1d9f0492fSopenharmony_ci/* 2d9f0492fSopenharmony_ci * Copyright (c) 2022 Huawei Device Co., Ltd. 3d9f0492fSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4d9f0492fSopenharmony_ci * you may not use this file except in compliance with the License. 5d9f0492fSopenharmony_ci * You may obtain a copy of the License at 6d9f0492fSopenharmony_ci * 7d9f0492fSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8d9f0492fSopenharmony_ci * 9d9f0492fSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10d9f0492fSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11d9f0492fSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12d9f0492fSopenharmony_ci * See the License for the specific language governing permissions and 13d9f0492fSopenharmony_ci * limitations under the License. 14d9f0492fSopenharmony_ci */ 15d9f0492fSopenharmony_ci 16d9f0492fSopenharmony_ci#include <gtest/gtest.h> 17d9f0492fSopenharmony_ci 18d9f0492fSopenharmony_ci#include <cstdlib> 19d9f0492fSopenharmony_ci#include <unistd.h> 20d9f0492fSopenharmony_ci#include <sys/wait.h> 21d9f0492fSopenharmony_ci#include <csignal> 22d9f0492fSopenharmony_ci#include <cerrno> 23d9f0492fSopenharmony_ci#include <cstring> 24d9f0492fSopenharmony_ci#include <sys/prctl.h> 25d9f0492fSopenharmony_ci#include <sys/types.h> 26d9f0492fSopenharmony_ci#include <sys/stat.h> 27d9f0492fSopenharmony_ci#include <fcntl.h> 28d9f0492fSopenharmony_ci#include <sys/syscall.h> 29d9f0492fSopenharmony_ci#include <asm/unistd.h> 30d9f0492fSopenharmony_ci#include <syscall.h> 31d9f0492fSopenharmony_ci#include <climits> 32d9f0492fSopenharmony_ci#include <sched.h> 33d9f0492fSopenharmony_ci 34d9f0492fSopenharmony_ci#include "seccomp_policy.h" 35d9f0492fSopenharmony_ci 36d9f0492fSopenharmony_ciusing SyscallFunc = bool (*)(void); 37d9f0492fSopenharmony_ciconstexpr int SLEEP_TIME_100MS = 100000; // 100ms 38d9f0492fSopenharmony_ciconstexpr int SLEEP_TIME_1S = 1; 39d9f0492fSopenharmony_ci 40d9f0492fSopenharmony_ciusing namespace testing::ext; 41d9f0492fSopenharmony_ciusing namespace std; 42d9f0492fSopenharmony_ci 43d9f0492fSopenharmony_cinamespace init_ut { 44d9f0492fSopenharmony_ciclass SeccompUnitTest : public testing::Test { 45d9f0492fSopenharmony_cipublic: 46d9f0492fSopenharmony_ci SeccompUnitTest() {}; 47d9f0492fSopenharmony_ci virtual ~SeccompUnitTest() {}; 48d9f0492fSopenharmony_ci static void SetUpTestCase() {}; 49d9f0492fSopenharmony_ci static void TearDownTestCase() {}; 50d9f0492fSopenharmony_ci 51d9f0492fSopenharmony_ci void SetUp() 52d9f0492fSopenharmony_ci { 53d9f0492fSopenharmony_ci /* 54d9f0492fSopenharmony_ci * Wait for 1 second to prevent the generated crash file 55d9f0492fSopenharmony_ci * from being overwritten because the crash interval is too short 56d9f0492fSopenharmony_ci * and the crash file's name is constructed by time stamp. 57d9f0492fSopenharmony_ci */ 58d9f0492fSopenharmony_ci sleep(SLEEP_TIME_1S); 59d9f0492fSopenharmony_ci }; 60d9f0492fSopenharmony_ci 61d9f0492fSopenharmony_ci void TearDown() {}; 62d9f0492fSopenharmony_ci void TestBody(void) {}; 63d9f0492fSopenharmony_ci 64d9f0492fSopenharmony_ci static pid_t StartChild(SeccompFilterType type, const char *filterName, SyscallFunc func) 65d9f0492fSopenharmony_ci { 66d9f0492fSopenharmony_ci pid_t pid = fork(); 67d9f0492fSopenharmony_ci if (pid == 0) { 68d9f0492fSopenharmony_ci if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) { 69d9f0492fSopenharmony_ci std::cout << "PR_SET_NO_NEW_PRIVS set fail " << std::endl; 70d9f0492fSopenharmony_ci exit(EXIT_FAILURE); 71d9f0492fSopenharmony_ci } 72d9f0492fSopenharmony_ci 73d9f0492fSopenharmony_ci if (!SetSeccompPolicyWithName(type, filterName)) { 74d9f0492fSopenharmony_ci std::cout << "SetSeccompPolicy set fail fiterName is " << filterName << std::endl; 75d9f0492fSopenharmony_ci exit(EXIT_FAILURE); 76d9f0492fSopenharmony_ci } 77d9f0492fSopenharmony_ci 78d9f0492fSopenharmony_ci if (!func()) { 79d9f0492fSopenharmony_ci std::cout << "func excute fail" << std::endl; 80d9f0492fSopenharmony_ci exit(EXIT_FAILURE); 81d9f0492fSopenharmony_ci } 82d9f0492fSopenharmony_ci 83d9f0492fSopenharmony_ci std::cout << "func excute success" << std::endl; 84d9f0492fSopenharmony_ci 85d9f0492fSopenharmony_ci exit(EXIT_SUCCESS); 86d9f0492fSopenharmony_ci } 87d9f0492fSopenharmony_ci return pid; 88d9f0492fSopenharmony_ci } 89d9f0492fSopenharmony_ci 90d9f0492fSopenharmony_ci static int CheckStatus(int status, bool isAllow) 91d9f0492fSopenharmony_ci { 92d9f0492fSopenharmony_ci if (WEXITSTATUS(status) == EXIT_FAILURE) { 93d9f0492fSopenharmony_ci return -1; 94d9f0492fSopenharmony_ci } 95d9f0492fSopenharmony_ci 96d9f0492fSopenharmony_ci if (WIFSIGNALED(status)) { 97d9f0492fSopenharmony_ci if (WTERMSIG(status) == SIGSYS) { 98d9f0492fSopenharmony_ci std::cout << "child process exit with SIGSYS" << std::endl; 99d9f0492fSopenharmony_ci return isAllow ? -1 : 0; 100d9f0492fSopenharmony_ci } 101d9f0492fSopenharmony_ci } else { 102d9f0492fSopenharmony_ci std::cout << "child process finished normally" << std::endl; 103d9f0492fSopenharmony_ci return isAllow ? 0 : -1; 104d9f0492fSopenharmony_ci } 105d9f0492fSopenharmony_ci 106d9f0492fSopenharmony_ci return -1; 107d9f0492fSopenharmony_ci } 108d9f0492fSopenharmony_ci 109d9f0492fSopenharmony_ci static int CheckSyscall(SeccompFilterType type, const char *filterName, SyscallFunc func, bool isAllow) 110d9f0492fSopenharmony_ci { 111d9f0492fSopenharmony_ci sigset_t set; 112d9f0492fSopenharmony_ci int status; 113d9f0492fSopenharmony_ci pid_t pid; 114d9f0492fSopenharmony_ci int flag = 0; 115d9f0492fSopenharmony_ci struct timespec waitTime = {5, 0}; 116d9f0492fSopenharmony_ci 117d9f0492fSopenharmony_ci sigemptyset(&set); 118d9f0492fSopenharmony_ci sigaddset(&set, SIGCHLD); 119d9f0492fSopenharmony_ci sigprocmask(SIG_BLOCK, &set, nullptr); 120d9f0492fSopenharmony_ci sigaddset(&set, SIGSYS); 121d9f0492fSopenharmony_ci if (signal(SIGCHLD, SIG_DFL) == nullptr) { 122d9f0492fSopenharmony_ci std::cout << "signal failed:" << strerror(errno) << std::endl; 123d9f0492fSopenharmony_ci } 124d9f0492fSopenharmony_ci if (signal(SIGSYS, SIG_DFL) == nullptr) { 125d9f0492fSopenharmony_ci std::cout << "signal failed:" << strerror(errno) << std::endl; 126d9f0492fSopenharmony_ci } 127d9f0492fSopenharmony_ci 128d9f0492fSopenharmony_ci /* Sleeping for avoiding influencing child proccess wait for other threads 129d9f0492fSopenharmony_ci * which were created by other unittests to release global rwlock. The global 130d9f0492fSopenharmony_ci * rwlock will be used by function dlopen in child process */ 131d9f0492fSopenharmony_ci usleep(SLEEP_TIME_100MS); 132d9f0492fSopenharmony_ci 133d9f0492fSopenharmony_ci pid = StartChild(type, filterName, func); 134d9f0492fSopenharmony_ci if (pid == -1) { 135d9f0492fSopenharmony_ci