Krzysztof Jackiewicz [Thu, 11 Jul 2019 16:10:40 +0000 (18:10 +0200)]
CKM: Update certificates for OCSP tests
Change-Id: I1328e86de02a351f4c6f588685212dd1bb429bc1
Krzysztof Jackiewicz [Fri, 28 Jun 2019 10:22:39 +0000 (12:22 +0200)]
CKM: Add buildtime requirement for openssl
Openssl is needed to perform buildtime encryption for TZ.
Change-Id: If5bdefa32dfd0ed26ea9f9e2318d8dc18a43677c
Krzysztof Jackiewicz [Fri, 28 Jun 2019 10:15:15 +0000 (12:15 +0200)]
CKM: Return proper error code from EIV encryption script
The encryption script did not report an error if one of pipelined
commands failed.
Add few bash options that will make the script fail with proper error
code in such cases.
Change-Id: I47a9739af93f07d2cb0e20f22087a2c182de6835
Krzysztof Jackiewicz [Fri, 28 Jun 2019 09:39:32 +0000 (11:39 +0200)]
CKM: Handle the empty onlycap case properly
In case of empty onlycap the original process label was not restored
properly leading to failures in following tests.
Change-Id: I9e4cdce234b425887da07892773f21465087c4a6
Krzysztof Jackiewicz [Thu, 13 Jun 2019 14:45:15 +0000 (16:45 +0200)]
CKM: Adjust T1810_verify_get_certificate_chain to openssl1.1
Since openssl1.1 all certificates in the chain (including trusted
ones) must include a 'basicConstrains' extension with 'CA' field set
to 'true'. Without that the verification will fail with
X509_V_ERR_INVALID_CA.
This commit recreates the chain of certificates used in T1810 with the
required extension included and updates related tests.
Change-Id: I6d2e9348a2ae6618103749d83e46a433608e65c3
Tomasz Swierczek [Tue, 4 Jun 2019 07:09:38 +0000 (09:09 +0200)]
Add UTC test cases to security-tests for alias listing APIs
These tests are needed to cover the ckmc layer for new APIs.
Change-Id: I816a02e0f54ed70982facfe125fd4264e615c673
Tomasz Swierczek [Fri, 31 May 2019 12:16:48 +0000 (14:16 +0200)]
Merge branch 'tizen' into ckm
Change-Id: Icec8c73670c995d05324b91a6c86088037acb75f
Krzysztof Jackiewicz [Thu, 9 May 2019 12:03:23 +0000 (14:03 +0200)]
Flush tests stdout
Tests output is displayed in batches making it difficult to observe
the progress. This commit introduces flushing the stdout after every
printf to overcome the problem.
Change-Id: I84174a15e7bf797080b4f830fe5adaa3e48f6b26
Krzysztof Jackiewicz [Fri, 17 May 2019 12:55:18 +0000 (14:55 +0200)]
CKM: Remove ECDSA nohash tests
Hash algorithm is required for DSA and ECDSA. Tests have been
adjusted.
Change-Id: I9bc1d6dbfbcd876685de1c128f001c0644882235
Krzysztof Jackiewicz [Thu, 16 May 2019 14:09:13 +0000 (16:09 +0200)]
CKM: Fix big data tests on both backends
C API does not provide a possibility to enforce the backend. If TZ
backend is enabled in key-manager it will be used for storing big
data. TZ backend has size limitations and so the
5000000B buffer can't
be used. Add a test for big data using C++ API that allows backend
selection.
Change-Id: Id73dcdc9bfb6c02eedd32fc4c6d5637172dd3c52
Krzysztof Jackiewicz [Thu, 4 Apr 2019 14:58:27 +0000 (16:58 +0200)]
CKM: Add sign/verify test for both backends
Add a generic signing/verification test runnable on both backends.
Change-Id: Ia0b646fd8cf1b256e82a5f12abf6c0940fca3c64
Krzysztof Jackiewicz [Wed, 27 Mar 2019 13:39:07 +0000 (14:39 +0100)]
CKM: Adjust GCM tag len tests to GP
According to GP API spec the shortest supported GCM tag length is 96
bits. Software backend allows shorter tags.
Expect error in case of tags shorter than 96 in TZ mode.
