - for testing proper behaviour, when
default and only matching policy in bucket is of type NONE.
Verification:
After cynara patch https://review.tizen.org/gerrit/27971 is applied
test should pass. They can fail before due to policy types enumeration
inconsistency between external and internal caynara layers.
Change-Id: Ia37df3491fbc31beb9c638daa515ce5a6b92eb59
Lukasz Wojciechowski [Mon, 22 Sep 2014 14:03:36 +0000 (16:03 +0200)]
Enhance CynaraTestAdmin with adminCheck() method
adminCheck() method allows running and checking result of
cynara_admin_check() form libcynara-admin API.
It asserts result of cynara_admin_check() function call
and values of check results with expected values.
Change-Id: Id2a35b3b1f43f2802ccee14355b6efb8a5f5c511
Marcin Niesluchowski [Mon, 1 Sep 2014 09:38:06 +0000 (11:38 +0200)]
Make expected result of cynara client check default
Change-Id: If5e51ff720c8b03aa2d3beabefce459b65306fca
Marcin Niesluchowski [Wed, 20 Aug 2014 09:13:28 +0000 (11:13 +0200)]
Add tests for none bucket
Change-Id: I546ded4f234470ab3754338080ab9800dde18279
Rafal Krypa [Tue, 16 Sep 2014 14:28:07 +0000 (16:28 +0200)]
security-manager: test security_manager_set_process_groups_from_appid
New security-manager API supports setting process groups based on
privilege settings. This is intended for launchers. Check it during
application installation check to verify if gid-mapped privileges
are handled correctly.
Change-Id: Ie558bf985dbbc5cd1451ae743aa2f26f519fef5e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 12 Sep 2014 15:14:25 +0000 (17:14 +0200)]
security-manager: drop testing of obsolete TIZENEXEC label on symlinks
This feature is just being removed from security-manager. No labels
will be set on symlinks.
Change-Id: I9f19cb0b4f2d273407654f9e04f15d6d4823ed05
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 12 Sep 2014 15:10:27 +0000 (17:10 +0200)]
security-manager: use Smack label for verifying Cynara rules, not pkgId
Since security-manager doesn't provide function for that, tests
need to reimplement it. It should be kept in line with security-manager
code. For now there is only one label for all apps: "User".
Change-Id: I79eafea8c38bb86a3ec775a851d7e7605c1865e8
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Wojciechowski [Mon, 15 Sep 2014 12:17:57 +0000 (14:17 +0200)]
Check integrity after partial policy set
cynara_admin_set_policy() API function sets whole collection of policies
in single call. Setting some of them may fail. In such case no policies
should be applied to cynara service.
This test confirms existance of detected bug. Try to set 2 policies
(one good and one that is not allowed) leads to setPolicies() error,
however 1st policy remains in cynara's storage.
Verification: until bug is fixed in cynara's storage test should fail.
Change-Id: I3449ccbcfacb03bdcdc7a5cfb4a3b639d9b694ce
Maciej J. Karpiuk [Wed, 17 Sep 2014 09:45:37 +0000 (11:45 +0200)]
Added ckm tests.
Change-Id: I69ba5318e73ee9f6844787f2ba6a29afec293f45
Aleksander Zdyb [Wed, 3 Sep 2014 06:11:47 +0000 (08:11 +0200)]
Add include for strerror()
Change-Id: Idf24aaca911199e40b87c78ac2dd4c03d378afbd
Marcin Niesluchowski [Wed, 27 Aug 2014 07:51:12 +0000 (09:51 +0200)]
Change NULL to nullptr
Change-Id: I316a253e25a2460c9e2ff85a791550073ebde51a
Marcin Niesluchowski [Wed, 30 Jul 2014 10:41:12 +0000 (12:41 +0200)]
Adjust README to actual version of security-tests
Change-Id: I575d19fb5abe525b168c1610ed24ca70f9d684c0
Marcin Niesluchowski [Mon, 18 Aug 2014 09:34:44 +0000 (11:34 +0200)]
Use SocketUniquePtr in libprivilege-control tests
Change-Id: I47a95cf3f8d6e4c830d1c26e1bfef70ed78747e3
Marcin Niesluchowski [Wed, 30 Jul 2014 07:54:08 +0000 (09:54 +0200)]
Reorder and change test macros
Change-Id: Id05a92516053ca7128198fe61f8f5c805637d645
Jan Cybulski [Tue, 12 Aug 2014 10:54:57 +0000 (12:54 +0200)]
Adjust security-manager tests
Security-manager is no longer using libprivilege-control
Tests should now use cynara to check if privileges
were granted during application installation.
Change-Id: I4a0fea8edfad31cb9265c89b9498d6fd27d47676
Jan Cybulski [Thu, 7 Aug 2014 06:31:48 +0000 (08:31 +0200)]
Allow to run tests without arguments
If no arguments are given, then tests will be run
as if argument was '--output=text', which already
implemented. The only obstracle is check for number
of arguments that is removed in this commit.
To verify this just run any tests without arguments.
