4 #include <dpl/test/test_runner.h>
5 #include <dpl/test/test_runner_child.h>
7 #include <tests_common.h>
8 #include <ckm-common.h>
9 #include <access_provider2.h>
11 #include <ckmc/ckmc-manager.h>
12 #include <ckmc/ckmc-control.h>
13 #include <ckmc/ckmc-type.h>
14 #include <ckmc/ckmc-error.h>
16 #include <ckm/ckm-type.h>
20 const uid_t USER_ROOT = 0;
21 const char* APP_PASS = "user-pass";
22 const char* ROOT_PASS = "test-pass";
24 const char* NO_ALIAS = "definitely-non-existent-alias";
25 const char* NO_OWNER = "definitely-non-existent-owner";
27 const char* TEST_ALIAS = "test-alias";
28 const char* TEST_ALIAS2 = "test-alias2";
29 const char* TEST_ALIAS3 = "test-alias3";
31 const char* TEST_LABEL = "test-label";
32 const char* TEST_LABEL2 = "test-label2";
33 const char* TEST_LABEL3 = "test-label3";
34 const char* TEST_LABEL4 = "test-label4";
36 const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
38 void save_data(const char* alias, const char *data)
40 ckmc_raw_buffer_s buffer;
41 buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
42 buffer.size = strlen(data);
44 policy.password = NULL;
45 policy.extractable = true;
47 int ret = ckmc_save_data(alias, buffer, policy);
48 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Saving data failed. Error: " << ret);
51 void save_data(const char* alias)
53 save_data(alias, TEST_DATA);
56 void check_remove_allowed(const char* alias)
58 int ret = ckmc_remove_alias(alias);
59 // remove, but ignore non existing
60 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret || CKMC_ERROR_DB_ALIAS_UNKNOWN,
61 "Removing data failed: " << CKMCErrorToString(ret));
64 void check_remove_denied(const char* alias)
66 int ret = ckmc_remove_alias(alias);
68 CKMC_ERROR_PERMISSION_DENIED == ret,
69 "App with different label shouldn't have rights to remove this data. Error: " << ret);
72 void check_remove_not_visible(const char* alias)
74 int ret = ckmc_remove_alias(alias);
76 CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
77 "App with different label shouldn't have rights to see this data. Error: " << ret);
80 void check_read(const char* alias, const char *label, const char *test_data, int expected_code = CKMC_ERROR_NONE)
82 ckmc_raw_buffer_s* buffer = NULL;
83 int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer);
84 RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. Expected code: " << expected_code << ", while result: " << CKMCErrorToString(ret));
86 if(expected_code == CKMC_ERROR_NONE)
88 // compare data with expected
90 buffer->size == strlen(test_data),
91 "Extracted data length do not match expected data length (encrypted?).");
94 memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)), test_data, buffer->size) == 0,
95 "Extracted data do not match expected data (encrypted?).");
97 ckmc_buffer_free(buffer);
101 void check_read_allowed(const char* alias, const char *data)
103 // try to read previously saved data - label taken implicitly
104 check_read(alias, 0, data);
106 void check_read_allowed(const char* alias)
108 check_read_allowed(alias, TEST_DATA);
111 void check_read_not_visible(const char* alias)
113 // try to read previously saved data - label taken implicitly
115 ckmc_raw_buffer_s* buffer = NULL;
116 int ret = ckmc_get_data(alias, NULL, &buffer);
117 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
118 "App with different label shouldn't have rights to see this data." << CKMCErrorToString(ret));
119 ckmc_buffer_free(buffer);
123 void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
125 int ret = ckmc_allow_access(alias, accessor, accessRights);
126 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
129 void allow_access(const char* alias, const char* accessor, int permissionMask)
131 // data removal should revoke this access
132 int ret = ckmc_set_permission(alias, accessor, permissionMask);
133 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
136 void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode)
138 // data removal should revoke this access
139 int ret = ckmc_set_permission(alias, accessor, permissionMask);
140 RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned " << CKMCErrorToString(ret) << ", while expected: " << CKMCErrorToString(expectedCode));
143 void deny_access(const char* alias, const char* accessor)
145 int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
146 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << CKMCErrorToString(ret));
149 void deny_access_negative(const char* alias, const char* accessor, int expectedCode)
151 int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
152 RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. " << CKMCErrorToString(ret) << ", while expected: " << CKMCErrorToString(expectedCode));
155 void allow_access_deprecated_by_adm(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
157 // data removal should revoke this access
158 int ret = ckmc_allow_access_by_adm(USER_ROOT, get_label().get(), alias, accessor, accessRights);
159 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
162 void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask)
164 // data removal should revoke this access
165 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, permissionMask);
