MercurialSymaptic / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
os/persistentdata/persistentstorage/dbms/tdbms/t_dbplatsec2.cpp
author sl
Tue, 10 Jun 2014 14:32:02 +0200
changeset 1 260cb5ec6c19
permissions -rw-r--r--
Update contrib. 
     1 // Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).

     2 // All rights reserved.

     3 // This component and the accompanying materials are made available

     4 // under the terms of "Eclipse Public License v1.0"

     5 // which accompanies this distribution, and is available

     6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".

     7 //

     8 // Initial Contributors:

     9 // Nokia Corporation - initial contribution.

    10 //

    11 // Contributors:

    12 //

    13 // Description:

    14 // DBMS security policy - testing new APIs.

    15 // This test app has "WriteUserData" (UID: WRITE) capability, which allows it to

    16 // write data in some of the tables.

    17 // The UID policy file is 11335579.spd.

    18 // The test uses C:TESTDB.DB secure shared database, which has tables A, B and C, each of them

    19 // with at least one record.

    20 // Please, ensure that t_dbenvcreate test is executed before t_dbplatsec<N>/t_dbplatsecperf tests!

    21 // Please, ensure that t_dbenvdestroy test is executed after t_dbplatsec<N>/t_dbplatsecperf tests!

    22 // 

    23 //

    24 

    25 #include <e32test.h>

    26 #include <d32dbms.h>

    27 #include "t_dbplatsecutl.h"

    28 

    29 const TUid KSecureDbUid = {0x11335579};

    30 _LIT(KSecure,	"SECURE");

    31 _LIT(KDbName,	"C:TestDB.DB");

    32 _LIT(KTblNameA,	"A");

    33 _LIT(KTblNameB,	"B");

    34 _LIT(KTblNameC,	"C");

    35 _LIT(KTblNameCC,"CC");

    36 

    37 static RTest 				TheTest(_L("t_dbplatsec2: DBMS platform security testing - 2"));

    38 static RDbs 				TheDbs;

    39 static RDbNamedDatabase 	TheDb;

    40 static RDbTable 			TheTbl;

    41 static RDbView 				TheView;

    42 

    43 TDBSCUtils 	TheDbscUtils(TheTest, NULL);

    44 

    45 static TColDef const KColumns[]=

    46 	{

    47 	{_S("ID"), EDbColInt32, TDbCol::ENotNull | TDbCol::EAutoIncrement},

    48 	{_S("DATA1"), EDbColInt32, TDbCol::ENotNull},

    49 	{_S("DATA2"), EDbColInt32, TDbCol::ENotNull},

    50 	{0}

    51 	};

    52 

    53 /**

    54 @SYMTestCaseID SYSLIB-DBMS-CT-0012

    55 @SYMTestCaseDesc Database operations test.

    56 				 This test app has "WriteUserData" (UID: WRITE) capability, which allows it to

    57 				 write data in some of the tables. Almost all database calls must fail, the caller

    58 				 cannot satisfy the database's schema security policy.

    59 @SYMTestPriority High

    60 @SYMTestActions  Database calls.

    61 @SYMTestExpectedResults The test must not fail.

    62 @SYMREQ REQ2429

    63                  DBMS shall provide an API to apply security policies to database tables.

    64 */

    65 static void DbTestL()

    66 	{

    67 	TheTest.Printf(_L("An attempt to delete the database\n"));

    68 	TInt err = TDBSCUtils::DeleteDatabase(TheDbs, KSecureDbUid, KDbName);

    69 	TEST2(err, KErrPermissionDenied);

    70 

    71 	TBuf<32> format;

    72 

    73 	TheTest.Printf(_L("An attempt to create the database\n"));

    74 	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.

    75 	format.Copy(KSecure);

    76 	format.Append(KSecureDbUid.Name());

    77 	err = TheDb.Create(TheDbs, KDbName, format);

    78 	TEST2(err, KErrPermissionDenied);

    79 

    80 	TheTest.Printf(_L("Open database\n"));

    81 	format.Copy(KSecure);

    82 	format.Append(KSecureDbUid.Name());

    83 	err = TheDb.Open(TheDbs, KDbName, format);

    84 	TEST2(err, KErrNone);

    85 

    86 	TheTest.Printf(_L("An attempt to create a table\n"));

    87 	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.

    88 	CDbColSet* colset = TDBSCUtils::CreateColSetLC(KColumns);

    89 	err = TheDb.CreateTable(KTblNameCC, *colset);

    90 	TEST2(err, KErrPermissionDenied);

    91 

    92 	CleanupStack::PopAndDestroy(colset);

    93 

    94 	TheTest.Printf(_L("An attempt to create a table using SQL\n"));

    95 	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.

    96 	err = TheDb.Execute(_L("create table AAAA (id counter)"));

    97 	TEST2(err, KErrPermissionDenied);

    98 

    99 	TheTest.Printf(_L("An attempt to alter a table using SQL\n"));

   100 	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.

