4 #include <dpl/test/test_runner.h>
5 #include <dpl/test/test_runner_child.h>
7 #include <tests_common.h>
8 #include <ckm-common.h>
9 #include <access_provider2.h>
11 #include <ckmc/ckmc-manager.h>
12 #include <ckmc/ckmc-control.h>
13 #include <ckmc/ckmc-type.h>
14 #include <ckmc/ckmc-error.h>
16 #include <ckm/ckm-type.h>
20 const uid_t USER_ROOT = 0;
21 const char* APP_PASS = "user-pass";
22 const char* ROOT_PASS = "test-pass";
24 const char* NO_ALIAS = "definitely-non-existent-alias";
25 const char* NO_OWNER = "definitely-non-existent-owner";
27 const char* TEST_ALIAS = "test-alias";
28 const char* TEST_ALIAS2 = "test-alias2";
29 const char* TEST_ALIAS3 = "test-alias3";
31 const char* TEST_LABEL = "test-label";
32 const char* TEST_LABEL2 = "test-label2";
34 const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
36 void save_data(const char* alias)
38 ckmc_raw_buffer_s buffer;
39 buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(TEST_DATA));
40 buffer.size = strlen(TEST_DATA);
42 policy.password = NULL;
43 policy.extractable = true;
45 int ret = ckmc_save_data(alias, buffer, policy);
46 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Saving data failed. Error: " << ret);
49 void check_remove_allowed(const char* alias)
51 int ret = ckmc_remove_data(alias);
52 // remove, but ignore non existing
53 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret || CKMC_ERROR_DB_ALIAS_UNKNOWN,
54 "Removing data failed: " << ret);
57 void check_remove_denied(const char* alias)
59 int ret = ckmc_remove_data(alias);
61 CKMC_ERROR_PERMISSION_DENIED == ret,
62 "App with different label shouldn't have rights to remove this data. Error: " << ret);
65 void check_read_allowed(const char* alias)
67 // try to read previously saved data
68 ckmc_raw_buffer_s* buffer = NULL;
69 int ret = ckmc_get_data(alias, NULL, &buffer);
70 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Getting data failed. Error: " << ret);
72 // compare data with expected
74 buffer->size == strlen(TEST_DATA),
75 "Extracted data length do not match expected data length (encrypted?).");
78 memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)), TEST_DATA, buffer->size) == 0,
79 "Extracted data do not match expected data (encrypted?).");
80 ckmc_buffer_free(buffer);
83 void check_read_denied(const char* alias)
85 // try to read previously saved data
86 ckmc_raw_buffer_s* buffer = NULL;
87 int ret = ckmc_get_data(alias, NULL, &buffer);
88 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
89 "App with different label shouldn't have rights to read this data. Error: "
91 ckmc_buffer_free(buffer);
94 void allow_access(const char* alias, const char* accessor, ckmc_access_right_e rights)
96 // data removal should revoke this access
97 int ret = ckmc_allow_access(alias, accessor, rights);
98 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret);
101 void deny_access(const char* alias, const char* accessor)
103 int ret = ckmc_deny_access(alias, accessor);
104 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << ret);
107 void allow_access_by_adm(const char* alias, const char* accessor, ckmc_access_right_e rights)
109 // data removal should revoke this access
110 CharPtr label = get_label();
111 int ret = ckmc_allow_access_by_adm(USER_ROOT, label.get(), alias, accessor, rights);
112 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret);
115 void deny_access_by_adm(const char* alias, const char* accessor)
117 CharPtr label = get_label();
118 int ret = ckmc_deny_access_by_adm(USER_ROOT, label.get(), alias, accessor);
119 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << ret);
124 ckmc_alias_list_s *aliasList = NULL;
125 int ret = ckmc_get_data_alias_list(&aliasList);
126 if (ret == CKMC_ERROR_DB_ALIAS_UNKNOWN)
129 RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. Error: " << ret);
131 ckmc_alias_list_s *plist = aliasList;
138 ckmc_alias_list_all_free(aliasList);
142 void check_alias_count(int expected)
144 int count = count_aliases();
145 RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
148 // saves data upon construction and deletes it upon destruction
152 ScopedSaveData(const char* alias) : m_alias(alias)
160 * Let it throw. If we can't remove data then remaining tests results will be
