Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Xts Acts
提交
5358adf7
X
Xts Acts
项目概览
OpenHarmony
/
Xts Acts
1 年多 前同步成功
通知
9
Star
22
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
X
Xts Acts
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
未验证
提交
5358adf7
编写于
6月 17, 2022
作者:
O
openharmony_ci
提交者:
Gitee
6月 17, 2022
浏览文件
操作
浏览文件
下载
差异文件
!3575 OH3.1Release分支Capability&DAC测试套删除jffs2文件系统、开发板相关的用例
Merge pull request !3575 from 胡吉翔/liteOS_20220616
上级
4f0ddf5a
f869ff4f
变更
13
显示空白变更内容
内联
并排
Showing
13 changed file
with
144 addition
and
5530 deletion
+144
-5530
security_lite/permission_posix/capability/BUILD.gn
security_lite/permission_posix/capability/BUILD.gn
+1
-4
security_lite/permission_posix/capability/jffs/BUILD.gn
security_lite/permission_posix/capability/jffs/BUILD.gn
+0
-57
security_lite/permission_posix/capability/jffs/Test.json
security_lite/permission_posix/capability/jffs/Test.json
+0
-25
security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp
...te/permission_posix/capability/src/ActsCapabilityTest.cpp
+141
-583
security_lite/permission_posix/capability/vfat/BUILD.gn
security_lite/permission_posix/capability/vfat/BUILD.gn
+0
-1
security_lite/permission_posix/dac/BUILD.gn
security_lite/permission_posix/dac/BUILD.gn
+1
-4
security_lite/permission_posix/dac/jffs/BUILD.gn
security_lite/permission_posix/dac/jffs/BUILD.gn
+0
-53
security_lite/permission_posix/dac/jffs/Test.json
security_lite/permission_posix/dac/jffs/Test.json
+0
-25
security_lite/permission_posix/dac/src/ActsDacPreTest.cpp
security_lite/permission_posix/dac/src/ActsDacPreTest.cpp
+1
-1
security_lite/permission_posix/dac/src/ActsDacTest.cpp
security_lite/permission_posix/dac/src/ActsDacTest.cpp
+0
-601
security_lite/permission_posix/dac/src/ActsSystemDevDacTest.cpp
...ty_lite/permission_posix/dac/src/ActsSystemDevDacTest.cpp
+0
-2054
security_lite/permission_posix/dac/src/ActsSystemJffsDacTest.cpp
...y_lite/permission_posix/dac/src/ActsSystemJffsDacTest.cpp
+0
-2119
security_lite/permission_posix/dac/vfat/BUILD.gn
security_lite/permission_posix/dac/vfat/BUILD.gn
+0
-3
未找到文件。
security_lite/permission_posix/capability/BUILD.gn
浏览文件 @
5358adf7
...
@@ -12,10 +12,7 @@
...
@@ -12,10 +12,7 @@
# limitations under the License.
# limitations under the License.
group("ActsCapabilityTest") {
group("ActsCapabilityTest") {
deps = [
deps = [ "./vfat:ActsVFATCapabilityTest" ]
"./jffs:ActsJFFS2CapabilityTest",
"./vfat:ActsVFATCapabilityTest",
]
}
}
shared_library("capability_shared") {
shared_library("capability_shared") {
...
...
security_lite/permission_posix/capability/jffs/BUILD.gn
已删除
100755 → 0
浏览文件 @
4f0ddf5a
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/lite/config/subsystem/aafwk/config.gni")
import("//test/xts/tools/lite/build/suite_lite.gni")
hcpptest_suite("ActsJFFS2CapabilityTest") {
suite_name = "acts"
sources = [
"../src/ActsCapability.cpp",
"../src/ActsCapabilityTest.cpp",
"../src/CapabilityFileSystemTest.cpp",
]
include_dirs = [
"../src",
"//third_party/bounds_checking_function/include",
]
public_deps = [ "//third_party/bounds_checking_function:libsec_shared" ]
cflags_cc = [
"-Wno-write-strings",
"-Wno-sign-compare",
]
ldflags = [
"-lstdc++",
"-lm",
"-lpthread",
]
if (enable_ohos_appexecfwk_feature_ability == true) {
defines = [
"_BOARD_HI3516_",
"LITE_FS_JFFS2",
"TOP_DIR=\"/storage\"",
"TOP_DIR_MOUNT_INFO=\"/storage jffs\"",
]
} else {
defines = [
"LITE_FS_JFFS2",
"TOP_DIR=\"/storage\"",
"TOP_DIR_MOUNT_INFO=\"/storage jffs\"",
]
}
}
security_lite/permission_posix/capability/jffs/Test.json
已删除
100644 → 0
浏览文件 @
4f0ddf5a
{
"description"
:
"Config for hcpptest demo test cases"
,
"environment"
:
[
{
"type"
:
"device"
,
"label"
:
"ipcamera"
}
],
"kits"
:
[
{
"type"
:
"MountKit"
,
"server"
:
"NfsServer"
,
"mount"
:
[
{
"source"
:
"testcases/security"
,
"target"
:
"/test_root/security"
}
]
}
],
"driver"
:
{
"type"
:
"CppTestLite"
,
"execute"
:
"/test_root/security/ActsJFFS2CapabilityTest.bin"
}
}
\ No newline at end of file
security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp
浏览文件 @
5358adf7
...
@@ -26,166 +26,7 @@
...
@@ -26,166 +26,7 @@
using
namespace
std
;
using
namespace
std
;
using
namespace
testing
::
ext
;
using
namespace
testing
::
ext
;
#if defined(LITE_FS_JFFS2)
#if defined(LITE_FS_VFAT)
static
int
TestDacOverrideSuccess
()
{
int
fd
=
0
;
int
ret
=
0
;
char
cap
[]
=
"CapabilityTestSuite!
\n
"
;
// Create a directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0'
ret
=
mkdir
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPDIR1
,
NORWX
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to mkdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' with CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
// Change the current working directory to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1'
ret
=
chdir
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPDIR1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to chdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' with CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
chdir
(
TOP_DIR
"/"
CAPDIR0
);
// Delete the directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0'
ret
=
rmdir
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPDIR1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to rmdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' with CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
// Rename the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1'
ret
=
rename
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to rename 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' with CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
// Check whether the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' exists
ret
=
access
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE1
,
F_OK
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to access 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' with CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
// Delete the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1'
ret
=
unlink
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to unlink 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' with CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
// Create a file 'CAPDIR0_CAPFILE0' in the directory 'CAPDIR0'
fd
=
open
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
O_WRONLY
|
O_CREAT
|
O_TRUNC
,
RWX
);
if
(
fd
>=
0
)
{
// File created successfully
write
(
fd
,
cap
,
sizeof
(
cap
));
close
(
fd
);
}
else
{
// Failed to create the file
LOG
(
"ErrInfo: Failed to create 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0'"
);
return
FALSE
;
}
return
0
;
}
static
int
TestDacOverrideFail
()
{
int
ret
=
0
;
// Failed to create a directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0'
ret
=
mkdir
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPDIR1
,
NORWX
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: mkdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' without CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
// Failed to change the current working directory to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1'
ret
=
chdir
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPDIR1
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Change the current working directory without CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
// Failed to delete the directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0'
ret
=
rmdir
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPDIR1
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Delete 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' without CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
// Failed to rename the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1'
ret
=
rename
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE1
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Rename 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' without CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
// Failed to check whether the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' exists
ret
=
access
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE1
,
F_OK
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Check whether the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' exists without CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
// Failed to delete the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1'
ret
=
unlink
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE1
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Delete 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' without CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
return
0
;
}
static
int
TestDacReadSearchSuccess
(
int
num
)
{
int
fd
=
0
;
int
ret
=
0
;
DIR
*
dir
=
nullptr
;
struct
stat
buf
=
{
0
};
// Open a file 'CAPDIR0_CAPFILE0' in the directory 'TOP_DIR/CAPDIR0'
fd
=
open
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
O_WRONLY
);
if
(
fd
>=
0
)
{
close
(
fd
);
}
else
{
LOG
(
"ErrInfo: Failed to open file with CAP_DAC_READ_SEARCH || CAP_DAC_OVERRIDE during the %d time"
,
num
);
return
FALSE
;
}
// Open a directory 'CAPDIR0_CAPDIR0' in the directory 'TOP_DIR/CAPDIR0'
dir
=
opendir
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPDIR0
);
if
(
dir
==
nullptr
)
{
LOG
(
"ErrInfo: Failed to open dir with CAP_DAC_READ_SEARCH || CAP_DAC_OVERRIDE during the %d time"
,
num
);
return
FALSE
;
}
closedir
(
dir
);
// Obtain the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' status
ret
=
stat
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
&
buf
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to stat with CAP_DAC_READ_SEARCH || CAP_DAC_OVERRIDE during the %d time"
,
num
);
return
FALSE
;
}
return
0
;
}
static
int
TestDacReadSearchFail
()
{
int
fd
=
0
;
int
ret
=
0
;
DIR
*
dir
=
nullptr
;
struct
stat
buf
=
{
0
};
// Failed to open a file 'CAPDIR0_CAPFILE0' in the directory 'TOP_DIR/CAPDIR0'
fd
=
open
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
O_WRONLY
);
if
(
fd
>=
0
)
{
LOG
(
"ErrInfo: Open file without CAP_DAC_READ_SEARCH && CAP_DAC_OVERRIDE"
);
close
(
fd
);
return
FALSE
;
}
// Failed to directory a file 'CAPDIR0_CAPDIR0' in the directory 'TOP_DIR/CAPDIR0'
dir
=
opendir
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPDIR0
);
if
(
dir
!=
nullptr
)
{
LOG
(
"ErrInfo: Open dir without CAP_DAC_READ_SEARCH && CAP_DAC_OVERRIDE"
);
closedir
(
dir
);
return
FALSE
;
}
// Failed to obtain the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' status
ret
=
stat
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
&
buf
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Stat file without CAP_DAC_READ_SEARCH && CAP_DAC_OVERRIDE"
);
return
FALSE
;
}
return
0
;
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
static
void
CreateTxt
()
static
void
CreateTxt
()
{
{
int
ret
;
int
ret
;
...
