1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "get_permission_test.h"
17 #include "gtest/gtest.h"
18 #include <thread>
19
20 #include "access_token.h"
21 #include "access_token_error.h"
22 #include "accesstoken_common_log.h"
23 #include "accesstoken_service_ipc_interface_code.h"
24 #include "permission_grant_info.h"
25 #include "permission_state_change_info_parcel.h"
26 #include "string_ex.h"
27 #include "test_common.h"
28 #include "tokenid_kit.h"
29 #include "token_setproc.h"
30
31 using namespace testing::ext;
32 namespace OHOS {
33 namespace Security {
34 namespace AccessToken {
35 namespace {
36 static uint64_t g_selfTokenId = 0;
37 static const std::string TEST_BUNDLE_NAME = "ohos";
38 static const int INVALID_PERMNAME_LEN = 260;
39 static const unsigned int TEST_TOKENID_INVALID = 0;
40 static const int CYCLE_TIMES = 100;
41 static const int TEST_USER_ID = 0;
42 static constexpr int32_t DEFAULT_API_VERSION = 8;
43 static const std::string TEST_PERMISSION = "ohos.permission.ALPHA";
44 HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms();
45 HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams();
46 HapInfoParams g_infoManager = {
47 .userID = 1,
48 .bundleName = "accesstoken_test",
49 .instIndex = 0,
50 .appIDDesc = "test2",
51 .apiVersion = 8 // 8: api version
52 };
53 }
54
SetUpTestCase()55 void GetPermissionTest::SetUpTestCase()
56 {
57 g_selfTokenId = GetSelfTokenID();
58 TestCommon::SetTestEvironment(g_selfTokenId);
59
60 // clean up test cases
61 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
62 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
63 TestCommon::DeleteTestHapToken(tokenID);
64 }
65
TearDownTestCase()66 void GetPermissionTest::TearDownTestCase()
67 {
68 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
69 AccessTokenKit::DeleteToken(tokenID);
70
71 EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId));
72 TestCommon::ResetTestEvironment();
73 }
74
SetUp()75 void GetPermissionTest::SetUp()
76 {
77 LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok.");
78
79 HapInfoParams info = {
80 .userID = TEST_USER_ID,
81 .bundleName = TEST_BUNDLE_NAME,
82 .instIndex = 0,
83 .appIDDesc = "appIDDesc",
84 .apiVersion = DEFAULT_API_VERSION
85 };
86
87 HapPolicyParams policy = {
88 .apl = APL_NORMAL,
89 .domain = "domain"
90 };
91 TestCommon::TestPreparePermStateList(policy);
92 AccessTokenIDEx tokenIdEx = {0};
93 ASSERT_EQ(RET_SUCCESS, TestCommon::AllocTestHapToken(info, policy, tokenIdEx));
94 ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID);
95 }
96
TearDown()97 void GetPermissionTest::TearDown()
98 {
99 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
100 AccessTokenKit::DeleteToken(tokenID);
101 }
102
103 /**
104 * @tc.name: GetPermissionUsedTypeAbnormalTest001
105 * @tc.desc: call GetPermissionUsedType by shell token(permission denied).
106 * @tc.type: FUNC
107 * @tc.require:
108 */
109 HWTEST_F(GetPermissionTest, GetPermissionUsedTypeAbnormalTest001, TestSize.Level1)
110 {
111 LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionUsedTypeAbnormalTest001");
112 std::string permisson = "ohos.permission.CAMERA";
113 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
114 // caller is not native, IsPrivilegedCalling return false(uid != accesstoken_uid)
115 int32_t selfUid = getuid();
116 setuid(1);
117 EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, AccessTokenKit::GetPermissionUsedType(g_selfTokenId, permisson));
118 setuid(selfUid);
119 #else
120 // caller is not native, IsPrivilegedCalling return false
121 EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE,
122 AccessTokenKit::GetPermissionUsedType(g_selfTokenId, permisson));
123 #endif
124 }
125
126 /**
127 * @tc.name: GetPermissionUsedTypeAbnormalTest002
128 * @tc.desc: Get hap permission visit type return invalid.
