1 /* 2 * Copyright (c) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #include <gtest/gtest.h> 16 17 #include "param_manager.h" 18 #include "param_security.h" 19 #include "param_stub.h" 20 #include "param_utils.h" 21 #include "securec.h" 22 23 using namespace testing::ext; 24 using namespace std; 25 26 namespace init_ut { 27 class SelinuxUnitTest : public ::testing::Test { 28 public: SelinuxUnitTest()29 SelinuxUnitTest() {} ~SelinuxUnitTest()30 virtual ~SelinuxUnitTest() {} 31 SetUp()32 void SetUp() 33 { 34 SetTestPermissionResult(0); 35 } TearDown()36 void TearDown() {} TestBody()37 void TestBody() {} 38 TestSelinuxInitLocalLabel()39 int TestSelinuxInitLocalLabel() 40 { 41 int ret = RegisterSecuritySelinuxOps(nullptr, 0); 42 EXPECT_NE(ret, 0); 43 44 ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT); 45 EXPECT_EQ(ret, 0); 46 47 if (initParamSercurityOps.securityInitLabel == nullptr || initParamSercurityOps.securityFreeLabel == nullptr) { 48 return -1; 49 } 50 ParamSecurityLabel label = {}; 51 ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT); 52 EXPECT_EQ(ret, 0); 53 ret = initParamSercurityOps.securityFreeLabel(&label); 54 EXPECT_EQ(ret, 0); 55 return 0; 56 } 57 TestSelinuxCheckFilePermission(const char * fileName)58 int TestSelinuxCheckFilePermission(const char *fileName) 59 { 60 int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT); 61 EXPECT_EQ(ret, 0); 62 if (initParamSercurityOps.securityCheckFilePermission == nullptr) { 63 return -1; 64 } 65 ParamSecurityLabel label = {}; 66 ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT); 67 EXPECT_EQ(ret, 0); 68 ret = initParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_WRITE); 69 EXPECT_EQ(ret, 0); 70 ret = initParamSercurityOps.securityFreeLabel(&label); 71 EXPECT_EQ(ret, 0); 72 return 0; 73 } 74 TestSelinuxCheckParaPermission(const char * name,const char * label)75 int TestSelinuxCheckParaPermission(const char *name, const char *label) 76 { 77 int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT); 78 EXPECT_EQ(ret, 0); 79 if (initParamSercurityOps.securityCheckFilePermission == nullptr) { 80 return -1; 81 } 82 ParamSecurityLabel srclabel = {}; 83 ret = initParamSercurityOps.securityInitLabel(&srclabel, LABEL_INIT_FOR_INIT); 84 EXPECT_EQ(ret, 0); 85 86 ret = initParamSercurityOps.securityCheckParamPermission( 87 TestGetParamLabelIndex(name), &srclabel, name, DAC_WRITE); 88 EXPECT_EQ(ret, 0); 89 ret = initParamSercurityOps.securityFreeLabel(&srclabel); 90 EXPECT_EQ(ret, 0); 91 return 0; 92 } 93 TestClientSelinuxCheckFilePermission(const char * fileName)94 int TestClientSelinuxCheckFilePermission(const char *fileName) 95 { 96 int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0); 97 EXPECT_EQ(ret, 0); 98 if (clientParamSercurityOps.securityCheckFilePermission == nullptr) { 99 EXPECT_EQ(1, 0); 100 return -1; 101 } 102 ParamSecurityLabel label = {}; 103 ret = clientParamSercurityOps.securityInitLabel(&label, 0); 104 EXPECT_EQ(ret, 0); 105 ret = clientParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_READ); 106 EXPECT_EQ(ret, 0); 107 ret = clientParamSercurityOps.securityFreeLabel(&label); 108 EXPECT_EQ(ret, 0); 109 return 0; 110 } 111 TestClientSelinuxCheckParaPermissionWrite(const char * name,const char * label)112 int TestClientSelinuxCheckParaPermissionWrite(const char *name, const char *label) 113 { 114 int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0); 115 EXPECT_EQ(ret, 0); 116 117 if (clientParamSercurityOps.securityCheckFilePermission == nullptr) { 118 return -1; 119 } 120 ParamSecurityLabel srclabel = {}; 121 ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0); 122 EXPECT_EQ(ret, 0); 123 ret = clientParamSercurityOps.securityCheckParamPermission( 124 TestGetParamLabelIndex(name), &srclabel, name, DAC_WRITE); 125 EXPECT_EQ(ret, 0); 126 ret = clientParamSercurityOps.securityFreeLabel(&srclabel); 127 EXPECT_EQ(ret, 0); 128 return 0; 129 } 130 TestClientSelinuxCheckParaPermissionRead(const char * name,const char * label)131 int TestClientSelinuxCheckParaPermissionRead(const char *name, const char *label) 132 { 133 int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0); 134 EXPECT_EQ(ret, 0); 135 if (clientParamSercurityOps.securityCheckFilePermission == nullptr) { 136 return -1; 137 } 138 ParamSecurityLabel srclabel = {}; 139 ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0); 140 EXPECT_EQ(ret, 0); 141 ret = clientParamSercurityOps.securityCheckParamPermission( 142 TestGetParamLabelIndex(name), &srclabel, name, DAC_READ); 143 EXPECT_EQ(ret, 0); 144 ret = clientParamSercurityOps.securityFreeLabel(&srclabel); 145 EXPECT_EQ(ret, 0); 146 uint8_t updateMode = GetParamWorkSpace()->ops.updaterMode; 147 GetParamWorkSpace()->ops.updaterMode = 1; // 1 test updater mode 148 RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0); 149 if (clientParamSercurityOps.securityCheckParamPermission != nullptr) { 150 clientParamSercurityOps.securityCheckParamPermission(TestGetParamLabelIndex(name), nullptr, nullptr, 0); 151 } 152 GetParamWorkSpace()->ops.updaterMode = updateMode; 153 return 0; 154 } 155 156 private: 157 ParamSecurityOps initParamSercurityOps {}; 158 ParamSecurityOps clientParamSercurityOps {}; 159 }; 160 161 HWTEST_F(SelinuxUnitTest, TestSelinuxInitLocalLabel, TestSize.Level0) 162 { 163 SelinuxUnitTest test; 164 test.TestSelinuxInitLocalLabel(); 165 } 166 167 HWTEST_F(SelinuxUnitTest, TestSelinuxCheckFilePermission, TestSize.Level0) 168 { 169 SelinuxUnitTest test; 170 test.TestSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg"); 171 } 172 173 HWTEST_F(SelinuxUnitTest, TestSelinuxCheckParaPermission, TestSize.Level0) 174 { 175 SelinuxUnitTest test; 176 test.TestSelinuxCheckParaPermission("aaa.bbb.bbb.ccc", "user:group1:r"); 177 } 178 179 HWTEST_F(SelinuxUnitTest, TestClientDacCheckFilePermission, TestSize.Level0) 180 { 181 SelinuxUnitTest test; 182 test.TestClientSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg"); 183 } 184 185 HWTEST_F(SelinuxUnitTest, TestClientDacCheckParaPermission, TestSize.Level0) 186 { 187 SelinuxUnitTest test; 188 test.TestClientSelinuxCheckParaPermissionWrite("aaa.bbb.bbb.ccc", "user:group1:r"); 189 test.TestClientSelinuxCheckParaPermissionRead("aaa.bbb.bbb.ccc", "user:group1:r"); 190 } 191 }