@@ -214,12 +55,21 @@ static void CreateTxt()
...
@@ -214,12 +55,21 @@ static void CreateTxt()
static
int
CapsetOnlySETPCAP
(
int
num
)
static
int
CapsetOnlySETPCAP
(
int
num
)
{
{
struct
__user_cap_header_struct
capheader
;
struct
__user_cap_header_struct
capheader
;
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
];
struct
__user_cap_data_struct
capdata
[
CAP_NUM
];
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
permitted
|=
CAP_TO_MASK
(
CAP_SETPCAP
);
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
permitted
|=
CAP_TO_MASK
(
CAP_SETPCAP
);
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
effective
|=
CAP_TO_MASK
(
CAP_SETPCAP
);
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
effective
|=
CAP_TO_MASK
(
CAP_SETPCAP
);
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
inheritable
|=
CAP_TO_MASK
(
CAP_SETPCAP
);
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
inheritable
|=
CAP_TO_MASK
(
CAP_SETPCAP
);
...
@@ -235,12 +85,21 @@ static int CapsetOnlySETPCAP(int num)
...
@@ -235,12 +85,21 @@ static int CapsetOnlySETPCAP(int num)
static
int
AddCapUnauthorized
(
int
num
)
static
int
AddCapUnauthorized
(
int
num
)
{
{
struct
__user_cap_header_struct
capheader
;
struct
__user_cap_header_struct
capheader
;
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
];
struct
__user_cap_data_struct
capdata
[
CAP_NUM
];
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capdata
[
0
].
permitted
=
LINUX_FULL_CAP
;
capdata
[
0
].
permitted
=
LINUX_FULL_CAP
;
capdata
[
0
].
effective
=
LINUX_FULL_CAP
;
capdata
[
0
].
effective
=
LINUX_FULL_CAP
;
capdata
[
0
].
inheritable
=
LINUX_FULL_CAP
;
capdata
[
0
].
inheritable
=
LINUX_FULL_CAP
;
...
@@ -256,12 +115,21 @@ static int AddCapUnauthorized(int num)
...
@@ -256,12 +115,21 @@ static int AddCapUnauthorized(int num)
static
int
CapgetWithAllCap
(
int
num
)
static
int
CapgetWithAllCap
(
int
num
)
{
{
struct
__user_cap_header_struct
capheader
=
{
0
};
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
if
(
ret
!=
0
)
{
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to get CAPs"
;
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to get CAPs"
;
...
@@ -280,12 +148,21 @@ static int CapgetWithAllCap(int num)
...
@@ -280,12 +148,21 @@ static int CapgetWithAllCap(int num)
static
int
CapgetWithNoCap
(
int
num
)
static
int
CapgetWithNoCap
(
int
num
)
{
{
struct
__user_cap_header_struct
capheader
=
{
0
};
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
if
(
ret
!=
0
)
{
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to get CAPs"
;
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to get CAPs"
;
...
@@ -304,12 +181,21 @@ static int CapgetWithNoCap(int num)
...
@@ -304,12 +181,21 @@ static int CapgetWithNoCap(int num)
static
int
CapgetOnlySETPCAP
(
int
num
)
static
int
CapgetOnlySETPCAP
(
int
num
)
{
{
struct
__user_cap_header_struct
capheader
=
{
0
};
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
if
(
ret
!=
0
)
{
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to get CAPs"
;
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to get CAPs"
;
...
@@ -372,12 +258,21 @@ static int CapsetWithoutSETPCAP()
...
@@ -372,12 +258,21 @@ static int CapsetWithoutSETPCAP()
static
int
CapsetWithVersion
(
pid_t
pid
,
unsigned
int
version
)
static
int
CapsetWithVersion
(
pid_t
pid
,
unsigned
int
version
)
{
{
struct
__user_cap_header_struct
capheader
=
{
0
};
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
pid
=
pid
;
capheader
.
pid
=
pid
;
capheader
.
version
=
version
;
capheader
.
version
=
version
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
// Capget based on input parameters
// Capget based on input parameters
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
if
(
ret
!=
0
)
{
...
@@ -390,12 +285,21 @@ static int CapsetWithVersion(pid_t pid, unsigned int version)
...
@@ -390,12 +285,21 @@ static int CapsetWithVersion(pid_t pid, unsigned int version)
static
int
CapgetWithVersion
(
pid_t
pid
,
unsigned
int
version
)
static
int
CapgetWithVersion
(
pid_t
pid
,
unsigned
int
version
)
{
{
struct
__user_cap_header_struct
capheader
=
{
0
};
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
pid
=
pid
;
capheader
.
pid
=
pid
;
capheader
.
version
=
version
;
capheader
.
version
=
version
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
// Capget based on input parameters
// Capget based on input parameters
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
if
(
ret
!=
0
)
{
if
(
ret
!=
0
)
{
...
@@ -408,12 +312,21 @@ static int CapgetWithVersion(pid_t pid, unsigned int version)
...
@@ -408,12 +312,21 @@ static int CapgetWithVersion(pid_t pid, unsigned int version)
static
int
CapgetWithCaps
(
pid_t
pid
,
unsigned
int
caps
)
static
int
CapgetWithCaps
(
pid_t
pid
,
unsigned
int
caps
)
{
{
struct
__user_cap_header_struct
capheader
=
{
0
};
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
pid
=
pid
;
capheader
.
pid
=
pid
;
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
// Capget based on input parameters and check whether the capability is the same as the input parameter
// Capget based on input parameters and check whether the capability is the same as the input parameter
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
int
ret
=
capget
(
&
capheader
,
&
capdataget
[
0
]);
if
(
ret
!=
0
||
capdataget
[
0
].
effective
!=
caps
)
{
if
(
ret
!=
0
||
capdataget
[
0
].
effective
!=
caps
)
{
...
@@ -424,302 +337,7 @@ static int CapgetWithCaps(pid_t pid, unsigned int caps)
...
@@ -424,302 +337,7 @@ static int CapgetWithCaps(pid_t pid, unsigned int caps)
}
}
#endif
#endif
#if defined(LITE_FS_JFFS2)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0100
* @tc.name : Processes with the CAP_CHOWN capability can invoke their management
and control interfaces to change the file owner
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F
(
CapabilityTestSuite
,
CapabilityTest0100
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
status
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the file owner with interface 'chown'
ret
=
chown
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
UID10000
,
GID10000
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to change the file owner with CAP_CHOWN"
);
exitCode
=
1
;
}
// Step 2: Drop the capabilities of CAP_CHOWN
ret
=
DropCAPCHOWN
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to drop CAP_CHOWN"
);
exitCode
=
1
;
}
// Step 3: Failed to change the file owner with interface 'chown'
ret
=
chown
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
UID0
,
GID0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Change the file owner without CAP_CHOWN"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
#endif
#if defined(LITE_FS_JFFS2)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0200
* @tc.name : Processes with the single CAP_DAC_OVERRIDE capability can invoke their management
and control interfaces to ignore read and write execution verification
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F
(
CapabilityTestSuite
,
CapabilityTest0200
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
status
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Drop the capabilities of CAP_DAC_READ_SEARCH
ret
=
DropCAPDACREADSEARCH
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to drop CAP_DAC_READ_SEARCH"
);
exitCode
=
1
;
}
// Step 2.1: Invoke CAP_DAC_READ_SEARCH related interfaces successfully
ret
=
TestDacReadSearchSuccess
(
1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacReadSearchSuccess error"
);
exitCode
=
1
;
}
// Step 2.2: Invoke CAP_DAC_OVERRIDE related interfaces successfully
ret
=
TestDacOverrideSuccess
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacOverrideSuccess error"
);
exitCode
=
1
;
}
// Step 3: Continue to drop the capabilities of CAP_DAC_OVERRIDE
ret
=
DropCAPDACOVERRIDEAndREADSEARCH
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to drop CAP_DAC_OVERRIDE after CAP_DAC_READ_SEARCH revoked"
);
exitCode
=
1
;
}
// Step 4.1: Failed to invoke CAP_DAC_READ_SEARCH related interfaces
ret
=
TestDacReadSearchFail
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacReadSearchFail error"
);
exitCode
=
1
;
}
// Step 4.2: Failed to invoke CAP_DAC_OVERRIDE related interfaces
ret
=
TestDacOverrideFail
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacOverrideFail error"
);
exitCode
=
1
;
}
// Step 5: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
// Step 6: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
#endif
#if defined(LITE_FS_JFFS2)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0300
* @tc.name : Processes with the single CAP_DAC_READ_SEARCH capability can invoke their management
and control interfaces to ignore read execution verification
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F
(
CapabilityTestSuite
,
CapabilityTest0300
,
Function
|
MediumTest
|
Level3
)
{
int
ret
;
int
status
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Drop the capabilities of CAP_DAC_OVERRIDE
ret
=
DropCAPDACOVERRIDE
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to drop CAP_DAC_OVERRIDE"
);
exitCode
=
1
;
}
// Step 2.1: Invoke CAP_DAC_READ_SEARCH related interfaces successfully
ret
=
TestDacReadSearchSuccess
(
1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacReadSearchSuccess error"
);
exitCode
=
1
;
}
// Step 2.2: Invoke CAP_DAC_OVERRIDE related interfaces successfully
ret
=
TestDacOverrideFail
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacOverrideFail error"
);
exitCode
=
1
;
}
// Step 3: Continue to drop the capabilities of CAP_DAC_READ_SEARCH
ret
=
DropCAPDACOVERRIDEAndREADSEARCH
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to drop CAP_DAC_READ_SEARCH after CAP_DAC_OVERRIDE revoked"
);
exitCode
=
1
;
}
// Step 4.1: Failed to invoke CAP_DAC_READ_SEARCH related interfaces
ret
=
TestDacReadSearchFail
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacReadSearchFail error"
);
exitCode
=
1
;
}
// Step 4.2: Failed to invoke CAP_DAC_OVERRIDE related interfaces
ret
=
TestDacOverrideFail
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacOverrideFail error"
);
exitCode
=
1
;
}
// Step 5: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
// Step 6: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
#endif
#if defined(LITE_FS_JFFS2)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0400
* @tc.name : Processes that have the CAP_DAC_OVERRIDE
and CAP_DAC_READ_SEARCH capabilities can invoke their management
and control interfaces to ignore read and write execution verification
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F
(
CapabilityTestSuite
,
CapabilityTest0400
,
Function
|
MediumTest
|
Level3
)
{
int
ret
;
int
status
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1.1: Invoke CAP_DAC_READ_SEARCH related interfaces successfully
ret
=
TestDacReadSearchSuccess
(
1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacReadSearchSuccess error"
);
exitCode
=
1
;
}
// Step 1.2: Invoke CAP_DAC_OVERRIDE related interfaces successfully
ret
=
TestDacOverrideSuccess
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacOverrideSuccess error"
);
exitCode
=
1
;
}
// Step 2: Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
ret
=
DropCAPDACOVERRIDEAndREADSEARCH
