• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include <gtest/gtest.h>
16 
17 #include "param_manager.h"
18 #include "param_security.h"
19 #include "param_stub.h"
20 #include "param_utils.h"
21 #include "securec.h"
22 
23 using namespace testing::ext;
24 using namespace std;
25 
26 namespace init_ut {
27 class SelinuxUnitTest : public ::testing::Test {
28 public:
SelinuxUnitTest()29     SelinuxUnitTest() {}
~SelinuxUnitTest()30     virtual ~SelinuxUnitTest() {}
31 
SetUp()32     void SetUp()
33     {
34         SetTestPermissionResult(0);
35     }
TearDown()36     void TearDown() {}
TestBody()37     void TestBody() {}
38 
TestSelinuxInitLocalLabel()39     int TestSelinuxInitLocalLabel()
40     {
41         int ret = RegisterSecuritySelinuxOps(nullptr, 0);
42         EXPECT_NE(ret, 0);
43 
44         ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
45         EXPECT_EQ(ret, 0);
46 
47         if (initParamSercurityOps.securityInitLabel == nullptr || initParamSercurityOps.securityFreeLabel == nullptr) {
48             return -1;
49         }
50         ParamSecurityLabel label = {};
51         ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT);
52         EXPECT_EQ(ret, 0);
53         ret = initParamSercurityOps.securityFreeLabel(&label);
54         EXPECT_EQ(ret, 0);
55         return 0;
56     }
57 
TestSelinuxCheckFilePermission(const char * fileName)58     int TestSelinuxCheckFilePermission(const char *fileName)
59     {
60         int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
61         EXPECT_EQ(ret, 0);
62         if (initParamSercurityOps.securityCheckFilePermission == nullptr) {
63             return -1;
64         }
65         ParamSecurityLabel label = {};
66         ret = initParamSercurityOps.securityInitLabel(&label, LABEL_INIT_FOR_INIT);
67         EXPECT_EQ(ret, 0);
68         ret = initParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_WRITE);
69         EXPECT_EQ(ret, 0);
70         ret = initParamSercurityOps.securityFreeLabel(&label);
71         EXPECT_EQ(ret, 0);
72         return 0;
73     }
74 
TestSelinuxCheckParaPermission(const char * name,const char * label)75     int TestSelinuxCheckParaPermission(const char *name, const char *label)
76     {
77         int ret = RegisterSecuritySelinuxOps(&initParamSercurityOps, LABEL_INIT_FOR_INIT);
78         EXPECT_EQ(ret, 0);
79         if (initParamSercurityOps.securityCheckFilePermission == nullptr) {
80             return -1;
81         }
82         ParamSecurityLabel srclabel = {};
83         ret = initParamSercurityOps.securityInitLabel(&srclabel, LABEL_INIT_FOR_INIT);
84         EXPECT_EQ(ret, 0);
85 
86         ret = initParamSercurityOps.securityCheckParamPermission(
87             TestGetParamLabelIndex(name), &srclabel, name, DAC_WRITE);
88         EXPECT_EQ(ret, 0);
89         ret = initParamSercurityOps.securityFreeLabel(&srclabel);
90         EXPECT_EQ(ret, 0);
91         return 0;
92     }
93 
TestClientSelinuxCheckFilePermission(const char * fileName)94     int TestClientSelinuxCheckFilePermission(const char *fileName)
95     {
96         int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
97         EXPECT_EQ(ret, 0);
98         if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
99             EXPECT_EQ(1, 0);
100             return -1;
101         }
102         ParamSecurityLabel label = {};
103         ret = clientParamSercurityOps.securityInitLabel(&label, 0);
104         EXPECT_EQ(ret, 0);
105         ret = clientParamSercurityOps.securityCheckFilePermission(&label, fileName, DAC_READ);
106         EXPECT_EQ(ret, 0);
