1 // Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
2 // All rights reserved.
3 // This component and the accompanying materials are made available
4 // under the terms of the License "Eclipse Public License v1.0"
5 // which accompanies this distribution, and is available
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".
8 // Initial Contributors:
9 // Nokia Corporation - initial contribution.
14 // e32test\secure\t_capsup.cpp
16 // Test support of platform security capabilities.
18 // TCapabilitySet, TSecurityInfo, TSecurityPolicy and various other methods.
20 // - Verify the enumeration of each of the capability names.
21 // - Test the TCapabilitySet class methods by setting and checking various
22 // capabilities. Verify results are as expected.
23 // - Test the TSecurityInfo class methods and verify results.
24 // - Test the RProcess, RThread and RMessage2 SecureId() methods along with
25 // User::CreatorSecureId(). Verify results are as expected.
26 // - Test the RProcess, RThread and RMessage2 VendorId() methods along with
27 // User::CreatorVendorId(). Verify results are as expected.
28 // - Test the RProcess, RThread and RMessage2 HasCapability() methods along
29 // with User::CreatorHasCapability(). Verify results are as expected.
30 // - Test TSecurityPolicy constructors including macros for compile-time
31 // construction. Verify results are as expected.
32 // - Test kernel APIs. Verify results are as expected.
33 // - Test setting KernelConfigFlags. Ensure that, if __PLATSEC_UNLOCKED__
34 // is not set, the PlatSec flags cannot be unset.
35 // - Test the use of platform security diagnostic strings.
36 // Platforms/Drives/Compatibility:
38 // Assumptions/Requirement/Pre-requisites:
39 // Failures and causes:
40 // Base Port information:
44 #define __INCLUDE_CAPABILITY_NAMES__
45 #define __E32TEST_EXTENSION__
48 #include <e32cmn_private.h>
52 #include <e32def_private.h>
55 TBool PlatSecEnforcement;
57 _LIT_SECURE_ID(KTestSecureId,0x101f534d);
58 _LIT_SECURE_ID(KTestSecureId2,0x101f534e);
59 _LIT_VENDOR_ID(KTestVendorId,0x01234567);
60 _LIT_VENDOR_ID(KTestVendorId2,0x01234568);
62 const TUint32 KTestCapabilities =(1<<ECapabilityTCB)
63 |(1<<ECapabilityPowerMgmt)
64 |(1<<ECapabilityReadDeviceData)
66 |(1<<ECapabilityProtServ)
67 |(1<<ECapabilityNetworkControl)
68 |(1<<ECapabilitySwEvent)
69 |(1<<ECapabilityLocalServices)
70 |(1<<ECapabilityWriteUserData)
71 |(1<<ECapabilitySurroundingsDD);
73 LOCAL_D RTest test(_L("T_CAPSUP"));
75 enum TTestProcessFunctions
80 #include "testprocess.h"
84 TInt DoTestProcess(TInt aTestNum,TInt aArg1,TInt aArg2)
92 case ETestProcessServer:
96 User::Panic(_L("T_CAPSUP"),1);
108 class RTestThread : public RThread
111 void Create(TThreadFunction aFunction,TAny* aArg=0);
114 void RTestThread::Create(TThreadFunction aFunction,TAny* aArg)
116 TInt r=RThread::Create(_L(""),aFunction,KDefaultStackSize,KDefaultStackSize,KDefaultStackSize,aArg);
125 class CTestSession : public CSession2
129 ETestProcessSecurityInfo,ETestThreadSecurityInfo,ETestMessageSecurityInfo,ETestCreatorSecurityInfo,
130 ETestProcessSecureId,ETestThreadSecureId,ETestMessageSecureId,ETestCreatorSecureId,
131 ETestProcessVendorId,ETestThreadVendorId,ETestMessageVendorId,ETestCreatorVendorId,
132 ETestProcessHasCapability1,ETestProcessHasCapability2,
133 ETestThreadHasCapability1,ETestThreadHasCapability2,
134 ETestMessageHasCapability1,ETestMessageHasCapability2,
135 ETestMessageHasCapabilityL1,ETestMessageHasCapabilityL2,
136 ETestCreatorHasCapability1,ETestCreatorHasCapability2,
137 ETestSecurityPolicyAgainstMessage,
138 ETestSecurityPolicyAgainstCreator
140 enum {EPolicyCheckPassed = 15, EPolicyCheckFailed = 16};
143 virtual void ServiceL(const RMessage2& aMessage);
147 CTestSession::CTestSession()
151 void CTestSession::ServiceL(const RMessage2& aMessage)
153 const RMessagePtr2 m(aMessage);
154 switch (aMessage.Function())
156 case CTestSession::ETestProcessSecureId:
159 TInt r=process.Open(aMessage.Int0());
162 r = process.SecureId();
171 case CTestSession::ETestThreadSecureId:
174 TInt r=thread.Open(aMessage.Int0());
177 r = thread.SecureId();
186 case CTestSession::ETestMessageSecureId:
188 TInt32 id = m.SecureId();
193 case CTestSession::ETestCreatorSecureId:
195 m.Complete(User::CreatorSecureId());
199 case CTestSession::ETestProcessVendorId:
202 TInt r=process.Open(aMessage.Int0());
205 r = process.VendorId();
214 case CTestSession::ETestThreadVendorId:
217 TInt r=thread.Open(aMessage.Int0());
220 r = thread.VendorId();
229 case CTestSession::ETestMessageVendorId:
231 TInt32 id = m.VendorId();
236 case CTestSession::ETestCreatorVendorId:
238 m.Complete(User::CreatorVendorId());
242 case CTestSession::ETestProcessSecurityInfo:
245 TInt r=process.Open(aMessage.Int0());
250 r = m.Write(1,TPtrC8((TUint8*)&info,sizeof(info)));
259 case CTestSession::ETestThreadSecurityInfo:
262 TInt r=thread.Open(aMessage.Int0());
267 r = m.Write(1,TPtrC8((TUint8*)&info,sizeof(info)));
276 case CTestSession::ETestMessageSecurityInfo:
280 TInt r = m.Write(0,TPtrC8((TUint8*)&info,sizeof(info)));
285 case CTestSession::ETestCreatorSecurityInfo:
288 info.SetToCreatorInfo();
289 TInt r = m.Write(0,TPtrC8((TUint8*)&info,sizeof(info)));
294 case CTestSession::ETestProcessHasCapability1:
297 TInt r=process.Open(aMessage.Int0());
300 r = process.HasCapability((TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestProcessHasCapability1"));
309 case CTestSession::ETestProcessHasCapability2:
312 TInt r=process.Open(aMessage.Int0());
315 r = process.HasCapability((TCapability)aMessage.Int1(),(TCapability)aMessage.Int2(),__PLATSEC_DIAGNOSTIC_STRING("ETestProcessHasCapability2"));
324 case CTestSession::ETestThreadHasCapability1:
327 TInt r=thread.Open(aMessage.Int0());
330 r = thread.HasCapability((TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestThreadHasCapability1"));
339 case CTestSession::ETestThreadHasCapability2:
342 TInt r=thread.Open(aMessage.Int0());
345 r = thread.HasCapability((TCapability)aMessage.Int1(),(TCapability)aMessage.Int2(),__PLATSEC_DIAGNOSTIC_STRING("ETestThreadHasCapability2"));
354 case CTestSession::ETestMessageHasCapability1:
