1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_deny_test.h"
17 #include "accesstoken_kit.h"
18 #include "access_token_error.h"
19 #include "token_setproc.h"
20
21 namespace OHOS {
22 namespace Security {
23 namespace AccessToken {
24 namespace {
25 static AccessTokenID g_selfTokenId = 0;
26 static AccessTokenID g_testTokenId = 0;
27 static int32_t g_selfUid;
28
29 static HapPolicyParams g_PolicyPrams = {
30 .apl = APL_NORMAL,
31 .domain = "test.domain",
32 };
33
34 static HapInfoParams g_InfoParms = {
35 .userID = 1,
36 .bundleName = "ohos.test.bundle",
37 .instIndex = 0,
38 .appIDDesc = "test.bundle"
39 };
40
41 }
42 using namespace testing::ext;
43
SetUpTestCase()44 void AccessTokenDenyTest::SetUpTestCase()
45 {
46 g_selfTokenId = GetSelfTokenID();
47 g_selfUid = getuid();
48 }
49
TearDownTestCase()50 void AccessTokenDenyTest::TearDownTestCase()
51 {
52 SetSelfTokenID(g_selfTokenId);
53 setuid(g_selfUid);
54 GTEST_LOG_(INFO) << "PermStateChangeCallback, tokenID is " << GetSelfTokenID();
55 GTEST_LOG_(INFO) << "PermStateChangeCallback, uid is " << getuid();
56 }
57
SetUp()58 void AccessTokenDenyTest::SetUp()
59 {
60 AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams);
61
62 g_testTokenId = AccessTokenKit::GetHapTokenID(g_InfoParms.userID,
63 g_InfoParms.bundleName,
64 g_InfoParms.instIndex);
65 ASSERT_NE(INVALID_TOKENID, g_testTokenId);
66 SetSelfTokenID(g_testTokenId);
67 setuid(1234); // 1234: UID
68 }
69
TearDown()70 void AccessTokenDenyTest::TearDown()
71 {
72 SetSelfTokenID(g_selfTokenId);
73 setuid(g_selfUid);
74 }
75
76 /**
77 * @tc.name: AllocHapToken001
78 * @tc.desc: AllocHapToken with no permission
79 * @tc.type: FUNC
80 * @tc.require:
81 */
82 HWTEST_F(AccessTokenDenyTest, AllocHapToken001, TestSize.Level1)
83 {
84 AccessTokenIDEx tokenIdEx = {0};
85 tokenIdEx = AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams);
86 ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID);
87 }
88
89 /**
90 * @tc.name: AllocLocalTokenID001
91 * @tc.desc: AllocLocalTokenID with no permission
92 * @tc.type: FUNC
93 * @tc.require:
94 */
95 HWTEST_F(AccessTokenDenyTest, AllocLocalTokenID001, TestSize.Level1)
96 {
97 std::string remoteDevice = "remote device";
98 AccessTokenID tokenId = 123;
99 AccessTokenID localTokenId = AccessTokenKit::AllocLocalTokenID(remoteDevice, tokenId);
100 ASSERT_EQ(INVALID_TOKENID, localTokenId);
101 }
102
103 /**
104 * @tc.name: UpdateHapToken001
105 * @tc.desc: UpdateHapToken with no permission
106 * @tc.type: FUNC
107 * @tc.require:
108 */
109 HWTEST_F(AccessTokenDenyTest, UpdateHapToken001, TestSize.Level1)
110 {
111 std::string appIDDesc = "appdi desc";
112 int32_t apiVersion = 9;
113 AccessTokenID tokenId = 123;
114 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
115 AccessTokenKit::UpdateHapToken(tokenId, appIDDesc, apiVersion, g_PolicyPrams));
116 }
117
118 /**
119 * @tc.name: DeleteToken001
120 * @tc.desc: DeleteToken with no permission
121 * @tc.type: FUNC
122 * @tc.require:
123 */
124 HWTEST_F(AccessTokenDenyTest, DeleteToken001, TestSize.Level1)
125 {
126 AccessTokenID tokenId = 123;
127 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteToken(tokenId));
128 }
129
130 /**
131 * @tc.name: CheckNativeDCap001
132 * @tc.desc: CheckNativeDCap with no permission
133 * @tc.type: FUNC
134 * @tc.require:
135 */
