From bad33edeaf196263e9d2903739b59f96b6acefdb Mon Sep 17 00:00:00 2001
From: zengxianjun <zengxianjun3@huawei.com>
Date: Thu, 3 Mar 2022 09:07:55 +0000
Subject: [PATCH 1/8] suite2cases/secpaver

---
 suite2cases/secpaver | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 suite2cases/secpaver

diff --git a/suite2cases/secpaver b/suite2cases/secpaver
new file mode 100644
index 0000000..dfbd40d
--- /dev/null
+++ b/suite2cases/secpaver
@@ -0,0 +1,37 @@
+oe_test_secpaver_config_file_authority
+oe_test_secpaver_config_route
+oe_test_secpaver_deploy_selinux_0001
+oe_test_secpaver_deploy_selinux_0002
+oe_test_secpaver_file_context_0001
+oe_test_secpaver_file_context_0002
+oe_test_secpaver_file_context_0003
+oe_test_secpaver_file_context_0004
+oe_test_secpaver_general_user_exe
+oe_test_secpaver_log_authority
+oe_test_secpaver_log_text
+oe_test_secpaver_network_rules_0001
+oe_test_secpaver_network_rules_0002
+oe_test_secpaver_network_rules_0003
+oe_test_secpaver_network_rules_0004
+oe_test_secpaver_pav_engine_info_0001
+oe_test_secpaver_pav_engine_list_0001
+oe_test_secpaver_pav_project_import_0001
+oe_test_secpaver_pav_project_import_0002
+oe_test_secpaver_pav_project_import_0003
+oe_test_secpaver_pav_project_import_0004
+oe_test_secpaver_pav_project_build_0001
+oe_test_secpaver_pav_project_create_0001
+oe_test_secpaver_pav_project_delete_0001
+oe_test_secpaver_pav_project_export_0001
+oe_test_secpaver_pav_project_info_0001
+oe_test_secpaver_pav_project_list_0001
+oe_test_secpaver_pavd_access_uid_gid
+oe_test_secpaver_pavd_logrotate
+oe_test_secpaver_policy_nodiff
+oe_test_secpaver_rpm_install_0001
+oe_test_secpaver_selinux_file_rule_0001
+oe_test_secpaver_selinux_file_rule_0002
+oe_test_secpaver_selinux_file_rule_0003
+oe_test_secpaver_selinux_file_rule_0004
+oe_test_secpaver_selinux_file_rule_0005
+oe_test_secpaver_socket_file_authority
-- 
Gitee


From 7e7044ea8920fc49cbe998bbe87b038cb3f61ebd Mon Sep 17 00:00:00 2001
From: zengxianjun <zengxianjun3@huawei.com>
Date: Thu, 3 Mar 2022 09:08:20 +0000
Subject: [PATCH 2/8] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20secpaver?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 testcases/package-test/secpaver/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 testcases/package-test/secpaver/.keep

diff --git a/testcases/package-test/secpaver/.keep b/testcases/package-test/secpaver/.keep
new file mode 100644
index 0000000..e69de29
-- 
Gitee


From dd755e482028273181cf35bcde95d453d0042b2b Mon Sep 17 00:00:00 2001
From: zengxianjun <zengxianjun3@huawei.com>
Date: Thu, 3 Mar 2022 09:09:14 +0000
Subject: [PATCH 3/8] add testcases common tools

---
 .../secpaver/common/config_secpaver.sh        | 114 ++++++++++++++++++
 .../package-test/secpaver/common/testAll.zip  | Bin 0 -> 4335 bytes
 .../secpaver/common/testEmpty.zip             | Bin 0 -> 1745 bytes
 .../secpaver/common/testFileContext.zip       | Bin 0 -> 3654 bytes
 .../package-test/secpaver/common/testNet.zip  | Bin 0 -> 2489 bytes
 5 files changed, 114 insertions(+)
 create mode 100644 testcases/package-test/secpaver/common/config_secpaver.sh
 create mode 100644 testcases/package-test/secpaver/common/testAll.zip
 create mode 100644 testcases/package-test/secpaver/common/testEmpty.zip
 create mode 100644 testcases/package-test/secpaver/common/testFileContext.zip
 create mode 100644 testcases/package-test/secpaver/common/testNet.zip

