trust-store

Merge lp:~thomas-voss/trust-store/do-not-prompt-or-cache-unconfined into lp:trust-store

  1. do-not-prompt-or-cache-unconfined
  2. Merge into trunk
Proposed by Thomas Voß
Status: Merged
Approved by: Alberto Aguirre
Approved revision: 59
Merged at revision: 58
Proposed branch: lp:~thomas-voss/trust-store/do-not-prompt-or-cache-unconfined
Merge into: lp:trust-store
Diff against target: 331 lines (+247/-1)
7 files modified
debian/libtrust-store1.symbols (+7/-0)
src/CMakeLists.txt (+2/-0)
src/core/trust/daemon.cpp (+5/-1)
src/core/trust/white_listing_agent.cpp (+47/-0)
src/core/trust/white_listing_agent.h (+52/-0)
tests/CMakeLists.txt (+19/-0)
tests/white_listing_agent_test.cpp (+115/-0)
To merge this branch: bzr merge lp:~thomas-voss/trust-store/do-not-prompt-or-cache-unconfined
Reviewer Review Type Date Requested Status
Jamie Strandboge Approve
Alberto Aguirre (community) Approve
PS Jenkins bot continuous-integration Approve
Pete Woods (community) Approve
Review via email: mp+238447@code.launchpad.net

Commit message

Add an agent implementation that allows for selectively whitelisting certain apps.

Description of the change

Add an agent implementation that allows for selectively whitelisting certain apps.

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:58
http://jenkins.qa.ubuntu.com/job/trust-store-ci/77/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-amd64-ci/77/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-armhf-ci/77/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-i386-ci/77/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/trust-store-ci/77/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Pete Woods (pete-woods) wrote :

Looks good at a reasonably superficial level, has tests, etc

review: Approve
lp:~thomas-voss/trust-store/do-not-prompt-or-cache-unconfined updated
59. By Thomas Voß

Add new symbols for core::trust::WhiteListingAgent.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:59
http://jenkins.qa.ubuntu.com/job/trust-store-ci/78/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-amd64-ci/78
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-armhf-ci/78
        deb: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-armhf-ci/78/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-i386-ci/78

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/trust-store-ci/78/rebuild

review: Approve (continuous-integration)
Revision history for this message
Alberto Aguirre (albaguirre) wrote :

LGTM

review: Approve
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Reviewing the code, I approve of the overall concept-- unconfined apps should not get a trust store prompt and this should achieve that for all trust-store consumers.

It is less clear from this MP how different trusted helpers will be able to precache other apps. Eg, perhaps location service wants to say that the Canonical camera app should not prompt. We wouldn't necessarily want to hardcode camera-app in the same way as unconfined, because it wouldn't show up in System Settings and the camera-app would be allowed to talk to any trust-store consumer without prompting. For precaching non-unconfined apps, would trusted helpers reimplement their own WhiteListingAgent? (Note, this is not a NAK-- Thomas mentioned that non-unconfined would be handled in another MP).

