diff --git a/services/key_enable/utils/include/key_utils.h b/services/key_enable/utils/include/key_utils.h index 7ba018c14421a0973ae953deb74d7147c48cc781..fa0bbdf1291f32ddbe507ea27abbffa75da522bd 100644 --- a/services/key_enable/utils/include/key_utils.h +++ b/services/key_enable/utils/include/key_utils.h @@ -22,6 +22,12 @@ #include +#ifdef KEY_ENABLE_UTILS_TEST +#include +extern const std::string PROC_CMDLINE_FILE_PATH; +extern int32_t g_isRdDevice; +#endif + typedef int32_t KeySerial; #ifdef __cplusplus diff --git a/services/key_enable/utils/src/devices_security.cpp b/services/key_enable/utils/src/devices_security.cpp index 3ccca6e9476494ded7fb29143bab18d823e16101..d1e4e8f4b34474ae81124a4e9c88942a21305649 100644 --- a/services/key_enable/utils/src/devices_security.cpp +++ b/services/key_enable/utils/src/devices_security.cpp @@ -23,7 +23,6 @@ #include #include "log.h" -#include "parameter.h" using namespace OHOS::Security::CodeSign; @@ -34,29 +33,46 @@ enum DeviceMode { }; constexpr int32_t CMDLINE_MAX_BUF_LEN = 4096; +#ifndef KEY_ENABLE_UTILS_TEST static const std::string PROC_CMDLINE_FILE_PATH = "/proc/cmdline"; static int32_t g_isRdDevice = NOT_INITIALIZE; +#else +const std::string PROC_CMDLINE_FILE_PATH = "/data/test/tmp/cmdline"; +int32_t g_isRdDevice = NOT_INITIALIZE; +#endif -static bool CheckDeviceMode(char *buf, ssize_t bunLen) +static bool CheckDeviceMode(char *buf, ssize_t bufLen) { - if (strstr(buf, "oemmode=rd")) { + bool status = false; + char *onStr = strstr(buf, "oemmode=rd"); + char *offStr = strstr(buf, "oemmode=user"); + char *statusStr = strstr(buf, "oemmode="); + if (onStr == nullptr && offStr == nullptr) { + LOG_INFO(LABEL, "Not rd mode, cmdline = %{private}s", buf); + } else if (offStr != nullptr && statusStr != nullptr && offStr != statusStr) { + LOG_ERROR(LABEL, "cmdline attacked, cmdline = %{private}s", buf); + } else if (onStr != nullptr && offStr == nullptr) { + status = true; LOG_DEBUG(LABEL, "Oemode is rd"); - return true; - } else { - LOG_DEBUG(LABEL, "Not rd mode, cmdline = %{private}s", buf); } - return false; + return status; } -static int32_t CheckEfuseStatus(char *buf, ssize_t bunLen) +static bool CheckEfuseStatus(char *buf, ssize_t bufLen) { - if (strstr(buf, "efuse_status=1")) { + bool status = false; + char *onStr = strstr(buf, "efuse_status=1"); + char *offStr = strstr(buf, "efuse_status=0"); + char *statusStr = strstr(buf, "efuse_status="); + if (onStr == nullptr && offStr == nullptr) { + LOG_INFO(LABEL, "device is efused, cmdline = %{private}s", buf); + } else if (offStr != nullptr && statusStr != nullptr && offStr != statusStr) { + LOG_ERROR(LABEL, "cmdline attacked, cmdline = %{private}s", buf); + } else if (onStr != nullptr && offStr == nullptr) { + status = true; LOG_DEBUG(LABEL, "device is not efused"); - return true; - } else { - LOG_DEBUG(LABEL, "Not efused, cmdline = %{private}s", buf); } - return false; + return status; } static void ParseCMDLine() diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index d71d8229ca90493bde3d1db0331d6af33561dc7b..1db53c05a51c74aaf24951e0992d501969fa0f1c 