1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <gmock/gmock.h>
16 #include <gtest/gtest.h>
17
18 #include "domain_chain_rule.h"
19 #include "firewall_rule.h"
20 #include "iptables_manager_test.h"
21
22 #define private public
23 #define protected public
24 #include "executer_factory.h"
25 #include "rule_utils.h"
26 #undef protected
27 #undef private
28
29 using namespace testing::ext;
30 using namespace testing;
31 using namespace OHOS::EDM::IPTABLES;
32
33 using ::testing::Return;
34 using ::testing::DoAll;
35 using ::testing::SetArgReferee;
36 using ::testing::Invoke;
37
38 namespace OHOS {
39 namespace EDM {
40 namespace IPTABLES {
41 namespace TEST {
42
SetUp()43 void IptablesManagerTest::SetUp()
44 {
45 executerUtilsMock = std::make_shared<ExecuterUtilsMock>();
46 ExecuterUtils::instance_ = executerUtilsMock;
47
48 iptablesManager = IptablesManager::GetInstance();
49 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
50 iptablesManager->Init();
51 }
52
TearDown()53 void IptablesManagerTest::TearDown()
54 {
55 ExecuterUtils::instance_ = nullptr;
56 ExecuterFactory::instance_ = nullptr;
57 IptablesManager::instance_ = nullptr;
58 }
59
60 /**
61 * @tc.name: TestInit
62 * @tc.desc: Test Init func.
63 * @tc.type: FUNC
64 */
65 HWTEST_F(IptablesManagerTest, TestInit, TestSize.Level1)
66 {
67 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
68 iptablesManager->Init();
69 EXPECT_EQ(iptablesManager->HasInit(), true);
70 }
71
72 /**
73 * @tc.name: TestAddFilewallSuccess
74 * @tc.desc: Test AddFilewall func success.
75 * @tc.type: FUNC
76 */
77 HWTEST_F(IptablesManagerTest, TestAddFilewallSuccess, TestSize.Level1)
78 {
79 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
80
81 std::vector<FirewallRule> validRules{
82 {Direction::INPUT, Action::DENY, Protocol::UDP, "192.168.2.100", "192.168.2.200", "80", "90", ""},
83 {Direction::INPUT, Action::REJECT, Protocol::UDP, "192.168.2.100", "192.168.2.200", "80", "90", ""},
84 {Direction::INPUT, Action::ALLOW, Protocol::TCP, "192.168.2.100", "", "", "", ""},
85 {Direction::OUTPUT, Action::DENY, Protocol::ICMP, "", "", "", "", ""},
86 {Direction::OUTPUT, Action::REJECT, Protocol::ICMP, "", "", "", "", ""},
87 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "192.168.1.1", "", "", "", ""},
88 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "192.168.1.1/20", "", "", "", ""},
89 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "", "192.168.1.1", "", "", ""},
90 {Direction::OUTPUT, Action::DENY, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
91 {Direction::OUTPUT, Action::REJECT, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
92 {Direction::FORWARD, Action::DENY, Protocol::ICMP, "", "", "", "", ""},
93 {Direction::FORWARD, Action::REJECT, Protocol::ICMP, "", "", "", "", ""},
94 {Direction::FORWARD, Action::ALLOW, Protocol::INVALID, "192.168.1.1", "", "", "", ""},
95 {Direction::FORWARD, Action::ALLOW, Protocol::INVALID, "192.168.1.1/20", "", "", "", ""},
96 {Direction::FORWARD, Action::ALLOW, Protocol::INVALID, "", "192.168.1.1", "", "", ""},
97 {Direction::FORWARD, Action::DENY, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
98 {Direction::FORWARD, Action::REJECT, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
99 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "80", "", ""},
100 {Direction::INPUT, Action::DENY, Protocol::INVALID, "", "", "80:90", "", ""},
101 {Direction::INPUT, Action::REJECT, Protocol::INVALID, "", "", "80:90", "", ""},
102 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "80,90", "99", ""},
103 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "901", ""},
104 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "901:1000", ""},
105 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "901,1000", ""},
106 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "", "5555"}};
107 for (const auto &item : validRules) {
108 FirewallRuleParcel validFirewallRule{item};
109 ErrCode ret = iptablesManager->AddFirewallRule(validFirewallRule);
110 EXPECT_EQ(ret, ERR_OK);
111 }
112 }
113
114 /**
115 * @tc.name: TestAddFilewallFail
116 * @tc.desc: Test AddFilewall func fail.
117 * @tc.type: FUNC
118 */
119 HWTEST_F(IptablesManagerTest, TestAddFilewallFail, TestSize.Level1)
120 {
121 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
122
123 std::vector<FirewallRule> invalidRules{
124 {Direction::INPUT, Action::INVALID, Protocol::INVALID, "", "", "", "", "9999"},
125 {Direction::FORWARD, Action::INVALID, Protocol::INVALID, "", "", "", "", "9999"},
126 {Direction::INPUT, Action::ALLOW, Protocol::ALL, "", "", "80", "", ""},
127 {Direction::INPUT, Action::ALLOW, Protocol::ALL, "", "", "", "90", ""},
128 {Direction::INPUT, Action::INVALID, Protocol::INVALID, "192.168.1.1", "", "", "", ""},
129 {Direction::OUTPUT, Action::INVALID, Protocol::INVALID, "", "192.168.1.1", "", "", ""},
130 {Direction::FORWARD, Action::INVALID, Protocol::INVALID, "", "192.168.1.1", "", "", ""},
131 {Direction::INVALID, Action::ALLOW, Protocol::INVALID, "192.168.1.1", "192.168.2.1", "", "", ""},
132 {Direction::INVALID, Action::DENY, Protocol::INVALID, "192.168.1.1", "192.168.2.1", "", "", ""},
133 {Direction::INVALID, Action::REJECT, Protocol::INVALID, "192.168.1.1", "192.168.2.1", "", "", ""}};
134 for (const auto &item : invalidRules) {
135 FirewallRuleParcel invalidFirewallRule{item};
136 ErrCode ret = iptablesManager->RemoveFirewallRule(invalidFirewallRule);
137 EXPECT_EQ(ret, EdmReturnErrCode::PARAM_ERROR);
138 }
139 }
140
141 /**
142 * @tc.name: TestAddFilewallError
143 * @tc.desc: Test AddFilewall func error.
