From: Maciej J. Karpiuk Date: Wed, 25 Feb 2015 09:58:31 +0000 (+0100) Subject: CKM: access control tests use more descriptive error reporting X-Git-Tag: security-manager_5.5_testing~9^2~105 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Ftest%2Fsecurity-tests.git;a=commitdiff_plain;h=13451bd5a015c590865b24e72bcab6ddb340b668 CKM: access control tests use more descriptive error reporting Change-Id: I02ce9162f4833b9a9175e88619a418c0045d0285 --- diff --git a/tests/ckm/capi-access_control.cpp b/tests/ckm/capi-access_control.cpp index ca3d3da..775e053 100644 --- a/tests/ckm/capi-access_control.cpp +++ b/tests/ckm/capi-access_control.cpp @@ -58,7 +58,7 @@ void check_remove_allowed(const char* alias) int ret = ckmc_remove_alias(alias); // remove, but ignore non existing RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret || CKMC_ERROR_DB_ALIAS_UNKNOWN, - "Removing data failed: " << ret); + "Removing data failed: " << CKMCErrorToString(ret)); } void check_remove_denied(const char* alias) @@ -81,7 +81,7 @@ void check_read(const char* alias, const char *label, const char *test_data, int { ckmc_raw_buffer_s* buffer = NULL; int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer); - RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. Expected code: " << expected_code << ", while result code: " << ret); + RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. Expected code: " << expected_code << ", while result: " << CKMCErrorToString(ret)); if(expected_code == CKMC_ERROR_NONE) { @@ -115,7 +115,7 @@ void check_read_not_visible(const char* alias) ckmc_raw_buffer_s* buffer = NULL; int ret = ckmc_get_data(alias, NULL, &buffer); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "App with different label shouldn't have rights to see this data. Error: " << ret); + "App with different label shouldn't have rights to see this data." << CKMCErrorToString(ret)); ckmc_buffer_free(buffer); } } @@ -123,53 +123,53 @@ void check_read_not_visible(const char* alias) void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights) { int ret = ckmc_allow_access(alias, accessor, accessRights); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret)); } void allow_access(const char* alias, const char* accessor, int permissionMask) { // data removal should revoke this access int ret = ckmc_set_permission(alias, accessor, permissionMask); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret)); } void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode) { // data removal should revoke this access int ret = ckmc_set_permission(alias, accessor, permissionMask); - RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned: " << ret << ", while expected: " << expectedCode); + RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned " << CKMCErrorToString(ret) << ", while expected: " << CKMCErrorToString(expectedCode)); } void deny_access(const char* alias, const char* accessor) { int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << ret); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << CKMCErrorToString(ret)); } void deny_access_negative(const char* alias, const char* accessor, int expectedCode) { int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. Error: " << ret << ", while expected: " << expectedCode); + RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. " << CKMCErrorToString(ret) << ", while expected: " << CKMCErrorToString(expectedCode)); } void allow_access_deprecated_by_adm(const char* alias, const char* accessor, ckmc_access_right_e accessRights) { // data removal should revoke this access int ret = ckmc_allow_access_by_adm(USER_ROOT, get_label().get(), alias, accessor, accessRights); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret)); } void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask) { // data removal should revoke this access int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, permissionMask); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret)); } void deny_access_by_adm(const char* alias, const char* accessor) { int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << ret); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret)); } int count_aliases() @@ -179,7 +179,7 @@ int count_aliases() if (ret == CKMC_ERROR_DB_ALIAS_UNKNOWN) return 0; - RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. Error: " << ret); + RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << CKMCErrorToString(ret)); ckmc_alias_list_s *plist = aliasList; int count = 0; @@ -233,14 +233,10 @@ RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API); RUNNER_TEST(T3000_init) { int temp; - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), - "Error=" << temp); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), - "Error=" << temp); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), - "Error=" << temp); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), - "Error=" << temp); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp)); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp)); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp)); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp)); } @@ -267,7 +263,7 @@ RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing) int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Allowing access for non existing alias returned " << ret); + "Allowing access for non existing alias returned " << CKMCErrorToString(ret)); } // tries to deny access for non existing alias @@ -277,7 +273,7 @@ RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing) int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Denying access for non existing alias returned " << ret); + "Denying access for non existing alias returned " << CKMCErrorToString(ret)); } // tries to deny access that does not exist in database @@ -290,7 +286,7 @@ RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access) // deny non existing access to existing alias int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, - "Denying non existing access returned: " << ret); + "Denying non existing access returned: " << CKMCErrorToString(ret)); } // tries to allow access to application own data @@ -303,7 +299,7 @@ RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself) CharPtr label = get_label(); int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, - "Trying to allow myself returned: " << ret); + "Trying to allow myself returned: " << CKMCErrorToString(ret)); } // verifies that alias can not contain forbidden characters @@ -555,8 +551,7 @@ RUNNER_TEST(T3031_manager_test_decrypt_from_another_label) check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); // remove the DKEK key - so that on read it must be added again - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - "Error=" << temp); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), CKMCErrorToString(temp)); // on this read, DKEK key will be added again check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); @@ -659,7 +654,7 @@ RUNNER_TEST(T3103_control_allow_access_non_existing) { int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Allowing access for non existing alias returned " << ret); + "Allowing access for non existing alias returned " << CKMCErrorToString(ret)); } // tries to deny access for non existing alias @@ -667,7 +662,7 @@ RUNNER_TEST(T3104_control_deny_access_non_existing) { int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Denying access for non existing alias returned " << ret); + "Denying access for non existing alias returned " << CKMCErrorToString(ret)); } // tries to deny non existing access @@ -680,7 +675,7 @@ RUNNER_TEST(T3105_control_deny_access_non_existing_access) // deny non existing access to existing alias int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, - "Denying non existing access returned: " << ret); + "Denying non existing access returned: " << CKMCErrorToString(ret)); } // tries to allow application to access its own data @@ -691,7 +686,7 @@ RUNNER_TEST(T3106_control_allow_access_to_myself) CharPtr label = get_label(); int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, - "Trying to allow myself returned: " << ret); + "Trying to allow myself returned: " << CKMCErrorToString(ret)); } // tries to use admin API as a user @@ -700,7 +695,7 @@ RUNNER_CHILD_TEST(T3110_control_allow_access_as_user) switch_to_storage_user(TEST_LABEL); int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret, - "Ordinary user should not be able to use control API. Error " << ret); + "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret)); } // tries to use admin API as a user @@ -709,7 +704,7 @@ RUNNER_CHILD_TEST(T3111_control_allow_access_as_user) switch_to_storage_user(TEST_LABEL); int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret, - "Ordinary user should not be able to use control API. Error " << ret); + "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret)); } // tries to read other application data with permission @@ -850,7 +845,7 @@ RUNNER_TEST(T3140_control_allow_invalid_user) int ret = ckmc_set_permission_by_adm( APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Trying to allow access to invalid user returned: " << ret); + "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret)); } // tries to revoke access to data in a database of invalid user @@ -860,7 +855,7 @@ RUNNER_TEST(T3141_control_deny_invalid_user) int ret = ckmc_set_permission_by_adm(APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Trying to deny access to invalid user returned: " << ret); + "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret)); } // tries to read other application data with permission @@ -923,12 +918,8 @@ RUNNER_TEST(T3145_control_deprecated_remove_allowed) RUNNER_TEST(T3999_deinit) { int temp; - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)), - "Error=" << temp); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), - "Error=" << temp); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)), - "Error=" << temp); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), - "Error=" << temp); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)), CKMCErrorToString(temp)); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp)); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)), CKMCErrorToString(temp)); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp)); }