未验证 提交 d79473d9 编写于 作者: O openharmony_ci 提交者: Gitee

!8528 【OpenHarmony 4.0.6.3】【安全子系统】master分支CAP测试套下架

Merge pull request !8528 from qiaozzzh/0424_1
...@@ -15,8 +15,6 @@ group("securitytest") { ...@@ -15,8 +15,6 @@ group("securitytest") {
if (ohos_kernel_type == "liteos_a") { if (ohos_kernel_type == "liteos_a") {
deps = [ deps = [
"//test/xts/acts/security_lite/huks/liteos_a_adapter:Hukslitetest", "//test/xts/acts/security_lite/huks/liteos_a_adapter:Hukslitetest",
"//test/xts/acts/security_lite/permission_posix/capability:ActsCapabilityTest",
"//test/xts/acts/security_lite/permission_posix/dac:ActsDacTest",
"//test/xts/acts/security_lite/permission_posix/pms:ActsPMSTest", "//test/xts/acts/security_lite/permission_posix/pms:ActsPMSTest",
] ]
} else if (ohos_kernel_type == "linux") { } else if (ohos_kernel_type == "linux") {
......
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
group("ActsCapabilityTest") {
deps = [ "./vfat:ActsVFATCapabilityTest" ]
}
shared_library("capability_shared") {
sources = [ "src/ActsCapability.cpp" ]
include_dirs = [
"src",
"//third_party/bounds_checking_function/include",
]
public_deps = [ "//third_party/bounds_checking_function:libsec_shared" ]
cflags = [ "-Wno-error" ]
ldflags = [
"-lstdc++",
"-lm",
"-lpthread",
]
}
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ActsCapabilityTest.h"
#include <csignal>
#include <dirent.h>
#include <securec.h>
#include <sys/capability.h>
#include <unistd.h>
void Sigac(int i)
{
_exit(0);
}
void ChildSleep()
{
signal(SIGXFSZ, Sigac);
usleep(LONG_SLEEP_NUM);
exit(0);
}
int CapInit()
{
// Init capabilities
struct __user_cap_header_struct capheader;
(void)memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM];
(void)memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
capdata[0].permitted = LINUX_FULL_CAP;
capdata[0].effective = LINUX_FULL_CAP;
capdata[0].inheritable = LINUX_FULL_CAP;
// Set capabilities
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPCHOWN()
{
struct __user_cap_header_struct capheader = { 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPCHOWN memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPCHOWN memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_CHOWN
capdata[CAP_TO_INDEX(CAP_CHOWN)].permitted &= ~CAP_TO_MASK(CAP_CHOWN);
capdata[CAP_TO_INDEX(CAP_CHOWN)].effective &= ~CAP_TO_MASK(CAP_CHOWN);
capdata[CAP_TO_INDEX(CAP_CHOWN)].inheritable &= ~CAP_TO_MASK(CAP_CHOWN);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPDACOVERRIDE()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPDACOVERRIDE memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPDACOVERRIDE memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_DAC_OVERRIDE
capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].permitted &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE);
capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].effective &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE);
capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].inheritable &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPDACREADSEARCH()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPDACREADSEARCH memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPDACREADSEARCH memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_DAC_READ_SEARCH
capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].permitted &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH);
capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].effective &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH);
capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].inheritable &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPDACOVERRIDEAndREADSEARCH()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPDACOVERRIDEAndREADSEARCH memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPDACOVERRIDEAndREADSEARCH memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH
capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].permitted &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH);
capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].effective &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH);
capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].inheritable &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH);
capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].permitted &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE);
capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].effective &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE);
capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].inheritable &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPFOWNER()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPFOWNER memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPFOWNER memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_FOWNER
capdata[CAP_TO_INDEX(CAP_FOWNER)].permitted &= ~CAP_TO_MASK(CAP_FOWNER);
capdata[CAP_TO_INDEX(CAP_FOWNER)].effective &= ~CAP_TO_MASK(CAP_FOWNER);
capdata[CAP_TO_INDEX(CAP_FOWNER)].inheritable &= ~CAP_TO_MASK(CAP_FOWNER);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPKILL()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPKILL memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPKILL memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_KILL
capdata[CAP_TO_INDEX(CAP_KILL)].permitted &= ~CAP_TO_MASK(CAP_KILL);
capdata[CAP_TO_INDEX(CAP_KILL)].effective &= ~CAP_TO_MASK(CAP_KILL);
capdata[CAP_TO_INDEX(CAP_KILL)].inheritable &= ~CAP_TO_MASK(CAP_KILL);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPSETGID()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPSETGID memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPSETGID memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_SETGID
capdata[CAP_TO_INDEX(CAP_SETGID)].permitted &= ~CAP_TO_MASK(CAP_SETGID);
capdata[CAP_TO_INDEX(CAP_SETGID)].effective &= ~CAP_TO_MASK(CAP_SETGID);
capdata[CAP_TO_INDEX(CAP_SETGID)].inheritable &= ~CAP_TO_MASK(CAP_SETGID);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPSETUID()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPSETUID memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPSETUID memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_SETUID
capdata[CAP_TO_INDEX(CAP_SETUID)].permitted &= ~CAP_TO_MASK(CAP_SETUID);
capdata[CAP_TO_INDEX(CAP_SETUID)].effective &= ~CAP_TO_MASK(CAP_SETUID);
capdata[CAP_TO_INDEX(CAP_SETUID)].inheritable &= ~CAP_TO_MASK(CAP_SETUID);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPSETPCAP()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPSETPCAP memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPSETPCAP memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_SETPCAP
