1c1ed15f1Sopenharmony_ci/* 2c1ed15f1Sopenharmony_ci * Copyright (c) 2022 Huawei Device Co., Ltd. 3c1ed15f1Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4c1ed15f1Sopenharmony_ci * you may not use this file except in compliance with the License. 5c1ed15f1Sopenharmony_ci * You may obtain a copy of the License at 6c1ed15f1Sopenharmony_ci * 7c1ed15f1Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8c1ed15f1Sopenharmony_ci * 9c1ed15f1Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10c1ed15f1Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11c1ed15f1Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12c1ed15f1Sopenharmony_ci * See the License for the specific language governing permissions and 13c1ed15f1Sopenharmony_ci * limitations under the License. 14c1ed15f1Sopenharmony_ci */ 15c1ed15f1Sopenharmony_ci 16c1ed15f1Sopenharmony_ci#include "unit_test.h" 17c1ed15f1Sopenharmony_ci#include "selinux_error.h" 18c1ed15f1Sopenharmony_ci#include "service_checker.h" 19c1ed15f1Sopenharmony_ci#include "hdf_service_checker.h" 20c1ed15f1Sopenharmony_ci#include "test_common.h" 21c1ed15f1Sopenharmony_ci 22c1ed15f1Sopenharmony_cinamespace OHOS { 23c1ed15f1Sopenharmony_cinamespace Security { 24c1ed15f1Sopenharmony_cinamespace SelinuxUnitTest { 25c1ed15f1Sopenharmony_ciusing namespace testing::ext; 26c1ed15f1Sopenharmony_ciusing namespace Selinux; 27c1ed15f1Sopenharmony_ciconst static std::string TEST_SERVICE_NAME = "test_service"; 28c1ed15f1Sopenharmony_ciconst static std::string DEFAULT_SERVICE = "default_service"; 29c1ed15f1Sopenharmony_ciconst static std::string DEFAULT_HDF_SERVICE = "default_hdf_service"; 30c1ed15f1Sopenharmony_ciconst static std::string invalidSid = "invalid_sid"; 31c1ed15f1Sopenharmony_ci 32c1ed15f1Sopenharmony_civoid SelinuxUnitTest::SetUpTestCase() 33c1ed15f1Sopenharmony_ci{ 34c1ed15f1Sopenharmony_ci // make test case clean 35c1ed15f1Sopenharmony_ci} 36c1ed15f1Sopenharmony_ci 37c1ed15f1Sopenharmony_civoid SelinuxUnitTest::TearDownTestCase() {} 38c1ed15f1Sopenharmony_ci 39c1ed15f1Sopenharmony_civoid SelinuxUnitTest::SetUp() {} 40c1ed15f1Sopenharmony_ci 41c1ed15f1Sopenharmony_civoid SelinuxUnitTest::TearDown() {} 42c1ed15f1Sopenharmony_ci 43c1ed15f1Sopenharmony_civoid SelinuxUnitTest::CreateDataFile() const {} 44c1ed15f1Sopenharmony_ci 45c1ed15f1Sopenharmony_ciint GetSidForCurrentProcess(std::string &sid) 46c1ed15f1Sopenharmony_ci{ 47c1ed15f1Sopenharmony_ci char *con = nullptr; 48c1ed15f1Sopenharmony_ci if (getcon(&con) < 0) { 49c1ed15f1Sopenharmony_ci return -1; 50c1ed15f1Sopenharmony_ci } 51c1ed15f1Sopenharmony_ci sid = con; 52c1ed15f1Sopenharmony_ci freecon(con); 53c1ed15f1Sopenharmony_ci return 0; 54c1ed15f1Sopenharmony_ci} 55c1ed15f1Sopenharmony_ci 56c1ed15f1Sopenharmony_ci/** 57c1ed15f1Sopenharmony_ci * @tc.name: HdfListServiceCheck001 58c1ed15f1Sopenharmony_ci * @tc.desc: HdfListServiceCheck test. 59c1ed15f1Sopenharmony_ci * @tc.type: FUNC 60c1ed15f1Sopenharmony_ci * @tc.require:AR000GJSDS 61c1ed15f1Sopenharmony_ci */ 62c1ed15f1Sopenharmony_ciHWTEST_F(SelinuxUnitTest, HdfListServiceCheck001, TestSize.Level1) 