CKM: CC mode uses user label to read & write keys.

Buxton does not allow root to modify user owned keys.

Change-Id: I106422a866fb6048ff359721dc30af68153661c8

diff --git a/tests/ckm/cc-mode.cpp b/tests/ckm/cc-mode.cpp
index c54f3a6..e164917 100644 (file)
--- a/tests/ckm/cc-mode.cpp
+++ b/tests/ckm/cc-mode.cpp
@@ -54,17 +54,10 @@ const char* const DISABLED = "Disabled";
 const char* const READY = "Ready";
 const char* const UNSET = "Unset"; // Meaningless value for unset.
 
+const char* const USER_LABEL = "User";
 const char* const CKM_LOCK = "/var/run/key-manager.pid";
 
 
-// disable CC
-/*
- * k.tak: To unset vconf key on runtime is deprecated by vconf key policy.
- *        To make new vconf key on runtime is deprecated by vconf key policy.
- *        vconf key should be installed in package install time.
- */
-int _unset_mdpp_key = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
-
 // Wrapper for mdpp state that restores the original value upon destruction
 class MdppState
 {
@@ -81,24 +74,29 @@ private:
 
 MdppState::MdppState()
 {
+    ScopedLabel sl(USER_LABEL);
     m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
 }
 
 MdppState::~MdppState()
 {
+    ScopedLabel sl(USER_LABEL);
     if (!m_original)
         vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
     else {
         vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
-        free(m_original);
     }
 }
 
 void MdppState::set(const char* const value)
 {
+    ScopedLabel sl(USER_LABEL);
     if (value)
-        RUNNER_ASSERT_MSG(0 == vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value),
-                             "vconf_set() failed");
+    {
+        int ret = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value);
+        RUNNER_ASSERT_MSG(0 == ret,
+                             "vconf_set() failed, ec: " << ret);
+    }
     else
         vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
 }