1 #!/bin/bash 2 # 3 # Copyright 2011, The Android Open Source Project 4 # 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 # 9 # http://www.apache.org/licenses/LICENSE-2.0 10 # 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 17 set -e 18 19 prefix=$0 20 log_file=$prefix.log 21 baseline_file=$prefix.baseline 22 23 function cleanup_output() { 24 rm -f $log_file 25 rm -f $baseline_file 26 } 27 28 function log() { 29 echo "$@" 30 append $log_file \# "$@" 31 append $baseline_file \# "$@" 32 } 33 34 function expect() { 35 append $baseline_file "$@" 36 } 37 38 function append() { 39 declare -r file=$1 40 shift 41 echo "$@" >> $file 42 } 43 44 function run() { 45 # strip out carriage returns from adb 46 # strip out date/time from ls -l 47 "$@" | tr --delete '\r' | sed -E 's/[0-9]{4}-[0-9]{2}-[0-9]{2} +[0-9]{1,2}:[0-9]{2} //' >> $log_file 48 } 49 50 function keystore() { 51 declare -r user=$1 52 shift 53 run adb shell su $user keystore_cli "$@" 54 } 55 56 function list_keystore_directory() { 57 run adb shell ls -al /data/misc/keystore 58 } 59 60 function compare() { 61 log "comparing $baseline_file and $log_file" 62 diff $baseline_file $log_file || (log $tag FAILED && exit 1) 63 } 64 65 function test_basic() { 66 67 # 68 # reset 69 # 70 log "reset keystore as system user" 71 keystore system r 72 expect "1 No error" 73 list_keystore_directory 74 75 # 76 # basic tests as system/root 77 # 78 log "root does not have permission to run test" 79 keystore root t 80 expect "6 Permission denied" 81 82 log "but system user does" 83 keystore system t 84 expect "3 Uninitialized" 85 list_keystore_directory 86 87 log "password is now bar" 88 keystore system p bar 89 expect "1 No error" 90 list_keystore_directory 91 expect "-rw------- keystore keystore 84 .masterkey" 92 93 log "no error implies initialized and unlocked" 94 keystore system t 95 expect "1 No error" 96 97 log "saw with no argument" 98 keystore system s 99 expect "5 Protocol error" 100 101 log "saw nothing" 102 keystore system s "" 103 expect "1 No error" 104 105 log "add key baz" 106 keystore system i baz quux 107 expect "1 No error" 108 109 log "1000 is uid of system" 110 list_keystore_directory 111 expect "-rw------- keystore keystore 84 .masterkey" 112 expect "-rw------- keystore keystore 52 1000_baz" 113 114 log "saw baz" 115 keystore system s "" 116 expect "1 No error" 117 expect "baz" 118 119 log "get baz" 120 keystore system g baz 121 expect "1 No error" 122 expect "quux" 123 124 log "root can read system user keys (as can wifi or vpn users)" 125 keystore root g baz 126 expect "1 No error" 127 expect "quux" 128 129 # 130 # app user tests 131 # 132 133 # app_0 has uid 10000, as seen below 134 log "other uses cannot see the system keys" 135 keystore app_0 g baz 136 expect "7 Key not found" 137 138 log "app user cannot use reset, password, lock, unlock" 139 keystore app_0 r 140 expect "6 Permission denied" 141 keystore app_0 p 142 expect "6 Permission denied" 143 keystore app_0 l 144 expect "6 Permission denied" 145 keystore app_0 u 146 expect "6 Permission denied" 147 148 log "install app_0 key" 149 keystore app_0 i 0x deadbeef 150 expect 1 No error 151 list_keystore_directory 152 expect "-rw------- keystore keystore 84 .masterkey" 153 expect "-rw------- keystore keystore 52 10000_0x" 154 expect "-rw------- keystore keystore 52 1000_baz" 155 156 log "get with no argument" 157 keystore app_0 g 158 expect "5 Protocol error" 159 160 keystore app_0 g 0x 161 expect "1 No error" 162 expect "deadbeef" 163 164 keystore app_0 i fred barney 165 expect "1 No error" 166 167 keystore app_0 s "" 168 expect "1 No error" 169 expect "0x" 170 expect "fred" 171 172 log "note that saw returns the suffix of prefix matches" 173 keystore app_0 s fr # fred 174 expect "1 No error" 175 expect "ed" # fred 176 177 # 178 # lock tests 179 # 180 log "lock the store as system" 181 keystore system l 182 expect "1 No error" 183 keystore system t 184 expect "2 Locked" 185 186 log "saw works while locked" 187 keystore app_0 s "" 188 expect "1 No error" 189 expect "0x" 190 expect "fred" 191 192 log "...but cannot read keys..." 193 keystore app_0 g 0x 194 expect "2 Locked" 195 196 log "...but they can be deleted." 197 keystore app_0 e 0x 198 expect "1 No error" 199 keystore app_0 d 0x 200 expect "1 No error" 201 keystore app_0 e 0x 202 expect "7 Key not found" 203 204 # 205 # password 206 # 207 log "wrong password" 208 keystore system u foo 209 expect "13 Wrong password (4 tries left)" 210 log "right password" 211 keystore system u bar 212 expect "1 No error" 213 214 log "make the password foo" 215 keystore system p foo 216 expect "1 No error" 217 218 # 219 # final reset 220 # 221 log "reset wipes everything for all users" 222 keystore system r 223 expect "1 No error" 224 list_keystore_directory 225 226 keystore system t 227 expect "3 Uninitialized" 228 229 } 230 231 function test_4599735() { 232 # http://b/4599735 233 log "start regression test for b/4599735" 234 keystore system r 235 expect "1 No error" 236 237 keystore system p foo 238 expect "1 No error" 239 240 keystore system i baz quux 241 expect "1 No error" 242 243 keystore root g baz 244 expect "1 No error" 245 expect "quux" 246 247 keystore system l 248 expect "1 No error" 249 250 keystore system p foo 251 expect "1 No error" 252 253 log "after unlock, regression led to result of '8 Value corrupted'" 254 keystore root g baz 255 expect "1 No error" 256 expect "quux" 257 258 keystore system r 259 expect "1 No error" 260 log "end regression test for b/4599735" 261 } 262 263 function main() { 264 cleanup_output 265 log $tag START 266 test_basic 267 test_4599735 268 compare 269 log $tag PASSED 270 cleanup_output 271 } 272 273 main 274
