platform/core/test/security-tests.git
19 months agoCKM: Add key-wrapping tests 81/289981/16 e2ee
Daniel Kita [Thu, 16 Mar 2023 12:14:30 +0000 (13:14 +0100)]
CKM: Add key-wrapping tests

Change-Id: I99fce2906c245d0b8174e1b3b15f990535b39caf

19 months agoE2EE: Require e2ee-tests to be ran by default user 22/290222/1
Krzysztof Jackiewicz [Tue, 21 Mar 2023 16:32:43 +0000 (17:32 +0100)]
E2EE: Require e2ee-tests to be ran by default user

Change-Id: I87e1b8b68f91d4410144e4b986022da49e58fe24

19 months agoE2EE: OCF API implementation 16/289116/11
Krzysztof Jackiewicz [Wed, 1 Mar 2023 09:54:50 +0000 (10:54 +0100)]
E2EE: OCF API implementation

Tests included.

Change-Id: I04a3b56d66b51b5508e7fa4f14d923e876122f78

19 months agoE2EE: PBKDF API implementation 15/289115/10
Krzysztof Jackiewicz [Fri, 24 Feb 2023 08:58:28 +0000 (09:58 +0100)]
E2EE: PBKDF API implementation

Tests included

Change-Id: I4cbe3363690ff116a8c26dba3e6bfca8d9e0dad5

19 months agoE2EE: Key agreement API implementation 14/289114/10
Krzysztof Jackiewicz [Wed, 1 Mar 2023 09:54:21 +0000 (10:54 +0100)]
E2EE: Key agreement API implementation

Tests included

Change-Id: Iab51c84b848060f3392cb11de7dedd7ab2580034

19 months agoE2EE: Adaptation layer API 64/287564/11
Krzysztof Jackiewicz [Wed, 18 Jan 2023 07:19:30 +0000 (08:19 +0100)]
E2EE: Adaptation layer API

Change-Id: Id16918721d65af96795104c1ccea229b5aa1a65a

19 months agoCKM: Add KBKDF tests 32/288832/6
Krzysztof Jackiewicz [Thu, 23 Feb 2023 09:14:43 +0000 (10:14 +0100)]
CKM: Add KBKDF tests

Change-Id: I8af39566757c6f3b4e9ca82184f9f99708c3271a

19 months agoCKM: Add ECDH tests 34/288534/7
Krzysztof Jackiewicz [Fri, 17 Feb 2023 10:39:10 +0000 (11:39 +0100)]
CKM: Add ECDH tests

Change-Id: I79dc55e11c9c61db1074b1e70a856999d4632d56

19 months agoCKM: Remove unused typedef 81/289281/4
Krzysztof Jackiewicz [Fri, 3 Mar 2023 13:35:26 +0000 (14:35 +0100)]
CKM: Remove unused typedef

Change-Id: Id0c756f0af4dfda7a6fb9af5a7c397d2111f4862

19 months agoCKM: Saving unexportable data is now allowed 31/288831/5
Krzysztof Jackiewicz [Thu, 23 Feb 2023 09:07:34 +0000 (10:07 +0100)]
CKM: Saving unexportable data is now allowed

Change-Id: Idfc450ee67d26a0389c62076b8401339c6404362

20 months agoCKM: Helper functions refactored 33/288533/5
Krzysztof Jackiewicz [Fri, 17 Feb 2023 17:03:28 +0000 (18:03 +0100)]
CKM: Helper functions refactored

Functions moved to ckm-common.h to be accessible by other test cases.
Use unsigned integer in param lists.
Use pointers to buffers in buffer comparison.

Change-Id: I6d094cc4fc202be2a047861548f157775fe17a60

21 months agoMerge branch 'ckm' into tizen
Dariusz Michaluk [Mon, 9 Jan 2023 14:06:28 +0000 (15:06 +0100)]
Merge branch 'ckm' into tizen

Change-Id: Ia90081c32b85a24ebd01d8f7f2e76ebae5399d0f

2 years agoCKM: Multithreaded encryption test 49/282049/1
Krzysztof Jackiewicz [Mon, 26 Sep 2022 08:53:26 +0000 (10:53 +0200)]
CKM: Multithreaded encryption test

Change-Id: I8aa6a784e672957c717790e755b8b2de0274ba99

2 years agoCKM: Get rid of early expiring certificates 46/278746/3
Krzysztof Jackiewicz [Mon, 25 Jul 2022 20:40:35 +0000 (22:40 +0200)]
CKM: Get rid of early expiring certificates

* Use OCSP chain with longer validity (Jan 28 2028)
* Use last CA certificate before root CA for OCSP tests (CA has longer
  validity than EE certificate)
* Remove "third party" chain to avoid expiration issues
* Replace above chain with "OCSP" or "test" chain where possible
* Simplify or remove tests that do not make sense with current chains