63c1ed15f1Sopenharmony_ci{ 64c1ed15f1Sopenharmony_ci std::string sid; 65c1ed15f1Sopenharmony_ci if (GetSidForCurrentProcess(sid) < 0) { 66c1ed15f1Sopenharmony_ci return; 67c1ed15f1Sopenharmony_ci } 68c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_CHECK_CONTEXT_ERROR, HdfListServiceCheck(invalidSid.c_str())); 69c1ed15f1Sopenharmony_ci ASSERT_EQ(SELINUX_SUCC, HdfListServiceCheck(sid.c_str())); 70c1ed15f1Sopenharmony_ci std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { list } for service=hdf_devmgr_class sid=" + 71c1ed15f1Sopenharmony_ci sid + "' | grep 'tclass=hdf_devmgr_class'"; 72c1ed15f1Sopenharmony_ci std::string cmdRes = RunCommand(cmd); 73c1ed15f1Sopenharmony_ci ASSERT_TRUE(cmdRes.find("hdf_devmgr_class") != std::string::npos); 74c1ed15f1Sopenharmony_ci} 75c1ed15f1Sopenharmony_ci 76c1ed15f1Sopenharmony_ci/** 77c1ed15f1Sopenharmony_ci * @tc.name: HdfGetServiceCheck001 78c1ed15f1Sopenharmony_ci * @tc.desc: HdfGetServiceCheck test. 79c1ed15f1Sopenharmony_ci * @tc.type: FUNC 80c1ed15f1Sopenharmony_ci * @tc.require:AR000GJSDS 81c1ed15f1Sopenharmony_ci */ 82c1ed15f1Sopenharmony_ciHWTEST_F(SelinuxUnitTest, HdfGetServiceCheck001, TestSize.Level1) 83c1ed15f1Sopenharmony_ci{ 84c1ed15f1Sopenharmony_ci std::string sid; 85c1ed15f1Sopenharmony_ci if (GetSidForCurrentProcess(sid) < 0) { 86c1ed15f1Sopenharmony_ci return; 87c1ed15f1Sopenharmony_ci } 88c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_CHECK_CONTEXT_ERROR, HdfGetServiceCheck(invalidSid.c_str(), TEST_SERVICE_NAME.c_str())); 89c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_PTR_NULL, HdfGetServiceCheck(sid.c_str(), nullptr)); 90c1ed15f1Sopenharmony_ci ASSERT_EQ(SELINUX_SUCC, HdfGetServiceCheck(sid.c_str(), TEST_SERVICE_NAME.c_str())); 91c1ed15f1Sopenharmony_ci std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { get } for service=" + TEST_SERVICE_NAME + 92c1ed15f1Sopenharmony_ci " sid=" + sid + "' | grep 'tclass=hdf_devmgr_class'"; 93c1ed15f1Sopenharmony_ci std::string cmdRes = RunCommand(cmd); 94c1ed15f1Sopenharmony_ci ASSERT_TRUE(cmdRes.find(TEST_SERVICE_NAME) != std::string::npos); 95c1ed15f1Sopenharmony_ci} 96c1ed15f1Sopenharmony_ci 97c1ed15f1Sopenharmony_ci/** 98c1ed15f1Sopenharmony_ci * @tc.name: HdfAddServiceCheck001 99c1ed15f1Sopenharmony_ci * @tc.desc: HdfAddServiceCheck test. 100c1ed15f1Sopenharmony_ci * @tc.type: FUNC 101c1ed15f1Sopenharmony_ci * @tc.require:AR000GJSDS 102c1ed15f1Sopenharmony_ci */ 103c1ed15f1Sopenharmony_ciHWTEST_F(SelinuxUnitTest, HdfAddServiceCheck001, TestSize.Level1) 104c1ed15f1Sopenharmony_ci{ 105c1ed15f1Sopenharmony_ci std::string sid; 106c1ed15f1Sopenharmony_ci if (GetSidForCurrentProcess(sid) < 0) { 107c1ed15f1Sopenharmony_ci return; 108c1ed15f1Sopenharmony_ci } 109c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_CHECK_CONTEXT_ERROR, HdfAddServiceCheck(invalidSid.c_str(), TEST_SERVICE_NAME.c_str())); 110c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_PTR_NULL, HdfAddServiceCheck(sid.c_str(), nullptr)); 