166 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
169 void deny_access_by_adm(const char* alias, const char* accessor)
171 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, CKMC_PERMISSION_NONE);
172 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret));
177 ckmc_alias_list_s *aliasList = NULL;
178 int ret = ckmc_get_data_alias_list(&aliasList);
179 if (ret == CKMC_ERROR_DB_ALIAS_UNKNOWN)
182 RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << CKMCErrorToString(ret));
184 ckmc_alias_list_s *plist = aliasList;
191 ckmc_alias_list_all_free(aliasList);
195 void check_alias_count(int expected)
197 int count = count_aliases();
198 RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
201 // saves data upon construction and deletes it upon destruction
205 ScopedSaveData(const char* alias) : m_alias(alias)
209 ScopedSaveData(const char* alias, const char *data) : m_alias(alias)
211 save_data(alias, data);
217 * Let it throw. If we can't remove data then remaining tests results will be
220 check_remove_allowed(m_alias);
226 } // namespace anonymous
228 RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API);
231 /////////////////////////////////////////////////////////////////////////////
233 RUNNER_TEST(T3000_init)
236 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
237 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp));
238 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));
239 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp));
242 // invalid arguments check
243 RUNNER_TEST(T3001_manager_allow_access_invalid)
246 CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
248 CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_READ));
251 // invalid arguments check
252 RUNNER_TEST(T3002_manager_deny_access_invalid)
254 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
255 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
258 // tries to allow access for non existing alias
259 RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
261 switch_to_storage_user(TEST_LABEL);
263 int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
264 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
265 "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
268 // tries to deny access for non existing alias
269 RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
271 switch_to_storage_user(TEST_LABEL);
273 int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
274 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
275 "Denying access for non existing alias returned " << CKMCErrorToString(ret));
278 // tries to deny access that does not exist in database
279 RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
281 switch_to_storage_user(TEST_LABEL);
283 ScopedSaveData ssd(TEST_ALIAS);
285 // deny non existing access to existing alias
286 int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
287 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
288 "Denying non existing access returned: " << CKMCErrorToString(ret));
291 // tries to allow access to application own data
292 RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
294 switch_to_storage_user(TEST_LABEL);
296 ScopedSaveData ssd(TEST_ALIAS);
298 CharPtr label = get_label();
299 int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
300 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
301 "Trying to allow myself returned: " << CKMCErrorToString(ret));
304 // verifies that alias can not contain forbidden characters
305 RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
307 switch_to_storage_user(TEST_LABEL);
308 ScopedSaveData ssd(TEST_ALIAS);
310 std::string test_alias_playground = std::string("AAA BBB CCC");
311 check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
313 // control: expect success
314 check_read(TEST_ALIAS, 0, TEST_DATA);
315 check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
318 // verifies that label can not contain forbidden characters
319 RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
321 switch_to_storage_user(TEST_LABEL);
322 ScopedSaveData ssd(TEST_ALIAS);
325 std::string test_label_playground = std::string("AAA BBB CCC");
326 check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
328 // insert part of the separator in the middle
329 test_label_playground = std::string(TEST_LABEL);
330 test_label_playground.insert(test_label_playground.size()/2, ckmc_label_name_separator);
331 check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
334 test_label_playground = std::string(TEST_LABEL);
335 test_label_playground.insert(0, ckmc_label_name_separator);
336 check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
339 test_label_playground = std::string(TEST_LABEL);
340 test_label_playground.append(ckmc_label_name_separator);
341 check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
343 // control: expect success
344 check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
347 // tries to access other application data without permission
348 RUNNER_TEST(T3020_manager_access_not_allowed)
350 CharPtr top_label = get_label();
352 ScopedSaveData ssd(TEST_ALIAS);
354 ScopedLabel sl(TEST_LABEL2);
356 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
357 check_read_not_visible(TEST_ALIAS_adr.c_str());