capdata[CAP_TO_INDEX(CAP_SETPCAP)].permitted &= ~CAP_TO_MASK(CAP_SETPCAP);
capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective &= ~CAP_TO_MASK(CAP_SETPCAP);
capdata[CAP_TO_INDEX(CAP_SETPCAP)].inheritable &= ~CAP_TO_MASK(CAP_SETPCAP);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPSYSNICE()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPSYSNICE memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPSYSNICE memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_SYS_NICE
capdata[CAP_TO_INDEX(CAP_SYS_NICE)].permitted &= ~CAP_TO_MASK(CAP_SYS_NICE);
capdata[CAP_TO_INDEX(CAP_SYS_NICE)].effective &= ~CAP_TO_MASK(CAP_SYS_NICE);
capdata[CAP_TO_INDEX(CAP_SYS_NICE)].inheritable &= ~CAP_TO_MASK(CAP_SYS_NICE);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropCAPSYSTIME()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropCAPSYSTIME memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropCAPSYSTIME memset_s failed");
return FALSE;
};
// Drop the capabilities of CAP_SYS_TIME
capdata[CAP_TO_INDEX(CAP_SYS_TIME)].permitted &= ~CAP_TO_MASK(CAP_SYS_TIME);
capdata[CAP_TO_INDEX(CAP_SYS_TIME)].effective &= ~CAP_TO_MASK(CAP_SYS_TIME);
capdata[CAP_TO_INDEX(CAP_SYS_TIME)].inheritable &= ~CAP_TO_MASK(CAP_SYS_TIME);
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int DropAllCAP()
{
struct __user_cap_header_struct capheader = { 0, 0 };
errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct),
0, sizeof(struct __user_cap_header_struct));
if (result != EOK) {
LOG("DropAllCAP memset_s failed");
return FALSE;
};
capheader.version = _LINUX_CAPABILITY_VERSION_3;
capheader.pid = 0;
struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } };
result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct),
0xff, CAP_NUM * sizeof(struct __user_cap_data_struct));
if (result != EOK) {
LOG("DropAllCAP memset_s failed");
return FALSE;
};
// Drop all the capabilities
capdata[0].permitted = NO_CAP;
capdata[0].effective = NO_CAP;
capdata[0].inheritable = NO_CAP;
int ret = capset(&capheader, &capdata[0]);
if (ret != 0) {
return FALSE;
}
return 0;
}
int RemoveDir(const char *dirname)
{
int ret;
char curDir[] = ".";
char upDir[] = "..";
char updirname[SIZE512];
DIR *dir = nullptr;
struct dirent *dp = nullptr;
struct stat upDirStat = { 0 };
// Init capabilities
CapInit();
// The directory transferred by the parameter does not exist
if (access(dirname, F_OK != 0)) {
return 0;
} else {
chmod(dirname, RWX);
}
// Open the current-level directory
dir = opendir(dirname);
while ((dp = readdir(dir)) != nullptr) {
// The system skips the judgment and continues looping when the . or .. directory is encountered
if ((strcmp(curDir, dp->d_name) == 0) || (strcmp(upDir, dp->d_name) == 0)) {
continue;
}
// Combine the upper-level directory content
int spr = sprintf_s(updirname, SIZE512, "%s/%s", dirname, dp->d_name);
if (spr == FALSE) {
closedir(dir);
return FALSE;
}
// Obtains the status of the upper-level, file or directory
stat(updirname, &upDirStat);
// Directory files, recursively deleting contents in the directory
if (upDirStat.st_mode & S_IFDIR) {
// Invoke the function recursively to delete the content of the upper-level directory
RemoveDir(updirname);
} else {
// Common files, directly deleting
