platform/core/test/security-tests.git
10 years agoFix potential segfaults if assert won't throw 79/30279/5
Lukasz Wojciechowski [Thu, 13 Nov 2014 14:02:23 +0000 (15:02 +0100)]
Fix potential segfaults if assert won't throw

Prepare code for assertions that won't throw an exception even if
condition check fails. Such situation can happen, when when exception
would have been thrown during stack unwinding after another exception.

Change-Id: Icb44b0e5e51bcb9b7f23fcc270d2e60eab4ecc1e

10 years agoMake StatusMonitor::getStatus() always return value 91/29791/4
Lukasz Wojciechowski [Tue, 4 Nov 2014 10:31:33 +0000 (11:31 +0100)]
Make StatusMonitor::getStatus() always return value

Bug fix. Not all paths returned a value. RUNNER_FAIL_MSG may avoid
throwing e.g. when not in test.

Change-Id: Ief39fcc83ab3828f2e7d71682927e30140c1e191

10 years agoMove string consts to corresponding test commons 10/31110/3
Pawel Wieczorek [Mon, 17 Nov 2014 13:07:20 +0000 (14:07 +0100)]
Move string consts to corresponding test commons

New member has been added:
* SERVICE (in CynaraTestConsts, for D-Bus)

Change-Id: I6963cbbf9b57380447b764ae0f3b09ec2795ff9f

10 years agoCreate cynara_db_tests group 09/31109/2
Pawel Wieczorek [Mon, 1 Dec 2014 12:19:55 +0000 (13:19 +0100)]
Create cynara_db_tests group

Create an empty test group for database integrity tests.

Change-Id: I065ea1c0d6ee7318f8e3a2be878867695a5ebfc7

10 years agoMove files_compare() function to test commons 13/30713/3
Pawel Wieczorek [Mon, 8 Sep 2014 14:23:58 +0000 (16:23 +0200)]
Move files_compare() function to test commons

Function files_compare() from tests for libsmack can be used in other
tests as well. It is now accessible outside libsmack tests.

Change-Id: Ic56b4aff4c4170e24b5cfb2754e2ef4aed4cf541

10 years agoAdd support for empty files to files_compare() 07/31107/1
Pawel Wieczorek [Mon, 1 Dec 2014 11:02:13 +0000 (12:02 +0100)]
Add support for empty files to files_compare()

This patch modifies approach to return values. It returns an integer
less than, equal to, or greater than zero if fd1 is found, respectively,
to be less than, to match, or be greater than fd2.

Change-Id: I9402a19a3280023ee87524cccdec36fafe52b75b

10 years agoMerge branch 'tizen' into cynara 35/30735/1
Marcin Niesluchowski [Mon, 24 Nov 2014 17:44:39 +0000 (18:44 +0100)]
Merge branch 'tizen' into cynara

Change-Id: I4914064a6a5e309decea74043195e91424cb9141

10 years agoPrevent running cynara service by masking 26/30726/2
Lukasz Wojciechowski [Mon, 24 Nov 2014 11:33:25 +0000 (12:33 +0100)]
Prevent running cynara service by masking

Before and after each testcase CynaraTestEnv runs code, that
saves and restores cynara's database. Cynara service is stopped
for that time, however it can be socket-activated and start during
critical moment of database modification.
To prevent such situation cynara is masked for critical sections.

Change-Id: I2dba7f9985121d92a2bb2ffd6318ec922022979c

10 years agoAdd methods for masking and unmasking service 25/30725/2
Lukasz Wojciechowski [Mon, 24 Nov 2014 05:30:20 +0000 (06:30 +0100)]
Add methods for masking and unmasking service

Masking a service prevents the service from being started.
Unmasking allows to start service again. Both of these operations
are implemented to affect service only till device reboot.
Masking and unmasking service needs reloading configuration
of dbus manager. That is also done in implementation.

Change-Id: Ibbb64dbae6ed6aaa68b085f8a66d4810cecd22c1

10 years agoAdd method for getting service's pid 24/30724/2
Lukasz Wojciechowski [Mon, 24 Nov 2014 05:18:35 +0000 (06:18 +0100)]
Add method for getting service's pid

Systemd that is responsible for launching service provide information
about it's pid with dbus properties mechanism.

Change-Id: Ia56094ad776a758596b4344172a6109b3648365e

10 years agoHandle job signals from systemd 23/30723/2
Lukasz Wojciechowski [Mon, 24 Nov 2014 04:31:40 +0000 (05:31 +0100)]
Handle job signals from systemd

A set of currently running jobs was added. Jobs are identified
with unique job path created by systemd.
Every time a start/stop/restart command is sent to systemd,
related job is added to set.
When JobNew signal is received its handler puts it also in the set.
Job is removed from the set, when JobRemoved signal is delivered from
systemd.
After each action generating a job in systemd unit (start/stop/restart)
program waits until all jobs from the set are removed.

Timeouts used earlier to "synchronize" action calls are removed.

Change-Id: Id944c9f52ecfeb06efabdb9424c835d09af7bb4f

10 years agoSubscribe to dbus signals from systemd 22/30722/2
Lukasz Wojciechowski [Mon, 24 Nov 2014 03:08:32 +0000 (04:08 +0100)]
Subscribe to dbus signals from systemd

Set bus matching filters for JobNew and JobRemove signals from systemd.
Subscribe to signals from systemd over dbus
Add dbus filter for all incoming messages (stub - empty body).

Change-Id: I516bf562d50a4e7a3933e0a1d5905bffb73dbc68

10 years agoCleanup DBusAccess 21/30721/2
Lukasz Wojciechowski [Mon, 24 Nov 2014 02:42:53 +0000 (03:42 +0100)]
Cleanup DBusAccess

Remove not used variables and function.
Fix memory leak of not released objects in sendResetFailedToService().
Read object path data from dbus response.

Change-Id: I94e531fe6aef64de9eb8a1fc3e7fc8623727e697

10 years agoIgnore smack-dbus tests 10/30710/3
Marcin Niesluchowski [Mon, 24 Nov 2014 13:18:23 +0000 (14:18 +0100)]
Ignore smack-dbus tests

Current dbus release does not support smack context in GetConnectionCredentials
method yet.

Change-Id: I58112e9702c04a634c149c5c2c3753404970cc87

10 years agoMerge branch 'security-manager' into tizen 93/30693/3
Rafal Krypa [Mon, 24 Nov 2014 11:27:24 +0000 (12:27 +0100)]
Merge branch 'security-manager' into tizen

Conflicts:
tests/security-manager-tests/common/sm_db.cpp
tests/security-manager-tests/common/sm_db.h
tests/security-manager-tests/security_manager_tests.cpp

Change-Id: I69e6e9321ab58702086ba402e23a6d9b06e7fdb9

10 years agoMerge branch 'cynara' into tizen 92/30692/1
Rafal Krypa [Mon, 24 Nov 2014 10:19:41 +0000 (11:19 +0100)]
Merge branch 'cynara' into tizen

Conflicts:
tests/cynara-tests/common/cynara_test_admin.h
tests/cynara-tests/test_cases.cpp

Change-Id: I49296db7a8983f3aee1f4750852ea516e9d7f3a2

10 years agosecurity-manager tests: reorganize directories used and registered by apps 57/30457/2
Marcin Lis [Tue, 18 Nov 2014 15:04:56 +0000 (16:04 +0100)]
security-manager tests: reorganize directories used and registered by apps

1. Move global user directories from /etc/smack/ to its home dir: /usr/apps/
2. Remove directories, functions and checks associated with
   SECURITY_MANAGER_PATH_PUBLIC - it should not be used anymore and will be
   removed.

[Verification] run security-manager-tests and ensure that all succeed.

Change-Id: Ifb04fd19b35cc226473159728d172525fbc44bdc
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoRequire gum-utils, not libgum 52/30452/1
Rafal Krypa [Tue, 18 Nov 2014 14:37:33 +0000 (15:37 +0100)]
Require gum-utils, not libgum

In gumd 1.0.2 gum-utils tool has been split from package libgum into
separate package gum-utils.

Change-Id: Ia5903f1b5725e681545b56a1e581312a22443017

10 years agoIgnore tests failing on file label removal 04/30404/2
Marcin Niesluchowski [Mon, 17 Nov 2014 16:36:16 +0000 (17:36 +0100)]
Ignore tests failing on file label removal

Change-Id: Ib4f97f1bfdda0cf2229852096bf47582dc68aa3b

10 years agoFix build dependencies on Cynara 76/30376/1
Aleksander Zdyb [Mon, 17 Nov 2014 12:16:32 +0000 (13:16 +0100)]
Fix build dependencies on Cynara

Change-Id: I3bb0ec78446999e2dfb7fe6e670fc586c113b5bf

10 years agoUpdate tests to work with group names instead of gids 55/29255/10
Krzysztof Sasiak [Thu, 23 Oct 2014 11:53:58 +0000 (13:53 +0200)]
Update tests to work with group names instead of gids

Change-Id: Ia6ac604ca4d5369a486772d1f9f39fd57e1c3ecd

10 years agosecurity-server tests commented out from all tests 89/29789/5
Michal Eljasiewicz [Tue, 4 Nov 2014 11:15:00 +0000 (12:15 +0100)]
security-server tests commented out from all tests

Change-Id: I549718922f98f08c242b9bde313ecad839392b8e
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>
10 years agosecurity_server_tests_dbus moved to separate directory 89/29889/4
Michal Eljasiewicz [Wed, 5 Nov 2014 13:04:51 +0000 (14:04 +0100)]
security_server_tests_dbus moved to separate directory

tests moved out of security_server directory and renamed

Change-Id: If3a3aedecc91f43803dfb349ac6a06a79ed4eccd
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>
10 years agoExtending security_manager_set_process_label_from_binary and 70/29670/7
Zbigniew Jasinski [Fri, 31 Oct 2014 11:11:20 +0000 (12:11 +0100)]
Extending security_manager_set_process_label_from_binary and
security_manager_set_process_label_from_appid for proper socket
labeling.