163 check_remove_allowed(m_alias);
169 } // namespace anonymous
171 RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API);
174 /////////////////////////////////////////////////////////////////////////////
176 RUNNER_TEST(T3000_init)
179 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)),
181 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)),
183 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)),
185 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)),
190 // invalid arguments check
191 RUNNER_TEST(T3001_manager_allow_access_invalid)
194 CKMC_ERROR_INVALID_PARAMETER == ckmc_allow_access(NULL, "accessor", CKMC_AR_READ));
196 CKMC_ERROR_INVALID_PARAMETER == ckmc_allow_access("alias", NULL, CKMC_AR_READ));
199 // invalid arguments check
200 RUNNER_TEST(T3002_manager_deny_access_invalid)
202 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access(NULL, "accessor"));
203 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access("alias", NULL));
206 // tries to allow access for non existing alias
207 RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
209 switch_to_storage_user(TEST_LABEL);
211 int ret = ckmc_allow_access(NO_ALIAS, "label", CKMC_AR_READ);
212 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
213 "Allowing access for non existing alias returned " << ret);
216 // tries to deny access for non existing alias
217 RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
219 switch_to_storage_user(TEST_LABEL);
221 int ret = ckmc_deny_access(NO_ALIAS, "label");
222 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
223 "Denying access for non existing alias returned " << ret);
226 // tries to deny access that does not exist in database
227 RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
229 switch_to_storage_user(TEST_LABEL);
231 ScopedSaveData ssd(TEST_ALIAS);
233 // deny non existing access to existing alias
234 int ret = ckmc_deny_access(TEST_ALIAS, "label");
235 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
236 "Denying non existing access returned: " << ret);
239 // tries to allow access to application own data
240 RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
242 switch_to_storage_user(TEST_LABEL);
244 ScopedSaveData ssd(TEST_ALIAS);
246 CharPtr label = get_label();
247 int ret = ckmc_allow_access(TEST_ALIAS, label.get(), CKMC_AR_READ);
248 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
249 "Trying to allow myself returned: " << ret);
252 // tries to access other application data without permission
253 RUNNER_TEST(T3020_manager_access_not_allowed)
255 ScopedSaveData ssd(TEST_ALIAS);
257 ScopedLabel sl(TEST_LABEL2);
259 check_read_denied(TEST_ALIAS);
261 check_remove_denied(TEST_ALIAS);
265 // tries to access other application data with permission
266 RUNNER_TEST(T3021_manager_access_allowed)
268 ScopedSaveData ssd(TEST_ALIAS);
270 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
272 ScopedLabel sl(TEST_LABEL2);
274 check_read_allowed(TEST_ALIAS);
278 // tries to read other application data with permission for read/remove
279 RUNNER_TEST(T3022_manager_access_allowed_with_remove)
281 ScopedSaveData ssd(TEST_ALIAS);
283 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
285 ScopedLabel sl(TEST_LABEL2);
287 check_read_allowed(TEST_ALIAS);
291 // tries to remove other application data with permission for reading only
292 RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
294 ScopedSaveData ssd(TEST_ALIAS);
296 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
298 ScopedLabel sl(TEST_LABEL2);
300 check_remove_denied(TEST_ALIAS);
302 check_read_allowed(TEST_ALIAS);
306 // tries to remove other application data with permission
307 RUNNER_TEST(T3025_manager_remove_allowed)
309 ScopedSaveData ssd(TEST_ALIAS);
311 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
313 ScopedLabel sl(TEST_LABEL2);
315 check_remove_allowed(TEST_ALIAS);
319 // tries to access other application data after allow funciton was called twice with different
321 RUNNER_TEST(T3026_manager_double_allow)
323 ScopedSaveData ssd(TEST_ALIAS);
325 // access should be overwritten
326 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
327 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
329 ScopedLabel sl(TEST_LABEL2);
331 check_remove_denied(TEST_ALIAS);
