1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "unit_test.h"
17 #include <string>
18 #include <thread>
19 #include <selinux/selinux.h>
20 #include "selinux_error.h"
21 #include "test_common.h"
22
23 namespace OHOS {
24 namespace Security {
25 namespace SelinuxUnitTest {
26 using namespace testing::ext;
27 using namespace Selinux;
28 const static int SLEEP_SECOND = 2;
29 const static std::string BASE_PATH = "/data/app/el1/0/base/";
30 const static std::string ACCOUNT_PATH = "/data/accounts/account_0/appdata/";
31 const static std::string TEST_HAP_PATH = BASE_PATH + "com.ohos.selftest/";
32 const static std::string TEST_ACCOUNT_PATH = ACCOUNT_PATH + "com.ohos.selftest/";
33 const static std::string TEST_ACCOUNT_SUB_PATH_1_FILE_1 = TEST_ACCOUNT_PATH + "file1.txt";
34
35 const static std::string TEST_SUB_PATH_1 = TEST_HAP_PATH + "subpath1/";
36 const static std::string TEST_SUB_PATH_2 = TEST_HAP_PATH + "subpath2/";
37 const static std::string TEST_SUB_PATH_3 = TEST_HAP_PATH + "subpath3/";
38 const static std::string TEST_SUB_PATH_4 = TEST_HAP_PATH + "subpath4/";
39
40 const static std::string TEST_SUB_PATH_1_FILE_1 = TEST_SUB_PATH_1 + "file1.txt";
41 const static std::string TEST_SUB_PATH_1_FILE_2 = TEST_SUB_PATH_1 + "file2.txt";
42 const static std::string TEST_SUB_PATH_2_FILE_1 = TEST_SUB_PATH_2 + "file1.txt";
43 const static std::string TEST_SUB_PATH_2_FILE_2 = TEST_SUB_PATH_2 + "file2.txt";
44 const static std::string TEST_SUB_PATH_3_FILE_1 = TEST_SUB_PATH_3 + "file1.txt";
45 const static std::string TEST_SUB_PATH_3_FILE_2 = TEST_SUB_PATH_3 + "file2.txt";
46 const static std::string TEST_SUB_PATH_4_FILE_1 = TEST_SUB_PATH_4 + "file1.txt";
47 const static std::string TEST_SUB_PATH_4_FILE_2 = TEST_SUB_PATH_4 + "file2.txt";
48
49 const static std::string TEST_UNSIMPLIFY_PATH = TEST_SUB_PATH_3 + "//../subpath4/";
50 const static std::string TEST_UNSIMPLIFY_FILE = TEST_SUB_PATH_4 + "//../subpath3/file1.txt";
51
52 const static std::string INVALID_PATH = "/data/data/path";
53 const static std::string EMPTY_STRING = "";
54 const static std::string SYSTEM_CORE_APL = "system_core";
55 const static std::string NORMAL_APL = "normal";
56 const static std::string INVALID_APL = "invalid_apl";
57
58 const static std::string TEST_HAP_BUNDLE_NAME = "com.hap.selftest";
59 const static std::string TEST_HAP_BUNDLE_NAME_WITH_NO_CONTEXTS = "com.ohos.test";
60 const static std::string TEST_HAP_BUNDLE_NAME_FOR_INVALID_CONTEXTS = "com.hap.selftest_invalid";
61 const static std::string TEST_HAP_BUNDLE_NAME_FOR_TEST_SANDBOX = "com.hap.test_sandbox";
62
63 const static std::string TEST_HAP_DATA_FILE_LABEL = "u:object_r:selftest_hap_data_file:s0";
64
65 const static std::string TEST_HAP_DOMAIN = "u:r:selftest:s0";
66 const static std::string TEST_HAP_DATA_TYPE = "u:r:selftest_hap_data_file:s0";
67 const static std::string DLP_HAP_DOMAIN = "u:r:dlp_sandbox_hap:s0";
68 const static std::string DLP_HAP_DATA_TYPE = "u:r:dlp_sandbox_hap_data_file:s0";
69 const static std::string TEST_NORMAL_DOMAIN = "u:r:normal_hap:s0";
70 const static std::string TEST_NORMAL_TYPE = "u:r:normal_hap_data_file:s0";
71 const static std::string TEST_EXTENSION_DOMAIN = "u:r:extension_test_hap:s0";
72 const static std::string TEST_EXTENSION_SAME_DOMAIN = "u:r:extension_test_same_hap:s0";
73 const static std::string TEST_EXTENSION_DEBUG_DOMAIN = "u:r:extension_test_debug_hap:s0";
74 const static std::string TEST_EXTENSION_PREINSTALL_DOMAIN = "u:r:extension_test_preinstall_hap:s0";
75 const static std::string TEST_EXTENSION = "extension_test_ability";
76 const static std::string TEST_SAME_EXTENSION = "extension_same_ability";
77 const static std::string TEST_DEBUG_EXTENSION = "extension_test_debug_ability";
78 const static std::string TEST_NORMAL_DOMAIN_WITH_CATEGORY = "o:r:normal_hap:s0:x214,x486,x514,x868,x1024";
79 const static std::string TEST_NORMAL_DOMAIN_WITH_CATEGORY_USER = "o:r:normal_hap:s0:x868,x1024";
80 const static std::string TEST_NORMAL_DOMAIN_WITH_CATEGORY_APP = "o:r:normal_hap:s0:x214,x486,x514";
81 const static std::string TEST_NORMAL_TYPE_WITH_CATEGORY = "o:r:normal_hap_data_file:s0:x214,x486,x514,x868,x1024";
82 const static std::string TEST_NORMAL_TYPE_WITH_CATEGORY_USER = "o:r:normal_hap_data_file:s0:x868,x1024";
83 const static std::string TEST_NORMAL_TYPE_WITH_CATEGORY_APP = "o:r:normal_hap_data_file:s0:x214,x486,x514";
84 const static std::string TEST_SANDBOX_HAP_DOMAIN = "u:r:test_sandbox_hap:s0";
85 const static std::string TEST_SANDBOX_HAP_DATA_TYPE = "u:r:test_sandbox_hap_data_file:s0";
86 const static uint32_t TEST_UID = 20190166;
87 const static uint32_t TEST_UID_FAILED = 20008;
88 static const char *DEFAULT_CONTEXT = "u:object_r:unlabeled:s0";
89
90 const static std::string SEHAP_CONTEXTS_FILE = "/data/test/sehap_contexts";
91
92 #ifdef MCS_ENABLE
93 static const std::string PRODUCT_CONFIG_FILE_TEST = "/version/etc/selinux/product_config";
94 static const std::string DEFAULT_MCS_HAP_FILE_PREFIX_TEST = "mcsHapFileEnabled=";
95 static bool g_mcsHapFileEnabledTest = false;
96 #endif
97
98 static HapFileInfo g_hapFileInfoWithoutFlags = {
99 .pathNameOrig = {TEST_SUB_PATH_1},
100 .apl = SYSTEM_CORE_APL,
101 .packageName = TEST_HAP_BUNDLE_NAME,
102 .flags = 0,
103 .hapFlags = 1,
104 };
105
106 static HapFileInfo g_hapFileInfoWithFlags = {
107 .pathNameOrig = {TEST_HAP_PATH},
108 .apl = SYSTEM_CORE_APL,
109 .packageName = TEST_HAP_BUNDLE_NAME,
110 .flags = 1,
111 .hapFlags = 1,
112 };
113
114 static HapFileInfo g_hapFileInfoWithAplEmpty = {
115 .pathNameOrig = {TEST_HAP_PATH},
116 .apl = "",
117 .packageName = TEST_HAP_BUNDLE_NAME,
118 .flags = 0,
119 .hapFlags = 1,
120 };
