1 /**
2 * Copyright (c) 2021 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "ActsPMSTest.h"
17
18 using namespace std;
19 using namespace testing::ext;
20
21 static PmsInnerApi *g_interface;
22 static PermissionTrans g_unNormalPers[] = {
23 {
24 PERMISSION_TOOLONG,
25 "abnormal permission",
26 INUSE,
27 },
28 {
29 PERMISSION_EMPTY,
30 "abnormal permission",
31 INUSE,
32 },
33 {
34 PERMISSION_UNSUPPORTED,
35 "abnormal permission",
36 INUSE,
37 },
38 };
39 static PermissionTrans g_systemPers[] = {
40 {
41 "ohos.permission.CAMERA",
42 "for CAMERA use",
43 INUSE,
44 },
45 {
46 "ohos.permission.RECORD_AUDIO",
47 "for RECORD_AUDIO use",
48 ALWAYS,
49 },
50 {
51 "ohos.permission.READ_MEDIA_AUDIO",
52 "for READ_MEDIA_AUDIO use",
53 INUSE,
54 },
55 {
56 "ohos.permission.READ_MEDIA_IMAGES",
57 "for READ_MEDIA_IMAGES use",
58 ALWAYS,
59 },
60 {
61 "ohos.permission.READ_MEDIA_VIDEO",
62 "for READ_MEDIA_VIDEO use",
63 INUSE,
64 },
65 {
66 "ohos.permission.WRITE_MEDIA_AUDIO",
67 "for WRITE_MEDIA_AUDIO use",
68 ALWAYS,
69 },
70 {
71 "ohos.permission.WRITE_MEDIA_IMAGES",
72 "for WRITE_MEDIA_IMAGES use",
73 INUSE,
74 },
75 {
76 "ohos.permission.WRITE_MEDIA_VIDEO",
77 "for WRITE_MEDIA_VIDEO use",
78 ALWAYS,
79 },
80 {
81 "ohos.permission.MODIFY_AUDIO_SETTINGS",
82 "for MODIFY_AUDIO_SETTINGS use",
83 INUSE,
84 },
85 };
86 static PermissionTrans g_unDefPer = {
87 PERMISSION_UNDEFINED,
88 "for undefined use",
89 INUSE,
90 };
91
IsUserGrant(const char * pname)92 int IsUserGrant(const char* pname)
93 {
94 if (strcmp(pname, "ohos.permission.MODIFY_AUDIO_SETTINGS") == 0) {
95 return false;
96 }
97 return true;
98 }
99
CheckPermData(const PermissionTrans * pt,const PermissionSaved * ps,const PermissionSaved * pre,int len,int plen)100 int CheckPermData(const PermissionTrans* pt, const PermissionSaved* ps,
101 const PermissionSaved* pre, int len, int plen)
102 {
103 if (len == 0) {
104 printf("len == 0\n");
105 return true;
106 }
107 if (ps == NULL) {
108 printf("ps == NULL\n");
109 return false;
110 }
111 bool ret = true;
112 for (int i = 0; i < len; i++) {
113 if (strcmp(pt[i].name, ps[i].name) != 0) {
114 ret = false;
115 }
116 int grant = NOT_GRANTED;
117 if (IsUserGrant(pt[i].name)) {
118 if (pre != NULL) {
119 for (int j = 0; j < plen; j++) {
120 if (strcmp(ps[i].name, pre[j].name) == 0 && pre[j].granted == GRANTED) {
121 grant = GRANTED;
122 break;
123 }
124 }
125 }
126 } else {
127 grant = GRANTED;
128 }
129 if (ps[i].granted != grant) {
130 ret = false;
131 }
132 if (ret == false) {
133 printf("ps[i].name = %s, ps[i].granted = %d, except = %d\n", pt[i].name, ps[i].granted, grant);
134 break;
135 }
136 }
137 return ret;
138 }
139
ClrPers(PermissionSaved * & permissions)140 void ClrPers(PermissionSaved* &permissions)
141 {
142 if (permissions != NULL) {
143 free(permissions);
144 permissions = NULL;
145 }
146 }
147
148 class ActsPMSSaveTest : public testing::Test {
149 public:
InitInterface()150 static void InitInterface()
151 {
152 if (g_interface != NULL) {
153 return;
154 }
155
156 SetUpTestCase();
157 }
158 protected:
SetUpTestCase(void)159 static void SetUpTestCase(void)
160 {
161 CreateAppDir();
162 IUnknown *iUnknown = SAMGR_GetInstance()->GetFeatureApi(PERMISSION_SERVICE, PERM_INNER);
163 iUnknown->QueryInterface(iUnknown, DEFAULT_VERSION, (void **) &g_interface);
164 setuid(0);
165 }
TearDownTestCase(void)166 static void TearDownTestCase(void) {}
SetUp()167 virtual void SetUp() {}
TearDown()168 virtual void TearDown()
169 {
170 DeletePermissions(TEST_APP_ID);
171 DeletePermissions(TEST_APP_ID2);
172 DeletePermissions(SUBTEST_APP_ID);
173 UnLoadPermissions(TEST_TASKID);
174 UnLoadPermissions(SUBTEST_TASKID);
175 }
176 };
177
CheckAppPermission(const char * identifier,int expRet,int expNum,const PermissionTrans * installPers,const PermissionSaved * lastPers,int lastLen)178 void CheckAppPermission(const char *identifier, int expRet, int expNum, const PermissionTrans* installPers,
179 const PermissionSaved* lastPers, int lastLen)
180 {
181 if (g_interface == NULL) {
182 ActsPMSSaveTest::InitInterface();
183 }
184 PermissionSaved* permissions = NULL;
185 int permNum = 0;
