From cab7bada5a4a36188ea0e2b1368d22f565e93932 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Thu, 17 Dec 2015 11:52:44 +0100 Subject: [PATCH] CKM: Remove GarbageCollector Change-Id: I75e1a61f9e705c261000426c07b41fd5c466da30 --- src/ckm/capi-access_control.cpp | 171 ++++++++++++++++------------------------ src/ckm/capi-testcases.cpp | 18 ++--- src/ckm/ckm-common.cpp | 36 --------- src/ckm/ckm-common.h | 18 ----- src/ckm/system-db.cpp | 84 +++++++------------- 5 files changed, 105 insertions(+), 222 deletions(-) diff --git a/src/ckm/capi-access_control.cpp b/src/ckm/capi-access_control.cpp index 3a7a574..5881ab3 100644 --- a/src/ckm/capi-access_control.cpp +++ b/src/ckm/capi-access_control.cpp @@ -196,13 +196,12 @@ RUNNER_CHILD_TEST(T3008_manager_check_label_valid) // tries to access other application data without permission -RUNNER_TEST(T3020_manager_access_not_allowed) +RUNNER_TEST(T3020_manager_access_not_allowed, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } // test accessibility from another label @@ -216,13 +215,12 @@ RUNNER_TEST(T3020_manager_access_not_allowed) } // tries to access other application data with permission -RUNNER_TEST(T3021_manager_access_allowed) +RUNNER_TEST(T3021_manager_access_allowed, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); } @@ -234,13 +232,12 @@ RUNNER_TEST(T3021_manager_access_allowed) } // tries to read other application data with permission for read/remove -RUNNER_TEST(T3022_manager_access_allowed_with_remove) +RUNNER_TEST(T3022_manager_access_allowed_with_remove, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); } @@ -252,13 +249,12 @@ RUNNER_TEST(T3022_manager_access_allowed_with_remove) } // tries to remove other application data with permission for reading only -RUNNER_TEST(T3023_manager_access_allowed_remove_denied) +RUNNER_TEST(T3023_manager_access_allowed_remove_denied, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); } @@ -272,13 +268,12 @@ RUNNER_TEST(T3023_manager_access_allowed_remove_denied) } // tries to remove other application data with permission -RUNNER_TEST(T3025_manager_remove_allowed) +RUNNER_TEST(T3025_manager_remove_allowed, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); } @@ -291,13 +286,12 @@ RUNNER_TEST(T3025_manager_remove_allowed) // tries to access other application data after allow function was called twice with different // rights -RUNNER_TEST(T3026_manager_double_allow) +RUNNER_TEST(T3026_manager_double_allow, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); // access should be overwritten allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); @@ -315,14 +309,13 @@ RUNNER_TEST(T3026_manager_double_allow) } // tries to access application data with permission and after permission has been revoked -RUNNER_TEST(T3027_manager_allow_deny) +RUNNER_TEST(T3027_manager_allow_deny, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); } @@ -351,14 +344,13 @@ RUNNER_TEST(T3027_manager_allow_deny) } } -RUNNER_TEST(T3028_manager_access_by_label) +RUNNER_TEST(T3028_manager_access_by_label, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; const char *additional_data = "label-2-data"; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); } @@ -384,13 +376,12 @@ RUNNER_TEST(T3028_manager_access_by_label) } // tries to modify another label's permission -RUNNER_TEST(T3029_manager_access_modification_by_foreign_label) +RUNNER_TEST(T3029_manager_access_modification_by_foreign_label, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); } @@ -405,15 +396,14 @@ RUNNER_TEST(T3029_manager_access_modification_by_foreign_label) } // checks if only aliases readable by given app are returned -RUNNER_TEST(T3030_manager_get_all_aliases) +RUNNER_TEST(T3030_manager_get_all_aliases, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; size_t count; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - gc.save(TEST_ALIAS2, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS2, TEST_DATA); count = count_aliases(ALIAS_DATA); allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); @@ -448,13 +438,12 @@ RUNNER_TEST(T3030_manager_get_all_aliases) } // tries to access other application data with permission -RUNNER_TEST(T3031_manager_deprecated_access_allowed) +RUNNER_TEST(T3031_manager_deprecated_access_allowed, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); } @@ -468,13 +457,12 @@ RUNNER_TEST(T3031_manager_deprecated_access_allowed) } // tries to read other application data with permission for read/remove -RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove) +RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); } @@ -488,13 +476,12 @@ RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove) } // tries to