#!/bin/bash # # Copyright 2011, The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. set -e prefix=$0 log_file=$prefix.log baseline_file=$prefix.baseline function cleanup_output() { rm -f $log_file rm -f $baseline_file } function log() { echo "$@" append $log_file \# "$@" append $baseline_file \# "$@" } function expect() { append $baseline_file "$@" } function append() { declare -r file=$1 shift echo "$@" >> $file } function run() { # strip out carriage returns from adb # strip out date/time from ls -l "$@" | tr --delete '\r' | sed -E 's/[0-9]{4}-[0-9]{2}-[0-9]{2} +[0-9]{1,2}:[0-9]{2} //' >> $log_file } function keystore() { declare -r user=$1 shift run adb shell su $user keystore_cli "$@" } function list_keystore_directory() { run adb shell ls -al /data/misc/keystore } function compare() { log "comparing $baseline_file and $log_file" diff $baseline_file $log_file || (log $tag FAILED && exit 1) } function test_basic() { # # reset # log "reset keystore as system user" keystore system r expect "1 No error" list_keystore_directory # # basic tests as system/root # log "root does not have permission to run test" keystore root t expect "6 Permission denied" log "but system user does" keystore system t expect "3 Uninitialized" list_keystore_directory log "password is now bar" keystore system p bar expect "1 No error" list_keystore_directory expect "-rw------- keystore keystore 84 .masterkey" log "no error implies initialized and unlocked" keystore system t expect "1 No error" log "saw with no argument" keystore system s expect "5 Protocol error" log "saw nothing" keystore system s "" expect "1 No error" log "add key baz" keystore system i baz quux expect "1 No error" log "1000 is uid of system" list_keystore_directory expect "-rw------- keystore keystore 84 .masterkey" expect "-rw------- keystore keystore 52 1000_baz" log "saw baz" keystore system s "" expect "1 No error" expect "baz" log "system does not have access to read any keys" keystore system g baz expect "6 Permission denied" log "however, root can read system user keys (as can wifi or vpn users)" keystore root g baz expect "1 No error" expect "quux" # # app user tests # # app_0 has uid 10000, as seen below log "other uses cannot see the system keys" keystore app_0 g baz expect "7 Key not found" log "app user cannot use reset, password, lock, unlock" keystore app_0 r expect "6 Permission denied" keystore app_0 p expect "6 Permission denied" keystore app_0 l expect "6 Permission denied" keystore app_0 u expect "6 Permission denied" log "install app_0 key" keystore app_0 i 0x deadbeef expect 1 No error list_keystore_directory expect "-rw------- keystore keystore 84 .masterkey" expect "-rw------- keystore keystore 52 10000_0x" expect "-rw------- keystore keystore 52 1000_baz" log "get with no argument" keystore app_0 g expect "5 Protocol error" keystore app_0 g 0x expect "1 No error" expect "deadbeef" keystore app_0 i fred barney expect "1 No error" keystore app_0 s "" expect "1 No error" expect "0x" expect "fred" log "note that saw returns the suffix of prefix matches" keystore app_0 s fr # fred expect "1 No error" expect "ed" # fred # # lock tests # log "lock the store as system" keystore system l expect "1 No error" keystore system t expect "2 Locked" log "saw works while locked" keystore app_0 s "" expect "1 No error" expect "0x" expect "fred" log "...but cannot read keys..." keystore app_0 g 0x expect "2 Locked" log "...but they can be deleted." keystore app_0 e 0x expect "1 No error" keystore app_0 d 0x expect "1 No error" keystore app_0 e 0x expect "7 Key not found" # # password # log "wrong password" keystore system u foo expect "13 Wrong password (4 tries left)" log "right password" keystore system u bar expect "1 No error" log "make the password foo" keystore system p foo expect "1 No error" # # final reset # log "reset wipes everything for all users" keystore system r expect "1 No error" list_keystore_directory keystore system t expect "3 Uninitialized" } function test_4599735() { # http://b/4599735 log "start regression test for b/4599735" keystore system r expect "1 No error" keystore system p foo expect "1 No error" keystore system i baz quux expect "1 No error" keystore root g baz expect "1 No error" expect "quux" keystore system l expect "1 No error" keystore system p foo expect "1 No error" log "after unlock, regression led to result of '8 Value corrupted'" keystore root g baz expect "1 No error" expect "quux" keystore system r expect "1 No error" log "end regression test for b/4599735" } function main() { cleanup_output log $tag START test_basic test_4599735 compare log $tag PASSED cleanup_output } main