Change-Id: I3d716ab57670c735470c78069fb620edccc84daf
Krzysztof Jackiewicz [Wed, 27 Mar 2019 11:29:24 +0000 (12:29 +0100)]
CKM: Reduce big data size in TZ tests
The CFB big data encryption takes more than 20 minutes on TZ backend crossing
the key-manager's socket timeout as well as async API timeout and dramatically
extending the test duration. The reason is that CFB is not supported by GP API
and is implemented using multiple ECB encryption requests which takes a lot of
time.
Make big data size in TZ tests smaller.
Change-Id: Id02f5e49f18e1cdb18a245714fb4b79aeea93db8
Krzysztof Jackiewicz [Thu, 21 Mar 2019 16:23:05 +0000 (17:23 +0100)]
CKM: Remove all keys after encryption group is finished
Removal of user's data removes only the rich OS database leaving objects created
by TA in secure OS storage. Objects have to be removed explicitly one by one.
Change-Id: I88053b7cd3638a0a168d925a4e903343833ed0bf
Krzysztof Jackiewicz [Thu, 21 Mar 2019 09:21:38 +0000 (10:21 +0100)]
CKM: Make encryption tests runnable on both backends
Depending on the TZ_BACKEND define the encryption tests will be executed on SW
or TZ backend. Tests need to be adjusted to properly work in both cases.
Change-Id: Ib59553faa0bb70958a71ea965cefd469cc5a8ef7
Krzysztof Jackiewicz [Wed, 20 Mar 2019 14:23:46 +0000 (15:23 +0100)]
CKM: Remove CBC from integrity tests
In case of CBC the tests that uses different key to decrypt the data may pass of
fail depending on the padding scheme and input data length. In other words, we
should not expect the CBC to fail if wrong key is used, yet in many cases it
does fail.
Change-Id: Ib213544b6349433c15346eb422cdbeea4f074544
Krzysztof Jackiewicz [Tue, 19 Mar 2019 10:38:27 +0000 (11:38 +0100)]
CKM: Prepare db & keys once per encryption group
Database initialzation & cleanup (unlock, data removal) are only performed once
per encryption decryption test group.
Key generation in encryption decryption test group takes a lot of
time. Initialize the keys once for the group and reuse them.
Change-Id: Ibde172b4c3cfe4382c43302034aa1ee52d1355f6
Krzysztof Jackiewicz [Thu, 4 Apr 2019 15:02:26 +0000 (17:02 +0200)]
Merge branch 'tizen' into 'ckm'
Change-Id: I187b2765fb572bc7a1963afb18794356b87305aa
Krzysztof Jackiewicz [Mon, 18 Mar 2019 17:08:06 +0000 (18:08 +0100)]
Add group init/cleanup functionality
Add possibility to launch an initialization and cleanup function before and
after a specific group of tests.
Disclaimer: this commit is supposed to quickly add necessary functionality
without making things worse. It does not cover any possible fixes of existing
code.
Change-Id: I7512ae77b7193f61e2dc5f72132a815c5d1da751
Krzysztof Jackiewicz [Wed, 27 Mar 2019 12:40:28 +0000 (13:40 +0100)]
CKM: Replace facebook certificate with microsoft one
Facebook certificate has expired. New one will expire in June. To avoid frequent
updates it has been replaced with MS certificate which is valid much longer.
Change-Id: I455485be19e0114d49ed5cca2f9095d77a179b02
Tomasz Swierczek [Thu, 14 Mar 2019 07:35:36 +0000 (08:35 +0100)]
CKM: fix T3045_save_big_data_C_API test on TZ-backend
TZ backend could possibly support less data in one chunk than data used
in the test; since ckmc API doesn't support setting backend, so in the test,
the size of data varies depending whether the code is compiled with "tz_backend" flag.
Change-Id: Ibd420d1fff67085cb809970b2596e01f992786f3
Krzysztof Jackiewicz [Tue, 4 Dec 2018 12:39:47 +0000 (13:39 +0100)]
CKM: Update old initial values tests
With introduction of support for initial values (including encrypted
ones) in key manager's TZ backend the xml scheme and the encryption
scheme has been changed. Also the SW backend does not handle encrypted
initial values. As a result the existing tests for initial values
started to fail.