186 int ret = g_interface->QueryPermission(identifier, &permissions, &permNum);
187 EXPECT_EQ(ret, expRet) << "query ret = " << ret << ", expect ret = " << expRet << std::endl;
188 EXPECT_EQ(permNum, expNum) << "permNum = " << permNum << ", expect permNum = " << expNum << std::endl;
189 ret = CheckPermData(installPers, permissions, lastPers, permNum, lastLen);
190 EXPECT_EQ(ret, true);
191 ClrPers(permissions);
192 }
193
SubTestWithoutCheck(const char * identifier,int taskID)194 void SubTestWithoutCheck(const char *identifier, int taskID)
195 {
196 if (g_interface == NULL) {
197 ActsPMSSaveTest::InitInterface();
198 }
199
200 SaveOrUpdatePermissions(identifier, g_systemPers, 0, FIRST_INSTALL);
201 SaveOrUpdatePermissions(identifier, g_systemPers, SYS_PERM_NUM, UPDATE);
202 int i;
203 for (i = 0; i < SYS_PERM_NUM; i++) {
204 g_interface->GrantPermission(identifier, g_systemPers[i].name);
205 }
206 for (i = 0; i < SYS_PERM_NUM; i++) {
207 g_interface->RevokePermission(identifier, g_systemPers[i].name);
208 }
209 g_interface->GrantPermission(identifier, g_systemPers[0].name);
210 LoadPermissions(identifier, taskID);
211 g_interface->GrantRuntimePermission(taskID, g_systemPers[1].name);
212 CheckPermission(TEST_TASKID, g_systemPers[0].name);
213 UnLoadPermissions(taskID);
214 CheckPermission(TEST_TASKID, g_systemPers[0].name);
215 DeletePermissions(identifier);
216 }
217
CreateAppDir(void)218 void CreateAppDir(void)
219 {
220 mkdir("/storage", DIR_MODE);
221 mkdir("/storage/app", DIR_MODE);
222 int ret = mkdir(ETC_PREFIX, DIR_MODE);
223 if (ret) {
224 printf("create dir %s error\n", ETC_PREFIX);
225 }
226 ret = mkdir(PERMISSION_PREFIX, DIR_MODE);
227 if (ret) {
228 printf("create dir %s error\n", PERMISSION_PREFIX);
229 }
230 }
231
232 /**
233 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0010
234 * @tc.name Calling PMS interface to install and save unauthorized application for the first time
235 * @tc.desc [C- SECURITY -0700]
236 */
237 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0010, Function | MediumTest | Level1)
238 {
239 PermissionTrans pt[] = {g_systemPers[0]};
240 int ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, 0, FIRST_INSTALL);
241 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
242 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_FILE_NOT_EXIST, 0, pt);
243 DeletePermissions(TEST_APP_ID);
244 }
245
246 /**
247 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0020
248 * @tc.name Call PMS interface to install and save the application with full application rights for the first time
249 * @tc.desc [C- SECURITY -0300]
250 */
251 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0020, Function | MediumTest | Level0)
252 {
253 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
254 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
255 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM, g_systemPers);
256 DeletePermissions(TEST_APP_ID);
257 }
258
259 /**
260 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0030
261 * @tc.name Call the PMS interface to install and save the application with a permission for the first time
262 * @tc.desc [C- SECURITY -0700]
263 */
264 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0030, Function | MediumTest | Level2)
265 {
266 PermissionTrans pt[1];
267 int ret = PERM_ERRORCODE_INVALID_PARAMS;
268 for (int i = 0; i < SYS_PERM_NUM; i++) {
269 pt[0] = g_systemPers[i];
270 ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, 1, FIRST_INSTALL);
271 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
272 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, 1, pt);
273 DeletePermissions(TEST_APP_ID);
274 }
275 }
276
277 /**
278 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0040
279 * @tc.name Calling the PMS interface first installs a non system defined permission
280 * @tc.desc [C- SECURITY -0700]
281 */
282 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0040, Function | MediumTest | Level3)
283 {
284 PermissionTrans pt[] = {g_unDefPer};
285 int ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, 1, FIRST_INSTALL);
286 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
