diff --git a/security_lite/permission_posix/capability/BUILD.gn b/security_lite/permission_posix/capability/BUILD.gn index 6302b1bc673f69acad9bfd9f2d6d2f906b1474c4..b0d7a9e969b7f7c6417e75cb9d0640c15f5bb87b 100755 --- a/security_lite/permission_posix/capability/BUILD.gn +++ b/security_lite/permission_posix/capability/BUILD.gn @@ -12,10 +12,7 @@ # limitations under the License. group("ActsCapabilityTest") { - deps = [ - "./jffs:ActsJFFS2CapabilityTest", - "./vfat:ActsVFATCapabilityTest", - ] + deps = [ "./vfat:ActsVFATCapabilityTest" ] } shared_library("capability_shared") { diff --git a/security_lite/permission_posix/capability/jffs/BUILD.gn b/security_lite/permission_posix/capability/jffs/BUILD.gn deleted file mode 100755 index a0abb9e5aa3c0cb538691531151f516f8b38bc81..0000000000000000000000000000000000000000 --- a/security_lite/permission_posix/capability/jffs/BUILD.gn +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/lite/config/subsystem/aafwk/config.gni") -import("//test/xts/tools/lite/build/suite_lite.gni") - -hcpptest_suite("ActsJFFS2CapabilityTest") { - suite_name = "acts" - sources = [ - "../src/ActsCapability.cpp", - "../src/ActsCapabilityTest.cpp", - "../src/CapabilityFileSystemTest.cpp", - ] - - include_dirs = [ - "../src", - "//third_party/bounds_checking_function/include", - ] - - public_deps = [ "//third_party/bounds_checking_function:libsec_shared" ] - - cflags_cc = [ - "-Wno-write-strings", - "-Wno-sign-compare", - ] - - ldflags = [ - "-lstdc++", - "-lm", - "-lpthread", - ] - - if (enable_ohos_appexecfwk_feature_ability == true) { - defines = [ - "_BOARD_HI3516_", - "LITE_FS_JFFS2", - "TOP_DIR=\"/storage\"", - "TOP_DIR_MOUNT_INFO=\"/storage jffs\"", - ] - } else { - defines = [ - "LITE_FS_JFFS2", - "TOP_DIR=\"/storage\"", - "TOP_DIR_MOUNT_INFO=\"/storage jffs\"", - ] - } -} diff --git a/security_lite/permission_posix/capability/jffs/Test.json b/security_lite/permission_posix/capability/jffs/Test.json deleted file mode 100644 index 102c0f287bc7721e47633afb925e9b9994bf535b..0000000000000000000000000000000000000000 --- a/security_lite/permission_posix/capability/jffs/Test.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "description": "Config for hcpptest demo test cases", - "environment": [ - { - "type": "device", - "label": "ipcamera" - } - ], - "kits": [ - { - "type": "MountKit", - "server": "NfsServer", - "mount": [ - { - "source": "testcases/security", - "target": "/test_root/security" - } - ] - } - ], - "driver": { - "type": "CppTestLite", - "execute": "/test_root/security/ActsJFFS2CapabilityTest.bin" - } -} \ No newline at end of file diff --git a/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp b/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp index 32d734a2f1758e72fd452a83efdc943e19cacd6a..3facec8c95c1d9ee0cc18023be2730b3526f9783 100755 --- a/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp +++ b/security_lite/permission_posix/capability/src/ActsCapabilityTest.cpp @@ -26,166 +26,7 @@ using namespace std; using namespace testing::ext; -#if defined(LITE_FS_JFFS2) -static int TestDacOverrideSuccess() -{ - int fd = 0; - int ret = 0; - char cap[] = "CapabilityTestSuite!\n"; - // Create a directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0' - ret = mkdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1, NORWX); - if (ret != 0) { - LOG("ErrInfo: Failed to mkdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' with CAP_DAC_OVERRIDE"); - return FALSE; - } - // Change the current working directory to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' - ret = chdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1); - if (ret != 0) { - LOG("ErrInfo: Failed to chdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' with CAP_DAC_OVERRIDE"); - return FALSE; - } - chdir(TOP_DIR "/" CAPDIR0); - // Delete the directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0' - ret = rmdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1); - if (ret != 0) { - LOG("ErrInfo: Failed to rmdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' with CAP_DAC_OVERRIDE"); - return FALSE; - } - // Rename the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' - ret = rename(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1); - if (ret != 0) { - LOG("ErrInfo: Failed to rename 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' with CAP_DAC_OVERRIDE"); - return FALSE; - } - // Check whether the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' exists - ret = access(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1, F_OK); - if (ret != 0) { - LOG("ErrInfo: Failed to access 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' with CAP_DAC_OVERRIDE"); - return FALSE; - } - // Delete the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' - ret = unlink(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1); - if (ret != 0) { - LOG("ErrInfo: Failed to unlink 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' with CAP_DAC_OVERRIDE"); - return FALSE; - } - // Create a file 'CAPDIR0_CAPFILE0' in the directory 'CAPDIR0' - fd = open(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, O_WRONLY | O_CREAT | O_TRUNC, RWX); - if (fd >= 0) { - // File created successfully - write(fd, cap, sizeof(cap)); - close(fd); - } else { - // Failed to create the file - LOG("ErrInfo: Failed to create 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0'"); - return FALSE; - } - return 0; -} - -static int TestDacOverrideFail() -{ - int ret = 0; - // Failed to create a directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0' - ret = mkdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1, NORWX); - if (ret != FALSE) { - LOG("ErrInfo: mkdir 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' without CAP_DAC_OVERRIDE"); - return FALSE; - } - // Failed to change the current working directory to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' - ret = chdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1); - if (ret != FALSE) { - LOG("ErrInfo: Change the current working directory without CAP_DAC_OVERRIDE"); - return FALSE; - } - // Failed to delete the directory 'mkdir' in the directory 'TOP_DIR/CAPDIR0' - ret = rmdir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR1); - if (ret != FALSE) { - LOG("ErrInfo: Delete 'TOP_DIR/CAPDIR0/CAPDIR0_CAPDIR1' without CAP_DAC_OVERRIDE"); - return FALSE; - } - // Failed to rename the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' to 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' - ret = rename(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1); - if (ret != FALSE) { - LOG("ErrInfo: Rename 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' without CAP_DAC_OVERRIDE"); - return FALSE; - } - // Failed to check whether the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' exists - ret = access(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1, F_OK); - if (ret != FALSE) { - LOG("ErrInfo: Check whether the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' exists without CAP_DAC_OVERRIDE"); - return FALSE; - } - // Failed to delete the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' - ret = unlink(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE1); - if (ret != FALSE) { - LOG("ErrInfo: Delete 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE1' without CAP_DAC_OVERRIDE"); - return FALSE; - } - return 0; -} - -static int TestDacReadSearchSuccess(int num) -{ - int fd = 0; - int ret = 0; - DIR *dir = nullptr; - struct stat buf = { 0 }; - // Open a file 'CAPDIR0_CAPFILE0' in the directory 'TOP_DIR/CAPDIR0' - fd = open(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, O_WRONLY); - if (fd >= 0) { - close(fd); - } else { - LOG("ErrInfo: Failed to open file with CAP_DAC_READ_SEARCH || CAP_DAC_OVERRIDE during the %d time", num); - return FALSE; - } - // Open a directory 'CAPDIR0_CAPDIR0' in the directory 'TOP_DIR/CAPDIR0' - dir = opendir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR0); - if (dir == nullptr) { - LOG("ErrInfo: Failed to open dir with CAP_DAC_READ_SEARCH || CAP_DAC_OVERRIDE during the %d time", num); - return FALSE; - } - closedir(dir); - // Obtain the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' status - ret = stat(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, &buf); - if (ret != 0) { - LOG("ErrInfo: Failed to stat with CAP_DAC_READ_SEARCH || CAP_DAC_OVERRIDE during the %d time", num); - return FALSE; - } - return 0; -} - -static int TestDacReadSearchFail() -{ - int fd = 0; - int ret = 0; - DIR *dir = nullptr; - struct stat buf = { 0 }; - // Failed to open a file 'CAPDIR0_CAPFILE0' in the directory 'TOP_DIR/CAPDIR0' - fd = open(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, O_WRONLY); - if (fd >= 0) { - LOG("ErrInfo: Open file without CAP_DAC_READ_SEARCH && CAP_DAC_OVERRIDE"); - close(fd); - return FALSE; - } - // Failed to directory a file 'CAPDIR0_CAPDIR0' in the directory 'TOP_DIR/CAPDIR0' - dir = opendir(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPDIR0); - if (dir != nullptr) { - LOG("ErrInfo: Open dir without CAP_DAC_READ_SEARCH && CAP_DAC_OVERRIDE"); - closedir(dir); - return FALSE; - } - // Failed to obtain the file 'TOP_DIR/CAPDIR0/CAPDIR0_CAPFILE0' status - ret = stat(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, &buf); - if (ret != FALSE) { - LOG("ErrInfo: Stat file without CAP_DAC_READ_SEARCH && CAP_DAC_OVERRIDE"); - return FALSE; - } - return 0; -} -#endif - -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) static void CreateTxt() { int ret; @@ -214,12 +55,21 @@ static void CreateTxt() static int CapsetOnlySETPCAP(int num) { struct __user_cap_header_struct capheader; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM]; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capdata[CAP_TO_INDEX(CAP_SETPCAP)].permitted |= CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective |= CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETPCAP)].inheritable |= CAP_TO_MASK(CAP_SETPCAP); @@ -235,12 +85,21 @@ static int CapsetOnlySETPCAP(int num) static int AddCapUnauthorized(int num) { struct __user_cap_header_struct capheader; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM]; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capdata[0].permitted = LINUX_FULL_CAP; capdata[0].effective = LINUX_FULL_CAP; capdata[0].inheritable = LINUX_FULL_CAP; @@ -256,12 +115,21 @@ static int AddCapUnauthorized(int num) static int CapgetWithAllCap(int num) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; int ret = capget(&capheader, &capdataget[0]); if (ret != 0) { EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs"; @@ -280,12 +148,21 @@ static int CapgetWithAllCap(int num) static int CapgetWithNoCap(int num) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; int ret = capget(&capheader, &capdataget[0]); if (ret != 0) { EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs"; @@ -304,12 +181,21 @@ static int CapgetWithNoCap(int num) static int CapgetOnlySETPCAP(int num) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; int ret = capget(&capheader, &capdataget[0]); if (ret != 0) { EXPECT_EQ(ret, 0) << "ErrInfo: Failed to get CAPs"; @@ -372,12 +258,21 @@ static int CapsetWithoutSETPCAP() static int CapsetWithVersion(pid_t pid, unsigned int version) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.pid = pid; capheader.version = version; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; // Capget based on input parameters int ret = capset(&capheader, &capdata[0]); if (ret != 0) { @@ -390,12 +285,21 @@ static int CapsetWithVersion(pid_t pid, unsigned int version) static int CapgetWithVersion(pid_t pid, unsigned int version) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.pid = pid; capheader.version = version; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; // Capget based on input parameters int ret = capget(&capheader, &capdataget[0]); if (ret != 0) { @@ -408,12 +312,21 @@ static int CapgetWithVersion(pid_t pid, unsigned int version) static int CapgetWithCaps(pid_t pid, unsigned int caps) { struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.pid = pid; capheader.version = _LINUX_CAPABILITY_VERSION_3; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0xff, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; // Capget based on input parameters and check whether the capability is the same as the input parameter int ret = capget(&capheader, &capdataget[0]); if (ret != 0 || capdataget[0].effective != caps) { @@ -424,302 +337,7 @@ static int CapgetWithCaps(pid_t pid, unsigned int caps) } #endif -#if defined(LITE_FS_JFFS2) -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0100 - * @tc.name : Processes with the CAP_CHOWN capability can invoke their management - and control interfaces to change the file owner - * @tc.desc : [C-SECURITY-0100] - */ -HWTEST_F(CapabilityTestSuite, CapabilityTest0100, Function | MediumTest | Level2) -{ - int ret; - int status = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the file owner with interface 'chown' - ret = chown(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, UID10000, GID10000); - if (ret != 0) { - LOG("ErrInfo: Failed to change the file owner with CAP_CHOWN"); - exitCode = 1; - } - // Step 2: Drop the capabilities of CAP_CHOWN - ret = DropCAPCHOWN(); - if (ret != 0) { - LOG("ErrInfo: Failed to drop CAP_CHOWN"); - exitCode = 1; - } - // Step 3: Failed to change the file owner with interface 'chown' - ret = chown(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, UID0, GID0); - if (ret != FALSE) { - LOG("ErrInfo: Change the file owner without CAP_CHOWN"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} -#endif - -#if defined(LITE_FS_JFFS2) -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0200 - * @tc.name : Processes with the single CAP_DAC_OVERRIDE capability can invoke their management - and control interfaces to ignore read and write execution verification - * @tc.desc : [C-SECURITY-0100] - */ -HWTEST_F(CapabilityTestSuite, CapabilityTest0200, Function | MediumTest | Level2) -{ - int ret; - int status = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Drop the capabilities of CAP_DAC_READ_SEARCH - ret = DropCAPDACREADSEARCH(); - if (ret != 0) { - LOG("ErrInfo: Failed to drop CAP_DAC_READ_SEARCH"); - exitCode = 1; - } - // Step 2.1: Invoke CAP_DAC_READ_SEARCH related interfaces successfully - ret = TestDacReadSearchSuccess(1); - if (ret != 0) { - LOG("ErrInfo: TestDacReadSearchSuccess error"); - exitCode = 1; - } - // Step 2.2: Invoke CAP_DAC_OVERRIDE related interfaces successfully - ret = TestDacOverrideSuccess(); - if (ret != 0) { - LOG("ErrInfo: TestDacOverrideSuccess error"); - exitCode = 1; - } - // Step 3: Continue to drop the capabilities of CAP_DAC_OVERRIDE - ret = DropCAPDACOVERRIDEAndREADSEARCH(); - if (ret != 0) { - LOG("ErrInfo: Failed to drop CAP_DAC_OVERRIDE after CAP_DAC_READ_SEARCH revoked"); - exitCode = 1; - } - // Step 4.1: Failed to invoke CAP_DAC_READ_SEARCH related interfaces - ret = TestDacReadSearchFail(); - if (ret != 0) { - LOG("ErrInfo: TestDacReadSearchFail error"); - exitCode = 1; - } - // Step 4.2: Failed to invoke CAP_DAC_OVERRIDE related interfaces - ret = TestDacOverrideFail(); - if (ret != 0) { - LOG("ErrInfo: TestDacOverrideFail error"); - exitCode = 1; - } - // Step 5: The sub process exit with the exitCode - exit(exitCode); - } else { - // Step 6: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} -#endif - -#if defined(LITE_FS_JFFS2) -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0300 - * @tc.name : Processes with the single CAP_DAC_READ_SEARCH capability can invoke their management - and control interfaces to ignore read execution verification - * @tc.desc : [C-SECURITY-0100] - */ -HWTEST_F(CapabilityTestSuite, CapabilityTest0300, Function | MediumTest | Level3) -{ - int ret; - int status = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Drop the capabilities of CAP_DAC_OVERRIDE - ret = DropCAPDACOVERRIDE(); - if (ret != 0) { - LOG("ErrInfo: Failed to drop CAP_DAC_OVERRIDE"); - exitCode = 1; - } - // Step 2.1: Invoke CAP_DAC_READ_SEARCH related interfaces successfully - ret = TestDacReadSearchSuccess(1); - if (ret != 0) { - LOG("ErrInfo: TestDacReadSearchSuccess error"); - exitCode = 1; - } - // Step 2.2: Invoke CAP_DAC_OVERRIDE related interfaces successfully - ret = TestDacOverrideFail(); - if (ret != 0) { - LOG("ErrInfo: TestDacOverrideFail error"); - exitCode = 1; - } - // Step 3: Continue to drop the capabilities of CAP_DAC_READ_SEARCH - ret = DropCAPDACOVERRIDEAndREADSEARCH(); - if (ret != 0) { - LOG("ErrInfo: Failed to drop CAP_DAC_READ_SEARCH after CAP_DAC_OVERRIDE revoked"); - exitCode = 1; - } - // Step 4.1: Failed to invoke CAP_DAC_READ_SEARCH related interfaces - ret = TestDacReadSearchFail(); - if (ret != 0) { - LOG("ErrInfo: TestDacReadSearchFail error"); - exitCode = 1; - } - // Step 4.2: Failed to invoke CAP_DAC_OVERRIDE related interfaces - ret = TestDacOverrideFail(); - if (ret != 0) { - LOG("ErrInfo: TestDacOverrideFail error"); - exitCode = 1; - } - // Step 5: The sub process exit with the exitCode - exit(exitCode); - } else { - // Step 6: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} -#endif - -#if defined(LITE_FS_JFFS2) -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0400 - * @tc.name : Processes that have the CAP_DAC_OVERRIDE - and CAP_DAC_READ_SEARCH capabilities can invoke their management - and control interfaces to ignore read and write execution verification - * @tc.desc : [C-SECURITY-0100] - */ -HWTEST_F(CapabilityTestSuite, CapabilityTest0400, Function | MediumTest | Level3) -{ - int ret; - int status = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1.1: Invoke CAP_DAC_READ_SEARCH related interfaces successfully - ret = TestDacReadSearchSuccess(1); - if (ret != 0) { - LOG("ErrInfo: TestDacReadSearchSuccess error"); - exitCode = 1; - } - // Step 1.2: Invoke CAP_DAC_OVERRIDE related interfaces successfully - ret = TestDacOverrideSuccess(); - if (ret != 0) { - LOG("ErrInfo: TestDacOverrideSuccess error"); - exitCode = 1; - } - // Step 2: Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH - ret = DropCAPDACOVERRIDEAndREADSEARCH(); - if (ret != 0) { - LOG("ErrInfo: Failed to drop CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH"); - exitCode = 1; - } - // Step 3.1: Failed to invoke CAP_DAC_READ_SEARCH related interfaces - ret = TestDacReadSearchFail(); - if (ret != 0) { - LOG("ErrInfo: TestDacReadSearchFail error"); - exitCode = 1; - } - // Step 3.2: Failed to invoke CAP_DAC_OVERRIDE related interfaces - ret = TestDacOverrideFail(); - if (ret != 0) { - LOG("ErrInfo: TestDacOverrideFail error"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} -#endif - -#if defined(LITE_FS_JFFS2) -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0500 - * @tc.name : Processes with the CAP_FOWNER capability can invoke their management - and control interfaces to modify file permissions - * @tc.desc : [C-SECURITY-0100] - */ -HWTEST_F(CapabilityTestSuite, CapabilityTest0500, Function | MediumTest | Level2) -{ - int ret; - int status = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Change the file owner with interface 'chown' - ret = chown(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, UID10000, GID10000); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to change the file owner with CAP_CHOWN"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the file permission with CAP_FOWNER' - ret = chmod(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, RWX); - if (ret != 0) { - LOG("ErrInfo: Failed to chmod with CAP_FOWNER"); - exitCode = 1; - } - // Step 2: Drop the capabilities of CAP_FOWNER - ret = DropCAPFOWNER(); - if (ret != 0) { - LOG("ErrInfo: Failed to drop CAP_FOWNER"); - exitCode = 1; - } - // Step 2: Failed to change the file permission with interface 'chmod' - ret = chmod(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, NORWX); - if (ret != FALSE) { - LOG("ErrInfo: Change the file permission without CAP_FOWNER"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - // Cleanup action: Restore the initial status of the file - ret = chown(TOP_DIR "/" CAPDIR0 "/" CAPDIR0_CAPFILE0, UID0, GID0); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to restore the file owner with CAP_FOWNER"; - } -} -#endif - -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0600 * @tc.name : Processes with the CAP_KILL capability can invoke their management @@ -781,7 +399,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0600, Function | MediumTest | Level2 } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0700 * @tc.name : Processes with the CAP_SETGID capability can invoke their management @@ -833,7 +451,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0700, Function | MediumTest | Level2 } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0800 * @tc.name : Processes with the CAP_SETUID capability can invoke their management @@ -903,7 +521,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0800, Function | MediumTest | Level2 } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_0900 * @tc.name : Processes with the CAP_SETPCCAP capability can invoke their management @@ -942,7 +560,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest0900, Security | MediumTest | Level2 } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1000 * @tc.name : Processes with the CAP_SYS_NICE capability can invoke their management @@ -1008,7 +626,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1000, Function | MediumTest | Level2 } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1100 * @tc.name : Processes with the CAP_SYS_TIME capability can call their management @@ -1059,7 +677,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1100, Function | MediumTest | Level2 } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1200 * @tc.name : Processes without the CAP_SETPCAP capability cannot drop any capability @@ -1087,7 +705,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1200, Function | MediumTest | Level3 } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1300 * @tc.name : Inheritance of process capabilities @@ -1124,7 +742,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1300, Function | MediumTest | Level1 } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1400 * @tc.name : Invoke the capset interface to add and drop the process capabilities for 10000 times @@ -1163,7 +781,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1400, Reliability | MediumTest | Lev } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1500 * @tc.name : Invoke the capset interface to revoke the process capabilities which not exist for 10000 times @@ -1179,12 +797,21 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev if (pid == 0) { int exitCode = 0; struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; capheader.pid = 0; struct __user_cap_data_struct capdata[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), - LINUX_FULL_CAP, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), + LINUX_FULL_CAP, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].permitted &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX); capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].effective &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX); capdata[CAP_TO_INDEX(INVALID_CAP_TO_INDEX)].inheritable &= ~CAP_TO_MASK(INVALID_CAP_TO_INDEX); @@ -1208,7 +835,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1500, Reliability | MediumTest | Lev } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1600 * @tc.name : Enter the exception parameter for 10000 times when invoke the capset interface @@ -1273,7 +900,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1600, Reliability | MediumTest | Lev } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1700 * @tc.name : Invoke the capget interface to query the process capabilities for 10000 times @@ -1292,7 +919,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1700, Reliability | MediumTest | Lev } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1800 * @tc.name : Invoke the capget interface to query the process capabilities which not exist for 10000 times @@ -1332,7 +959,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1800, Reliability | MediumTest | Lev } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_1900 * @tc.name : Enter the exception parameter for 10000 times when invoke the capget interface @@ -1398,43 +1025,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest1900, Reliability | MediumTest | Lev } #endif -#if defined(LITE_FS_JFFS2) -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2000 - * @tc.name : The process repeatedly invokes the interfaces controlled by its capability for 10000 times - * @tc.desc : [C-SECURITY-0100] - */ -HWTEST_F(CapabilityTestSuite, CapabilityTest2000, Reliability | MediumTest | Level2) -{ - int status = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Invoke CAP_DAC_READ_SEARCH related interfaces for 10000 times - for (int number = 0; number < NUM10000; number++) { - exitCode = TestDacReadSearchSuccess(number); - if (exitCode != 0) { - LOG("ErrInfo: TestDacReadSearchSuccess error during the %d time", number); - break; - } - } - // Step 2: The sub process exit with the exitCode - exit(exitCode); - } else { - // Step 3: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} -#endif - -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2100 * @tc.name : Five processes concurrently invoke APIs managed by the capability for 5000 times @@ -1490,8 +1081,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2100, Reliability | MediumTest | Lev } #endif -#ifndef _BOARD_HI3516_ -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2200 * @tc.name : Check whether the default configuration of the system process