Krzysztof Jackiewicz [Fri, 24 Apr 2020 19:51:37 +0000 (21:51 +0200)]
Use TemporaryTestUser::getUidString where applicable
Change-Id: I0663b3a29ca74eea2f5019319d857d03a0562885
Zofia Abramowska [Tue, 7 Apr 2020 15:59:43 +0000 (17:59 +0200)]
Remove package from pkgmgr-parser.db even when sm install fails
Change-Id: I645fc92a632f60a5891759b92a1da51ee5d3300d
Krzysztof Jackiewicz [Wed, 22 Apr 2020 11:17:29 +0000 (13:17 +0200)]
Provide configuration for smack-privilege tests
Security-manager has empty configuration for smack privileges by default. To
test this functionality smack privilege tests provide their own configurations.
Change-Id: I71028202f00eb159ee8d4df76041a25b4be188b1
Dariusz Michaluk [Thu, 30 Apr 2020 12:44:04 +0000 (14:44 +0200)]
Add new test scenario, where app is killed during policy change.
Change-Id: I9a57548b1f136f3612d8be5b1b2b6f64f335970d
Krzysztof Jackiewicz [Fri, 17 Apr 2020 12:34:05 +0000 (14:34 +0200)]
Add smack-privilege tests
Change-Id: Ic6b5535199e0b6095eda8539db847dc11aef356b
Krzysztof Jackiewicz [Mon, 20 Apr 2020 06:50:03 +0000 (08:50 +0200)]
Allow uid change in AppInstallHelper
Change-Id: I3d329b8afa481e90b367abbaeb80f20bd3cc2a45
Krzysztof Jackiewicz [Thu, 16 Apr 2020 20:18:49 +0000 (22:18 +0200)]
Group privilege check refactoring
Make the checking function a passive one. Do not change process suplementary
groups in it. Modify ScopedAppLauncher to perform the test in launched app.
Test group setting api in a separate test.
Change-Id: Iccc20810dad0b667f0f4007701bd0c99e5c99f83
Krzysztof Jackiewicz [Mon, 20 Apr 2020 13:18:10 +0000 (15:18 +0200)]
Make ScopedAppLauncher child always notify the parent
In case any of ScopedAppLauncher child process asserts fails, make sure the
parent is notified and displays the error properly.
Change-Id: I75bbe0e7781cf338b62a39de03fda8f305ae8d50
Krzysztof Jackiewicz [Mon, 20 Apr 2020 11:50:39 +0000 (13:50 +0200)]
Cleanup namespace after app termination
This API call is necessary to cleanup /var/run/user/ app links after app is
terminated. Security-manager detects running apps basing on these links
existence.
Change-Id: If4feb5d158deac30098d05230c9f7fca928eacd2
Krzysztof Jackiewicz [Wed, 15 Apr 2020 14:42:40 +0000 (16:42 +0200)]
Check smack leftovers after uninstallation
Not all smack rules are removed after user removal. It is due to improper
handling of hybridity update when apps are installed for different user than
the one passed in the update request.
Check it in security_manager_09_app. The check would fail. It has been marked
as "ignored" until proper fix lands in security-manager.
Change-Id: I7936d711e6a3f0dc14ecb405f35247b20f4cb37a
Krzysztof Jackiewicz [Thu, 23 Apr 2020 08:24:07 +0000 (10:24 +0200)]
Add smack-privilege checkers to AppInstallHelperExt
Change-Id: I814dc54983ebcd4c42db8e8fbca36df71e732f54
Krzysztof Jackiewicz [Thu, 23 Apr 2020 09:46:21 +0000 (11:46 +0200)]
Add smack-privilege parsing to PolicyConfiguration
Change-Id: I9fa0b5b86138725cb9520379e25f71f82a3e43f7
Krzysztof Jackiewicz [Fri, 24 Apr 2020 14:09:05 +0000 (16:09 +0200)]
Unify privilege representation
- Use common privilege names in all sm tests
- Remove ambigious/deprecated methods from AppInstallHelper
- Use PrivilegeVector instead of PolicyConfiguration::PrivVector in
AppInstallHelper and related code
- Add privilege vectors instead of individual privileges where possible
Change-Id: I96cac9bacc8de271f9b9f9ceb7bf7c248fb26171
Krzysztof Jackiewicz [Mon, 6 Apr 2020 15:35:56 +0000 (17:35 +0200)]
Extend AppInstallHelper with checker methods
Move app checkers to AppInstallHelper derived class. Too many arguments
have to be passed here and there. Writing new checkers is pain in the
back. There's still a lot to be improved. Testing framework has to be
adjusted to allow multiple apps in the package.