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to drop CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH"
);
exitCode
=
1
;
}
// Step 3.1: Failed to invoke CAP_DAC_READ_SEARCH related interfaces
ret
=
TestDacReadSearchFail
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacReadSearchFail error"
);
exitCode
=
1
;
}
// Step 3.2: Failed to invoke CAP_DAC_OVERRIDE related interfaces
ret
=
TestDacOverrideFail
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: TestDacOverrideFail error"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
#endif
#if defined(LITE_FS_JFFS2)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0500
* @tc.name : Processes with the CAP_FOWNER capability can invoke their management
and control interfaces to modify file permissions
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F
(
CapabilityTestSuite
,
CapabilityTest0500
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
status
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Change the file owner with interface 'chown'
ret
=
chown
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
UID10000
,
GID10000
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to change the file owner with CAP_CHOWN"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the file permission with CAP_FOWNER'
ret
=
chmod
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
RWX
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to chmod with CAP_FOWNER"
);
exitCode
=
1
;
}
// Step 2: Drop the capabilities of CAP_FOWNER
ret
=
DropCAPFOWNER
();
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to drop CAP_FOWNER"
);
exitCode
=
1
;
}
// Step 2: Failed to change the file permission with interface 'chmod'
ret
=
chmod
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
NORWX
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Change the file permission without CAP_FOWNER"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
// Cleanup action: Restore the initial status of the file
ret
=
chown
(
TOP_DIR
"/"
CAPDIR0
"/"
CAPDIR0_CAPFILE0
,
UID0
,
GID0
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to restore the file owner with CAP_FOWNER"
;
}
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0600
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0600
* @tc.name : Processes with the CAP_KILL capability can invoke their management
* @tc.name : Processes with the CAP_KILL capability can invoke their management
...
@@ -781,7 +399,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0600, Function | MediumTest | Level2
...
@@ -781,7 +399,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0600, Function | MediumTest | Level2
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0700
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0700
* @tc.name : Processes with the CAP_SETGID capability can invoke their management
* @tc.name : Processes with the CAP_SETGID capability can invoke their management
...
@@ -833,7 +451,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0700, Function | MediumTest | Level2
...
@@ -833,7 +451,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0700, Function | MediumTest | Level2
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0800
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0800
* @tc.name : Processes with the CAP_SETUID capability can invoke their management
* @tc.name : Processes with the CAP_SETUID capability can invoke their management
...
@@ -903,7 +521,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0800, Function | MediumTest | Level2
...
@@ -903,7 +521,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0800, Function | MediumTest | Level2
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0900
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0900
* @tc.name : Processes with the CAP_SETPCCAP capability can invoke their management
* @tc.name : Processes with the CAP_SETPCCAP capability can invoke their management
...
@@ -942,7 +560,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0900, Security | MediumTest | Level2
...
@@ -942,7 +560,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0900, Security | MediumTest | Level2
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1000
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1000
* @tc.name : Processes with the CAP_SYS_NICE capability can invoke their management
* @tc.name : Processes with the CAP_SYS_NICE capability can invoke their management
...
@@ -1008,7 +626,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1000, Function | MediumTest | Level2
...
@@ -1008,7 +626,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1000, Function | MediumTest | Level2
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1100
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1100
* @tc.name : Processes with the CAP_SYS_TIME capability can call their management
* @tc.name : Processes with the CAP_SYS_TIME capability can call their management
...
@@ -1059,7 +677,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1100, Function | MediumTest | Level2
...
@@ -1059,7 +677,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1100, Function | MediumTest | Level2
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1200
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1200
* @tc.name : Processes without the CAP_SETPCAP capability cannot drop any capability
* @tc.name : Processes without the CAP_SETPCAP capability cannot drop any capability
...
@@ -1087,7 +705,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1200, Function | MediumTest | Level3
...
@@ -1087,7 +705,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1200, Function | MediumTest | Level3
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1300
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1300
* @tc.name : Inheritance of process capabilities
* @tc.name : Inheritance of process capabilities
...
@@ -1124,7 +742,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1300, Function | MediumTest | Level1
...
@@ -1124,7 +742,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1300, Function | MediumTest | Level1
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1400
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1400
* @tc.name : Invoke the capset interface to add and drop the process capabilities for 10000 times
* @tc.name : Invoke the capset interface to add and drop the process capabilities for 10000 times
...
@@ -1163,7 +781,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1400, Reliability | MediumTest | Lev
...
@@ -1163,7 +781,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1400, Reliability | MediumTest | Lev
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1500
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1500
* @tc.name : Invoke the capset interface to revoke the process capabilities which not exist for 10000 times
* @tc.name : Invoke the capset interface to revoke the process capabilities which not exist for 10000 times
...
@@ -1179,12 +797,21 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev
...
@@ -1179,12 +797,21 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev
if
(
pid
==
0
)
{
if
(
pid
==
0
)
{
int
exitCode
=
0
;
int
exitCode
=
0
;
struct
__user_cap_header_struct
capheader
=
{
0
};
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
LINUX_FULL_CAP
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
LINUX_FULL_CAP
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capdata
[
CAP_TO_INDEX
(
INVALID_CAP_TO_INDEX
)].
permitted
&=
~
CAP_TO_MASK
(
INVALID_CAP_TO_INDEX
);
capdata
[
CAP_TO_INDEX
(
INVALID_CAP_TO_INDEX
)].
permitted
&=
~
CAP_TO_MASK
(
INVALID_CAP_TO_INDEX
);
capdata
[
CAP_TO_INDEX
(
INVALID_CAP_TO_INDEX
)].
effective
&=
~
CAP_TO_MASK
(
INVALID_CAP_TO_INDEX
);
capdata
[
CAP_TO_INDEX
(
INVALID_CAP_TO_INDEX
)].
effective
&=
~
CAP_TO_MASK
(
INVALID_CAP_TO_INDEX
);
capdata
[
CAP_TO_INDEX
(
INVALID_CAP_TO_INDEX
)].
inheritable
&=
~
CAP_TO_MASK
(
INVALID_CAP_TO_INDEX
);
capdata
[
CAP_TO_INDEX
(
INVALID_CAP_TO_INDEX
)].
inheritable
&=
~
CAP_TO_MASK
(
INVALID_CAP_TO_INDEX
);
...
@@ -1208,7 +835,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev
...
@@ -1208,7 +835,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1600
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1600
* @tc.name : Enter the exception parameter for 10000 times when invoke the capset interface
* @tc.name : Enter the exception parameter for 10000 times when invoke the capset interface
...
@@ -1273,7 +900,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1600, Reliability | MediumTest | Lev
...
@@ -1273,7 +900,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1600, Reliability | MediumTest | Lev
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1700
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1700
* @tc.name : Invoke the capget interface to query the process capabilities for 10000 times
* @tc.name : Invoke the capget interface to query the process capabilities for 10000 times
...
@@ -1292,7 +919,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1700, Reliability | MediumTest | Lev
...
@@ -1292,7 +919,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1700, Reliability | MediumTest | Lev
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1800
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1800
* @tc.name : Invoke the capget interface to query the process capabilities which not exist for 10000 times
* @tc.name : Invoke the capget interface to query the process capabilities which not exist for 10000 times
...
@@ -1332,7 +959,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1800, Reliability | MediumTest | Lev
...
@@ -1332,7 +959,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1800, Reliability | MediumTest | Lev
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1900
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1900
* @tc.name : Enter the exception parameter for 10000 times when invoke the capget interface
* @tc.name : Enter the exception parameter for 10000 times when invoke the capget interface
...
@@ -1398,43 +1025,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1900, Reliability | MediumTest | Lev
...
@@ -1398,43 +1025,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1900, Reliability | MediumTest | Lev
}
}
#endif
#endif
#if defined(LITE_FS_JFFS2)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2000
* @tc.name : The process repeatedly invokes the interfaces controlled by its capability for 10000 times
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F
(
CapabilityTestSuite
,
CapabilityTest2000
,
Reliability
|
MediumTest
|
Level2
)
{
int
status
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Invoke CAP_DAC_READ_SEARCH related interfaces for 10000 times
for
(
int
number
=
0
;
number
<
NUM10000
;
number
++
)
{
exitCode
=
TestDacReadSearchSuccess
(
number
);
if
(
exitCode
!=
0
)
{
LOG
(
"ErrInfo: TestDacReadSearchSuccess error during the %d time"
,
number
);
break
;
}
}
// Step 2: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
// Step 3: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2100
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2100
* @tc.name : Five processes concurrently invoke APIs managed by the capability for 5000 times
* @tc.name : Five processes concurrently invoke APIs managed by the capability for 5000 times
...