Change-Id: I22eba70ae8b73607cc4c8de1f18f014104fd12ea

2 years agoMerge branch 'ckm' into tizen
Dariusz Michaluk [Tue, 5 Jul 2022 11:50:22 +0000 (13:50 +0200)]
Merge branch 'ckm' into tizen

Change-Id: Id782d46989eedf10f2740a61e14da6e124def563

2 years agoCKM: Replace expired certificates with new ones 63/276263/1
Lukasz Pawelczyk [Mon, 13 Jun 2022 13:19:59 +0000 (15:19 +0200)]
CKM: Replace expired certificates with new ones

- Closest expiration date is Jul 28, 2022

Change-Id: I269862728bf8734c040ade881f3cef54f437d04a

2 years agoCKM: Replace expired certificates with new ones 89/272389/1
Lukasz Pawelczyk [Tue, 15 Mar 2022 15:44:40 +0000 (16:44 +0100)]
CKM: Replace expired certificates with new ones

- Closest expiration date is Jun 22, 2022

Change-Id: Ie6348d62c16510bf850f04421da24aa307a3c6ce

3 years agoCKM: Replace expired certificates with new ones 93/264993/2 csr-sample
Lukasz Pawelczyk [Tue, 5 Oct 2021 12:42:30 +0000 (14:42 +0200)]
CKM: Replace expired certificates with new ones

- Closest expiration date is Mar 30, 2022
- I've also reordered the certs so it's consistent

Change-Id: I163b8d1a52b01d2b096b7eb0f90550965d459856

3 years agoCKM: Replace expired certificates with new ones 93/261693/1
Krzysztof Jackiewicz [Thu, 22 Jul 2021 15:00:48 +0000 (17:00 +0200)]
CKM: Replace expired certificates with new ones

Change-Id: I6011a1787cd71ad3b46ad5fb2fe824caa70a247f

3 years agoAdjust to openssl 1.1.1j padding changes 91/256591/3
Krzysztof Jackiewicz [Wed, 7 Apr 2021 21:04:57 +0000 (23:04 +0200)]
Adjust to openssl 1.1.1j padding changes

The SSL v2.3 padding has been modified in recent openssl 1.1.1j. PKCS1
and PKCS1 SSLv2.3 are now compatible both ways but this is not what our
test expects.

The test has been adjusted.

Change-Id: I961345ac7f1864f4b768521c7814eac5b293fbd9

3 years agoFix T9050 accidentally valid padding issue 62/255962/3
Krzysztof Jackiewicz [Thu, 25 Mar 2021 13:41:06 +0000 (14:41 +0100)]
Fix T9050 accidentally valid padding issue

Usually happens at least once per 2000 runs when using public RSA
encryption with OAEP padding followed by private RSA decryption with
PKCS1 v1.5 padding. The OAEP is quite unpredictable and can produce a
valid PKCS1 v1.5 padding from time to time.

Valid PKCS1 v1.5 padded message looks as follows:
0x00 || 0x02 || PS || 0x00 || M
where M is a decrypted message and PS is 8+ non-zero octets.

Fix by checking the unpadded message length if above case occurs.

Change-Id: I9991730f5e5cc895dfbfbaf6a6c757dd15f7a313
Hint: Use only 512-bit keys to speed up testing.

3 years agoUpdate certificates for OCSP tests 39/253839/3
Krzysztof Jackiewicz [Thu, 18 Feb 2021 10:19:23 +0000 (11:19 +0100)]
Update certificates for OCSP tests

For some reason http://ocsp.msocsp.com responds with "unauthorized(6)"
error when asked for certificate validity. The certificate is still
valid. I'm not sure what was the problem but updating the certificate
with the latest one fixed it.

Verification:
su - owner -c "ckm-tests --regexp=ocsp"

Change-Id: Idc2a7b41da3e0cf5624b1d3193a3b65f4085ad49

3 years agoFix TA1750_ocsp_check_positive test assert message 62/253762/4
Krzysztof Jackiewicz [Wed, 17 Feb 2021 12:48:32 +0000 (13:48 +0100)]
Fix TA1750_ocsp_check_positive test assert message

Change-Id: Id26d29f7cec5dd1aa6b55ce8b6f19318bc3724de

3 years agoMerge branch 'tizen' into yaca 75/250175/1
Dariusz Michaluk [Mon, 21 Dec 2020 14:07:37 +0000 (15:07 +0100)]
Merge branch 'tizen' into yaca

Change-Id: Ia32fcd193587e8771dcfa06c64490bc9db7f60a5

3 years agoMerge branch 'tizen' into ckm 72/250172/1
Dariusz Michaluk [Mon, 21 Dec 2020 13:41:21 +0000 (14:41 +0100)]
Merge branch 'tizen' into ckm

Change-Id: I3d06e113f7956ff5dda7fe8ddfa7579930b74637

3 years agoCleanup attr/xattr.h usage. 68/250168/2
Dariusz Michaluk [Mon, 21 Dec 2020 10:08:18 +0000 (11:08 +0100)]
Cleanup attr/xattr.h usage.