358 check_remove_not_visible(TEST_ALIAS_adr.c_str());
362 // tries to access other application data with permission
363 RUNNER_TEST(T3021_manager_access_allowed)
365 CharPtr top_label = get_label();
366 ScopedSaveData ssd(TEST_ALIAS);
368 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
370 ScopedLabel sl(TEST_LABEL2);
372 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
376 // tries to read other application data with permission for read/remove
377 RUNNER_TEST(T3022_manager_access_allowed_with_remove)
379 CharPtr top_label = get_label();
380 ScopedSaveData ssd(TEST_ALIAS);
382 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
384 ScopedLabel sl(TEST_LABEL2);
386 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
390 // tries to remove other application data with permission for reading only
391 RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
393 CharPtr top_label = get_label();
394 ScopedSaveData ssd(TEST_ALIAS);
396 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
398 ScopedLabel sl(TEST_LABEL2);
400 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
401 check_remove_denied(TEST_ALIAS_adr.c_str());
402 check_read_allowed(TEST_ALIAS_adr.c_str());
406 // tries to remove other application data with permission
407 RUNNER_TEST(T3025_manager_remove_allowed)
409 CharPtr top_label = get_label();
410 ScopedSaveData ssd(TEST_ALIAS);
412 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
414 ScopedLabel sl(TEST_LABEL2);
416 check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
420 // tries to access other application data after allow function was called twice with different
422 RUNNER_TEST(T3026_manager_double_allow)
424 CharPtr top_label = get_label();
425 ScopedSaveData ssd(TEST_ALIAS);
427 // access should be overwritten
428 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
429 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
431 ScopedLabel sl(TEST_LABEL2);
433 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
434 check_remove_denied(TEST_ALIAS_adr.c_str());
435 check_read_allowed(TEST_ALIAS_adr.c_str());
439 // tries to access application data with permission and after permission has been revoked
440 RUNNER_TEST(T3027_manager_allow_deny)
442 CharPtr top_label = get_label();
443 ScopedSaveData ssd(TEST_ALIAS);
445 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
447 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
449 ScopedLabel sl(TEST_LABEL2);
451 check_remove_denied(TEST_ALIAS_adr.c_str());
452 check_read_allowed(TEST_ALIAS_adr.c_str());
455 deny_access(TEST_ALIAS, TEST_LABEL2);
457 ScopedLabel sl(TEST_LABEL2);
459 check_remove_not_visible(TEST_ALIAS_adr.c_str());
460 check_read_not_visible(TEST_ALIAS_adr.c_str());
464 RUNNER_TEST(T3028_manager_access_by_label)
466 CharPtr top_label = get_label();
467 const char *additional_data = "label-2-data";
468 ScopedSaveData ssd(TEST_ALIAS);
470 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
472 ScopedLabel sl(TEST_LABEL2);
473 ScopedSaveData ssd(TEST_ALIAS, additional_data);
474 allow_access(TEST_ALIAS, top_label.get(), CKMC_PERMISSION_READ);
476 // test if accessing valid alias (of label2 domain)
477 check_read_allowed(TEST_ALIAS, additional_data);
479 // this has to be done here - in the scope, otherwise
480 // scope destructor will remove the TEST_LABEL2::TEST_ALIAS
482 ScopedLabel sl(top_label.get());
484 // test if can access label2 alias from label1 domain - should succeed
485 check_read_allowed(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str(), additional_data);
489 // test if accessing valid alias (of label1 domain)
490 check_read_allowed(TEST_ALIAS);
492 // access should not be possible - already left the LABEL2 scope, object should be removed
493 check_read_not_visible(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str());
496 // tries to modify another label's permission
497 RUNNER_TEST(T3029_manager_access_modification_by_foreign_label)
499 ScopedLabel sl(TEST_LABEL);
500 ScopedSaveData ssd(TEST_ALIAS);
501 allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
503 ScopedLabel sl(TEST_LABEL2);
505 allow_access_negative(aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
506 deny_access_negative (aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED);
510 // checks if only aliases readable by given app are returned
511 RUNNER_TEST(T3030_manager_get_all_aliases)
513 ScopedSaveData ssd1(TEST_ALIAS);
514 ScopedSaveData ssd2(TEST_ALIAS2);
516 int count = count_aliases();
518 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
520 ScopedLabel sl(TEST_LABEL2);
522 // check that app can access other aliases when it has permission
523 check_alias_count(count - 1);
525 ScopedSaveData ssd3(TEST_ALIAS3);
527 // check that app can access its own aliases
528 check_alias_count(count - 1 + 1);
531 deny_access(TEST_ALIAS, TEST_LABEL2);
533 ScopedLabel sl(TEST_LABEL2);
535 // check that app can't access other aliases for which permission has been revoked
536 check_alias_count(count - 2);
540 // tries to access other application data with permission
541 RUNNER_TEST(T3031_manager_deprecated_access_allowed)
543 CharPtr top_label = get_label();
544 ScopedSaveData ssd(TEST_ALIAS);
546 allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