diff --git a/testcases/package-test/secpaver/common/config_secpaver.sh b/testcases/package-test/secpaver/common/config_secpaver.sh
new file mode 100644
index 0000000..ddc848e
--- /dev/null
+++ b/testcases/package-test/secpaver/common/config_secpaver.sh
@@ -0,0 +1,114 @@
+#!/bin/bash
+source "$OET_PATH/libs/locallibs/common_lib.sh"
+project_name=proj"$RANDOM"
+
+#################################################################
+## @Description 导入工程文件
+function project_import() {
+    ps -ef | grep pavd
+    pav project create "$project_name" . || exit 1
+    zip -r "$project_name".zip "$project_name"/ || exit 1
+    pav project import "$project_name".zip || exit 1
+}
+
+#################################################################
+## @Description 导入并编译工程，参数为工程zip压缩文件
+#################################################################
+function import_build_project() {
+    pav project list | grep "$1"
+    res=$?
+    if [ "$res" -ne 0 ]; then
+        pav project import ../common/"$1".zip
+        CHECK_RESULT "$?" 0 0 "Error: $1.zip not found"
+    fi
+    pav project build -r "$1" --engine selinux
+    CHECK_RESULT "$?" 0 0 "Error: compile $1 failed"
+}
+
+#################################################################
+## @Description 部署策略，参数为策略zip压缩文件
+#################################################################
+function install_strategy() {
+    setenforce 0
+    pav policy list | grep "$1"
+    CHECK_RESULT "$?" 0 0 "Error: $1 project not imported or compiled"
+    if [$(pav policy list | grep "$1") -eq 1]; then
+        pav policy install "$1"_selinux
+    else
+        pav policy list | grep "\"$1\"_public" | awk '{print $1}' | xargs pav policy install
+        pav policy list | grep "$1" | grep -v "\"$1\"_public" | awk '{print $1}' | xargs -L 1 pav policy install
+    fi
+    CHECK_RESULT $? 0 0 "Error: $1 selinux policy install failed"
+    setenforce 1
+}
+
+#################################################################
+## @Description 卸载策略，参数为策略zip压缩文件
+#################################################################
+function uninstall_strategy() {
+    setenforce 0
+    pav policy list | grep "$1"_selinux
+    CHECK_RESULT $? 0 0 "Error: $1 selinux policy not installed"
+    if [$(pav policy list | grep "$1") -eq 1]; then
+        pav policy uninstall "$1"_selinux
+    else
+        pav policy list | grep "\"$1\"_public" | awk '{print $1}' | xargs pav policy uninstall
+        pav policy list | grep "$1" | grep -v "\"$1\"_public" | awk '{print $1}' | xargs -L 1 pav policy uninstall
+    fi
+    CHECK_RESULT $? 0 0 "Error: $1 selinux policy uninstall failed"
+    setenforce 1
+}
+
+#################################################################
+## @Description 创建验证文件标签需要的测试资源文件
+#################################################################
+function create_file_lable_test_resource() {
+    cur_dir=$(pwd)
+    cd /tmp/ || exit 1
+    if [ ! -d fileresource ]; then
+        mkdir fileresource
+        cd fileresource/ || exit 1
+        for ((i = 1; i < 10; i++)); do
+            if [ ! -f secpaverFile"$i" ]; then
+                touch secpaverFile"$i"
+                echo "secpaverFile${i}" >> secpaverFile"$i"
+            fi
+        done
+    fi
+    cd "$cur_dir" || exit 1
+}
+
+#################################################################
+## @Param $1:resource file name
+## @Usage secpaver network rules, secpaver selinux file rule
+## @Return
+## @Description 在安全策略部署之前，创建被测资源文件
+#################################################################
+function resource_create() {
+    mkdir /resource/
+    touch /resource/file
+    touch /resource/file4
+    chmod u+x "$1"
+    cp -r "$1" /bin/
+}
+
+#################################################################
+## @Param $1:resource file name
+## @Usage secpaver network rules, secpaver selinux file rule
+## @Return
+## @Description 卸载策略之后，删除被测资源文件
+#################################################################
+function resource_clear() {
+    rm -rf /resource
+    rm -rf /bin/"${1:?}"
+}
+
+#################################################################
+## @Usage secpaver network rules, secpaver selinux file rule
+## @Return
+## @Description 卸载网络策略之后，删除临时文件和残留socket文件
+#################################################################
+function socket_file_clear() {
+    rm -rf /home/secpaver_hostmsg
+    rm -rf /var/run/test.sock
+}
diff --git a/testcases/package-test/secpaver/common/testAll.zip b/testcases/package-test/secpaver/common/testAll.zip
new file mode 100644
index 0000000000000000000000000000000000000000..cf92e0cfb179361becaba60a80d63e798f17d5e9
GIT binary patch
literal 4335
zcmai12{_bi7a!XgV;lRDJ=wD>DYBD&?2_HM_I0cwBZiP&WKH%xB3*;YQr3_WP4<#x
z%_VfD`9|F?H{I{P^PK<u-)H7I=e)mj-gAD(K%0md3^-gddP#=gUjBN30Bis_%nz>Q
z?k;9xOa>s*%?-5G!;60qIe>up@L%5^26zqh_zehP7#s{$58rJLBLD!vQ~&_uF%7;j
zKQDh@2biCztDl$WH+}9z?KX$<lfLOpCAUs-`kvvs0%c#u*6Zw^nH|Um4CKn>1d9$P
zwKzxZ%euCGQG?o3MA7Dm3T{I`)rKQD7|W}umEE^|S5Wua&E3x<0<<PCdnwwo0PcgN
zs?9R2h&k4WY8|qvg&4QWOjFJhorLPzt0nc<oTZ6YMIMg}_zu?8q|y8GWj8^mmK3wH
zo0eZtUF4uo7iJ4NFlo@Qlz?n$^Gx5c&PXRKGq*$KEMGCzT~jNwB1nIcU78>@JwukP
zcwo}^GH*n4NUQWMg3M=+?z|j$Cx_=<m96>??=uLA=A-oYN(tQH<lMeAiWu`o3S49O
z<!R;Fa>q44dv+*qiLIJH$5Xlcit}%jUrHhc6pb^ixat!H3<Tcub5qraOXYeP7*^i7
zQ9RP{;fjOd1|M4KTq5&<R!iShqP1BpowryPweZ)FcF@(9`LZ<Zz~r{wXw8&V<&b-^
zfeNs25vY8dFv`<<FE~T#qiBS!MYO@K$T^pokxhgmUyZ`XjtDlK=qQ-I!4Aggbm@B`
z_|RtJ<uJrQ(!mer?&9em^evP!3D3cV5)@IxYerG|ZNZT7=8r<O4QJw`zl!iZwYt-e
zqJfKc4W1vIw=%cX^P#3Q_bzO7wI~q0`p|%J$1~UcSx)=XxKum>6;nX?ZfZu+>Xc~T
zl4w6khMG@%E*Zn3F|<r9iYVyqs|;LXQ{jOrLRmP$?c@4<59y(=-&0pW+XISs@9#x*
zEb;ujVGe%Z6F79P#^$&Gm%y}^rcmF9p<T521g<9p0C-O5IYhw5$;BP!7wiXzc^oA(
zd_URdP<~40JZOg&kpx8kH?(pjDM?{q-Du7|<4acrG4OsWr?ligQ|%AvoMM#jn~s|?
zFsY5U*4Dch{FPam4HRa2BiPPeAMMqklI@M@MfhdY6E`g0l~u)R@OKM_Q!;HPkbU6V
z?sKm{^H9Jk$1$HR&B<~5%G;VYdsg+LknKzIDGyfbN!DS&@wD_kh6BYxxaRM>_gLus
zhFaltSl)a|4LLTe^+z7kMjY5gYr71k-bvKUKi1xbeQIn)cW3!^6O@l#FEZueo?Fcl
zu`{a_)0bf(jde1M-x8{A;@h%#cvF6?+Jxa^gfK~Xkr2b_pqH81)!>#E7Y({MU`yL|
z8JuX^!7k{=+U799;?ncUX?Q}6f8bYwqYOJl8+ZA>2?US!pQHc)$FI@$b$9V_f&VAc
zPmKm#yTl=v25g{k(J1SE%Cp<nk<j#}HsiW=t!UamHZmMbYP<?5muy9xkasO=!dRo=
z{gI)qX*9BljwANzyDVnh%wt0L1ND0)w5>_G^*&?0S?aQqm7bO`uTd=pRJ}0QiMO1m
zBQnWv#Q|??>4_;$eIYlcq>5v*K!m07paB++&yoy-43UN6@B0TvdUdBwWigvlV-h#`
zs>KQRRawK|#h0@1Ta#a7UHILfCAcUos6BSs?d(>;SW#T1hNwo#YzVQN{>bUf#{=Oe
zna1SfdkXtam(cv0RspMDq82L`PLXB~w7b4&{u=K?HJ7-wNHs5-Ji+cO2vnZsHjf#5
zn+?Uyr*XWN;N0o@On!v(64V2V74&7ehcDM3xBvjoU*qfvg9m!~x*Y*6y;@^)C_kli
zMz)gIq%0(Qc&N^NkL@1zK4s(=r2J|al)gcyN7eC)_UM&39$Z_hn=i8SdeJtd`^Elt
zH@}t?Z*IZ)9FN)Dsh!O_4_}F}4XY6L&aIsQ+H9ZI&`I9Q+qk_fzD0D-^TqeuMlP7m
zf%@kG?xQ{de>QF%lvQDNu>p^A5PonwV5fMxgO%U<WD)u1@?}mG^J;d`lr>c->b}C)
zmCnANC7VSW&TP>Zi(vH9<ff2mR~uDODkf<&)kv+CjaroI{fL}Q#Pfj5xvaC7|0HYA
z(+_QB?@C4nES2i3XeLnyQU_uQ=Ojobau<rn5`k?uz^n=z5}~-?W_E8l*0xO`U0ELE
zdP>6r`fNLAd_m8v3Td|%*S5^05CB<(<UO(|C9-rdZEU~i@Sc;t(s&<5I_5L6Bk>H5
z=l*1YT7W~T>zpA*e$vRm$dQB5G*r?RGSo|`gfTq5a211LLZ-3kotCwLDLc4;VU=)*
z=E?#sYHnA5NT-M<w^XvwMLK%aSWdIZe}}CYvp4#hI$ychs7!b7beX_js|&llyB2?@
zxv+z<$tscBV6~kSnPrXb0AthZ3?1@^DN~bq3;AURlAF{jjk8n)-e8!b3h1V!0D~$d
zgDEBN;(k-)8HyV7{%1lKktx|FfNPD!TxPdw<w*;|vkF~7WmlPBn9IcYo&`aw`Ff-C
z^VlnwWRr6Bis*?;AT-1RJU(B;Ua_^Sdq?(1AxG%@p&z*7#w`#@8mJV<Ja~$)oEJ9>
z;-DzDJlHWs78PJ_`P7Y=zg))|q+7_AL3Q6bule=knU`-}&5}5mmwigAdNOJ`%vwTL
zPodmldB)Yga$=?|2>;61a#dK0|Kx*aQZc}X5B5(iL+ordm>6WX?>BTxB;IUmHYBbv
z=#OL)K-h*EN($-o(BURZIS-u0bcKMwRd_gOgH?iE0lbxfM@maWqLeBPE9;Rw7gM7d
zX4A*GrZPn!jWQK9?dO(5y*A>7k+t3Fx0`6`5~{oDBh2gxldE#Cd!h9R=cM~1)M<e4
z41_@3LYAQ$MQu-p<t%11F`xfXIPL9kquTg*n8#;b4t181J;_S1%s~vqii)*eRpTA<
zz~nfH$#I}^^?Ix!(g8Fbui`ax(>T{oi2*p;B=2=G0dLz>a7C0?_vKGAq0*Ql;Jy-b
zd9C6P(&FRff}vQ;PmHE~N;C`8CX8R!7(nf4Ep@L4y{mjr+YWd@icZQDdph*Mp{R0a
zzPSEzxt^EPNcG;z<-L??Wa(VXvh&8d#v#uPzxDa`tyvrNtA`CwdZ$F5?@^r9l-1V;
zJ|B-PY<j_I+V2H4KR63iCm5oreWDh9Mz+emYFr*`*;$=-V0$6Y3n)bx7^$W@`9!3l
z3ENS7O^sjpNtf$OA<(tY><Muus&Br~#*ABc2@xjQSdI{bm021o3<d7)6+9cV-Xn`J
z5+Gt#W=>bC;EF7-c3fQrH%SR&JUv$LMr1hm^yD>Ft$BU=v+2NTvT+MXW;|O*I??jk
z@{2va6*?3Bx^Tm)>RI#FRnOPsx3$(nb!vw*+rEULe-F=92t@_sNRA5MVS^zCl@i~?
zHyB=g@%xu{?qKI_XYb<f0uMf_egD$VVQIRao#K$_iFtaH@r;%YmX@V<<rm#7y&#;6
zy9&*lb@npED<?!O`n**5u#YFIw%PUpE_CHIQdZ!jcxq|T+N>JUhKykB!YWg=0PHfV
z7S&fb8YNb}BHw+1dY`#3+`S8V>5~4Sj3C#0)`0asY2GTQg$JG~SV@N{@m=y)btUxe
zDU{KQ?^pK$a<-=H@iY4-)ogY7YKdm(;+mVHv<}|47(_XCsKG+~BB5kjbbZhZr?4M1
z_KBoA#~R3ux+xQ1S70E9AD!c`%An$>@6eTZ<fYu@t9F^O2Z5>=b!9al=B_-VVy?*2
zv!)E5&6d{XA64VJ4T-Cf!ERqnmJsYLC+~>m&!WJxwq>8^Ujb_~I!tD!wC=Da4HrLv
zzUnBR3(hbd^u|VXE8O`V7M7f8MKBv_?0-$gO}NMhRVxgYLW{pGHO|*{dIV0rMOu=r
z&dKsxl1#l;Y2{3f3onND^U?y6W69iSE$$PEo@@m09L~nP+2-py>JyY>2er?66kZZT
z4=4?{ol88P_kG0+<XB(xwhIvT_Vsf8HfXrwo0!Z=-sh311jYwbZK6+**RA5sXx@8B
z3UjHX+!ZapnmePYoQftc_=OF5<Yi}A<R{z2Q)!5;TfOe&D_j!Kxb_Uz_|qdCa@Za`
zc~{PHO>%Q8f-Z2}RUzPy&8w#gc5^$#)(Qe2)t~1bJZPa#wvmvZfbnc+q4lZ;8i_zE
z`=Z*wTUHb@Gq5d@@XhibY6EQoLJp#To5Ps@BDN5~6Q#q~A2i&=nB@CZ_EU%cuI=Au
zvhUjPR{{`$P(G&Z=Lrq3`xn#Mp>ED^!vF|yazx-gbPvC{@Is9z&_6sqJ}`j4{R#jO
z0GI(G^jX?NqOS;kd=o~L3xe?b<9M7T_s8)-9k=oq)yI2&NcH~@Dkq8laa4$ij(Pq~
z=dWo$-p(&5|8ewBQrzQqeDF2tZ-kEQ{DbiRw~dqZ?zjys$uDjElkDM*{DSEHe2{;Z
z(&I)(@tOOJgPbU=|9zN~clx-UdWs`EM>ia=_3(zD2sa7vFcr!0A0vD~k(7tK{{iw`
Bw~YV*

literal 0
HcmV?d00001

diff --git a/testcases/package-test/secpaver/common/testEmpty.zip b/testcases/package-test/secpaver/common/testEmpty.zip
new file mode 100644
index 0000000000000000000000000000000000000000..e526d2d92b8680872610c1c26797b8034700da97
GIT binary patch
literal 1745
zcmWIWW@h1H0D;AR{Xt*`l;C2JVJJy0E^*B*D5=yB4dG;9Zkkh`&<w<-72FJrEFg7Y
zA^>QH2#~|U@WQhqaMk){)=z*uC1wT&2^2GmQj7CTi;`1|^|Ffd^S~x9j@uIt!e}NQ
zo#e~i<RH-Y{$H1bl?cZ@TQN4r5Rth`Nt;)S{YkQS5&U2Mu4~rPYilief7`v;^Z8xc
zu@xF0I!_-GeaiG^v0dQQt8>$s9x2~2h+cOvN89k@l1VxzXO=Exyi&Aocks!>b6bsm
z<(@isGoNqw&d+vTiu|g@6Zgjjt`1Xm_O|}|W919|X)aQl-ZK_d?+fI=Z|mw}!&Pge
zxoBq83<3LJEf!TK6F6_&T%LRCyJq}~*>9ykTFi<)G40|E4w+-?7W#MnnHu@_k<NnV
zRpMHbduL?0Pcxr5GrmZ&V@YNI|7C^(PVa9$^*8*ajtI5MWl14h_pYqB1csUq5Q_mZ
zBIJuxb29TvE5Kp4`dJVI)6%9tbIv^RQq|@V*O@YVKD&s{$rC<do3u2wd|6LldF60r
zdDs*YRko?mmWXLbx;D2a?aX2XSq6z_P!s{phXVnWC@L;UO)iE+HYi%A;frjy@}!V`
zex37u85tNBvNABJ0?kBnHrS-x{FKt1)Offs*cV$T`(__D;AwmRSM=zY3r-8l<;|-k
zdU8wNn0N)sPVKPTwsB5fz_0t$x7>A~cI0)$^56@<U8cpK{2jNShw)rykidyq)sGaO
zWUsI9`+NL)dC-YnWmjZdd^`*#?%lENIkuzqPNs;bu#QA6XH~ZI>@^Dww4Be!SFaR&
z%sTTUlZ7yE?X{o@KR9ds&TMg0oW4LZ`@+J1{RQc}UY@9abNe@!b-0|uv?UYEWemhU
ztzS&ceJENM_tAs5?efXbk57LoGZI>RWzAxn6<Ho1ADvQWd6TiBK1=A*jC~(PHZ0!g
z_HDwSOD@fc$$wwv^DQ%DH`-*d#dp=NNzRq4Z3^$PtzI+j`ghSOPU1=Xrk<Am8XB1#
z;OhONNdMxI_T?L*zH=PPxWvu(b3LPW!3G82#PW+h>;E$t?e2`4(KPF}X_dd`zaydf
zspmN2QpKgiPS?Cz{%1{j1v4TUfnwGtYo%*3FdmKou@Fkk79^JG6%^%X;mdZA<hAL_
zqDN=`*r;l&I@>a<%625gCFN-aEK%9I<A~|@1xtj~;-*B+iI18xCyHlE%jU0}x*C5i
z)av36n%ubQVuGBLi@mx1QWJGkxjZEo;fPQjpX@BZw7AUHNuj1r#YJ^-QE65e%vPvO
z+7`7gN{=DHn~_P58CMA;0Zpa?3<n%ROn5p1CQ(*Md4yJSK+MBc8bQnhrdNiBMi&(G
z(90&E=~&7okm>Ra5YsVptqRDAK%fA`RX|G+u0_tnTwr+y21a1%7<E=knn~{lBaBvf
zufPxDBZmrRhD8pQ=cx8TvoB%SV`g4t*BdgSxE^;_M)r)!+Q$z;j)&2<S2tWicm@$A
isA&{AN)7_63`C$IQY<d-u(E-In+*u9fevn90r3DdI6*Q1

