Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Xts Acts
提交
d79473d9
X
Xts Acts
项目概览
OpenHarmony
/
Xts Acts
1 年多 前同步成功
通知
9
Star
22
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
X
Xts Acts
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
未验证
提交
d79473d9
编写于
4月 27, 2023
作者:
O
openharmony_ci
提交者:
Gitee
4月 27, 2023
浏览文件
操作
浏览文件
下载
差异文件
!8528 【OpenHarmony 4.0.6.3】【安全子系统】master分支CAP测试套下架
Merge pull request !8528 from qiaozzzh/0424_1
上级
49d22d2f
a522431b
变更
16
展开全部
隐藏空白更改
内联
并排
Showing
16 changed file
with
0 addition
and
3435 deletion
+0
-3435
security_lite/BUILD.gn
security_lite/BUILD.gn
+0
-2
security_lite/permission_posix/capability/BUILD.gn
security_lite/permission_posix/capability/BUILD.gn
+0
-35
security_lite/permission_posix/capability/src/ActsCapability.cpp
...y_lite/permission_posix/capability/src/ActsCapability.cpp
+0
-532
security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp
...te/permission_posix/capability/src/ActsCapabilityTest.cpp
+0
-1226
security_lite/permission_posix/capability/src/ActsCapabilityTest.h
...lite/permission_posix/capability/src/ActsCapabilityTest.h
+0
-155
security_lite/permission_posix/capability/src/CapabilityFileSystemTest.cpp
...mission_posix/capability/src/CapabilityFileSystemTest.cpp
+0
-61
security_lite/permission_posix/capability/src/CapabilityFileSystemTest.h
...ermission_posix/capability/src/CapabilityFileSystemTest.h
+0
-28
security_lite/permission_posix/capability/vfat/BUILD.gn
security_lite/permission_posix/capability/vfat/BUILD.gn
+0
-57
security_lite/permission_posix/capability/vfat/Test.json
security_lite/permission_posix/capability/vfat/Test.json
+0
-25
security_lite/permission_posix/dac/BUILD.gn
security_lite/permission_posix/dac/BUILD.gn
+0
-16
security_lite/permission_posix/dac/src/ActsDacPreTest.cpp
security_lite/permission_posix/dac/src/ActsDacPreTest.cpp
+0
-985
security_lite/permission_posix/dac/src/ActsDacTest.h
security_lite/permission_posix/dac/src/ActsDacTest.h
+0
-142
security_lite/permission_posix/dac/src/DACFileSystemTest.cpp
security_lite/permission_posix/dac/src/DACFileSystemTest.cpp
+0
-68
security_lite/permission_posix/dac/src/DACFileSystemTest.h
security_lite/permission_posix/dac/src/DACFileSystemTest.h
+0
-28
security_lite/permission_posix/dac/vfat/BUILD.gn
security_lite/permission_posix/dac/vfat/BUILD.gn
+0
-50
security_lite/permission_posix/dac/vfat/Test.json
security_lite/permission_posix/dac/vfat/Test.json
+0
-25
未找到文件。
security_lite/BUILD.gn
浏览文件 @
d79473d9
...
...
@@ -15,8 +15,6 @@ group("securitytest") {
if (ohos_kernel_type == "liteos_a") {
deps = [
"//test/xts/acts/security_lite/huks/liteos_a_adapter:Hukslitetest",
"//test/xts/acts/security_lite/permission_posix/capability:ActsCapabilityTest",
"//test/xts/acts/security_lite/permission_posix/dac:ActsDacTest",
"//test/xts/acts/security_lite/permission_posix/pms:ActsPMSTest",
]
} else if (ohos_kernel_type == "linux") {
...
...
security_lite/permission_posix/capability/BUILD.gn
已删除
100755 → 0
浏览文件 @
49d22d2f
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
group("ActsCapabilityTest") {
deps = [ "./vfat:ActsVFATCapabilityTest" ]
}
shared_library("capability_shared") {
sources = [ "src/ActsCapability.cpp" ]
include_dirs = [
"src",
"//third_party/bounds_checking_function/include",
]
public_deps = [ "//third_party/bounds_checking_function:libsec_shared" ]
cflags = [ "-Wno-error" ]
ldflags = [
"-lstdc++",
"-lm",
"-lpthread",
]
}
security_lite/permission_posix/capability/src/ActsCapability.cpp
已删除
100644 → 0
浏览文件 @
49d22d2f
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ActsCapabilityTest.h"
#include <csignal>
#include <dirent.h>
#include <securec.h>
#include <sys/capability.h>
#include <unistd.h>
void
Sigac
(
int
i
)
{
_exit
(
0
);
}
void
ChildSleep
()
{
signal
(
SIGXFSZ
,
Sigac
);
usleep
(
LONG_SLEEP_NUM
);
exit
(
0
);
}
int
CapInit
()
{
// Init capabilities
struct
__user_cap_header_struct
capheader
;
(
void
)
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
];
(
void
)
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
capdata
[
0
].
permitted
=
LINUX_FULL_CAP
;
capdata
[
0
].
effective
=
LINUX_FULL_CAP
;
capdata
[
0
].