Change-Id: I4b363a6b0d102bd1df6ed8cce8494c884c8d088a
Krzysztof Jackiewicz [Fri, 24 Apr 2020 13:11:31 +0000 (15:11 +0200)]
Add privilege names
Also add new Privilege ctor to work with char* privilege names.
Change-Id: I8dd79e095bf118eb2f83b94182944a9eef0cfb11
Krzysztof Jackiewicz [Thu, 23 Apr 2020 09:48:12 +0000 (11:48 +0200)]
Add rule file path getters to PolicyConfiguration
Change-Id: If06e8ac749aeec23006ae5bd6d78b1658f13031e
Krzysztof Jackiewicz [Tue, 31 Mar 2020 20:18:36 +0000 (22:18 +0200)]
Remove unused shared ro template
Change-Id: Ifd8f21e347934318edee10d9abc508ee902213df
Krzysztof Jackiewicz [Fri, 3 Apr 2020 20:11:49 +0000 (22:11 +0200)]
Avoid appId and pkgId copying in AppInstallHelper
Change-Id: Ief63d53563143a18358b435a374685c9317ecbd7
Krzysztof Jackiewicz [Fri, 3 Apr 2020 20:00:22 +0000 (22:00 +0200)]
Add ScopedAppLauncher
Needed to check smack rules while app is running
Change-Id: I6ef63fc76dd27fb6119245541dc2fd9544ff98fe
Krzysztof Jackiewicz [Thu, 2 Apr 2020 12:41:59 +0000 (14:41 +0200)]
Replace magic policy level strings with constexpr
Change-Id: Ia539ec68d641448a8d84e175eb8efe2e888e6671
Tomasz Swierczek [Thu, 16 Jan 2020 09:04:46 +0000 (10:04 +0100)]
Fix nss tests
Adjusted to new nss implementation where daemon set of groups
is always static.
Change-Id: I50974b1cce07b1ca77d0b42118042ae0210631fa
Dariusz Michaluk [Wed, 22 Jan 2020 15:50:05 +0000 (16:50 +0100)]
Merge branch 'tizen' into security-manager
Change-Id: I6fb4dea8149fcd280c42a997c8f36ee8f8795e6f
Dariusz Michaluk [Mon, 20 Jan 2020 12:31:07 +0000 (13:31 +0100)]
CKM: Update Microsoft certificates
Change-Id: I1607f3be5179323bc50ba7d7806475637f70e5f7
Dariusz Michaluk [Wed, 22 Jan 2020 15:19:26 +0000 (16:19 +0100)]
Revert assert removed in
6ee70830c0
Change-Id: I68e768e2f28f53bfc1984a4e41a7d1795fbe54ee
Konrad Lipinski [Wed, 22 Jan 2020 15:04:50 +0000 (16:04 +0100)]
cynara-tests: replace select w/ poll
Change-Id: If7cf3efec5d0a38a6467a1dbea962c80820c6cd5
Dariusz Michaluk [Wed, 22 Jan 2020 12:48:09 +0000 (13:48 +0100)]
Fix for gcc 9 toolchain upgrade
Change-Id: I96c36e41b2048337faee2d683d1ffe9f44f91be2
Dariusz Michaluk [Wed, 22 Jan 2020 12:28:51 +0000 (13:28 +0100)]
Merge branch 'ode' into tizen
Change-Id: I22e1736002482934b4a8f85c8eb6303ae02abfc6
Dariusz Michaluk [Wed, 22 Jan 2020 12:24:42 +0000 (13:24 +0100)]
Merge branch 'nether' into tizen
Change-Id: If0dd79ca73bc75b14666067a8a11afd2680f7931
Dariusz Michaluk [Wed, 22 Jan 2020 12:18:47 +0000 (13:18 +0100)]
Merge branch 'yaca' into tizen
Change-Id: I240f8551fa276fe600dca2d1f098ddc636a9f905
Dariusz Michaluk [Wed, 22 Jan 2020 12:17:02 +0000 (13:17 +0100)]
Merge branch 'ckm' into tizen
Change-Id: Iac9d5cc6393e8598a33c783aabff77006046b187
Dariusz Michaluk [Wed, 22 Jan 2020 11:53:48 +0000 (12:53 +0100)]
Merge branch 'security-manager' into tizen