548 ScopedLabel sl(TEST_LABEL2);
550 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
554 // tries to read other application data with permission for read/remove
555 RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove)
557 CharPtr top_label = get_label();
558 ScopedSaveData ssd(TEST_ALIAS);
560 allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
562 ScopedLabel sl(TEST_LABEL2);
564 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
568 // tries to remove other application data with permission for reading only
569 RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied)
571 CharPtr top_label = get_label();
572 ScopedSaveData ssd(TEST_ALIAS);
574 allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
576 ScopedLabel sl(TEST_LABEL2);
578 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
579 check_remove_denied(TEST_ALIAS_adr.c_str());
580 check_read_allowed(TEST_ALIAS_adr.c_str());
584 // tries to remove other application data with permission
585 RUNNER_TEST(T3034_manager_deprecated_remove_allowed)
587 CharPtr top_label = get_label();
588 ScopedSaveData ssd(TEST_ALIAS);
590 allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
592 ScopedLabel sl(TEST_LABEL2);
594 check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
599 /////////////////////////////////////////////////////////////////////////////
602 // invalid argument check
603 RUNNER_TEST(T3101_control_allow_access_invalid)
606 ret = ckmc_set_permission_by_adm(USER_ROOT, "alias", "accessor", CKMC_PERMISSION_READ);
607 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
608 ret = ckmc_set_permission_by_adm(USER_ROOT, "owner alias", NULL, CKMC_PERMISSION_READ);
609 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
612 std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
613 ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
614 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
617 // invalid argument check
618 RUNNER_TEST(T3102_control_deny_access_invalid)
620 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
621 ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NULL, "alias").c_str(), "accessor", CKMC_PERMISSION_NONE));
622 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
623 ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), NULL, CKMC_PERMISSION_NONE));
626 std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
627 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
628 ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_NONE));
631 // tries to allow access for non existing alias
632 RUNNER_TEST(T3103_control_allow_access_non_existing)
634 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
635 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
636 "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
639 // tries to deny access for non existing alias
640 RUNNER_TEST(T3104_control_deny_access_non_existing)
642 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
643 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
644 "Denying access for non existing alias returned " << CKMCErrorToString(ret));
647 // tries to deny non existing access
648 RUNNER_TEST(T3105_control_deny_access_non_existing_access)
650 ScopedSaveData ssd(TEST_ALIAS);
652 CharPtr label = get_label();
654 // deny non existing access to existing alias
655 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
656 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
657 "Denying non existing access returned: " << CKMCErrorToString(ret));
660 // tries to allow application to access its own data
661 RUNNER_TEST(T3106_control_allow_access_to_myself)
663 ScopedSaveData ssd(TEST_ALIAS);
665 CharPtr label = get_label();
666 int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
667 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
668 "Trying to allow myself returned: " << CKMCErrorToString(ret));
671 // tries to use admin API as a user
672 RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
674 RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
676 switch_to_storage_user(TEST_LABEL);
677 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ);
678 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
679 "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
682 // tries to use admin API as a user
683 RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
685 RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
687 switch_to_storage_user(TEST_LABEL);
688 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE);
689 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
690 "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
693 // tries to read other application data with permission
694 RUNNER_TEST(T3121_control_access_allowed)
696 CharPtr top_label = get_label();
697 ScopedSaveData ssd(TEST_ALIAS);
699 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
701 ScopedLabel sl(TEST_LABEL2);
703 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
707 // tries to read other application data with permission to read/remove
708 RUNNER_TEST(T3122_control_access_allowed_with_remove)
710 CharPtr top_label = get_label();
711 ScopedSaveData ssd(TEST_ALIAS);
713 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
715 ScopedLabel sl(TEST_LABEL2);