356 TInt r = m.HasCapability((TCapability)aMessage.Int0(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapability1"));
361 case CTestSession::ETestMessageHasCapabilityL1:
363 TRAPD(r,m.HasCapabilityL((TCapability)aMessage.Int0(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapabilityL1")))
368 case CTestSession::ETestMessageHasCapability2:
370 TInt r = m.HasCapability((TCapability)aMessage.Int0(),(TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapability2"));
375 case CTestSession::ETestMessageHasCapabilityL2:
377 TRAPD(r,m.HasCapabilityL((TCapability)aMessage.Int0(),(TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapabilityL2")))
382 case CTestSession::ETestCreatorHasCapability1:
384 TInt r = User::CreatorHasCapability((TCapability)aMessage.Int0(),__PLATSEC_DIAGNOSTIC_STRING("ETestCreatorHasCapability1"));
389 case CTestSession::ETestCreatorHasCapability2:
391 TInt r = User::CreatorHasCapability((TCapability)aMessage.Int0(),(TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestCreatorHasCapability2"));
396 case CTestSession::ETestSecurityPolicyAgainstMessage:
398 TBuf8<sizeof(TSecurityPolicy)> buf(0);
399 TInt len = m.GetDesLength(0);
400 TInt r = KErrArgument;
401 if(len>0 && len <=buf.MaxSize())
403 r = m.Read(0, buf, 0);
406 TSecurityPolicy policy;
410 r = policy.CheckPolicy(m, __PLATSEC_DIAGNOSTIC_STRING("Testing message against policy -- sample additional diagnostic."));
412 r = EPolicyCheckPassed;
414 r = EPolicyCheckFailed;
422 case CTestSession::ETestSecurityPolicyAgainstCreator:
424 TBuf8<sizeof(TSecurityPolicy)> buf(0);
425 TInt len = m.GetDesLength(0);
426 TInt r = KErrArgument;
427 if(len>0 && len <=buf.MaxSize())
429 r = m.Read(0, buf, 0);
432 TSecurityPolicy policy;
436 r = policy.CheckPolicyCreator(__PLATSEC_DIAGNOSTIC_STRING("Testing creator against policy -- sample additional diagnostic."));
438 r = EPolicyCheckPassed;
440 r = EPolicyCheckFailed;
448 case CTestSession::EShutdown:
449 CActiveScheduler::Stop();
453 m.Complete(KErrNotSupported);
464 class CTestServer : public CServer2
467 CTestServer(TInt aPriority);
468 virtual CSession2* NewSessionL(const TVersion& aVersion,const RMessage2& aMessage) const;
471 CTestServer::CTestServer(TInt aPriority)
472 : CServer2(aPriority)
476 CSession2* CTestServer::NewSessionL(const TVersion& /*aVersion*/,const RMessage2& /*aMessage*/) const
478 return new (ELeave) CTestSession();
484 // CTestActiveScheduler
487 class CTestActiveScheduler : public CActiveScheduler
490 virtual void Error(TInt anError) const;
493 void CTestActiveScheduler::Error(TInt anError) const
495 User::Panic(_L("TestServer Error"),anError);
504 _LIT(KServerName,"T_CAPSUP-server");
505 const TInt KServerRendezvous = KRequestPending+1;
509 CTestActiveScheduler* activeScheduler = new (ELeave) CTestActiveScheduler;
510 CActiveScheduler::Install(activeScheduler);
511 CleanupStack::PushL(activeScheduler);
513 CTestServer* server = new (ELeave) CTestServer(0);
514 CleanupStack::PushL(server);
516 User::LeaveIfError(server->Start(KServerName));
518 RProcess::Rendezvous(KServerRendezvous);
520 CActiveScheduler::Start();
522 CleanupStack::PopAndDestroy(2);
527 CTrapCleanup* cleanupStack = CTrapCleanup::New();
530 TRAPD(leaveError,DoStartServer())
541 class RTestSession : public RSessionBase
544 inline TInt Connect()
545 { return CreateSession(KServerName,TVersion());}
546 inline TInt Send(TInt aFunction)
547 { return RSessionBase::SendReceive(aFunction); }
548 inline TInt Send(TInt aFunction,const TIpcArgs& aArgs)
549 { return RSessionBase::SendReceive(aFunction,aArgs); }
550 inline void Send(TInt aFunction,TRequestStatus& aStatus)
551 { RSessionBase::SendReceive(aFunction,aStatus); }
552 inline void Send(TInt aFunction,const TIpcArgs& aArgs,TRequestStatus& aStatus)
553 { RSessionBase::SendReceive(aFunction,aArgs,aStatus); }
558 RTestSession Session;
560 void CheckCapabilitySetEqual(const TCapabilitySet& a1,const TCapabilitySet& a2)
563 for(i=0; i<ECapability_Limit; i++)
564 test((!a1.HasCapability((TCapability)i))==(!a2.HasCapability((TCapability)i)));
567 void TestCapabilitySet()
571 TCapabilitySet empty;
574 test.Start(_L("Each test stage also implicity tests HasCapability()"));
576 test.Next(_L("Test SetEmpty()"));
577 memset(&empty,-1,sizeof(empty));
579 for(i=0; i<ECapability_HardLimit; i++)
580 test(!empty.HasCapability((TCapability)i));
581 // test memory cleared - assumes knowledge of internal representation
582 for(i=0; i<(TInt)sizeof(empty); ++i)
583 test(((TUint8*)&empty)[i] == 0);
585 test.Next(_L("Test SetAllSupported()"));
586 all.SetAllSupported();
587 // This code makes the assumption that there are no gaps in the TCapability enumeration
588 for(i=0; i<ECapability_Limit; i++)
589 test(all.HasCapability((TCapability)i));
590 for(; i<ECapability_HardLimit; i++)
591 test(!all.HasCapability((TCapability)i));
593 test.Next(_L("Test Set(TCapability)"));
594 for(j=-2; j<ECapability_HardLimit; j++)
600 s.Set((TCapability)j);
601 for(i=0; i<=ECapability_HardLimit; i++)
604 test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
606 test(!s.HasCapability((TCapability)i));
609 test(!s.HasCapability(ECapability_Denied));
610 test(s.HasCapability(ECapability_None));
613 test.Next(_L("Test Set(TCapability,TCapability)"));
614 for(k=-2; k<ECapability_HardLimit; k++)
616 for(j=-2; j<ECapability_HardLimit; j++)
622 s.Set((TCapability)j,(TCapability)k);
623 for(i=0; i<=ECapability_HardLimit; i++)
626 test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
628 test(!s.HasCapability((TCapability)i));
631 test(!s.HasCapability(ECapability_Denied));
632 test(s.HasCapability(ECapability_None));
636 test.Next(_L("Test TCapability(TCapability)"));
637 for(j=-2; j<ECapability_HardLimit; j++)
639 TCapabilitySet t((TCapability)j);
640 for(i=0; i<=ECapability_HardLimit; i++)
643 test(!t.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
645 test(!t.HasCapability((TCapability)i));
648 test(!s.HasCapability(ECapability_Denied));
649 test(s.HasCapability(ECapability_None));
652 test.Next(_L("Test TCapability(TCapability,TCapability)"));
653 for(k=-2; k<ECapability_HardLimit; k++)