Change-Id: I84d015537ad379d56d5d897dfe180080d5b6a687
Tomasz Swierczek [Wed, 22 Jan 2020 06:11:29 +0000 (07:11 +0100)]
Fix for gcc 9 toochain upgrade
Change-Id: If7f8f1e4a00267661ebb66f53111eed9a3ed1460
Konrad Lipinski [Wed, 15 Jan 2020 16:10:36 +0000 (17:10 +0100)]
Add prepareApp benchmark
Change-Id: Ia489e00a7ea6720191812d7a31a4e8d856d397e8
Zofia Grzelewska [Tue, 10 Dec 2019 14:11:27 +0000 (15:11 +0100)]
Fix shared_ro tests
Properly setup application context, before checking access
to sharedRO/nonSharedRO directories to apply mount namespaces.
Change-Id: Ied891a1cad6ad82402a995f5fc210a23fa1c09d9
Konrad Lipinski [Tue, 1 Oct 2019 13:09:16 +0000 (15:09 +0200)]
CKM: Test asymmetric key initial value import
Change-Id: I48a977ee84602ab71b9889e39e79a004811f5f48
Krzysztof Jackiewicz [Fri, 27 Sep 2019 10:41:38 +0000 (12:41 +0200)]
Add missing break in TestRunner
In a highly unlikey case of throwing the RUNNER_IGNORED_MSG during the test
finishing stage, after the SafeCleanup collected some exception handling
errors, these errors would be added to the ignore message.
Change-Id: I1aeedb46bf98b8300223a26c312abf98d63ca838
Krzysztof Jackiewicz [Wed, 18 Sep 2019 13:12:09 +0000 (15:12 +0200)]
Merge branch 'tizen' into 'ckm'
Change-Id: If83694b3e0cd759296da5b920ec0adb50dcc54c2
Alicja Kluczek [Thu, 4 Jul 2019 10:57:32 +0000 (12:57 +0200)]
Add SM test covering hybridity upgrade
Add functionality checking if there aren't any rules related
to app in Smack rules file (both for hybrid and non-hybrid package).
Apply above functionality every time when checking if
whole package has been uninstalled properly.
Add a test checking if Smack rules were properly deleted
after uninstall.
Change-Id: Ia638f478dc007a4ef42fe32e01a282dd960d50d7
Alicja Kluczek [Thu, 4 Jul 2019 10:57:32 +0000 (12:57 +0200)]
Add SM tests covering many apps in single request
Add tests covering installation & updating many apps in single request.
Add a function checking if an app has proper Smack policy.
Add a function parsing smack rules template files.
Add a function creating a new app in InstallRequest class.
Modify ScopedInstaller class for many apps in single request
compatibility.
Change-Id: I35bb9757f54b111629d45b1769ca4e53ccccd017
Tomasz Swierczek [Fri, 23 Aug 2019 06:51:07 +0000 (08:51 +0200)]
Adjust prepareApp to use new API that sets up context for candidate process
Change-Id: Ia0eb474cc21392aaf677b3e434903ed286094d30
Dariusz Michaluk [Thu, 18 Jul 2019 15:10:21 +0000 (17:10 +0200)]
Fix T9050_yaca_rsa_encryption_paddings test
Change-Id: I2ae963ff203bff72e49a7d1c167695dbeb50ec19
Krzysztof Jackiewicz [Fri, 28 Jun 2019 16:00:22 +0000 (18:00 +0200)]
Stop ode.socket together with ode.service
Oded became socket activated. To test the connection refusal the
socket has to be put down as well.