To make them work again the following changes are introduced:
- Use version 2 in test xml files.
- Remove all code, files and xml elements related to encrypted initial
values from old tests (T6001-T6999).
- Enable old initial values tests in an environment with no TZ support.
- Add a TODO list for initial values tests.
Change-Id: I1f9cb80b6080f628e2058c9165dfd424b0ad44d1
Krzysztof Jackiewicz [Fri, 1 Mar 2019 11:06:18 +0000 (12:06 +0100)]
Fix empty argument issue in security-tests-all.sh
If --noignored option is used in security-tests-all.sh an empty argument is
passed to security-tests.sh which causes an error.
Refactor security test scripts to avoid empty arguments.
Change-Id: Iedfe0d35a096334ec070167c870de2db01d64607
Krzysztof Jackiewicz [Fri, 1 Mar 2019 11:12:34 +0000 (12:12 +0100)]
Generic solution for onlycap issues
Once a process changes its smack label it may be unable to restore the original
one if onlycap is active and the new label is not in onlycap.
This commit provides a single class for handling process relabeling. The class
is able to restore the original process label even if onlycap is active. To do
so it stores the original onlycap value and original process label. The new
label is appended to current onlycap. When class is destroyed the old label and
old onlycap content is restored.
The drawback of this solution is that the relabeled process effectively gets
CAP_MAC_ADMIN.
The script for running ckm tests on onlycap has been removed.
All tests that do not directly test smack_set_label_for_self() use the new class
for process relabeling.
Change-Id: I0dda65fbd392f1b09061349061bdaf634efd9093
Krzysztof Jackiewicz [Mon, 4 Mar 2019 09:13:17 +0000 (10:13 +0100)]
Merge branches 'ckm', 'security-manager' and 'cynara' into 'tizen'
This merge is necessary to introduce common changes to onlycap handling in a
following commit.
Change-Id: I78a26f9d4820067fca2f0bcc2ab7ce96f5d4e4e4
Krzysztof Jackiewicz [Thu, 28 Feb 2019 13:04:19 +0000 (14:04 +0100)]
CKM: Use proper application label prefix
Change-Id: I52452360de85dd550384ec109a4083ec4e6ff489
Tomasz Swierczek [Wed, 20 Feb 2019 09:28:40 +0000 (10:28 +0100)]
Replace CKMErrorToString with APICodeToString
CKMErrorToString is not needed as key-manager just gained
almost exactly the same functionality in its ckm-error.h file.
Change-Id: I4150246e4779b7ec4a03e43eef38ec5593159f8e
Ernest Borowski [Fri, 23 Feb 2018 13:38:41 +0000 (14:38 +0100)]
CKM: Add tests for new API: list alias with information about password protection
Change-Id: Iae18e91e1a3335cd5ca55811d0edbfd98eee59c6
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
Monika Zielinska [Wed, 31 Oct 2018 08:44:45 +0000 (09:44 +0100)]
Add sd-bus cynara API tests
Change-Id: Ice5413156be6bd239be0898a5577b7f9ad6efcf7
Krzysztof Jackiewicz [Mon, 29 Oct 2018 15:54:27 +0000 (16:54 +0100)]
CKM: Extend encrypted initial values test
- Make it independent from other tests by adding initial values xml preparation,
key-manager restart and db cleanup.
- Generate initial values at build time using ckm_initial_values tool.
- Install the tested xml file in test directory and copy it to initial values
dir during the test instead of installing it there directly.
- Encrypt the test data using openssl and the same key that is passed as initial
value during compilation instead of hardcoding the encryption results.
- Add build time dependency to util-linux to be able to use hexdump.
- Add build time dependency to key-manager-initial-values to be able to run the
tool.
Change-Id: I7fe4be6a3493860244ac1cc1c0bb0dace5109a04
Pawel Kowalski [Wed, 28 Nov 2018 10:51:13 +0000 (11:51 +0100)]
Add gbs option to enable the TZ backend support
To enable the TZ backend support add following option to the gbs build:
--define "tz_backend ON". If the option is not set or is set to value
different than ON, the TZ backend support is disabled (it is disabled by
default).
When the TZ backend is disabled, some tests (T6* and T7*) are not built.
The same option has been added to the key-manager (branch tizen).