655 for(j=-2; j<ECapability_HardLimit; j++)
657 TCapabilitySet t((TCapability)j,(TCapability)k);
658 for(i=0; i<=ECapability_HardLimit; i++)
661 test(!t.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
663 test(!t.HasCapability((TCapability)i));
666 test(!s.HasCapability(ECapability_Denied));
667 test(s.HasCapability(ECapability_None));
671 test.Next(_L("Test AddCapability(TCapability)"));
673 for(j=-2; j<ECapability_HardLimit; j++) // Add each capability in sequence
675 s.AddCapability((TCapability)j);
677 test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
678 for(; i<ECapability_HardLimit; i++)
679 test(!s.HasCapability((TCapability)i));
680 test(!s.HasCapability(ECapability_Denied));
681 test(s.HasCapability(ECapability_None));
684 for(j=ECapability_HardLimit-1; j>=-2; j--) // Add each capability in reverse sequence
686 s.AddCapability((TCapability)j);
687 for(i=ECapability_HardLimit-1; i>=j && i>=0; i--)
688 test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
690 test(!s.HasCapability((TCapability)i));
691 test(!s.HasCapability(ECapability_Denied));
692 test(s.HasCapability(ECapability_None));
695 test.Next(_L("Test RemoveCapability(TCapability)"));
697 for(j=-2; j<ECapability_HardLimit; j++) // Remove each capability in sequence
699 s.RemoveCapability((TCapability)j);
701 test(!s.HasCapability((TCapability)i));
702 for(; i<ECapability_HardLimit; i++)
703 test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
704 test(!s.HasCapability(ECapability_Denied));
705 test(s.HasCapability(ECapability_None));
708 for(j=ECapability_HardLimit-1; j>=-2; j--) // Remove each capability reverse sequence
710 s.RemoveCapability((TCapability)j);
711 for(i=ECapability_HardLimit-1; i>=j && i >=0; i--)
712 test(!s.HasCapability((TCapability)i));
714 test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
715 test(!s.HasCapability(ECapability_Denied));
716 test(s.HasCapability(ECapability_None));
719 test.Next(_L("Building test sets"));
722 for(i=0; i<ECapability_Limit; i+=2) even.AddCapability((TCapability)i);
725 for(i=1; i<ECapability_Limit; i+=2) odd.AddCapability((TCapability)i);
727 test.Next(_L("Test Union(TCapabilitySet)"));
729 CheckCapabilitySetEqual(s,empty);
731 CheckCapabilitySetEqual(s,odd);
733 CheckCapabilitySetEqual(s,odd);
735 CheckCapabilitySetEqual(s,odd);
737 CheckCapabilitySetEqual(s,all);
739 CheckCapabilitySetEqual(s,all);
741 CheckCapabilitySetEqual(s,empty);
743 CheckCapabilitySetEqual(s,even);
745 CheckCapabilitySetEqual(s,even);
747 CheckCapabilitySetEqual(s,even);
749 CheckCapabilitySetEqual(s,all);
751 CheckCapabilitySetEqual(s,all);
753 test.Next(_L("Test Intersection(TCapabilitySet)"));
755 CheckCapabilitySetEqual(s,all);
757 CheckCapabilitySetEqual(s,odd);
759 CheckCapabilitySetEqual(s,odd);
760 s.Intersection(even);
761 CheckCapabilitySetEqual(s,empty);
762 s.Intersection(even);
763 CheckCapabilitySetEqual(s,empty);
765 CheckCapabilitySetEqual(s,all);
766 s.Intersection(even);
767 CheckCapabilitySetEqual(s,even);
768 s.Intersection(even);
769 CheckCapabilitySetEqual(s,even);
771 CheckCapabilitySetEqual(s,empty);
773 CheckCapabilitySetEqual(s,empty);
775 test.Next(_L("Test Remove(TCapabilitySet)"));
777 CheckCapabilitySetEqual(s,all);
779 CheckCapabilitySetEqual(s,even);
781 CheckCapabilitySetEqual(s,even);
783 CheckCapabilitySetEqual(s,even);
785 CheckCapabilitySetEqual(s,empty);
787 CheckCapabilitySetEqual(s,empty);
789 CheckCapabilitySetEqual(s,all);
791 CheckCapabilitySetEqual(s,odd);
793 CheckCapabilitySetEqual(s,odd);
795 CheckCapabilitySetEqual(s,odd);
797 CheckCapabilitySetEqual(s,empty);
799 CheckCapabilitySetEqual(s,empty);
801 test.Next(_L("Test HasCapabilities(TCapabilitySet)"));
802 for(i=0; i<ECapability_Limit; i++)
804 if(!all.HasCapability((TCapability)i))
806 TCapabilitySet t((TCapability)i);
807 test(t.HasCapabilities(t));
808 test(all.HasCapabilities(t));
809 test(!empty.HasCapabilities(t));
812 test(odd.HasCapabilities(t));
813 test(!even.HasCapabilities(t));
817 test(!odd.HasCapabilities(t));
818 test(even.HasCapabilities(t));
820 test(!t.HasCapabilities(all));
821 test(!t.HasCapabilities(even));
822 test(!t.HasCapabilities(odd));
823 test(t.HasCapabilities(empty));
826 test(all.HasCapabilities(all));
827 test(all.HasCapabilities(even));
828 test(all.HasCapabilities(odd));
829 test(all.HasCapabilities(empty));
831 test(!even.HasCapabilities(all));
832 test(even.HasCapabilities(even));
833 test(!even.HasCapabilities(odd));
834 test(even.HasCapabilities(empty));
836 test(!odd.HasCapabilities(all));
837 test(!odd.HasCapabilities(even));
838 test(odd.HasCapabilities(odd));
839 test(odd.HasCapabilities(empty));
841 test(!empty.HasCapabilities(all));
842 test(!empty.HasCapabilities(even));
843 test(!empty.HasCapabilities(odd));
844 test(empty.HasCapabilities(empty));
849 void CheckSecurityInfo(const TSecurityInfo& a1,const TSecurityInfo& a2)
851 test(a1.iSecureId==a2.iSecureId);
852 test(a1.iVendorId==a2.iVendorId);
854 for(i=0; i<ECapability_Limit; i++)
855 test((!a1.iCaps.HasCapability((TCapability)i))==(!a2.iCaps.HasCapability((TCapability)i)));
858 void TestSecurityInfo()
862 TPckg<TSecurityInfo> infoPtr(info);
865 test.Start(_L("Test TSecurityInfo::SetToCurrentInfo"));
866 self.SetToCurrentInfo();
867 test(self.iSecureId==KTestSecureId);
868 test(self.iVendorId==KTestVendorId);
869 for(i=0; i<ECapability_Limit; i++)
870 test((TUint32)(self.iCaps.HasCapability((TCapability)i)!=0)==((KTestCapabilities>>i)&1));
872 test.Next(_L("Test TSecurityInfo::Set(RProcess)"));
873 Mem::FillZ(&info,sizeof(info));
874 TInt32 r = Session.Send(CTestSession::ETestProcessSecurityInfo,TIpcArgs(TUint(RProcess().Id()),&infoPtr));
876 CheckSecurityInfo(self,info);
878 test.Next(_L("Test TSecurityInfo::Set(RThread)"));
879 Mem::FillZ(&info,sizeof(info));
880 r = Session.Send(CTestSession::ETestThreadSecurityInfo,TIpcArgs(TUint(RThread().Id()),&infoPtr));
882 CheckSecurityInfo(self,info);
884 test.Next(_L("Test TSecurityInfo::Set(RMessagePtr2)"));
885 Mem::FillZ(&info,sizeof(info));
886 r = Session.Send(CTestSession::ETestMessageSecurityInfo,TIpcArgs(&infoPtr));
888 CheckSecurityInfo(self,info);
890 test.Next(_L("Test TSecurityInfo::SetToCreatorInfo"));
