未验证 提交 5358adf7 编写于 作者: O openharmony_ci 提交者: Gitee

!3575 OH3.1Release分支Capability&DAC测试套删除jffs2文件系统、开发板相关的用例

Merge pull request !3575 from 胡吉翔/liteOS_20220616
......@@ -12,10 +12,7 @@
# limitations under the License.
group("ActsCapabilityTest") {
deps = [
"./jffs:ActsJFFS2CapabilityTest",
"./vfat:ActsVFATCapabilityTest",
]
deps = [ "./vfat:ActsVFATCapabilityTest" ]
}
shared_library("capability_shared") {
......
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/lite/config/subsystem/aafwk/config.gni")
import("//test/xts/tools/lite/build/suite_lite.gni")
hcpptest_suite("ActsJFFS2CapabilityTest") {
suite_name = "acts"
sources = [
"../src/ActsCapability.cpp",
"../src/ActsCapabilityTest.cpp",
"../src/CapabilityFileSystemTest.cpp",
]
include_dirs = [
"../src",
"//third_party/bounds_checking_function/include",
]
public_deps = [ "//third_party/bounds_checking_function:libsec_shared" ]
cflags_cc = [
"-Wno-write-strings",
"-Wno-sign-compare",
]
ldflags = [
"-lstdc++",
"-lm",
"-lpthread",
]
if (enable_ohos_appexecfwk_feature_ability == true) {
defines = [
"_BOARD_HI3516_",
"LITE_FS_JFFS2",
"TOP_DIR=\"/storage\"",
"TOP_DIR_MOUNT_INFO=\"/storage jffs\"",
]
} else {
defines = [
"LITE_FS_JFFS2",
"TOP_DIR=\"/storage\"",
"TOP_DIR_MOUNT_INFO=\"/storage jffs\"",
]
}
}
{
"description": "Config for hcpptest demo test cases",
"environment": [
{
"type": "device",
"label": "ipcamera"
}
],
"kits": [
{
"type": "MountKit",
"server": "NfsServer",
"mount": [
{
"source": "testcases/security",
"target": "/test_root/security"
}
]
}
],
"driver": {
"type": "CppTestLite",
"execute": "/test_root/security/ActsJFFS2CapabilityTest.bin"
}
}
\ No newline at end of file
......@@ -26,166 +26,7 @@
using namespace std;
using namespace testing::ext;
#if defined(LITE_FS_JFFS2)
static int TestDacOverrideSuccess()
{
int fd = 0;
int ret = 0;
char cap[] = "CapabilityTestSuite!\n";
// Create a directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0'
ret = mkdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1, NORWX);
if (ret != 0) {
LOG("ErrInfo: Failed to mkdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' with CAP_DAC_OVERRIDE");
return FALSE;
}
// Change the current working directory to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1'
ret = chdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1);
if (ret != 0) {
LOG("ErrInfo: Failed to chdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' with CAP_DAC_OVERRIDE");
return FALSE;
}
chdir(TOP_DIR "/" CAPDIR0);
// Delete the directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0'
ret = rmdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1);
if (ret != 0) {
LOG("ErrInfo: Failed to rmdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' with CAP_DAC_OVERRIDE");
return FALSE;
}
// Rename the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1'
ret = rename(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1);
if (ret != 0) {
LOG("ErrInfo: Failed to rename 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' with CAP_DAC_OVERRIDE");
return FALSE;
}
// Check whether the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' exists
ret = access(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1, F_OK);
if (ret != 0) {
LOG("ErrInfo: Failed to access 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' with CAP_DAC_OVERRIDE");
return FALSE;
}
// Delete the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1'
ret = unlink(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1);
if (ret != 0) {
LOG("ErrInfo: Failed to unlink 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' with CAP_DAC_OVERRIDE");
return FALSE;
}
// Create a file 'CAPDIR0_CAPFILE0' in the directory 'CAPDIR0'
fd = open(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, O_WRONLY | O_CREAT | O_TRUNC, RWX);
if (fd >= 0) {
// File created successfully
write(fd, cap, sizeof(cap));
close(fd);
} else {
// Failed to create the file
LOG("ErrInfo: Failed to create 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0'");
return FALSE;
}
return 0;
}
static int TestDacOverrideFail()
{
int ret = 0;
// Failed to create a directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0'
ret = mkdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1, NORWX);
if (ret != FALSE) {
LOG("ErrInfo: mkdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' without CAP_DAC_OVERRIDE");
return FALSE;
}
// Failed to change the current working directory to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1'
ret = chdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1);
if (ret != FALSE) {
LOG("ErrInfo: Change the current working directory without CAP_DAC_OVERRIDE");
return FALSE;
}
// Failed to delete the directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0'
ret = rmdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1);
if (ret != FALSE) {
LOG("ErrInfo: Delete 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' without CAP_DAC_OVERRIDE");
return FALSE;
}
// Failed to rename the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1'
ret = rename(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1);
if (ret != FALSE) {
LOG("ErrInfo: Rename 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' without CAP_DAC_OVERRIDE");
return FALSE;
}
// Failed to check whether the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' exists
ret = access(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1, F_OK);
if (ret != FALSE) {
LOG("ErrInfo: Check whether the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' exists without CAP_DAC_OVERRIDE");
return FALSE;
}
// Failed to delete the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1'
ret = unlink(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1);
if (ret != FALSE) {
LOG("ErrInfo: Delete 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' without CAP_DAC_OVERRIDE");
return FALSE;
}
return 0;
}
static int TestDacReadSearchSuccess(int num)
{
int fd = 0;
int ret = 0;
DIR *dir = nullptr;
struct stat buf = { 0 };
// Open a file 'CAPDIR0_CAPFILE0' in the directory 'TOP_DIR/CAPDIR0'
fd = open(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, O_WRONLY);
if (fd >= 0) {
close(fd);
} else {
LOG("ErrInfo: Failed to open file with CAP_DAC_READ_SEARCH || CAP_DAC_OVERRIDE during the %d time", num);
return FALSE;
}
// Open a directory 'CAPDIR0_CAPDIR0' in the directory 'TOP_DIR/CAPDIR0'
dir = opendir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR0);
if (dir == nullptr) {
LOG("ErrInfo: Failed to open dir with CAP_DAC_READ_SEARCH || CAP_DAC_OVERRIDE during the %d time", num);
return FALSE;
}
closedir(dir);
// Obtain the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' status
ret = stat(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, &buf);
if (ret != 0) {
LOG("ErrInfo: Failed to stat with CAP_DAC_READ_SEARCH || CAP_DAC_OVERRIDE during the %d time", num);
return FALSE;
}
return 0;
}
static int TestDacReadSearchFail()
{
int fd = 0;
int ret = 0;
DIR *dir = nullptr;
struct stat buf = { 0 };
// Failed to open a file 'CAPDIR0_CAPFILE0' in the directory 'TOP_DIR/CAPDIR0'
fd = open(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, O_WRONLY);
if (fd >= 0) {
LOG("ErrInfo: Open file without CAP_DAC_READ_SEARCH && CAP_DAC_OVERRIDE");
close(fd);
return FALSE;
}
// Failed to directory a file 'CAPDIR0_CAPDIR0' in the directory 'TOP_DIR/CAPDIR0'
dir = opendir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR0);
if (dir != nullptr) {
LOG("ErrInfo: Open dir without CAP_DAC_READ_SEARCH && CAP_DAC_OVERRIDE");
closedir(dir);
return FALSE;
}
// Failed to obtain the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' status
ret = stat(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, &buf);
if (ret != FALSE) {
LOG("ErrInfo: Stat file without CAP_DAC_READ_SEARCH && CAP_DAC_OVERRIDE");
return FALSE;
}
return 0;
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
static void CreateTxt()
{
int ret;
......@@ -214,12 +55,21 @@ static void CreateTxt()
static int CapsetOnlySETPCAP(int num)
{
struct __user_cap_header_struct capheader;
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct));
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0,
sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM];
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capdata[CAP_TO_INDEX(CAP_SETPCAP)].permitted |= CAP_TO_MASK(CAP_SETPCAP);
capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective |= CAP_TO_MASK(CAP_SETPCAP);
capdata[CAP_TO_INDEX(CAP_SETPCAP)].inheritable |= CAP_TO_MASK(CAP_SETPCAP);
......@@ -235,12 +85,21 @@ static int CapsetOnlySETPCAP(int num)
static int AddCapUnauthorized(int num)
{
struct __user_cap_header_struct capheader;
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct));
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0,
sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM];
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capdata[0].permitted = LINUX_FULL_CAP;
capdata[0].effective = LINUX_FULL_CAP;
capdata[0].inheritable = LINUX_FULL_CAP;
......@@ -256,12 +115,21 @@ static int AddCapUnauthorized(int num)
static int CapgetWithAllCap(int num)
{
struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct));
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0,
sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
int ret = capget(&capheader, &capdataget[0]);
if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs";
......@@ -280,12 +148,21 @@ static int CapgetWithAllCap(int num)
static int CapgetWithNoCap(int num)
{
struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct));