   101 	err = TheDb.Execute(_L("alter table A add DATA11 CHAR(20)"));

   102 	TEST2(err, KErrPermissionDenied);

   103 

   104 	_LIT(KColName, "DATA2");

   105 	TheTest.Printf(_L("An attempt to create an index\n"));

   106 	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.

   107 	CDbKey* key = TDBSCUtils::CreateKeyLC(KColName);

   108 	err = TheDb.CreateIndex(KColName, KTblNameA, *key);

   109 	TEST2(err, KErrPermissionDenied);

   110 	CleanupStack::PopAndDestroy(key);

   111 

   112 	TheTest.Printf(_L("An attempt to drop an index\n"));

   113 	//The test must fail, because the test app cannot satisfy KSecureDbUid uid, policy S.

   114 	err = TheDb.DropIndex(KColName, KTblNameA);

   115 	TEST2(err, KErrPermissionDenied);

   116 	}

   117 

   118 /**

   119 @SYMTestCaseID SYSLIB-DBMS-CT-0013

   120 @SYMTestCaseDesc Open table test.

   121 				 This test app has "WriteUserData" (UID: WRITE) capability, which allows it to

   122 				 write data in some of the tables. Some of the calls must fail because the caller has no

   123 				 enough rights for the requested operation (for example - the attempts to open some

   124 				 of the tables in ready-only mode)

   125 @SYMTestPriority High

   126 @SYMTestActions  RDBTable::Open() called fon different tables from the test database.

   127 @SYMTestExpectedResults The test must not fail.

   128 @SYMREQ REQ2429

   129                  DBMS shall provide an API to apply security policies to database tables.

   130 */

   131 static void TblOpenL()

   132 	{

   133 	TheTest.Printf(_L("An attempt to open table A\n"));

   134 	//The test must pass, because the test app can satisfy table A, policy W.

   135 	TInt err = TheTbl.Open(TheDb, KTblNameA, RDbRowSet::EUpdatable);

   136 	TEST2(err, KErrNone);

   137 	TheTbl.Close();

   138 	//The test must pass, because the test app can satisfy table A, policy W.

   139 	err = TheTbl.Open(TheDb, KTblNameA, RDbRowSet::EInsertOnly);

   140 	TEST2(err, KErrNone);

   141 	TheTbl.Close();

   142 	//The test must fail, because the test app cannot satisfy table A, policy R.

   143 	err = TheTbl.Open(TheDb, KTblNameA, RDbRowSet::EReadOnly);

   144 	TEST2(err, KErrPermissionDenied);

   145 

   146 	TheTest.Printf(_L("An attempt to open table B\n"));

   147     if(PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement) &&

   148        PlatSec::IsCapabilityEnforced(ECapabilityWriteDeviceData))

   149         {

   150 	    //The test must fail, because the test app cannot satisfy table B, policy W.

   151 	    err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EUpdatable);

   152 	    TEST2(err, KErrPermissionDenied);

   153 	    //The test must fail, because the test app cannot satisfy table B, policy W.

   154 	    err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EInsertOnly);

   155 	    TEST2(err, KErrPermissionDenied);

   156         }

   157 	//The test must pass, because the test app can satisfy table B, policy R.

   158 	err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EReadOnly);

   159 	TEST2(err, KErrNone);

   160 	TheTbl.Close();

   161 

   162 	TheTest.Printf(_L("An attempt to open table C\n"));

   163 	//The test must pass, because the test app can satisfy table C, policy W.

   164 	err = TheTbl.Open(TheDb, KTblNameC, RDbRowSet::EUpdatable);

   165 	TEST2(err, KErrNone);

   166 	TheTbl.Close();

   167 	//The test must pass, because the test app can satisfy table C, policy W.

   168 	err = TheTbl.Open(TheDb, KTblNameC, RDbRowSet::EInsertOnly);

   169 	TEST2(err, KErrNone);

   170 	TheTbl.Close();

   171 	//The test must pass, because the test app can satisfy table C, policy R.

   172 	err = TheTbl.Open(TheDb, KTblNameC, RDbRowSet::EReadOnly);

   173 	TEST2(err, KErrNone);

   174 	TheTbl.Close();

   175 	}

   176 

   177 /**

   178 @SYMTestCaseID SYSLIB-DBMS-CT-0014

   179 @SYMTestCaseDesc R/W operations at a table level.

   180 				 This test app has "WriteUserData" (UID: WRITE) capability, which allows it to

   181 				 write data in some of the tables. Some of the calls must fail because the caller has no

   182 				 enough rights for the requested operation.

   183 @SYMTestPriority High

   184 @SYMTestActions  R/W operations at a table level.

   185 @SYMTestExpectedResults The test must not fail.

   186 @SYMREQ REQ2429

   187                  DBMS shall provide an API to apply security policies to database tables.

   188 */

   189 static void TblRWL()

   190 	{

   191 	TheTest.Printf(_L("Table A - Write\n"));

   192 	TInt err = TheTbl.Open(TheDb, KTblNameA);

   193 	TEST2(err, KErrNone);

   194 	//The test must pass, because the test app can satisfy table A, policy W.