129 * @tc.type: FUNC
130 * @tc.require:
131 */
132 HWTEST_F(GetPermissionTest, GetPermissionUsedTypeAbnormalTest002, TestSize.Level1)
133 {
134 LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionUsedTypeAbnormalTest001");
135
136 std::string accessBluetooth = "ohos.permission.ACCESS_BLUETOOTH";
137 std::vector<std::string> reqPerm;
138 reqPerm.emplace_back(accessBluetooth);
139 MockHapToken mockHap("GetPermissionUsedTypeAbnormalTest001", reqPerm, true);
140 AccessTokenID tokenID = GetSelfTokenID(); // get hap tokenId
141 ASSERT_NE(INVALID_TOKENID, tokenID);
142
143 MockNativeToken mock("accesstoken_service"); // set native for self
144
145 // token is not hap
146 EXPECT_EQ(
147 PermUsedTypeEnum::INVALID_USED_TYPE, AccessTokenKit::GetPermissionUsedType(g_selfTokenId, accessBluetooth));
148
149 // invalid tokenid
150 EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, AccessTokenKit::GetPermissionUsedType(0, accessBluetooth));
151
152 // permission is not reuqest
153 EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE,
154 AccessTokenKit::GetPermissionUsedType(tokenID, "ohos.permission.ACCELEROMETER"));
155
156 // permission is not defined
157 EXPECT_EQ(
158 PermUsedTypeEnum::INVALID_USED_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, "ohos.permission.test"));
159
160 // permission is request, but not grant
161 EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, accessBluetooth));
162 }
163
164 /**
165 * @tc.name: GetPermissionUsedTypeFuncTest001
166 * @tc.desc: Different grant permission modes get different visit type.
167 * @tc.type: FUNC
168 * @tc.require:
169 */
170 HWTEST_F(GetPermissionTest, GetPermissionUsedTypeFuncTest001, TestSize.Level1)
171 {
172 LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionUsedTypeFuncTest001");
173
174 std::string accessBluetooth = "ohos.permission.ACCESS_BLUETOOTH";
175 std::string sendMessages = "ohos.permission.SEND_MESSAGES";
176 std::string writeCalendar = "ohos.permission.WRITE_CALENDAR";
177 PermissionStateFull testState1 = {
178 .permissionName = accessBluetooth,
179 .isGeneral = true,
180 .resDeviceID = {"local3"},
181 .grantStatus = {PermissionState::PERMISSION_GRANTED},
182 .grantFlags = {PermissionFlag::PERMISSION_COMPONENT_SET}
183 };
184 PermissionStateFull testState2 = {
185 .permissionName = sendMessages,
186 .isGeneral = true,
187 .resDeviceID = {"local3"},
188 .grantStatus = {PermissionState::PERMISSION_GRANTED},
189 .grantFlags = {1}
190 };
191 PermissionStateFull testState3 = {
192 .permissionName = writeCalendar,
193 .isGeneral = false,
194 .resDeviceID = {"local3"},
195 .grantStatus = {PermissionState::PERMISSION_GRANTED},
196 .grantFlags = {1}
197 };
198 HapPolicyParams testPolicyPrams = {
199 .apl = APL_NORMAL,
200 .domain = "test.domain3",
201 .permStateList = {testState1, testState2, testState3}
202 };
203 AccessTokenIDEx tokenIdEx = TestCommon::AllocAndGrantHapTokenByTest(g_infoManager, testPolicyPrams);
204 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
205 ASSERT_NE(INVALID_TOKENID, tokenID);
206
207 MockNativeToken mock("accesstoken_service"); // set native for self
208 EXPECT_EQ(PermUsedTypeEnum::SEC_COMPONENT_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, accessBluetooth));
209 EXPECT_EQ(PermUsedTypeEnum::NORMAL_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, sendMessages));
210
211 ASSERT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
212 }
213
214 /**
215 * @tc.name: GetDefPermissionFuncTest001
216 * @tc.desc: Get permission definition info after AllocHapToken function has been invoked.
217 * @tc.type: FUNC
218 * @tc.require: Issue Number
219 */
220 HWTEST_F(GetPermissionTest, GetDefPermissionFuncTest001, TestSize.Level1)
221 {
222 LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionFuncTest001");
223
224 PermissionDef permDef;
225 // permission name is empty
226 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission("", permDef));
227
228 // permission name oversize
229 std::string invalidPerm(INVALID_PERMNAME_LEN, 'a');
230 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetDefPermission(invalidPerm, permDef));
231
232 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission(
233 "ohos.permission.ALPHA", permDef));
234 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission(
235 "ohos.permission.BETA", permDef));
236 ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, AccessTokenKit::GetDefPermission(
237 "ohos.permission.GAMMA", permDef));
238
239 // get user grant permission define
240 ASSERT_EQ(0, AccessTokenKit::GetDefPermission("ohos.permission.CAMERA", permDef));
241 ASSERT_EQ("ohos.permission.CAMERA", permDef.permissionName);
242
243 // get system grant permission define
244 ASSERT_EQ(0, AccessTokenKit::GetDefPermission("ohos.permission.PERMISSION_USED_STATS", permDef));
245 ASSERT_EQ("ohos.permission.PERMISSION_USED_STATS", permDef.permissionName);
246 }
247
248 /**
249 * @tc.name: GetReqPermissionsFuncTest001
250 * @tc.desc: Get user granted permission state info.