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/libtrust-store1.symbols'
2--- debian/libtrust-store1.symbols 2014-10-08 11:27:14 +0000
3+++ debian/libtrust-store1.symbols 2014-10-15 17:39:09 +0000
4@@ -1,4 +1,11 @@
5 libtrust-store.so.1 libtrust-store1 #MINVER#
6+ (c++)"core::trust::WhiteListingAgent::always_grant_for_unconfined()@Base" 0replaceme
7+ (c++)"core::trust::WhiteListingAgent::authenticate_request_with_parameters(core::trust::Agent::RequestParameters const&)@Base" 0replaceme
8+ (c++)"core::trust::WhiteListingAgent::WhiteListingAgent(std::function<bool (core::trust::Agent::RequestParameters const&)>, std::shared_ptr<core::trust::Agent> const&)@Base" 0replaceme
9+ (c++)"core::trust::WhiteListingAgent::~WhiteListingAgent()@Base" 0replaceme
10+ (c++)"typeinfo for core::trust::WhiteListingAgent@Base" 0replaceme
11+ (c++)"typeinfo name for core::trust::WhiteListingAgent@Base" 0replaceme
12+ (c++)"vtable for core::trust::WhiteListingAgent@Base" 0replaceme
13 (c++)"core::trust::i18n::default_text_domain()@Base" 1.1.0+14.10.20141008.1
14 (c++)"core::trust::i18n::service_text_domain()@Base" 1.1.0+14.10.20141008.1
15 (c++)"core::trust::i18n::set_service_text_domain(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)@Base" 1.1.0+14.10.20141008.1
16
17=== modified file 'src/CMakeLists.txt'
18--- src/CMakeLists.txt 2014-09-19 21:18:18 +0000
19+++ src/CMakeLists.txt 2014-10-15 17:39:09 +0000
20@@ -43,6 +43,8 @@
21 core/trust/app_id_formatting_trust_agent.h
22 core/trust/app_id_formatting_trust_agent.cpp
23
24+ # An agent-implementation that allows for selectively whitelisting app ids
25+ core/trust/white_listing_agent.cpp
26 # An agent-implementation using a store instance to cache user replies.
27 core/trust/cached_agent.cpp
28 core/trust/cached_agent_glog_reporter.cpp
29
30=== modified file 'src/core/trust/daemon.cpp'
31--- src/core/trust/daemon.cpp 2014-10-07 19:27:18 +0000
32+++ src/core/trust/daemon.cpp 2014-10-15 17:39:09 +0000
33@@ -23,6 +23,7 @@
34 #include <core/trust/expose.h>
35 #include <core/trust/i18n.h>
36 #include <core/trust/store.h>
37+#include <core/trust/white_listing_agent.h>
38
39 #include <core/trust/mir_agent.h>
40
41@@ -365,13 +366,16 @@
42 core::trust::CachedAgentGlogReporter::Configuration{})
43 });
44 auto formatting_agent = std::make_shared<core::trust::AppIdFormattingTrustAgent>(cached_agent);
45+ auto whitelisting_agent = std::make_shared<core::trust::WhiteListingAgent>(
46+ core::trust::WhiteListingAgent::always_grant_for_unconfined(),
47+ formatting_agent);
48 auto remote_agent = remote_agent_factory(service_name, formatting_agent, dict);
49
50 return core::trust::Daemon::Skeleton::Configuration
51 {
52 service_name,
53 bus_from_name(vm[Parameters::StoreBus::name].as<std::string>()),
54- {local_store, formatting_agent},
55+ {local_store, whitelisting_agent},
56 {remote_agent}
57 };
58 }
59
60=== added file 'src/core/trust/white_listing_agent.cpp'
61--- src/core/trust/white_listing_agent.cpp 1970-01-01 00:00:00 +0000
62+++ src/core/trust/white_listing_agent.cpp 2014-10-15 17:39:09 +0000
63@@ -0,0 +1,47 @@
64+/*
65+ * Copyright © 2014 Canonical Ltd.
66+ *
67+ * This program is free software: you can redistribute it and/or modify it
68+ * under the terms of the GNU Lesser General Public License version 3,
69+ * as published by the Free Software Foundation.
70+ *
71+ * This program is distributed in the hope that it will be useful,
72+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
73+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
74+ * GNU Lesser General Public License for more details.
75+ *
76+ * You should have received a copy of the GNU Lesser General Public License
77+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
78+ *
79+ * Authored by: Thomas Voß <thomas.voss@canonical.com>
80+ */
81+
82+#include <core/trust/white_listing_agent.h>
83+
84+core::trust::WhiteListingAgent::WhiteListingPredicate core::trust::WhiteListingAgent::always_grant_for_unconfined()
85+{
86+ return [](const core::trust::Agent::RequestParameters& params) -> bool
87+ {
88+ return params.application.id == "unconfined";
