diff --git a/suite2cases/secpaver b/suite2cases/secpaver new file mode 100644 index 0000000000000000000000000000000000000000..dfbd40de02fdf3f92ff608d1242ad8b18e0f56b7 --- /dev/null +++ b/suite2cases/secpaver @@ -0,0 +1,37 @@ +oe_test_secpaver_config_file_authority +oe_test_secpaver_config_route +oe_test_secpaver_deploy_selinux_0001 +oe_test_secpaver_deploy_selinux_0002 +oe_test_secpaver_file_context_0001 +oe_test_secpaver_file_context_0002 +oe_test_secpaver_file_context_0003 +oe_test_secpaver_file_context_0004 +oe_test_secpaver_general_user_exe +oe_test_secpaver_log_authority +oe_test_secpaver_log_text +oe_test_secpaver_network_rules_0001 +oe_test_secpaver_network_rules_0002 +oe_test_secpaver_network_rules_0003 +oe_test_secpaver_network_rules_0004 +oe_test_secpaver_pav_engine_info_0001 +oe_test_secpaver_pav_engine_list_0001 +oe_test_secpaver_pav_project_import_0001 +oe_test_secpaver_pav_project_import_0002 +oe_test_secpaver_pav_project_import_0003 +oe_test_secpaver_pav_project_import_0004 +oe_test_secpaver_pav_project_build_0001 +oe_test_secpaver_pav_project_create_0001 +oe_test_secpaver_pav_project_delete_0001 +oe_test_secpaver_pav_project_export_0001 +oe_test_secpaver_pav_project_info_0001 +oe_test_secpaver_pav_project_list_0001 +oe_test_secpaver_pavd_access_uid_gid +oe_test_secpaver_pavd_logrotate +oe_test_secpaver_policy_nodiff +oe_test_secpaver_rpm_install_0001 +oe_test_secpaver_selinux_file_rule_0001 +oe_test_secpaver_selinux_file_rule_0002 +oe_test_secpaver_selinux_file_rule_0003 +oe_test_secpaver_selinux_file_rule_0004 +oe_test_secpaver_selinux_file_rule_0005 +oe_test_secpaver_socket_file_authority diff --git a/testcases/package-test/secpaver/common/config_secpaver.sh b/testcases/package-test/secpaver/common/config_secpaver.sh new file mode 100644 index 0000000000000000000000000000000000000000..ddc848e0de0f6f889baa7f1a962fc8e3d2e5458d --- /dev/null +++ b/testcases/package-test/secpaver/common/config_secpaver.sh @@ -0,0 +1,114 @@ +#!/bin/bash +source "$OET_PATH/libs/locallibs/common_lib.sh" +project_name=proj"$RANDOM" + +################################################################# +## @Description 导入工程文件 +function project_import() { + ps -ef | grep pavd + pav project create "$project_name" . || exit 1 + zip -r "$project_name".zip "$project_name"/ || exit 1 + pav project import "$project_name".zip || exit 1 +} + +################################################################# +## @Description 导入并编译工程,参数为工程zip压缩文件 +################################################################# +function import_build_project() { + pav project list | grep "$1" + res=$? + if [ "$res" -ne 0 ]; then + pav project import ../common/"$1".zip + CHECK_RESULT "$?" 0 0 "Error: $1.zip not found" + fi + pav project build -r "$1" --engine selinux + CHECK_RESULT "$?" 0 0 "Error: compile $1 failed" +} + +################################################################# +## @Description 部署策略,参数为策略zip压缩文件 +################################################################# +function install_strategy() { + setenforce 0 + pav policy list | grep "$1" + CHECK_RESULT "$?" 0 0 "Error: $1 project not imported or compiled" + if [$(pav policy list | grep "$1") -eq 1]; then + pav policy install "$1"_selinux + else + pav policy list | grep "\"$1\"_public" | awk '{print $1}' | xargs pav policy install + pav policy list | grep "$1" | grep -v "\"$1\"_public" | awk '{print $1}' | xargs -L 1 pav policy install + fi + CHECK_RESULT $? 0 0 "Error: $1 selinux policy install failed" + setenforce 1 +} + +################################################################# +## @Description 卸载策略,参数为策略zip压缩文件 +################################################################# +function uninstall_strategy() { + setenforce 0 + pav policy list | grep "$1"_selinux + CHECK_RESULT $? 0 0 "Error: $1 selinux policy not installed" + if [$(pav policy list | grep "$1") -eq 1]; then + pav policy uninstall "$1"_selinux + else + pav policy list | grep "\"$1\"_public" | awk '{print $1}' | xargs pav policy uninstall + pav policy list | grep "$1" | grep -v "\"$1\"_public" | awk '{print $1}' | xargs -L 1 pav policy uninstall + fi + CHECK_RESULT $? 0 0 "Error: $1 selinux policy uninstall failed" + setenforce 1 +} + +################################################################# +## @Description 创建验证文件标签需要的测试资源文件 +################################################################# +function create_file_lable_test_resource() { + cur_dir=$(pwd) + cd /tmp/ || exit 1 + if [ ! -d fileresource ]; then + mkdir fileresource + cd fileresource/ || exit 1 + for ((i = 1; i < 10; i++)); do + if [ ! -f secpaverFile"$i" ]; then + touch secpaverFile"$i" + echo "secpaverFile${i}" >> secpaverFile"$i" + fi + done + fi + cd "$cur_dir" || exit 1 +} + +################################################################# +## @Param $1:resource file name +## @Usage secpaver network rules, secpaver selinux file rule +## @Return +## @Description 在安全策略部署之前,创建被测资源文件 +################################################################# +function resource_create() { + mkdir /resource/ + touch /resource/file + touch /resource/file4 + chmod u+x "$1" + cp -r "$1" /bin/ +} + +################################################################# +## @Param $1:resource file name +## @Usage secpaver network rules, secpaver selinux file rule +## @Return +## @Description 卸载策略之后,删除被测资源文件 +################################################################# +function resource_clear() { + rm -rf /resource + rm -rf /bin/"${1:?}" +} + +################################################################# +## @Usage secpaver network rules, secpaver selinux file rule +## @Return +## @Description 卸载网络策略之后,删除临时文件和残留socket文件 +################################################################# +function socket_file_clear() { + rm -rf /home/secpaver_hostmsg + rm -rf /var/run/test.sock +} diff --git a/testcases/package-test/secpaver/common/testAll.zip b/testcases/package-test/secpaver/common/testAll.zip new file mode 100644 index 0000000000000000000000000000000000000000..cf92e0cfb179361becaba60a80d63e798f17d5e9 Binary files /dev/null and b/testcases/package-test/secpaver/common/testAll.zip differ diff --git a/testcases/package-test/secpaver/common/testEmpty.zip b/testcases/package-test/secpaver/common/testEmpty.zip new file mode 100644 index 0000000000000000000000000000000000000000..e526d2d92b8680872610c1c26797b8034700da97 Binary files /dev/null and b/testcases/package-test/secpaver/common/testEmpty.zip differ diff --git a/testcases/package-test/secpaver/common/testFileContext.zip b/testcases/package-test/secpaver/common/testFileContext.zip new file mode 100644 index 0000000000000000000000000000000000000000..a878e78de2830101e25ef968cf6902780f189ab3 Binary files /dev/null and b/testcases/package-test/secpaver/common/testFileContext.zip differ diff --git a/testcases/package-test/secpaver/common/testNet.zip b/testcases/package-test/secpaver/common/testNet.zip new file mode 100644 index 0000000000000000000000000000000000000000..755600b24cdb36460c714578cace5cf0d5696905 Binary files /dev/null and b/testcases/package-test/secpaver/common/testNet.zip differ diff --git a/testcases/package-test/secpaver/oe_test_secpaver_config_file_authority/oe_test_secpaver_config_file_authority.sh b/testcases/package-test/secpaver/oe_test_secpaver_config_file_authority/oe_test_secpaver_config_file_authority.sh new file mode 100644 index 0000000000000000000000000000000000000000..baa83fa145e098ad33005ef6b8d546e9d24cad65 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_config_file_authority/oe_test_secpaver_config_file_authority.sh @@ -0,0 +1,51 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/02/28 +# @Desc : Check secpaver config file authority +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + # Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + # Add user + useradd userTest1 +} + +function run_test() { + # check config file mode + mode=$(stat -c %a /etc/secpaver/pavd/config.json) + user=$(stat -c %U /etc/secpaver/pavd/config.json) + CHECK_RESULT "$mode" 600 0 "invalid mode of config file." + CHECK_RESULT "$user" "root" 0 "invalid owner of config file." + # normal user read config file + su - userTest1 -c "head -n1 /etc/secpaver/pavd/config.json" > output + line=$(wc -l output | awk '{print $1}') + CHECK_RESULT "$line" 0 0 "invalid authority of config file." +} + +function post_test() { + # delete temp file + rm -rf output + + # delete user + userdel -r userTest1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_config_route/oe_test_secpaver_config_route.sh b/testcases/package-test/secpaver/oe_test_secpaver_config_route/oe_test_secpaver_config_route.sh new file mode 100644 index 0000000000000000000000000000000000000000..229b9265af39597cd25eb7bdd3e5d3bd8be5a319 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_config_route/oe_test_secpaver_config_route.sh @@ -0,0 +1,53 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/02/28 +# @Desc : Secpaver config file function test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + # Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + # clear directory of compiled file + rm -rf /var/local/secpaver/policies/* + + # Import empty project and compile + pav project import ../common/testEmpty.zip + pav project build -r testEmpty --engine selinux +} + +function run_test() { + # check compiled file + ls /var/local/secpaver/policies/selinux + CHECK_RESULT "$?" 0 0 "Cannot find compiled files." + + # check log file + ls /var/log/secpaver/pavd.log + CHECK_RESULT "$?" 0 0 "Cannot find log file." +} + +function post_test() { + # delete temp file + rm -rf output + + # delete policy file + rm -rf policy_testEmpty_selinux.zip +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0001/oe_test_secpaver_deploy_selinux_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0001/oe_test_secpaver_deploy_selinux_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..96f0ad7630e3b20d50b508dc238055c61770b1f7 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0001/oe_test_secpaver_deploy_selinux_0001.sh @@ -0,0 +1,49 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/02/28 +# @Desc : Install/Uninstall secpaver policy +# ################################## +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + pav project import ../common/testAll.zip + pav project build -r testAll --engine selinux + # install + pav policy install testAll_public_selinux + CHECK_RESULT "$?" 0 0 "Failed to install main policy." + pav policy list | grep "testAll" | grep -v "testAll_public" | awk '{print $1}' | xargs -L 1 pav policy install + CHECK_RESULT "$?" 0 0 "Failed to install sub policy." + # uninstall + pav policy uninstall testAll_public_selinux + CHECK_RESULT "$?" 0 1 "Failed to uninstall main policy." + pav policy list | grep "testAll" | grep -v "testAll_public" | awk '{print $1}' | xargs -L 1 pav policy uninstall + CHECK_RESULT "$?" 0 0 "Failed to uninstall sub policy." + # uninstall main policy + pav policy uninstall testAll_public_selinux + CHECK_RESULT "$?" 0 0 "Failed to uninstall main policy." +} + +function post_test() { + cd "$WDIR" || exit 1 + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0002/oe_test_secpaver_deploy_selinux_0002.sh b/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0002/oe_test_secpaver_deploy_selinux_0002.sh new file mode 100644 index 0000000000000000000000000000000000000000..ff27e2db91b9202dc75a5e31c04566917f9a86fe --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0002/oe_test_secpaver_deploy_selinux_0002.sh @@ -0,0 +1,45 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/02/28 +# @Desc : Install/Uninstall empty policy +# ################################## +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + pav project import ../common/testEmpty.zip + pav project build -r testEmpty --engine selinux + # install + pav policy install testEmpty_selinux + CHECK_RESULT "$?" 0 0 "Failed to install testEmpty policy." + pav policy list | grep "testEmpty_selinux" | grep "active" + CHECK_RESULT "$?" 0 0 "testEmpty_selinux policy is active" + # uninstall + pav policy uninstall testEmpty_selinux + CHECK_RESULT "$?" 0 0 "Failed to uninstall project testAll." + pav policy list | grep "testEmpty_selinux" | grep "disable" + CHECK_RESULT "$?" 0 0 "testEmpty_selinux policy is disabled" +} + +function post_test() { + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_file_context_0001/oe_test_secpaver_file_context_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0001/oe_test_secpaver_file_context_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..d198ca2e22dc320c813b3aae232864294669c7c3 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0001/oe_test_secpaver_file_context_0001.sh @@ -0,0 +1,50 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/02/28 +# @Desc : Check default file context +# ################################## +source ../common/config_secpaver.sh +CURDIR=$(pwd) +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Create resouce + create_file_lable_test_resource + + #Import and Build project + import_build_project testFileContext + + #Install strategy + install_strategy testFileContext +} + +function run_test() { + cd /tmp/fileresource/ || exit 1 + ls -Z secpaverFile1 > result1 + grep "\" result1 + CHECK_RESULT "$?" 0 0 "File lable is error." +} + +function post_test() { + cd "$CURDIR" || exit 1 + uninstall_strategy testFileContext + rm -rf /tmp/fileresource/ +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_file_context_0002/oe_test_secpaver_file_context_0002.sh b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0002/oe_test_secpaver_file_context_0002.sh new file mode 100644 index 0000000000000000000000000000000000000000..c0874f0b596a7f4f783ab7681b70de8f0fef4dc3 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0002/oe_test_secpaver_file_context_0002.sh @@ -0,0 +1,56 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/02/28 +# @Desc : Check file context +# ################################## +source ../common/config_secpaver.sh +CURDIR=$(pwd) +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Create resouce + create_file_lable_test_resource + + #Import and Build project + import_build_project testFileContext + + #Install strategy + install_strategy testFileContext +} + +function run_test() { + cd /tmp/fileresource/ || exit 1 + + #Set system exist lable + ls -Z secpaverFile2 > result1 + grep "\" result1 + CHECK_RESULT "$?" 