ret = unlink(updirname);
if (ret != 0) {
// Failed to delete the file
perror("Failed to delete the file");
LOG("ErrInfo: The file name is %s", updirname);
closedir(dir);
return FALSE;
}
}
}
// Close the current-level directory
closedir(dir);
// Delete the empty directory
ret = rmdir(dirname);
if (ret != 0) {
// Failed to delete the empty directory
perror("Failed to delete the empty directory");
LOG("ErrInfo: The directory name is %s", dirname);
return FALSE;
}
return 0;
}
int SetUidGid(uid_t uid, gid_t gid)
{
// Set the process uid and gid
int retsetuid = setuid(uid);
if (retsetuid != 0) {
LOG("ErrInfo: Set uid=%d failed, now uid=%d", uid, getuid());
return FALSE;
}
int retsetgid = setgid(gid);
if (retsetgid != 0) {
LOG("ErrInfo: Set gid=%d failed, now gid=%d", gid, getgid());
return FALSE;
}
return 0;
}
timespec CompareTime(timespec start, timespec end)
{
// Compare time 'start' and time 'end'
timespec ret = { 0 };
int tp = 1000000000;
if ((end.tv_nsec - start.tv_nsec) < 0) {
ret.tv_sec = end.tv_sec - start.tv_sec - 1;
ret.tv_nsec = tp + end.tv_nsec - start.tv_nsec;
} else {
ret.tv_sec = end.tv_sec - start.tv_sec;
ret.tv_nsec = end.tv_nsec - start.tv_nsec;
}
return ret;
}
char *GetCurrentPath()
{
// Obtain the current working directory
static char path[MAX_PATH_SIZE];
getcwd(path, MAX_PATH_SIZE);
return path;
}
// Check topDir file system, 0 is exist, -1 is non-exist
int CheckFsMount(const char *topDir, const char *topDirMountInfo)
{
const int lenMax = 100;
int len = 0;
char buf[lenMax] = {0};
const char mountInfoFile[] = "/proc/mounts";
// check topDir exist
if (access(topDir, F_OK) != 0) {
LOG("ErrInfo: '%s' not accessable, Test Stop!", topDir);
return -1;
}
FILE *fp = fopen(mountInfoFile, "r");
if (fp != nullptr) {
while (fgets(buf, sizeof(buf), fp) != NULL) {
len = strlen(buf);
if (strstr(buf, topDirMountInfo) != nullptr) {
fclose(fp);
return 0;
}
}
fclose(fp);
}
LOG("'%s' is not a '%s' not mount properly, Test Stop! please change another file type!", topDir, topDirMountInfo);
return -1;
}
\ No newline at end of file
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_CAPABILITY_SRC_ACTSCAPABILITYTEST_H
#define XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_CAPABILITY_SRC_ACTSCAPABILITYTEST_H
#include <cstddef>
#include <sys/stat.h>
constexpr int FALSE = -1;
constexpr int NUM0 = 0;
constexpr int NUM1 = 1;
constexpr int NUM2 = 2;
constexpr int NUM3 = 3;
constexpr int NUM5 = 5;
constexpr int NUM20 = 20;
constexpr int NUM80 = 80;
constexpr int NUM100 = 100;
constexpr int NUM500 = 500;
constexpr int NUM600 = 600;
constexpr int NUM700 = 700;
constexpr int NUM1000 = 1000;
constexpr int NUM3000 = 3000;
constexpr int NUM5000 = 5000;
constexpr int NUM10000 = 10000;
constexpr int INIT_PID = 1;
constexpr int KPROCESS_PID = 2;
constexpr int SHELL_PID = 8;
constexpr int HILOGCAT_PID = 10;
constexpr int FOUNDATION_PID = 3;
constexpr int BUNDLE_DAEMON_PID = 4;
constexpr int APPSPAWN_PID = 5;
constexpr int MEDIA_SERVER_PID = 6;
constexpr int WMS_SERVER_OR_AI_SERVER_PID = 7;
constexpr int HIVIEW_PID = 10;
constexpr int OTHER_PID = 12;
constexpr int INIT_PID_2 = 1;
constexpr int KPROCESS_PID_2 = 2;
constexpr int SHELL_PID_2 = 8;
constexpr int HILOGCAT_PID_2 = 10;
constexpr int FOUNDATION_PID_2 = 3;
constexpr int BUNDLE_DAEMON_PID_2 = 4;
constexpr int APPSPAWN_PID_2 = 5;