144 * @tc.type: FUNC
145 */
146 HWTEST_F(IptablesManagerTest, TestAddFilewallError, TestSize.Level1)
147 {
148 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
149
150 ExecuterFactory::instance_ = std::make_shared<ExecuterFactory>();
151
152 std::vector<FirewallRule> validRules{
153 {Direction::INPUT, Action::DENY, Protocol::UDP, "192.168.2.100", "192.168.2.200", "80", "90", ""},
154 {Direction::INPUT, Action::REJECT, Protocol::UDP, "192.168.2.100", "192.168.2.200", "80", "90", ""},
155 {Direction::INPUT, Action::ALLOW, Protocol::TCP, "192.168.2.100", "", "", "", ""},
156 {Direction::OUTPUT, Action::DENY, Protocol::ICMP, "", "", "", "", ""},
157 {Direction::OUTPUT, Action::REJECT, Protocol::ICMP, "", "", "", "", ""},
158 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "192.168.1.1", "", "", "", ""},
159 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "192.168.1.1/20", "", "", "", ""},
160 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "", "192.168.1.1", "", "", ""},
161 {Direction::OUTPUT, Action::DENY, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
162 {Direction::OUTPUT, Action::REJECT, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
163 {Direction::FORWARD, Action::DENY, Protocol::ICMP, "", "", "", "", ""},
164 {Direction::FORWARD, Action::REJECT, Protocol::ICMP, "", "", "", "", ""},
165 {Direction::FORWARD, Action::ALLOW, Protocol::INVALID, "192.168.1.1", "", "", "", ""},
166 {Direction::FORWARD, Action::ALLOW, Protocol::INVALID, "192.168.1.1/20", "", "", "", ""},
167 {Direction::FORWARD, Action::ALLOW, Protocol::INVALID, "", "192.168.1.1", "", "", ""},
168 {Direction::FORWARD, Action::DENY, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
169 {Direction::FORWARD, Action::REJECT, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
170 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "80", "", ""},
171 {Direction::INPUT, Action::DENY, Protocol::INVALID, "", "", "80-90", "", ""},
172 {Direction::INPUT, Action::REJECT, Protocol::INVALID, "", "", "80-90", "", ""},
173 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "80,90", "", ""},
174 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "901", ""},
175 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "901-1000", ""},
176 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "901,1000", ""},
177 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "", "5555"}};
178 for (const auto &item : validRules) {
179 FirewallRuleParcel validFirewallRule{item};
180 ErrCode ret = iptablesManager->AddFirewallRule(validFirewallRule);
181 EXPECT_EQ(ret, EdmReturnErrCode::SYSTEM_ABNORMALLY);
182 }
183 }
184
185 /**
186 * @tc.name: TestAddFilewallParamError
187 * @tc.desc: Test AddFilewall func param error.
188 * @tc.type: FUNC
189 */
190 HWTEST_F(IptablesManagerTest, TestAddFilewallParamError, TestSize.Level1)
191 {
192 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
193
194 ExecuterFactory::instance_ = std::make_shared<ExecuterFactory>();
195
196 std::vector<FirewallRule> validRules{
197 {Direction::OUTPUT, Action::INVALID, Protocol::INVALID, "", "", "", "", "5555"},
198 {Direction::FORWARD, Action::INVALID, Protocol::INVALID, "", "", "", "", "5555"},
199 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "901,1000", "123"}};
200 for (const auto &item : validRules) {
201 FirewallRuleParcel validFirewallRule{item};
202 ErrCode ret = iptablesManager->AddFirewallRule(validFirewallRule);
203 EXPECT_EQ(ret, EdmReturnErrCode::PARAM_ERROR);
204 }
205 }
206
207 /**
208 * @tc.name: TestRemoveFilewallSuccess
209 * @tc.desc: Test RemoveFilewall func success.
210 * @tc.type: FUNC
211 */
212 HWTEST_F(IptablesManagerTest, TestRemoveFilewallSuccess, TestSize.Level1)
213 {
214 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
215
216 std::vector<FirewallRule> validRules{{Direction::INVALID, Action::INVALID, Protocol::INVALID, "", "", "", "", ""},
217 {Direction::INPUT, Action::DENY, Protocol::UDP, "192.168.2.100", "192.168.2.200", "80", "90", ""},
218 {Direction::INPUT, Action::REJECT, Protocol::UDP, "192.168.2.100", "192.168.2.200", "80", "90", ""},
219 {Direction::INPUT, Action::ALLOW, Protocol::TCP, "192.168.2.100", "", "", "", ""},
220 {Direction::OUTPUT, Action::DENY, Protocol::ICMP, "", "", "", "", ""},
221 {Direction::OUTPUT, Action::REJECT, Protocol::ICMP, "", "", "", "", ""},
222 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "192.168.1.1", "", "", "", ""},
223 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "192.168.1.1/20", "", "", "", ""},
224 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "", "192.168.1.1", "", "", ""},
225 {Direction::OUTPUT, Action::DENY, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
226 {Direction::OUTPUT, Action::REJECT, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
227 {Direction::FORWARD, Action::DENY, Protocol::ICMP, "", "", "", "", ""},
228 {Direction::FORWARD, Action::REJECT, Protocol::ICMP, "", "", "", "", ""},
229 {Direction::FORWARD, Action::ALLOW, Protocol::INVALID, "192.168.1.1", "", "", "", ""},
230 {Direction::FORWARD, Action::ALLOW, Protocol::INVALID, "192.168.1.1/20", "", "", "", ""},
231 {Direction::FORWARD, Action::ALLOW, Protocol::INVALID, "", "192.168.1.1", "", "", ""},
232 {Direction::FORWARD, Action::DENY, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
233 {Direction::FORWARD, Action::REJECT, Protocol::INVALID, "", "192.168.1.1/20", "", "", ""},
234 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "80", "", ""},
235 {Direction::INPUT, Action::DENY, Protocol::INVALID, "", "", "80-90", "", ""},
236 {Direction::INPUT, Action::REJECT, Protocol::INVALID, "", "", "80-90", "", ""},
237 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "80,90", "", ""},
238 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "901", ""},
239 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "901-1000", ""},
240 {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "901,1000", ""},
241 {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "", "5555"}};
242 for (const auto &item : validRules) {
243 FirewallRuleParcel validFirewallRule{item};
244 ErrCode ret = iptablesManager->RemoveFirewallRule(validFirewallRule);
245 EXPECT_EQ(ret, ERR_OK);
246 }
247 }
248
249 /**
250 * @tc.name: TestRemoveFilewallFail
251 * @tc.desc: Test RemoveFilewall func fail.