333 check_read_allowed(TEST_ALIAS);
337 // tries to access application data with permission and after permission has been revoked
338 RUNNER_TEST(T3027_manager_allow_deny)
340 ScopedSaveData ssd(TEST_ALIAS);
342 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
344 ScopedLabel sl(TEST_LABEL2);
346 check_remove_denied(TEST_ALIAS);
348 check_read_allowed(TEST_ALIAS);
351 deny_access(TEST_ALIAS, TEST_LABEL2);
353 ScopedLabel sl(TEST_LABEL2);
355 check_remove_denied(TEST_ALIAS);
357 check_read_denied(TEST_ALIAS);
362 // checks if only aliases readable by given app are returned
363 RUNNER_TEST(T3030_manager_get_all_aliases)
365 ScopedSaveData ssd1(TEST_ALIAS);
366 ScopedSaveData ssd2(TEST_ALIAS2);
368 int count = count_aliases();
370 allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
372 ScopedLabel sl(TEST_LABEL2);
374 // check that app can access other aliases when it has permission
375 check_alias_count(count - 1);
377 ScopedSaveData ssd3(TEST_ALIAS3);
379 // check that app can access its own aliases
380 check_alias_count(count - 1 + 1);
383 deny_access(TEST_ALIAS, TEST_LABEL2);
385 ScopedLabel sl(TEST_LABEL2);
387 // check that app can't access other aliases for which permission has been revoked
388 check_alias_count(count - 2);
392 /////////////////////////////////////////////////////////////////////////////
395 // invalid argument check
396 RUNNER_TEST(T3101_control_allow_access_invalid)
399 ret = ckmc_allow_access_by_adm(USER_ROOT, NULL, "alias", "accessor", CKMC_AR_READ);
400 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
401 ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", NULL, "accessor", CKMC_AR_READ);
402 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
403 ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", "alias", NULL, CKMC_AR_READ);
404 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
407 // invalid argument check
408 RUNNER_TEST(T3102_control_deny_access_invalid)
410 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
411 ckmc_deny_access_by_adm(USER_ROOT, NULL, "alias", "accessor"));
412 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
413 ckmc_deny_access_by_adm(USER_ROOT, "owner", NULL, "accessor"));
414 RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
415 ckmc_deny_access_by_adm(USER_ROOT, "owner", "alias", NULL));
418 // tries to allow access for non existing alias
419 RUNNER_TEST(T3103_control_allow_access_non_existing)
421 int ret = ckmc_allow_access_by_adm(USER_ROOT, NO_OWNER, NO_ALIAS, "label", CKMC_AR_READ);
422 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
423 "Allowing access for non existing alias returned " << ret);
426 // tries to deny access for non existing alias
427 RUNNER_TEST(T3104_control_deny_access_non_existing)
429 int ret = ckmc_deny_access_by_adm(USER_ROOT, NO_OWNER, NO_ALIAS, "label");
430 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
431 "Denying access for non existing alias returned " << ret);
434 // tries to deny non existing access
435 RUNNER_TEST(T3105_control_deny_access_non_existing_access)
437 ScopedSaveData ssd(TEST_ALIAS);
439 CharPtr label = get_label();
441 // deny non existing access to existing alias
442 int ret = ckmc_deny_access_by_adm(USER_ROOT, label.get(), TEST_ALIAS, "label");
443 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
444 "Denying non existing access returned: " << ret);
447 // tries to allow application to access its own data
448 RUNNER_TEST(T3106_control_allow_access_to_myself)
450 ScopedSaveData ssd(TEST_ALIAS);
452 CharPtr label = get_label();
453 int ret = ckmc_allow_access(TEST_ALIAS, label.get(), CKMC_AR_READ);
454 RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
455 "Trying to allow myself returned: " << ret);
458 // tries to use admin API as a user
459 RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
461 RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
462 switch_to_storage_user(TEST_LABEL);
463 int ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", "alias", "accessor", CKMC_AR_READ);
464 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
465 "Ordinary user should not be able to use control API. Error " << ret);
468 // tries to use admin API as a user
469 RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