std::cout << "fork failed:" << strerror(errno) << std::endl; 136d9f0492fSopenharmony_ci return -1; 137d9f0492fSopenharmony_ci } 138d9f0492fSopenharmony_ci if (sigtimedwait(&set, nullptr, &waitTime) == -1) { /* Wait for 5 seconds */ 139d9f0492fSopenharmony_ci if (errno == EAGAIN) { 140d9f0492fSopenharmony_ci flag = 1; 141d9f0492fSopenharmony_ci } else { 142d9f0492fSopenharmony_ci std::cout << "sigtimedwait failed:" << strerror(errno) << std::endl; 143d9f0492fSopenharmony_ci } 144d9f0492fSopenharmony_ci 145d9f0492fSopenharmony_ci if (kill(pid, SIGKILL) == -1) { 146d9f0492fSopenharmony_ci std::cout << "kill failed::" << strerror(errno) << std::endl; 147d9f0492fSopenharmony_ci } 148d9f0492fSopenharmony_ci } 149d9f0492fSopenharmony_ci 150d9f0492fSopenharmony_ci if (waitpid(pid, &status, 0) != pid) { 151d9f0492fSopenharmony_ci std::cout << "waitpid failed:" << strerror(errno) << std::endl; 152d9f0492fSopenharmony_ci return -1; 153d9f0492fSopenharmony_ci } 154d9f0492fSopenharmony_ci 155d9f0492fSopenharmony_ci if (flag != 0) { 156d9f0492fSopenharmony_ci std::cout << "Child process time out" << std::endl; 157d9f0492fSopenharmony_ci } 158d9f0492fSopenharmony_ci 159d9f0492fSopenharmony_ci return CheckStatus(status, isAllow); 160d9f0492fSopenharmony_ci } 161d9f0492fSopenharmony_ci 162d9f0492fSopenharmony_ci static bool CheckUnshare() 163d9f0492fSopenharmony_ci { 164d9f0492fSopenharmony_ci int ret = unshare(CLONE_NEWPID); 165d9f0492fSopenharmony_ci if (ret) { 166d9f0492fSopenharmony_ci return false; 167d9f0492fSopenharmony_ci } 168d9f0492fSopenharmony_ci return true; 169d9f0492fSopenharmony_ci } 170d9f0492fSopenharmony_ci 171d9f0492fSopenharmony_ci static bool CheckSetns() 172d9f0492fSopenharmony_ci { 173d9f0492fSopenharmony_ci int fd = open("/proc/1/ns/mnt", O_RDONLY | O_CLOEXEC); 174d9f0492fSopenharmony_ci if (fd < 0) { 175d9f0492fSopenharmony_ci return false; 176d9f0492fSopenharmony_ci } 177d9f0492fSopenharmony_ci 178d9f0492fSopenharmony_ci if (setns(fd, CLONE_NEWNS) != 0) { 179d9f0492fSopenharmony_ci close(fd); 180d9f0492fSopenharmony_ci return false; 181d9f0492fSopenharmony_ci } 182d9f0492fSopenharmony_ci 183d9f0492fSopenharmony_ci close(fd); 184d9f0492fSopenharmony_ci return true; 185d9f0492fSopenharmony_ci } 186d9f0492fSopenharmony_ci 187d9f0492fSopenharmony_ci static int ChildFunc(void *arg) 188d9f0492fSopenharmony_ci { 189d9f0492fSopenharmony_ci exit(0); 190d9f0492fSopenharmony_ci } 191d9f0492fSopenharmony_ci 192d9f0492fSopenharmony_ci static bool CheckCloneNs(int flag) 193d9f0492fSopenharmony_ci { 194d9f0492fSopenharmony_ci const int stackSize = 65536; 195d9f0492fSopenharmony_ci 196d9f0492fSopenharmony_ci char *stack = static_cast<char *>(malloc(stackSize)); 197d9f0492fSopenharmony_ci if (stack == nullptr) { 198d9f0492fSopenharmony_ci return false; 199d9f0492fSopenharmony_ci } 200d9f0492fSopenharmony_ci char *stackTop = stack + stackSize; 201d9f0492fSopenharmony_ci pid_t pid = clone(ChildFunc, stackTop, flag | SIGCHLD, nullptr); 202d9f0492fSopenharmony_ci if (pid == -1) { 203d9f0492fSopenharmony_ci free(stack); 204d9f0492fSopenharmony_ci return false; 205d9f0492fSopenharmony_ci } 206d9f0492fSopenharmony_ci return true; 207d9f0492fSopenharmony_ci } 208d9f0492fSopenharmony_ci 209d9f0492fSopenharmony_ci static bool CheckClonePidNs(void) 210d9f0492fSopenharmony_ci { 211d9f0492fSopenharmony_ci return CheckCloneNs(CLONE_NEWPID); 212d9f0492fSopenharmony_ci } 213d9f0492fSopenharmony_ci 214d9f0492fSopenharmony_ci static bool CheckCloneMntNs(void) 215d9f0492fSopenharmony_ci { 216d9f0492fSopenharmony_ci return CheckCloneNs(CLONE_NEWNS); 217d9f0492fSopenharmony_ci } 218d9f0492fSopenharmony_ci 219d9f0492fSopenharmony_ci static bool CheckCloneNetNs(void) 220d9f0492fSopenharmony_ci { 221d9f0492fSopenharmony_ci return CheckCloneNs(CLONE_NEWNET); 222d9f0492fSopenharmony_ci } 223d9f0492fSopenharmony_ci 224d9f0492fSopenharmony_ci static bool CheckCloneCgroupNs(void) 225d9f0492fSopenharmony_ci { 226d9f0492fSopenharmony_ci return CheckCloneNs(CLONE_NEWCGROUP); 227d9f0492fSopenharmony_ci } 228d9f0492fSopenharmony_ci 229d9f0492fSopenharmony_ci static bool CheckCloneUtsNs(void) 230d9f0492fSopenharmony_ci { 231d9f0492fSopenharmony_ci return CheckCloneNs(CLONE_NEWUTS); 232d9f0492fSopenharmony_ci } 233d9f0492fSopenharmony_ci 234d9f0492fSopenharmony_ci static bool CheckCloneIpcNs(void) 235d9f0492fSopenharmony_ci { 236d9f0492fSopenharmony_ci return CheckCloneNs(CLONE_NEWIPC); 237d9f0492fSopenharmony_ci } 238d9f0492fSopenharmony_ci 239d9f0492fSopenharmony_ci static bool CheckCloneUserNs(void) 240d9f0492fSopenharmony_ci { 241d9f0492fSopenharmony_ci return CheckCloneNs(CLONE_NEWUSER); 242d9f0492fSopenharmony_ci } 243d9f0492fSopenharmony_ci 244d9f0492fSopenharmony_ci#if defined __aarch64__ 245d9f0492fSopenharmony_ci static bool CheckMqOpen() 246d9f0492fSopenharmony_ci { 247d9f0492fSopenharmony_ci int ret = (int)syscall(__NR_mq_open, nullptr, 0); 248d9f0492fSopenharmony_ci if (ret < 0) { 249d9f0492fSopenharmony_ci return false; 250d9f0492fSopenharmony_ci } 251d9f0492fSopenharmony_ci 252d9f0492fSopenharmony_ci return true; 253d9f0492fSopenharmony_ci } 254d9f0492fSopenharmony_ci 255d9f0492fSopenharmony_ci static bool CheckGetpid() 256d9f0492fSopenharmony_ci { 257d9f0492fSopenharmony_ci pid_t pid = 1; 258d9f0492fSopenharmony_ci pid = syscall(__NR_getpid); 259d9f0492fSopenharmony_ci if (pid > 1) { 260d9f0492fSopenharmony_ci return true; 261d9f0492fSopenharmony_ci } 262d9f0492fSopenharmony_ci return false; 263d9f0492fSopenharmony_ci } 264d9f0492fSopenharmony_ci 265d9f0492fSopenharmony_ci static bool CheckGetuid() 266d9f0492fSopenharmony_ci { 267d9f0492fSopenharmony_ci uid_t uid = 0; 268d9f0492fSopenharmony_ci uid = syscall(__NR_getuid); 269d9f0492fSopenharmony_ci if (uid >= 0) { 270d9f0492fSopenharmony_ci return true; 271d9f0492fSopenharmony_ci } 272d9f0492fSopenharmony_ci 273d9f0492fSopenharmony_ci return false; 274d9f0492fSopenharmony_ci } 275d9f0492fSopenharmony_ci 276d9f0492fSopenharmony_ci static bool CheckSetresuidArgsInRange() 277d9f0492fSopenharmony_ci { 278d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 20000, 20000, 20000); 279d9f0492fSopenharmony_ci if (ret == 0) { 280d9f0492fSopenharmony_ci return true; 281d9f0492fSopenharmony_ci } 282d9f0492fSopenharmony_ci 283d9f0492fSopenharmony_ci return false; 284d9f0492fSopenharmony_ci } 285d9f0492fSopenharmony_ci 286d9f0492fSopenharmony_ci static bool CheckSetresuidArgsOutOfRange() 287d9f0492fSopenharmony_ci { 288d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 800, 800, 800); 289d9f0492fSopenharmony_ci if (ret == 0) { 290d9f0492fSopenharmony_ci return true; 291d9f0492fSopenharmony_ci } 292d9f0492fSopenharmony_ci 293d9f0492fSopenharmony_ci return false; 294d9f0492fSopenharmony_ci } 295d9f0492fSopenharmony_ci 296d9f0492fSopenharmony_ci static bool CheckSetuid() 297d9f0492fSopenharmony_ci { 298d9f0492fSopenharmony_ci int uid = syscall(__NR_setuid, 1); 299d9f0492fSopenharmony_ci if (uid == 0) { 300d9f0492fSopenharmony_ci return true; 301d9f0492fSopenharmony_ci } 302d9f0492fSopenharmony_ci 303d9f0492fSopenharmony_ci return false; 304d9f0492fSopenharmony_ci } 305d9f0492fSopenharmony_ci 306d9f0492fSopenharmony_ci static bool CheckSetuid64ForUidFilter1() 307d9f0492fSopenharmony_ci { 308d9f0492fSopenharmony_ci int ret = syscall(__NR_setuid, 0); 309d9f0492fSopenharmony_ci if (ret == 0) { 310d9f0492fSopenharmony_ci return true; 311d9f0492fSopenharmony_ci } 312d9f0492fSopenharmony_ci 313d9f0492fSopenharmony_ci return false; 314d9f0492fSopenharmony_ci } 315d9f0492fSopenharmony_ci 316d9f0492fSopenharmony_ci static bool CheckSetuid64ForUidFilter2() 317d9f0492fSopenharmony_ci { 318d9f0492fSopenharmony_ci int ret = syscall(__NR_setuid, 2); 319d9f0492fSopenharmony_ci if (ret == 0) { 320d9f0492fSopenharmony_ci return true; 321d9f0492fSopenharmony_ci } 322d9f0492fSopenharmony_ci 323d9f0492fSopenharmony_ci return false; 324d9f0492fSopenharmony_ci } 325d9f0492fSopenharmony_ci 326d9f0492fSopenharmony_ci static bool CheckSetreuid64ForUidFilter1() 327d9f0492fSopenharmony_ci { 328d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid, 0, 2); 329d9f0492fSopenharmony_ci if (ret == 0) { 330d9f0492fSopenharmony_ci return true; 331d9f0492fSopenharmony_ci } 332d9f0492fSopenharmony_ci 333d9f0492fSopenharmony_ci return false; 334d9f0492fSopenharmony_ci } 335d9f0492fSopenharmony_ci 336d9f0492fSopenharmony_ci static bool CheckSetreuid64ForUidFilter2() 337d9f0492fSopenharmony_ci { 338d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid, 2, 0); 339d9f0492fSopenharmony_ci if (ret == 0) { 340d9f0492fSopenharmony_ci return true; 341d9f0492fSopenharmony_ci } 342d9f0492fSopenharmony_ci 343d9f0492fSopenharmony_ci return false; 344d9f0492fSopenharmony_ci } 345d9f0492fSopenharmony_ci 346d9f0492fSopenharmony_ci static bool CheckSetreuid64ForUidFilter3() 347d9f0492fSopenharmony_ci { 348d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid, 0, 0); 349d9f0492fSopenharmony_ci if (ret == 0) { 350d9f0492fSopenharmony_ci return true; 351d9f0492fSopenharmony_ci } 352d9f0492fSopenharmony_ci 353d9f0492fSopenharmony_ci return false; 354d9f0492fSopenharmony_ci } 355d9f0492fSopenharmony_ci 356d9f0492fSopenharmony_ci static bool CheckSetreuid64ForUidFilter4() 357d9f0492fSopenharmony_ci { 358d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid, 2, 2); 359d9f0492fSopenharmony_ci if (ret == 0) { 360d9f0492fSopenharmony_ci return true; 361d9f0492fSopenharmony_ci } 362d9f0492fSopenharmony_ci 363d9f0492fSopenharmony_ci return false; 364d9f0492fSopenharmony_ci } 365d9f0492fSopenharmony_ci 366d9f0492fSopenharmony_ci static bool CheckSetfsuid64ForUidFilter1() 367d9f0492fSopenharmony_ci { 368d9f0492fSopenharmony_ci int ret = syscall(__NR_setfsuid, 0); 369d9f0492fSopenharmony_ci if (ret == 0) { 370d9f0492fSopenharmony_ci return true; 371d9f0492fSopenharmony_ci } 372d9f0492fSopenharmony_ci 373d9f0492fSopenharmony_ci return false; 374d9f0492fSopenharmony_ci } 375d9f0492fSopenharmony_ci 376d9f0492fSopenharmony_ci static bool CheckSetfsuid64ForUidFilter2() 377d9f0492fSopenharmony_ci { 378d9f0492fSopenharmony_ci int ret = syscall(__NR_setfsuid, 2); 379d9f0492fSopenharmony_ci if (ret == 0) { 380d9f0492fSopenharmony_ci return true; 381d9f0492fSopenharmony_ci } 382d9f0492fSopenharmony_ci 383d9f0492fSopenharmony_ci return false; 384d9f0492fSopenharmony_ci } 385d9f0492fSopenharmony_ci 386d9f0492fSopenharmony_ci static bool CheckSetresuid64ForUidFilter1() 387d9f0492fSopenharmony_ci { 388d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 0, 0, 0); 389d9f0492fSopenharmony_ci if (ret == 0) { 390d9f0492fSopenharmony_ci return true; 391d9f0492fSopenharmony_ci } 392d9f0492fSopenharmony_ci 393d9f0492fSopenharmony_ci return false; 394d9f0492fSopenharmony_ci } 395d9f0492fSopenharmony_ci 396d9f0492fSopenharmony_ci static bool CheckSetresuid64ForUidFilter2() 397d9f0492fSopenharmony_ci { 398d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 2, 0, 0); 399d9f0492fSopenharmony_ci if (ret == 0) { 400d9f0492fSopenharmony_ci return true; 401d9f0492fSopenharmony_ci } 402d9f0492fSopenharmony_ci 403d9f0492fSopenharmony_ci return false; 404d9f0492fSopenharmony_ci } 405d9f0492fSopenharmony_ci 406d9f0492fSopenharmony_ci static bool CheckSetresuid64ForUidFilter3() 407d9f0492fSopenharmony_ci { 408d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 0, 2, 0); 409d9f0492fSopenharmony_ci if (ret == 0) { 410d9f0492fSopenharmony_ci return true; 411d9f0492fSopenharmony_ci } 412d9f0492fSopenharmony_ci 413d9f0492fSopenharmony_ci return false; 414d9f0492fSopenharmony_ci } 415d9f0492fSopenharmony_ci 416d9f0492fSopenharmony_ci static bool CheckSetresuid64ForUidFilter4() 417d9f0492fSopenharmony_ci { 418d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 0, 0, 2); 419d9f0492fSopenharmony_ci if (ret == 0) { 420d9f0492fSopenharmony_ci return true; 421d9f0492fSopenharmony_ci } 422d9f0492fSopenharmony_ci 423d9f0492fSopenharmony_ci return false; 424d9f0492fSopenharmony_ci } 425d9f0492fSopenharmony_ci 426d9f0492fSopenharmony_ci static bool CheckSetresuid64ForUidFilter5() 427d9f0492fSopenharmony_ci { 428d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 0, 2, 2); 429d9f0492fSopenharmony_ci if (ret == 0) { 430d9f0492fSopenharmony_ci return true; 431d9f0492fSopenharmony_ci } 432d9f0492fSopenharmony_ci 433d9f0492fSopenharmony_ci return false; 434d9f0492fSopenharmony_ci } 435d9f0492fSopenharmony_ci 436d9f0492fSopenharmony_ci static bool CheckSetresuid64ForUidFilter6() 437d9f0492fSopenharmony_ci { 438d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 2, 0, 2); 439d9f0492fSopenharmony_ci if (ret == 0) { 440d9f0492fSopenharmony_ci return true; 441d9f0492fSopenharmony_ci } 442d9f0492fSopenharmony_ci 443d9f0492fSopenharmony_ci return false; 444d9f0492fSopenharmony_ci } 445d9f0492fSopenharmony_ci 446d9f0492fSopenharmony_ci static bool CheckSetresuid64ForUidFilter7() 447d9f0492fSopenharmony_ci { 448d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 2, 2, 0); 449d9f0492fSopenharmony_ci if (ret == 0) { 450d9f0492fSopenharmony_ci return true; 451d9f0492fSopenharmony_ci } 452d9f0492fSopenharmony_ci 453d9f0492fSopenharmony_ci return false; 454d9f0492fSopenharmony_ci } 455d9f0492fSopenharmony_ci 456d9f0492fSopenharmony_ci static bool CheckSetresuid64ForUidFilter8() 457d9f0492fSopenharmony_ci { 458d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 2, 2, 2); 459d9f0492fSopenharmony_ci if (ret == 0) { 460d9f0492fSopenharmony_ci return true; 461d9f0492fSopenharmony_ci } 