2 * Copyright (c) 2000 - 2020 Samsung Electronics Co.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
20 #include <dpl/test/test_runner.h>
21 #include <tests_common.h>
22 #include <ckm-common.h>
23 #include <ckm-privileged-common.h>
24 #include <ckm/ckm-control.h>
25 #include <ckmc/ckmc-manager.h>
26 #include <ckmc/ckmc-type.h>
27 #include <scoped-app-context.h>
29 #include <sys/types.h>
33 const uid_t USER_SERVICE = 0;
34 const uid_t USER_SERVICE_2 = 1234;
35 const uid_t GROUP_SERVICE_2 = 1234;
36 const uid_t USER_SERVICE_MAX = 4999;
37 const uid_t GROUP_SERVICE_MAX = 4999;
38 const uid_t USER_SERVICE_FAIL = 5000;
39 const uid_t GROUP_SERVICE_FAIL = 5000;
40 const uid_t USER_APP = 5050;
41 const uid_t GROUP_APP = 5050;
42 const char* APP_PASS = "user-pass";
44 const char* TEST_ALIAS = "test-alias";
45 const char* INVALID_LABEL = "coco-jumbo";
46 const char* TEST_PASSWORD = "ckm-password";
47 std::string TEST_SYSTEM_ALIAS = sharedDatabase(TEST_ALIAS);
48 std::string TEST_SYSTEM_ALIAS_2 = sharedDatabase("test-alias-2");
50 const char* TEST_DATA =
51 "Lorem Ipsum. At vero eos et accusamus et iusto odio dignissimos ducimus "
52 "qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores "
53 "et quas molestias excepturi sint occaecati cupiditate non provident, "
54 "similique sunt in culpa qui officia deserunt mollitia animi, id est "
55 "laborum et dolorum fuga. ";
59 RUNNER_TEST_GROUP_INIT(T50_SYSTEM_DB);
61 RUNNER_TEST(T5010_CLIENT_APP_LOCKED_PRIVATE_DB)
63 RUNNER_IGNORED_MSG("This test is turn off because fix "
64 "from tizen 2.4 that unlock db with empty password");
66 // start as system service
67 // add resource to the system DB
68 // add permission to the resource to a user app
70 // switch to user app, leave DB locked
71 // try to access system DB item - expect success
74 remove_user_data(USER_APP);
75 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
76 allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
80 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
82 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
86 RUNNER_TEST(T5020_CLIENT_APP_ADD_TO_PRIVATE_DB)
89 // switch to user app, unlock DB
90 // when accessing private DB - owner==me
91 // try to write to private DB - expect success
92 // try to get item from private DB - expect success
96 remove_user_data(USER_APP);
97 ScopedDBUnlock unlock(USER_APP, APP_PASS);
98 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
100 ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
101 check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
105 RUNNER_TEST(T5030_CLIENT_APP_TRY_ADDING_SYSTEM_ITEM, RemoveDataEnv<0, USER_APP>)
108 // switch to user app, unlock DB
109 // try to add item to system DB - expect fail
113 ScopedDBUnlock unlock(USER_APP, APP_PASS);
114 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
116 save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
117 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
121 RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION, RemoveDataEnv<0, USER_APP>)
124 // start as system service
125 // add resource to the system DB
126 // add permission to the resource to a user app
128 // switch to user app, unlock DB
129 // try to access the system item - expect success
131 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
132 allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
136 ScopedDBUnlock unlock(USER_APP, APP_PASS);
137 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
139 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
143 RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION, RemoveDataEnv<0, USER_APP>)
146 // start as system service
147 // add resource to the system DB
149 // switch to user app, unlock DB
150 // try to access the system item - expect fail
153 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
157 ScopedDBUnlock unlock(USER_APP, APP_PASS);
158 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
160 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
164 RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL, RemoveDataEnv<0, USER_APP>)
167 // start as system service
168 // add resource to the system DB
169 // add permission to the resource to a user app
171 // switch to user app, unlock DB
172 // try to access the system item - expect success
174 // as system service, remove the item (expecting to remove permission)
175 // add item again, do not add permission
177 // switch to user app, unlock DB
178 // try to access the system item - expect fail
181 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
182 allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
186 ScopedDBUnlock unlock(USER_APP, APP_PASS);
187 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
