1 /*
2 * Copyright (c) 2021 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <gtest/gtest.h>
16
17 #include "param_manager.h"
18 #include "param_security.h"
19 #include "param_stub.h"
20 #include "param_utils.h"
21 #include "securec.h"
22
23 using namespace testing::ext;
24 using namespace std;
25
26 namespace init_ut {
27 class SelinuxUnitTest : public ::testing::Test {
28 public:
SelinuxUnitTest()29 SelinuxUnitTest() {}
~SelinuxUnitTest()30 virtual ~SelinuxUnitTest() {}
31
SetUp()32 void SetUp()
33 {
34 SetTestPermissionResult(0);
35 }
TearDown()36 void TearDown() {}
TestBody()37 void TestBody() {}
38
TestSelinuxInitLocalLabel()39 int TestSelinuxInitLocalLabel()
40 {
41 int ret = RegisterSecuritySelinuxOps(nullptr, 0);
42 EXPECT_NE(ret, 0);
43
44 ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
45 EXPECT_EQ(ret, 0);
46
47 if (initParamSercurityOps.securityInitLabel == nullptr || initParamSercurityOps.securityFreeLabel == nullptr) {
48 return -1;
49 }
50 ParamSecurityLabel label = {};
51 ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT);
52 EXPECT_EQ(ret, 0);
53 ret = initParamSercurityOps.securityFreeLabel(&label);
54 EXPECT_EQ(ret, 0);
55 return 0;
56 }
57
TestSelinuxCheckFilePermission(const char *fileName)58 int TestSelinuxCheckFilePermission(const char *fileName)
59 {
60 int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
61 EXPECT_EQ(ret, 0);
62 if (initParamSercurityOps.securityCheckFilePermission == nullptr) {
63 return -1;
64 }
65 ParamSecurityLabel label = {};
66 ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT);
67 EXPECT_EQ(ret, 0);
68 ret = initParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_WRITE);
69 EXPECT_EQ(ret, 0);
70 ret = initParamSercurityOps.securityFreeLabel(&label);
71 EXPECT_EQ(ret, 0);
72 return 0;
73 }
74
TestSelinuxCheckParaPermission(const char *name, const char *label)75 int TestSelinuxCheckParaPermission(const char *name, const char *label)
76 {
77 int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
78 EXPECT_EQ(ret, 0);
79 if (initParamSercurityOps.securityCheckFilePermission == nullptr) {
80 return -1;
81 }
82 ParamSecurityLabel srclabel = {};
83 ret = initParamSercurityOps.securityInitLabel(&srclabel, LABEL_INIT_FOR_INIT);
84 EXPECT_EQ(ret, 0);
85
86 ret = initParamSercurityOps.securityCheckParamPermission(
87 TestGetParamLabelIndex(name), &srclabel, name, DAC_WRITE);
88 EXPECT_EQ(ret, 0);
89 ret = initParamSercurityOps.securityFreeLabel(&srclabel);
90 EXPECT_EQ(ret, 0);
91 return 0;
92 }
93
TestClientSelinuxCheckFilePermission(const char *fileName)94 int TestClientSelinuxCheckFilePermission(const char *fileName)
95 {
96 int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
97 EXPECT_EQ(ret, 0);
98 if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
99 EXPECT_EQ(1, 0);
100 return -1;
101 }
102 ParamSecurityLabel label = {};
103 ret = clientParamSercurityOps.securityInitLabel(&label, 0);
104 EXPECT_EQ(ret, 0);
105 ret = clientParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_READ);
106 EXPECT_EQ(ret, 0);
107 ret = clientParamSercurityOps.securityFreeLabel(&label);
108 EXPECT_EQ(ret, 0);
109 return 0;
110 }
111
TestClientSelinuxCheckParaPermissionWrite(const char *name, const char *label)112 int TestClientSelinuxCheckParaPermissionWrite(const char *name, const char *label)