136 HWTEST_F(AccessTokenDenyTest, CheckNativeDCap001, TestSize.Level1)
137 {
138 AccessTokenID tokenId = 123;
139 const std::string dcap = "AT_CAP";
140 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::CheckNativeDCap(tokenId, dcap));
141 }
142
143 /**
144 * @tc.name: GetHapTokenID001
145 * @tc.desc: GetHapTokenID with no permission
146 * @tc.type: FUNC
147 * @tc.require:
148 */
149 HWTEST_F(AccessTokenDenyTest, GetHapTokenID001, TestSize.Level1)
150 {
151 int32_t userID = 0;
152 std::string bundleName = "test";
153 int32_t instIndex = 0;
154 AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex);
155 ASSERT_EQ(INVALID_TOKENID, tokenId);
156 }
157
158 /**
159 * @tc.name: GetHapTokenInfo001
160 * @tc.desc: GetHapTokenInfo with no permission
161 * @tc.type: FUNC
162 * @tc.require:
163 */
164 HWTEST_F(AccessTokenDenyTest, GetHapTokenInfo001, TestSize.Level1)
165 {
166 AccessTokenID tokenId = 123;
167 HapTokenInfo tokenInfo;
168 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo));
169 }
170
171 /**
172 * @tc.name: GetNativeTokenInfo001
173 * @tc.desc: GetNativeTokenInfo with no permission
174 * @tc.type: FUNC
175 * @tc.require:
176 */
177 HWTEST_F(AccessTokenDenyTest, GetNativeTokenInfo001, TestSize.Level1)
178 {
179 AccessTokenID tokenId = 123;
180 NativeTokenInfo tokenInfo;
181 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetNativeTokenInfo(tokenId, tokenInfo));
182 }
183
184 /**
185 * @tc.name: GetPermissionFlag001
186 * @tc.desc: GetPermissionFlag with no permission
187 * @tc.type: FUNC
188 * @tc.require:
189 */
190 HWTEST_F(AccessTokenDenyTest, GetPermissionFlag001, TestSize.Level1)
191 {
192 AccessTokenID tokenId = 123;
193 std::string permission = "ohos.permission.CAMERA";
194 int32_t flag;
195 ASSERT_EQ(PERMISSION_DEFAULT_FLAG, AccessTokenKit::GetPermissionFlag(tokenId, permission, flag));
196 }
197
198 /**
199 * @tc.name: GrantPermission001
200 * @tc.desc: GrantPermission with no permission
201 * @tc.type: FUNC
202 * @tc.require:
203 */
204 HWTEST_F(AccessTokenDenyTest, GrantPermission001, TestSize.Level1)
205 {
206 AccessTokenID tokenId = 123;
207 std::string permission = "ohos.permission.CAMERA";
208 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
209 AccessTokenKit::GrantPermission(tokenId, permission, PERMISSION_USER_FIXED));
210 }
211
212 /**
213 * @tc.name: RevokePermission001
214 * @tc.desc: RevokePermission with no permission
215 * @tc.type: FUNC
216 * @tc.require:
217 */
218 HWTEST_F(AccessTokenDenyTest, RevokePermission001, TestSize.Level1)
219 {
220 AccessTokenID tokenId = 123;
221 std::string permission = "ohos.permission.CAMERA";
222 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
223 AccessTokenKit::RevokePermission(tokenId, permission, PERMISSION_USER_FIXED));
224 }
225
226 /**
227 * @tc.name: ClearUserGrantedPermissionState001
228 * @tc.desc: ClearUserGrantedPermissionState with no permission
229 * @tc.type: FUNC
230 * @tc.require:
231 */
232 HWTEST_F(AccessTokenDenyTest, ClearUserGrantedPermissionState001, TestSize.Level1)
233 {
234 AccessTokenID tokenId = 123;
235 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::ClearUserGrantedPermissionState(tokenId));
236 }
237
238 class CbCustomizeTest1 : public PermStateChangeCallbackCustomize {
239 public:
CbCustomizeTest1(const PermStateChangeScope & scopeInfo)240 explicit CbCustomizeTest1(const PermStateChangeScope &scopeInfo)
