From: Maciej J. Karpiuk Date: Wed, 17 Dec 2014 14:31:39 +0000 (+0100) Subject: CAPI changes (set permission, remove alias): tests adjusted. X-Git-Tag: security-manager_5.5_testing~9^2~130 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Ftest%2Fsecurity-tests.git;a=commitdiff_plain;h=b1086889d29d845bdf73e1d5e1cea7254ce5f420 CAPI changes (set permission, remove alias): tests adjusted. Change-Id: I1601606f9e4303d83b9840082c7093d9ac751b0a --- diff --git a/tests/ckm/async-api.cpp b/tests/ckm/async-api.cpp index cf2a656..ded20be 100644 --- a/tests/ckm/async-api.cpp +++ b/tests/ckm/async-api.cpp @@ -144,13 +144,6 @@ struct KeyPair typedef map > KeyMap; -std::string format_full_label_alias(const std::string &label, const std::string &alias) -{ - std::stringstream ss; - ss << label << std::string(ckmc_label_name_separator) << alias; - return ss.str(); -} - KeyMap initializeKeys() { @@ -687,14 +680,14 @@ RUNNER_CHILD_TEST(TA0950_get_key_alias_vector_positive) DBCleanup dbc; test_positive(&ManagerAsync::saveKey, dbc.alias("alias1"), keys[RSA][0].prv, Policy()); - test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias1"))) }); + test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) }); test_positive(&ManagerAsync::saveKey, dbc.alias("alias2"), keys[DSA][0].prv, Policy()); - test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias1"))), - format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias2"))) }); + test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")), + aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) }); test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1")); - test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias2"))) }); + test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) }); } @@ -712,14 +705,14 @@ RUNNER_CHILD_TEST(TA1050_get_cert_alias_vector_positive) DBCleanup dbc; test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias1"), certs[0], Policy()); - test_check_aliases(&ManagerAsync::getCertificateAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias1"))) }); + test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) }); test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias2"), certs[1], Policy()); - test_check_aliases(&ManagerAsync::getCertificateAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias1"))), - format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias2"))) }); + test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")), + aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) }); test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1")); - test_check_aliases(&ManagerAsync::getCertificateAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias2"))) }); + test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) }); } @@ -737,14 +730,14 @@ RUNNER_CHILD_TEST(TA1150_get_data_alias_vector_positive) DBCleanup dbc; test_positive(&ManagerAsync::saveData, dbc.alias("alias1"), test_buffer, Policy()); - test_check_aliases(&ManagerAsync::getDataAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias1"))) }); + test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) }); test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy()); - test_check_aliases(&ManagerAsync::getDataAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias1"))), - format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias2"))) }); + test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")), + aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) }); test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1")); - test_check_aliases(&ManagerAsync::getDataAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias2"))) }); + test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) }); } @@ -788,8 +781,8 @@ RUNNER_CHILD_TEST(TA1250_create_key_pair_rsa_positive) Policy(), Policy()); - test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias_prv"))), - format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias_pub"))) }); + test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")), + aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) }); } // createKeyPairDSA @@ -832,8 +825,8 @@ RUNNER_CHILD_TEST(TA1290_create_key_pair_dsa_positive) Policy(), Policy()); - test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias_prv"))), - format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias_pub"))) }); + test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")), + aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) }); } // createKeyPairECDSA @@ -876,8 +869,8 @@ RUNNER_CHILD_TEST(TA1350_create_key_pair_ecdsa_positive) Policy(), Policy()); - test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias_prv"))), - format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.alias("alias_pub"))) }); + test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")), + aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) }); } @@ -1167,9 +1160,9 @@ RUNNER_CHILD_TEST(TA1810_allow_access_invalid_param) { switch_to_storage_user(TEST_LABEL); - test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", Permission::READ_REMOVE); - test_invalid_param(&ManagerAsync::setPermission, "", "accessor", Permission::READ_REMOVE); - test_invalid_param(&ManagerAsync::setPermission, "alias", "", Permission::READ_REMOVE); + test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE); + test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE); + test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE); } RUNNER_TEST(TA1820_allow_access) @@ -1182,11 +1175,11 @@ RUNNER_TEST(TA1820_allow_access) test_positive(&ManagerAsync::setPermission, dbc.alias("alias2"), TEST_LABEL, - Permission::READ); + CKM::Permission::READ); test_positive(&ManagerAsync::setPermission, dbc.alias("alias3"), TEST_LABEL, - Permission::READ_REMOVE); + CKM::Permission::READ | CKM::Permission::REMOVE); { ScopedLabel label(TEST_LABEL); @@ -1226,7 +1219,7 @@ RUNNER_TEST(TA1920_deny_access) test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, - Permission::READ_REMOVE); + CKM::Permission::READ | CKM::Permission::REMOVE); test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE); { diff --git a/tests/ckm/capi-access_control.cpp b/tests/ckm/capi-access_control.cpp index e29e0a7..14fccff 100644 --- a/tests/ckm/capi-access_control.cpp +++ b/tests/ckm/capi-access_control.cpp @@ -55,7 +55,7 @@ void save_data(const char* alias) void check_remove_allowed(const char* alias) { - int ret = ckmc_remove_data(alias); + int ret = ckmc_remove_alias(alias); // remove, but ignore non existing RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret || CKMC_ERROR_DB_ALIAS_UNKNOWN, "Removing data failed: " << ret); @@ -63,7 +63,7 @@ void check_remove_allowed(const char* alias) void check_remove_denied(const char* alias) { - int ret = ckmc_remove_data(alias); + int ret = ckmc_remove_alias(alias); RUNNER_ASSERT_MSG( CKMC_ERROR_PERMISSION_DENIED == ret, "App with different label shouldn't have rights to remove this data. Error: " << ret); @@ -71,7 +71,7 @@ void check_remove_denied(const char* alias) void check_remove_not_visible(const char* alias) { - int ret = ckmc_remove_data(alias); + int ret = ckmc_remove_alias(alias); RUNNER_ASSERT_MSG( CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "App with different label shouldn't have rights to see this data. Error: " << ret); @@ -79,13 +79,8 @@ void check_remove_not_visible(const char* alias) void check_read(const char* alias, const char *label, const char *test_data, int expected_code = CKMC_ERROR_NONE) { - std::stringstream valid_address; - if(label != NULL) - valid_address << label << ckmc_label_name_separator; - valid_address << alias; - ckmc_raw_buffer_s* buffer = NULL; - int ret = ckmc_get_data(valid_address.str().c_str(), NULL, &buffer); + int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer); RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. Expected code: " << expected_code << ", while result code: " << ret); if(expected_code == CKMC_ERROR_NONE) @@ -137,17 +132,17 @@ void check_read_not_visible(const char* alias) } } -void allow_access(const char* alias, const char* accessor, ckmc_access_right_e rights) +void allow_access(const char* alias, const char* accessor, int permissionMask) { // data removal should revoke this access - int ret = ckmc_allow_access(alias, accessor, rights); + int ret = ckmc_set_permission(alias, accessor, permissionMask); RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret); } -void allow_access_negative(const char* alias, const char* accessor, ckmc_access_right_e rights, int expectedCode) +void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode) { // data removal should revoke this access - int ret = ckmc_allow_access(alias, accessor, rights); + int ret = ckmc_set_permission(alias, accessor, permissionMask); RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned: " << ret << ", while expected: " << expectedCode); } @@ -159,22 +154,20 @@ void deny_access(const char* alias, const char* accessor) void deny_access_negative(const char* alias, const char* accessor, int expectedCode) { - int ret = ckmc_deny_access(alias, accessor); + int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. Error: " << ret << ", while expected: " << expectedCode); } -void allow_access_by_adm(const char* alias, const char* accessor, ckmc_access_right_e rights) +void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask) { // data removal should revoke this access - CharPtr label = get_label(); - int ret = ckmc_allow_access_by_adm(USER_ROOT, label.get(), alias, accessor, rights); + int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, permissionMask); RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << ret); } void deny_access_by_adm(const char* alias, const char* accessor) { - CharPtr label = get_label(); - int ret = ckmc_deny_access_by_adm(USER_ROOT, label.get(), alias, accessor); + int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << ret); } @@ -254,16 +247,16 @@ RUNNER_TEST(T3000_init) RUNNER_TEST(T3001_manager_allow_access_invalid) { RUNNER_ASSERT( - CKMC_ERROR_INVALID_PARAMETER == ckmc_allow_access(NULL, "accessor", CKMC_AR_READ)); + CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ)); RUNNER_ASSERT( - CKMC_ERROR_INVALID_PARAMETER == ckmc_allow_access("alias", NULL, CKMC_AR_READ)); + CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_READ)); } // invalid