Change-Id: I17f60518d6d137c12a5a53f7852653e5f07d7599
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Marcin Niesluchowski [Mon, 28 Jul 2014 08:49:13 +0000 (10:49 +0200)]
Move test framework from wrt-commons to security-tests
Change-Id: If185e7401ded389f40d1a07e610c5d999ff152c1
Jan Cybulski [Fri, 18 Jul 2014 07:59:10 +0000 (09:59 +0200)]
Add tests for installing apps by different users
Change-Id: I65f78b92c974f5711f91a526593e4d222e1bd43b
Marcin Niesluchowski [Tue, 15 Jul 2014 16:54:35 +0000 (18:54 +0200)]
Add cynara test environment class
Change-Id: I6a83f3aab6e5ff4de4d6a9092b0b882af0eb22be
Marcin Niesluchowski [Thu, 17 Jul 2014 17:06:37 +0000 (19:06 +0200)]
Add extra bucket cynara tests
Change-Id: I195ac63e423b79b422978003892d78b863cfc2e0
Marcin Niesluchowski [Thu, 17 Jul 2014 13:48:23 +0000 (15:48 +0200)]
Add single wildcard policies cynara test
Change-Id: If3dc244bcc93b6d02c981fcb3f9cd5cbc7004705
Marcin Niesluchowski [Thu, 17 Jul 2014 11:43:59 +0000 (13:43 +0200)]
Add allow remove set policies cynara tests
Change-Id: I4be35a4242e381fbac176ad5591d2a90e50dc423
Marcin Niesluchowski [Thu, 17 Jul 2014 09:29:43 +0000 (11:29 +0200)]
Add empty bucket cynara tests
Change-Id: Ie3eb6ece201e31490e72180d0c4f53397c8976e8
Marcin Niesluchowski [Tue, 15 Jul 2014 17:34:43 +0000 (19:34 +0200)]
Add cynara invalid params tests
Change-Id: I45a63f43911c57b2d1ceb8b69410e41b527066bc
Marcin Niesluchowski [Wed, 9 Jul 2014 13:52:12 +0000 (15:52 +0200)]
Add cynara test client class
Change-Id: I8ef613c06d5fbe2a3764aaac7fa1b0b1009a860b
Marcin Niesluchowski [Wed, 9 Jul 2014 12:17:15 +0000 (14:17 +0200)]
Add cynara test admin class
Change-Id: I6871e7e51d6f78df03948d7dc83a88e5fe0ffeb3
Marcin Niesluchowski [Thu, 10 Jul 2014 11:22:03 +0000 (13:22 +0200)]
Make DBusAccess class more generic
DBusAccess class should be able to restart any service.
Change-Id: I035321e9cd6fb219f2affc01b06299ace9c8af18
Jacek Bukarewicz [Fri, 11 Jul 2014 13:56:53 +0000 (15:56 +0200)]
Add tests for setting current process label
Change-Id: I020b8c812526c7e13d86df8ffe72c4d80a1e0fe0
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Marcin Niesluchowski [Mon, 16 Jun 2014 09:48:12 +0000 (11:48 +0200)]
Refactor test for smack_*getlabel and smack_*setlabel.
Change-Id: I65b60e6d13137b3d6a3ece46becde5050f4aa0b0
Jacek Bukarewicz [Tue, 15 Jul 2014 08:07:59 +0000 (10:07 +0200)]
Use tzplatform_mkpath to get path to .rules-db.db3 database
Change-Id: I6b834fe93551349954480dbc809e483f6a146dfd
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Marcin Lis [Thu, 3 Jul 2014 13:47:09 +0000 (15:47 +0200)]
Add security-manager database records testing.
Use the TestSecurityManagerDatabase class to test installation and privilege
assignment process in security-manager's database.
Change-Id: I08155d56904c31fe2a124d86d089014e9da95008
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Thu, 3 Jul 2014 13:45:38 +0000 (15:45 +0200)]
Add parameters to security-manager tests functions.
This commit pre-reorganizes tests. It prepares security-manager tests
to implement database records checks in next step.
Change-Id: I4687a71f12117c8b5c02e90cb71851ec95aacf16
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Wed, 2 Jul 2014 13:38:41 +0000 (15:38 +0200)]
Add new class to test security-manager database records.
Reuse the concept implemented in libprivilege-control tests.
The interface of the introduced class may be used in security-manager tests.
Currently it allows to check if app and pkg have been successfully installed
along with all requested privileges. Checking application uninstallation is
possible as well.
Change-Id: I1eb95312c7ace890402533ef17645b91485ad443
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Tue, 1 Jul 2014 15:06:21 +0000 (17:06 +0200)]
Move generic Sqlite3DBase test files to common part.
Prepare DB-test framework for later use in security-manager tests.
Change-Id: I9454431db2654adc0019446e08615ae72051a0fd
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Wed, 18 Jun 2014 13:17:42 +0000 (15:17 +0200)]
Add test for libprivilege permissions update.
This commit introduces tests for the following change:
https://review.tizen.org/gerrit/#/c/23382/
Change-Id: I42c228dac84c9aee8f7f55de4a9d4773f97f11f1
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Niesluchowski [Mon, 23 Jun 2014 10:26:21 +0000 (12:26 +0200)]
Remove security_manager_app_inst_req_add_allowed_user from tests.