462d9f0492fSopenharmony_ci 463d9f0492fSopenharmony_ci return false; 464d9f0492fSopenharmony_ci } 465d9f0492fSopenharmony_ci 466d9f0492fSopenharmony_ci void TestSystemSycall() 467d9f0492fSopenharmony_ci { 468d9f0492fSopenharmony_ci // system blocklist 469d9f0492fSopenharmony_ci int ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckMqOpen, false); 470d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 471d9f0492fSopenharmony_ci 472d9f0492fSopenharmony_ci // system allowlist 473d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckGetpid, true); 474d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 475d9f0492fSopenharmony_ci } 476d9f0492fSopenharmony_ci 477d9f0492fSopenharmony_ci void TestSystemSyscallForUidFilter() 478d9f0492fSopenharmony_ci { 479d9f0492fSopenharmony_ci // system_uid_filter_64bit_test 480d9f0492fSopenharmony_ci int ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetuid64ForUidFilter1, false); 481d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 482d9f0492fSopenharmony_ci 483d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetuid64ForUidFilter2, true); 484d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 485d9f0492fSopenharmony_ci 486d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid64ForUidFilter1, false); 487d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 488d9f0492fSopenharmony_ci 489d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid64ForUidFilter2, false); 490d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 491d9f0492fSopenharmony_ci 492d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid64ForUidFilter3, false); 493d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 494d9f0492fSopenharmony_ci 495d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid64ForUidFilter4, true); 496d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 497d9f0492fSopenharmony_ci 498d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetfsuid64ForUidFilter1, false); 499d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 500d9f0492fSopenharmony_ci 501d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetfsuid64ForUidFilter2, true); 502d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 503d9f0492fSopenharmony_ci 504d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid64ForUidFilter1, false); 505d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 506d9f0492fSopenharmony_ci 507d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid64ForUidFilter2, false); 508d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 509d9f0492fSopenharmony_ci 510d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid64ForUidFilter3, false); 511d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 512d9f0492fSopenharmony_ci 513d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid64ForUidFilter4, false); 514d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 515d9f0492fSopenharmony_ci 516d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid64ForUidFilter5, false); 517d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 518d9f0492fSopenharmony_ci 519d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid64ForUidFilter6, false); 520d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 521d9f0492fSopenharmony_ci 522d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid64ForUidFilter7, false); 523d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 524d9f0492fSopenharmony_ci 525d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid64ForUidFilter8, true); 526d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 527d9f0492fSopenharmony_ci } 528d9f0492fSopenharmony_ci 529d9f0492fSopenharmony_ci void TestSetUidGidFilter() 530d9f0492fSopenharmony_ci { 531d9f0492fSopenharmony_ci // system blocklist 532d9f0492fSopenharmony_ci int ret = CheckSyscall(INDIVIDUAL, APPSPAWN_NAME, CheckSetresuidArgsOutOfRange, false); 533d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 534d9f0492fSopenharmony_ci 535d9f0492fSopenharmony_ci // system allowlist 536d9f0492fSopenharmony_ci ret = CheckSyscall(INDIVIDUAL, APPSPAWN_NAME, CheckSetresuidArgsInRange, true); 537d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 538d9f0492fSopenharmony_ci } 539d9f0492fSopenharmony_ci 540d9f0492fSopenharmony_ci void TestAppSycall() 541d9f0492fSopenharmony_ci { 542d9f0492fSopenharmony_ci // app blocklist 543d9f0492fSopenharmony_ci int ret = CheckSyscall(APP, APP_NAME, CheckSetuid, false); 544d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 545d9f0492fSopenharmony_ci 546d9f0492fSopenharmony_ci // app allowlist 547d9f0492fSopenharmony_ci ret = CheckSyscall(APP, APP_NAME, CheckGetpid, true); 548d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 549d9f0492fSopenharmony_ci } 550d9f0492fSopenharmony_ci#ifdef SECCOMP_PRIVILEGE 551d9f0492fSopenharmony_ci void TestSeccompPrivilegeSyscall() 552d9f0492fSopenharmony_ci { 553d9f0492fSopenharmony_ci int ret = CheckSyscall(APP, APP_PRIVILEGE, CheckSetuid64ForUidFilter1, true); 554d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 555d9f0492fSopenharmony_ci } 556d9f0492fSopenharmony_ci#endif 557d9f0492fSopenharmony_ci 558d9f0492fSopenharmony_ci#elif defined __arm__ 559d9f0492fSopenharmony_ci static bool CheckGetuid32() 560d9f0492fSopenharmony_ci { 561d9f0492fSopenharmony_ci uid_t uid = syscall(__NR_getuid32); 562d9f0492fSopenharmony_ci if (uid >= 0) { 563d9f0492fSopenharmony_ci return true; 564d9f0492fSopenharmony_ci } 565d9f0492fSopenharmony_ci return false; 566d9f0492fSopenharmony_ci } 567d9f0492fSopenharmony_ci 568d9f0492fSopenharmony_ci static bool CheckGetuid() 569d9f0492fSopenharmony_ci { 570d9f0492fSopenharmony_ci uid_t uid = syscall(__NR_getuid); 571d9f0492fSopenharmony_ci if (uid >= 0) { 572d9f0492fSopenharmony_ci return true; 573d9f0492fSopenharmony_ci } 574d9f0492fSopenharmony_ci return false; 575d9f0492fSopenharmony_ci } 576d9f0492fSopenharmony_ci 577d9f0492fSopenharmony_ci static bool CheckSetuid32() 578d9f0492fSopenharmony_ci { 579d9f0492fSopenharmony_ci int ret = syscall(__NR_setuid32, 1); 580d9f0492fSopenharmony_ci if (ret == 0) { 581d9f0492fSopenharmony_ci return true; 582d9f0492fSopenharmony_ci } 583d9f0492fSopenharmony_ci 584d9f0492fSopenharmony_ci return false; 585d9f0492fSopenharmony_ci } 586d9f0492fSopenharmony_ci 587d9f0492fSopenharmony_ci static bool CheckSetresuid32ArgsInRange() 588d9f0492fSopenharmony_ci { 589d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid32, 20000, 20000, 20000); 590d9f0492fSopenharmony_ci if (ret == 0) { 591d9f0492fSopenharmony_ci return true; 592d9f0492fSopenharmony_ci } 593d9f0492fSopenharmony_ci 594d9f0492fSopenharmony_ci return false; 595d9f0492fSopenharmony_ci } 596d9f0492fSopenharmony_ci 597d9f0492fSopenharmony_ci static bool CheckSetresuid32ArgsOutOfRange() 