121
122 static HapFileInfo g_hapFileInfoWithPathEmpty = {
123 .pathNameOrig = {},
124 .apl = SYSTEM_CORE_APL,
125 .packageName = TEST_HAP_BUNDLE_NAME,
126 .flags = 0,
127 .hapFlags = 1,
128 };
129
130 static HapFileInfo g_hapFileInfoWithAplInvalid = {
131 .pathNameOrig = {TEST_HAP_PATH},
132 .apl = INVALID_APL,
133 .packageName = TEST_HAP_BUNDLE_NAME,
134 .flags = 0,
135 .hapFlags = 1,
136 };
137
138 static HapFileInfo g_hapFileInfoWithCannotFindContexts = {
139 .pathNameOrig = {TEST_HAP_PATH},
140 .apl = SYSTEM_CORE_APL,
141 .packageName = TEST_HAP_BUNDLE_NAME_WITH_NO_CONTEXTS,
142 .flags = 0,
143 .hapFlags = 1,
144 };
145
146 static HapFileInfo g_hapFileInfoForRepeatLabel = {
147 .pathNameOrig = {TEST_SUB_PATH_1},
148 .apl = SYSTEM_CORE_APL,
149 .packageName = TEST_HAP_BUNDLE_NAME,
150 .flags = 0,
151 .hapFlags = 1,
152 };
153
154 static HapFileInfo g_hapFileInfoWithPreinstallHap = {
155 .pathNameOrig = {TEST_SUB_PATH_1},
156 .apl = SYSTEM_CORE_APL,
157 .packageName = TEST_HAP_BUNDLE_NAME,
158 .flags = 0,
159 .hapFlags = 0,
160 };
161
162 static HapFileInfo g_hapFileInfoWithInvalidPath = {
163 .pathNameOrig = {TEST_SUB_PATH_1, INVALID_PATH},
164 .apl = SYSTEM_CORE_APL,
165 .packageName = TEST_HAP_BUNDLE_NAME,
166 .flags = 0,
167 .hapFlags = 1,
168 };
169
170 static HapFileInfo g_hapFileInfoForInvalidContexts = {
171 .pathNameOrig = {TEST_HAP_PATH},
172 .apl = NORMAL_APL,
173 .packageName = TEST_HAP_BUNDLE_NAME_FOR_INVALID_CONTEXTS,
174 .flags = 0,
175 .hapFlags = 1,
176 };
177
178 static HapFileInfo g_hapFileInfo = {
179 .pathNameOrig = {TEST_HAP_PATH},
180 .apl = SYSTEM_CORE_APL,
181 .packageName = TEST_HAP_BUNDLE_NAME,
182 .flags = 0,
183 .hapFlags = 1,
184 };
185
186 static HapDomainInfo g_hapDomainInfoWithAplEmpty {
187 .apl = "",
188 .packageName = TEST_HAP_BUNDLE_NAME,
189 .hapFlags = 1,
190 };
191
192 static HapDomainInfo g_hapDomainInfoWithInvalidApl {
193 .apl = INVALID_APL,
194 .packageName = TEST_HAP_BUNDLE_NAME,
195 .hapFlags = 1,
196 };
197
198 static HapDomainInfo g_hapDomainInfo {
199 .apl = SYSTEM_CORE_APL,
200 .packageName = TEST_HAP_BUNDLE_NAME,
201 .hapFlags = 1,
202 };
203
204 static HapDomainInfo g_hapDomainInfoForInvalidContexts {
205 .apl = NORMAL_APL,
206 .packageName = TEST_HAP_BUNDLE_NAME_FOR_INVALID_CONTEXTS,
207 .hapFlags = 1,
208 };
209
GenerateTestFile()210 static void GenerateTestFile()
211 {
212 std::vector<std::string> sehapInfo = {
213 "apl=system_core domain=system_core_hap type=system_core_hap_data_file",
214 "apl=system_basic domain=system_basic_hap type=system_basic_hap_data_file",
215 "apl=normal domain=normal_hap type=normal_hap_data_file levelFrom=all user=o",
216 "apl=normal debuggable=true domain=debug_hap type=debug_hap_data_file levelFrom=all user=o",
217 "apl=system_core name=com.ohos.test domain= type=",
218 "apl=system_core domain=selftest type=selftest_hap_data_file",
219 "apl=system_core name=com.hap.selftest domain=selftest type=selftest_hap_data_file",
220 "apl=normal name=com.hap.selftest domain=selftest type=normal_hap_data_file",
221 "apl=normal name=com.hap.selftest_invalid domain=selftest_invalid type=selftest_invalid_hap_data_file",
222 "apl=normal extra=invalid_extra domain=dlp_sandbox_hap type=dlp_sandbox_hap_data_file",
223 "apl=normal extra=dlp_sandbox domain=dlp_sandbox_hap type=dlp_sandbox_hap_data_file",
224 "apl=normal domain=extension_test_hap extension=extension_test_ability",
225 "apl=normal domain=extension_test_same_hap extension=extension_same_ability",
226 "apl=normal debuggable=true domain=extension_test_debug_hap extension=extension_test_debug_ability",
227 "apl=normal name=com.hap.selftest domain=extension_test_preinstall_hap extension=extension_test_ability",
228 "apl=normal name=com.hap.test_sandbox extra=custom_sandbox domain=test_sandbox_hap \
229 type=test_sandbox_hap_data_file",
230 "apl=normal debuggable=true name=com.hap.test_sandbox extra=custom_sandbox domain=test_sandbox_hap \
231 type=test_sandbox_hap_data_file"};
232 ASSERT_EQ(true, WriteFile(SEHAP_CONTEXTS_FILE, sehapInfo));
233 }
234
235 #ifdef MCS_ENABLE
DeleteNonLetter(std::string str)236 static std::string DeleteNonLetter(std::string str)
237 {
238 str.erase(std::remove_if(str.begin(), str.end(), [](char c) { return !std::isalpha(c); }), str.end());
239 return str;
240 }
241
SetDefaultConfig()242 static void SetDefaultConfig()
243 {
244 std::ifstream configFile(PRODUCT_CONFIG_FILE_TEST);
245 if (!configFile) {
246 std::cout << "Read " << PRODUCT_CONFIG_FILE_TEST << " failed." << std::endl;
247 return;
248 }
249 std::string line;
250 bool hapFileMcsVisited = false;
251 while (getline(configFile, line) && !hapFileMcsVisited) {
252 size_t pos = line.find(DEFAULT_MCS_HAP_FILE_PREFIX_TEST);
253 if (pos == 0 && !hapFileMcsVisited) {
254 g_mcsHapFileEnabledTest =
255 !strcmp(DeleteNonLetter(line.substr(DEFAULT_MCS_HAP_FILE_PREFIX_TEST.size())).c_str(), "true");
256 hapFileMcsVisited = true;
257 }
258 }
259 configFile.close();
260 }
261 #endif
262
RemoveTestFile()263 static void RemoveTestFile()
264 {
265 unlink(SEHAP_CONTEXTS_FILE.c_str());
266 }
267
SetUpTestCase()268 void SelinuxUnitTest::SetUpTestCase()
269 {
270 // make test case clean
271 GenerateTestFile();
272 #ifdef MCS_ENABLE
273 SetDefaultConfig();
274 #endif
275 }
276
TearDownTestCase()277 void SelinuxUnitTest::TearDownTestCase()
278 {
279 RemoveTestFile();
280 }
281
SetUp()282 void SelinuxUnitTest::SetUp() {}
283
TearDown()284 void SelinuxUnitTest::TearDown() {}
285
CreateDataFile() const286 void SelinuxUnitTest::CreateDataFile() const {}
287
288 /**
289 * @tc.name: HapFileRestorecon001
290 * @tc.desc: test HapFileRestorecon input para invalid.