287 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, 1, pt);
288 DeletePermissions(TEST_APP_ID);
289 }
290
291 /**
292 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0050
293 * @tc.name Call the PMS interface to install the permission of exception permission name for the first time
294 * @tc.desc [C- SECURITY -0700]
295 */
296 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0050, Function | MediumTest | Level3)
297 {
298 PermissionTrans pt[1];
299 int ret = PERM_ERRORCODE_INVALID_PARAMS;
300 for (int i = 0; i < ABNORMAL_PERM_NUM; i++) {
301 pt[0] = g_unNormalPers[i];
302 ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, 1, FIRST_INSTALL);
303 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << ", index = " << i << endl;
304 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, 1, pt);
305 DeletePermissions(TEST_APP_ID);
306 }
307 }
308
309 /**
310 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0060
311 * @tc.name The number of saved application permissions has reached the upper limit
312 * @tc.desc [C- SECURITY -0700]
313 */
314 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0060, Function | MediumTest | Level2)
315 {
316 PermissionTrans pt[MAX_PERM_NUM];
317 PermissionTrans exp[MAX_PERM_NUM];
318 int i;
319 for (i = 0; i < SYS_PERM_NUM; i++) {
320 pt[i] = g_systemPers[i];
321 exp[i] = g_systemPers[i];
322 }
323 exp[SYS_PERM_NUM] = g_unDefPer;
324 for (i = SYS_PERM_NUM; i < MAX_PERM_NUM; i++) {
325 pt[i] = g_unDefPer;
326 }
327 int ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, MAX_PERM_NUM, FIRST_INSTALL);
328 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
329 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM + 1, exp);
330 DeletePermissions(TEST_APP_ID);
331 }
332
333 /**
334 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0070
335 * @tc.name The number of saved application permissions exceeds the upper limit
336 * @tc.desc [C- SECURITY -0700]
337 */
338 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0070, Function | MediumTest | Level4)
339 {
340 PermissionTrans pt[MAX_PERM_NUM + 1];
341 int i;
342 for (i = 0; i < MAX_PERM_NUM + 1; i++) {
343 pt[i] = g_systemPers[0];
344 }
345 int ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, MAX_PERM_NUM + 1, FIRST_INSTALL);
346 EXPECT_EQ(ret, PERM_ERRORCODE_TOO_MUCH_PERM) << "save ret = " << ret << endl;
347 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_FILE_NOT_EXIST, 0, pt);
348 DeletePermissions(TEST_APP_ID);
349 }
350
351 /**
352 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0080
353 * @tc.name Save duplicate application permission
354 * @tc.desc [C- SECURITY -0700]
355 */
356 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0080, Function | MediumTest | Level2)
357 {
358 PermissionTrans pt[MAX_PERM_NUM];
359 int i;
360 for (i = 0; i < SYS_PERM_NUM; i++) {
361 pt[i] = g_systemPers[i];
362 }
363 for (i = SYS_PERM_NUM; i < MAX_PERM_NUM; i++) {
364 pt[i] = g_systemPers[0];
365 }
366 int ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, MAX_PERM_NUM, FIRST_INSTALL);
367 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
368 PermissionSaved* permissions = NULL;
369 int permNum = 0;
370 ret = g_interface->QueryPermission(TEST_APP_ID, &permissions, &permNum);
371 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "query ret = " << ret << endl;
372 EXPECT_EQ(permNum, SYS_PERM_NUM) << "permNum = " << permNum << endl;
373 DeletePermissions(TEST_APP_ID);
374 }
375
376 /**
377 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0090
378 * @tc.name Save MAX_PERM_NUM application permission
379 * @tc.desc [C- SECURITY -0700]
380 */
381 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0090, Function | MediumTest | Level4)
382 {
383 PermissionTrans pt[MAX_PERM_NUM];
384 int i;
385 for (i = 0; i < MAX_PERM_NUM; i++) {
386 pt[i] = g_systemPers[0];
387 }
388 int ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, MAX_PERM_NUM, FIRST_INSTALL);
389 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
390 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, 1, pt);
391 DeletePermissions(TEST_APP_ID);
392 }
393