After attr package upgrade, attr/xattr.h has ben removed,
sys/xattr.h should be used instead.

To fix build break, unnecessary attr/xattr.h usage has ben removed
or changed to proper one.

Change-Id: I5a5acfd9f65e60975a1c28d0231d1bc035e99044

3 years agoMerge branch 'tizen' into yaca 74/249774/1
Dariusz Michaluk [Wed, 16 Dec 2020 12:07:27 +0000 (13:07 +0100)]
Merge branch 'tizen' into yaca

Change-Id: I9854e1e1e8d29d204041ccd831b032b87ec5173c

4 years agoAdd warning on CKM TrustZone space leak 25/239925/4
Mateusz Cegielka [Thu, 30 Jul 2020 12:01:32 +0000 (14:01 +0200)]
Add warning on CKM TrustZone space leak

Current implementation of ckmc_remove_user_data is not able to remove
individual objects from TrustZone, because their names are stored in a
possibly encrypted database. This rarely happens in actual code, but
tests extensively use this function to clean up objects they create.
Because of this, running CKM tests multiple times with TrustZone enabled
may exceed TrustZone limits.

Fixing the behaviour is a larger task, and making all tests clean up
individual objects is too verbose, complex and error-prone for a bug
workaround that only affects developers (this approach has already been
tried once, and it was removed years ago).

I have added a heuristic check that tries to create a single-byte data
object in TrustZone. If that fails, it displays a warning message
explaining the problem and suggesting to reset TrustZone and key-manager
state, as well as instructions on how to do use using Tizen emulator and
tef-simulator.

Change-Id: Id99c22c33f3e5adfbeff5c7b1b58d2d995ed4cca

4 years agoMerge "Merge branch 'tizen' into 'ckm'" into ckm
Dariusz Michaluk [Tue, 29 Sep 2020 10:50:35 +0000 (10:50 +0000)]
Merge "Merge branch 'tizen' into 'ckm'" into ckm

4 years agoMerge branch 'tizen' into 'ckm' 33/245033/1
Krzysztof Jackiewicz [Mon, 28 Sep 2020 12:36:33 +0000 (14:36 +0200)]
Merge branch 'tizen' into 'ckm'

Change-Id: I225457a8788e581233979590e7e11f1887fda88b

4 years agoRefactor AccessProvider and ScopedAccessProvider 46/240346/5
Mateusz Cegielka [Wed, 5 Aug 2020 11:07:53 +0000 (13:07 +0200)]
Refactor AccessProvider and ScopedAccessProvider

AccessProvider is a helper class for setting up Smack rules, user id,
group id and process labels before or during a test. CKM tests also
contain different AccessProvider and ScopedAccessProvider classes, but
only use a single constructor of the latter to pretend to be an app.
These classes contain some duplicated code. Also, after the removal of
libsmack-tests, the responsibilities of these classes have shrunk to
pretending to be an app and nothing else.

I have cleaned up src/common/ AccessProvider, renamed it to AppContext
and made it flexible enough so that ScopedAccessProvider can be
implemented in terms of it and src/ckm/ AccessProvider can be removed. I
have then cleaned up ScopedAccessProvider and renamed it to
ScopedAppContext.

Change-Id: I325f7bd1d9c2ac276960530384682227cefec7da

4 years agoSwitch to c++17 10/244410/1
Krzysztof Jackiewicz [Fri, 18 Sep 2020 07:53:41 +0000 (09:53 +0200)]
Switch to c++17

Latest key-manager changes require c++17.

Change-Id: Ifadce309c2fa195fe4d2a432770803308f1e29d1

4 years agoRemove libsmack tests 72/244172/2
Mateusz Cegielka [Tue, 15 Sep 2020 08:44:53 +0000 (10:44 +0200)]
Remove libsmack tests

These tests are not executed on Jenkins, and currently are also broken.
More importantly, libsmack is an open-source library not specific to
Tizen, so there's not actually a lot of benefit in testing it.

I have removed libsmack-tests directory, as well as all related build
commands.

Change-Id: Ib5c78f2425d4a43567e50a41b90e25eab1597ae3

4 years agoRemove key-manager::api-storage privilege use in CKM tests 45/240345/2
Mateusz Cegielka [Mon, 27 Jul 2020 09:29:24 +0000 (11:29 +0200)]
Remove key-manager::api-storage privilege use in CKM tests

Some CKM tests request the key-manager::api-storage privilege when
switching context to the user. However. this privilege was removed five
years ago (see commits 06d3064 and d5e32f8 in key-manager) and is no
longer required to use key-manager.

I have removed all calls responsible for requesting this privilege. This
also made it possible to only use the simplest ScopedAccessRequest
constructor and remove all other constructors.