291 * @tc.type: FUNC
292 * @tc.require: AR000GJSDQ
293 */
294 HWTEST_F(SelinuxUnitTest, HapFileRestorecon001, TestSize.Level1)
295 {
296 ASSERT_EQ(true, CreateDirectory(TEST_HAP_PATH));
297
298 EXPECT_EQ(-SELINUX_ARG_INVALID, test.HapFileRestorecon(g_hapFileInfoWithAplEmpty));
299
300 EXPECT_EQ(-SELINUX_ARG_INVALID, test.HapFileRestorecon(g_hapFileInfoWithPathEmpty));
301
302 EXPECT_EQ(-SELINUX_ARG_INVALID, test.HapFileRestorecon(g_hapFileInfoWithAplInvalid));
303
304 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
305 }
306
307 /**
308 * @tc.name: HapFileRestorecon002
309 * @tc.desc: test HapFileRestorecon normal branch without restorecon.
310 * @tc.type: FUNC
311 * @tc.require:AR000GJSDQ
312 */
313 HWTEST_F(SelinuxUnitTest, HapFileRestorecon002, TestSize.Level1)
314 {
315 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_1)); // this file should not be restorecon
316
317 char *secontextOld = nullptr;
318 getfilecon(TEST_SUB_PATH_1_FILE_1.c_str(), &secontextOld);
319
320 int ret = test.HapFileRestorecon(g_hapFileInfoWithoutFlags);
321 ASSERT_EQ(SELINUX_SUCC, ret);
322
323 char *secontextNew = nullptr;
324 getfilecon(TEST_SUB_PATH_1.c_str(), &secontextNew);
325 EXPECT_STREQ(TEST_HAP_DATA_FILE_LABEL.c_str(), secontextNew);
326 freecon(secontextNew);
327 secontextNew = nullptr;
328
329 getfilecon(TEST_SUB_PATH_1_FILE_1.c_str(), &secontextNew);
330 EXPECT_STREQ(secontextOld, secontextNew);
331 freecon(secontextNew);
332 secontextNew = nullptr;
333
334 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
335 }
336
337 /**
338 * @tc.name: HapFileRestorecon003
339 * @tc.desc: test HapFileRestorecon normal branch with restorecon.
340 * @tc.type: FUNC
341 * @tc.require:AR000GJSDQ
342 */
343 HWTEST_F(SelinuxUnitTest, HapFileRestorecon003, TestSize.Level1)
344 {
345 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_1));
346 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_2));
347 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_2_FILE_1));
348 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_2_FILE_2));
349
350 int ret = test.HapFileRestorecon(g_hapFileInfoWithFlags);
351 ASSERT_EQ(SELINUX_SUCC, ret);
352
353 char *secontext = nullptr;
354 getfilecon(TEST_SUB_PATH_1.c_str(), &secontext);
355 EXPECT_STREQ(TEST_HAP_DATA_FILE_LABEL.c_str(), secontext);
356 freecon(secontext);
357 secontext = nullptr;
358
359 getfilecon(TEST_SUB_PATH_2.c_str(), &secontext);
360 EXPECT_STREQ(TEST_HAP_DATA_FILE_LABEL.c_str(), secontext);
361 freecon(secontext);
362 secontext = nullptr;
363
364 getfilecon(TEST_SUB_PATH_1_FILE_1.c_str(), &secontext);
365 EXPECT_STREQ(TEST_HAP_DATA_FILE_LABEL.c_str(), secontext);
366 freecon(secontext);
367 secontext = nullptr;
368
369 getfilecon(TEST_SUB_PATH_1_FILE_2.c_str(), &secontext);
370 EXPECT_STREQ(TEST_HAP_DATA_FILE_LABEL.c_str(), secontext);
371 freecon(secontext);
372 secontext = nullptr;
373
374 getfilecon(TEST_SUB_PATH_2_FILE_1.c_str(), &secontext);
375 EXPECT_STREQ(TEST_HAP_DATA_FILE_LABEL.c_str(), secontext);
376 freecon(secontext);
377 secontext = nullptr;
378
379 getfilecon(TEST_SUB_PATH_2_FILE_2.c_str(), &secontext);
380 EXPECT_STREQ(TEST_HAP_DATA_FILE_LABEL.c_str(), secontext);
381 freecon(secontext);
382 secontext = nullptr;
383
384 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
385 }
386
387 /**
388 * @tc.name: HapFileRestorecon004
389 * @tc.desc: test HapFileRestorecon with single path input para invalid.
390 * @tc.type: FUNC
391 * @tc.require: AR000GJSDQ
392 */
393 HWTEST_F(SelinuxUnitTest, HapFileRestorecon004, TestSize.Level1)
394 {
395 ASSERT_EQ(true, CreateDirectory(TEST_HAP_PATH));
396
397 EXPECT_EQ(-SELINUX_ARG_INVALID, test.HapFileRestorecon(TEST_HAP_PATH, g_hapFileInfoWithAplEmpty));
398
399 EXPECT_EQ(-SELINUX_ARG_INVALID, test.HapFileRestorecon(EMPTY_STRING, g_hapFileInfoWithPathEmpty));
400
401 EXPECT_EQ(-SELINUX_ARG_INVALID, test.HapFileRestorecon(TEST_HAP_PATH, g_hapFileInfoWithAplInvalid));
402
403 EXPECT_EQ(-SELINUX_CHECK_CONTEXT_ERROR, test.HapFileRestorecon(TEST_HAP_PATH, g_hapFileInfoForInvalidContexts));
404
405 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
406 }
407
408 /**
409 * @tc.name: HapFileRestorecon005
410 * @tc.desc: test HapFileRestorecon with no recurce.
411 * @tc.type: FUNC
412 * @tc.require: AR000GJSDQ
413 */
414 HWTEST_F(SelinuxUnitTest, HapFileRestorecon005, TestSize.Level1)
415 {
416 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_1));
417
418 EXPECT_EQ(SELINUX_SUCC, test.HapFileRestorecon(TEST_HAP_PATH, g_hapFileInfoWithoutFlags));
419
420 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
421 }
422
423 /**
424 * @tc.name: HapFileRestorecon006
425 * @tc.desc: test HapFileRestorecon checkPath fail.
426 * @tc.type: FUNC
427 * @tc.require: AR000GJSDQ
428 */
429 HWTEST_F(SelinuxUnitTest, HapFileRestorecon006, TestSize.Level1)
430 {
431 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_1));
432
433 EXPECT_EQ(-SELINUX_PATH_INVALID, test.HapFileRestorecon(INVALID_PATH, g_hapFileInfoWithoutFlags));
434
435 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
436 }
437
438 /**
439 * @tc.name: HapFileRestorecon007
440 * @tc.desc: test HapFileRestorecon with accounts path.
441 * @tc.type: FUNC
442 * @tc.require: AR000GJSDQ
443 */
444 HWTEST_F(SelinuxUnitTest, HapFileRestorecon007, TestSize.Level1)
445 {
446 ASSERT_EQ(true, CreateFile(TEST_ACCOUNT_SUB_PATH_1_FILE_1));
447
448 EXPECT_EQ(SELINUX_SUCC, test.HapFileRestorecon(TEST_ACCOUNT_SUB_PATH_1_FILE_1, g_hapFileInfoWithoutFlags));
449
450 ASSERT_EQ(true, RemoveDirectory(ACCOUNT_PATH));
451 }
452
453 /**
454 * @tc.name: HapFileRestorecon008
455 * @tc.desc: test HapFileRestorecon type is empty.