constexpr int MEDIA_SERVER_PID_2 = 6;
constexpr int WMS_SERVER_OR_AI_SERVER_PID_2 = 7;
constexpr int HIVIEW_PID_2 = 10;
constexpr int OTHER_PID_2 = 12;
constexpr unsigned int INIT_CAP = 0x02e83def;
constexpr unsigned int KPROCESS_CAP = 0x02e83def;
constexpr unsigned int SHELL_CAP = 0x02e83def;
constexpr unsigned int HILOGCAT_CAP = 0x00000000;
constexpr unsigned int FOUNDATION_CAP = 0x00003c00;
constexpr unsigned int BUNDLE_DAEMON_CAP = 0x00000007;
constexpr unsigned int APPSPAWN_CAP = 0x008009c4;
constexpr unsigned int MEDIA_SERVER_CAP = 0x00000000;
constexpr unsigned int WMS_SERVER_OR_AI_SERVER_CAP = 0x00000000;
constexpr unsigned int HIVIEW_CAP = 0x00000000;
constexpr unsigned int LINUX_FULL_CAP = 0xffffffff;
constexpr unsigned int OHOS_FULL_CAP = 0x02e83def;
constexpr unsigned int NO_CAP = 0x00000000;
constexpr unsigned int ONLY_SETPCAP_CAP = 0x00000100;
constexpr int CAP_NUM = 2;
constexpr int INVALID_CAP_TO_INDEX = 40;
constexpr int MAX_PATH_SIZE = 256;
constexpr int INVAILD_PID = 65536;
constexpr int SLEEP_NUM = 100000;
constexpr int LONG_SLEEP_NUM = 2000000;
constexpr int PID_MAX = 4194305;
constexpr mode_t ZERO = 0000;
constexpr mode_t NORWX = 0001;
constexpr mode_t RWX = 0777;
constexpr uid_t UID0 = 0;
constexpr uid_t UID1 = 1;
constexpr uid_t UID555 = 555;
constexpr uid_t UID1000 = 1000;
constexpr uid_t UID10000 = 10000;
constexpr uid_t UID20000 = 20000;
constexpr gid_t GID0 = 0;
constexpr gid_t GID1 = 1;
constexpr gid_t GID555 = 555;
constexpr gid_t GID1000 = 1000;
constexpr gid_t GID10000 = 10000;
constexpr gid_t GID20000 = 20000;
constexpr gid_t GROUPLIST[NUM3] = { 500, 500, 500 };
constexpr size_t SIZE512 = 512;
// Creating Folders and Files for the Test
#define CAPDIR0 "CAPDIR0" // DIR0/
#define CAPDIR0_CAPFILE0 "CAPDIR0_CAPFILE0" // ├── DIR0_FILE0
#define CAPDIR0_CAPFILE1 "CAPDIR0_CAPFILE1" // ├── DIR0_FILE1
#define CAPDIR0_CAPDIR0 "CAPDIR0_CAPDIR0" // ├── DIR0_DIR0/
#define CAPDIR0_CAPDIR1 "CAPDIR0_CAPDIR1" // └── DIR0_DIR1/
extern "C" {
#define LOG(format, ...) printf("%s:%d:\n" format "\n", __FILE__, __LINE__, ##__VA_ARGS__);
}
void Sigac(int i);
void ChildSleep();
int CapInit();
int DropCAPCHOWN();
int DropCAPDACOVERRIDE();
int DropCAPDACREADSEARCH();
int DropCAPDACOVERRIDEAndREADSEARCH();
int DropCAPFOWNER();
int DropCAPKILL();
int DropCAPSETGID();
int DropCAPSETUID();
int DropCAPSETPCAP();
int DropCAPSYSNICE();
int DropCAPSYSTIME();
int DropAllCAP();
int RemoveDir(const char *dirname);
int SetUidGid(uid_t uid, gid_t gid);
timespec CompareTime(timespec start, timespec end);
char *GetCurrentPath();
int CheckFsMount(const char *topDir, const char *topDirMountInfo);
#endif
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "CapabilityFileSystemTest.h"
#include <unistd.h>
#include "ActsCapabilityTest.h"
using namespace testing::ext;
// Preset action of the test suite, which is executed before the first test case
void CapabilityTestSuite::SetUp()
{
// Permission mask preset when creating a file
umask(ZERO);
// Init capabilities
CapInit();
// Initialize the process and set the uid and gid of the process to zero
SetUidGid(UID0, GID0);
// Delete the 'TOP_DIR/CAPDIR0' if the directory exists
RemoveDir(TOP_DIR "/" CAPDIR0);
// Obtain the current working directory of the test code
mCurPath = GetCurrentPath();
// Modify the current working directory of the test code