inheritable
=
LINUX_FULL_CAP
;
// Set capabilities
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPCHOWN
()
{
struct
__user_cap_header_struct
capheader
=
{
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPCHOWN memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPCHOWN memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_CHOWN
capdata
[
CAP_TO_INDEX
(
CAP_CHOWN
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_CHOWN
);
capdata
[
CAP_TO_INDEX
(
CAP_CHOWN
)].
effective
&=
~
CAP_TO_MASK
(
CAP_CHOWN
);
capdata
[
CAP_TO_INDEX
(
CAP_CHOWN
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_CHOWN
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPDACOVERRIDE
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACOVERRIDE memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACOVERRIDE memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_DAC_OVERRIDE
capdata
[
CAP_TO_INDEX
(
CAP_DAC_OVERRIDE
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_DAC_OVERRIDE
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_OVERRIDE
)].
effective
&=
~
CAP_TO_MASK
(
CAP_DAC_OVERRIDE
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_OVERRIDE
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_DAC_OVERRIDE
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPDACREADSEARCH
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACREADSEARCH memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACREADSEARCH memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_DAC_READ_SEARCH
capdata
[
CAP_TO_INDEX
(
CAP_DAC_READ_SEARCH
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_DAC_READ_SEARCH
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_READ_SEARCH
)].
effective
&=
~
CAP_TO_MASK
(
CAP_DAC_READ_SEARCH
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_READ_SEARCH
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_DAC_READ_SEARCH
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPDACOVERRIDEAndREADSEARCH
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACOVERRIDEAndREADSEARCH memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPDACOVERRIDEAndREADSEARCH memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
capdata
[
CAP_TO_INDEX
(
CAP_DAC_READ_SEARCH
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_DAC_READ_SEARCH
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_READ_SEARCH
)].
effective
&=
~
CAP_TO_MASK
(
CAP_DAC_READ_SEARCH
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_READ_SEARCH
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_DAC_READ_SEARCH
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_OVERRIDE
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_DAC_OVERRIDE
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_OVERRIDE
)].
effective
&=
~
CAP_TO_MASK
(
CAP_DAC_OVERRIDE
);
capdata
[
CAP_TO_INDEX
(
CAP_DAC_OVERRIDE
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_DAC_OVERRIDE
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPFOWNER
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPFOWNER memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPFOWNER memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_FOWNER
capdata
[
CAP_TO_INDEX
(
CAP_FOWNER
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_FOWNER
);
capdata
[
CAP_TO_INDEX
(
CAP_FOWNER
)].
effective
&=
~
CAP_TO_MASK
(
CAP_FOWNER
);
capdata
[
CAP_TO_INDEX
(
CAP_FOWNER
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_FOWNER
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPKILL
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPKILL memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPKILL memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_KILL
capdata
[
CAP_TO_INDEX
(
CAP_KILL
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_KILL
);
capdata
[
CAP_TO_INDEX
(
CAP_KILL
)].
effective
&=
~
CAP_TO_MASK
(
CAP_KILL
);
capdata
[
CAP_TO_INDEX
(
CAP_KILL
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_KILL
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPSETGID
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETGID memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETGID memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_SETGID
capdata
[
CAP_TO_INDEX
(
CAP_SETGID
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_SETGID
);
capdata
[
CAP_TO_INDEX
(
CAP_SETGID
)].
effective
&=
~
CAP_TO_MASK
(
CAP_SETGID
);
capdata
[
CAP_TO_INDEX
(
CAP_SETGID
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_SETGID
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPSETUID
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETUID memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETUID memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_SETUID
capdata
[
CAP_TO_INDEX
(
CAP_SETUID
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_SETUID
);
capdata
[
CAP_TO_INDEX
(
CAP_SETUID
)].
effective
&=
~
CAP_TO_MASK
(
CAP_SETUID
);
capdata
[
CAP_TO_INDEX
(
CAP_SETUID
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_SETUID
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPSETPCAP
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETPCAP memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSETPCAP memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_SETPCAP
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_SETPCAP
);
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
effective
&=
~
CAP_TO_MASK
(
CAP_SETPCAP
);
capdata
[
CAP_TO_INDEX
(
CAP_SETPCAP
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_SETPCAP
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPSYSNICE
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSYSNICE memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSYSNICE memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_SYS_NICE
capdata
[
CAP_TO_INDEX
(
CAP_SYS_NICE
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_SYS_NICE
);
capdata
[
CAP_TO_INDEX
(
CAP_SYS_NICE
)].
effective
&=
~
CAP_TO_MASK
(
CAP_SYS_NICE
);
capdata
[
CAP_TO_INDEX
(
CAP_SYS_NICE
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_SYS_NICE
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropCAPSYSTIME
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSYSTIME memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropCAPSYSTIME memset_s failed"
);
return
FALSE
;
};
// Drop the capabilities of CAP_SYS_TIME
capdata
[
CAP_TO_INDEX
(
CAP_SYS_TIME
)].
permitted
&=
~
CAP_TO_MASK
(
CAP_SYS_TIME
);
capdata
[
CAP_TO_INDEX
(
CAP_SYS_TIME
)].