Change-Id: I788e44f8e59575f80c8999b6b64eaefcc905fb75

4 years agoFix only partial rollback of Smack rules 44/240344/2
Mateusz Cegielka [Fri, 24 Jul 2020 15:13:25 +0000 (17:13 +0200)]
Fix only partial rollback of Smack rules

Some tests temporarily add new Smack rules in order to test unprivileged
access to system services. After the test, they are cleared with
smack_revoke_subject. However, this only removes rules where the test
application is the subject.

I have replaced calls where this is an issue with a smack_accesses_clear
call, which removes all rules loaded with a given handle. Since affected
tests do not modify Smack rules in any other way and only use test
labels for fake apps, no rules removed by the old call and not by the
new call can exist.

Change-Id: I841d6b7ad05549d8837645e3d9176f4db7029908

4 years agoMerge branch 'tizen' into ckm 16/236216/1
Dariusz Michaluk [Mon, 15 Jun 2020 15:05:29 +0000 (17:05 +0200)]
Merge branch 'tizen' into ckm

Change-Id: Iecead619e756e6986f6677f88fdf6e596d6e40ef

4 years agoMerge branch 'tizen' into security-manager 14/236214/1
Dariusz Michaluk [Mon, 15 Jun 2020 15:00:51 +0000 (17:00 +0200)]
Merge branch 'tizen' into security-manager

Change-Id: I973bc6f714c4987e7d53d23e3efcaa2cf8768c4f

4 years agoMerge branch 'tizen' into yaca 10/236210/1
Dariusz Michaluk [Mon, 15 Jun 2020 14:23:22 +0000 (16:23 +0200)]
Merge branch 'tizen' into yaca

Change-Id: I7269ea66733779c44fa3437f5d7623a973b86471

4 years agoSpring cleaning 80/232780/2
Konrad Lipinski [Wed, 29 Apr 2020 07:12:07 +0000 (09:12 +0200)]
Spring cleaning

* drop some unused code
* shrink interfaces a tiny bit
* obviate construction of a few intermediate objects

Change-Id: I66cbbfdab5270bc64fbb2e51b3de027f96ec86a9

4 years agoMerge branch 'ckm' into tizen 99/236199/1
Dariusz Michaluk [Mon, 15 Jun 2020 11:41:41 +0000 (13:41 +0200)]
Merge branch 'ckm' into tizen

Change-Id: I8e7dbe5e42290ebc991669d6e8405ff65eeb9972

4 years agoMerge branch 'security-manager' into tizen 98/236198/1
Dariusz Michaluk [Mon, 15 Jun 2020 11:25:16 +0000 (13:25 +0200)]
Merge branch 'security-manager' into tizen

Change-Id: I80391846ba53b683da6e46eb6e82b00739996c25

4 years agoImprove async getters' tests 03/233003/3
Krzysztof Jackiewicz [Mon, 11 May 2020 07:56:33 +0000 (09:56 +0200)]
Improve async getters' tests

Received item is not checked in async tests. It may as well be empty.
Compare retrieved object with saved one.

Change-Id: I0a6dbe988791accd308c7fe138531eac220b9279

4 years agoRemove ugly manual setup of pkgmgr database 27/232927/2
Tomasz Swierczek [Fri, 8 May 2020 09:35:07 +0000 (11:35 +0200)]
Remove ugly manual setup of pkgmgr database

Use new SM APIs instead so privilege-checker
doesn't have to call pkgmgr.

Change-Id: I15cdee3693ec1f16c789a9234e12703c2a6b3fcf

4 years agoSmack privilege tests with different configurations 01/231901/13
Krzysztof Jackiewicz [Fri, 24 Apr 2020 12:08:22 +0000 (14:08 +0200)]
Smack privilege tests with different configurations

Change-Id: I93138c69683dc910df44515d216b42f0b5855ff5

4 years agoFix smack privilege tests policy management 20/232820/1
Krzysztof Jackiewicz [Thu, 7 May 2020 20:05:04 +0000 (22:05 +0200)]
Fix smack privilege tests policy management

Because TEST_RUNNER_CHILD is used, the security-manager's policy is
being modified in individual processes. This leads to redundant
security-manager restarts and could leave security-manager with
improper policy after the test.

Manage the security-manager policy in the main process only.

Change-Id: I5d9924806f9ecdd28007f9cfd3ea3668e1a47a33

4 years agoUse TemporaryTestUser::getUidString where applicable 00/231900/12
Krzysztof Jackiewicz [Fri, 24 Apr 2020 19:51:37 +0000 (21:51 +0200)]
Use TemporaryTestUser::getUidString where applicable

Change-Id: I0663b3a29ca74eea2f5019319d857d03a0562885

4 years agoRemove package from pkgmgr-parser.db even when sm install fails 72/230072/3
Zofia Abramowska [Tue, 7 Apr 2020 15:59:43 +0000 (17:59 +0200)]
Remove package from pkgmgr-parser.db even when sm install fails

Change-Id: I645fc92a632f60a5891759b92a1da51ee5d3300d

4 years agoProvide configuration for smack-privilege tests 86/231586/18
Krzysztof Jackiewicz [Wed, 22 Apr 2020 11:17:29 +0000 (13:17 +0200)]
Provide configuration for smack-privilege tests

Security-manager has empty configuration for smack privileges by default. To
test this functionality smack privilege tests provide their own configurations.