252 * @tc.type: FUNC
253 */
254 HWTEST_F(IptablesManagerTest, TestRemoveFilewallFail, TestSize.Level1)
255 {
256 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
257
258 std::vector<FirewallRule> invalidRules{
259 {Direction::INPUT, Action::INVALID, Protocol::INVALID, "", "", "", "", "9999"},
260 {Direction::FORWARD, Action::INVALID, Protocol::INVALID, "", "", "", "", "9999"},
261 {Direction::INPUT, Action::ALLOW, Protocol::ALL, "", "", "80", "", ""},
262 {Direction::INPUT, Action::ALLOW, Protocol::ALL, "", "", "", "90", ""},
263 {Direction::INVALID, Action::ALLOW, Protocol::INVALID, "", "", "", "", ""},
264 {Direction::INVALID, Action::INVALID, Protocol::ALL, "", "", "", "", ""},
265 {Direction::INVALID, Action::INVALID, Protocol::UDP, "", "", "", "", ""},
266 {Direction::INVALID, Action::INVALID, Protocol::TCP, "", "", "", "", ""},
267 {Direction::INVALID, Action::INVALID, Protocol::ICMP, "", "", "", "", ""},
268 {Direction::INVALID, Action::INVALID, Protocol::INVALID, "192.168.1.1", "", "", "", ""},
269 {Direction::INVALID, Action::INVALID, Protocol::INVALID, "", "192.168.1.1", "", "", ""},
270 {Direction::INVALID, Action::INVALID, Protocol::INVALID, "", "", "80", "", ""},
271 {Direction::INVALID, Action::INVALID, Protocol::INVALID, "", "", "", "901", ""},
272 {Direction::INVALID, Action::INVALID, Protocol::INVALID, "", "", "", "901", "5555"}};
273 for (const auto &item : invalidRules) {
274 FirewallRuleParcel invalidFirewallRule{item};
275 ErrCode ret = iptablesManager->RemoveFirewallRule(invalidFirewallRule);
276 EXPECT_EQ(ret, EdmReturnErrCode::PARAM_ERROR);
277 }
278 }
279
280 /**
281 * @tc.name: GetFirewallRulesTest1
282 * @tc.desc: Test GetFirewallRules func.
283 * @tc.type: FUNC
284 */
285 HWTEST_F(IptablesManagerTest, GetFirewallRulesTest1, TestSize.Level1)
286 {
287 std::string result =
288 "Chain edm_deny_output (1 references)\n"
289 "num pkts bytes target prot opt in out source destination\n"
290 "1 0 0 DROP udp -- * * 0.0.0.0/0 10.1.1.1 "
291 "source IP range 192.168.1.1-192.188.22.66 udp spt:8080 dpt:8080";
292 std::string resultEmpty =
293 "Chain edm_deny_output (1 references)\n"
294 "num pkts bytes target prot opt in out source destination";
295 EXPECT_CALL(*executerUtilsMock, Execute)
296 .Times(9)
297 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
298 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
299 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
300 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
301 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)))
302 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
303 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
304 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
305 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)));
306
307 std::vector<FirewallRuleParcel> list;
308 ErrCode ret = iptablesManager->GetFirewallRules(list);
309 EXPECT_TRUE(ret == ERR_OK);
310 EXPECT_TRUE(list.size() == 1);
311 }
312
313 /**
314 * @tc.name: GetFirewallRulesTest2
315 * @tc.desc: Test GetFirewallRules func.
316 * @tc.type: FUNC
317 */
318 HWTEST_F(IptablesManagerTest, GetFirewallRulesTest2, TestSize.Level1)
319 {
320 std::string result =
321 "Chain edm_deny_output (1 references)\n"
322 "num pkts bytes target prot opt in out source destination\n"
323 "1 0 0 DROP udp -- * * 0.0.0.0/0 10.1.1.1 "
324 "source IP range 192.168.1.1-192.188.22.66 udp spt:8080 dpt:8080 owner UID match 9696";
325 std::string resultEmpty =
326 "Chain edm_deny_output (1 references)\n"
327 "num pkts bytes target prot opt in out source destination";
328 EXPECT_CALL(*executerUtilsMock, Execute)
329 .Times(9)
330 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
331 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
332 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
333 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
334 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)))
335 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
336 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
337 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
338 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)));
339
340 std::vector<FirewallRuleParcel> list;
341 ErrCode ret = iptablesManager->GetFirewallRules(list);
342 EXPECT_TRUE(ret == ERR_OK);
343 EXPECT_TRUE(list.size() == 1);
344 }
345
346 /**
347 * @tc.name: GetFirewallRulesTest3
348 * @tc.desc: Test GetFirewallRules func.