literal 0
HcmV?d00001

diff --git a/testcases/package-test/secpaver/common/testFileContext.zip b/testcases/package-test/secpaver/common/testFileContext.zip
new file mode 100644
index 0000000000000000000000000000000000000000..a878e78de2830101e25ef968cf6902780f189ab3
GIT binary patch
literal 3654
zcmai12{@GP8Xhqkq~;W|>r^9Ihb(2O2-zF^ZcGdr%P_V<`bCN;St1n5lKp6mDN7T|
zF3TxP2>;lRE%Hk!=bQSkKf}Z~*Z0lLb<K6(?|Z-Z^E~$;bQzggLDVb2G{)%1hrb_C
z5I@KV?d_xK;)cF}_3%OCeWXlHSU`+Ux&HQE!0n4?12HgBfBoZu0FXF<FA$IyfOLKM
zR@74l5NHVs0twPV!lAvfzBmW8w<N|J>+u8E48U~Qjyq;<iw%Wy1m8rWR`t|`+w_r#
zpC`ereS)l_^Y8-tD>~NE^(#X?ekE|Gyq4-IE&TA(Ky5j4z(b!A+?(Bb48_l`gf-SZ
z!eNnsI4sj48(s8*{f&Y&1XRO2@F8v`L_ECVLD0eH6UT|Rt;XEl{Iy{5Q6pCAPudR(
z!B6~Tp{RKF$|P%cCEb}*B{J*Dah&4_LSitpPWoZP5bazj%ZzxbvDf3hyfCl&0n3Jy
znKj|8BZic~!})jAA{b8#d1=&=`iOdez`mv$n~g%thO>3-27OJlq;Qeea&9`dcCJZm
z7bO&g@<rpE)^%EM=UF9YD@V9TI=lBc4cFtrCi&!5)Hp6>-GHJ)EC$7xb-CvWChsMm
zGybc_I&qQ+lMbF>gU=C*3I2=qeG!Gz%#LHCi|YBSv$@UAj<5cTt}1VhuKM;_pmgQS
zJ8m1Ib7ELA&w7-lFw&HfGu7&y)5X-I?;A4|8(NiI@aNW2Z#D&7%FlUh@O?gx;6G!&
zR|KUXsGnxn;GapHcdTnPB7_i~J}6q5$Ba*Q2If2Kqhk&pef#Ju1MTrAH~O2M2F#!Y
z-28No-y7}b;^B*@J$$MGwwS75oMIx{*xsa9Y(g-~9jA<%G{0?UT-243iNAgnrjeaz
z^RP_uylEaMOe0b?`%GTl`GrY~Vk;1JH9u{Ad5f*N=&i;R?cn{>+zP-Nb~JZRFy2rM
zVt#oT*csOz5D4~LJZkYE{c$cn=wI7}R8%2lw{P>&J^iRX()(_<&;I9L$t_N%`5@aW
z36W!Ijux0mJ^Qmd@tp#1HpuR?AtS0CYA*O8*?_nxvyK$zKV6wa#a}sJ3N3*Uyo!Zg
zZ&WPbvQVqH6Z2*9r+`&lSRclUc3TSO+NOzcMdI2gGiNFdG>hbeUB#9j7HCQYD{&Ve
zVL=<f1~ae`$p*2DS1|RHHt`1}Qx7#p^SJTYq|9o`Emnu>Ya)hYD+jHs91x!tEDK4~
zwhJ#)hTxia;iY#*3<wSAw|2_aSE`EY_fM6-{Vc!odO7X#h)|yk_R(u-!fO7;CUa2b
zi<>!NKLE(b4ag_FvwS$TJJxTDe&uyl$SpQ`bgzcB7EaaASnE^95&Rd?K_)asTOAWw
zSW*O=QvcV`N0J{!8Db^EzL74B#KrI7H9gkKJRJM&dI`z-hIYq&@B5w2eEs6=YxfB8
zY6G>i0jif$Ku@pou<6I-BpV4tsh6X(MB>ZH??k)gE7U1Aa+s-pLoXKX-U*Y}u33HX
zRPQ&+dAFq%zl?^pI3192VD3lS^3FMmj*11%lrTXF?%E@KVIhC!TDY0@UnX;(lU4-8
zyF0Q>K=$*l<3kK%B`dk60`@N{d~H}I<3_-~ub#J}Aj^xALca<t+%v#%s_y}b0%*s#
zyLJvZG-|W=`aZuz^3wBO4dyjfyJcgJXBYN{4+crR<dnDa<3;6a*4;cVpD1IdHWW;n
zjz-^7bB1$mNa?1_V!$eXOsQbVv#SrZM3@S)93VxfMB2UtHN+VWmKixzoRXT-Foq)B
zB#CFsuSr~k%l9<3RdbXcdYPo{>NR;MyRpo(ySe=kA^fPUT-SnFU7K`eyIx>@;z^|*
z%7xtV=+Zc0Ysts0{(ce*;o%jxGmacw`#0}uUB<9WK(7FDaDV^D&+HBqEr(R)1@Sd!
zRMg%BaFnbc#xSk_{D$yGDY<fBNyBN-x(5!vL;fH3mx5IHarHb!P>Yv;cLi~150v{B
z_noAtpenU`!>QFfi~`qGnlF$_p5Uz<BVjV($p+ergrncTxGM>GDMLIS%T^`j3{9Jg
zdG<oZPe8S54;Y8twHNeVB9oZI+&@0O549$j8TGulX!pJ}r`jR+zZrF%6=35urTHR*
zi1<2pKIWqOw&dFu&7)ak1s4-o37#TFX7X?Da6X&35m;*_a_0F=nAA9gn4zg;b9FzS
zAlIa^M-HsY5Kk1~3$#bTzx5XTBiCjzD$~-;cOUd;HD=BQbu^{2-MFVOryLt|w&PV(
zI(Z(Z@GXw#Rgo@FR2X^c9IbxeL)RLp)yoO!cYL?%MLE*;zB<5z+iF*ZjoSMrmd&+1
z5zqnKI(>w}L-pg`jhu6tvMLLw*XK!Pw<nHV0i?sGC~Kbpn^+tKYB%Cz&A~K#im7Z)
z2kWEaf^4UWLw-gPZ9{1jf90~kCl?V;f$zKCr#{x{;1lNavF?#7s?ISwV`+d6<Ju62
z^^T}Ln~kxHmyjzZGc}*$(yJ-g5Ym$gN{D>dUo7WEDwT||_A?P?Vn}@9QTRlGnc=k|
zske~y;i~jCd*w6h9ipxMEe0*r(q$=XPG_fl=AOXL#f$}K=ZNK9!zQZ<&5Y>}Zt8o~
zOmtRAqAnIt4hG~RZaT_&qWmO1aahbhX^751^o>zv13DemYuqX=95Hs_jT;fss|n5B
zI`MC7djELNGmSu%zq~5d)RJ+3!IaTkWMA0ID26}GdC5&a(l=r>^l+7wzp+@T8lQw#
zN|Z=?f?MqrSZt=SOPoabia91)Pgz5;eC*abRMB-ZGR<<qe5lRe=PS`H=_Cv@(SLS~
z-?4!G`<&on=RQKf`^@jaq-EG6$oRVm$qj6mdO<<es?_)GffD>PP;N2BPt@PV$)Biz
zilC6|I&@IChD(5hj+9$DXfw-Z4sF2dTUSn-V0L2oT@Kl-O%FYWzf%c-O-&^`D6~D3
zY+n5dMmnqifxRuE094e3vI`aM{N7CE1pE`&Ce$w~nrXf}*Y<h0nd=F7M=qM_2XIlR
z-!A*2oeZ0~MwxfyqL~xB?~8g|v|V&F*Kx=$T>tdc-I=y`oy|;kEZdoW^&kM9Zqa}N
REkGbv;582zOZA7l{|^Y2Eq(w1

literal 0
HcmV?d00001

diff --git a/testcases/package-test/secpaver/common/testNet.zip b/testcases/package-test/secpaver/common/testNet.zip
new file mode 100644
index 0000000000000000000000000000000000000000..755600b24cdb36460c714578cace5cf0d5696905
GIT binary patch
literal 2489
zcmWIWW@h1H00E=8IYD3sl;B{HVJJy0F7Zn((GLybWMB@s-I4HzwKJi#f}4Sn1*8g0
z1OQDC0dhDPwtCMA5)Zvu-3sKnFfuTRA(>E=TAW{6l$=_umsOmf2R5&DS4RQ}qnS6i
z-;nQ+fdEVPZ_yX8IKJ;`lvfau%swdAnfp^OFks4lVdvQ*0Wrq6ZeBeb709@Jp~W0#
z?zw#8Yp?8?r&O7`rorIg*6$Y@XYrp8t9klNY|%+YyNsjWpJ%JTP<kS7Y_<D&VbOWt
z{4GbPEL^uqCOd0+!s)Lo+Y@)>xKFvJK5gE9{p`}K-F3_ePYK7)3DP<K=x;I5Q|&-3
zg5;^<)SS$`(h7u^OmB81*Z?t_mqbrFaxoe5I9x0(?z*s*`}$+uJ6%&Qcy0-pyl~lz
zfM@TnJ+1%4sF)Y#eeZD-vr~uu<(vO>D!aCy6X?6V=f~^bb$dTm|9V>=wDz0ht2|HR
zN~MX#MQ>*LF4b6nQd~31(<@cx#*DC<4U?;#Z%2IG;lfdF@qiuV0Z6=pVg=}KIN(F}
zKtXD9F(h_DF~P=0Aa*}Zzh*BEjM?wZ3_w#5>7y8I4k)$67i8w8BLW0R9G{)!opsoO
zr|tST%|mN=@0C6@{=#;&<zz&!t1Z8YR}bgT>Zj#*oC<cWI#}WM%bxS^Ctcqud<z{H
zOYW^ceqxnH%@WU|$>ozL{}AvFxe#;O_o;eGr9*jG?VowPE)1I_9&fu5;&<r|>x)SC
zJ5|4eZi=XP{BvS^<m9p8Q`lndfFqIoVpnHwIm=Y}?U?z|rCi00y+3k8Cg+9gN=aW?
zq5FK<tuM{FQ9=?2wAZ96@5tIK`Cdk19yjm&!VmGnQnFt-rJwkHIDGDTJAd`YPpy3Y
z&hJ~rBF@-$t-bt*U+v4y^t_rR=8fGv-(H?lpZ)n(^a<q|3)VXvzvaFyux@kxbN0q{
zaS`tiZEfMHXY4HzDcUdmIOtMlV3Ee<>R-HwR0oQ*r#=r4tp`S%2{6Frum^TYYEE8i
z3BlkF?E_^g9@pnjL{1bhDSJ7|xPbYJ;*x0_G9GIfDujG}r?Ql_v?J&L{O@lgwF?aU
zp3D_!H%?`&-j%WR*(biZi{ZYGB}Ll8CgEJY4<rH>SanCv?8sa+r@t^dVdGQTjh9-h
z3U@W%{L(U0{$%n$L06fIA`zXb=a)5^c{`cUoDp&3bH-73Vav|9x3)FwUwc3C-1Wo!
zjhwcZguk!lGHQEhU&+U~_l;wA<d<vHmR;}u$AB6Phh@SQ6oEld08DdI*n=T2nP3pi
zop>;>*?_0*{1eSpb1uGEDn2hU-yk$NYmb?f%Ea6kt5&_YyBwr(D`caq)4~0JZ(e-A
z`Q#e!mERs5IsV~QWX{ei<H)jW`O|{`u1Yntw9H89p3CogVa?mG-gT-%L62uXKigI|
zYg+K3dAu6OJ?5LqmpJw5GJf({5pnd`&wwi3bJZJC6ia;PX?V3nOlQ*cpSa}Cn(MQx
z*T?V3^6!s`wmp37!G5{pH>2yS>sK}3>$~a9$ynPStbHuNSMZ2{K#I_n9qlD+-4bUc
zu{U_WOJ0Bd>>YW%x*t+Mmy~?Ia$;frMN6#}ysZkSx!on+%4_p&JlG^S>Ggzr{1cZx
z+-thJ)!jBK%4&0=rpcjQ)9)RyFLwXb^q<jDU2EqZ&f?p%CBs(OM;9C3M-B8#Q|cRP
zfNAdv5DOp$dO>2DUO`cQ7QO;Jx6hI5kOPnF^~u2})-3Jv=6}fQ;?j2CD9AW<lGnm7
z@BD5>3B)|xdt6=F@_fJepUUT=i^Nyl7ysrqZN`lcE3M9HI0wyVKJuU}#9wn}<x7Dx
zu_xCaKPdJ-_DS06x}HU;FY1pcK75k*+2YoTzX8wOxt$+bnSDE<weO>ga4j(DFfz$8
z<EqdkpoO3S!wW|c6H&dfLaH~kavNeAuF4H!8Zc!tENFB>G7Y_|1DcJcnnN}lvyMSF
z8&u%JT#8!b08IwfI9OectMEq-gB!>uL#qP9t_77%s1*USYZaJ~T#L0@AkGHV(hu2&
zUSL504-bS5C}kmWcAyq5$aYKtHf^xj0WWBXGaoe<A)C+1hA<zIr*N6d3RDehU~w>9
K0fz2*Fb@EU2VAWH