Change-Id: Ifec50d1198ceeee7e5ac131715cbd8ca642427e5
Krzysztof Jackiewicz [Wed, 17 Jul 2019 08:52:17 +0000 (10:52 +0200)]
Merge branch 'tizen' into 'ode'
Change-Id: Ia15ecf4c082ffcf5dae47586fda10f7f48bab99c
Krzysztof Jackiewicz [Fri, 12 Jul 2019 14:45:54 +0000 (16:45 +0200)]
Start sockets before starting the service
Change-Id: I154c3e208bac37aec7d80156a3623909c00ac891
Krzysztof Jackiewicz [Wed, 3 Jul 2019 08:06:58 +0000 (10:06 +0200)]
CKM: Handle onlycap even if trailing space is missing
Change-Id: I45ee1a7f244662f80ec8eeaaf8141e1b4a52ad2c
Krzysztof Jackiewicz [Thu, 11 Jul 2019 16:10:40 +0000 (18:10 +0200)]
CKM: Update certificates for OCSP tests
Change-Id: I1328e86de02a351f4c6f588685212dd1bb429bc1
Konrad Lipinski [Wed, 29 May 2019 14:02:36 +0000 (16:02 +0200)]
Migrate to openssl 1.1
Change-Id: I5f63e3dfda3d5d4f007dd27d0faf41f3976aaebe
Krzysztof Jackiewicz [Fri, 28 Jun 2019 10:22:39 +0000 (12:22 +0200)]
CKM: Add buildtime requirement for openssl
Openssl is needed to perform buildtime encryption for TZ.
Change-Id: If5bdefa32dfd0ed26ea9f9e2318d8dc18a43677c
Krzysztof Jackiewicz [Fri, 28 Jun 2019 10:15:15 +0000 (12:15 +0200)]
CKM: Return proper error code from EIV encryption script
The encryption script did not report an error if one of pipelined
commands failed.
Add few bash options that will make the script fail with proper error
code in such cases.
Change-Id: I47a9739af93f07d2cb0e20f22087a2c182de6835
Krzysztof Jackiewicz [Fri, 28 Jun 2019 09:39:32 +0000 (11:39 +0200)]
CKM: Handle the empty onlycap case properly
In case of empty onlycap the original process label was not restored
properly leading to failures in following tests.
Change-Id: I9e4cdce234b425887da07892773f21465087c4a6
Krzysztof Jackiewicz [Thu, 13 Jun 2019 14:45:15 +0000 (16:45 +0200)]
CKM: Adjust T1810_verify_get_certificate_chain to openssl1.1
Since openssl1.1 all certificates in the chain (including trusted
ones) must include a 'basicConstrains' extension with 'CA' field set
to 'true'. Without that the verification will fail with
X509_V_ERR_INVALID_CA.
This commit recreates the chain of certificates used in T1810 with the
required extension included and updates related tests.
Change-Id: I6d2e9348a2ae6618103749d83e46a433608e65c3
Dariusz Michaluk [Thu, 6 Jun 2019 11:33:21 +0000 (13:33 +0200)]
Merge branch 'tizen' into ode
Change-Id: Ic562abbef0de256d5f0f0697709de296d7d8c986
Dariusz Michaluk [Thu, 6 Jun 2019 11:20:29 +0000 (13:20 +0200)]
Merge branch 'tizen' into yaca
Change-Id: Ia99b4501adeb3cc939ad9c146026c8ace247fd6d
Tomasz Swierczek [Tue, 4 Jun 2019 07:09:38 +0000 (09:09 +0200)]
Add UTC test cases to security-tests for alias listing APIs
These tests are needed to cover the ckmc layer for new APIs.
Change-Id: I816a02e0f54ed70982facfe125fd4264e615c673
Tomasz Swierczek [Fri, 31 May 2019 12:16:48 +0000 (14:16 +0200)]
Merge branch 'tizen' into ckm
Change-Id: Icec8c73670c995d05324b91a6c86088037acb75f
Krzysztof Jackiewicz [Thu, 9 May 2019 12:03:23 +0000 (14:03 +0200)]
Flush tests stdout
Tests output is displayed in batches making it difficult to observe
the progress. This commit introduces flushing the stdout after every
printf to overcome the problem.