The key-manager-ta requires the following gbs option for these tests to
work properly: --define "test_key ON".
Change-Id: If1c27d8ae556f6882f65c4ace8bb4c1759656893
Bartlomiej Grzelewski [Wed, 10 Oct 2018 13:02:46 +0000 (15:02 +0200)]
Encrypted initial values test
To use this test you must:
* turn on tz_backend_enabled value in key-manager spec file
* turn on attach_test_key value in key-manager-ta spec file
* restart central-key-manager after security-tests installation
Change-Id: I2238bbc886fa33d6cad2f155f122a30cf35404b5
Dariusz Michaluk [Fri, 14 Sep 2018 10:31:51 +0000 (12:31 +0200)]
Adjust tests to security-manager changes
This commit fix tests after introducing below change:
https://review.tizen.org/gerrit/#/c/186449
Change-Id: I362e7fb774246f632f1c5d5ce6cca937b9703aae
Dariusz Michaluk [Wed, 19 Sep 2018 11:48:13 +0000 (13:48 +0200)]
Workaround failed tests after privilege-checker changes
This ugly commit temporarily workaround failed tests after introducing below change:
https://review.tizen.org/gerrit/#/c/174356/
In the future, this can be replaced probably by pkgmgr-info API:
pkgmgr_parser_process_usr_manifest_x_for_installation(manifest_x* mfx, uid_t uid);
pkgmgr_parser_process_usr_manifest_x_for_uninstallation(manifest_x* mfx, uid_t uid);
Change-Id: Ia0b48c090073388bced0029aeb7180609a0798dc
Konrad Lipinski [Mon, 9 Jul 2018 12:47:04 +0000 (14:47 +0200)]
Drop TemporaryTestUser copy constructor
Change-Id: Ic0dddc554c809d7d4d46f49cfe51d42a4793b359
Konrad Lipinski [Fri, 6 Jul 2018 11:04:54 +0000 (13:04 +0200)]
Make spec compliant with gbs --incremental
According to [1], %prep section of the spec file should contain a single
%setup macro, nothing else. According to [2], manifest files are best
copied to %{buildroot}%{_datadir} in the %install section.
Moved manifest copy operations from %prep to %install accordingly.
References
[1] https://source.tizen.org/documentation/reference/git-build-system/usage/gbs-build
[2] https://wiki.tizen.org/Security/Application_installation_and_Manifest
Change-Id: I9e7385bf6074346f3fd401b7bc9af878c0825fbf
Tomasz Swierczek [Thu, 21 Jun 2018 08:05:38 +0000 (10:05 +0200)]
Add test to check if hybrid app is properly uninstalled
Change-Id: Iaf26ee386ca09294ef6a38683ef3d8aa3b76f3d6
akoszewski [Fri, 20 Apr 2018 14:59:35 +0000 (16:59 +0200)]
Make cynara-test do not require partition RW remount
Change-Id: I988b4de06217fd5a34548e1efb5a609baa859cc6
Pawel Kowalski [Thu, 24 May 2018 08:57:15 +0000 (10:57 +0200)]
Fix typo in the test group name
Change-Id: Icec1b57f92f390cf1f18c3dd8352de60a829eb22
Dariusz Michaluk [Wed, 16 May 2018 10:23:33 +0000 (12:23 +0200)]
Adjust tests to security-manager API changes
Change-Id: I807e00c96a22a5aed06dcebddc5402ff0b696d2c
Dariusz Michaluk [Mon, 7 May 2018 09:36:08 +0000 (11:36 +0200)]
Merge branch 'tizen' into cynara
Change-Id: I64b5d9579b92d7f09dd62979b7ed6e0f9c0d5f1f
Dariusz Michaluk [Mon, 7 May 2018 08:48:29 +0000 (10:48 +0200)]
Merge branch 'tizen' into security-manager
Change-Id: I8aff6f1193ac928ed36593d5f2e3f560ccfb6da6
Dariusz Michaluk [Mon, 7 May 2018 08:37:26 +0000 (10:37 +0200)]
Merge branch 'ckm' into tizen
Change-Id: I96b738bb76659cbd11a6b110c6173378d476fffd
Pawel Kowalski [Wed, 28 Mar 2018 12:08:59 +0000 (14:08 +0200)]
Adjust tests to allow change of hybrid flag
Change-Id: I37f387e79a07cf1a5b16d673693d01c3932b781b
Dariusz Michaluk [Wed, 14 Mar 2018 10:07:32 +0000 (11:07 +0100)]
Add cleanupApp() helper. It should be called after app termination.