Added checking for proper socket Smack labeling. Implementation:
https://review.tizen.org/gerrit/27849

Change-Id: I3cf1f7a06615f7652fcefe6d89b2fe370d5f2ba5

10 years agoTest case for security_manager_drop_process_privileges function. 34/29534/9
Zbigniew Jasinski [Wed, 29 Oct 2014 09:10:26 +0000 (10:10 +0100)]
Test case for security_manager_drop_process_privileges function.

security_manager_drop_process_privileges implementation:
https://review.tizen.org/gerrit/27848

Change-Id: I17732780dad25f8c3ecdde3e9ad30781a87a6b69

10 years agoRemove test for security_manager_set_process_label_from_binary() 99/29699/2
Rafal Krypa [Tue, 4 Nov 2014 18:21:08 +0000 (19:21 +0100)]
Remove test for security_manager_set_process_label_from_binary()

Removing test for security-manager function that is now being removed
from security-manager (https://review.tizen.org/gerrit/27041).

Change-Id: I879016d2d0e87b7d0e1eafe982d4e25e61b2f71e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agolibprivilege-control tests commented out from all tests 87/29787/1
Michal Eljasiewicz [Tue, 4 Nov 2014 10:51:04 +0000 (11:51 +0100)]
libprivilege-control tests commented out from all tests

Change-Id: Id76b6b0ba3b9b5c2ee8948fb2078c44e5a444fdc
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>
10 years agoCheck creation of maximal count of cynara requests 85/28985/7
Lukasz Wojciechowski [Fri, 17 Oct 2014 18:27:59 +0000 (20:27 +0200)]
Check creation of maximal count of cynara requests

Request creating function should return CYNARA_API_MAX_PENDING_REQUESTS,
when maximal number of possible requests (2^16) is created.

Change-Id: Icdbbf6e6377a73892ccd8f4affa31756f6161414

10 years agoAdd CynaraTestAsync::Client::createRequest() method 84/28984/6
Lukasz Wojciechowski [Fri, 17 Oct 2014 18:22:57 +0000 (20:22 +0200)]
Add CynaraTestAsync::Client::createRequest() method

Method can be used for testing cynara_async_create_request() API function.

Change-Id: Ib26d97a1a45451c014f3a495408f555c203bf834

10 years agoAdd test for checking CACHE_MISS when cache is empty 83/28983/6
Lukasz Wojciechowski [Fri, 17 Oct 2014 16:45:33 +0000 (18:45 +0200)]
Add test for checking CACHE_MISS when cache is empty

Change-Id: I5857cec7b8d8da2b281a60029648d70516a3c00f

10 years agoAdd CynaraTestAsync::Client::checkCache() method 82/28982/6
Lukasz Wojciechowski [Fri, 17 Oct 2014 16:44:02 +0000 (18:44 +0200)]
Add CynaraTestAsync::Client::checkCache() method

Method can be used to test cynara_async_check_cache() API function.

Change-Id: Ibc7009362bec2cfdc90472299d3bfdf155f186c3

10 years agoAdd CynaraTestAsync::RequestMonitor class 65/28965/7
Lukasz Wojciechowski [Fri, 17 Oct 2014 14:15:43 +0000 (16:15 +0200)]
Add CynaraTestAsync::RequestMonitor class

Added class shall be used for monitoring all requests, matching
callbacks and checking expected causes and responses in callbacks.

Change-Id: I0ddb2d8848d80950d430f768510c6466144b399d

10 years agoCreate cynara_async_tests group 98/28898/7
Lukasz Wojciechowski [Thu, 16 Oct 2014 17:23:13 +0000 (19:23 +0200)]
Create cynara_async_tests group

Create a test group for asynchronous API tests
and add CynaraTestAsync::Client initialization test.

Change-Id: I0e8cc37cd16282a7834cc61dd72e1aa90fb9129e

10 years agoAdd CynaraTestAsync::Client 97/28897/7
Lukasz Wojciechowski [Thu, 16 Oct 2014 17:21:58 +0000 (19:21 +0200)]
Add CynaraTestAsync::Client

This is a class that will wrap usage of libcynara-client-async API.

Change-Id: I89124b57c811e016854122fec6b2cf0ddbaa0525

10 years agoAdd RUNNER_ERROR_MSG(message) macro 96/28896/7
Lukasz Wojciechowski [Thu, 16 Oct 2014 17:10:49 +0000 (19:10 +0200)]
Add RUNNER_ERROR_MSG(message) macro

Macro can be used to print error messages during test runtime.
Sometimes there is a need to print out important information
that are related to error that happen during test run, but it is
impossible to do that with RUNNER_ASSERT... macros because
an exception is alredy thrown.

Change-Id: I574af27bba7c20f21e2c6f9fc0b808f7ed9675ed

10 years agoAdd CynaraTestAsync::StatusMonitor 95/28895/6
Lukasz Wojciechowski [Thu, 16 Oct 2014 15:25:13 +0000 (17:25 +0200)]
Add CynaraTestAsync::StatusMonitor

Added class wraps functionality of status callbacks.