Function security_manager_app_inst_req_add_allowed_user will be
removed from security-manager.
Change-Id: I89aafc3d1ae49044bdcb860545181e6e355d6f28
Marcin Niesluchowski [Tue, 3 Jun 2014 12:36:59 +0000 (14:36 +0200)]
Add test for security-manager installer service.
Verification:
-> secuirty-tests.sh security-manager --output=text --runignored
(all should pass)
Change-Id: I43b10b0032300cbf4b21faceae85d1f1dc1a982f
Jan Cybulski [Thu, 5 Jun 2014 13:02:04 +0000 (15:02 +0200)]
Test labeling links to execs by security-manager
Security manager's installer service labels links to execs
with a special xattr: security.TIZEN_EXEC_LABEL.
This commit checks that functionality.
Change-Id: Iac86bc6a55aba4b3648ec2f4e475c28121b025f0
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jacek Bukarewicz [Fri, 6 Jun 2014 13:09:53 +0000 (15:09 +0200)]
Use /tmp/ as location for smack test files
Smack laccess tests used /opt/home/app previously, but it does not
necessarily exist so replace it with /tmp/.
Change-Id: Id711c60ef49e0078519f8acc77d5b034a23c1596
Jan Cybulski [Thu, 5 Jun 2014 13:00:42 +0000 (15:00 +0200)]
Add tests for security manager's installer service
Add more specific tests for security manager's
security_manager_app_inst_req_add_path:
Tests for SM_PUBLIC_PATH and SM_PUBLIC_RO_PATH added.
Change-Id: I505fca28ef992676f967fa6cf29bc2d6343388c1
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Wed, 4 Jun 2014 12:47:19 +0000 (14:47 +0200)]
Fix return value of smack_have_access
Libsmack's smack_have_access returns 0 on no access and -1 on errors.
Checking rule that does not exist should not return -1
Change-Id: I604eed75634c9bc1dfbeb41a70d0a11211be96f0
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Jan Cybulski [Wed, 4 Jun 2014 12:44:44 +0000 (14:44 +0200)]
Fix segmentation fault on libsmack tests
Change-Id: I6fbae1e6513a6121aae53863193d862b03da257a
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
Aleksander Zdyb [Thu, 29 May 2014 12:39:17 +0000 (14:39 +0200)]
Add tests for Cynara RE (Rush-Edition)
Change-Id: I628a242f40001a2e81ac1728e19402ed30b11934
Signed-off-by: Aleksander Zdyb <a.zdyb@partner.samsung.com>
Marcin Niesluchowski [Fri, 23 May 2014 09:00:06 +0000 (11:00 +0200)]
Fix tc_unit_09_02_app_user_cookie_API_access_deny test.
Verfication:
-> security-server-tests-server --output=text --runignored \
--regexp=tc_unit_09_02_app_user_cookie_API_access_deny
(with smack; test should not fail)
Change-Id: I03e696482ce797a67c3de9b77418d448970c5f23
Jacek Bukarewicz [Wed, 21 May 2014 15:02:09 +0000 (17:02 +0200)]
Don't use OSP and WRT installers in security tests
Security tests used to install WRT and OSP test applications in
post installation script. This is not necessary and can be replaced by
shipping binaries and symlinks required by test in RPM package.
To verify check if libprivilege-control tests' results are unaffected by
this change.
Change-Id: Id1d73bfb0249bc63bd33613c40d04a673783642d
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Marcin Niesluchowski [Thu, 22 May 2014 12:18:21 +0000 (14:18 +0200)]
Revert "Fix security-server server tests"
This reverts commit
df5967df7e0c2d61ca4829c3add727a1696cd058.
Conflicts:
tests/security-server-tests/server.cpp
Change-Id: I10296aab70f267f90e7a94432672fd0b94b9b129
Marcin Niesluchowski [Wed, 21 May 2014 06:51:52 +0000 (08:51 +0200)]
Adjust AccessProvider api to current security-server.
Sockets in security-server has been moved to /run labeled with
System::Run label and AccessProvider provided old smack accesses.
Previous references to sockets' old smack labels has been removed.
Verification:
-> security-tests-all.sh
(server, cookie-api, clientsmack and dbus tests should pass,
no changes in other tests)
Change-Id: I9796fb0b52890553767783de5cffdc7b5ecb8746
Marcin Niesluchowski [Wed, 14 May 2014 09:36:18 +0000 (11:36 +0200)]
Add tests for security_server_app_has_privilege function.
security_server_app_has_privilege function has been restored
and changed in security-server repository.
See:
-> 'Bring back part of app-permissions service'
-> 'Adjust security_server_app_has_privilege to Tizen 3.0 model.'
Verification:
-> security-tests.sh ss-privilege --output=text --runignored
(test should pass)
Change-Id: I505c0d49f2bcbc739f63f5828edd81feb168cca3
Marcin Niesluchowski [Thu, 8 May 2014 18:28:43 +0000 (20:28 +0200)]
Add security-manager tests.
security-manager service has been added to security-server repository.
