void check_remove_allowed(const char* alias)
{
- int ret = ckmc_remove_data(alias);
+ int ret = ckmc_remove_alias(alias);
// remove, but ignore non existing
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret || CKMC_ERROR_DB_ALIAS_UNKNOWN,
"Removing data failed: " << ret);
void check_remove_denied(const char* alias)
{
- int ret = ckmc_remove_data(alias);
+ int ret = ckmc_remove_alias(alias);
RUNNER_ASSERT_MSG(
CKMC_ERROR_PERMISSION_DENIED == ret,
"App with different label shouldn't have rights to remove this data. Error: " << ret);
void check_remove_not_visible(const char* alias)
{
- int ret = ckmc_remove_data(alias);
+ int ret = ckmc_remove_alias(alias);
RUNNER_ASSERT_MSG(
CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"App with different label shouldn't have rights to see this data. Error: " << ret);
void check_read(const char* alias, const char *label, const char *test_data, int expected_code = CKMC_ERROR_NONE)
{
- std::stringstream valid_address;
- if(label != NULL)
- valid_address << label << ckmc_label_name_separator;
- valid_address << alias;
-
ckmc_raw_buffer_s* buffer = NULL;
- int ret = ckmc_get_data(valid_address.str().c_str(), NULL, &buffer);
+ int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer);
RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. Expected code: " << expected_code << ", while result code: " << ret);
if(expected_code == CKMC_ERROR_NONE)
}
}
-void allow_access(const char* alias, const char* accessor, ckmc_access_right_e rights)
+void allow_access(const char* alias, const char* accessor, int permissionMask)
{
// data removal should revoke this access
- int ret = ckmc_allow_access(alias, accessor, rights);
+ int ret = ckmc_set_permission(alias, accessor, permissionMask);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret);
}
-void allow_access_negative(const char* alias, const char* accessor, ckmc_access_right_e rights, int expectedCode)
+void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode)
{
// data removal should revoke this access
- int ret = ckmc_allow_access(alias, accessor, rights);
+ int ret = ckmc_set_permission(alias, accessor, permissionMask);
RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned: " << ret << ", while expected: " << expectedCode);
}
void deny_access_negative(const char* alias, const char* accessor, int expectedCode)
{
- int ret = ckmc_deny_access(alias, accessor);
+ int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. Error: " << ret << ", while expected: " << expectedCode);
}
-void allow_access_by_adm(const char* alias, const char* accessor, ckmc_access_right_e rights)
+void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask)
{
// data removal should revoke this access
- CharPtr label = get_label();
- int ret = ckmc_allow_access_by_adm(USER_ROOT, label.get(), alias, accessor, rights);
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, permissionMask);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret);
}
void deny_access_by_adm(const char* alias, const char* accessor)
{
- CharPtr label = get_label();
- int ret = ckmc_deny_access_by_adm(USER_ROOT, label.get(), alias, accessor);
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << ret);
}
RUNNER_TEST(T3001_manager_allow_access_invalid)
{
RUNNER_ASSERT(
- CKMC_ERROR_INVALID_PARAMETER == ckmc_allow_access(NULL, "accessor", CKMC_AR_READ));
+ CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
RUNNER_ASSERT(
- CKMC_ERROR_INVALID_PARAMETER == ckmc_allow_access("alias", NULL, CKMC_AR_READ));
+ CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_READ));
}
// invalid arguments check
RUNNER_TEST(T3002_manager_deny_access_invalid)
{
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access(NULL, "accessor"));
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access("alias", NULL));
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
}
// tries to allow access for non existing alias
{
switch_to_storage_user(TEST_LABEL);
- int ret = ckmc_allow_access(NO_ALIAS, "label", CKMC_AR_READ);
+ int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Allowing access for non existing alias returned " << ret);
}
{
switch_to_storage_user(TEST_LABEL);
- int ret = ckmc_deny_access(NO_ALIAS, "label");
+ int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Denying access for non existing alias returned " << ret);
}
ScopedSaveData ssd(TEST_ALIAS);
// deny non existing access to existing alias
- int ret = ckmc_deny_access(TEST_ALIAS, "label");
+ int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
"Denying non existing access returned: " << ret);
}
ScopedSaveData ssd(TEST_ALIAS);
CharPtr label = get_label();
- int ret = ckmc_allow_access(TEST_ALIAS, label.get(), CKMC_AR_READ);
+ int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
"Trying to allow myself returned: " << ret);
}
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
ScopedLabel sl(TEST_LABEL2);
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
ScopedLabel sl(TEST_LABEL2);
ScopedSaveData ssd(TEST_ALIAS);
// access should be overwritten
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
const char *additional_data = "label-2-data";
ScopedSaveData ssd(TEST_ALIAS);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
ScopedSaveData ssd(TEST_ALIAS, additional_data);
- allow_access(TEST_ALIAS, top_label.get(), CKMC_AR_READ);
+ allow_access(TEST_ALIAS, top_label.get(), CKMC_PERMISSION_READ);
// test if accessing valid alias (of label2 domain)
check_read_allowed(TEST_ALIAS, additional_data);
{
ScopedLabel sl(TEST_LABEL);