Change-Id: I84174a15e7bf797080b4f830fe5adaa3e48f6b26
Krzysztof Jackiewicz [Fri, 17 May 2019 12:55:18 +0000 (14:55 +0200)]
CKM: Remove ECDSA nohash tests
Hash algorithm is required for DSA and ECDSA. Tests have been
adjusted.
Change-Id: I9bc1d6dbfbcd876685de1c128f001c0644882235
Krzysztof Jackiewicz [Thu, 16 May 2019 14:09:13 +0000 (16:09 +0200)]
CKM: Fix big data tests on both backends
C API does not provide a possibility to enforce the backend. If TZ
backend is enabled in key-manager it will be used for storing big
data. TZ backend has size limitations and so the
5000000B buffer can't
be used. Add a test for big data using C++ API that allows backend
selection.
Change-Id: Id73dcdc9bfb6c02eedd32fc4c6d5637172dd3c52
Krzysztof Jackiewicz [Thu, 4 Apr 2019 14:58:27 +0000 (16:58 +0200)]
CKM: Add sign/verify test for both backends
Add a generic signing/verification test runnable on both backends.
Change-Id: Ia0b646fd8cf1b256e82a5f12abf6c0940fca3c64
Krzysztof Jackiewicz [Wed, 27 Mar 2019 13:39:07 +0000 (14:39 +0100)]
CKM: Adjust GCM tag len tests to GP
According to GP API spec the shortest supported GCM tag length is 96
bits. Software backend allows shorter tags.
Expect error in case of tags shorter than 96 in TZ mode.
Change-Id: I3d716ab57670c735470c78069fb620edccc84daf
Krzysztof Jackiewicz [Wed, 27 Mar 2019 11:29:24 +0000 (12:29 +0100)]
CKM: Reduce big data size in TZ tests
The CFB big data encryption takes more than 20 minutes on TZ backend crossing
the key-manager's socket timeout as well as async API timeout and dramatically
extending the test duration. The reason is that CFB is not supported by GP API
and is implemented using multiple ECB encryption requests which takes a lot of
time.
Make big data size in TZ tests smaller.
Change-Id: Id02f5e49f18e1cdb18a245714fb4b79aeea93db8
Krzysztof Jackiewicz [Thu, 21 Mar 2019 16:23:05 +0000 (17:23 +0100)]
CKM: Remove all keys after encryption group is finished
Removal of user's data removes only the rich OS database leaving objects created
by TA in secure OS storage. Objects have to be removed explicitly one by one.
Change-Id: I88053b7cd3638a0a168d925a4e903343833ed0bf
Krzysztof Jackiewicz [Thu, 21 Mar 2019 09:21:38 +0000 (10:21 +0100)]
CKM: Make encryption tests runnable on both backends
Depending on the TZ_BACKEND define the encryption tests will be executed on SW
or TZ backend. Tests need to be adjusted to properly work in both cases.
Change-Id: Ib59553faa0bb70958a71ea965cefd469cc5a8ef7
Krzysztof Jackiewicz [Wed, 20 Mar 2019 14:23:46 +0000 (15:23 +0100)]
CKM: Remove CBC from integrity tests
In case of CBC the tests that uses different key to decrypt the data may pass of
fail depending on the padding scheme and input data length. In other words, we
should not expect the CBC to fail if wrong key is used, yet in many cases it
does fail.
Change-Id: Ib213544b6349433c15346eb422cdbeea4f074544
Krzysztof Jackiewicz [Tue, 19 Mar 2019 10:38:27 +0000 (11:38 +0100)]
CKM: Prepare db & keys once per encryption group
Database initialzation & cleanup (unlock, data removal) are only performed once
per encryption decryption test group.
Key generation in encryption decryption test group takes a lot of
time. Initialize the keys once for the group and reuse them.
