1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "unit_test.h"
17 #include "selinux_error.h"
18 #include "service_checker.h"
19 #include "hdf_service_checker.h"
20 #include "test_common.h"
21
22 using namespace testing::ext;
23 using namespace OHOS::Security::SelinuxUnitTest;
24 using namespace Selinux;
25 const static std::string TEST_SERVICE_NAME = "test_service";
26 const static std::string DEFAULT_SERVICE = "default_service";
27 const static std::string DEFAULT_HDF_SERVICE = "default_hdf_service";
28
SetUpTestCase()29 void SelinuxUnitTest::SetUpTestCase()
30 {
31 // make test case clean
32 }
33
TearDownTestCase()34 void SelinuxUnitTest::TearDownTestCase() {}
35
SetUp()36 void SelinuxUnitTest::SetUp() {}
37
TearDown()38 void SelinuxUnitTest::TearDown() {}
39
CreateDataFile() const40 void SelinuxUnitTest::CreateDataFile() const {}
41
42 /**
43 * @tc.name: HdfListServiceCheck001
44 * @tc.desc: HdfListServiceCheck test.
45 * @tc.type: FUNC
46 * @tc.require:AR000GJSDS
47 */
48 HWTEST_F(SelinuxUnitTest, HdfListServiceCheck001, TestSize.Level1)
49 {
50 ASSERT_EQ(-SELINUX_GET_CONTEXT_ERROR, HdfListServiceCheck(-1));
51 ASSERT_EQ(SELINUX_SUCC, HdfListServiceCheck(getpid()));
52 std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { list } for service=hdf_devmgr_class pid=" +
53 std::to_string(getpid()) + "' | grep 'tclass=hdf_devmgr_class'";
54 std::string cmdRes = RunCommand(cmd);
55 ASSERT_TRUE(cmdRes.find("hdf_devmgr_class") != std::string::npos);
56 }
57
58 /**
59 * @tc.name: HdfGetServiceCheck001
60 * @tc.desc: HdfGetServiceCheck test.
61 * @tc.type: FUNC
62 * @tc.require:AR000GJSDS
63 */
64 HWTEST_F(SelinuxUnitTest, HdfGetServiceCheck001, TestSize.Level1)
65 {
66 ASSERT_EQ(-SELINUX_GET_CONTEXT_ERROR, HdfGetServiceCheck(-1, TEST_SERVICE_NAME.c_str()));
67 ASSERT_EQ(-SELINUX_PTR_NULL, HdfGetServiceCheck(getpid(), nullptr));
68 ASSERT_EQ(SELINUX_SUCC, HdfGetServiceCheck(getpid(), TEST_SERVICE_NAME.c_str()));
69 std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { get } for service=" + TEST_SERVICE_NAME +
70 " pid=" + std::to_string(getpid()) + "' | grep 'tclass=hdf_devmgr_class'";
71 std::string cmdRes = RunCommand(cmd);
72 ASSERT_TRUE(cmdRes.find(TEST_SERVICE_NAME) != std::string::npos);
73 }
74
75 /**
76 * @tc.name: HdfAddServiceCheck001
77 * @tc.desc: HdfAddServiceCheck test.
78 * @tc.type: FUNC
79 * @tc.require:AR000GJSDS
80 */
81 HWTEST_F(SelinuxUnitTest, HdfAddServiceCheck001, TestSize.Level1)
82 {
83 ASSERT_EQ(-SELINUX_GET_CONTEXT_ERROR, HdfAddServiceCheck(-1, TEST_SERVICE_NAME.c_str()));
84 ASSERT_EQ(-SELINUX_PTR_NULL, HdfAddServiceCheck(getpid(), nullptr));
85 ASSERT_EQ(SELINUX_SUCC, HdfAddServiceCheck(getpid(), TEST_SERVICE_NAME.c_str()));
86 std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { add } for service=" + TEST_SERVICE_NAME +
87 " pid=" + std::to_string(getpid()) + "' | grep 'tclass=hdf_devmgr_class'";
88 std::string cmdRes = RunCommand(cmd);
89 ASSERT_TRUE(cmdRes.find(TEST_SERVICE_NAME) != std::string::npos);
90 }
91
92 /**
93 * @tc.name: ListServiceCheck001
94 * @tc.desc: ListServiceCheck test.