arguments check RUNNER_TEST(T3002_manager_deny_access_invalid) { - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access(NULL, "accessor")); - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_deny_access("alias", NULL)); + RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE)); + RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE)); } // tries to allow access for non existing alias @@ -271,7 +264,7 @@ RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing) { switch_to_storage_user(TEST_LABEL); - int ret = ckmc_allow_access(NO_ALIAS, "label", CKMC_AR_READ); + int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "Allowing access for non existing alias returned " << ret); } @@ -281,7 +274,7 @@ RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing) { switch_to_storage_user(TEST_LABEL); - int ret = ckmc_deny_access(NO_ALIAS, "label"); + int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "Denying access for non existing alias returned " << ret); } @@ -294,7 +287,7 @@ RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access) ScopedSaveData ssd(TEST_ALIAS); // deny non existing access to existing alias - int ret = ckmc_deny_access(TEST_ALIAS, "label"); + int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, "Denying non existing access returned: " << ret); } @@ -307,7 +300,7 @@ RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself) ScopedSaveData ssd(TEST_ALIAS); CharPtr label = get_label(); - int ret = ckmc_allow_access(TEST_ALIAS, label.get(), CKMC_AR_READ); + int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, "Trying to allow myself returned: " << ret); } @@ -376,7 +369,7 @@ RUNNER_TEST(T3021_manager_access_allowed) CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -390,7 +383,7 @@ RUNNER_TEST(T3022_manager_access_allowed_with_remove) CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); { ScopedLabel sl(TEST_LABEL2); @@ -404,7 +397,7 @@ RUNNER_TEST(T3023_manager_access_allowed_remove_denied) CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -420,7 +413,7 @@ RUNNER_TEST(T3025_manager_remove_allowed) CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); { ScopedLabel sl(TEST_LABEL2); @@ -436,8 +429,8 @@ RUNNER_TEST(T3026_manager_double_allow) ScopedSaveData ssd(TEST_ALIAS); // access should be overwritten - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -455,7 +448,7 @@ RUNNER_TEST(T3027_manager_allow_deny) std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -478,11 +471,11 @@ RUNNER_TEST(T3028_manager_access_by_label) const char *additional_data = "label-2-data"; ScopedSaveData ssd(TEST_ALIAS); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); ScopedSaveData ssd(TEST_ALIAS, additional_data); - allow_access(TEST_ALIAS, top_label.get(), CKMC_AR_READ); + allow_access(TEST_ALIAS, top_label.get(), CKMC_PERMISSION_READ); // test if accessing valid alias (of label2 domain) check_read_allowed(TEST_ALIAS, additional_data); @@ -509,17 +502,12 @@ RUNNER_TEST(T3029_manager_access_modification_by_foreign_label) { ScopedLabel sl(TEST_LABEL); ScopedSaveData ssd(TEST_ALIAS); - allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_AR_READ_REMOVE); + allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); { ScopedLabel sl(TEST_LABEL2); - // create address to the other label's alias - std::stringstream valid_address; - valid_address << TEST_LABEL << ckmc_label_name_separator; - valid_address << TEST_ALIAS; - - allow_access_negative(valid_address.str().c_str(), TEST_LABEL4, CKMC_AR_READ_REMOVE, CKMC_ERROR_PERMISSION_DENIED); - deny_access_negative(valid_address.str().c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED); + allow_access_negative(aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED); + deny_access_negative (aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED); } } @@ -531,7 +519,7 @@ RUNNER_TEST(T3030_manager_get_all_aliases) int count = count_aliases(); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -559,7 +547,7 @@ RUNNER_TEST(T3031_manager_test_decrypt_from_another_label) CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -582,18 +570,14 @@ RUNNER_TEST(T3031_manager_test_decrypt_from_another_label) RUNNER_TEST(T3101_control_allow_access_invalid) { int ret; - ret = ckmc_allow_access_by_adm(USER_ROOT, NULL, "alias", "accessor", CKMC_AR_READ); - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret); - ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", NULL, "accessor", CKMC_AR_READ); + ret = ckmc_set_permission_by_adm(USER_ROOT, "alias", "accessor", CKMC_PERMISSION_READ); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret); - ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", "alias", NULL, CKMC_AR_READ); + ret = ckmc_set_permission_by_adm(USER_ROOT, "owner alias", NULL, CKMC_PERMISSION_READ); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret); // double owner - CharPtr label = get_label(); - std::stringstream helper; - helper << label.get() << ckmc_label_name_separator << TEST_ALIAS; - ret = ckmc_allow_access_by_adm(USER_ROOT, "another-owner", helper.str().c_str(), TEST_LABEL, CKMC_AR_READ); + std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS); + ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_READ); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret); } @@ -601,24 +585,20 @@ RUNNER_TEST(T3101_control_allow_access_invalid) RUNNER_TEST(T3102_control_deny_access_invalid) { RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == - ckmc_deny_access_by_adm(USER_ROOT, NULL, "alias", "accessor")); - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == - ckmc_deny_access_by_adm(USER_ROOT, "owner", NULL, "accessor")); + ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NULL, "alias").c_str(), "accessor", CKMC_PERMISSION_NONE)); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == - ckmc_deny_access_by_adm(USER_ROOT, "owner", "alias", NULL)); + ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), NULL, CKMC_PERMISSION_NONE)); // double owner - CharPtr label = get_label(); - std::stringstream helper; - helper << label.get() << ckmc_label_name_separator << TEST_ALIAS; + std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == - ckmc_deny_access_by_adm(USER_ROOT, "another-owner", helper.str().c_str(), TEST_LABEL)); + ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_NONE)); } // tries to allow access for non existing alias RUNNER_TEST(T3103_control_allow_access_non_existing) { - int ret = ckmc_allow_access_by_adm(USER_ROOT, NO_OWNER, NO_ALIAS, "label", CKMC_AR_READ); + int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "Allowing access for non existing alias returned " << ret); } @@ -626,7 +606,7 @@ RUNNER_TEST(T3103_control_allow_access_non_existing) // tries to deny access for non existing alias RUNNER_TEST(T3104_control_deny_access_non_existing) { - int ret = ckmc_deny_access_by_adm(USER_ROOT, NO_OWNER, NO_ALIAS, "label"); + int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "Denying access for non existing alias returned " << ret); } @@ -639,7 +619,7 @@ RUNNER_TEST(T3105_control_deny_access_non_existing_access) CharPtr label = get_label(); // deny non existing access to existing alias - int ret = ckmc_deny_access_by_adm(USER_ROOT, label.get(), TEST_ALIAS, "label"); + int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, "Denying non existing access returned: " << ret); } @@ -650,7 +630,7 @@ RUNNER_TEST(T3106_control_allow_access_to_myself) ScopedSaveData ssd(TEST_ALIAS); CharPtr label = get_label(); - int ret = ckmc_allow_access(TEST_ALIAS, label.get(), CKMC_AR_READ); + int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, "Trying to allow myself returned: " << ret); } @@ -659,7 +639,7 @@ RUNNER_TEST(T3106_control_allow_access_to_myself) RUNNER_CHILD_TEST(T3110_control_allow_access_as_user) { switch_to_storage_user(TEST_LABEL); - int ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", "alias", "accessor", CKMC_AR_READ); + int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret, "Ordinary user should not be able to use control API. Error " << ret); } @@ -668,7 +648,7 @@ RUNNER_CHILD_TEST(T3110_control_allow_access_as_user) RUNNER_CHILD_TEST(T3111_control_allow_access_as_user) { switch_to_storage_user(TEST_LABEL); - int ret = ckmc_deny_access_by_adm(USER_ROOT, "owner", "alias", "accessor"); + int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret, "Ordinary user should not be able to use control API. Error " << ret); } @@ -679,7 +659,7 @@ RUNNER_TEST(T3121_control_access_allowed) CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -693,7 +673,7 @@ RUNNER_TEST(T3122_control_access_allowed_with_remove) CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); { ScopedLabel sl(TEST_LABEL2); @@ -707,7 +687,7 @@ RUNNER_TEST(T3122_control_access_allowed_remove_denied) CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -721,7 +701,7 @@ RUNNER_TEST(T3125_control_remove_allowed) CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); { ScopedLabel sl(TEST_LABEL2); @@ -737,8 +717,8 @@ RUNNER_TEST(T3126_control_double_allow) ScopedSaveData ssd(TEST_ALIAS); // access should be overwritten - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -756,7 +736,7 @@ RUNNER_TEST(T3127_control_allow_deny) std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS); - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -781,7 +761,7 @@ RUNNER_TEST(T3130_control_get_all_aliases) int count = count_aliases(); - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); { ScopedLabel sl(TEST_LABEL2); @@ -808,9 +788,8 @@ RUNNER_TEST(T3140_control_allow_invalid_user) { ScopedSaveData ssd(TEST_ALIAS); - CharPtr label = get_label(); - int ret = ckmc_allow_access_by_adm( - APP_UID, label.get(), TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + int ret = ckmc_set_permission_by_adm( + APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "Trying to allow access to invalid user returned: " << ret); } @@ -820,8 +799,7 @@ RUNNER_TEST(T3141_control_deny_invalid_user) { ScopedSaveData ssd(TEST_ALIAS); - CharPtr label = get_label(); - int ret = ckmc_deny_access_by_adm(APP_UID, label.get(), TEST_ALIAS, TEST_LABEL2); + int ret = ckmc_set_permission_by_adm(APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "Trying to deny access to invalid user returned: " << ret); }