1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17
18 #include "iservice_registry.h"
19 #include "system_ability_definition.h"
20
21 #define private public
22 #include "firewall_manager.h"
23 #undef private
24 #include "iptables_type.h"
25 #include "net_manager_constants.h"
26 #include "netnative_log_wrapper.h"
27
28 namespace OHOS {
29 namespace NetsysNative {
30 using namespace testing::ext;
31 using namespace nmd;
32 using namespace NetManagerStandard;
33 std::shared_ptr<FirewallManager> g_firewallManager = nullptr;
34 class FirewallManagerTest : public testing::Test {
35 public:
36 static void SetUpTestCase();
37 static void TearDownTestCase();
38 void SetUp();
39 void TearDown();
40 };
41
SetUpTestCase()42 void FirewallManagerTest::SetUpTestCase()
43 {
44 g_firewallManager = std::make_shared<FirewallManager>();
45 }
46
TearDownTestCase()47 void FirewallManagerTest::TearDownTestCase() {}
48
SetUp()49 void FirewallManagerTest::SetUp() {}
50
TearDown()51 void FirewallManagerTest::TearDown() {}
52
53 /**
54 * @tc.name: FirewallManagerInnerFunctionTest
55 * @tc.desc: Test FirewallManager FirewallManagerInnerFunctionTest.
56 * @tc.type: FUNC
57 */
58 HWTEST_F(FirewallManagerTest, FirewallManagerInnerFunctionTest, TestSize.Level1)
59 {
60 if (g_firewallManager == nullptr) {
61 return;
62 }
63 if (!g_firewallManager->chainInitFlag_) {
64 int32_t ret = g_firewallManager->InitChain();
65 EXPECT_EQ(ret, NetManagerStandard::NETMANAGER_SUCCESS);
66 ret = g_firewallManager->InitDefaultRules();
67 EXPECT_EQ(ret, NetManagerStandard::NETMANAGER_SUCCESS);
68 }
69 ChainType chain = ChainType::CHAIN_OHFW_DOZABLE;
70 FirewallType fwType = g_firewallManager->FetchChainType(chain);
71 EXPECT_EQ((fwType == FirewallType::TYPE_ALLOWED_LIST), true);
72
73 chain = ChainType::CHAIN_OHFW_UNDOZABLE;
74 fwType = g_firewallManager->FetchChainType(chain);
75 EXPECT_EQ((fwType == FirewallType::TYPE_DENIDE_LIST), true);
76
77 chain = ChainType::CHAIN_NONE;
78 fwType = g_firewallManager->FetchChainType(chain);
79 EXPECT_EQ((fwType == FirewallType::TYPE_ALLOWED_LIST), true);
80
81 int32_t ret = g_firewallManager->DeInitChain();
82 EXPECT_EQ(ret, NetManagerStandard::NETMANAGER_SUCCESS);
83 }
84
85 /**
86 * @tc.name: IsFirewallChian1
87 * @tc.desc: Test FirewallManager IsFirewallChian1.
88 * @tc.type: FUNC
89 */
90 HWTEST_F(FirewallManagerTest, IsFirewallChian1, TestSize.Level1)
91 {
92 int32_t ret = g_firewallManager->IsFirewallChian(ChainType::CHAIN_OHFW_DOZABLE);
93 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
94 }
95
96 /**
97 * @tc.name: IsFirewallChian2
98 * @tc.desc: Test FirewallManager IsFirewallChian2.
99 * @tc.type: FUNC
100 */
101 HWTEST_F(FirewallManagerTest, IsFirewallChian2, TestSize.Level1)
102 {
103 int32_t ret = g_firewallManager->IsFirewallChian(ChainType::CHAIN_OHFW_FORWARD);
104 EXPECT_EQ(ret, NETMANAGER_ERROR);
105 }
106
107 /**
108 * @tc.name: IsFirewallChian3
109 * @tc.desc: Test FirewallManager IsFirewallChian3.
110 * @tc.type: FUNC
111 */
112 HWTEST_F(FirewallManagerTest, IsFirewallChian3, TestSize.Level1)
113 {
114 int32_t ret = g_firewallManager->IsFirewallChian(ChainType::CHAIN_OHFW_POWERSAVING);
115 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
116 }
117
118 /**
119 * @tc.name: IsFirewallChian4
120 * @tc.desc: Test FirewallManager IsFirewallChian4.
121 * @tc.type: FUNC
122 */
123 HWTEST_F(FirewallManagerTest, IsFirewallChian4, TestSize.Level1)
124 {
125 int32_t ret = g_firewallManager->IsFirewallChian(ChainType::CHAIN_OHFW_UNDOZABLE);
126 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
127 }
128
129 /**
130 * @tc.name: IsFirewallChian5
131 * @tc.desc: Test FirewallManager IsFirewallChian5.
