From cc415790931af058f1c07538db0f31fa8654ca8f Mon Sep 17 00:00:00 2001 From: fwx1081852 Date: Fri, 24 Jun 2022 14:33:01 +0800 Subject: [PATCH] =?UTF-8?q?OH3.1release=E5=85=B3=E4=BA=8ECAP=E6=B5=8B?= =?UTF-8?q?=E8=AF=95=E5=A5=97=E8=BF=9B=E7=A8=8B=E9=97=AE=E9=A2=98=E8=A7=A3?= =?UTF-8?q?=E5=86=B3=E4=B8=8A=E5=BA=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: fwx1081852 --- .../capability/src/ActsCapabilityTest.cpp | 112 ++++++------------ .../capability/src/ActsCapabilityTest.h | 14 +-- 2 files changed, 42 insertions(+), 84 deletions(-) mode change 100755 => 100644 security_lite/permission_posix/capability/src/ActsCapabilityTest.h diff --git a/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp b/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp index b04add523..40251dfd6 100644 --- a/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp +++ b/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp @@ -55,8 +55,8 @@ static void CreateTxt() static int CapsetOnlySETPCAP(int num) { struct __user_cap_header_struct capheader; - errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), - 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); return FALSE; @@ -85,8 +85,8 @@ static int CapsetOnlySETPCAP(int num) static int AddCapUnauthorized(int num) { struct __user_cap_header_struct capheader; - errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), - 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); return FALSE; @@ -115,8 +115,8 @@ static int AddCapUnauthorized(int num) static int CapgetWithAllCap(int num) { struct __user_cap_header_struct capheader = { 0 }; - errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), - 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); return FALSE; @@ -148,8 +148,8 @@ static int CapgetWithAllCap(int num) static int CapgetWithNoCap(int num) { struct __user_cap_header_struct capheader = { 0 }; - errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), - 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); return FALSE; @@ -181,8 +181,8 @@ static int CapgetWithNoCap(int num) static int CapgetOnlySETPCAP(int num) { struct __user_cap_header_struct capheader = { 0 }; - errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), - 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); return FALSE; @@ -258,8 +258,8 @@ static int CapsetWithoutSETPCAP() static int CapsetWithVersion(pid_t pid, unsigned int version) { struct __user_cap_header_struct capheader = { 0 }; - errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), - 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); return FALSE; @@ -285,8 +285,8 @@ static int CapsetWithVersion(pid_t pid, unsigned int version) static int CapgetWithVersion(pid_t pid, unsigned int version) { struct __user_cap_header_struct capheader = { 0 }; - errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), - 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); return FALSE; @@ -308,14 +308,12 @@ static int CapgetWithVersion(pid_t pid, unsigned int version) } return 0; } -#endif -#if defined(LITE_FS_VFAT) static int CapgetWithCaps(pid_t pid, unsigned int caps) { struct __user_cap_header_struct capheader = { 0 }; - errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), - 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); return FALSE; @@ -337,9 +335,7 @@ static int CapgetWithCaps(pid_t pid, unsigned int caps) } return 0; } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0600 * @tc.name : Processes with the CAP_KILL capability can invoke their management @@ -399,9 +395,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0600, Function | MediumTest | Level2 } } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0700 * @tc.name : Processes with the CAP_SETGID capability can invoke their management @@ -451,9 +445,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0700, Function | MediumTest | Level2 EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0800 * @tc.name : Processes with the CAP_SETUID capability can invoke their management @@ -521,9 +513,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0800, Function | MediumTest | Level2 EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0900 * @tc.name : Processes with the CAP_SETPCCAP capability can invoke their management @@ -560,9 +550,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0900, Security | MediumTest | Level2 EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1000 * @tc.name : Processes with the CAP_SYS_NICE capability can invoke their management @@ -626,9 +614,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1000, Function | MediumTest | Level2 } } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1100 * @tc.name : Processes with the CAP_SYS_TIME capability can call their management @@ -677,9 +663,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1100, Function | MediumTest | Level2 EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1200 * @tc.name : Processes without the CAP_SETPCAP capability cannot drop any capability @@ -705,9 +689,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1200, Function | MediumTest | Level3 EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1300 * @tc.name : Inheritance of process capabilities @@ -742,9 +724,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1300, Function | MediumTest | Level1 EXPECT_EQ(ret, 0) << "ErrInfo: CapgetWithAllCap error"; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1400 * @tc.name : Invoke the capset interface to add and drop the process capabilities for 10000 times @@ -781,9 +761,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1400, Reliability | MediumTest | Lev EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1500 * @tc.name : Invoke the capset interface to revoke the process capabilities which not exist for 10000 times @@ -799,8 +777,8 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev if (pid == 0) { int exitCode = 0; struct __user_cap_header_struct capheader = { 0 }; - errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), - 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); ASSERT_TRUE(false); @@ -835,9 +813,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1600 * @tc.name : Enter the exception parameter for 10000 times when invoke the capset interface @@ -900,9 +876,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1600, Reliability | MediumTest | Lev EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1700 * @tc.name : Invoke the capget interface to query the process capabilities for 10000 times @@ -919,9 +893,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1700, Reliability | MediumTest | Lev } } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1800 * @tc.name : Invoke the capget interface to query the process capabilities which not exist for 10000 times @@ -959,9 +931,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1800, Reliability | MediumTest | Lev EXPECT_EQ(ret, 0) << "ErrInfo: CapgetWithAllCap error"; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1900 * @tc.name : Enter the exception parameter for 10000 times when invoke the capget interface @@ -1025,9 +995,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1900, Reliability | MediumTest | Lev EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2100 * @tc.name : Five processes concurrently invoke APIs managed by the capability for 5000 times @@ -1081,9 +1049,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2100, Reliability | MediumTest | Lev } } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2200 * @tc.name : Check whether the default configuration of the system process capabilities @@ -1099,31 +1065,29 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2200, Security | MediumTest | Level1 // Step 2: Check the capability of process 'KProcess', pid = 2 ret = CapgetWithCaps(KPROCESS_PID, KPROCESS_CAP); EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 2, process KProcess has wrong capability"; - // Step 3: Check the capability of process 'shell', pid = 3 + // Step 3: Check the capability of process 'shell', pid = 8 ret = CapgetWithCaps(SHELL_PID, SHELL_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 3, process shell has wrong capability"; - // Step 4: Check the capability of process 'apphilogcat', pid = 4 + EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 8, process shell has wrong capability"; + // Step 4: Check the capability of process 'apphilogcat', pid = 10 ret = CapgetWithCaps(HILOGCAT_PID, HILOGCAT_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 4, process apphilogcat has wrong capability"; - // Step 5: Check the capability of process 'foundation', pid = 5 + EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 10, process apphilogcat has wrong capability"; + // Step 5: Check the capability of process 'foundation', pid = 3 ret = CapgetWithCaps(FOUNDATION_PID, FOUNDATION_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 5, process foundation has wrong capability"; - // Step 6: Check the capability of process 'bundle_daemon', pid = 6 + EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 3, process foundation has wrong capability"; + // Step 6: Check the capability of process 'bundle_daemon', pid = 4 ret = CapgetWithCaps(BUNDLE_DAEMON_PID, BUNDLE_DAEMON_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 6, process bundle_daemon has wrong capability"; - // Step 7: Check the capability of process 'appspawn', pid = 7 + EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 4, process bundle_daemon has wrong capability"; + // Step 7: Check the capability of process 'appspawn', pid = 5 ret = CapgetWithCaps(APPSPAWN_PID, APPSPAWN_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 7, process appspawn has wrong capability"; - // Step 8: Check the capability of process 'media_server', pid = 8 + EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 5, process appspawn has wrong capability"; + // Step 8: Check the capability of process 'media_server', pid = 6 ret = CapgetWithCaps(MEDIA_SERVER_PID, MEDIA_SERVER_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 8, process media_server has wrong capability"; - // Step 9: Check the capability of process 'wms_server' or 'ai_server', pid = 9 + EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 6, process media_server has wrong capability"; + // Step 9: Check the capability of process 'wms_server' or 'ai_server', pid = 7 ret = CapgetWithCaps(WMS_SERVER_OR_AI_SERVER_PID, WMS_SERVER_OR_AI_SERVER_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 9, process wms_server or ai_server has wrong capability"; + EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 7, process wms_server or ai_server has wrong capability"; } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2300 * @tc.name : Check whether the default configuration of the capability of the third-party application process @@ -1134,8 +1098,8 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1 { int ret; struct __user_cap_header_struct capheader = { 0 }; - errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), - 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); ASSERT_TRUE(false); @@ -1143,7 +1107,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1 capheader.version = _LINUX_CAPABILITY_VERSION_3; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); if (result != EOK) { LOG("CapgetWithAllCap memset_s failed"); ASSERT_TRUE(false); @@ -1171,9 +1135,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1 } } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2400 * @tc.name : The process continuously invokes the capset and capget interfaces, @@ -1238,9 +1200,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2400, Function | MediumTest | Level1 } } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2500 * @tc.name : Performance test of capset and capget interface @@ -1285,9 +1245,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2500, Performance | MediumTest | Lev EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; } } -#endif -#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2600 * @tc.name : Performance test of the interface managed by Capability diff --git a/security_lite/permission_posix/capability/src/ActsCapabilityTest.h b/security_lite/permission_posix/capability/src/ActsCapabilityTest.h old mode 100755 new mode 100644 index 53292e12c..8aa0dbbd1 --- a/security_lite/permission_posix/capability/src/ActsCapabilityTest.h +++ b/security_lite/permission_posix/capability/src/ActsCapabilityTest.h @@ -37,13 +37,13 @@ constexpr int NUM10000 = 10000; constexpr int INIT_PID = 1; constexpr int KPROCESS_PID = 2; -constexpr int SHELL_PID = 3; -constexpr int HILOGCAT_PID = 4; -constexpr int FOUNDATION_PID = 5; -constexpr int BUNDLE_DAEMON_PID = 6; -constexpr int APPSPAWN_PID = 7; -constexpr int MEDIA_SERVER_PID = 8; -constexpr int WMS_SERVER_OR_AI_SERVER_PID = 9; +constexpr int SHELL_PID = 8; +constexpr int HILOGCAT_PID = 10; +constexpr int FOUNDATION_PID = 3; +constexpr int BUNDLE_DAEMON_PID = 4; +constexpr int APPSPAWN_PID = 5; +constexpr int MEDIA_SERVER_PID = 6; +constexpr int WMS_SERVER_OR_AI_SERVER_PID = 7; constexpr int HIVIEW_PID = 10; constexpr int OTHER_PID = 12; constexpr int INIT_PID_2 = 1; -- GitLab