0 0 "File lable is error." + + ls -Z secpaverFile3 > result2 + grep "\" result2 + CHECK_RESULT "$?" 0 0 "File lable is error." +} + +function post_test() { + cd "$CURDIR" || exit 1 + uninstall_strategy testFileContext + rm -rf /tmp/fileresource/ +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_file_context_0003/oe_test_secpaver_file_context_0003.sh b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0003/oe_test_secpaver_file_context_0003.sh new file mode 100644 index 0000000000000000000000000000000000000000..49d7d57fa09dc3d7732482df77576161c7959185 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0003/oe_test_secpaver_file_context_0003.sh @@ -0,0 +1,53 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/02/28 +# @Desc : Check gruop context +# ################################## +source ../common/config_secpaver.sh +CURDIR=$(pwd) +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Create resouce + create_file_lable_test_resource + + #Import and Build project + import_build_project testFileContext + + #Install strategy + install_strategy testFileContext +} + +function run_test() { + cd /tmp/fileresource/ || exit 1 + ls -Z secpaverFile4 > result1 + grep "auto_secpaverfile4" result1 + CHECK_RESULT "$?" 0 0 "File lable is error." + ls -Z secpaverFile3 > result2 + grep "\" result2 + CHECK_RESULT "$?" 0 0 "File lable is error." +} + +function post_test() { + cd "$CURDIR" || exit 1 + uninstall_strategy testFileContext + rm -rf /tmp/fileresource/ +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_file_context_0004/oe_test_secpaver_file_context_0004.sh b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0004/oe_test_secpaver_file_context_0004.sh new file mode 100644 index 0000000000000000000000000000000000000000..47179b0245cd79722376b542e68ea0ff51c9ae5e --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0004/oe_test_secpaver_file_context_0004.sh @@ -0,0 +1,59 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : Check file context 2 +# ################################## +source ../common/config_secpaver.sh +CURDIR=$(pwd) +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Create resouce + create_file_lable_test_resource + + #Import and Build project + import_build_project testFileContext + + #Install strategy + install_strategy testFileContext +} + +function run_test() { + cd /tmp/fileresource/ || exit 1 + ls -Z secpaverFile5 > result1 + grep "auto_secpaverfile5" result1 + CHECK_RESULT "$?" 0 0 "File lable is error." + ls -Z secpaverFile6 > result2 + grep "\" result2 + CHECK_RESULT "$?" 0 0 "File lable is error." + ls -Z secpaverFile7 > result3 + grep "auto_secpaverfile7" result3 + CHECK_RESULT "$?" 0 0 "File lable is error." + ls -Z secpaverFile9 > result4 + grep "\" result4 + CHECK_RESULT "$?" 0 0 "File lable is error." +} + +function post_test() { + cd "$CURDIR" || exit 1 + uninstall_strategy testFileContext + rm -rf /tmp/fileresource/ +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_general_user_exe/oe_test_secpaver_general_user_exe.sh b/testcases/package-test/secpaver/oe_test_secpaver_general_user_exe/oe_test_secpaver_general_user_exe.sh new file mode 100644 index 0000000000000000000000000000000000000000..2a981c20e8f85eb768964bcdbf4a55d28c03d891 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_general_user_exe/oe_test_secpaver_general_user_exe.sh @@ -0,0 +1,51 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : Secpaver cmd authority test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + # Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + # Add user + useradd generalUser1 +} + +function run_test() { + # pav command + su - generalUser1 -c "pav project list" + CHECK_RESULT "$?" 0 1 "invalid permission for general user to execute pav commands" + # systemctl start pavd + su - generalUser1 -c "systemctl start pavd" + CHECK_RESULT "$?" 0 1 "invalid permission for general user to start pavd" + # systemctl start pavd + su - generalUser1 -c "pavd --help" + CHECK_RESULT "$?" 0 1 "invalid permission for general user to execute pavd commands" +} + +function post_test() { + # delete temp file + rm -rf output + + # delete user + userdel -r generalUser1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_log_authority/oe_test_secpaver_log_authority.sh b/testcases/package-test/secpaver/oe_test_secpaver_log_authority/oe_test_secpaver_log_authority.sh new file mode 100644 index 0000000000000000000000000000000000000000..5e43c34be7b3e7f6d7c0a94e90b4b9a9ece14333 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_log_authority/oe_test_secpaver_log_authority.sh @@ -0,0 +1,50 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : Secpaver log authority test +# ################################## +source ../common/config_secpaver.sh +set +e + +function pre_test() { + # Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + # Add user + useradd userTest1 +} + +function run_test() { + # check log file mode + mode=$(stat -c %a /var/log/secpaver/pavd.log) + user=$(stat -c %U /var/log/secpaver/pavd.log) + CHECK_RESULT "$mode" 600 0 "invalid mode of log file." + expect_str_eq "$user" "root" "invalid owner of log file." + # normal user read log file + su - userTest1 -c "head -n1 /var/log/secpaver/pavd.log" > output + line=$(wc -l output | awk '{print $1}') + CHECK_RESULT "$line" 0 0 "invalid authority of log file." +} + +function post_test() { + # delete temp file + rm -rf output + + # delete user + userdel -r userTest1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_log_text/oe_test_secpaver_log_text.sh b/testcases/package-test/secpaver/oe_test_secpaver_log_text/oe_test_secpaver_log_text.sh new file mode 100644 index 0000000000000000000000000000000000000000..459b195d851600b6d1fc254d03b3969206187ade --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_log_text/oe_test_secpaver_log_text.sh @@ -0,0 +1,57 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : Secpaver log test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + # Install pavd + DNF_INSTALL secpaver && systemctl start pavd + # 原本的日志文件备份,创建一个空白的新日志文件 + cp -a /var/log/secpaver/pavd.log /var/log/secpaver/pavd.swap.log + echo 0> /var/log/secpaver/pavd.log +} + +function run_test() { + # correct log + pav project list + grep "error" /var/log/secpaver/pavd.log + CHECK_RESULT "$?" 0 1 "log error" + # error log + mv /var/local/secpaver/projects/ /var/local/secpaver/projects_r/ + pav project list + cat /var/log/secpaver/pavd.log + grep "error" /var/log/secpaver/pavd.log + CHECK_RESULT "$?" 0 0 "log error" + # recover + mv /var/local/secpaver/projects_r/ /var/local/secpaver/projects/ + systemctl restart pavd + grep -E 'viewsec|viewSec|vsec|vsecd' /var/log/secpaver/pavd.log + CHECK_RESULT "$?" 