Change-Id: Ibde172b4c3cfe4382c43302034aa1ee52d1355f6
Krzysztof Jackiewicz [Thu, 4 Apr 2019 15:02:26 +0000 (17:02 +0200)]
Merge branch 'tizen' into 'ckm'
Change-Id: I187b2765fb572bc7a1963afb18794356b87305aa
Krzysztof Jackiewicz [Mon, 18 Mar 2019 17:08:06 +0000 (18:08 +0100)]
Add group init/cleanup functionality
Add possibility to launch an initialization and cleanup function before and
after a specific group of tests.
Disclaimer: this commit is supposed to quickly add necessary functionality
without making things worse. It does not cover any possible fixes of existing
code.
Change-Id: I7512ae77b7193f61e2dc5f72132a815c5d1da751
Krzysztof Jackiewicz [Wed, 27 Mar 2019 12:40:28 +0000 (13:40 +0100)]
CKM: Replace facebook certificate with microsoft one
Facebook certificate has expired. New one will expire in June. To avoid frequent
updates it has been replaced with MS certificate which is valid much longer.
Change-Id: I455485be19e0114d49ed5cca2f9095d77a179b02
Tomasz Swierczek [Thu, 14 Mar 2019 07:35:36 +0000 (08:35 +0100)]
CKM: fix T3045_save_big_data_C_API test on TZ-backend
TZ backend could possibly support less data in one chunk than data used
in the test; since ckmc API doesn't support setting backend, so in the test,
the size of data varies depending whether the code is compiled with "tz_backend" flag.
Change-Id: Ibd420d1fff67085cb809970b2596e01f992786f3
Krzysztof Jackiewicz [Tue, 4 Dec 2018 12:39:47 +0000 (13:39 +0100)]
CKM: Update old initial values tests
With introduction of support for initial values (including encrypted
ones) in key manager's TZ backend the xml scheme and the encryption
scheme has been changed. Also the SW backend does not handle encrypted
initial values. As a result the existing tests for initial values
started to fail.
To make them work again the following changes are introduced:
- Use version 2 in test xml files.
- Remove all code, files and xml elements related to encrypted initial
values from old tests (T6001-T6999).
- Enable old initial values tests in an environment with no TZ support.
- Add a TODO list for initial values tests.
Change-Id: I1f9cb80b6080f628e2058c9165dfd424b0ad44d1
Krzysztof Jackiewicz [Fri, 1 Mar 2019 11:06:18 +0000 (12:06 +0100)]
Fix empty argument issue in security-tests-all.sh
If --noignored option is used in security-tests-all.sh an empty argument is
passed to security-tests.sh which causes an error.
Refactor security test scripts to avoid empty arguments.
Change-Id: Iedfe0d35a096334ec070167c870de2db01d64607
Krzysztof Jackiewicz [Fri, 1 Mar 2019 11:12:34 +0000 (12:12 +0100)]
Generic solution for onlycap issues
Once a process changes its smack label it may be unable to restore the original
one if onlycap is active and the new label is not in onlycap.
This commit provides a single class for handling process relabeling. The class
is able to restore the original process label even if onlycap is active. To do
so it stores the original onlycap value and original process label. The new
label is appended to current onlycap. When class is destroyed the old label and
old onlycap content is restored.
The drawback of this solution is that the relabeled process effectively gets
CAP_MAC_ADMIN.
The script for running ckm tests on onlycap has been removed.
All tests that do not directly test smack_set_label_for_self() use the new class
for process relabeling.
Change-Id: I0dda65fbd392f1b09061349061bdaf634efd9093
Krzysztof Jackiewicz [Mon, 4 Mar 2019 09:13:17 +0000 (10:13 +0100)]
Merge branches 'ckm', 'security-manager' and 'cynara' into 'tizen'
This merge is necessary to introduce common changes to onlycap handling in a
following commit.
Change-Id: I78a26f9d4820067fca2f0bcc2ab7ce96f5d4e4e4
Krzysztof Jackiewicz [Thu, 28 Feb 2019 13:04:19 +0000 (14:04 +0100)]
CKM: Use proper application label prefix
Change-Id: I52452360de85dd550384ec109a4083ec4e6ff489
Tomasz Swierczek [Wed, 20 Feb 2019 09:28:40 +0000 (10:28 +0100)]
Replace CKMErrorToString with APICodeToString
CKMErrorToString is not needed as key-manager just gained
almost exactly the same functionality in its ckm-error.h file.