349 * @tc.type: FUNC
350 */
351 HWTEST_F(IptablesManagerTest, GetFirewallRulesTest3, TestSize.Level1)
352 {
353 std::string result =
354 "Chain edm_deny_input (1 references)\n"
355 "num pkts bytes target prot opt in out source destination\n"
356 "1 0 0 DROP udp -- * * 0.0.0.0/0 10.1.1.1 "
357 "source IP range 192.168.1.1-192.188.22.66 udp spt:8080 dpt:8080 owner UID match 9696";
358 std::string resultEmpty =
359 "Chain edm_deny_output (1 references)\n"
360 "num pkts bytes target prot opt in out source destination";
361 EXPECT_CALL(*executerUtilsMock, Execute)
362 .Times(9)
363 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
364 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)))
365 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
366 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
367 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
368 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
369 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
370 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
371 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)));
372
373 std::vector<FirewallRuleParcel> list;
374 ErrCode ret = iptablesManager->GetFirewallRules(list);
375 EXPECT_TRUE(ret == ERR_OK);
376 EXPECT_TRUE(list.size() == 1);
377 }
378
379 /**
380 * @tc.name: GetFirewallRulesTest4
381 * @tc.desc: Test GetFirewallRules func.
382 * @tc.type: FUNC
383 */
384 HWTEST_F(IptablesManagerTest, GetFirewallRulesTest4, TestSize.Level1)
385 {
386 std::string result =
387 "Chain edm_reject_forward (1 references)\n"
388 "num pkts bytes target prot opt in out source destination\n"
389 "1 0 0 REJECT all -- * * 172.16.100.2 172.19.90.131 "
390 "reject-with icmp-port-unreachable";
391 std::string resultEmpty =
392 "Chain edm_reject_forward (1 references)\n"
393 "num pkts bytes target prot opt in out source destination";
394 EXPECT_CALL(*executerUtilsMock, Execute)
395 .Times(9)
396 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
397 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
398 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
399 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
400 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
401 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
402 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
403 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
404 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)));
405
406 std::vector<FirewallRuleParcel> list;
407 ErrCode ret = iptablesManager->GetFirewallRules(list);
408 EXPECT_TRUE(ret == ERR_OK);
409 EXPECT_TRUE(list.size() == 1);
410 }
411
412 /**
413 * @tc.name: GetFirewallRulesTest5
414 * @tc.desc: Test GetFirewallRules func.
415 * @tc.type: FUNC
416 */
417 HWTEST_F(IptablesManagerTest, GetFirewallRulesTest5, TestSize.Level1)
418 {
419 std::string result =
420 "Chain edm_reject_forward (1 references)\n"
421 "num pkts bytes target prot opt in out source destination\n"
422 "1 0 0 REJECT udp -- * * 172.16.100.2 172.19.90.131 "
423 "reject-with icmp-port-unreachable";
424 std::string resultEmpty =
425 "Chain edm_reject_forward (1 references)\n"
426 "num pkts bytes target prot opt in out source destination";
427 EXPECT_CALL(*executerUtilsMock, Execute)
428 .Times(9)
429 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
430 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
431 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
432 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
433 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
434 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
435 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
436 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
437 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)));
438
439 std::vector<FirewallRuleParcel> list;
440 ErrCode ret = iptablesManager->GetFirewallRules(list);
441 EXPECT_TRUE(ret == ERR_OK);
442 EXPECT_TRUE(list.size() == 1);
443 }
444
445 /**
446 * @tc.name: TestAddDomainFilterSuccess
447 * @tc.desc: Test AddDomainFilter func.
448 * @tc.type: FUNC
449 */
450 HWTEST_F(IptablesManagerTest, TestAddDomainFilterSuccess, TestSize.Level1)
451 {
452 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
453
454 std::vector<DomainFilterRule> validRules{
455 {Action::ALLOW, "1000", "www.example.com", Direction::INVALID},
456 {Action::ALLOW, "1000", "www.example.com", Direction::OUTPUT},
457 {Action::DENY, "1000", "www.example.com", Direction::OUTPUT},
458 {Action::ALLOW, "", "www.example.com", Direction::OUTPUT},
459 {Action::DENY, "", "www.example.com", Direction::OUTPUT},
460 {Action::ALLOW, "", "www.example.com", Direction::FORWARD},
461 {Action::DENY, "", "www.example.com", Direction::FORWARD},
462 };
463 for (const auto &item : validRules) {
464 DomainFilterRuleParcel validDomainFilterRuleParcel{item};
465 ErrCode ret = iptablesManager->AddDomainFilterRule(validDomainFilterRuleParcel);
466 EXPECT_EQ(ret, ERR_OK);
467 }
468 }
469
470 /**
471 * @tc.name: TestAddDomainFilterFail
472 * @tc.desc: Test AddDomainFilter func.
473 * @tc.type: FUNC
474 */
475 HWTEST_F(IptablesManagerTest, TestAddDomainFilterFail, TestSize.Level1)
476 {
477 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
478
479 std::string invalidDomainName;
480 for (int i = 0; i < 4; ++i) {
481 for (int j = 0; j < 63; ++j) {
482 invalidDomainName += "a";
483 }
484 invalidDomainName += ".";
485 }
486
487 std::vector<DomainFilterRule> invalidRules{
488 {Action::ALLOW, "1000", "", Direction::OUTPUT},
489 {Action::INVALID, "1000", "www.example.com", Direction::OUTPUT},
490 {Action::DENY, "1000", "www.ex||ample.com", Direction::OUTPUT},
491 {Action::ALLOW, "1000", "www.ex/ample.com", Direction::OUTPUT},
492 {Action::INVALID, "1000", invalidDomainName, Direction::OUTPUT},
493 {Action::ALLOW, "1000", "", Direction::FORWARD},
494 {Action::INVALID, "1000", "www.example.com", Direction::FORWARD},
495 {Action::DENY, "1000", "www.ex||ample.com", Direction::FORWARD},
496 {Action::ALLOW, "1000", "www.ex/ample.com", Direction::FORWARD},
497 {Action::INVALID, "1000", invalidDomainName, Direction::FORWARD},
498 {Action::ALLOW, "1000", "", Direction::INVALID},
499 {Action::INVALID, "1000", "www.example.com", Direction::INVALID},
500 {Action::DENY, "1000", "www.ex||ample.com", Direction::INVALID},
501 {Action::ALLOW, "1000", "www.ex/ample.com", Direction::INVALID},
502 {Action::INVALID, "1000", invalidDomainName, Direction::INVALID}};
503 for (const auto &item : invalidRules) {
504 DomainFilterRuleParcel invalidDomainFilterRuleParcel{item};
505 ErrCode ret = iptablesManager->AddDomainFilterRule(invalidDomainFilterRuleParcel);
506 EXPECT_EQ(ret, EdmReturnErrCode::PARAM_ERROR);
507 }
508 }
509
510 /**
511 * @tc.name: TestAddDomainFilterError
512 * @tc.desc: Test AddDomainFilter func.