effective
&=
~
CAP_TO_MASK
(
CAP_SYS_TIME
);
capdata
[
CAP_TO_INDEX
(
CAP_SYS_TIME
)].
inheritable
&=
~
CAP_TO_MASK
(
CAP_SYS_TIME
);
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
DropAllCAP
()
{
struct
__user_cap_header_struct
capheader
=
{
0
,
0
};
errno_t
result
=
memset_s
(
&
capheader
,
sizeof
(
struct
__user_cap_header_struct
),
0
,
sizeof
(
struct
__user_cap_header_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropAllCAP memset_s failed"
);
return
FALSE
;
};
capheader
.
version
=
_LINUX_CAPABILITY_VERSION_3
;
capheader
.
pid
=
0
;
struct
__user_cap_data_struct
capdata
[
CAP_NUM
]
=
{
{
0
},
{
0
}
};
result
=
memset_s
(
capdata
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
),
0xff
,
CAP_NUM
*
sizeof
(
struct
__user_cap_data_struct
));
if
(
result
!=
EOK
)
{
LOG
(
"DropAllCAP memset_s failed"
);
return
FALSE
;
};
// Drop all the capabilities
capdata
[
0
].
permitted
=
NO_CAP
;
capdata
[
0
].
effective
=
NO_CAP
;
capdata
[
0
].
inheritable
=
NO_CAP
;
int
ret
=
capset
(
&
capheader
,
&
capdata
[
0
]);
if
(
ret
!=
0
)
{
return
FALSE
;
}
return
0
;
}
int
RemoveDir
(
const
char
*
dirname
)
{
int
ret
;
char
curDir
[]
=
"."
;
char
upDir
[]
=
".."
;
char
updirname
[
SIZE512
];
DIR
*
dir
=
nullptr
;
struct
dirent
*
dp
=
nullptr
;
struct
stat
upDirStat
=
{
0
};
// Init capabilities
CapInit
();
// The directory transferred by the parameter does not exist
if
(
access
(
dirname
,
F_OK
!=
0
))
{
return
0
;
}
else
{
chmod
(
dirname
,
RWX
);
}
// Open the current-level directory
dir
=
opendir
(
dirname
);
while
((
dp
=
readdir
(
dir
))
!=
nullptr
)
{
// The system skips the judgment and continues looping when the . or .. directory is encountered
if
((
strcmp
(
curDir
,
dp
->
d_name
)
==
0
)
||
(
strcmp
(
upDir
,
dp
->
d_name
)
==
0
))
{
continue
;
}
// Combine the upper-level directory content
int
spr
=
sprintf_s
(
updirname
,
SIZE512
,
"%s/%s"
,
dirname
,
dp
->
d_name
);
if
(
spr
==
FALSE
)
{
closedir
(
dir
);
return
FALSE
;
}
// Obtains the status of the upper-level, file or directory
stat
(
updirname
,
&
upDirStat
);
// Directory files, recursively deleting contents in the directory
if
(
upDirStat
.
st_mode
&
S_IFDIR
)
{
// Invoke the function recursively to delete the content of the upper-level directory
RemoveDir
(
updirname
);
}
else
{
// Common files, directly deleting
ret
=
unlink
(
updirname
);
if
(
ret
!=
0
)
{
// Failed to delete the file
perror
(
"Failed to delete the file"
);
LOG
(
"ErrInfo: The file name is %s"
,
updirname
);
closedir
(
dir
);
return
FALSE
;
}
}
}
// Close the current-level directory
closedir
(
dir
);
// Delete the empty directory
ret
=
rmdir
(
dirname
);
if
(
ret
!=
0
)
{
// Failed to delete the empty directory
perror
(
"Failed to delete the empty directory"
);
LOG
(
"ErrInfo: The directory name is %s"
,
dirname
);
return
FALSE
;
}
return
0
;
}
int
SetUidGid
(
uid_t
uid
,
gid_t
gid
)
{
// Set the process uid and gid
int
retsetuid
=
setuid
(
uid
);
if
(
retsetuid
!=
0
)
{
LOG
(
"ErrInfo: Set uid=%d failed, now uid=%d"
,
uid
,
getuid
());
return
FALSE
;
}
int
retsetgid
=
setgid
(
gid
);
if
(
retsetgid
!=
0
)
{
LOG
(
"ErrInfo: Set gid=%d failed, now gid=%d"
,
gid
,
getgid
());
return
FALSE
;
}
return
0
;
}
timespec
CompareTime
(
timespec
start
,
timespec
end
)
{
// Compare time 'start' and time 'end'
timespec
ret
=
{
0
};
int
tp
=
1000000000
;
if
((
end
.
tv_nsec
-
start
.
tv_nsec
)
<
0
)
{
ret
.
tv_sec
=
end
.
tv_sec
-
start
.
tv_sec
-
1
;
ret
.
tv_nsec
=
tp
+
end
.
tv_nsec
-
start
.
tv_nsec
;
}
else
{
ret
.
tv_sec
=
end
.
tv_sec
-
start
.
tv_sec
;
ret
.
tv_nsec
=
end
.
tv_nsec
-
start
.