capabilities @@ -1530,49 +1120,8 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2200, Security | MediumTest | Level1 EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 9, process wms_server or ai_server has wrong capability"; } #endif -#endif -#if defined(LITE_FS_VFAT) && defined(_BOARD_HI3516_) -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2200 - * @tc.name : Check whether the default configuration of the system process capabilities - is the same as that described in the design document - * @tc.desc : [C-SECURITY-0100] - */ -HWTEST_F(CapabilityTestSuite, CapabilityTest2200, Security | MediumTest | Level1) -{ - int ret; - // Step 1: Check the capability of process 'init', pid = 1 - ret = CapgetWithCaps(INIT_PID_2, INIT_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 1, process init has wrong capability"; - // Step 2: Check the capability of process 'KProcess', pid = 2 - ret = CapgetWithCaps(KPROCESS_PID_2, KPROCESS_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 2, process KProcess has wrong capability"; - // Step 3: Check the capability of process 'shell', pid = 8 - ret = CapgetWithCaps(SHELL_PID_2, SHELL_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 8, process shell has wrong capability"; - // Step 4: Check the capability of process 'apphilogcat', pid = 10 - ret = CapgetWithCaps(HILOGCAT_PID_2, HILOGCAT_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 10, process apphilogcat has wrong capability"; - // Step 5: Check the capability of process 'foundation', pid = 3 - ret = CapgetWithCaps(FOUNDATION_PID_2, FOUNDATION_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 3, process foundation has wrong capability"; - // Step 6: Check the capability of process 'bundle_daemon', pid = 4 - ret = CapgetWithCaps(BUNDLE_DAEMON_PID_2, BUNDLE_DAEMON_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 4, process bundle_daemon has wrong capability"; - // Step 7: Check the capability of process 'appspawn', pid = 5 - ret = CapgetWithCaps(APPSPAWN_PID_2, APPSPAWN_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 5, process appspawn has wrong capability"; - // Step 8: Check the capability of process 'media_server', pid = 6 - ret = CapgetWithCaps(MEDIA_SERVER_PID_2, MEDIA_SERVER_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 6, process media_server has wrong capability"; - // Step 9: Check the capability of process 'wms_server' or 'ai_server', pid = 7 - ret = CapgetWithCaps(WMS_SERVER_OR_AI_SERVER_PID_2, WMS_SERVER_OR_AI_SERVER_CAP); - EXPECT_EQ(ret, 0) << "ErrInfo: Pid = 7, process wms_server or ai_server has wrong capability"; -} -#endif - -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2300 * @tc.name : Check whether the default configuration of the capability of the third-party application process @@ -1583,11 +1132,20 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1 { int ret; struct __user_cap_header_struct capheader = { 0 }; - memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); + errno_t result = memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, + sizeof(struct __user_cap_header_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; capheader.version = _LINUX_CAPABILITY_VERSION_3; struct __user_cap_data_struct capdataget[CAP_NUM] = { { 0 }, { 0 } }; - memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), - 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + result = memset_s(capdataget, CAP_NUM * sizeof(struct __user_cap_data_struct), + 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); + if (result != EOK) { + LOG("CapgetWithAllCap memset_s failed"); + return FALSE; + }; pid_t pid = getpid(); for (int num = OTHER_PID; num <= pid; num++) { // Step 1: The current test process has all capabilities @@ -1613,7 +1171,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2300, Security | MediumTest | Level1 } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2400 * @tc.name : The process continuously invokes the capset and capget interfaces, @@ -1680,7 +1238,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2400, Function | MediumTest | Level1 } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2500 * @tc.name : Performance test of capset and capget interface @@ -1727,7 +1285,7 @@ HWTEST_F(CapabilityTestSuite, CapabilityTest2500, Performance | MediumTest | Lev } #endif -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) /* * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_Capability_2600 * @tc.name : Performance test of the interface managed by Capability diff --git a/security_lite/permission_posix/capability/vfat/BUILD.gn b/security_lite/permission_posix/capability/vfat/BUILD.gn index e71a8c95142e9123710759518b74f7d11e0e518b..e80644e1fda5425833633d5f339cef11deee9cf4 100755 --- a/security_lite/permission_posix/capability/vfat/BUILD.gn +++ b/security_lite/permission_posix/capability/vfat/BUILD.gn @@ -42,7 +42,6 @@ hcpptest_suite("ActsVFATCapabilityTest") { if (enable_ohos_appexecfwk_feature_ability == true) { defines = [ - "_BOARD_HI3516_", "LITE_FS_VFAT", "TOP_DIR=\"/sdcard\"", "TOP_DIR_MOUNT_INFO=\"/sdcard vfat\"", diff --git a/security_lite/permission_posix/dac/BUILD.gn b/security_lite/permission_posix/dac/BUILD.gn index ef92fd79ea23ba10ccf3548f2faa1caaf2ff489c..428e6b12764a653a02c5ecef55afd5047fb90da7 100755 --- a/security_lite/permission_posix/dac/BUILD.gn +++ b/security_lite/permission_posix/dac/BUILD.gn @@ -12,8 +12,5 @@ # limitations under the License. group("ActsDacTest") { - deps = [ - "./jffs:ActsJFFS2DACTest", - "./vfat:ActsVFATDACTest", - ] + deps = [ "./vfat:ActsVFATDACTest" ] } diff --git a/security_lite/permission_posix/dac/jffs/BUILD.gn b/security_lite/permission_posix/dac/jffs/BUILD.gn deleted file mode 100755 index af76e618cc4bfe49eb497e9417ba5e216492a15e..0000000000000000000000000000000000000000 --- a/security_lite/permission_posix/dac/jffs/BUILD.gn +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//test/xts/tools/lite/build/suite_lite.gni") - -hcpptest_suite("ActsJFFS2DACTest") { - suite_name = "acts" - sources = [ - "../src/ActsDacPreTest.cpp", - "../src/ActsDacTest.cpp", - "../src/ActsSystemDevDacTest.cpp", - "../src/ActsSystemJffsDacTest.cpp", - "../src/DACFileSystemTest.cpp", - ] - - include_dirs = [ - "../src", - "../../capability/src", - "//third_party/bounds_checking_function/include", - ] - - public_deps = [ - "../../capability:capability_shared", - "//third_party/bounds_checking_function:libsec_shared", - ] - - cflags_cc = [ - "-Wno-write-strings", - "-Wno-sign-compare", - ] - - ldflags = [ - "-lstdc++", - "-lm", - "-lpthread", - ] - - defines = [ - "LITE_FS_JFFS2", - "TOP_DIR=\"/storage\"", - "TOP_DIR_MOUNT_INFO=\"/storage jffs\"", - ] -} diff --git a/security_lite/permission_posix/dac/jffs/Test.json b/security_lite/permission_posix/dac/jffs/Test.json deleted file mode 100644 index db1add5f586d899c181dc985fe86b07f3a21e5a4..0000000000000000000000000000000000000000 --- a/security_lite/permission_posix/dac/jffs/Test.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "description": "Config for hcpptest demo test cases", - "environment": [ - { - "type": "device", - "label": "ipcamera" - } - ], - "kits": [ - { - "type": "MountKit", - "server": "NfsServer", - "mount": [ - { - "source": "testcases/security", - "target": "/test_root/security" - } - ] - } - ], - "driver": { - "type": "CppTestLite", - "execute": "/test_root/security/ActsJFFS2DACTest.bin" - } -} \ No newline at end of file diff --git a/security_lite/permission_posix/dac/src/ActsDacPreTest.cpp b/security_lite/permission_posix/dac/src/ActsDacPreTest.cpp index 2161ef4550af7d21c9b427d7035a7968311466b6..a535cb5315087a8c0ba0768ec48e82bbaf488896 100755 --- a/security_lite/permission_posix/dac/src/ActsDacPreTest.cpp +++ b/security_lite/permission_posix/dac/src/ActsDacPreTest.cpp @@ -25,7 +25,7 @@ using namespace std; using namespace testing::ext; -#if defined(LITE_FS_JFFS2) || defined(LITE_FS_VFAT) +#if defined(LITE_FS_VFAT) static int TestSetUid() { // Test the 'setuid' interface diff --git a/security_lite/permission_posix/dac/src/ActsDacTest.cpp b/security_lite/permission_posix/dac/src/ActsDacTest.cpp deleted file mode 100755 index 0331353bdf8d35582d0f651333a1754fd06cec44..0000000000000000000000000000000000000000 --- a/security_lite/permission_posix/dac/src/ActsDacTest.cpp +++ /dev/null @@ -1,601 +0,0 @@ -/* - * Copyright (c) 2020-2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "ActsDacTest.h" -#include -#include -#include -#include -#include "gtest/gtest.h" -#include "ActsCapabilityTest.h" -#include "DACFileSystemTest.h" - -using namespace std; -using namespace testing::ext; - -#if defined(LITE_FS_JFFS2) -static void CreateTxt() -{ - int ret; - int fd = 0; - char dac[] = "DacTestSuite!\n"; - // Initialize the process and set the uid and gid of the process to zero - SetUidGid(UID0, GID0); - // Create a directory 'DACDIR0' in the directory 'TOP_DIR' - ret = mkdir(TOP_DIR "/" DACDIR0, CHMOD700); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0'"; - // Create a directory 'DACDIR0_DACDIR0' in the directory 'TOP_DIR/DACDIR0' - ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, RWX); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0/DACDIR0_DACDIR0'"; - // Create a file 'DACDIR0_DACFILE0' in the directory 'DacTest' - fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY | O_CREAT | O_TRUNC, CHMOD700); - if (fd >= 0) { - // File created successfully - write(fd, dac, sizeof(dac)); - close(fd); - } else { - // Failed to create the file - ASSERT_GE(fd, 0) << "ErrInfo: Failed to create the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0'"; - } -} - -static void CreateTxt1() -{ - int ret; - int fd = 0; - char dac[] = "DacTestSuite!\n"; - // Initialize the process and set the uid and gid of the process to zero - SetUidGid(UID0, GID0); - // Create a directory 'DACDIR1' in the directory 'TOP_DIR' - ret = mkdir(TOP_DIR "/" DACDIR1, CHMOD700); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR1'"; - // Create a directory 'DACDIR1_DACDIR0' in the directory 'TOP_DIR/DACDIR1' - ret = mkdir(TOP_DIR "/" DACDIR1 "/" DACDIR1_DACDIR0, RWX); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR1/DACDIR1_DACDIR0'"; - // Create a file 'DACDIR1_DACFILE0' in the directory 'DACDIR1' - fd = open(TOP_DIR "/" DACDIR1 "/" DACDIR1_DACFILE0, O_WRONLY | O_CREAT | O_TRUNC, CHMOD700); - if (fd >= 0) { - // File created successfully - write(fd, dac, sizeof(dac)); - close(fd); - } else { - // Failed to create the file - ASSERT_GE(fd, 0) << "ErrInfo: Failed to create the file 'TOP_DIR/DACDIR1/DACDIR1_DACFILE0'"; - } - // Change the file 'DACDIR1_DACFILE0' owner with interface 'chown' - ret = chown(TOP_DIR "/" DACDIR1 "/" DACDIR1_DACFILE0, UID1, GID1); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the file 'DACDIR1_DACFILE0' owner with interface 'chown'"; - // Change the directory 'TOP_DIR/DACDIR1' owner with interface 'chown' - ret = chown(TOP_DIR "/" DACDIR1, UID1, GID1); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the directory 'TOP_DIR/DACDIR1' owner with interface 'chown'"; -} - -static int ThreeProcessReadOneTxt() -{ - int fd = 0; - int status = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Fork three sub processes - pid_t pid; - for (int num = 0; num < NUM3; num++) { - pid = fork(); - if (pid < 0) { - LOG("======== Fork Error! ========="); - return -1; - } - usleep(SLEEP_NUM); - if (pid == 0) { - break; - } - } - // get one parent & three children - if (pid == 0) { - int exitCode = 0; - // Initialize the process and set the uid and gid of the process to zero - SetUidGid(UID0, GID0); - // Drop the capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH - DropCAPDACOVERRIDEAndREADSEARCH(); - // Three sub processes read a file at the same time - for (int number = 0; number < NUM1000; number++) { - fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY); - if (fd >= 0) { - close(fd); - } else { - LOG("ErrInfo: failed to open the file during the %d time", number); - exitCode = 1; - break; - } - } - // Three sub processes exit with the exitCode - exit(exitCode); - } else { - // The parent process wait for three sub processes to exit and obtain the exitCode - for (int num2 = 0; num2 < NUM3; num2++) { - wait(&status); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: Pid = "<< pid - << ", its exitCode is wrong and test case failed, please query logs"; - } - // Delete the directory 'TOP_DIR/DACDIR0' - RemoveDir(TOP_DIR "/" DACDIR0); - } - return 0; -} - -static int TwoProcessReadTwoTxt() -{ - int status = 0; - // Preset action: Create a file whose owner is uid0, gid0 - CreateTxt(); - // Preset action: Create a file whose owner is uid1, gid1 - CreateTxt1(); - // Preset action: Fork two sub processes - pid_t pid[NUM2]; - for (int num = 0; num < NUM2; num++) { - pid[num] = fork(); - EXPECT_TRUE(pid[num] >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid[num] == 0) { - // Set UID and GID