Change-Id: I71028202f00eb159ee8d4df76041a25b4be188b1

4 years agoAdd new test scenario, where app is killed during policy change. 15/232315/3
Dariusz Michaluk [Thu, 30 Apr 2020 12:44:04 +0000 (14:44 +0200)]
Add new test scenario, where app is killed during policy change.

Change-Id: I9a57548b1f136f3612d8be5b1b2b6f64f335970d

4 years agoAdd smack-privilege tests 63/231163/22
Krzysztof Jackiewicz [Fri, 17 Apr 2020 12:34:05 +0000 (14:34 +0200)]
Add smack-privilege tests

Change-Id: Ic6b5535199e0b6095eda8539db847dc11aef356b

4 years agoAllow uid change in AppInstallHelper 10/231210/17
Krzysztof Jackiewicz [Mon, 20 Apr 2020 06:50:03 +0000 (08:50 +0200)]
Allow uid change in AppInstallHelper

Change-Id: I3d329b8afa481e90b367abbaeb80f20bd3cc2a45

4 years agoGroup privilege check refactoring 25/231025/20
Krzysztof Jackiewicz [Thu, 16 Apr 2020 20:18:49 +0000 (22:18 +0200)]
Group privilege check refactoring

Make the checking function a passive one. Do not change process suplementary
groups in it. Modify ScopedAppLauncher to perform the test in launched app.
Test group setting api in a separate test.

Change-Id: Iccc20810dad0b667f0f4007701bd0c99e5c99f83

4 years agoMake ScopedAppLauncher child always notify the parent 54/231254/15
Krzysztof Jackiewicz [Mon, 20 Apr 2020 13:18:10 +0000 (15:18 +0200)]
Make ScopedAppLauncher child always notify the parent

In case any of ScopedAppLauncher child process asserts fails, make sure the
parent is notified and displays the error properly.

Change-Id: I75bbe0e7781cf338b62a39de03fda8f305ae8d50

4 years agoCleanup namespace after app termination 48/231248/15
Krzysztof Jackiewicz [Mon, 20 Apr 2020 11:50:39 +0000 (13:50 +0200)]
Cleanup namespace after app termination

This API call is necessary to cleanup /var/run/user/ app links after app is
terminated. Security-manager detects running apps basing on these links
existence.

Change-Id: If4feb5d158deac30098d05230c9f7fca928eacd2

4 years agoCheck smack leftovers after uninstallation 76/230876/18
Krzysztof Jackiewicz [Wed, 15 Apr 2020 14:42:40 +0000 (16:42 +0200)]
Check smack leftovers after uninstallation

Not all smack rules are removed after user removal. It is due to improper
handling of hybridity update when apps are installed for different user than
the one passed in the update request.

Check it in security_manager_09_app. The check would fail. It has been marked
as "ignored" until proper fix lands in security-manager.

Change-Id: I7936d711e6a3f0dc14ecb405f35247b20f4cb37a

4 years agoAdd smack-privilege checkers to AppInstallHelperExt 33/229533/25
Krzysztof Jackiewicz [Thu, 23 Apr 2020 08:24:07 +0000 (10:24 +0200)]
Add smack-privilege checkers to AppInstallHelperExt

Change-Id: I814dc54983ebcd4c42db8e8fbca36df71e732f54

4 years agoAdd smack-privilege parsing to PolicyConfiguration 83/231683/10
Krzysztof Jackiewicz [Thu, 23 Apr 2020 09:46:21 +0000 (11:46 +0200)]
Add smack-privilege parsing to PolicyConfiguration

Change-Id: I9fa0b5b86138725cb9520379e25f71f82a3e43f7

4 years agoUnify privilege representation 99/231899/6
Krzysztof Jackiewicz [Fri, 24 Apr 2020 14:09:05 +0000 (16:09 +0200)]
Unify privilege representation

- Use common privilege names in all sm tests
- Remove ambigious/deprecated methods from AppInstallHelper
- Use PrivilegeVector instead of PolicyConfiguration::PrivVector in
  AppInstallHelper and related code
- Add privilege vectors instead of individual privileges where possible

Change-Id: I96cac9bacc8de271f9b9f9ceb7bf7c248fb26171

4 years agoExtend AppInstallHelper with checker methods 40/229940/15
Krzysztof Jackiewicz [Mon, 6 Apr 2020 15:35:56 +0000 (17:35 +0200)]
Extend AppInstallHelper with checker methods

Move app checkers to AppInstallHelper derived class. Too many arguments
have to be passed here and there. Writing new checkers is pain in the
back. There's still a lot to be improved. Testing framework has to be
adjusted to allow multiple apps in the package.