717 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
721 // tries to remove other application data with permission to read
722 RUNNER_TEST(T3122_control_access_allowed_remove_denied)
724 CharPtr top_label = get_label();
725 ScopedSaveData ssd(TEST_ALIAS);
727 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
729 ScopedLabel sl(TEST_LABEL2);
731 check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
735 // tries to remove other application data with permission
736 RUNNER_TEST(T3125_control_remove_allowed)
738 CharPtr top_label = get_label();
739 ScopedSaveData ssd(TEST_ALIAS);
741 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
743 ScopedLabel sl(TEST_LABEL2);
745 check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
749 // tries to access other application data after allow function has been called twice with different
751 RUNNER_TEST(T3126_control_double_allow)
753 CharPtr top_label = get_label();
754 ScopedSaveData ssd(TEST_ALIAS);
756 // access should be overwritten
757 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
758 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
760 ScopedLabel sl(TEST_LABEL2);
762 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
763 check_remove_denied(TEST_ALIAS_adr.c_str());
764 check_read_allowed(TEST_ALIAS_adr.c_str());
768 // tries to access other application data with permission and after permission has been revoked
769 RUNNER_TEST(T3127_control_allow_deny)
771 CharPtr top_label = get_label();
772 ScopedSaveData ssd(TEST_ALIAS);
774 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
776 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
778 ScopedLabel sl(TEST_LABEL2);
780 check_remove_denied(TEST_ALIAS_adr.c_str());
781 check_read_allowed(TEST_ALIAS_adr.c_str());
783 CharPtr label = get_label();
784 deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
786 ScopedLabel sl(TEST_LABEL2);
788 check_remove_not_visible(TEST_ALIAS_adr.c_str());
789 check_read_not_visible(TEST_ALIAS_adr.c_str());
793 // checks if only aliases readable by given app are returned
794 RUNNER_TEST(T3130_control_get_all_aliases)
796 ScopedSaveData ssd1(TEST_ALIAS);
797 ScopedSaveData ssd2(TEST_ALIAS2);
799 int count = count_aliases();
801 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
803 ScopedLabel sl(TEST_LABEL2);
805 // check that app can access other aliases when it has permission
806 check_alias_count(count - 1);
808 ScopedSaveData ssd3(TEST_ALIAS3);
810 // check that app can access its own aliases
811 check_alias_count(count - 1 + 1);
814 deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
816 ScopedLabel sl(TEST_LABEL2);
818 // check that app can't access other aliases for which permission has been revoked
819 check_alias_count(count - 2);
823 // tries to add access to data in a database of invalid user
824 RUNNER_TEST(T3140_control_allow_invalid_user)
826 ScopedSaveData ssd(TEST_ALIAS);
828 int ret = ckmc_set_permission_by_adm(
829 APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
830 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
831 "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
834 // tries to revoke access to data in a database of invalid user
835 RUNNER_TEST(T3141_control_deny_invalid_user)
837 ScopedSaveData ssd(TEST_ALIAS);
839 int ret = ckmc_set_permission_by_adm(APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_NONE);
840 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
841 "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
844 // tries to read other application data with permission
845 RUNNER_TEST(T3142_control_deprecated_access_allowed)
847 CharPtr top_label = get_label();
848 ScopedSaveData ssd(TEST_ALIAS);
850 allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
852 ScopedLabel sl(TEST_LABEL2);
854 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
858 // tries to read other application data with permission to read/remove
859 RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove)
861 CharPtr top_label = get_label();
862 ScopedSaveData ssd(TEST_ALIAS);
864 allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
866 ScopedLabel sl(TEST_LABEL2);
868 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
872 // tries to remove other application data with permission to read
873 RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied)
875 CharPtr top_label = get_label();
876 ScopedSaveData ssd(TEST_ALIAS);
878 allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
880 ScopedLabel sl(TEST_LABEL2);
882 check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
886 // tries to remove other application data with permission
887 RUNNER_TEST(T3145_control_deprecated_remove_allowed)
889 CharPtr top_label = get_label();
890 ScopedSaveData ssd(TEST_ALIAS);
892 allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
894 ScopedLabel sl(TEST_LABEL2);
896 check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
901 RUNNER_TEST(T3999_deinit)
904 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)), CKMCErrorToString(temp));
905 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
906 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)), CKMCErrorToString(temp));
907 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));