251 * @tc.type: FUNC
252 * @tc.require: Issue Number
253 */
254 HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest001, TestSize.Level1)
255 {
256 LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsFuncTest001");
257 std::vector<std::string> reqPerm;
258 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
259 MockHapToken mockHap("GetReqPermissionsFuncTest001", reqPerm, true);
260
261 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
262 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
263 ASSERT_NE(INVALID_TOKENID, tokenID);
264 std::vector<PermissionStateFull> permStatList;
265 int res = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false);
266 ASSERT_EQ(RET_SUCCESS, res);
267 ASSERT_EQ(static_cast<uint32_t>(1), permStatList.size());
268 ASSERT_EQ("ohos.permission.MICROPHONE", permStatList[0].permissionName);
269
270 res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false);
271 ASSERT_EQ(res, permStatList[0].grantStatus[0]);
272 }
273
274 /**
275 * @tc.name: GetReqPermissionsFuncTest002
276 * @tc.desc: Get system granted permission state info.
277 * @tc.type: FUNC
278 * @tc.require: Issue Number
279 */
280 HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest002, TestSize.Level1)
281 {
282 LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsFuncTest002");
283 std::vector<std::string> reqPerm;
284 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
285 MockHapToken mockHap("GetReqPermissionsFuncTest002", reqPerm, true);
286
287 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
288 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
289 ASSERT_NE(INVALID_TOKENID, tokenID);
290 std::vector<PermissionStateFull> permStatList;
291 int ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, true);
292 ASSERT_EQ(RET_SUCCESS, ret);
293 ASSERT_EQ(static_cast<uint32_t>(1), permStatList.size());
294 ASSERT_EQ("ohos.permission.SET_WIFI_INFO", permStatList[0].permissionName);
295
296 ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO", false);
297 ASSERT_EQ(ret, permStatList[0].grantStatus[0]);
298 }
299
300 /**
301 * @tc.name: GetReqPermissionsFuncTest003
302 * @tc.desc: Get user granted permission state info after clear request permission list.
303 * @tc.type: FUNC
304 * @tc.require: Issue Number
305 */
306 HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest003, TestSize.Level1)
307 {
308 LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsFuncTest003");
309 std::vector<std::string> reqPerm;
310 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
311 MockHapToken mockHap("GetReqPermissionsFuncTest003", reqPerm, true);
312
313 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
314 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
315 ASSERT_NE(INVALID_TOKENID, tokenID);
316
317 std::vector<PermissionStateFull> permStatList;
318 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, permStatList, false));
319 ASSERT_NE(static_cast<uint32_t>(0), permStatList.size());
320
321 HapPolicyParams policy = {
322 .apl = APL_NORMAL,
323 .domain = "domain"
324 };
325 policy.permStateList.clear();
326 UpdateHapInfoParams info;
327 info.appIDDesc = g_infoManager.appIDDesc;
328 info.apiVersion = DEFAULT_API_VERSION;
329 info.isSystemApp = false;
330 {
331 MockNativeToken mock1("foundation");
332 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(tokenIdEx, info, policy));
333 }
334
335 std::vector<PermissionStateFull> permStatUserList;
336 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, permStatUserList, false));
337 ASSERT_EQ(static_cast<uint32_t>(0), permStatUserList.size());
338
339 std::vector<PermissionStateFull> permStatSystemList;
340 ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, permStatSystemList, true));
341 ASSERT_EQ(static_cast<uint32_t>(0), permStatSystemList.size());
342 }
343
344 /**
345 * @tc.name: GetReqPermissionsFuncTest004
346 * @tc.desc: GetReqPermissions call failure.