   195 	TRAP(err, TheTbl.InsertL());

   196 	TEST2(err, KErrNone);

   197 	TheTbl.SetColL(2, 100);

   198 	TheTbl.SetColL(3, 200);

   199 	TRAP(err, TheTbl.PutL());

   200 	TEST2(err, KErrNone);

   201 	TInt cnt = TheDb.Execute(_L("UPDATE A SET DATA1 = 400 WHERE ID < 10"));

   202 	TEST(cnt > 0);

   203 

   204 	TheTest.Printf(_L("Table A - Read\n"));

   205 	//The test must fail, because the test app cannot satisfy table A, policy R.

   206 	TBool res = EFalse;

   207 	TRAP(err, res = TheTbl.FirstL());

   208 	TEST2(err, KErrPermissionDenied);

   209 	err = TheView.Prepare(TheDb, TDbQuery(_L("SELECT * FROM A")));

   210 	TEST2(err, KErrPermissionDenied);

   211 	TheView.Close();

   212 

   213 	TheTbl.Close();

   214 

   215 	TheTest.Printf(_L("Table B - Write\n"));

   216 	err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EReadOnly);

   217 	TEST2(err, KErrNone);

   218 	if(PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement) &&

   219 	   PlatSec::IsCapabilityEnforced(ECapabilityWriteDeviceData))

   220 		{

   221 		//The test must fail, because the test app cannot satisfy table B, policy W.

   222 		TRAP(err, TheTbl.InsertL());

   223 		TEST2(err, KErrPermissionDenied);

   224 		err = TheDb.Execute(_L("INSERT INTO B (DATA2) VALUES (45)"));

   225 		TEST2(err, KErrPermissionDenied);

   226 		}

   227 

   228 	TheTest.Printf(_L("Table B - Read\n"));

   229 	//The test must pass, because table B has no R policy.

   230 	TRAP(err, res = TheTbl.FirstL());

   231 	TEST2(err, KErrNone);

   232 	TEST(res);

   233 	cnt = TheTbl.CountL();

   234 	TEST(cnt > 0);

   235 	err = TheView.Prepare(TheDb, TDbQuery(_L("SELECT * FROM B")));

   236 	TEST2(err, KErrNone);

   237 	cnt = TheView.CountL();

   238 	TEST(cnt > 0);

   239 	TheView.Close();

   240 

   241 	TheTbl.Close();

   242 

   243 	TheTest.Printf(_L("Table C - Write\n"));

   244 	err = TheTbl.Open(TheDb, KTblNameC);

   245 	TEST2(err, KErrNone);

   246 	//The test must pass, because the test app can satisfy table C, policy W.

   247 	TRAP(err, TheTbl.InsertL());

   248 	TEST2(err, KErrNone);

   249 	TheTbl.SetColL(2, 100);

   250 	TheTbl.SetColL(3, 200);

   251 	TRAP(err, TheTbl.PutL());

   252 	TEST2(err, KErrNone);

   253 	cnt = TheDb.Execute(_L("UPDATE C SET DATA1 = 400 WHERE ID < 10"));

   254 	TEST(cnt > 0);

   255 

   256 	TheTest.Printf(_L("Table C - Read\n"));

   257 	//The test must pass, because table C has no R policy.

   258 	TRAP(err, res = TheTbl.FirstL());

   259 	TEST2(err, KErrNone);

   260 	TEST(res);

   261 	cnt = TheTbl.CountL();

   262 	TEST(cnt > 0);

   263 	err = TheView.Prepare(TheDb, TDbQuery(_L("SELECT * FROM C")));

   264 	TEST2(err, KErrNone);

   265 	cnt = TheView.CountL();

   266 	TEST(cnt > 0);

   267 	TheView.Close();

   268 

   269 	TheTbl.Close();

   270 	}

   271 

   272 static void DoRunL()

   273 	{

   274 	TheTest.Start(_L("An app with \"UID:WRITE\" capabilities set"));

   275 

   276 	TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-DBMS-CT-0012 Database tests "));

   277 	::DbTestL();

   278 

   279 	TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-DBMS-CT-0013 Open table tests "));

   280 	::TblOpenL();

   281 

   282 	TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-DBMS-CT-0014 Table R/W tests "));

   283 	::TblRWL();

   284 	}

   285 

   286 TInt E32Main()

   287     {

   288 	__UHEAP_MARK;

   289 	CTrapCleanup* tc = CTrapCleanup::New();

   290 	TEST(tc != NULL);

   291 

   292 	TInt err = TheDbs.Connect();

   293 	TEST2(err, KErrNone);

   294 

   295 	TRAP(err, ::DoRunL());

   296 	TEST2(err, KErrNone);

   297 

   298 	TheView.Close();

   299 	TheTbl.Close();

   300 	TheDb.Close();

   301 	TheDbs.Close();

   302 

   303 	TheTest.End();

   304 	TheTest.Close();

   305 

   306 	delete tc;

   307 

   308 	__UHEAP_MARKEND;

   309 	User::Heap().Check();

   310 	return KErrNone;

   311     }
Symaptic