Change-Id: I8664aca14bce9f6c7146a68d512ec830d5763942
Dariusz Michaluk [Wed, 7 Mar 2018 14:21:30 +0000 (15:21 +0100)]
Fix: Add openssl build dependency
Change-Id: I392010fe9aec122bb4d829618cf60b7383a780ce
Tomasz Swierczek [Thu, 1 Mar 2018 07:27:59 +0000 (08:27 +0100)]
Adjust get_manifest_policy tests to new implementation
New implememtation allows apps to check their own policy.
Change-Id: I2c36054424479f3507e424726e82fa8be8b857f0
Tomasz Åšwierczek [Mon, 29 Jan 2018 05:58:19 +0000 (06:58 +0100)]
Additional test cases for paths check
* SM should accept paths with "./" and "../" in them, it explicitly uses realpath
Change-Id: I099155a23ab5bf2a8b683ccb5e12b64fde783066
Tomasz Swierczek [Fri, 16 Feb 2018 13:13:40 +0000 (14:13 +0100)]
Added tests for security_manager_get_app_manifest_policy() API call
Change-Id: If04e0e560d2c9a6a91b880a754d871edfdc13f08
Krzysztof Jackiewicz [Fri, 9 Feb 2018 13:10:05 +0000 (14:10 +0100)]
CKM: Replace expired Facebook certificate
Change-Id: I35c851c457a82e13ae470b66436f25d1971e2511
Krzysztof Jackiewicz [Fri, 9 Feb 2018 12:18:53 +0000 (13:18 +0100)]
CKM: Check certificate validity before test
When a certificate expires or a systemd date is incorrectly set the certificate
chain tests fail suggesting key-manager failure.
This commit adds a simple certificate validity check before the certificate is
used. If the certificate is not valid the test fails and a clear message is
delivered to the user. Each certificate is validated only once.
Change-Id: I4de5549e49b761472c224f6bb672d512386d398d
Pawel Kowalski [Thu, 26 Oct 2017 11:10:33 +0000 (13:10 +0200)]
Adjust tests to use more detailed error codes
There was no distinction between different types of errors returned
by OpenSSL functions in the CKM. After improvement, in some cases,
INVALID_PARAM is returned instead of generic SERVER_ERROR. Some tests
concerning decryption and encryption had to be adjusted.
Change-Id: I23aee248aa4fbcfe02f878c629c9b8595642e2da
Rafal Krypa [Wed, 17 Jan 2018 17:23:30 +0000 (18:23 +0100)]
security-manager: fix tests related to privacy privileges
When application is registered in security-manager with privileges
that should be set as privacy, it is required to first register the
app in security-privilege-manager. Otherwise, when security-manager
checks if a privilege is privacy, it will always see privileges as
non-privacy.
This patch fixes the following tests:
- security_manager_ap1_app_policy_fetch_for_self
- security_manager_18_privacy_manager_privacy_related_privileges_policy_install_remove
- security_manager_19a_privacy_manager_privacy_related_privileges_policy_hybrid
- security_manager_19b_privacy_manager_privacy_related_privileges_policy_no_hybrid
- security_manager_20_privacy_manager_privacy_related_privileges_policy_admin_check
Change-Id: I34ec671f02a42e175ecbd53c428d17fcee65e909
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Krzysztof Jackiewicz [Thu, 25 Jan 2018 16:02:35 +0000 (17:02 +0100)]
CKM: Prevent running tests as wrong user
Abort if ckm-tests are launched as user != owner
Abort if ckm-privileged-tests are launched as user != root
Update security-tests-all.sh to use proper user
Add ckm-privileged-tests to security-tests.sh
Add missing license boilerplate
Change-Id: Id4929d3c4266e4abe7e8ea89238fe72195b73081
Krzysztof Jackiewicz [Tue, 30 Jan 2018 09:32:42 +0000 (10:32 +0100)]
Remove unnecessary Smack exec labels
Change-Id: Ice7980a4415863acce37ec90dc9aa6edcf34ec9a
Krzysztof Jackiewicz [Fri, 26 Jan 2018 09:32:27 +0000 (10:32 +0100)]
CKM: Restore label & onlycap after privileged tests
Change-Id: I8ee1dee9d8765f804f29de0df090bfa78ab582b6
Dariusz Michaluk [Fri, 26 Jan 2018 11:56:45 +0000 (12:56 +0100)]
Adjust security_manager_101_create_namespace_test
App smack label replace app name.