513 * @tc.type: FUNC
514 */
515 HWTEST_F(IptablesManagerTest, TestAddDomainFilterError, TestSize.Level1)
516 {
517 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
518
519 ExecuterFactory::instance_ = std::make_shared<ExecuterFactory>();
520
521 std::vector<DomainFilterRule> validRules{
522 {Action::ALLOW, "1000", "www.example.com", Direction::OUTPUT},
523 {Action::DENY, "1000", "www.example.com", Direction::OUTPUT},
524 {Action::ALLOW, "", "www.example.com", Direction::OUTPUT},
525 {Action::DENY, "", "www.example.com", Direction::OUTPUT},
526 {Action::ALLOW, "", "www.example.com", Direction::FORWARD},
527 {Action::DENY, "", "www.example.com", Direction::FORWARD},
528 };
529 for (const auto &item : validRules) {
530 DomainFilterRuleParcel validDomainFilterRuleParcel{item};
531 ErrCode ret = iptablesManager->AddDomainFilterRule(validDomainFilterRuleParcel);
532 EXPECT_EQ(ret, EdmReturnErrCode::SYSTEM_ABNORMALLY);
533 }
534 }
535
536 /**
537 * @tc.name: TestRemoveDomainFilterSuccess
538 * @tc.desc: Test RemoveDomainFilter func.
539 * @tc.type: FUNC
540 */
541 HWTEST_F(IptablesManagerTest, TestRemoveDomainFilterSuccess, TestSize.Level1)
542 {
543 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
544
545 std::vector<DomainFilterRule> validRules{
546 {Action::INVALID, "", "", Direction::INVALID},
547 {Action::INVALID, "", "", Direction::OUTPUT},
548 {Action::ALLOW, "", "", Direction::INVALID},
549 {Action::ALLOW, "", "", Direction::OUTPUT},
550 {Action::DENY, "", "", Direction::OUTPUT},
551 {Action::ALLOW, "1000", "www.example.com", Direction::OUTPUT},
552 {Action::DENY, "1000", "www.example.com", Direction::OUTPUT},
553 {Action::ALLOW, "", "www.example.com", Direction::OUTPUT},
554 {Action::DENY, "", "www.example.com", Direction::OUTPUT},
555 {Action::INVALID, "", "", Direction::FORWARD},
556 {Action::ALLOW, "", "", Direction::FORWARD},
557 {Action::DENY, "", "", Direction::FORWARD},
558 {Action::ALLOW, "", "www.example.com", Direction::FORWARD},
559 {Action::DENY, "", "www.example.com", Direction::FORWARD},
560 };
561 for (const auto &item : validRules) {
562 DomainFilterRuleParcel validDomainFilterRuleParcel{item};
563 ErrCode ret = iptablesManager->RemoveDomainFilterRules(validDomainFilterRuleParcel);
564 EXPECT_EQ(ret, ERR_OK);
565 }
566 }
567
568 /**
569 * @tc.name: TestRemoveDomainFilterFail
570 * @tc.desc: Test RemoveDomainFilter func.
571 * @tc.type: FUNC
572 */
573 HWTEST_F(IptablesManagerTest, TestRemoveDomainFilterFail, TestSize.Level1)
574 {
575 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Invoke(PrintExecRule), Return(ERR_OK)));
576
577 std::vector<DomainFilterRule> invalidRules{
578 {Action::ALLOW, "1000", "", Direction::OUTPUT},
579 {Action::DENY, "1000", "", Direction::OUTPUT},
580 {Action::INVALID, "", "www.example.com", Direction::OUTPUT},
581 {Action::INVALID, "1000", "www.example.com", Direction::OUTPUT},
582 {Action::DENY, "1000", "www.ex||ample.com", Direction::OUTPUT},
583 {Action::ALLOW, "1000", "www.ex/ample.com", Direction::OUTPUT},
584 {Action::ALLOW, "1000", "", Direction::FORWARD},
585 {Action::DENY, "1000", "", Direction::FORWARD},
586 {Action::INVALID, "", "www.example.com", Direction::FORWARD},
587 {Action::INVALID, "1000", "www.example.com", Direction::FORWARD},
588 {Action::DENY, "1000", "www.ex||ample.com", Direction::FORWARD},
589 {Action::ALLOW, "1000", "www.ex/ample.com", Direction::FORWARD},
590 };
591 for (const auto &item : invalidRules) {
592 DomainFilterRuleParcel invalidDomainFilterRuleParcel{item};
593 ErrCode ret = iptablesManager->RemoveDomainFilterRules(invalidDomainFilterRuleParcel);
594 EXPECT_EQ(ret, EdmReturnErrCode::PARAM_ERROR);
595 }
596 }
597
598 /**
599 * @tc.name: TestGetDomainFilterRules1
600 * @tc.desc: Test GetDomainFilterRules func.
601 * @tc.type: FUNC
602 */
603 HWTEST_F(IptablesManagerTest, TestGetDomainFilterRules1, TestSize.Level1)
604 {
605 std::string result =
606 "Chain edm_dns_deny_output (1 references)\n"
607 "num pkts bytes target prot opt in out source destination\n"
608 "1 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 "
609 "udp dpt:53 owner UID match 9696 STRING match \"|03777777076578616d706c6503636f6d|\" ALGO name bm TO 65535";
610 std::string resultEmpty =
611 "Chain edm_dns_deny_forward (1 references)\n"
612 "num pkts bytes target prot opt in out source destination";
613 EXPECT_CALL(*executerUtilsMock, Execute)
614 .Times(6)
615 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
616 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)))
617 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
618 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
619 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
620 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)));
621
622 std::vector<DomainFilterRuleParcel> list;
623 ErrCode ret = iptablesManager->GetDomainFilterRules(list);
624 EXPECT_EQ(ret, ERR_OK);
625 EXPECT_TRUE(list.size() == 1);
626 }
627
628 /**
629 * @tc.name: TestGetDomainFilterRules2
630 * @tc.desc: Test GetDomainFilterRules func.