598d9f0492fSopenharmony_ci { 599d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid32, 800, 800, 800); 600d9f0492fSopenharmony_ci if (ret == 0) { 601d9f0492fSopenharmony_ci return true; 602d9f0492fSopenharmony_ci } 603d9f0492fSopenharmony_ci 604d9f0492fSopenharmony_ci return false; 605d9f0492fSopenharmony_ci } 606d9f0492fSopenharmony_ci 607d9f0492fSopenharmony_ci static bool CheckSetuid32ForUidFilter1() 608d9f0492fSopenharmony_ci { 609d9f0492fSopenharmony_ci int ret = syscall(__NR_setuid32, 0); 610d9f0492fSopenharmony_ci if (ret == 0) { 611d9f0492fSopenharmony_ci return true; 612d9f0492fSopenharmony_ci } 613d9f0492fSopenharmony_ci 614d9f0492fSopenharmony_ci return false; 615d9f0492fSopenharmony_ci } 616d9f0492fSopenharmony_ci 617d9f0492fSopenharmony_ci static bool CheckSetuid32ForUidFilter2() 618d9f0492fSopenharmony_ci { 619d9f0492fSopenharmony_ci int ret = syscall(__NR_setuid32, 2); 620d9f0492fSopenharmony_ci if (ret == 0) { 621d9f0492fSopenharmony_ci return true; 622d9f0492fSopenharmony_ci } 623d9f0492fSopenharmony_ci 624d9f0492fSopenharmony_ci return false; 625d9f0492fSopenharmony_ci } 626d9f0492fSopenharmony_ci 627d9f0492fSopenharmony_ci static bool CheckSetuid16ForUidFilter1() 628d9f0492fSopenharmony_ci { 629d9f0492fSopenharmony_ci int ret = syscall(__NR_setuid, 0); 630d9f0492fSopenharmony_ci if (ret == 0) { 631d9f0492fSopenharmony_ci return true; 632d9f0492fSopenharmony_ci } 633d9f0492fSopenharmony_ci 634d9f0492fSopenharmony_ci return false; 635d9f0492fSopenharmony_ci } 636d9f0492fSopenharmony_ci 637d9f0492fSopenharmony_ci static bool CheckSetuid16ForUidFilter2() 638d9f0492fSopenharmony_ci { 639d9f0492fSopenharmony_ci int ret = syscall(__NR_setuid, 2); 640d9f0492fSopenharmony_ci if (ret == 0) { 641d9f0492fSopenharmony_ci return true; 642d9f0492fSopenharmony_ci } 643d9f0492fSopenharmony_ci 644d9f0492fSopenharmony_ci return false; 645d9f0492fSopenharmony_ci } 646d9f0492fSopenharmony_ci 647d9f0492fSopenharmony_ci static bool CheckSetreuid32ForUidFilter1() 648d9f0492fSopenharmony_ci { 649d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid32, 0, 2); 650d9f0492fSopenharmony_ci if (ret == 0) { 651d9f0492fSopenharmony_ci return true; 652d9f0492fSopenharmony_ci } 653d9f0492fSopenharmony_ci 654d9f0492fSopenharmony_ci return false; 655d9f0492fSopenharmony_ci } 656d9f0492fSopenharmony_ci 657d9f0492fSopenharmony_ci static bool CheckSetreuid32ForUidFilter2() 658d9f0492fSopenharmony_ci { 659d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid32, 2, 0); 660d9f0492fSopenharmony_ci if (ret == 0) { 661d9f0492fSopenharmony_ci return true; 662d9f0492fSopenharmony_ci } 663d9f0492fSopenharmony_ci 664d9f0492fSopenharmony_ci return false; 665d9f0492fSopenharmony_ci } 666d9f0492fSopenharmony_ci 667d9f0492fSopenharmony_ci static bool CheckSetreuid32ForUidFilter3() 668d9f0492fSopenharmony_ci { 669d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid32, 0, 0); 670d9f0492fSopenharmony_ci if (ret == 0) { 671d9f0492fSopenharmony_ci return true; 672d9f0492fSopenharmony_ci } 673d9f0492fSopenharmony_ci 674d9f0492fSopenharmony_ci return false; 675d9f0492fSopenharmony_ci } 676d9f0492fSopenharmony_ci 677d9f0492fSopenharmony_ci static bool CheckSetreuid32ForUidFilter4() 678d9f0492fSopenharmony_ci { 679d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid32, 2, 2); 680d9f0492fSopenharmony_ci if (ret == 0) { 681d9f0492fSopenharmony_ci return true; 682d9f0492fSopenharmony_ci } 683d9f0492fSopenharmony_ci 684d9f0492fSopenharmony_ci return false; 685d9f0492fSopenharmony_ci } 686d9f0492fSopenharmony_ci 687d9f0492fSopenharmony_ci static bool CheckSetreuid16ForUidFilter1() 688d9f0492fSopenharmony_ci { 689d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid, 0, 2); 690d9f0492fSopenharmony_ci if (ret == 0) { 691d9f0492fSopenharmony_ci return true; 692d9f0492fSopenharmony_ci } 693d9f0492fSopenharmony_ci 694d9f0492fSopenharmony_ci return false; 695d9f0492fSopenharmony_ci } 696d9f0492fSopenharmony_ci 697d9f0492fSopenharmony_ci static bool CheckSetreuid16ForUidFilter2() 698d9f0492fSopenharmony_ci { 699d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid, 2, 0); 700d9f0492fSopenharmony_ci if (ret == 0) { 701d9f0492fSopenharmony_ci return true; 702d9f0492fSopenharmony_ci } 703d9f0492fSopenharmony_ci 704d9f0492fSopenharmony_ci return false; 705d9f0492fSopenharmony_ci } 706d9f0492fSopenharmony_ci 707d9f0492fSopenharmony_ci static bool CheckSetreuid16ForUidFilter3() 708d9f0492fSopenharmony_ci { 709d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid, 0, 0); 710d9f0492fSopenharmony_ci if (ret == 0) { 711d9f0492fSopenharmony_ci return true; 712d9f0492fSopenharmony_ci } 713d9f0492fSopenharmony_ci 714d9f0492fSopenharmony_ci return false; 715d9f0492fSopenharmony_ci } 716d9f0492fSopenharmony_ci 717d9f0492fSopenharmony_ci static bool CheckSetreuid16ForUidFilter4() 718d9f0492fSopenharmony_ci { 719d9f0492fSopenharmony_ci int ret = syscall(__NR_setreuid, 2, 2); 720d9f0492fSopenharmony_ci if (ret == 0) { 721d9f0492fSopenharmony_ci return true; 722d9f0492fSopenharmony_ci } 723d9f0492fSopenharmony_ci 724d9f0492fSopenharmony_ci return false; 725d9f0492fSopenharmony_ci } 726d9f0492fSopenharmony_ci 727d9f0492fSopenharmony_ci static bool CheckSetfsuid32ForUidFilter1() 728d9f0492fSopenharmony_ci { 729d9f0492fSopenharmony_ci int ret = syscall(__NR_setfsuid32, 0); 730d9f0492fSopenharmony_ci if (ret == 0) { 731d9f0492fSopenharmony_ci return true; 732d9f0492fSopenharmony_ci } 733d9f0492fSopenharmony_ci 734d9f0492fSopenharmony_ci return false; 735d9f0492fSopenharmony_ci } 736d9f0492fSopenharmony_ci 737d9f0492fSopenharmony_ci static bool CheckSetfsuid32ForUidFilter2() 738d9f0492fSopenharmony_ci { 739d9f0492fSopenharmony_ci int ret = syscall(__NR_setfsuid32, 2); 740d9f0492fSopenharmony_ci if (ret == 0) { 741d9f0492fSopenharmony_ci return true; 742d9f0492fSopenharmony_ci } 743d9f0492fSopenharmony_ci 744d9f0492fSopenharmony_ci return false; 745d9f0492fSopenharmony_ci } 746d9f0492fSopenharmony_ci 747d9f0492fSopenharmony_ci static bool CheckSetfsuid16ForUidFilter1() 748d9f0492fSopenharmony_ci { 749d9f0492fSopenharmony_ci int ret = syscall(__NR_setfsuid, 0); 750d9f0492fSopenharmony_ci if (ret == 0) { 751d9f0492fSopenharmony_ci return true; 752d9f0492fSopenharmony_ci } 753d9f0492fSopenharmony_ci 754d9f0492fSopenharmony_ci return false; 755d9f0492fSopenharmony_ci } 756d9f0492fSopenharmony_ci 757d9f0492fSopenharmony_ci static bool CheckSetfsuid16ForUidFilter2() 758d9f0492fSopenharmony_ci { 759d9f0492fSopenharmony_ci int ret = syscall(__NR_setfsuid, 2); 760d9f0492fSopenharmony_ci if (ret == 0) { 761d9f0492fSopenharmony_ci return true; 762d9f0492fSopenharmony_ci } 763d9f0492fSopenharmony_ci 764d9f0492fSopenharmony_ci return false; 765d9f0492fSopenharmony_ci } 