tv_nsec
;
}
return
ret
;
}
char
*
GetCurrentPath
()
{
// Obtain the current working directory
static
char
path
[
MAX_PATH_SIZE
];
getcwd
(
path
,
MAX_PATH_SIZE
);
return
path
;
}
// Check topDir file system, 0 is exist, -1 is non-exist
int
CheckFsMount
(
const
char
*
topDir
,
const
char
*
topDirMountInfo
)
{
const
int
lenMax
=
100
;
int
len
=
0
;
char
buf
[
lenMax
]
=
{
0
};
const
char
mountInfoFile
[]
=
"/proc/mounts"
;
// check topDir exist
if
(
access
(
topDir
,
F_OK
)
!=
0
)
{
LOG
(
"ErrInfo: '%s' not accessable, Test Stop!"
,
topDir
);
return
-
1
;
}
FILE
*
fp
=
fopen
(
mountInfoFile
,
"r"
);
if
(
fp
!=
nullptr
)
{
while
(
fgets
(
buf
,
sizeof
(
buf
),
fp
)
!=
NULL
)
{
len
=
strlen
(
buf
);
if
(
strstr
(
buf
,
topDirMountInfo
)
!=
nullptr
)
{
fclose
(
fp
);
return
0
;
}
}
fclose
(
fp
);
}
LOG
(
"'%s' is not a '%s' not mount properly, Test Stop! please change another file type!"
,
topDir
,
topDirMountInfo
);
return
-
1
;
}
\ No newline at end of file
security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp
已删除
100644 → 0
浏览文件 @
49d22d2f
此差异已折叠。
点击以展开。
security_lite/permission_posix/capability/src/ActsCapabilityTest.h
已删除
100644 → 0
浏览文件 @
49d22d2f
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_CAPABILITY_SRC_ACTSCAPABILITYTEST_H
#define XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_CAPABILITY_SRC_ACTSCAPABILITYTEST_H
#include <cstddef>
#include <sys/stat.h>
constexpr
int
FALSE
=
-
1
;
constexpr
int
NUM0
=
0
;
constexpr
int
NUM1
=
1
;
constexpr
int
NUM2
=
2
;
constexpr
int
NUM3
=
3
;
constexpr
int
NUM5
=
5
;
constexpr
int
NUM20
=
20
;
constexpr
int
NUM80
=
80
;
constexpr
int
NUM100
=
100
;
constexpr
int
NUM500
=
500
;
constexpr
int
NUM600
=
600
;
constexpr
int
NUM700
=
700
;
constexpr
int
NUM1000
=
1000
;
constexpr
int
NUM3000
=
3000
;
constexpr
int
NUM5000
=
5000
;
constexpr
int
NUM10000
=
10000
;
constexpr
int
INIT_PID
=
1
;
constexpr
int
KPROCESS_PID
=
2
;
constexpr
int
SHELL_PID
=
8
;
constexpr
int
HILOGCAT_PID
=
10
;
constexpr
int
FOUNDATION_PID
=
3
;
constexpr
int
BUNDLE_DAEMON_PID
=
4
;
constexpr
int
APPSPAWN_PID
=
5
;
constexpr
int
MEDIA_SERVER_PID
=
6
;
constexpr
int
WMS_SERVER_OR_AI_SERVER_PID
=
7
;
constexpr
int
HIVIEW_PID
=
10
;
constexpr
int
OTHER_PID
=
12
;
constexpr
int
INIT_PID_2
=
1
;
constexpr
int
KPROCESS_PID_2
=
2
;
constexpr
int
SHELL_PID_2
=
8
;
constexpr
int
HILOGCAT_PID_2
=
10
;
constexpr
int
FOUNDATION_PID_2
=
3
;
constexpr
int
BUNDLE_DAEMON_PID_2
=
4
;
constexpr
int
APPSPAWN_PID_2
=
5
;
constexpr
int
MEDIA_SERVER_PID_2
=
6
;
constexpr
int
WMS_SERVER_OR_AI_SERVER_PID_2
=
7
;
constexpr
int
HIVIEW_PID_2
=
10
;
constexpr
int
OTHER_PID_2
=
12
;
constexpr
unsigned
int
INIT_CAP
=
0x02e83def
;
constexpr
unsigned
int
KPROCESS_CAP
=
0x02e83def
;
constexpr
unsigned
int
SHELL_CAP
=
0x02e83def
;
constexpr
unsigned
int
HILOGCAT_CAP
=
0x00000000
;
constexpr
unsigned
int
FOUNDATION_CAP
=
0x00003c00
;
constexpr
unsigned
int
BUNDLE_DAEMON_CAP
=
0x00000007
;
constexpr
unsigned
int
APPSPAWN_CAP
=
0x008009c4
;
constexpr
unsigned
int
MEDIA_SERVER_CAP
=
0x00000000
;
constexpr
unsigned
int
WMS_SERVER_OR_AI_SERVER_CAP
=
0x00000000
;
constexpr
unsigned
int
HIVIEW_CAP
=
0x00000000
;
constexpr
unsigned
int
LINUX_FULL_CAP
=
0xffffffff
;
constexpr
unsigned
int
OHOS_FULL_CAP
=
0x02e83def
;
constexpr
unsigned
int
NO_CAP
=
0x00000000
;
constexpr
unsigned
int
ONLY_SETPCAP_CAP
=
0x00000100
;
constexpr
int
CAP_NUM
=
2
;
constexpr
int
INVALID_CAP_TO_INDEX
=
40
;