631 * @tc.type: FUNC
632 */
633 HWTEST_F(IptablesManagerTest, TestGetDomainFilterRules2, TestSize.Level1)
634 {
635 std::string result =
636 "Chain edm_dns_reject_forward (1 references)\n"
637 "num pkts bytes target prot opt in out source destination\n"
638 "1 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 "
639 "udp dpt:53 STRING match \"|037777770667697468756203636f6d|\" ALGO name bm TO 65535 "
640 "reject-with icmp-port-unreachable";
641 std::string resultEmpty =
642 "Chain edm_dns_reject_forward (1 references)\n"
643 "num pkts bytes target prot opt in out source destination";
644 EXPECT_CALL(*executerUtilsMock, Execute)
645 .Times(6)
646 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
647 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
648 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
649 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
650 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
651 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)));
652
653 std::vector<DomainFilterRuleParcel> list;
654 ErrCode ret = iptablesManager->GetDomainFilterRules(list);
655 EXPECT_EQ(ret, ERR_OK);
656 EXPECT_TRUE(list.size() == 1);
657 }
658
659 /**
660 * @tc.name: TestGetRemoveChainNameSuccess
661 * @tc.desc: Test GetRemoveChainName func.
662 * @tc.type: FUNC
663 */
664 HWTEST_F(IptablesManagerTest, TestGetRemoveChainNameSuccess, TestSize.Level1)
665 {
666 std::vector<std::string> chainNameList;
667 std::vector<std::string> expectList;
668 ErrCode ret = ERR_OK;
669
670 chainNameList = {};
671 ret = iptablesManager->GetRemoveChainName(Direction::INPUT, Action::ALLOW, chainNameList);
672 EXPECT_TRUE(ret == ERR_OK);
673 EXPECT_TRUE(chainNameList.size() == 1);
674 expectList = {EDM_ALLOW_INPUT_CHAIN_NAME};
675 EXPECT_EQ(chainNameList, expectList);
676
677 chainNameList = {};
678 ret = iptablesManager->GetRemoveChainName(Direction::INPUT, Action::DENY, chainNameList);
679 EXPECT_TRUE(ret == ERR_OK);
680 EXPECT_TRUE(chainNameList.size() == 1);
681 expectList = {EDM_DENY_INPUT_CHAIN_NAME};
682 EXPECT_EQ(chainNameList, expectList);
683
684 chainNameList = {};
685 ret = iptablesManager->GetRemoveChainName(Direction::INPUT, Action::REJECT, chainNameList);
686 EXPECT_TRUE(ret == ERR_OK);
687 EXPECT_TRUE(chainNameList.size() == 1);
688 expectList = {EDM_REJECT_INPUT_CHAIN_NAME};
689 EXPECT_EQ(chainNameList, expectList);
690
691 chainNameList = {};
692 ret = iptablesManager->GetRemoveChainName(Direction::INPUT, Action::INVALID, chainNameList);
693 EXPECT_TRUE(ret == ERR_OK);
694 EXPECT_TRUE(chainNameList.size() == 3);
695 expectList = {EDM_ALLOW_INPUT_CHAIN_NAME, EDM_DENY_INPUT_CHAIN_NAME, EDM_REJECT_INPUT_CHAIN_NAME};
696 EXPECT_EQ(chainNameList, expectList);
697 }
698
699 /**
700 * @tc.name: TestGetRemoveChainNameSuccess1
701 * @tc.desc: Test GetRemoveChainName func.
702 * @tc.type: FUNC
703 */
704 HWTEST_F(IptablesManagerTest, TestGetRemoveChainNameSuccess1, TestSize.Level1)
705 {
706 std::vector<std::string> chainNameList;
707 std::vector<std::string> expectList;
708 ErrCode ret = ERR_OK;
709
710 chainNameList = {};
711 ret = iptablesManager->GetRemoveChainName(Direction::OUTPUT, Action::ALLOW, chainNameList);
712 EXPECT_EQ(ret, ERR_OK);
713 EXPECT_TRUE(chainNameList.size() == 1);
714 expectList = {EDM_ALLOW_OUTPUT_CHAIN_NAME};
715 EXPECT_EQ(chainNameList, expectList);
716
717 chainNameList = {};
718 ret = iptablesManager->GetRemoveChainName(Direction::OUTPUT, Action::DENY, chainNameList);
719 EXPECT_EQ(ret, ERR_OK);
720 EXPECT_TRUE(chainNameList.size() == 1);
721 expectList = {EDM_DENY_OUTPUT_CHAIN_NAME};
722 EXPECT_EQ(chainNameList, expectList);
723
724 chainNameList = {};
725 ret = iptablesManager->GetRemoveChainName(Direction::OUTPUT, Action::REJECT, chainNameList);
726 EXPECT_EQ(ret, ERR_OK);
727 EXPECT_TRUE(chainNameList.size() == 1);
728 expectList = {EDM_REJECT_OUTPUT_CHAIN_NAME};
729 EXPECT_EQ(chainNameList, expectList);
730
731 chainNameList = {};
732 ret = iptablesManager->GetRemoveChainName(Direction::OUTPUT, Action::INVALID, chainNameList);
733 EXPECT_EQ(ret, ERR_OK);
734 EXPECT_TRUE(chainNameList.size() == 3);
735 expectList = {EDM_ALLOW_OUTPUT_CHAIN_NAME, EDM_DENY_OUTPUT_CHAIN_NAME, EDM_REJECT_OUTPUT_CHAIN_NAME};
736 EXPECT_EQ(chainNameList, expectList);
737 }
738
739 /**
740 * @tc.name: TestGetRemoveChainNameSuccess2
741 * @tc.desc: Test GetRemoveChainName func.