See:
-> 'Implement installer service'
-> 'Added security-manager API'
Verification:
-> security-tests.sh security-manager --output=text
(test should pass)
Change-Id: Idb69adada46864373208eb932f46402a4561e31e
Marcin Niesluchowski [Wed, 7 May 2014 13:27:44 +0000 (15:27 +0200)]
Refactor perm_app_setup_path libprivilege-control tests.
New design provides only three ways of labelling path in libprivilege-control.
See:
-> 'Added APP_PATH_PUBLIC and APP_PATH_FLOOR types to perm_app_setup_path function.'
Verification:
-> libprivilege-control-test --output=text --runignored
(following tests should pass:
-> privilege_control02_perm_app_setup_path_01_PRIVATE
-> privilege_control02_perm_app_setup_path_02_FLOOR
-> privilege_control02_perm_app_setup_path_03_PUBLIC_RO
-> privilege_control02_perm_app_setup_path_03_PUBLIC_RO_nosmack)
Change-Id: I90ffeaf1eac585bf0c999705940544263ac3214c
Marcin Niesluchowski [Thu, 8 May 2014 10:03:25 +0000 (12:03 +0200)]
Add tests to libprivilege-control perm_app_has_permission function.
libprivilege-control function perm_app_has_permission has been restored
and changed.
See:
-> 'Restore perm_app_has_permission API function.'
-> 'Adjust perm_app_has_permission API function to Tizen 3.0 model.'
Verification:
-> security-tests.sh libprivilege-control --output=text --runignored
(following tests should pass:
-> privilege_control20_perm_app_has_permission
-> privilege_control21m_incorrect_params_perm_app_has_permission)
Change-Id: I62d38b4665e5cc51f50b284378a3197dc8daefd2
Marcin Niesluchowski [Thu, 24 Apr 2014 13:54:54 +0000 (15:54 +0200)]
Adapt tests to new exec labelling design.
Remove smack exec label checks for links.
See:
-> 'Adapt to tizenorg: Change implementation of exec labels for links to binaries'
Verification:
-> libprivilege-control-test --output=text \
--regexp=privilege_control02_app_label_dir
(test should pass)
Change-Id: Ided8c081c8fbd3b672f34a325373ccbbba653ef8
Zofia Abramowska [Fri, 18 Apr 2014 12:50:22 +0000 (14:50 +0200)]
Fix memory managment
Organize used smart pointers.
Fix memory leaks inside libsmack test cases.
Change-Id: I7c63af01b463d0f5a2f3ac8c1c4dad1734f30ce5
Marcin Niesluchowski [Wed, 30 Apr 2014 14:37:53 +0000 (16:37 +0200)]
Adapt tests to change in libprivilege-control.
See libprivilege-control change:
-> 'Adapt to tizenorg: Generate app label from pkg_id'
Verification:
-> security-tests.sh libprivilege-control --runignored --output=text
(tests from libprvilegecontrol and libprivilegecontrol_nosmack
groups should pass)
Change-Id: I3b9a29dc10b33ee1ae488142bf16c4e4b4d69987
Zofia Abramowska [Thu, 17 Apr 2014 12:51:00 +0000 (14:51 +0200)]
Rewriting cleanup functions for libsmack test cases
Simplifying cleanup functions.
This is a preparation commit for total refactoring
of cleanup mechanism in libsmack test cases
Change-Id: I1963b71188446b912f85ade0e9838eeb9f1af34f
Marcin Niesluchowski [Thu, 3 Apr 2014 09:18:54 +0000 (11:18 +0200)]
Remove unnecessary verify_chk_pwd_basic function.
Verification:
-> security-tests.sh ss-password --output=text --runignored
(no changes)
Change-Id: I804a3fc1d63da369eb155f7f776b9ac104542fbd
Janusz Kozerski [Mon, 14 Apr 2014 14:02:25 +0000 (16:02 +0200)]
Adapt tizen.org tests to newest security-server changes
Mark all tests that check security-server functions:
- security_server_check_privilege_by_sockfd,
- security_server_check_privilege_by_pid,
- security_server_check_privilege_by_cookie,
as ignored.
Verification: Build with the newest security-server. All security-server test should pass.
Change-Id: I3eea20e03f4e0e7b31a9c18f6b75e9b650a4a517
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
Marcin Niesluchowski [Thu, 13 Mar 2014 15:33:53 +0000 (16:33 +0100)]
Fix groups issue in tests using perm_app_set_privilege api.
Due to current policy process calling perm_app_set_privilege is added
to current groups of app user and additional groups associated with
smack label in database. Previous tests did not take into account
current groups of app user.
Verification:
-> security-tests.sh libprivilege-control --runignored --output=text
Change-Id: I03a7e96c46da20af6a01c86b290fc7180425afb5
Zofia Abramowska [Thu, 17 Apr 2014 12:03:14 +0000 (14:03 +0200)]
Rewrite files_compare function
Refactoring files_compare function now, when backtrack functionality
is available.
Change-Id: I5bde968289a3dea7b4c6aff2d9b075b5c22953de
Zbigniew Jasinski [Wed, 16 Apr 2014 15:14:12 +0000 (17:14 +0200)]
Fixing failing 'smack13_4_*' libsmack tests
[Bug/Feature] Failing 'smack13_4_*' libsmack tests.