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0,
sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
int ret = capget(&capheader, &capdataget[0]);
if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs";
......@@ -304,12 +181,21 @@ static int CapgetWithNoCap(int num)
static int CapgetOnlySETPCAP(int num)
{
struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct));
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0,
sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
int ret = capget(&capheader, &capdataget[0]);
if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs";
......@@ -372,12 +258,21 @@ static int CapsetWithoutSETPCAP()
static int CapsetWithVersion(pid_t pid, unsigned int version)
{
struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct));
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0,
sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.pid = pid;
capheader.version = version;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
// Capget based on input parameters
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
......@@ -390,12 +285,21 @@ static int CapsetWithVersion(pid_t pid, unsigned int version)
static int CapgetWithVersion(pid_t pid, unsigned int version)
{
struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct));
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0,
sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.pid = pid;
capheader.version = version;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
// Capget based on input parameters
int ret = capget(&capheader, &capdataget[0]);
if (ret != 0) {
......@@ -408,12 +312,21 @@ static int CapgetWithVersion(pid_t pid, unsigned int version)
static int CapgetWithCaps(pid_t pid, unsigned int caps)
{
struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct));
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0,
sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.pid = pid;
capheader.version = _LINUX_CAPABILITY_VERSION_3;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
// Capget based on input parameters and check whether the capability is the same as the input parameter
int ret = capget(&capheader, &capdataget[0]);
if (ret != 0 || capdataget[0].effective != caps) {
......@@ -424,302 +337,7 @@ static int CapgetWithCaps(pid_t pid, unsigned int caps)
}
#endif
#if defined(LITE_FS_JFFS2)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0100
* @tc.name : Processes with the CAP_CHOWN capability can invoke their management
and control interfaces to change the file owner
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F(CapabilityTestSuite, CapabilityTest0100, Function | MediumTest | Level2)
{
int ret;
int status = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the file owner with interface 'chown'
ret = chown(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, UID10000, GID10000);
if (ret != 0) {
LOG("ErrInfo: Failed to change the file owner with CAP_CHOWN");
exitCode = 1;
}
// Step 2: Drop the capabilities of CAP_CHOWN
ret = DropCAPCHOWN();
if (ret != 0) {
LOG("ErrInfo: Failed to drop CAP_CHOWN");
exitCode = 1;
}
// Step 3: Failed to change the file owner with interface 'chown'
ret = chown(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, UID0, GID0);
if (ret != FALSE) {
LOG("ErrInfo: Change the file owner without CAP_CHOWN");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
#endif
#if defined(LITE_FS_JFFS2)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0200
* @tc.name : Processes with the single CAP_DAC_OVERRIDE capability can invoke their management
and control interfaces to ignore read and write execution verification
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F(CapabilityTestSuite, CapabilityTest0200, Function | MediumTest | Level2)
{
int ret;
int status = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Drop the capabilities of CAP_DAC_READ_SEARCH
ret = DropCAPDACREADSEARCH();
if (ret != 0) {
LOG("ErrInfo: Failed to drop CAP_DAC_READ_SEARCH");
exitCode = 1;
}
// Step 2.1: Invoke CAP_DAC_READ_SEARCH related interfaces successfully
ret = TestDacReadSearchSuccess(1);
if (ret != 0) {
LOG("ErrInfo: TestDacReadSearchSuccess error");
exitCode = 1;
}
// Step 2.2: Invoke CAP_DAC_OVERRIDE related interfaces successfully
ret = TestDacOverrideSuccess();
if (ret != 0) {
LOG("ErrInfo: TestDacOverrideSuccess error");
exitCode = 1;
}
// Step 3: Continue to drop the capabilities of CAP_DAC_OVERRIDE
ret = DropCAPDACOVERRIDEAndREADSEARCH();
if (ret != 0) {
LOG("ErrInfo: Failed to drop CAP_DAC_OVERRIDE after CAP_DAC_READ_SEARCH revoked");
exitCode = 1;
}
// Step 4.1: Failed to invoke CAP_DAC_READ_SEARCH related interfaces
ret = TestDacReadSearchFail();
if (ret != 0) {
LOG("ErrInfo: TestDacReadSearchFail error");
exitCode = 1;
}
// Step 4.2: Failed to invoke CAP_DAC_OVERRIDE related interfaces
ret = TestDacOverrideFail();
if (ret != 0) {
LOG("ErrInfo: TestDacOverrideFail error");
exitCode = 1;
}
// Step 5: The sub process exit with the exitCode
exit(exitCode);
} else {
// Step 6: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
#endif
#if defined(LITE_FS_JFFS2)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0300
* @tc.name : Processes with the single CAP_DAC_READ_SEARCH capability can invoke their management
and control interfaces to ignore read execution verification
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F(CapabilityTestSuite, CapabilityTest0300, Function | MediumTest | Level3)
{
int ret;
int status = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Drop the capabilities of CAP_DAC_OVERRIDE
ret = DropCAPDACOVERRIDE();
if (ret != 0) {
LOG("ErrInfo: Failed to drop CAP_DAC_OVERRIDE");
exitCode = 1;
}
// Step 2.1: Invoke CAP_DAC_READ_SEARCH related interfaces successfully
ret = TestDacReadSearchSuccess(1);
if (ret != 0) {
LOG("ErrInfo: TestDacReadSearchSuccess error");
exitCode = 1;
}
// Step 2.2: Invoke CAP_DAC_OVERRIDE related interfaces successfully
ret = TestDacOverrideFail();
if (ret != 0) {
LOG("ErrInfo: TestDacOverrideFail error");
exitCode = 1;
}
// Step 3: Continue to drop the capabilities of CAP_DAC_READ_SEARCH
ret = DropCAPDACOVERRIDEAndREADSEARCH();
if (ret != 0) {
LOG("ErrInfo: Failed to drop CAP_DAC_READ_SEARCH after CAP_DAC_OVERRIDE revoked");
exitCode = 1;
}
// Step 4.1: Failed to invoke CAP_DAC_READ_SEARCH related interfaces
ret = TestDacReadSearchFail();
if (ret != 0) {
LOG("ErrInfo: TestDacReadSearchFail error");
exitCode = 1;
}
// Step 4.2: Failed to invoke CAP_DAC_OVERRIDE related interfaces
ret = TestDacOverrideFail();
if (ret != 0) {
LOG("ErrInfo: TestDacOverrideFail error");
exitCode = 1;
}
// Step 5: The sub process exit with the exitCode
exit(exitCode);
} else {
// Step 6: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
#endif
#if defined(LITE_FS_JFFS2)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0400
* @tc.name : Processes that have the CAP_DAC_OVERRIDE
and CAP_DAC_READ_SEARCH capabilities can invoke their management
and control interfaces to ignore read and write execution verification
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F(CapabilityTestSuite, CapabilityTest0400, Function | MediumTest | Level3)
{
int ret;
int status = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1.1: Invoke CAP_DAC_READ_SEARCH related interfaces successfully
ret = TestDacReadSearchSuccess(1);
if (ret != 0) {
LOG("ErrInfo: TestDacReadSearchSuccess error");
exitCode = 1;
}
// Step 1.2: Invoke CAP_DAC_OVERRIDE related interfaces successfully
ret = TestDacOverrideSuccess();
if (ret != 0) {
LOG("ErrInfo: TestDacOverrideSuccess error");
exitCode = 1;
}
// Step 2: Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
ret = DropCAPDACOVERRIDEAndREADSEARCH();
if (ret != 0) {
LOG("ErrInfo: Failed to drop CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH");
exitCode = 1;
}
// Step 3.1: Failed to invoke CAP_DAC_READ_SEARCH related interfaces
ret = TestDacReadSearchFail();
if (ret != 0) {
LOG("ErrInfo: TestDacReadSearchFail error");
exitCode = 1;
}
// Step 3.2: Failed to invoke CAP_DAC_OVERRIDE related interfaces
ret = TestDacOverrideFail();
if (ret != 0) {
LOG("ErrInfo: TestDacOverrideFail error");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
#endif
#if defined(LITE_FS_JFFS2)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0500
* @tc.name : Processes with the CAP_FOWNER capability can invoke their management
and control interfaces to modify file permissions
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F(CapabilityTestSuite, CapabilityTest0500, Function | MediumTest | Level2)
{
int ret;
int status = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Change the file owner with interface 'chown'
ret = chown(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, UID10000, GID10000);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to change the file owner with CAP_CHOWN";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the file permission with CAP_FOWNER'
ret = chmod(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, RWX);
if (ret != 0) {
LOG("ErrInfo: Failed to chmod with CAP_FOWNER");
exitCode = 1;
}
// Step 2: Drop the capabilities of CAP_FOWNER
ret = DropCAPFOWNER();
if (ret != 0) {
LOG("ErrInfo: Failed to drop CAP_FOWNER");
exitCode = 1;
}
// Step 2: Failed to change the file permission with interface 'chmod'
ret = chmod(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, NORWX);
if (ret != FALSE) {
LOG("ErrInfo: Change the file permission without CAP_FOWNER");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
// Cleanup action: Restore the initial status of the file