394 /**
395 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0100
396 * @tc.name Save multiple application permissions
397 * @tc.desc [C- SECURITY -0700]
398 */
399 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0100, Function | MediumTest | Level1)
400 {
401 PermissionTrans pt[] = {g_systemPers[0]};
402 int ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, 0, FIRST_INSTALL);
403 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
404 ret = SaveOrUpdatePermissions(TEST_APP_ID2, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
405 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
406 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_FILE_NOT_EXIST, 0, pt);
407 CheckAppPermission(TEST_APP_ID2, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM, g_systemPers);
408 DeletePermissions(TEST_APP_ID);
409 DeletePermissions(TEST_APP_ID2);
410 }
411
412 /**
413 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0110
414 * @tc.name Update application, save more permissions
415 * @tc.desc [C- SECURITY -0700]
416 */
417 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0110, Function | MediumTest | Level2)
418 {
419 PermissionTrans pt[] = {g_systemPers[0]};
420 int ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, 0, FIRST_INSTALL);
421 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
422 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, UPDATE);
423 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
424 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM, g_systemPers);
425 DeletePermissions(TEST_APP_ID);
426 }
427
428 /**
429 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0120
430 * @tc.name Update application, save less permissions
431 * @tc.desc [C- SECURITY -0700]
432 */
433 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0120, Function | MediumTest | Level2)
434 {
435 PermissionTrans pt[] = {g_systemPers[0]};
436 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
437 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
438 ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, 0, UPDATE);
439 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
440 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_FILE_NOT_EXIST, 0, pt);
441 DeletePermissions(TEST_APP_ID);
442 }
443
444 /**
445 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0130
446 * @tc.name Update application, save same permissions
447 * @tc.desc [C- SECURITY -0700]
448 */
449 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0130, Function | MediumTest | Level1)
450 {
451 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
452 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
453 for (int i = 0; i < SYS_PERM_NUM; i++) {
454 ret = g_interface->GrantPermission(TEST_APP_ID, g_systemPers[i].name);
455 }
456 PermissionSaved* oldpers = NULL;
457 int oldp = 0;
458 ret = g_interface->QueryPermission(TEST_APP_ID, &oldpers, &oldp);
459 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "query ret = " << ret << endl;
460 EXPECT_EQ(oldp, SYS_PERM_NUM) << "permNum = " << oldp;
461 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, UPDATE);
462 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
463 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM, g_systemPers, oldpers, oldp);
464 ClrPers(oldpers);
465 DeletePermissions(TEST_APP_ID);
466 }
467
468 /**
469 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0140
470 * @tc.name Update application, save different permissions
471 * @tc.desc [C- SECURITY -0700]
472 */
473 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0140, Function | MediumTest | Level1)
474 {
475 PermissionTrans pt1[] = {g_systemPers[0], g_systemPers[1], g_systemPers[2],
476 g_systemPers[3], g_systemPers[5], g_systemPers[6], g_systemPers[7]};
477 PermissionTrans pt2[] = {g_systemPers[1], g_systemPers[2], g_systemPers[3], g_systemPers[4],
478 g_systemPers[5], g_systemPers[6], g_systemPers[7], g_systemPers[8]};
479 int ret = SaveOrUpdatePermissions(TEST_APP_ID, pt1, 7, FIRST_INSTALL);
480 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
481 for (int i = 0; i < SYS_PERM_NUM; i++) {
