1d9f0492fSopenharmony_ci/* 2d9f0492fSopenharmony_ci * Copyright (c) 2021 Huawei Device Co., Ltd. 3d9f0492fSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4d9f0492fSopenharmony_ci * you may not use this file except in compliance with the License. 5d9f0492fSopenharmony_ci * You may obtain a copy of the License at 6d9f0492fSopenharmony_ci * 7d9f0492fSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8d9f0492fSopenharmony_ci * 9d9f0492fSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10d9f0492fSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11d9f0492fSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12d9f0492fSopenharmony_ci * See the License for the specific language governing permissions and 13d9f0492fSopenharmony_ci * limitations under the License. 14d9f0492fSopenharmony_ci */ 15d9f0492fSopenharmony_ci#include <gtest/gtest.h> 16d9f0492fSopenharmony_ci 17d9f0492fSopenharmony_ci#include "param_manager.h" 18d9f0492fSopenharmony_ci#include "param_security.h" 19d9f0492fSopenharmony_ci#include "param_stub.h" 20d9f0492fSopenharmony_ci#include "param_utils.h" 21d9f0492fSopenharmony_ci#include "securec.h" 22d9f0492fSopenharmony_ci 23d9f0492fSopenharmony_ciusing namespace testing::ext; 24d9f0492fSopenharmony_ciusing namespace std; 25d9f0492fSopenharmony_ci 26d9f0492fSopenharmony_cinamespace init_ut { 27d9f0492fSopenharmony_ciclass DacUnitTest : public ::testing::Test { 28d9f0492fSopenharmony_cipublic: 29d9f0492fSopenharmony_ci DacUnitTest() {} 30d9f0492fSopenharmony_ci virtual ~DacUnitTest() {} 31d9f0492fSopenharmony_ci 32d9f0492fSopenharmony_ci void SetUp() {} 33d9f0492fSopenharmony_ci void TearDown() {} 34d9f0492fSopenharmony_ci void TestBody() {} 35d9f0492fSopenharmony_ci 36d9f0492fSopenharmony_ci int TestDacInitLocalLabel() 37d9f0492fSopenharmony_ci { 38d9f0492fSopenharmony_ci int ret = RegisterSecurityDacOps(nullptr, LABEL_INIT_FOR_INIT); 39d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 40d9f0492fSopenharmony_ci ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT); 41d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 42d9f0492fSopenharmony_ci 43d9f0492fSopenharmony_ci if (initParamSecurityOps.securityInitLabel == nullptr || initParamSecurityOps.securityFreeLabel == nullptr) { 44d9f0492fSopenharmony_ci return -1; 45d9f0492fSopenharmony_ci } 46d9f0492fSopenharmony_ci ParamSecurityLabel label = {}; 47d9f0492fSopenharmony_ci ret = initParamSecurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT); 48d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 49d9f0492fSopenharmony_ci ret = initParamSecurityOps.securityFreeLabel(&label); 50d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 51d9f0492fSopenharmony_ci return 0; 52d9f0492fSopenharmony_ci } 53d9f0492fSopenharmony_ci 54d9f0492fSopenharmony_ci int TestDacGetLabel() 55d9f0492fSopenharmony_ci { 56d9f0492fSopenharmony_ci int ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT); 57d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 58d9f0492fSopenharmony_ci if (initParamSecurityOps.securityGetLabel == nullptr) { 59d9f0492fSopenharmony_ci return -1; 60d9f0492fSopenharmony_ci } 61d9f0492fSopenharmony_ci // get label from file 62d9f0492fSopenharmony_ci ret = initParamSecurityOps.securityGetLabel(STARTUP_INIT_UT_PATH "/system/etc/param/ohos.para.dac"); 63d9f0492fSopenharmony_ci return ret; 64d9f0492fSopenharmony_ci } 65d9f0492fSopenharmony_ci 66d9f0492fSopenharmony_ci int TestDacCheckFilePermission(const char *fileName) 67d9f0492fSopenharmony_ci { 68d9f0492fSopenharmony_ci int ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT); 69d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 70d9f0492fSopenharmony_ci if (initParamSecurityOps.securityCheckFilePermission == nullptr) { 71d9f0492fSopenharmony_ci return -1; 72d9f0492fSopenharmony_ci } 73d9f0492fSopenharmony_ci ParamSecurityLabel label = {}; 74d9f0492fSopenharmony_ci ret = initParamSecurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT); 75d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 76d9f0492fSopenharmony_ci ret = initParamSecurityOps.securityCheckFilePermission(&label, fileName, DAC_WRITE); 77d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 78d9f0492fSopenharmony_ci ret = initParamSecurityOps.securityFreeLabel(&label); 79d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 80d9f0492fSopenharmony_ci return 0; 81d9f0492fSopenharmony_ci } 82d9f0492fSopenharmony_ci 83d9f0492fSopenharmony_ci int TestDacCheckParaPermission(const char *name, ParamDacData *dacData, int mode) 84d9f0492fSopenharmony_ci { 85d9f0492fSopenharmony_ci int ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT); 86d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 87d9f0492fSopenharmony_ci if (initParamSecurityOps.securityCheckFilePermission == nullptr) { 88d9f0492fSopenharmony_ci return -1; 