ret = chown(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, UID0, GID0);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to restore the file owner with CAP_FOWNER";
}
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0600
* @tc.name : Processes with the CAP_KILL capability can invoke their management
......@@ -781,7 +399,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0600, Function | MediumTest | Level2
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0700
* @tc.name : Processes with the CAP_SETGID capability can invoke their management
......@@ -833,7 +451,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0700, Function | MediumTest | Level2
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0800
* @tc.name : Processes with the CAP_SETUID capability can invoke their management
......@@ -903,7 +521,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0800, Function | MediumTest | Level2
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0900
* @tc.name : Processes with the CAP_SETPCCAP capability can invoke their management
......@@ -942,7 +560,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0900, Security | MediumTest | Level2
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1000
* @tc.name : Processes with the CAP_SYS_NICE capability can invoke their management
......@@ -1008,7 +626,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1000, Function | MediumTest | Level2
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1100
* @tc.name : Processes with the CAP_SYS_TIME capability can call their management
......@@ -1059,7 +677,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1100, Function | MediumTest | Level2
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1200
* @tc.name : Processes without the CAP_SETPCAP capability cannot drop any capability
......@@ -1087,7 +705,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1200, Function | MediumTest | Level3
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1300
* @tc.name : Inheritance of process capabilities
......@@ -1124,7 +742,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1300, Function | MediumTest | Level1
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1400
* @tc.name : Invoke the capset interface to add and drop the process capabilities for 10000 times
......@@ -1163,7 +781,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1400, Reliability | MediumTest | Lev
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1500
* @tc.name : Invoke the capset interface to revoke the process capabilities which not exist for 10000 times
......@@ -1179,12 +797,21 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev
if (pid == 0) {
int exitCode = 0;
struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct));
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0,
sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
LINUX_FULL_CAP, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].permitted &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX);
capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].effective &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX);
capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].inheritable &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX);
......@@ -1208,7 +835,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1600
* @tc.name : Enter the exception parameter for 10000 times when invoke the capset interface
......@@ -1273,7 +900,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1600, Reliability | MediumTest | Lev
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1700
* @tc.name : Invoke the capget interface to query the process capabilities for 10000 times
......@@ -1292,7 +919,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1700, Reliability | MediumTest | Lev
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1800
* @tc.name : Invoke the capget interface to query the process capabilities which not exist for 10000 times
......@@ -1332,7 +959,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1800, Reliability | MediumTest | Lev
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1900
* @tc.name : Enter the exception parameter for 10000 times when invoke the capget interface
......@@ -1398,43 +1025,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1900, Reliability | MediumTest | Lev
}
#endif
#if defined(LITE_FS_JFFS2)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2000
* @tc.name : The process repeatedly invokes the interfaces controlled by its capability for 10000 times
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F(CapabilityTestSuite, CapabilityTest2000, Reliability | MediumTest | Level2)
{
int status = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Invoke CAP_DAC_READ_SEARCH related interfaces for 10000 times
for (int number = 0; number < NUM10000; number++) {
exitCode = TestDacReadSearchSuccess(number);
if (exitCode != 0) {
LOG("ErrInfo: TestDacReadSearchSuccess error during the %d time", number);
break;
}
}
// Step 2: The sub process exit with the exitCode
exit(exitCode);
} else {
// Step 3: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2100
* @tc.name : Five processes concurrently invoke APIs managed by the capability for 5000 times
......@@ -1490,8 +1081,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2100, Reliability | MediumTest | Lev
}
#endif
#ifndef _BOARD_HI3516_
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2200
* @tc.name : Check whether the default configuration of the system process capabilities
......@@ -1530,49 +1120,8 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2200, Security | MediumTest | Level1
EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 9, process wms_server or ai_server has wrong capability";
}
#endif
#endif
#if defined(LITE_FS_VFAT) && defined(_BOARD_HI3516_)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2200
* @tc.name : Check whether the default configuration of the system process capabilities
is the same as that described in the design document
* @tc.desc : [C-SECURITY-0100]
*/
HWTEST_F(CapabilityTestSuite, CapabilityTest2200, Security | MediumTest | Level1)
{
int ret;
// Step 1: Check the capability of process 'init', pid = 1
ret = CapgetWithCaps(INIT_PID_2, INIT_CAP);
EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 1, process init has wrong capability";
// Step 2: Check the capability of process 'KProcess', pid = 2
ret = CapgetWithCaps(KPROCESS_PID_2, KPROCESS_CAP);
EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 2, process KProcess has wrong capability";
// Step 3: Check the capability of process 'shell', pid = 8
ret = CapgetWithCaps(SHELL_PID_2, SHELL_CAP);
EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 8, process shell has wrong capability";
// Step 4: Check the capability of process 'apphilogcat', pid = 10
ret = CapgetWithCaps(HILOGCAT_PID_2, HILOGCAT_CAP);
EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 10, process apphilogcat has wrong capability";
// Step 5: Check the capability of process 'foundation', pid = 3
ret = CapgetWithCaps(FOUNDATION_PID_2, FOUNDATION_CAP);
EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 3, process foundation has wrong capability";
// Step 6: Check the capability of process 'bundle_daemon', pid = 4
ret = CapgetWithCaps(BUNDLE_DAEMON_PID_2, BUNDLE_DAEMON_CAP);
EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 4, process bundle_daemon has wrong capability";
// Step 7: Check the capability of process 'appspawn', pid = 5
ret = CapgetWithCaps(APPSPAWN_PID_2, APPSPAWN_CAP);
EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 5, process appspawn has wrong capability";
// Step 8: Check the capability of process 'media_server', pid = 6
ret = CapgetWithCaps(MEDIA_SERVER_PID_2, MEDIA_SERVER_CAP);
EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 6, process media_server has wrong capability";
// Step 9: Check the capability of process 'wms_server' or 'ai_server', pid = 7
ret = CapgetWithCaps(WMS_SERVER_OR_AI_SERVER_PID_2, WMS_SERVER_OR_AI_SERVER_CAP);
EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 7, process wms_server or ai_server has wrong capability";
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2300
* @tc.name : Check whether the default configuration of the capability of the third-party application process
......@@ -1583,11 +1132,20 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1
{
int ret;
struct __user_cap_header_struct capheader = { 0 };
memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct));
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0,
sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } };
memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct),
0, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("CapgetWithAllCap memset_s failed");
return FALSE;
};
pid_t pid = getpid();
for (int num = OTHER_PID; num <= pid; num++) {
// Step 1: The current test process has all capabilities
......@@ -1613,7 +1171,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2400
* @tc.name : The process continuously invokes the capset and capget interfaces,
......@@ -1680,7 +1238,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2400, Function | MediumTest | Level1
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2500
* @tc.name : Performance test of capset and capget interface
......@@ -1727,7 +1285,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2500, Performance | MediumTest | Lev
}
#endif
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2600
* @tc.name : Performance test of the interface managed by Capability
......