456 * @tc.type: FUNC
457 * @tc.require: AR000GJSDQ
458 */
459 HWTEST_F(SelinuxUnitTest, HapFileRestorecon008, TestSize.Level1)
460 {
461 ASSERT_EQ(true, CreateDirectory(TEST_HAP_PATH));
462
463 EXPECT_EQ(-SELINUX_KEY_NOT_FOUND, test.HapFileRestorecon(TEST_HAP_PATH, g_hapFileInfoWithCannotFindContexts));
464
465 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
466 }
467
CompareContexts(const std::string & path,const std::string & label)468 static bool CompareContexts(const std::string &path, const std::string &label)
469 {
470 char *secontext = nullptr;
471 getfilecon(path.c_str(), &secontext);
472 bool res = (strcmp(label.c_str(), secontext) == 0);
473 freecon(secontext);
474 secontext = nullptr;
475 return res;
476 }
477
478 /**
479 * @tc.name: HapFileRestorecon009
480 * @tc.desc: test HapFileRestorecon input multi path/file no recurse.
481 * @tc.type: FUNC
482 * @tc.require:AR000GJSDQ
483 */
484 HWTEST_F(SelinuxUnitTest, HapFileRestorecon009, TestSize.Level1)
485 {
486 ASSERT_EQ(true, CreateDirectory(TEST_SUB_PATH_4));
487 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_1));
488 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_2));
489 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_2_FILE_1)); // should not be restorecon
490 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_3_FILE_1));
491
492 char *secontextOld = nullptr;
493 getfilecon(TEST_SUB_PATH_2_FILE_1.c_str(), &secontextOld);
494
495 HapFileInfo hapFileInfo = {
496 .pathNameOrig = {TEST_SUB_PATH_1, TEST_SUB_PATH_2, TEST_SUB_PATH_1_FILE_1, TEST_SUB_PATH_1_FILE_2,
497 TEST_UNSIMPLIFY_FILE, TEST_UNSIMPLIFY_PATH},
498 .apl = SYSTEM_CORE_APL,
499 .packageName = TEST_HAP_BUNDLE_NAME,
500 .flags = 0,
501 .hapFlags = 1,
502 };
503
504 ASSERT_EQ(SELINUX_SUCC, test.HapFileRestorecon(hapFileInfo));
505 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_1, TEST_HAP_DATA_FILE_LABEL));
506 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_2, TEST_HAP_DATA_FILE_LABEL));
507 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_1_FILE_1, TEST_HAP_DATA_FILE_LABEL));
508 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_1_FILE_2, TEST_HAP_DATA_FILE_LABEL));
509 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_3_FILE_1, TEST_HAP_DATA_FILE_LABEL));
510 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_4, TEST_HAP_DATA_FILE_LABEL));
511
512 char *secontext = nullptr;
513 getfilecon(TEST_SUB_PATH_2_FILE_1.c_str(), &secontext); // this file should not be restorecon
514 EXPECT_STREQ(secontextOld, secontext);
515 freecon(secontext);
516 freecon(secontextOld);
517 secontext = nullptr;
518 secontextOld = nullptr;
519
520 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
521 }
522
523 /**
524 * @tc.name: HapFileRestorecon010
525 * @tc.desc: test HapFileRestorecon input multi path/file recurse.
526 * @tc.type: FUNC
527 * @tc.require:AR000GJSDQ
528 */
529 HWTEST_F(SelinuxUnitTest, HapFileRestorecon010, TestSize.Level1)
530 {
531 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_1));
532 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_2));
533 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_2_FILE_1));
534 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_2_FILE_2));
535 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_3_FILE_1));
536 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_3_FILE_2)); // this file should not be restorecon
537 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_4_FILE_1));
538 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_4_FILE_2));
539
540 char *secontextOld = nullptr;
541 getfilecon(TEST_SUB_PATH_3_FILE_2.c_str(), &secontextOld);
542
543 HapFileInfo hapFileInfo = {
544 .pathNameOrig = { TEST_SUB_PATH_1, TEST_SUB_PATH_2, TEST_UNSIMPLIFY_FILE, TEST_UNSIMPLIFY_PATH },
545 .apl = SYSTEM_CORE_APL,
546 .packageName = TEST_HAP_BUNDLE_NAME,
547 .flags = 1,
548 .hapFlags = 1,
549 };
550 ASSERT_EQ(SELINUX_SUCC, test.HapFileRestorecon(hapFileInfo));
551 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_1, TEST_HAP_DATA_FILE_LABEL));
552 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_2, TEST_HAP_DATA_FILE_LABEL));
553 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_4, TEST_HAP_DATA_FILE_LABEL));
554 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_1_FILE_1, TEST_HAP_DATA_FILE_LABEL));
555 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_1_FILE_2, TEST_HAP_DATA_FILE_LABEL));
556 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_2_FILE_1, TEST_HAP_DATA_FILE_LABEL));
557 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_2_FILE_2, TEST_HAP_DATA_FILE_LABEL));
558 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_4_FILE_1, TEST_HAP_DATA_FILE_LABEL));
559 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_4_FILE_2, TEST_HAP_DATA_FILE_LABEL));
560 EXPECT_TRUE(CompareContexts(TEST_SUB_PATH_3_FILE_1, TEST_HAP_DATA_FILE_LABEL));
561
562 char *secontext = nullptr;
563 getfilecon(TEST_SUB_PATH_3_FILE_2.c_str(), &secontext);
564 EXPECT_STREQ(secontextOld, secontext);
565 freecon(secontext);
566 freecon(secontextOld);
567 secontext = nullptr;
568 secontextOld = nullptr;
569
570 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
571 }
572
573 /**
574 * @tc.name: HapFileRestorecon011
575 * @tc.desc: test HapFileRestorecon repeat label.
576 * @tc.type: FUNC
577 * @tc.require:AR000GJSDQ
578 */
579 HWTEST_F(SelinuxUnitTest, HapFileRestorecon011, TestSize.Level1)
580 {
581 ASSERT_EQ(true, CreateDirectory(TEST_SUB_PATH_1));
582 int ret = test.HapFileRestorecon(g_hapFileInfoForRepeatLabel);
583 ASSERT_EQ(SELINUX_SUCC, ret);
584
585 char *secontext = nullptr;
586 getfilecon(TEST_SUB_PATH_1.c_str(), &secontext);
587 EXPECT_STREQ(TEST_HAP_DATA_FILE_LABEL.c_str(), secontext);
588 freecon(secontext);
589 secontext = nullptr;
590
591 char *secontextOld = nullptr;
592 getfilecon(TEST_SUB_PATH_1.c_str(), &secontextOld);
593
594 ret = test.HapFileRestorecon(g_hapFileInfoForRepeatLabel); // double restorcon
595 ASSERT_EQ(SELINUX_SUCC, ret);
596
597 getfilecon(TEST_SUB_PATH_1.c_str(), &secontext);
598 EXPECT_STREQ(secontextOld, secontext);
599 freecon(secontext);
600 freecon(secontextOld);
601 secontext = nullptr;
602 secontextOld = nullptr;
603
604 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
605 }
606
607 /**
608 * @tc.name: HapFileRestorecon012
609 * @tc.desc: test HapFileRestorecon normal branch with preinstalled app.
