4 #include <dpl/test/test_runner.h>
5 #include <dpl/test/test_runner_child.h>
7 #include <tests_common.h>
8 #include <ckm-common.h>
9 #include <access_provider2.h>
11 #include <ckmc/ckmc-manager.h>
12 #include <ckmc/ckmc-control.h>
13 #include <ckmc/ckmc-type.h>
14 #include <ckmc/ckmc-error.h>
16 #include <ckm/ckm-type.h>
20 const uid_t USER_ROOT = 0;
21 const char* APP_PASS = "user-pass";
22 const char* ROOT_PASS = "test-pass";
24 const char* NO_ALIAS = "definitely-non-existent-alias";
25 const char* NO_OWNER = "definitely-non-existent-owner";
27 const char* TEST_ALIAS = "test-alias";
28 const char* TEST_ALIAS2 = "test-alias2";
29 const char* TEST_ALIAS3 = "test-alias3";
31 const char* TEST_LABEL = "test-label";
32 const char* TEST_LABEL2 = "test-label2";
33 const char* TEST_LABEL3 = "test-label3";
34 const char* TEST_LABEL4 = "test-label4";
36 const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
38 void save_data(const char* alias, const char *data)
40 ckmc_raw_buffer_s buffer;
41 buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
42 buffer.size = strlen(data);
44 policy.password = NULL;
45 policy.extractable = true;
47 int ret = ckmc_save_data(alias, buffer, policy);
48 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Saving data failed. Error: " << ret);
51 void save_data(const char* alias)
53 save_data(alias, TEST_DATA);
56 void check_remove_allowed(const char* alias)
58 int ret = ckmc_remove_alias(alias);
59 // remove, but ignore non existing
60 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret || CKMC_ERROR_DB_ALIAS_UNKNOWN,
61 "Removing data failed: " << ret);
64 void check_remove_denied(const char* alias)
66 int ret = ckmc_remove_alias(alias);
68 CKMC_ERROR_PERMISSION_DENIED == ret,
69 "App with different label shouldn't have rights to remove this data. Error: " << ret);
72 void check_remove_not_visible(const char* alias)
74 int ret = ckmc_remove_alias(alias);
76 CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
77 "App with different label shouldn't have rights to see this data. Error: " << ret);
80 void check_read(const char* alias, const char *label, const char *test_data, int expected_code = CKMC_ERROR_NONE)
82 ckmc_raw_buffer_s* buffer = NULL;
83 int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer);
84 RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. Expected code: " << expected_code << ", while result code: " << ret);
86 if(expected_code == CKMC_ERROR_NONE)
88 // compare data with expected
90 buffer->size == strlen(test_data),
91 "Extracted data length do not match expected data length (encrypted?).");
94 memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)), test_data, buffer->size) == 0,
95 "Extracted data do not match expected data (encrypted?).");
97 ckmc_buffer_free(buffer);
101 void check_read_allowed(const char* alias, const char *data)
103 // try to read previously saved data - label taken implicitly
104 check_read(alias, 0, data);
106 void check_read_allowed(const char* alias)
108 check_read_allowed(alias, TEST_DATA);
111 void check_read_denied(const char* alias)
113 // try to read previously saved data - label taken implicitly
115 ckmc_raw_buffer_s* buffer = NULL;
116 int ret = ckmc_get_data(alias, NULL, &buffer);
117 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
118 "App with different label shouldn't have rights to read this data. Error: " << ret);
119 ckmc_buffer_free(buffer);
123 void check_read_not_visible(const char* alias)
125 // try to read previously saved data - label taken implicitly
127 ckmc_raw_buffer_s* buffer = NULL;
128 int ret = ckmc_get_data(alias, NULL, &buffer);
129 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
130 "App with different label shouldn't have rights to see this data. Error: " << ret);
131 ckmc_buffer_free(buffer);
135 void allow_access(const char* alias, const char* accessor, int permissionMask)
137 // data removal should revoke this access
138 int ret = ckmc_set_permission(alias, accessor, permissionMask);
139 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret);
142 void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode)
144 // data removal should revoke this access
145 int ret = ckmc_set_permission(alias, accessor, permissionMask);
146 RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned: " << ret << ", while expected: " << expectedCode);
149 void deny_access(const char* alias, const char* accessor)
151 int ret = ckmc_deny_access(alias, accessor);
152 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << ret);
155 void deny_access_negative(const char* alias, const char* accessor, int expectedCode)
157 int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