Change-Id: Icf2bfa9545e28f09fe23df9870092d3f945d47bf
Zofia Abramowska [Fri, 20 Oct 2017 14:51:23 +0000 (16:51 +0200)]
SM : Add tests for external paths of application
Change-Id: If20436654fca450881c8504984ea4501cc4b62b7
Zofia Grzelewska [Fri, 1 Dec 2017 16:21:37 +0000 (17:21 +0100)]
Merge branch 'tizen' into security-manager
Change-Id: If8ea6d9e0dcfbe8bd530f31f262226dd434117a5
Tomasz Swierczek [Wed, 29 Nov 2017 17:59:38 +0000 (18:59 +0100)]
Adjust tests to use proper backends for tests
Change-Id: I979a4285f252c166d56fd08c5a514b78d9460138
Bartlomiej Grzelewski [Thu, 2 Nov 2017 14:14:39 +0000 (15:14 +0100)]
Replace Yahoo certificate with Bing
Yahoo certificate used in test expires.
Bing certificates are valid longer than yahoo ones.
Change-Id: I993b048e118bb6627c789e69511d2861551b4776
Zofia Abramowska [Fri, 20 Oct 2017 14:50:04 +0000 (16:50 +0200)]
Support more types of application paths
Add different root types of application:
EXTENDED and SKEL.
This is connected with places, where application
can put its own files.
Change-Id: I123206ac50d779f8f557067e18b43753101b4c5e
Zofia Abramowska [Fri, 20 Oct 2017 14:12:25 +0000 (16:12 +0200)]
SM : Adjust to new path handling
Error returned when path is outside legal paths application
has changed. Also minor changes in logic resulted in different
error value when wrong uid is passed.
Change-Id: I24db386013cf8c82d511a4311c47701f70349bf6
Dariusz Michaluk [Wed, 2 Aug 2017 10:50:08 +0000 (12:50 +0200)]
Add security_manager_prepare_app() tests
Check app running in mount namespace.
Change-Id: I4577197ea3f10f714c67619e371ebdf75a08979a
Zofia Abramowska [Thu, 19 Oct 2017 16:57:08 +0000 (18:57 +0200)]
Merge branch 'security-manager' into tizen
Change-Id: I59af714f504f23c49c9fd7111afd1d4ff62bbd04
Zofia Abramowska [Thu, 19 Oct 2017 15:43:21 +0000 (17:43 +0200)]
Move scoped installer to commons
Change-Id: Ica11bbb06be6eeecf2377e142b2fb89ef8b82222
Zofia Abramowska [Thu, 19 Oct 2017 15:39:54 +0000 (17:39 +0200)]
Merge branch 'tizen' into security-manager
Change-Id: I3fa314322c8005c432cbdcfca15043d3679622b9
Zofia Abramowska [Thu, 19 Oct 2017 15:35:36 +0000 (17:35 +0200)]
Fix missing dependency to tzplatform-config in commons
Change-Id: Ie898f84c7058a6da76a3ccbb0295db574451489c
Zofia Abramowska [Wed, 18 Oct 2017 14:58:38 +0000 (16:58 +0200)]
Fix multiple definitions of runInChild
security-manager tests and cynara-tests both have
runInChild defined. This should be moved to tests
commons, so there would be no conflict in future.
Change-Id: I28b2ebf1b2d02ccb8a483f741b0a701bf46303b1
Dariusz Michaluk [Tue, 1 Aug 2017 12:31:23 +0000 (14:31 +0200)]
Fix security_manager_100_synchronize_credentials_test.
Launcher security attributes (user, group, capabilities)
should be set before calling security_manager_prepare_app().