111c1ed15f1Sopenharmony_ci ASSERT_EQ(SELINUX_SUCC, HdfAddServiceCheck(sid.c_str(), TEST_SERVICE_NAME.c_str())); 112c1ed15f1Sopenharmony_ci std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { add } for service=" + TEST_SERVICE_NAME + 113c1ed15f1Sopenharmony_ci " sid=" + sid + "' | grep 'tclass=hdf_devmgr_class'"; 114c1ed15f1Sopenharmony_ci std::string cmdRes = RunCommand(cmd); 115c1ed15f1Sopenharmony_ci ASSERT_TRUE(cmdRes.find(TEST_SERVICE_NAME) != std::string::npos); 116c1ed15f1Sopenharmony_ci} 117c1ed15f1Sopenharmony_ci 118c1ed15f1Sopenharmony_ci/** 119c1ed15f1Sopenharmony_ci * @tc.name: ListServiceCheck001 120c1ed15f1Sopenharmony_ci * @tc.desc: ListServiceCheck test. 121c1ed15f1Sopenharmony_ci * @tc.type: FUNC 122c1ed15f1Sopenharmony_ci * @tc.require:AR000GJSDS 123c1ed15f1Sopenharmony_ci */ 124c1ed15f1Sopenharmony_ciHWTEST_F(SelinuxUnitTest, ListServiceCheck001, TestSize.Level1) 125c1ed15f1Sopenharmony_ci{ 126c1ed15f1Sopenharmony_ci std::string sid; 127c1ed15f1Sopenharmony_ci if (GetSidForCurrentProcess(sid) < 0) { 128c1ed15f1Sopenharmony_ci return; 129c1ed15f1Sopenharmony_ci } 130c1ed15f1Sopenharmony_ci ServiceChecker service(false); 131c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_CHECK_CONTEXT_ERROR, service.ListServiceCheck(invalidSid)); 132c1ed15f1Sopenharmony_ci ASSERT_EQ(SELINUX_SUCC, service.ListServiceCheck(sid)); 133c1ed15f1Sopenharmony_ci std::string cmd = 134c1ed15f1Sopenharmony_ci "hilog -T Selinux -x | grep 'avc: denied { list } for service=samgr_class sid=" + sid + 135c1ed15f1Sopenharmony_ci "' | grep 'tclass=samgr_class'"; 136c1ed15f1Sopenharmony_ci std::string cmdRes = RunCommand(cmd); 137c1ed15f1Sopenharmony_ci ASSERT_TRUE(cmdRes.find("samgr_class") != std::string::npos); 138c1ed15f1Sopenharmony_ci} 139c1ed15f1Sopenharmony_ci 140c1ed15f1Sopenharmony_ci/** 141c1ed15f1Sopenharmony_ci * @tc.name: GetServiceCheck001 142c1ed15f1Sopenharmony_ci * @tc.desc: GetServiceCheck test. 143c1ed15f1Sopenharmony_ci * @tc.type: FUNC 144c1ed15f1Sopenharmony_ci * @tc.require:AR000GJSDS 145c1ed15f1Sopenharmony_ci */ 146c1ed15f1Sopenharmony_ciHWTEST_F(SelinuxUnitTest, GetServiceCheck001, TestSize.Level1) 147c1ed15f1Sopenharmony_ci{ 148c1ed15f1Sopenharmony_ci std::string sid; 149c1ed15f1Sopenharmony_ci if (GetSidForCurrentProcess(sid) < 0) { 150c1ed15f1Sopenharmony_ci return; 151c1ed15f1Sopenharmony_ci } 152c1ed15f1Sopenharmony_ci ServiceChecker service(false); 153c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_CHECK_CONTEXT_ERROR, service.GetServiceCheck(invalidSid, TEST_SERVICE_NAME)); 154c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_ARG_INVALID, service.GetServiceCheck(sid, "")); 155c1ed15f1Sopenharmony_ci ASSERT_EQ(SELINUX_SUCC, service.GetServiceCheck(sid, TEST_SERVICE_NAME)); 156c1ed15f1Sopenharmony_ci std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { get } for service=" + TEST_SERVICE_NAME + 157c1ed15f1Sopenharmony_ci " sid=" + sid + "' | grep 'tclass=samgr_class'"; 158c1ed15f1Sopenharmony_ci std::string cmdRes = RunCommand(cmd); 159c1ed15f1Sopenharmony_ci