......@@ -42,7 +42,6 @@ hcpptest_suite("ActsVFATCapabilityTest") {
if (enable_ohos_appexecfwk_feature_ability == true) {
defines = [
"_BOARD_HI3516_",
"LITE_FS_VFAT",
"TOP_DIR=\"/sdcard\"",
"TOP_DIR_MOUNT_INFO=\"/sdcard vfat\"",
......
......@@ -12,8 +12,5 @@
# limitations under the License.
group("ActsDacTest") {
deps = [
"./jffs:ActsJFFS2DACTest",
"./vfat:ActsVFATDACTest",
]
deps = [ "./vfat:ActsVFATDACTest" ]
}
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//test/xts/tools/lite/build/suite_lite.gni")
hcpptest_suite("ActsJFFS2DACTest") {
suite_name = "acts"
sources = [
"../src/ActsDacPreTest.cpp",
"../src/ActsDacTest.cpp",
"../src/ActsSystemDevDacTest.cpp",
"../src/ActsSystemJffsDacTest.cpp",
"../src/DACFileSystemTest.cpp",
]
include_dirs = [
"../src",
"../../capability/src",
"//third_party/bounds_checking_function/include",
]
public_deps = [
"../../capability:capability_shared",
"//third_party/bounds_checking_function:libsec_shared",
]
cflags_cc = [
"-Wno-write-strings",
"-Wno-sign-compare",
]
ldflags = [
"-lstdc++",
"-lm",
"-lpthread",
]
defines = [
"LITE_FS_JFFS2",
"TOP_DIR=\"/storage\"",
"TOP_DIR_MOUNT_INFO=\"/storage jffs\"",
]
}
{
"description": "Config for hcpptest demo test cases",
"environment": [
{
"type": "device",
"label": "ipcamera"
}
],
"kits": [
{
"type": "MountKit",
"server": "NfsServer",
"mount": [
{
"source": "testcases/security",
"target": "/test_root/security"
}
]
}
],
"driver": {
"type": "CppTestLite",
"execute": "/test_root/security/ActsJFFS2DACTest.bin"
}
}
\ No newline at end of file
......@@ -25,7 +25,7 @@
using namespace std;
using namespace testing::ext;
#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT)
#if defined(LITE_FS_VFAT)
static int TestSetUid()
{
// Test the 'setuid' interface
......
/*
* Copyright (c) 2020-2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ActsDacTest.h"
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include "gtest/gtest.h"
#include "ActsCapabilityTest.h"
#include "DACFileSystemTest.h"
using namespace std;
using namespace testing::ext;
#if defined(LITE_FS_JFFS2)
static void CreateTxt()
{
int ret;
int fd = 0;
char dac[] = "DacTestSuite!\n";
// Initialize the process and set the uid and gid of the process to zero
SetUidGid(UID0, GID0);
// Create a directory 'DACDIR0' in the directory 'TOP_DIR'
ret = mkdir(TOP_DIR "/" DACDIR0, CHMOD700);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0'";
// Create a directory 'DACDIR0_DACDIR0' in the directory 'TOP_DIR/DACDIR0'
ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, RWX);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0/DACDIR0_DACDIR0'";
// Create a file 'DACDIR0_DACFILE0' in the directory 'DacTest'
fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY | O_CREAT | O_TRUNC, CHMOD700);
if (fd >= 0) {
// File created successfully
write(fd, dac, sizeof(dac));
close(fd);
} else {
// Failed to create the file
ASSERT_GE(fd, 0) << "ErrInfo: Failed to create the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0'";
}
}
static void CreateTxt1()
{
int ret;
int fd = 0;
char dac[] = "DacTestSuite!\n";
// Initialize the process and set the uid and gid of the process to zero
SetUidGid(UID0, GID0);
// Create a directory 'DACDIR1' in the directory 'TOP_DIR'
ret = mkdir(TOP_DIR "/" DACDIR1, CHMOD700);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR1'";
// Create a directory 'DACDIR1_DACDIR0' in the directory 'TOP_DIR/DACDIR1'
ret = mkdir(TOP_DIR "/" DACDIR1 "/" DACDIR1_DACDIR0, RWX);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR1/DACDIR1_DACDIR0'";
// Create a file 'DACDIR1_DACFILE0' in the directory 'DACDIR1'
fd = open(TOP_DIR "/" DACDIR1 "/" DACDIR1_DACFILE0, O_WRONLY | O_CREAT | O_TRUNC, CHMOD700);
if (fd >= 0) {
// File created successfully
write(fd, dac, sizeof(dac));
close(fd);
} else {
// Failed to create the file
ASSERT_GE(fd, 0) << "ErrInfo: Failed to create the file 'TOP_DIR/DACDIR1/DACDIR1_DACFILE0'";
}
// Change the file 'DACDIR1_DACFILE0' owner with interface 'chown'
ret = chown(TOP_DIR "/" DACDIR1 "/" DACDIR1_DACFILE0, UID1, GID1);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the file 'DACDIR1_DACFILE0' owner with interface 'chown'";
// Change the directory 'TOP_DIR/DACDIR1' owner with interface 'chown'
ret = chown(TOP_DIR "/" DACDIR1, UID1, GID1);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the directory 'TOP_DIR/DACDIR1' owner with interface 'chown'";
}
static int ThreeProcessReadOneTxt()
{
int fd = 0;
int status = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Fork three sub processes
pid_t pid;
for (int num = 0; num < NUM3; num++) {
pid = fork();
if (pid < 0) {
LOG("======== Fork Error! =========");
return -1;
}
usleep(SLEEP_NUM);
if (pid == 0) {
break;
}
}
// get one parent & three children
if (pid == 0) {
int exitCode = 0;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid(UID0, GID0);
// Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
DropCAPDACOVERRIDEAndREADSEARCH();
// Three sub processes read a file at the same time
for (int number = 0; number < NUM1000; number++) {
fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY);
if (fd >= 0) {
close(fd);
} else {
LOG("ErrInfo: failed to open the file during the %d time", number);
exitCode = 1;
break;
}
}
// Three sub processes exit with the exitCode
exit(exitCode);
} else {
// The parent process wait for three sub processes to exit and obtain the exitCode
for (int num2 = 0; num2 < NUM3; num2++) {
wait(&status);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: Pid = "<< pid
<< ", its exitCode is wrong and test case failed, please query logs";
}
// Delete the directory 'TOP_DIR/DACDIR0'
RemoveDir(TOP_DIR "/" DACDIR0);
}
return 0;
}
static int TwoProcessReadTwoTxt()
{
int status = 0;
// Preset action: Create a file whose owner is uid0, gid0
CreateTxt();
// Preset action: Create a file whose owner is uid1, gid1
CreateTxt1();
// Preset action: Fork two sub processes
pid_t pid[NUM2];
for (int num = 0; num < NUM2; num++) {
pid[num] = fork();
EXPECT_TRUE(pid[num] >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid[num] == 0) {
// Set UID and GID of process pid[0] to 0 and set UID and GID of process pid[1] to 1
SetUidGid(num, num);
// Drop both process capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
DropCAPDACOVERRIDEAndREADSEARCH();
break;
}
}
// get one parent & two children
if (pid[0] == 0 || pid[1] == 0) {
int exitCode = 0;
for (int number = 0; number < NUM1000; number++) {
// Two processes with different UIDs and GIDs read two files with different owners at the same time
if (pid[0] == 0) {
// The process pid[0] can open the file Dac.txt whose owners are uid0 and gid0
int fd0dac = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY);
if (fd0dac >= 0) {
close(fd0dac);
} else {
LOG("ErrInfo: PID[0] failed to open the file during the %d time", number);
exitCode = 1;
break;
}
// The process pid[0] can not open the file Dac.txt whose owners are uid1 and gid1
int fd0dac1 = open(TOP_DIR "/" DACDIR1 "/" DACDIR1_DACFILE0, O_WRONLY);
if (fd0dac1 >= 0) {
LOG("ErrInfo: PID[0] open the file with wrong uid&gid during the %d time", number);
close(fd0dac1);
exitCode = 1;
break;
}
} else {
// The process pid[1] can not open the file Dac.txt whose owners are uid0 and gid0
int fd1dac = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY);
if (fd1dac >= 0) {
LOG("ErrInfo: PID[1] open the file with wrong uid&gid during the %d time", number);
close(fd1dac);
exitCode = 1;
break;
}
// The process pid[1] can open the file Dac.txt whose owners are uid1 and gid1
int fd1dac1 = open(TOP_DIR "/" DACDIR1 "/" DACDIR1_DACFILE0, O_WRONLY);
if (fd1dac1 >= 0) {
close(fd1dac1);
} else {
LOG("ErrInfo: PID[1] failed to open the file during the %d time", number);
exitCode = 1;
break;
}
}
}
// Two sub processes exit with the exitCode
exit(exitCode);
} else {
// The parent process wait for the sub process pid[0] to exit and obtain the exitCode
waitpid(pid[0], &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid[0];
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<< pid[0];
// The parent process wait for the sub process pid[1] to exit and obtain the exitCode
waitpid(pid[1], &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid[1];
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<< pid[1];
}
return 0;
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0140
* @tc.name : Invoke the chmod interface to set the file permission
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0140, Function | MediumTest | Level2)
{
int ret;
int status = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Preset action: Drop the capabilities of CAP_FOWNER
DropCAPFOWNER();
// Step 1: Set the uid and gid of the process to 0
SetUidGid(UID0, GID0);
// Step 2.1: Change the file permission 700 with interface 'chmod'
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD700);
if (ret != 0) {
LOG("ErrInfo: Failed in chmod 700");
exitCode = 1;
}
// Step 2.2: Change the file permission 111 with interface 'chmod'
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD111);
if (ret != 0) {
LOG("ErrInfo: Failed in chmod 111");
exitCode = 1;
}
// Step 2.3: Change the file permission -1 with interface 'chmod'
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, FALSE);
if (ret != 0) {
LOG("ErrInfo: Failed in chmod FALSE");
exitCode = 1;
}
// Step 2.4: Change the file permission -777 with interface 'chmod'
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, -777);
if (ret != 0) {
LOG("ErrInfo: Failed in chmod -777");
exitCode = 1;
}
// Step 3: Set the uid and gid of the process to 10000
SetUidGid(UID10000, GID10000);
// Step 4: Failed to change the file permission for the process that is not the file owner
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD777);
EXPECT_EQ(ret, FALSE) << "ErrInfo: Chmod 777 with wrong uid";
// Step 5: The sub process exit with the exitCode
exit(exitCode);
} else {
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0150
* @tc.name : Invoke chown interface to set the file owner
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0150, Function | MediumTest | Level2)
{
int ret;
int status = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Set the uid and gid of the process to 0
SetUidGid(UID0, GID0);
// Step 2.1: Set the directory 'TOP_DIR/DACDIR0' owner UID10000 and GID10000
ret = chown(TOP_DIR "/" DACDIR0, UID10000, GID10000);
if (ret != 0) {
LOG("ErrInfo: Failed to set the directory 'TOP_DIR/DACDIR0' owner UID10000 and GID10000");
exitCode = 1;
}
// Step 2.2: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID10000 and GID10000
ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID10000, GID10000);
if (ret != 0) {
LOG("ErrInfo: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID10000 and GID10000");
exitCode = 1;
}
// Step 2.3: Set the directory 'TOP_DIR/DACDIR0' owner UID2147483647 and GID2147483647
ret = chown(TOP_DIR "/" DACDIR0, MAX_INT, MAX_INT);
if (ret != 0) {
LOG("ErrInfo: Failed to set the directory 'TOP_DIR/DACDIR0' owner UID2147483647 and GID2147483647");
exitCode = 1;
}
// Step 2.4: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID2147483647 and GID2147483647
ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, MAX_INT, MAX_INT);
if (ret != 0) {
LOG("ErrInfo: Failed to set the file owner UID2147483647 and GID2147483647");
exitCode = 1;
}
// Step 2.5: Set the directory 'TOP_DIR/DACDIR0' owner UID0 and GID0
ret = chown(TOP_DIR "/" DACDIR0, UID0, GID0);
if (ret != 0) {
LOG("ErrInfo: Failed to set the directory 'TOP_DIR/DACDIR0' owner UID0 and GID0");
exitCode = 1;
}
// Step 2.4: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID0 and GID0
ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID0, GID0);
if (ret != 0) {
LOG("ErrInfo: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID0 and GID0");
exitCode = 1;
}
// Step 3: Drop the capabilities of CAP_CHOWN
DropCAPCHOWN();
// Step 4.1: Failed to set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN");
ret = chown(TOP_DIR "/" DACDIR0, UID10000, GID10000);
if (ret != FALSE) {
LOG("ErrInfo: Set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN");
exitCode = 1;
}
// Step 4.2: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN");
ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID10000, GID10000);
if (ret != FALSE) {
LOG("ErrInfo: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN");
exitCode = 1;
}
// Step 4.3: Set the uid and gid of the process to 555
SetUidGid(UID555, GID555);
// Step 4.4: Failed to set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN");
ret = chown(TOP_DIR "/" DACDIR0, UID10000, GID10000);
if (ret != FALSE) {
LOG("ErrInfo: Set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN");
exitCode = 1;
}
// Step 4.5: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN");
ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID10000, GID10000);
if (ret != FALSE) {
LOG("ErrInfo: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN");
exitCode = 1;
}
// Step 5: The sub process exit with the exitCode
exit(exitCode);
} else {
// Step 6: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0160
* @tc.name : Concurrent file reading by multiple processes