482 ret = g_interface->GrantPermission(TEST_APP_ID, g_systemPers[i].name);
483 }
484 PermissionSaved* oldpers = NULL;
485 int oldp = 0;
486 ret = g_interface->QueryPermission(TEST_APP_ID, &oldpers, &oldp);
487 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "query ret = " << ret << endl;
488 EXPECT_EQ(oldp, 7) << "permNum = " << oldp;
489 ret = SaveOrUpdatePermissions(TEST_APP_ID, pt2, 8, UPDATE);
490 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
491 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, 8, pt2, oldpers, oldp);
492 ClrPers(oldpers);
493 DeletePermissions(TEST_APP_ID);
494 }
495
496 /**
497 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0150
498 * @tc.name Update application, delete system_grant permissions
499 * @tc.desc [C- SECURITY -0700]
500 */
501 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0150, Function | MediumTest | Level3)
502 {
503 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
504 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
505 PermissionSaved* oldpers = NULL;
506 int oldp = 0;
507 ret = g_interface->QueryPermission(TEST_APP_ID, &oldpers, &oldp);
508 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "query ret = " << ret << endl;
509 EXPECT_EQ(oldp, SYS_PERM_NUM) << "permNum = " << oldp;
510 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM - 1, UPDATE);
511 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
512 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM - 1, g_systemPers, oldpers, oldp);
513 ClrPers(oldpers);
514 DeletePermissions(TEST_APP_ID);
515 }
516
517 /**
518 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0160
519 * @tc.name Update application, delete granted user_grant permissions
520 * @tc.desc [C- SECURITY -0700]
521 */
522 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0160, Function | MediumTest | Level2)
523 {
524 PermissionTrans pt[] = {g_systemPers[0], g_systemPers[1], g_systemPers[2], g_systemPers[3],
525 g_systemPers[5], g_systemPers[6], g_systemPers[7]};
526 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
527 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
528 for (int i = 0; i < SYS_PERM_NUM; i++) {
529 ret = g_interface->GrantPermission(TEST_APP_ID, g_systemPers[i].name);
530 }
531 PermissionSaved* oldpers = NULL;
532 int oldp = 0;
533 ret = g_interface->QueryPermission(TEST_APP_ID, &oldpers, &oldp);
534 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "query ret = " << ret << endl;
535 EXPECT_EQ(oldp, SYS_PERM_NUM) << "permNum = " << oldp;
536 ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, 7, UPDATE);
537 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
538 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, 7, pt, oldpers, oldp);
539 ClrPers(oldpers);
540 DeletePermissions(TEST_APP_ID);
541 }
542
543 /**
544 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0170
545 * @tc.name Update application, delete user_grant permissions
546 * @tc.desc [C- SECURITY -0700]
547 */
548 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0170, Function | MediumTest | Level2)
549 {
550 PermissionTrans pt[] = {g_systemPers[0], g_systemPers[1], g_systemPers[2], g_systemPers[3],
551 g_systemPers[5], g_systemPers[6], g_systemPers[7]};
552 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
553 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
554 for (int i = 0; i < SYS_PERM_NUM; i++) {
555 if (i % 2 == 0) {
556 continue;
557 }
558 ret = g_interface->GrantPermission(TEST_APP_ID, g_systemPers[i].name);
559 }
560 PermissionSaved* oldpers = NULL;
561 int oldp = 0;
562 ret = g_interface->QueryPermission(TEST_APP_ID, &oldpers, &oldp);
563 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "query ret = " << ret << endl;
564 EXPECT_EQ(oldp, SYS_PERM_NUM) << "permNum = " << oldp;
565 ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, 7, UPDATE);
566 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
567 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, 7, pt, oldpers, oldp);
568 ClrPers(oldpers);
569 DeletePermissions(TEST_APP_ID);
570 }
571
572 /**
573 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0180