constexpr
int
MAX_PATH_SIZE
=
256
;
constexpr
int
INVAILD_PID
=
65536
;
constexpr
int
SLEEP_NUM
=
100000
;
constexpr
int
LONG_SLEEP_NUM
=
2000000
;
constexpr
int
PID_MAX
=
4194305
;
constexpr
mode_t
ZERO
=
0000
;
constexpr
mode_t
NORWX
=
0001
;
constexpr
mode_t
RWX
=
0777
;
constexpr
uid_t
UID0
=
0
;
constexpr
uid_t
UID1
=
1
;
constexpr
uid_t
UID555
=
555
;
constexpr
uid_t
UID1000
=
1000
;
constexpr
uid_t
UID10000
=
10000
;
constexpr
uid_t
UID20000
=
20000
;
constexpr
gid_t
GID0
=
0
;
constexpr
gid_t
GID1
=
1
;
constexpr
gid_t
GID555
=
555
;
constexpr
gid_t
GID1000
=
1000
;
constexpr
gid_t
GID10000
=
10000
;
constexpr
gid_t
GID20000
=
20000
;
constexpr
gid_t
GROUPLIST
[
NUM3
]
=
{
500
,
500
,
500
};
constexpr
size_t
SIZE512
=
512
;
// Creating Folders and Files for the Test
#define CAPDIR0 "CAPDIR0" // DIR0/
#define CAPDIR0_CAPFILE0 "CAPDIR0_CAPFILE0" // ├── DIR0_FILE0
#define CAPDIR0_CAPFILE1 "CAPDIR0_CAPFILE1" // ├── DIR0_FILE1
#define CAPDIR0_CAPDIR0 "CAPDIR0_CAPDIR0" // ├── DIR0_DIR0/
#define CAPDIR0_CAPDIR1 "CAPDIR0_CAPDIR1" // └── DIR0_DIR1/
extern
"C"
{
#define LOG(format, ...) printf("%s:%d:\n" format "\n", __FILE__, __LINE__, ##__VA_ARGS__);
}
void
Sigac
(
int
i
);
void
ChildSleep
();
int
CapInit
();
int
DropCAPCHOWN
();
int
DropCAPDACOVERRIDE
();
int
DropCAPDACREADSEARCH
();
int
DropCAPDACOVERRIDEAndREADSEARCH
();
int
DropCAPFOWNER
();
int
DropCAPKILL
();
int
DropCAPSETGID
();
int
DropCAPSETUID
();
int
DropCAPSETPCAP
();
int
DropCAPSYSNICE
();
int
DropCAPSYSTIME
();
int
DropAllCAP
();
int
RemoveDir
(
const
char
*
dirname
);
int
SetUidGid
(
uid_t
uid
,
gid_t
gid
);
timespec
CompareTime
(
timespec
start
,
timespec
end
);
char
*
GetCurrentPath
();
int
CheckFsMount
(
const
char
*
topDir
,
const
char
*
topDirMountInfo
);
#endif
security_lite/permission_posix/capability/src/CapabilityFileSystemTest.cpp
已删除
100755 → 0
浏览文件 @
49d22d2f
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "CapabilityFileSystemTest.h"
#include <unistd.h>
#include "ActsCapabilityTest.h"
using
namespace
testing
::
ext
;
// Preset action of the test suite, which is executed before the first test case
void
CapabilityTestSuite
::
SetUp
()
{
// Permission mask preset when creating a file
umask
(
ZERO
);
// Init capabilities
CapInit
();
// Initialize the process and set the uid and gid of the process to zero
SetUidGid
(
UID0
,
GID0
);
// Delete the 'TOP_DIR/CAPDIR0' if the directory exists
RemoveDir
(
TOP_DIR
"/"
CAPDIR0
);
// Obtain the current working directory of the test code
mCurPath
=
GetCurrentPath
();
// Modify the current working directory of the test code
int
ret
=
chdir
(
TOP_DIR
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to chdir to %s, ret=%d, errno=%d"
,
TOP_DIR
,
ret
,
errno
);
}
}
// Test suite cleanup action, which is executed after the last test case
void
CapabilityTestSuite
::
TearDown
()
{
// Delete the 'TOP_DIR/CAPDIR0' if the directory exists
RemoveDir
(
TOP_DIR
"/"
CAPDIR0
);
// Restore the working directory of the test code
int
ret
=
chdir
(
mCurPath
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to chdir to %s, ret=%d, errno=%d"
,
mCurPath
,
ret
,
errno
);
}
}
int
main
(
int
argc
,
char
*
argv
[])
{
testing
::
GTEST_FLAG
(
output
)
=
"xml:"
;
testing
::
InitGoogleTest
(
&
argc
,
argv
);
if
(
CheckFsMount
(
TOP_DIR
,
TOP_DIR_MOUNT_INFO
)
!=
0
)
{
return
1
;
}
return
RUN_ALL_TESTS
();
}
\ No newline at end of file
security_lite/permission_posix/capability/src/CapabilityFileSystemTest.h