189 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
193 check_remove_allowed(TEST_SYSTEM_ALIAS.c_str());
197 ScopedDBUnlock unlock(USER_APP, APP_PASS);
198 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
200 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
204 RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS, RemoveDataEnv<0, USER_APP>)
207 // switch to user app, unlock DB
208 // try to write to private DB - expect success
209 // try to write to system DB - expect fail
213 ScopedDBUnlock unlock(USER_APP, APP_PASS);
214 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
216 ScopedSaveData ssdsystem_user(TEST_ALIAS, TEST_DATA);
217 ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
218 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
222 RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM, RemoveDataEnv<0, USER_APP>)
225 // start as system service
226 // add resource to the system DB
227 // add permission to the resource to a user app
229 // switch to user app, unlock DB
230 // try to remove item from system DB - expect fail
233 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
234 allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
238 ScopedDBUnlock unlock(USER_APP, APP_PASS);
239 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
241 check_remove_denied(TEST_SYSTEM_ALIAS.c_str());
245 RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS, RemoveDataEnv<0, USER_APP>)
248 // start as system service
249 // add data A to the system DB
250 // add data B to the system DB
251 // add permission to data A to a user app
253 // system service list items - expect both items to appear
255 // switch to user app, unlock DB
257 // user lists items - expect system item A and private item
260 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
261 save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA);
262 allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
265 check_alias_list({TEST_SYSTEM_ALIAS.c_str(), TEST_SYSTEM_ALIAS_2.c_str()});
269 ScopedDBUnlock unlock(USER_APP, APP_PASS);
270 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
271 ScopedSaveData user_data(TEST_ALIAS, TEST_DATA);
273 check_alias_list({TEST_SYSTEM_ALIAS.c_str(),
274 aliasWithLabel(TEST_LABEL, TEST_ALIAS)});
278 RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB, RemoveDataEnv<USER_APP>)
281 // switch to user app, unlock DB
282 // try to generate a key in system DB - expect fail
286 ScopedDBUnlock unlock(USER_APP, APP_PASS);
287 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
289 std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv");
290 std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub");
291 ckmc_policy_s policy_private_key;
292 ckmc_policy_s policy_public_key;
293 policy_private_key.password = NULL;
294 policy_private_key.extractable = 1;
295 policy_public_key.password = NULL;
296 policy_public_key.extractable = 1;
299 CKMC_ERROR_PERMISSION_DENIED ==
300 (temp = ckmc_create_key_pair_rsa(1024,
301 private_key_alias.c_str(),
302 public_key_alias.c_str(),
305 CKMCReadableError(temp));
309 RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB, RemoveDataEnv<0,USER_APP>)
312 // start as system service
313 // generate RSA key in system DB
315 // try to create and verify signature in system DB - expect success
317 // switch to user app, unlock DB
318 // try to create signature in system DB - expect fail
321 std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv");
322 std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub");
323 ckmc_policy_s policy_private_key;
324 ckmc_policy_s policy_public_key;
325 policy_private_key.password = NULL;
326 policy_private_key.extractable = 1;
327 policy_public_key.password = NULL;
328 policy_public_key.extractable = 1;
332 (temp = ckmc_create_key_pair_rsa(1024,
333 private_key_alias.c_str(),
334 public_key_alias.c_str(),
337 CKMCReadableError(temp));
341 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
342 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
343 ckmc_raw_buffer_s *signature;
344 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
347 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
348 private_key_alias.c_str(),
354 CKMCReadableError(temp));
357 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
358 public_key_alias.c_str(),
364 CKMCReadableError(temp));
369 ScopedDBUnlock unlock(USER_APP, APP_PASS);
370 ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
372 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
373 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
374 ckmc_raw_buffer_s *signature;
375 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
378 CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_create_signature(
379 private_key_alias.c_str(),