literal 0
HcmV?d00001

-- 
Gitee


From fd33cd069920c6f3715ee06385c948fa54d3f7ea Mon Sep 17 00:00:00 2001
From: zengxianjun <zengxianjun3@huawei.com>
Date: Thu, 3 Mar 2022 09:09:23 +0000
Subject: [PATCH 4/8] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20test?=
 =?UTF-8?q?cases/package-test/secpaver/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 testcases/package-test/secpaver/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 testcases/package-test/secpaver/.keep

diff --git a/testcases/package-test/secpaver/.keep b/testcases/package-test/secpaver/.keep
deleted file mode 100644
index e69de29..0000000
-- 
Gitee


From 9b3b29e397346e23fddacc250d2d5199943aa904 Mon Sep 17 00:00:00 2001
From: zengxianjun <zengxianjun3@huawei.com>
Date: Thu, 3 Mar 2022 09:10:59 +0000
Subject: [PATCH 5/8] add secpaver testcases

---
 .../oe_test_secpaver_config_file_authority.sh | 51 ++++++++++++++++
 .../oe_test_secpaver_config_route.sh          | 53 +++++++++++++++++
 .../oe_test_secpaver_deploy_selinux_0001.sh   | 49 +++++++++++++++
 .../oe_test_secpaver_deploy_selinux_0002.sh   | 45 ++++++++++++++
 .../oe_test_secpaver_file_context_0001.sh     | 50 ++++++++++++++++
 .../oe_test_secpaver_file_context_0002.sh     | 56 ++++++++++++++++++
 .../oe_test_secpaver_file_context_0003.sh     | 53 +++++++++++++++++
 .../oe_test_secpaver_file_context_0004.sh     | 59 +++++++++++++++++++
 8 files changed, 416 insertions(+)
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_config_file_authority/oe_test_secpaver_config_file_authority.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_config_route/oe_test_secpaver_config_route.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0001/oe_test_secpaver_deploy_selinux_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0002/oe_test_secpaver_deploy_selinux_0002.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_file_context_0001/oe_test_secpaver_file_context_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_file_context_0002/oe_test_secpaver_file_context_0002.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_file_context_0003/oe_test_secpaver_file_context_0003.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_file_context_0004/oe_test_secpaver_file_context_0004.sh

diff --git a/testcases/package-test/secpaver/oe_test_secpaver_config_file_authority/oe_test_secpaver_config_file_authority.sh b/testcases/package-test/secpaver/oe_test_secpaver_config_file_authority/oe_test_secpaver_config_file_authority.sh
new file mode 100644
index 0000000..baa83fa
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_config_file_authority/oe_test_secpaver_config_file_authority.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/02/28
+# @Desc      :   Check secpaver config file authority
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    # Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    # Add user
+    useradd userTest1
+}
+
+function run_test() {
+    # check config file mode
+    mode=$(stat -c %a /etc/secpaver/pavd/config.json)
+    user=$(stat -c %U /etc/secpaver/pavd/config.json)
+    CHECK_RESULT "$mode" 600 0 "invalid mode of config file."
+    CHECK_RESULT "$user" "root" 0 "invalid owner of config file."
+    # normal user read config file
+    su - userTest1 -c "head -n1 /etc/secpaver/pavd/config.json" > output
+    line=$(wc -l output | awk '{print $1}')
+    CHECK_RESULT "$line" 0 0 "invalid authority of config file."
+}
+
+function post_test() {
+    # delete temp file
+    rm -rf output
+
+    # delete user
+    userdel -r userTest1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_config_route/oe_test_secpaver_config_route.sh b/testcases/package-test/secpaver/oe_test_secpaver_config_route/oe_test_secpaver_config_route.sh
new file mode 100644
index 0000000..229b926
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_config_route/oe_test_secpaver_config_route.sh
@@ -0,0 +1,53 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/02/28
+# @Desc      :   Secpaver config file function test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    # Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    # clear directory of compiled file
+    rm -rf /var/local/secpaver/policies/*
+
+    # Import empty project and compile
+    pav project import ../common/testEmpty.zip
+    pav project build -r testEmpty --engine selinux
+}
+
+function run_test() {
+    # check compiled file
+    ls /var/local/secpaver/policies/selinux
+    CHECK_RESULT "$?" 0 0 "Cannot find compiled files."
+
+    # check log file
+    ls /var/log/secpaver/pavd.log
+    CHECK_RESULT "$?" 0 0 "Cannot find log file."
+}
+
+function post_test() {
+    # delete temp file
+    rm -rf output
+
+    # delete policy file
+    rm -rf policy_testEmpty_selinux.zip
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0001/oe_test_secpaver_deploy_selinux_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0001/oe_test_secpaver_deploy_selinux_0001.sh
new file mode 100644
index 0000000..96f0ad7
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0001/oe_test_secpaver_deploy_selinux_0001.sh
@@ -0,0 +1,49 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/02/28
+# @Desc      :   Install/Uninstall secpaver policy
+# ##################################
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    pav project import ../common/testAll.zip
+    pav project build -r testAll --engine selinux
+    # install
+    pav policy install testAll_public_selinux
+    CHECK_RESULT "$?" 0 0 "Failed to install main policy."
+    pav policy list | grep "testAll" | grep -v "testAll_public" | awk '{print $1}' | xargs -L 1 pav policy install
+    CHECK_RESULT "$?" 0 0 "Failed to install sub policy."
+    # uninstall
+    pav policy uninstall testAll_public_selinux
+    CHECK_RESULT "$?" 0 1 "Failed to uninstall main policy."
+    pav policy list | grep "testAll" | grep -v "testAll_public" | awk '{print $1}' | xargs -L 1 pav policy uninstall
+    CHECK_RESULT "$?" 0 0 "Failed to uninstall sub policy."
+    # uninstall main policy
+    pav policy uninstall testAll_public_selinux
+    CHECK_RESULT "$?" 0 0 "Failed to uninstall main policy."
+}
+
+function post_test() {
+    cd "$WDIR" || exit 1
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0002/oe_test_secpaver_deploy_selinux_0002.sh b/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0002/oe_test_secpaver_deploy_selinux_0002.sh
new file mode 100644
index 0000000..ff27e2d
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_deploy_selinux_0002/oe_test_secpaver_deploy_selinux_0002.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/02/28
+# @Desc      :   Install/Uninstall empty policy
+# ##################################
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    pav project import ../common/testEmpty.zip
+    pav project build -r testEmpty --engine selinux
+    # install
+    pav policy install testEmpty_selinux
+    CHECK_RESULT "$?" 0 0 "Failed to install testEmpty policy."
+    pav policy list | grep "testEmpty_selinux" | grep "active"
+    CHECK_RESULT "$?" 0 0 "testEmpty_selinux policy is active"
+    # uninstall
+    pav policy uninstall testEmpty_selinux
+    CHECK_RESULT "$?" 0 0 "Failed to uninstall project testAll."
+    pav policy list | grep "testEmpty_selinux" | grep "disable"
+    CHECK_RESULT "$?" 0 0 "testEmpty_selinux policy is disabled"
+}
+
+function post_test() {
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_file_context_0001/oe_test_secpaver_file_context_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0001/oe_test_secpaver_file_context_0001.sh
new file mode 100644
index 0000000..d198ca2
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0001/oe_test_secpaver_file_context_0001.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/02/28
+# @Desc      :   Check default file context
+# ##################################
+source ../common/config_secpaver.sh
+CURDIR=$(pwd)
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Create resouce
+    create_file_lable_test_resource
+
+    #Import and Build project
+    import_build_project testFileContext
+
+    #Install strategy
+    install_strategy testFileContext
+}
+
+function run_test() {
+    cd /tmp/fileresource/ || exit 1
+    ls -Z secpaverFile1 > result1
+    grep "\<user_tmp_t\>" result1
+    CHECK_RESULT "$?" 0 0 "File lable is error."
+}
+
+function post_test() {
+    cd "$CURDIR" || exit 1
+    uninstall_strategy testFileContext
+    rm -rf /tmp/fileresource/
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_file_context_0002/oe_test_secpaver_file_context_0002.sh b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0002/oe_test_secpaver_file_context_0002.sh
new file mode 100644
index 0000000..c0874f0
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0002/oe_test_secpaver_file_context_0002.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/02/28
+# @Desc      :   Check file context
+# ##################################
+source ../common/config_secpaver.sh
+CURDIR=$(pwd)
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Create resouce
+    create_file_lable_test_resource
+
+    #Import and Build project
+    import_build_project testFileContext
+
+    #Install strategy
+    install_strategy testFileContext
+}
+
+function run_test() {
+    cd /tmp/fileresource/ || exit 1
+
+    #Set system exist lable
+    ls -Z secpaverFile2 > result1
+    grep "\<shell_exec_t\>" result1
+    CHECK_RESULT "$?" 0 0 "File lable is error."
+
+    ls -Z secpaverFile3 > result2
+    grep "\<secpaverTest3_t\>" result2
+    CHECK_RESULT "$?" 0 0 "File lable is error."
+}
+
+function post_test() {
+    cd "$CURDIR" || exit 1
+    uninstall_strategy testFileContext
+    rm -rf /tmp/fileresource/
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_file_context_0003/oe_test_secpaver_file_context_0003.sh b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0003/oe_test_secpaver_file_context_0003.sh
new file mode 100644
index 0000000..49d7d57
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0003/oe_test_secpaver_file_context_0003.sh
@@ -0,0 +1,53 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/02/28
+# @Desc      :   Check gruop context
+# ##################################
+source ../common/config_secpaver.sh
+CURDIR=$(pwd)
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Create resouce
+    create_file_lable_test_resource
+
+    #Import and Build project
+    import_build_project testFileContext
+
+    #Install strategy
+    install_strategy testFileContext
+}
+
+function run_test() {
+    cd /tmp/fileresource/ || exit 1
+    ls -Z secpaverFile4 > result1
+    grep "auto_secpaverfile4" result1
+    CHECK_RESULT "$?" 0 0 "File lable is error."
+    ls -Z secpaverFile3 > result2
+    grep "\<secpaverTest3_t\>" result2
+    CHECK_RESULT "$?" 0 0 "File lable is error."
+}
+
+function post_test() {
+    cd "$CURDIR" || exit 1
+    uninstall_strategy testFileContext
+    rm -rf /tmp/fileresource/
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_file_context_0004/oe_test_secpaver_file_context_0004.sh b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0004/oe_test_secpaver_file_context_0004.sh
new file mode 100644
index 0000000..47179b0
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_file_context_0004/oe_test_secpaver_file_context_0004.sh
@@ -0,0 +1,59 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   Check file context 2
+# ##################################
+source ../common/config_secpaver.sh
+CURDIR=$(pwd)
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Create resouce
+    create_file_lable_test_resource
+
+    #Import and Build project
+    import_build_project testFileContext
+
+    #Install strategy
+    install_strategy testFileContext
+}
+
+function run_test() {
+    cd /tmp/fileresource/ || exit 1
+    ls -Z secpaverFile5 > result1
+    grep "auto_secpaverfile5" result1
+    CHECK_RESULT "$?" 0 0 "File lable is error."
+    ls -Z secpaverFile6 > result2
+    grep "\<secpaverTest6_t\>" result2
+    CHECK_RESULT "$?" 0 0 "File lable is error."
+    ls -Z secpaverFile7 > result3
+    grep "auto_secpaverfile7" result3
+    CHECK_RESULT "$?" 0 0 "File lable is error."
+    ls -Z secpaverFile9 > result4
+    grep "\<secpaverTest9_t\>" result4
+    CHECK_RESULT "$?" 0 0 "File lable is error."
+}
+
+function post_test() {
+    cd "$CURDIR" || exit 1
+    uninstall_strategy testFileContext
+    rm -rf /tmp/fileresource/
+}
+
+main "$@"
-- 
Gitee