Change-Id: I8c42a80d02b9092e89d930367632110ca33e3fa9

10 years agoFix security_manager_05_app_install_uninstall_by_uid_5000 05/29405/2
Marcin Niesluchowski [Thu, 23 Oct 2014 11:32:38 +0000 (13:32 +0200)]
Fix security_manager_05_app_install_uninstall_by_uid_5000

User app (uid 5000) used for tests has been removed from system.
Due to this chage security-manager can not find it in /etc/passwd.
Special user is created in %post section and is removed in %postun
section. Current test name:
security_manager_05_app_install_uninstall_by_app_user

Change-Id: Ia2eec416b44fe216b08f1fc29ec46826621ad796

10 years agoAdd licence and copyright header to cynara test files 94/28894/2
Lukasz Wojciechowski [Thu, 16 Oct 2014 14:01:55 +0000 (16:01 +0200)]
Add licence and copyright header to cynara test files

Change-Id: I4cb894b91b076c6475f8c285966dd2bacc0ff64d

10 years agoOne missing fix for cynara_check return code 09/29209/2
Rafal Krypa [Tue, 21 Oct 2014 11:35:55 +0000 (13:35 +0200)]
One missing fix for cynara_check return code

Commit 1c357c269b should also adjust tests for security-manager.
Changing expected return code of cynara_check from CYNARA_API_SUCCESS
to CYNARA_API_ACCESS_ALLOWED.

Change-Id: I4f1ad908f0d91f91af9dec9a701f8f41504730dc

10 years agoMerge remote-tracking branch 'tizen-gerrit/cynara' into HEAD 07/29207/1
Marcin Niesluchowski [Wed, 22 Oct 2014 11:34:10 +0000 (13:34 +0200)]
Merge remote-tracking branch 'tizen-gerrit/cynara' into HEAD

Change-Id: Id5089ff0e604c1608038d68ffc5d5e041a2d29d7

10 years agoMerge commit 'af35045308e6b0221690b420f530e53ce6c2fbad' into HEAD 05/29205/1
Marcin Niesluchowski [Wed, 22 Oct 2014 11:10:37 +0000 (13:10 +0200)]
Merge commit 'af35045308e6b0221690b420f530e53ce6c2fbad' into HEAD

Change-Id: Ib16081848a41ef480360b31a14bb9a9bc4786c3f

10 years agoMove HTML collector to separate files 93/28693/5
Marcin Niesluchowski [Mon, 13 Oct 2014 13:05:27 +0000 (15:05 +0200)]
Move HTML collector to separate files

Change-Id: I9e3d507cbde42bced1daac0eae351c55b925a63c

10 years agoMove Console collector to separate files 92/28692/5
Marcin Niesluchowski [Mon, 13 Oct 2014 11:39:02 +0000 (13:39 +0200)]
Move Console collector to separate files

Change-Id: Ia7c23d144db858f94eac34e79e12dd11faad9de4

10 years agoMove XML collector to separate files 91/28691/5
Marcin Niesluchowski [Mon, 13 Oct 2014 09:09:48 +0000 (11:09 +0200)]
Move XML collector to separate files

Change-Id: I7c82a9415bbf9969ab2bc5bc008878b8b61bbcc4

10 years agoMove statistic class to separate file 90/28690/5
Marcin Niesluchowski [Mon, 13 Oct 2014 09:42:33 +0000 (11:42 +0200)]
Move statistic class to separate file

Change-Id: Ife2fd4e0e2952d6145096a8c4de14ed5bbfdb369

10 years agoRemove CSV collector 89/28689/5
Marcin Niesluchowski [Mon, 13 Oct 2014 08:24:02 +0000 (10:24 +0200)]
Remove CSV collector

Change-Id: Iae8c4bbb7cfd415e228426885f224412122ce52f

10 years agoRemove TAP collector 88/28688/5
Marcin Niesluchowski [Mon, 13 Oct 2014 08:13:47 +0000 (10:13 +0200)]
Remove TAP collector

Change-Id: Ie9022778cf489eaaba0177ba8b84c5d0dd425fdb

10 years agoRemove unnecessary includes from test_results_collector.cpp 87/28687/4
Marcin Niesluchowski [Mon, 13 Oct 2014 13:21:49 +0000 (15:21 +0200)]
Remove unnecessary includes from test_results_collector.cpp

Change-Id: I7caaf12269eb63f1a1e7ec2dc3afaa203aa8ad82

10 years agoRevert commits to cynara tests 00/29100/1
Marcin Niesluchowski [Tue, 21 Oct 2014 09:34:12 +0000 (11:34 +0200)]
Revert commits to cynara tests

Some commits to cynara tests making security-tests not buildable
with cynara release.

This reverts commits:
1c357c2 "Fix cynara_check return codes"
d2eb84f "Add tests for cynara_admin_check function"
a58d784 "Enhance CynaraTestAdmin with adminCheck() method"
e0b08a3 "Add tests for none bucket"

Change-Id: If344771ef62de103c24cd551cd40a6b9b8be44a3

10 years agoRevert commits to security-manager tests 99/29099/1
Marcin Niesluchowski [Tue, 21 Oct 2014 09:43:03 +0000 (11:43 +0200)]
Revert commits to security-manager tests

Some commits to security-manager tests making security-tests not buildable
with security-manager release.