113 {
114 int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
115 EXPECT_EQ(ret, 0);
116
117 if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
118 return -1;
119 }
120 ParamSecurityLabel srclabel = {};
121 ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0);
122 EXPECT_EQ(ret, 0);
123 ret = clientParamSercurityOps.securityCheckParamPermission(
124 TestGetParamLabelIndex(name), &srclabel, name, DAC_WRITE);
125 EXPECT_EQ(ret, 0);
126 ret = clientParamSercurityOps.securityFreeLabel(&srclabel);
127 EXPECT_EQ(ret, 0);
128 return 0;
129 }
130
TestClientSelinuxCheckParaPermissionRead(const char *name, const char *label)131 int TestClientSelinuxCheckParaPermissionRead(const char *name, const char *label)
132 {
133 int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
134 EXPECT_EQ(ret, 0);
135 if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
136 return -1;
137 }
138 ParamSecurityLabel srclabel = {};
139 ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0);
140 EXPECT_EQ(ret, 0);
141 ret = clientParamSercurityOps.securityCheckParamPermission(
142 TestGetParamLabelIndex(name), &srclabel, name, DAC_READ);
143 EXPECT_EQ(ret, 0);
144 ret = clientParamSercurityOps.securityFreeLabel(&srclabel);
145 EXPECT_EQ(ret, 0);
146 uint8_t updateMode = GetParamWorkSpace()->ops.updaterMode;
147 GetParamWorkSpace()->ops.updaterMode = 1; // 1 test updater mode
148 RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
149 if (clientParamSercurityOps.securityCheckParamPermission != nullptr) {
150 clientParamSercurityOps.securityCheckParamPermission(TestGetParamLabelIndex(name), nullptr, nullptr, 0);
151 }
152 GetParamWorkSpace()->ops.updaterMode = updateMode;
153 return 0;
154 }
155
156 private:
157 ParamSecurityOps initParamSercurityOps {};
158 ParamSecurityOps clientParamSercurityOps {};
159 };
160
HWTEST_F(SelinuxUnitTest, Init_TestSelinuxInitLocalLabel_001, TestSize.Level0)161 HWTEST_F(SelinuxUnitTest, Init_TestSelinuxInitLocalLabel_001, TestSize.Level0)
162 {
163 SelinuxUnitTest test;
164 test.TestSelinuxInitLocalLabel();
165 }
166
HWTEST_F(SelinuxUnitTest, Init_TestSelinuxCheckFilePermission_001, TestSize.Level0)167 HWTEST_F(SelinuxUnitTest, Init_TestSelinuxCheckFilePermission_001, TestSize.Level0)
168 {
169 SelinuxUnitTest test;
170 test.TestSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
171 }
172
HWTEST_F(SelinuxUnitTest, Init_TestSelinuxCheckParaPermission_001, TestSize.Level0)173 HWTEST_F(SelinuxUnitTest, Init_TestSelinuxCheckParaPermission_001, TestSize.Level0)
174 {
175 SelinuxUnitTest test;
176 test.TestSelinuxCheckParaPermission("aaa.bbb.bbb.ccc", "user:group1:r");
177 }
178
HWTEST_F(SelinuxUnitTest, Init_TestClientDacCheckFilePermission_001, TestSize.Level0)179 HWTEST_F(SelinuxUnitTest, Init_TestClientDacCheckFilePermission_001, TestSize.Level0)
180 {
181 SelinuxUnitTest test;
182 test.TestClientSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
183 }
184
HWTEST_F(SelinuxUnitTest, Init_TestClientDacCheckParaPermission_001, TestSize.Level0)185 HWTEST_F(SelinuxUnitTest, Init_TestClientDacCheckParaPermission_001, TestSize.Level0)
186 {
187 SelinuxUnitTest test;
188 test.TestClientSelinuxCheckParaPermissionWrite("aaa.bbb.bbb.ccc", "user:group1:r");
189 test.TestClientSelinuxCheckParaPermissionRead("aaa.bbb.bbb.ccc", "user:group1:r");
190 }
191 }