[Cause] Not enough privileges for testing suite to access /opt/home/app
[Solution] Set the right access 'x' to 'User' label.
[Verification] Build, install and run tests on smack kernel:
libsmack-test --output=text --regexp='smack13_4_*'
Change-Id: Ia811b3fe8af8b5b3f35ecd5fb991d6a6738f5d1b
Radoslaw Bartosiak [Wed, 16 Apr 2014 10:01:51 +0000 (12:01 +0200)]
Fix Security Server tc_unit_03_04_security_server_check_privilege_neg.
[Bug/Feature] Test failed with "Reading pipe error" message.
[Cause] SEGFAULT in a test thread.
[Solution] Fixed usage of std::vector::erase.
[Verification] Build, install and run tests on smack and non-smack env.
tc_unit_03_04_security_server_check_privilege_neg is OK.
Change-Id: I79d8c7f39dcabb988b27ac902f211dab68b6cde8
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Marcin Niesluchowski [Tue, 15 Apr 2014 11:54:01 +0000 (13:54 +0200)]
Add SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE error check.
Due to change in following commit in security-server repository
another connection error has been added.
-> 'Signalling attempt to access a non-existent service'
Verification:
-> security-tests.sh ss-api-speed --runignored --output=text
Change-Id: I088117a163d34ab37aba4de4a193c39c5c1a0b25
Marcin Lis [Fri, 4 Apr 2014 12:49:13 +0000 (14:49 +0200)]
Fix Security Server no-smack stress tests.
[Bug/Feature] Security-server stress tests failure with smack disabled.
[Cause] Security-server is able to handle only 5 clients in
waiting queue.
[Solution] Reduce the number of threads to 5.
[Verification] Build, install and run tests on smack and non-smack
environment, stress tests should pass.
Change-Id: I099df21a279ede482d4a4e214f9e83f9a0db654e
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Tue, 8 Apr 2014 15:33:35 +0000 (17:33 +0200)]
Remove tests that use deprecated libprivilege-control API.
[Feature] Adapt tests to tizen.org
[Cause] Libprivilege contained a lot of API that was marked deprecated
for a long time. This API is removed in the following commit:
https://review.tizen.org/gerrit/#/c/19194/
[Solution] Remove tests, macros, variables associated with old API:
- app_register_av
- app_add_friend
[Verification] Build, install and run tests on smack and non-smack environment.
Ensure that libprivilege-control rpm built from the commit linked
above is installed on the target.
Removed tests should not be present.
Change-Id: I59ef71c5684a29a4fb6ba6a8f6a4a667e3f99ab0
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Janusz Kozerski [Tue, 1 Apr 2014 13:02:02 +0000 (15:02 +0200)]
Adjustment needed for performance tests in wrt-commons
The change "Add summary view to all security tests" colids with DPL
performance test in wrt-commons (commit: Add RUNNER_PERF_TEST_BEGIN()
and RUNNER_PERF_TEST_END() macros for performance tests). Without
this patch a build-break in security-test will occur after applying
performance tests feature to wrt-commons repository.
This patch fix the build break - security-tests can be build with
and without performance test in wrt-commons.
Verify:
Build wrt-commons with patch "Add RUNNER_PERF_TEST_BEGIN()
and RUNNER_PERF_TEST_END() macros for performance tests". Then build
security-tests. Run all tests - there should be no changes in test
results.
Change-Id: If49834dcdd5396434a782e936d9906035b02fd32
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
Zofia Abramowska [Tue, 8 Apr 2014 09:15:11 +0000 (11:15 +0200)]
Fix system include dirs dependencies for test commons
[Bug] System include dirs dependencies not marked as such
[Cause] Wrong settting in CMakeLists
[Solution] Add inlude_directories with system setting for test
commons dependencies
[Verification] Successfull build
Change-Id: I00a87a0cf21497612fa84e6e718667be2515a48f
Marcin Niesluchowski [Tue, 1 Apr 2014 16:44:41 +0000 (18:44 +0200)]
Fix tc_unit_06_01_security_server_get_smacklabel_cookie test.
Test tc_unit_06_01_security_server_get_smacklabel_cookie fails with
smack disabled.
Verification:
-> security-tests.sh ss-server --output=text --runignored
(tc_unit_06_01_security_server_get_smacklabel_cookie_* should pass
with no changes in other tests)
Change-Id: Ia6a56120c777234faed3718a89b01caf91c7281f
Sebastian Grabowski [Mon, 24 Mar 2014 13:52:29 +0000 (14:52 +0100)]
Some tests that call smack_revoke_subject should run with smack
[Bug/Feature] Some tests calling smack_revoke_subject fails when run without
smack
[Cause] Tests need smack to run properly
[Solution] Run those test only when smack is enabled. Moreover, if
it was possible, added similar nosmack versions
of these tests.
[Verification] Build, install and run tests, i.e.:
security-tests.sh ss-server --runignored --output=text
Change-Id: I1319c64581cce3739e1168a9d3dc45a1878892a8
Signed-off-by: Sebastian Grabowski <s.grabowski@partner.samsung.com>
Marcin Niesluchowski [Thu, 27 Mar 2014 18:00:16 +0000 (19:00 +0100)]
Fix failing tests from SECURITY_SERVER_API_SPEED_MEASURER group.
