Symaptic: os/persistentdata/persistentstorage/dbms/tdbms/t_dbplatsec2.cpp@260cb5ec6c19 (annotated)

sl@0	1	// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0	2	// All rights reserved.
sl@0	3	// This component and the accompanying materials are made available
sl@0	4	// under the terms of "Eclipse Public License v1.0"
sl@0	5	// which accompanies this distribution, and is available
sl@0	6	// at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0	7	//
sl@0	8	// Initial Contributors:
sl@0	9	// Nokia Corporation - initial contribution.
sl@0	10	//
sl@0	11	// Contributors:
sl@0	12	//
sl@0	13	// Description:
sl@0	14	// DBMS security policy - testing new APIs.
sl@0	15	// This test app has "WriteUserData" (UID: WRITE) capability, which allows it to
sl@0	16	// write data in some of the tables.
sl@0	17	// The UID policy file is 11335579.spd.
sl@0	18	// The test uses C:TESTDB.DB secure shared database, which has tables A, B and C, each of them
sl@0	19	// with at least one record.
sl@0	20	// Please, ensure that t_dbenvcreate test is executed before t_dbplatsec<N>/t_dbplatsecperf tests!
sl@0	21	// Please, ensure that t_dbenvdestroy test is executed after t_dbplatsec<N>/t_dbplatsecperf tests!
sl@0	22	//
sl@0	23	//
sl@0	24
sl@0	25	#include <e32test.h>
sl@0	26	#include <d32dbms.h>
sl@0	27	#include "t_dbplatsecutl.h"
sl@0	28
sl@0	29	const TUid KSecureDbUid = {0x11335579};
sl@0	30	_LIT(KSecure, "SECURE");
sl@0	31	_LIT(KDbName, "C:TestDB.DB");
sl@0	32	_LIT(KTblNameA, "A");
sl@0	33	_LIT(KTblNameB, "B");
sl@0	34	_LIT(KTblNameC, "C");
sl@0	35	_LIT(KTblNameCC,"CC");
sl@0	36
sl@0	37	static RTest TheTest(_L("t_dbplatsec2: DBMS platform security testing - 2"));
sl@0	38	static RDbs TheDbs;
sl@0	39	static RDbNamedDatabase TheDb;
sl@0	40	static RDbTable TheTbl;
sl@0	41	static RDbView TheView;
sl@0	42
sl@0	43	TDBSCUtils TheDbscUtils(TheTest, NULL);
sl@0	44
sl@0	45	static TColDef const KColumns[]=
sl@0	46	{
sl@0	47	{_S("ID"), EDbColInt32, TDbCol::ENotNull \| TDbCol::EAutoIncrement},
sl@0	48	{_S("DATA1"), EDbColInt32, TDbCol::ENotNull},
sl@0	49	{_S("DATA2"), EDbColInt32, TDbCol::ENotNull},
sl@0	50	{0}
sl@0	51	};
sl@0	52
sl@0	53	/**
sl@0	54	@SYMTestCaseID SYSLIB-DBMS-CT-0012
sl@0	55	@SYMTestCaseDesc Database operations test.
sl@0	56	This test app has "WriteUserData" (UID: WRITE) capability, which allows it to
sl@0	57	write data in some of the tables. Almost all database calls must fail, the caller
sl@0	58	cannot satisfy the database's schema security policy.
sl@0	59	@SYMTestPriority High
sl@0	60	@SYMTestActions Database calls.
sl@0	61	@SYMTestExpectedResults The test must not fail.
sl@0	62	@SYMREQ REQ2429
sl@0	63	DBMS shall provide an API to apply security policies to database tables.
sl@0	64	*/
sl@0	65	static void DbTestL()
sl@0	66	{
sl@0	67	TheTest.Printf(_L("An attempt to delete the database\n"));
sl@0	68	TInt err = TDBSCUtils::DeleteDatabase(TheDbs, KSecureDbUid, KDbName);
sl@0	69	TEST2(err, KErrPermissionDenied);
sl@0	70
sl@0	71	TBuf<32> format;
sl@0	72
sl@0	73	TheTest.Printf(_L("An attempt to create the database\n"));
sl@0	74	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.