int ret = chdir(TOP_DIR);
if (ret != 0) {
LOG("ErrInfo: Failed to chdir to %s, ret=%d, errno=%d", TOP_DIR, ret, errno);
}
}
// Test suite cleanup action, which is executed after the last test case
void CapabilityTestSuite::TearDown()
{
// Delete the 'TOP_DIR/CAPDIR0' if the directory exists
RemoveDir(TOP_DIR "/" CAPDIR0);
// Restore the working directory of the test code
int ret = chdir(mCurPath);
if (ret != 0) {
LOG("ErrInfo: Failed to chdir to %s, ret=%d, errno=%d", mCurPath, ret, errno);
}
}
int main(int argc, char *argv[])
{
testing::GTEST_FLAG(output) = "xml:";
testing::InitGoogleTest(&argc, argv);
if (CheckFsMount(TOP_DIR, TOP_DIR_MOUNT_INFO) != 0) {
return 1;
}
return RUN_ALL_TESTS();
}
\ No newline at end of file
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_CAPABILITY_SRC_CAPABILITYFILESYSTEMTEST_H
#define XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_CAPABILITY_SRC_CAPABILITYFILESYSTEMTEST_H
#include <gtest/gtest.h>
class CapabilityTestSuite : public::testing::Test {
protected:
char *mCurPath;
void SetUp();
void TearDown();
};
#endif
\ No newline at end of file
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/lite/config/subsystem/aafwk/config.gni")
import("//test/xts/tools/lite/build/suite_lite.gni")
hcpptest_suite("ActsVFATCapabilityTest") {
suite_name = "acts"
sources = [
"../src/ActsCapability.cpp",
"../src/ActsCapabilityTest.cpp",
"../src/CapabilityFileSystemTest.cpp",
]
include_dirs = [
"../src",
"//third_party/bounds_checking_function/include",
]
public_deps = [ "//third_party/bounds_checking_function:libsec_shared" ]
cflags_cc = [
"-Wno-write-strings",
"-Wno-sign-compare",
]
ldflags = [
"-lstdc++",
"-lm",
"-lpthread",
]
if (enable_ohos_appexecfwk_feature_ability == true) {
defines = [
"_BOARD_HI3516_",
"LITE_FS_VFAT",
"TOP_DIR=\"/sdcard\"",
"TOP_DIR_MOUNT_INFO=\"/sdcard vfat\"",
]
} else {
defines = [
"LITE_FS_VFAT",
"TOP_DIR=\"/sdcard\"",
"TOP_DIR_MOUNT_INFO=\"/sdcard vfat\"",
]
}
}
{
"description": "Config for hcpptest demo test cases",
"environment": [
{
"type": "device",
"label": "ipcamera"
}
],
"kits": [
{
"type": "MountKit",
"server": "NfsServer",
"mount": [
{
"source": "testcases/security",
"target": "/test_root/security"
}
]
}
],
"driver": {
"type": "CppTestLite",
"execute": "/test_root/security/ActsVFATCapabilityTest.bin"
}
}
\ No newline at end of file
# Copyright (c) 2020-2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
group("ActsDacTest") {
deps = [ "./vfat:ActsVFATDACTest" ]
}
/*
* Copyright (c) 2020-2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_DAC_SRC_ACTSDACTEST_H
#define XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_DAC_SRC_ACTSDACTEST_H
#include <cstddef>
#include <sys/stat.h>
constexpr int ABNORMALINT = -100;
constexpr int SINGLESIZE = 1;
constexpr unsigned int MAX_INT = 2147483647;
constexpr size_t SIZE1 = 1;
constexpr size_t SIZE2 = 2;
constexpr size_t SIZE3 = 3;
constexpr size_t SIZE253 = 253;
constexpr size_t SIZE254 = 254;
constexpr size_t SIZE255 = 255;
constexpr size_t MAX_SIZE = 65536;
constexpr size_t INVAILD_SIZE = 65537;
constexpr mode_t CHMOD000 = 0000;
constexpr mode_t CHMOD013 = 0013;
constexpr mode_t CHMOD016 = 0016;
constexpr mode_t CHMOD027 = 0027;
constexpr mode_t CHMOD031 = 0031;
constexpr mode_t CHMOD044 = 0044;
constexpr mode_t CHMOD045 = 0045;