891 Mem::FillZ(&info,sizeof(info));
892 r = Session.Send(CTestSession::ETestCreatorSecurityInfo,TIpcArgs(&infoPtr));
894 CheckSecurityInfo(self,info);
901 test.Start(_L("Test RProcess::SecureId()"));
902 TInt r = Session.Send(CTestSession::ETestProcessSecureId,TIpcArgs(TUint(RProcess().Id())));
903 test((TUint32)r==KTestSecureId);
905 test.Next(_L("Test RThread::SecureId()"));
906 r = Session.Send(CTestSession::ETestThreadSecureId,TIpcArgs(TUint(RThread().Id())));
907 test((TUint32)r==KTestSecureId);
909 test.Next(_L("Test RMessage2::SecureId()"));
910 r = Session.Send(CTestSession::ETestMessageSecureId);
911 test((TUint32)r==KTestSecureId);
913 test.Next(_L("Test User::CreatorSecureId()"));
914 r = Session.Send(CTestSession::ETestCreatorSecureId);
915 test((TUint32)r==KTestSecureId);
922 test.Start(_L("Test RProcess::VendorId()"));
923 TInt r = Session.Send(CTestSession::ETestProcessVendorId,TIpcArgs(TUint(RProcess().Id())));
924 test((TUint32)r==KTestVendorId);
926 test.Next(_L("Test RThread::VendorId()"));
927 r = Session.Send(CTestSession::ETestThreadVendorId,TIpcArgs(TUint(RThread().Id())));
928 test((TUint32)r==KTestVendorId);
930 test.Next(_L("Test RMessage2::VendorId()"));
931 r = Session.Send(CTestSession::ETestMessageVendorId);
932 test((TUint32)r==KTestVendorId);
934 test.Next(_L("Test User::CreatorVendorId()"));
935 r = Session.Send(CTestSession::ETestCreatorVendorId);
936 test((TUint32)r==KTestVendorId);
941 void TestHasCapability()
943 TInt failResult=PlatSecEnforcement ? 0 : 1;
944 TInt failResultL=PlatSecEnforcement ? KErrPermissionDenied : KErrNone;
946 test.Start(_L("Test RProcess::HasCapability(TCapability)"));
947 TInt r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapabilityLocalServices));
949 r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapabilityNetworkServices));
951 r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapability_None));
953 r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapability_Denied));
956 test.Next(_L("Test RProcess::HasCapability(TCapability,TCapability)"));
957 r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityLocalServices,ECapabilityWriteUserData));
959 r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityNetworkServices,ECapabilityWriteUserData));
961 r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityLocalServices,ECapabilityReadUserData));
963 r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityNetworkServices,ECapabilityReadUserData));
965 r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapability_None,ECapabilityWriteUserData));
967 r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapability_Denied,ECapabilityWriteUserData));
970 test.Next(_L("Test RThread::HasCapability(TCapability)"));
971 r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapabilityLocalServices));
973 r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapabilityNetworkServices));
975 r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapability_None));
977 r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapability_Denied));
980 test.Next(_L("Test RThread::HasCapability(TCapability,TCapability)"));
981 r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityLocalServices,ECapabilityWriteUserData));
983 r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityNetworkServices,ECapabilityWriteUserData));
985 r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityLocalServices,ECapabilityReadUserData));
987 r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityNetworkServices,ECapabilityReadUserData));
989 r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapability_None,ECapabilityWriteUserData));
991 r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapability_Denied,ECapabilityWriteUserData));
994 test.Next(_L("Test RMessagePtr2::HasCapability(TCapability)"));
995 r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapabilityLocalServices));
997 r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapabilityNetworkServices));
999 r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapability_None));
1001 r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapability_Denied));
1002 test(r==failResult);
1004 test.Next(_L("Test RMessagePtr2::HasCapabilityL(TCapability)"));
1005 r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapabilityLocalServices));
1007 r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapabilityNetworkServices));
1008 test(r==failResultL);
1009 r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapability_None));
1011 r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapability_Denied));
1012 test(r==failResultL);
1014 test.Next(_L("Test RMessagePtr2::HasCapability(TCapability,TCapability)"));
1015 r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityWriteUserData));
1017 r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityWriteUserData));
1018 test(r==failResult);
1019 r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityReadUserData));
1020 test(r==failResult);
1021 r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityReadUserData));
1022 test(r==failResult);
1023 r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapability_None,ECapabilityWriteUserData));
1025 r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapability_Denied,ECapabilityWriteUserData));
1026 test(r==failResult);
1028 test.Next(_L("Test RMessagePtr2::HasCapabilityL(TCapability,TCapability)"));
1029 r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityLocalServices,ECapabilityWriteUserData));
1031 r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityNetworkServices,ECapabilityWriteUserData));
1032 test(r==failResultL);
1033 r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityLocalServices,ECapabilityReadUserData));
1034 test(r==failResultL);
1035 r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityNetworkServices,ECapabilityReadUserData));
1036 test(r==failResultL);
1037 r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapability_None,ECapabilityWriteUserData));
1039 r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapability_Denied,ECapabilityWriteUserData));
