tpm_manager: Add implementation for RemoveOwnerDependencybrillo-m7-release brillo-m7-mr-dev brillo-m7-dev

This CL adds the backend implementation to remove tpm owner dependencies in TpmManager Bug: 24059577 TEST=remove owner dependency on DUT and observe local data proto Change-Id: I6bb008e28788c22a0a8f659c1335226c17468b7c
author: Utkarsh Sanghi <usanghi@google.com> 2015-10-27 21:42:48 -0700
committer: Utkarsh Sanghi <usanghi@google.com> 2015-11-02 13:06:33 -0800
commit: 3d4bda022ae92db15a5b28ad9b22b8cede3fa7ea (patch)
tree: f78439af539e946cc8fca3e1cd0b2c75bca624b0
parent: cabb381ef2970e1be85b1678381f8cac1b731401 (diff)
download: tpm_manager-brillo-m7-mr-dev.tar.gz
3 files changed, 143 insertions, 3 deletions
diff --git a/server/tpm_manager_service.cc b/server/tpm_manager_service.cc
index fe56127..522792b 100644
--- a/server/tpm_manager_service.cc
+++ b/server/tpm_manager_service.cc
@@ -122,7 +122,35 @@ void TpmManagerService::RemoveOwnerDependencyTask(
     const RemoveOwnerDependencyRequest& request,
     const std::shared_ptr<RemoveOwnerDependencyReply>& result) {
   VLOG(1) << __func__;
-  result->set_status(STATUS_NOT_AVAILABLE);
+  LocalData local_data;
+  if (!local_data_store_->Read(&local_data)) {
+    result->set_status(STATUS_UNEXPECTED_DEVICE_ERROR);
+    return;
+  }
+  RemoveOwnerDependency(request.owner_dependency(), &local_data);
+  if (!local_data_store_->Write(local_data)) {
+    result->set_status(STATUS_UNEXPECTED_DEVICE_ERROR);
+    return;
+  }
+  result->set_status(STATUS_SUCCESS);
+}
+
+void TpmManagerService::RemoveOwnerDependency(
+    const std::string& owner_dependency, LocalData* local_data) {
+  google::protobuf::RepeatedPtrField<std::string>* dependencies =
+      local_data->mutable_owner_dependency();
+  for (int i = 0; i < dependencies->size(); i++) {
+    if (dependencies->Get(i) == owner_dependency) {
+      dependencies->SwapElements(i, (dependencies->size() - 1));
+      dependencies->RemoveLast();
+      break;
+    }
+  }
+  if (dependencies->empty()) {
+    local_data->clear_owner_password();
+    local_data->clear_endorsement_password();
+    local_data->clear_lockout_password();
+  }
 }
 
 void TpmManagerService::DefineNvram(const DefineNvramRequest& request,
diff --git a/server/tpm_manager_service.h b/server/tpm_manager_service.h
index 9bf6c6d..b644a14 100644
--- a/server/tpm_manager_service.h
+++ b/server/tpm_manager_service.h
@@ -135,6 +135,12 @@ class TpmManagerService : public TpmNvramInterface,
       const RemoveOwnerDependencyRequest& request,
       const std::shared_ptr<RemoveOwnerDependencyReply>& result);
 
+  // Removes a |owner_dependency| from the list of owner dependencies in
+  // |local_data|. If |owner_dependency| is not present in |local_data|,
+  // this method does nothing.
+  static void RemoveOwnerDependency(const std::string& owner_dependency,
+                                    LocalData* local_data);
+
   // Blocking implementation of DefineNvram that can be executed on the
   // background worker thread.
   void DefineNvramTask(const DefineNvramRequest& request,
diff --git a/server/tpm_manager_service_test.cc b/server/tpm_manager_service_test.cc
index 0ef9887..63e4c70 100644
--- a/server/tpm_manager_service_test.cc
+++ b/server/tpm_manager_service_test.cc
@@ -29,8 +29,17 @@ using testing::AtLeast;
 using testing::Invoke;
 using testing::NiceMock;
 using testing::Return;
+using testing::SaveArg;
 using testing::SetArgPointee;
 
+namespace {
+
+const char kOwnerPassword[] = "owner";
+const char kOwnerDependency[] = "owner_dependency";
+const char kOtherDependency[] = "other_dependency";
+
+}
+
 namespace tpm_manager {
 
 // A test fixture that takes care of message loop management and configuring a
@@ -145,7 +154,7 @@ TEST_F(TpmManagerServiceTest, GetTpmStatusSuccess) {
         return true;
       }));
   LocalData local_data;
-  local_data.set_owner_password("test");
+  local_data.set_owner_password(kOwnerPassword);
   EXPECT_CALL(mock_local_data_store_, Read(_))
       .WillRepeatedly(DoAll(SetArgPointee<0>(local_data), Return(true)));
 
@@ -153,7 +162,7 @@ TEST_F(TpmManagerServiceTest, GetTpmStatusSuccess) {
     EXPECT_EQ(STATUS_SUCCESS, reply.status());
     EXPECT_TRUE(reply.enabled());
     EXPECT_TRUE(reply.owned());
-    EXPECT_EQ("test", reply.local_data().owner_password());
+    EXPECT_EQ(kOwnerPassword, reply.local_data().owner_password());
     EXPECT_EQ(5, reply.dictionary_attack_counter());
     EXPECT_EQ(6, reply.dictionary_attack_threshold());
     EXPECT_TRUE(reply.dictionary_attack_lockout_in_effect());
@@ -239,6 +248,103 @@ TEST_F(TpmManagerServiceTest, TakeOwnershipNoTpm) {
   Run();
 }
 