132 * @tc.type: FUNC
133 */
134 HWTEST_F(FirewallManagerTest, IsFirewallChian5, TestSize.Level1)
135 {
136 int32_t ret = g_firewallManager->IsFirewallChian(ChainType::CHAIN_OHFW_ALLOWED_LIST_BOX);
137 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
138 }
139
140 /**
141 * @tc.name: FetchChainName
142 * @tc.desc: Test FirewallManager FetchChainName.
143 * @tc.type: FUNC
144 */
145 HWTEST_F(FirewallManagerTest, FetchChainName, TestSize.Level1)
146 {
147 std::string ret = g_firewallManager->FetchChainName(ChainType::CHAIN_OHFW_INPUT);
148 EXPECT_EQ(ret, "ohfw_INPUT");
149 ret = g_firewallManager->FetchChainName(ChainType::CHAIN_OHFW_OUTPUT);
150 EXPECT_EQ(ret, "ohfw_OUTPUT");
151 ret = g_firewallManager->FetchChainName(ChainType::CHAIN_OHFW_FORWARD);
152 EXPECT_EQ(ret, "ohfw_FORWARD");
153 ret = g_firewallManager->FetchChainName(ChainType::CHAIN_OHFW_DOZABLE);
154 EXPECT_EQ(ret, "ohfw_dozable");
155 ret = g_firewallManager->FetchChainName(ChainType::CHAIN_OHFW_ALLOWED_LIST_BOX);
156 EXPECT_EQ(ret, "ohfw_allowed_list_box");
157 ret = g_firewallManager->FetchChainName(ChainType::CHAIN_OHFW_POWERSAVING);
158 EXPECT_EQ(ret, "ohfw_powersaving");
159 ret = g_firewallManager->FetchChainName(ChainType::CHAIN_OHFW_UNDOZABLE);
160 EXPECT_EQ(ret, "ohfw_undozable");
161 ret = g_firewallManager->FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER);
162 EXPECT_EQ(ret, "oh_unusable");
163 }
164
165 /**
166 * @tc.name: FetchChainType
167 * @tc.desc: Test FirewallManager FetchChainType.
168 * @tc.type: FUNC
169 */
170 HWTEST_F(FirewallManagerTest, FetchChainType1, TestSize.Level1)
171 {
172 FirewallType type = g_firewallManager->FetchChainType(ChainType::CHAIN_OHFW_DOZABLE);
173 EXPECT_EQ(type, FirewallType::TYPE_ALLOWED_LIST);
174 }
175
176 /**
177 * @tc.name: FetchChainType
178 * @tc.desc: Test FirewallManager FetchChainType.
179 * @tc.type: FUNC
180 */
181 HWTEST_F(FirewallManagerTest, FetchChainType2, TestSize.Level1)
182 {
183 FirewallType type = g_firewallManager->FetchChainType(ChainType::CHAIN_OHFW_POWERSAVING);
184 EXPECT_EQ(type, FirewallType::TYPE_ALLOWED_LIST);
185 }
186
187 /**
188 * @tc.name: FetchChainType
189 * @tc.desc: Test FirewallManager FetchChainType.
190 * @tc.type: FUNC
191 */
192 HWTEST_F(FirewallManagerTest, FetchChainType3, TestSize.Level1)
193 {
194 FirewallType type = g_firewallManager->FetchChainType(ChainType::CHAIN_OHFW_UNDOZABLE);
195 EXPECT_EQ(type, FirewallType::TYPE_DENIDE_LIST);
196 }
197
198 /**
199 * @tc.name: FetchChainType
200 * @tc.desc: Test FirewallManager FetchChainType.
201 * @tc.type: FUNC
202 */
203 HWTEST_F(FirewallManagerTest, FetchChainType4, TestSize.Level1)
204 {
205 FirewallType type = g_firewallManager->FetchChainType(ChainType::CHAIN_OHBW_DATA_SAVER);
206 EXPECT_EQ(type, FirewallType::TYPE_ALLOWED_LIST);
207 }
208
209 /**
210 * @tc.name: InitChain
211 * @tc.desc: Test FirewallManager InitChain.
212 * @tc.type: FUNC
213 */
214 HWTEST_F(FirewallManagerTest, InitChain, TestSize.Level1)
215 {
216 int32_t ret = g_firewallManager->InitChain();
217 EXPECT_EQ(ret, NetManagerStandard::NETMANAGER_SUCCESS);
218
219 int32_t ret2 = g_firewallManager->DeInitChain();
220 EXPECT_EQ(ret2, NetManagerStandard::NETMANAGER_SUCCESS);
221 }
222
223 /**
224 * @tc.name: InitDefaultRules
225 * @tc.desc: Test FirewallManager InitDefaultRules.