@@ -1490,8 +1081,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2100, Reliability | MediumTest | Lev
...
@@ -1490,8 +1081,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2100, Reliability | MediumTest | Lev
}
}
#endif
#endif
#ifndef _BOARD_HI3516_
#if defined(LITE_FS_VFAT)
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2200
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2200
* @tc.name : Check whether the default configuration of the system process capabilities
* @tc.name : Check whether the default configuration of the system process capabilities
...
@@ -1530,49 +1120,8 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2200, Security | MediumTest | Level1
...
@@ -1530,49 +1120,8 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2200, Security | MediumTest | Level1
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 9, process wms_server or ai_server has wrong capability"
;
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 9, process wms_server or ai_server has wrong capability"
;
}
}
#endif
#endif
#endif
#if defined(LITE_FS_VFAT) && defined(_BOARD_HI3516_)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2200
* @tc.name : Check whether the default configuration of the system process capabilities
is the same as that described in the design document
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F
(
CapabilityTestSuite
,
CapabilityTest2200
,
Security
|
MediumTest
|
Level1
)
{
int
ret
;
// Step 1: Check the capability of process 'init', pid = 1
ret
=
CapgetWithCaps
(
INIT_PID_2
,
INIT_CAP
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 1, process init has wrong capability"
;
// Step 2: Check the capability of process 'KProcess', pid = 2
ret
=
CapgetWithCaps
(
KPROCESS_PID_2
,
KPROCESS_CAP
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 2, process KProcess has wrong capability"
;
// Step 3: Check the capability of process 'shell', pid = 8
ret
=
CapgetWithCaps
(
SHELL_PID_2
,
SHELL_CAP
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 8, process shell has wrong capability"
;
// Step 4: Check the capability of process 'apphilogcat', pid = 10
ret
=
CapgetWithCaps
(
HILOGCAT_PID_2
,
HILOGCAT_CAP
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 10, process apphilogcat has wrong capability"
;
// Step 5: Check the capability of process 'foundation', pid = 3
ret
=
CapgetWithCaps
(
FOUNDATION_PID_2
,
FOUNDATION_CAP
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 3, process foundation has wrong capability"
;
// Step 6: Check the capability of process 'bundle_daemon', pid = 4
ret
=
CapgetWithCaps
(
BUNDLE_DAEMON_PID_2
,
BUNDLE_DAEMON_CAP
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 4, process bundle_daemon has wrong capability"
;
// Step 7: Check the capability of process 'appspawn', pid = 5
ret
=
CapgetWithCaps
(
APPSPAWN_PID_2
,
APPSPAWN_CAP
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 5, process appspawn has wrong capability"
;
// Step 8: Check the capability of process 'media_server', pid = 6
ret
=
CapgetWithCaps
(
MEDIA_SERVER_PID_2
,
MEDIA_SERVER_CAP
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 6, process media_server has wrong capability"
;
// Step 9: Check the capability of process 'wms_server' or 'ai_server', pid = 7
ret
=
CapgetWithCaps
(
WMS_SERVER_OR_AI_SERVER_PID_2
,
WMS_SERVER_OR_AI_SERVER_CAP
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Pid = 7, process wms_server or ai_server has wrong capability"
;
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2300
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2300
* @tc.name : Check whether the default configuration of the capability of the third-party application process
* @tc.name : Check whether the default configuration of the capability of the third-party application process
...
@@ -1583,11 +1132,20 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1
...
@@ -1583,11 +1132,20 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1
{
{
int
ret
;
int
ret
;
struct
__user_cap_header_struct
capheader
=
{
0
};
struct
__user_cap_header_struct
capheader
=
{
0
};
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
struct
__user_cap_data_struct
capdataget
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
result
=
memset_s
(
capdataget
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
0
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"CapgetWithAllCap memset_s failed"
);
return
FALSE
;
};
pid_t
pid
=
getpid
();
pid_t
pid
=
getpid
();
for
(
int
num
=
OTHER_PID
;
num
<=
pid
;
num
++
)
{
for
(
int
num
=
OTHER_PID
;
num
<=
pid
;
num
++
)
{
// Step 1: The current test process has all capabilities
// Step 1: The current test process has all capabilities
...
@@ -1613,7 +1171,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1
...
@@ -1613,7 +1171,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2400
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2400
* @tc.name : The process continuously invokes the capset and capget interfaces,
* @tc.name : The process continuously invokes the capset and capget interfaces,
...
@@ -1680,7 +1238,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2400, Function | MediumTest | Level1
...
@@ -1680,7 +1238,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2400, Function | MediumTest | Level1
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2500
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2500
* @tc.name : Performance test of capset and capget interface
* @tc.name : Performance test of capset and capget interface
...
@@ -1727,7 +1285,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2500, Performance | MediumTest | Lev
...
@@ -1727,7 +1285,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2500, Performance | MediumTest | Lev
}
}
#endif
#endif
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
/*
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2600
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2600
* @tc.name : Performance test of the interface managed by Capability
* @tc.name : Performance test of the interface managed by Capability
...
...
security_lite/permission_posix/capability/vfat/BUILD.gn
浏览文件 @
5358adf7
...
@@ -42,7 +42,6 @@ hcpptest_suite("ActsVFATCapabilityTest") {
...
@@ -42,7 +42,6 @@ hcpptest_suite("ActsVFATCapabilityTest") {
if (enable_ohos_appexecfwk_feature_ability == true) {
if (enable_ohos_appexecfwk_feature_ability == true) {
defines = [
defines = [
"_BOARD_HI3516_",
"LITE_FS_VFAT",
"LITE_FS_VFAT",
"TOP_DIR=\"/sdcard\"",
"TOP_DIR=\"/sdcard\"",
"TOP_DIR_MOUNT_INFO=\"/sdcard vfat\"",
"TOP_DIR_MOUNT_INFO=\"/sdcard vfat\"",
...
...
security_lite/permission_posix/dac/BUILD.gn
浏览文件 @
5358adf7
...
@@ -12,8 +12,5 @@
...
@@ -12,8 +12,5 @@
# limitations under the License.
# limitations under the License.
group("ActsDacTest") {
group("ActsDacTest") {
deps = [
deps = [ "./vfat:ActsVFATDACTest" ]
"./jffs:ActsJFFS2DACTest",
"./vfat:ActsVFATDACTest",
]
}
}
security_lite/permission_posix/dac/jffs/BUILD.gn
已删除
100755 → 0
浏览文件 @
4f0ddf5a
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//test/xts/tools/lite/build/suite_lite.gni")
hcpptest_suite("ActsJFFS2DACTest") {
suite_name = "acts"
sources = [
"../src/ActsDacPreTest.cpp",
"../src/ActsDacTest.cpp",
"../src/ActsSystemDevDacTest.cpp",
"../src/ActsSystemJffsDacTest.cpp",
"../src/DACFileSystemTest.cpp",
]
include_dirs = [
"../src",
"../../capability/src",
"//third_party/bounds_checking_function/include",
]
public_deps = [
"../../capability:capability_shared",
"//third_party/bounds_checking_function:libsec_shared",
]
cflags_cc = [
"-Wno-write-strings",
"-Wno-sign-compare",
]
ldflags = [
"-lstdc++",
"-lm",
"-lpthread",
]
defines = [
"LITE_FS_JFFS2",
"TOP_DIR=\"/storage\"",
"TOP_DIR_MOUNT_INFO=\"/storage jffs\"",
]
}
security_lite/permission_posix/dac/jffs/Test.json
已删除
100644 → 0
浏览文件 @
4f0ddf5a
{
"description"
:
"Config for hcpptest demo test cases"
,
"environment"
:
[
{
"type"
:
"device"
,
"label"
:
"ipcamera"
}
],
"kits"
:
[
{
"type"
:
"MountKit"
,
"server"
:
"NfsServer"
,
"mount"
:
[
{
"source"
:
"testcases/security"
,
"target"
:
"/test_root/security"
}
]
}
],
"driver"
:
{
"type"
:
"CppTestLite"
,
"execute"
:
"/test_root/security/ActsJFFS2DACTest.bin"
}
}
\ No newline at end of file
security_lite/permission_posix/dac/src/ActsDacPreTest.cpp
浏览文件 @
5358adf7
...
@@ -25,7 +25,7 @@
...
@@ -25,7 +25,7 @@
using
namespace
std
;
using
namespace
std
;
using
namespace
testing
::
ext
;
using
namespace
testing
::
ext
;
#if defined(LITE_FS_
JFFS2) || defined(LITE_FS_
VFAT)
#if defined(LITE_FS_VFAT)
static
int
TestSetUid
()
static
int
TestSetUid
()
{
{
// Test the 'setuid' interface
// Test the 'setuid' interface
...
...
security_lite/permission_posix/dac/src/ActsDacTest.cpp
已删除
100755 → 0
浏览文件 @
4f0ddf5a
/*
* Copyright (c) 2020-2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ActsDacTest.h"
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include "gtest/gtest.h"
#include "ActsCapabilityTest.h"
#include "DACFileSystemTest.h"
using
namespace
std
;
using
namespace
testing
::
ext
;
#if defined(LITE_FS_JFFS2)
static
void
CreateTxt
()
{
int
ret
;
int
fd
=
0
;
char
dac
[]
=
"DacTestSuite!