574 * @tc.name Update application, add system_grant permissions
575 * @tc.desc [C- SECURITY -0700]
576 */
577 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0180, Function | MediumTest | Level2)
578 {
579 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM - 1, FIRST_INSTALL);
580 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
581 PermissionSaved* oldpers = NULL;
582 int oldp = 0;
583 ret = g_interface->QueryPermission(TEST_APP_ID, &oldpers, &oldp);
584 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "query ret = " << ret << endl;
585 EXPECT_EQ(oldp, SYS_PERM_NUM - 1) << "permNum = " << oldp;
586 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, UPDATE);
587 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
588 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM, g_systemPers, oldpers, oldp);
589 ClrPers(oldpers);
590 DeletePermissions(TEST_APP_ID);
591 }
592
593 /**
594 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0190
595 * @tc.name Update application, add user_grant permissions
596 * @tc.desc [C- SECURITY -0700]
597 */
598 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0190, Function | MediumTest | Level1)
599 {
600 PermissionTrans pt[] = {g_systemPers[8]};
601 int ret = SaveOrUpdatePermissions(TEST_APP_ID, pt, 1, FIRST_INSTALL);
602 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
603 PermissionSaved* oldpers = NULL;
604 int oldp = 0;
605 ret = g_interface->QueryPermission(TEST_APP_ID, &oldpers, &oldp);
606 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "query ret = " << ret << endl;
607 EXPECT_EQ(oldp, 1) << "permNum = " << oldp;
608 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, UPDATE);
609 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
610 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM, g_systemPers, oldpers, oldp);
611 ClrPers(oldpers);
612 DeletePermissions(TEST_APP_ID);
613 }
614
615 /**
616 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0220
617 * @tc.name First time installation, initializing permissions
618 * @tc.desc [C- SECURITY -0700]
619 */
620 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0220, Function | MediumTest | Level3)
621 {
622 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
623 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
624 for (int i = 0; i < SYS_PERM_NUM; i++) {
625 g_interface->GrantPermission(TEST_APP_ID, g_systemPers[i].name);
626 }
627 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
628 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
629 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM, g_systemPers);
630 DeletePermissions(TEST_APP_ID);
631 }
632
633 /**
634 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0240
635 * @tc.name After the application is uninstalled, the permissions are initialized
636 * @tc.desc [C- SECURITY -0600]
637 */
638 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0240, Function | MediumTest | Level2)
639 {
640 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
641 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
642 for (int i = 0; i < SYS_PERM_NUM; i++) {
643 g_interface->GrantPermission(TEST_APP_ID, g_systemPers[i].name);
644 }
645 ret = DeletePermissions(TEST_APP_ID);
646 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "delete ret = " << ret << endl;
647 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
648 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
649 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM, g_systemPers);
650 DeletePermissions(TEST_APP_ID);
651 }
652
653 /**
654 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0320
655 * @tc.name After the permissions are loaded, the permissions can be updated
656 * @tc.desc [C- SECURITY -0700]
657 */
658 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0320, Function | MediumTest | Level2)
659 {
660 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
661 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
662 for (int i = 0; i < SYS_PERM_NUM; i++) {
663 g_interface->GrantPermission(TEST_APP_ID, g_systemPers[i].name);
664 }
665 ret = LoadPermissions(TEST_APP_ID, TEST_TASKID);