constexpr mode_t CHMOD052 = 0052;
constexpr mode_t CHMOD063 = 0063;
constexpr mode_t CHMOD074 = 0074;
constexpr mode_t CHMOD076 = 0076;
constexpr mode_t CHMOD077 = 0077;
constexpr mode_t CHMOD105 = 0105;
constexpr mode_t CHMOD111 = 0111;
constexpr mode_t CHMOD116 = 0116;
constexpr mode_t CHMOD120 = 0120;
constexpr mode_t CHMOD123 = 0123;
constexpr mode_t CHMOD124 = 0124;
constexpr mode_t CHMOD132 = 0132;
constexpr mode_t CHMOD143 = 0143;
constexpr mode_t CHMOD151 = 0151;
constexpr mode_t CHMOD166 = 0166;
constexpr mode_t CHMOD167 = 0167;
constexpr mode_t CHMOD175 = 0175;
constexpr mode_t CHMOD203 = 0203;
constexpr mode_t CHMOD210 = 0210;
constexpr mode_t CHMOD222 = 0222;
constexpr mode_t CHMOD230 = 0230;
constexpr mode_t CHMOD235 = 0235;
constexpr mode_t CHMOD241 = 0241;
constexpr mode_t CHMOD242 = 0242;
constexpr mode_t CHMOD256 = 0256;
constexpr mode_t CHMOD257 = 0257;
constexpr mode_t CHMOD261 = 0261;
constexpr mode_t CHMOD274 = 0274;
constexpr mode_t CHMOD305 = 0305;
constexpr mode_t CHMOD306 = 0306;
constexpr mode_t CHMOD310 = 0310;
constexpr mode_t CHMOD312 = 0312;
constexpr mode_t CHMOD325 = 0325;
constexpr mode_t CHMOD333 = 0333;
constexpr mode_t CHMOD334 = 0334;
constexpr mode_t CHMOD342 = 0342;
constexpr mode_t CHMOD347 = 0347;
constexpr mode_t CHMOD354 = 0354;
constexpr mode_t CHMOD362 = 0362;
constexpr mode_t CHMOD371 = 0371;
constexpr mode_t CHMOD401 = 0401;
constexpr mode_t CHMOD406 = 0406;
constexpr mode_t CHMOD407 = 0407;
constexpr mode_t CHMOD415 = 0415;
constexpr mode_t CHMOD422 = 0422;
constexpr mode_t CHMOD430 = 0430;
constexpr mode_t CHMOD444 = 0444;
constexpr mode_t CHMOD446 = 0446;
constexpr mode_t CHMOD453 = 0453;
constexpr mode_t CHMOD456 = 0456;
constexpr mode_t CHMOD457 = 0457;
constexpr mode_t CHMOD460 = 0460;
constexpr mode_t CHMOD473 = 0473;
constexpr mode_t CHMOD507 = 0507;
constexpr mode_t CHMOD511 = 0511;
constexpr mode_t CHMOD521 = 0521;
constexpr mode_t CHMOD526 = 0526;
constexpr mode_t CHMOD536 = 0536;
constexpr mode_t CHMOD543 = 0543;
constexpr mode_t CHMOD555 = 0555;
constexpr mode_t CHMOD560 = 0560;
constexpr mode_t CHMOD562 = 0562;
constexpr mode_t CHMOD564 = 0564;
constexpr mode_t CHMOD570 = 0570;
constexpr mode_t CHMOD604 = 0604;
constexpr mode_t CHMOD611 = 0611;
constexpr mode_t CHMOD614 = 0614;
constexpr mode_t CHMOD623 = 0623;
constexpr mode_t CHMOD637 = 0637;
constexpr mode_t CHMOD640 = 0640;
constexpr mode_t CHMOD655 = 0655;
constexpr mode_t CHMOD657 = 0657;
constexpr mode_t CHMOD665 = 0665;
constexpr mode_t CHMOD666 = 0666;
constexpr mode_t CHMOD670 = 0670;
constexpr mode_t CHMOD671 = 0671;
constexpr mode_t CHMOD672 = 0672;
constexpr mode_t CHMOD700 = 0700;
constexpr mode_t CHMOD702 = 0702;
constexpr mode_t CHMOD703 = 0703;
constexpr mode_t CHMOD712 = 0712;
constexpr mode_t CHMOD716 = 0716;
constexpr mode_t CHMOD717 = 0717;
constexpr mode_t CHMOD724 = 0724;
constexpr mode_t CHMOD731 = 0731;
constexpr mode_t CHMOD743 = 0743;
constexpr mode_t CHMOD750 = 0750;
constexpr mode_t CHMOD765 = 0765;
constexpr mode_t CHMOD777 = 0777;
// Creating Folders and Files for the Test
#define DACDIR0 "DACDIR0" // DIR0/
#define DACDIR0_DACFILE0 "DACDIR0_DACFILE0" // ├── DIR0_FILE0
#define DACDIR0_DACFILE1 "DACDIR0_DACFILE1" // ├── DIR0_FILE1
#define DACDIR0_DACDIR0 "DACDIR0_DACDIR0" // ├── DIR0_DIR0/
#define DACDIR0_DACDIR0_DACDIR0 "DACDIR0_DACDIR0_DACDIR0" // | └── DIR0_DIR0_DIR0/