This reverts commits:
e3e2809 "security-manager: test security_manager_set_process_groups_from_appid"

Change-Id: I009c33811a3af23451e5cac6db142a555f248408

10 years agoAdjust libcynara-admin error codes 94/28794/1
Lukasz Wojciechowski [Thu, 16 Oct 2014 08:21:42 +0000 (10:21 +0200)]
Adjust libcynara-admin error codes

Cynara integrates error codes in all libraries.
Release 0.4.0 uses new unified error codes.
Old error codes are removed.

This patch changes old error codes into new ones.
Please do not merge this patch until 0.4.0 is released
or patch "35771f4 Use client error codes in admin libraries"
in cynara repository is merged.

Change-Id: I7d89945a075b9353399b417f1fce5ef8a06694c4

10 years agoBuilding: better handling of deprecated 24/28724/1
José Bollo [Tue, 14 Oct 2014 15:39:19 +0000 (17:39 +0200)]
Building: better handling of deprecated

It is useful to keep deprecated items as warning.
For doing that, this new option is needed.

Change-Id: Iaf140652f40d8a990d246741091119106c7b132b
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
10 years agoFix cynara_check return codes 61/28561/3
Lukasz Wojciechowski [Thu, 9 Oct 2014 16:28:29 +0000 (18:28 +0200)]
Fix cynara_check return codes

After merging "151ad89 Change client API error codes"
into cynara values returned by cynara_check() changed.

In case of access allowed cynara_check returns
CYNARA_API_ACCESS_ALLOWED instead of CYNARA_API_SUCCESS.

Change-Id: I98ff68068c9c67648601c339b0ff51af7e3e1280

10 years agoAdd tests for cynara_admin_check function 74/27974/3
Lukasz Wojciechowski [Tue, 23 Sep 2014 15:56:03 +0000 (17:56 +0200)]
Add tests for cynara_admin_check function

cynara_admin_check() function provides simmilar functionality to
cynara_check() from client's API. Differences between those two are:
* admin version can start check search in any given bucket;
* admin version can constrain search to single bucket (no recursion);
* in admin version policy types are returned without being interpreted
  by plugins in cynara service (e.g. no UI popups are launched).

There are 4 tests added:
* tc16_admin_check_single_bucket - for trivial single bucket checks;
* tc17_admin_check_nested_bucket - for testing proper check search
  scope (recursion and start bucket);
* tc18_admin_check_multiple_matches - for testing if minimum policy
  is found, when there is more than a single policy matching;
* tc19_admin_check_none_bucket - for testing proper behaviour, when
  default and only matching policy in bucket is of type NONE.

Verification:
After cynara patch https://review.tizen.org/gerrit/27971 is applied
test should pass. They can fail before due to policy types enumeration
inconsistency between external and internal caynara layers.

Change-Id: Ia37df3491fbc31beb9c638daa515ce5a6b92eb59

10 years agoEnhance CynaraTestAdmin with adminCheck() method 73/27973/3
Lukasz Wojciechowski [Mon, 22 Sep 2014 14:03:36 +0000 (16:03 +0200)]
Enhance CynaraTestAdmin with adminCheck() method

adminCheck() method allows running and checking result of
cynara_admin_check() form libcynara-admin API.

It asserts result of cynara_admin_check() function call
and values of check results with expected values.

Change-Id: Id2a35b3b1f43f2802ccee14355b6efb8a5f5c511

10 years agoMake expected result of cynara client check default 14/26914/4
Marcin Niesluchowski [Mon, 1 Sep 2014 09:38:06 +0000 (11:38 +0200)]
Make expected result of cynara client check default

Change-Id: If5e51ff720c8b03aa2d3beabefce459b65306fca

10 years agoAdd tests for none bucket 03/26303/7
Marcin Niesluchowski [Wed, 20 Aug 2014 09:13:28 +0000 (11:13 +0200)]
Add tests for none bucket

Change-Id: I546ded4f234470ab3754338080ab9800dde18279

10 years agosecurity-manager: test security_manager_set_process_groups_from_appid 61/27461/8
Rafal Krypa [Tue, 16 Sep 2014 14:28:07 +0000 (16:28 +0200)]
security-manager: test security_manager_set_process_groups_from_appid

New security-manager API supports setting process groups based on
privilege settings. This is intended for launchers. Check it during
application installation check to verify if gid-mapped privileges
are handled correctly.

Change-Id: Ie558bf985dbbc5cd1451ae743aa2f26f519fef5e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agosecurity-manager: drop testing of obsolete TIZENEXEC label on symlinks 60/27460/5
Rafal Krypa [Fri, 12 Sep 2014 15:14:25 +0000 (17:14 +0200)]
security-manager: drop testing of obsolete TIZENEXEC label on symlinks

This feature is just being removed from security-manager. No labels
will be set on symlinks.

Change-Id: I9f19cb0b4f2d273407654f9e04f15d6d4823ed05
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agosecurity-manager: use Smack label for verifying Cynara rules, not pkgId 59/27459/5
Rafal Krypa [Fri, 12 Sep 2014 15:10:27 +0000 (17:10 +0200)]
security-manager: use Smack label for verifying Cynara rules, not pkgId

Since security-manager doesn't provide function for that, tests
need to reimplement it. It should be kept in line with security-manager
code. For now there is only one label for all apps: "User".