766d9f0492fSopenharmony_ci 767d9f0492fSopenharmony_ci static bool CheckSetresuid32ForUidFilter1() 768d9f0492fSopenharmony_ci { 769d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid32, 0, 0, 0); 770d9f0492fSopenharmony_ci if (ret == 0) { 771d9f0492fSopenharmony_ci return true; 772d9f0492fSopenharmony_ci } 773d9f0492fSopenharmony_ci 774d9f0492fSopenharmony_ci return false; 775d9f0492fSopenharmony_ci } 776d9f0492fSopenharmony_ci 777d9f0492fSopenharmony_ci static bool CheckSetresuid32ForUidFilter2() 778d9f0492fSopenharmony_ci { 779d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid32, 2, 0, 0); 780d9f0492fSopenharmony_ci if (ret == 0) { 781d9f0492fSopenharmony_ci return true; 782d9f0492fSopenharmony_ci } 783d9f0492fSopenharmony_ci 784d9f0492fSopenharmony_ci return false; 785d9f0492fSopenharmony_ci } 786d9f0492fSopenharmony_ci 787d9f0492fSopenharmony_ci static bool CheckSetresuid32ForUidFilter3() 788d9f0492fSopenharmony_ci { 789d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid32, 0, 2, 0); 790d9f0492fSopenharmony_ci if (ret == 0) { 791d9f0492fSopenharmony_ci return true; 792d9f0492fSopenharmony_ci } 793d9f0492fSopenharmony_ci 794d9f0492fSopenharmony_ci return false; 795d9f0492fSopenharmony_ci } 796d9f0492fSopenharmony_ci 797d9f0492fSopenharmony_ci static bool CheckSetresuid32ForUidFilter4() 798d9f0492fSopenharmony_ci { 799d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid32, 0, 0, 2); 800d9f0492fSopenharmony_ci if (ret == 0) { 801d9f0492fSopenharmony_ci return true; 802d9f0492fSopenharmony_ci } 803d9f0492fSopenharmony_ci 804d9f0492fSopenharmony_ci return false; 805d9f0492fSopenharmony_ci } 806d9f0492fSopenharmony_ci 807d9f0492fSopenharmony_ci static bool CheckSetresuid32ForUidFilter5() 808d9f0492fSopenharmony_ci { 809d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid32, 0, 2, 2); 810d9f0492fSopenharmony_ci if (ret == 0) { 811d9f0492fSopenharmony_ci return true; 812d9f0492fSopenharmony_ci } 813d9f0492fSopenharmony_ci 814d9f0492fSopenharmony_ci return false; 815d9f0492fSopenharmony_ci } 816d9f0492fSopenharmony_ci 817d9f0492fSopenharmony_ci static bool CheckSetresuid32ForUidFilter6() 818d9f0492fSopenharmony_ci { 819d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid32, 2, 0, 2); 820d9f0492fSopenharmony_ci if (ret == 0) { 821d9f0492fSopenharmony_ci return true; 822d9f0492fSopenharmony_ci } 823d9f0492fSopenharmony_ci 824d9f0492fSopenharmony_ci return false; 825d9f0492fSopenharmony_ci } 826d9f0492fSopenharmony_ci 827d9f0492fSopenharmony_ci static bool CheckSetresuid32ForUidFilter7() 828d9f0492fSopenharmony_ci { 829d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid32, 2, 2, 0); 830d9f0492fSopenharmony_ci if (ret == 0) { 831d9f0492fSopenharmony_ci return true; 832d9f0492fSopenharmony_ci } 833d9f0492fSopenharmony_ci 834d9f0492fSopenharmony_ci return false; 835d9f0492fSopenharmony_ci } 836d9f0492fSopenharmony_ci 837d9f0492fSopenharmony_ci static bool CheckSetresuid32ForUidFilter8() 838d9f0492fSopenharmony_ci { 839d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid32, 2, 2, 2); 840d9f0492fSopenharmony_ci if (ret == 0) { 841d9f0492fSopenharmony_ci return true; 842d9f0492fSopenharmony_ci } 843d9f0492fSopenharmony_ci 844d9f0492fSopenharmony_ci return false; 845d9f0492fSopenharmony_ci } 846d9f0492fSopenharmony_ci 847d9f0492fSopenharmony_ci static bool CheckSetresuid16ForUidFilter1() 848d9f0492fSopenharmony_ci { 849d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 0, 0, 0); 850d9f0492fSopenharmony_ci if (ret == 0) { 851d9f0492fSopenharmony_ci return true; 852d9f0492fSopenharmony_ci } 853d9f0492fSopenharmony_ci 854d9f0492fSopenharmony_ci return false; 855d9f0492fSopenharmony_ci } 856d9f0492fSopenharmony_ci 857d9f0492fSopenharmony_ci static bool CheckSetresuid16ForUidFilter2() 858d9f0492fSopenharmony_ci { 859d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 2, 0, 0); 860d9f0492fSopenharmony_ci if (ret == 0) { 861d9f0492fSopenharmony_ci return true; 862d9f0492fSopenharmony_ci } 863d9f0492fSopenharmony_ci 864d9f0492fSopenharmony_ci return false; 865d9f0492fSopenharmony_ci } 866d9f0492fSopenharmony_ci 867d9f0492fSopenharmony_ci static bool CheckSetresuid16ForUidFilter3() 868d9f0492fSopenharmony_ci { 869d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 0, 2, 0); 870d9f0492fSopenharmony_ci if (ret == 0) { 871d9f0492fSopenharmony_ci return true; 872d9f0492fSopenharmony_ci } 873d9f0492fSopenharmony_ci 874d9f0492fSopenharmony_ci return false; 875d9f0492fSopenharmony_ci } 876d9f0492fSopenharmony_ci 877d9f0492fSopenharmony_ci static bool CheckSetresuid16ForUidFilter4() 878d9f0492fSopenharmony_ci { 879d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 0, 0, 2); 880d9f0492fSopenharmony_ci if (ret == 0) { 881d9f0492fSopenharmony_ci return true; 882d9f0492fSopenharmony_ci } 883d9f0492fSopenharmony_ci 884d9f0492fSopenharmony_ci return false; 885d9f0492fSopenharmony_ci } 886d9f0492fSopenharmony_ci 887d9f0492fSopenharmony_ci static bool CheckSetresuid16ForUidFilter5() 888d9f0492fSopenharmony_ci { 889d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 0, 2, 2); 890d9f0492fSopenharmony_ci if (ret == 0) { 891d9f0492fSopenharmony_ci return true; 892d9f0492fSopenharmony_ci } 893d9f0492fSopenharmony_ci 894d9f0492fSopenharmony_ci return false; 895d9f0492fSopenharmony_ci } 896d9f0492fSopenharmony_ci 897d9f0492fSopenharmony_ci static bool CheckSetresuid16ForUidFilter6() 898d9f0492fSopenharmony_ci { 899d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 2, 0, 2); 900d9f0492fSopenharmony_ci if (ret == 0) { 901d9f0492fSopenharmony_ci return true; 902d9f0492fSopenharmony_ci } 903d9f0492fSopenharmony_ci 904d9f0492fSopenharmony_ci return false; 905d9f0492fSopenharmony_ci } 906d9f0492fSopenharmony_ci 907d9f0492fSopenharmony_ci static bool CheckSetresuid16ForUidFilter7() 908d9f0492fSopenharmony_ci { 909d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 2, 2, 0); 910d9f0492fSopenharmony_ci if (ret == 0) { 911d9f0492fSopenharmony_ci return true; 912d9f0492fSopenharmony_ci } 913d9f0492fSopenharmony_ci 914d9f0492fSopenharmony_ci return false; 915d9f0492fSopenharmony_ci } 916d9f0492fSopenharmony_ci 917d9f0492fSopenharmony_ci static bool CheckSetresuid16ForUidFilter8() 918d9f0492fSopenharmony_ci { 919d9f0492fSopenharmony_ci int ret = syscall(__NR_setresuid, 2, 2, 2); 920d9f0492fSopenharmony_ci if (ret == 0) { 921d9f0492fSopenharmony_ci return true; 922d9f0492fSopenharmony_ci } 923d9f0492fSopenharmony_ci 924d9f0492fSopenharmony_ci return false; 925d9f0492fSopenharmony_ci } 926d9f0492fSopenharmony_ci 927d9f0492fSopenharmony_ci void TestSystemSycall() 928d9f0492fSopenharmony_ci { 929d9f0492fSopenharmony_ci // system blocklist 930d9f0492fSopenharmony_ci int ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckGetuid, false); 