sl@0	75	format.Copy(KSecure);
sl@0	76	format.Append(KSecureDbUid.Name());
sl@0	77	err = TheDb.Create(TheDbs, KDbName, format);
sl@0	78	TEST2(err, KErrPermissionDenied);
sl@0	79
sl@0	80	TheTest.Printf(_L("Open database\n"));
sl@0	81	format.Copy(KSecure);
sl@0	82	format.Append(KSecureDbUid.Name());
sl@0	83	err = TheDb.Open(TheDbs, KDbName, format);
sl@0	84	TEST2(err, KErrNone);
sl@0	85
sl@0	86	TheTest.Printf(_L("An attempt to create a table\n"));
sl@0	87	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.
sl@0	88	CDbColSet* colset = TDBSCUtils::CreateColSetLC(KColumns);
sl@0	89	err = TheDb.CreateTable(KTblNameCC, *colset);
sl@0	90	TEST2(err, KErrPermissionDenied);
sl@0	91
sl@0	92	CleanupStack::PopAndDestroy(colset);
sl@0	93
sl@0	94	TheTest.Printf(_L("An attempt to create a table using SQL\n"));
sl@0	95	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.
sl@0	96	err = TheDb.Execute(_L("create table AAAA (id counter)"));
sl@0	97	TEST2(err, KErrPermissionDenied);
sl@0	98
sl@0	99	TheTest.Printf(_L("An attempt to alter a table using SQL\n"));
sl@0	100	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.
sl@0	101	err = TheDb.Execute(_L("alter table A add DATA11 CHAR(20)"));
sl@0	102	TEST2(err, KErrPermissionDenied);
sl@0	103
sl@0	104	_LIT(KColName, "DATA2");
sl@0	105	TheTest.Printf(_L("An attempt to create an index\n"));
sl@0	106	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.
sl@0	107	CDbKey* key = TDBSCUtils::CreateKeyLC(KColName);
sl@0	108	err = TheDb.CreateIndex(KColName, KTblNameA, *key);
sl@0	109	TEST2(err, KErrPermissionDenied);
sl@0	110	CleanupStack::PopAndDestroy(key);
sl@0	111
sl@0	112	TheTest.Printf(_L("An attempt to drop an index\n"));
sl@0	113	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.
sl@0	114	err = TheDb.DropIndex(KColName, KTblNameA);
sl@0	115	TEST2(err, KErrPermissionDenied);
sl@0	116	}
sl@0	117
sl@0	118	/**
sl@0	119	@SYMTestCaseID SYSLIB-DBMS-CT-0013
sl@0	120	@SYMTestCaseDesc Open table test.
sl@0	121	This test app has "WriteUserData" (UID: WRITE) capability, which allows it to
sl@0	122	write data in some of the tables. Some of the calls must fail because the caller has no
sl@0	123	enough rights for the requested operation (for example - the attempts to open some
sl@0	124	of the tables in ready-only mode)
sl@0	125	@SYMTestPriority High
sl@0	126	@SYMTestActions RDBTable::Open() called fon different tables from the test database.
sl@0	127	@SYMTestExpectedResults The test must not fail.
sl@0	128	@SYMREQ REQ2429
sl@0	129	DBMS shall provide an API to apply security policies to database tables.
sl@0	130	*/
sl@0	131	static void TblOpenL()
sl@0	132	{
sl@0	133	TheTest.Printf(_L("An attempt to open table A\n"));
sl@0	134	//The test must pass, because the test app can satisfy table A, policy W.
sl@0	135	TInt err = TheTbl.Open(TheDb, KTblNameA, RDbRowSet::EUpdatable);
sl@0	136	TEST2(err, KErrNone);
sl@0	137	TheTbl.Close();
sl@0	138	//The test must pass, because the test app can satisfy table A, policy W.
sl@0	139	err = TheTbl.Open(TheDb, KTblNameA, RDbRowSet::EInsertOnly);
sl@0	140	TEST2(err, KErrNone);
sl@0	141	TheTbl.Close();
sl@0	142	//The test must fail, because the test app cannot satisfy table A, policy R.
sl@0	143	err = TheTbl.Open(TheDb, KTblNameA, RDbRowSet::EReadOnly);
sl@0	144	TEST2(err, KErrPermissionDenied);
sl@0	145
sl@0	146	TheTest.Printf(_L("An attempt to open table B\n"));
sl@0	147	if(PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement) &&
sl@0	148	PlatSec::IsCapabilityEnforced(ECapabilityWriteDeviceData))
sl@0	149	{
sl@0	150	//The test must fail, because the test app cannot satisfy table B, policy W.