Following tests fail with smack disabled:
-> m060_security_server_check_privilege_by_cookie
-> m070_security_server_check_privilege_by_sockfd
Verification:
-> security-tests.sh ss-server --output=text --runignored
(no changes)
-> security-tests.sh ss-api-speed --output=text --runignored
(m060* and m070* should pass)
Change-Id: Ie93a803bc498448c6d374bcc552be0b2afcca3d4
Sebastian Grabowski [Tue, 25 Mar 2014 12:44:13 +0000 (13:44 +0100)]
Removed use of pid_cycle file and ENVIRONMENT macros
[Bug/Feature] Security-server client tests failure with smack disabled
while test environment preparations
[Cause] pid_cycle file was created in a nonexistent directory.
Moreover, this file seems to be unused in any way
further and not deleted either.
[Solution] Get rid of pid_cycle file usage. In addition,
ENVIRONMENT and ENVIRONMENT_NOSMACK macros were deleted
in favour of drop_root_privileges function for nonsmack
tests and AccessProvider class for smack tests.
There were also duplicated tests about security server
cookies - they were moved to cookie_api.cpp.
Tests run as app user in cookie_api.cpp are now distinguished
from others with changed name having "_app_user_" string.
[Verification] Build, install and run tests, i.e.:
security-tests.sh ss-server --runignored --output=text
security-tests.sh ss-clientsmack --runignored --output=text
Change-Id: I68ad3f0bb12f437fa927660327c5e44f91e91446
Signed-off-by: Sebastian Grabowski <s.grabowski@partner.samsung.com>
Zofia Abramowska [Thu, 27 Mar 2014 14:08:51 +0000 (15:08 +0100)]
Rewrite macro defines as consts
Removing unnecessary macros and replace them with const variables.
Change-Id: I867e54eebbd4e01ca7947abf67a5642c6f965c2e
Zofia Abramowska [Fri, 21 Mar 2014 17:00:37 +0000 (18:00 +0100)]
Fix error messages for access denial tests
Error messages stated that function failed instead of saying
that access should not have been granted.
Change-Id: Ifcd1bca4f5b6b12c5d907b0301afdc727e73739a
Zofia Abramowska [Fri, 21 Mar 2014 16:40:49 +0000 (17:40 +0100)]
Fix security-server server tests
Some of test expect to receive access denied when trying to
access security server sockets. Now these sockets are labeled
"_" so access always is granted.
Setting ignore on those test cases, which expect access denial.
Change-Id: Ibd8ec5c8b3b85ac829650f9c080983be7154b8a0
Marcin Lis [Mon, 24 Mar 2014 10:44:07 +0000 (11:44 +0100)]
Refactor libprivilege-control stress tests.
[Issue#] N/A
[Feature] Adapt tests to tizen.org
[Cause] Tests failing under no-smack environment due to improper design.
[Solution] Make stress tests work well when SMACK is not present by adding
different conditions. In addition use types defined in common
headers instead of repeating nested declarations of vectors.
[Verification] Build, install, run tests.
The following test cases should pass:
<< WITH SMACK >>
- privilege_control22_app_installation_1x100_smack
- privilege_control23_app_installation2_10x10_smack
<< WITHOUT SMACK >>
- privilege_control22_app_installation_1x100_nosmack
- privilege_control23_app_installation2_10x10_nosmack
Change-Id: I8a9cfeeb4ce81c7543e3ef33b704441f25dd9c2d
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Mon, 24 Mar 2014 14:30:15 +0000 (15:30 +0100)]
Remove anti-virus tests from libprivilege group.
[Issue#] N/A
[Feature] Adapt tests to tizen.org
[Cause] Tests failing because AV (anti-virus) functionality is deprecated
[Solution] Remove tests connected to anti-viruses.
Leave av test marked as ignored and deprecated. It will be
removed when libprivilege API is cleaned up.
[Verification] Build, install, run tests.
The following test cases should not be present on the list:
- privilege_control24a_av_privilege_group_rw
- privilege_control24b_av_privilege_settings_rw
- privilege_control24c_av_privilege_public_ro
Change-Id: I2a468990065aae3aa83a81c9336b6d7e6595c9aa
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marcin Lis [Mon, 24 Mar 2014 09:43:54 +0000 (10:43 +0100)]
Fix libprivilege-control tests connected with perm_app_setup_path
[Issue#] N/A
[Feature] Adapt tests to tizen.org and new three domain policy.
[Cause] Tests failing due to lack of privileges in libprivilege database.
[Solution] Add required permissions to database.
[Verification] Build, install, run tests.