158 RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. Error: " << ret << ", while expected: " << expectedCode);
161 void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask)
163 // data removal should revoke this access
164 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, permissionMask);
165 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret);
168 void deny_access_by_adm(const char* alias, const char* accessor)
170 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, CKMC_PERMISSION_NONE);
171 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << ret);
176 ckmc_alias_list_s *aliasList = NULL;
177 int ret = ckmc_get_data_alias_list(&aliasList);
178 if (ret == CKMC_ERROR_DB_ALIAS_UNKNOWN)
181 RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. Error: " << ret);
183 ckmc_alias_list_s *plist = aliasList;
190 ckmc_alias_list_all_free(aliasList);
194 void check_alias_count(int expected)
196 int count = count_aliases();
197 RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
200 // saves data upon construction and deletes it upon destruction
204 ScopedSaveData(const char* alias) : m_alias(alias)
208 ScopedSaveData(const char* alias, const char *data) : m_alias(alias)
210 save_data(alias, data);
216 * Let it throw. If we can't remove data then remaining tests results will be
219 check_remove_allowed(m_alias);
225 } // namespace anonymous
227 RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API);
230 /////////////////////////////////////////////////////////////////////////////
232 RUNNER_TEST(T3000_init)
235 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)),
237 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)),
239 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)),
241 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)),
246 // invalid arguments check
247 RUNNER_TEST(T3001_manager_allow_access_invalid)
250 CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
252 CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_READ));
255 // invalid arguments check
256 RUNNER_TEST(T3002_manager_deny_access_invalid)
258 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
259 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
262 // tries to allow access for non existing alias
263 RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
265 switch_to_storage_user(TEST_LABEL);
267 int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
268 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
269 "Allowing access for non existing alias returned " << ret);
272 // tries to deny access for non existing alias
273 RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
275 switch_to_storage_user(TEST_LABEL);
277 int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
278 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
279 "Denying access for non existing alias returned " << ret);
282 // tries to deny access that does not exist in database
283 RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
285 switch_to_storage_user(TEST_LABEL);
287 ScopedSaveData ssd(TEST_ALIAS);
289 // deny non existing access to existing alias
290 int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
291 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
292 "Denying non existing access returned: " << ret);
295 // tries to allow access to application own data
296 RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
298 switch_to_storage_user(TEST_LABEL);
300 ScopedSaveData ssd(TEST_ALIAS);
302 CharPtr label = get_label();
303 int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
304 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
305 "Trying to allow myself returned: " << ret);
308 // verifies that alias can not contain forbidden characters
309 RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
311 switch_to_storage_user(TEST_LABEL);
312 ScopedSaveData ssd(TEST_ALIAS);
314 std::string test_alias_playground = std::string("AAA BBB CCC");
315 check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
317 // control: expect success
318 check_read(TEST_ALIAS, 0, TEST_DATA);
319 check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
322 // verifies that label can not contain forbidden characters
323 RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
325 switch_to_storage_user(TEST_LABEL);
326 ScopedSaveData ssd(TEST_ALIAS);
329 std::string test_label_playground = std::string("AAA BBB CCC");
330 check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
332 // insert part of the separator in the middle
333 test_label_playground = std::string(TEST_LABEL);
334 test_label_playground.insert(test_label_playground.size()/2, ckmc_label_name_separator);
