• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1import json
2import os
3import time
4import logging
5import pytest
6
7
8class Test:
9    @pytest.mark.parametrize('setup_teardown', [None], indirect=True)
10    def test(self, setup_teardown, device):
11        #return
12        check_list_file = os.path.join(device.resource_path, 'acl_whitelist.json')
13        assert os.path.exists(check_list_file), '{} not exist'.format(check_list_file)
14        logging.info('reading {} content'.format(check_list_file))
15        whitelist_dict = {}
16        json_data = json.load(open(check_list_file, 'r'))
17        for item in json_data:
18            whitelist_dict.update({item.get('processName'): item.get('acls')})
19
20        logging.info('exporting token_info')
21        token_file = 'token_info_{}.txt'.format(time.time_ns())
22        device.hdc_shell('atm dump -t > /data/{}'.format(token_file))
23        device.hdc_file_recv('/data/{}'.format(token_file))
24        local_file = os.path.join(device.report_path, token_file)
25        assert os.path.exists(local_file), 'token_info export failed'
26        device.hdc_shell('rm -rf /data/{}'.format(token_file))
27        acls_in_device = self.check_and_get_native_acls(local_file)
28
29        check_rst = True
30        for process, permission_list in acls_in_device.items():
31            if process not in whitelist_dict.keys():
32                check_rst = False
33                logging.info('processName={} not configured while list permission: {}'.format(process, permission_list))
34            else:
35                whitelist_set = set(whitelist_dict[process])
36                permission_set = set(permission_list)
37                not_applied = permission_set.difference(whitelist_set)
38                if not_applied:
39                    check_rst = False
40                    logging.info('processName={}not configured while list permission: {}'.format(process, not_applied))
41        assert check_rst, 'ACL check failed'
42
43    @staticmethod
44    def check_and_get_native_acls(token_file):
45        check_pass = True
46        with open(token_file, 'r') as f:
47            lines = f.readlines()
48        native_acls_dict = {}
49        process = ''
50        for line in lines:
51            if 'processName' in line:
52                process = line.split(':')[1].strip().strip('",')
53            elif 'invalidPermList' in line:
54                check_pass = False
55                logging.info('invalidPermList is detected in processName = {}'.format(process))
56            elif 'nativeAcls' in line:
57                permissions = line.split(':')[1].strip().strip('",')
58                if not permissions:
59                    continue
60                native_acls_dict.update(
61                    {
62                        process: permissions.split(',')
63                    }
64                )
65        assert check_pass, 'ACL check failed'
66        return native_acls_dict
67