sl@0	151	err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EUpdatable);
sl@0	152	TEST2(err, KErrPermissionDenied);
sl@0	153	//The test must fail, because the test app cannot satisfy table B, policy W.
sl@0	154	err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EInsertOnly);
sl@0	155	TEST2(err, KErrPermissionDenied);
sl@0	156	}
sl@0	157	//The test must pass, because the test app can satisfy table B, policy R.
sl@0	158	err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EReadOnly);
sl@0	159	TEST2(err, KErrNone);
sl@0	160	TheTbl.Close();
sl@0	161
sl@0	162	TheTest.Printf(_L("An attempt to open table C\n"));
sl@0	163	//The test must pass, because the test app can satisfy table C, policy W.
sl@0	164	err = TheTbl.Open(TheDb, KTblNameC, RDbRowSet::EUpdatable);
sl@0	165	TEST2(err, KErrNone);
sl@0	166	TheTbl.Close();
sl@0	167	//The test must pass, because the test app can satisfy table C, policy W.
sl@0	168	err = TheTbl.Open(TheDb, KTblNameC, RDbRowSet::EInsertOnly);
sl@0	169	TEST2(err, KErrNone);
sl@0	170	TheTbl.Close();
sl@0	171	//The test must pass, because the test app can satisfy table C, policy R.
sl@0	172	err = TheTbl.Open(TheDb, KTblNameC, RDbRowSet::EReadOnly);
sl@0	173	TEST2(err, KErrNone);
sl@0	174	TheTbl.Close();
sl@0	175	}
sl@0	176
sl@0	177	/**
sl@0	178	@SYMTestCaseID SYSLIB-DBMS-CT-0014
sl@0	179	@SYMTestCaseDesc R/W operations at a table level.
sl@0	180	This test app has "WriteUserData" (UID: WRITE) capability, which allows it to
sl@0	181	write data in some of the tables. Some of the calls must fail because the caller has no
sl@0	182	enough rights for the requested operation.
sl@0	183	@SYMTestPriority High
sl@0	184	@SYMTestActions R/W operations at a table level.
sl@0	185	@SYMTestExpectedResults The test must not fail.
sl@0	186	@SYMREQ REQ2429
sl@0	187	DBMS shall provide an API to apply security policies to database tables.
sl@0	188	*/
sl@0	189	static void TblRWL()
sl@0	190	{
sl@0	191	TheTest.Printf(_L("Table A - Write\n"));
sl@0	192	TInt err = TheTbl.Open(TheDb, KTblNameA);
sl@0	193	TEST2(err, KErrNone);
sl@0	194	//The test must pass, because the test app can satisfy table A, policy W.
sl@0	195	TRAP(err, TheTbl.InsertL());
sl@0	196	TEST2(err, KErrNone);
sl@0	197	TheTbl.SetColL(2, 100);
sl@0	198	TheTbl.SetColL(3, 200);
sl@0	199	TRAP(err, TheTbl.PutL());
sl@0	200	TEST2(err, KErrNone);
sl@0	201	TInt cnt = TheDb.Execute(_L("UPDATE A SET DATA1 = 400 WHERE ID < 10"));
sl@0	202	TEST(cnt > 0);
sl@0	203
sl@0	204	TheTest.Printf(_L("Table A - Read\n"));
sl@0	205	//The test must fail, because the test app cannot satisfy table A, policy R.
sl@0	206	TBool res = EFalse;
sl@0	207	TRAP(err, res = TheTbl.FirstL());
sl@0	208	TEST2(err, KErrPermissionDenied);
sl@0	209	err = TheView.Prepare(TheDb, TDbQuery(_L("SELECT * FROM A")));
sl@0	210	TEST2(err, KErrPermissionDenied);
sl@0	211	TheView.Close();
sl@0	212
sl@0	213	TheTbl.Close();
sl@0	214
sl@0	215	TheTest.Printf(_L("Table B - Write\n"));
sl@0	216	err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EReadOnly);
sl@0	217	TEST2(err, KErrNone);
sl@0	218	if(PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement) &&
sl@0	219	PlatSec::IsCapabilityEnforced(ECapabilityWriteDeviceData))
sl@0	220	{
sl@0	221	//The test must fail, because the test app cannot satisfy table B, policy W.