已删除
100755 → 0
浏览文件 @
49d22d2f
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_CAPABILITY_SRC_CAPABILITYFILESYSTEMTEST_H
#define XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_CAPABILITY_SRC_CAPABILITYFILESYSTEMTEST_H
#include <gtest/gtest.h>
class
CapabilityTestSuite
:
public
::
testing
::
Test
{
protected:
char
*
mCurPath
;
void
SetUp
();
void
TearDown
();
};
#endif
\ No newline at end of file
security_lite/permission_posix/capability/vfat/BUILD.gn
已删除
100755 → 0
浏览文件 @
49d22d2f
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/lite/config/subsystem/aafwk/config.gni")
import("//test/xts/tools/lite/build/suite_lite.gni")
hcpptest_suite("ActsVFATCapabilityTest") {
suite_name = "acts"
sources = [
"../src/ActsCapability.cpp",
"../src/ActsCapabilityTest.cpp",
"../src/CapabilityFileSystemTest.cpp",
]
include_dirs = [
"../src",
"//third_party/bounds_checking_function/include",
]
public_deps = [ "//third_party/bounds_checking_function:libsec_shared" ]
cflags_cc = [
"-Wno-write-strings",
"-Wno-sign-compare",
]
ldflags = [
"-lstdc++",
"-lm",
"-lpthread",
]
if (enable_ohos_appexecfwk_feature_ability == true) {
defines = [
"_BOARD_HI3516_",
"LITE_FS_VFAT",
"TOP_DIR=\"/sdcard\"",
"TOP_DIR_MOUNT_INFO=\"/sdcard vfat\"",
]
} else {
defines = [
"LITE_FS_VFAT",
"TOP_DIR=\"/sdcard\"",
"TOP_DIR_MOUNT_INFO=\"/sdcard vfat\"",
]
}
}
security_lite/permission_posix/capability/vfat/Test.json
已删除
100644 → 0
浏览文件 @
49d22d2f
{
"description"
:
"Config for hcpptest demo test cases"
,
"environment"
:
[
{
"type"
:
"device"
,
"label"
:
"ipcamera"
}
],
"kits"
:
[
{
"type"
:
"MountKit"
,
"server"
:
"NfsServer"
,
"mount"
:
[
{
"source"
:
"testcases/security"
,
"target"
:
"/test_root/security"
}
]
}
],
"driver"
:
{
"type"
:
"CppTestLite"
,
"execute"
:
"/test_root/security/ActsVFATCapabilityTest.bin"
}
}
\ No newline at end of file
security_lite/permission_posix/dac/BUILD.gn
已删除
100755 → 0
浏览文件 @
49d22d2f
# Copyright (c) 2020-2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
group("ActsDacTest") {
deps = [ "./vfat:ActsVFATDACTest" ]
}
security_lite/permission_posix/dac/src/ActsDacPreTest.cpp
已删除
100755 → 0
浏览文件 @
49d22d2f
此差异已折叠。
点击以展开。
security_lite/permission_posix/dac/src/ActsDacTest.h
已删除
100755 → 0
浏览文件 @
49d22d2f
/*
* Copyright (c) 2020-2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_DAC_SRC_ACTSDACTEST_H
#define XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_DAC_SRC_ACTSDACTEST_H
#include <cstddef>
#include <sys/stat.h>
constexpr
int
ABNORMALINT
=
-
100
;
constexpr
int
SINGLESIZE
=
1
;
constexpr
unsigned
int
MAX_INT
=
2147483647
;
constexpr
size_t
SIZE1
=
1
;
constexpr
size_t
SIZE2
=
2
;
constexpr
size_t
SIZE3
=
3
;
constexpr
size_t
SIZE253
=
253
;
constexpr
size_t
SIZE254
=
254
;
constexpr
size_t
SIZE255
=
255
;
constexpr
size_t
MAX_SIZE
=
65536
;
constexpr
size_t
INVAILD_SIZE
=
65537
;
constexpr
mode_t
CHMOD000
=
0000
;
constexpr
mode_t
CHMOD013
=
0013
;
constexpr
mode_t
CHMOD016
=
0016
;
constexpr
mode_t
CHMOD027
=
0027
;
constexpr
mode_t
CHMOD031
=
0031
;
constexpr
mode_t
CHMOD044
=
0044
;
constexpr
mode_t
CHMOD045
=
0045
;
constexpr
mode_t
CHMOD052
=
0052
;
constexpr
mode_t
CHMOD063
=
0063
;
constexpr
mode_t
CHMOD074
=
0074
;
constexpr
mode_t
CHMOD076
=
0076
;
constexpr
mode_t
CHMOD077
=
0077
;
constexpr
mode_t
CHMOD105
=
0105
;
constexpr
mode_t
CHMOD111
=
0111
;
constexpr
mode_t
CHMOD116
=
0116
;
constexpr
mode_t
CHMOD120
=
0120
;
constexpr
mode_t