241 : PermStateChangeCallbackCustomize(scopeInfo)
242 {
243 }
~CbCustomizeTest1()244 ~CbCustomizeTest1() {}
245
PermStateChangeCallback(PermStateChangeInfo & result)246 virtual void PermStateChangeCallback(PermStateChangeInfo& result)
247 {
248 }
249 };
250
251 /**
252 * @tc.name: RegisterPermStateChangeCallback001
253 * @tc.desc: RegisterPermStateChangeCallback with no permission
254 * @tc.type: FUNC
255 * @tc.require:
256 */
257 HWTEST_F(AccessTokenDenyTest, RegisterPermStateChangeCallback001, TestSize.Level1)
258 {
259 PermStateChangeScope scopeInfo;
260 scopeInfo.permList = {"ohos.permission.CAMERA"};
261 scopeInfo.tokenIDs = {};
262 auto callbackPtr = std::make_shared<CbCustomizeTest1>(scopeInfo);
263 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr));
264 }
265
266 /**
267 * @tc.name: UnregisterPermStateChangeCallback001
268 * @tc.desc: UnRegisterPermStateChangeCallback with no permission
269 * @tc.type: FUNC
270 * @tc.require:
271 */
272 HWTEST_F(AccessTokenDenyTest, UnregisterPermStateChangeCallback001, TestSize.Level1)
273 {
274 setuid(g_selfUid);
275
276 PermissionStateFull testState = {
277 .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS",
278 .isGeneral = true,
279 .resDeviceID = {"local"},
280 .grantStatus = {PermissionState::PERMISSION_GRANTED},
281 .grantFlags = {1}
282 };
283 HapPolicyParams policyPrams = {
284 .apl = APL_NORMAL,
285 .domain = "test.domain",
286 .permList = {},
287 .permStateList = {testState}
288 };
289 HapInfoParams infoParms = {
290 .userID = 1,
291 .bundleName = "ohos.test.bundle",
292 .instIndex = 0,
293 .appIDDesc = "test.bundle"
294 };
295 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(infoParms, policyPrams);
296 ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID);
297 SetSelfTokenID(tokenIdEx.tokenIdExStruct.tokenID);
298
299 PermStateChangeScope scopeInfo;
300 scopeInfo.permList = {"ohos.permission.CAMERA"};
301 scopeInfo.tokenIDs = {};
302 auto callbackPtr = std::make_shared<CbCustomizeTest1>(scopeInfo);
303 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr));
304
305 SetSelfTokenID(g_testTokenId);
306
307 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr));
308
309 SetSelfTokenID(tokenIdEx.tokenIdExStruct.tokenID);
310 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr));
311
312 setuid(g_selfUid);
313 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID));
314 }
315
316 /**
317 * @tc.name: ReloadNativeTokenInfo001
318 * @tc.desc: ReloadNativeTokenInfo with no permission
319 * @tc.type: FUNC
320 * @tc.require:
321 */
322 HWTEST_F(AccessTokenDenyTest, ReloadNativeTokenInfo001, TestSize.Level1)
323 {
324 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::ReloadNativeTokenInfo());
325 }
326
327 /**
328 * @tc.name: GetNativeTokenId001
329 * @tc.desc: Verify the GetNativeTokenId abnormal branch return nullptr proxy.
330 * @tc.type: FUNC
331 * @tc.require: Issue Number
332 */
333 HWTEST_F(AccessTokenDenyTest, GetNativeTokenId001, TestSize.Level1)
334 {
335 std::string processName = "hdcd";
336 AccessTokenID tokenID = AccessTokenKit::GetNativeTokenId(processName);
337 ASSERT_EQ(INVALID_TOKENID, tokenID);
338 }
339
340 /**
341 * @tc.name: DumpTokenInfo001
342 * @tc.desc: Verify the DumpTokenInfo abnormal branch return nullptr proxy.