347 * @tc.type: FUNC
348 * @tc.require: Issue Number
349 */
350 HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest004, TestSize.Level0)
351 {
352 int32_t selfUid = getuid();
353 std::vector<PermissionStateFull> permStatList;
354 {
355 // mock native token with no permission
356 MockNativeToken mock("accesstoken_service");
357 setuid(1);
358 ASSERT_EQ(ERR_PERMISSION_DENIED, AccessTokenKit::GetReqPermissions(GetSelfTokenID(), permStatList, false));
359 }
360
361 setuid(selfUid);
362 {
363 // mock hap token whit non system app
364 std::vector<std::string> reqPerm;
365 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
366 MockHapToken mock("GetReqPermissionsFuncTest004", reqPerm, false);
367 ASSERT_EQ(ERR_NOT_SYSTEM_APP, AccessTokenKit::GetReqPermissions(GetSelfTokenID(), permStatList, false));
368 }
369 }
370
371 /**
372 * @tc.name: GetReqPermissionsAbnormalTest001
373 * @tc.desc: Get permission state info list that tokenID is invalid.
374 * @tc.type: FUNC
375 * @tc.require: Issue Number
376 */
377 HWTEST_F(GetPermissionTest, GetReqPermissionsAbnormalTest001, TestSize.Level1)
378 {
379 LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsAbnormalTest001");
380 std::vector<std::string> reqPerm;
381 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
382 MockHapToken mockHap("GetReqPermissionsFuncTest002", reqPerm, true);
383
384 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
385 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
386 ASSERT_NE(INVALID_TOKENID, tokenID);
387
388 std::vector<PermissionStateFull> permStatList;
389 int ret = AccessTokenKit::GetReqPermissions(TEST_TOKENID_INVALID, permStatList, false);
390 ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
391
392 TestCommon::DeleteTestHapToken(tokenID);
393
394 ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false);
395 ASSERT_EQ(ERR_TOKENID_NOT_EXIST, ret);
396 ASSERT_EQ(static_cast<uint32_t>(0), permStatList.size());
397 }
398
399 /**
400 * @tc.name: GetReqPermissionsSpecTest001
401 * @tc.desc: GetReqPermissions is invoked multiple times.
402 * @tc.type: FUNC
403 * @tc.require: Issue Number
404 */
405 HWTEST_F(GetPermissionTest, GetReqPermissionsSpecTest001, TestSize.Level0)
406 {
407 LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsSpecTest001");
408 std::vector<std::string> reqPerm;
409 reqPerm.emplace_back("ohos.permission.GET_SENSITIVE_PERMISSIONS");
410 MockHapToken mockHap("GetReqPermissionsFuncTest002", reqPerm, true);
411
412 AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
413 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
414 ASSERT_NE(INVALID_TOKENID, tokenID);
415 for (int i = 0; i < CYCLE_TIMES; i++) {
416 std::vector<PermissionStateFull> permStatList;
417 int32_t ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false);
418 ASSERT_EQ(RET_SUCCESS, ret);
419 ASSERT_EQ(static_cast<uint32_t>(1), permStatList.size());
420 ASSERT_EQ("ohos.permission.MICROPHONE", permStatList[0].permissionName);
421 }
422 }
423
424 /**
425 * @tc.name: GetPermissionManagerInfoFuncTest001
426 * @tc.desc:
427 * @tc.type: FUNC
428 * @tc.require:
429 */
430 HWTEST_F(GetPermissionTest, GetPermissionManagerInfoFuncTest001, TestSize.Level1)
431 {
432 LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionManagerInfoFuncTest001");
433
434 PermissionGrantInfo info;
435 AccessTokenKit::GetPermissionManagerInfo(info);
436 ASSERT_EQ(false, info.grantBundleName.empty());
437 }
438
439 /**
440 * @tc.name: GetTokenIDByUserID001
441 * @tc.desc: Get token id by user id.
442 * @tc.type: FUNC
443 * @tc.require: Issue Number
444 */
445 HWTEST_F(GetPermissionTest, GetTokenIDByUserID001, TestSize.Level1)
446 {
447 MockNativeToken mock("accesstoken_service");
448 int32_t userID = -1;
449 std::unordered_set<AccessTokenID> tokenIdList;
450 int32_t ret = AccessTokenKit::GetTokenIDByUserID(userID, tokenIdList);
451 EXPECT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret);
452
453 userID = 100;
454 ret = AccessTokenKit::GetTokenIDByUserID(userID, tokenIdList);
455 EXPECT_EQ(RET_SUCCESS, ret);
456 EXPECT_NE(static_cast<uint32_t>(0), tokenIdList.size());
457 }
458
459 /**
460 * @tc.name: ReloadNativeTokenInfo001
461 * @tc.desc: test ReloadNativeTokenInfo.