931d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 932d9f0492fSopenharmony_ci 933d9f0492fSopenharmony_ci // system allowlist 934d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckGetuid32, true); 935d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 936d9f0492fSopenharmony_ci } 937d9f0492fSopenharmony_ci 938d9f0492fSopenharmony_ci void TestSystemSyscallForUidFilter32Bit() 939d9f0492fSopenharmony_ci { 940d9f0492fSopenharmony_ci // system_uid_filter_32bit_test 941d9f0492fSopenharmony_ci int ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetuid32ForUidFilter1, false); 942d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 943d9f0492fSopenharmony_ci 944d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetuid32ForUidFilter2, true); 945d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 946d9f0492fSopenharmony_ci 947d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid32ForUidFilter1, false); 948d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 949d9f0492fSopenharmony_ci 950d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid32ForUidFilter2, false); 951d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 952d9f0492fSopenharmony_ci 953d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid32ForUidFilter3, false); 954d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 955d9f0492fSopenharmony_ci 956d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid32ForUidFilter4, true); 957d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 958d9f0492fSopenharmony_ci 959d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetfsuid32ForUidFilter1, false); 960d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 961d9f0492fSopenharmony_ci 962d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetfsuid32ForUidFilter2, true); 963d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 964d9f0492fSopenharmony_ci 965d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid32ForUidFilter1, false); 966d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 967d9f0492fSopenharmony_ci 968d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid32ForUidFilter2, false); 969d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 970d9f0492fSopenharmony_ci 971d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid32ForUidFilter3, false); 972d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 973d9f0492fSopenharmony_ci 974d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid32ForUidFilter4, false); 975d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 976d9f0492fSopenharmony_ci 977d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid32ForUidFilter5, false); 978d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 979d9f0492fSopenharmony_ci 980d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid32ForUidFilter6, false); 981d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 982d9f0492fSopenharmony_ci 983d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid32ForUidFilter7, false); 984d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 985d9f0492fSopenharmony_ci 986d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid32ForUidFilter8, true); 987d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 988d9f0492fSopenharmony_ci } 989d9f0492fSopenharmony_ci 990d9f0492fSopenharmony_ci void TestSystemSyscallForUidFilter16Bit() 991d9f0492fSopenharmony_ci { 992d9f0492fSopenharmony_ci // system_uid_filter_16bit_test 993d9f0492fSopenharmony_ci int ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetuid16ForUidFilter1, false); 994d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 995d9f0492fSopenharmony_ci 996d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetuid16ForUidFilter2, true); 997d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 998d9f0492fSopenharmony_ci 999d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid16ForUidFilter1, false); 1000d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1001d9f0492fSopenharmony_ci 1002d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid16ForUidFilter2, false); 1003d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1004d9f0492fSopenharmony_ci 1005d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid16ForUidFilter3, false); 1006d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1007d9f0492fSopenharmony_ci 1008d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetreuid16ForUidFilter4, true); 1009d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1010d9f0492fSopenharmony_ci 1011d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetfsuid16ForUidFilter1, false); 1012d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1013d9f0492fSopenharmony_ci 1014d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetfsuid16ForUidFilter2, true); 1015d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1016d9f0492fSopenharmony_ci 1017d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid16ForUidFilter1, false); 1018d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1019d9f0492fSopenharmony_ci 1020d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid16ForUidFilter2, false); 1021d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1022d9f0492fSopenharmony_ci 1023d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid16ForUidFilter3, false); 1024d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1025d9f0492fSopenharmony_ci 1026d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid16ForUidFilter4, false); 1027d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1028d9f0492fSopenharmony_ci 1029d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid16ForUidFilter5, false); 1030d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1031d9f0492fSopenharmony_ci 1032d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid16ForUidFilter6, false); 1033d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1034d9f0492fSopenharmony_ci 1035d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid16ForUidFilter7, false); 1036d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1037d9f0492fSopenharmony_ci 1038d9f0492fSopenharmony_ci ret = CheckSyscall(SYSTEM_SA, SYSTEM_NAME, CheckSetresuid16ForUidFilter8, true); 1039d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1040d9f0492fSopenharmony_ci } 1041d9f0492fSopenharmony_ci 1042d9f0492fSopenharmony_ci void TestSystemSyscallForUidFilter() 1043d9f0492fSopenharmony_ci { 1044d9f0492fSopenharmony_ci TestSystemSyscallForUidFilter32Bit(); 1045d9f0492fSopenharmony_ci TestSystemSyscallForUidFilter16Bit(); 1046d9f0492fSopenharmony_ci } 1047d9f0492fSopenharmony_ci 1048d9f0492fSopenharmony_ci void TestSetUidGidFilter() 1049d9f0492fSopenharmony_ci { 1050d9f0492fSopenharmony_ci // system blocklist 1051d9f0492fSopenharmony_ci int ret = CheckSyscall(INDIVIDUAL, APPSPAWN_NAME, CheckSetresuid32ArgsOutOfRange, false); 1052d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1053d9f0492fSopenharmony_ci 1054d9f0492fSopenharmony_ci // system allowlist 1055d9f0492fSopenharmony_ci ret = CheckSyscall(INDIVIDUAL, APPSPAWN_NAME, CheckSetresuid32ArgsInRange, true); 1056d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1057d9f0492fSopenharmony_ci } 1058d9f0492fSopenharmony_ci 1059d9f0492fSopenharmony_ci void TestAppSycall() 1060d9f0492fSopenharmony_ci { 1061d9f0492fSopenharmony_ci // app blocklist 1062d9f0492fSopenharmony_ci int ret = CheckSyscall(APP, APP_NAME, CheckSetuid32, false); 1063d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1064d9f0492fSopenharmony_ci 1065d9f0492fSopenharmony_ci // app allowlist 1066d9f0492fSopenharmony_ci ret = CheckSyscall(APP, APP_NAME, CheckGetuid32, true); 1067d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1068d9f0492fSopenharmony_ci } 1069d9f0492fSopenharmony_ci 1070d9f0492fSopenharmony_ci#ifdef SECCOMP_PRIVILEGE 1071d9f0492fSopenharmony_ci void TestSeccompPrivilegeSyscall() 1072d9f0492fSopenharmony_ci { 1073d9f0492fSopenharmony_ci int ret = CheckSyscall(APP, APP_PRIVILEGE, CheckSetuid32ForUidFilter1, true); 1074d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1075d9f0492fSopenharmony_ci } 1076d9f0492fSopenharmony_ci#endif 1077d9f0492fSopenharmony_ci#endif 1078d9f0492fSopenharmony_ci void TestAppSycallNs() 1079d9f0492fSopenharmony_ci { 1080d9f0492fSopenharmony_ci int ret = CheckSyscall(APP, APP_NAME, CheckUnshare, false); 1081d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1082d9f0492fSopenharmony_ci 1083d9f0492fSopenharmony_ci ret = CheckSyscall(APP, APP_NAME, CheckSetns, false); 1084d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1085d9f0492fSopenharmony_ci 1086d9f0492fSopenharmony_ci ret = CheckSyscall(APP, APP_NAME, CheckClonePidNs, false); 1087d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1088d9f0492fSopenharmony_ci 1089d9f0492fSopenharmony_ci ret = CheckSyscall(APP, APP_NAME, CheckCloneMntNs, false); 1090d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1091d9f0492fSopenharmony_ci 1092d9f0492fSopenharmony_ci ret = CheckSyscall(APP, APP_NAME, CheckCloneCgroupNs, false); 1093d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1094d9f0492fSopenharmony_ci 1095d9f0492fSopenharmony_ci ret = CheckSyscall(APP, APP_NAME, CheckCloneIpcNs, false); 1096d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1097d9f0492fSopenharmony_ci 1098d9f0492fSopenharmony_ci ret = CheckSyscall(APP, APP_NAME, CheckCloneUserNs, false); 1099d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1100d9f0492fSopenharmony_ci 1101d9f0492fSopenharmony_ci ret = CheckSyscall(APP, APP_NAME, CheckCloneNetNs, false); 1102d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1103d9f0492fSopenharmony_ci 1104d9f0492fSopenharmony_ci ret = CheckSyscall(APP, APP_NAME, CheckCloneUtsNs, false); 1105d9f0492fSopenharmony_ci EXPECT_EQ(ret, 0); 1106d9f0492fSopenharmony_ci } 1107d9f0492fSopenharmony_ci}; 1108d9f0492fSopenharmony_ci 1109d9f0492fSopenharmony_ci/** 1110d9f0492fSopenharmony_ci * @tc.name: TestSystemSycall 1111d9f0492fSopenharmony_ci * @tc.desc: Verify the system seccomp policy. 1112d9f0492fSopenharmony_ci * @tc.type: FUNC 1113d9f0492fSopenharmony_ci * @tc.require: issueI5IUWJ 1114d9f0492fSopenharmony_ci */ 1115d9f0492fSopenharmony_ciHWTEST_F(SeccompUnitTest, Init_Seccomp_SystemSycall001, TestSize.Level1) 1116d9f0492fSopenharmony_ci{ 1117d9f0492fSopenharmony_ci SeccompUnitTest test; 1118d9f0492fSopenharmony_ci test.TestSystemSycall(); 1119d9f0492fSopenharmony_ci} 1120d9f0492fSopenharmony_ci 1121d9f0492fSopenharmony_ci/** 1122d9f0492fSopenharmony_ci * @tc.name: TestSetUidGidFilter 1123d9f0492fSopenharmony_ci * @tc.desc: Verify the uid gid seccomp policy. 1124d9f0492fSopenharmony_ci * @tc.type: FUNC 1125d9f0492fSopenharmony_ci * @tc.require: issueI5IUWJ 1126d9f0492fSopenharmony_ci */ 1127d9f0492fSopenharmony_ciHWTEST_F(SeccompUnitTest, Init_Seccomp_SetUidGidFilter001, TestSize.Level1) 1128d9f0492fSopenharmony_ci{ 1129d9f0492fSopenharmony_ci SeccompUnitTest test; 1130d9f0492fSopenharmony_ci test.TestSetUidGidFilter(); 1131d9f0492fSopenharmony_ci} 1132d9f0492fSopenharmony_ci 1133d9f0492fSopenharmony_ci/** 1134d9f0492fSopenharmony_ci * @tc.name: TestAppSycall 1135d9f0492fSopenharmony_ci * @tc.desc: Verify the app seccomp policy. 1136d9f0492fSopenharmony_ci * @tc.type: FUNC 1137d9f0492fSopenharmony_ci * @tc.require: issueI5MUXD 1138d9f0492fSopenharmony_ci */ 1139d9f0492fSopenharmony_ciHWTEST_F(SeccompUnitTest, Init_Seccomp_AppSycall001, TestSize.Level1) 1140d9f0492fSopenharmony_ci{ 1141d9f0492fSopenharmony_ci SeccompUnitTest test; 1142d9f0492fSopenharmony_ci test.TestAppSycall(); 1143d9f0492fSopenharmony_ci} 1144d9f0492fSopenharmony_ci 1145d9f0492fSopenharmony_ci/** 1146d9f0492fSopenharmony_ci * @tc.name: TestSystemSyscallForUidFilter 1147d9f0492fSopenharmony_ci * @tc.desc: Verify the system seccomp policy. 1148d9f0492fSopenharmony_ci * @tc.type: FUNC 1149d9f0492fSopenharmony_ci * @tc.require: issueI7QET2 1150d9f0492fSopenharmony_ci */ 1151d9f0492fSopenharmony_ciHWTEST_F(SeccompUnitTest, Init_Seccomp_SystemSyscallForUidFilter001, TestSize.Level1) 1152d9f0492fSopenharmony_ci{ 1153d9f0492fSopenharmony_ci SeccompUnitTest test; 1154d9f0492fSopenharmony_ci test.TestSystemSyscallForUidFilter(); 1155d9f0492fSopenharmony_ci} 1156d9f0492fSopenharmony_ci 1157d9f0492fSopenharmony_ci/** 1158d9f0492fSopenharmony_ci * @tc.name: TestAppSycallNs 1159d9f0492fSopenharmony_ci * @tc.desc: Verify the app seccomp policy about namespace. 1160d9f0492fSopenharmony_ci * @tc.type: FUNC 1161d9f0492fSopenharmony_ci * @tc.require: issueI8LZTC 1162d9f0492fSopenharmony_ci */ 1163d9f0492fSopenharmony_ciHWTEST_F(SeccompUnitTest, Init_Seccomp_AppSycallNs001, TestSize.Level1) 1164d9f0492fSopenharmony_ci{ 1165d9f0492fSopenharmony_ci SeccompUnitTest test; 1166d9f0492fSopenharmony_ci test.TestAppSycallNs(); 1167d9f0492fSopenharmony_ci} 1168d9f0492fSopenharmony_ci#ifdef SECCOMP_PRIVILEGE 1169d9f0492fSopenharmony_ci/** 1170d9f0492fSopenharmony_ci * @tc.name: TestSeccompPrivilegeSyscall 1171d9f0492fSopenharmony_ci * @tc.desc: Verify the privilege syscall of app and appspawn. 1172d9f0492fSopenharmony_ci * @tc.type: FUNC 1173d9f0492fSopenharmony_ci * @tc.require: issueIAVQ2P 1174d9f0492fSopenharmony_ci */ 1175d9f0492fSopenharmony_ciHWTEST_F(SeccompUnitTest, Init_Seccomp_SeccompPrivilegeSycall001, TestSize.Level1) 1176d9f0492fSopenharmony_ci{ 1177d9f0492fSopenharmony_ci SeccompUnitTest test; 1178d9f0492fSopenharmony_ci test.TestSeccompPrivilegeSyscall(); 1179d9f0492fSopenharmony_ci} 1180d9f0492fSopenharmony_ci#endif 1181d9f0492fSopenharmony_ci} 1182