0 1 "remained viewsec keywords in secpaver log" + systemctl stop pavd +} + +function post_test() { + # delete temp log + echo 0> /var/log/secpaver/pavd.log + cat /var/log/secpaver/pavd.swap.log > /var/log/secpaver/pavd.log + rm -rf /var/log/secpaver/pavd.swap.log +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0001/oe_test_secpaver_network_rules_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0001/oe_test_secpaver_network_rules_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..1e4341e153bb68df31987006c1bbda6fb40d2968 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0001/oe_test_secpaver_network_rules_0001.sh @@ -0,0 +1,84 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : Unix socket policy test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Install local ncat + DNF_INSTALL nc + + #create temp file + touch /home/secpaver_hostmsg + + #Import and Build project + import_build_project testNet + + #install testNet rules + install_strategy testNet +} + +function run_test() { + #invalid socket + for ((i = 0; i < 5; i++)); do + sleep 1 + rm -rf /var/run/invalid.sock + kill -9 "$(ps -ef | grep 'ncat -lU /var/run/invalid.sock' | grep -v grep | awk '{print $2}')" + ncat -lU /var/run/invalid.sock & + ps -ef | grep 'ncat -lU /var/run/invalid.sock' | grep -v grep + if [ "$?" -ne 0 ]; then + break + fi + done + ls /var/run/invalid.sock + err=$? + CHECK_RESULT "$err" 0 1 "fail to install ncat rules" + if [ "$err" -eq 0 ]; then #if socket established unexpectedly, delete socket + rm -rf /var/run/invalid.sock + kill -9 "$(ps -ef | grep 'ncat -lU /var/run/invalid.sock' | grep -v grep | awk '{print $2}')" + fi + #valid socket (host) + ncat -lU /var/run/test.sock > /home/secpaver_hostmsg & + COUNT=0 + for ((i = 0; i < 100; i++)); do + sleep 0.05 + COUNT=$(find /var/run/ -name test.sock | wc -l) + [ "$COUNT" -eq 1 ] && break + done + CHECK_RESULT "$COUNT" 1 0 "fail to install ncat rules" + #valid socket (client) + echo "unix socket message" | nc -U /var/run/test.sock + CHECK_RESULT "$?" 0 0 "bind socket error" + cat /home/secpaver_hostmsg + grep "unix socket message" /home/secpaver_hostmsg + CHECK_RESULT "$?" 0 0 "fail to send message through unix socket" +} + +function post_test() { + #Uninstall strategy + uninstall_strategy testNet + + #clear temp file + socket_file_clear +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0002/oe_test_secpaver_network_rules_0002.sh b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0002/oe_test_secpaver_network_rules_0002.sh new file mode 100644 index 0000000000000000000000000000000000000000..cafe9844acbfda4292e6d62e34a038ffb6932f63 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0002/oe_test_secpaver_network_rules_0002.sh @@ -0,0 +1,82 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : Tcp socket policy test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Install local ncat + DNF_INSTALL nc + + #create temp file + touch /home/secpaver_hostmsg + + #Import and Build project + import_build_project testNet + + #install testNet rules + install_strategy testNet +} + +function run_test() { + #invalid port + for ((i = 0; i < 5; i++)); do + sleep 1 + kill -9 "$(ps -ef | grep 'ncat -lv 5009' | grep -v grep | awk '{print $2}')" + ncat -lv 5009 & + ps -ef | grep 'ncat -lv 5009' | grep -v grep + if [ "$?" -ne 0 ]; then + break + fi + done + ps -ef | grep 'ncat -lv 5009' | grep -v grep + err=$? + CHECK_RESULT "$err" 0 1 "fail to install ncat rules" + if [ "$err" -eq 0 ]; then #if socket established unexpectedly, kill process + kill -9 "$(ps -ef | grep 'ncat -lv' | grep -v grep | awk '{print $2}')" + fi + #valid port (host) + ncat -lv 5005 > /home/secpaver_hostmsg & + COUNT=0 + for ((i = 0; i < 100; i++)); do + sleep 0.05 + COUNT=$(ps -ef | grep 5005 | grep -v grep -c) + [ "$COUNT" -ne 0 ] && break + done + CHECK_RESULT "$COUNT" 0 1 "fail to install ncat rules" + #valid port (client) + echo "tcp socket message" | ncat localhost 5005 + CHECK_RESULT "$?" 0 0 "bind socket error" + cat /home/secpaver_hostmsg + grep "tcp socket message" /home/secpaver_hostmsg + CHECK_RESULT "$?" 0 0 "fail to send message through tcp socket" +} + +function post_test() { + #Uninstall strategy + uninstall_strategy testNet + + #clear temp file + socket_file_clear +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0003/oe_test_secpaver_network_rules_0003.sh b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0003/oe_test_secpaver_network_rules_0003.sh new file mode 100644 index 0000000000000000000000000000000000000000..ef64b11ffcb89fa3d0018b33b6f0c1b7faa7179e --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0003/oe_test_secpaver_network_rules_0003.sh @@ -0,0 +1,62 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : Icmp socket policy test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Install local ncat + DNF_INSTALL nc + + #create temp file + touch /home/secpaver_hostmsg + + #Import and Build project + import_build_project testNet + + #install testNet rules + install_strategy testNet +} + +function run_test() { + #valid port (host) + ping localhost -w 5 > /home/secpaver_hostmsg + CHECK_RESULT "$?" 0 0 "fail to install ncat rules" + cat /home/secpaver_hostmsg + getcap /bin/ping + ls -lZ /bin/ping + grep "64 bytes from localhost" /home/secpaver_hostmsg + CHECK_RESULT "$?" 0 0 "fail to send message through icmp socket" +} + +function post_test() { + #kill udp socket process + kill -9 "$(ps -ef | grep 'ping localhost' | grep -v grep | awk '{print $2}')" + + #Uninstall strategy + uninstall_strategy testNet + + #clear temp file + socket_file_clear +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0004/oe_test_secpaver_network_rules_0004.sh b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0004/oe_test_secpaver_network_rules_0004.sh new file mode 100644 index 0000000000000000000000000000000000000000..6148034ded90427d512d40f54db7ec8526917046 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0004/oe_test_secpaver_network_rules_0004.sh @@ -0,0 +1,84 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : Udp socket policy test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Install local ncat + DNF_INSTALL nc + + #create temp file + touch /home/secpaver_hostmsg + + #Import and Build project + import_build_project testNet + + #install testNet rules + install_strategy testNet +} + +function run_test() { + #invalid port + for ((i = 0; i < 5; i++)); do + sleep 1 + kill -9 "$(ps -ef | grep 'ncat -lvu 5007' | grep -v grep | awk '{print $2}')" + ncat -lvu 5007 & + ps -ef | grep 'ncat -lvu 5007' | grep -v grep + if [ "$?" -ne 0 ]; then + break + fi + done + ps -ef | grep 'ncat -lvu 5007' | grep -v grep + err=$? + CHECK_RESULT "$err" 0 1 "fail to install ncat rules" + if [ "$err" -eq 0 ]; then #if socket established unexpectedly, kill process + kill -9 "$(ps -ef | grep 'ncat -lvu' | grep -v grep | awk '{print $2}')" + fi + #valid port (host) + ncat -lvu 5005 > /home/secpaver_hostmsg & + COUNT=0 + for ((i = 0; i < 100; i++)); do + sleep 0.05 + COUNT=$(ps -ef | grep 5005 | grep -v grep -c) + [ "$COUNT" -ne 0 ] && break + done + CHECK_RESULT "$COUNT" 0 1 "fail to install ncat rules" + #valid port (client) + echo -n "udp socket message" > /dev/udp/localhost/5005 + CHECK_RESULT "$?" 0 0 "bind socket error" + grep "udp socket message" /home/secpaver_hostmsg + CHECK_RESULT "$?" 