335 check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
338 test_label_playground = std::string(TEST_LABEL);
339 test_label_playground.insert(0, ckmc_label_name_separator);
340 check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
343 test_label_playground = std::string(TEST_LABEL);
344 test_label_playground.append(ckmc_label_name_separator);
345 check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
347 // control: expect success
348 check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
351 // tries to access other application data without permission
352 RUNNER_TEST(T3020_manager_access_not_allowed)
354 CharPtr top_label = get_label();
356 ScopedSaveData ssd(TEST_ALIAS);
358 ScopedLabel sl(TEST_LABEL2);
360 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
361 check_read_not_visible(TEST_ALIAS_adr.c_str());
362 check_remove_not_visible(TEST_ALIAS_adr.c_str());
366 // tries to access other application data with permission
367 RUNNER_TEST(T3021_manager_access_allowed)
369 CharPtr top_label = get_label();
370 ScopedSaveData ssd(TEST_ALIAS);
372 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
374 ScopedLabel sl(TEST_LABEL2);
376 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
380 // tries to read other application data with permission for read/remove
381 RUNNER_TEST(T3022_manager_access_allowed_with_remove)
383 CharPtr top_label = get_label();
384 ScopedSaveData ssd(TEST_ALIAS);
386 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
388 ScopedLabel sl(TEST_LABEL2);
390 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
394 // tries to remove other application data with permission for reading only
395 RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
397 CharPtr top_label = get_label();
398 ScopedSaveData ssd(TEST_ALIAS);
400 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
402 ScopedLabel sl(TEST_LABEL2);
404 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
405 check_remove_denied(TEST_ALIAS_adr.c_str());
406 check_read_allowed(TEST_ALIAS_adr.c_str());
410 // tries to remove other application data with permission
411 RUNNER_TEST(T3025_manager_remove_allowed)
413 CharPtr top_label = get_label();
414 ScopedSaveData ssd(TEST_ALIAS);
416 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
418 ScopedLabel sl(TEST_LABEL2);
420 check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
424 // tries to access other application data after allow function was called twice with different
426 RUNNER_TEST(T3026_manager_double_allow)
428 CharPtr top_label = get_label();
429 ScopedSaveData ssd(TEST_ALIAS);
431 // access should be overwritten
432 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
433 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
435 ScopedLabel sl(TEST_LABEL2);
437 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
438 check_remove_denied(TEST_ALIAS_adr.c_str());
439 check_read_allowed(TEST_ALIAS_adr.c_str());
443 // tries to access application data with permission and after permission has been revoked
444 RUNNER_TEST(T3027_manager_allow_deny)
446 CharPtr top_label = get_label();
447 ScopedSaveData ssd(TEST_ALIAS);
449 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
451 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
453 ScopedLabel sl(TEST_LABEL2);
455 check_remove_denied(TEST_ALIAS_adr.c_str());
456 check_read_allowed(TEST_ALIAS_adr.c_str());
459 deny_access(TEST_ALIAS, TEST_LABEL2);
461 ScopedLabel sl(TEST_LABEL2);
463 check_remove_not_visible(TEST_ALIAS_adr.c_str());
464 check_read_not_visible(TEST_ALIAS_adr.c_str());
468 RUNNER_TEST(T3028_manager_access_by_label)
470 CharPtr top_label = get_label();
471 const char *additional_data = "label-2-data";
472 ScopedSaveData ssd(TEST_ALIAS);
474 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
476 ScopedLabel sl(TEST_LABEL2);
477 ScopedSaveData ssd(TEST_ALIAS, additional_data);
478 allow_access(TEST_ALIAS, top_label.get(), CKMC_PERMISSION_READ);
480 // test if accessing valid alias (of label2 domain)
481 check_read_allowed(TEST_ALIAS, additional_data);
483 // this has to be done here - in the scope, otherwise
484 // scope destructor will remove the TEST_LABEL2::TEST_ALIAS
486 ScopedLabel sl(top_label.get());
488 // test if can access label2 alias from label1 domain - should succeed
489 check_read_allowed(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str(), additional_data);
493 // test if accessing valid alias (of label1 domain)
494 check_read_allowed(TEST_ALIAS);
496 // access should not be possible - already left the LABEL2 scope, object should be removed
497 check_read_not_visible(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str());