of process pid[0] to 0 and set UID and GID of process pid[1] to 1 - SetUidGid(num, num); - // Drop both process capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH - DropCAPDACOVERRIDEAndREADSEARCH(); - break; - } - } - // get one parent & two children - if (pid[0] == 0 || pid[1] == 0) { - int exitCode = 0; - for (int number = 0; number < NUM1000; number++) { - // Two processes with different UIDs and GIDs read two files with different owners at the same time - if (pid[0] == 0) { - // The process pid[0] can open the file Dac.txt whose owners are uid0 and gid0 - int fd0dac = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY); - if (fd0dac >= 0) { - close(fd0dac); - } else { - LOG("ErrInfo: PID[0] failed to open the file during the %d time", number); - exitCode = 1; - break; - } - // The process pid[0] can not open the file Dac.txt whose owners are uid1 and gid1 - int fd0dac1 = open(TOP_DIR "/" DACDIR1 "/" DACDIR1_DACFILE0, O_WRONLY); - if (fd0dac1 >= 0) { - LOG("ErrInfo: PID[0] open the file with wrong uid&gid during the %d time", number); - close(fd0dac1); - exitCode = 1; - break; - } - } else { - // The process pid[1] can not open the file Dac.txt whose owners are uid0 and gid0 - int fd1dac = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY); - if (fd1dac >= 0) { - LOG("ErrInfo: PID[1] open the file with wrong uid&gid during the %d time", number); - close(fd1dac); - exitCode = 1; - break; - } - // The process pid[1] can open the file Dac.txt whose owners are uid1 and gid1 - int fd1dac1 = open(TOP_DIR "/" DACDIR1 "/" DACDIR1_DACFILE0, O_WRONLY); - if (fd1dac1 >= 0) { - close(fd1dac1); - } else { - LOG("ErrInfo: PID[1] failed to open the file during the %d time", number); - exitCode = 1; - break; - } - } - } - // Two sub processes exit with the exitCode - exit(exitCode); - } else { - // The parent process wait for the sub process pid[0] to exit and obtain the exitCode - waitpid(pid[0], &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid[0]; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " - << pid[0]; - // The parent process wait for the sub process pid[1] to exit and obtain the exitCode - waitpid(pid[1], &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid[1]; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " - << pid[1]; - } - return 0; -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0140 - * @tc.name : Invoke the chmod interface to set the file permission - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0140, Function | MediumTest | Level2) -{ - int ret; - int status = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Preset action: Drop the capabilities of CAP_FOWNER - DropCAPFOWNER(); - // Step 1: Set the uid and gid of the process to 0 - SetUidGid(UID0, GID0); - // Step 2.1: Change the file permission 700 with interface 'chmod' - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD700); - if (ret != 0) { - LOG("ErrInfo: Failed in chmod 700"); - exitCode = 1; - } - // Step 2.2: Change the file permission 111 with interface 'chmod' - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD111); - if (ret != 0) { - LOG("ErrInfo: Failed in chmod 111"); - exitCode = 1; - } - // Step 2.3: Change the file permission -1 with interface 'chmod' - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, FALSE); - if (ret != 0) { - LOG("ErrInfo: Failed in chmod FALSE"); - exitCode = 1; - } - // Step 2.4: Change the file permission -777 with interface 'chmod' - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, -777); - if (ret != 0) { - LOG("ErrInfo: Failed in chmod -777"); - exitCode = 1; - } - // Step 3: Set the uid and gid of the process to 10000 - SetUidGid(UID10000, GID10000); - // Step 4: Failed to change the file permission for the process that is not the file owner - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD777); - EXPECT_EQ(ret, FALSE) << "ErrInfo: Chmod 777 with wrong uid"; - // Step 5: The sub process exit with the exitCode - exit(exitCode); - } else { - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0150 - * @tc.name : Invoke chown interface to set the file owner - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0150, Function | MediumTest | Level2) -{ - int ret; - int status = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Set the uid and gid of the process to 0 - SetUidGid(UID0, GID0); - // Step 2.1: Set the directory 'TOP_DIR/DACDIR0' owner UID10000 and GID10000 - ret = chown(TOP_DIR "/" DACDIR0, UID10000, GID10000); - if (ret != 0) { - LOG("ErrInfo: Failed to set the directory 'TOP_DIR/DACDIR0' owner UID10000 and GID10000"); - exitCode = 1; - } - // Step 2.2: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID10000 and GID10000 - ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID10000, GID10000); - if (ret != 0) { - LOG("ErrInfo: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID10000 and GID10000"); - exitCode = 1; - } - // Step 2.3: Set the directory 'TOP_DIR/DACDIR0' owner UID2147483647 and GID2147483647 - ret = chown(TOP_DIR "/" DACDIR0, MAX_INT, MAX_INT); - if (ret != 0) { - LOG("ErrInfo: Failed to set the directory 'TOP_DIR/DACDIR0' owner UID2147483647 and GID2147483647"); - exitCode = 1; - } - // Step 2.4: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID2147483647 and GID2147483647 - ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, MAX_INT, MAX_INT); - if (ret != 0) { - LOG("ErrInfo: Failed to set the file owner UID2147483647 and GID2147483647"); - exitCode = 1; - } - // Step 2.5: Set the directory 'TOP_DIR/DACDIR0' owner UID0 and GID0 - ret = chown(TOP_DIR "/" DACDIR0, UID0, GID0); - if (ret != 0) { - LOG("ErrInfo: Failed to set the directory 'TOP_DIR/DACDIR0' owner UID0 and GID0"); - exitCode = 1; - } - // Step 2.4: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID0 and GID0 - ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID0, GID0); - if (ret != 0) { - LOG("ErrInfo: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner UID0 and GID0"); - exitCode = 1; - } - // Step 3: Drop the capabilities of CAP_CHOWN - DropCAPCHOWN(); - // Step 4.1: Failed to set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN"); - ret = chown(TOP_DIR "/" DACDIR0, UID10000, GID10000); - if (ret != FALSE) { - LOG("ErrInfo: Set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN"); - exitCode = 1; - } - // Step 4.2: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN"); - ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID10000, GID10000); - if (ret != FALSE) { - LOG("ErrInfo: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN"); - exitCode = 1; - } - // Step 4.3: Set the uid and gid of the process to 555 - SetUidGid(UID555, GID555); - // Step 4.4: Failed to set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN"); - ret = chown(TOP_DIR "/" DACDIR0, UID10000, GID10000); - if (ret != FALSE) { - LOG("ErrInfo: Set the directory 'TOP_DIR/DACDIR0' owner without CAP_CHOWN"); - exitCode = 1; - } - // Step 4.5: Failed to set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN"); - ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID10000, GID10000); - if (ret != FALSE) { - LOG("ErrInfo: Set the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0' owner without CAP_CHOWN"); - exitCode = 1; - } - // Step 5: The sub process exit with the exitCode - exit(exitCode); - } else { - // Step 6: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0160 - * @tc.name : Concurrent file reading by multiple processes - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0160, Function | MediumTest | Level2) -{ - int ret; - // Step 1: Multiple processes read the same file - ret = ThreeProcessReadOneTxt(); - EXPECT_EQ(ret, 0) << "ErrInfo: ThreeProcessReadOneTxt() exit error"; - // Step 2: Multiple processes read the different files with different owners - ret = TwoProcessReadTwoTxt(); - EXPECT_EQ(ret, 0) << "ErrInfo: TwoProcessReadTwoTxt() exit error"; -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0170 - * @tc.name : The owner or permission of a file fail to be modified when the file is operated by another process - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0170, Function | MediumTest | Level2) -{ - int fd = 0; - int status = 0; - int exitCode0 = 0; - int exitCode1 = 0; - // Preset action: Create a file whose owner is uid0, gid0 - CreateTxt(); - // Preset action: Fork two sub processes - pid_t pid[NUM2]; - for (int num = 0; num < NUM2; num++) { - pid[num] = fork(); - ASSERT_TRUE(pid[num] >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid[num] == 0) { - // Drop both process capabilities of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH - DropCAPDACOVERRIDEAndREADSEARCH(); - break; - } - } - // Step 1: Open a file by Process pid[0] - if (pid[0] == 0) { - fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY); - } - if (pid[1] == 0) { - // Step 2: Change the file owner with interface 'chown' by Process pid[1] - int retchown = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID10000, GID10000); - if (retchown != 0) { - LOG("ErrInfo: Failed to change the file owner when the file is operated by another process"); - exitCode1 = 1; - } - // Step 3: Change the file permission 000 with interface 'chmod' by Process pid[1] - int retchmod = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD000); - if (retchmod != 0) { - LOG("ErrInfo: Failed to change the file permission when the file is operated by another process"); - exitCode1 = 1; - } - // Step 4: The sub process pid[1] exit with the exitCode1 - exit(exitCode1); - } - // Step 5: Close the file by Process pid[0] - if (pid[0] == 0) { - if (fd >= 0) { - close(fd); - } else { - LOG("ErrInfo: PID[0] failed to open the file"); - exitCode0 = 1; - } - // Step 6: The sub process pid[0] exit with the exitCode0 - exit(exitCode0); - } - if ((pid[0] != 0) && (pid[1] != 0)) { - // Step 7: The parent process wait for the sub process pid[0] and pid[1] to exit and obtain the exitCode - for (int num2 = 0; num2 < NUM2; num2++) { - waitpid(pid[num2], &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid[num2]; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " - << pid[num2]; - } - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0180 - * @tc.name : Change the file permission for 10000 times - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0180, Reliability | MediumTest | Level2) -{ - int ret; - // Preset action: Create a txt - CreateTxt(); - // Step 1: Change the file permission for 10000 times - for (int number = 0; number < NUM10000; number++) { - // Step 1: Change the file permission - if (number & 1) { - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD700); - if (ret != 0) { - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the file permission during the " << number << " time"; - break; - } - } else { - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD777); - if (ret != 0) { - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the file permission during the " << number << " time"; - break; - } - } - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0190 - * @tc.name : Change the file owner for 10000 times - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0190, Reliability | MediumTest | Level2) -{ - int ret; - // Preset action: Create a txt - CreateTxt(); - // Step 1: Change the file owner for 10000 times - for (int number = 0; number < NUM10000; number++) { - ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, number, number); - if (ret != 0) { - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to Change the file owner during the " << number << " time"; - break; - } - } - // Cleanup action: Restore the initial status of the file - ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID0, GID0); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to Change the file owner"; -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0200 - * @tc.name : Five processes concurrently invoke chmod and chown interface for 5000 times - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0200, Reliability | MediumTest | Level2) -{ - int ret; - int status = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Fork five sub processes - pid_t pid; - for (int num = 0; num < NUM5; num++) { - pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - break; - } - } - // get one parent & five children - if (pid == 0) { - int exitCode = 0; - for (int number = 0; number < NUM5000; number++) { - // Step 1: Change the file owner for 5000 times - ret = chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, number, number); - if (ret != 0) { - LOG("ErrInfo: Failed to Change the file owner during the %d time", number); - break; - } - // Step 2: Change the file permission for 5000 times - if (number & 1) { - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD700); - if (ret != 0) { - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the file permission 700 during the " << number - << " time"; - break; - } - } else { - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD777); - if (ret != 0) { - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to change the file permission 777 during the " << number - << " time"; - break; - } - } - } - // Step 3: Two sub processes exit with the exitCode - exit(exitCode); - } else { - // Step 4: The parent process wait for two sub processes to exit and obtain the exitCode - for (int num2 = 0; num2 < NUM5; num2++) { - wait(&status); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: Pid = "<< pid - << ", its exitCode is wrong and test case failed, please query logs"; - } - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0210 - * @tc.name : Performance test of the chomd and chown interface - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0210, Performance | MediumTest | Level2) -{ - struct timespec tp = { 0 }; - struct timespec starttime = { 0 }; - struct timespec endtime = { 0 }; - tp.tv_sec = 0; - tp.tv_nsec = 0; - // Preset action: Create a txt - CreateTxt(); - // Preset action: Obtains the system time -> starttime - clock_gettime(CLOCK_REALTIME, &starttime); - for (int number = 0; number < NUM5000; number++) { - // Step 1: Change the file owner for 5000 times - chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, number, number); - // Step 2: Change the file permission for 5000 times - if (number & 1) { - chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD700); - } else { - chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, CHMOD777); - } - } - // Step 3: Obtains the system time again -> endtime - clock_gettime(CLOCK_REALTIME, &endtime); - // Step 4: Compare the starttime and the endtime -> tp - tp = CompareTime(starttime, endtime); - EXPECT_LE(tp.tv_sec, NUM20) << "ErrInfo: Chown for 10000 times used " << tp.tv_sec << "." << tp.tv_nsec << "s"; - // Cleanup action: Restore the initial status of the file - chown(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, UID0, GID0); -} -#endif \ No newline at end of file diff --git a/security_lite/permission_posix/dac/src/ActsSystemDevDacTest.cpp b/security_lite/permission_posix/dac/src/ActsSystemDevDacTest.cpp deleted file mode 100755 index 1d652be08f407b14ee69b2900dba1b5568a5b15b..0000000000000000000000000000000000000000 --- a/security_lite/permission_posix/dac/src/ActsSystemDevDacTest.cpp +++ /dev/null @@ -1,2054 +0,0 @@ -/* - * Copyright (c) 2020-2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "ActsDacTest.h" -#include -#include -#include -#include -#include -#include "gtest/gtest.h" -#include "ActsCapabilityTest.h" -#include "DACFileSystemTest.h" - -using namespace std; -using namespace testing::ext; - -#if defined(LITE_FS_JFFS2) -static void CreateDevDir() -{ - int ret; - // Initialize the process and set the uid and gid of the process to zero - SetUidGid(UID0, GID0); - // Create a directory 'DACDIR0' in the directory '/storage' - ret = mkdir("/storage/" DACDIR0, CHMOD777); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory '/storage/DACDIR0'"; - // Create a directory 'DACDIR0_DACDIR0' in the directory '/storage/DACDIR0' - ret = mkdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD777); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory '/storage/DACDIR0/DACDIR0_DACDIR0'"; -} - -static void CreateDevTxt() -{ - int ret; - int fd = 0; - // Initialize the process and set the uid and gid of the process to zero - SetUidGid(UID0, GID0); - // Create a directory 'DACDIR0' in the directory '/storage' - ret = mkdir("/storage/" DACDIR0, CHMOD777); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory '/storage/DACDIR0'"; -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0290 - * @tc.name : DAC control mechanism-File system storage-System call rmdir-UID0-GID1-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 333 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0290, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD333); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 333"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0300 - * @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID0-Capability - CAPDACOVERRIDE-Permission 611 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0300, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD611); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 611"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0310 - * @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID1-Capability - CAPDACOVERRIDE-Permission 105 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0310, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD105); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 105"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0320 - * @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID1-Capability - CAPDACOVERRIDE-Permission 555 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0320, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD555); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 555"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0330 - * @tc.name : DAC control mechanism-File system storage-System call rmdir-UID1-GID1-Groups contain-Capability - CAPDACREADSEARCH-Permission 666 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0330, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD666); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 666"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0340 - * @tc.name : DAC control mechanism-File system storage-System call stat-UID0-GID1-Capability NULL-Permission 777 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0340, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD777); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 777"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = rmdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0350 - * @tc.name : DAC control mechanism-File system storage-System call stat-UID1-GID0-Capability - CAPDACOVERRIDE-Permission 166 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0350, Function | MediumTest | Level2) -{ - int ret; - struct stat buf = { 0 }; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD166); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 166"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = stat("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, &buf); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0360 - * @tc.name : DAC control mechanism-File system storage-System call stat-UID0-GID0-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 111 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0360, Function | MediumTest | Level2) -{ - int ret; - struct stat buf = { 0 }; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD111); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 111"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = stat("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, &buf); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0370 - * @tc.name : DAC control mechanism-File system storage-System call stat-UID0-GID0-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 210 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0370, Function | MediumTest | Level2) -{ - int ret; - struct stat buf = { 0 }; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD210); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 210"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = stat("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, &buf); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0380 - * @tc.name : DAC control mechanism-File system storage-System call stat-UID1-GID1-Groups contain-Capability - CAPDACOVERRIDE-Permission 655 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0380, Function | MediumTest | Level2) -{ - int ret; - struct stat buf = { 0 }; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD655); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 655"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = stat("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, &buf); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0390 - * @tc.name : DAC control mechanism-File system storage-System call rename-UID1-GID0-Capability - CAPDACREADSEARCH-Permission 570 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0390, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD570); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 570"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = rename("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, "/storage/" DACDIR0 "/" DACDIR0_DACDIR1); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0400 - * @tc.name : DAC control mechanism-File system storage-System call rename-UID1-GID0-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 306 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0400, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD306); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 306"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = rename("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, "/storage/" DACDIR0 "/" DACDIR0_DACDIR1); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0410 - * @tc.name : DAC control mechanism-File system storage-System call rename-UID1-GID1-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 027 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0410, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD027); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 027"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = rename("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, "/storage/" DACDIR0 "/" DACDIR0_DACDIR1); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0420 - * @tc.name : DAC control mechanism-File system storage-System call chdir-UID0-GID1-Capability - CAPDACREADSEARCH-Permission 401 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0420, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD401); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 401"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0430 - * @tc.name : DAC control mechanism-File system storage-System call chdir-UID0-GID1-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 507 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0430, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD507); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 507"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0440 - * @tc.name : DAC control mechanism-File system storage-System call chdir-UID0-GID0-Capability - CAPDACOVERRIDE-Permission 347 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0440, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD347); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 347"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0450 - * @tc.name : DAC control mechanism-File system storage-System call chdir-UID1-GID1-Capability - CAPDACOVERRIDE-Permission 063 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0450, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD063); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 063"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0460 - * @tc.name : DAC control mechanism-File system storage-System call chdir-UID1-GID1-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 230 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0460, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD230); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 230"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0470 - * @tc.name : DAC control mechanism-File system storage-System call chdir-UID1-GID1-Groups contain-Capability - CAPDACOVERRIDE-Permission 724 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0470, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD724); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 724"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = chdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0480 - * @tc.name : DAC control mechanism-File system storage-System call execute-UID1-GID0-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 702 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0480, Function | MediumTest | Level2) -{ - int ret; - char *argv[] = {nullptr, nullptr}; - char *envp[] = {nullptr}; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD702); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = execve("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp); - // the file is not elf , can not exec - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0490 - * @tc.name : DAC control mechanism-File system storage-System call execute-UID0-GID0-Capability - CAPDACOVERRIDE-Permission 473 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0490, Function | MediumTest | Level2) -{ - int ret; - char *argv[] = {nullptr, nullptr}; - char *envp[] = {nullptr}; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD473); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = execve("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp); - // the file is not elf , can not exec - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0500 - * @tc.name : DAC control mechanism-File system storage-System call execute-UID1-GID1-Capability - CAPDACOVERRIDE-Permission 261 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0500, Function | MediumTest | Level2) -{ - int ret; - char *argv[] = {nullptr, nullptr}; - char *envp[] = {nullptr}; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD261); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = execve("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp); - // the file is not elf , can not exec - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0510 - * @tc.name : DAC control mechanism-File system storage-System call access-UID0-GID1-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 460 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0510, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD460); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0520 - * @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID0-Capability - CAPDACOVERRIDE-Permission 562 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0520, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD562); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0530 - * @tc.name : DAC control mechanism-File system storage-System call access-UID0-GID0-Capability - CAPDACOVERRIDE-Permission 076 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0530, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD076); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0540 - * @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID1-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 305 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0540, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD076); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0550 - * @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID1-Groups contain-Capability - CAPDACOVERRIDE-Permission 132 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0550, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD132); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0560 - * @tc.name : DAC control mechanism-File system storage-System call access-UID1-GID1-Groups contain-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 241 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0560, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD241); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = access("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0570 - * @tc.name : DAC control mechanism-File system storage-System call mkdir-UID0-GID1-Capability - CAPDACOVERRIDE-Permission 456 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0570, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD456); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 456"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = mkdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0580 - * @tc.name : DAC control mechanism-File system storage-System call mkdir-UID1-GID0-Capability - CAPDACOVERRIDE-Permission 167 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0580, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD167); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 167"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = mkdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0590 - * @tc.name : DAC control mechanism-File system storage-System call mkdir-UID1-GID1-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 511 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0590, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD511); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 511"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = mkdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0600 - * @tc.name : DAC control mechanism-File system storage-System call mkdir-UID1-GID1-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 640 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0600, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD640); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 640"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = mkdir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0610 - * @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID1-Capability - CAPDACOVERRIDE-Permission 362 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0610, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD362); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0620 - * @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID1-Capability - CAPDACOVERRIDE-Permission 526 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0620, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD526); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0630 - * @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID0-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 604 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0630, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD604); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0640 - * @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID0-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 671 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0640, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD671); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0650 - * @tc.name : DAC control mechanism-File system storage-System call unlink-UID0-GID0-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 743 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0650, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD743); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0660 - * @tc.name : DAC control mechanism-File system storage-System call unlink-UID1-GID1-Groups contain-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 235 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0660, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD235); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = unlink("/storage/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0670 - * @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID0-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 371 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0670, Function | MediumTest | Level2) -{ - int ret; - int fd = 0; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD371); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - fd = open("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY); - if (fd >= 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - close(fd); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0680 - * @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID0-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 702 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0680, Function | MediumTest | Level2) -{ - int ret; - int fd = 0; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD702); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - fd = open("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY); - if (fd >= 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - close(fd); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0690 - * @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID1-Capability - CAPDACOVERRIDE-Permission 406 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0690, Function | MediumTest | Level2) -{ - int ret; - int fd = 0; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD406); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - fd = open("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY); - if (fd >= 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - close(fd); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0700 - * @tc.name : DAC control mechanism-File system storage-System call open-UID1-GID1-Groups contain-Capability - CAPDACOVERRIDE-Permission 257 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0700, Function | MediumTest | Level2) -{ - int ret; - int fd = 0; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a file - CreateDevTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0, CHMOD257); - // storage/shm can not change chmod - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod "; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - fd = open("/storage/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY); - if (fd >= 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - close(fd); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0710 - * @tc.name : DAC control mechanism-File system storage-System call opendir-UID0-GID1-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 750 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0710, Function | MediumTest | Level2) -{ - int ret; - DIR* dir = nullptr; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD750); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 750"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - dir = opendir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (dir == nullptr) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } else { - closedir(dir); - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0720 - * @tc.name : DAC control mechanism-File system storage-System call opendir-UID0-GID0-Capability - CAPDACOVERRIDE-Permission 143 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0720, Function | MediumTest | Level2) -{ - int ret; - DIR* dir = nullptr; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD143); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 143"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - dir = opendir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (dir == nullptr) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } else { - closedir(dir); - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0730 - * @tc.name : DAC control mechanism-File system storage-System call opendir-UID1-GID1-Capability - CAPDACOVERRIDE-Permission 521 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0730, Function | MediumTest | Level2) -{ - int ret; - DIR* dir = nullptr; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD521); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 521"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - dir = opendir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (dir == nullptr) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } else { - closedir(dir); - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0740 - * @tc.name : DAC control mechanism-File system storage-System call opendir-UID1-GID1-Groups contain-Capability - CAPDACOVERRIDE-Permission 016 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0740, Function | MediumTest | Level2) -{ - int ret; - DIR* dir = nullptr; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD016); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 016"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - dir = opendir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (dir == nullptr) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } else { - closedir(dir); - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0750 - * @tc.name : DAC control mechanism-File system storage-System call opendir-UID1-GID1-Groups contain-Capability - CAPDACOVERRIDE-Permission 407 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0750, Function | MediumTest | Level2) -{ - int ret; - DIR* dir = nullptr; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a directory - CreateDevDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod("/storage/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD407); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 407"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - dir = opendir("/storage/" DACDIR0 "/" DACDIR0_DACDIR0); - if (dir == nullptr) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } else { - closedir(dir); - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} -#endif diff --git a/security_lite/permission_posix/dac/src/ActsSystemJffsDacTest.cpp b/security_lite/permission_posix/dac/src/ActsSystemJffsDacTest.cpp deleted file mode 100644 index 6ee74d6c7495ad5a56c59114b85e35fa64e3b0ae..0000000000000000000000000000000000000000 --- a/security_lite/permission_posix/dac/src/ActsSystemJffsDacTest.cpp +++ /dev/null @@ -1,2119 +0,0 @@ -/* - * Copyright (c) 2020 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "ActsDacTest.h" -#include -#include -#include -#include -#include -#include "gtest/gtest.h" -#include "ActsCapabilityTest.h" -#include "DACFileSystemTest.h" - -using namespace std; -using namespace testing::ext; - -#if defined(LITE_FS_JFFS2) -static void CreateDir() -{ - int ret; - // Initialize the process and set the uid and gid of the process to zero - SetUidGid(UID0, GID0); - // Create a directory 'DACDIR0' in the directory 'TOP_DIR' - ret = mkdir(TOP_DIR "/" DACDIR0, CHMOD777); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0'"; - // Create a directory 'DACDIR0_DACDIR0' in the directory 'TOP_DIR/DACDIR0' - ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD777); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0/DACDIR0_DACDIR0'"; -} - -static void CreateTxt() -{ - int ret; - int fd = 0; - char dac[] = "DacTestSuite!