0 0 "fail to send message through udp socket" +} + +function post_test() { + #kill udp socket process + kill -9 "$(ps -ef | grep 'ncat -lvu' | grep -v grep | awk '{print $2}')" + + #Uninstall strategy + uninstall_strategy testNet + + #clear temp file + socket_file_clear +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_info_0001/oe_test_secpaver_pav_engine_info_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_info_0001/oe_test_secpaver_pav_engine_info_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..c408d63d1148602161675726b703d667c68d73f0 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_info_0001/oe_test_secpaver_pav_engine_info_0001.sh @@ -0,0 +1,37 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : pav engine info cmd test +# ################################## +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + pav engine info selinux + CHECK_RESULT $? 0 0 "support selinux policy" + pav engine info apparmor + CHECK_RESULT $? 0 1 "not support apparmor policy" +} + +function post_test() { + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_list_0001/oe_test_secpaver_pav_engine_list_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_list_0001/oe_test_secpaver_pav_engine_list_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..80862261cb80f5b6c2940b31875b71ed85a22e5b --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_list_0001/oe_test_secpaver_pav_engine_list_0001.sh @@ -0,0 +1,39 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : pav engine list cmd test +# ################################## +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + pav engine list + CHECK_RESULT $? 0 0 "pav engine list cmd failed" + pav engine list | grep selinux + CHECK_RESULT $? 0 0 "support selinux policy" + pav engine list | grep apparmor + CHECK_RESULT $? 0 1 "not support apparmor policy" +} + +function post_test() { + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_build_0001/oe_test_secpaver_pav_project_build_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_build_0001/oe_test_secpaver_pav_project_build_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..5d9bfc098f99a5b9ff004e61b79c994b579e9bde --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_build_0001/oe_test_secpaver_pav_project_build_0001.sh @@ -0,0 +1,50 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/02 +# @Desc : pav project build cmd test +# ################################## +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd + project_import +} + +function run_test() { + pav project build -r "$project_name" --engine selinux + CHECK_RESULT $? 0 0 "pav project build failed" + pav project build -r proj --engine selinux > result1 2>&1 + CHECK_RESULT $? 0 1 "pav project build should failed" + grep 'proj directory not found' result1 + CHECK_RESULT $? 0 0 "print error" + pav project build -r "$project_name" --engine sea > result2 2>&1 + CHECK_RESULT $? 0 1 "pav project build --engine sea should failed" + grep 'invalid engine' result2 + CHECK_RESULT $? 0 0 "print error" + pav project build -d /testpav --engine selinux > result3 2>&1 + CHECK_RESULT $? 0 1 "pav project build should failed" + grep 'testpav directory not found' result3 + CHECK_RESULT $? 0 0 "print error" +} + +function post_test() { + pav project delete "$project_name" + rm -rf p* + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_create_0001/oe_test_secpaver_pav_project_create_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_create_0001/oe_test_secpaver_pav_project_create_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..c6f10efadc12d223d9681243e19c4c9fb0329564 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_create_0001/oe_test_secpaver_pav_project_create_0001.sh @@ -0,0 +1,51 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/02 +# @Desc : pav project create cmd test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + pav project create "$project_name" . + CHECK_RESULT $? 0 0 "pav project create failed" + ls ./"$project_name" + CHECK_RESULT $? 0 0 "project not found" + pav project create "$project_name" > result1 2>&1 + CHECK_RESULT $? 0 1 "pav project create should failed" + grep 'Incorrect Usage' result1 + CHECK_RESULT $? 0 0 "print error" + pav project create . > result2 2>&1 + CHECK_RESULT $? 0 1 "pav project create should failed" + grep 'Incorrect Usage' result2 + CHECK_RESULT $? 0 0 "print error" + pav project create "$project_name" /testpav > result3 2>&1 + CHECK_RESULT $? 0 1 "pav project create should failed" + grep 'directory not found' result3 + CHECK_RESULT $? 0 0 "print error" +} + +function post_test() { + rm -rf "$project_name" + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_delete_0001/oe_test_secpaver_pav_project_delete_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_delete_0001/oe_test_secpaver_pav_project_delete_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..96b976cfab0230751a65db31ec8f54d377d0dee7 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_delete_0001/oe_test_secpaver_pav_project_delete_0001.sh @@ -0,0 +1,42 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/02 +# @Desc : pav project delete cmd test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd + project_import +} + +function run_test() { + pav project delete "$project_name" > result1 2>&1 + grep 'Finish deleting project' result1 + CHECK_RESULT $? 0 0 "pav project delete failed" + pav project delete "$project_name" > result2 2>&1 + grep 'proj.* directory not found' result2 + CHECK_RESULT $? 0 0 "print error" +} + +function post_test() { + rm -rf proj* + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_export_0001/oe_test_secpaver_pav_project_export_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_export_0001/oe_test_secpaver_pav_project_export_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..c2824d1d9bb0c7285644608f90e222f3a8de9842 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_export_0001/oe_test_secpaver_pav_project_export_0001.sh @@ -0,0 +1,61 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/02 +# @Desc : pav project export cmd test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd + project_import +} + +function run_test() { + pav project export "$project_name" . + CHECK_RESULT $? 0 0 "pav project export failed" + pav project export "$project_name" . -f + CHECK_RESULT $? 0 0 "pav project export -f failed" + pav project export "$project_name" . > result1 2>&1 + CHECK_RESULT $? 0 1 "pav project export expected failed" + grep 'project file already exists' result1 + CHECK_RESULT $? 0 0 "print error" + pav project export "$project_name" > result2 2>&1 + CHECK_RESULT $? 0 1 "pav project export expected failed" + grep 'Incorrect Usage' result2 + CHECK_RESULT $? 0 0 "print error" + pav project export . > result3 2>&1 + CHECK_RESULT $? 0 1 "pav project export expected failed" + grep 'Incorrect Usage' result3 + CHECK_RESULT $? 0 0 "print error" + pav project export test . > result4 2>&1 + CHECK_RESULT $? 0 1 "pav project export expected failed" + grep 'test directory not found' result4 + CHECK_RESULT $? 0 0 "print error" + pav project export "$project_name" /testpav > result5 2>&1 + CHECK_RESULT $? 0 1 "pav project export expected failed" + grep 'file not found' result5 + CHECK_RESULT $? 