462 * @tc.type: FUNC
463 * @tc.require: Issue Number
464 */
465 HWTEST_F(GetPermissionTest, ReloadNativeTokenInfo001, TestSize.Level1)
466 {
467 int32_t ret = AccessTokenKit::ReloadNativeTokenInfo();
468 ASSERT_EQ(RET_SUCCESS, ret);
469 }
470
471 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
GetNativeTokenTest(const char * processName,const char ** perms,int32_t permNum)472 uint64_t GetNativeTokenTest(const char *processName, const char **perms, int32_t permNum)
473 {
474 uint64_t tokenId;
475 NativeTokenInfoParams infoInstance = {
476 .dcapsNum = 0,
477 .permsNum = permNum,
478 .aclsNum = 0,
479 .dcaps = nullptr,
480 .perms = perms,
481 .acls = nullptr,
482 .aplStr = "system_core",
483 .processName = processName,
484 };
485
486 tokenId = GetAccessTokenId(&infoInstance);
487 AccessTokenKit::ReloadNativeTokenInfo();
488 return tokenId;
489 }
490
491 /**
492 * @tc.name: ReloadNativeTokenInfo002
493 * @tc.desc: ReloadNativeTokenInfo with same bundlename twicely.
494 * @tc.type: FUNC
495 * @tc.require: Issue Number
496 */
497 HWTEST_F(GetPermissionTest, ReloadNativeTokenInfo002, TestSize.Level1)
498 {
499 const char **perms = new const char *[1];
500 perms[0] = "ohos.permission.MANAGE_HAP_TOKENID";
501 uint64_t token1 = GetNativeTokenTest("TestCase_core", perms, 1);
502 ASSERT_NE(INVALID_TOKENID, token1);
503 ASSERT_EQ(
504 PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(token1, "ohos.permission.MANAGE_HAP_TOKENID", false));
505
506 uint64_t token2 = GetNativeTokenTest("TestCase_core", nullptr, 0);
507 ASSERT_NE(INVALID_TOKENID, token2);
508
509 ASSERT_EQ(token1, token2);
510 ASSERT_EQ(
511 PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(token2, "ohos.permission.MANAGE_HAP_TOKENID", false));
512
513 uint64_t token3 = GetNativeTokenTest("TestCase_core", perms, 1);
514 ASSERT_NE(INVALID_TOKENID, token3);
515
516 ASSERT_EQ(token1, token3);
517 ASSERT_EQ(
518 PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(token3, "ohos.permission.MANAGE_HAP_TOKENID", false));
519 }
520 #endif
521
522 /**
523 * @tc.name: GetKernelPermissionTest001
524 * @tc.desc:
525 * @tc.type: FUNC
526 * @tc.require:
527 */
528 HWTEST_F(GetPermissionTest, GetKernelPermissionTest001, TestSize.Level1)
529 {
530 std::vector<PermissionWithValue> kernelPermList;
531 {
532 // shell process, uid != 0
533 MockNativeToken mock("hdcd"); // set shell for self
534 setuid(1);
535 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetKernelPermissions(123, kernelPermList));
536 setuid(0);
537 }
538
539 // native process
540 MockNativeToken mock("accesstoken_service");
541 EXPECT_EQ(AccessTokenError::ERR_TOKEN_INVALID, AccessTokenKit::GetKernelPermissions(123, kernelPermList));
542
543 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
544 EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList));
545 EXPECT_EQ(0, kernelPermList.size());
546 }
547
548 /**
549 * @tc.name: GetReqPermissionByNameTest001
550 * @tc.desc: test Ge
551 * @tc.type: FUNC
552 * @tc.require:
553 */
554 HWTEST_F(GetPermissionTest, GetReqPermissionByNameTest001, TestSize.Level1)
555 {
556 std::string value;
557 std::vector<PermissionWithValue> kernelPermList;
558 {
559 // shell process, uid != 0
560 MockNativeToken mock("hdcd"); // set shell for self
561 setuid(1);
562 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED,
563 AccessTokenKit::GetReqPermissionByName(123, "ohos.permission.test1", value));
564 setuid(0);
565 }
566
567 // native process, uid != 0
568 MockNativeToken mock("accesstoken_service");
569 EXPECT_EQ(AccessTokenError::ERR_TOKEN_INVALID,
570 AccessTokenKit::GetReqPermissionByName(123, "ohos.permission.test1", value));
571
572 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
573 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST,
574 AccessTokenKit::GetReqPermissionByName(tokenID, "ohos.permission.test1", value));
575
576 EXPECT_EQ(AccessTokenError::ERR_PERMISSION_WITHOUT_VALUE,
577 AccessTokenKit::GetReqPermissionByName(tokenID, "ohos.permission.MANAGE_HAP_TOKENID", value));
578 }
579 } // namespace AccessToken
580 } // namespace Security
581 } // namespace OHOS