sl@0	222	TRAP(err, TheTbl.InsertL());
sl@0	223	TEST2(err, KErrPermissionDenied);
sl@0	224	err = TheDb.Execute(_L("INSERT INTO B (DATA2) VALUES (45)"));
sl@0	225	TEST2(err, KErrPermissionDenied);
sl@0	226	}
sl@0	227
sl@0	228	TheTest.Printf(_L("Table B - Read\n"));
sl@0	229	//The test must pass, because table B has no R policy.
sl@0	230	TRAP(err, res = TheTbl.FirstL());
sl@0	231	TEST2(err, KErrNone);
sl@0	232	TEST(res);
sl@0	233	cnt = TheTbl.CountL();
sl@0	234	TEST(cnt > 0);
sl@0	235	err = TheView.Prepare(TheDb, TDbQuery(_L("SELECT * FROM B")));
sl@0	236	TEST2(err, KErrNone);
sl@0	237	cnt = TheView.CountL();
sl@0	238	TEST(cnt > 0);
sl@0	239	TheView.Close();
sl@0	240
sl@0	241	TheTbl.Close();
sl@0	242
sl@0	243	TheTest.Printf(_L("Table C - Write\n"));
sl@0	244	err = TheTbl.Open(TheDb, KTblNameC);
sl@0	245	TEST2(err, KErrNone);
sl@0	246	//The test must pass, because the test app can satisfy table C, policy W.
sl@0	247	TRAP(err, TheTbl.InsertL());
sl@0	248	TEST2(err, KErrNone);
sl@0	249	TheTbl.SetColL(2, 100);
sl@0	250	TheTbl.SetColL(3, 200);
sl@0	251	TRAP(err, TheTbl.PutL());
sl@0	252	TEST2(err, KErrNone);
sl@0	253	cnt = TheDb.Execute(_L("UPDATE C SET DATA1 = 400 WHERE ID < 10"));
sl@0	254	TEST(cnt > 0);
sl@0	255
sl@0	256	TheTest.Printf(_L("Table C - Read\n"));
sl@0	257	//The test must pass, because table C has no R policy.
sl@0	258	TRAP(err, res = TheTbl.FirstL());
sl@0	259	TEST2(err, KErrNone);
sl@0	260	TEST(res);
sl@0	261	cnt = TheTbl.CountL();
sl@0	262	TEST(cnt > 0);
sl@0	263	err = TheView.Prepare(TheDb, TDbQuery(_L("SELECT * FROM C")));
sl@0	264	TEST2(err, KErrNone);
sl@0	265	cnt = TheView.CountL();
sl@0	266	TEST(cnt > 0);
sl@0	267	TheView.Close();
sl@0	268
sl@0	269	TheTbl.Close();
sl@0	270	}
sl@0	271
sl@0	272	static void DoRunL()
sl@0	273	{
sl@0	274	TheTest.Start(_L("An app with \"UID:WRITE\" capabilities set"));
sl@0	275
sl@0	276	TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-DBMS-CT-0012 Database tests "));
sl@0	277	::DbTestL();
sl@0	278
sl@0	279	TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-DBMS-CT-0013 Open table tests "));
sl@0	280	::TblOpenL();
sl@0	281
sl@0	282	TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-DBMS-CT-0014 Table R/W tests "));
sl@0	283	::TblRWL();
sl@0	284	}
sl@0	285
sl@0	286	TInt E32Main()
sl@0	287	{
sl@0	288	__UHEAP_MARK;
sl@0	289	CTrapCleanup* tc = CTrapCleanup::New();
sl@0	290	TEST(tc != NULL);
sl@0	291
sl@0	292	TInt err = TheDbs.Connect();
sl@0	293	TEST2(err, KErrNone);
sl@0	294
sl@0	295	TRAP(err, ::DoRunL());
sl@0	296	TEST2(err, KErrNone);
sl@0	297
sl@0	298	TheView.Close();
sl@0	299	TheTbl.Close();
sl@0	300	TheDb.Close();
sl@0	301	TheDbs.Close();
sl@0	302
sl@0	303	TheTest.End();
sl@0	304	TheTest.Close();
sl@0	305
sl@0	306	delete tc;
sl@0	307
sl@0	308	__UHEAP_MARKEND;
sl@0	309	User::Heap().Check();
sl@0	310	return KErrNone;
sl@0	311	}

author	sl
	Tue, 10 Jun 2014 14:32:02 +0200
changeset 1	260cb5ec6c19
permissions	-rw-r--r--