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -364,12 +364,21 @@ ohos_unittest("jit_code_sign_unittest") { ohos_unittest("key_enable_utils_unittest") { module_out_path = "security/code_signature" - sources = [ "key_enable_utils_test.cpp" ] + sources = [ + "${code_signature_root_dir}/services/key_enable/utils/src/devices_security.cpp", + "key_enable_utils_test.cpp", + ] + defines = [ "KEY_ENABLE_UTILS_TEST" ] + configs = [ "${code_signature_root_dir}:common_utils_config" ] include_dirs = [ "${code_signature_root_dir}/services/key_enable/utils/include" ] deps = [ "${code_signature_root_dir}/services/key_enable/utils:libkey_enable_utils", ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] } ohos_unittest("cert_chain_verifier_unittest") { diff --git a/test/unittest/key_enable_utils_test.cpp b/test/unittest/key_enable_utils_test.cpp index 656863ebd9a53c8468b446a1e6ba7f3ea0b19824..261054703dce8a525372992fb0a94c877f9f1c06 100644 --- a/test/unittest/key_enable_utils_test.cpp +++ b/test/unittest/key_enable_utils_test.cpp @@ -26,6 +26,13 @@ namespace OHOS { namespace Security { namespace CodeSign { +static const std::string RD_DEVICE_1 = "oemmode=rd efuse_status=0"; +static const std::string RD_DEVICE_2 = "oemmode=user efuse_status=1"; +static const std::string NOT_RD_DEVICE = "oemmode=user efuse_status=0"; +static const std::string DEVICE_MODE_ATTACKED = "oemmode=rd oemmode=user"; +static const std::string EFUSED_ATTACKED = "efuse_status=1 efuse_status=0"; +constexpr int32_t NOT_INITIALIZE = 0; + class KeyEnableUtilsTest : public testing::Test { public: KeyEnableUtilsTest() {}; @@ -36,6 +43,21 @@ public: void TearDown() {}; }; +static bool OverWriteCMDLine(const std::string &content) +{ + FILE *file = fopen(PROC_CMDLINE_FILE_PATH.c_str(), "w+"); + if (file == nullptr) { + return false; + } + size_t result = fwrite(content.c_str(), 1, content.size(), file); + if (result != content.size()) { + (void)fclose(file); + return false; + } + (void)fclose(file); + return true; +} + /** * @tc.name: KeyEnableUtilsTest_0001 * @tc.desc: check status of device @@ -44,7 +66,20 @@ public: */ HWTEST_F(KeyEnableUtilsTest, KeyEnableUtilsTest_0001, TestSize.Level0) { + ASSERT_EQ(OverWriteCMDLine(RD_DEVICE_1), true); + EXPECT_EQ(IsRdDevice(), true); + g_isRdDevice = NOT_INITIALIZE; + ASSERT_EQ(OverWriteCMDLine(RD_DEVICE_2), true); EXPECT_EQ(IsRdDevice(), true); + g_isRdDevice = NOT_INITIALIZE; + ASSERT_EQ(OverWriteCMDLine(NOT_RD_DEVICE), true); + EXPECT_EQ(IsRdDevice(), false); + g_isRdDevice = NOT_INITIALIZE; + ASSERT_EQ(OverWriteCMDLine(DEVICE_MODE_ATTACKED), true); + EXPECT_EQ(IsRdDevice(), false); + g_isRdDevice = NOT_INITIALIZE; + ASSERT_EQ(OverWriteCMDLine(EFUSED_ATTACKED), true); + EXPECT_EQ(IsRdDevice(), false); } } // namespace CodeSign } // namespace Security diff --git a/test/unittest/resources/ohos_test.xml b/test/unittest/resources/ohos_test.xml index 1452baccfe88282ecd03e3df5eaaeb3b607b7a41..da298c5efd5343106f3924226bf40e8ec710be52 100644 --- a/test/unittest/resources/ohos_test.xml +++ b/test/unittest/resources/ohos_test.xml @@ -161,6 +161,14 @@