1040 test(r==failResultL);
1042 test.Next(_L("Test User::CreatorHasCapability(TCapability)"));
1043 r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapabilityLocalServices));
1045 r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapabilityNetworkServices));
1046 test(r==failResult);
1047 r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapability_None));
1049 r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapability_Denied));
1050 test(r==failResult);
1052 test.Next(_L("Test User::CreatorHasCapability(TCapability,TCapability)"));
1053 r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityWriteUserData));
1055 r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityWriteUserData));
1056 test(r==failResult);
1057 r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityReadUserData));
1058 test(r==failResult);
1059 r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityReadUserData));
1060 test(r==failResult);
1061 r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapability_None,ECapabilityWriteUserData));
1063 r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapability_Denied,ECapabilityWriteUserData));
1064 test(r==failResult);
1069 TBool SecurityPoliciesEqual(const TSecurityPolicy& a,const TSecurityPolicy& b)
1071 return Mem::Compare((TUint8*)&a, sizeof(TSecurityPolicy), (TUint8*)&b, sizeof(TSecurityPolicy))==0;
1074 void TestSecurityPolicy()
1076 test.Start(_L("Test TSecurityPolicy Constructors"));
1078 TBool failResult=!PlatSecEnforcement;
1080 test.Next(_L("Empty Constructor"));
1082 TSecurityPolicy empty;
1083 TPtrC8 ptr = empty.Package();
1084 TSecurityPolicy empty2;
1085 test(empty2.Set(ptr) == KErrNone);
1086 test(SecurityPoliciesEqual(empty, empty2));
1088 test(failResult!=!empty.CheckPolicy(RProcess()));
1089 test(failResult!=!empty.CheckPolicy(RThread()));
1090 test(failResult!=!empty2.CheckPolicy(RProcess()));
1091 test(failResult!=!empty2.CheckPolicy(RThread()));
1093 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1094 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1096 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1097 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1100 test.Next(_L("Always Fail Constructor"));
1102 TSecurityPolicy fail(TSecurityPolicy::EAlwaysFail);
1103 TPtrC8 ptr = fail.Package();
1104 TSecurityPolicy fail2;
1105 test(fail2.Set(ptr) == KErrNone);
1106 test(SecurityPoliciesEqual(fail, fail2));
1108 test(failResult!=!fail.CheckPolicy(RProcess()));
1109 test(failResult!=!fail.CheckPolicy(RThread()));
1110 test(failResult!=!fail2.CheckPolicy(RProcess()));
1111 test(failResult!=!fail2.CheckPolicy(RThread()));
1113 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1114 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1116 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1117 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1120 test.Next(_L("Always Pass Constructor"));
1122 TSecurityPolicy pass(TSecurityPolicy::EAlwaysPass);
1123 TPtrC8 ptr = pass.Package();
1124 TSecurityPolicy pass2;
1125 test(pass2.Set(ptr) == KErrNone);
1126 test(SecurityPoliciesEqual(pass, pass2));
1128 test(pass.CheckPolicy(RProcess()));
1129 test(pass.CheckPolicy(RThread()));
1130 test(pass2.CheckPolicy(RProcess()));
1131 test(pass2.CheckPolicy(RThread()));
1133 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1134 test(r==CTestSession::EPolicyCheckPassed);
1136 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1137 test(r==CTestSession::EPolicyCheckPassed);
1140 test.Next(_L("3 Capability Constructor"));
1142 TSecurityPolicy threeCaps(ECapabilityTCB,ECapabilityDRM,ECapabilityProtServ);
1143 //Current process has these three
1144 test(threeCaps.CheckPolicy(RProcess()));
1145 test(threeCaps.CheckPolicy(RThread()));
1146 TPtrC8 ptr = threeCaps.Package();
1147 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1148 test(r==CTestSession::EPolicyCheckPassed);
1149 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1150 test(r==CTestSession::EPolicyCheckPassed);
1154 TSecurityPolicy threeCaps(ECapabilityTCB,ECapabilityProtServ,ECapabilityCommDD);
1155 //Current process doesn't have ECapabilityCommDD
1156 test(failResult!=!(threeCaps.CheckPolicy(RProcess())));
1157 test(failResult!=!(threeCaps.CheckPolicy(RThread())));
1158 TPtrC8 ptr = threeCaps.Package();
1159 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1160 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1161 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1162 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1166 TSecurityPolicy threeCaps(ECapabilityCommDD);
1167 //Current process doesn't have ECapabilityCommDD
1168 test(failResult!=!(threeCaps.CheckPolicy(RProcess())));
1169 test(failResult!=!(threeCaps.CheckPolicy(RThread())));
1170 TPtrC8 ptr = threeCaps.Package();
1171 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1172 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1173 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1174 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1178 TSecurityPolicy threeCaps(ECapabilityTCB);
1179 //Current process has TCB + 2 * ECapability_None
1180 test(threeCaps.CheckPolicy(RProcess()));
1181 test(threeCaps.CheckPolicy(RThread()));
1183 TPtrC8 ptr = threeCaps.Package();
1184 TSecurityPolicy threeCaps2;
1185 TBuf8<sizeof(TSecurityPolicy)> invalid;
1186 for(TInt i=4; i<=7; i++)
1189 invalid[i] = 0; // Set unused capability to be invalid
1190 test(threeCaps2.Set(invalid)==KErrArgument);
1192 test(threeCaps2.Set(ptr)==KErrNone);
1193 test(SecurityPoliciesEqual(threeCaps, threeCaps2));
1195 test(threeCaps2.CheckPolicy(RProcess()));
1196 test(threeCaps2.CheckPolicy(RThread()));
1198 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1199 test(r==CTestSession::EPolicyCheckPassed);
1201 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1202 test(r==CTestSession::EPolicyCheckPassed);
1205 test.Next(_L("7 Capability Constructor"));
1207 TSecurityPolicy sevenCaps(ECapabilityTCB,ECapabilityWriteUserData,ECapabilitySwEvent,ECapabilityProtServ,ECapabilityNetworkControl,ECapabilityDRM,ECapabilityReadDeviceData);
1208 //Current process has all 7 of these.