CHMOD123
=
0123
;
constexpr
mode_t
CHMOD124
=
0124
;
constexpr
mode_t
CHMOD132
=
0132
;
constexpr
mode_t
CHMOD143
=
0143
;
constexpr
mode_t
CHMOD151
=
0151
;
constexpr
mode_t
CHMOD166
=
0166
;
constexpr
mode_t
CHMOD167
=
0167
;
constexpr
mode_t
CHMOD175
=
0175
;
constexpr
mode_t
CHMOD203
=
0203
;
constexpr
mode_t
CHMOD210
=
0210
;
constexpr
mode_t
CHMOD222
=
0222
;
constexpr
mode_t
CHMOD230
=
0230
;
constexpr
mode_t
CHMOD235
=
0235
;
constexpr
mode_t
CHMOD241
=
0241
;
constexpr
mode_t
CHMOD242
=
0242
;
constexpr
mode_t
CHMOD256
=
0256
;
constexpr
mode_t
CHMOD257
=
0257
;
constexpr
mode_t
CHMOD261
=
0261
;
constexpr
mode_t
CHMOD274
=
0274
;
constexpr
mode_t
CHMOD305
=
0305
;
constexpr
mode_t
CHMOD306
=
0306
;
constexpr
mode_t
CHMOD310
=
0310
;
constexpr
mode_t
CHMOD312
=
0312
;
constexpr
mode_t
CHMOD325
=
0325
;
constexpr
mode_t
CHMOD333
=
0333
;
constexpr
mode_t
CHMOD334
=
0334
;
constexpr
mode_t
CHMOD342
=
0342
;
constexpr
mode_t
CHMOD347
=
0347
;
constexpr
mode_t
CHMOD354
=
0354
;
constexpr
mode_t
CHMOD362
=
0362
;
constexpr
mode_t
CHMOD371
=
0371
;
constexpr
mode_t
CHMOD401
=
0401
;
constexpr
mode_t
CHMOD406
=
0406
;
constexpr
mode_t
CHMOD407
=
0407
;
constexpr
mode_t
CHMOD415
=
0415
;
constexpr
mode_t
CHMOD422
=
0422
;
constexpr
mode_t
CHMOD430
=
0430
;
constexpr
mode_t
CHMOD444
=
0444
;
constexpr
mode_t
CHMOD446
=
0446
;
constexpr
mode_t
CHMOD453
=
0453
;
constexpr
mode_t
CHMOD456
=
0456
;
constexpr
mode_t
CHMOD457
=
0457
;
constexpr
mode_t
CHMOD460
=
0460
;
constexpr
mode_t
CHMOD473
=
0473
;
constexpr
mode_t
CHMOD507
=
0507
;
constexpr
mode_t
CHMOD511
=
0511
;
constexpr
mode_t
CHMOD521
=
0521
;
constexpr
mode_t
CHMOD526
=
0526
;
constexpr
mode_t
CHMOD536
=
0536
;
constexpr
mode_t
CHMOD543
=
0543
;
constexpr
mode_t
CHMOD555
=
0555
;
constexpr
mode_t
CHMOD560
=
0560
;
constexpr
mode_t
CHMOD562
=
0562
;
constexpr
mode_t
CHMOD564
=
0564
;
constexpr
mode_t
CHMOD570
=
0570
;
constexpr
mode_t
CHMOD604
=
0604
;
constexpr
mode_t
CHMOD611
=
0611
;
constexpr
mode_t
CHMOD614
=
0614
;
constexpr
mode_t
CHMOD623
=
0623
;
constexpr
mode_t
CHMOD637
=
0637
;
constexpr
mode_t
CHMOD640
=
0640
;
constexpr
mode_t
CHMOD655
=
0655
;
constexpr
mode_t
CHMOD657
=
0657
;
constexpr
mode_t
CHMOD665
=
0665
;
constexpr
mode_t
CHMOD666
=
0666
;
constexpr
mode_t
CHMOD670
=
0670
;
constexpr
mode_t
CHMOD671
=
0671
;
constexpr
mode_t
CHMOD672
=
0672
;
constexpr
mode_t
CHMOD700
=
0700
;
constexpr
mode_t
CHMOD702
=
0702
;
constexpr
mode_t
CHMOD703
=
0703
;
constexpr
mode_t
CHMOD712
=
0712
;
constexpr
mode_t
CHMOD716
=
0716
;
constexpr
mode_t
CHMOD717
=
0717
;
constexpr
mode_t
CHMOD724
=
0724
;
constexpr
mode_t
CHMOD731
=
0731
;
constexpr
mode_t
CHMOD743
=
0743
;
constexpr
mode_t
CHMOD750
=
0750
;
constexpr
mode_t
CHMOD765
=
0765
;
constexpr
mode_t
CHMOD777
=
0777
;
// Creating Folders and Files for the Test
#define DACDIR0 "DACDIR0" // DIR0/
#define DACDIR0_DACFILE0 "DACDIR0_DACFILE0" // ├── DIR0_FILE0
#define DACDIR0_DACFILE1 "DACDIR0_DACFILE1" // ├── DIR0_FILE1
#define DACDIR0_DACDIR0 "DACDIR0_DACDIR0" // ├── DIR0_DIR0/
#define DACDIR0_DACDIR0_DACDIR0 "DACDIR0_DACDIR0_DACDIR0" // | └── DIR0_DIR0_DIR0/
#define DACDIR0_DACDIR1 "DACDIR0_DACDIR1" // └── DIR0_DIR1/
#define DACDIR1 "DACDIR1" // DIR1/
#define DACDIR1_DACFILE0 "DACDIR1_DACFILE0" // ├── DIR1_FILE0
#define DACDIR1_DACDIR0 "DACDIR1_DACDIR0" // └── DIR1_DIR0/
#endif
\ No newline at end of file
security_lite/permission_posix/dac/src/DACFileSystemTest.cpp
已删除