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0160, Function | MediumTest | Level2)
{
int ret;
// Step 1: Multiple processes read the same file
ret = ThreeProcessReadOneTxt();
EXPECT_EQ(ret, 0) << "ErrInfo: ThreeProcessReadOneTxt() exit error";
// Step 2: Multiple processes read the different files with different owners
ret = TwoProcessReadTwoTxt();
EXPECT_EQ(ret, 0) << "ErrInfo: TwoProcessReadTwoTxt() exit error";
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0170
* @tc.name : The owner or permission of a file fail to be modified when the file is operated by another process
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0170, Function | MediumTest | Level2)
{
int fd = 0;
int status = 0;
int exitCode0 = 0;
int exitCode1 = 0;
// Preset action: Create a file whose owner is uid0, gid0
CreateTxt();
// Preset action: Fork two sub processes
pid_t pid[NUM2];
for (int num = 0; num < NUM2; num++) {
pid[num] = fork();
ASSERT_TRUE(pid[num] >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid[num] == 0) {
// Drop both process capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
DropCAPDACOVERRIDEAndREADSEARCH();
break;
}
}
// Step 1: Open a file by Process pid[0]
if (pid[0] == 0) {
fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY);
}
if (pid[1] == 0) {
// Step 2: Change the file owner with interface 'chown' by Process pid[1]
int retchown = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID10000, GID10000);
if (retchown != 0) {
LOG("ErrInfo: Failed to change the file owner when the file is operated by another process");
exitCode1 = 1;
}
// Step 3: Change the file permission 000 with interface 'chmod' by Process pid[1]
int retchmod = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD000);
if (retchmod != 0) {
LOG("ErrInfo: Failed to change the file permission when the file is operated by another process");
exitCode1 = 1;
}
// Step 4: The sub process pid[1] exit with the exitCode1
exit(exitCode1);
}
// Step 5: Close the file by Process pid[0]
if (pid[0] == 0) {
if (fd >= 0) {
close(fd);
} else {
LOG("ErrInfo: PID[0] failed to open the file");
exitCode0 = 1;
}
// Step 6: The sub process pid[0] exit with the exitCode0
exit(exitCode0);
}
if ((pid[0] != 0) && (pid[1] != 0)) {
// Step 7: The parent process wait for the sub process pid[0] and pid[1] to exit and obtain the exitCode
for (int num2 = 0; num2 < NUM2; num2++) {
waitpid(pid[num2], &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid[num2];
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = "
<< pid[num2];
}
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0180
* @tc.name : Change the file permission for 10000 times
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0180, Reliability | MediumTest | Level2)
{
int ret;
// Preset action: Create a txt
CreateTxt();
// Step 1: Change the file permission for 10000 times
for (int number = 0; number < NUM10000; number++) {
// Step 1: Change the file permission
if (number & 1) {
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD700);
if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the file permission during the " << number << " time";
break;
}
} else {
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD777);
if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the file permission during the " << number << " time";
break;
}
}
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0190
* @tc.name : Change the file owner for 10000 times
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0190, Reliability | MediumTest | Level2)
{
int ret;
// Preset action: Create a txt
CreateTxt();
// Step 1: Change the file owner for 10000 times
for (int number = 0; number < NUM10000; number++) {
ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, number, number);
if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to Change the file owner during the " << number << " time";
break;
}
}
// Cleanup action: Restore the initial status of the file
ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID0, GID0);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to Change the file owner";
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0200
* @tc.name : Five processes concurrently invoke chmod and chown interface for 5000 times
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0200, Reliability | MediumTest | Level2)
{
int ret;
int status = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Fork five sub processes
pid_t pid;
for (int num = 0; num < NUM5; num++) {
pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
break;
}
}
// get one parent & five children
if (pid == 0) {
int exitCode = 0;
for (int number = 0; number < NUM5000; number++) {
// Step 1: Change the file owner for 5000 times
ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, number, number);
if (ret != 0) {
LOG("ErrInfo: Failed to Change the file owner during the %d time", number);
break;
}
// Step 2: Change the file permission for 5000 times
if (number & 1) {
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD700);
if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the file permission 700 during the " << number
<< " time";
break;
}
} else {
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD777);
if (ret != 0) {
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the file permission 777 during the " << number
<< " time";
break;
}
}
}
// Step 3: Two sub processes exit with the exitCode
exit(exitCode);
} else {
// Step 4: The parent process wait for two sub processes to exit and obtain the exitCode
for (int num2 = 0; num2 < NUM5; num2++) {
wait(&status);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: Pid = "<< pid
<< ", its exitCode is wrong and test case failed, please query logs";
}
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0210
* @tc.name : Performance test of the chomd and chown interface
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0210, Performance | MediumTest | Level2)
{
struct timespec tp = { 0 };
struct timespec starttime = { 0 };
struct timespec endtime = { 0 };
tp.tv_sec = 0;
tp.tv_nsec = 0;
// Preset action: Create a txt
CreateTxt();
// Preset action: Obtains the system time -> starttime
clock_gettime(CLOCK_REALTIME, &starttime);
for (int number = 0; number < NUM5000; number++) {
// Step 1: Change the file owner for 5000 times
chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, number, number);
// Step 2: Change the file permission for 5000 times
if (number & 1) {
chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD700);
} else {
chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD777);
}
}
// Step 3: Obtains the system time again -> endtime
clock_gettime(CLOCK_REALTIME, &endtime);
// Step 4: Compare the starttime and the endtime -> tp
tp = CompareTime(starttime, endtime);
EXPECT_LE(tp.tv_sec, NUM20) << "ErrInfo: Chown for 10000 times used " << tp.tv_sec << "." << tp.tv_nsec << "s";
// Cleanup action: Restore the initial status of the file
chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID0, GID0);
}
#endif
\ No newline at end of file
/*
* Copyright (c) 2020-2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ActsDacTest.h"
#include <dirent.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include "gtest/gtest.h"
#include "ActsCapabilityTest.h"
#include "DACFileSystemTest.h"
using namespace std;
using namespace testing::ext;
#if defined(LITE_FS_JFFS2)
static void CreateDevDir()
{
int ret;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid(UID0, GID0);
// Create a directory 'DACDIR0' in the directory '/storage'
ret = mkdir("/storage/" DACDIR0, CHMOD777);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory '/storage/DACDIR0'";
// Create a directory 'DACDIR0_DACDIR0' in the directory '/storage/DACDIR0'
ret = mkdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD777);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory '/storage/DACDIR0/DACDIR0_DACDIR0'";
}
static void CreateDevTxt()
{
int ret;
int fd = 0;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid(UID0, GID0);
// Create a directory 'DACDIR0' in the directory '/storage'
ret = mkdir("/storage/" DACDIR0, CHMOD777);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory '/storage/DACDIR0'";
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0290
* @tc.name : DAC control mechanism-File system storage-System call rmdir-UID0-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 333
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0290, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD333);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 333";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0300
* @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID0-Capability
CAPDACOVERRIDE-Permission 611
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0300, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD611);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 611";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0310
* @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 105
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0310, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD105);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 105";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0320
* @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 555
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0320, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD555);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 555";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0330
* @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH-Permission 666
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0330, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD666);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 666";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0340
* @tc.name : DAC control mechanism-File system storage-System call stat-UID0-GID1-Capability NULL-Permission 777
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0340, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD777);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 777";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0350
* @tc.name : DAC control mechanism-File system storage-System call stat-UID1-GID0-Capability
CAPDACOVERRIDE-Permission 166
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0350, Function | MediumTest | Level2)
{
int ret;
struct stat buf = { 0 };
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD166);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 166";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = stat("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, &buf);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0360
* @tc.name : DAC control mechanism-File system storage-System call stat-UID0-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 111
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0360, Function | MediumTest | Level2)
{
int ret;
struct stat buf = { 0 };
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD111);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 111";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = stat("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, &buf);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0370
* @tc.name : DAC control mechanism-File system storage-System call stat-UID0-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 210
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0370, Function | MediumTest | Level2)
{
int ret;
struct stat buf = { 0 };
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD210);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 210";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = stat("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, &buf);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0380
* @tc.name : DAC control mechanism-File system storage-System call stat-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 655
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0380, Function | MediumTest | Level2)
{
int ret;
struct stat buf = { 0 };
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD655);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 655";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = stat("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, &buf);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0390
* @tc.name : DAC control mechanism-File system storage-System call rename-UID1-GID0-Capability
CAPDACREADSEARCH-Permission 570
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0390, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD570);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 570";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = rename("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, "/storage/" DACDIR0 "/" DACDIR0_DACDIR1);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0400
* @tc.name : DAC control mechanism-File system storage-System call rename-UID1-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 306