742 * @tc.type: FUNC
743 */
744 HWTEST_F(IptablesManagerTest, TestGetRemoveChainNameSuccess2, TestSize.Level1)
745 {
746 std::vector<std::string> chainNameList;
747 std::vector<std::string> expectList;
748 ErrCode ret = ERR_OK;
749
750 chainNameList = {};
751 ret = iptablesManager->GetRemoveChainName(Direction::INVALID, Action::INVALID, chainNameList);
752 EXPECT_EQ(ret, ERR_OK);
753 EXPECT_TRUE(chainNameList.size() == 9);
754 }
755
756 /**
757 * @tc.name: TestGetRemoveChainNameSuccess3
758 * @tc.desc: Test GetRemoveChainName func.
759 * @tc.type: FUNC
760 */
761 HWTEST_F(IptablesManagerTest, TestGetRemoveChainNameSuccess3, TestSize.Level1)
762 {
763 std::vector<std::string> chainNameList;
764 std::vector<std::string> expectList;
765 ErrCode ret = ERR_OK;
766
767 chainNameList = {};
768 ret = iptablesManager->GetRemoveChainName(Direction::FORWARD, Action::ALLOW, chainNameList);
769 EXPECT_EQ(ret, ERR_OK);
770 EXPECT_TRUE(chainNameList.size() == 1);
771 expectList = {EDM_ALLOW_FORWARD_CHAIN_NAME};
772 EXPECT_EQ(chainNameList, expectList);
773
774 chainNameList = {};
775 ret = iptablesManager->GetRemoveChainName(Direction::FORWARD, Action::DENY, chainNameList);
776 EXPECT_EQ(ret, ERR_OK);
777 EXPECT_TRUE(chainNameList.size() == 1);
778 expectList = {EDM_DENY_FORWARD_CHAIN_NAME};
779 EXPECT_EQ(chainNameList, expectList);
780
781 chainNameList = {};
782 ret = iptablesManager->GetRemoveChainName(Direction::FORWARD, Action::REJECT, chainNameList);
783 EXPECT_EQ(ret, ERR_OK);
784 EXPECT_TRUE(chainNameList.size() == 1);
785 expectList = {EDM_REJECT_FORWARD_CHAIN_NAME};
786 EXPECT_EQ(chainNameList, expectList);
787
788 chainNameList = {};
789 ret = iptablesManager->GetRemoveChainName(Direction::FORWARD, Action::INVALID, chainNameList);
790 EXPECT_EQ(ret, ERR_OK);
791 EXPECT_TRUE(chainNameList.size() == 3);
792 expectList = {EDM_ALLOW_FORWARD_CHAIN_NAME, EDM_DENY_FORWARD_CHAIN_NAME, EDM_REJECT_FORWARD_CHAIN_NAME};
793 EXPECT_EQ(chainNameList, expectList);
794 }
795
796
797 /**
798 * @tc.name: TestGetRemoveChainNameFail
799 * @tc.desc: Test GetRemoveChainName func.
800 * @tc.type: FUNC
801 */
802 HWTEST_F(IptablesManagerTest, TestGetRemoveChainNameFail, TestSize.Level1)
803 {
804 std::vector<std::string> chainNameList;
805 std::vector<std::string> expectList;
806 ErrCode ret = ERR_OK;
807
808 chainNameList = {};
809 ret = iptablesManager->GetRemoveChainName(Direction::INVALID, Action::DENY, chainNameList);
810 EXPECT_EQ(ret, EdmReturnErrCode::PARAM_ERROR);
811
812 ret = iptablesManager->GetRemoveChainName(Direction::INVALID, Action::ALLOW, chainNameList);
813 EXPECT_EQ(ret, EdmReturnErrCode::PARAM_ERROR);
814 }
815
816 /**
817 * @tc.name: TestExistOutputAllowFirewallRule
818 * @tc.desc: Test ExistOutputAllowFirewallRule func.
819 * @tc.type: FUNC
820 */
821 HWTEST_F(IptablesManagerTest, TestExistOutputAllowFirewallRule, TestSize.Level1)
822 {
823 std::string result =
824 "Chain edm_deny_output (1 references)\n"
825 "num pkts bytes target prot opt in out source destination\n"
826 "1 0 0 DROP udp -- * * 0.0.0.0/0 10.1.1.1 "
827 "source IP range 192.168.1.1-192.188.22.66 udp spt:8080 dpt:8080";
828 std::string resultEmpty =
829 "Chain edm_deny_output (1 references)\n"
830 "num pkts bytes target prot opt in out source destination";
831 EXPECT_CALL(*executerUtilsMock, Execute)
832 .Times(2)
833 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(resultEmpty), Return(ERR_OK)))
834 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)));
835
836 EXPECT_TRUE(iptablesManager->ExistOutputAllowFirewallRule());
837
838 EXPECT_CALL(*executerUtilsMock, Execute).Times(2).WillOnce(DoAll(Return(ERR_OK))).WillOnce(DoAll(Return(ERR_OK)));
839 EXPECT_FALSE(iptablesManager->ExistOutputAllowFirewallRule());
840 }
841
842 /**
843 * @tc.name: TestExistOutputAllowDomainRule
844 * @tc.desc: Test ExistOutputAllowDomainRule func.
845 * @tc.type: FUNC
846 */
847 HWTEST_F(IptablesManagerTest, TestExistOutputAllowDomainRule, TestSize.Level1)
848 {
849 std::string result =
850 "Chain edm_dns_deny_output (1 references)\n"
851 "num pkts bytes target prot opt in out source destination\n"
852 "1 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 "
853 "udp dpt:53 owner UID match 9696 STRING match \"|03777777076578616d706c6503636f6d|\" ALGO name bm TO 65535";
854 EXPECT_CALL(*executerUtilsMock, Execute)
855 .Times(1)
856 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)));
857
858 EXPECT_TRUE(iptablesManager->ExistOutputAllowDomainRule());
859
860 EXPECT_CALL(*executerUtilsMock, Execute).Times(1).WillOnce(DoAll(Return(ERR_OK)));
861 EXPECT_FALSE(iptablesManager->ExistOutputAllowDomainRule());
862 }
863
864 /**
865 * @tc.name: TestExistForwardAllowFirewallRule
866 * @tc.desc: Test ExistForwardAllowFirewallRule func.