89+ };
90+}
91+
92+core::trust::WhiteListingAgent::WhiteListingAgent(
93+ core::trust::WhiteListingAgent::WhiteListingPredicate white_listing_predicate,
94+ const std::shared_ptr<core::trust::Agent>& impl)
95+ : white_listing_predicate{white_listing_predicate},
96+ impl{impl}
97+{
98+ if (not impl) throw std::runtime_error
99+ {
100+ "Missing agent implementation."
101+ };
102+}
103+
104+core::trust::Request::Answer core::trust::WhiteListingAgent::authenticate_request_with_parameters(const core::trust::Agent::RequestParameters& parameters)
105+{
106+ if (white_listing_predicate(parameters))
107+ return core::trust::Request::Answer::granted;
108+
109+ return impl->authenticate_request_with_parameters(parameters);
110+}
111
112=== added file 'src/core/trust/white_listing_agent.h'
113--- src/core/trust/white_listing_agent.h 1970-01-01 00:00:00 +0000
114+++ src/core/trust/white_listing_agent.h 2014-10-15 17:39:09 +0000
115@@ -0,0 +1,52 @@
116+/*
117+ * Copyright © 2014 Canonical Ltd.
118+ *
119+ * This program is free software: you can redistribute it and/or modify it
120+ * under the terms of the GNU Lesser General Public License version 3,
121+ * as published by the Free Software Foundation.
122+ *
123+ * This program is distributed in the hope that it will be useful,
124+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
125+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
126+ * GNU Lesser General Public License for more details.
127+ *
128+ * You should have received a copy of the GNU Lesser General Public License
129+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
130+ *
131+ * Authored by: Thomas Voß <thomas.voss@canonical.com>
132+ */
133+
134+#ifndef CORE_TRUST_WHITE_LISTING_AGENT_H_
135+#define CORE_TRUST_WHITE_LISTING_AGENT_H_
136+
137+#include <core/trust/agent.h>
138+
139+namespace core
140+{
141+namespace trust
142+{
143+// An agent implementation that allows for selectively whitelisting app ids.
144+class CORE_TRUST_DLL_PUBLIC WhiteListingAgent : public core::trust::Agent
145+{
146+public:
147+ // A functor that is evaluated for every incoming requests.
148+ // If it returns true, the request is immediately granted, otherwise passed on
149+ // to the next agent.
150+ typedef std::function<bool(const RequestParameters&)> WhiteListingPredicate;
151+
152+ // Returns a predicate that returns true iff the app id is 'unconfined'.
153+ static WhiteListingPredicate always_grant_for_unconfined();
154+
155+ WhiteListingAgent(WhiteListingPredicate white_listing_predicate, const std::shared_ptr<Agent>& impl);
156+
157+ // From core::trust::Agent
158+ Request::Answer authenticate_request_with_parameters(const RequestParameters& parameters) override;
159+
160+private:
161+ WhiteListingPredicate white_listing_predicate;
162+ std::shared_ptr<Agent> impl;
163+};
164+}
165+}
166+
167+#endif // CORE_TRUST_WHITE_LISTING_AGENT_H_
168
169=== modified file 'tests/CMakeLists.txt'
170--- tests/CMakeLists.txt 2014-08-19 14:11:30 +0000
171+++ tests/CMakeLists.txt 2014-10-15 17:39:09 +0000
172@@ -49,6 +49,11 @@
173 )
174
175 add_executable(
176+ white_listing_agent_test
177+ white_listing_agent_test.cpp
178+)
179+
180+add_executable(
181 cached_agent_test
182 cached_agent_test.cpp
183 )
184@@ -132,6 +137,19 @@
185 )
186
187 target_link_libraries(
188+ white_listing_agent_test
189+
190+ trust-store
191+
192+ gmock
193+
194+ gtest
195+ gtest_main
196+
197+ ${PROCESS_CPP_LIBRARIES}
198+)
199+
200+target_link_libraries(
201 cached_agent_test
202
203 trust-store
204@@ -190,6 +208,7 @@
205 add_test(remote_agent_test ${CMAKE_CURRENT_BINARY_DIR}/remote_agent_test)
206 add_test(app_id_formatting_trust_agent_test ${CMAKE_CURRENT_BINARY_DIR}/app_id_formatting_trust_agent_test)
207 add_test(cached_agent_test ${CMAKE_CURRENT_BINARY_DIR}/cached_agent_test)
208+add_test(white_listing_agent_test ${CMAKE_CURRENT_BINARY_DIR}/white_listing_agent_test)
209 # TODO(tvoss) Re-enable daemon tests once CI issues are resolved.
210 # add_test(daemon_test ${CMAKE_CURRENT_BINARY_DIR}/daemon_test)
211 add_test(dbus_test ${CMAKE_CURRENT_BINARY_DIR}/dbus_test)
212
