trust-store

Merge lp:~thomas-voss/trust-store/do-not-prompt-or-cache-unconfined into lp:trust-store

  1. do-not-prompt-or-cache-unconfined
  2. Merge into trunk
Proposed by Thomas Voß
Status: Merged
Approved by: Alberto Aguirre
Approved revision: 59
Merged at revision: 58
Proposed branch: lp:~thomas-voss/trust-store/do-not-prompt-or-cache-unconfined
Merge into: lp:trust-store
Diff against target: 331 lines (+247/-1)
7 files modified
debian/libtrust-store1.symbols (+7/-0)
src/CMakeLists.txt (+2/-0)
src/core/trust/daemon.cpp (+5/-1)
src/core/trust/white_listing_agent.cpp (+47/-0)
src/core/trust/white_listing_agent.h (+52/-0)
tests/CMakeLists.txt (+19/-0)
tests/white_listing_agent_test.cpp (+115/-0)
To merge this branch: bzr merge lp:~thomas-voss/trust-store/do-not-prompt-or-cache-unconfined
Reviewer Review Type Date Requested Status
Jamie Strandboge Approve
Alberto Aguirre (community) Approve
PS Jenkins bot continuous-integration Approve
Pete Woods (community) Approve
Review via email: mp+238447@code.launchpad.net

Commit message

Add an agent implementation that allows for selectively whitelisting certain apps.

Description of the change

Add an agent implementation that allows for selectively whitelisting certain apps.

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:58
http://jenkins.qa.ubuntu.com/job/trust-store-ci/77/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-amd64-ci/77/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-armhf-ci/77/console
    FAILURE: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-i386-ci/77/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/trust-store-ci/77/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Pete Woods (pete-woods) wrote :

Looks good at a reasonably superficial level, has tests, etc

review: Approve
lp:~thomas-voss/trust-store/do-not-prompt-or-cache-unconfined updated
59. By Thomas Voß

Add new symbols for core::trust::WhiteListingAgent.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:59
http://jenkins.qa.ubuntu.com/job/trust-store-ci/78/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-amd64-ci/78
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-armhf-ci/78
        deb: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-armhf-ci/78/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-utopic-i386-ci/78

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/trust-store-ci/78/rebuild

review: Approve (continuous-integration)
Revision history for this message
Alberto Aguirre (albaguirre) wrote :

LGTM

review: Approve
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Reviewing the code, I approve of the overall concept-- unconfined apps should not get a trust store prompt and this should achieve that for all trust-store consumers.

It is less clear from this MP how different trusted helpers will be able to precache other apps. Eg, perhaps location service wants to say that the Canonical camera app should not prompt. We wouldn't necessarily want to hardcode camera-app in the same way as unconfined, because it wouldn't show up in System Settings and the camera-app would be allowed to talk to any trust-store consumer without prompting. For precaching non-unconfined apps, would trusted helpers reimplement their own WhiteListingAgent? (Note, this is not a NAK-- Thomas mentioned that non-unconfined would be handled in another MP).