Change-Id: I4b363a6b0d102bd1df6ed8cce8494c884c8d088a

4 years agoAdd privilege names 98/231898/3
Krzysztof Jackiewicz [Fri, 24 Apr 2020 13:11:31 +0000 (15:11 +0200)]
Add privilege names

Also add new Privilege ctor to work with char* privilege names.

Change-Id: I8dd79e095bf118eb2f83b94182944a9eef0cfb11

4 years agoAdd rule file path getters to PolicyConfiguration 82/231682/2
Krzysztof Jackiewicz [Thu, 23 Apr 2020 09:48:12 +0000 (11:48 +0200)]
Add rule file path getters to PolicyConfiguration

Change-Id: If06e8ac749aeec23006ae5bd6d78b1658f13031e

4 years agoRemove unused shared ro template 56/231256/1
Krzysztof Jackiewicz [Tue, 31 Mar 2020 20:18:36 +0000 (22:18 +0200)]
Remove unused shared ro template

Change-Id: Ifd8f21e347934318edee10d9abc508ee902213df

4 years agoAvoid appId and pkgId copying in AppInstallHelper 14/229814/3
Krzysztof Jackiewicz [Fri, 3 Apr 2020 20:11:49 +0000 (22:11 +0200)]
Avoid appId and pkgId copying in AppInstallHelper

Change-Id: Ief63d53563143a18358b435a374685c9317ecbd7

4 years agoAdd ScopedAppLauncher 13/229813/2
Krzysztof Jackiewicz [Fri, 3 Apr 2020 20:00:22 +0000 (22:00 +0200)]
Add ScopedAppLauncher

Needed to check smack rules while app is running

Change-Id: I6ef63fc76dd27fb6119245541dc2fd9544ff98fe

4 years agoReplace magic policy level strings with constexpr 84/229684/2
Krzysztof Jackiewicz [Thu, 2 Apr 2020 12:41:59 +0000 (14:41 +0200)]
Replace magic policy level strings with constexpr

Change-Id: Ia539ec68d641448a8d84e175eb8efe2e888e6671

4 years agoRemove unused shared ro template 87/229387/2
Krzysztof Jackiewicz [Tue, 31 Mar 2020 20:18:36 +0000 (22:18 +0200)]
Remove unused shared ro template

Change-Id: Ifd8f21e347934318edee10d9abc508ee902213df

4 years agoFix nss tests 88/222588/5
Tomasz Swierczek [Thu, 16 Jan 2020 09:04:46 +0000 (10:04 +0100)]
Fix nss tests

Adjusted to new nss implementation where daemon set of groups
is always static.

Change-Id: I50974b1cce07b1ca77d0b42118042ae0210631fa

4 years agoMerge branch 'tizen' into yaca 87/223087/1
Dariusz Michaluk [Wed, 22 Jan 2020 15:50:52 +0000 (16:50 +0100)]
Merge branch 'tizen' into yaca

Change-Id: I3c62439feb7a3460c01f10c4af072f7a1c64fdd1

4 years agoMerge branch 'tizen' into security-manager 86/223086/1
Dariusz Michaluk [Wed, 22 Jan 2020 15:50:05 +0000 (16:50 +0100)]
Merge branch 'tizen' into security-manager

Change-Id: I6fb4dea8149fcd280c42a997c8f36ee8f8795e6f

4 years agoMerge branch 'tizen' into ckm 85/223085/1
Dariusz Michaluk [Wed, 22 Jan 2020 15:48:49 +0000 (16:48 +0100)]
Merge branch 'tizen' into ckm

Change-Id: I15cbe4302195ecaf5af4ce882126889db33a6f49

4 years agoCKM: Update Microsoft certificates 38/222838/3
Dariusz Michaluk [Mon, 20 Jan 2020 12:31:07 +0000 (13:31 +0100)]
CKM: Update Microsoft certificates

Change-Id: I1607f3be5179323bc50ba7d7806475637f70e5f7

4 years agoRevert assert removed in 6ee70830c0 82/223082/2
Dariusz Michaluk [Wed, 22 Jan 2020 15:19:26 +0000 (16:19 +0100)]
Revert assert removed in 6ee70830c0

Change-Id: I68e768e2f28f53bfc1984a4e41a7d1795fbe54ee

4 years agocynara-tests: replace select w/ poll 81/223081/1
Konrad Lipinski [Wed, 22 Jan 2020 15:04:50 +0000 (16:04 +0100)]
cynara-tests: replace select w/ poll

Change-Id: If7cf3efec5d0a38a6467a1dbea962c80820c6cd5

4 years agoFix for gcc 9 toolchain upgrade 69/223069/2
Dariusz Michaluk [Wed, 22 Jan 2020 12:48:09 +0000 (13:48 +0100)]
Fix for gcc 9 toolchain upgrade