From 505bbf01e545182cbab8b0fa4df81a208f517224 Mon Sep 17 00:00:00 2001
From: zengxianjun <zengxianjun3@huawei.com>
Date: Thu, 3 Mar 2022 09:11:43 +0000
Subject: [PATCH 6/8] add secpaver testcases

---
 .../oe_test_secpaver_general_user_exe.sh      | 51 +++++++++++
 .../oe_test_secpaver_log_authority.sh         | 50 +++++++++++
 .../oe_test_secpaver_log_text.sh              | 57 +++++++++++++
 .../oe_test_secpaver_network_rules_0001.sh    | 84 +++++++++++++++++++
 .../oe_test_secpaver_network_rules_0002.sh    | 82 ++++++++++++++++++
 .../oe_test_secpaver_network_rules_0003.sh    | 62 ++++++++++++++
 .../oe_test_secpaver_network_rules_0004.sh    | 84 +++++++++++++++++++
 .../oe_test_secpaver_pav_engine_info_0001.sh  | 37 ++++++++
 .../oe_test_secpaver_pav_engine_list_0001.sh  | 39 +++++++++
 9 files changed, 546 insertions(+)
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_general_user_exe/oe_test_secpaver_general_user_exe.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_log_authority/oe_test_secpaver_log_authority.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_log_text/oe_test_secpaver_log_text.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_network_rules_0001/oe_test_secpaver_network_rules_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_network_rules_0002/oe_test_secpaver_network_rules_0002.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_network_rules_0003/oe_test_secpaver_network_rules_0003.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_network_rules_0004/oe_test_secpaver_network_rules_0004.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_engine_info_0001/oe_test_secpaver_pav_engine_info_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_engine_list_0001/oe_test_secpaver_pav_engine_list_0001.sh

diff --git a/testcases/package-test/secpaver/oe_test_secpaver_general_user_exe/oe_test_secpaver_general_user_exe.sh b/testcases/package-test/secpaver/oe_test_secpaver_general_user_exe/oe_test_secpaver_general_user_exe.sh
new file mode 100644
index 0000000..2a981c2
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_general_user_exe/oe_test_secpaver_general_user_exe.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   Secpaver cmd authority test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    # Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    # Add user
+    useradd generalUser1
+}
+
+function run_test() {
+    # pav command
+    su - generalUser1 -c "pav project list"
+    CHECK_RESULT "$?" 0 1 "invalid permission for general user to execute pav commands"
+    # systemctl start pavd
+    su - generalUser1 -c "systemctl start pavd"
+    CHECK_RESULT "$?" 0 1 "invalid permission for general user to start pavd"
+    # systemctl start pavd
+    su - generalUser1 -c "pavd --help"
+    CHECK_RESULT "$?" 0 1 "invalid permission for general user to execute pavd commands"
+}
+
+function post_test() {
+    # delete temp file
+    rm -rf output
+
+    # delete user
+    userdel -r generalUser1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_log_authority/oe_test_secpaver_log_authority.sh b/testcases/package-test/secpaver/oe_test_secpaver_log_authority/oe_test_secpaver_log_authority.sh
new file mode 100644
index 0000000..5e43c34
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_log_authority/oe_test_secpaver_log_authority.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   Secpaver log authority test
+# ##################################
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    # Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    # Add user
+    useradd userTest1
+}
+
+function run_test() {
+    # check log file mode
+    mode=$(stat -c %a /var/log/secpaver/pavd.log)
+    user=$(stat -c %U /var/log/secpaver/pavd.log)
+    CHECK_RESULT "$mode" 600 0 "invalid mode of log file."
+    expect_str_eq "$user" "root" "invalid owner of log file."
+    # normal user read log file
+    su - userTest1 -c "head -n1 /var/log/secpaver/pavd.log" > output
+    line=$(wc -l output | awk '{print $1}')
+    CHECK_RESULT "$line" 0 0 "invalid authority of log file."
+}
+
+function post_test() {
+    # delete temp file
+    rm -rf output
+
+    # delete user
+    userdel -r userTest1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_log_text/oe_test_secpaver_log_text.sh b/testcases/package-test/secpaver/oe_test_secpaver_log_text/oe_test_secpaver_log_text.sh
new file mode 100644
index 0000000..459b195
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_log_text/oe_test_secpaver_log_text.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   Secpaver log test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    # Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+    # 原本的日志文件备份,创建一个空白的新日志文件
+    cp -a /var/log/secpaver/pavd.log /var/log/secpaver/pavd.swap.log
+    echo 0> /var/log/secpaver/pavd.log
+}
+
+function run_test() {
+    # correct log
+    pav project list
+    grep "error" /var/log/secpaver/pavd.log
+    CHECK_RESULT "$?" 0 1  "log error"
+    # error log 
+    mv /var/local/secpaver/projects/ /var/local/secpaver/projects_r/
+    pav project list
+    cat /var/log/secpaver/pavd.log
+    grep "error" /var/log/secpaver/pavd.log
+    CHECK_RESULT "$?" 0 0 "log error"
+    # recover
+    mv /var/local/secpaver/projects_r/ /var/local/secpaver/projects/
+    systemctl restart pavd
+    grep -E 'viewsec|viewSec|vsec|vsecd' /var/log/secpaver/pavd.log
+    CHECK_RESULT "$?" 0 1 "remained viewsec keywords in secpaver log"
+    systemctl stop pavd
+}
+
+function post_test() {
+    # delete temp log
+    echo 0> /var/log/secpaver/pavd.log
+    cat /var/log/secpaver/pavd.swap.log > /var/log/secpaver/pavd.log
+    rm -rf /var/log/secpaver/pavd.swap.log
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0001/oe_test_secpaver_network_rules_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0001/oe_test_secpaver_network_rules_0001.sh
new file mode 100644
index 0000000..1e4341e
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0001/oe_test_secpaver_network_rules_0001.sh
@@ -0,0 +1,84 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   Unix socket policy test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Install local ncat
+    DNF_INSTALL nc
+
+    #create temp file
+    touch /home/secpaver_hostmsg
+
+    #Import and Build project
+    import_build_project testNet
+
+    #install testNet rules
+    install_strategy testNet
+}
+
+function run_test() {
+    #invalid socket
+    for ((i = 0; i < 5; i++)); do
+        sleep 1
+        rm -rf /var/run/invalid.sock
+        kill -9 "$(ps -ef | grep 'ncat -lU /var/run/invalid.sock' | grep -v grep | awk '{print $2}')"
+        ncat -lU /var/run/invalid.sock &
+        ps -ef | grep 'ncat -lU /var/run/invalid.sock' | grep -v grep
+        if [ "$?" -ne 0 ]; then
+            break
+        fi
+    done
+    ls /var/run/invalid.sock
+    err=$?
+    CHECK_RESULT "$err" 0 1 "fail to install ncat rules"
+    if [ "$err" -eq 0 ]; then #if socket established unexpectedly, delete socket
+        rm -rf /var/run/invalid.sock
+        kill -9 "$(ps -ef | grep 'ncat -lU /var/run/invalid.sock' | grep -v grep | awk '{print $2}')"
+    fi
+    #valid socket (host)
+    ncat -lU /var/run/test.sock > /home/secpaver_hostmsg &
+    COUNT=0
+    for ((i = 0; i < 100; i++)); do
+        sleep 0.05
+        COUNT=$(find /var/run/ -name test.sock | wc -l)
+        [ "$COUNT" -eq 1 ] && break
+    done
+    CHECK_RESULT "$COUNT" 1 0 "fail to install ncat rules"
+    #valid socket (client)
+    echo "unix socket message" | nc -U /var/run/test.sock
+    CHECK_RESULT "$?" 0 0 "bind socket error"
+    cat /home/secpaver_hostmsg
+    grep "unix socket message" /home/secpaver_hostmsg
+    CHECK_RESULT "$?" 0 0 "fail to send message through unix socket"
+}
+
+function post_test() {
+    #Uninstall strategy
+    uninstall_strategy testNet
+
+    #clear temp file
+    socket_file_clear
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0002/oe_test_secpaver_network_rules_0002.sh b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0002/oe_test_secpaver_network_rules_0002.sh
new file mode 100644
index 0000000..cafe984
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0002/oe_test_secpaver_network_rules_0002.sh
@@ -0,0 +1,82 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   Tcp socket policy test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Install local ncat
+    DNF_INSTALL nc
+
+    #create temp file
+    touch /home/secpaver_hostmsg
+
+    #Import and Build project
+    import_build_project testNet
+
+    #install testNet rules
+    install_strategy testNet
+}
+
+function run_test() {
+    #invalid port
+    for ((i = 0; i < 5; i++)); do
+        sleep 1
+        kill -9 "$(ps -ef | grep 'ncat -lv 5009' | grep -v grep | awk '{print $2}')"
+        ncat -lv 5009 &
+        ps -ef | grep 'ncat -lv 5009' | grep -v grep
+        if [ "$?" -ne 0 ]; then
+            break
+        fi
+    done
+    ps -ef | grep 'ncat -lv 5009' | grep -v grep
+    err=$?
+    CHECK_RESULT "$err" 0 1 "fail to install ncat rules"
+    if [ "$err" -eq 0 ]; then #if socket established unexpectedly, kill process
+        kill -9 "$(ps -ef | grep 'ncat -lv' | grep -v grep | awk '{print $2}')"
+    fi
+    #valid port (host)
+    ncat -lv 5005 > /home/secpaver_hostmsg &
+    COUNT=0
+    for ((i = 0; i < 100; i++)); do
+        sleep 0.05
+        COUNT=$(ps -ef | grep 5005 | grep -v grep -c)
+        [ "$COUNT" -ne 0 ] && break
+    done
+    CHECK_RESULT "$COUNT" 0 1 "fail to install ncat rules"
+    #valid port (client)
+    echo "tcp socket message" | ncat localhost 5005
+    CHECK_RESULT "$?" 0 0 "bind socket error"
+    cat /home/secpaver_hostmsg
+    grep "tcp socket message" /home/secpaver_hostmsg
+    CHECK_RESULT "$?" 0 0 "fail to send message through tcp socket"
+}
+
+function post_test() {
+    #Uninstall strategy
+    uninstall_strategy testNet
+
+    #clear temp file
+    socket_file_clear
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0003/oe_test_secpaver_network_rules_0003.sh b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0003/oe_test_secpaver_network_rules_0003.sh
new file mode 100644
index 0000000..ef64b11
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0003/oe_test_secpaver_network_rules_0003.sh
@@ -0,0 +1,62 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   Icmp socket policy test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Install local ncat
+    DNF_INSTALL nc
+
+    #create temp file
+    touch /home/secpaver_hostmsg
+
+    #Import and Build project
+    import_build_project testNet
+
+    #install testNet rules
+    install_strategy testNet
+}
+
+function run_test() {
+    #valid port (host)
+    ping localhost -w 5 > /home/secpaver_hostmsg
+    CHECK_RESULT "$?" 0 0 "fail to install ncat rules"
+    cat /home/secpaver_hostmsg
+    getcap /bin/ping
+    ls -lZ /bin/ping
+    grep "64 bytes from localhost" /home/secpaver_hostmsg
+    CHECK_RESULT "$?" 0 0 "fail to send message through icmp socket"
+}
+
+function post_test() {
+    #kill udp socket process
+    kill -9 "$(ps -ef | grep 'ping localhost' | grep -v grep | awk '{print $2}')"
+
+    #Uninstall strategy
+    uninstall_strategy testNet
+
+    #clear temp file
+    socket_file_clear
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0004/oe_test_secpaver_network_rules_0004.sh b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0004/oe_test_secpaver_network_rules_0004.sh
new file mode 100644
index 0000000..6148034
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_network_rules_0004/oe_test_secpaver_network_rules_0004.sh
@@ -0,0 +1,84 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   Udp socket policy test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Install local ncat
+    DNF_INSTALL nc
+
+    #create temp file
+    touch /home/secpaver_hostmsg
+
+    #Import and Build project
+    import_build_project testNet
+
+    #install testNet rules
+    install_strategy testNet
+}
+
+function run_test() {
+    #invalid port
+    for ((i = 0; i < 5; i++)); do
+        sleep 1
+        kill -9 "$(ps -ef | grep 'ncat -lvu 5007' | grep -v grep | awk '{print $2}')"
+        ncat -lvu 5007 &
+        ps -ef | grep 'ncat -lvu 5007' | grep -v grep
+        if [ "$?" -ne 0 ]; then
+            break
+        fi
+    done
+    ps -ef | grep 'ncat -lvu 5007' | grep -v grep
+    err=$?
+    CHECK_RESULT "$err" 0 1 "fail to install ncat rules"
+    if [ "$err" -eq 0 ]; then #if socket established unexpectedly, kill process
+        kill -9 "$(ps -ef | grep 'ncat -lvu' | grep -v grep | awk '{print $2}')"
+    fi
+    #valid port (host)
+    ncat -lvu 5005 > /home/secpaver_hostmsg &
+    COUNT=0
+    for ((i = 0; i < 100; i++)); do
+        sleep 0.05
+        COUNT=$(ps -ef | grep 5005 | grep -v grep -c)
+        [ "$COUNT" -ne 0 ] && break
+    done
+    CHECK_RESULT "$COUNT" 0 1 "fail to install ncat rules"
+    #valid port (client)
+    echo -n "udp socket message" > /dev/udp/localhost/5005
+    CHECK_RESULT "$?" 0 0 "bind socket error"
+    grep "udp socket message" /home/secpaver_hostmsg
+    CHECK_RESULT "$?" 0 0 "fail to send message through udp socket"
+}
+
+function post_test() {
+    #kill udp socket process
+    kill -9 "$(ps -ef | grep 'ncat -lvu' | grep -v grep | awk '{print $2}')"
+
+    #Uninstall strategy
+    uninstall_strategy testNet
+
+    #clear temp file
+    socket_file_clear
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_info_0001/oe_test_secpaver_pav_engine_info_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_info_0001/oe_test_secpaver_pav_engine_info_0001.sh
new file mode 100644
index 0000000..c408d63
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_info_0001/oe_test_secpaver_pav_engine_info_0001.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   pav engine info cmd test
+# ##################################
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    pav engine info selinux
+    CHECK_RESULT $? 0 0 "support selinux policy"
+    pav engine info apparmor
+    CHECK_RESULT $? 0 1 "not support apparmor policy"
+}
+
+function post_test() {
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_list_0001/oe_test_secpaver_pav_engine_list_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_list_0001/oe_test_secpaver_pav_engine_list_0001.sh
new file mode 100644
index 0000000..8086226
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_engine_list_0001/oe_test_secpaver_pav_engine_list_0001.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   pav engine list cmd test
+# ##################################
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    pav engine list
+    CHECK_RESULT $? 0 0 "pav engine list cmd failed"
+    pav engine list | grep selinux
+    CHECK_RESULT $? 0 0 "support selinux policy"
+    pav engine list | grep apparmor
+    CHECK_RESULT $? 0 1 "not support apparmor policy"
+}
+
+function post_test() {
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
-- 
Gitee