226 * @tc.type: FUNC
227 */
228 HWTEST_F(FirewallManagerTest, InitDefaultRules, TestSize.Level1)
229 {
230 int32_t ret = g_firewallManager->InitDefaultRules();
231 EXPECT_EQ(ret, NetManagerStandard::NETMANAGER_SUCCESS);
232
233 int32_t ret2 = g_firewallManager->ClearAllRules();
234 EXPECT_EQ(ret2, NetManagerStandard::NETMANAGER_SUCCESS);
235 }
236
237 /**
238 * @tc.name: InitDefaultRules
239 * @tc.desc: Test FirewallManager InitDefaultRules.
240 * @tc.type: FUNC
241 */
242 HWTEST_F(FirewallManagerTest, IptablesNewChain, TestSize.Level1)
243 {
244 ChainType type = ChainType::CHAIN_OHFW_UNDOZABLE;
245 int32_t ret = g_firewallManager->IptablesNewChain(type);
246 EXPECT_EQ(ret, NetManagerStandard::NETMANAGER_SUCCESS);
247 }
248
249 /**
250 * @tc.name: IptablesSetRule
251 * @tc.desc: Test FirewallManager IptablesSetRule.
252 * @tc.type: FUNC
253 */
254 HWTEST_F(FirewallManagerTest, IptablesSetRule, TestSize.Level1)
255 {
256 std::string chainName = g_firewallManager->FetchChainName(ChainType::CHAIN_OHFW_INPUT);
257 std::string option = "-A";
258 std::string target = "DROP";
259 uint32_t uid = 150000;
260 int32_t ret = g_firewallManager->IptablesSetRule(chainName, option, target, uid);
261 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
262 }
263
264 /**
265 * @tc.name: SetUidsAllowedListChain1
266 * @tc.desc: Test FirewallManager SetUidsAllowedListChain1.
267 * @tc.type: FUNC
268 */
269 HWTEST_F(FirewallManagerTest, SetUidsAllowedListChain1, TestSize.Level1)
270 {
271 std::vector<uint32_t> uids;
272 uids.push_back(150000);
273 int32_t ret = g_firewallManager->SetUidsAllowedListChain(ChainType::CHAIN_OHBW_DATA_SAVER, uids);
274 EXPECT_EQ(ret, NETMANAGER_ERROR);
275 }
276
277 /**
278 * @tc.name: SetUidsAllowedListChain2
279 * @tc.desc: Test FirewallManager SetUidsAllowedListChain2.
280 * @tc.type: FUNC
281 */
282 HWTEST_F(FirewallManagerTest, SetUidsAllowedListChain2, TestSize.Level1)
283 {
284 std::vector<uint32_t> uids;
285 uids.push_back(150000);
286 int32_t ret = g_firewallManager->SetUidsAllowedListChain(ChainType::CHAIN_OHFW_DOZABLE, uids);
287 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
288 }
289
290 /**
291 * @tc.name: SetUidsDeniedListChain1
292 * @tc.desc: Test FirewallManager SetUidsDeniedListChain1.
293 * @tc.type: FUNC
294 */
295 HWTEST_F(FirewallManagerTest, SetUidsDeniedListChain1, TestSize.Level1)
296 {
297 std::vector<uint32_t> uids;
298 uids.push_back(150000);
299 int32_t ret = g_firewallManager->SetUidsDeniedListChain(ChainType::CHAIN_OHBW_DATA_SAVER, uids);
300 EXPECT_EQ(ret, NETMANAGER_ERROR);
301 }
302
303 /**
304 * @tc.name: SetUidsDeniedListChain2
305 * @tc.desc: Test FirewallManager SetUidsDeniedListChain2.
306 * @tc.type: FUNC
307 */
308 HWTEST_F(FirewallManagerTest, SetUidsDeniedListChain2, TestSize.Level1)
309 {
310 std::vector<uint32_t> uids;
311 uids.push_back(150000);
312 int32_t ret = g_firewallManager->SetUidsDeniedListChain(ChainType::CHAIN_OHFW_UNDOZABLE, uids);
313 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
314 }
315
316 /**
317 * @tc.name: EnableChain1
318 * @tc.desc: Test FirewallManager EnableChain1.