385 CKMCReadableError(temp));
389 RUNNER_TEST(T5039_SYSTEM_APP_SET_REMOVE_ACCESS, RemoveDataEnv<0>)
392 // start as system service
393 // add resource to the system DB
395 // add remove permission to a user app - expect fail
398 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
401 allow_access_negative(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER);
404 RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB, RemoveDataEnv<0>)
407 // start as system service
408 // add resource to the system DB
410 // try to access the item - expect success
413 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
416 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
419 RUNNER_TEST(T5041_SYSTEM_SVC_1234_ACCESS_DB, RemoveDataEnv<0>)
422 // start as system service
423 // add resource to the system DB
425 // switch to another system service
426 // try to access the item - expect success
429 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
433 ScopedAppContext ctx(TEST_LABEL_2, USER_SERVICE_2, GROUP_SERVICE_2);
435 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
439 RUNNER_TEST(T5042_SYSTEM_SVC_1234_ADD_ITEM_TO_DB)
442 // start as system service 1234
443 // add resource to the system DB
445 // switch to another system service
446 // try to access the item - expect success
450 ScopedAppContext ctx(TEST_LABEL_2, USER_SERVICE_2, GROUP_SERVICE_2);
453 ScopedSaveData ssd(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
454 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
458 RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB, RemoveDataEnv<0>)
461 // start as system service
462 // add resource to the system DB
464 // switch to system service having uid maximum for system svcs
465 // try to access the item - expect success
468 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
472 ScopedAppContext ctx(TEST_LABEL_2, USER_SERVICE_MAX, GROUP_SERVICE_MAX);
474 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
478 RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB, RemoveDataEnv<0>)
480 RUNNER_IGNORED_MSG("This test is turn off because fix "
481 "from tizen 2.4 that unlock db with empty password");
483 // start as system service
484 // add resource to the system DB
486 // switch to another, faulty system service with user-land uid==5000
487 // try to access the item - expect fail (no system service)
490 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
494 ScopedAppContext ctx(TEST_LABEL_2, USER_SERVICE_FAIL, GROUP_SERVICE_FAIL);
496 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
500 RUNNER_TEST(T5045_SYSTEM_DB_ADD_WITH_INVALID_LABEL, RemoveDataEnv<0>)
503 // start as system service
505 // try to add item to system DB using wrong label - expect fail
506 // try to add item using explicit system label - expect success
509 save_data(aliasWithLabel(INVALID_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
510 check_read(TEST_ALIAS, INVALID_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
512 save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA);
513 check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
516 RUNNER_TEST(T5046_CLIENT_GET_ALIAS_STATUS_NO_PASSWORD, RemoveDataEnv<0>)
519 // start as system service
520 // add data A to the system DB
521 // add data B to the system DB
523 // system service list alias status - expect both items to have no password protection
526 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
527 save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA);
530 CKM::AliasPwdVector aliasPwdVector;
531 aliasPwdVector.push_back(std::make_pair(TEST_SYSTEM_ALIAS.c_str(), false));
532 aliasPwdVector.push_back(std::make_pair(TEST_SYSTEM_ALIAS_2.c_str(), false));
534 check_alias_info_list(aliasPwdVector);
537 RUNNER_TEST(T5047_CLIENT_GET_ALIAS_STATUS_PASSWORD_PROTECTED, RemoveDataEnv<0>)
540 // start as system service
541 // add data A to the system DB
542 // add data B with password protection to the system DB
543 // add data C with password protection to the system DB
545 // system service list alias status - expect: first alias - no password protection, second, third -
546 // protected with password
549 save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
550 save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA, strlen(TEST_DATA), TEST_PASSWORD);
551 save_data((TEST_SYSTEM_ALIAS_2 + "1").c_str(), TEST_DATA, strlen(TEST_DATA), TEST_PASSWORD);
554 CKM::AliasPwdVector aliasPwdVector;
555 aliasPwdVector.push_back(std::make_pair(TEST_SYSTEM_ALIAS.c_str(), false));
556 aliasPwdVector.push_back(std::make_pair(TEST_SYSTEM_ALIAS_2.c_str(), true));
557 aliasPwdVector.push_back(std::make_pair((TEST_SYSTEM_ALIAS_2 + "1").c_str(),true));
559 check_alias_info_list(aliasPwdVector);