1/* 2 * Copyright (c) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15#include <gtest/gtest.h> 16 17#include "param_manager.h" 18#include "param_security.h" 19#include "param_stub.h" 20#include "param_utils.h" 21#include "securec.h" 22 23using namespace testing::ext; 24using namespace std; 25 26namespace init_ut { 27class DacUnitTest : public ::testing::Test { 28public: 29 DacUnitTest() {} 30 virtual ~DacUnitTest() {} 31 32 void SetUp() {} 33 void TearDown() {} 34 void TestBody() {} 35 36 int TestDacInitLocalLabel() 37 { 38 int ret = RegisterSecurityDacOps(nullptr, LABEL_INIT_FOR_INIT); 39 EXPECT_NE(ret, 0); 40 ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT); 41 EXPECT_EQ(ret, 0); 42 43 if (initParamSecurityOps.securityInitLabel == nullptr || initParamSecurityOps.securityFreeLabel == nullptr) { 44 return -1; 45 } 46 ParamSecurityLabel label = {}; 47 ret = initParamSecurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT); 48 EXPECT_EQ(ret, 0); 49 ret = initParamSecurityOps.securityFreeLabel(&label); 50 EXPECT_EQ(ret, 0); 51 return 0; 52 } 53 54 int TestDacGetLabel() 55 { 56 int ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT); 57 EXPECT_EQ(ret, 0); 58 if (initParamSecurityOps.securityGetLabel == nullptr) { 59 return -1; 60 } 61 // get label from file 62 ret = initParamSecurityOps.securityGetLabel(STARTUP_INIT_UT_PATH "/system/etc/param/ohos.para.dac"); 63 return ret; 64 } 65 66 int TestDacCheckFilePermission(const char *fileName) 67 { 68 int ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT); 69 EXPECT_EQ(ret, 0); 70 if (initParamSecurityOps.securityCheckFilePermission == nullptr) { 71 return -1; 72 } 73 ParamSecurityLabel label = {}; 74 ret = initParamSecurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT); 75 EXPECT_EQ(ret, 0); 76 ret = initParamSecurityOps.securityCheckFilePermission(&label, fileName, DAC_WRITE); 77 EXPECT_EQ(ret, 0); 78 ret = initParamSecurityOps.securityFreeLabel(&label); 79 EXPECT_EQ(ret, 0); 80 return 0; 81 } 82 83 int TestDacCheckParaPermission(const char *name, ParamDacData *dacData, int mode) 84 { 85 int ret = RegisterSecurityDacOps(&initParamSecurityOps, LABEL_INIT_FOR_INIT); 86 EXPECT_EQ(ret, 0); 87 if (initParamSecurityOps.securityCheckFilePermission == nullptr) { 88 return -1; 89 } 90 ParamAuditData auditData = {}; 91 auditData.name = name; 92 ret = memcpy_s(&auditData.dacData, sizeof(auditData.dacData), dacData, sizeof(auditData.dacData)); 93 EXPECT_EQ(ret, 0); 94 ret = AddSecurityLabel(&auditData); 95 EXPECT_EQ(ret, 0); 96 ParamSecurityLabel srclabel = {}; 97 ret = initParamSecurityOps.securityInitLabel(&srclabel, LABEL_INIT_FOR_INIT); 98 EXPECT_EQ(ret, 0); 99 ret = initParamSecurityOps.securityCheckParamPermission(TestGetParamLabelIndex(name), &srclabel, name, mode); 100 initParamSecurityOps.securityFreeLabel(&srclabel); 101 return ret; 102 } 103 104 int TestClientDacCheckFilePermission(const char *fileName) 105 { 106 int ret = RegisterSecurityDacOps(&clientParamSercurityOps, 0); 107 EXPECT_EQ(ret, 0); 108 if (clientParamSercurityOps.securityGetLabel != nullptr) { 109 EXPECT_EQ(1, 0); 110 } 111 if (clientParamSercurityOps.securityCheckFilePermission == nullptr) { 112 EXPECT_EQ(1, 0); 113 return -1; 114 } 115 ParamSecurityLabel label = {}; 116 ret = clientParamSercurityOps.securityInitLabel(&label, 0); 117 EXPECT_EQ(ret, 0); 118 ret = clientParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_READ); 119 EXPECT_EQ(ret, 0); 120 ret = clientParamSercurityOps.securityFreeLabel(&label); 121 EXPECT_EQ(ret, 0); 122 return 0; 123 } 124 125private: 126 ParamSecurityOps initParamSecurityOps {}; 127 ParamSecurityOps clientParamSercurityOps {}; 128}; 129 130HWTEST_F(DacUnitTest, Init_TestDacInitLocalLabel_001, TestSize.Level0) 131{ 132 DacUnitTest test; 133 test.TestDacInitLocalLabel(); 134} 135 136HWTEST_F(DacUnitTest, Init_TestDacCheckFilePermission_001, TestSize.Level0) 137{ 138 DacUnitTest test; 139 