Change-Id: I4150246e4779b7ec4a03e43eef38ec5593159f8e
Ernest Borowski [Fri, 23 Feb 2018 13:38:41 +0000 (14:38 +0100)]
CKM: Add tests for new API: list alias with information about password protection
Change-Id: Iae18e91e1a3335cd5ca55811d0edbfd98eee59c6
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
Monika Zielinska [Wed, 31 Oct 2018 08:44:45 +0000 (09:44 +0100)]
Add sd-bus cynara API tests
Change-Id: Ice5413156be6bd239be0898a5577b7f9ad6efcf7
Krzysztof Jackiewicz [Mon, 29 Oct 2018 15:54:27 +0000 (16:54 +0100)]
CKM: Extend encrypted initial values test
- Make it independent from other tests by adding initial values xml preparation,
key-manager restart and db cleanup.
- Generate initial values at build time using ckm_initial_values tool.
- Install the tested xml file in test directory and copy it to initial values
dir during the test instead of installing it there directly.
- Encrypt the test data using openssl and the same key that is passed as initial
value during compilation instead of hardcoding the encryption results.
- Add build time dependency to util-linux to be able to use hexdump.
- Add build time dependency to key-manager-initial-values to be able to run the
tool.
Change-Id: I7fe4be6a3493860244ac1cc1c0bb0dace5109a04
Pawel Kowalski [Wed, 28 Nov 2018 10:51:13 +0000 (11:51 +0100)]
Add gbs option to enable the TZ backend support
To enable the TZ backend support add following option to the gbs build:
--define "tz_backend ON". If the option is not set or is set to value
different than ON, the TZ backend support is disabled (it is disabled by
default).
When the TZ backend is disabled, some tests (T6* and T7*) are not built.
The same option has been added to the key-manager (branch tizen).
The key-manager-ta requires the following gbs option for these tests to
work properly: --define "test_key ON".
Change-Id: If1c27d8ae556f6882f65c4ace8bb4c1759656893
Bartlomiej Grzelewski [Wed, 10 Oct 2018 13:02:46 +0000 (15:02 +0200)]
Encrypted initial values test
To use this test you must:
* turn on tz_backend_enabled value in key-manager spec file
* turn on attach_test_key value in key-manager-ta spec file
* restart central-key-manager after security-tests installation
Change-Id: I2238bbc886fa33d6cad2f155f122a30cf35404b5
Pawel Kowalski [Mon, 25 Jun 2018 11:38:33 +0000 (13:38 +0200)]
ODE API negative tests: internal encryption
Change-Id: I4e342049e268bd17ed4367a1e998d38b0aa8b8ba
Dariusz Michaluk [Fri, 14 Sep 2018 10:31:51 +0000 (12:31 +0200)]
Adjust tests to security-manager changes
This commit fix tests after introducing below change:
https://review.tizen.org/gerrit/#/c/186449
Change-Id: I362e7fb774246f632f1c5d5ce6cca937b9703aae
Dariusz Michaluk [Wed, 19 Sep 2018 11:48:13 +0000 (13:48 +0200)]
Workaround failed tests after privilege-checker changes
This ugly commit temporarily workaround failed tests after introducing below change:
https://review.tizen.org/gerrit/#/c/174356/
In the future, this can be replaced probably by pkgmgr-info API:
pkgmgr_parser_process_usr_manifest_x_for_installation(manifest_x* mfx, uid_t uid);
pkgmgr_parser_process_usr_manifest_x_for_uninstallation(manifest_x* mfx, uid_t uid);
Change-Id: Ia0b48c090073388bced0029aeb7180609a0798dc
Konrad Lipinski [Mon, 9 Jul 2018 12:47:04 +0000 (14:47 +0200)]
Drop TemporaryTestUser copy constructor
Change-Id: Ic0dddc554c809d7d4d46f49cfe51d42a4793b359
Konrad Lipinski [Fri, 6 Jul 2018 11:04:54 +0000 (13:04 +0200)]
Make spec compliant with gbs --incremental
According to [1], %prep section of the spec file should contain a single
%setup macro, nothing else. According to [2], manifest files are best
copied to %{buildroot}%{_datadir} in the %install section.