Change-Id: I38680bec6873e6b3ac51dbc4c2c2dbadbb62e307
Dariusz Michaluk [Mon, 16 Oct 2017 12:06:52 +0000 (14:06 +0200)]
Fix access to security_test_user directory.
Change-Id: I0fbb57bae137d4d2c7804b9f5151c6a8ff8697a7
Zofia Abramowska [Fri, 13 Oct 2017 15:13:58 +0000 (17:13 +0200)]
Merge branch 'security-manager' into tizen
Change-Id: I4567f7cb3ea9713125ba7afd799aa17d0f634aaf
Zofia Abramowska [Thu, 7 Sep 2017 15:01:49 +0000 (17:01 +0200)]
Move scoped installer to global commons
Change-Id: I9effa1a4cb6669f591d8d6ab7d2c39a1e6a7ba32
Zofia Abramowska [Thu, 7 Sep 2017 14:47:20 +0000 (16:47 +0200)]
Move label generation to global commons
Change-Id: Ic38d65e29394dc5b8e784a8af6b105460e52a259
Tomasz Swierczek [Tue, 5 Sep 2017 12:35:54 +0000 (14:35 +0200)]
Changed returned error code from setPermission
Change-Id: I5d143aa16c2a862f915489ee95de28e10d248330
Dariusz Michaluk [Tue, 8 Aug 2017 11:20:30 +0000 (13:20 +0200)]
Ignore security_manager_shm_open() tests
Tests can be re-enabled after below commit merge.
https://review.tizen.org/gerrit/#/c/103763/
Change-Id: I6a7fd3d5d8aa87df76df63b3a2a7b46df6b0176b
Zofia Abramowska [Tue, 8 Aug 2017 09:13:46 +0000 (11:13 +0200)]
SM : Check if askuser is disabled in app policy tests
Change-Id: I2148b8eccddd561ac2514ab10348b885f2fdc48d
Zofia Abramowska [Tue, 8 Aug 2017 08:13:06 +0000 (10:13 +0200)]
SM : Count privacy privileges in app policy tests
Change-Id: I161a7975237cbec143065dacbbae9a90f8e1d2e5
Dariusz Michaluk [Thu, 27 Jul 2017 07:59:39 +0000 (09:59 +0200)]
Merge branch 'tizen' into ckm
Change-Id: I31f728750c8e888cd439e0d591621aaa20b0a936
Dariusz Michaluk [Thu, 27 Jul 2017 07:55:04 +0000 (09:55 +0200)]
Merge branch 'tizen' into cynara
Change-Id: I0d1857cce0bfb64c4a821da264cb3e01ea8be3dc
Dariusz Michaluk [Thu, 27 Jul 2017 07:48:57 +0000 (09:48 +0200)]
Merge branch 'security-manager' into tizen
Change-Id: I0c4c3d88c5a267aa1bbad3b0a9882abf5d256d25
Zofia Abramowska [Tue, 4 Jul 2017 13:16:46 +0000 (15:16 +0200)]
Add tests for app fetching it's own policy
Change-Id: I3428d9d47f30de5fb38e7d56eac8988d88cb902a
Krzysztof Jackiewicz [Tue, 4 Jul 2017 09:45:36 +0000 (11:45 +0200)]
CKM: Test for different sign/verify params
Test valid and invalid combinations of padding, hash function and message
length for functions ckmc_create_signature and ckmc_verify_signature.
Change-Id: I2133c3cb8996c5280b33230040959fa430d1b528
Rafal Krypa [Fri, 7 Jul 2017 15:41:37 +0000 (17:41 +0200)]
security-manager: adapt to new API of security_manager_groups_get()
Function security_manager_groups_get() now returns array of gid_t instead
of array of strings.
Function security_manager_groups_free() has been dropped, group arrays
are now freed by plain free().
Change-Id: If7dc713d75f9cf0e7ff03b6b388bb9006512fe54
Zofia Abramowska [Tue, 4 Jul 2017 13:17:16 +0000 (15:17 +0200)]
Fix missing includes from test_runner
Change-Id: I6d2ee7ba2825132f338e6d349fcc4ab17a727b2c
Dariusz Michaluk [Fri, 16 Jun 2017 14:36:48 +0000 (16:36 +0200)]
Include pkg_id in certificate CN entry
Add test to verify stolen certificate.