remove other application data with permission for reading only -RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied) +RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); } @@ -510,13 +497,12 @@ RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied) } // tries to remove other application data with permission -RUNNER_TEST(T3034_manager_deprecated_remove_allowed) +RUNNER_TEST(T3034_manager_deprecated_remove_allowed, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); } @@ -541,13 +527,12 @@ RUNNER_TEST(T3100_init) } // invalid argument check -RUNNER_TEST(T3101_control_allow_access_invalid) +RUNNER_TEST(T3101_control_allow_access_invalid, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } int ret; @@ -563,13 +548,12 @@ RUNNER_TEST(T3101_control_allow_access_invalid) } // invalid argument check -RUNNER_TEST(T3102_control_deny_access_invalid) +RUNNER_TEST(T3102_control_deny_access_invalid, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == @@ -586,6 +570,7 @@ RUNNER_TEST(T3102_control_deny_access_invalid) // tries to allow access for non existing alias RUNNER_TEST(T3103_control_allow_access_non_existing) { + reset_user_data(APP_1, APP_PASS_1); int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "Allowing access for non existing alias returned " << CKMCErrorToString(ret)); @@ -594,19 +579,19 @@ RUNNER_TEST(T3103_control_allow_access_non_existing) // tries to deny access for non existing alias RUNNER_TEST(T3104_control_deny_access_non_existing) { + reset_user_data(APP_1, APP_PASS_1); int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "Denying access for non existing alias returned " << CKMCErrorToString(ret)); } // tries to deny non existing access -RUNNER_TEST(T3105_control_deny_access_non_existing_access) +RUNNER_TEST(T3105_control_deny_access_non_existing_access, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE); @@ -615,12 +600,11 @@ RUNNER_TEST(T3105_control_deny_access_non_existing_access) } // tries to allow application to access its own data -RUNNER_TEST(T3106_control_allow_access_to_myself) +RUNNER_TEST(T3106_control_allow_access_to_myself, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); // test int ret = ckmc_set_permission(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ); @@ -629,14 +613,13 @@ RUNNER_TEST(T3106_control_allow_access_to_myself) } // tries to use admin API as a user -RUNNER_CHILD_TEST(T3110_control_allow_access_as_user) +RUNNER_CHILD_TEST(T3110_control_allow_access_as_user, RemoveDataEnv) { RUNNER_IGNORED_MSG("Disabled until labeled sockets not available"); // prepare: add data - GarbageCollector gc; ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); // test int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ); @@ -645,14 +628,13 @@ RUNNER_CHILD_TEST(T3110_control_allow_access_as_user) } // tries to use admin API as a user -RUNNER_CHILD_TEST(T3111_control_deny_access_as_user) +RUNNER_CHILD_TEST(T3111_control_deny_access_as_user, RemoveDataEnv) { RUNNER_IGNORED_MSG("Disabled until labeled sockets not available"); // prepare: add data - GarbageCollector gc; ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); // test int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE); @@ -661,13 +643,12 @@ RUNNER_CHILD_TEST(T3111_control_deny_access_as_user) } // tries to read other application data with permission -RUNNER_TEST(T3121_control_access_allowed) +RUNNER_TEST(T3121_control_access_allowed, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); @@ -679,13 +660,12 @@ RUNNER_TEST(T3121_control_access_allowed) } // tries to read other application data with permission to read/remove -RUNNER_TEST(T3122_control_access_allowed_with_remove) +RUNNER_TEST(T3122_control_access_allowed_with_remove, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); @@ -697,13 +677,12 @@ RUNNER_TEST(T3122_control_access_allowed_with_remove) } // tries to remove other application data with permission to read -RUNNER_TEST(T3122_control_access_allowed_remove_denied) +RUNNER_TEST(T3122_control_access_allowed_remove_denied, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); @@ -715,13 +694,12 @@ RUNNER_TEST(T3122_control_access_allowed_remove_denied) } // tries to remove other application data with permission -RUNNER_TEST(T3125_control_remove_allowed) +RUNNER_TEST(T3125_control_remove_allowed, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); @@ -734,13 +712,12 @@ RUNNER_TEST(T3125_control_remove_allowed) // tries to access other application data after allow function has been called twice with different // rights -RUNNER_TEST(T3126_control_double_allow) +RUNNER_TEST(T3126_control_double_allow, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } // access should