1 /* 2 * Copyright (c) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #include <gtest/gtest.h> 16 17 #include "param_manager.h" 18 #include "param_security.h" 19 #include "param_stub.h" 20 #include "param_utils.h" 21 #include "securec.h" 22 23 using namespace testing::ext; 24 using namespace std; 25 26 namespace init_ut { 27 class DacUnitTest : public ::testing::Test { 28 public: DacUnitTest()29 DacUnitTest() {} ~DacUnitTest()30 virtual ~DacUnitTest() {} 31 SetUp()32 void SetUp() {} TearDown()33 void TearDown() {} TestBody()34 void TestBody() {} 35 TestDacInitLocalLabel()36 int TestDacInitLocalLabel() 37 { 38 int ret = RegisterSecurityDacOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT); 39 EXPECT_EQ(ret, 0); 40 41 if (initParamSercurityOps.securityInitLabel == nullptr || initParamSercurityOps.securityFreeLabel == nullptr) { 42 return -1; 43 } 44 ParamSecurityLabel label = {}; 45 ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT); 46 EXPECT_EQ(ret, 0); 47 ret = initParamSercurityOps.securityFreeLabel(&label); 48 EXPECT_EQ(ret, 0); 49 return 0; 50 } 51 TestDacCheckFilePermission(const char * fileName)52 int TestDacCheckFilePermission(const char *fileName) 53 { 54 int ret = RegisterSecurityDacOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT); 55 EXPECT_EQ(ret, 0); 56 if (initParamSercurityOps.securityCheckFilePermission == nullptr) { 57 return -1; 58 } 59 ParamSecurityLabel label = {}; 60 ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT); 61 EXPECT_EQ(ret, 0); 62 ret = initParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_WRITE); 63 EXPECT_EQ(ret, 0); 64 ret = initParamSercurityOps.securityFreeLabel(&label); 65 EXPECT_EQ(ret, 0); 66 return 0; 67 } 68 TestDacCheckParaPermission(const char * name,ParamDacData * dacData,int mode)69 int TestDacCheckParaPermission(const char *name, ParamDacData *dacData, int mode) 70 { 71 int ret = RegisterSecurityDacOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT); 72 EXPECT_EQ(ret, 0); 73 if (initParamSercurityOps.securityCheckFilePermission == nullptr) { 74 return -1; 75 } 76 ParamAuditData auditData = {}; 77 auditData.name = name; 78 ret = memcpy_s(&auditData.dacData, sizeof(auditData.dacData), dacData, sizeof(auditData.dacData)); 79 EXPECT_EQ(ret, 0); 80 ret = AddSecurityLabel(&auditData); 81 EXPECT_EQ(ret, 0); 82 ParamSecurityLabel srclabel = {}; 83 ret = initParamSercurityOps.securityInitLabel(&srclabel, LABEL_INIT_FOR_INIT); 84 EXPECT_EQ(ret, 0); 85 ret = initParamSercurityOps.securityCheckParamPermission(&srclabel, name, mode); 86 initParamSercurityOps.securityFreeLabel(&srclabel); 87 return ret; 88 } 89 TestClientDacCheckFilePermission(const char * fileName)90 int TestClientDacCheckFilePermission(const char *fileName) 91 { 92 int ret = RegisterSecurityDacOps(&clientParamSercurityOps, 0); 93 EXPECT_EQ(ret, 0); 94 if (clientParamSercurityOps.securityGetLabel != nullptr) { 95 EXPECT_EQ(1, 0); 96 } 97 if (clientParamSercurityOps.securityCheckFilePermission == nullptr) { 98 EXPECT_EQ(1, 0); 99 return -1; 100 } 101 ParamSecurityLabel label = {}; 102 ret = clientParamSercurityOps.securityInitLabel(&label, 0); 103 EXPECT_EQ(ret, 0); 104 ret = clientParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_READ); 105 EXPECT_EQ(ret, 0); 106 ret = clientParamSercurityOps.securityFreeLabel(&label); 107 EXPECT_EQ(ret, 0); 108 return 0; 109 } 110 111 private: 112 ParamSecurityOps initParamSercurityOps {}; 113 ParamSecurityOps clientParamSercurityOps {}; 114 }; 115 116 HWTEST_F(DacUnitTest, TestDacInitLocalLabel, TestSize.Level0) 117 { 118 DacUnitTest test; 119 test.TestDacInitLocalLabel(); 120 } 121 122 HWTEST_F(DacUnitTest, TestDacCheckFilePermission, TestSize.Level0) 123 { 124 DacUnitTest test; 125 test.TestDacCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg"); 126 } 127 128 HWTEST_F(DacUnitTest, TestDacCheckUserParaPermission, TestSize.Level0) 129 { 130 // 相同用户 131 