\n
"
;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid
(
UID0
,
GID0
);
// Create a directory 'DACDIR0' in the directory 'TOP_DIR'
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
,
CHMOD700
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0'"
;
// Create a directory 'DACDIR0_DACDIR0' in the directory 'TOP_DIR/DACDIR0'
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
RWX
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0/DACDIR0_DACDIR0'"
;
// Create a file 'DACDIR0_DACFILE0' in the directory 'DacTest'
fd
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
O_WRONLY
|
O_CREAT
|
O_TRUNC
,
CHMOD700
);
if
(
fd
>=
0
)
{
// File created successfully
write
(
fd
,
dac
,
sizeof
(
dac
));
close
(
fd
);
}
else
{
// Failed to create the file
ASSERT_GE
(
fd
,
0
)
<<
"ErrInfo: Failed to create the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0'"
;
}
}
static
void
CreateTxt1
()
{
int
ret
;
int
fd
=
0
;
char
dac
[]
=
"DacTestSuite!
\n
"
;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid
(
UID0
,
GID0
);
// Create a directory 'DACDIR1' in the directory 'TOP_DIR'
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR1
,
CHMOD700
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR1'"
;
// Create a directory 'DACDIR1_DACDIR0' in the directory 'TOP_DIR/DACDIR1'
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR1
"/"
DACDIR1_DACDIR0
,
RWX
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR1/DACDIR1_DACDIR0'"
;
// Create a file 'DACDIR1_DACFILE0' in the directory 'DACDIR1'
fd
=
open
(
TOP_DIR
"/"
DACDIR1
"/"
DACDIR1_DACFILE0
,
O_WRONLY
|
O_CREAT
|
O_TRUNC
,
CHMOD700
);
if
(
fd
>=
0
)
{
// File created successfully
write
(
fd
,
dac
,
sizeof
(
dac
));
close
(
fd
);
}
else
{
// Failed to create the file
ASSERT_GE
(
fd
,
0
)
<<
"ErrInfo: Failed to create the file 'TOP_DIR/DACDIR1/DACDIR1_DACFILE0'"
;
}
// Change the file 'DACDIR1_DACFILE0' owner with interface 'chown'
ret
=
chown
(
TOP_DIR
"/"
DACDIR1
"/"
DACDIR1_DACFILE0
,
UID1
,
GID1
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to change the file 'DACDIR1_DACFILE0' owner with interface 'chown'"
;
// Change the directory 'TOP_DIR/DACDIR1' owner with interface 'chown'
ret
=
chown
(
TOP_DIR
"/"
DACDIR1
,
UID1
,
GID1
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to change the directory 'TOP_DIR/DACDIR1' owner with interface 'chown'"
;
}
static
int
ThreeProcessReadOneTxt
()
{
int
fd
=
0
;
int
status
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Fork three sub processes
pid_t
pid
;
for
(
int
num
=
0
;
num
<
NUM3
;
num
++
)
{
pid
=
fork
();
if
(
pid
<
0
)
{
LOG
(
"======== Fork Error! ========="
);
return
-
1
;
}
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
break
;
}
}
// get one parent & three children
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid
(
UID0
,
GID0
);
// Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
DropCAPDACOVERRIDEAndREADSEARCH
();
// Three sub processes read a file at the same time
for
(
int
number
=
0
;
number
<
NUM1000
;
number
++
)
{
fd
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
O_WRONLY
);
if
(
fd
>=
0
)
{
close
(
fd
);
}
else
{
LOG
(
"ErrInfo: failed to open the file during the %d time"
,
number
);
exitCode
=
1
;
break
;
}
}
// Three sub processes exit with the exitCode
exit
(
exitCode
);
}
else
{
// The parent process wait for three sub processes to exit and obtain the exitCode
for
(
int
num2
=
0
;
num2
<
NUM3
;
num2
++
)
{
wait
(
&
status
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: Pid = "
<<
pid
<<
", its exitCode is wrong and test case failed, please query logs"
;
}
// Delete the directory 'TOP_DIR/DACDIR0'
RemoveDir
(
TOP_DIR
"/"
DACDIR0
);
}
return
0
;
}
static
int
TwoProcessReadTwoTxt
()
{
int
status
=
0
;
// Preset action: Create a file whose owner is uid0, gid0
CreateTxt
();
// Preset action: Create a file whose owner is uid1, gid1
CreateTxt1
();
// Preset action: Fork two sub processes
pid_t
pid
[
NUM2
];
for
(
int
num
=
0
;
num
<
NUM2
;
num
++
)
{
pid
[
num
]
=
fork
();
EXPECT_TRUE
(
pid
[
num
]
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
[
num
]
==
0
)
{
// Set UID and GID of process pid[0] to 0 and set UID and GID of process pid[1] to 1
SetUidGid
(
num
,
num
);
// Drop both process capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
DropCAPDACOVERRIDEAndREADSEARCH
();
break
;
}
}
// get one parent & two children
if
(
pid
[
0
]
==
0
||
pid
[
1
]
==
0
)
{
int
exitCode
=
0
;
for
(
int
number
=
0
;
number
<
NUM1000
;
number
++
)
{
// Two processes with different UIDs and GIDs read two files with different owners at the same time
if
(
pid
[
0
]
==
0
)
{
// The process pid[0] can open the file Dac.txt whose owners are uid0 and gid0
int
fd0dac
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
O_WRONLY
);
if
(
fd0dac
>=
0
)
{
close
(
fd0dac
);
}
else
{
LOG
(
"ErrInfo: PID[0] failed to open the file during the %d time"
,
number
);
exitCode
=
1
;
break
;
}
// The process pid[0] can not open the file Dac.txt whose owners are uid1 and gid1
int
fd0dac1
=
open
(
TOP_DIR
"/"
DACDIR1
"/"
DACDIR1_DACFILE0
,
O_WRONLY
);
if
(
fd0dac1
>=
0
)
{
LOG
(
"ErrInfo: PID[0] open the file with wrong uid&gid during the %d time"
,
number
);
close
(
fd0dac1
);
exitCode
=
1
;
break
;
}
}
else
{
// The process pid[1] can not open the file Dac.txt whose owners are uid0 and gid0
int
fd1dac
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
O_WRONLY
);
if
(
fd1dac
>=
0
)
{
LOG
(
"ErrInfo: PID[1] open the file with wrong uid&gid during the %d time"
,
number
);
close
(
fd1dac
);
exitCode
=
1
;
break
;
}
// The process pid[1] can open the file Dac.txt whose owners are uid1 and gid1
int
fd1dac1
=
open
(
TOP_DIR
"/"
DACDIR1
"/"
DACDIR1_DACFILE0
,
O_WRONLY
);
if
(
fd1dac1
>=
0
)
{
close
(
fd1dac1
);
}
else
{
LOG
(
"ErrInfo: PID[1] failed to open the file during the %d time"
,
number
);
exitCode
=
1
;
break
;
}
}
}
// Two sub processes exit with the exitCode
exit
(
exitCode
);
}
else
{
// The parent process wait for the sub process pid[0] to exit and obtain the exitCode
waitpid
(
pid
[
0
],
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
[
0
];
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
[
0
];
// The parent process wait for the sub process pid[1] to exit and obtain the exitCode
waitpid
(
pid
[
1
],
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
[
1
];
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
[
1
];
}
return
0
;
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0140
* @tc.name : Invoke the chmod interface to set the file permission
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0140
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
status
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Preset action: Drop the capabilities of CAP_FOWNER
DropCAPFOWNER
();
// Step 1: Set the uid and gid of the process to 0
SetUidGid
(
UID0
,
GID0
);
// Step 2.1: Change the file permission 700 with interface 'chmod'
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
CHMOD700
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed in chmod 700"
);
exitCode
=
1
;
}
// Step 2.2: Change the file permission 111 with interface 'chmod'
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
CHMOD111
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed in chmod 111"
);
exitCode
=
1
;
}
// Step 2.3: Change the file permission -1 with interface 'chmod'
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
FALSE
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed in chmod FALSE"
);
exitCode
=
1
;
}
// Step 2.4: Change the file permission -777 with interface 'chmod'
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
-
777
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed in chmod -777"
);
exitCode
=
1
;
}
// Step 3: Set the uid and gid of the process to 10000
SetUidGid
(
UID10000
,
GID10000
);
// Step 4: Failed to change the file permission for the process that is not the file owner
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
CHMOD777
);
EXPECT_EQ
(
ret
,
FALSE
)
<<
"ErrInfo: Chmod 777 with wrong uid"
;
// Step 5: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0150
* @tc.name : Invoke chown interface to set the file owner
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0150
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
status
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Set the uid and gid of the process to 0
SetUidGid
(
UID0
,
GID0
);
// Step 2.1: Set the directory 'TOP_DIR/DACDIR0' owner UID10000 and GID10000
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
,
UID10000
,
GID10000
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to set the directory 'TOP_DIR/DACDIR0' owner UID10000 and GID10000"
);
exitCode
=
1
;
}
// Step 2.2: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID10000 and GID10000
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
UID10000
,
GID10000
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID10000 and GID10000"
);
exitCode
=
1
;
}
// Step 2.3: Set the directory 'TOP_DIR/DACDIR0' owner UID2147483647 and GID2147483647
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
,
MAX_INT
,
MAX_INT
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to set the directory 'TOP_DIR/DACDIR0' owner UID2147483647 and GID2147483647"
);