be overwritten @@ -756,13 +733,12 @@ RUNNER_TEST(T3126_control_double_allow) } // tries to access other application data with permission and after permission has been revoked -RUNNER_TEST(T3127_control_allow_deny) +RUNNER_TEST(T3127_control_allow_deny, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); @@ -784,15 +760,14 @@ RUNNER_TEST(T3127_control_allow_deny) } // checks if only aliases readable by given app are returned -RUNNER_TEST(T3130_control_get_all_aliases) +RUNNER_TEST(T3130_control_get_all_aliases, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; size_t count; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - gc.save(TEST_ALIAS2, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS2, TEST_DATA); count = count_aliases(ALIAS_DATA); } @@ -820,13 +795,12 @@ RUNNER_TEST(T3130_control_get_all_aliases) } // tries to add access to data in a database of invalid user -RUNNER_TEST(T3140_control_allow_invalid_user) +RUNNER_TEST(T3140_control_allow_invalid_user, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); @@ -835,13 +809,12 @@ RUNNER_TEST(T3140_control_allow_invalid_user) } // tries to revoke access to data in a database of invalid user -RUNNER_TEST(T3141_control_deny_invalid_user) +RUNNER_TEST(T3141_control_deny_invalid_user, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE); @@ -850,13 +823,12 @@ RUNNER_TEST(T3141_control_deny_invalid_user) } // tries to read other application data with permission -RUNNER_TEST(T3142_control_deprecated_access_allowed) +RUNNER_TEST(T3142_control_deprecated_access_allowed, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); @@ -868,13 +840,12 @@ RUNNER_TEST(T3142_control_deprecated_access_allowed) } // tries to read other application data with permission to read/remove -RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove) +RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); @@ -886,13 +857,12 @@ RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove) } // tries to remove other application data with permission to read -RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied) +RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); @@ -904,13 +874,12 @@ RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied) } // tries to remove other application data with permission -RUNNER_TEST(T3145_control_deprecated_remove_allowed) +RUNNER_TEST(T3145_control_deprecated_remove_allowed, RemoveDataEnv) { // prepare: add data - GarbageCollector gc; { ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); + save_data(TEST_ALIAS, TEST_DATA); } allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); diff --git a/src/ckm/capi-testcases.cpp b/src/ckm/capi-testcases.cpp index e6acc88..3635077 100644 --- a/src/ckm/capi-testcases.cpp +++ b/src/ckm/capi-testcases.cpp @@ -884,23 +884,21 @@ RUNNER_TEST(T3044_remove_bin_data_C_API) CKMCReadableError(temp)); } -RUNNER_TEST(T3045_save_big_data_C_API) +RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv) { - GarbageCollector gc; - const size_t BIG_SIZE = 5000000; // can't go much further because of stack size limit + const size_t BIG_SIZE = 5000000; ScopedAccessProvider ap(TEST_LABEL, USER_APP, GROUP_APP); - char big_data[BIG_SIZE]; + std::vector big_data(BIG_SIZE); std::ifstream is("/dev/urandom", std::ifstream::binary); if(is) - is.read(big_data, BIG_SIZE); + is.read(big_data.data(), BIG_SIZE); RUNNER_ASSERT_MSG(is, "Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom"); - gc.save(TEST_ALIAS1.c_str(), big_data, BIG_SIZE, CKMC_ERROR_NONE); - - check_read(TEST_OBJECT1, TEST_LABEL, big_data, BIG_SIZE, CKMC_ERROR_NONE); + save_data(TEST_ALIAS1.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE); + check_read(TEST_OBJECT1, TEST_LABEL, big_data.data(), BIG_SIZE, CKMC_ERROR_NONE); } RUNNER_TEST(T3050_deinit_C_API) @@ -1190,8 +1188,8 @@ RUNNER_TEST(T3071_CAPI_init) RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check) { - RUNNER_IGNORED_MSG("Temporary turned off. Require network feature."); - std::string ee = TestData::getTestCertificateBase64(TestData::MBANK); + RUNNER_IGNORED_MSG("Temporary turned off. Require network feature."); + std::string ee = TestData::getTestCertificateBase64(TestData::MBANK); std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC); ckmc_cert_s c_cert; diff --git a/src/ckm/ckm-common.cpp b/src/ckm/ckm-common.cpp index 27ebce1..47ac15d 100644 --- a/src/ckm/ckm-common.cpp +++ b/src/ckm/ckm-common.cpp @@ -193,42 +193,6 @@ ScopedSaveData::~ScopedSaveData() check_remove_allowed(m_alias.c_str()); } -void GarbageCollector::add(const char* alias) -{ - save_item item; - item.item_alias = std::string(alias); - item.owner_label = getOwnerIdFromSelf(); - item.owner_uid = geteuid(); - item.owner_gid = getegid(); - m_garbage.push_back(item); -} - -void GarbageCollector::save(const char* alias, const char *data, int expected_err) -{ - save(alias, data, strlen(data), expected_err); -} - -void GarbageCollector::save(const char* alias, const char *data, size_t len, int expected_err) -{ - save_data(alias, data, len, expected_err); - - if(CKMC_ERROR_NONE == expected_err) - add(alias); -} - -GarbageCollector::~GarbageCollector() -{ - for(auto & item : m_garbage) - { - try { - ScopedAccessProvider ap(item.owner_label, item.owner_uid, item.owner_gid); - check_remove_allowed(item.item_alias.c_str()); - } catch (...) { - // prevent exceptions in destructor - } - } -} - ScopedDBUnlock::ScopedDBUnlock(uid_t user_id, const char* passwd) : m_uid(user_id) { int temp; diff --git a/src/ckm/ckm-common.h b/src/ckm/ckm-common.h index f5f83c5..7f48951 100644 --- a/src/ckm/ckm-common.h +++ b/src/ckm/ckm-common.h @@ -115,24 +115,6 @@ private: std::string m_alias; }; -class GarbageCollector -{ -public: - void save(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE); - void save(const char* alias, const char *data, size_t len, int expected_err); - void add(const char* alias); - virtual ~GarbageCollector(); - -private: - struct save_item { - std::string item_alias; - std::string owner_label; - uid_t owner_uid; - gid_t owner_gid; - }; - std::vector m_garbage; -}; - class ScopedDBUnlock { public: diff --git a/src/ckm/system-db.cpp b/src/ckm/system-db.cpp index f45d67b..e9cf43a 100644 --- a/src/ckm/system-db.cpp +++ b/src/ckm/system-db.cpp @@ -74,8 +74,7 @@ RUNNER_TEST(T5010_CLIENT_APP_LOCKED_PRIVATE_DB) // [prepare] remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ); // [test] @@ -109,15 +108,12 @@ RUNNER_TEST(T5020_CLIENT_APP_ADD_TO_PRIVATE_DB) } } -RUNNER_TEST(T5030_CLIENT_APP_TRY_ADDING_SYSTEM_ITEM) +RUNNER_TEST(T5030_CLIENT_APP_TRY_ADDING_SYSTEM_ITEM, RemoveDataEnv<0, USER_APP>) { // [test] // switch to user app, unlock DB // try to add item to system DB - expect fail - // [prepare] - remove_user_data(USER_APP); - // [test] { ScopedDBUnlock unlock(USER_APP, APP_PASS); @@ -130,7 +126,7 @@ RUNNER_TEST(T5030_CLIENT_APP_TRY_ADDING_SYSTEM_ITEM) } } -RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION) +RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION, RemoveDataEnv<0, USER_APP>) { // [prepare] // start as system service @@ -140,10 +136,7 @@ RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION) // switch to user app, unlock DB // try to access the system item - expect success - // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ); // [test] @@ -157,7 +150,7 @@ RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION) } } -RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION) +RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION, RemoveDataEnv<0, USER_APP>) { // [prepare] // start as system service @@ -167,9 +160,7 @@ RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION) // try to access the system item - expect fail // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); // [test] { @@ -182,7 +173,7 @@ RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION) } } -RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL) +RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL, RemoveDataEnv<0, USER_APP>) { // [prepare] // start as system service @@ -199,9 +190,7 @@ RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL) // try to access the system item - expect fail // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ); // [test] @@ -228,7 +217,7 @@ RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL) } } -RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS) +RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS, RemoveDataEnv<0, USER_APP>) { // [test] // switch to user app, unlock DB @@ -237,7 +226,6 @@ RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS) // [test] { - remove_user_data(USER_APP); ScopedDBUnlock unlock(USER_APP, APP_PASS); ScopedAccessProvider ap(TEST_LABEL); ap.allowAPI("key-manager::api-storage", "rw"); @@ -249,7 +237,7 @@ RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS) } } -RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM) +RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM, RemoveDataEnv<0, USER_APP>) { // [prepare] // start as system service @@ -260,9 +248,7 @@ RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM) // try to remove item from system DB - expect fail // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ); // [test] @@ -276,7 +262,7 @@ RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM) } } -RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS) +RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS, RemoveDataEnv<0, USER_APP>) { // [prepare] // start