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/libtrust-store1.symbols'
--- debian/libtrust-store1.symbols 2014-10-08 11:27:14 +0000
+++ debian/libtrust-store1.symbols 2014-10-15 17:39:09 +0000
@@ -1,4 +1,11 @@
1libtrust-store.so.1 libtrust-store1 #MINVER#1libtrust-store.so.1 libtrust-store1 #MINVER#
2 (c++)"core::trust::WhiteListingAgent::always_grant_for_unconfined()@Base" 0replaceme
3 (c++)"core::trust::WhiteListingAgent::authenticate_request_with_parameters(core::trust::Agent::RequestParameters const&)@Base" 0replaceme
4 (c++)"core::trust::WhiteListingAgent::WhiteListingAgent(std::function<bool (core::trust::Agent::RequestParameters const&)>, std::shared_ptr<core::trust::Agent> const&)@Base" 0replaceme
5 (c++)"core::trust::WhiteListingAgent::~WhiteListingAgent()@Base" 0replaceme
6 (c++)"typeinfo for core::trust::WhiteListingAgent@Base" 0replaceme
7 (c++)"typeinfo name for core::trust::WhiteListingAgent@Base" 0replaceme
8 (c++)"vtable for core::trust::WhiteListingAgent@Base" 0replaceme
2 (c++)"core::trust::i18n::default_text_domain()@Base" 1.1.0+14.10.20141008.19 (c++)"core::trust::i18n::default_text_domain()@Base" 1.1.0+14.10.20141008.1
3 (c++)"core::trust::i18n::service_text_domain()@Base" 1.1.0+14.10.20141008.110 (c++)"core::trust::i18n::service_text_domain()@Base" 1.1.0+14.10.20141008.1
4 (c++)"core::trust::i18n::set_service_text_domain(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)@Base" 1.1.0+14.10.20141008.111 (c++)"core::trust::i18n::set_service_text_domain(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)@Base" 1.1.0+14.10.20141008.1
512
=== modified file 'src/CMakeLists.txt'
--- src/CMakeLists.txt 2014-09-19 21:18:18 +0000
+++ src/CMakeLists.txt 2014-10-15 17:39:09 +0000
@@ -43,6 +43,8 @@
43 core/trust/app_id_formatting_trust_agent.h43 core/trust/app_id_formatting_trust_agent.h
44 core/trust/app_id_formatting_trust_agent.cpp44 core/trust/app_id_formatting_trust_agent.cpp
4545
46 # An agent-implementation that allows for selectively whitelisting app ids
47 core/trust/white_listing_agent.cpp
46 # An agent-implementation using a store instance to cache user replies.48 # An agent-implementation using a store instance to cache user replies.
47 core/trust/cached_agent.cpp49 core/trust/cached_agent.cpp
48 core/trust/cached_agent_glog_reporter.cpp50 core/trust/cached_agent_glog_reporter.cpp
4951
=== modified file 'src/core/trust/daemon.cpp'
--- src/core/trust/daemon.cpp 2014-10-07 19:27:18 +0000
+++ src/core/trust/daemon.cpp 2014-10-15 17:39:09 +0000
@@ -23,6 +23,7 @@
23#include <core/trust/expose.h>23#include <core/trust/expose.h>
24#include <core/trust/i18n.h>24#include <core/trust/i18n.h>
25#include <core/trust/store.h>25#include <core/trust/store.h>
26#include <core/trust/white_listing_agent.h>
2627
27#include <core/trust/mir_agent.h>28#include <core/trust/mir_agent.h>
2829
@@ -365,13 +366,16 @@
365 core::trust::CachedAgentGlogReporter::Configuration{})366 core::trust::CachedAgentGlogReporter::Configuration{})
366 });367 });
367 auto formatting_agent = std::make_shared<core::trust::AppIdFormattingTrustAgent>(cached_agent);368 auto formatting_agent = std::make_shared<core::trust::AppIdFormattingTrustAgent>(cached_agent);
369 auto whitelisting_agent = std::make_shared<core::trust::WhiteListingAgent>(
370 core::trust::WhiteListingAgent::always_grant_for_unconfined(),
371 formatting_agent);
368 auto remote_agent = remote_agent_factory(service_name, formatting_agent, dict);372 auto remote_agent = remote_agent_factory(service_name, formatting_agent, dict);
369373
370 return core::trust::Daemon::Skeleton::Configuration374 return core::trust::Daemon::Skeleton::Configuration
371 {375 {
372 service_name,376 service_name,
373 bus_from_name(vm[Parameters::StoreBus::name].as<std::string>()),377 bus_from_name(vm[Parameters::StoreBus::name].as<std::string>()),
374 {local_store, formatting_agent},378 {local_store, whitelisting_agent},
375 {remote_agent}379 {remote_agent}
376 };380 };
377}381}
378382
=== added file 'src/core/trust/white_listing_agent.cpp'
--- src/core/trust/white_listing_agent.cpp 1970-01-01 00:00:00 +0000
+++ src/core/trust/white_listing_agent.cpp 2014-10-15 17:39:09 +0000
@@ -0,0 +1,47 @@
1/*
2 * Copyright © 2014 Canonical Ltd.
3 *
4 * This program is free software: you can redistribute it and/or modify it
