1d9f0492fSopenharmony_ci/* 2d9f0492fSopenharmony_ci * Copyright (c) 2021 Huawei Device Co., Ltd. 3d9f0492fSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4d9f0492fSopenharmony_ci * you may not use this file except in compliance with the License. 5d9f0492fSopenharmony_ci * You may obtain a copy of the License at 6d9f0492fSopenharmony_ci * 7d9f0492fSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8d9f0492fSopenharmony_ci * 9d9f0492fSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10d9f0492fSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11d9f0492fSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12d9f0492fSopenharmony_ci * See the License for the specific language governing permissions and 13d9f0492fSopenharmony_ci * limitations under the License. 14d9f0492fSopenharmony_ci */ 15d9f0492fSopenharmony_ci#include <gtest/gtest.h> 16d9f0492fSopenharmony_ci 17d9f0492fSopenharmony_ci#include "param_manager.h" 18d9f0492fSopenharmony_ci#include "param_security.h" 19d9f0492fSopenharmony_ci#include "param_stub.h" 20d9f0492fSopenharmony_ci#include "param_utils.h" 21d9f0492fSopenharmony_ci#include "securec.h" 22d9f0492fSopenharmony_ci 23d9f0492fSopenharmony_ciusing namespace testing::ext; 24d9f0492fSopenharmony_ciusing namespace std; 25d9f0492fSopenharmony_ci 26d9f0492fSopenharmony_cinamespace init_ut { 27d9f0492fSopenharmony_ciclass SelinuxUnitTest : public ::testing::Test { 28d9f0492fSopenharmony_cipublic: 29d9f0492fSopenharmony_ci SelinuxUnitTest() {} 30d9f0492fSopenharmony_ci virtual ~SelinuxUnitTest() {} 31d9f0492fSopenharmony_ci 32d9f0492fSopenharmony_ci void SetUp() 33d9f0492fSopenharmony_ci { 34d9f0492fSopenharmony_ci SetTestPermissionResult(0); 35d9f0492fSopenharmony_ci } 36d9f0492fSopenharmony_ci void TearDown() {} 37d9f0492fSopenharmony_ci void TestBody() {} 38d9f0492fSopenharmony_ci 39d9f0492fSopenharmony_ci int TestSelinuxInitLocalLabel() 40d9f0492fSopenharmony_ci { 41d9f0492fSopenharmony_ci int ret = RegisterSecuritySelinuxOps(nullptr, 0); 42d9f0492fSopenharmony_ci EXPECT_NE(ret, 0); 43d9f0492fSopenharmony_ci 44d9f0492fSopenharmony_ci ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT); 45d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 46d9f0492fSopenharmony_ci 47d9f0492fSopenharmony_ci if (initParamSercurityOps.securityInitLabel == nullptr || initParamSercurityOps.securityFreeLabel == nullptr) { 48d9f0492fSopenharmony_ci return -1; 49d9f0492fSopenharmony_ci } 50d9f0492fSopenharmony_ci ParamSecurityLabel label = {}; 51d9f0492fSopenharmony_ci ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT); 52d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 53d9f0492fSopenharmony_ci ret = initParamSercurityOps.securityFreeLabel(&label); 54d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 55d9f0492fSopenharmony_ci return 0; 56d9f0492fSopenharmony_ci } 57d9f0492fSopenharmony_ci 58d9f0492fSopenharmony_ci int TestSelinuxCheckFilePermission(const char *fileName) 59d9f0492fSopenharmony_ci { 60d9f0492fSopenharmony_ci int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT); 61d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 62d9f0492fSopenharmony_ci if (initParamSercurityOps.securityCheckFilePermission == nullptr) { 63d9f0492fSopenharmony_ci return -1; 64d9f0492fSopenharmony_ci } 65d9f0492fSopenharmony_ci ParamSecurityLabel label = {}; 66d9f0492fSopenharmony_ci ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT); 67d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 68d9f0492fSopenharmony_ci ret = initParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_WRITE); 69d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 