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0400, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD306);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 306";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = rename("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, "/storage/" DACDIR0 "/" DACDIR0_DACDIR1);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0410
* @tc.name : DAC control mechanism-File system storage-System call rename-UID1-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 027
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0410, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD027);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 027";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = rename("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, "/storage/" DACDIR0 "/" DACDIR0_DACDIR1);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0420
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID0-GID1-Capability
CAPDACREADSEARCH-Permission 401
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0420, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD401);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 401";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0430
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID0-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 507
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0430, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD507);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 507";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0440
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID0-GID0-Capability
CAPDACOVERRIDE-Permission 347
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0440, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD347);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 347";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0450
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 063
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0450, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD063);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 063";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0460
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID1-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 230
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0460, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD230);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 230";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0470
* @tc.name : DAC control mechanism-File system storage-System call chdir-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 724
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0470, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD724);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 724";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0480
* @tc.name : DAC control mechanism-File system storage-System call execute-UID1-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 702
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0480, Function | MediumTest | Level2)
{
int ret;
char *argv[] = {nullptr, nullptr};
char *envp[] = {nullptr};
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD702);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = execve("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp);
// the file is not elf , can not exec
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0490
* @tc.name : DAC control mechanism-File system storage-System call execute-UID0-GID0-Capability
CAPDACOVERRIDE-Permission 473
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0490, Function | MediumTest | Level2)
{
int ret;
char *argv[] = {nullptr, nullptr};
char *envp[] = {nullptr};
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD473);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = execve("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp);
// the file is not elf , can not exec
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0500
* @tc.name : DAC control mechanism-File system storage-System call execute-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 261
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0500, Function | MediumTest | Level2)
{
int ret;
char *argv[] = {nullptr, nullptr};
char *envp[] = {nullptr};
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD261);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = execve("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp);
// the file is not elf , can not exec
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0510
* @tc.name : DAC control mechanism-File system storage-System call access-UID0-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 460
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0510, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD460);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0520
* @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID0-Capability
CAPDACOVERRIDE-Permission 562
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0520, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD562);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0530
* @tc.name : DAC control mechanism-File system storage-System call access-UID0-GID0-Capability
CAPDACOVERRIDE-Permission 076
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0530, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD076);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0540
* @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 305
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0540, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD076);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0550
* @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 132
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0550, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD132);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0560
* @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 241
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0560, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD241);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0570
* @tc.name : DAC control mechanism-File system storage-System call mkdir-UID0-GID1-Capability
CAPDACOVERRIDE-Permission 456
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0570, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD456);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 456";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = mkdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0580
* @tc.name : DAC control mechanism-File system storage-System call mkdir-UID1-GID0-Capability
CAPDACOVERRIDE-Permission 167
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0580, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD167);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 167";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = mkdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0590
* @tc.name : DAC control mechanism-File system storage-System call mkdir-UID1-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 511
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0590, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD511);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 511";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = mkdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0600
* @tc.name : DAC control mechanism-File system storage-System call mkdir-UID1-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 640
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0600, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD640);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 640";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = mkdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0610
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID1-Capability
CAPDACOVERRIDE-Permission 362
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0610, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD362);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0620
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID1-Capability
CAPDACOVERRIDE-Permission 526
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0620, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD526);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0630
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 604
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0630, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD604);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0640
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 671
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0640, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD671);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0650
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 743
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0650, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD743);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0660
* @tc.name : DAC control mechanism-File system storage-System call unlink-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 235
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0660, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD235);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0670
* @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 371
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0670, Function | MediumTest | Level2)
{
int ret;
int fd = 0;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD371);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
fd = open("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY);
if (fd >= 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
close(fd);
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0680
* @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 702
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0680, Function | MediumTest | Level2)
{
int ret;
int fd = 0;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD702);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
fd = open("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY);
if (fd >= 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
close(fd);
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0690
* @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 406
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0690, Function | MediumTest | Level2)
{
int ret;
int fd = 0;
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD406);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
fd = open("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY);
if (fd >= 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
close(fd);
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0700
* @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 257
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0700, Function | MediumTest | Level2)
{
int ret;
int fd = 0;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a file
CreateDevTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0, CHMOD257);
// storage/shm can not change chmod
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod ";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
fd = open("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY);
if (fd >= 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
close(fd);
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0710
* @tc.name : DAC control mechanism-File system storage-System call opendir-UID0-GID1-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 750
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0710, Function | MediumTest | Level2)
{
int ret;
DIR* dir = nullptr;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD750);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 750";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
dir = opendir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (dir == nullptr) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
} else {
closedir(dir);
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0720
* @tc.name : DAC control mechanism-File system storage-System call opendir-UID0-GID0-Capability
CAPDACOVERRIDE-Permission 143
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0720, Function | MediumTest | Level2)
{
int ret;
DIR* dir = nullptr;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD143);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 143";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
dir = opendir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (dir == nullptr) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
} else {
closedir(dir);
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0730
* @tc.name : DAC control mechanism-File system storage-System call opendir-UID1-GID1-Capability
CAPDACOVERRIDE-Permission 521
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0730, Function | MediumTest | Level2)
{
int ret;
DIR* dir = nullptr;
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD521);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 521";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