#define DACDIR0_DACDIR1 "DACDIR0_DACDIR1" // └── DIR0_DIR1/
#define DACDIR1 "DACDIR1" // DIR1/
#define DACDIR1_DACFILE0 "DACDIR1_DACFILE0" // ├── DIR1_FILE0
#define DACDIR1_DACDIR0 "DACDIR1_DACDIR0" // └── DIR1_DIR0/
#endif
\ No newline at end of file
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "DACFileSystemTest.h"
#include <unistd.h>
#include "ActsCapabilityTest.h"
#include "ActsDacTest.h"
using namespace testing::ext;
// Preset action of the test suite, which is executed before the first test case
void DacTestSuite::SetUp()
{
// Permission mask preset when creating a file
umask(ZERO);
// Init capabilities
CapInit();
// Initialize the process and set the uid and gid of the process to zero
SetUidGid(UID0, GID0);
// Delete the the directory if exists
RemoveDir(TOP_DIR "/" DACDIR0);
RemoveDir(TOP_DIR "/" DACDIR1);
RemoveDir("/storage/" DACDIR0);
// Obtain the current working directory of the test code
mCurPath = GetCurrentPath();
// Modify the current working directory of the test code
int ret = chdir(TOP_DIR);
if (ret != 0) {
LOG("ErrInfo: Failed to chdir to %s, ret=%d, errno=%d", TOP_DIR, ret, errno);
}
}
// Test suite cleanup action, which is executed after the last test case
void DacTestSuite::TearDown()
{
// Delete the the directory if exists
RemoveDir(TOP_DIR "/" DACDIR0);
RemoveDir(TOP_DIR "/" DACDIR1);
RemoveDir("/storage/" DACDIR0);
// Initialize the process and set the uid and gid of the process to zero
SetUidGid(UID0, GID0);
// Restore the working directory of the test code
int ret = chdir(mCurPath);
if (ret != 0) {
LOG("ErrInfo: Failed to chdir to %s, ret=%d, errno=%d", mCurPath, ret, errno);
}
}
int main(int argc, char *argv[])
{
testing::GTEST_FLAG(output) = "xml:";
testing::InitGoogleTest(&argc, argv);
if (CheckFsMount(TOP_DIR, TOP_DIR_MOUNT_INFO) != 0) {
return 1;
}
return RUN_ALL_TESTS();
}
\ No newline at end of file
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_DAC_SRC_DACTFILESYSTEMTEST_H
#define XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_DAC_SRC_DACTFILESYSTEMTEST_H
#include <gtest/gtest.h>
class DacTestSuite : public::testing::Test {
protected:
char *mCurPath;
void SetUp();
void TearDown();
};
#endif
\ No newline at end of file
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//test/xts/tools/lite/build/suite_lite.gni")
hcpptest_suite("ActsVFATDACTest") {
suite_name = "acts"
sources = [
"../src/ActsDacPreTest.cpp",
"../src/DACFileSystemTest.cpp",
]
include_dirs = [
"../src",
"../../capability/src",
"//third_party/bounds_checking_function/include",
]
public_deps = [
"../../capability:capability_shared",
"//third_party/bounds_checking_function:libsec_shared",
]
cflags_cc = [
"-Wno-write-strings",
"-Wno-sign-compare",
]
ldflags = [
"-lstdc++",
"-lm",
"-lpthread",
]
defines = [
"LITE_FS_VFAT",
"TOP_DIR=\"/sdcard\"",
"TOP_DIR_MOUNT_INFO=\"/sdcard vfat\"",
]
}
{
"description": "Config for hcpptest demo test cases",
"environment": [
{
"type": "device",
"label": "ipcamera"
}
],
"kits": [
{
"type": "MountKit",
"server": "NfsServer",
"mount": [
{
"source": "testcases/security",
"target": "/test_root/security"
}
]
}
],
"driver": {
"type": "CppTestLite",
"execute": "/test_root/security/ActsVFATDACTest.bin"
}
}
\ No newline at end of file
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册