89d9f0492fSopenharmony_ci } 90d9f0492fSopenharmony_ci ParamAuditData auditData = {}; 91d9f0492fSopenharmony_ci auditData.name = name; 92d9f0492fSopenharmony_ci ret = memcpy_s(&auditData.dacData, sizeof(auditData.dacData), dacData, sizeof(auditData.dacData)); 93d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 94d9f0492fSopenharmony_ci ret = AddSecurityLabel(&auditData); 95d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 96d9f0492fSopenharmony_ci ParamSecurityLabel srclabel = {}; 97d9f0492fSopenharmony_ci ret = initParamSecurityOps.securityInitLabel(&srclabel, LABEL_INIT_FOR_INIT); 98d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 99d9f0492fSopenharmony_ci ret = initParamSecurityOps.securityCheckParamPermission(TestGetParamLabelIndex(name), &srclabel, name, mode); 100d9f0492fSopenharmony_ci initParamSecurityOps.securityFreeLabel(&srclabel); 101d9f0492fSopenharmony_ci return ret; 102d9f0492fSopenharmony_ci } 103d9f0492fSopenharmony_ci 104d9f0492fSopenharmony_ci int TestClientDacCheckFilePermission(const char *fileName) 105d9f0492fSopenharmony_ci { 106d9f0492fSopenharmony_ci int ret = RegisterSecurityDacOps(&clientParamSercurityOps, 0); 107d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 108d9f0492fSopenharmony_ci if (clientParamSercurityOps.securityGetLabel != nullptr) { 109d9f0492fSopenharmony_ci EXPECT_EQ(1, 0); 110d9f0492fSopenharmony_ci } 111d9f0492fSopenharmony_ci if (clientParamSercurityOps.securityCheckFilePermission == nullptr) { 112d9f0492fSopenharmony_ci EXPECT_EQ(1, 0); 113d9f0492fSopenharmony_ci return -1; 114d9f0492fSopenharmony_ci } 115d9f0492fSopenharmony_ci ParamSecurityLabel label = {}; 116d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityInitLabel(&label, 0); 117d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 118d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_READ); 119d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 120d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityFreeLabel(&label); 121d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 122d9f0492fSopenharmony_ci return 0; 123d9f0492fSopenharmony_ci } 124d9f0492fSopenharmony_ci 125d9f0492fSopenharmony_ciprivate: 126d9f0492fSopenharmony_ci ParamSecurityOps initParamSecurityOps {}; 127d9f0492fSopenharmony_ci ParamSecurityOps clientParamSercurityOps {}; 128d9f0492fSopenharmony_ci}; 129d9f0492fSopenharmony_ci 130d9f0492fSopenharmony_ciHWTEST_F(DacUnitTest, Init_TestDacInitLocalLabel_001, TestSize.Level0) 131d9f0492fSopenharmony_ci{ 132d9f0492fSopenharmony_ci DacUnitTest test; 133d9f0492fSopenharmony_ci test.TestDacInitLocalLabel(); 134d9f0492fSopenharmony_ci} 135d9f0492fSopenharmony_ci 136d9f0492fSopenharmony_ciHWTEST_F(DacUnitTest, Init_TestDacCheckFilePermission_001, TestSize.Level0) 137d9f0492fSopenharmony_ci{ 138d9f0492fSopenharmony_ci DacUnitTest test; 139d9f0492fSopenharmony_ci test.TestDacCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg"); 140d9f0492fSopenharmony_ci} 141d9f0492fSopenharmony_ci 142d9f0492fSopenharmony_ciHWTEST_F(DacUnitTest, Init_TestDacCheckUserParaPermission_001, TestSize.Level0) 143d9f0492fSopenharmony_ci{ 144d9f0492fSopenharmony_ci // 相同用户 145d9f0492fSopenharmony_ci DacUnitTest test; 146d9f0492fSopenharmony_ci ParamDacData dacData; 147d9f0492fSopenharmony_ci dacData.gid = getegid(); 148d9f0492fSopenharmony_ci dacData.uid = geteuid(); 149d9f0492fSopenharmony_ci // read 150d9f0492fSopenharmony_ci dacData.mode = 0400; 151d9f0492fSopenharmony_ci int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ); 152d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 153d9f0492fSopenharmony_ci dacData.mode = 0400; 154d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE); 155d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 156d9f0492fSopenharmony_ci dacData.mode = 0400; 157d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH); 158d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 159d9f0492fSopenharmony_ci 160d9f0492fSopenharmony_ci // write 161d9f0492fSopenharmony_ci dacData.mode = 0200; 162d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ); 163d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 164d9f0492fSopenharmony_ci dacData.mode = 0200; 165d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE); 166d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 167d9f0492fSopenharmony_ci dacData.mode = 0200; 168d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH); 169d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 170d9f0492fSopenharmony_ci 171d9f0492fSopenharmony_ci // watch 172d9f0492fSopenharmony_ci dacData.mode = 0100; 173d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ); 174d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 175d9f0492fSopenharmony_ci dacData.mode = 0100; 176d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE); 