666 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "load ret = " << ret << endl;
667 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, 0, UPDATE);
668 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
669 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_FILE_NOT_EXIST, 0, g_systemPers);
670 ret = UnLoadPermissions(TEST_TASKID);
671 DeletePermissions(TEST_APP_ID);
672 }
673
674 /**
675 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0330
676 * @tc.name After the permissions are unloaded, the permissions can be updated
677 * @tc.desc [C- SECURITY -0700]
678 */
679 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0330, Function | MediumTest | Level2)
680 {
681 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
682 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
683 ret = LoadPermissions(TEST_APP_ID, TEST_TASKID);
684 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "load ret = " << ret << endl;
685 ret = UnLoadPermissions(TEST_TASKID);
686 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "unload ret = " << ret << endl;
687 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, 0, UPDATE);
688 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
689 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_FILE_NOT_EXIST, 0, g_systemPers);
690 DeletePermissions(TEST_APP_ID);
691 }
692
693 /**
694 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0340
695 * @tc.name After the permissions are checked, the permissions can be updated
696 * @tc.desc [C- SECURITY -0700]
697 */
698 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0340, Function | MediumTest | Level4)
699 {
700 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
701 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
702 for (int i = 0; i < SYS_PERM_NUM; i++) {
703 g_interface->GrantPermission(TEST_APP_ID, g_systemPers[i].name);
704 }
705 ret = LoadPermissions(TEST_APP_ID, TEST_TASKID);
706 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "load ret = " << ret << endl;
707 ret = CheckPermission(TEST_TASKID, g_systemPers[0].name);
708 EXPECT_EQ(ret, GRANTED) << "checkperm ret = " << ret << endl;
709 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, 0, UPDATE);
710 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
711 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_FILE_NOT_EXIST, 0, g_systemPers);
712 UnLoadPermissions(TEST_TASKID);
713 DeletePermissions(TEST_APP_ID);
714 }
715
716 /**
717 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0350
718 * @tc.name After the permissions are queryed, the permissions can be updated
719 * @tc.desc [C- SECURITY -0700]
720 */
721 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0350, Function | MediumTest | Level4)
722 {
723 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
724 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
725 ret = LoadPermissions(TEST_APP_ID, TEST_TASKID);
726 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "load ret = " << ret << endl;
727 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_SUCCESS, SYS_PERM_NUM, g_systemPers);
728 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, 0, UPDATE);
729 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
730 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_FILE_NOT_EXIST, 0, g_systemPers);
731 UnLoadPermissions(TEST_TASKID);
732 DeletePermissions(TEST_APP_ID);
733 }
734
735 /**
736 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0360
737 * @tc.name After the permissions are granted, the permissions can be updated
738 * @tc.desc [C- SECURITY -0700]
739 */
740 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0360, Function | MediumTest | Level2)
741 {
742 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
743 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
744 ret = g_interface->GrantPermission(TEST_APP_ID, g_systemPers[0].name);
745 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, UPDATE);
746 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
747 PermissionSaved* permissions = NULL;
748 int permNum = 0;
749 ret = g_interface->QueryPermission(TEST_APP_ID, &permissions, &permNum);