From ac55b3ab42d8ff7b71915c767bc4854a41d0952b Mon Sep 17 00:00:00 2001
From: zengxianjun <zengxianjun3@huawei.com>
Date: Thu, 3 Mar 2022 09:12:51 +0000
Subject: [PATCH 7/8] add secpaver testcases

---
 ...oe_test_secpaver_pav_project_build_0001.sh | 50 +++++++++++++++
 ...e_test_secpaver_pav_project_create_0001.sh | 51 ++++++++++++++++
 ...e_test_secpaver_pav_project_delete_0001.sh | 42 +++++++++++++
 ...e_test_secpaver_pav_project_export_0001.sh | 61 +++++++++++++++++++
 ...e_test_secpaver_pav_project_import_0001.sh | 50 +++++++++++++++
 ...e_test_secpaver_pav_project_import_0002.sh | 43 +++++++++++++
 ...e_test_secpaver_pav_project_import_0003.sh | 42 +++++++++++++
 ...e_test_secpaver_pav_project_import_0004.sh | 41 +++++++++++++
 .../oe_test_secpaver_pav_project_info_0001.sh | 42 +++++++++++++
 .../oe_test_secpaver_pav_project_list_0001.sh | 39 ++++++++++++
 10 files changed, 461 insertions(+)
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_project_build_0001/oe_test_secpaver_pav_project_build_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_project_create_0001/oe_test_secpaver_pav_project_create_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_project_delete_0001/oe_test_secpaver_pav_project_delete_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_project_export_0001/oe_test_secpaver_pav_project_export_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0001/oe_test_secpaver_pav_project_import_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0002/oe_test_secpaver_pav_project_import_0002.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0003/oe_test_secpaver_pav_project_import_0003.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0004/oe_test_secpaver_pav_project_import_0004.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_project_info_0001/oe_test_secpaver_pav_project_info_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pav_project_list_0001/oe_test_secpaver_pav_project_list_0001.sh

diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_build_0001/oe_test_secpaver_pav_project_build_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_build_0001/oe_test_secpaver_pav_project_build_0001.sh
new file mode 100644
index 0000000..5d9bfc0
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_build_0001/oe_test_secpaver_pav_project_build_0001.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/02
+# @Desc      :   pav project build cmd test
+# ##################################
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+    project_import
+}
+
+function run_test() {
+    pav project build -r "$project_name" --engine selinux
+    CHECK_RESULT $? 0 0  "pav project build failed"
+    pav project build -r proj --engine selinux > result1 2>&1
+    CHECK_RESULT $? 0 1 "pav project build should failed"
+    grep 'proj directory not found' result1
+    CHECK_RESULT $? 0 0 "print error"
+    pav project build -r "$project_name" --engine sea > result2 2>&1
+    CHECK_RESULT $? 0 1  "pav project build --engine sea should failed"
+    grep 'invalid engine' result2
+    CHECK_RESULT $? 0 0 "print error"
+    pav project build -d /testpav --engine selinux > result3 2>&1
+    CHECK_RESULT $? 0 1 "pav project build should failed"
+    grep 'testpav directory not found' result3
+    CHECK_RESULT $? 0 0 "print error"
+}
+
+function post_test() {
+    pav project delete "$project_name"
+    rm -rf p*
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_create_0001/oe_test_secpaver_pav_project_create_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_create_0001/oe_test_secpaver_pav_project_create_0001.sh
new file mode 100644
index 0000000..c6f10ef
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_create_0001/oe_test_secpaver_pav_project_create_0001.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/02
+# @Desc      :   pav project create cmd test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    pav project create "$project_name" .
+    CHECK_RESULT $? 0 0 "pav project create failed"
+    ls ./"$project_name"
+    CHECK_RESULT $? 0 0 "project not found"
+    pav project create "$project_name" > result1 2>&1
+    CHECK_RESULT $? 0 1 "pav project create should failed"
+    grep 'Incorrect Usage' result1
+    CHECK_RESULT $? 0 0 "print error"
+    pav project create . > result2 2>&1
+    CHECK_RESULT $? 0 1 "pav project create should failed"
+    grep 'Incorrect Usage' result2
+    CHECK_RESULT $? 0 0 "print error"
+    pav project create "$project_name" /testpav > result3 2>&1
+    CHECK_RESULT $? 0 1 "pav project create should failed"
+    grep 'directory not found' result3
+    CHECK_RESULT $? 0 0 "print error"
+}
+
+function post_test() {
+    rm -rf "$project_name"
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_delete_0001/oe_test_secpaver_pav_project_delete_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_delete_0001/oe_test_secpaver_pav_project_delete_0001.sh
new file mode 100644
index 0000000..96b976c
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_delete_0001/oe_test_secpaver_pav_project_delete_0001.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/02
+# @Desc      :   pav project delete cmd test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+    project_import
+}
+
+function run_test() {
+    pav project delete "$project_name" > result1 2>&1
+    grep 'Finish deleting project' result1
+    CHECK_RESULT $? 0 0 "pav project delete failed"
+    pav project delete "$project_name" > result2 2>&1
+    grep 'proj.* directory not found' result2
+    CHECK_RESULT $? 0 0 "print error"
+}
+
+function post_test() {
+    rm -rf proj*
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_export_0001/oe_test_secpaver_pav_project_export_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_export_0001/oe_test_secpaver_pav_project_export_0001.sh
new file mode 100644
index 0000000..c2824d1
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_export_0001/oe_test_secpaver_pav_project_export_0001.sh
@@ -0,0 +1,61 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/02
+# @Desc      :   pav project export cmd test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+    project_import
+}
+
+function run_test() {
+    pav project export "$project_name" .
+    CHECK_RESULT $? 0 0 "pav project export failed"
+    pav project export "$project_name" . -f
+    CHECK_RESULT $? 0 0 "pav project export -f failed"
+    pav project export "$project_name" . > result1 2>&1
+    CHECK_RESULT $? 0 1 "pav project export expected failed"
+    grep 'project file already exists' result1
+    CHECK_RESULT $? 0 0 "print error"
+    pav project export "$project_name" > result2 2>&1
+    CHECK_RESULT $? 0 1 "pav project export expected failed"
+    grep 'Incorrect Usage' result2
+    CHECK_RESULT $? 0 0 "print error"
+    pav project export . > result3 2>&1
+    CHECK_RESULT $? 0 1 "pav project export expected failed"
+    grep 'Incorrect Usage' result3
+    CHECK_RESULT $? 0 0 "print error"
+    pav project export test . > result4 2>&1
+    CHECK_RESULT $? 0 1 "pav project export expected failed"
+    grep 'test directory not found' result4
+    CHECK_RESULT $? 0 0 "print error"
+    pav project export "$project_name" /testpav > result5 2>&1
+    CHECK_RESULT $? 0 1 "pav project export expected failed"
+    grep 'file not found' result5
+    CHECK_RESULT $? 0 0 "print error"
+}
+
+function post_test() {
+    pav project delete "$project_name"
+    rm -rf proj* export*
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0001/oe_test_secpaver_pav_project_import_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0001/oe_test_secpaver_pav_project_import_0001.sh
new file mode 100644
index 0000000..7aedb86
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0001/oe_test_secpaver_pav_project_import_0001.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   pav project import cmd test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+    pav project create "$project_name" .
+    zip -r "$project_name".zip "$project_name"/
+}
+
+function run_test() {
+    ls "$project_name".zip
+    CHECK_RESULT $? 0 0 "pav project create failed"
+    pav project list | grep "$project_name" && pav project delete "$project_name"
+    pav project import "$project_name".zip > result1 2>&1
+    grep 'Finish importing project' result1
+    CHECK_RESULT $? 0 0 "import project failed"
+    pav project import "$project_name".zip > result2 2>&1
+    grep 'project exists' result2
+    CHECK_RESULT $? 0 0 "import existed project failed"
+    pav project import "$project_name".zip -f > result3 2>&1
+    grep 'Finish importing project' result3
+    CHECK_RESULT $? 0 0 "force import existed project failed"
+}
+
+function post_test() {
+    pav project delete "$project_name"
+    rm -rf proj*
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0002/oe_test_secpaver_pav_project_import_0002.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0002/oe_test_secpaver_pav_project_import_0002.sh
new file mode 100644
index 0000000..9766fc0
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0002/oe_test_secpaver_pav_project_import_0002.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   pav project import large project file
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+    dd if=/dev/zero of="$project_name".zip bs=1M count=10
+}
+
+function run_test() {
+    ls "$project_name".zip
+    CHECK_RESULT $? 0 0 "failed to create zip file"
+    pav project import "$project_name".zip > result 2>&1
+    CHECK_RESULT $? 0 1 "pav project import failed"
+    grep 'the file size must be smaller than' result
+    CHECK_RESULT $? 0 0 "error print"
+}
+
+function post_test() {
+    pav project delete "$project_name"
+    rm -rf result* proj*
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0003/oe_test_secpaver_pav_project_import_0003.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0003/oe_test_secpaver_pav_project_import_0003.sh
new file mode 100644
index 0000000..acd0027
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0003/oe_test_secpaver_pav_project_import_0003.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   pav project import invalid project file
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    echo 'test pav' > testfile
+    zip -r testfile.zip .
+    CHECK_RESULT $? 0 0 "create zip file failed"
+    pav project import testfile.zip -f > result 2>&1
+    CHECK_RESULT $? 0 1 "pav project import failed"
+    grep 'rpc error' result
+    CHECK_RESULT $? 0 0 "print error"
+}
+
+function post_test() {
+    rm -rf testfile* result
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0004/oe_test_secpaver_pav_project_import_0004.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0004/oe_test_secpaver_pav_project_import_0004.sh
new file mode 100644
index 0000000..fd687b6
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_import_0004/oe_test_secpaver_pav_project_import_0004.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/01
+# @Desc      :   pav project import invalid project file 2
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    echo 'test pav' > testfile.txt
+    CHECK_RESULT $? 0 0 "create test file failed"
+    pav project import testfile.txt -f > result 2>&1
+    CHECK_RESULT $? 0 1 "pav project import should failed"
+    grep 'testfile.txt is not a valid zip file' result
+    CHECK_RESULT $? 0 0 "print error"
+}
+
+function post_test() {
+    rm -rf testfile.txt
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_info_0001/oe_test_secpaver_pav_project_info_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_info_0001/oe_test_secpaver_pav_project_info_0001.sh
new file mode 100644
index 0000000..9ed6ebc
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_info_0001/oe_test_secpaver_pav_project_info_0001.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/02
+# @Desc      :   pav project info cmd test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+    project_import
+}
+
+function run_test() {
+    pav project info "$project_name"
+    CHECK_RESULT $? 0 0 "pav project info failed"
+    pav project info projectfile > result 2>&1
+    grep 'projectfile directory not found' result
+    CHECK_RESULT $? 0 0 "pav project info projectfile failed"
+}
+
+function post_test() {
+    pav project delete "$project_name"
+    rm -rf result proj*
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pav_project_list_0001/oe_test_secpaver_pav_project_list_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_list_0001/oe_test_secpaver_pav_project_list_0001.sh
new file mode 100644
index 0000000..ea3f74c
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pav_project_list_0001/oe_test_secpaver_pav_project_list_0001.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/02
+# @Desc      :   pav project list cmd test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+    project_import
+}
+
+function run_test() {
+    pav project list
+    CHECK_RESULT $? 0 0 "pav project list failed"
+}
+
+function post_test() {
+    pav project delete "$project_name"
+    rm -rf proj*
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
-- 
Gitee


From 125471a2a4ca3d0d4d503f6f1e6def079efa27ab Mon Sep 17 00:00:00 2001
From: zengxianjun <zengxianjun3@huawei.com>
Date: Thu, 3 Mar 2022 09:13:30 +0000
Subject: [PATCH 8/8] add secpaver testcases

---
 .../oe_test_secpaver_pavd_access_uid_gid.sh   | 46 ++++++++++++++
 .../oe_test_secpaver_pavd_logrotate.sh        | 62 +++++++++++++++++++
 .../oe_test_secpaver_policy_nodiff.sh         | 46 ++++++++++++++
 .../oe_test_secpaver_rpm_install_0001.sh      | 52 ++++++++++++++++
 .../filesystem_test                           |  6 ++
 ...oe_test_secpaver_selinux_file_rule_0001.sh | 58 +++++++++++++++++
 .../filesystem_test                           |  6 ++
 ...oe_test_secpaver_selinux_file_rule_0002.sh | 54 ++++++++++++++++
 .../filesystem_test                           |  8 +++
 ...oe_test_secpaver_selinux_file_rule_0003.sh | 54 ++++++++++++++++
 .../filesystem_test                           |  6 ++
 ...oe_test_secpaver_selinux_file_rule_0004.sh | 58 +++++++++++++++++
 .../filesystem_test                           |  6 ++
 ...oe_test_secpaver_selinux_file_rule_0005.sh | 52 ++++++++++++++++
 .../oe_test_secpaver_socket_file_authority.sh | 51 +++++++++++++++
 15 files changed, 565 insertions(+)
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pavd_access_uid_gid/oe_test_secpaver_pavd_access_uid_gid.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_pavd_logrotate/oe_test_secpaver_pavd_logrotate.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_policy_nodiff/oe_test_secpaver_policy_nodiff.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_rpm_install_0001/oe_test_secpaver_rpm_install_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/filesystem_test
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/oe_test_secpaver_selinux_file_rule_0001.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/filesystem_test
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/oe_test_secpaver_selinux_file_rule_0002.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/filesystem_test
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/oe_test_secpaver_selinux_file_rule_0003.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/filesystem_test
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/oe_test_secpaver_selinux_file_rule_0004.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/filesystem_test
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/oe_test_secpaver_selinux_file_rule_0005.sh
 create mode 100644 testcases/package-test/secpaver/oe_test_secpaver_socket_file_authority/oe_test_secpaver_socket_file_authority.sh

diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pavd_access_uid_gid/oe_test_secpaver_pavd_access_uid_gid.sh b/testcases/package-test/secpaver/oe_test_secpaver_pavd_access_uid_gid/oe_test_secpaver_pavd_access_uid_gid.sh
new file mode 100644
index 0000000..a760897
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pavd_access_uid_gid/oe_test_secpaver_pavd_access_uid_gid.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/02
+# @Desc      :   /usr/bin/pav, /usr/bin/pavd authourity test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    # Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    # check pav file mode
+    mode=$(stat -c %a /bin/pav)
+    user=$(stat -c %U /bin/pav)
+    CHECK_RESULT "$mode" 700 0 "invalid mode of pav file."
+    CHECK_RESULT "$user" "root" 0 "invalid owner of pav file."
+
+    # check pavd file mode
+    mode=$(stat -c %a /bin/pavd)
+    user=$(stat -c %U /bin/pavd)
+    CHECK_RESULT "$mode" 700 0 "invalid mode of pavd file."
+    CHECK_RESULT "$user" "root" 0 "invalid owner of pavd file."
+}
+
+function post_test() {
+    return
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_pavd_logrotate/oe_test_secpaver_pavd_logrotate.sh b/testcases/package-test/secpaver/oe_test_secpaver_pavd_logrotate/oe_test_secpaver_pavd_logrotate.sh
new file mode 100644
index 0000000..1c171d6
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_pavd_logrotate/oe_test_secpaver_pavd_logrotate.sh
@@ -0,0 +1,62 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/02
+# @Desc      :   /var/log/secpaver/pavd.log logrotate test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    # Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    # check log file
+    for ((i = 1; i < 10; i++)); do
+        grep "grpc server is listening" /var/log/secpaver/pavd.log && break
+        sleep 0.1
+    done
+    CHECK_RESULT "$?" 0 0 "Error in log file."
+
+    # replace log file
+    mv /var/log/secpaver/pavd.log /var/log/secpaver/pavd.log.copy
+    dd if=/dev/zero of=/var/log/secpaver/pavd.log bs=1M count=10
+    systemctl restart pavd
+    for ((i = 1; i < 100; i++)); do
+        ps -ef | grep /usr/bin/pavd | grep -v grep && break
+        sleep 0.01
+    done
+    systemctl restart pavd
+    for ((i = 1; i < 100; i++)); do
+        ps -ef | grep /usr/bin/pavd | grep -v grep && break
+        sleep 0.01
+    done
+    ls /var/log/secpaver/
+    CHECK_RESULT "$?" 0 0 "Error in log dir."
+    ls /var/log/secpaver/ | grep "pavd-"
+    CHECK_RESULT "$?" 0 0 "Error in log around."
+}
+
+function post_test() {
+    systemctl stop pavd
+    rm -rf /var/log/secpaver/pavd-* /var/log/secpaver/pavd.log
+    mv /var/log/secpaver/pavd.log.copy /var/log/secpaver/pavd.log
+    return
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_policy_nodiff/oe_test_secpaver_policy_nodiff.sh b/testcases/package-test/secpaver/oe_test_secpaver_policy_nodiff/oe_test_secpaver_policy_nodiff.sh
new file mode 100644
index 0000000..4d1bd57
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_policy_nodiff/oe_test_secpaver_policy_nodiff.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/02
+# @Desc      :   exported policy file integrity test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+WDIR=$(pwd)
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    mkdir policy1 policy2
+    pav project import ../common/testNet.zip
+    pav project build -r testNet --engine selinux
+    pav policy export testNet_selinux ./policy1
+    pav policy export testNet_selinux ./policy2
+    md5sum ./policy1/testNet_selinux.zip | awk '{$1}' > checksum_1
+    md5sum ./policy2/testNet_selinux.zip | awk '{$1}' > checksum_2
+    diff checksum_1 checksum_2
+    CHECK_RESULT "$?" 0 0 "build consistent policy."
+}
+
+function post_test() {
+    cd "$WDIR" || exit 1
+    rm -rf ./policy*
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_rpm_install_0001/oe_test_secpaver_rpm_install_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_rpm_install_0001/oe_test_secpaver_rpm_install_0001.sh
new file mode 100644
index 0000000..3b3c72c
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_rpm_install_0001/oe_test_secpaver_rpm_install_0001.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/02
+# @Desc      :   pavd service test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    DNF_INSTALL secpaver && systemctl start pavd
+}
+
+function run_test() {
+    # status
+    systemctl status pavd > stat
+    grep "Active: active (running)" stat
+    CHECK_RESULT "$?" 0 0 "Error in pavd service status"
+    # version
+    ver=$(pav -v | awk '{print $3}')
+    rpm -qa secpaver > rpm_msg
+    grep "${ver}" rpm_msg
+    CHECK_RESULT "$?" 0 0 "Error version"
+    # config file mode
+    mode=$(stat -c %a /etc/secpaver/pavd/config.json)
+    CHECK_RESULT "$mode" 600 0 "Access permission of config file should be 600"
+    # restart pavd
+    systemctl restart pavd
+    CHECK_RESULT "$?" 0 0 "Fail to restart pavd"
+    # stop pavd
+    systemctl stop pavd
+    CHECK_RESULT "$?" 0 0 "Fail to stop pavd"
+}
+
+function post_test() {
+    DNF_UNINSTALL secpaver 1
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/filesystem_test b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/filesystem_test
new file mode 100644
index 0000000..9ae2811
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/filesystem_test
@@ -0,0 +1,6 @@
+#!/bin/bash
+if [ "$1" == "false" ]; then
+    rename file4 file_2 /resource/file4
+else
+    rename file file_1 /resource/file
+fi
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/oe_test_secpaver_selinux_file_rule_0001.sh b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/oe_test_secpaver_selinux_file_rule_0001.sh
new file mode 100644
index 0000000..749ce90
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0001/oe_test_secpaver_selinux_file_rule_0001.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/03
+# @Desc      :   selinux rules test： rename files
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+WDIR=$(pwd)
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Create resouce
+    resource_create filesystem_test
+
+    #Import and Build project
+    import_build_project testAll
+
+    #Install strategy
+    install_strategy testAll
+
+}
+
+function run_test() {
+    getenforce
+    filesystem_test true
+    CHECK_RESULT "$?" 0 0 "Failed to install rename rules."
+    filesystem_test false
+    CHECK_RESULT "$?" 0 1 "Failed to install rename rules."
+    cat /resource/file
+    CHECK_RESULT "$?" 0 1 "Failed to rename file."
+}
+
+function post_test() {
+    cd "$WDIR" || exit 1
+    #Uninstall strategy
+    uninstall_strategy testAll
+
+    #Clear resource
+    resource_clear filesystem_test
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/filesystem_test b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/filesystem_test
new file mode 100644
index 0000000..7e708f9
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/filesystem_test
@@ -0,0 +1,6 @@
+#!/bin/bash
+if [ "$1" == "false" ]; then
+    rm -f /resource/file4
+else
+    rm -f /resource/file
+fi
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/oe_test_secpaver_selinux_file_rule_0002.sh b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/oe_test_secpaver_selinux_file_rule_0002.sh
new file mode 100644
index 0000000..1f3c4fc
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0002/oe_test_secpaver_selinux_file_rule_0002.sh
@@ -0,0 +1,54 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/03
+# @Desc      :   selinux rules test: remove file
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Create resouce
+    resource_create filesystem_test
+
+    #Import and Build project
+    import_build_project testAll
+
+    #Install strategy
+    install_strategy testAll
+}
+
+function run_test() {
+    filesystem_test true
+    CHECK_RESULT "$?" 0 0 "Failed to install rm rules."
+    filesystem_test false
+    CHECK_RESULT "$?" 0 1 "Failed to install rm rules."
+    count=$(ls -l /resource | wc -l)
+    CHECK_RESULT "${count}" 2 0 "Failed to rm file."
+}
+
+function post_test() {
+    #Uninstall strategy
+    uninstall_strategy testAll
+
+    #Clear resource
+    resource_clear filesystem_test
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/filesystem_test b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/filesystem_test
new file mode 100644
index 0000000..f6113c9
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/filesystem_test
@@ -0,0 +1,8 @@
+#!/bin/bash
+if [ "$1" == "false" ]; then
+    echo "write rules" >> /resource/file
+    echo "write to file" >> /resource/file
+else
+    echo "write rules" >> /resource/file4
+    echo "write to file" >> /resource/file4
+fi
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/oe_test_secpaver_selinux_file_rule_0003.sh b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/oe_test_secpaver_selinux_file_rule_0003.sh
new file mode 100644
index 0000000..5053b4b
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0003/oe_test_secpaver_selinux_file_rule_0003.sh
@@ -0,0 +1,54 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/03
+# @Desc      :   selinux rules test: write file
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Create resouce
+    resource_create filesystem_test
+
+    #Import and Build project
+    import_build_project testAll
+
+    #Install strategy
+    install_strategy testAll
+}
+
+function run_test() {
+    filesystem_test true
+    filesystem_test false
+    count_true=$(wc -l /resource/file | awk '{print $1}')
+    CHECK_RESULT "${count_true}" 2 0 "Failed to write file."
+    count_false=$(wc -l /resource/file4 | awk '{print $1}')
+    CHECK_RESULT "${count_false}" 0 0 "Failed to write file."
+}
+
+function post_test() {
+    #Uninstall strategy
+    uninstall_strategy testAll
+
+    #Clear resource
+    resource_clear filesystem_test
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/filesystem_test b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/filesystem_test
new file mode 100644
index 0000000..8bd1c16
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/filesystem_test
@@ -0,0 +1,6 @@
+#!/bin/bash
+if [ "$1" == "false" ]; then
+    touch /resource/false
+else
+    touch /resource/all
+fi
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/oe_test_secpaver_selinux_file_rule_0004.sh b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/oe_test_secpaver_selinux_file_rule_0004.sh
new file mode 100644
index 0000000..d6c0ec3
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0004/oe_test_secpaver_selinux_file_rule_0004.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/03
+# @Desc      :   selinux rules test: create file
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Create resouce
+    resource_create filesystem_test
+
+    #Import and Build project
+    import_build_project testAll
+
+    #Install strategy
+    install_strategy testAll
+}
+
+function run_test() {
+    filesystem_test true
+    CHECK_RESULT "$?" 0 0 "Failed to install create rules."
+    filesystem_test false
+    CHECK_RESULT "$?" 0 1 "Failed to install create rules."
+    ls -l /resource >> index
+    count_true=$(grep -c all index)
+    CHECK_RESULT "${count_true}" 1 0 "Failed to create file."
+    count_false=$(grep -c false index)
+    CHECK_RESULT "${count_false}" 0 0 "Failed to create file."
+    rm -rf index
+}
+
+function post_test() {
+    #Uninstall strategy
+    uninstall_strategy testAll
+
+    #Clear resource
+    resource_clear filesystem_test
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/filesystem_test b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/filesystem_test
new file mode 100644
index 0000000..51b7ff7
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/filesystem_test
@@ -0,0 +1,6 @@
+#!/bin/bash
+if [ "$1" == "false" ]; then
+    cat /resource/file4
+else
+    cat /resource/file
+fi
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/oe_test_secpaver_selinux_file_rule_0005.sh b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/oe_test_secpaver_selinux_file_rule_0005.sh
new file mode 100644
index 0000000..119809a
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_selinux_file_rule_0005/oe_test_secpaver_selinux_file_rule_0005.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/03
+# @Desc      :   selinux rules test: read file
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    #Create resouce
+    resource_create filesystem_test
+
+    #Import and Build project
+    import_build_project testAll
+
+    #Install strategy
+    install_strategy testAll
+}
+
+function run_test() {
+    filesystem_test true
+    CHECK_RESULT "$?" 0 0 "Failed to install read rules."
+    filesystem_test false
+    CHECK_RESULT "$?" 0 1 "Failed to install read rules."
+}
+
+function post_test() {
+    #Uninstall strategy
+    uninstall_strategy testAll
+
+    #Clear resource
+    resource_clear filesystem_test
+}
+
+main "$@"
diff --git a/testcases/package-test/secpaver/oe_test_secpaver_socket_file_authority/oe_test_secpaver_socket_file_authority.sh b/testcases/package-test/secpaver/oe_test_secpaver_socket_file_authority/oe_test_secpaver_socket_file_authority.sh
new file mode 100644
index 0000000..535905a
--- /dev/null
+++ b/testcases/package-test/secpaver/oe_test_secpaver_socket_file_authority/oe_test_secpaver_socket_file_authority.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/bash
+
+#@ License : Mulan PSL v2
+# Copyright (c) 2022. Huawei Technologies Co.,Ltd.ALL rights reserved.
+# This program is licensed under Mulan PSL v2.
+# You can use it according to the terms and conditions of the Mulan PSL v2.
+#          http://license.coscl.org.cn/MulanPSL2
+# THIS PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+# ##################################
+# @Author    :   zengxianjun
+# @Contact   :   mistachio@163.com
+# @Date      :   2022/03/03
+# @Desc      :   /var/run/secpaver/pavd.sock authourity test
+# ##################################
+
+source ../common/config_secpaver.sh
+set +e
+
+function pre_test() {
+    #Install pavd
+    DNF_INSTALL secpaver && systemctl start pavd
+
+    # Add user
+    useradd userTest1
+}
+
+function run_test() {
+    # check socket file mode
+    mode=$(stat -c %a /var/run/secpaver/pavd.sock)
+    user=$(stat -c %U /var/run/secpaver/pavd.sock)
+    CHECK_RESULT "$mode" 600 0 "Socket file mode error."
+    CHECK_RESULT "$user" "root" 0 "invalid owner of socket file."
+    # normal user read socket file
+    su - userTest1 -c "head -n1 /var/run/secpaver/pavd.sock" > output
+    line=$(wc -l output | awk '{print $1}')
+    CHECK_RESULT "$line" 0 0 "invalid authority of socket file."
+}
+
+function post_test() {
+    # delete temp file
+    rm -rf output
+
+    # delete user
+    userdel -r userTest1
+}
+
+main "$@"
-- 
Gitee