1/*
2 * Copyright (c) 2021 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15#include <gtest/gtest.h>
16
17#include "param_manager.h"
18#include "param_security.h"
19#include "param_stub.h"
20#include "param_utils.h"
21#include "securec.h"
22
23using namespace testing::ext;
24using namespace std;
25
26namespace init_ut {
27class SelinuxUnitTest : public ::testing::Test {
28public:
29    SelinuxUnitTest() {}
30    virtual ~SelinuxUnitTest() {}
31
32    void SetUp()
33    {
34        SetTestPermissionResult(0);
35    }
36    void TearDown() {}
37    void TestBody() {}
38
39    int TestSelinuxInitLocalLabel()
40    {
41        int ret = RegisterSecuritySelinuxOps(nullptr, 0);
42        EXPECT_NE(ret, 0);
43
44        ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
45        EXPECT_EQ(ret, 0);
46
47        if (initParamSercurityOps.securityInitLabel == nullptr || initParamSercurityOps.securityFreeLabel == nullptr) {
48            return -1;
49        }
50        ParamSecurityLabel label = {};
51        ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT);
52        EXPECT_EQ(ret, 0);
53        ret = initParamSercurityOps.securityFreeLabel(&label);
54        EXPECT_EQ(ret, 0);
55        return 0;
56    }
57
58    int TestSelinuxCheckFilePermission(const char *fileName)
59    {
60        int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
61        EXPECT_EQ(ret, 0);
62        if (initParamSercurityOps.securityCheckFilePermission == nullptr) {
63            return -1;
64        }
65        ParamSecurityLabel label = {};
66        ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT);
67        EXPECT_EQ(ret, 0);
68        ret = initParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_WRITE);
69        EXPECT_EQ(ret, 0);
70        ret = initParamSercurityOps.securityFreeLabel(&label);
71        EXPECT_EQ(ret, 0);
72        return 0;
73    }
74
75    int TestSelinuxCheckParaPermission(const char *name, const char *label)
76    {
77        int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
78        EXPECT_EQ(ret, 0);
79        if (initParamSercurityOps.securityCheckFilePermission == nullptr) {
80            return -1;
81        }
82        ParamSecurityLabel srclabel = {};
83        ret = initParamSercurityOps.securityInitLabel(&srclabel, LABEL_INIT_FOR_INIT);
84        EXPECT_EQ(ret, 0);
85
86        ret = initParamSercurityOps.securityCheckParamPermission(
87            TestGetParamLabelIndex(name), &srclabel, name, DAC_WRITE);
88        EXPECT_EQ(ret, 0);
89        ret = initParamSercurityOps.securityFreeLabel(&srclabel);
90        EXPECT_EQ(ret, 0);
91        return 0;
92    }
93
94    int TestClientSelinuxCheckFilePermission(const char *fileName)
95    {
96        int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
97        EXPECT_EQ(ret, 0);
98        if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
99            EXPECT_EQ(1, 0);
100            return -1;
101        }
102        ParamSecurityLabel label = {};
103        ret = clientParamSercurityOps.securityInitLabel(&label, 0);
104        EXPECT_EQ(ret, 0);
105        ret = clientParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_READ);
106        EXPECT_EQ(ret, 0);
107        ret = clientParamSercurityOps.securityFreeLabel(&label);
108        EXPECT_EQ(ret, 0);
109        return 0;
110    }
111
112    int TestClientSelinuxCheckParaPermissionWrite(const char *name, const char *label)
113    {
114        int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
115        EXPECT_EQ(ret, 0);
116
117        if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
118            return -1;
119        }
120        ParamSecurityLabel srclabel = {};
121        ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0);
122        EXPECT_EQ(ret, 0);
123        ret = clientParamSercurityOps.securityCheckParamPermission(
124            TestGetParamLabelIndex(name), &srclabel, name, DAC_WRITE);
125        EXPECT_EQ(ret, 0);
126        ret = clientParamSercurityOps.securityFreeLabel(&srclabel);
127        EXPECT_EQ(ret, 0);
128        return 0;
129    }
130
131    int TestClientSelinuxCheckParaPermissionRead(const char *name, const char *label)
132    {
133        int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
134        EXPECT_EQ(ret, 0);
135        if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
136            return -1;
137        }
138        ParamSecurityLabel srclabel = {};
139        ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0);
140        EXPECT_EQ(ret, 0);
141        ret = clientParamSercurityOps.securityCheckParamPermission(
142            TestGetParamLabelIndex(name), &srclabel, name, DAC_READ);
143        EXPECT_EQ(ret, 0);
144        ret = clientParamSercurityOps.securityFreeLabel(&srclabel);
145        EXPECT_EQ(ret, 0);
146        uint8_t updateMode = GetParamWorkSpace()->ops.updaterMode;
147        GetParamWorkSpace()->ops.updaterMode = 1; // 1 test updater mode
148        RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
149        if (clientParamSercurityOps.securityCheckParamPermission != nullptr) {
150            clientParamSercurityOps.securityCheckParamPermission(TestGetParamLabelIndex(name), nullptr, nullptr, 0);
151        }
152        GetParamWorkSpace()->ops.updaterMode = updateMode;
153        return 0;
154    }
155
156private:
157    ParamSecurityOps initParamSercurityOps {};
158    ParamSecurityOps clientParamSercurityOps {};
159};
160
161HWTEST_F(SelinuxUnitTest, Init_TestSelinuxInitLocalLabel_001, TestSize.Level0)
162{
163    SelinuxUnitTest test;
164    test.TestSelinuxInitLocalLabel();
165}
166
167HWTEST_F(SelinuxUnitTest, Init_TestSelinuxCheckFilePermission_001, TestSize.Level0)
168{
169    SelinuxUnitTest test;
170    test.TestSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
171}
172
173HWTEST_F(SelinuxUnitTest, Init_TestSelinuxCheckParaPermission_001, TestSize.Level0)
174{
175    SelinuxUnitTest test;
176    test.TestSelinuxCheckParaPermission("aaa.bbb.bbb.ccc", "user:group1:r");
177}
178
179HWTEST_F(SelinuxUnitTest, Init_TestClientDacCheckFilePermission_001, TestSize.Level0)
180{
181    SelinuxUnitTest test;
182    test.TestClientSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
183}
184
185HWTEST_F(SelinuxUnitTest, Init_TestClientDacCheckParaPermission_001, TestSize.Level0)
186{
187    SelinuxUnitTest test;
188    test.TestClientSelinuxCheckParaPermissionWrite("aaa.bbb.bbb.ccc", "user:group1:r");
189    test.TestClientSelinuxCheckParaPermissionRead("aaa.bbb.bbb.ccc", "user:group1:r");
190}
191}