as system service @@ -291,11 +277,8 @@ RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS) // user lists items - expect system item A and private item // [prepare] - remove_user_data(0); - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - gc.save(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA); allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ); // [test] @@ -314,7 +297,7 @@ RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS) } } -RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB) +RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB, RemoveDataEnv) { // [test] // switch to user app, unlock DB @@ -322,7 +305,6 @@ RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB) // [test] { - remove_user_data(USER_APP); ScopedDBUnlock unlock(USER_APP, APP_PASS); ScopedAccessProvider ap(TEST_LABEL); ap.allowAPI("key-manager::api-storage", "rw"); @@ -348,7 +330,7 @@ RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB) } } -RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB) +RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB, RemoveDataEnv<0,USER_APP>) { // [prepare] // start as system service @@ -360,12 +342,8 @@ RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB) // try to create signature in system DB - expect fail // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv"); std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub"); - gc.add(private_key_alias.c_str()); - gc.add(public_key_alias.c_str()); ckmc_policy_s policy_private_key; ckmc_policy_s policy_public_key; policy_private_key.password = NULL; @@ -434,7 +412,7 @@ RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB) } } -RUNNER_TEST(T5039_SYSTEM_APP_SET_REMOVE_ACCESS) +RUNNER_TEST(T5039_SYSTEM_APP_SET_REMOVE_ACCESS, RemoveDataEnv<0>) { // [prepare] // start as system service @@ -443,14 +421,13 @@ RUNNER_TEST(T5039_SYSTEM_APP_SET_REMOVE_ACCESS) // add remove permission to a user app - expect fail // [prepare] - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); // [test] allow_access_negative(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER); } -RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB) +RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB, RemoveDataEnv<0>) { // [prepare] // start as system service @@ -459,14 +436,13 @@ RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB) // try to access the item - expect success // [prepare] - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); // [test] check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA); } -RUNNER_TEST(T5041_SYSTEM_SVC_1234_ACCESS_DB) +RUNNER_TEST(T5041_SYSTEM_SVC_1234_ACCESS_DB, RemoveDataEnv<0>) { // [prepare] // start as system service @@ -476,8 +452,7 @@ RUNNER_TEST(T5041_SYSTEM_SVC_1234_ACCESS_DB) // try to access the item - expect success // [prepare] - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); // [test] { @@ -510,7 +485,7 @@ RUNNER_TEST(T5042_SYSTEM_SVC_1234_ADD_ITEM_TO_DB) } } -RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB) +RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB, RemoveDataEnv<0>) { // [prepare] // start as system service @@ -520,8 +495,7 @@ RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB) // try to access the item - expect success // [prepare] - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); // [test] { @@ -533,7 +507,7 @@ RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB) } } -RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB) +RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB, RemoveDataEnv<0>) { RUNNER_IGNORED_MSG("This test is turn off because fix " "from tizen 2.4 that unlock db with empty password"); @@ -545,8 +519,7 @@ RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB) // try to access the item - expect fail (no system service) // [prepare] - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); + save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); // [test] { @@ -558,7 +531,7 @@ RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB) } } -RUNNER_TEST(T5045_SYSTEM_DB_ADD_WITH_INVALID_LABEL) +RUNNER_TEST(T5045_SYSTEM_DB_ADD_WITH_INVALID_LABEL, RemoveDataEnv<0>) { // [prepare] // start as system service @@ -566,9 +539,6 @@ RUNNER_TEST(T5045_SYSTEM_DB_ADD_WITH_INVALID_LABEL) // try to add item to system DB using wrong label - expect fail // try to add item using explicit system label - expect success - // [prepare] - remove_user_data(USER_APP); - // [test] save_data(aliasWithLabel(INVALID_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); check_read(TEST_ALIAS, INVALID_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN); -- 2.7.4