The following test cases should pass:
<< WITH SMACK >>
- privilege_control17_appsettings_privilege
- privilege_control22_app_installation_1x100
- privilege_control23_app_installation2_10x10
<< WITHOUT SMACK >>
- privilege_control17_appsettings_privilege_nosmack
Change-Id: Iefb388d4dfca1b1681c55ee8db87eb35a9109f73
Signed-off-by: Marcin Lis <m.lis@samsung.com>
Marek Smolinski [Thu, 20 Mar 2014 14:23:22 +0000 (15:23 +0100)]
Fix tc18_security_server_get_smacklabel_cookie_nosmack
Wrong logical expresion checking empty string in ASSERTION
Change-Id: I2b2ddd59fbf028430392a9dcdc90e7c539f06024
Signed-off-by: Marek Smolinski <m.smolinski@samsung.com>
Marcin Niesluchowski [Mon, 17 Mar 2014 16:11:52 +0000 (17:11 +0100)]
Fix rules file compared with created by smack_accesses_save.
After merge of smack upstream to tizen saved rules file format
has changed.
Change-Id: I785b60a56dfe3a236fe15adb0e15f1ff7c4d2cdb
Marcin Niesluchowski [Mon, 10 Mar 2014 17:30:39 +0000 (18:30 +0100)]
Adapt to tizenorg
Seurity-server tests:
* Remove tests for app-permissions service.
* Remove tests for open-for service.
* Remove tests for cookie service apis:
** security_server_get_uid_by_cookie
** security_server_get_gid_by_cookie
Libprivilege-control tests:
* Remove tests for perm_add_additional_rules api.
* Remove tests for perm_app_setup_permissions api or change this to
perm_app_enable_permissions api in those tests.
* Remove tests for perm_get_permissions api.
* Remove tests for perm_app_get_paths api.
* Remove tests for perm_app_remove_path api.
* Remove tests for get_smack_label_from_process api.
* Remove tests for smack_pid_have_access api.
* Remove tests regarding nonexistent app_type_t values or change those values
to proper ones.
* Change nonexistent app_path_type_t values to proper ones.
* Remove nonexistant functionalities checks.
Change-Id: I3d4bc05c273801d34b8b3b11ab3474a28148440f
Lukasz Wojciechowski [Mon, 24 Feb 2014 15:23:29 +0000 (16:23 +0100)]
Prevent running perm_add_additional_rules_smack_access_*
tests in nosmack mode
[Issue#] N/A
[Feature] These tests fail in nosmack mode
[Cause] Tests need smack to run properly
[Solution] N/A
[Verification] Run libprivilege-control tests on target.
Verify with both smack and nosmack variants.
4 tests should be run only at smack mode:
perm_add_additional_rules_smack_access_*
Change-Id: I3fc96531d90a71ca5b0feeea181f722e99bd84e7
Marcin Niesluchowski [Thu, 6 Mar 2014 15:40:36 +0000 (16:40 +0100)]
Fix removing unnecessary define.
[Issue#] N/A
[Bug/Feature] Using unnecessary define dependent on wrt-commons.
[Cause] N/A
[Solution] Using true instead of TRUE macro.
[Verification] Build with wrt-commons devel. Run.
privilege_control11_app_enable_permissions_nosmack should pass.
Do the same for wrt-commons master branch.
Change-Id: I3e01a51b01a07c81d606506aa1295c4a052561e7
Bartlomiej Grzelewski [Tue, 18 Feb 2014 12:51:49 +0000 (13:51 +0100)]
Add test for security_server_is_pwd_valid.
[Issue#] N/A
[Cause] Korea claims that this function returns 0 after date was
moved back.
[Bug] Not found.
[Solution] N/A
[Verification] Build, run tests.
Change-Id: I317a21692a360fa3dafa6b9d067899aebd68db43
Bartlomiej Grzelewski [Mon, 27 Jan 2014 15:26:38 +0000 (16:26 +0100)]
Add additional tests for password service.
[Issue#] N/A
[Bug/Problem] Security-server set up wrong value as validSec when
password validity time was set as "never expired".
[Cause] N/A
[Solution] N/A
[Verification] Build, run tests.
Change-Id: I2fa830899786ee72f4d24ac3f1a9cd771527552e
Zofia Abramowska [Thu, 13 Feb 2014 12:57:44 +0000 (13:57 +0100)]
Fix set privilege tests for OSP and EFL
[Issue#] PSDAC-125
[Bug] Imporper tests for perm_app_set_privilege
[Cause] App type for OSP should be "tpk" inseatd of NULL.
No test for EFL type of application.
[Solution] Changed app type for OSP and added perm_app_set_privilege
tests for EFL.
[Verification] Build. Run libprivilege tests. One test more should be
run and no more tests should fail.
Change-Id: I366368e4ba3ef5e9389ed15abd0fd056b937015b
Marcin Niesluchowski [Mon, 24 Feb 2014 12:44:57 +0000 (13:44 +0100)]
Fixing privilege_control05_perm_get_permissions.
[Issue#] N/A
[Bug/Feature] Temporary array passed as an argument.
[Cause] Build fails.
[Solution] Changing it to local variable.
[Verification] Build tests, run, privilege_control05_perm_get_permissions should pass.
Change-Id: I77a112698b7b016a71f68599b27a15f49fec363d
Pawel Broda [Thu, 16 Jan 2014 12:55:02 +0000 (13:55 +0100)]
Test cases for app privileges state getters
[Issue#] SSDWSSP-627
[Feature] Tests for added API functions.