177d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 178d9f0492fSopenharmony_ci dacData.mode = 0100; 179d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH); 180d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 181d9f0492fSopenharmony_ci} 182d9f0492fSopenharmony_ci 183d9f0492fSopenharmony_ciHWTEST_F(DacUnitTest, Init_TestDacCheckGroupParaPermission_001, TestSize.Level0) 184d9f0492fSopenharmony_ci{ 185d9f0492fSopenharmony_ci // 相同组 186d9f0492fSopenharmony_ci DacUnitTest test; 187d9f0492fSopenharmony_ci ParamDacData dacData; 188d9f0492fSopenharmony_ci dacData.gid = getegid(); 189d9f0492fSopenharmony_ci dacData.uid = 13333; 190d9f0492fSopenharmony_ci // read 191d9f0492fSopenharmony_ci dacData.mode = 0040; 192d9f0492fSopenharmony_ci int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ); 193d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 194d9f0492fSopenharmony_ci dacData.mode = 0040; 195d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE); 196d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 197d9f0492fSopenharmony_ci dacData.mode = 0040; 198d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH); 199d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 200d9f0492fSopenharmony_ci 201d9f0492fSopenharmony_ci // write 202d9f0492fSopenharmony_ci dacData.mode = 0020; 203d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ); 204d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 205d9f0492fSopenharmony_ci dacData.mode = 0020; 206d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE); 207d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 208d9f0492fSopenharmony_ci dacData.mode = 0020; 209d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH); 210d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 211d9f0492fSopenharmony_ci 212d9f0492fSopenharmony_ci // watch 213d9f0492fSopenharmony_ci dacData.mode = 0010; 214d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ); 215d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 216d9f0492fSopenharmony_ci dacData.mode = 0010; 217d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE); 218d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 219d9f0492fSopenharmony_ci dacData.mode = 0010; 220d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH); 221d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 222d9f0492fSopenharmony_ci} 223d9f0492fSopenharmony_ci 224d9f0492fSopenharmony_ciHWTEST_F(DacUnitTest, Init_TestDacCheckOtherParaPermission_001, TestSize.Level0) 225d9f0492fSopenharmony_ci{ 226d9f0492fSopenharmony_ci // 其他用户 227d9f0492fSopenharmony_ci DacUnitTest test; 228d9f0492fSopenharmony_ci ParamDacData dacData; 229d9f0492fSopenharmony_ci dacData.gid = 13333; 230d9f0492fSopenharmony_ci dacData.uid = 13333; 231d9f0492fSopenharmony_ci // read 232d9f0492fSopenharmony_ci dacData.mode = 0004; 233d9f0492fSopenharmony_ci int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ); 234d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 235d9f0492fSopenharmony_ci dacData.mode = 0004; 236d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE); 237d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 238d9f0492fSopenharmony_ci dacData.mode = 0004; 239d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH); 240d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 241d9f0492fSopenharmony_ci 242d9f0492fSopenharmony_ci // write 243d9f0492fSopenharmony_ci dacData.mode = 0002; 244d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ); 245d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 246d9f0492fSopenharmony_ci dacData.mode = 0002; 247d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE); 248d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 249d9f0492fSopenharmony_ci dacData.mode = 0002; 250d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH); 251d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 252d9f0492fSopenharmony_ci 253d9f0492fSopenharmony_ci // watch 254d9f0492fSopenharmony_ci dacData.mode = 0001; 255d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ); 256d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 257d9f0492fSopenharmony_ci dacData.mode = 0001; 258d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE); 259d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 260d9f0492fSopenharmony_ci dacData.mode = 0001; 261d9f0492fSopenharmony_ci ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH); 262d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 263d9f0492fSopenharmony_ci} 264d9f0492fSopenharmony_ci 265d9f0492fSopenharmony_ciHWTEST_F(DacUnitTest, Init_TestClientDacCheckFilePermission_001, TestSize.Level0) 266d9f0492fSopenharmony_ci{ 267d9f0492fSopenharmony_ci DacUnitTest test; 268d9f0492fSopenharmony_ci test.TestClientDacCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg"); 269d9f0492fSopenharmony_ci} 270d9f0492fSopenharmony_ci}