100755 → 0
浏览文件 @
49d22d2f
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "DACFileSystemTest.h"
#include <unistd.h>
#include "ActsCapabilityTest.h"
#include "ActsDacTest.h"
using
namespace
testing
::
ext
;
// Preset action of the test suite, which is executed before the first test case
void
DacTestSuite
::
SetUp
()
{
// Permission mask preset when creating a file
umask
(
ZERO
);
// Init capabilities
CapInit
();
// Initialize the process and set the uid and gid of the process to zero
SetUidGid
(
UID0
,
GID0
);
// Delete the the directory if exists
RemoveDir
(
TOP_DIR
"/"
DACDIR0
);
RemoveDir
(
TOP_DIR
"/"
DACDIR1
);
RemoveDir
(
"/storage/"
DACDIR0
);
// Obtain the current working directory of the test code
mCurPath
=
GetCurrentPath
();
// Modify the current working directory of the test code
int
ret
=
chdir
(
TOP_DIR
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to chdir to %s, ret=%d, errno=%d"
,
TOP_DIR
,
ret
,
errno
);
}
}
// Test suite cleanup action, which is executed after the last test case
void
DacTestSuite
::
TearDown
()
{
// Delete the the directory if exists
RemoveDir
(
TOP_DIR
"/"
DACDIR0
);
RemoveDir
(
TOP_DIR
"/"
DACDIR1
);
RemoveDir
(
"/storage/"
DACDIR0
);
// Initialize the process and set the uid and gid of the process to zero
SetUidGid
(
UID0
,
GID0
);
// Restore the working directory of the test code
int
ret
=
chdir
(
mCurPath
);
if
(
ret
!=
0
)
{
LOG
(
"ErrInfo: Failed to chdir to %s, ret=%d, errno=%d"
,
mCurPath
,
ret
,
errno
);
}
}
int
main
(
int
argc
,
char
*
argv
[])
{
testing
::
GTEST_FLAG
(
output
)
=
"xml:"
;
testing
::
InitGoogleTest
(
&
argc
,
argv
);
if
(
CheckFsMount
(
TOP_DIR
,
TOP_DIR_MOUNT_INFO
)
!=
0
)
{
return
1
;
}
return
RUN_ALL_TESTS
();
}
\ No newline at end of file
security_lite/permission_posix/dac/src/DACFileSystemTest.h
已删除
100755 → 0
浏览文件 @
49d22d2f
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_DAC_SRC_DACTFILESYSTEMTEST_H
#define XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_DAC_SRC_DACTFILESYSTEMTEST_H
#include <gtest/gtest.h>
class
DacTestSuite
:
public
::
testing
::
Test
{
protected:
char
*
mCurPath
;
void
SetUp
();
void
TearDown
();
};
#endif
\ No newline at end of file
security_lite/permission_posix/dac/vfat/BUILD.gn
已删除
100755 → 0
浏览文件 @
49d22d2f
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//test/xts/tools/lite/build/suite_lite.gni")
hcpptest_suite("ActsVFATDACTest") {
suite_name = "acts"
sources = [
"../src/ActsDacPreTest.cpp",
"../src/DACFileSystemTest.cpp",
]
include_dirs = [
"../src",
"../../capability/src",
"//third_party/bounds_checking_function/include",
]
public_deps = [
"../../capability:capability_shared",
"//third_party/bounds_checking_function:libsec_shared",
]
cflags_cc = [
"-Wno-write-strings",
"-Wno-sign-compare",
]
ldflags = [
"-lstdc++",
"-lm",
"-lpthread",
]
defines = [
"LITE_FS_VFAT",
"TOP_DIR=\"/sdcard\"",
"TOP_DIR_MOUNT_INFO=\"/sdcard vfat\"",
]
}
security_lite/permission_posix/dac/vfat/Test.json
已删除
100644 → 0
浏览文件 @
49d22d2f
{
"description"
:
"Config for hcpptest demo test cases"
,
"environment"
:
[
{
"type"
:
"device"
,
"label"
:
"ipcamera"
}
],
"kits"
:
[
{
"type"
:
"MountKit"
,
"server"
:
"NfsServer"
,
"mount"
:
[
{
"source"
:
"testcases/security"
,
"target"
:
"/test_root/security"
}
]
}
],
"driver"
:
{
"type"
:
"CppTestLite"
,
"execute"
:
"/test_root/security/ActsVFATDACTest.bin"
}
}
\ No newline at end of file
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录