1209 test(sevenCaps.CheckPolicy(RProcess()));
1210 test(sevenCaps.CheckPolicy(RThread()));
1211 TPtrC8 ptr = sevenCaps.Package();
1212 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1213 test(r==CTestSession::EPolicyCheckPassed);
1214 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1215 test(r==CTestSession::EPolicyCheckPassed);
1219 TSecurityPolicy sevenCaps(ECapabilityTCB,ECapabilityWriteUserData,ECapabilityMultimediaDD,ECapabilityProtServ,ECapabilityNetworkControl,ECapabilityDRM,ECapabilityReadDeviceData);
1220 //Current process doesn't have MultimediaDD
1221 test(failResult!=!(sevenCaps.CheckPolicy(RProcess())));
1222 test(failResult!=!(sevenCaps.CheckPolicy(RThread())));
1223 TPtrC8 ptr = sevenCaps.Package();
1224 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1225 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1226 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1227 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1231 TSecurityPolicy sevenCaps(ECapabilityTCB,ECapabilityWriteUserData,ECapabilityMultimediaDD,ECapabilityProtServ,ECapabilityTrustedUI,ECapabilityDRM,ECapabilityReadDeviceData);
1232 //Current process doesn't have MultiMediaDD or TrustedUI
1233 test(failResult!=!(sevenCaps.CheckPolicy(RProcess())));
1234 test(failResult!=!(sevenCaps.CheckPolicy(RThread())));
1236 TPtrC8 ptr = sevenCaps.Package();
1237 TSecurityPolicy sevenCaps2;
1238 test(sevenCaps2.Set(ptr)==KErrNone);
1239 test(SecurityPoliciesEqual(sevenCaps,sevenCaps2));
1240 test(failResult!=!(sevenCaps2.CheckPolicy(RProcess())));
1241 test(failResult!=!(sevenCaps2.CheckPolicy(RThread())));
1242 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1243 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);;
1244 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1245 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);;
1248 test.Next(_L("SID + 3 constructor"));
1250 TSecurityPolicy sid(KTestSecureId, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
1251 //Current process has all three + sid
1252 test(sid.CheckPolicy(RProcess()));
1253 test(sid.CheckPolicy(RThread()));
1255 TPtrC8 ptr = sid.Package();
1256 TSecurityPolicy sid2;
1257 test(sid2.Set(ptr)==KErrNone);
1258 test(SecurityPoliciesEqual(sid,sid2));
1259 test(sid2.CheckPolicy(RProcess()));
1260 test(sid2.CheckPolicy(RThread()));
1262 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1263 test(r==CTestSession::EPolicyCheckPassed);
1264 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1265 test(r==CTestSession::EPolicyCheckPassed);
1269 TSecurityPolicy sid(KTestSecureId2, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
1270 //Current process has all three caps but not sid
1271 test(failResult!=!(sid.CheckPolicy(RProcess())));
1272 test(failResult!=!(sid.CheckPolicy(RThread())));
1273 TPtrC8 ptr = sid.Package();
1274 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1275 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1276 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1277 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1281 TSecurityPolicy sid(KTestSecureId, ECapabilityProtServ, ECapabilityWriteDeviceData);
1282 //Current process has sid but missing ECapabilityWriteDeviceData
1283 test(failResult!=!(sid.CheckPolicy(RProcess())));
1284 test(failResult!=!(sid.CheckPolicy(RThread())));
1285 TPtrC8 ptr = sid.Package();
1286 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1287 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1288 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1289 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1293 TSecurityPolicy sid(KTestSecureId2, ECapabilityProtServ, ECapabilityWriteDeviceData);
1294 //Current process is missing sid and ECapabilityWriteDeviceData
1295 test(failResult!=!(sid.CheckPolicy(RProcess())));
1296 test(failResult!=!(sid.CheckPolicy(RThread())));
1297 TPtrC8 ptr = sid.Package();
1298 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1299 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1300 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1301 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1304 test.Next(_L("VID + 3 constructor"));
1306 TSecurityPolicy vid(KTestVendorId, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
1307 //Current process has all three + vid
1308 test(vid.CheckPolicy(RProcess()));
1309 test(vid.CheckPolicy(RThread()));
1311 TPtrC8 ptr = vid.Package();
1312 TSecurityPolicy vid2;
1313 test(vid2.Set(ptr)==KErrNone);
1314 test(SecurityPoliciesEqual(vid,vid2));
1315 test(vid2.CheckPolicy(RProcess()));
1316 test(vid2.CheckPolicy(RThread()));
1317 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1318 test(r==CTestSession::EPolicyCheckPassed);
1322 TSecurityPolicy vid(KTestVendorId2, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
1323 //Current process has all three caps but not vid
1324 test(failResult!=!(vid.CheckPolicy(RProcess())));
1325 test(failResult!=!(vid.CheckPolicy(RThread())));
1326 TPtrC8 ptr = vid.Package();
1327 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1328 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1329 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1330 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1334 TSecurityPolicy vid(KTestVendorId, ECapabilityProtServ, ECapabilityWriteDeviceData);
1335 //Current process has vid but missing ECapabilityWriteDeviceData
1336 test(failResult!=!(vid.CheckPolicy(RProcess())));
1337 test(failResult!=!(vid.CheckPolicy(RThread())));
1338 TPtrC8 ptr = vid.Package();
1339 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1340 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1341 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1342 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1346 TSecurityPolicy vid(KTestVendorId2, ECapabilityProtServ, ECapabilityWriteDeviceData);
1347 //Current process is missing vid and ECapabilityWriteDeviceData
1348 test(failResult!=!(vid.CheckPolicy(RProcess())));
1349 test(failResult!=!(vid.CheckPolicy(RThread())));
1350 TPtrC8 ptr = vid.Package();
1351 TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
1352 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1353 r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
1354 test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
1357 test.Next(_L("Macros for compile-time construction"));
1359 static _LIT_SECURITY_POLICY_C7(pc7,1,2,3,4,5,6,7);
1360 static _LIT_SECURITY_POLICY_C6(pc6,1,2,3,4,5,6);
1361 static _LIT_SECURITY_POLICY_C5(pc5,1,2,3,4,5);
1362 static _LIT_SECURITY_POLICY_C4(pc4,1,2,3,4);
1363 static _LIT_SECURITY_POLICY_C3(pc3,1,2,3);
1364 static _LIT_SECURITY_POLICY_C2(pc2,1,2);
1365 static _LIT_SECURITY_POLICY_C1(pc1,1);
1366 test(SecurityPoliciesEqual(pc7,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6,(TCapability)7)));
1367 test(SecurityPoliciesEqual(pc6,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6)));
1368 test(SecurityPoliciesEqual(pc5,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5)));