500 // tries to modify another label's permission
501 RUNNER_TEST(T3029_manager_access_modification_by_foreign_label)
503 ScopedLabel sl(TEST_LABEL);
504 ScopedSaveData ssd(TEST_ALIAS);
505 allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
507 ScopedLabel sl(TEST_LABEL2);
509 allow_access_negative(aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
510 deny_access_negative (aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED);
514 // checks if only aliases readable by given app are returned
515 RUNNER_TEST(T3030_manager_get_all_aliases)
517 ScopedSaveData ssd1(TEST_ALIAS);
518 ScopedSaveData ssd2(TEST_ALIAS2);
520 int count = count_aliases();
522 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
524 ScopedLabel sl(TEST_LABEL2);
526 // check that app can access other aliases when it has permission
527 check_alias_count(count - 1);
529 ScopedSaveData ssd3(TEST_ALIAS3);
531 // check that app can access its own aliases
532 check_alias_count(count - 1 + 1);
535 deny_access(TEST_ALIAS, TEST_LABEL2);
537 ScopedLabel sl(TEST_LABEL2);
539 // check that app can't access other aliases for which permission has been revoked
540 check_alias_count(count - 2);
544 RUNNER_TEST(T3031_manager_test_decrypt_from_another_label)
547 CharPtr top_label = get_label();
548 ScopedSaveData ssd(TEST_ALIAS);
550 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
552 ScopedLabel sl(TEST_LABEL2);
554 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
556 // remove the DKEK key - so that on read it must be added again
557 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
560 // on this read, DKEK key will be added again
561 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
566 /////////////////////////////////////////////////////////////////////////////
569 // invalid argument check
570 RUNNER_TEST(T3101_control_allow_access_invalid)
573 ret = ckmc_set_permission_by_adm(USER_ROOT, "alias", "accessor", CKMC_PERMISSION_READ);
574 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
575 ret = ckmc_set_permission_by_adm(USER_ROOT, "owner alias", NULL, CKMC_PERMISSION_READ);
576 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
579 std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
580 ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
581 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
584 // invalid argument check
585 RUNNER_TEST(T3102_control_deny_access_invalid)
587 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
588 ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NULL, "alias").c_str(), "accessor", CKMC_PERMISSION_NONE));
589 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
590 ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), NULL, CKMC_PERMISSION_NONE));
593 std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
594 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
595 ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_NONE));
598 // tries to allow access for non existing alias
599 RUNNER_TEST(T3103_control_allow_access_non_existing)
601 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
602 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
603 "Allowing access for non existing alias returned " << ret);
606 // tries to deny access for non existing alias
607 RUNNER_TEST(T3104_control_deny_access_non_existing)
609 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
610 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
611 "Denying access for non existing alias returned " << ret);
614 // tries to deny non existing access
615 RUNNER_TEST(T3105_control_deny_access_non_existing_access)
617 ScopedSaveData ssd(TEST_ALIAS);
619 CharPtr label = get_label();
621 // deny non existing access to existing alias
622 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
623 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
624 "Denying non existing access returned: " << ret);
627 // tries to allow application to access its own data
628 RUNNER_TEST(T3106_control_allow_access_to_myself)
630 ScopedSaveData ssd(TEST_ALIAS);
632 CharPtr label = get_label();
633 int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
634 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
635 "Trying to allow myself returned: " << ret);
638 // tries to use admin API as a user
639 RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
641 switch_to_storage_user(TEST_LABEL);
642 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ);
643 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
644 "Ordinary user should not be able to use control API. Error " << ret);
647 // tries to use admin API as a user
648 RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