exitCode
=
1
;
}
// Step 2.4: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID2147483647 and GID2147483647
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
MAX_INT
,
MAX_INT
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to set the file owner UID2147483647 and GID2147483647"
);
exitCode
=
1
;
}
// Step 2.5: Set the directory 'TOP_DIR/DACDIR0' owner UID0 and GID0
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
,
UID0
,
GID0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to set the directory 'TOP_DIR/DACDIR0' owner UID0 and GID0"
);
exitCode
=
1
;
}
// Step 2.4: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID0 and GID0
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
UID0
,
GID0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID0 and GID0"
);
exitCode
=
1
;
}
// Step 3: Drop the capabilities of CAP_CHOWN
DropCAPCHOWN
();
// Step 4.1: Failed to set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN");
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
,
UID10000
,
GID10000
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN"
);
exitCode
=
1
;
}
// Step 4.2: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN");
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
UID10000
,
GID10000
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN"
);
exitCode
=
1
;
}
// Step 4.3: Set the uid and gid of the process to 555
SetUidGid
(
UID555
,
GID555
);
// Step 4.4: Failed to set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN");
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
,
UID10000
,
GID10000
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN"
);
exitCode
=
1
;
}
// Step 4.5: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN");
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
UID10000
,
GID10000
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN"
);
exitCode
=
1
;
}
// Step 5: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
// Step 6: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0160
* @tc.name : Concurrent file reading by multiple processes
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0160
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Step 1: Multiple processes read the same file
ret
=
ThreeProcessReadOneTxt
();
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: ThreeProcessReadOneTxt() exit error"
;
// Step 2: Multiple processes read the different files with different owners
ret
=
TwoProcessReadTwoTxt
();
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: TwoProcessReadTwoTxt() exit error"
;
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0170
* @tc.name : The owner or permission of a file fail to be modified when the file is operated by another process
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0170
,
Function
|
MediumTest
|
Level2
)
{
int
fd
=
0
;
int
status
=
0
;
int
exitCode0
=
0
;
int
exitCode1
=
0
;
// Preset action: Create a file whose owner is uid0, gid0
CreateTxt
();
// Preset action: Fork two sub processes
pid_t
pid
[
NUM2
];
for
(
int
num
=
0
;
num
<
NUM2
;
num
++
)
{
pid
[
num
]
=
fork
();
ASSERT_TRUE
(
pid
[
num
]
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
[
num
]
==
0
)
{
// Drop both process capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
DropCAPDACOVERRIDEAndREADSEARCH
();
break
;
}
}
// Step 1: Open a file by Process pid[0]
if
(
pid
[
0
]
==
0
)
{
fd
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
O_WRONLY
);
}
if
(
pid
[
1
]
==
0
)
{
// Step 2: Change the file owner with interface 'chown' by Process pid[1]
int
retchown
=
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
UID10000
,
GID10000
);
if
(
retchown
!=
0
)
{
LOG
(
"ErrInfo: Failed to change the file owner when the file is operated by another process"
);
exitCode1
=
1
;
}
// Step 3: Change the file permission 000 with interface 'chmod' by Process pid[1]
int
retchmod
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
CHMOD000
);
if
(
retchmod
!=
0
)
{
LOG
(
"ErrInfo: Failed to change the file permission when the file is operated by another process"
);
exitCode1
=
1
;
}
// Step 4: The sub process pid[1] exit with the exitCode1
exit
(
exitCode1
);
}
// Step 5: Close the file by Process pid[0]
if
(
pid
[
0
]
==
0
)
{
if
(
fd
>=
0
)
{
close
(
fd
);
}
else
{
LOG
(
"ErrInfo: PID[0] failed to open the file"
);
exitCode0
=
1
;
}
// Step 6: The sub process pid[0] exit with the exitCode0
exit
(
exitCode0
);
}
if
((
pid
[
0
]
!=
0
)
&&
(
pid
[
1
]
!=
0
))
{
// Step 7: The parent process wait for the sub process pid[0] and pid[1] to exit and obtain the exitCode
for
(
int
num2
=
0
;
num2
<
NUM2
;
num2
++
)
{
waitpid
(
pid
[
num2
],
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
[
num2
];
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
[
num2
];
}
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0180
* @tc.name : Change the file permission for 10000 times
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0180
,
Reliability
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a txt
CreateTxt
();
// Step 1: Change the file permission for 10000 times
for
(
int
number
=
0
;
number
<
NUM10000
;
number
++
)
{
// Step 1: Change the file permission
if
(
number
&
1
)
{
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
CHMOD700
);
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to change the file permission during the "
<<
number
<<
" time"
;
break
;
}
}
else
{
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
CHMOD777
);
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to change the file permission during the "
<<
number
<<
" time"
;
break
;
}
}
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0190
* @tc.name : Change the file owner for 10000 times
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0190
,
Reliability
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a txt
CreateTxt
();
// Step 1: Change the file owner for 10000 times
for
(
int
number
=
0
;
number
<
NUM10000
;
number
++
)
{
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
number
,
number
);
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to Change the file owner during the "
<<
number
<<
" time"
;
break
;
}
}
// Cleanup action: Restore the initial status of the file
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
UID0
,
GID0
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to Change the file owner"
;
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0200
* @tc.name : Five processes concurrently invoke chmod and chown interface for 5000 times
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0200
,
Reliability
|
MediumTest
|
Level2
)
{
int
ret
;
int
status
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Fork five sub processes
pid_t
pid
;
for
(
int
num
=
0
;
num
<
NUM5
;
num
++
)
{
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
break
;
}
}
// get one parent & five children
if
(
pid
==
0
)
{
int
exitCode
=
0
;
for
(
int
number
=
0
;
number
<
NUM5000
;
number
++
)
{
// Step 1: Change the file owner for 5000 times
ret
=
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
number
,
number
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to Change the file owner during the %d time"
,
number
);
break
;
}
// Step 2: Change the file permission for 5000 times
if
(
number
&
1
)
{
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
CHMOD700
);
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to change the file permission 700 during the "
<<
number
<<
" time"
;
break
;
}
}
else
{
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
CHMOD777
);
if
(
ret
!=
0
)
{
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to change the file permission 777 during the "
<<
number
<<
" time"
;
break
;
}
}
}
// Step 3: Two sub processes exit with the exitCode
exit
(
exitCode
);
}
else
{
// Step 4: The parent process wait for two sub processes to exit and obtain the exitCode
for
(
int
num2
=
0
;
num2
<
NUM5
;
num2
++
)
{
wait
(
&
status
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: Pid = "
<<
pid
<<
", its exitCode is wrong and test case failed, please query logs"
;
}
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0210
* @tc.name : Performance test of the chomd and chown interface
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0210
,
Performance
|
MediumTest
|
Level2
)
{
struct
timespec
tp
=
{
0
};
struct
timespec
starttime
=
{
0
};
struct
timespec
endtime
=
{
0
};
tp
.
tv_sec
=
0
;
tp
.
tv_nsec
=
0
;
// Preset action: Create a txt
CreateTxt
();
// Preset action: Obtains the system time -> starttime
clock_gettime
(
CLOCK_REALTIME
,
&
starttime
);
for
(
int
number
=
0
;
number
<
NUM5000
;
number
++
)
{
// Step 1: Change the file owner for 5000 times
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
number
,
number
);
// Step 2: Change the file permission for 5000 times
if
(
number
&
1
)
{
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
CHMOD700
);
}
else
{
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
CHMOD777
);
}
}
// Step 3: Obtains the system time again -> endtime
clock_gettime
(
CLOCK_REALTIME
,
&
endtime
);
// Step 4: Compare the starttime and the endtime -> tp
tp
=
CompareTime
(
starttime
,
endtime
);
EXPECT_LE
(
tp
.
tv_sec
,
NUM20
)
<<
"ErrInfo: Chown for 10000 times used "
<<
tp
.
tv_sec
<<
"."
<<
tp
.