ASSERT_TRUE(cmdRes.find(TEST_SERVICE_NAME) != std::string::npos); 160c1ed15f1Sopenharmony_ci} 161c1ed15f1Sopenharmony_ci 162c1ed15f1Sopenharmony_ci/** 163c1ed15f1Sopenharmony_ci * @tc.name: GetRemoteServiceCheck001 164c1ed15f1Sopenharmony_ci * @tc.desc: GetRemoteServiceCheck test. 165c1ed15f1Sopenharmony_ci * @tc.type: FUNC 166c1ed15f1Sopenharmony_ci * @tc.require:AR000GJSDS 167c1ed15f1Sopenharmony_ci */ 168c1ed15f1Sopenharmony_ciHWTEST_F(SelinuxUnitTest, GetRemoteServiceCheck001, TestSize.Level1) 169c1ed15f1Sopenharmony_ci{ 170c1ed15f1Sopenharmony_ci std::string sid; 171c1ed15f1Sopenharmony_ci if (GetSidForCurrentProcess(sid) < 0) { 172c1ed15f1Sopenharmony_ci return; 173c1ed15f1Sopenharmony_ci } 174c1ed15f1Sopenharmony_ci ServiceChecker service(false); 175c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_CHECK_CONTEXT_ERROR, service.GetRemoteServiceCheck(invalidSid, TEST_SERVICE_NAME)); 176c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_ARG_INVALID, service.GetRemoteServiceCheck(sid, "")); 177c1ed15f1Sopenharmony_ci ASSERT_EQ(SELINUX_SUCC, service.GetRemoteServiceCheck(sid, TEST_SERVICE_NAME)); 178c1ed15f1Sopenharmony_ci std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { get_remote } for service=" + TEST_SERVICE_NAME + 179c1ed15f1Sopenharmony_ci " sid=" + sid + "' | grep 'tclass=samgr_class'"; 180c1ed15f1Sopenharmony_ci std::string cmdRes = RunCommand(cmd); 181c1ed15f1Sopenharmony_ci ASSERT_TRUE(cmdRes.find(TEST_SERVICE_NAME) != std::string::npos); 182c1ed15f1Sopenharmony_ci} 183c1ed15f1Sopenharmony_ci 184c1ed15f1Sopenharmony_ci/** 185c1ed15f1Sopenharmony_ci * @tc.name: AddServiceCheck001 186c1ed15f1Sopenharmony_ci * @tc.desc: AddServiceCheck test. 187c1ed15f1Sopenharmony_ci * @tc.type: FUNC 188c1ed15f1Sopenharmony_ci * @tc.require:AR000GJSDS 189c1ed15f1Sopenharmony_ci */ 190c1ed15f1Sopenharmony_ciHWTEST_F(SelinuxUnitTest, AddServiceCheck001, TestSize.Level1) 191c1ed15f1Sopenharmony_ci{ 192c1ed15f1Sopenharmony_ci std::string sid; 193c1ed15f1Sopenharmony_ci if (GetSidForCurrentProcess(sid) < 0) { 194c1ed15f1Sopenharmony_ci return; 195c1ed15f1Sopenharmony_ci } 196c1ed15f1Sopenharmony_ci ServiceChecker service(false); 197c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_CHECK_CONTEXT_ERROR, service.AddServiceCheck(invalidSid, TEST_SERVICE_NAME)); 198c1ed15f1Sopenharmony_ci ASSERT_EQ(-SELINUX_ARG_INVALID, service.AddServiceCheck(sid, "")); 199c1ed15f1Sopenharmony_ci ASSERT_EQ(SELINUX_SUCC, service.AddServiceCheck(sid, TEST_SERVICE_NAME)); 200c1ed15f1Sopenharmony_ci std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { add } for service=" + TEST_SERVICE_NAME + 201c1ed15f1Sopenharmony_ci " sid=" + sid + "' | grep 'tclass=samgr_class'"; 202c1ed15f1Sopenharmony_ci std::string cmdRes = RunCommand(cmd); 203c1ed15f1Sopenharmony_ci ASSERT_TRUE(cmdRes.find(TEST_SERVICE_NAME) != std::string::npos); 204c1ed15f1Sopenharmony_ci} 205c1ed15f1Sopenharmony_ci} // namespace SelinuxUnitTest 206c1ed15f1Sopenharmony_ci} // namespace Security 207c1ed15f1Sopenharmony_ci} // namespace OHOS 208