sl@0: // Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). sl@0: // All rights reserved. sl@0: // This component and the accompanying materials are made available sl@0: // under the terms of "Eclipse Public License v1.0" sl@0: // which accompanies this distribution, and is available sl@0: // at the URL "http://www.eclipse.org/legal/epl-v10.html". sl@0: // sl@0: // Initial Contributors: sl@0: // Nokia Corporation - initial contribution. sl@0: // sl@0: // Contributors: sl@0: // sl@0: // Description: sl@0: // DBMS security policy - testing new APIs. sl@0: // This test app has "NetworkServices" (SCHEMA) capability, which allows it to sl@0: // modify the DBMS structure but not to write any data in the tables. sl@0: // The UID policy file is 11335579.spd. sl@0: // Please, ensure that t_dbenvcreate test is executed before t_dbplatsec/t_dbplatsecperf tests! sl@0: // Please, ensure that t_dbenvdestroy test is executed after t_dbplatsec/t_dbplatsecperf tests! sl@0: // sl@0: // sl@0: sl@0: #include sl@0: #include sl@0: #include "t_dbplatsecutl.h" sl@0: sl@0: const TUid KSecureDbUid = {0x11335579}; sl@0: const TUid KProtSecureDbUid = {0x11335578}; sl@0: _LIT(KSecure, "SECURE"); sl@0: _LIT(KDbName, "C:TestDB2.dB"); sl@0: _LIT(KTblNameA, "A"); sl@0: _LIT(KTblNameB, "B"); sl@0: _LIT(KTblNameC, "C"); sl@0: sl@0: static RTest TheTest(_L("t_dbplatsec1: DBMS platform security testing - 1")); sl@0: static RDbs TheDbs; sl@0: static RDbNamedDatabase TheDb; sl@0: static RDbTable TheTbl; sl@0: static RDbView TheView; sl@0: sl@0: static void CleanupTest() sl@0: { sl@0: TheView.Close(); sl@0: TheTbl.Close(); sl@0: TheDb.Close(); sl@0: TDBSCUtils::DeleteDatabase(TheDbs, KSecureDbUid, KDbName); sl@0: TheDbs.Close(); sl@0: } sl@0: sl@0: TDBSCUtils TheDbscUtils(TheTest, &CleanupTest); sl@0: sl@0: static TColDef const KColumns[]= sl@0: { sl@0: {_S("ID"), EDbColInt32, TDbCol::ENotNull | TDbCol::EAutoIncrement}, sl@0: {_S("DATA1"), EDbColInt32, TDbCol::ENotNull}, sl@0: {_S("DATA2"), EDbColInt32, TDbCol::ENotNull}, sl@0: {0} sl@0: }; sl@0: sl@0: /** sl@0: @SYMTestCaseID SYSLIB-DBMS-CT-0008 sl@0: @SYMTestCaseDesc Database tests. Some of the calls must fail because the caller has no enough rights sl@0: for the requested operation. sl@0: @SYMTestPriority High sl@0: @SYMTestActions RDbNamedDatabase::Open()/RDbNamedDatabase::DatabaseNamesL()/RDbNamedDatabase::Create(). sl@0: @SYMTestExpectedResults The test must not fail. sl@0: @SYMREQ REQ2429 sl@0: DBMS shall provide an API to apply security policies to database tables. sl@0: */ sl@0: static void DbTestL() sl@0: { sl@0: TBuf<32> format; sl@0: sl@0: TDBSCUtils::DeleteDatabase(TheDbs, KSecureDbUid, KDbName); sl@0: TheTest.Printf(_L("Create database\n")); sl@0: //The test must pass, because the test app has "SCHEMA" capability sl@0: format.Copy(KSecure); sl@0: format.Append(KSecureDbUid.Name()); sl@0: TInt err = TheDb.Create(TheDbs, KDbName, format); sl@0: TEST2(err, KErrNone); sl@0: sl@0: //The test must pass, because "DatabaseNamesL" is a DBMS operation available for everyone. sl@0: TheTest.Printf(_L("Database list\n")); sl@0: CDbDatabaseNames* dbNames = TheDbs.DatabaseNamesL(EDriveC, KSecureDbUid); sl@0: TEST(dbNames->Count() > 0); sl@0: TBool casePreserved = EFalse; sl@0: for(TInt i=0;iCount();++i) sl@0: { sl@0: const TDesC& dbName = (*dbNames)[i]; sl@0: RDebug::Print(_L("--Database: %S\n"), &dbName); sl@0: TBuf<128> dbName2; sl@0: dbName2.Append(TChar('A' + EDriveC)); sl@0: dbName2.Append(TChar(':')); sl@0: dbName2.Append(dbName); sl@0: if(dbName2 == KDbName()) sl@0: { sl@0: casePreserved = ETrue; sl@0: } sl@0: } sl@0: //if casePreserved is non-zero that means the DBMS server does not change the database names to sl@0: //upper or lower case - that's what we want to check sl@0: TEST(casePreserved); sl@0: delete dbNames; sl@0: sl@0: TheDb.Close(); sl@0: sl@0: TheTest.Printf(_L("An attempt to create database - existing, but protected UID\n")); sl@0: //The test must fail, because the test app does not have capabilities to satisfy sl@0: //KProtSecureDbUid "SCHEMA" policy. sl@0: format.Copy(KSecure); sl@0: format.Append(KProtSecureDbUid.Name()); sl@0: err = TheDb.Create(TheDbs, KDbName, format); sl@0: TEST2(err, KErrPermissionDenied); sl@0: sl@0: //The test must pass, because the test app has "SCHEMA" capability (it must have capabilities, sl@0: //satisfying at least one of the UID's R/W/S policies) sl@0: TheTest.Printf(_L("Open database\n")); sl@0: format.Copy(KSecure); sl@0: format.Append(KSecureDbUid.Name()); sl@0: err = TheDb.Open(TheDbs, KDbName, format); sl@0: TEST2(err, KErrNone); sl@0: } sl@0: sl@0: /** sl@0: @SYMTestCaseID SYSLIB-DBMS-CT-0009 sl@0: @SYMTestCaseDesc Opening table test. The caller has a set of capabilities which satisfy database's sl@0: schema security policy only. The test checks that the capapbility checking sl@0: on the DBMS server side works properly. Some of the initiated open table sl@0: operations won't executed and the returned error will be KErrPermisssionDenied. sl@0: @SYMTestPriority High sl@0: @SYMTestActions Attempts to execute RDbTable::Open() on different tables from the test database. sl@0: @SYMTestExpectedResults The test must not fail. sl@0: @SYMREQ REQ2429 sl@0: DBMS shall provide an API to apply security policies to database tables. sl@0: */ sl@0: static void TblOpenL() sl@0: { sl@0: TheTest.Printf(_L("Create tables\n")); sl@0: //The test must pass, because the test app has "SCHEMA" capability sl@0: CDbColSet* colset = TDBSCUtils::CreateColSetLC(KColumns); sl@0: TInt err = TheDb.CreateTable(KTblNameA, *colset);//R: PowerMgmt, W: WriteUserData sl@0: TEST2(err, KErrNone); sl@0: err = TheDb.CreateTable(KTblNameB, *colset);//R: None, W: WriteUserData WriteDeviceData sl@0: TEST2(err, KErrNone); sl@0: err = TheDb.CreateTable(KTblNameC, *colset);//R: None, W: WriteUserData sl@0: TEST2(err, KErrNone); sl@0: CleanupStack::PopAndDestroy(colset); sl@0: sl@0: TheTest.Printf(_L("An attempt to open table A\n")); sl@0: //The test must fail, because the test app has no capabilities to satisfy sl@0: //R/W policies of table A sl@0: err = TheTbl.Open(TheDb, KTblNameA); sl@0: TEST2(err, KErrPermissionDenied); sl@0: err = TheTbl.Open(TheDb, KTblNameA, RDbRowSet::EUpdatable); sl@0: TEST2(err, KErrPermissionDenied); sl@0: err = TheTbl.Open(TheDb, KTblNameA, RDbRowSet::EReadOnly); sl@0: TEST2(err, KErrPermissionDenied); sl@0: err = TheTbl.Open(TheDb, KTblNameA, RDbRowSet::EInsertOnly); sl@0: TEST2(err, KErrPermissionDenied); sl@0: sl@0: TheTest.Printf(_L("An attempt to open table B\n")); sl@0: //Open table B in insert/update mode - the test must fail, because the test app has no sl@0: //capabilities to satisfy table B, policy W. sl@0: //Open table B in read-only mode - the test must pass, because table B has no R policy. sl@0: err = TheTbl.Open(TheDb, KTblNameB); sl@0: TEST2(err, KErrPermissionDenied); sl@0: err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EUpdatable); sl@0: TEST2(err, KErrPermissionDenied); sl@0: err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EInsertOnly); sl@0: TEST2(err, KErrPermissionDenied); sl@0: err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EReadOnly); sl@0: TEST2(err, KErrNone); sl@0: TheTbl.Close(); sl@0: sl@0: TheTest.Printf(_L("An attempt to open table C\n")); sl@0: //Open table C in insert/update mode - the test must fail, because the test app has no sl@0: //capabilities to satisfy table C, policy W. sl@0: //Open table C in read-only mode - the test must pass, because table C has no R policy. sl@0: err = TheTbl.Open(TheDb, KTblNameC); sl@0: TEST2(err, KErrPermissionDenied); sl@0: err = TheTbl.Open(TheDb, KTblNameC, RDbRowSet::EUpdatable); sl@0: TEST2(err, KErrPermissionDenied); sl@0: err = TheTbl.Open(TheDb, KTblNameC, RDbRowSet::EInsertOnly); sl@0: TEST2(err, KErrPermissionDenied); sl@0: err = TheTbl.Open(TheDb, KTblNameC, RDbRowSet::EReadOnly); sl@0: TEST2(err, KErrNone); sl@0: TheTbl.Close(); sl@0: } sl@0: sl@0: /** sl@0: @SYMTestCaseID SYSLIB-DBMS-CT-0010 sl@0: @SYMTestCaseDesc Table R/w operations. The caller has a set of capabilities which satisfy database's sl@0: schema security policy only. The test checks that the capapbility checking sl@0: on the DBMS server side works properly. Some of the R/W table operations won't be sl@0: executed and the returned error will be KErrPermisssionDenied. sl@0: @SYMTestPriority High sl@0: @SYMTestActions Attempts to execute RDbTable::Insert()/RDbTable::Update()/RDbTable::FirstL() sl@0: on different tables from the test database. sl@0: @SYMTestExpectedResults The test must not fail. sl@0: @SYMREQ REQ2429 sl@0: DBMS shall provide an API to apply security policies to database tables. sl@0: */ sl@0: static void TblRWL() sl@0: { sl@0: TheTest.Printf(_L("An attempt to write in table B\n")); sl@0: TInt err = TheTbl.Open(TheDb, KTblNameB, RDbRowSet::EReadOnly); sl@0: TEST2(err, KErrNone); sl@0: //"Write table B" test must fail, because the test app has no capabilities sl@0: //to satisfy table B, policy W. sl@0: TRAP(err, TheTbl.InsertL()); sl@0: TEST2(err, KErrPermissionDenied); sl@0: TRAP(err, TheTbl.UpdateL()); sl@0: TEST2(err, KErrPermissionDenied); sl@0: sl@0: TheTest.Printf(_L("An attempt to read from table B\n")); sl@0: //"Read table B" test must pass, because table B has no R policy sl@0: TBool res = TheTbl.FirstL(); sl@0: TEST(!res); sl@0: sl@0: TheTbl.Close(); sl@0: sl@0: TheTest.Printf(_L("An attempt to write in table C\n")); sl@0: //"Write table C" test must fail, because the test app has no capabilities sl@0: //to satisfy table C, policy W. sl@0: err = TheTbl.Open(TheDb, KTblNameC, RDbRowSet::EReadOnly); sl@0: TEST2(err, KErrNone); sl@0: TRAP(err, TheTbl.InsertL()); sl@0: TEST2(err, KErrPermissionDenied); sl@0: TRAP(err, TheTbl.UpdateL()); sl@0: TEST2(err, KErrPermissionDenied); sl@0: sl@0: TheTest.Printf(_L("An attempt to read from table C\n")); sl@0: //"Read table C" test must pass, because table C has no R policy sl@0: res = TheTbl.FirstL(); sl@0: TEST(!res); sl@0: sl@0: TheTbl.Close(); sl@0: } sl@0: sl@0: /** sl@0: @SYMTestCaseID SYSLIB-DBMS-CT-0011 sl@0: @SYMTestCaseDesc SQL tests. The caller has a set of capabilities which satisfy database's sl@0: schema