Change-Id: I79eafea8c38bb86a3ec775a851d7e7605c1865e8
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoCheck integrity after partial policy set 32/27532/3
Lukasz Wojciechowski [Mon, 15 Sep 2014 12:17:57 +0000 (14:17 +0200)]
Check integrity after partial policy set

cynara_admin_set_policy() API function sets whole collection of policies
in single call. Setting some of them may fail. In such case no policies
should be applied to cynara service.

This test confirms existance of detected bug. Try to set 2 policies
(one good and one that is not allowed) leads to setPolicies() error,
however 1st policy remains in cynara's storage.

Verification: until bug is fixed in cynara's storage test should fail.

Change-Id: I3449ccbcfacb03bdcdc7a5cfb4a3b639d9b694ce

10 years agoAdded ckm tests. 68/27668/1
Maciej J. Karpiuk [Wed, 17 Sep 2014 09:45:37 +0000 (11:45 +0200)]
Added ckm tests.

Change-Id: I69ba5318e73ee9f6844787f2ba6a29afec293f45

10 years agoAdd include for strerror() 04/27004/1
Aleksander Zdyb [Wed, 3 Sep 2014 06:11:47 +0000 (08:11 +0200)]
Add include for strerror()

Change-Id: Idf24aaca911199e40b87c78ac2dd4c03d378afbd

10 years agoChange NULL to nullptr 67/25467/5
Marcin Niesluchowski [Wed, 27 Aug 2014 07:51:12 +0000 (09:51 +0200)]
Change NULL to nullptr

Change-Id: I316a253e25a2460c9e2ff85a791550073ebde51a

10 years agoAdjust README to actual version of security-tests 59/25159/19
Marcin Niesluchowski [Wed, 30 Jul 2014 10:41:12 +0000 (12:41 +0200)]
Adjust README to actual version of security-tests

Change-Id: I575d19fb5abe525b168c1610ed24ca70f9d684c0

10 years agoUse SocketUniquePtr in libprivilege-control tests 38/26138/7
Marcin Niesluchowski [Mon, 18 Aug 2014 09:34:44 +0000 (11:34 +0200)]
Use SocketUniquePtr in libprivilege-control tests

Change-Id: I47a95cf3f8d6e4c830d1c26e1bfef70ed78747e3

10 years agoReorder and change test macros 37/25137/23
Marcin Niesluchowski [Wed, 30 Jul 2014 07:54:08 +0000 (09:54 +0200)]
Reorder and change test macros

Change-Id: Id05a92516053ca7128198fe61f8f5c805637d645

10 years agoAdjust security-manager tests 29/25929/9
Jan Cybulski [Tue, 12 Aug 2014 10:54:57 +0000 (12:54 +0200)]
Adjust security-manager tests

Security-manager is no longer using libprivilege-control
Tests should now use cynara to check if privileges
were granted during application installation.

Change-Id: I4a0fea8edfad31cb9265c89b9498d6fd27d47676

10 years agoAllow to run tests without arguments 84/25584/4
Jan Cybulski [Thu, 7 Aug 2014 06:31:48 +0000 (08:31 +0200)]
Allow to run tests without arguments

If no arguments are given, then tests will be run
as if argument was '--output=text', which already
implemented. The only obstracle is check for number
of arguments that is removed in this commit.
To verify this just run any tests without arguments.

Change-Id: I17f60518d6d137c12a5a53f7852653e5f07d7599
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoMove test framework from wrt-commons to security-tests 89/25089/18
Marcin Niesluchowski [Mon, 28 Jul 2014 08:49:13 +0000 (10:49 +0200)]
Move test framework from wrt-commons to security-tests

Change-Id: If185e7401ded389f40d1a07e610c5d999ff152c1

10 years agoAdd tests for installing apps by different users 97/24697/15
Jan Cybulski [Fri, 18 Jul 2014 07:59:10 +0000 (09:59 +0200)]
Add tests for installing apps by different users

Change-Id: I65f78b92c974f5711f91a526593e4d222e1bd43b

10 years agoAdd cynara test environment class 15/24515/25
Marcin Niesluchowski [Tue, 15 Jul 2014 16:54:35 +0000 (18:54 +0200)]
Add cynara test environment class

Change-Id: I6a83f3aab6e5ff4de4d6a9092b0b882af0eb22be

10 years agoAdd extra bucket cynara tests 62/24662/9
Marcin Niesluchowski [Thu, 17 Jul 2014 17:06:37 +0000 (19:06 +0200)]
Add extra bucket cynara tests

Change-Id: I195ac63e423b79b422978003892d78b863cfc2e0

10 years agoAdd single wildcard policies cynara test 44/24644/11
Marcin Niesluchowski [Thu, 17 Jul 2014 13:48:23 +0000 (15:48 +0200)]
Add single wildcard policies cynara test