5 * under the terms of the GNU Lesser General Public License version 3,
6 * as published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU Lesser General Public License for more details.
12 *
13 * You should have received a copy of the GNU Lesser General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 *
16 * Authored by: Thomas Voß <thomas.voss@canonical.com>
17 */
18
19#include <core/trust/white_listing_agent.h>
20
21core::trust::WhiteListingAgent::WhiteListingPredicate core::trust::WhiteListingAgent::always_grant_for_unconfined()
22{
23 return [](const core::trust::Agent::RequestParameters& params) -> bool
24 {
25 return params.application.id == "unconfined";
26 };
27}
28
29core::trust::WhiteListingAgent::WhiteListingAgent(
30 core::trust::WhiteListingAgent::WhiteListingPredicate white_listing_predicate,
31 const std::shared_ptr<core::trust::Agent>& impl)
32 : white_listing_predicate{white_listing_predicate},
33 impl{impl}
34{
35 if (not impl) throw std::runtime_error
36 {
37 "Missing agent implementation."
38 };
39}
40
41core::trust::Request::Answer core::trust::WhiteListingAgent::authenticate_request_with_parameters(const core::trust::Agent::RequestParameters& parameters)
42{
43 if (white_listing_predicate(parameters))
44 return core::trust::Request::Answer::granted;
45
46 return impl->authenticate_request_with_parameters(parameters);
47}
048
=== added file 'src/core/trust/white_listing_agent.h'
--- src/core/trust/white_listing_agent.h 1970-01-01 00:00:00 +0000
+++ src/core/trust/white_listing_agent.h 2014-10-15 17:39:09 +0000
@@ -0,0 +1,52 @@
1/*
2 * Copyright © 2014 Canonical Ltd.
3 *
4 * This program is free software: you can redistribute it and/or modify it
5 * under the terms of the GNU Lesser General Public License version 3,
6 * as published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU Lesser General Public License for more details.
12 *
13 * You should have received a copy of the GNU Lesser General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 *
16 * Authored by: Thomas Voß <thomas.voss@canonical.com>
17 */
18
19#ifndef CORE_TRUST_WHITE_LISTING_AGENT_H_
20#define CORE_TRUST_WHITE_LISTING_AGENT_H_
21
22#include <core/trust/agent.h>
23
24namespace core
25{
26namespace trust
27{
28// An agent implementation that allows for selectively whitelisting app ids.
29class CORE_TRUST_DLL_PUBLIC WhiteListingAgent : public core::trust::Agent
30{
31public:
32 // A functor that is evaluated for every incoming requests.
33 // If it returns true, the request is immediately granted, otherwise passed on
34 // to the next agent.
35 typedef std::function<bool(const RequestParameters&)> WhiteListingPredicate;
36
37 // Returns a predicate that returns true iff the app id is 'unconfined'.
38 static WhiteListingPredicate always_grant_for_unconfined();
39
40 WhiteListingAgent(WhiteListingPredicate white_listing_predicate, const std::shared_ptr<Agent>& impl);
41
42 // From core::trust::Agent
43 Request::Answer authenticate_request_with_parameters(const RequestParameters& parameters) override;
44
45private:
46 WhiteListingPredicate white_listing_predicate;
47 std::shared_ptr<Agent> impl;
48};
49}
50}
51
52#endif // CORE_TRUST_WHITE_LISTING_AGENT_H_
053
=== modified file 'tests/CMakeLists.txt'
--- tests/CMakeLists.txt 2014-08-19 14:11:30 +0000
+++ tests/CMakeLists.txt 2014-10-15 17:39:09 +0000
@@ -49,6 +49,11 @@
49)49)
5050
51add_executable(51add_executable(
52 white_listing_agent_test
53 white_listing_agent_test.cpp
54)
55
56add_executable(
52 cached_agent_test57 cached_agent_test
53 cached_agent_test.cpp58 cached_agent_test.cpp
54)59)
@@ -132,6 +137,19 @@
132)137)
133138
134target_link_libraries(139target_link_libraries(
140 white_listing_agent_test
141
142 trust-store
143
144 gmock
145
146 gtest
147 gtest_main
148
149 ${PROCESS_CPP_LIBRARIES}
150)
151
152target_link_libraries(
135 cached_agent_test153 cached_agent_test
136154
137 trust-store155 trust-store
@@ -190,6 +208,7 @@
190add_test(remote_agent_test ${CMAKE_CURRENT_BINARY_DIR}/remote_agent_test)208add_test(remote_agent_test ${CMAKE_CURRENT_BINARY_DIR}/remote_agent_test)
191add_test(app_id_formatting_trust_agent_test ${CMAKE_CURRENT_BINARY_DIR}/app_id_formatting_trust_agent_test)209add_test(app_id_formatting_trust_agent_test ${CMAKE_CURRENT_BINARY_DIR}/app_id_formatting_trust_agent_test)