test.TestDacCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg"); 140} 141 142HWTEST_F(DacUnitTest, Init_TestDacCheckUserParaPermission_001, TestSize.Level0) 143{ 144 // 相同用户 145 DacUnitTest test; 146 ParamDacData dacData; 147 dacData.gid = getegid(); 148 dacData.uid = geteuid(); 149 // read 150 dacData.mode = 0400; 151 int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ); 152 EXPECT_EQ(ret, 0); 153 dacData.mode = 0400; 154 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE); 155 EXPECT_NE(ret, 0); 156 dacData.mode = 0400; 157 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH); 158 EXPECT_NE(ret, 0); 159 160 // write 161 dacData.mode = 0200; 162 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ); 163 EXPECT_NE(ret, 0); 164 dacData.mode = 0200; 165 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE); 166 EXPECT_EQ(ret, 0); 167 dacData.mode = 0200; 168 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH); 169 EXPECT_NE(ret, 0); 170 171 // watch 172 dacData.mode = 0100; 173 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ); 174 EXPECT_NE(ret, 0); 175 dacData.mode = 0100; 176 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE); 177 EXPECT_NE(ret, 0); 178 dacData.mode = 0100; 179 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH); 180 EXPECT_EQ(ret, 0); 181} 182 183HWTEST_F(DacUnitTest, Init_TestDacCheckGroupParaPermission_001, TestSize.Level0) 184{ 185 // 相同组 186 DacUnitTest test; 187 ParamDacData dacData; 188 dacData.gid = getegid(); 189 dacData.uid = 13333; 190 // read 191 dacData.mode = 0040; 192 int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ); 193 EXPECT_EQ(ret, 0); 194 dacData.mode = 0040; 195 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE); 196 EXPECT_NE(ret, 0); 197 dacData.mode = 0040; 198 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH); 199 EXPECT_NE(ret, 0); 200 201 // write 202 dacData.mode = 0020; 203 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ); 204 EXPECT_NE(ret, 0); 205 dacData.mode = 0020; 206 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE); 207 EXPECT_EQ(ret, 0); 208 dacData.mode = 0020; 209 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH); 210 EXPECT_NE(ret, 0); 211 212 // watch 213 dacData.mode = 0010; 214 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ); 215 EXPECT_NE(ret, 0); 216 dacData.mode = 0010; 217 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE); 218 EXPECT_NE(ret, 0); 219 dacData.mode = 0010; 220 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH); 221 EXPECT_EQ(ret, 0); 222} 223 224HWTEST_F(DacUnitTest, Init_TestDacCheckOtherParaPermission_001, TestSize.Level0) 225{ 226 // 其他用户 227 DacUnitTest test; 228 ParamDacData dacData; 229 dacData.gid = 13333; 230 dacData.uid = 13333; 231 // read 232 dacData.mode = 0004; 233 int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ); 234 EXPECT_EQ(ret, 0); 235 dacData.mode = 0004; 236 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE); 237 EXPECT_NE(ret, 0); 238 dacData.mode = 0004; 239 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH); 240 EXPECT_NE(ret, 0); 241 242 // write 243 dacData.mode = 0002; 244 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ); 245 EXPECT_NE(ret, 0); 246 dacData.mode = 0002; 247 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE); 248 EXPECT_EQ(ret, 0); 249 dacData.mode = 0002; 250 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH); 251 EXPECT_NE(ret, 0); 252 253 // watch 254 dacData.mode = 0001; 255 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ); 256 EXPECT_NE(ret, 0); 257 dacData.mode = 0001; 258 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE); 259 EXPECT_NE(ret, 0); 260 dacData.mode = 0001; 261 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH); 262 EXPECT_EQ(ret, 0); 263} 264 265HWTEST_F(DacUnitTest, Init_TestClientDacCheckFilePermission_001, TestSize.Level0) 266{ 267 DacUnitTest test; 268 test.TestClientDacCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg"); 269} 270}