0 0 "print error" +} + +function post_test() { + pav project delete "$project_name" + rm -rf proj* export* + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0001/oe_test_secpaver_pav_project_import_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0001/oe_test_secpaver_pav_project_import_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..7aedb86561546ab4b5f8609d89fe9235c6e7bf12 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0001/oe_test_secpaver_pav_project_import_0001.sh @@ -0,0 +1,50 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : pav project import cmd test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd + pav project create "$project_name" . + zip -r "$project_name".zip "$project_name"/ +} + +function run_test() { + ls "$project_name".zip + CHECK_RESULT $? 0 0 "pav project create failed" + pav project list | grep "$project_name" && pav project delete "$project_name" + pav project import "$project_name".zip > result1 2>&1 + grep 'Finish importing project' result1 + CHECK_RESULT $? 0 0 "import project failed" + pav project import "$project_name".zip > result2 2>&1 + grep 'project exists' result2 + CHECK_RESULT $? 0 0 "import existed project failed" + pav project import "$project_name".zip -f > result3 2>&1 + grep 'Finish importing project' result3 + CHECK_RESULT $? 0 0 "force import existed project failed" +} + +function post_test() { + pav project delete "$project_name" + rm -rf proj* + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0002/oe_test_secpaver_pav_project_import_0002.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0002/oe_test_secpaver_pav_project_import_0002.sh new file mode 100644 index 0000000000000000000000000000000000000000..9766fc0dfbf71ac492099b5e62e7ffd53c27f36f --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0002/oe_test_secpaver_pav_project_import_0002.sh @@ -0,0 +1,43 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : pav project import large project file +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd + dd if=/dev/zero of="$project_name".zip bs=1M count=10 +} + +function run_test() { + ls "$project_name".zip + CHECK_RESULT $? 0 0 "failed to create zip file" + pav project import "$project_name".zip > result 2>&1 + CHECK_RESULT $? 0 1 "pav project import failed" + grep 'the file size must be smaller than' result + CHECK_RESULT $? 0 0 "error print" +} + +function post_test() { + pav project delete "$project_name" + rm -rf result* proj* + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0003/oe_test_secpaver_pav_project_import_0003.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0003/oe_test_secpaver_pav_project_import_0003.sh new file mode 100644 index 0000000000000000000000000000000000000000..acd0027649e9b420bae7fe4aa7f43544430a570a --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0003/oe_test_secpaver_pav_project_import_0003.sh @@ -0,0 +1,42 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : pav project import invalid project file +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + echo 'test pav' > testfile + zip -r testfile.zip . + CHECK_RESULT $? 0 0 "create zip file failed" + pav project import testfile.zip -f > result 2>&1 + CHECK_RESULT $? 0 1 "pav project import failed" + grep 'rpc error' result + CHECK_RESULT $? 0 0 "print error" +} + +function post_test() { + rm -rf testfile* result + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0004/oe_test_secpaver_pav_project_import_0004.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0004/oe_test_secpaver_pav_project_import_0004.sh new file mode 100644 index 0000000000000000000000000000000000000000..fd687b6645a62dd9bb10daf712f0cb9952a4c28c --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0004/oe_test_secpaver_pav_project_import_0004.sh @@ -0,0 +1,41 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/01 +# @Desc : pav project import invalid project file 2 +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + echo 'test pav' > testfile.txt + CHECK_RESULT $? 0 0 "create test file failed" + pav project import testfile.txt -f > result 2>&1 + CHECK_RESULT $? 0 1 "pav project import should failed" + grep 'testfile.txt is not a valid zip file' result + CHECK_RESULT $? 0 0 "print error" +} + +function post_test() { + rm -rf testfile.txt + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_info_0001/oe_test_secpaver_pav_project_info_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_info_0001/oe_test_secpaver_pav_project_info_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..9ed6ebccbeaf76c685da6e2b3cc17e4e027f2c76 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_info_0001/oe_test_secpaver_pav_project_info_0001.sh @@ -0,0 +1,42 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/02 +# @Desc : pav project info cmd test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd + project_import +} + +function run_test() { + pav project info "$project_name" + CHECK_RESULT $? 0 0 "pav project info failed" + pav project info projectfile > result 2>&1 + grep 'projectfile directory not found' result + CHECK_RESULT $? 0 0 "pav project info projectfile failed" +} + +function post_test() { + pav project delete "$project_name" + rm -rf result proj* + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_list_0001/oe_test_secpaver_pav_project_list_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_list_0001/oe_test_secpaver_pav_project_list_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..ea3f74c4769871feedc537ce9da5e6a95b687607 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_list_0001/oe_test_secpaver_pav_project_list_0001.sh @@ -0,0 +1,39 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/02 +# @Desc : pav project list cmd test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd + project_import +} + +function run_test() { + pav project list + CHECK_RESULT $? 0 0 "pav project list failed" +} + +function post_test() { + pav project delete "$project_name" + rm -rf proj* + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pavd_access_uid_gid/oe_test_secpaver_pavd_access_uid_gid.sh b/testcases/package-test/secpaver/oe_test_secpaver_pavd_access_uid_gid/oe_test_secpaver_pavd_access_uid_gid.sh new file mode 100644 index 0000000000000000000000000000000000000000..a760897cdb32ae1698892b18686fc309aaa63a1a --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pavd_access_uid_gid/oe_test_secpaver_pavd_access_uid_gid.sh @@ -0,0 +1,46 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/02 +# @Desc : /usr/bin/pav, /usr/bin/pavd authourity test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + # Install pavd + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + # check pav file mode + mode=$(stat -c %a /bin/pav) + user=$(stat -c %U /bin/pav) + CHECK_RESULT "$mode" 700 0 "invalid mode of pav file." + CHECK_RESULT "$user" "root" 0 "invalid owner of pav file." + + # check pavd file mode + mode=$(stat -c %a /bin/pavd) + user=$(stat -c %U /bin/pavd) + CHECK_RESULT "$mode" 700 0 "invalid mode of pavd file." + CHECK_RESULT "$user" "root" 0 "invalid owner of pavd file." +} + +function post_test() { + return +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pavd_logrotate/oe_test_secpaver_pavd_logrotate.sh b/testcases/package-test/secpaver/oe_test_secpaver_pavd_logrotate/oe_test_secpaver_pavd_logrotate.sh new file mode 100644 index 0000000000000000000000000000000000000000..1c171d66869aaa502e82d44f94f988d0afefdb1e --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_pavd_logrotate/oe_test_secpaver_pavd_logrotate.sh @@ -0,0 +1,62 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/02 +# @Desc : /var/log/secpaver/pavd.log logrotate test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + # Install pavd + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + # check log file + for ((i = 1; i < 10; i++)); do + grep "grpc server is listening" /var/log/secpaver/pavd.log && break + sleep 0.1 + done + CHECK_RESULT "$?" 