dir = opendir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (dir == nullptr) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
} else {
closedir(dir);
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0740
* @tc.name : DAC control mechanism-File system storage-System call opendir-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 016
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0740, Function | MediumTest | Level2)
{
int ret;
DIR* dir = nullptr;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD016);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 016";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
dir = opendir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (dir == nullptr) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
} else {
closedir(dir);
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0750
* @tc.name : DAC control mechanism-File system storage-System call opendir-UID1-GID1-Groups contain-Capability
CAPDACOVERRIDE-Permission 407
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0750, Function | MediumTest | Level2)
{
int ret;
DIR* dir = nullptr;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a directory
CreateDevDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD407);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 407";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
dir = opendir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0);
if (dir == nullptr) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
} else {
closedir(dir);
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
#endif
/*
* Copyright (c) 2020 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ActsDacTest.h"
#include <dirent.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include "gtest/gtest.h"
#include "ActsCapabilityTest.h"
#include "DACFileSystemTest.h"
using namespace std;
using namespace testing::ext;
#if defined(LITE_FS_JFFS2)
static void CreateDir()
{
int ret;
// Initialize the process and set the uid and gid of the process to zero
SetUidGid(UID0, GID0);
// Create a directory 'DACDIR0' in the directory 'TOP_DIR'
ret = mkdir(TOP_DIR "/" DACDIR0, CHMOD777);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0'";
// Create a directory 'DACDIR0_DACDIR0' in the directory 'TOP_DIR/DACDIR0'
ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD777);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0/DACDIR0_DACDIR0'";
}
static void CreateTxt()
{
int ret;
int fd = 0;
char dac[] = "DacTestSuite!\n";
// Initialize the process and set the uid and gid of the process to zero
SetUidGid(UID0, GID0);
// Create a directory 'DACDIR0' in the directory 'TOP_DIR'
ret = mkdir(TOP_DIR "/" DACDIR0, CHMOD777);
ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0'";
// Create a file 'DACDIR0_DACFILE0' in the directory 'TOP_DIR/DACDIR0'
fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY | O_CREAT | O_TRUNC, CHMOD777);
if (fd >= 0) {
// File created successfully
write(fd, dac, sizeof(dac));
close(fd);
} else {
// Failed to create the file
ASSERT_GE(fd, 0) << "ErrInfo: Failed to create the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0'";
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0760
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID1-Capability NULL-Permission 000
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0760, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD000);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 000";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0770
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID1-Capability NULL-Permission 052
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0770, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD052);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 052";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0780
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID1-Capability NULL-Permission 077
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0780, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD077);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 077";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0790
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID1-GID0-Capability NULL-Permission 444
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0790, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD444);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 444";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0800
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID1-GID0-Capability
CAPDACREADSEARCH-Permission 716
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0800, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD716);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 716";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0810
* @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID0-Capability
CAPDACREADSEARCH-Permission 222
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0810, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD222);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 222";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0820
* @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID0-Capability
CAPDACOVERRIDE-Permission 000
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0820, Function | MediumTest | Level2)
{
int ret;
struct stat buf = { 0 };
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD000);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 000";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = stat(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, &buf);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0830
* @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID1-Capability NULL-Permission 422
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0830, Function | MediumTest | Level2)
{
int ret;
struct stat buf = { 0 };
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD422);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 422";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = stat(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, &buf);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0840
* @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID1-Capability
CAPDACREADSEARCH-Permission 334
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0840, Function | MediumTest | Level2)
{
int ret;
struct stat buf = { 0 };
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD334);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 334";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = stat(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, &buf);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0850
* @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 543
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0850, Function | MediumTest | Level2)
{
int ret;
struct stat buf = { 0 };
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD334);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 334";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = stat(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, &buf);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0860
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID1-Capability
CAPDACOVERRIDE-Permission 614
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0860, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD614);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 614";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0870
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID1-Capability
CAPDACREADSEARCH-Permission 242
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0870, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD242);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 242";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0880
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID0-Capability NULL-Permission 430
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0880, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD430);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 430";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0890
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID0-Capability NULL-Permission 765
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0890, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD765);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 765";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0900
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID0-Capability
CAPDACREADSEARCH-Permission 123
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0900, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD123);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 123";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0910
* @tc.name : DAC control mechanism-File system jffs2-System call rename-UID1-GID1-Groups contain-Capability
NULL-Permission 151
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0910, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD151);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 151";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0920
* @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID1-GID0-Capability
CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 256
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0920, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD256);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 256";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
CapInit();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = chdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0930
* @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID0-GID0-Capability
CAPDACREADSEARCH-Permission 235
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0930, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD235);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 235";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = chdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0940
* @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID1-GID1-Capability NULL-Permission 670
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0940, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD670);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 670";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = chdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0950
* @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH-Permission 116
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0950, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD116);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 116";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = chdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0960
* @tc.name : DAC control mechanism-File system jffs2-System call execute-UID0-GID1-Capability
CAPDACREADSEARCH-Permission 045
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0960, Function | MediumTest | Level2)
{
int ret;
char *argv[] = {nullptr, nullptr};
char *envp[] = {nullptr};
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD045);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 045";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = execve(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0970
* @tc.name : DAC control mechanism-File system jffs2-System call execute-UID1-GID0-Capability NULL-Permission 124
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0970, Function | MediumTest | Level2)
{
int ret;
char *argv[] = {nullptr, nullptr};
char *envp[] = {nullptr};
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD124);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 124";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = execve(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0980
* @tc.name : DAC control mechanism-File system jffs2-System call execute-UID0-GID0-Capability NULL-Permission 536
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0980, Function | MediumTest | Level2)
{
int ret;
char *argv[] = {nullptr, nullptr};
char *envp[] = {nullptr};
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD536);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 536";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = execve(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp);
// the file is not elf , can not exec
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0990
* @tc.name : DAC control mechanism-File system jffs2-System call execute-UID1-GID1-Capability
CAPDACREADSEARCH-Permission 657
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest0990, Function | MediumTest | Level2)
{
int ret;
char *argv[] = {nullptr, nullptr};
char *envp[] = {nullptr};
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD657);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 657";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = execve(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp);
// the file is not elf , can not exec
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1000
