• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include <gtest/gtest.h>
16 
17 #include "param_manager.h"
18 #include "param_security.h"
19 #include "param_stub.h"
20 #include "param_utils.h"
21 #include "securec.h"
22 
23 using namespace testing::ext;
24 using namespace std;
25 
26 namespace init_ut {
27 class SelinuxUnitTest : public ::testing::Test {
28 public:
SelinuxUnitTest()29     SelinuxUnitTest() {}
~SelinuxUnitTest()30     virtual ~SelinuxUnitTest() {}
31 
SetUp()32     void SetUp()
33     {
34         SetTestPermissionResult(0);
35     }
TearDown()36     void TearDown() {}
TestBody()37     void TestBody() {}
38 
TestSelinuxInitLocalLabel()39     int TestSelinuxInitLocalLabel()
40     {
41         int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
42         EXPECT_EQ(ret, 0);
43 
44         if (initParamSercurityOps.securityInitLabel == nullptr || initParamSercurityOps.securityFreeLabel == nullptr) {
45             return -1;
46         }
47         ParamSecurityLabel label = {};
48         ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT);
49         EXPECT_EQ(ret, 0);
50         ret = initParamSercurityOps.securityFreeLabel(&label);
51         EXPECT_EQ(ret, 0);
52         return 0;
53     }
54 
TestSelinuxCheckFilePermission(const char * fileName)55     int TestSelinuxCheckFilePermission(const char *fileName)
56     {
57         int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
58         EXPECT_EQ(ret, 0);
59         if (initParamSercurityOps.securityCheckFilePermission == nullptr) {
60             return -1;
61         }
62         ParamSecurityLabel label = {};
63         ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT);
64         EXPECT_EQ(ret, 0);
65         ret = initParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_WRITE);
66         EXPECT_EQ(ret, 0);
67         ret = initParamSercurityOps.securityFreeLabel(&label);
68         EXPECT_EQ(ret, 0);
69         return 0;
70     }
71 
TestSelinuxCheckParaPermission(const char * name,const char * label)72     int TestSelinuxCheckParaPermission(const char *name, const char *label)
73     {
74         int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
75         EXPECT_EQ(ret, 0);
76         if (initParamSercurityOps.securityCheckFilePermission == nullptr) {
77             return -1;
78         }
79         ParamSecurityLabel srclabel = {};
80         ret = initParamSercurityOps.securityInitLabel(&srclabel, LABEL_INIT_FOR_INIT);
81         EXPECT_EQ(ret, 0);
82 
83         ret = initParamSercurityOps.securityCheckParamPermission(&srclabel, name, DAC_WRITE);
84         EXPECT_EQ(ret, 0);
85         ret = initParamSercurityOps.securityFreeLabel(&srclabel);
86         EXPECT_EQ(ret, 0);
87         return 0;
88     }
89 
TestClientSelinuxCheckFilePermission(const char * fileName)90     int TestClientSelinuxCheckFilePermission(const char *fileName)
91     {
92         int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
93         EXPECT_EQ(ret, 0);
94         if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
95             EXPECT_EQ(1, 0);
96             return -1;
97         }
98         ParamSecurityLabel label = {};
99         ret = clientParamSercurityOps.securityInitLabel(&label, 0);
100         EXPECT_EQ(ret, 0);
101         ret = clientParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_READ);
102         EXPECT_EQ(ret, 0);
103         ret = clientParamSercurityOps.securityFreeLabel(&label);
104         EXPECT_EQ(ret, 0);
105         return 0;
106     }
107 
TestClientSelinuxCheckParaPermissionWrite(const char * name,const char * label)108     int TestClientSelinuxCheckParaPermissionWrite(const char *name, const char *label)
109     {
110         int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
111         EXPECT_EQ(ret, 0);
112 
113         if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
114             return -1;
115         }
116         ParamSecurityLabel srclabel = {};
117         ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0);
118         EXPECT_EQ(ret, 0);
119         ret = clientParamSercurityOps.securityCheckParamPermission(&srclabel, name, DAC_WRITE);
120         EXPECT_EQ(ret, 0);
121         ret = clientParamSercurityOps.securityFreeLabel(&srclabel);
122         EXPECT_EQ(ret, 0);
123         return 0;
124     }
125 
TestClientSelinuxCheckParaPermissionRead(const char * name,const char * label)126     int TestClientSelinuxCheckParaPermissionRead(const char *name, const char *label)
127     {
128         int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
129         EXPECT_EQ(ret, 0);
130         if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
131             return -1;
132         }
133         ParamSecurityLabel srclabel = {};
134         ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0);
135         EXPECT_EQ(ret, 0);
136         ret = clientParamSercurityOps.securityCheckParamPermission(&srclabel, name, DAC_READ);
137         EXPECT_EQ(ret, 0);
138         ret = clientParamSercurityOps.securityFreeLabel(&srclabel);
139         EXPECT_EQ(ret, 0);
140         uint8_t updataMode = GetParamWorkSpace()->ops.updaterMode;
141         GetParamWorkSpace()->ops.updaterMode = 1; // 1 test updater mode
142         RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
143         if (clientParamSercurityOps.securityCheckParamPermission != nullptr) {
144             clientParamSercurityOps.securityCheckParamPermission(nullptr, nullptr, 0);
145         }
146         GetParamWorkSpace()->ops.updaterMode = updataMode;
147         return 0;
148     }
149 
150 private:
151     ParamSecurityOps initParamSercurityOps {};
152     ParamSecurityOps clientParamSercurityOps {};
153 };
154 
155 HWTEST_F(SelinuxUnitTest, TestSelinuxInitLocalLabel, TestSize.Level0)
156 {
157     SelinuxUnitTest test;
158     test.TestSelinuxInitLocalLabel();
159 }
160 
161 HWTEST_F(SelinuxUnitTest, TestSelinuxCheckFilePermission, TestSize.Level0)
162 {
163     SelinuxUnitTest test;
164     test.TestSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
165 }
166 
167 HWTEST_F(SelinuxUnitTest, TestSelinuxCheckParaPermission, TestSize.Level0)
168 {
169     SelinuxUnitTest test;
170     test.TestSelinuxCheckParaPermission("aaa.bbb.bbb.ccc", "user:group1:r");
171 }
172 
173 HWTEST_F(SelinuxUnitTest, TestClientDacCheckFilePermission, TestSize.Level0)
174 {
175     SelinuxUnitTest test;
176     test.TestClientSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
177 }
178 
179 HWTEST_F(SelinuxUnitTest, TestClientDacCheckParaPermission, TestSize.Level0)
180 {
181     SelinuxUnitTest test;
182     test.TestClientSelinuxCheckParaPermissionWrite("aaa.bbb.bbb.ccc", "user:group1:r");
183     test.TestClientSelinuxCheckParaPermissionRead("aaa.bbb.bbb.ccc", "user:group1:r");
184 }
185 }