Change-Id: I96c36e41b2048337faee2d683d1ffe9f44f91be2

4 years agoMerge branch 'ode' into tizen 67/223067/1
Dariusz Michaluk [Wed, 22 Jan 2020 12:28:51 +0000 (13:28 +0100)]
Merge branch 'ode' into tizen

Change-Id: I22e1736002482934b4a8f85c8eb6303ae02abfc6

4 years agoMerge branch 'nether' into tizen 65/223065/1
Dariusz Michaluk [Wed, 22 Jan 2020 12:24:42 +0000 (13:24 +0100)]
Merge branch 'nether' into tizen

Change-Id: If0dd79ca73bc75b14666067a8a11afd2680f7931

4 years agoMerge branch 'yaca' into tizen 62/223062/1
Dariusz Michaluk [Wed, 22 Jan 2020 12:18:47 +0000 (13:18 +0100)]
Merge branch 'yaca' into tizen

Change-Id: I240f8551fa276fe600dca2d1f098ddc636a9f905

4 years agoMerge branch 'ckm' into tizen 60/223060/1
Dariusz Michaluk [Wed, 22 Jan 2020 12:17:02 +0000 (13:17 +0100)]
Merge branch 'ckm' into tizen

Change-Id: Iac9d5cc6393e8598a33c783aabff77006046b187

4 years agoMerge branch 'security-manager' into tizen 54/223054/1
Dariusz Michaluk [Wed, 22 Jan 2020 11:53:48 +0000 (12:53 +0100)]
Merge branch 'security-manager' into tizen

Change-Id: I84d015537ad379d56d5d897dfe180080d5b6a687

4 years agoFix for gcc 9 toochain upgrade 20/223020/1
Tomasz Swierczek [Wed, 22 Jan 2020 06:11:29 +0000 (07:11 +0100)]
Fix for gcc 9 toochain upgrade

Change-Id: If7f8f1e4a00267661ebb66f53111eed9a3ed1460

4 years agoAdd prepareApp benchmark 03/222503/3 security-manager_5.5_testing
Konrad Lipinski [Wed, 15 Jan 2020 16:10:36 +0000 (17:10 +0100)]
Add prepareApp benchmark

Change-Id: Ia489e00a7ea6720191812d7a31a4e8d856d397e8

4 years agoFix shared_ro tests 38/219838/2
Zofia Grzelewska [Tue, 10 Dec 2019 14:11:27 +0000 (15:11 +0100)]
Fix shared_ro tests

Properly setup application context, before checking access
to sharedRO/nonSharedRO directories to apply mount namespaces.

Change-Id: Ied891a1cad6ad82402a995f5fc210a23fa1c09d9

4 years agoCKM: Test asymmetric key initial value import 57/216257/6
Konrad Lipinski [Tue, 1 Oct 2019 13:09:16 +0000 (15:09 +0200)]
CKM: Test asymmetric key initial value import

Change-Id: I48a977ee84602ab71b9889e39e79a004811f5f48

5 years agoAdd missing break in TestRunner 14/214914/1
Krzysztof Jackiewicz [Fri, 27 Sep 2019 10:41:38 +0000 (12:41 +0200)]
Add missing break in TestRunner

In a highly unlikey case of throwing the RUNNER_IGNORED_MSG during the test
finishing stage, after the SafeCleanup collected some exception handling
errors, these errors would be added to the ignore message.

Change-Id: I1aeedb46bf98b8300223a26c312abf98d63ca838

5 years agoMerge branch 'tizen' into 'ckm' 69/214169/1
Krzysztof Jackiewicz [Wed, 18 Sep 2019 13:12:09 +0000 (15:12 +0200)]
Merge branch 'tizen' into 'ckm'

Change-Id: If83694b3e0cd759296da5b920ec0adb50dcc54c2

5 years agoAdd SM test covering hybridity upgrade 59/209959/19
Alicja Kluczek [Thu, 4 Jul 2019 10:57:32 +0000 (12:57 +0200)]
Add SM test covering hybridity upgrade

Add functionality checking if there aren't any rules related
to app in Smack rules file (both for hybrid and non-hybrid package).
Apply above functionality every time when checking if
whole package has been uninstalled properly.
Add a test checking if Smack rules were properly deleted
after uninstall.

Change-Id: Ia638f478dc007a4ef42fe32e01a282dd960d50d7

5 years agoAdd SM tests covering many apps in single request 95/209295/35
Alicja Kluczek [Thu, 4 Jul 2019 10:57:32 +0000 (12:57 +0200)]
Add SM tests covering many apps in single request

Add tests covering installation & updating many apps in single request.
Add a function checking if an app has proper Smack policy.
Add a function parsing smack rules template files.
Add a function creating a new app in InstallRequest class.
Modify ScopedInstaller class for many apps in single request
compatibility.