\n"; - // Initialize the process and set the uid and gid of the process to zero - SetUidGid(UID0, GID0); - // Create a directory 'DACDIR0' in the directory 'TOP_DIR' - ret = mkdir(TOP_DIR "/" DACDIR0, CHMOD777); - ASSERT_EQ(ret, 0) << "ErrInfo: Failed to create the directory 'TOP_DIR/DACDIR0'"; - // Create a file 'DACDIR0_DACFILE0' in the directory 'TOP_DIR/DACDIR0' - fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, O_WRONLY | O_CREAT | O_TRUNC, CHMOD777); - if (fd >= 0) { - // File created successfully - write(fd, dac, sizeof(dac)); - close(fd); - } else { - // Failed to create the file - ASSERT_GE(fd, 0) << "ErrInfo: Failed to create the file 'TOP_DIR/DACDIR0/DACDIR0_DACFILE0'"; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0760 - * @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID1-Capability NULL-Permission 000 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0760, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD000); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 000"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0770 - * @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID1-Capability NULL-Permission 052 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0770, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD052); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 052"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0780 - * @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID1-Capability NULL-Permission 077 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0780, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD077); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 077"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0790 - * @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID1-GID0-Capability NULL-Permission 444 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0790, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD444); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 444"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0800 - * @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID1-GID0-Capability - CAPDACREADSEARCH-Permission 716 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0800, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD716); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 716"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0810 - * @tc.name : DAC control mechanism-File system jffs2-System call rmdir-UID0-GID0-Capability - CAPDACREADSEARCH-Permission 222 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0810, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD222); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 222"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = rmdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0820 - * @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID0-Capability - CAPDACOVERRIDE-Permission 000 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0820, Function | MediumTest | Level2) -{ - int ret; - struct stat buf = { 0 }; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD000); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 000"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = stat(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, &buf); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0830 - * @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID1-Capability NULL-Permission 422 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0830, Function | MediumTest | Level2) -{ - int ret; - struct stat buf = { 0 }; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD422); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 422"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = stat(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, &buf); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0840 - * @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID1-Capability - CAPDACREADSEARCH-Permission 334 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0840, Function | MediumTest | Level2) -{ - int ret; - struct stat buf = { 0 }; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD334); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 334"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = stat(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, &buf); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0850 - * @tc.name : DAC control mechanism-File system jffs2-System call stat-UID1-GID1-Groups contain-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 543 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0850, Function | MediumTest | Level2) -{ - int ret; - struct stat buf = { 0 }; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD334); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 334"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = stat(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, &buf); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0860 - * @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID1-Capability - CAPDACOVERRIDE-Permission 614 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0860, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD614); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 614"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0870 - * @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID1-Capability - CAPDACREADSEARCH-Permission 242 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0870, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD242); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 242"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0880 - * @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID0-Capability NULL-Permission 430 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0880, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD430); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 430"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0890 - * @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID0-Capability NULL-Permission 765 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0890, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD765); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 765"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0900 - * @tc.name : DAC control mechanism-File system jffs2-System call rename-UID0-GID0-Capability - CAPDACREADSEARCH-Permission 123 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0900, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD123); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 123"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0910 - * @tc.name : DAC control mechanism-File system jffs2-System call rename-UID1-GID1-Groups contain-Capability - NULL-Permission 151 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0910, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD151); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 151"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = rename(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE1); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0920 - * @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID1-GID0-Capability - CAPDACREADSEARCH_CAPDACOVERRIDE-Permission 256 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0920, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD256); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 256"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - CapInit(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = chdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0930 - * @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID0-GID0-Capability - CAPDACREADSEARCH-Permission 235 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0930, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD235); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 235"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = chdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0940 - * @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID1-GID1-Capability NULL-Permission 670 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0940, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD670); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 670"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = chdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0950 - * @tc.name : DAC control mechanism-File system jffs2-System call chdir-UID1-GID1-Groups contain-Capability - CAPDACREADSEARCH-Permission 116 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0950, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD116); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 116"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = chdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0960 - * @tc.name : DAC control mechanism-File system jffs2-System call execute-UID0-GID1-Capability - CAPDACREADSEARCH-Permission 045 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0960, Function | MediumTest | Level2) -{ - int ret; - char *argv[] = {nullptr, nullptr}; - char *envp[] = {nullptr}; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD045); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 045"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = execve(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0970 - * @tc.name : DAC control mechanism-File system jffs2-System call execute-UID1-GID0-Capability NULL-Permission 124 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0970, Function | MediumTest | Level2) -{ - int ret; - char *argv[] = {nullptr, nullptr}; - char *envp[] = {nullptr}; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD124); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 124"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = execve(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0980 - * @tc.name : DAC control mechanism-File system jffs2-System call execute-UID0-GID0-Capability NULL-Permission 536 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0980, Function | MediumTest | Level2) -{ - int ret; - char *argv[] = {nullptr, nullptr}; - char *envp[] = {nullptr}; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD536); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 536"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = execve(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp); - // the file is not elf , can not exec - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_0990 - * @tc.name : DAC control mechanism-File system jffs2-System call execute-UID1-GID1-Capability - CAPDACREADSEARCH-Permission 657 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest0990, Function | MediumTest | Level2) -{ - int ret; - char *argv[] = {nullptr, nullptr}; - char *envp[] = {nullptr}; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD657); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 657"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = execve(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp); - // the file is not elf , can not exec - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1000 - * @tc.name : DAC control mechanism-File system jffs2-System call execute-UID1-GID1-Groups contain-Capability - NULL-Permission 310 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1000, Function | MediumTest | Level2) -{ - int ret; - char *argv[] = {nullptr, nullptr}; - char *envp[] = {nullptr}; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD310); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 310"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = execve(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, argv, envp); - // the file is not elf , can not exec - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1010 - * @tc.name : DAC control mechanism-File system jffs2-System call access-UID0-GID1-Capability NULL-Permission 354 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1010, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD354); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 354"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = access(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1020 - * @tc.name : DAC control mechanism-File system jffs2-System call access-UID1-GID0-Capability NULL-Permission 623 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1020, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD623); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 