1 /*
2 * Copyright (c) 2021 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <gtest/gtest.h>
16
17 #include "param_manager.h"
18 #include "param_security.h"
19 #include "param_stub.h"
20 #include "param_utils.h"
21 #include "securec.h"
22
23 using namespace testing::ext;
24 using namespace std;
25
26 namespace init_ut {
27 class DacUnitTest : public ::testing::Test {
28 public:
DacUnitTest()29 DacUnitTest() {}
~DacUnitTest()30 virtual ~DacUnitTest() {}
31
SetUp()32 void SetUp() {}
TearDown()33 void TearDown() {}
TestBody()34 void TestBody() {}
35
TestDacInitLocalLabel()36 int TestDacInitLocalLabel()
37 {
38 int ret = RegisterSecurityDacOps(nullptr, LABEL_INIT_FOR_INIT);
39 EXPECT_NE(ret, 0);
40 ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT);
41 EXPECT_EQ(ret, 0);
42
43 if (initParamSecurityOps.securityInitLabel == nullptr || initParamSecurityOps.securityFreeLabel == nullptr) {
44 return -1;
45 }
46 ParamSecurityLabel label = {};
47 ret = initParamSecurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT);
48 EXPECT_EQ(ret, 0);
49 ret = initParamSecurityOps.securityFreeLabel(&label);
50 EXPECT_EQ(ret, 0);
51 return 0;
52 }
53
TestDacGetLabel()54 int TestDacGetLabel()
55 {
56 int ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT);
57 EXPECT_EQ(ret, 0);
58 if (initParamSecurityOps.securityGetLabel == nullptr) {
59 return -1;
60 }
61 // get label from file
62 ret = initParamSecurityOps.securityGetLabel(STARTUP_INIT_UT_PATH "/system/etc/param/ohos.para.dac");
63 return ret;
64 }
65
TestDacCheckFilePermission(const char *fileName)66 int TestDacCheckFilePermission(const char *fileName)
67 {
68 int ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT);
69 EXPECT_EQ(ret, 0);
70 if (initParamSecurityOps.securityCheckFilePermission == nullptr) {
71 return -1;
72 }
73 ParamSecurityLabel label = {};
74 ret = initParamSecurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT);
75 EXPECT_EQ(ret, 0);
76 ret = initParamSecurityOps.securityCheckFilePermission(&label, fileName, DAC_WRITE);
77 EXPECT_EQ(ret, 0);
78 ret = initParamSecurityOps.securityFreeLabel(&label);
79 EXPECT_EQ(ret, 0);
80 return 0;
81 }
82
TestDacCheckParaPermission(const char *name, ParamDacData *dacData, int mode)83 int TestDacCheckParaPermission(const char *name, ParamDacData *dacData, int mode)
84 {
85 int ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT);
86 EXPECT_EQ(ret, 0);
87 if (initParamSecurityOps.securityCheckFilePermission == nullptr) {
88 return -1;
89 }
90 ParamAuditData auditData = {};
91 auditData.name = name;
92 ret = memcpy_s(&auditData.dacData, sizeof(auditData.dacData), dacData, sizeof(auditData.dacData));
93 EXPECT_EQ(ret, 0);
94 ret = AddSecurityLabel(&auditData);
95 EXPECT_EQ(ret, 0);
96 ParamSecurityLabel srclabel = {};
97 ret = initParamSecurityOps.securityInitLabel(&srclabel, LABEL_INIT_FOR_INIT);
98 EXPECT_EQ(ret, 0);
99 ret = initParamSecurityOps.securityCheckParamPermission(TestGetParamLabelIndex(name), &srclabel, name, mode);
100 initParamSecurityOps.securityFreeLabel(&srclabel);
101 return ret;
102 }
103
TestClientDacCheckFilePermission(const char *fileName)104 int TestClientDacCheckFilePermission(const char *fileName)
105 {
106 int ret = RegisterSecurityDacOps(&clientParamSercurityOps, 0);
107 EXPECT_EQ(ret, 0);
108 if (clientParamSercurityOps.securityGetLabel != nullptr) {
109 EXPECT_EQ(1, 0);
110 }
111 if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
112 EXPECT_EQ(1, 0);
113 return -1;
114 }
115 ParamSecurityLabel label = {};
116 ret = clientParamSercurityOps.securityInitLabel(&label, 0);
117 EXPECT_EQ(ret, 0);
118 ret = clientParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_READ);
119 EXPECT_EQ(ret, 0);
120 ret = clientParamSercurityOps.securityFreeLabel(&label);
121 EXPECT_EQ(ret, 0);
122 return 0;
123 }
124
125 private:
126 ParamSecurityOps initParamSecurityOps {};
127 ParamSecurityOps clientParamSercurityOps {};
128 };
129
HWTEST_F(DacUnitTest, Init_TestDacInitLocalLabel_001, TestSize.Level0)130 HWTEST_F(DacUnitTest, Init_TestDacInitLocalLabel_001, TestSize.Level0)
131 {
132 DacUnitTest test;
133 test.TestDacInitLocalLabel();
134 }
135
HWTEST_F(DacUnitTest, Init_TestDacCheckFilePermission_001, TestSize.Level0)136 HWTEST_F(DacUnitTest, Init_TestDacCheckFilePermission_001, TestSize.Level0)
137 {
138 DacUnitTest test;