610 * @tc.type: FUNC
611 * @tc.require:AR000GJSDQ
612 */
613 HWTEST_F(SelinuxUnitTest, HapFileRestorecon012, TestSize.Level1)
614 {
615 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_1));
616
617 int ret = test.HapFileRestorecon(g_hapFileInfoWithPreinstallHap);
618 ASSERT_EQ(SELINUX_SUCC, ret);
619
620 char *secontextNew = nullptr;
621 getfilecon(TEST_SUB_PATH_1.c_str(), &secontextNew);
622 EXPECT_STREQ(TEST_HAP_DATA_FILE_LABEL.c_str(), secontextNew);
623 freecon(secontextNew);
624 secontextNew = nullptr;
625
626 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
627 }
628
629 /**
630 * @tc.name: HapFileRestorecon013
631 * @tc.desc: test HapFileRestorecon with multi path failed.
632 * @tc.type: FUNC
633 * @tc.require:
634 */
635 HWTEST_F(SelinuxUnitTest, HapFileRestorecon013, TestSize.Level1)
636 {
637 ASSERT_EQ(true, CreateFile(TEST_SUB_PATH_1_FILE_1));
638 ASSERT_EQ(true, CreateFile(INVALID_PATH));
639
640 ASSERT_EQ(-SELINUX_RESTORECON_ERROR, test.HapFileRestorecon(g_hapFileInfoWithInvalidPath));
641
642 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
643 ASSERT_EQ(true, RemoveDirectory(INVALID_PATH));
644 }
645
646 /**
647 * @tc.name: HapFileRestorecon014
648 * @tc.desc: test HapFileRestorecon uid
649 * @tc.type: FUNC
650 * @tc.require:
651 */
652 HWTEST_F(SelinuxUnitTest, HapFileRestorecon014, TestSize.Level1)
653 {
654 ASSERT_EQ(true, CreateDirectory(TEST_HAP_PATH));
655
656 EXPECT_EQ(SELINUX_SUCC, test.HapFileRestorecon(g_hapFileInfo));
657
658 #ifdef MCS_ENABLE
659
660 g_hapFileInfo.uid = TEST_UID;
661 EXPECT_EQ(SELINUX_SUCC, test.HapFileRestorecon(g_hapFileInfo));
662
663 g_hapFileInfo.uid = TEST_UID_FAILED;
664 EXPECT_EQ(SELINUX_SUCC, test.HapFileRestorecon(g_hapFileInfo));
665
666 #endif
667
668 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
669 }
670
671 /**
672 * @tc.name: HapFileRecurseRestorecon001
673 * @tc.desc: test HapFileRecurseRestorecon realPath is nullptr.
674 * @tc.type: FUNC
675 * @tc.require: AR000GJSDQ
676 */
677 HWTEST_F(SelinuxUnitTest, HapFileRecurseRestorecon001, TestSize.Level1)
678 {
679 int ret = test.HapFileRecurseRestorecon(nullptr, g_hapFileInfoWithCannotFindContexts);
680 ASSERT_EQ(-SELINUX_FTS_OPEN_ERROR, ret);
681 }
682
683 /**
684 * @tc.name: RestoreconSb001
685 * @tc.desc: test RestoreconSb with repeat label.
686 * @tc.type: FUNC
687 * @tc.require: AR000GJSDQ
688 */
689 HWTEST_F(SelinuxUnitTest, RestoreconSb001, TestSize.Level1)
690 {
691 ASSERT_EQ(true, CreateDirectory(TEST_SUB_PATH_1));
692
693 ASSERT_EQ(SELINUX_SUCC, test.RestoreconSb(TEST_SUB_PATH_1, g_hapFileInfoForRepeatLabel));
694 char *secontextOld = nullptr;
695 getfilecon(TEST_SUB_PATH_1.c_str(), &secontextOld);
696 EXPECT_STREQ(secontextOld, TEST_HAP_DATA_FILE_LABEL.c_str());
697 freecon(secontextOld);
698
699 ASSERT_EQ(SELINUX_SUCC, test.RestoreconSb(TEST_SUB_PATH_1, g_hapFileInfoForRepeatLabel)); // double restorcon
700 char *secontextNew = nullptr;
701 getfilecon(TEST_SUB_PATH_1.c_str(), &secontextNew);
702 EXPECT_STREQ(secontextNew, TEST_HAP_DATA_FILE_LABEL.c_str());
703 freecon(secontextNew);
704
705 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
706 }
707
708 /**
709 * @tc.name: HapDomainSetcontext001
710 * @tc.desc: test HapDomainSetcontext input para invalid.
711 * @tc.type: FUNC
712 * @tc.require: issueI6JV34
713 */
714 HWTEST_F(SelinuxUnitTest, HapDomainSetcontext001, TestSize.Level1)
715 {
716 ASSERT_EQ(true, CreateDirectory(TEST_HAP_PATH));
717
718 EXPECT_EQ(-SELINUX_ARG_INVALID, test.HapDomainSetcontext(g_hapDomainInfoWithAplEmpty));
719 EXPECT_EQ(-SELINUX_ARG_INVALID, test.HapDomainSetcontext(g_hapDomainInfoWithInvalidApl));
720
721 ASSERT_EQ(true, RemoveDirectory(TEST_HAP_PATH));
722 }
723
724 /**
725 * @tc.name: HapDomainSetcontext002
726 * @tc.desc: test HapDomainSetcontext must succeed
727 * @tc.type: FUNC
728 * @tc.require: issueI6JV34
729 */
730 HWTEST_F(SelinuxUnitTest, HapDomainSetcontext002, TestSize.Level1)
731 {
732 pid_t pid = fork();
733 ASSERT_TRUE(pid >= 0);
734 if (pid == 0) {
735 EXPECT_EQ(SELINUX_SUCC, test.HapDomainSetcontext(g_hapDomainInfo));
736 usleep(200000); // sleep 200ms
737 exit(0);
738 } else {
739 usleep(150000); // sleep 150ms
740 char *con = nullptr;
741 ASSERT_EQ(0, getpidcon(pid, &con));
742 EXPECT_STREQ(con, TEST_HAP_DOMAIN.c_str());
743 freecon(con);
744 }
745 }
746
747 /**
748 * @tc.name: HapDomainSetcontext003
749 * @tc.desc: test HapDomainSetcontext setcon normal_hap.