107         ret = clientParamSercurityOps.securityFreeLabel(&label);
108         EXPECT_EQ(ret, 0);
109         return 0;
110     }
111 
TestClientSelinuxCheckParaPermissionWrite(const char * name,const char * label)112     int TestClientSelinuxCheckParaPermissionWrite(const char *name, const char *label)
113     {
114         int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
115         EXPECT_EQ(ret, 0);
116 
117         if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
118             return -1;
119         }
120         ParamSecurityLabel srclabel = {};
121         ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0);
122         EXPECT_EQ(ret, 0);
123         ret = clientParamSercurityOps.securityCheckParamPermission(
124             TestGetParamLabelIndex(name), &srclabel, name, DAC_WRITE);
125         EXPECT_EQ(ret, 0);
126         ret = clientParamSercurityOps.securityFreeLabel(&srclabel);
127         EXPECT_EQ(ret, 0);
128         return 0;
129     }
130 
TestClientSelinuxCheckParaPermissionRead(const char * name,const char * label)131     int TestClientSelinuxCheckParaPermissionRead(const char *name, const char *label)
132     {
133         int ret = RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
134         EXPECT_EQ(ret, 0);
135         if (clientParamSercurityOps.securityCheckFilePermission == nullptr) {
136             return -1;
137         }
138         ParamSecurityLabel srclabel = {};
139         ret = clientParamSercurityOps.securityInitLabel(&srclabel, 0);
140         EXPECT_EQ(ret, 0);
141         ret = clientParamSercurityOps.securityCheckParamPermission(
142             TestGetParamLabelIndex(name), &srclabel, name, DAC_READ);
143         EXPECT_EQ(ret, 0);
144         ret = clientParamSercurityOps.securityFreeLabel(&srclabel);
145         EXPECT_EQ(ret, 0);
146         uint8_t updateMode = GetParamWorkSpace()->ops.updaterMode;
147         GetParamWorkSpace()->ops.updaterMode = 1; // 1 test updater mode
148         RegisterSecuritySelinuxOps(&clientParamSercurityOps, 0);
149         if (clientParamSercurityOps.securityCheckParamPermission != nullptr) {
150             clientParamSercurityOps.securityCheckParamPermission(TestGetParamLabelIndex(name), nullptr, nullptr, 0);
151         }
152         GetParamWorkSpace()->ops.updaterMode = updateMode;
153         return 0;
154     }
155 
156 private:
157     ParamSecurityOps initParamSercurityOps {};
158     ParamSecurityOps clientParamSercurityOps {};
159 };
160 
161 HWTEST_F(SelinuxUnitTest, TestSelinuxInitLocalLabel, TestSize.Level0)
162 {
163     SelinuxUnitTest test;
164     test.TestSelinuxInitLocalLabel();
165 }
166 
167 HWTEST_F(SelinuxUnitTest, TestSelinuxCheckFilePermission, TestSize.Level0)
168 {
169     SelinuxUnitTest test;
170     test.TestSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
171 }
172 
173 HWTEST_F(SelinuxUnitTest, TestSelinuxCheckParaPermission, TestSize.Level0)
174 {
175     SelinuxUnitTest test;
176     test.TestSelinuxCheckParaPermission("aaa.bbb.bbb.ccc", "user:group1:r");
177 }
178 
179 HWTEST_F(SelinuxUnitTest, TestClientDacCheckFilePermission, TestSize.Level0)
180 {
181     SelinuxUnitTest test;
182     test.TestClientSelinuxCheckFilePermission(STARTUP_INIT_UT_PATH "/trigger_test.cfg");
183 }
184 
185 HWTEST_F(SelinuxUnitTest, TestClientDacCheckParaPermission, TestSize.Level0)
186 {
187     SelinuxUnitTest test;
188     test.TestClientSelinuxCheckParaPermissionWrite("aaa.bbb.bbb.ccc", "user:group1:r");
189     test.TestClientSelinuxCheckParaPermissionRead("aaa.bbb.bbb.ccc", "user:group1:r");
190 }
191 }