192add_test(cached_agent_test ${CMAKE_CURRENT_BINARY_DIR}/cached_agent_test)210add_test(cached_agent_test ${CMAKE_CURRENT_BINARY_DIR}/cached_agent_test)
211add_test(white_listing_agent_test ${CMAKE_CURRENT_BINARY_DIR}/white_listing_agent_test)
193# TODO(tvoss) Re-enable daemon tests once CI issues are resolved.212# TODO(tvoss) Re-enable daemon tests once CI issues are resolved.
194# add_test(daemon_test ${CMAKE_CURRENT_BINARY_DIR}/daemon_test)213# add_test(daemon_test ${CMAKE_CURRENT_BINARY_DIR}/daemon_test)
195add_test(dbus_test ${CMAKE_CURRENT_BINARY_DIR}/dbus_test)214add_test(dbus_test ${CMAKE_CURRENT_BINARY_DIR}/dbus_test)
196215
=== added file 'tests/white_listing_agent_test.cpp'
--- tests/white_listing_agent_test.cpp 1970-01-01 00:00:00 +0000
+++ tests/white_listing_agent_test.cpp 2014-10-15 17:39:09 +0000
@@ -0,0 +1,115 @@
1/*
2 * Copyright © 2013 Canonical Ltd.
3 *
4 * This program is free software: you can redistribute it and/or modify it
5 * under the terms of the GNU Lesser General Public License version 3,
6 * as published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU Lesser General Public License for more details.
12 *
13 * You should have received a copy of the GNU Lesser General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 *
16 * Authored by: Thomas Voß <thomas.voss@canonical.com>
17 */
18
19#include <core/trust/white_listing_agent.h>
20
21#include "mock_agent.h"
22#include "the.h"
23
24#include <gmock/gmock.h>
25
26namespace
27{
28std::shared_ptr<testing::NiceMock<MockAgent>> a_mocked_agent()
29{
30 return std::make_shared<testing::NiceMock<MockAgent>>();
31}
32
33struct MockWhiteListingPredicate
34{
35 core::trust::WhiteListingAgent::WhiteListingPredicate to_functional()
36 {
37 return [this](const core::trust::Agent::RequestParameters& params)
38 {
39 return is_whitelisted(params);
40 };
41 }
42
43 MOCK_METHOD1(is_whitelisted, bool(const core::trust::Agent::RequestParameters&));
44};
45}
46
47TEST(WhiteListingAgent, ctor_throws_for_null_agent)
48{
49 EXPECT_ANY_THROW(core::trust::WhiteListingAgent
50 (
51 core::trust::WhiteListingAgent::always_grant_for_unconfined(),
52 std::shared_ptr<core::trust::Agent>()
53 ));
54}
55
56TEST(WhiteListingAgent, invokes_predicate_for_incoming_request_and_dispatches_to_impl_for_non_whitelisted)
57{
58 using namespace ::testing;
59
60 auto mock_agent = a_mocked_agent();
61
62 auto params = the::default_request_parameters_for_testing();
63 params.application.id = params.application.id + std::string{"_app"} + std::string{"_1.2.3"};
64
65 MockWhiteListingPredicate wlp;
66 EXPECT_CALL(wlp, is_whitelisted(params))
67 .Times(1)
68 .WillRepeatedly(Return(false));
69
70 EXPECT_CALL(*mock_agent, authenticate_request_with_parameters(params))
71 .Times(1)
72 .WillRepeatedly(Return(core::trust::Request::Answer::denied));
73
74 core::trust::WhiteListingAgent agent{wlp.to_functional(), mock_agent};
75
76 EXPECT_EQ(core::trust::Request::Answer::denied,
77 agent.authenticate_request_with_parameters(params));
78}
79
80TEST(WhiteListingAgent, invokes_predicate_for_incoming_request_and_returns_immediately_for_non_whitelisted)
81{
82 using namespace ::testing;
83
84 auto mock_agent = a_mocked_agent();
85
86 auto params = the::default_request_parameters_for_testing();
87 params.application.id = params.application.id + std::string{"_app"} + std::string{"_1.2.3"};
88
89 MockWhiteListingPredicate wlp;
90 EXPECT_CALL(wlp, is_whitelisted(params))
91 .Times(1)
92 .WillRepeatedly(Return(true));
93
94 EXPECT_CALL(*mock_agent, authenticate_request_with_parameters(params))
95 .Times(0);
96
97 core::trust::WhiteListingAgent agent{wlp.to_functional(), mock_agent};
98
99 EXPECT_EQ(core::trust::Request::Answer::granted,
100 agent.authenticate_request_with_parameters(params));
101}
102
103TEST(WhiteListingAgent, unconfined_predicate_only_returns_true_for_unconfined)
104{
105 using namespace ::testing;
106
107 auto predicate = core::trust::WhiteListingAgent::always_grant_for_unconfined();
108
109 auto params = the::default_request_parameters_for_testing();
110 params.application.id = params.application.id + std::string{"_app"} + std::string{"_1.2.3"};
111
112 EXPECT_FALSE(predicate(params));
113 params.application.id = "unconfined";
114 EXPECT_TRUE(predicate(params));
115}

Subscribers

People subscribed via source and target branches