Moved manifest copy operations from %prep to %install accordingly.
References
[1] https://source.tizen.org/documentation/reference/git-build-system/usage/gbs-build
[2] https://wiki.tizen.org/Security/Application_installation_and_Manifest
Change-Id: I9e7385bf6074346f3fd401b7bc9af878c0825fbf
Pawel Kowalski [Tue, 30 Jan 2018 13:07:02 +0000 (14:07 +0100)]
ODE API negative tests: keys
Change-Id: I7fc7d6dc987aa94ae39657c728a6ac7394ae03de
Tomasz Swierczek [Thu, 21 Jun 2018 08:05:38 +0000 (10:05 +0200)]
Add test to check if hybrid app is properly uninstalled
Change-Id: Iaf26ee386ca09294ef6a38683ef3d8aa3b76f3d6
Pawel Kowalski [Mon, 28 May 2018 07:45:39 +0000 (09:45 +0200)]
Merge remote-tracking branch 'origin/tizen' into ode
Change-Id: I50afe029d7b1dc04d8c77fb648ab923c7a41aee7
akoszewski [Fri, 20 Apr 2018 14:59:35 +0000 (16:59 +0200)]
Make cynara-test do not require partition RW remount
Change-Id: I988b4de06217fd5a34548e1efb5a609baa859cc6
Pawel Kowalski [Thu, 24 May 2018 08:57:15 +0000 (10:57 +0200)]
Fix typo in the test group name
Change-Id: Icec1b57f92f390cf1f18c3dd8352de60a829eb22
Dariusz Michaluk [Wed, 16 May 2018 10:23:33 +0000 (12:23 +0200)]
Adjust tests to security-manager API changes
Change-Id: I807e00c96a22a5aed06dcebddc5402ff0b696d2c
Dariusz Michaluk [Mon, 7 May 2018 09:36:08 +0000 (11:36 +0200)]
Merge branch 'tizen' into cynara
Change-Id: I64b5d9579b92d7f09dd62979b7ed6e0f9c0d5f1f
Dariusz Michaluk [Mon, 7 May 2018 09:10:44 +0000 (11:10 +0200)]
Merge branch 'tizen' into nether
Change-Id: Ibbe2fd16bc7f4576d27bae7e9a1893d8ec04dc91
Dariusz Michaluk [Mon, 7 May 2018 08:48:29 +0000 (10:48 +0200)]
Merge branch 'tizen' into security-manager
Change-Id: I8aff6f1193ac928ed36593d5f2e3f560ccfb6da6
Dariusz Michaluk [Mon, 7 May 2018 08:43:23 +0000 (10:43 +0200)]
Merge branch 'tizen' into yaca
Change-Id: I66c4ba82d00193ad53841d36d8559fa438771305
Dariusz Michaluk [Mon, 7 May 2018 08:37:26 +0000 (10:37 +0200)]
Merge branch 'ckm' into tizen
Change-Id: I96b738bb76659cbd11a6b110c6173378d476fffd
Pawel Kowalski [Wed, 28 Mar 2018 12:08:59 +0000 (14:08 +0200)]
Adjust tests to allow change of hybrid flag
Change-Id: I37f387e79a07cf1a5b16d673693d01c3932b781b
Dariusz Michaluk [Tue, 10 Apr 2018 11:36:18 +0000 (13:36 +0200)]
Merge branch 'tizen' into nether
Change-Id: If4fdf5a63b6f6c32276f3df577ce7905fd31fd7d
Dariusz Michaluk [Wed, 14 Mar 2018 10:07:32 +0000 (11:07 +0100)]
Add cleanupApp() helper. It should be called after app termination.
Change-Id: I8664aca14bce9f6c7146a68d512ec830d5763942
Dariusz Michaluk [Wed, 7 Mar 2018 14:21:30 +0000 (15:21 +0100)]
Fix: Add openssl build dependency
Change-Id: I392010fe9aec122bb4d829618cf60b7383a780ce