tv_nsec
<<
"s"
;
// Cleanup action: Restore the initial status of the file
chown
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
UID0
,
GID0
);
}
#endif
\ No newline at end of file
security_lite/permission_posix/dac/src/ActsSystemDevDacTest.cpp
已删除
100755 → 0
浏览文件 @
4f0ddf5a
/*
* Copyright (c) 2020-2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ActsDacTest.h"
#include <dirent.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include "gtest/gtest.h"
#include "ActsCapabilityTest.h"
#include "DACFileSystemTest.h"
using
namespace
std
;
using
namespace
testing
::
ext
;
#if defined(LITE_FS_JFFS2)
static
void
CreateDevDir
()
{
int
ret
;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid
(
UID0
,
GID0
);
// Create a directory 'DACDIR0' in the directory '/storage'
ret
=
mkdir
(
"/storage/"
DACDIR0
,
CHMOD777
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to create the directory '/storage/DACDIR0'"
;
// Create a directory 'DACDIR0_DACDIR0' in the directory '/storage/DACDIR0'
ret
=
mkdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD777
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to create the directory '/storage/DACDIR0/DACDIR0_DACDIR0'"
;
}
static
void
CreateDevTxt
()
{
int
ret
;
int
fd
=
0
;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid
(
UID0
,
GID0
);
// Create a directory 'DACDIR0' in the directory '/storage'
ret
=
mkdir
(
"/storage/"
DACDIR0
,
CHMOD777
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to create the directory '/storage/DACDIR0'"
;
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0290
* @tc.name : DAC control mechanism-File system storage-System call rmdir-UID0-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 333
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0290
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD333
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 333"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0300
* @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID0-Capability
CAPDACOVERRIDE-Permission 611
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0300
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD611
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 611"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0310
* @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 105
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0310
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD105
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 105"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0320
* @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 555
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0320
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD555
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 555"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0330
* @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH-Permission 666
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0330
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD666
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 666"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0340
* @tc.name : DAC control mechanism-File system storage-System call stat-UID0-GID1-Capability NULL-Permission 777
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0340
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD777
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 777"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0350
* @tc.name : DAC control mechanism-File system storage-System call stat-UID1-GID0-Capability
CAPDACOVERRIDE-Permission 166
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0350
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
struct
stat
buf
=
{
0
};
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD166
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 166"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
stat
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
&
buf
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0360
* @tc.name : DAC control mechanism-File system storage-System call stat-UID0-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 111
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0360
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
struct
stat
buf
=
{
0
};
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD111
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 111"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
stat
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
&
buf
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0370
* @tc.name : DAC control mechanism-File system storage-System call stat-UID0-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 210
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0370
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
struct
stat
buf
=
{
0
};
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD210
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 210"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
stat
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
&
buf
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0380
* @tc.name : DAC control mechanism-File system storage-System call stat-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 655
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0380
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
struct
stat
buf
=
{
0
};
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD655
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 655"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
stat
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
&
buf
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0390
* @tc.name : DAC control mechanism-File system storage-System call rename-UID1-GID0-Capability
CAPDACREADSEARCH-Permission 570
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0390
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD570
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 570"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
rename
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0400
* @tc.name : DAC control mechanism-File system storage-System call rename-UID1-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 306
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0400
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD306
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 306"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
rename
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0410
* @tc.name : DAC control mechanism-File system storage-System call rename-UID1-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 027
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0410
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD027
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 027"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
rename
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0420
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID0-GID1-Capability
CAPDACREADSEARCH-Permission 401
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0420
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD401
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 401"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
chdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0430
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID0-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 507
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0430
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD507
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 507"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
chdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0440
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID0-GID0-Capability
CAPDACOVERRIDE-Permission 347
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0440
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD347
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 347"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
chdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0450
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 063
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0450
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD063
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 063"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
chdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0460
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID1-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 230
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0460
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD230
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 230"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
chdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0470
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 724
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0470
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD724
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 724"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
chdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0480
* @tc.name : DAC control mechanism-File system storage-System call execute-UID1-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 702
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0480
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
char
*
argv
[]
=
{
nullptr
,
nullptr
};
char
*
envp
[]
=
{
nullptr
};
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD702
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
execve
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
argv
,
envp
);
// the file is not elf , can not exec
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0490
* @tc.name : DAC control mechanism-File system storage-System call execute-UID0-GID0-Capability
CAPDACOVERRIDE-Permission 473
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0490
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
char
*
argv
[]
=
{
nullptr
,
nullptr
};
char
*
envp
[]
=
{
nullptr
};
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD473
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
execve
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
argv
,
envp
);
// the file is not elf , can not exec
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0500
* @tc.name : DAC control mechanism-File system storage-System call execute-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 261
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0500
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
char
*
argv
[]
=
{
nullptr
,
nullptr
};
char
*
envp
[]
=
{
nullptr
};
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD261
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
execve
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
argv
,
envp
);
// the file is not elf , can not exec
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0510
* @tc.name : DAC control mechanism-File system storage-System call access-UID0-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 460
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0510
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD460
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
access
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0520
* @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID0-Capability
CAPDACOVERRIDE-Permission 562
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0520
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD562
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
access
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0530
* @tc.name : DAC control mechanism-File system storage-System call access-UID0-GID0-Capability
CAPDACOVERRIDE-Permission 076
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0530
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD076
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
access
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0540
* @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 305
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0540
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD076
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
access
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0550
* @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 132
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0550
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD132
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
access
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0560
* @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 241
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0560
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD241
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
access
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0570
* @tc.name : DAC control mechanism-File system storage-System call mkdir-UID0-GID1-Capability
CAPDACOVERRIDE-Permission 456
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0570
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD456
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 456"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
mkdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
"/"
DACDIR0_DACDIR0_DACDIR0
,
NORWX
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0580
* @tc.name : DAC control mechanism-File system storage-System call mkdir-UID1-GID0-Capability
CAPDACOVERRIDE-Permission 167
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0580
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD167
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 167"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
mkdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
"/"
DACDIR0_DACDIR0_DACDIR0
,
NORWX
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0590
* @tc.name : DAC control mechanism-File system storage-System call mkdir-UID1-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 511
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0590
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD511
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 511"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
mkdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
"/"
DACDIR0_DACDIR0_DACDIR0
,
NORWX
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0600
* @tc.name : DAC control mechanism-File system storage-System call mkdir-UID1-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 640
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0600
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD640
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 640"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
mkdir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
"/"
DACDIR0_DACDIR0_DACDIR0
,
NORWX
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0610
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID1-Capability
CAPDACOVERRIDE-Permission 362
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0610
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD362
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0620
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID1-Capability
CAPDACOVERRIDE-Permission 526
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0620
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD526
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0630
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 604
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0630
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD604
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0640
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 671
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0640
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD671
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0650
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 743
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0650
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD743
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0660
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 235
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0660
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD235
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0670
* @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 371
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0670
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
fd
=
0
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD371
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
fd
=
open
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
O_WRONLY
);
if
(
fd
>=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
close
(
fd
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0680
* @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 702
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0680
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
fd
=
0
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD702
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
fd
=
open
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
O_WRONLY
);
if
(
fd
>=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
close
(
fd
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0690
* @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 406
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0690
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
fd
=
0
;
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD406
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
fd
=
open
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
O_WRONLY
);
if
(
fd
>=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
close
(
fd
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0700
* @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 257
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0700
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
fd
=
0
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a file
CreateDevTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
,
CHMOD257
);
// storage/shm can not change chmod
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod "
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
fd
=
open
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
O_WRONLY
);
if
(
fd
>=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
close
(
fd
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0710
* @tc.name : DAC control mechanism-File system storage-System call opendir-UID0-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 750
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0710
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
DIR
*
dir
=
nullptr
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD750
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 750"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
dir
=
opendir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
dir
==
nullptr
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
else
{
closedir
(
dir
);
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0720
* @tc.name : DAC control mechanism-File system storage-System call opendir-UID0-GID0-Capability
CAPDACOVERRIDE-Permission 143
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0720
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
DIR
*
dir
=
nullptr
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD143
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 143"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
dir
=
opendir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
dir
==
nullptr
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
else
{
closedir
(
dir
);
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0730
* @tc.name : DAC control mechanism-File system storage-System call opendir-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 521
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0730
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
DIR
*
dir
=
nullptr
;
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD521
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 521"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
dir
=
opendir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
dir
==
nullptr
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
else
{
closedir
(
dir
);
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0740
* @tc.name : DAC control mechanism-File system storage-System call opendir-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 016
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0740
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
DIR
*
dir
=
nullptr
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD016
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 016"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
dir
=
opendir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
dir
==
nullptr
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
else
{
closedir
(
dir
);
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0750
* @tc.name : DAC control mechanism-File system storage-System call opendir-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 407
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0750
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
DIR
*
dir
=
nullptr
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a directory
CreateDevDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD407
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 407"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
dir
=
opendir
(
"/storage/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
dir
==
nullptr
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
else
{
closedir
(
dir
);
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
#endif
security_lite/permission_posix/dac/src/ActsSystemJffsDacTest.cpp
已删除
100644 → 0
浏览文件 @
4f0ddf5a
/*
* Copyright (c) 2020 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ActsDacTest.h"
#include <dirent.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include "gtest/gtest.h"
#include "ActsCapabilityTest.h"
#include "DACFileSystemTest.h"
using
namespace
std
;
using
namespace
testing
::
ext
;
#if defined(LITE_FS_JFFS2)
static
void
CreateDir
()
{
int
ret
;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid
(
UID0
,
GID0
);
// Create a directory 'DACDIR0' in the directory 'TOP_DIR'
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
,
CHMOD777
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0'"
;
// Create a directory 'DACDIR0_DACDIR0' in the directory 'TOP_DIR/DACDIR0'
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD777
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0/DACDIR0_DACDIR0'"
;
}
static
void
CreateTxt
()
{
int
ret
;
int
fd
=
0
;
char
dac
[]
=
"DacTestSuite!