343 * @tc.type: FUNC
344 * @tc.require:Issue Number
345 */
346 HWTEST_F(AccessTokenDenyTest, DumpTokenInfo001, TestSize.Level1)
347 {
348 std::string info;
349 AccessTokenKit::DumpTokenInfo(123, info);
350 ASSERT_EQ("", info);
351 }
352
353 #ifdef TOKEN_SYNC_ENABLE
354 /**
355 * @tc.name: GetHapTokenInfoFromRemote001
356 * @tc.desc: GetHapTokenInfoFromRemote with no permission
357 * @tc.type: FUNC
358 * @tc.require:
359 */
360 HWTEST_F(AccessTokenDenyTest, GetHapTokenInfoFromRemote001, TestSize.Level1)
361 {
362 AccessTokenID tokenId = 123;
363 HapTokenInfoForSync hapSync;
364 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetHapTokenInfoFromRemote(tokenId, hapSync));
365 }
366
367 /**
368 * @tc.name: GetAllNativeTokenInfo001
369 * @tc.desc: GetAllNativeTokenInfo with no permission
370 * @tc.type: FUNC
371 * @tc.require:
372 */
373 HWTEST_F(AccessTokenDenyTest, GetAllNativeTokenInfo001, TestSize.Level1)
374 {
375 std::vector<NativeTokenInfoForSync> nativeTokenInfosRes;
376 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes));
377 }
378
379 /**
380 * @tc.name: SetRemoteHapTokenInfo001
381 * @tc.desc: SetRemoteHapTokenInfo with no permission
382 * @tc.type: FUNC
383 * @tc.require:
384 */
385 HWTEST_F(AccessTokenDenyTest, SetRemoteHapTokenInfo001, TestSize.Level1)
386 {
387 std::string device = "device";
388 HapTokenInfoForSync hapSync;
389 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetRemoteHapTokenInfo(device, hapSync));
390 }
391
392 /**
393 * @tc.name: SetRemoteNativeTokenInfo001
394 * @tc.desc: SetRemoteNativeTokenInfo with no permission
395 * @tc.type: FUNC
396 * @tc.require:
397 */
398 HWTEST_F(AccessTokenDenyTest, SetRemoteNativeTokenInfo001, TestSize.Level1)
399 {
400 std::string device = "device";
401 std::vector<NativeTokenInfoForSync> nativeToken;
402 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetRemoteNativeTokenInfo(device, nativeToken));
403 }
404
405 /**
406 * @tc.name: DeleteRemoteToken001
407 * @tc.desc: DeleteRemoteToken with no permission
408 * @tc.type: FUNC
409 * @tc.require:
410 */
411 HWTEST_F(AccessTokenDenyTest, DeleteRemoteToken001, TestSize.Level1)
412 {
413 std::string device = "device";
414 AccessTokenID tokenId = 123;
415 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteRemoteToken(device, tokenId));
416 }
417
418 /**
419 * @tc.name: GetRemoteNativeTokenID001
420 * @tc.desc: GetRemoteNativeTokenID with no permission
421 * @tc.type: FUNC
422 * @tc.require:
423 */
424 HWTEST_F(AccessTokenDenyTest, GetRemoteNativeTokenID001, TestSize.Level1)
425 {
426 std::string device = "device";
427 AccessTokenID tokenId = 123;
428 ASSERT_EQ(INVALID_TOKENID, AccessTokenKit::GetRemoteNativeTokenID(device, tokenId));
429 }
430
431 /**
432 * @tc.name: DeleteRemoteDeviceTokens001
433 * @tc.desc: DeleteRemoteDeviceTokens with no permission
434 * @tc.type: FUNC
435 * @tc.require:
436 */
437 HWTEST_F(AccessTokenDenyTest, DeleteRemoteDeviceTokens001, TestSize.Level1)
438 {
439 std::string device = "device";
440 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteRemoteDeviceTokens(device));
441 }
442 #endif
443 } // namespace AccessToken
444 } // namespace Security
445 } // namespace OHOS
446
447