319 * @tc.type: FUNC
320 */
321 HWTEST_F(FirewallManagerTest, EnableChain1, TestSize.Level1)
322 {
323 int32_t ret = g_firewallManager->EnableChain(ChainType::CHAIN_OHFW_FORWARD, false);
324 EXPECT_EQ(ret, NETMANAGER_ERROR);
325 }
326
327 /**
328 * @tc.name: EnableChain2
329 * @tc.desc: Test FirewallManager EnableChain2.
330 * @tc.type: FUNC
331 */
332 HWTEST_F(FirewallManagerTest, EnableChain2, TestSize.Level1)
333 {
334 g_firewallManager->EnableChain(ChainType::CHAIN_OHFW_UNDOZABLE, false);
335 int32_t ret = g_firewallManager->EnableChain(ChainType::CHAIN_OHFW_UNDOZABLE, true);
336 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
337 }
338
339 /**
340 * @tc.name: EnableChain3
341 * @tc.desc: Test FirewallManager EnableChain3.
342 * @tc.type: FUNC
343 */
344 HWTEST_F(FirewallManagerTest, EnableChain3, TestSize.Level1)
345 {
346 int32_t ret = g_firewallManager->EnableChain(ChainType::CHAIN_OHFW_UNDOZABLE, false);
347 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
348 }
349
350 /**
351 * @tc.name: EnableChain4
352 * @tc.desc: Test FirewallManager EnableChain4.
353 * @tc.type: FUNC
354 */
355 HWTEST_F(FirewallManagerTest, EnableChain4, TestSize.Level1)
356 {
357 int32_t ret = g_firewallManager->EnableChain(ChainType::CHAIN_OHFW_UNDOZABLE, false);
358 EXPECT_EQ(ret, NETMANAGER_ERROR);
359 }
360
361 /**
362 * @tc.name: SetUidRule1
363 * @tc.desc: Test FirewallManager SetUidRule1.
364 * @tc.type: FUNC
365 */
366 HWTEST_F(FirewallManagerTest, SetUidRule1, TestSize.Level1)
367 {
368 uint32_t uid = 150000;
369 int32_t ret = g_firewallManager->SetUidRule(ChainType::CHAIN_FORWARD, uid, FirewallRule::RULE_DENY);
370 EXPECT_EQ(ret, NETMANAGER_ERROR);
371 }
372
373 /**
374 * @tc.name: SetUidRule2
375 * @tc.desc: Test FirewallManager SetUidRule2.
376 * @tc.type: FUNC
377 */
378 HWTEST_F(FirewallManagerTest, SetUidRule2, TestSize.Level1)
379 {
380 uint32_t uid = 150000;
381 int32_t ret = g_firewallManager->SetUidRule(ChainType::CHAIN_OHFW_DOZABLE, uid, FirewallRule::RULE_DENY);
382 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
383 }
384
385 /**
386 * @tc.name: SetUidRule3
387 * @tc.desc: Test FirewallManager SetUidRule3.
388 * @tc.type: FUNC
389 */
390 HWTEST_F(FirewallManagerTest, SetUidRule3, TestSize.Level1)
391 {
392 uint32_t uid = 150000;
393 int32_t ret = g_firewallManager->SetUidRule(ChainType::CHAIN_OHFW_DOZABLE, uid, FirewallRule::RULE_ALLOW);
394 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
395 }
396
397 /**
398 * @tc.name: SetUidRule4
399 * @tc.desc: Test FirewallManager SetUidRule4.
400 * @tc.type: FUNC
401 */
402 HWTEST_F(FirewallManagerTest, SetUidRule4, TestSize.Level1)
403 {
404 uint32_t uid = 160000;
405 int32_t ret = g_firewallManager->SetUidRule(ChainType::CHAIN_OHFW_UNDOZABLE, uid, FirewallRule::RULE_DENY);
406 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
407 }
408
409 /**
410 * @tc.name: SetUidRule5
411 * @tc.desc: Test FirewallManager SetUidRule5.
412 * @tc.type: FUNC
413 */
414 HWTEST_F(FirewallManagerTest, SetUidRule5, TestSize.Level1)
415 {
416 uint32_t uid = 160000;
417 int32_t ret = g_firewallManager->SetUidRule(ChainType::CHAIN_OHFW_UNDOZABLE, uid, FirewallRule::RULE_ALLOW);
418 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
419 }
420
421 /**
422 * @tc.name: ClearAllRules
423 * @tc.desc: Test FirewallManager ClearAllRules.
424 * @tc.type: FUNC
425 */
426 HWTEST_F(FirewallManagerTest, ClearAllRules, TestSize.Level1)
427 {
428 int32_t ret = g_firewallManager->ClearAllRules();
429 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
430 }
431 } // namespace NetsysNative
432 } // namespace OHOS