0 0 "Error in log file." + + # replace log file + mv /var/log/secpaver/pavd.log /var/log/secpaver/pavd.log.copy + dd if=/dev/zero of=/var/log/secpaver/pavd.log bs=1M count=10 + systemctl restart pavd + for ((i = 1; i < 100; i++)); do + ps -ef | grep /usr/bin/pavd | grep -v grep && break + sleep 0.01 + done + systemctl restart pavd + for ((i = 1; i < 100; i++)); do + ps -ef | grep /usr/bin/pavd | grep -v grep && break + sleep 0.01 + done + ls /var/log/secpaver/ + CHECK_RESULT "$?" 0 0 "Error in log dir." + ls /var/log/secpaver/ | grep "pavd-" + CHECK_RESULT "$?" 0 0 "Error in log around." +} + +function post_test() { + systemctl stop pavd + rm -rf /var/log/secpaver/pavd-* /var/log/secpaver/pavd.log + mv /var/log/secpaver/pavd.log.copy /var/log/secpaver/pavd.log + return +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_policy_nodiff/oe_test_secpaver_policy_nodiff.sh b/testcases/package-test/secpaver/oe_test_secpaver_policy_nodiff/oe_test_secpaver_policy_nodiff.sh new file mode 100644 index 0000000000000000000000000000000000000000..4d1bd5782a5c6ccac3da4afcfe373aa6507ae58c --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_policy_nodiff/oe_test_secpaver_policy_nodiff.sh @@ -0,0 +1,46 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/02 +# @Desc : exported policy file integrity test +# ################################## + +source ../common/config_secpaver.sh +set +e +WDIR=$(pwd) + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + mkdir policy1 policy2 + pav project import ../common/testNet.zip + pav project build -r testNet --engine selinux + pav policy export testNet_selinux ./policy1 + pav policy export testNet_selinux ./policy2 + md5sum ./policy1/testNet_selinux.zip | awk '{$1}' > checksum_1 + md5sum ./policy2/testNet_selinux.zip | awk '{$1}' > checksum_2 + diff checksum_1 checksum_2 + CHECK_RESULT "$?" 0 0 "build consistent policy." +} + +function post_test() { + cd "$WDIR" || exit 1 + rm -rf ./policy* + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_rpm_install_0001/oe_test_secpaver_rpm_install_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_rpm_install_0001/oe_test_secpaver_rpm_install_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..3b3c72c62829322e30e9bbd467e7cc0b83a3c11f --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_rpm_install_0001/oe_test_secpaver_rpm_install_0001.sh @@ -0,0 +1,52 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/02 +# @Desc : pavd service test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + DNF_INSTALL secpaver && systemctl start pavd +} + +function run_test() { + # status + systemctl status pavd > stat + grep "Active: active (running)" stat + CHECK_RESULT "$?" 0 0 "Error in pavd service status" + # version + ver=$(pav -v | awk '{print $3}') + rpm -qa secpaver > rpm_msg + grep "${ver}" rpm_msg + CHECK_RESULT "$?" 0 0 "Error version" + # config file mode + mode=$(stat -c %a /etc/secpaver/pavd/config.json) + CHECK_RESULT "$mode" 600 0 "Access permission of config file should be 600" + # restart pavd + systemctl restart pavd + CHECK_RESULT "$?" 0 0 "Fail to restart pavd" + # stop pavd + systemctl stop pavd + CHECK_RESULT "$?" 0 0 "Fail to stop pavd" +} + +function post_test() { + DNF_UNINSTALL secpaver 1 +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/filesystem_test b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/filesystem_test new file mode 100644 index 0000000000000000000000000000000000000000..9ae28119ad7c990e7b7260299a0bb7dccce19d94 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/filesystem_test @@ -0,0 +1,6 @@ +#!/bin/bash +if [ "$1" == "false" ]; then + rename file4 file_2 /resource/file4 +else + rename file file_1 /resource/file +fi diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/oe_test_secpaver_selinux_file_rule_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/oe_test_secpaver_selinux_file_rule_0001.sh new file mode 100644 index 0000000000000000000000000000000000000000..749ce9091459756e880af6ab5287b96d5a0b8bc9 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/oe_test_secpaver_selinux_file_rule_0001.sh @@ -0,0 +1,58 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/03 +# @Desc : selinux rules test: rename files +# ################################## + +source ../common/config_secpaver.sh +set +e +WDIR=$(pwd) + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Create resouce + resource_create filesystem_test + + #Import and Build project + import_build_project testAll + + #Install strategy + install_strategy testAll + +} + +function run_test() { + getenforce + filesystem_test true + CHECK_RESULT "$?" 0 0 "Failed to install rename rules." + filesystem_test false + CHECK_RESULT "$?" 0 1 "Failed to install rename rules." + cat /resource/file + CHECK_RESULT "$?" 0 1 "Failed to rename file." +} + +function post_test() { + cd "$WDIR" || exit 1 + #Uninstall strategy + uninstall_strategy testAll + + #Clear resource + resource_clear filesystem_test +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/filesystem_test b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/filesystem_test new file mode 100644 index 0000000000000000000000000000000000000000..7e708f9c3ebb5df0c646bd98681f14496863e0bb --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/filesystem_test @@ -0,0 +1,6 @@ +#!/bin/bash +if [ "$1" == "false" ]; then + rm -f /resource/file4 +else + rm -f /resource/file +fi diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/oe_test_secpaver_selinux_file_rule_0002.sh b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/oe_test_secpaver_selinux_file_rule_0002.sh new file mode 100644 index 0000000000000000000000000000000000000000..1f3c4fc1ac7e87f97385dc69bd4760c941c0835a --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/oe_test_secpaver_selinux_file_rule_0002.sh @@ -0,0 +1,54 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/03 +# @Desc : selinux rules test: remove file +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Create resouce + resource_create filesystem_test + + #Import and Build project + import_build_project testAll + + #Install strategy + install_strategy testAll +} + +function run_test() { + filesystem_test true + CHECK_RESULT "$?" 0 0 "Failed to install rm rules." + filesystem_test false + CHECK_RESULT "$?" 