ScopedSaveData ssd(TEST_ALIAS);
- allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_AR_READ_REMOVE);
+ allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
ScopedLabel sl(TEST_LABEL2);
- // create address to the other label's alias
- std::stringstream valid_address;
- valid_address << TEST_LABEL << ckmc_label_name_separator;
- valid_address << TEST_ALIAS;
-
- allow_access_negative(valid_address.str().c_str(), TEST_LABEL4, CKMC_AR_READ_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
- deny_access_negative(valid_address.str().c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED);
+ allow_access_negative(aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
+ deny_access_negative (aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED);
}
}
int count = count_aliases();
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
RUNNER_TEST(T3101_control_allow_access_invalid)
{
int ret;
- ret = ckmc_allow_access_by_adm(USER_ROOT, NULL, "alias", "accessor", CKMC_AR_READ);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
- ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", NULL, "accessor", CKMC_AR_READ);
+ ret = ckmc_set_permission_by_adm(USER_ROOT, "alias", "accessor", CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
- ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", "alias", NULL, CKMC_AR_READ);
+ ret = ckmc_set_permission_by_adm(USER_ROOT, "owner alias", NULL, CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
// double owner
- CharPtr label = get_label();
- std::stringstream helper;
- helper << label.get() << ckmc_label_name_separator << TEST_ALIAS;
- ret = ckmc_allow_access_by_adm(USER_ROOT, "another-owner", helper.str().c_str(), TEST_LABEL, CKMC_AR_READ);
+ std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
+ ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
}
RUNNER_TEST(T3102_control_deny_access_invalid)
{
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_deny_access_by_adm(USER_ROOT, NULL, "alias", "accessor"));
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_deny_access_by_adm(USER_ROOT, "owner", NULL, "accessor"));
+ ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NULL, "alias").c_str(), "accessor", CKMC_PERMISSION_NONE));
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_deny_access_by_adm(USER_ROOT, "owner", "alias", NULL));
+ ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), NULL, CKMC_PERMISSION_NONE));
// double owner
- CharPtr label = get_label();
- std::stringstream helper;
- helper << label.get() << ckmc_label_name_separator << TEST_ALIAS;
+ std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_deny_access_by_adm(USER_ROOT, "another-owner", helper.str().c_str(), TEST_LABEL));
+ ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_NONE));
}
// tries to allow access for non existing alias
RUNNER_TEST(T3103_control_allow_access_non_existing)
{
- int ret = ckmc_allow_access_by_adm(USER_ROOT, NO_OWNER, NO_ALIAS, "label", CKMC_AR_READ);
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Allowing access for non existing alias returned " << ret);
}
// tries to deny access for non existing alias
RUNNER_TEST(T3104_control_deny_access_non_existing)
{
- int ret = ckmc_deny_access_by_adm(USER_ROOT, NO_OWNER, NO_ALIAS, "label");
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Denying access for non existing alias returned " << ret);
}
CharPtr label = get_label();
// deny non existing access to existing alias
- int ret = ckmc_deny_access_by_adm(USER_ROOT, label.get(), TEST_ALIAS, "label");
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
"Denying non existing access returned: " << ret);
}
ScopedSaveData ssd(TEST_ALIAS);
CharPtr label = get_label();
- int ret = ckmc_allow_access(TEST_ALIAS, label.get(), CKMC_AR_READ);
+ int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
"Trying to allow myself returned: " << ret);
}
RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
{
switch_to_storage_user(TEST_LABEL);
- int ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", "alias", "accessor", CKMC_AR_READ);
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
"Ordinary user should not be able to use control API. Error " << ret);
}
RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
{
switch_to_storage_user(TEST_LABEL);
- int ret = ckmc_deny_access_by_adm(USER_ROOT, "owner", "alias", "accessor");
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
"Ordinary user should not be able to use control API. Error " << ret);
}
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
ScopedLabel sl(TEST_LABEL2);
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
ScopedLabel sl(TEST_LABEL2);
ScopedSaveData ssd(TEST_ALIAS);
// access should be overwritten
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
int count = count_aliases();
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
{
ScopedLabel sl(TEST_LABEL2);
{
ScopedSaveData ssd(TEST_ALIAS);
- CharPtr label = get_label();
- int ret = ckmc_allow_access_by_adm(
- APP_UID, label.get(), TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ int ret = ckmc_set_permission_by_adm(
+ APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Trying to allow access to invalid user returned: " << ret);
}
{
ScopedSaveData ssd(TEST_ALIAS);
- CharPtr label = get_label();
- int ret = ckmc_deny_access_by_adm(APP_UID, label.get(), TEST_ALIAS, TEST_LABEL2);
+ int ret = ckmc_set_permission_by_adm(APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Trying to deny access to invalid user returned: " << ret);
}