213=== added file 'tests/white_listing_agent_test.cpp'
214--- tests/white_listing_agent_test.cpp 1970-01-01 00:00:00 +0000
215+++ tests/white_listing_agent_test.cpp 2014-10-15 17:39:09 +0000
216@@ -0,0 +1,115 @@
217+/*
218+ * Copyright © 2013 Canonical Ltd.
219+ *
220+ * This program is free software: you can redistribute it and/or modify it
221+ * under the terms of the GNU Lesser General Public License version 3,
222+ * as published by the Free Software Foundation.
223+ *
224+ * This program is distributed in the hope that it will be useful,
225+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
226+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
227+ * GNU Lesser General Public License for more details.
228+ *
229+ * You should have received a copy of the GNU Lesser General Public License
230+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
231+ *
232+ * Authored by: Thomas Voß <thomas.voss@canonical.com>
233+ */
234+
235+#include <core/trust/white_listing_agent.h>
236+
237+#include "mock_agent.h"
238+#include "the.h"
239+
240+#include <gmock/gmock.h>
241+
242+namespace
243+{
244+std::shared_ptr<testing::NiceMock<MockAgent>> a_mocked_agent()
245+{
246+ return std::make_shared<testing::NiceMock<MockAgent>>();
247+}
248+
249+struct MockWhiteListingPredicate
250+{
251+ core::trust::WhiteListingAgent::WhiteListingPredicate to_functional()
252+ {
253+ return [this](const core::trust::Agent::RequestParameters& params)
254+ {
255+ return is_whitelisted(params);
256+ };
257+ }
258+
259+ MOCK_METHOD1(is_whitelisted, bool(const core::trust::Agent::RequestParameters&));
260+};
261+}
262+
263+TEST(WhiteListingAgent, ctor_throws_for_null_agent)
264+{
265+ EXPECT_ANY_THROW(core::trust::WhiteListingAgent
266+ (
267+ core::trust::WhiteListingAgent::always_grant_for_unconfined(),
268+ std::shared_ptr<core::trust::Agent>()
269+ ));
270+}
271+
272+TEST(WhiteListingAgent, invokes_predicate_for_incoming_request_and_dispatches_to_impl_for_non_whitelisted)
273+{
274+ using namespace ::testing;
275+
276+ auto mock_agent = a_mocked_agent();
277+
278+ auto params = the::default_request_parameters_for_testing();
279+ params.application.id = params.application.id + std::string{"_app"} + std::string{"_1.2.3"};
280+
281+ MockWhiteListingPredicate wlp;
282+ EXPECT_CALL(wlp, is_whitelisted(params))
283+ .Times(1)
284+ .WillRepeatedly(Return(false));
285+
286+ EXPECT_CALL(*mock_agent, authenticate_request_with_parameters(params))
287+ .Times(1)
288+ .WillRepeatedly(Return(core::trust::Request::Answer::denied));
289+
290+ core::trust::WhiteListingAgent agent{wlp.to_functional(), mock_agent};
291+
292+ EXPECT_EQ(core::trust::Request::Answer::denied,
293+ agent.authenticate_request_with_parameters(params));
294+}
295+
296+TEST(WhiteListingAgent, invokes_predicate_for_incoming_request_and_returns_immediately_for_non_whitelisted)
297+{
298+ using namespace ::testing;
299+
300+ auto mock_agent = a_mocked_agent();
301+
302+ auto params = the::default_request_parameters_for_testing();
303+ params.application.id = params.application.id + std::string{"_app"} + std::string{"_1.2.3"};
304+
305+ MockWhiteListingPredicate wlp;
306+ EXPECT_CALL(wlp, is_whitelisted(params))
307+ .Times(1)
308+ .WillRepeatedly(Return(true));
309+
310+ EXPECT_CALL(*mock_agent, authenticate_request_with_parameters(params))
311+ .Times(0);
312+
313+ core::trust::WhiteListingAgent agent{wlp.to_functional(), mock_agent};
314+
315+ EXPECT_EQ(core::trust::Request::Answer::granted,
316+ agent.authenticate_request_with_parameters(params));
317+}
318+
319+TEST(WhiteListingAgent, unconfined_predicate_only_returns_true_for_unconfined)
320+{
321+ using namespace ::testing;
322+
323+ auto predicate = core::trust::WhiteListingAgent::always_grant_for_unconfined();
324+
325+ auto params = the::default_request_parameters_for_testing();
326+ params.application.id = params.application.id + std::string{"_app"} + std::string{"_1.2.3"};
327+
328+ EXPECT_FALSE(predicate(params));
329+ params.application.id = "unconfined";
330+ EXPECT_TRUE(predicate(params));
331+}

Subscribers

People subscribed via source and target branches