750 * @tc.type: FUNC
751 * @tc.require: issueI6JV34
752 */
753 HWTEST_F(SelinuxUnitTest, HapDomainSetcontext003, TestSize.Level1)
754 {
755 pid_t pid = fork();
756 ASSERT_TRUE(pid >= 0);
757 if (pid == 0) {
758 EXPECT_EQ(-SELINUX_CHECK_CONTEXT_ERROR, test.HapDomainSetcontext(g_hapDomainInfoForInvalidContexts));
759 exit(0);
760 }
761 }
762
763 /**
764 * @tc.name: HapContextsLookup001
765 * @tc.desc: test HapContextsLookup must succeed
766 * @tc.type: FUNC
767 * @tc.require: issueI9MCSP
768 */
769 HWTEST_F(SelinuxUnitTest, HapContextsLookup001, TestSize.Level1)
770 {
771 char *oldTypeContext = nullptr;
772 ASSERT_EQ(SELINUX_SUCC, getcon(&oldTypeContext));
773 context_t con = context_new(oldTypeContext);
774
775 HapContextParams params;
776 params.apl = SYSTEM_CORE_APL;
777 params.packageName = EMPTY_STRING;
778 params.hapFlags = 0;
779 params.isDomain = true;
780 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
781 EXPECT_STREQ(context_str(con), TEST_HAP_DOMAIN.c_str());
782
783 params.apl = NORMAL_APL;
784 params.packageName = TEST_HAP_BUNDLE_NAME;
785 params.hapFlags = SELINUX_HAP_RESTORECON_PREINSTALLED_APP;
786 params.isDomain = true;
787 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
788 EXPECT_STREQ(context_str(con), TEST_HAP_DOMAIN.c_str());
789
790 params.apl = NORMAL_APL;
791 params.packageName = EMPTY_STRING;
792 params.hapFlags = SELINUX_HAP_DLP;
793 params.isDomain = true;
794 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
795 EXPECT_STREQ(context_str(con), DLP_HAP_DOMAIN.c_str());
796
797 params.apl = NORMAL_APL;
798 params.packageName = EMPTY_STRING;
799 params.hapFlags = SELINUX_HAP_DLP | SELINUX_HAP_DEBUGGABLE;
800 params.isDomain = true;
801 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
802 EXPECT_STREQ(context_str(con), DLP_HAP_DOMAIN.c_str());
803
804 params.apl = NORMAL_APL;
805 params.packageName = TEST_HAP_BUNDLE_NAME_FOR_TEST_SANDBOX;
806 params.hapFlags = SELINUX_HAP_CUSTOM_SANDBOX;
807 params.isDomain = true;
808 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
809 EXPECT_STREQ(context_str(con), TEST_SANDBOX_HAP_DOMAIN.c_str());
810
811 params.apl = NORMAL_APL;
812 params.packageName = TEST_HAP_BUNDLE_NAME_FOR_TEST_SANDBOX;
813 params.hapFlags = SELINUX_HAP_CUSTOM_SANDBOX | SELINUX_HAP_DEBUGGABLE;
814 params.isDomain = true;
815 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
816 EXPECT_STREQ(context_str(con), TEST_SANDBOX_HAP_DOMAIN.c_str());
817
818 freecon(oldTypeContext);
819 context_free(con);
820 }
821
822 /**
823 * @tc.name: HapContextsLookup002
824 * @tc.desc: test HapContextsLookup must succeed
825 * @tc.type: FUNC
826 * @tc.require: issueI9MCSP
827 */
828 HWTEST_F(SelinuxUnitTest, HapContextsLookup002, TestSize.Level1)
829 {
830 char *oldTypeContext = nullptr;
831 ASSERT_EQ(SELINUX_SUCC, getcon(&oldTypeContext));
832 context_t con = context_new(oldTypeContext);
833
834 HapContextParams params;
835 params.apl = SYSTEM_CORE_APL;
836 params.packageName = EMPTY_STRING;
837 params.hapFlags = 0;
838 params.isDomain = false;
839 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
840 EXPECT_STREQ(context_str(con), TEST_HAP_DATA_TYPE.c_str());
841
842 params.apl = NORMAL_APL;
843 params.packageName = EMPTY_STRING;
844 params.hapFlags = 0;
845 params.isDomain = false;
846 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
847 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE.c_str());
848
849 params.apl = NORMAL_APL;
850 params.packageName = TEST_HAP_BUNDLE_NAME;
851 params.hapFlags = SELINUX_HAP_RESTORECON_PREINSTALLED_APP;
852 params.isDomain = false;
853 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
854 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE.c_str());
855
856 params.apl = NORMAL_APL;
857 params.packageName = EMPTY_STRING;
858 params.hapFlags = SELINUX_HAP_DLP;
859 params.isDomain = false;
860 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
861 EXPECT_STREQ(context_str(con), DLP_HAP_DATA_TYPE.c_str());
862
863 params.apl = NORMAL_APL;
864 params.packageName = EMPTY_STRING;
865 params.hapFlags = SELINUX_HAP_DLP | SELINUX_HAP_DEBUGGABLE;
866 params.isDomain = false;
867 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
868 EXPECT_STREQ(context_str(con), DLP_HAP_DATA_TYPE.c_str());
869
870 params.apl = NORMAL_APL;
871 params.packageName = TEST_HAP_BUNDLE_NAME_FOR_TEST_SANDBOX;
872 params.hapFlags = SELINUX_HAP_CUSTOM_SANDBOX;
873 params.isDomain = false;
874 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
875 EXPECT_STREQ(context_str(con), TEST_SANDBOX_HAP_DATA_TYPE.c_str());
876
877 params.apl = NORMAL_APL;
878 params.packageName = TEST_HAP_BUNDLE_NAME_FOR_TEST_SANDBOX;
879 params.hapFlags = SELINUX_HAP_CUSTOM_SANDBOX | SELINUX_HAP_DEBUGGABLE;
880 params.isDomain = false;
881 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
882 EXPECT_STREQ(context_str(con), TEST_SANDBOX_HAP_DATA_TYPE.c_str());
883
884 freecon(oldTypeContext);
885 context_free(con);
886 }
887
888 /**
889 * @tc.name: HapContextsLookup003
890 * @tc.desc: test HapContextsLookup must succeed
891 * @tc.type: FUNC
892 * @tc.require: issueI9MCSP
893 */
894 HWTEST_F(SelinuxUnitTest, HapContextsLookup003, TestSize.Level1)
895 {
896 char *oldTypeContext = nullptr;
897 ASSERT_EQ(SELINUX_SUCC, getcon(&oldTypeContext));
898 context_t con = context_new(oldTypeContext);
899 //1.normal
900 HapContextParams params;
901 params.apl = NORMAL_APL;
902 params.packageName = EMPTY_STRING;
903 params.hapFlags = 0;
904 params.extension = TEST_EXTENSION;
905 params.isDomain = true;
906 int res = test.HapContextsLookup(params, con);
907 EXPECT_EQ(res, SELINUX_SUCC);
908 EXPECT_STREQ(context_str(con), TEST_EXTENSION_DOMAIN.c_str());
909 //2.debug
910 params.apl = NORMAL_APL;
911 params.packageName = EMPTY_STRING;
912 params.hapFlags = SELINUX_HAP_DEBUGGABLE;
913 params.extension = TEST_DEBUG_EXTENSION;
914 params.isDomain = true;
915 res = test.HapContextsLookup(params, con);
916 EXPECT_EQ(res, SELINUX_SUCC);
917 EXPECT_STREQ(context_str(con), TEST_EXTENSION_DEBUG_DOMAIN.c_str());
918 //4.preinstall
919 params.apl = NORMAL_APL;
920 params.packageName = TEST_HAP_BUNDLE_NAME;
921 params.hapFlags = SELINUX_HAP_RESTORECON_PREINSTALLED_APP;
922 params.extension = "NOT_SET";
923 params.isDomain = true;
924 res = test.HapContextsLookup(params, con);