750 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "query ret = " << ret << endl;
751 EXPECT_EQ(permNum, SYS_PERM_NUM) << "permNum = " << permNum << endl;
752 EXPECT_EQ(permissions[0].granted, GRANTED);
753 ClrPers(permissions);
754 DeletePermissions(TEST_APP_ID);
755 }
756
757 /**
758 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0370
759 * @tc.name After the permissions are revoked, the permissions can be updated
760 * @tc.desc [C- SECURITY -0700]
761 */
762 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0370, Function | MediumTest | Level2)
763 {
764 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
765 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
766 g_interface->GrantPermission(TEST_APP_ID, g_systemPers[0].name);
767 g_interface->RevokePermission(TEST_APP_ID, g_systemPers[0].name);
768 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, UPDATE);
769 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
770 PermissionSaved* permissions = NULL;
771 int permNum = 0;
772 ret = g_interface->QueryPermission(TEST_APP_ID, &permissions, &permNum);
773 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "query ret = " << ret << endl;
774 EXPECT_EQ(permNum, SYS_PERM_NUM) << "permNum = " << permNum << endl;
775 EXPECT_EQ(permissions[0].granted, NOT_GRANTED);
776 ClrPers(permissions);
777 DeletePermissions(TEST_APP_ID);
778 }
779
780 /**
781 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0380
782 * @tc.name Another application permission change does not affect save permission
783 * @tc.desc [C- SECURITY -0700]
784 */
785 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0380, Function | MediumTest | Level3)
786 {
787 int pid = fork();
788 int status = 0;
789 if (pid != 0) {
790 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
791 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
792 DeletePermissions(TEST_APP_ID);
793 waitpid(pid, &status, 0);
794 } else {
795 SubTestWithoutCheck(SUBTEST_APP_ID, SUBTEST_TASKID);
796 exit(0);
797 }
798 }
799
800 /**
801 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0390
802 * @tc.name Permission not to save exception package names
803 * @tc.desc [C- SECURITY -0700]
804 */
805 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0390, Function | MediumTest | Level3)
806 {
807 int ret = SaveOrUpdatePermissions(NULL, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
808 EXPECT_EQ(ret, PERM_ERRORCODE_INVALID_PARAMS) << "save ret = " << ret << endl;
809 }
810
811 /**
812 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0410
813 * @tc.name The permission file is abnormal and can be updated
814 * @tc.desc [C- SECURITY -0700]
815 */
816 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0410, Function | MediumTest | Level4)
817 {
818 int ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
819 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
820 int fd = access(TEST_APP_PATH, F_OK);
821 if (fd == 0) {
822 unlink(TEST_APP_PATH);
823 }
824 fd = open(TEST_APP_PATH, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
825 if (fd >= 0) {
826 write(fd, PERMISSION_UNSUPPORTED, strlen(PERMISSION_UNSUPPORTED));
827 close(fd);
828 }
829 ret = SaveOrUpdatePermissions(TEST_APP_ID, g_systemPers, SYS_PERM_NUM, UPDATE);
830 EXPECT_EQ(ret, PERM_ERRORCODE_JSONPARSE_FAIL) << "save ret = " << ret << endl;
831 CheckAppPermission(TEST_APP_ID, PERM_ERRORCODE_JSONPARSE_FAIL, 0, g_systemPers);
832 DeletePermissions(TEST_APP_ID);
833 }
834
835 /**
836 * @tc.number SUB_SEC_AppSEC_PermissionMgmt_PMS_0490
837 * @tc.name Can save application permission with long and short package names
838 * @tc.desc [C- SECURITY -0700]
839 */
840 HWTEST_F(ActsPMSSaveTest, testSecPMPMS_0490, Function | MediumTest | Level2)
841 {
842 int ret = SaveOrUpdatePermissions(TEST_APP_SHORT, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
843 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
844 ret = SaveOrUpdatePermissions(TEST_APP_LONG, g_systemPers, SYS_PERM_NUM, FIRST_INSTALL);
845 EXPECT_EQ(ret, PERM_ERRORCODE_SUCCESS) << "save ret = " << ret << endl;
846 DeletePermissions(TEST_APP_SHORT);
847 DeletePermissions(TEST_APP_LONG);
848 }