Change-Id: If3dc244bcc93b6d02c981fcb3f9cd5cbc7004705

10 years agoAdd allow remove set policies cynara tests 35/24635/9
Marcin Niesluchowski [Thu, 17 Jul 2014 11:43:59 +0000 (13:43 +0200)]
Add allow remove set policies cynara tests

Change-Id: I4be35a4242e381fbac176ad5591d2a90e50dc423

10 years agoAdd empty bucket cynara tests 28/24628/14
Marcin Niesluchowski [Thu, 17 Jul 2014 09:29:43 +0000 (11:29 +0200)]
Add empty bucket cynara tests

Change-Id: Ie3eb6ece201e31490e72180d0c4f53397c8976e8

10 years agoAdd cynara invalid params tests 18/24518/21
Marcin Niesluchowski [Tue, 15 Jul 2014 17:34:43 +0000 (19:34 +0200)]
Add cynara invalid params tests

Change-Id: I45a63f43911c57b2d1ceb8b69410e41b527066bc

10 years agoAdd cynara test client class 79/24279/20
Marcin Niesluchowski [Wed, 9 Jul 2014 13:52:12 +0000 (15:52 +0200)]
Add cynara test client class

Change-Id: I8ef613c06d5fbe2a3764aaac7fa1b0b1009a860b

10 years agoAdd cynara test admin class 78/24278/20
Marcin Niesluchowski [Wed, 9 Jul 2014 12:17:15 +0000 (14:17 +0200)]
Add cynara test admin class

Change-Id: I6871e7e51d6f78df03948d7dc83a88e5fe0ffeb3

10 years agoMake DBusAccess class more generic 47/24347/15
Marcin Niesluchowski [Thu, 10 Jul 2014 11:22:03 +0000 (13:22 +0200)]
Make DBusAccess class more generic

DBusAccess class should be able to restart any service.

Change-Id: I035321e9cd6fb219f2affc01b06299ace9c8af18

10 years agoAdd tests for setting current process label 08/24408/4
Jacek Bukarewicz [Fri, 11 Jul 2014 13:56:53 +0000 (15:56 +0200)]
Add tests for setting current process label

Change-Id: I020b8c812526c7e13d86df8ffe72c4d80a1e0fe0
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
10 years agoRefactor test for smack_*getlabel and smack_*setlabel. 98/23298/9
Marcin Niesluchowski [Mon, 16 Jun 2014 09:48:12 +0000 (11:48 +0200)]
Refactor test for smack_*getlabel and smack_*setlabel.

Change-Id: I65b60e6d13137b3d6a3ece46becde5050f4aa0b0

10 years agoUse tzplatform_mkpath to get path to .rules-db.db3 database 82/24482/1
Jacek Bukarewicz [Tue, 15 Jul 2014 08:07:59 +0000 (10:07 +0200)]
Use tzplatform_mkpath to get path to .rules-db.db3 database

Change-Id: I6b834fe93551349954480dbc809e483f6a146dfd
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
10 years agoAdd security-manager database records testing. 39/23839/2
Marcin Lis [Thu, 3 Jul 2014 13:47:09 +0000 (15:47 +0200)]
Add security-manager database records testing.

Use the TestSecurityManagerDatabase class to test installation and privilege
assignment process in security-manager's database.

Change-Id: I08155d56904c31fe2a124d86d089014e9da95008
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoAdd parameters to security-manager tests functions. 38/23838/2
Marcin Lis [Thu, 3 Jul 2014 13:45:38 +0000 (15:45 +0200)]
Add parameters to security-manager tests functions.

This commit pre-reorganizes tests. It prepares security-manager tests
to implement database records checks in next step.

Change-Id: I4687a71f12117c8b5c02e90cb71851ec95aacf16
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoAdd new class to test security-manager database records. 37/23837/1
Marcin Lis [Wed, 2 Jul 2014 13:38:41 +0000 (15:38 +0200)]
Add new class to test security-manager database records.

Reuse the concept implemented in libprivilege-control tests.

The interface of the introduced class may be used in security-manager tests.
Currently it allows to check if app and pkg have been successfully installed
along with all requested privileges. Checking application uninstallation is
possible as well.

Change-Id: I1eb95312c7ace890402533ef17645b91485ad443
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoMove generic Sqlite3DBase test files to common part. 36/23836/1
Marcin Lis [Tue, 1 Jul 2014 15:06:21 +0000 (17:06 +0200)]
Move generic Sqlite3DBase test files to common part.

Prepare DB-test framework for later use in security-manager tests.

Change-Id: I9454431db2654adc0019446e08615ae72051a0fd
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoAdd test for libprivilege permissions update. 83/23383/4
Marcin Lis [Wed, 18 Jun 2014 13:17:42 +0000 (15:17 +0200)]
Add test for libprivilege permissions update.

This commit introduces tests for the following change:
https://review.tizen.org/gerrit/#/c/23382/

Change-Id: I42c228dac84c9aee8f7f55de4a9d4773f97f11f1
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoRemove security_manager_app_inst_req_add_allowed_user from tests. 07/23307/1
Marcin Niesluchowski [Mon, 23 Jun 2014 10:26:21 +0000 (12:26 +0200)]
Remove security_manager_app_inst_req_add_allowed_user from tests.