925 EXPECT_EQ(res, SELINUX_SUCC);
926 EXPECT_STREQ(context_str(con), TEST_HAP_DOMAIN.c_str());
927
928 freecon(oldTypeContext);
929 context_free(con);
930 }
931
932 /**
933 * @tc.name: HapContextsLookup004
934 * @tc.desc: test HapContextsLookup must succeed
935 * @tc.type: FUNC
936 * @tc.require: issueI9MCSP
937 */
938 HWTEST_F(SelinuxUnitTest, HapContextsLookup004, TestSize.Level1)
939 {
940 char *oldTypeContext = nullptr;
941 ASSERT_EQ(SELINUX_SUCC, getcon(&oldTypeContext));
942 context_t con = context_new(oldTypeContext);
943 HapContextParams params;
944 //5.preinstall
945 params.apl = NORMAL_APL;
946 params.packageName = TEST_HAP_BUNDLE_NAME;
947 params.hapFlags = SELINUX_HAP_RESTORECON_PREINSTALLED_APP;
948 params.extension = TEST_EXTENSION;
949 params.isDomain = true;
950 int res = test.HapContextsLookup(params, con);
951 EXPECT_EQ(res, SELINUX_SUCC);
952 EXPECT_STREQ(context_str(con), TEST_EXTENSION_PREINSTALL_DOMAIN.c_str());
953 //6.preinstall
954 params.apl = NORMAL_APL;
955 params.packageName = TEST_HAP_BUNDLE_NAME;
956 params.hapFlags = SELINUX_HAP_RESTORECON_PREINSTALLED_APP;
957 params.extension = "NOT_SET";
958 params.isDomain = true;
959 res = test.HapContextsLookup(params, con);
960 EXPECT_EQ(res, SELINUX_SUCC);
961 EXPECT_STREQ(context_str(con), TEST_HAP_DOMAIN.c_str());
962 //7.preinstall
963 params.apl = NORMAL_APL;
964 params.packageName = "NOT_SET";
965 params.hapFlags = SELINUX_HAP_RESTORECON_PREINSTALLED_APP;
966 params.extension = TEST_SAME_EXTENSION;
967 params.isDomain = true;
968 res = test.HapContextsLookup(params, con);
969 EXPECT_EQ(res, SELINUX_SUCC);
970 EXPECT_STREQ(context_str(con), TEST_EXTENSION_SAME_DOMAIN.c_str());
971
972 freecon(oldTypeContext);
973 context_free(con);
974 }
975
976 /**
977 * @tc.name: HapContextsLookup005
978 * @tc.desc: test HapContextsLookup must succeed with mcs userid=0
979 * @tc.type: FUNC
980 * @tc.require: issueI9MCSP
981 */
982 HWTEST_F(SelinuxUnitTest, HapContextsLookup005, TestSize.Level1)
983 {
984 char *oldTypeContext = nullptr;
985 ASSERT_EQ(SELINUX_SUCC, getcon(&oldTypeContext));
986 context_t con = context_new(oldTypeContext);
987
988 HapContextParams params;
989 params.apl = NORMAL_APL;
990 params.packageName = EMPTY_STRING;
991 params.hapFlags = 0;
992 params.isDomain = true;
993 #ifdef MCS_ENABLE
994 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
995 EXPECT_STREQ(context_str(con), TEST_NORMAL_DOMAIN.c_str());
996 #else
997 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
998 EXPECT_STREQ(context_str(con), TEST_NORMAL_DOMAIN.c_str());
999 #endif
1000
1001 freecon(oldTypeContext);
1002 context_free(con);
1003 }
1004
1005 /**
1006 * @tc.name: HapContextsLookup006
1007 * @tc.desc: test HapContextsLookup must succeed with mcs 0<userid<100
1008 * @tc.type: FUNC
1009 * @tc.require: issueI9MCSP
1010 */
1011 HWTEST_F(SelinuxUnitTest, HapContextsLookup006, TestSize.Level1)
1012 {
1013 char *oldTypeContext = nullptr;
1014 ASSERT_EQ(SELINUX_SUCC, getcon(&oldTypeContext));
1015 context_t con = context_new(oldTypeContext);
1016
1017 HapContextParams params;
1018 params.apl = NORMAL_APL;
1019 params.packageName = EMPTY_STRING;
1020 params.hapFlags = 0;
1021 params.isDomain = true;
1022 #ifdef MCS_ENABLE
1023 params.uid = TEST_UID_FAILED;
1024 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
1025 EXPECT_STREQ(context_str(con), TEST_NORMAL_DOMAIN.c_str());
1026 #else
1027 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
1028 EXPECT_STREQ(context_str(con), TEST_NORMAL_DOMAIN.c_str());
1029 #endif
1030
1031 freecon(oldTypeContext);
1032 context_free(con);
1033 }
1034
1035 /**
1036 * @tc.name: HapContextsLookup007
1037 * @tc.desc: test HapContextsLookup must succeed with mcs userid>=100
1038 * @tc.type: FUNC
1039 * @tc.require: issueI9MCSP
1040 */
1041 HWTEST_F(SelinuxUnitTest, HapContextsLookup007, TestSize.Level1)
1042 {
1043 char *oldTypeContext = nullptr;
1044 ASSERT_EQ(SELINUX_SUCC, getcon(&oldTypeContext));
1045 context_t con = context_new(oldTypeContext);
1046
1047 HapContextParams params;
1048 params.apl = NORMAL_APL;
1049 params.packageName = EMPTY_STRING;
1050 params.hapFlags = 0;
1051 params.isDomain = true;
1052 #ifdef MCS_ENABLE
1053 params.uid = TEST_UID;
1054 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
1055 EXPECT_STREQ(context_str(con), TEST_NORMAL_DOMAIN_WITH_CATEGORY.c_str());
1056 #else
1057 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
1058 EXPECT_STREQ(context_str(con), TEST_NORMAL_DOMAIN.c_str());
1059 #endif
1060
1061 freecon(oldTypeContext);
1062 context_free(con);
1063 }
1064
1065 /**
1066 * @tc.name: HapContextsLookup008
1067 * @tc.desc: test HapContextsLookup must succeed with isDomain=false
1068 * @tc.type: FUNC
1069 * @tc.require: issueI9MCSP
1070 */
1071 HWTEST_F(SelinuxUnitTest, HapContextsLookup008, TestSize.Level1)
1072 {
1073 char *oldTypeContext = nullptr;
1074 ASSERT_EQ(SELINUX_SUCC, getcon(&oldTypeContext));
1075 context_t con = context_new(oldTypeContext);
1076
1077 //3.preinstall
1078 HapContextParams params;
1079 params.apl = NORMAL_APL;
1080 params.packageName = "NOT_SET";
1081 params.hapFlags = SELINUX_HAP_RESTORECON_PREINSTALLED_APP;
1082 params.extension = "NOT_SET";
1083 params.uid = TEST_UID;
1084 #ifdef MCS_ENABLE
1085 EXPECT_EQ(test.HapContextsLookup(params, con), SELINUX_SUCC);
1086 if (params.isDomain || g_mcsHapFileEnabledTest) {
1087 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE_WITH_CATEGORY.c_str());
1088 } else {
1089 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE.c_str());
1090 }
1091 #else
1092 EXPECT_EQ(test.HapContextsLookup(params, con), SELINUX_SUCC);
1093 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE.c_str());
1094 #endif
1095
1096 freecon(oldTypeContext);
1097 context_free(con);
1098 }
1099
1100 /**
1101 * @tc.name: HapContextsLookup009
1102 * @tc.desc: test HapContextsLookup must succeed with isDomain=true
1103 * @tc.type: FUNC
1104 * @tc.require: issueI9MCSP
1105 */
1106 HWTEST_F(SelinuxUnitTest, HapContextsLookup009, TestSize.Level1)
1107 {
1108 char *oldTypeContext = nullptr;
1109 ASSERT_EQ(SELINUX_SUCC, getcon(&oldTypeContext));
1110 context_t con = context_new(oldTypeContext);
1111
1112 //3.preinstall
1113 HapContextParams params;
1114 params.apl = NORMAL_APL;
1115 params.packageName = "NOT_SET";