650 switch_to_storage_user(TEST_LABEL);
651 int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE);
652 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
653 "Ordinary user should not be able to use control API. Error " << ret);
656 // tries to read other application data with permission
657 RUNNER_TEST(T3121_control_access_allowed)
659 CharPtr top_label = get_label();
660 ScopedSaveData ssd(TEST_ALIAS);
662 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
664 ScopedLabel sl(TEST_LABEL2);
666 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
670 // tries to read other application data with permission to read/remove
671 RUNNER_TEST(T3122_control_access_allowed_with_remove)
673 CharPtr top_label = get_label();
674 ScopedSaveData ssd(TEST_ALIAS);
676 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
678 ScopedLabel sl(TEST_LABEL2);
680 check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
684 // tries to remove other application data with permission to read
685 RUNNER_TEST(T3122_control_access_allowed_remove_denied)
687 CharPtr top_label = get_label();
688 ScopedSaveData ssd(TEST_ALIAS);
690 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
692 ScopedLabel sl(TEST_LABEL2);
694 check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
698 // tries to remove other application data with permission
699 RUNNER_TEST(T3125_control_remove_allowed)
701 CharPtr top_label = get_label();
702 ScopedSaveData ssd(TEST_ALIAS);
704 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
706 ScopedLabel sl(TEST_LABEL2);
708 check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
712 // tries to access other application data after allow function has been called twice with different
714 RUNNER_TEST(T3126_control_double_allow)
716 CharPtr top_label = get_label();
717 ScopedSaveData ssd(TEST_ALIAS);
719 // access should be overwritten
720 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
721 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
723 ScopedLabel sl(TEST_LABEL2);
725 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
726 check_remove_denied(TEST_ALIAS_adr.c_str());
727 check_read_allowed(TEST_ALIAS_adr.c_str());
731 // tries to access other application data with permission and after permission has been revoked
732 RUNNER_TEST(T3127_control_allow_deny)
734 CharPtr top_label = get_label();
735 ScopedSaveData ssd(TEST_ALIAS);
737 std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
739 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
741 ScopedLabel sl(TEST_LABEL2);
743 check_remove_denied(TEST_ALIAS_adr.c_str());
744 check_read_allowed(TEST_ALIAS_adr.c_str());
746 CharPtr label = get_label();
747 deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
749 ScopedLabel sl(TEST_LABEL2);
751 check_remove_not_visible(TEST_ALIAS_adr.c_str());
752 check_read_not_visible(TEST_ALIAS_adr.c_str());
756 // checks if only aliases readable by given app are returned
757 RUNNER_TEST(T3130_control_get_all_aliases)
759 ScopedSaveData ssd1(TEST_ALIAS);
760 ScopedSaveData ssd2(TEST_ALIAS2);
762 int count = count_aliases();
764 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
766 ScopedLabel sl(TEST_LABEL2);
768 // check that app can access other aliases when it has permission
769 check_alias_count(count - 1);
771 ScopedSaveData ssd3(TEST_ALIAS3);
773 // check that app can access its own aliases
774 check_alias_count(count - 1 + 1);
777 deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
779 ScopedLabel sl(TEST_LABEL2);
781 // check that app can't access other aliases for which permission has been revoked
782 check_alias_count(count - 2);
786 // tries to add access to data in a database of invalid user
787 RUNNER_TEST(T3140_control_allow_invalid_user)
789 ScopedSaveData ssd(TEST_ALIAS);
791 int ret = ckmc_set_permission_by_adm(
792 APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
793 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
794 "Trying to allow access to invalid user returned: " << ret);
797 // tries to revoke access to data in a database of invalid user
798 RUNNER_TEST(T3141_control_deny_invalid_user)
800 ScopedSaveData ssd(TEST_ALIAS);
802 int ret = ckmc_set_permission_by_adm(APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_NONE);
803 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
804 "Trying to deny access to invalid user returned: " << ret);
808 RUNNER_TEST(T3999_deinit)
811 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)),
813 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)),
815 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)),
817 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)),