139 test.TestDacCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
140 }
141
HWTEST_F(DacUnitTest, Init_TestDacCheckUserParaPermission_001, TestSize.Level0)142 HWTEST_F(DacUnitTest, Init_TestDacCheckUserParaPermission_001, TestSize.Level0)
143 {
144 // 相同用户
145 DacUnitTest test;
146 ParamDacData dacData;
147 dacData.gid = getegid();
148 dacData.uid = geteuid();
149 // read
150 dacData.mode = 0400;
151 int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ);
152 EXPECT_EQ(ret, 0);
153 dacData.mode = 0400;
154 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE);
155 EXPECT_NE(ret, 0);
156 dacData.mode = 0400;
157 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH);
158 EXPECT_NE(ret, 0);
159
160 // write
161 dacData.mode = 0200;
162 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ);
163 EXPECT_NE(ret, 0);
164 dacData.mode = 0200;
165 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE);
166 EXPECT_EQ(ret, 0);
167 dacData.mode = 0200;
168 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH);
169 EXPECT_NE(ret, 0);
170
171 // watch
172 dacData.mode = 0100;
173 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ);
174 EXPECT_NE(ret, 0);
175 dacData.mode = 0100;
176 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE);
177 EXPECT_NE(ret, 0);
178 dacData.mode = 0100;
179 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH);
180 EXPECT_EQ(ret, 0);
181 }
182
HWTEST_F(DacUnitTest, Init_TestDacCheckGroupParaPermission_001, TestSize.Level0)183 HWTEST_F(DacUnitTest, Init_TestDacCheckGroupParaPermission_001, TestSize.Level0)
184 {
185 // 相同组
186 DacUnitTest test;
187 ParamDacData dacData;
188 dacData.gid = getegid();
189 dacData.uid = 13333;
190 // read
191 dacData.mode = 0040;
192 int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ);
193 EXPECT_EQ(ret, 0);
194 dacData.mode = 0040;
195 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE);
196 EXPECT_NE(ret, 0);
197 dacData.mode = 0040;
198 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH);
199 EXPECT_NE(ret, 0);
200
201 // write
202 dacData.mode = 0020;
203 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ);
204 EXPECT_NE(ret, 0);
205 dacData.mode = 0020;
206 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE);
207 EXPECT_EQ(ret, 0);
208 dacData.mode = 0020;
209 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH);
210 EXPECT_NE(ret, 0);
211
212 // watch
213 dacData.mode = 0010;
214 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ);
215 EXPECT_NE(ret, 0);
216 dacData.mode = 0010;
217 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE);
218 EXPECT_NE(ret, 0);
219 dacData.mode = 0010;
220 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH);
221 EXPECT_EQ(ret, 0);
222 }
223
HWTEST_F(DacUnitTest, Init_TestDacCheckOtherParaPermission_001, TestSize.Level0)224 HWTEST_F(DacUnitTest, Init_TestDacCheckOtherParaPermission_001, TestSize.Level0)
225 {
226 // 其他用户
227 DacUnitTest test;
228 ParamDacData dacData;
229 dacData.gid = 13333;
230 dacData.uid = 13333;
231 // read
232 dacData.mode = 0004;
233 int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ);
234 EXPECT_EQ(ret, 0);
235 dacData.mode = 0004;
236 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE);
237 EXPECT_NE(ret, 0);
238 dacData.mode = 0004;
239 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH);
240 EXPECT_NE(ret, 0);
241
242 // write
243 dacData.mode = 0002;
244 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ);
245 EXPECT_NE(ret, 0);
246 dacData.mode = 0002;
247 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE);
248 EXPECT_EQ(ret, 0);
249 dacData.mode = 0002;
250 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH);
251 EXPECT_NE(ret, 0);
252
253 // watch
254 dacData.mode = 0001;
255 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ);
256 EXPECT_NE(ret, 0);
257 dacData.mode = 0001;
258 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE);
259 EXPECT_NE(ret, 0);
260 dacData.mode = 0001;
261 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH);
262 EXPECT_EQ(ret, 0);
263 }
264
HWTEST_F(DacUnitTest, Init_TestClientDacCheckFilePermission_001, TestSize.Level0)265 HWTEST_F(DacUnitTest, Init_TestClientDacCheckFilePermission_001, TestSize.Level0)
266 {
267 DacUnitTest test;
268 test.TestClientDacCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
269 }
270 }