DacUnitTest test; 132 ParamDacData dacData; 133 dacData.gid = getegid(); 134 dacData.uid = geteuid(); 135 // read 136 dacData.mode = 0400; 137 int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ); 138 EXPECT_EQ(ret, 0); 139 dacData.mode = 0400; 140 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE); 141 EXPECT_NE(ret, 0); 142 dacData.mode = 0400; 143 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH); 144 EXPECT_NE(ret, 0); 145 146 // write 147 dacData.mode = 0200; 148 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ); 149 EXPECT_NE(ret, 0); 150 dacData.mode = 0200; 151 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE); 152 EXPECT_EQ(ret, 0); 153 dacData.mode = 0200; 154 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH); 155 EXPECT_NE(ret, 0); 156 157 // watch 158 dacData.mode = 0100; 159 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ); 160 EXPECT_NE(ret, 0); 161 dacData.mode = 0100; 162 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE); 163 EXPECT_NE(ret, 0); 164 dacData.mode = 0100; 165 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH); 166 EXPECT_EQ(ret, 0); 167 } 168 169 HWTEST_F(DacUnitTest, TestDacCheckGroupParaPermission, TestSize.Level0) 170 { 171 // 相同组 172 DacUnitTest test; 173 ParamDacData dacData; 174 dacData.gid = getegid(); 175 dacData.uid = 13333; 176 // read 177 dacData.mode = 0040; 178 int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ); 179 EXPECT_EQ(ret, 0); 180 dacData.mode = 0040; 181 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE); 182 EXPECT_NE(ret, 0); 183 dacData.mode = 0040; 184 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH); 185 EXPECT_NE(ret, 0); 186 187 // write 188 dacData.mode = 0020; 189 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ); 190 EXPECT_NE(ret, 0); 191 dacData.mode = 0020; 192 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE); 193 EXPECT_EQ(ret, 0); 194 dacData.mode = 0020; 195 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH); 196 EXPECT_NE(ret, 0); 197 198 // watch 199 dacData.mode = 0010; 200 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ); 201 EXPECT_NE(ret, 0); 202 dacData.mode = 0010; 203 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE); 204 EXPECT_NE(ret, 0); 205 dacData.mode = 0010; 206 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH); 207 EXPECT_EQ(ret, 0); 208 } 209 210 HWTEST_F(DacUnitTest, TestDacCheckOtherParaPermission, TestSize.Level0) 211 { 212 // 其他用户 213 DacUnitTest test; 214 ParamDacData dacData; 215 dacData.gid = 13333; 216 dacData.uid = 13333; 217 // read 218 dacData.mode = 0004; 219 int ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_READ); 220 EXPECT_EQ(ret, 0); 221 dacData.mode = 0004; 222 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WRITE); 223 EXPECT_NE(ret, 0); 224 dacData.mode = 0004; 225 ret = test.TestDacCheckParaPermission("test.permission.read.aaa", &dacData, DAC_WATCH); 226 EXPECT_NE(ret, 0); 227 228 // write 229 dacData.mode = 0002; 230 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_READ); 231 EXPECT_NE(ret, 0); 232 dacData.mode = 0002; 233 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WRITE); 234 EXPECT_EQ(ret, 0); 235 dacData.mode = 0002; 236 ret = test.TestDacCheckParaPermission("test.permission.write.aaa", &dacData, DAC_WATCH); 237 EXPECT_NE(ret, 0); 238 239 // watch 240 dacData.mode = 0001; 241 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_READ); 242 EXPECT_NE(ret, 0); 243 dacData.mode = 0001; 244 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WRITE); 245 EXPECT_NE(ret, 0); 246 dacData.mode = 0001; 247 ret = test.TestDacCheckParaPermission("test.permission.watch.aaa", &dacData, DAC_WATCH); 248 EXPECT_EQ(ret, 0); 249 } 250 251 HWTEST_F(DacUnitTest, TestClientDacCheckFilePermission, TestSize.Level0) 252 { 253 DacUnitTest test; 254 test.TestClientDacCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg"); 255 } 256 }