[Cause] N/A
[Solution] N/A
[Verification] Build and run tests on the target
The code to be tested:
http://slp-info.sec.samsung.net/gerrit/#/c/341259/
Change-Id: I10189b0c528f34f5cb74531109e7461cd6d1a4b1
Lukasz Wojciechowski [Fri, 7 Feb 2014 11:00:12 +0000 (12:00 +0100)]
Remove password retry timeouts where not needed.
Replace related magic numbers with proper define.
[Issue#] N/A
[Feature] Some timeouts are no longer needed.
[Cause] N/A
[Solution] N/A
[Verification] Build and run security-server tests on the target.
Verify with both smack and nosmack variants.
Change-Id: I75ab774048c0f5793bde7c7f36e423d8cd8a1275
Marcin Niesluchowski [Mon, 10 Feb 2014 15:52:41 +0000 (16:52 +0100)]
Fix dbus tests.
[Issue#] PSDAC-50
[Bug/Feature] Dbus tests fail.
[Cause] Wrong smack access format.
[Solution] Chaning smack access.
[Verification] Build, install, run. All dbus tests should pass.
Change-Id: Id4ccc05a005a6703dea62dee2f12cc0d64975d01
Damian Chromejko [Wed, 4 Dec 2013 08:11:36 +0000 (09:11 +0100)]
Add a test for perm_app_remove_path().
[Issue#] SSDWSSP-698
[Feature/Bug] N/A
[Cause] Extension of libprivilege-control API needs tests.
[Solution] Added a test for perm_app_remove_path.
[Verification] Build, install, run tests.
Please build libprivilege-control including patch:
http://slp-info.sec.samsung.net/gerrit/#/c/358698/
Change-Id: Iba635e512110e4d7e3ec7dd138e6d1700dae2575
Marcin Niesluchowski [Wed, 5 Feb 2014 09:54:10 +0000 (10:54 +0100)]
Fixing libsmack tests.
[Issue#] PSDAC-50
[Bug/Feature] libsmack tests fail.
[Cause] Access format does not allow additional characters.
Default tests label is not "_".
[Solution] Changing accesses to proper ones.
Changing way of installing manifest file and adding exec labels
for binaries.
[Verification] Build, install and run libsmack tests. All should pass.
Change-Id: Ie31f43137c83a74d6c9a829bfecc828f8fff0e60
Conflicts:
packaging/security-tests.spec
Michal Witanowski [Thu, 12 Dec 2013 11:04:00 +0000 (12:04 +0100)]
Cookie API tests cleanup.
[Issue#] SSDWSSP-796
[Bug/Feature] N/A
[Cause] Mess in security server tests code.
[Solution] Move all the test cases connected with cookies API
to cookie_api.cpp. Remove redundant tests.
Fixed failing tc06_check_API_middleware_denied
(now tc_unit_09_02_cookie_API_access_deny).
[Verification] Build, install and run security server tests.
Change-Id: Iaa2b025e36f9bed5c670e206c49bb59f44c80e52
Pawel Broda [Mon, 20 Jan 2014 14:03:01 +0000 (15:03 +0100)]
Test case for transaction rollback in libprivilege-control
[Issue#] SSDWSSP-609
[Feature] Test case for new libprivilege-control API
function: perm_rollback().
[Cause] N/A
[Solution] N/A
[Verification] Build and run on the target.
Build together with libprivilege-control package
containing:
http://slp-info.sec.samsung.net/gerrit/#/c/337121/
Change-Id: I1bd9f2de29276b2c6a2c5fbd3a457f800088fa79
Zofia Abramowska [Thu, 21 Nov 2013 11:36:30 +0000 (12:36 +0100)]
Fixing klocwork bugs
[Issue#] N/A
[Bug] Memory leaks, null pointer dereferrences.
[Cause] N/A
[Solution] Fixing memory leaks with C++ standard classes, checking
null values of pointers
[Verification] Build. Tests passes for libsmack, ss-password,
ss-client-smack and ss-dbus should not change for worse.
Change-Id: Ie0ab2ea7745118f1129f9eaef80b433cc4c3624e
Marcin Niesluchowski [Wed, 29 Jan 2014 08:57:23 +0000 (09:57 +0100)]
Adding configuration file regarding dbus policy.
[Issue#] SSDWSSP-750
[Bug/Feature] Security-server tests using dbus fail.
[Cause] Lack of dbus policy for security-tests.
[Solution] Adding conf file.
[Verification] Build, install, run tests.
Change-Id: I932fc6712aee0211a06940133e09db61dde45c12
Marcin Niesluchowski [Thu, 16 Jan 2014 06:54:32 +0000 (07:54 +0100)]
Change sensitive names to more proper ones.
[Issue#] N/A
[Bug/Feature] Some names could be registered as trademarks.
[Cause] N/A
[Solution] Changing names.
[Verification] Build. Run tests. Test results should not change.
Change-Id: I167be87d597d05c4785edf814bca6fb3f5aeea4c
Bartlomiej Grzelewski [Thu, 12 Dec 2013 16:20:08 +0000 (17:20 +0100)]
Change name security_server_open_for.cpp to open_for.cpp.
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, run tests.
Change-Id: Ia6de5176d9df280870599145dea5b49a6f8a0681