867 * @tc.type: FUNC
868 */
869 HWTEST_F(IptablesManagerTest, TestExistForwardAllowFirewallRule, TestSize.Level1)
870 {
871 std::string result =
872 "Chain edm_reject_forward (1 references)\n"
873 "num pkts bytes target prot opt in out source destination\n"
874 "1 0 0 REJECT all -- * * 172.16.100.2 172.19.90.131 "
875 "reject-with icmp-port-unreachable";
876 EXPECT_CALL(*executerUtilsMock, Execute)
877 .Times(1)
878 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)));
879
880 EXPECT_TRUE(iptablesManager->ExistForwardAllowFirewallRule());
881
882 EXPECT_CALL(*executerUtilsMock, Execute).Times(1).WillOnce(DoAll(Return(ERR_OK))).WillOnce(DoAll(Return(ERR_OK)));
883 EXPECT_FALSE(iptablesManager->ExistForwardAllowFirewallRule());
884 }
885
886 /**
887 * @tc.name: TestExistForwardAllowDomainRule
888 * @tc.desc: Test ExistForwardAllowDomainRule func.
889 * @tc.type: FUNC
890 */
891 HWTEST_F(IptablesManagerTest, TestExistForwardAllowDomainRule, TestSize.Level1)
892 {
893 std::string result =
894 "Chain edm_dns_reject_forward (1 references)\n"
895 "num pkts bytes target prot opt in out source destination\n"
896 "1 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 "
897 "udp dpt:53 STRING match \"|037777770667697468756203636f6d|\" ALGO name bm TO 65535 "
898 "reject-with icmp-port-unreachable";
899 EXPECT_CALL(*executerUtilsMock, Execute)
900 .Times(1)
901 .WillOnce(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)));
902
903 EXPECT_TRUE(iptablesManager->ExistForwardAllowDomainRule());
904
905 EXPECT_CALL(*executerUtilsMock, Execute).Times(1).WillOnce(DoAll(Return(ERR_OK)));
906 EXPECT_FALSE(iptablesManager->ExistForwardAllowDomainRule());
907 }
908
909 /**
910 * @tc.name: TestChainExistRule
911 * @tc.desc: Test ChainExistRule func.
912 * @tc.type: FUNC
913 */
914 HWTEST_F(IptablesManagerTest, TestChainExistRule, TestSize.Level1)
915 {
916 std::string result =
917 "Chain edm_deny_output (1 references)\n"
918 "num pkts bytes target prot opt in out source destination\n"
919 "1 0 0 DROP udp -- * * 0.0.0.0/0 10.1.1.1 "
920 "source IP range 192.168.1.1-192.188.22.66 udp spt:8080 dpt:8080";
921 EXPECT_CALL(*executerUtilsMock, Execute)
922 .WillRepeatedly(DoAll(Invoke(PrintExecRule), SetArgReferee<1>(result), Return(ERR_OK)));
923
924 std::vector<std::string> chainNameList = {EDM_ALLOW_INPUT_CHAIN_NAME, EDM_DENY_INPUT_CHAIN_NAME,
925 EDM_ALLOW_OUTPUT_CHAIN_NAME, EDM_DENY_OUTPUT_CHAIN_NAME, EDM_ALLOW_FORWARD_CHAIN_NAME,
926 EDM_DENY_FORWARD_CHAIN_NAME};
927 EXPECT_TRUE(iptablesManager->ChainExistRule(chainNameList));
928
929 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Return(ERR_OK)));
930 EXPECT_FALSE(iptablesManager->ChainExistRule(chainNameList));
931 }
932
933 /**
934 * @tc.name: TestStaticAttribute
935 * @tc.desc: Test attribute.
936 * @tc.type: FUNC
937 */
938 HWTEST_F(IptablesManagerTest, TestStaticAttribute, TestSize.Level1)
939 {
940 EXPECT_CALL(*executerUtilsMock, Execute).WillRepeatedly(DoAll(Return(ERR_OK)));
941
942 IptablesManager::g_defaultFirewallOutputChainInit = false;
943 IptablesManager::SetDefaultFirewallDenyChain(IPTABLES::Direction::OUTPUT);
944 EXPECT_TRUE(IptablesManager::g_defaultFirewallOutputChainInit);
945
946 IptablesManager::ClearDefaultFirewallOutputDenyChain();
947 EXPECT_FALSE(IptablesManager::g_defaultFirewallOutputChainInit);
948
949 IptablesManager::g_defaultFirewallForwardChainInit = false;
950 IptablesManager::SetDefaultFirewallDenyChain(IPTABLES::Direction::FORWARD);
951 EXPECT_TRUE(IptablesManager::g_defaultFirewallForwardChainInit);
952
953 IptablesManager::ClearDefaultFirewallForwardDenyChain();
954 EXPECT_FALSE(IptablesManager::g_defaultFirewallForwardChainInit);
955
956 IptablesManager::g_defaultDomainOutputChainInit = false;
957 IptablesManager::SetDefaultDomainDenyChain(IPTABLES::Direction::OUTPUT);
958 EXPECT_TRUE(IptablesManager::g_defaultDomainOutputChainInit);
959
960 IptablesManager::ClearDefaultDomainOutputDenyChain();
961 EXPECT_FALSE(IptablesManager::g_defaultDomainOutputChainInit);
962
963 IptablesManager::g_defaultDomainForwardChainInit = false;
964 IptablesManager::SetDefaultDomainDenyChain(IPTABLES::Direction::FORWARD);
965 EXPECT_TRUE(IptablesManager::g_defaultDomainForwardChainInit);
966
967 IptablesManager::ClearDefaultDomainForwardDenyChain();
968 EXPECT_FALSE(IptablesManager::g_defaultDomainForwardChainInit);
969 }
970 } // namespace TEST
971 } // namespace IPTABLES
972 } // namespace EDM
973 } // namespace OHOS