\n
"
;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid
(
UID0
,
GID0
);
// Create a directory 'DACDIR0' in the directory 'TOP_DIR'
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
,
CHMOD777
);
ASSERT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0'"
;
// Create a file 'DACDIR0_DACFILE0' in the directory 'TOP_DIR/DACDIR0'
fd
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
O_WRONLY
|
O_CREAT
|
O_TRUNC
,
CHMOD777
);
if
(
fd
>=
0
)
{
// File created successfully
write
(
fd
,
dac
,
sizeof
(
dac
));
close
(
fd
);
}
else
{
// Failed to create the file
ASSERT_GE
(
fd
,
0
)
<<
"ErrInfo: Failed to create the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0'"
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0760
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID1-Capability NULL-Permission 000
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0760
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD000
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 000"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0770
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID1-Capability NULL-Permission 052
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0770
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD052
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 052"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0780
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID1-Capability NULL-Permission 077
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0780
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD077
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 077"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0790
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID1-GID0-Capability NULL-Permission 444
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0790
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD444
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 444"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0800
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID1-GID0-Capability
CAPDACREADSEARCH-Permission 716
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0800
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD716
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 716"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0810
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID0-Capability
CAPDACREADSEARCH-Permission 222
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0810
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD222
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 222"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
rmdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0820
* @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID0-Capability
CAPDACOVERRIDE-Permission 000
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0820
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
struct
stat
buf
=
{
0
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD000
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 000"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
stat
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
&
buf
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0830
* @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID1-Capability NULL-Permission 422
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0830
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
struct
stat
buf
=
{
0
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD422
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 422"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
stat
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
&
buf
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0840
* @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID1-Capability
CAPDACREADSEARCH-Permission 334
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0840
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
struct
stat
buf
=
{
0
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD334
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 334"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
stat
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
&
buf
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0850
* @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 543
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0850
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
struct
stat
buf
=
{
0
};
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD334
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 334"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
stat
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
&
buf
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0860
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID1-Capability
CAPDACOVERRIDE-Permission 614
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0860
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD614
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 614"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
rename
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0870
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID1-Capability
CAPDACREADSEARCH-Permission 242
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0870
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD242
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 242"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
rename
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE1
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0880
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID0-Capability NULL-Permission 430
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0880
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD430
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 430"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
rename
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE1
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0890
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID0-Capability NULL-Permission 765
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0890
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD765
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 765"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
rename
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE1
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0900
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID0-Capability
CAPDACREADSEARCH-Permission 123
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0900
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD123
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 123"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
rename
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE1
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0910
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID1-GID1-Groups contain-Capability
NULL-Permission 151
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0910
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD151
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 151"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
rename
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE1
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0920
* @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID1-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 256
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0920
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD256
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 256"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
chdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0930
* @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID0-GID0-Capability
CAPDACREADSEARCH-Permission 235
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0930
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD235
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 235"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
chdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0940
* @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID1-GID1-Capability NULL-Permission 670
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0940
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD670
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 670"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
chdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0950
* @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH-Permission 116
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0950
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD116
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 116"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
chdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0960
* @tc.name : DAC control mechanism-File system jffs2-System call execute-UID0-GID1-Capability
CAPDACREADSEARCH-Permission 045
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0960
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
char
*
argv
[]
=
{
nullptr
,
nullptr
};
char
*
envp
[]
=
{
nullptr
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD045
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 045"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
execve
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
argv
,
envp
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0970
* @tc.name : DAC control mechanism-File system jffs2-System call execute-UID1-GID0-Capability NULL-Permission 124
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0970
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
char
*
argv
[]
=
{
nullptr
,
nullptr
};
char
*
envp
[]
=
{
nullptr
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD124
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 124"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
execve
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
argv
,
envp
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0980
* @tc.name : DAC control mechanism-File system jffs2-System call execute-UID0-GID0-Capability NULL-Permission 536
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0980
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
char
*
argv
[]
=
{
nullptr
,
nullptr
};
char
*
envp
[]
=
{
nullptr
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD536
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 536"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
execve
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
argv
,
envp
);
// the file is not elf , can not exec
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0990
* @tc.name : DAC control mechanism-File system jffs2-System call execute-UID1-GID1-Capability
CAPDACREADSEARCH-Permission 657
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest0990
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
char
*
argv
[]
=
{
nullptr
,
nullptr
};
char
*
envp
[]
=
{
nullptr
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD657
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 657"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
execve
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
argv
,
envp
);
// the file is not elf , can not exec
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1000
* @tc.name : DAC control mechanism-File system jffs2-System call execute-UID1-GID1-Groups contain-Capability
NULL-Permission 310
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1000
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
char
*
argv
[]
=
{
nullptr
,
nullptr
};
char
*
envp
[]
=
{
nullptr
};
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD310
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 310"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
execve
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
argv
,
envp
);
// the file is not elf , can not exec
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1010
* @tc.name : DAC control mechanism-File system jffs2-System call access-UID0-GID1-Capability NULL-Permission 354
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1010
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD354
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 354"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
access
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1020
* @tc.name : DAC control mechanism-File system jffs2-System call access-UID1-GID0-Capability NULL-Permission 623
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1020
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD623
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 623"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
access
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1030
* @tc.name : DAC control mechanism-File system jffs2-System call access-UID1-GID1-Capability
CAPDACREADSEARCH-Permission 717
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1030
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD717
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 717"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
access
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1040
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID0-GID1-Capability NULL-Permission 203
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1040
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD203
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 203"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
"/"
DACDIR0_DACDIR0_DACDIR0
,
NORWX
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1050
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID0-GID0-Capability
CAPDACREADSEARCH-Permission 325
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1050
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD325
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 325"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
"/"
DACDIR0_DACDIR0_DACDIR0
,
NORWX
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1060
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID0-GID0-Capability
CAPDACREADSEARCH-Permission 453
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1060
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD453
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 453"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
"/"
DACDIR0_DACDIR0_DACDIR0
,
NORWX
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1070
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID1-GID1-Groups contain-Capability
NULL-Permission 342
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1070
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD342
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 342"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
"/"
DACDIR0_DACDIR0_DACDIR0
,
NORWX
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1080
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID1-GID1-Groups contain-Capability
NULL-Permission 731
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1080
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD731
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 731"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
"/"
DACDIR0_DACDIR0_DACDIR0
,
NORWX
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1090
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH-Permission 074
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1090
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
,
CHMOD074
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 074"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
mkdir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
"/"
DACDIR0_DACDIR0_DACDIR0
,
NORWX
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1100
* @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID0-Capability
CAPDACREADSEARCH-Permission 175
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1100
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD175
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 175"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1110
* @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID0-Capability
CAPDACREADSEARCH-Permission 446
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1110
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD446
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 446"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1120
* @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID0-Capability
CAPDACREADSEARCH-Permission 560
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1120
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD560
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 560"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1130
* @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID1-Capability NULL-Permission 013
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1130
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD013
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 013"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1140
* @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID1-Groups contain-Capability
NULL-Permission 457
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1140
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD457
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 457"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
ret
=
unlink
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
);
if
(
ret
!=
FALSE
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1150
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID0-GID1-Capability
CAPDACREADSEARCH-Permission 120
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1150
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
fd
=
0
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD120
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 120"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
fd
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
fd
>=
0
)
{
close
(
fd
);
}
else
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1160
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID0-GID1-Capability
CAPDACREADSEARCH-Permission 564
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1160
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
fd
=
0
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD564
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 564"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID555
);
// Step 3: Invoke the interface to operate the file system
fd
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
fd
>=
0
)
{
close
(
fd
);
}
else
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1170
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID0-GID0-Capability NULL-Permission 415
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1170
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
fd
=
0
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD415
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 415"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
fd
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
fd
>=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
close
(
fd
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1180
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID1-GID1-Capability NULL-Permission 044
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1180
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
fd
=
0
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD044
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 044"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
fd
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
fd
>=
0
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
close
(
fd
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1190
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID1-GID1-Capability NULL-Permission 703
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1190
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
fd
=
0
;
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD703
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 703"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
fd
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
fd
>=
0
)
{
close
(
fd
);
}
else
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1200
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID1-GID1-Groups contain-Capability
NULL-Permission 637
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1200
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
int
fd
=
0
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a file
CreateTxt
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD637
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 637"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
fd
=
open
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACFILE0
,
F_OK
);
if
(
fd
>=
0
)
{
close
(
fd
);
}
else
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1210
* @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID1-GID0-Capability NULL-Permission 031
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1210
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
DIR
*
dir
=
nullptr
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD031
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 031"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID0
);
// Step 3: Invoke the interface to operate the file system
dir
=
opendir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
dir
==
nullptr
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
else
{
closedir
(
dir
);
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1220
* @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID0-GID0-Capability NULL-Permission 712
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1220
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
DIR
*
dir
=
nullptr
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD712
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 712"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID0
,
GID0
);
// Step 3: Invoke the interface to operate the file system
dir
=
opendir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
dir
==
nullptr
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
else
{
closedir
(
dir
);
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1230
* @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID1-GID1-Capability
CAPDACREADSEARCH-Permission 274
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1230
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
DIR
*
dir
=
nullptr
;
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD274
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 274"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
// Step 3: Invoke the interface to operate the file system
dir
=
opendir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
dir
==
nullptr
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
else
{
closedir
(
dir
);
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1240
* @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH-Permission 665
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F
(
DacTestSuite
,
DACTest1240
,
Function
|
MediumTest
|
Level2
)
{
int
ret
;
DIR
*
dir
=
nullptr
;
gid_t
list
[
SINGLESIZE
]
=
{
0
};
// Preset action: Create a directory
CreateDir
();
// Preset action: Change the file permission according to the test procedure
ret
=
chmod
(
TOP_DIR
"/"
DACDIR0
,
CHMOD665
);
EXPECT_EQ
(
ret
,
0
)
<<
"ErrInfo: Failed to chmod 665"
;
// Preset action: Fork a sub process
pid_t
pid
=
fork
();
ASSERT_TRUE
(
pid
>=
0
)
<<
"======== Fork Error! ========="
;
usleep
(
SLEEP_NUM
);
if
(
pid
==
0
)
{
int
exitCode
=
0
;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE
();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid
(
UID555
,
GID555
);
setgroups
(
SINGLESIZE
,
list
);
// Step 3: Invoke the interface to operate the file system
dir
=
opendir
(
TOP_DIR
"/"
DACDIR0
"/"
DACDIR0_DACDIR0
);
if
(
dir
==
nullptr
)
{
LOG
(
"ErrInfo: VFS error with DAC or Capability"
);
exitCode
=
1
;
}
else
{
closedir
(
dir
);
}
// Step 4: The sub process exit with the exitCode
exit
(
exitCode
);
}
else
{
int
status
=
0
;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid
(
pid
,
&
status
,
0
);
EXPECT_NE
(
WIFEXITED
(
status
),
0
)
<<
"ErrInfo: The sub process exit error, child_pid = "
<<
pid
;
EXPECT_EQ
(
WEXITSTATUS
(
status
),
0
)
<<
"ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<<
pid
;
}
}
#endif
\ No newline at end of file
security_lite/permission_posix/dac/vfat/BUILD.gn
浏览文件 @
5358adf7
...
@@ -17,9 +17,6 @@ hcpptest_suite("ActsVFATDACTest") {
...
@@ -17,9 +17,6 @@ hcpptest_suite("ActsVFATDACTest") {
suite_name = "acts"
suite_name = "acts"
sources = [
sources = [
"../src/ActsDacPreTest.cpp",
"../src/ActsDacPreTest.cpp",
"../src/ActsDacTest.cpp",
"../src/ActsSystemDevDacTest.cpp",
"../src/ActsSystemJffsDacTest.cpp",
"../src/DACFileSystemTest.cpp",
"../src/DACFileSystemTest.cpp",
]
]
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录