471 RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
472 switch_to_storage_user(TEST_LABEL);
473 int ret = ckmc_deny_access_by_adm(USER_ROOT, "owner", "alias", "accessor");
474 RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
475 "Ordinary user should not be able to use control API. Error " << ret);
478 // tries to read other application data with permission
479 RUNNER_TEST(T3121_control_access_allowed)
481 ScopedSaveData ssd(TEST_ALIAS);
483 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
485 ScopedLabel sl(TEST_LABEL2);
487 check_read_allowed(TEST_ALIAS);
491 // tries to read other application data with permission to read/remove
492 RUNNER_TEST(T3122_control_access_allowed_with_remove)
494 ScopedSaveData ssd(TEST_ALIAS);
496 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
498 ScopedLabel sl(TEST_LABEL2);
500 check_read_allowed(TEST_ALIAS);
504 // tries to remove other application data with permission to read
505 RUNNER_TEST(T3122_control_access_allowed_remove_denied)
507 ScopedSaveData ssd(TEST_ALIAS);
509 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
511 ScopedLabel sl(TEST_LABEL2);
513 check_remove_denied(TEST_ALIAS);
517 // tries to remove other application data with permission
518 RUNNER_TEST(T3125_control_remove_allowed)
520 ScopedSaveData ssd(TEST_ALIAS);
522 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
524 ScopedLabel sl(TEST_LABEL2);
526 check_remove_allowed(TEST_ALIAS);
530 // tries to access other application data after allow function has been called twice with different
532 RUNNER_TEST(T3126_control_double_allow)
534 ScopedSaveData ssd(TEST_ALIAS);
536 // access should be overwritten
537 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
538 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
540 ScopedLabel sl(TEST_LABEL2);
542 check_remove_denied(TEST_ALIAS);
544 check_read_allowed(TEST_ALIAS);
548 // tries to access other application data with permission and after permission has been revoked
549 RUNNER_TEST(T3127_control_allow_deny)
551 ScopedSaveData ssd(TEST_ALIAS);
553 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
555 ScopedLabel sl(TEST_LABEL2);
557 check_remove_denied(TEST_ALIAS);
559 check_read_allowed(TEST_ALIAS);
561 CharPtr label = get_label();
562 deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
564 ScopedLabel sl(TEST_LABEL2);
566 check_remove_denied(TEST_ALIAS);
568 check_read_denied(TEST_ALIAS);
572 // checks if only aliases readable by given app are returned
573 RUNNER_TEST(T3130_control_get_all_aliases)
575 ScopedSaveData ssd1(TEST_ALIAS);
576 ScopedSaveData ssd2(TEST_ALIAS2);
578 int count = count_aliases();
580 allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
582 ScopedLabel sl(TEST_LABEL2);
584 // check that app can access other aliases when it has permission
585 check_alias_count(count - 1);
587 ScopedSaveData ssd3(TEST_ALIAS3);
589 // check that app can access its own aliases
590 check_alias_count(count - 1 + 1);
593 deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
595 ScopedLabel sl(TEST_LABEL2);
597 // check that app can't access other aliases for which permission has been revoked
598 check_alias_count(count - 2);
602 // tries to add access to data in a database of invalid user
603 RUNNER_TEST(T3140_control_allow_invalid_user)
605 ScopedSaveData ssd(TEST_ALIAS);
607 CharPtr label = get_label();
608 int ret = ckmc_allow_access_by_adm(
609 APP_UID, label.get(), TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
610 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
611 "Trying to allow access to invalid user returned: " << ret);
614 // tries to revoke access to data in a database of invalid user
615 RUNNER_TEST(T3141_control_deny_invalid_user)
617 ScopedSaveData ssd(TEST_ALIAS);
619 CharPtr label = get_label();
620 int ret = ckmc_deny_access_by_adm(APP_UID, label.get(), TEST_ALIAS, TEST_LABEL2);
621 RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
622 "Trying to deny access to invalid user returned: " << ret);
626 RUNNER_TEST(T3999_deinit)
629 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)),
631 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)),
633 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)),
635 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)),