const char* APP_PASS = "user-pass";
const char* TEST_ALIAS = "test-alias";
-const char* SYSTEM_LABEL = "/";
-const char* TEST_SYSTEM_ALIAS = "/ test-alias";
-const char* TEST_SYSTEM_ALIAS_2 = "/ test-alias-2";
+const char* SYSTEM_LABEL = ckmc_label_shared_owner;
+const char* INVALID_LABEL = "coco-jumbo";
+std::string TEST_SYSTEM_ALIAS = aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS);
+std::string TEST_SYSTEM_ALIAS_2 = aliasWithLabel(SYSTEM_LABEL, "test-alias-2");
const char* TEST_LABEL = "test-label";
const char* TEST_LABEL_2 = "test-label-2";
// [prepare]
remove_user_data(USER_APP);
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
{
}
}
+RUNNER_TEST(T5030_CLIENT_APP_TRY_ADDING_SYSTEM_ITEM)
+{
+ // [test]
+ // switch to user app, unlock DB
+ // try to add item to system DB - expect fail
+
+ // [prepare]
+ remove_user_data(USER_APP);
+
+ // [test]
+ {
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
+ }
+}
+
RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION)
{
// [prepare]
// [prepare]
remove_user_data(USER_APP);
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
{
// [prepare]
remove_user_data(USER_APP);
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
// [test]
{
// [prepare]
remove_user_data(USER_APP);
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
{
}
// [prepare2]
- check_remove_allowed(TEST_SYSTEM_ALIAS);
+ check_remove_allowed(TEST_SYSTEM_ALIAS.c_str());
// [test2]
{
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
ScopedSaveData ssdsystem_user(TEST_ALIAS, TEST_DATA);
- ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS, TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
+ ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
}
// [prepare]
remove_user_data(USER_APP);
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
{
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- check_remove_denied(TEST_SYSTEM_ALIAS);
+ check_remove_denied(TEST_SYSTEM_ALIAS.c_str());
}
}
// [prepare]
remove_user_data(USER_APP);
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
- gc.save(TEST_SYSTEM_ALIAS_2, TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ gc.save(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
- check_alias_list({TEST_SYSTEM_ALIAS, TEST_SYSTEM_ALIAS_2});
+ check_alias_list({TEST_SYSTEM_ALIAS.c_str(), TEST_SYSTEM_ALIAS_2.c_str()});
// [test2]
{
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
ScopedSaveData user_data(TEST_ALIAS, TEST_DATA);
- check_alias_list({TEST_SYSTEM_ALIAS,
+ check_alias_list({TEST_SYSTEM_ALIAS.c_str(),
aliasWithLabel(TEST_LABEL, TEST_ALIAS)});
}
}
// [prepare]
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
// [test]
- allow_access_negative(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER);
+ allow_access_negative(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER);
}
RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB)
// [prepare]
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
// [test]
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
// [prepare]
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
// [test]
{
ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2);
// [test]
- ScopedSaveData ssd(TEST_SYSTEM_ALIAS, TEST_DATA);
+ ScopedSaveData ssd(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
}
}
// [prepare]
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
// [test]
{
// [prepare]
GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
// [test]
{
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
}
}
+
+RUNNER_TEST(T5045_SYSTEM_DB_ADD_WITH_INVALID_LABEL)
+{
+ // [prepare]
+ // start as system service
+ // [test]
+ // try to add item to system DB using wrong label - expect fail
+ // try to add item using explicit system label - expect success
+
+ // [prepare]
+ remove_user_data(USER_APP);
+
+ // [test]
+ save_data(aliasWithLabel(INVALID_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ check_read(TEST_ALIAS, INVALID_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
+
+ save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA);
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
+}
projects / platform / core / test / security-tests.git / commitdiff