1116 params.hapFlags = SELINUX_HAP_RESTORECON_PREINSTALLED_APP;
1117 params.extension = "NOT_SET";
1118 params.uid = TEST_UID;
1119 #ifdef MCS_ENABLE
1120 params.isDomain = true;
1121 EXPECT_EQ(test.HapContextsLookup(params, con), SELINUX_SUCC);
1122 EXPECT_STREQ(context_str(con), TEST_NORMAL_DOMAIN_WITH_CATEGORY.c_str());
1123 #else
1124 EXPECT_EQ(test.HapContextsLookup(params, con), SELINUX_SUCC);
1125 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE.c_str());
1126 #endif
1127
1128 freecon(oldTypeContext);
1129 context_free(con);
1130 }
1131
1132 /**
1133 * @tc.name: HapContextsLookup010
1134 * @tc.desc: test HapContextsLookup must succeed with mcs userid=0 and isDomain=false
1135 * @tc.type: FUNC
1136 * @tc.require: issueI9MCSP
1137 */
1138 HWTEST_F(SelinuxUnitTest, HapContextsLookup010, TestSize.Level1)
1139 {
1140 char **secontextPtr = nullptr;
1141 *secontextPtr = strdup(DEFAULT_CONTEXT);
1142 ASSERT_NE(nullptr, *secontextPtr);
1143 const char *secontext = *secontextPtr;
1144 context_t con = context_new(secontext);
1145
1146 HapContextParams params;
1147 params.apl = NORMAL_APL;
1148 params.packageName = EMPTY_STRING;
1149 params.hapFlags = 0;
1150 #ifdef MCS_ENABLE
1151 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
1152 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE.c_str());
1153 #else
1154 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
1155 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE.c_str());
1156 #endif
1157
1158 freecon(*secontextPtr);
1159 context_free(con);
1160 }
1161
1162 /**
1163 * @tc.name: HapContextsLookup011
1164 * @tc.desc: test HapContextsLookup must succeed with mcs 0<userid<100 and isDomain=false
1165 * @tc.type: FUNC
1166 * @tc.require: issueI9MCSP
1167 */
1168 HWTEST_F(SelinuxUnitTest, HapContextsLookup011, TestSize.Level1)
1169 {
1170 char **secontextPtr = nullptr;
1171 *secontextPtr = strdup(DEFAULT_CONTEXT);
1172 ASSERT_NE(nullptr, *secontextPtr);
1173 const char *secontext = *secontextPtr;
1174 context_t con = context_new(secontext);
1175
1176 HapContextParams params;
1177 params.apl = NORMAL_APL;
1178 params.packageName = EMPTY_STRING;
1179 params.hapFlags = 0;
1180 #ifdef MCS_ENABLE
1181 params.uid = TEST_UID_FAILED;
1182 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
1183 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE.c_str());
1184 #else
1185 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
1186 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE.c_str());
1187 #endif
1188
1189 freecon(*secontextPtr);
1190 context_free(con);
1191 }
1192
1193 /**
1194 * @tc.name: HapContextsLookup007
1195 * @tc.desc: test HapContextsLookup must succeed with mcs userid>=100 and isDomain=false
1196 * @tc.type: FUNC
1197 * @tc.require: issueI9MCSP
1198 */
1199 HWTEST_F(SelinuxUnitTest, HapContextsLookup012, TestSize.Level1)
1200 {
1201 char **secontextPtr = nullptr;
1202 *secontextPtr = strdup(DEFAULT_CONTEXT);
1203 ASSERT_NE(nullptr, *secontextPtr);
1204 const char *secontext = *secontextPtr;
1205 context_t con = context_new(secontext);
1206
1207 HapContextParams params;
1208 params.apl = NORMAL_APL;
1209 params.packageName = EMPTY_STRING;
1210 params.hapFlags = 0;
1211 #ifdef MCS_ENABLE
1212 params.uid = TEST_UID;
1213 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
1214 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE_WITH_CATEGORY.c_str());
1215 #else
1216 EXPECT_EQ(SELINUX_SUCC, test.HapContextsLookup(params, con));
1217 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE.c_str());
1218 #endif
1219
1220 freecon(*secontextPtr);
1221 context_free(con);
1222 }
1223
1224 /**
1225 * @tc.name: TypeSet001
1226 * @tc.desc: test TypeSet type is empty.
1227 * @tc.type: FUNC
1228 * @tc.require: issueI6JV34
1229 */
1230 HWTEST_F(SelinuxUnitTest, TypeSet001, TestSize.Level1)
1231 {
1232 ASSERT_EQ(-SELINUX_ARG_INVALID, test.TypeSet(EMPTY_STRING, nullptr));
1233 }
1234
1235 /**
1236 * @tc.name: UserAndMCSRangeSet001
1237 * @tc.desc: test UserAndMCSRangeSet with domain different level.
1238 * @tc.type: FUNC
1239 * @tc.require: issueI6JV34
1240 */
1241 HWTEST_F(SelinuxUnitTest, UserAndMCSRangeSet001, TestSize.Level1)
1242 {
1243 char *oldTypeContext = nullptr;
1244 ASSERT_EQ(SELINUX_SUCC, getcon(&oldTypeContext));
1245 context_t con = context_new(oldTypeContext);
1246 ASSERT_EQ(SELINUX_SUCC, test.TypeSet("normal_hap", con));
1247 #ifdef MCS_ENABLE
1248 EXPECT_EQ(test.UserAndMCSRangeSet(TEST_UID, con, LEVELFROM_ALL, "o"), SELINUX_SUCC);
1249 EXPECT_STREQ(context_str(con), TEST_NORMAL_DOMAIN_WITH_CATEGORY.c_str());
1250
1251 EXPECT_EQ(test.UserAndMCSRangeSet(TEST_UID, con, LEVELFROM_USER, "o"), SELINUX_SUCC);
1252 EXPECT_STREQ(context_str(con), TEST_NORMAL_DOMAIN_WITH_CATEGORY_USER.c_str());
1253
1254 EXPECT_EQ(test.UserAndMCSRangeSet(TEST_UID, con, LEVELFROM_APP, "o"), SELINUX_SUCC);
1255 EXPECT_STREQ(context_str(con), TEST_NORMAL_DOMAIN_WITH_CATEGORY_APP.c_str());
1256 #endif
1257 freecon(oldTypeContext);
1258 context_free(con);
1259 }
1260
1261 /**
1262 * @tc.name: UserAndMCSRangeSet002
1263 * @tc.desc: test UserAndMCSRangeSet with type different level.
1264 * @tc.type: FUNC
1265 * @tc.require: issueI6JV34
1266 */
1267 HWTEST_F(SelinuxUnitTest, UserAndMCSRangeSet002, TestSize.Level1)
1268 {
1269 char **secontextPtr = nullptr;
1270 *secontextPtr = strdup(DEFAULT_CONTEXT);
1271 ASSERT_NE(nullptr, *secontextPtr);
1272 const char *secontext = *secontextPtr;
1273 context_t con = context_new(secontext);
1274 ASSERT_EQ(SELINUX_SUCC, test.TypeSet("normal_hap_data_file", con));
1275 #ifdef MCS_ENABLE
1276 EXPECT_EQ(test.UserAndMCSRangeSet(TEST_UID, con, LEVELFROM_ALL, "o"), SELINUX_SUCC);
1277 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE_WITH_CATEGORY.c_str());
1278
1279 EXPECT_EQ(test.UserAndMCSRangeSet(TEST_UID, con, LEVELFROM_USER, "o"), SELINUX_SUCC);
1280 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE_WITH_CATEGORY_USER.c_str());
1281
1282 EXPECT_EQ(test.UserAndMCSRangeSet(TEST_UID, con, LEVELFROM_APP, "o"), SELINUX_SUCC);
1283 EXPECT_STREQ(context_str(con), TEST_NORMAL_TYPE_WITH_CATEGORY_APP.c_str());
1284 #endif
1285 freecon(*secontextPtr);
1286 context_free(con);
1287 }
1288
1289 } // namespace SelinuxUnitTest
1290 } // namespace Security
1291 } // namespace OHOS
1292