Function security_manager_app_inst_req_add_allowed_user will be
removed from security-manager.

Change-Id: I89aafc3d1ae49044bdcb860545181e6e355d6f28

10 years agoAdd test for security-manager installer service. 73/22773/3
Marcin Niesluchowski [Tue, 3 Jun 2014 12:36:59 +0000 (14:36 +0200)]
Add test for security-manager installer service.

Verification:
-> secuirty-tests.sh security-manager --output=text --runignored
   (all should pass)

Change-Id: I43b10b0032300cbf4b21faceae85d1f1dc1a982f

10 years agoTest labeling links to execs by security-manager 34/22534/4
Jan Cybulski [Thu, 5 Jun 2014 13:02:04 +0000 (15:02 +0200)]
Test labeling links to execs by security-manager

Security manager's installer service labels links to execs
with a special xattr: security.TIZEN_EXEC_LABEL.
This commit checks that functionality.

Change-Id: Iac86bc6a55aba4b3648ec2f4e475c28121b025f0
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoUse /tmp/ as location for smack test files 68/22568/3
Jacek Bukarewicz [Fri, 6 Jun 2014 13:09:53 +0000 (15:09 +0200)]
Use /tmp/ as location for smack test files

Smack laccess tests used /opt/home/app previously, but it does not
necessarily exist so replace it with /tmp/.

Change-Id: Id711c60ef49e0078519f8acc77d5b034a23c1596

10 years agoAdd tests for security manager's installer service 12/21612/11
Jan Cybulski [Thu, 5 Jun 2014 13:00:42 +0000 (15:00 +0200)]
Add tests for security manager's installer service

Add more specific tests for security manager's
security_manager_app_inst_req_add_path:
Tests for SM_PUBLIC_PATH and SM_PUBLIC_RO_PATH added.

Change-Id: I505fca28ef992676f967fa6cf29bc2d6343388c1
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoFix return value of smack_have_access 65/22465/2
Jan Cybulski [Wed, 4 Jun 2014 12:47:19 +0000 (14:47 +0200)]
Fix return value of smack_have_access

Libsmack's smack_have_access returns 0 on no access and -1 on errors.
Checking rule that does not exist should not return -1

Change-Id: I604eed75634c9bc1dfbeb41a70d0a11211be96f0
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoFix segmentation fault on libsmack tests 64/22464/2
Jan Cybulski [Wed, 4 Jun 2014 12:44:44 +0000 (14:44 +0200)]
Fix segmentation fault on libsmack tests

Change-Id: I6fbae1e6513a6121aae53863193d862b03da257a
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoAdd tests for Cynara RE (Rush-Edition) 25/20525/12
Aleksander Zdyb [Thu, 29 May 2014 12:39:17 +0000 (14:39 +0200)]
Add tests for Cynara RE (Rush-Edition)

Change-Id: I628a242f40001a2e81ac1728e19402ed30b11934
Signed-off-by: Aleksander Zdyb <a.zdyb@partner.samsung.com>
10 years agoFix tc_unit_09_02_app_user_cookie_API_access_deny test. 00/21600/2
Marcin Niesluchowski [Fri, 23 May 2014 09:00:06 +0000 (11:00 +0200)]
Fix tc_unit_09_02_app_user_cookie_API_access_deny test.

Verfication:
-> security-server-tests-server --output=text --runignored \
   --regexp=tc_unit_09_02_app_user_cookie_API_access_deny
   (with smack; test should not fail)

Change-Id: I03e696482ce797a67c3de9b77418d448970c5f23

10 years agoDon't use OSP and WRT installers in security tests 30/21530/3
Jacek Bukarewicz [Wed, 21 May 2014 15:02:09 +0000 (17:02 +0200)]
Don't use OSP and WRT installers in security tests

Security tests used to install WRT and OSP test applications in
post installation script. This is not necessary and can be replaced by
shipping binaries and symlinks required by test in RPM package.

To verify check if libprivilege-control tests' results are unaffected by
this change.

Change-Id: Id1d73bfb0249bc63bd33613c40d04a673783642d
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
10 years agoRevert "Fix security-server server tests" 37/21537/2
Marcin Niesluchowski [Thu, 22 May 2014 12:18:21 +0000 (14:18 +0200)]
Revert "Fix security-server server tests"

This reverts commit df5967df7e0c2d61ca4829c3add727a1696cd058.

Conflicts:

tests/security-server-tests/server.cpp

Change-Id: I10296aab70f267f90e7a94432672fd0b94b9b129

10 years agoAdjust AccessProvider api to current security-server. 55/21455/2
Marcin Niesluchowski [Wed, 21 May 2014 06:51:52 +0000 (08:51 +0200)]
Adjust AccessProvider api to current security-server.

Sockets in security-server has been moved to /run labeled with
System::Run label and AccessProvider provided old smack accesses.
Previous references to sockets' old smack labels has been removed.

Verification:
-> security-tests-all.sh
   (server, cookie-api, clientsmack and dbus tests should pass,
    no changes in other tests)

Change-Id: I9796fb0b52890553767783de5cffdc7b5ecb8746