* @tc.name : DAC control mechanism-File system jffs2-System call execute-UID1-GID1-Groups contain-Capability
NULL-Permission 310
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1000, Function | MediumTest | Level2)
{
int ret;
char *argv[] = {nullptr, nullptr};
char *envp[] = {nullptr};
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD310);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 310";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = execve(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp);
// the file is not elf , can not exec
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1010
* @tc.name : DAC control mechanism-File system jffs2-System call access-UID0-GID1-Capability NULL-Permission 354
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1010, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD354);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 354";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = access(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1020
* @tc.name : DAC control mechanism-File system jffs2-System call access-UID1-GID0-Capability NULL-Permission 623
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1020, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD623);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 623";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = access(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1030
* @tc.name : DAC control mechanism-File system jffs2-System call access-UID1-GID1-Capability
CAPDACREADSEARCH-Permission 717
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1030, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD717);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 717";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = access(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1040
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID0-GID1-Capability NULL-Permission 203
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1040, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD203);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 203";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1050
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID0-GID0-Capability
CAPDACREADSEARCH-Permission 325
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1050, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD325);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 325";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1060
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID0-GID0-Capability
CAPDACREADSEARCH-Permission 453
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1060, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD453);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 453";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1070
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID1-GID1-Groups contain-Capability
NULL-Permission 342
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1070, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD342);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 342";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1080
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID1-GID1-Groups contain-Capability
NULL-Permission 731
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1080, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD731);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 731";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1090
* @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH-Permission 074
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1090, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD074);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 074";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1100
* @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID0-Capability
CAPDACREADSEARCH-Permission 175
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1100, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD175);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 175";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = unlink(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1110
* @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID0-Capability
CAPDACREADSEARCH-Permission 446
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1110, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD446);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 446";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = unlink(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1120
* @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID0-Capability
CAPDACREADSEARCH-Permission 560
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1120, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD560);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 560";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
ret = unlink(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1130
* @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID1-Capability NULL-Permission 013
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1130, Function | MediumTest | Level2)
{
int ret;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD013);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 013";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
ret = unlink(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1140
* @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID1-Groups contain-Capability
NULL-Permission 457
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1140, Function | MediumTest | Level2)
{
int ret;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD457);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 457";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
ret = unlink(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0);
if (ret != FALSE) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1150
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID0-GID1-Capability
CAPDACREADSEARCH-Permission 120
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1150, Function | MediumTest | Level2)
{
int ret;
int fd = 0;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD120);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 120";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (fd >= 0) {
close(fd);
} else {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1160
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID0-GID1-Capability
CAPDACREADSEARCH-Permission 564
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1160, Function | MediumTest | Level2)
{
int ret;
int fd = 0;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD564);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 564";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID555);
// Step 3: Invoke the interface to operate the file system
fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (fd >= 0) {
close(fd);
} else {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1170
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID0-GID0-Capability NULL-Permission 415
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1170, Function | MediumTest | Level2)
{
int ret;
int fd = 0;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD415);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 415";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (fd >= 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
close(fd);
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1180
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID1-GID1-Capability NULL-Permission 044
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1180, Function | MediumTest | Level2)
{
int ret;
int fd = 0;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD044);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 044";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (fd >= 0) {
LOG("ErrInfo: VFS error with DAC or Capability");
close(fd);
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1190
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID1-GID1-Capability NULL-Permission 703
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1190, Function | MediumTest | Level2)
{
int ret;
int fd = 0;
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD703);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 703";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (fd >= 0) {
close(fd);
} else {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1200
* @tc.name : DAC control mechanism-File system jffs2-System call open-UID1-GID1-Groups contain-Capability
NULL-Permission 637
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1200, Function | MediumTest | Level2)
{
int ret;
int fd = 0;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a file
CreateTxt();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD637);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 637";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK);
if (fd >= 0) {
close(fd);
} else {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1210
* @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID1-GID0-Capability NULL-Permission 031
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1210, Function | MediumTest | Level2)
{
int ret;
DIR* dir = nullptr;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD031);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 031";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID0);
// Step 3: Invoke the interface to operate the file system
dir = opendir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (dir == nullptr) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
} else {
closedir(dir);
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1220
* @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID0-GID0-Capability NULL-Permission 712
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1220, Function | MediumTest | Level2)
{
int ret;
DIR* dir = nullptr;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD712);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 712";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDEAndREADSEARCH();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID0, GID0);
// Step 3: Invoke the interface to operate the file system
dir = opendir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (dir == nullptr) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
} else {
closedir(dir);
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1230
* @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID1-GID1-Capability
CAPDACREADSEARCH-Permission 274
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1230, Function | MediumTest | Level2)
{
int ret;
DIR* dir = nullptr;
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD274);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 274";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
// Step 3: Invoke the interface to operate the file system
dir = opendir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (dir == nullptr) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
} else {
closedir(dir);
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
/*
* @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1240
* @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID1-GID1-Groups contain-Capability
CAPDACREADSEARCH-Permission 665
* @tc.desc : [C- SECURITY -0200]
*/
HWTEST_F(DacTestSuite, DACTest1240, Function | MediumTest | Level2)
{
int ret;
DIR* dir = nullptr;
gid_t list[SINGLESIZE] = {0};
// Preset action: Create a directory
CreateDir();
// Preset action: Change the file permission according to the test procedure
ret = chmod(TOP_DIR "/" DACDIR0, CHMOD665);
EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 665";
// Preset action: Fork a sub process
pid_t pid = fork();
ASSERT_TRUE(pid >= 0) << "======== Fork Error! =========";
usleep(SLEEP_NUM);
if (pid == 0) {
int exitCode = 0;
// Step 1: Change the sub process capabilities according to the test procedure
DropCAPDACOVERRIDE();
// Step 2: Change the sub process uid, gid and groups according to the test procedure
SetUidGid(UID555, GID555);
setgroups(SINGLESIZE, list);
// Step 3: Invoke the interface to operate the file system
dir = opendir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0);
if (dir == nullptr) {
LOG("ErrInfo: VFS error with DAC or Capability");
exitCode = 1;
} else {
closedir(dir);
}
// Step 4: The sub process exit with the exitCode
exit(exitCode);
} else {
int status = 0;
// Step 5: The parent process wait for the sub process to exit and obtain the exitCode
waitpid(pid, &status, 0);
EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid;
EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid;
}
}
#endif
\ No newline at end of file
......@@ -17,9 +17,6 @@ hcpptest_suite("ActsVFATDACTest") {
suite_name = "acts"
sources = [
"../src/ActsDacPreTest.cpp",
"../src/ActsDacTest.cpp",
"../src/ActsSystemDevDacTest.cpp",
"../src/ActsSystemJffsDacTest.cpp",
"../src/DACFileSystemTest.cpp",
]
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册