95 * @tc.type: FUNC
96 * @tc.require:AR000GJSDS
97 */
98 HWTEST_F(SelinuxUnitTest, ListServiceCheck001, TestSize.Level1)
99 {
100 ServiceChecker service(false);
101 ASSERT_EQ(-SELINUX_GET_CONTEXT_ERROR, service.ListServiceCheck(-1));
102 ASSERT_EQ(SELINUX_SUCC, service.ListServiceCheck(getpid()));
103 std::string cmd =
104 "hilog -T Selinux -x | grep 'avc: denied { list } for service=samgr_class pid=" + std::to_string(getpid()) +
105 "' | grep 'tclass=samgr_class'";
106 std::string cmdRes = RunCommand(cmd);
107 ASSERT_TRUE(cmdRes.find("samgr_class") != std::string::npos);
108 }
109
110 /**
111 * @tc.name: GetServiceCheck001
112 * @tc.desc: GetServiceCheck test.
113 * @tc.type: FUNC
114 * @tc.require:AR000GJSDS
115 */
116 HWTEST_F(SelinuxUnitTest, GetServiceCheck001, TestSize.Level1)
117 {
118 ServiceChecker service(false);
119 ASSERT_EQ(-SELINUX_GET_CONTEXT_ERROR, service.GetServiceCheck(-1, TEST_SERVICE_NAME));
120 ASSERT_EQ(-SELINUX_ARG_INVALID, service.GetServiceCheck(getpid(), ""));
121 ASSERT_EQ(SELINUX_SUCC, service.GetServiceCheck(getpid(), TEST_SERVICE_NAME));
122 std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { get } for service=" + TEST_SERVICE_NAME +
123 " pid=" + std::to_string(getpid()) + "' | grep 'tclass=samgr_class'";
124 std::string cmdRes = RunCommand(cmd);
125 ASSERT_TRUE(cmdRes.find(TEST_SERVICE_NAME) != std::string::npos);
126 }
127
128 /**
129 * @tc.name: GetRemoteServiceCheck001
130 * @tc.desc: GetRemoteServiceCheck test.
131 * @tc.type: FUNC
132 * @tc.require:AR000GJSDS
133 */
134 HWTEST_F(SelinuxUnitTest, GetRemoteServiceCheck001, TestSize.Level1)
135 {
136 ServiceChecker service(false);
137 ASSERT_EQ(-SELINUX_GET_CONTEXT_ERROR, service.GetRemoteServiceCheck(-1, TEST_SERVICE_NAME));
138 ASSERT_EQ(-SELINUX_ARG_INVALID, service.GetRemoteServiceCheck(getpid(), ""));
139 ASSERT_EQ(SELINUX_SUCC, service.GetRemoteServiceCheck(getpid(), TEST_SERVICE_NAME));
140 std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { get_remote } for service=" + TEST_SERVICE_NAME +
141 " pid=" + std::to_string(getpid()) + "' | grep 'tclass=samgr_class'";
142 std::string cmdRes = RunCommand(cmd);
143 ASSERT_TRUE(cmdRes.find(TEST_SERVICE_NAME) != std::string::npos);
144 }
145
146 /**
147 * @tc.name: AddServiceCheck001
148 * @tc.desc: AddServiceCheck test.
149 * @tc.type: FUNC
150 * @tc.require:AR000GJSDS
151 */
152 HWTEST_F(SelinuxUnitTest, AddServiceCheck001, TestSize.Level1)
153 {
154 ServiceChecker service(false);
155 ASSERT_EQ(-SELINUX_GET_CONTEXT_ERROR, service.AddServiceCheck(-1, TEST_SERVICE_NAME));
156 ASSERT_EQ(-SELINUX_ARG_INVALID, service.AddServiceCheck(getpid(), ""));
157 ASSERT_EQ(SELINUX_SUCC, service.AddServiceCheck(getpid(), TEST_SERVICE_NAME));
158 std::string cmd = "hilog -T Selinux -x | grep 'avc: denied { add } for service=" + TEST_SERVICE_NAME +
159 " pid=" + std::to_string(getpid()) + "' | grep 'tclass=samgr_class'";
160 std::string cmdRes = RunCommand(cmd);
161 ASSERT_TRUE(cmdRes.find(TEST_SERVICE_NAME) != std::string::npos);
162 }
163