Change-Id: I35bb9757f54b111629d45b1769ca4e53ccccd017

5 years agoAdjust prepareApp to use new API that sets up context for candidate process 03/212603/1
Tomasz Swierczek [Fri, 23 Aug 2019 06:51:07 +0000 (08:51 +0200)]
Adjust prepareApp to use new API that sets up context for candidate process

Change-Id: Ia0eb474cc21392aaf677b3e434903ed286094d30

5 years agoFix T9050_yaca_rsa_encryption_paddings test 94/210394/1
Dariusz Michaluk [Thu, 18 Jul 2019 15:10:21 +0000 (17:10 +0200)]
Fix T9050_yaca_rsa_encryption_paddings test

Change-Id: I2ae963ff203bff72e49a7d1c167695dbeb50ec19

5 years agoStop ode.socket together with ode.service 82/209182/3
Krzysztof Jackiewicz [Fri, 28 Jun 2019 16:00:22 +0000 (18:00 +0200)]
Stop ode.socket together with ode.service

Oded became socket activated. To test the connection refusal the
socket has to be put down as well.

Change-Id: Ifec50d1198ceeee7e5ac131715cbd8ca642427e5

5 years agoMerge branch 'tizen' into 'ode' 56/210256/1
Krzysztof Jackiewicz [Wed, 17 Jul 2019 08:52:17 +0000 (10:52 +0200)]
Merge branch 'tizen' into 'ode'

Change-Id: Ia15ecf4c082ffcf5dae47586fda10f7f48bab99c

5 years agoStart sockets before starting the service 68/209968/1
Krzysztof Jackiewicz [Fri, 12 Jul 2019 14:45:54 +0000 (16:45 +0200)]
Start sockets before starting the service

Change-Id: I154c3e208bac37aec7d80156a3623909c00ac891

5 years agoCKM: Handle onlycap even if trailing space is missing 84/209184/2
Krzysztof Jackiewicz [Wed, 3 Jul 2019 08:06:58 +0000 (10:06 +0200)]
CKM: Handle onlycap even if trailing space is missing

Change-Id: I45ee1a7f244662f80ec8eeaaf8141e1b4a52ad2c

5 years agoCKM: Update certificates for OCSP tests 46/209846/1
Krzysztof Jackiewicz [Thu, 11 Jul 2019 16:10:40 +0000 (18:10 +0200)]
CKM: Update certificates for OCSP tests

Change-Id: I1328e86de02a351f4c6f588685212dd1bb429bc1

5 years agoMigrate to openssl 1.1 73/206973/2
Konrad Lipinski [Wed, 29 May 2019 14:02:36 +0000 (16:02 +0200)]
Migrate to openssl 1.1

Change-Id: I5f63e3dfda3d5d4f007dd27d0faf41f3976aaebe

5 years agoCKM: Add buildtime requirement for openssl 87/208787/1
Krzysztof Jackiewicz [Fri, 28 Jun 2019 10:22:39 +0000 (12:22 +0200)]
CKM: Add buildtime requirement for openssl

Openssl is needed to perform buildtime encryption for TZ.

Change-Id: If5bdefa32dfd0ed26ea9f9e2318d8dc18a43677c

5 years agoCKM: Return proper error code from EIV encryption script 86/208786/1
Krzysztof Jackiewicz [Fri, 28 Jun 2019 10:15:15 +0000 (12:15 +0200)]
CKM: Return proper error code from EIV encryption script

The encryption script did not report an error if one of pipelined
commands failed.

Add few bash options that will make the script fail with proper error
code in such cases.

Change-Id: I47a9739af93f07d2cb0e20f22087a2c182de6835

5 years agoCKM: Handle the empty onlycap case properly 84/208784/1
Krzysztof Jackiewicz [Fri, 28 Jun 2019 09:39:32 +0000 (11:39 +0200)]
CKM: Handle the empty onlycap case properly

In case of empty onlycap the original process label was not restored
properly leading to failures in following tests.

Change-Id: I9e4cdce234b425887da07892773f21465087c4a6

5 years agoCKM: Adjust T1810_verify_get_certificate_chain to openssl1.1 90/207890/2
Krzysztof Jackiewicz [Thu, 13 Jun 2019 14:45:15 +0000 (16:45 +0200)]
CKM: Adjust T1810_verify_get_certificate_chain to openssl1.1

Since openssl1.1 all certificates in the chain (including trusted
ones) must include a 'basicConstrains' extension with 'CA' field set
to 'true'. Without that the verification will fail with
X509_V_ERR_INVALID_CA.

This commit recreates the chain of certificates used in T1810 with the
required extension included and updates related tests.

Change-Id: I6d2e9348a2ae6618103749d83e46a433608e65c3

5 years agoMerge branch 'tizen' into ode 32/207532/1
Dariusz Michaluk [Thu, 6 Jun 2019 11:33:21 +0000 (13:33 +0200)]
Merge branch 'tizen' into ode

Change-Id: Ic562abbef0de256d5f0f0697709de296d7d8c986