623"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = access(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1030 - * @tc.name : DAC control mechanism-File system jffs2-System call access-UID1-GID1-Capability - CAPDACREADSEARCH-Permission 717 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1030, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD717); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 717"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = access(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1040 - * @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID0-GID1-Capability NULL-Permission 203 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1040, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD203); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 203"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1050 - * @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID0-GID0-Capability - CAPDACREADSEARCH-Permission 325 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1050, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD325); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 325"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1060 - * @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID0-GID0-Capability - CAPDACREADSEARCH-Permission 453 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1060, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD453); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 453"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1070 - * @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID1-GID1-Groups contain-Capability - NULL-Permission 342 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1070, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD342); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 342"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1080 - * @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID1-GID1-Groups contain-Capability - NULL-Permission 731 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1080, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD731); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 731"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1090 - * @tc.name : DAC control mechanism-File system jffs2-System call mkdir-UID1-GID1-Groups contain-Capability - CAPDACREADSEARCH-Permission 074 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1090, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0, CHMOD074); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 074"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = mkdir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0 "/" DACDIR0_DACDIR0_DACDIR0, NORWX); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1100 - * @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID0-Capability - CAPDACREADSEARCH-Permission 175 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1100, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD175); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 175"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = unlink(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1110 - * @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID0-Capability - CAPDACREADSEARCH-Permission 446 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1110, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD446); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 446"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = unlink(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1120 - * @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID0-Capability - CAPDACREADSEARCH-Permission 560 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1120, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD560); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 560"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - ret = unlink(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1130 - * @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID1-Capability NULL-Permission 013 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1130, Function | MediumTest | Level2) -{ - int ret; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD013); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 013"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - ret = unlink(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1140 - * @tc.name : DAC control mechanism-File system jffs2-System call unlink-UID1-GID1-Groups contain-Capability - NULL-Permission 457 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1140, Function | MediumTest | Level2) -{ - int ret; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD457); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 457"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - ret = unlink(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0); - if (ret != FALSE) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1150 - * @tc.name : DAC control mechanism-File system jffs2-System call open-UID0-GID1-Capability - CAPDACREADSEARCH-Permission 120 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1150, Function | MediumTest | Level2) -{ - int ret; - int fd = 0; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD120); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 120"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (fd >= 0) { - close(fd); - } else { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1160 - * @tc.name : DAC control mechanism-File system jffs2-System call open-UID0-GID1-Capability - CAPDACREADSEARCH-Permission 564 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1160, Function | MediumTest | Level2) -{ - int ret; - int fd = 0; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD564); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 564"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID555); - // Step 3: Invoke the interface to operate the file system - fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (fd >= 0) { - close(fd); - } else { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1170 - * @tc.name : DAC control mechanism-File system jffs2-System call open-UID0-GID0-Capability NULL-Permission 415 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1170, Function | MediumTest | Level2) -{ - int ret; - int fd = 0; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD415); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 415"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (fd >= 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - close(fd); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1180 - * @tc.name : DAC control mechanism-File system jffs2-System call open-UID1-GID1-Capability NULL-Permission 044 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1180, Function | MediumTest | Level2) -{ - int ret; - int fd = 0; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD044); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 044"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (fd >= 0) { - LOG("ErrInfo: VFS error with DAC or Capability"); - close(fd); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1190 - * @tc.name : DAC control mechanism-File system jffs2-System call open-UID1-GID1-Capability NULL-Permission 703 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1190, Function | MediumTest | Level2) -{ - int ret; - int fd = 0; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD703); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 703"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (fd >= 0) { - close(fd); - } else { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1200 - * @tc.name : DAC control mechanism-File system jffs2-System call open-UID1-GID1-Groups contain-Capability - NULL-Permission 637 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1200, Function | MediumTest | Level2) -{ - int ret; - int fd = 0; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a file - CreateTxt(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD637); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 637"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - fd = open(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACFILE0, F_OK); - if (fd >= 0) { - close(fd); - } else { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1210 - * @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID1-GID0-Capability NULL-Permission 031 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1210, Function | MediumTest | Level2) -{ - int ret; - DIR* dir = nullptr; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD031); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 031"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID0); - // Step 3: Invoke the interface to operate the file system - dir = opendir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (dir == nullptr) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } else { - closedir(dir); - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1220 - * @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID0-GID0-Capability NULL-Permission 712 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1220, Function | MediumTest | Level2) -{ - int ret; - DIR* dir = nullptr; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD712); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 712"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDEAndREADSEARCH(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID0, GID0); - // Step 3: Invoke the interface to operate the file system - dir = opendir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (dir == nullptr) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } else { - closedir(dir); - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1230 - * @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID1-GID1-Capability - CAPDACREADSEARCH-Permission 274 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1230, Function | MediumTest | Level2) -{ - int ret; - DIR* dir = nullptr; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD274); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 274"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - // Step 3: Invoke the interface to operate the file system - dir = opendir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (dir == nullptr) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } else { - closedir(dir); - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} - -/* - * @tc.number : SUB_SEC_AppSEC_PermissionMgmt_DAC_1240 - * @tc.name : DAC control mechanism-File system jffs2-System call opendir-UID1-GID1-Groups contain-Capability - CAPDACREADSEARCH-Permission 665 - * @tc.desc : [C- SECURITY -0200] - */ -HWTEST_F(DacTestSuite, DACTest1240, Function | MediumTest | Level2) -{ - int ret; - DIR* dir = nullptr; - gid_t list[SINGLESIZE] = {0}; - // Preset action: Create a directory - CreateDir(); - // Preset action: Change the file permission according to the test procedure - ret = chmod(TOP_DIR "/" DACDIR0, CHMOD665); - EXPECT_EQ(ret, 0) << "ErrInfo: Failed to chmod 665"; - // Preset action: Fork a sub process - pid_t pid = fork(); - ASSERT_TRUE(pid >= 0) << "======== Fork Error! ========="; - usleep(SLEEP_NUM); - if (pid == 0) { - int exitCode = 0; - // Step 1: Change the sub process capabilities according to the test procedure - DropCAPDACOVERRIDE(); - // Step 2: Change the sub process uid, gid and groups according to the test procedure - SetUidGid(UID555, GID555); - setgroups(SINGLESIZE, list); - // Step 3: Invoke the interface to operate the file system - dir = opendir(TOP_DIR "/" DACDIR0 "/" DACDIR0_DACDIR0); - if (dir == nullptr) { - LOG("ErrInfo: VFS error with DAC or Capability"); - exitCode = 1; - } else { - closedir(dir); - } - // Step 4: The sub process exit with the exitCode - exit(exitCode); - } else { - int status = 0; - // Step 5: The parent process wait for the sub process to exit and obtain the exitCode - waitpid(pid, &status, 0); - EXPECT_NE(WIFEXITED(status), 0) << "ErrInfo: The sub process exit error, child_pid = " << pid; - EXPECT_EQ(WEXITSTATUS(status), 0) << "ErrInfo: The exitCode is wrong, please query logs, child_pid = " << pid; - } -} -#endif \ No newline at end of file diff --git a/security_lite/permission_posix/dac/vfat/BUILD.gn b/security_lite/permission_posix/dac/vfat/BUILD.gn index 3b0589964cb600189fd269f1ba7bc2dadb71e4c6..f8608c73c15ac10d7360e97f512ce4012128a56d 100755 --- a/security_lite/permission_posix/dac/vfat/BUILD.gn +++ b/security_lite/permission_posix/dac/vfat/BUILD.gn @@ -17,9 +17,6 @@ hcpptest_suite("ActsVFATDACTest") { suite_name = "acts" sources = [ "../src/ActsDacPreTest.cpp", - "../src/ActsDacTest.cpp", - "../src/ActsSystemDevDacTest.cpp", - "../src/ActsSystemJffsDacTest.cpp", "../src/DACFileSystemTest.cpp", ]