+TEST_F(TpmManagerServiceTest, RemoveOwnerDependencyReadFailure) {
+  EXPECT_CALL(mock_local_data_store_, Read(_))
+    .WillRepeatedly(Return(false));
+  auto callback = [this](const RemoveOwnerDependencyReply& reply) {
+    EXPECT_EQ(STATUS_UNEXPECTED_DEVICE_ERROR, reply.status());
+    Quit();
+  };
+  RemoveOwnerDependencyRequest request;
+  request.set_owner_dependency(kOwnerDependency);
+  service_->RemoveOwnerDependency(request, base::Bind(callback));
+  Run();
+}
+
+TEST_F(TpmManagerServiceTest, RemoveOwnerDependencyWriteFailure) {
+  EXPECT_CALL(mock_local_data_store_, Write(_))
+    .WillRepeatedly(Return(false));
+  auto callback = [this](const RemoveOwnerDependencyReply& reply) {
+    EXPECT_EQ(STATUS_UNEXPECTED_DEVICE_ERROR, reply.status());
+    Quit();
+  };
+  RemoveOwnerDependencyRequest request;
+  request.set_owner_dependency(kOwnerDependency);
+  service_->RemoveOwnerDependency(request, base::Bind(callback));
+  Run();
+}
+
+TEST_F(TpmManagerServiceTest, RemoveOwnerDependencyNotCleared) {
+  LocalData local_data;
+  local_data.set_owner_password(kOwnerPassword);
+  local_data.add_owner_dependency(kOwnerDependency);
+  local_data.add_owner_dependency(kOtherDependency);
+  EXPECT_CALL(mock_local_data_store_, Read(_))
+      .WillOnce(DoAll(SetArgPointee<0>(local_data),
+                      Return(true)));
+  EXPECT_CALL(mock_local_data_store_, Write(_))
+      .WillOnce(DoAll(SaveArg<0>(&local_data),
+                      Return(true)));
+  auto callback = [this, &local_data](const RemoveOwnerDependencyReply& reply) {
+    EXPECT_EQ(STATUS_SUCCESS, reply.status());
+    EXPECT_EQ(1, local_data.owner_dependency_size());
+    EXPECT_EQ(kOtherDependency, local_data.owner_dependency(0));
+    EXPECT_TRUE(local_data.has_owner_password());
+    EXPECT_EQ(kOwnerPassword, local_data.owner_password());
+    Quit();
+  };
+  RemoveOwnerDependencyRequest request;
+  request.set_owner_dependency(kOwnerDependency);
+  service_->RemoveOwnerDependency(request, base::Bind(callback));
+  Run();
+}
+
+TEST_F(TpmManagerServiceTest, RemoveOwnerDependencyCleared) {
+  LocalData local_data;
+  local_data.set_owner_password(kOwnerPassword);
+  local_data.add_owner_dependency(kOwnerDependency);
+  EXPECT_CALL(mock_local_data_store_, Read(_))
+      .WillOnce(DoAll(SetArgPointee<0>(local_data),
+                      Return(true)));
+  EXPECT_CALL(mock_local_data_store_, Write(_))
+      .WillOnce(DoAll(SaveArg<0>(&local_data),
+                      Return(true)));
+  auto callback = [this, &local_data](const RemoveOwnerDependencyReply& reply) {
+    EXPECT_EQ(STATUS_SUCCESS, reply.status());
+    EXPECT_EQ(0, local_data.owner_dependency_size());
+    EXPECT_FALSE(local_data.has_owner_password());
+    Quit();
+  };
+  RemoveOwnerDependencyRequest request;
+  request.set_owner_dependency(kOwnerDependency);
+  service_->RemoveOwnerDependency(request, base::Bind(callback));
+  Run();
+}
+
+TEST_F(TpmManagerServiceTest, RemoveOwnerDependencyNotPresent) {
+  LocalData local_data;
+  local_data.set_owner_password(kOwnerPassword);
+  local_data.add_owner_dependency(kOwnerDependency);
+  EXPECT_CALL(mock_local_data_store_, Read(_))
+      .WillOnce(DoAll(SetArgPointee<0>(local_data),
+                      Return(true)));
+  EXPECT_CALL(mock_local_data_store_, Write(_))
+      .WillOnce(DoAll(SaveArg<0>(&local_data),
+                      Return(true)));
+  auto callback = [this, &local_data](const RemoveOwnerDependencyReply& reply) {
+    EXPECT_EQ(STATUS_SUCCESS, reply.status());
+    EXPECT_EQ(1, local_data.owner_dependency_size());
+    EXPECT_EQ(kOwnerDependency, local_data.owner_dependency(0));
+    EXPECT_TRUE(local_data.has_owner_password());
+    EXPECT_EQ(kOwnerPassword, local_data.owner_password());
+    Quit();
+  };
+  RemoveOwnerDependencyRequest request;
+  request.set_owner_dependency(kOtherDependency);
+  service_->RemoveOwnerDependency(request, base::Bind(callback));
+  Run();
+}
+
 TEST_F(TpmManagerServiceTest, DefineNvramFailure) {
   uint32_t nvram_index = 5;
   size_t nvram_length = 32;
author	Utkarsh Sanghi <usanghi@google.com>	2015-10-27 21:42:48 -0700
committer	Utkarsh Sanghi <usanghi@google.com>	2015-11-02 13:06:33 -0800
commit	3d4bda022ae92db15a5b28ad9b22b8cede3fa7ea (patch)
tree	f78439af539e946cc8fca3e1cd0b2c75bca624b0
parent	cabb381ef2970e1be85b1678381f8cac1b731401 (diff)
download	tpm_manager-brillo-m7-mr-dev.tar.gz