security policy only. The test checks that the capapbility checking sl@0: on the DBMS server side works properly. Some of the SQL statements won't be sl@0: executed and the returned error will be KErrPermisssionDenied. sl@0: @SYMTestPriority High sl@0: @SYMTestActions Attempts to execute various INSERT/UPDATE/SELECT SQL statements. sl@0: @SYMTestExpectedResults The test must not fail. sl@0: @SYMREQ REQ2429 sl@0: DBMS shall provide an API to apply security policies to database tables. sl@0: */ sl@0: static void TblSqlL() sl@0: { sl@0: TheTest.Printf(_L("SELECT SQL\n")); sl@0: //The test must fail, because the test app cannot satisfy table A, policy R. sl@0: TInt err = TheView.Prepare(TheDb, TDbQuery(_L("SELECT * FROM A"))); sl@0: TEST2(err, KErrPermissionDenied); sl@0: //The test must pass, because table B has no R policy. sl@0: err = TheView.Prepare(TheDb, TDbQuery(_L("SELECT * FROM B"))); sl@0: TEST2(err, KErrNone); sl@0: TheView.Close(); sl@0: //The test must pass, because table C has no R policy. sl@0: err = TheView.Prepare(TheDb, TDbQuery(_L("SELECT * FROM C"))); sl@0: TEST2(err, KErrNone); sl@0: TheView.Close(); sl@0: sl@0: TheTest.Printf(_L("INSERT/UPDATE SQL\n")); sl@0: //The test must fail, because the test app cannot satisfy table A, policy W. sl@0: err = TheDb.Execute(_L("INSERT INTO A (DATA2) VALUES(45)")); sl@0: TEST2(err, KErrPermissionDenied); sl@0: //The test must fail, because the test app cannot satisfy table B, policy W. sl@0: err = TheDb.Execute(_L("INSERT INTO B (DATA2) VALUES(45)")); sl@0: TEST2(err, KErrPermissionDenied); sl@0: //The test must fail, because the test app cannot satisfy table C, policy W. sl@0: err = TheDb.Execute(_L("INSERT INTO C (DATA2) VALUES(45)")); sl@0: TEST2(err, KErrPermissionDenied); sl@0: sl@0: //The test must fail, because the test app cannot satisfy table A, policy W. sl@0: err = TheDb.Execute(_L("UPDATE A SET DATA2=56 WHERE ID = 0")); sl@0: TEST2(err, KErrPermissionDenied); sl@0: //The test must fail, because the test app cannot satisfy table B, policy W. sl@0: err = TheDb.Execute(_L("UPDATE B SET DATA2=56 WHERE ID = 0")); sl@0: TEST2(err, KErrPermissionDenied); sl@0: //The test must fail, because the test app cannot satisfy table C, policy W. sl@0: err = TheDb.Execute(_L("UPDATE C SET DATA2=56 WHERE ID = 0")); sl@0: TEST2(err, KErrPermissionDenied); sl@0: } sl@0: sl@0: static void DoRunL() sl@0: { sl@0: TheTest.Start(_L("An app with \"SCHEMA\" capabilities set")); sl@0: sl@0: TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-DBMS-CT-0008 Database test ")); sl@0: ::DbTestL(); sl@0: sl@0: TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-DBMS-CT-0009 Open table test ")); sl@0: ::TblOpenL(); sl@0: sl@0: TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-DBMS-CT-0010 Read/Write table test ")); sl@0: ::TblRWL(); sl@0: sl@0: TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-DBMS-CT-0011 SQL table test ")); sl@0: ::TblSqlL(); sl@0: } sl@0: sl@0: TInt E32Main() sl@0: { sl@0: __UHEAP_MARK; sl@0: CTrapCleanup* tc = CTrapCleanup::New(); sl@0: TEST(tc != NULL); sl@0: sl@0: TInt err = TheDbs.Connect(); sl@0: TEST2(err, KErrNone); sl@0: sl@0: TRAP(err, ::DoRunL()); sl@0: TEST2(err, KErrNone); sl@0: sl@0: ::CleanupTest(); sl@0: sl@0: TheTest.End(); sl@0: TheTest.Close(); sl@0: sl@0: delete tc; sl@0: sl@0: __UHEAP_MARKEND; sl@0: User::Heap().Check(); sl@0: return KErrNone; sl@0: }