70d9f0492fSopenharmony_ci ret = initParamSercurityOps.securityFreeLabel(&label); 71d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 72d9f0492fSopenharmony_ci return 0; 73d9f0492fSopenharmony_ci } 74d9f0492fSopenharmony_ci 75d9f0492fSopenharmony_ci int TestSelinuxCheckParaPermission(const char *name, const char *label) 76d9f0492fSopenharmony_ci { 77d9f0492fSopenharmony_ci int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT); 78d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 79d9f0492fSopenharmony_ci if (initParamSercurityOps.securityCheckFilePermission == nullptr) { 80d9f0492fSopenharmony_ci return -1; 81d9f0492fSopenharmony_ci } 82d9f0492fSopenharmony_ci ParamSecurityLabel srclabel = {}; 83d9f0492fSopenharmony_ci ret = initParamSercurityOps.securityInitLabel(&srclabel, LABEL_INIT_FOR_INIT); 84d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 85d9f0492fSopenharmony_ci 86d9f0492fSopenharmony_ci ret = initParamSercurityOps.securityCheckParamPermission( 87d9f0492fSopenharmony_ci TestGetParamLabelIndex(name), &srclabel, name, DAC_WRITE); 88d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 89d9f0492fSopenharmony_ci ret = initParamSercurityOps.securityFreeLabel(&srclabel); 90d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 91d9f0492fSopenharmony_ci return 0; 92d9f0492fSopenharmony_ci } 93d9f0492fSopenharmony_ci 94d9f0492fSopenharmony_ci int TestClientSelinuxCheckFilePermission(const char *fileName) 95d9f0492fSopenharmony_ci { 96d9f0492fSopenharmony_ci int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0); 97d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 98d9f0492fSopenharmony_ci if (clientParamSercurityOps.securityCheckFilePermission == nullptr) { 99d9f0492fSopenharmony_ci EXPECT_EQ(1, 0); 100d9f0492fSopenharmony_ci return -1; 101d9f0492fSopenharmony_ci } 102d9f0492fSopenharmony_ci ParamSecurityLabel label = {}; 103d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityInitLabel(&label, 0); 104d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 105d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_READ); 106d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 107d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityFreeLabel(&label); 108d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 109d9f0492fSopenharmony_ci return 0; 110d9f0492fSopenharmony_ci } 111d9f0492fSopenharmony_ci 112d9f0492fSopenharmony_ci int TestClientSelinuxCheckParaPermissionWrite(const char *name, const char *label) 113d9f0492fSopenharmony_ci { 114d9f0492fSopenharmony_ci int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0); 115d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 116d9f0492fSopenharmony_ci 117d9f0492fSopenharmony_ci if (clientParamSercurityOps.securityCheckFilePermission == nullptr) { 118d9f0492fSopenharmony_ci return -1; 119d9f0492fSopenharmony_ci } 120d9f0492fSopenharmony_ci ParamSecurityLabel srclabel = {}; 121d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0); 122d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 123d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityCheckParamPermission( 124d9f0492fSopenharmony_ci TestGetParamLabelIndex(name), &srclabel, name, DAC_WRITE); 125d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 126d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityFreeLabel(&srclabel); 127d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 128d9f0492fSopenharmony_ci return 0; 129d9f0492fSopenharmony_ci } 130d9f0492fSopenharmony_ci 131d9f0492fSopenharmony_ci int TestClientSelinuxCheckParaPermissionRead(const char *name, const char *label) 132d9f0492fSopenharmony_ci { 133d9f0492fSopenharmony_ci int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0); 134d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 135d9f0492fSopenharmony_ci if (clientParamSercurityOps.securityCheckFilePermission == nullptr) { 136d9f0492fSopenharmony_ci return -1; 137d9f0492fSopenharmony_ci } 138d9f0492fSopenharmony_ci ParamSecurityLabel srclabel = {}; 139d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0); 140d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 141d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityCheckParamPermission( 142d9f0492fSopenharmony_ci TestGetParamLabelIndex(name), &srclabel, name, DAC_READ); 143d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 144d9f0492fSopenharmony_ci ret = clientParamSercurityOps.securityFreeLabel(&srclabel); 145d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 146d9f0492fSopenharmony_ci uint8_t updateMode = GetParamWorkSpace()->ops.updaterMode; 147d9f0492fSopenharmony_ci GetParamWorkSpace()->ops.updaterMode = 1; // 1 test updater mode 148d9f0492fSopenharmony_ci RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0); 149d9f0492fSopenharmony_ci if (clientParamSercurityOps.securityCheckParamPermission != nullptr) { 150d9f0492fSopenharmony_ci clientParamSercurityOps.securityCheckParamPermission(TestGetParamLabelIndex(name), nullptr, nullptr, 0); 151d9f0492fSopenharmony_ci } 152d9f0492fSopenharmony_ci GetParamWorkSpace()->ops.updaterMode = updateMode; 153d9f0492fSopenharmony_ci return 0; 154d9f0492fSopenharmony_ci } 155d9f0492fSopenharmony_ci 156d9f0492fSopenharmony_ciprivate: 157d9f0492fSopenharmony_ci ParamSecurityOps initParamSercurityOps {}; 158d9f0492fSopenharmony_ci ParamSecurityOps clientParamSercurityOps {}; 159d9f0492fSopenharmony_ci}; 160d9f0492fSopenharmony_ci 161d9f0492fSopenharmony_ciHWTEST_F(SelinuxUnitTest, Init_TestSelinuxInitLocalLabel_001, TestSize.Level0) 162d9f0492fSopenharmony_ci{ 163d9f0492fSopenharmony_ci SelinuxUnitTest test; 164d9f0492fSopenharmony_ci test.TestSelinuxInitLocalLabel(); 165d9f0492fSopenharmony_ci} 166d9f0492fSopenharmony_ci 167d9f0492fSopenharmony_ciHWTEST_F(SelinuxUnitTest, Init_TestSelinuxCheckFilePermission_001, TestSize.Level0) 168d9f0492fSopenharmony_ci{ 169d9f0492fSopenharmony_ci SelinuxUnitTest test; 170d9f0492fSopenharmony_ci test.TestSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg"); 171d9f0492fSopenharmony_ci} 172d9f0492fSopenharmony_ci 173d9f0492fSopenharmony_ciHWTEST_F(SelinuxUnitTest, Init_TestSelinuxCheckParaPermission_001, TestSize.Level0) 174d9f0492fSopenharmony_ci{ 175d9f0492fSopenharmony_ci SelinuxUnitTest test; 176d9f0492fSopenharmony_ci test.TestSelinuxCheckParaPermission("aaa.bbb.bbb.ccc", "user:group1:r"); 177d9f0492fSopenharmony_ci} 178d9f0492fSopenharmony_ci 179d9f0492fSopenharmony_ciHWTEST_F(SelinuxUnitTest, Init_TestClientDacCheckFilePermission_001, TestSize.Level0) 180d9f0492fSopenharmony_ci{ 181d9f0492fSopenharmony_ci SelinuxUnitTest test; 182d9f0492fSopenharmony_ci test.TestClientSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg"); 183d9f0492fSopenharmony_ci} 184d9f0492fSopenharmony_ci 185d9f0492fSopenharmony_ciHWTEST_F(SelinuxUnitTest, Init_TestClientDacCheckParaPermission_001, TestSize.Level0) 186d9f0492fSopenharmony_ci{ 187d9f0492fSopenharmony_ci SelinuxUnitTest test; 188d9f0492fSopenharmony_ci test.TestClientSelinuxCheckParaPermissionWrite("aaa.bbb.bbb.ccc", "user:group1:r"); 189d9f0492fSopenharmony_ci test.TestClientSelinuxCheckParaPermissionRead("aaa.bbb.bbb.ccc", "user:group1:r"); 190d9f0492fSopenharmony_ci} 191d9f0492fSopenharmony_ci}