From 2e6899a4923ef53e5f02e9a018aec1967e7eed82 Mon Sep 17 00:00:00 2001 From: Marek Niepieklo Date: Mon, 10 May 2021 12:09:09 +0200 Subject: [PATCH] [CP-2] I don't want to see data from Pure in Center when Pure is locked [CP-48] Re-enabled USB security [CP-49] Update test harness with usb security --- image/user/db/sms_003.sql | 13 +++-- .../ApplicationSettings.cpp | 4 +- .../service-desktop/ServiceDesktop.cpp | 17 ++++-- .../service-desktop/USBSecurityModel.cpp | 3 +- .../test_pairing_hmi_perspective.py | 1 + test/pytest/service-desktop/test_backup.py | 1 + .../service-desktop/test_battery_file.py | 1 + test/pytest/service-desktop/test_calendar.py | 1 + .../service-desktop/test_device_info.py | 3 +- test/pytest/service-desktop/test_restore.py | 1 + test/pytest/service-desktop/test_security.py | 58 +++++++++++++++++++ test/pytest/service-desktop/test_templates.py | 2 +- test/pytest/test_call_back.py | 1 + 13 files changed, 90 insertions(+), 16 deletions(-) create mode 100644 test/pytest/service-desktop/test_security.py diff --git a/image/user/db/sms_003.sql b/image/user/db/sms_003.sql index 2975b684ac3d2de36aea684c5a132de36e36f5cd..3fc518a298f229ec912d7a7e61a9390795febd23 100644 --- a/image/user/db/sms_003.sql +++ b/image/user/db/sms_003.sql @@ -1,16 +1,17 @@ -- Copyright (c) 2017-2021, Mudita Sp. z.o.o. All rights reserved. -- For licensing, see https://github.com/mudita/MuditaOS/LICENSE.md BEGIN TRANSACTION; -INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (5,1,1,1618907731,3,2,'Hi! How are you today?',8); -INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (6,1,1,1618907732,3,2,'I hope you''re feeling better now...',2); -INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (7,2,2,1547492320,3,0,'Thank you for today!' || CHAR(10) || 'You chose a fantastic place :)',8); -INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (8,2,2,1547492320,4,0,'It was great seeing you too :*',4); -INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (14,1,1,1618907733,3,2,'Thanks :) Today is better than yesterday',4); +INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (1,2,2,1547492320,3,0,'Thank you for today!' || CHAR(10) || 'You chose a fantastic place :)',8); +INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (2,2,2,1547492321,4,0,'It was great seeing you too :*',4); +INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (3,1,1,1618907731,3,2,'Hi! How are you today?',8); +INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (4,1,1,1618907732,3,2,'I hope you''re feeling better now...',8); +INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (5,1,1,1618907733,3,2,'Thanks :) Today is better than yesterday',4); +INSERT OR REPLACE INTO "sms" ("_id","thread_id","contact_id","date","date_send","error_code","body","type") VALUES (6,1,1,1618907734,3,2,'I''m happy to hear that :)',8); INSERT OR REPLACE INTO "templates" ("_id","text","lastUsageTimestamp") VALUES (1,'Thanks for reaching out. I can''t talk right now, I''ll call you later',4); INSERT OR REPLACE INTO "templates" ("_id","text","lastUsageTimestamp") VALUES (2,'I''ll call you later',3); INSERT OR REPLACE INTO "templates" ("_id","text","lastUsageTimestamp") VALUES (3,'I''ll be there in 15 minutes',2); INSERT OR REPLACE INTO "templates" ("_id","text","lastUsageTimestamp") VALUES (4,'Some test template number, which is too long to be displayed.',1); INSERT OR REPLACE INTO "templates" ("_id","text","lastUsageTimestamp") VALUES (5,'Give me 5 minutes',5); -INSERT OR REPLACE INTO "threads" ("_id","date","msg_count","read","contact_id","number_id","snippet","last_dir") VALUES (1,1574335694,3,1,1,1,'Thanks :) Today is better than yesterday',4); +INSERT OR REPLACE INTO "threads" ("_id","date","msg_count","read","contact_id","number_id","snippet","last_dir") VALUES (1,1574335694,3,1,1,1,'I''m happy to hear that :)',4); INSERT OR REPLACE INTO "threads" ("_id","date","msg_count","read","contact_id","number_id","snippet","last_dir") VALUES (2,1618910720,2,0,2,2,'It was great seeing you too :*',4); COMMIT; diff --git a/module-apps/application-settings-new/ApplicationSettings.cpp b/module-apps/application-settings-new/ApplicationSettings.cpp index c9c3178abe33aa2966c630bb30bcbabfe698dc6d..d66ea2c602e8719985437c9b425fd585c029e9b3 100644 --- a/module-apps/application-settings-new/ApplicationSettings.cpp +++ b/module-apps/application-settings-new/ApplicationSettings.cpp @@ -300,12 +300,10 @@ namespace app ::settings::Cellular::volte_on, [this](const std::string &value) { volteChanged(value); }, ::settings::SettingsScope::Global); - /* settings->registerValueChange( ::settings::SystemProperties::usbSecurity, - [this](std::string value) { usbSecured = utils::getNumericValue(value); }, + [this](const std::string &value) { usbSecured = utils::getNumericValue(value); }, ::settings::SettingsScope::Global); - */ settings->registerValueChange( ::settings::Cellular::offlineMode, [this](const std::string &value) { flightModeOn = utils::getNumericValue(value); }, diff --git a/module-services/service-desktop/ServiceDesktop.cpp b/module-services/service-desktop/ServiceDesktop.cpp index f4568b22179fb714364bccefd1fc9588d84b3583..7838bd3d21bf65ba146f10e073b5ce28936b89be 100644 --- a/module-services/service-desktop/ServiceDesktop.cpp +++ b/module-services/service-desktop/ServiceDesktop.cpp @@ -261,8 +261,18 @@ sys::ReturnCodes ServiceDesktop::InitHandler() }); connect(typeid(locks::UnlockedPhone), [&](sys::Message *msg) { - LOG_INFO("Passcode accepted. Enabling endpoints."); - usbSecurityModel->setEndpointSecurity(EndpointSecurity::Allow); + if (usbSecurityModel->isSecurityEnabled()) { + LOG_INFO("Phone unlocked. Enabling endpoints."); + usbSecurityModel->setEndpointSecurity(EndpointSecurity::Allow); + } + return sys::MessageNone{}; + }); + + connect(typeid(locks::LockedPhone), [&](sys::Message *msg) { + if (usbSecurityModel->isSecurityEnabled()) { + LOG_INFO("Phone locked. Securing endpoints."); + usbSecurityModel->setEndpointSecurity(EndpointSecurity::Block); + } return sys::MessageNone{}; }); @@ -286,8 +296,7 @@ sys::ReturnCodes ServiceDesktop::InitHandler() settings->registerValueChange( ::settings::SystemProperties::usbSecurity, [this](std::string value) { - bool securityEnabled = usbSecurityModel->isSecurityEnabled(); - usbSecurityModel->enableEndpointSecurity(securityEnabled); + bool securityEnabled = utils::getNumericValue(value); usbSecurityModel->setEndpointSecurity(securityEnabled ? EndpointSecurity::Block : EndpointSecurity::Allow); }, settings::SettingsScope::Global); diff --git a/module-services/service-desktop/USBSecurityModel.cpp b/module-services/service-desktop/USBSecurityModel.cpp index 7fbbb91d64064647bbd9275a839736da2200d04a..a57ad658a1d2a91a686ee26ea2bed1b2e96964ce 100644 --- a/module-services/service-desktop/USBSecurityModel.cpp +++ b/module-services/service-desktop/USBSecurityModel.cpp @@ -56,7 +56,8 @@ namespace sdesktop auto USBSecurityModel::isSecurityEnabled() const -> bool { - return false; + return utils::getNumericValue( + settings->getValue(settings::SystemProperties::usbSecurity, settings::SettingsScope::Global)); } void USBSecurityModel::enableEndpointSecurity(bool securityEnabled) diff --git a/test/pytest/service-bluetooth/test_pairing_hmi_perspective.py b/test/pytest/service-bluetooth/test_pairing_hmi_perspective.py index 698282c465446336db3bddcf6e550097754582e0..b1909b16a986d5965c492e29f1f092336a9c5987 100644 --- a/test/pytest/service-bluetooth/test_pairing_hmi_perspective.py +++ b/test/pytest/service-bluetooth/test_pairing_hmi_perspective.py @@ -14,6 +14,7 @@ from bt_fixtures import * @pytest.mark.usefixtures("bt_main_window") @pytest.mark.usefixtures("phone_in_desktop") @pytest.mark.usefixtures("phone_unlocked") +@pytest.mark.usefixtures("usb_unlocked") @pytest.mark.skipif("not config.getvalue('--bt_device')", reason='--bt_device was not specified') def test_bt_pairing_hmi(harness, bt_device): if not bt_device: diff --git a/test/pytest/service-desktop/test_backup.py b/test/pytest/service-desktop/test_backup.py index 1e711e4884ab335126ac69a75c4602448afe162b..72c7e8129612470cb741bf3df3de759024396874 100644 --- a/test/pytest/service-desktop/test_backup.py +++ b/test/pytest/service-desktop/test_backup.py @@ -6,6 +6,7 @@ import os from harness import log from harness.interface.defs import status + @pytest.mark.service_desktop_test @pytest.mark.rt1051 @pytest.mark.usefixtures("usb_unlocked") diff --git a/test/pytest/service-desktop/test_battery_file.py b/test/pytest/service-desktop/test_battery_file.py index 2ea576fb2605e165d3d0f99d3afdff4ffa5baf31..f48beb95b6764e913cfd05fd97639195c1fa2585 100644 --- a/test/pytest/service-desktop/test_battery_file.py +++ b/test/pytest/service-desktop/test_battery_file.py @@ -3,6 +3,7 @@ import pytest from harness.interface.defs import status + @pytest.mark.rt1051 @pytest.mark.service_desktop_test @pytest.mark.usefixtures("usb_unlocked") diff --git a/test/pytest/service-desktop/test_calendar.py b/test/pytest/service-desktop/test_calendar.py index 7c3b56a45c27e64fd1082f8f3b0c531685552675..a841c5e24b4d398ef67ce82384f0c51291c7d0d0 100644 --- a/test/pytest/service-desktop/test_calendar.py +++ b/test/pytest/service-desktop/test_calendar.py @@ -4,6 +4,7 @@ import pytest from harness.interface.defs import status import copy + @pytest.mark.rt1051 @pytest.mark.service_desktop_test @pytest.mark.usefixtures("usb_unlocked") diff --git a/test/pytest/service-desktop/test_device_info.py b/test/pytest/service-desktop/test_device_info.py index 5a0e2879fb96dd88ae5b87d7260796562f4b02c5..bafdb10d27819f1f82ceee04c7769924b06991c4 100644 --- a/test/pytest/service-desktop/test_device_info.py +++ b/test/pytest/service-desktop/test_device_info.py @@ -1,8 +1,9 @@ -# Copyright (c) 2017-2020, Mudita Sp. z.o.o. All rights reserved. +# Copyright (c) 2017-2021, Mudita Sp. z.o.o. All rights reserved. # For licensing, see https://github.com/mudita/MuditaOS/LICENSE.md import pytest from harness.interface.defs import status + @pytest.mark.service_desktop_test @pytest.mark.usefixtures("usb_unlocked") def test_device_info(harness): diff --git a/test/pytest/service-desktop/test_restore.py b/test/pytest/service-desktop/test_restore.py index a9f8db98b98fa715e67d0d299f6bff909e064c34..eb88cf73f0d3e18e0164b46322b594d5be44567c 100644 --- a/test/pytest/service-desktop/test_restore.py +++ b/test/pytest/service-desktop/test_restore.py @@ -5,6 +5,7 @@ import time from harness.interface.defs import status from harness import log + @pytest.mark.service_desktop_test @pytest.mark.rt1051 @pytest.mark.usefixtures("usb_unlocked") diff --git a/test/pytest/service-desktop/test_security.py b/test/pytest/service-desktop/test_security.py new file mode 100644 index 0000000000000000000000000000000000000000..168b2b9e2526fa3626449c485af473326363f3d5 --- /dev/null +++ b/test/pytest/service-desktop/test_security.py @@ -0,0 +1,58 @@ +# Copyright (c) 2017-2021, Mudita Sp. z.o.o. All rights reserved. +# For licensing, see https://github.com/mudita/MuditaOS/LICENSE.md + +import pytest +from harness.interface.defs import status + + +@pytest.mark.service_desktop_test +@pytest.mark.usefixtures("usb_unlocked") +def test_security_usb_unlocked(harness): + body = {} + + ret = harness.endpoint_request("deviceInfo", "get", body) + assert ret["status"] == status["OK"] + + +@pytest.mark.service_desktop_test +@pytest.mark.usefixtures("usb_locked") +def test_security_usb_locked(harness): + body = {} + + ret = harness.endpoint_request("usbSecurity", "get", body) + assert ret["status"] == status["Forbidden"] + + +@pytest.mark.service_desktop_test +@pytest.mark.usefixtures("usb_locked") +def test_all_other_endpoints_usb_locked(harness): + body = {} + endpoints_list = ["deviceInfo", + "update", + "filesystemUpload", + "backup", + "restore", + "factory", + "contacts", + "messages", + "calllog", + "events", + "bluetooth"] + for endpoint_name in endpoints_list: + print(endpoint_name) + ret = harness.endpoint_request(endpoint_name, "get", body) + assert ret["status"] == status["Forbidden"] + + ret = harness.endpoint_request(endpoint_name, "post", body) + assert ret["status"] == status["Forbidden"] + + ret = harness.endpoint_request(endpoint_name, "put", body) + assert ret["status"] == status["Forbidden"] + + ret = harness.endpoint_request(endpoint_name, "del", body) + assert ret["status"] == status["Forbidden"] + + ret = harness.endpoint_request("developerMode", "get", body) + assert ret["status"] == status["OK"] + + harness.unlock_usb() diff --git a/test/pytest/service-desktop/test_templates.py b/test/pytest/service-desktop/test_templates.py index ee35ed332f2370ac358ec010f0924e3d5ff77aab..32e1fcae97e8ec59cf23574b87ec9be236c1dac0 100644 --- a/test/pytest/service-desktop/test_templates.py +++ b/test/pytest/service-desktop/test_templates.py @@ -149,7 +149,7 @@ def test_get_template_by_id(harness): @pytest.mark.service_desktop_test @pytest.mark.usefixtures("usb_unlocked") -def test_get_templates_without_paggination(harness): +def test_get_templates_without_pagination(harness): templates_tester = TemplatesTester(harness) templates_tester.test_getting_templates_without_pagination() diff --git a/test/pytest/test_call_back.py b/test/pytest/test_call_back.py index ebd102d26ccd37df3ae30e8c678b8d3ca8b27a05..7dc3ad473cab0187ade201cc936c4db38b5f68d5 100644 --- a/test/pytest/test_call_back.py +++ b/test/pytest/test_call_back.py @@ -10,6 +10,7 @@ from module_apps.call_utils import get_calllog_count, select_call_button @pytest.mark.usefixtures("phone_ends_test_in_desktop") @pytest.mark.usefixtures("phone_in_desktop") @pytest.mark.usefixtures("phone_unlocked") +@pytest.mark.usefixtures("usb_unlocked") def test_call(harness, call_duration): count_before = get_calllog_count(harness)