Change-Id: Iab128a7d0a08f3215395f7182299ea28a70f8f74
Bartlomiej Grzelewski [Mon, 5 Jun 2017 16:27:41 +0000 (18:27 +0200)]
Check returned code if data were not found
Security-manager should inform client with code
SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT that data
were not found.
Change-Id: I821880eb96e78d16db4a3ce455021dda20053043
Bartlomiej Grzelewski [Thu, 1 Jun 2017 13:56:24 +0000 (15:56 +0200)]
Local application always hides global one
Change-Id: I90ff98da6e41dab6522f97f03bd46803fb0b26a3
Bartlomiej Grzelewski [Tue, 30 May 2017 18:10:06 +0000 (20:10 +0200)]
Add additional parameter to security_manager_get_client_privilege_license
Change-Id: I1151db20ad44ae64a5312d8307404cc2f7fa3b57
Dariusz Michaluk [Mon, 22 May 2017 15:29:33 +0000 (17:29 +0200)]
Adjust app defined privileges tests to license-manager changes
Change-Id: I3b478b4e418e3df46e194cd13ec9524a57ab1d13
Bartlomiej Grzelewski [Wed, 17 May 2017 09:49:01 +0000 (11:49 +0200)]
Merge remote-tracking branch 'tizen/appdefined' into security-manager
Change-Id: I022e5423a4755cb4d25ab909c436a4121a54175a
Piotr Sawicki [Wed, 17 May 2017 08:09:38 +0000 (10:09 +0200)]
Merge branch 'tizen' into ckm
Change-Id: Ia41b08bee4b8f23f8e6dbf50f6fae1baf38eeb65
Dariusz Michaluk [Mon, 15 May 2017 13:58:18 +0000 (15:58 +0200)]
Test app defined privilege collision with system privileges
Change-Id: I17c140ed20acf2f66d00031eca257cfd0be8c9d9
Bartlomiej Grzelewski [Mon, 15 May 2017 15:07:41 +0000 (17:07 +0200)]
Replace std::string with Privilege class
New privileges (LICENSED/UNTRUSTED) needs to store
addtional information. Using pair of privilege and
license started to be confusing and requires a lot
of conversions. Privilege hides additional information
inside class that makes test more readable.
Change-Id: Ie5fd90e1a8077b7de1521ab1702905d7c7281eb2
Radoslaw Bartosiak [Wed, 10 May 2017 16:34:43 +0000 (18:34 +0200)]
Fix failing tc03_cynara_check_invalid_params test
Removed initialization of std::string from nullptr (undefined behaviour)
by function overloading - new version takes const char* args.
Change-Id: I62d3c0b00dcfba6fe2f1acb1e752dae5f4dca961
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Wed, 10 May 2017 14:03:42 +0000 (16:03 +0200)]
Fix and update manifest file
- Remove setting exec_label for removed files:
-- /usr/bin/tests-summary.sh
- Fix file name in the manifest (cynara-test)
- Replace the exec_label "_" with "System:::Privileged"
- Add exec_label "System::Privileged" for yaca-test
- Put files in both groups in alphabetical order
Change-Id: I61a48bfe5dc536c2e49b59e77f78cbadb5dc8748
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Dariusz Michaluk [Fri, 12 May 2017 07:22:24 +0000 (09:22 +0200)]
Add security_manager_get_client_privilege_license() tests
Change-Id: I4270f58a8731010593c097252370b98200798edf
Dariusz Michaluk [Thu, 11 May 2017 11:28:46 +0000 (13:28 +0200)]
Add security_manager_get_app_defined_privilege_license() tests
Change-Id: I06dd2f8f0b6d8f501e69f7fa7c4289f07bd895c3
Dariusz Michaluk [Mon, 8 May 2017 17:24:45 +0000 (19:24 +0200)]
Adjust tests to API change
Change-Id: I80bf8674e371793af0ba28db57e35bb10e69520f
Bartlomiej Grzelewski [Mon, 24 Apr 2017 16:20:32 +0000 (18:20 +0200)]
Merge remote-tracking branch 'tizen/security-manager' into appdefined
Change-Id: I430ce5badf02a457c2f1dac9b3871d6e2ae3c65c