/* * Copyright (c) 2020 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_DAC_SRC_ACTSDACTEST_H #define XTS_ACTS_SECURITY_LITE_PERMISSSION_POSIX_DAC_SRC_ACTSDACTEST_H #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "gtest/gtest.h" #ifdef __LINUX__ #include #include #include #else #include #endif #ifdef __LINUX__ __BEGIN_DECLS extern int capget(cap_user_header_t hdrp, cap_user_data_t datap); extern int capset(cap_user_header_t hdrp, const cap_user_data_t datap); __END_DECLS #endif constexpr int WRONGNUM = -1; constexpr int NUM3 = 3; constexpr int NUM500 = 500; constexpr int NUM1000 = 1000; constexpr int NUM3000 = 3000; constexpr int ABNORMALINT = -100; constexpr int SINGLESIZE = 1; constexpr int CAP_NUM = 2; constexpr int SLEEP_NUM = 500000; constexpr unsigned int MAX_INT = 2147483647; constexpr size_t SIZE1 = 1; constexpr size_t SIZE2 = 2; constexpr size_t SIZE3 = 3; constexpr size_t SIZE253 = 253; constexpr size_t SIZE254 = 254; constexpr size_t SIZE255 = 255; constexpr size_t SIZE512 = 512; constexpr size_t MAX_SIZE = 65536; constexpr size_t INVAILD_SIZE = 65537; constexpr uid_t UID0 = 0; constexpr uid_t UID555 = 555; constexpr uid_t UID1000 = 1000; constexpr uid_t UID10000 = 10000; constexpr gid_t GID0 = 0; constexpr gid_t GID555 = 555; constexpr gid_t GID1000 = 1000; constexpr gid_t GID10000 = 10000; constexpr mode_t ZEROUMASK = 0000; constexpr mode_t NORWX = 0001; constexpr mode_t RWX = 0777; constexpr mode_t CHMOD000 = 00000; constexpr mode_t CHMOD111 = 00111; constexpr mode_t CHMOD700 = 00700; constexpr mode_t CHMOD777 = 00777; extern "C" { #define LOG(format, ...) fprintf(stdout, format "\n", ##__VA_ARGS__) } static int RemoveDir(const char* dirname) { char curDir[] = "."; char upDir[] = ".."; char updirname[SIZE512]; DIR* dir = nullptr; struct dirent* dp = nullptr; struct stat upDirStat; struct __user_cap_header_struct capheader; struct __user_cap_data_struct capdata[CAP_NUM]; memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); capdata[0].permitted = 0xffffffff; capdata[1].permitted = 0xffffffff; capdata[0].effective = 0xffffffff; capdata[1].effective = 0xffffffff; capheader.version = _LINUX_CAPABILITY_VERSION_3; capset(&capheader, &capdata[0]); // 参数传递进来的目录不存在，直接返回 if (access(dirname, F_OK != 0)) { return 0; } dir = opendir(dirname); while ((dp = readdir(dir)) != nullptr) { if ((strcmp(curDir, dp->d_name) == 0) || (strcmp(upDir, dp->d_name) == 0)) { continue; } int spr = sprintf_s(updirname, SIZE512, "%s/%s", dirname, dp->d_name); if (spr == -1) { closedir(dir); return -1; } stat(updirname, &upDirStat); if (upDirStat.st_mode & S_IFDIR) { // 目录文件，递归删除目录中内容 RemoveDir(updirname); // 递归调用 } else { // 普通文件直接删除 unlink(updirname); } } closedir(dir); int ret = rmdir(dirname); // 删除空目录 if (ret != 0) { return -1; } capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].effective &= ~CAP_TO_MASK(CAP_DAC_OVERRIDE); capdata[CAP_TO_INDEX(CAP_DAC_READ_SEARCH)].effective &= ~CAP_TO_MASK(CAP_DAC_READ_SEARCH); capset(&capheader, &capdata[0]); return 0; } static void SetUid0Gid0() { struct __user_cap_header_struct capheader; struct __user_cap_data_struct capdata[CAP_NUM]; int ret; memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); capdata[0].permitted = 0xffffffff; capdata[1].permitted = 0xffffffff; capheader.version = _LINUX_CAPABILITY_VERSION_3; capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective |= CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETUID)].effective |= CAP_TO_MASK(CAP_SETUID); capdata[CAP_TO_INDEX(CAP_SETGID)].effective |= CAP_TO_MASK(CAP_SETGID); ret = capset(&capheader, &capdata[0]); EXPECT_EQ(ret, 0) << "ErrInfo: Failed in setting privileges"; ret = setuid(UID0); EXPECT_EQ(ret, 0) << "ErrInfo: Set uid failed,now uid=" << getuid(); ret = setgid(GID0); EXPECT_EQ(ret, 0) << "ErrInfo: Set gid failed,now gid=" << getgid(); } static void SetUid555Gid555() { struct __user_cap_header_struct capheader; struct __user_cap_data_struct capdata[CAP_NUM]; int ret; memset_s(&capheader, sizeof(struct __user_cap_header_struct), 0, sizeof(struct __user_cap_header_struct)); memset_s(capdata, CAP_NUM * sizeof(struct __user_cap_data_struct), 0, CAP_NUM * sizeof(struct __user_cap_data_struct)); capdata[0].permitted = 0xffffffff; capdata[1].permitted = 0xffffffff; capheader.version = _LINUX_CAPABILITY_VERSION_3; capdata[CAP_TO_INDEX(CAP_SETPCAP)].effective |= CAP_TO_MASK(CAP_SETPCAP); capdata[CAP_TO_INDEX(CAP_SETUID)].effective |= CAP_TO_MASK(CAP_SETUID); capdata[CAP_TO_INDEX(CAP_SETGID)].effective |= CAP_TO_MASK(CAP_SETGID); ret = capset(&capheader, &capdata[0]); EXPECT_EQ(ret, 0) << "ErrInfo: Failed in setting privileges"; ret = setuid(UID555); EXPECT_EQ(ret, 0) << "ErrInfo: Set uid failed,now uid=" << getuid(); ret = setgid(GID555); EXPECT_EQ(ret, 0) << "ErrInfo: Set gid failed,now gid=" << getgid(); } #endif