1369 test(SecurityPoliciesEqual(pc4,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4)));
1370 test(SecurityPoliciesEqual(pc3,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3)));
1371 test(SecurityPoliciesEqual(pc2,TSecurityPolicy((TCapability)1,(TCapability)2)));
1372 test(SecurityPoliciesEqual(pc1,TSecurityPolicy((TCapability)1)));
1374 static _LIT_SECURITY_POLICY_S3(ps3,0x12345678,1,2,3);
1375 static _LIT_SECURITY_POLICY_S2(ps2,0x12345678,1,2);
1376 static _LIT_SECURITY_POLICY_S1(ps1,0x12345678,1);
1377 static _LIT_SECURITY_POLICY_S0(ps0,0x12345678);
1378 test(SecurityPoliciesEqual(ps3,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
1379 test(SecurityPoliciesEqual(ps2,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2)));
1380 test(SecurityPoliciesEqual(ps1,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1)));
1381 test(SecurityPoliciesEqual(ps0,TSecurityPolicy(TSecureId(0x12345678))));
1383 static _LIT_SECURITY_POLICY_V3(pv3,0x12345678,1,2,3);
1384 static _LIT_SECURITY_POLICY_V2(pv2,0x12345678,1,2);
1385 static _LIT_SECURITY_POLICY_V1(pv1,0x12345678,1);
1386 static _LIT_SECURITY_POLICY_V0(pv0,0x12345678);
1387 test(SecurityPoliciesEqual(pv3,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
1388 test(SecurityPoliciesEqual(pv2,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2)));
1389 test(SecurityPoliciesEqual(pv1,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1)));
1390 test(SecurityPoliciesEqual(pv0,TSecurityPolicy(TVendorId(0x12345678))));
1392 static _LIT_SECURITY_POLICY_FAIL(fail);
1393 static _LIT_SECURITY_POLICY_PASS(pass);
1394 test(SecurityPoliciesEqual(fail,TSecurityPolicy(TSecurityPolicy::EAlwaysFail)));
1395 test(SecurityPoliciesEqual(pass,TSecurityPolicy(TSecurityPolicy::EAlwaysPass)));
1398 test.Next(_L("Macros for compile-time initialisation"));
1400 const TStaticSecurityPolicy pc7 = _INIT_SECURITY_POLICY_C7(1,2,3,4,5,6,7);
1401 const TStaticSecurityPolicy pc6 = _INIT_SECURITY_POLICY_C6(1,2,3,4,5,6);
1402 const TStaticSecurityPolicy pc5 = _INIT_SECURITY_POLICY_C5(1,2,3,4,5);
1403 const TStaticSecurityPolicy pc4 = _INIT_SECURITY_POLICY_C4(1,2,3,4);
1404 const TStaticSecurityPolicy pc3 = _INIT_SECURITY_POLICY_C3(1,2,3);
1405 const TStaticSecurityPolicy pc2 = _INIT_SECURITY_POLICY_C2(1,2);
1406 const TStaticSecurityPolicy pc1 = _INIT_SECURITY_POLICY_C1(1);
1407 test(SecurityPoliciesEqual(pc7,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6,(TCapability)7)));
1408 test(SecurityPoliciesEqual(pc6,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6)));
1409 test(SecurityPoliciesEqual(pc5,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5)));
1410 test(SecurityPoliciesEqual(pc4,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4)));
1411 test(SecurityPoliciesEqual(pc3,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3)));
1412 test(SecurityPoliciesEqual(pc2,TSecurityPolicy((TCapability)1,(TCapability)2)));
1413 test(SecurityPoliciesEqual(pc1,TSecurityPolicy((TCapability)1)));
1415 const TStaticSecurityPolicy ps3 = _INIT_SECURITY_POLICY_S3(0x12345678,1,2,3);
1416 const TStaticSecurityPolicy ps2 = _INIT_SECURITY_POLICY_S2(0x12345678,1,2);
1417 const TStaticSecurityPolicy ps1 = _INIT_SECURITY_POLICY_S1(0x12345678,1);
1418 const TStaticSecurityPolicy ps0 = _INIT_SECURITY_POLICY_S0(0x12345678);
1419 test(SecurityPoliciesEqual(ps3,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
1420 test(SecurityPoliciesEqual(ps2,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2)));
1421 test(SecurityPoliciesEqual(ps1,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1)));
1422 test(SecurityPoliciesEqual(ps0,TSecurityPolicy(TSecureId(0x12345678))));
1424 const TStaticSecurityPolicy pv3 = _INIT_SECURITY_POLICY_V3(0x12345678,1,2,3);
1425 const TStaticSecurityPolicy pv2 = _INIT_SECURITY_POLICY_V2(0x12345678,1,2);
1426 const TStaticSecurityPolicy pv1 = _INIT_SECURITY_POLICY_V1(0x12345678,1);
1427 const TStaticSecurityPolicy pv0 = _INIT_SECURITY_POLICY_V0(0x12345678);
1428 test(SecurityPoliciesEqual(pv3,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
1429 test(SecurityPoliciesEqual(pv2,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2)));
1430 test(SecurityPoliciesEqual(pv1,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1)));
1431 test(SecurityPoliciesEqual(pv0,TSecurityPolicy(TVendorId(0x12345678))));
1433 const TStaticSecurityPolicy fail = _INIT_SECURITY_POLICY_FAIL;
1434 const TStaticSecurityPolicy pass = _INIT_SECURITY_POLICY_PASS;
1435 test(SecurityPoliciesEqual(fail,TSecurityPolicy(TSecurityPolicy::EAlwaysFail)));
1436 test(SecurityPoliciesEqual(pass,TSecurityPolicy(TSecurityPolicy::EAlwaysPass)));
1443 #define CHECK_NAME(name) \
1444 test(0==TPtrC8((TUint8*)#name).Compare(TPtrC8((TUint8*)CapabilityNames[ECapability##name])));
1446 void TestCapabilityNames()
1450 CHECK_NAME(PowerMgmt);
1451 CHECK_NAME(MultimediaDD);
1452 CHECK_NAME(ReadDeviceData);
1453 CHECK_NAME(WriteDeviceData);
1455 CHECK_NAME(TrustedUI);
1456 CHECK_NAME(ProtServ);
1457 CHECK_NAME(DiskAdmin);
1458 CHECK_NAME(NetworkControl);
1459 CHECK_NAME(AllFiles);
1460 CHECK_NAME(SwEvent);
1461 CHECK_NAME(NetworkServices);
1462 CHECK_NAME(LocalServices);
1463 CHECK_NAME(ReadUserData);
1464 CHECK_NAME(WriteUserData);
1465 CHECK_NAME(Location);
1466 CHECK_NAME(SurroundingsDD);
1467 CHECK_NAME(UserEnvironment);
1471 void TestKernelAPIs()
1474 TInt r=User::LoadLogicalDevice(_L("D_SLDD.LDD"));
1475 test(r==KErrNone || r==KErrAlreadyExists);
1480 memclr(&ids,sizeof(ids));
1482 test.Printf(_L("Thread VID,SID = %08x,%08x\n\r"),ids.iThreadVID.iId,ids.iThreadSID.iId);
1483 test.Printf(_L("Process VID,SID = %08x,%08x\n\r"),ids.iProcessVID.iId,ids.iProcessSID.iId);
1484 test(ids.iThreadVID==KTestVendorId);
1485 test(ids.iThreadSID==KTestSecureId);
1486 test(ids.iProcessVID==KTestVendorId);
1487 test(ids.iProcessSID==KTestSecureId);
1489 // Test kernel-mode TSecurityInfo-getting APIs
1490 TSecurityInfo infoProcess, infoThread;
1491 ldd.GetSecureInfos(&infoThread, &infoProcess);
1492 // Check the vendor & secure IDs are what's expected
1493 test(infoThread.iVendorId==KTestVendorId);
1494 test(infoThread.iSecureId==KTestSecureId);
1495 test(infoProcess.iVendorId==KTestVendorId);
1496 test(infoProcess.iSecureId==KTestSecureId);
1497 // Check process caps == thread caps
1498 TUint32* capsT = (TUint32*)&infoThread.iCaps;
1499 TUint32* capsP = (TUint32*)&infoProcess.iCaps;
1500 test(capsT[0]==capsP[0]);
1501 test(capsT[1]==capsP[1]);
1502 // Check the caps match what the user API gives
1503 RProcess this_process;
1504 for (TInt i=0 ; i<64 ; i++) {
1505 TCapability cap = (TCapability)i;
1506 test(infoProcess.iCaps.HasCapability(cap) == this_process.HasCapability(cap));
1514 void TestPlatSecUnlocked()
1517 TInt r = User::LoadLogicalDevice(_L("D_SLDD.LDD"));
1518 test(r == KErrNone || r == KErrAlreadyExists);
1519 r = ldd.OpenLocal();
1522 TUint32 flags0, flags;
1525 flags0 = ldd.GetKernelConfigFlags();
1527 const TUint32 bits = (TUint32)(EKernelConfigTest | EKernelConfigPlatSecEnforcement);
1529 // Different test cases depending on whether __PLATSEC_UNLOCKED__ defined.