0 1 "Failed to install rm rules." + count=$(ls -l /resource | wc -l) + CHECK_RESULT "${count}" 2 0 "Failed to rm file." +} + +function post_test() { + #Uninstall strategy + uninstall_strategy testAll + + #Clear resource + resource_clear filesystem_test +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/filesystem_test b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/filesystem_test new file mode 100644 index 0000000000000000000000000000000000000000..f6113c97841a8090fb66ad249e0a40dbd51ed75f --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/filesystem_test @@ -0,0 +1,8 @@ +#!/bin/bash +if [ "$1" == "false" ]; then + echo "write rules" >> /resource/file + echo "write to file" >> /resource/file +else + echo "write rules" >> /resource/file4 + echo "write to file" >> /resource/file4 +fi diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/oe_test_secpaver_selinux_file_rule_0003.sh b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/oe_test_secpaver_selinux_file_rule_0003.sh new file mode 100644 index 0000000000000000000000000000000000000000..5053b4b01b45dbda169955767de3ed712a560fa6 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/oe_test_secpaver_selinux_file_rule_0003.sh @@ -0,0 +1,54 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/03 +# @Desc : selinux rules test: write file +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Create resouce + resource_create filesystem_test + + #Import and Build project + import_build_project testAll + + #Install strategy + install_strategy testAll +} + +function run_test() { + filesystem_test true + filesystem_test false + count_true=$(wc -l /resource/file | awk '{print $1}') + CHECK_RESULT "${count_true}" 2 0 "Failed to write file." + count_false=$(wc -l /resource/file4 | awk '{print $1}') + CHECK_RESULT "${count_false}" 0 0 "Failed to write file." +} + +function post_test() { + #Uninstall strategy + uninstall_strategy testAll + + #Clear resource + resource_clear filesystem_test +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/filesystem_test b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/filesystem_test new file mode 100644 index 0000000000000000000000000000000000000000..8bd1c168a2e9238c6a4290d4732167579fcd8070 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/filesystem_test @@ -0,0 +1,6 @@ +#!/bin/bash +if [ "$1" == "false" ]; then + touch /resource/false +else + touch /resource/all +fi diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/oe_test_secpaver_selinux_file_rule_0004.sh b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/oe_test_secpaver_selinux_file_rule_0004.sh new file mode 100644 index 0000000000000000000000000000000000000000..d6c0ec3482cb2ecf1b3bb883122e3070131cc045 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/oe_test_secpaver_selinux_file_rule_0004.sh @@ -0,0 +1,58 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/03 +# @Desc : selinux rules test: create file +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Create resouce + resource_create filesystem_test + + #Import and Build project + import_build_project testAll + + #Install strategy + install_strategy testAll +} + +function run_test() { + filesystem_test true + CHECK_RESULT "$?" 0 0 "Failed to install create rules." + filesystem_test false + CHECK_RESULT "$?" 0 1 "Failed to install create rules." + ls -l /resource >> index + count_true=$(grep -c all index) + CHECK_RESULT "${count_true}" 1 0 "Failed to create file." + count_false=$(grep -c false index) + CHECK_RESULT "${count_false}" 0 0 "Failed to create file." + rm -rf index +} + +function post_test() { + #Uninstall strategy + uninstall_strategy testAll + + #Clear resource + resource_clear filesystem_test +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/filesystem_test b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/filesystem_test new file mode 100644 index 0000000000000000000000000000000000000000..51b7ff704ae1203a6ac106de3b254800c001ab5f --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/filesystem_test @@ -0,0 +1,6 @@ +#!/bin/bash +if [ "$1" == "false" ]; then + cat /resource/file4 +else + cat /resource/file +fi diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/oe_test_secpaver_selinux_file_rule_0005.sh b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/oe_test_secpaver_selinux_file_rule_0005.sh new file mode 100644 index 0000000000000000000000000000000000000000..119809ad9738f6450e912f79d1c7034ca1c8dd2f --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/oe_test_secpaver_selinux_file_rule_0005.sh @@ -0,0 +1,52 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/03 +# @Desc : selinux rules test: read file +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + #Create resouce + resource_create filesystem_test + + #Import and Build project + import_build_project testAll + + #Install strategy + install_strategy testAll +} + +function run_test() { + filesystem_test true + CHECK_RESULT "$?" 0 0 "Failed to install read rules." + filesystem_test false + CHECK_RESULT "$?" 0 1 "Failed to install read rules." +} + +function post_test() { + #Uninstall strategy + uninstall_strategy testAll + + #Clear resource + resource_clear filesystem_test +} + +main "$@" diff --git a/testcases/package-test/secpaver/oe_test_secpaver_socket_file_authority/oe_test_secpaver_socket_file_authority.sh b/testcases/package-test/secpaver/oe_test_secpaver_socket_file_authority/oe_test_secpaver_socket_file_authority.sh new file mode 100644 index 0000000000000000000000000000000000000000..535905a0b3be8b03bfbcc5925f0e4bbb870cf438 --- /dev/null +++ b/testcases/package-test/secpaver/oe_test_secpaver_socket_file_authority/oe_test_secpaver_socket_file_authority.sh @@ -0,0 +1,51 @@ +#!/usr/bin/bash + +#@ License : Mulan PSL v2 +# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved. +# This program is licensed under Mulan PSL v2. +# You can use it according to the terms and conditions of the Mulan PSL v2. +# http://license.coscl.org.cn/MulanPSL2 +# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, +# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, +# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. +# See the Mulan PSL v2 for more details. + +# ################################## +# @Author : zengxianjun +# @Contact : mistachio@163.com +# @Date : 2022/03/03 +# @Desc : /var/run/secpaver/pavd.sock authourity test +# ################################## + +source ../common/config_secpaver.sh +set +e + +function pre_test() { + #Install pavd + DNF_INSTALL secpaver && systemctl start pavd + + # Add user + useradd userTest1 +} + +function run_test() { + # check socket file mode + mode=$(stat -c %a /var/run/secpaver/pavd.sock) + user=$(stat -c %U /var/run/secpaver/pavd.sock) + CHECK_RESULT "$mode" 600 0 "Socket file mode error." + CHECK_RESULT "$user" "root" 0 "invalid owner of socket file." + # normal user read socket file + su - userTest1 -c "head -n1 /var/run/secpaver/pavd.sock" > output + line=$(wc -l output | awk '{print $1}') + CHECK_RESULT "$line" 0 0 "invalid authority of socket file." +} + +function post_test() { + # delete temp file + rm -rf output + + # delete user + userdel -r userTest1 +} + +main "$@"