Add tests for deprecated access control API.

[Issue#] N/A
[Feature/Bug] bug discovered in the key-manager. This commit verifies bug resolution.
[Problem] deprecated access control API incorrectly mapped values into permissions.
[Solution] fix to key-manager plus appropriate tests in the security-tests.
[Verification] all T300_CKMC_ACCESS_CONTROL_C_API should pass.

Change-Id: I9bc52b0e493bb7dbde14b5793d18d5b924806648

diff --git a/tests/ckm/capi-access_control.cpp b/tests/ckm/capi-access_control.cpp
index 14fccff..9295a07 100644 (file)
--- a/tests/ckm/capi-access_control.cpp
+++ b/tests/ckm/capi-access_control.cpp
@@ -132,6 +132,12 @@ void check_read_not_visible(const char* alias)
     }
 }
 
+void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
+{
+    int ret = ckmc_allow_access(alias, accessor, accessRights);
+    RUNNER_ASSERT_MSG_BT(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret);
+}
+
 void allow_access(const char* alias, const char* accessor, int permissionMask)
 {
     // data removal should revoke this access
@@ -158,6 +164,13 @@ void deny_access_negative(const char* alias, const char* accessor, int expectedC
     RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. Error: " << ret << ", while expected: " << expectedCode);
 }
 
+void allow_access_deprecated_by_adm(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
+{
+    // data removal should revoke this access
+    int ret = ckmc_allow_access_by_adm(USER_ROOT, get_label().get(), alias, accessor, accessRights);
+    RUNNER_ASSERT_MSG_BT(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret);
+}
+
 void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask)
 {
     // data removal should revoke this access
@@ -562,6 +575,64 @@ RUNNER_TEST(T3031_manager_test_decrypt_from_another_label)
     }
 }
 
+// tries to access other application data with permission
+RUNNER_TEST(T3032_manager_deprecated_access_allowed)
+{
+    CharPtr top_label = get_label();
+    ScopedSaveData ssd(TEST_ALIAS);
+
+    allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+    {
+        ScopedLabel sl(TEST_LABEL2);
+
+        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+    }
+}
+
+// tries to read other application data with permission for read/remove
+RUNNER_TEST(T3033_manager_deprecated_access_allowed_with_remove)
+{
+    CharPtr top_label = get_label();
+    ScopedSaveData ssd(TEST_ALIAS);
+
+    allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+    {
+        ScopedLabel sl(TEST_LABEL2);
+
+        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+    }
+}
+
+// tries to remove other application data with permission for reading only
+RUNNER_TEST(T3034_manager_deprecated_access_allowed_remove_denied)
+{
+    CharPtr top_label = get_label();
+    ScopedSaveData ssd(TEST_ALIAS);
+
+    allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+    {
+        ScopedLabel sl(TEST_LABEL2);
+
+        std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+        check_remove_denied(TEST_ALIAS_adr.c_str());
+        check_read_allowed(TEST_ALIAS_adr.c_str());
+    }
+}
+
+// tries to remove other application data with permission
+RUNNER_TEST(T3035_manager_deprecated_remove_allowed)
+{
+    CharPtr top_label = get_label();
+    ScopedSaveData ssd(TEST_ALIAS);
+
+    allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+    {
+        ScopedLabel sl(TEST_LABEL2);
+
+        check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+    }
+}
+
 
 /////////////////////////////////////////////////////////////////////////////
 // Control
@@ -804,6 +875,62 @@ RUNNER_TEST(T3141_control_deny_invalid_user)
                          "Trying to deny access to invalid user returned: " << ret);
 }
 
+// tries to read other application data with permission
+RUNNER_TEST(T3142_control_deprecated_access_allowed)
+{
+    CharPtr top_label = get_label();
+    ScopedSaveData ssd(TEST_ALIAS);
+
+    allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+    {
+        ScopedLabel sl(TEST_LABEL2);
+
+        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+    }
+}
+
+// tries to read other application data with permission to read/remove
+RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove)
+{
+    CharPtr top_label = get_label();
+    ScopedSaveData ssd(TEST_ALIAS);
+
+    allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+    {
+        ScopedLabel sl(TEST_LABEL2);
+
+        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+    }
+}
+
+// tries to remove other application data with permission to read
+RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied)
+{
+    CharPtr top_label = get_label();
+    ScopedSaveData ssd(TEST_ALIAS);
+
+    allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+    {
+        ScopedLabel sl(TEST_LABEL2);
+
+        check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+    }
+}
+
+// tries to remove other application data with permission
+RUNNER_TEST(T3145_control_deprecated_remove_allowed)
+{
+    CharPtr top_label = get_label();
+    ScopedSaveData ssd(TEST_ALIAS);
+
+    allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+    {
+        ScopedLabel sl(TEST_LABEL2);
+
+        check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+    }
+}
+
 
 RUNNER_TEST(T3999_deinit)
 {