1530 // Ask the kernel whether EKernelConfigPlatSecLocked is set, and hope that
1531 // it's not lying to us!
1533 // Best thing to do is to check the log and verify the printf() output.
1536 if (PlatSec::ConfigSetting(PlatSec::EPlatSecLocked))
1539 * Tests for __PLATSEC_UNLOCKED__ not defined
1541 * The device driver is built with __PLATSEC_FORCED_FLAGS__ set to 0, so we can't use
1542 * its GetKernelConfigFlags() interface (the accessor functions are inlines) when we're
1543 * testing for PlatSec locked. Instead, use PlatSec::ConfigSetting(), which makes an
1544 * exec call to get iKernelConfigFlags.
1546 test.Printf(_L("__PLATSEC_UNLOCKED_ does NOT appear to have been used\n"));
1548 /* Check that PlatSecEnforcement is set */
1549 enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
1550 test(enforced != 0);
1552 /* Check that the device driver is able to set our test bit */
1553 ldd.SetKernelConfigFlags(flags0 | EKernelConfigTest);
1555 flags = ldd.GetKernelConfigFlags();
1556 test((flags & EKernelConfigTest) == EKernelConfigTest);
1558 /* Check that the device driver is able to clear our test bit, but not able to clear enforcement bit */
1559 ldd.SetKernelConfigFlags(flags0 & ~bits);
1561 enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
1562 test(enforced != 0);
1567 * Tests for __PLATSEC_UNLOCKED__ defined
1569 test.Printf(_L("__PLATSEC_UNLOCKED_ DOES appear to have been used\n"));
1571 /* Check that the device driver is able to set our test bit and PlatSecEnforcement */
1572 ldd.SetKernelConfigFlags(flags0 | bits);
1574 flags = ldd.GetKernelConfigFlags();
1575 test((flags & bits) == bits);
1577 /* And verify that the kernel sees the same result */
1578 enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
1579 test(enforced != 0); // (yes, "!= 0" is redundant)
1581 /* Check that the device driver is able to clear our test bit and PlatSecEnforcement */
1582 ldd.SetKernelConfigFlags(flags0 & ~bits);
1584 flags = ldd.GetKernelConfigFlags();
1585 test((flags & bits) == 0);
1587 /* Verify that the kernel sees the same result */
1588 enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
1589 test(enforced == 0);
1592 /* Restore original flags value */
1593 ldd.SetKernelConfigFlags(flags0);
1595 // Now test handling of iDisabledCapabilities
1597 const TUint32 test_value = 0x31415926; // Just some random number
1599 TCapabilitySet disabled0, disabled;
1600 disabled0.SetDisabled();
1602 SCapabilitySet *caps0 = (SCapabilitySet *)&disabled0;
1603 SCapabilitySet *caps = (SCapabilitySet *)&disabled;
1605 if (PlatSec::ConfigSetting(PlatSec::EPlatSecLocked))
1608 * Tests for __PLATSEC_UNLOCKED__ not defined
1611 /* Check that the capability set is 0 */
1614 for (i = 0; i < SCapabilitySet::ENCapW; i++)
1616 test_Equal(0, caps0->iCaps[i]);
1619 /* Check that the device driver is not able to set word 0 of disabled capabilities */
1620 ldd.SetDisabledCapabilities0(test_value);
1623 * It's okay to use SetDisabled() here, since this makes an exec call to get the
1624 * set of disabled capabilities.
1626 disabled.SetDisabled();
1627 test_Equal(0, caps->iCaps[0]);
1632 * Tests for __PLATSEC_UNLOCKED__ defined
1635 /* Check that the device driver is able to set word 0 of disabled capabilities */
1636 ldd.SetDisabledCapabilities0(test_value);
1638 disabled.SetDisabled();
1639 test_Equal(test_value, caps->iCaps[0]);
1642 /* Restore original value */
1643 ldd.SetDisabledCapabilities0(caps0->iCaps[0]);
1650 GLDEF_C TInt E32Main()
1652 PlatSecEnforcement = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
1655 User::CommandLine(cmd);
1656 if(cmd.Length() && TChar(cmd[0]).IsDigit())
1668 return DoTestProcess(function,arg1,arg2);
1673 if(PlatSecEnforcement)
1674 test.Printf(_L("PlatSecConfig appears to be ON\n"));
1676 test.Printf(_L("PlatSecConfig appears to be OFF\n"));
1678 test.Start(_L("Starting test server"));
1679 RTestProcess server;
1680 TRequestStatus rendezvous;
1681 server.Create(~KTestCapabilities,ETestProcessServer,0,0);
1682 server.Rendezvous(rendezvous);
1684 User::WaitForRequest(rendezvous);
1685 test(rendezvous==KServerRendezvous);
1687 test.Next(_L("Openning server session"));
1688 TInt r = Session.Connect();
1689 RDebug::Print(_L("%d"),r);
1692 test.Next(_L("Test Capability Names"));
1693 TestCapabilityNames();
1695 test.Next(_L("Test TCapabilitySet"));
1696 TestCapabilitySet();
1698 test.Next(_L("Test TSecurityInfo"));
1701 test.Next(_L("Test SecureId functions"));
1704 test.Next(_L("Test VendorId functions"));
1707 test.Next(_L("Test HasCapability functions"));
1708 TestHasCapability();
1710 test.Next(_L("Test TSecurityPolicy"));
1711 TestSecurityPolicy();
1713 test.Next(_L("Test Kernel APIs"));
1716 test.Next(_L("Test __PLATSEC_UNLOCKED__"));
1717 TestPlatSecUnlocked();
1719 test.Next(_L("Test diagnostic message suppression"));
1720 RThread().HasCapability(ECapabilityReadUserData,0);
1721 test.Printf(_L("There should be a diagnostic message just before this\n"));
1722 RThread().HasCapability(ECapabilityReadUserData,__PLATSEC_DIAGNOSTIC_STRING("You should see this"));
1723 test.Printf(_L("There should be a diagnostic message just before this\n"));
1724 RThread().HasCapability(ECapabilityReadUserData,KSuppressPlatSecDiagnostic);
1725 test.Printf(_L("There should NOT be a diagnostic message just before this\n"));
1727 test.Next(_L("Closing server session"));
1728 Session.Send(CTestSession::EShutdown);